Getting the roles by Id when using client credentials grant type #2743 (Lombiq Technologies: TOTA-2)

src/OrchardCore.Modules/OrchardCore.OpenId/Controllers/AccessController.cs

@@ -278,18 +278,19 @@ await _applicationManager.GetDisplayNameAsync(application),
                 OpenIddictConstants.Destinations.AccessToken,
                 OpenIddictConstants.Destinations.IdentityToken);
 
+            // If the role service is available, add all the role claims
+            // associated with the application roles in the database.
+            var roleService = HttpContext.RequestServices.GetService<IRoleService>();
+
             foreach (var role in await _applicationManager.GetRolesAsync(application))
             {
                 identity.AddClaim(identity.RoleClaimType, role,
                     OpenIddictConstants.Destinations.AccessToken,
                     OpenIddictConstants.Destinations.IdentityToken);
 
-                // If the role provider is available, add all the role claims
-                // associated with the application roles in the database.
-                var provider = HttpContext.RequestServices.GetService<IRoleProvider>();
-                if (provider != null)
+                if (roleService != null)
                 {
-                    foreach (var claim in await provider.GetRoleClaimsAsync(role))
+                    foreach (var claim in await roleService.GetRoleClaimsAsync(role))
                     {
                         identity.AddClaim(claim.SetDestinations(
                             OpenIdConnectConstants.Destinations.AccessToken,

src/OrchardCore.Modules/OrchardCore.OpenId/Controllers/ApplicationController.cs

@@ -32,7 +32,7 @@ public class ApplicationController : Controller
         private readonly IHtmlLocalizer<ApplicationController> H;
         private readonly ISiteService _siteService;
         private readonly IShapeFactory _shapeFactory;
-        private readonly IRoleProvider _roleProvider;
+        private readonly IRoleService _roleService;
         private readonly IOpenIdApplicationManager _applicationManager;
         private readonly INotifier _notifier;
         private readonly ShellDescriptor _shellDescriptor;
@@ -42,7 +42,7 @@ public ApplicationController(
             ISiteService siteService,
             IStringLocalizer<ApplicationController> stringLocalizer,
             IAuthorizationService authorizationService,
-            IRoleProvider roleProvider,
+            IRoleService roleService,
             IOpenIdApplicationManager applicationManager,
             IHtmlLocalizer<ApplicationController> htmlLocalizer,
             INotifier notifier,
@@ -54,7 +54,7 @@ public ApplicationController(
             H = htmlLocalizer;
             _authorizationService = authorizationService;
             _applicationManager = applicationManager;
-            _roleProvider = roleProvider;
+            _roleService = roleService;
             _notifier = notifier;
             _shellDescriptor = shellDescriptor;
         }
@@ -99,7 +99,7 @@ public async Task<IActionResult> Create(string returnUrl = null)
 
             var model = new CreateOpenIdApplicationViewModel();
 
-            foreach (var role in await _roleProvider.GetRoleNamesAsync())
+            foreach (var role in await _roleService.GetRoleNamesAsync())
             {
                 model.RoleEntries.Add(new CreateOpenIdApplicationViewModel.RoleEntry
                 {
@@ -245,7 +245,7 @@ public async Task<IActionResult> Edit(string id, string returnUrl = null)
                 Type = await _applicationManager.GetClientTypeAsync(application)
             };
 
-            foreach (var role in await _roleProvider.GetRoleNamesAsync())
+            foreach (var role in await _roleService.GetRoleNamesAsync())
             {
                 model.RoleEntries.Add(new EditOpenIdApplicationViewModel.RoleEntry
                 {

src/OrchardCore.Modules/OrchardCore.Roles/Controllers/AdminController.cs

@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Generic;
 using System.Linq;
 using System.Security.Claims;
@@ -30,7 +30,7 @@ public class AdminController : Controller
         private readonly RoleManager<IRole> _roleManager;
         private readonly IEnumerable<IPermissionProvider> _permissionProviders;
         private readonly ITypeFeatureProvider _typeFeatureProvider;
-        private readonly IRoleProvider _roleProvider;
+        private readonly IRoleService _roleService;
         private readonly INotifier _notifier;
         private readonly IHtmlLocalizer<AdminController> TH;
 
