protected override async Task <bool> GetJsonAsync(IOwinEnvironment context, IClient client, CancellationToken cancellationToken)
        {
            Caching.AddDoNotCacheHeaders(context);

            var stormpathAccount = context.Request[OwinKeys.StormpathUser] as IAccount;

            var expansionOptions = _configuration.Web.Me.Expand;

            if (expansionOptions.Any(e => e.Value))
            {
                stormpathAccount = await GetExpandedAccount(stormpathAccount.Href, client, expansionOptions, cancellationToken);
            }

            var responseModel = new
            {
                account = await SanitizeExpandedAccount(stormpathAccount, expansionOptions, cancellationToken)
            };

            return(await JsonResponse.Ok(context, responseModel));
        }
Beispiel #2
0
        protected override async Task <bool> PostAsync(IOwinEnvironment context, IClient client, ContentNegotiationResult contentNegotiationResult, CancellationToken cancellationToken)
        {
            Caching.AddDoNotCacheHeaders(context);

            var rawBodyContentType             = context.Request.Headers.GetString("Content-Type");
            var bodyContentTypeDetectionResult = ContentNegotiation.DetectBodyType(rawBodyContentType);

            var isValidContentType = bodyContentTypeDetectionResult.Success && bodyContentTypeDetectionResult.ContentType == ContentType.FormUrlEncoded;

            if (!isValidContentType)
            {
                await Error.Create <OauthInvalidRequest>(context, cancellationToken);

                return(true);
            }

            var requestBody = await context.Request.GetBodyAsStringAsync(cancellationToken);

            var formData = FormContentParser.Parse(requestBody, _logger);

            var grantType = formData.GetString("grant_type");

            if (string.IsNullOrEmpty(grantType))
            {
                await Error.Create <OauthInvalidRequest>(context, cancellationToken);

                return(true);
            }

            try
            {
                if (grantType.Equals("client_credentials", StringComparison.OrdinalIgnoreCase) &&
                    _configuration.Web.Oauth2.Client_Credentials.Enabled)
                {
                    await ExecuteClientCredentialsFlow(context, client, cancellationToken);

                    return(true);
                }

                if (grantType.Equals("password", StringComparison.OrdinalIgnoreCase) &&
                    _configuration.Web.Oauth2.Password.Enabled)
                {
                    var username = WebUtility.UrlDecode(formData.GetString("username"));
                    var password = WebUtility.UrlDecode(formData.GetString("password"));
                    await ExecutePasswordFlow(context, client, username, password, cancellationToken);

                    return(true);
                }

                if (grantType.Equals("refresh_token", StringComparison.OrdinalIgnoreCase) &&
                    _configuration.Web.Oauth2.Password.Enabled)
                {
                    var refreshToken = WebUtility.UrlDecode(formData.GetString("refresh_token"));
                    await ExecuteRefreshFlow(context, client, refreshToken, cancellationToken);

                    return(true);
                }
            }
            catch (ResourceException rex)
            {
                // Special handling of API errors for the OAuth route
                return(await Error.Create(context, new OauthError(rex.Message, rex.GetProperty("error")), cancellationToken));
            }

            return(await Error.Create <OauthUnsupportedGrant>(context, cancellationToken));
        }