public UserAuthorizationResponse PrepareAuthorizationResponse(UserAuthorizationRequest request)
{
Requires.NotNull(request, "request");
// It is very important for us to ignore the oauth_callback argument in the
// UserAuthorizationRequest if the Consumer is a 1.0a consumer or else we
// open up a security exploit.
IServiceProviderRequestToken token = this.TokenManager.GetRequestToken(request.RequestToken);
Uri callback;
if (request.Version >= Protocol.V10a.Version)
{
// In OAuth 1.0a, we'll prefer the token-specific callback to the pre-registered one.
if (token.Callback != null)
{
callback = token.Callback;
}
else
{
IConsumerDescription consumer = this.TokenManager.GetConsumer(token.ConsumerKey);
callback = consumer.Callback;
}
}
else
{
// In OAuth 1.0, we'll prefer the pre-registered callback over the token-specific one
// since 1.0 has a security weakness for user-modified callback URIs.
IConsumerDescription consumer = this.TokenManager.GetConsumer(token.ConsumerKey);
callback = consumer.Callback ?? request.Callback;
}
return(callback != null?this.PrepareAuthorizationResponse(request, callback) : null);
}
public void UpdateToken(IServiceProviderRequestToken token) {
// Nothing to do here, since we're using Linq To SQL, and
// We call LinqToSql's SubmitChanges method via our Global.Application_EndRequest method.
// This is a good pattern because we only save changes if the request didn't end up somehow failing.
// But if you DO want to save changes at this point, you could do it like so:
////Global.DataContext.SubmitChanges();
}
/// <summary>
/// Ensures that short-lived request tokens included in incoming messages have not expired.
/// </summary>
/// <param name="message">The incoming message.</param>
/// <exception cref="ProtocolException">Thrown when the token in the message has expired.</exception>
private void VerifyThrowTokenTimeToLive(ITokenContainingMessage message)
{
ErrorUtilities.VerifyInternal(!(message is AccessProtectedResourceRequest), "We shouldn't be verifying TTL on access tokens.");
if (message == null || string.IsNullOrEmpty(message.Token))
{
return;
}
try {
IServiceProviderRequestToken token = this.tokenManager.GetRequestToken(message.Token);
TimeSpan ttl = this.securitySettings.MaximumRequestTokenTimeToLive;
if (DateTime.Now >= token.CreatedOn.ToLocalTimeSafe() + ttl)
{
Logger.OAuth.ErrorFormat(
"OAuth request token {0} rejected because it was originally issued at {1}, expired at {2}, and it is now {3}.",
token.Token,
token.CreatedOn,
token.CreatedOn + ttl,
DateTime.Now);
ErrorUtilities.ThrowProtocol(OAuthStrings.TokenNotFound);
}
} catch (KeyNotFoundException ex) {
throw ErrorUtilities.Wrap(ex, OAuthStrings.TokenNotFound);
}
}
public void UpdateToken(IServiceProviderRequestToken token)
{
// Nothing to do here, since we're using Linq To SQL, and
// We call LinqToSql's SubmitChanges method via our Global.Application_EndRequest method.
// This is a good pattern because we only save changes if the request didn't end up somehow failing.
// But if you DO want to save changes at this point, you could do it like so:
////Global.DataContext.SubmitChanges();
}
public void UpdateToken(IServiceProviderRequestToken token)
{
var authToken = OAuthServices.GetToken(token.Token);
authToken.VerificationCode = token.VerificationCode;
authToken.Callback = token.Callback.AbsoluteUri;
authToken.Version = token.ConsumerVersion.ToString();
authToken.Token = token.Token;
authToken.VerificationCode = token.VerificationCode;
_oAuthServices.UpdateToken(authToken);
}
protected void Page_Load(object sender, EventArgs e)
{
this.MasterPage.VisibleHeader
= this.MasterPage.VisibleMainMenu
= this.MasterPage.VisibleLeftArea
= this.MasterPage.VisibleSubmenu
= this.MasterPage.VisibleBreadcrumbs
= this.MasterPage.VisibleFooter
= this.MasterPage.VisibleHeaderMessage
= this.MasterPage.EnableOverlay
= false;
if (this.EnableEmbeddedStyleSheets)
{
if (FrameworkConfiguration.Current.WebApplication.MasterPage.Theme == Pages.MasterPageTheme.Modern)
{
this.Page.Header.Controls.Add(Support.CreateStyleSheetLink(ResourceProvider.GetResourceUrl(ResourceProvider.LogOnModernStyleSheet, true)));
}
else
{
this.Page.Header.Controls.Add(Support.CreateStyleSheetLink(ResourceProvider.GetResourceUrl(ResourceProvider.LogOnStyleSheet, true)));
}
}
m_PendingRequest = TokenProvider.Current.GetPendingUserAuthorizationRequest();
if (!IsPostBack)
{
this.LoadResources();
MainMultiView.ActiveViewIndex = 2;
if (m_PendingRequest == null)
{
//Response.Redirect("~/Members/AuthorizedConsumers.aspx"); // TODO: Need to redirect to user's start page?