@@ -43,14 +43,14 @@ public AdminController(
             ISiteService siteService,
             IShapeFactory shapeFactory,
             RoleManager<IRole> roleManager,
-            IRoleProvider roleProvider,
+            IRoleService roleService,
             INotifier notifier,
             IEnumerable<IPermissionProvider> permissionProviders
             )
         {
             TH = htmlLocalizer;
             _notifier = notifier;
-            _roleProvider = roleProvider;
+            _roleService = roleService;
             _typeFeatureProvider = typeFeatureProvider;
             _permissionProviders = permissionProviders;
             _roleManager = roleManager;
@@ -68,7 +68,7 @@ public async Task<ActionResult> Index()
                 return Unauthorized();
             }
 
-            var roles = await _roleProvider.GetRoleNamesAsync();
+            var roles = await _roleService.GetRoleNamesAsync();
 
             var model = new RolesViewModel
             {

src/OrchardCore.Modules/OrchardCore.Roles/Deployment/AllRolesDeploymentSource.cs

@@ -11,12 +11,12 @@ namespace OrchardCore.Roles.Deployment
     public class AllRolesDeploymentSource : IDeploymentSource
     {
         private readonly RoleManager<IRole> _roleManager;
-        private readonly IRoleProvider _roleProvider;
+        private readonly IRoleService _roleService;
 
-        public AllRolesDeploymentSource(RoleManager<IRole> roleManager, IRoleProvider roleProvider)
+        public AllRolesDeploymentSource(RoleManager<IRole> roleManager, IRoleService roleService)
         {
             _roleManager = roleManager;
-            _roleProvider = roleProvider;
+            _roleService = roleService;
         }
 
         public async Task ProcessDeploymentStepAsync(DeploymentStep step, DeploymentPlanResult result)
@@ -29,7 +29,7 @@ public async Task ProcessDeploymentStepAsync(DeploymentStep step, DeploymentPlan
             }
 
             // Get all roles
-            var allRoleNames = await _roleProvider.GetRoleNamesAsync();
+            var allRoleNames = await _roleService.GetRoleNamesAsync();
             var data = new JArray();
             var tasks = new List<Task>();
 

src/OrchardCore.Modules/OrchardCore.Roles/Services/RoleService.cs

@@ -0,0 +1,43 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Security.Claims;
+using System.Threading;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Identity;
+using OrchardCore.Security;
+using OrchardCore.Security.Services;
+
+namespace OrchardCore.Roles.Services
+{
+    public class RoleService : IRoleService
+    {
+        private readonly RoleManager<IRole> _roleManager;
+
+        public RoleService(RoleManager<IRole> roleManager)
+        {
+            _roleManager = roleManager;
+        }
+
+        public async Task<IEnumerable<Claim>> GetRoleClaimsAsync(string role, CancellationToken cancellationToken = default)
+        {
+            if (string.IsNullOrEmpty(role))
+            {
+                throw new ArgumentException("The role name cannot be null or empty.", nameof(role));
+            }
+
+            var entity = await _roleManager.FindByNameAsync(role);
+            if (entity == null)
+            {
+                return Array.Empty<Claim>();
+            }
+
+            return await _roleManager.GetClaimsAsync(entity);
+        }
+
+        public Task<IEnumerable<string>> GetRoleNamesAsync()
+        {
+            return Task.FromResult<IEnumerable<string>>(_roleManager.Roles.Select(a => a.RoleName));
+        }
+    }
+}

src/OrchardCore.Modules/OrchardCore.Roles/Services/RoleStore.cs

@@ -13,12 +13,11 @@
 using OrchardCore.Modules;
 using OrchardCore.Roles.Models;
 using OrchardCore.Security;
-using OrchardCore.Security.Services;
 using YesSql;
 
 namespace OrchardCore.Roles.Services
 {
-    public class RoleStore : IRoleClaimStore<IRole>, IRoleProvider
+    public class RoleStore : IRoleClaimStore<IRole>, IQueryableRoleStore<IRole>
     {
         private const string Key = "RolesManager.Roles";
 
@@ -50,6 +49,9 @@ public void Dispose()
         {
         }
 
+        public IQueryable<IRole> Roles =>
+            GetRolesAsync().Result.Roles.AsQueryable();
+
         public Task<RolesDocument> GetRolesAsync()
         {
             return _memoryCache.GetOrCreateAsync(Key, async (entry) =>
@@ -75,28 +77,6 @@ public void UpdateRoles(RolesDocument roles)
             _memoryCache.Set(Key, roles);
         }
 
