mattbrailsford · redmorello · Dec 21, 2020
diff --git a/src/Our.Umbraco.AuthU/Our.Umbraco.AuthU.csproj b/src/Our.Umbraco.AuthU/Our.Umbraco.AuthU.csproj
@@ -274,6 +274,7 @@
     <Compile Include="Models\UmbracoKeyValue.cs" />
     <Compile Include="OAuthConstants.cs" />
     <Compile Include="OAuthContext.cs" />
+    <Compile Include="Services\UmbracoUsersRoleOAuthUserService.cs" />
     <Compile Include="Services\MembershipProviderOAuthUserService.cs" />
     <Compile Include="Web\Helpers\PrincipalHelper.cs" />
     <Compile Include="Web\Mvc\AddOAuthChallengeResult.cs" />

diff --git a/src/Our.Umbraco.AuthU/Services/UmbracoUsersRoleOAuthUserService.cs b/src/Our.Umbraco.AuthU/Services/UmbracoUsersRoleOAuthUserService.cs
@@ -0,0 +1,65 @@
+using System.Collections.Generic;
+using System.Linq;
+using System.Security.Claims;
+using System.Web.Security;
+using Our.Umbraco.AuthU.Interfaces;
+using Umbraco.Core.Models.Membership;
+using Umbraco.Core.Services;
+using Umbraco.Core.Composing;
+
+namespace Our.Umbraco.AuthU.Services
+{
+    public abstract class UmbracoUsersRoleOAuthUserService : IOAuthUserService
+    {
+        public string UserType => "UmbracoUser";
+        private MembershipProvider MemberProvider => Membership.Providers["UsersMembershipProvider"];
+        private readonly IUserService _userService = Current.Services.UserService;
+
+        public bool ValidateUser(string username)
+        {
+            try
+            {
+                var user = _userService.GetByUsername(username);
+                return user != null && user.IsApproved && !user.IsLockedOut;
+            }
+            catch
+            {
+                return false;
+            }
+        }
+
+        public bool ValidateUser(string username, string password)
+        {
+            try
+            {
+                return MemberProvider.ValidateUser(username, password);
+            }
+            catch
+            {
+                return false;
+            }
+        }
+
+        public IEnumerable<Claim> GetUserClaims(string username)
+        {
+            IUser user = null;
+
+            try
+            {
+                user = _userService.GetByUsername(username);
+            }
+            catch { }
+
+            if (user != null)
+            {
+                yield return new Claim(ClaimTypes.NameIdentifier, user.ProviderUserKey.ToString());
+
+                var roles = user.Groups.Select(g => g.Alias);
+                foreach (var role in roles)
+                {
+                    yield return new Claim(ClaimTypes.Role, role);
+                }
+            }
+        }
+    }
+}