}
else
{
MainMultiView.ActiveViewIndex = 0;
string token = ((ITokenContainingMessage)m_PendingRequest).Token;
IServiceProviderRequestToken requestToken = TokenProvider.Current.GetRequestToken(token);
OAuthDataSet.OAuthTokenRow requestTokenRow = (OAuthDataSet.OAuthTokenRow)requestToken;
ConsumerLiteral.Text = string.Format(CultureInfo.InvariantCulture, Resources.OAuthControl_ConsumerLiteral_Text, TokenProvider.Current.GetConsumer(requestTokenRow.ConsumerId).Key, FrameworkConfiguration.Current.WebApplication.Name);
// Generate an unpredictable secret that goes to the user agent and must come back with authorization
// to guarantee the user interacted with this page rather than being scripted by an evil Consumer.
OAuthAuthorizationSecToken.Value = UserContext.OAuthAuthorizationSecret = TokenProvider.Current.GenerateTokenSecret();
}
}
}
/// <summary> </summary>
public void UpdateToken(IServiceProviderRequestToken token)
{
var tokenInDb = GlobalApplication.AuthTokens.SingleOrDefault(x => x.Token == token.Token);
if (tokenInDb != null)
{
tokenInDb.VerificationCode = token.VerificationCode;
tokenInDb.Callback = token.Callback;
//tokenInDb.ConsumerKey = token.ConsumerKey;
tokenInDb.Version = token.ConsumerVersion;
tokenInDb.Token = token.Token;
tokenInDb.VerificationCode = token.VerificationCode;
}
}
public void UpdateToken(IServiceProviderRequestToken token)
{
if (token != null)
{
OAuthDataSet.OAuthTokenRow row = GetOAuthTokenRow(token.Token);
if (row != null)
{
row.RequestTokenVerifier = token.VerificationCode;
using (OAuthTokenTableAdapter adapter = new OAuthTokenTableAdapter())
{
adapter.Update(row);
}
}
}
}
/// <summary>
/// Authorise a request token by adding a user to it.
/// </summary>
/// <param name="username">The username of the user to authorise the request token with.</param>
/// <param name="requestToken">The request token being authorised.</param>
/// <returns>true if authorisation successful; else null.</returns>
/// <exception cref="ArgumentException">Thrown if a parameter is not valid.</exception>
/// <exception cref="ArgumentNullException">Thrown if a parameter is null.</exception>
/// <exception cref="Glipho.OAuth.OAuthException">Thrown if an error occurs while executing the requested command.</exception>
public bool AuthoriseRequestToken(string username, IServiceProviderRequestToken requestToken)
{
if (string.IsNullOrWhiteSpace(username))
{
throw new ArgumentException("username does not have a value.", "username");
}
if (requestToken == null)
{
throw new ArgumentNullException("requestToken", "requestToken is null");
}
var token = this.issuedTokens.Get(requestToken.Token) as Database.RequestToken;
if (token == null)
{
return false;
}
token.Username = username;
token.Authorised = true;
return this.issuedTokens.Update(requestToken.Token, token);
}
public void UpdateToken(IServiceProviderRequestToken token) {
// Nothing to do here, since there's no database in this sample.
}
/// <summary>
/// Persists any changes made to the token.
/// </summary>
/// <param name="token">The token whose properties have been changed.</param>
/// <remarks>
/// This library will invoke this method after making a set
/// of changes to the token as part of a web request to give the host
/// the opportunity to persist those changes to a database.
/// Depending on the object persistence framework the host site uses,
/// this method MAY not need to do anything (if changes made to the token
/// will automatically be saved without any extra handling).
/// </remarks>
void IServiceProviderTokenManager.UpdateToken(IServiceProviderRequestToken token) {
Contract.Requires<ArgumentNullException>(token != null);
throw new NotImplementedException();
}
/// <summary>
/// Persists any changes made to the token.
/// </summary>
/// <param name="token">The token whose properties have been changed.</param>
/// <exception cref="ArgumentNullException">Thrown if a parameter is null.</exception>
/// <exception cref="InvalidOperationException">Thrown if the <paramref name="token"/> is not a <see cref="Database.RequestToken"/>.</exception>
/// <exception cref="Glipho.OAuth.OAuthException">Thrown if an error occurs while executing the requested command.</exception>
/// <remarks>
/// This library will invoke this method after making a set
/// of changes to the token as part of a web request to give the host
/// the opportunity to persist those changes to a database.
/// Depending on the object persistence framework the host site uses,
/// this method MAY not need to do anything (if changes made to the token
/// will automatically be saved without any extra handling).