-        public async Task<IEnumerable<string>> GetRoleNamesAsync()
-        {
-            var roles = await GetRolesAsync();
-            return roles.Roles.Select(x => x.RoleName).OrderBy(x => x).ToList();
-        }
-
-        public async Task<IEnumerable<Claim>> GetRoleClaimsAsync(string role, CancellationToken cancellationToken = default)
-        {
-            if (string.IsNullOrEmpty(role))
-            {
-                throw new ArgumentException("The role name cannot be null or empty.", nameof(role));
-            }
-
-            var entity = await FindByNameAsync(role, cancellationToken);
-            if (entity == null)
-            {
-                return Array.Empty<Claim>();
-            }
-
-            return await GetClaimsAsync(entity, cancellationToken);
-        }
-
         #region IRoleStore<IRole>
         public async Task<IdentityResult> CreateAsync(IRole role, CancellationToken cancellationToken)
         {

src/OrchardCore.Modules/OrchardCore.Roles/Startup.cs

@@ -26,7 +26,7 @@ public override void ConfigureServices(IServiceCollection services)
         {
             services.TryAddScoped<RoleManager<IRole>>();
             services.TryAddScoped<IRoleStore<IRole>, RoleStore>();
-            services.TryAddScoped<IRoleProvider, RoleStore>();
+            services.TryAddScoped<IRoleService, RoleService>();
             services.TryAddScoped<IRoleClaimStore<IRole>, RoleStore>();
             services.AddRecipeExecutionStep<RolesStep>();
 

src/OrchardCore.Modules/OrchardCore.Roles/ViewComponents/SelectRolesViewComponent.cs

@@ -8,11 +8,11 @@ namespace OrchardCore.Roles.ViewComponents
 {
     public class SelectRolesViewComponent : ViewComponent
     {
-        private readonly IRoleProvider _roleProvider;
+        private readonly IRoleService _roleService;
 
-        public SelectRolesViewComponent(IRoleProvider roleProvider)
+        public SelectRolesViewComponent(IRoleService roleService)
         {
-            _roleProvider = roleProvider;
+            _roleService = roleService;
         }
 
         public async Task<IViewComponentResult> InvokeAsync(IEnumerable<string> selectedRoles, string htmlName)
@@ -35,7 +35,7 @@ public async Task<IViewComponentResult> InvokeAsync(IEnumerable<string> selected
 
         private async Task<IList<Selection<string>>> BuildRoleSelectionsAsync(IEnumerable<string> selectedRoles)
         {
-            var roleNames = await _roleProvider.GetRoleNamesAsync();
+            var roleNames = await _roleService.GetRoleNamesAsync();
             var selections = roleNames.Select(x => new Selection<string>
             {
                 IsSelected = selectedRoles.Contains(x),

src/OrchardCore.Modules/OrchardCore.Users/Drivers/UserDisplayDriver.cs

@@ -18,7 +18,7 @@ public class UserDisplayDriver : DisplayDriver<User>
     {
         private readonly UserManager<IUser> _userManager;
         private readonly IUserService _userService;
-        private readonly IRoleProvider _roleProvider;
+        private readonly IRoleService _roleService;
         private readonly IUserStore<IUser> _userStore;
         private readonly IUserEmailStore<IUser> _userEmailStore;
         private readonly IUserRoleStore<IUser> _userRoleStore;
@@ -27,15 +27,15 @@ public class UserDisplayDriver : DisplayDriver<User>
         public UserDisplayDriver(
             UserManager<IUser> userManager,
             IUserService userService,
-            IRoleProvider roleProvider,
+            IRoleService roleService,
             IUserStore<IUser> userStore,
             IUserEmailStore<IUser> userEmailStore,
             IUserRoleStore<IUser> userRoleStore,
             IStringLocalizer<UserDisplayDriver> stringLocalizer)
         {
             _userManager = userManager;
             _userService = userService;
-            _roleProvider = roleProvider;
+            _roleService = roleService;
             _userStore = userStore;
             _userEmailStore = userEmailStore;
             _userRoleStore = userRoleStore;
@@ -157,7 +157,7 @@ public override async Task<IDisplayResult> UpdateAsync(User user, UpdateEditorCo
 
         private async Task<IEnumerable<string>> GetRoleNamesAsync()
         {
-            var roleNames = await _roleProvider.GetRoleNamesAsync();
+            var roleNames = await _roleService.GetRoleNamesAsync();
             return roleNames.Except(new[] { "Anonymous", "Authenticated" }, StringComparer.OrdinalIgnoreCase);
         }
     }

src/OrchardCore/OrchardCore.Infrastructure.Abstractions/Security/Services/IRoleProvider.cs → src/OrchardCore/OrchardCore.Infrastructure.Abstractions/Security/Services/IRoleService.cs

