public async Task When_Passing_No_Authentication_Instruction_Then_Exception_Is_Thrown()
{
await Assert
.ThrowsAsync <NullReferenceException>(
() => _authenticateClient.Authenticate(null, null, CancellationToken.None))
.ConfigureAwait(false);
}
public async Task <Option <GrantedToken> > GetTokenByClientCredentialsGrantType(
ClientCredentialsGrantTypeParameter clientCredentialsGrantTypeParameter,
AuthenticationHeaderValue?authenticationHeaderValue,
X509Certificate2?certificate,
string issuerName,
CancellationToken cancellationToken)
{
if (string.IsNullOrWhiteSpace(clientCredentialsGrantTypeParameter.Scope))
{
return(new ErrorDetails
{
Status = HttpStatusCode.BadRequest,
Title = ErrorCodes.InvalidRequest,
Detail = string.Format(Strings.MissingParameter, StandardTokenRequestParameterNames.ScopeName)
});
}
// 1. Authenticate the client
var instruction = authenticationHeaderValue.GetAuthenticateInstruction(
clientCredentialsGrantTypeParameter,
certificate);
var authResult = await _authenticateClient.Authenticate(instruction, issuerName, cancellationToken)
.ConfigureAwait(false);
var client = authResult.Client;
if (client == null)
{
return(new ErrorDetails
{
Status = HttpStatusCode.BadRequest,
Title = ErrorCodes.InvalidClient,
Detail = authResult.ErrorMessage !
});
public async Task <Option <GrantedToken> > GetTokenByTicketId(
GetTokenViaTicketIdParameter parameter,
AuthenticationHeaderValue?authenticationHeaderValue,
X509Certificate2?certificate,
string issuerName,
CancellationToken cancellationToken)
{
if (string.IsNullOrWhiteSpace(parameter.Ticket))
{
_logger.LogError("Ticket is null or empty");
return(new ErrorDetails
{
Status = HttpStatusCode.BadRequest,
Title = ErrorCodes.InvalidRequest,
Detail = string.Format(Strings.MissingParameter, UmaConstants.RptClaims.Ticket)
});
}
var instruction = authenticationHeaderValue.GetAuthenticateInstruction(parameter, certificate);
var authResult = await _authenticateClient.Authenticate(instruction, issuerName, cancellationToken)
.ConfigureAwait(false);
var client = authResult.Client;
if (client == null)
{
_logger.LogError("Client not found.");
return(new ErrorDetails
{
Status = HttpStatusCode.BadRequest,
Title = ErrorCodes.InvalidClient,
Detail = authResult.ErrorMessage !
});
public async Task <Option> Execute(
RevokeTokenParameter revokeTokenParameter,
AuthenticationHeaderValue?authenticationHeaderValue,
X509Certificate2?certificate,
string issuerName,
CancellationToken cancellationToken)
{
var refreshToken = revokeTokenParameter.Token;
if (refreshToken == null)
{
_logger.LogError(Strings.TheRefreshTokenIsNotValid);
return(new ErrorDetails
{
Detail = Strings.TheRefreshTokenIsNotValid,
Status = HttpStatusCode.BadRequest,
Title = ErrorCodes.InvalidToken
});
}
// 1. Check the client credentials
var instruction = authenticationHeaderValue.GetAuthenticateInstruction(revokeTokenParameter, certificate);
var authResult = await _authenticateClient.Authenticate(instruction, issuerName, cancellationToken)
.ConfigureAwait(false);
var client = authResult.Client;
if (client == null)
{
_logger.LogError(authResult.ErrorMessage);
return(new ErrorDetails
{
Detail = authResult.ErrorMessage !,
Status = HttpStatusCode.BadRequest,
Title = ErrorCodes.InvalidClient
});
/// <summary>
/// Check the parameters based on the RFC : http://openid.net/specs/openid-connect-core-1_0.html#TokenRequestValidation
/// </summary>
/// <param name="authorizationCodeGrantTypeParameter"></param>
/// <param name="authenticationHeaderValue"></param>
/// <param name="certificate"></param>
/// <param name="issuerName"></param>
/// <param name="cancellationToken">The <see cref="CancellationToken"/> for the async operation.</param>
/// <returns></returns>
private async Task <Option <ValidationResult> > ValidateParameter(
AuthorizationCodeGrantTypeParameter authorizationCodeGrantTypeParameter,
AuthenticationHeaderValue?authenticationHeaderValue,
X509Certificate2?certificate,
string issuerName,
CancellationToken cancellationToken)
{
if (authorizationCodeGrantTypeParameter.Code == null)
{
return(new ErrorDetails
{
Status = HttpStatusCode.BadRequest,
Title = ErrorCodes.InvalidGrant,
Detail = Strings.TheAuthorizationCodeIsNotCorrect
});
}
// 1. Authenticate the client
var instruction = authenticationHeaderValue.GetAuthenticateInstruction(
authorizationCodeGrantTypeParameter,
certificate);
var authResult = await _authenticateClient.Authenticate(instruction, issuerName, cancellationToken)
.ConfigureAwait(false);
var client = authResult.Client;
if (client == null)
{
return(new ErrorDetails
{
Status = HttpStatusCode.BadRequest,
Title = ErrorCodes.InvalidClient,
Detail = authResult.ErrorMessage !