/// </remarks>
public void UpdateToken(IServiceProviderRequestToken token)
{
if (token == null)
{
throw new ArgumentNullException("token", "token is null");
}
var existing = this.issuedTokens.Get(token.Token) as Database.RequestToken;
if (existing == null)
{
throw new InvalidOperationException(string.Format("token is of type \"{0}\" and not of expected type RequestToken.", token.GetType()));
}
this.issuedTokens.Update(token.Token, token.ToDataRequestToken(existing));
}
public void UpdateToken(IServiceProviderRequestToken token)
{
// Nothing to do here, since we're using Linq To SQL.
}
public void UpdateToken(IServiceProviderRequestToken token)
{
var tokenInDb = Global.AuthTokens.SingleOrDefault(x => x.Token == token.Token);
if (tokenInDb != null)
{
tokenInDb.VerificationCode = token.VerificationCode;
tokenInDb.Callback = token.Callback;
//tokenInDb.ConsumerKey = token.ConsumerKey;
tokenInDb.Version = token.ConsumerVersion;
tokenInDb.Token = token.Token;
tokenInDb.VerificationCode = token.VerificationCode;
}
}
/// <summary>
/// Persists any changes made to the token.
/// </summary>
/// <param name="token">The token whose properties have been changed.</param>
/// <remarks>
/// This library will invoke this method after making a set
/// of changes to the token as part of a web request to give the host
/// the opportunity to persist those changes to a database.
/// Depending on the object persistence framework the host site uses,
/// this method MAY not need to do anything (if changes made to the token
/// will automatically be saved without any extra handling).
/// </remarks>
void IServiceProviderTokenManager.UpdateToken(IServiceProviderRequestToken token) {
Requires.NotNull(token, "token");
throw new NotImplementedException();
}
/// <summary>
/// Persists any changes made to the token.
/// </summary>
/// <param name="token">The token whose properties have been changed.</param>
/// <remarks>
/// This library will invoke this method after making a set
/// of changes to the token as part of a web request to give the host
/// the opportunity to persist those changes to a database.
/// Depending on the object persistence framework the host site uses,
/// this method MAY not need to do anything (if changes made to the token
/// will automatically be saved without any extra handling).
/// </remarks>
void IServiceProviderTokenManager.UpdateToken(IServiceProviderRequestToken token)
{
Requires.NotNull(token, "token");
throw new NotImplementedException();
}
public void UpdateToken(IServiceProviderRequestToken token) {
// Nothing to do here, since we're using Linq To SQL.
}
public void UpdateToken(IServiceProviderRequestToken token)
{
try
{
TokenInfo tokenInfo = this.tokens[token.Token];
tokenInfo.Callback = token.Callback;
tokenInfo.ConsumerKey = token.ConsumerKey;
tokenInfo.ConsumerVersion = token.ConsumerVersion;
tokenInfo.CreatedOn = token.CreatedOn;
tokenInfo.VerificationCode = token.VerificationCode;
}
catch (Exception) { throw new KeyNotFoundException("Unrecognized token"); }
}
/// <summary>
/// Persists any changes made to the token.
/// </summary>
/// <param name="token">The token whose properties have been changed.</param>
/// <remarks>
/// This library will invoke this method after making a set
/// of changes to the token as part of a web request to give the host
/// the opportunity to persist those changes to a database.
/// Depending on the object persistence framework the host site uses,
/// this method MAY not need to do anything (if changes made to the token
/// will automatically be saved without any extra handling).
/// </remarks>
public void UpdateToken(IServiceProviderRequestToken token)
{
Database.DataContext.SaveChanges();
}
/// <summary>
/// Persists any changes made to the token.
/// </summary>
/// <param name="token">The token whose properties have been changed.</param>
/// <remarks>
/// This library will invoke this method after making a set
/// of changes to the token as part of a web request to give the host
/// the opportunity to persist those changes to a database.
/// Depending on the object persistence framework the host site uses,
/// this method MAY not need to do anything (if changes made to the token
/// will automatically be saved without any extra handling).
/// </remarks>
public void UpdateToken(IServiceProviderRequestToken token) {
Database.DataContext.SaveChanges();
}
/// <summary>
/// Persists any changes made to the token.
/// </summary>
/// <param name="token">The token whose properties have been changed.</param>
/// <remarks>
/// This library will invoke this method after making a set
/// of changes to the token as part of a web request to give the host
/// the opportunity to persist those changes to a database.
/// Depending on the object persistence framework the host site uses,
/// this method MAY not need to do anything (if changes made to the token
/// will automatically be saved without any extra handling).
/// </remarks>
void IServiceProviderTokenManager.UpdateToken(IServiceProviderRequestToken token)
{
Contract.Requires <ArgumentNullException>(token != null);
throw new NotImplementedException();
}
public void UpdateToken(IServiceProviderRequestToken token)
{
// Nothing to do here, since there's no database in this sample.
}
