public override async Task ValidateLogoutRequest([NotNull] ValidateLogoutRequestContext context) { var applications = context.HttpContext.RequestServices.GetRequiredService <OpenIddictApplicationManager <TApplication> >(); var logger = context.HttpContext.RequestServices.GetRequiredService <ILogger <OpenIddictProvider <TApplication, TAuthorization, TScope, TToken> > >(); // If an optional post_logout_redirect_uri was provided, validate it. if (!string.IsNullOrEmpty(context.PostLogoutRedirectUri)) { var application = await applications.FindByLogoutRedirectUri(context.PostLogoutRedirectUri, context.HttpContext.RequestAborted); if (application == null) { logger.LogError("The logout request was rejected because the client application corresponding " + "to the specified post_logout_redirect_uri was not found in the database: " + "'{PostLogoutRedirectUri}'.", context.PostLogoutRedirectUri); context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "Invalid post_logout_redirect_uri."); return; } } context.Validate(); }
public override async Task ValidateLogoutRequest([NotNull] ValidateLogoutRequestContext context) { var services = context.HttpContext.RequestServices.GetRequiredService <OpenIddictServices <TApplication, TAuthorization, TScope, TToken> >(); // Skip validation if the optional post_logout_redirect_uri // parameter was missing from the logout request. if (string.IsNullOrEmpty(context.PostLogoutRedirectUri)) { services.Logger.LogInformation("The logout request validation process was skipped because " + "the post_logout_redirect_uri parameter was missing."); context.Skip(); return; } var application = await services.Applications.FindByLogoutRedirectUri(context.PostLogoutRedirectUri); if (application == null) { services.Logger.LogError("The logout request was rejected because the client application corresponding " + "to the specified post_logout_redirect_uri was not found in the database: " + "'{PostLogoutRedirectUri}'.", context.PostLogoutRedirectUri); context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "Invalid post_logout_redirect_uri."); return; } context.Validate(); }
public override async Task ValidateLogoutRequest([NotNull] ValidateLogoutRequestContext context) { var services = context.HttpContext.RequestServices.GetRequiredService <OpenIddictServices <TUser, TApplication> >(); // Skip validation if the optional post_logout_redirect_uri // parameter was missing from the logout request. if (string.IsNullOrEmpty(context.PostLogoutRedirectUri)) { context.Skip(); return; } var application = await services.Applications.FindApplicationByLogoutRedirectUri(context.PostLogoutRedirectUri); if (application == null) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "Invalid post_logout_redirect_uri."); return; } context.Validate(); }
public override async Task ValidateLogoutRequest(ValidateLogoutRequestContext context) { var database = context.HttpContext.RequestServices.GetRequiredService <ApplicationContext>(); // Skip validation if the post_logout_redirect_uri parameter was missing. if (string.IsNullOrEmpty(context.PostLogoutRedirectUri)) { context.Skip(); return; } // Note: ValidateClientLogoutRedirectUri is not invoked when post_logout_redirect_uri is null. // When provided, post_logout_redirect_uri must exactly match the address registered by the client application. if (!await database.Applications.AnyAsync(application => application.LogoutRedirectUri == context.PostLogoutRedirectUri)) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "Invalid post_logout_redirect_uri"); return; } context.Validate(); }
public override async Task ValidateLogoutRequest(ValidateLogoutRequestContext context) { // When provided, post_logout_redirect_uri must exactly // match the address registered by the client application. if (!string.IsNullOrEmpty(context.PostLogoutRedirectUri) && !await _database.Applications.AnyAsync(application => application.LogoutRedirectUri == context.PostLogoutRedirectUri)) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, description: "The specified 'post_logout_redirect_uri' is invalid."); return; } context.Validate(); }
public override async Task ValidateLogoutRequest([NotNull] ValidateLogoutRequestContext context) { // If an optional post_logout_redirect_uri was provided, validate it. if (!string.IsNullOrEmpty(context.PostLogoutRedirectUri)) { if (!Uri.TryCreate(context.PostLogoutRedirectUri, UriKind.Absolute, out Uri uri) || !uri.IsWellFormedOriginalString()) { Logger.LogError("The logout request was rejected because the specified post_logout_redirect_uri was not " + "a valid absolute URL: {PostLogoutRedirectUri}.", context.PostLogoutRedirectUri); context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, description: "The 'post_logout_redirect_uri' parameter must be a valid absolute URL."); return; } if (!string.IsNullOrEmpty(uri.Fragment)) { Logger.LogError("The logout request was rejected because the 'post_logout_redirect_uri' contained " + "a URL fragment: {PostLogoutRedirectUri}.", context.PostLogoutRedirectUri); context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, description: "The 'post_logout_redirect_uri' parameter must not include a fragment."); return; } if (!await Applications.ValidatePostLogoutRedirectUriAsync(context.PostLogoutRedirectUri)) { Logger.LogError("The logout request was rejected because the specified post_logout_redirect_uri " + "was unknown: {PostLogoutRedirectUri}.", context.PostLogoutRedirectUri); context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, description: "The specified 'post_logout_redirect_uri' parameter is not valid."); return; } } context.Validate(); }