@@ -5,7 +5,7 @@
 
 namespace OrchardCore.Security.Services
 {
-    public interface IRoleProvider
+    public interface IRoleService
     {
         Task<IEnumerable<string>> GetRoleNamesAsync();
         Task<IEnumerable<Claim>> GetRoleClaimsAsync(string role, CancellationToken cancellationToken = default);

src/OrchardCore/OrchardCore.Users.Core/Services/UserStore.cs

@@ -20,15 +20,15 @@ public class UserStore :
         IUserLoginStore<IUser>
     {
         private readonly ISession _session;
-        private readonly IRoleProvider _roleProvider;
+        private readonly IRoleService _roleService;
         private readonly ILookupNormalizer _keyNormalizer;
 
         public UserStore(ISession session,
-            IRoleProvider roleProvider,
+            IRoleService roleService,
             ILookupNormalizer keyNormalizer)
         {
             _session = session;
-            _roleProvider = roleProvider;
+            _roleService = roleService;
             _keyNormalizer = keyNormalizer;
         }
 
@@ -308,7 +308,7 @@ public async Task AddToRoleAsync(IUser user, string normalizedRoleName, Cancella
                 throw new ArgumentNullException(nameof(user));
             }
 
-            var roleNames = await _roleProvider.GetRoleNamesAsync();
+            var roleNames = await _roleService.GetRoleNamesAsync();
             var roleName = roleNames?.FirstOrDefault(r => NormalizeKey(r) == normalizedRoleName);
 
             if (string.IsNullOrWhiteSpace(roleName))
@@ -326,7 +326,7 @@ public async Task RemoveFromRoleAsync(IUser user, string normalizedRoleName, Can
                 throw new ArgumentNullException(nameof(user));
             }
 
-            var roleNames = await _roleProvider.GetRoleNamesAsync();
+            var roleNames = await _roleService.GetRoleNamesAsync();
             var roleName = roleNames?.FirstOrDefault(r => NormalizeKey(r) == normalizedRoleName);
 
             if (string.IsNullOrWhiteSpace(roleName))

test/OrchardCore.Tests/Modules/OrchardCore.OpenId/ApplicationControllerTests.cs

@@ -33,7 +33,7 @@ public async Task UsersShouldNotBeAbleToCreateIfNotAllowed()
                 Mock.Of<ISiteService>(),
                 Mock.Of<IStringLocalizer<ApplicationController>>(),
                 Mock.Of<IAuthorizationService>(),
-                Mock.Of<IRoleProvider>(),
+                Mock.Of<IRoleService>(),
                 Mock.Of<IOpenIdApplicationManager>(),
                 Mock.Of<IHtmlLocalizer<ApplicationController>>(),
                 Mock.Of<INotifier>(),
@@ -51,7 +51,7 @@ public async Task UsersShouldBeAbleToCreateApplicationIfAllowed()
                 Mock.Of<ISiteService>(),
                 Mock.Of<IStringLocalizer<ApplicationController>>(),
                 MockAuthorizationServiceMock().Object,
-                Mock.Of<IRoleProvider>(),
+                Mock.Of<IRoleService>(),
                 Mock.Of<IOpenIdApplicationManager>(),
                 Mock.Of<IHtmlLocalizer<ApplicationController>>(),
                 Mock.Of<INotifier>(),
@@ -75,7 +75,7 @@ public async Task ConfidentionalClientNeedsSecret(string clientType, string clie
                 Mock.Of<ISiteService>(),
                 MockStringLocalizer().Object,
                 MockAuthorizationServiceMock().Object,
-                Mock.Of<IRoleProvider>(),
+                Mock.Of<IRoleService>(),
                 Mock.Of<IOpenIdApplicationManager>(),
                 Mock.Of<IHtmlLocalizer<ApplicationController>>(),
                 Mock.Of<INotifier>(),
@@ -111,7 +111,7 @@ public async Task RedirectUrisAreValid(string uris, bool expectValidModel)
                 Mock.Of<ISiteService>(),
                 MockStringLocalizer().Object,
                 MockAuthorizationServiceMock().Object,
-                Mock.Of<IRoleProvider>(),
+                Mock.Of<IRoleService>(),
                 Mock.Of<IOpenIdApplicationManager>(),
                 Mock.Of<IHtmlLocalizer<ApplicationController>>(),
                 Mock.Of<INotifier>(),