});
public override void Respond(IHttpContext context)
{
if (context.Request.Headers["Accept"] != TokenContentType)
{
context.Response.StatusCode = (int)HttpStatusCode.BadRequest;
context.WriteJson(new { error = "invalid_request", error_description = "Accept should be: " + TokenContentType });
return;
}
if (context.Request.Headers["grant_type"] != TokenGrantType)
{
context.Response.StatusCode = (int)HttpStatusCode.BadRequest;
context.WriteJson(new { error = "unsupported_grant_type", error_description = "Only supported grant_type is: " + TokenGrantType });
return;
}
var identity = GetUserAndPassword(context);
if (identity == null)
{
context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
context.Response.AddHeader("WWW-Authenticate", "Basic realm=\"Raven DB\"");
context.WriteJson(new { error = "invalid_client", error_description = "No client authentication was provided" });
return;
}
List <DatabaseAccess> authorizedDatabases;
if (!AuthenticateClient.Authenticate(Database, identity.Item1, identity.Item2, out authorizedDatabases))
{
if ((Database == SystemDatabase ||
!AuthenticateClient.Authenticate(SystemDatabase, identity.Item1, identity.Item2, out authorizedDatabases)))
{
context.Response.StatusCode = (int)HttpStatusCode.Unauthorized;
context.Response.AddHeader("WWW-Authenticate", "Basic realm=\"Raven DB\"");
context.WriteJson(new { error = "unauthorized_client", error_description = "Invalid client credentials" });
return;
}
}
Interlocked.Increment(ref numberOfTokensIssued);
var userId = identity.Item1;
var token = AccessToken.Create(Settings.OAuthTokenKey, new AccessTokenBody
{
UserId = userId,
AuthorizedDatabases = authorizedDatabases
});
context.Write(token.Serialize());
}
public bool Authenticate(string username, string password, string domain)
{
LDAPAuth.AuthenticateClient authService = new AuthenticateClient();
string ldapUrl = System.Configuration.ConfigurationManager.AppSettings["ldapUrl"];
authService.InnerChannel.OperationTimeout = System.TimeSpan.MaxValue;
bool retData = authService.Authenticate(username, domain, password, ldapUrl);
return(retData);
}
private void btnLogIn_Click(object sender, RoutedEventArgs e)
{
lblError.Content = "";
byte[] cipheredKeyContainer = new byte[64];
IAuthenticate proxy = new AuthenticateClient();
LavaResult result = proxy.Authenticate(tbUserName.Text, pbPassword.Password);
if (result.Result == LAVA_ERROR_CODE.NO_MASTER_KEY)
{
MasterKeyWindow msKeyWnd = new MasterKeyWindow();
msKeyWnd.ShowDialog();
byte[] masterKey = CryptoLibrary.generateRandom(32);
byte[] keyContainer = TLVUtil.StoreTag(0x25, masterKey);
cipheredKeyContainer = CryptoLibrary.encrypt28147cfb(
CryptoLibrary.computeHash3411(Utility.StringToByteArray(MasterKeyWindow.Password)),
keyContainer);
result = proxy.StoreKeyContainer(tbUserName.Text, cipheredKeyContainer);
if (result.Result != LAVA_ERROR_CODE.OK)
{
lblError.Content = "Error while putting container: " + result.Result.ToString();
return;
}
}
if (result.Result == LAVA_ERROR_CODE.OK)
{
EnterMasterKey enterKey = new EnterMasterKey(tbUserName.Text, (AuthenticateClient)proxy);
enterKey.ShowDialog();
byte[] key = EnterMasterKey.key;
this.Close();
LavaUser user = new LavaUser(tbUserName.Text, pbPassword.Password);
user.MasterKey = key;
wnd.Show(user);
}
else
lblError.Content = "wrong name or pword";
}
public async Task <Option <GrantedToken> > Execute(
RefreshTokenGrantTypeParameter refreshTokenGrantTypeParameter,
AuthenticationHeaderValue?authenticationHeaderValue,
X509Certificate2?certificate,
string issuerName,
CancellationToken cancellationToken)
{
// 1. Try to authenticate the client
var instruction = authenticationHeaderValue.GetAuthenticateInstruction(
refreshTokenGrantTypeParameter,
certificate);
var authResult = await _authenticateClient.Authenticate(instruction, issuerName, cancellationToken)
.ConfigureAwait(false);
var client = authResult.Client;
if (client == null)
{
return(new ErrorDetails
{
Status = HttpStatusCode.BadRequest,
Title = ErrorCodes.InvalidClient,
Detail = authResult.ErrorMessage !
});