public override async Task ValidateLogoutRequest(ValidateLogoutRequestContext context) { var database = context.HttpContext.RequestServices.GetRequiredService<ApplicationContext>(); // Skip validation if the post_logout_redirect_uri parameter was missing. if (string.IsNullOrEmpty(context.PostLogoutRedirectUri)) { context.Skip(); return; } // When provided, post_logout_redirect_uri must exactly match the address registered by the client application. if (!await database.Applications.AnyAsync(application => application.LogoutRedirectUri == context.PostLogoutRedirectUri)) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "Invalid post_logout_redirect_uri"); return; } context.Validate(); }
/// <summary> /// Represents an event called for each request to the logout endpoint /// to determine if the request is valid and should continue. /// </summary> /// <param name="context">The context instance associated with this event.</param> public override async Task ValidateLogoutRequest(ValidateLogoutRequestContext context) { // When provided, post_logout_redirect_uri must exactly // match the address registered by the client application. if (!context.PostLogoutRedirectUri.IsNullOrWhiteSpace()) { var rockContext = new RockContext(); var authClientService = new AuthClientService(rockContext); var authClient = await authClientService.GetByPostLogoutRedirectUrlAsync(context.PostLogoutRedirectUri); if (authClient == null) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, description: "The specified 'post_logout_redirect_uri' is invalid."); return; } } context.Validate(); }
/// <inheritdoc/> public async ValueTask HandleAsync(ProcessRequestContext context) { if (context is null) { throw new ArgumentNullException(nameof(context)); } var notification = new ValidateLogoutRequestContext(context.Transaction); await _dispatcher.DispatchAsync(notification); // Store the context object in the transaction so it can be later retrieved by handlers // that want to access the redirect_uri without triggering a new validation process. context.Transaction.SetProperty(typeof(ValidateLogoutRequestContext).FullName !, notification); if (notification.IsRequestHandled) { context.HandleRequest(); return; } else if (notification.IsRequestSkipped) { context.SkipRequest(); return; } else if (notification.IsRejected) { context.Reject( error: notification.Error ?? Errors.InvalidRequest, description: notification.ErrorDescription, uri: notification.ErrorUri); return; } context.Logger.LogInformation(SR.GetResourceString(SR.ID6125)); }
public override async Task ValidateLogoutRequest([NotNull] ValidateLogoutRequestContext context) { var clientMgr = context.HttpContext.RequestServices.GetRequiredService <OidcClientManager>(); // Skip validation if the post_logout_redirect_uri parameter was missing. if (string.IsNullOrEmpty(context.PostLogoutRedirectUri)) { context.Skip(); return; } // When provided, post_logout_redirect_uri must exactly match the address registered by the client application. if (!clientMgr.IsValidPostLogoutRedirectUri(context.PostLogoutRedirectUri)) { context.Reject( error: OpenIdConnectConstants.Errors.InvalidClient, description: "Invalid post_logout_redirect_uri"); return; } context.Validate(); }
public override async Task ValidateLogoutRequest([NotNull] ValidateLogoutRequestContext context) { var options = (OpenIddictServerOptions)context.Options; // If an optional post_logout_redirect_uri was provided, validate it. if (!string.IsNullOrEmpty(context.PostLogoutRedirectUri)) { if (!Uri.TryCreate(context.PostLogoutRedirectUri, UriKind.Absolute, out Uri uri) || !uri.IsWellFormedOriginalString()) { _logger.LogError("The logout request was rejected because the specified post_logout_redirect_uri was not " + "a valid absolute URL: {PostLogoutRedirectUri}.", context.PostLogoutRedirectUri); context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, description: "The 'post_logout_redirect_uri' parameter must be a valid absolute URL."); return; } if (!string.IsNullOrEmpty(uri.Fragment)) { _logger.LogError("The logout request was rejected because the 'post_logout_redirect_uri' contained " + "a URL fragment: {PostLogoutRedirectUri}.", context.PostLogoutRedirectUri); context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, description: "The 'post_logout_redirect_uri' parameter must not include a fragment."); return; } async Task <bool> ValidatePostLogoutRedirectUriAsync(string address) { var applications = await _applicationManager.FindByPostLogoutRedirectUriAsync(address); if (applications.IsDefaultOrEmpty) { return(false); } if (options.IgnoreEndpointPermissions) { return(true); } foreach (var application in applications) { if (await _applicationManager.HasPermissionAsync( application, OpenIddictConstants.Permissions.Endpoints.Logout)) { return(true); } } return(false); } if (!await ValidatePostLogoutRedirectUriAsync(context.PostLogoutRedirectUri)) { _logger.LogError("The logout request was rejected because the specified post_logout_redirect_uri " + "was unknown: {PostLogoutRedirectUri}.", context.PostLogoutRedirectUri); context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, description: "The specified 'post_logout_redirect_uri' parameter is not valid."); return; } } context.Validate(); await _eventService.PublishAsync(new OpenIddictServerEvents.ValidateLogoutRequest(context)); }
public Task ValidateLogoutRequest(ValidateLogoutRequestContext context) { throw new NotImplementedException(); }
public override Task ValidateLogoutRequest(ValidateLogoutRequestContext context) { // Don't validate logout url, as we don't have it context.Validate(); return(Task.CompletedTask); }