public object Post(ApprovalResponse ApprovalResponse)
{
ApprovalData data = new ApprovalData();
data.User = Session.Get <DataModels.ResourceOwner>("AuthResourceOwner");
Request.Items.Add("Model", data);
data.Redirect = ApprovalResponse.redirect;
Uri referrerURI = Request.GetReferrerURI();
Uri current = new Uri(Request.AbsoluteUri);
//CRSF protection
if (!referrerURI.SchemeHostPathMatch(current))
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Request", ApprovalResponse);
}
Uri redirectURI = null;
if (!Uri.TryCreate(ApprovalResponse.redirect, UriKind.RelativeOrAbsolute, out redirectURI) ||
(redirectURI.IsAbsoluteUri && redirectURI.Host != current.Host))
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Redirect URI", data);
}
data.Redirect = redirectURI.ToString();
DataModels.ResourceOwner owner = Session.Get <DataModels.ResourceOwner>("AuthResourceOwner");
if (owner == null)
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.access_denied, "Not Authenticated", data);
}
data.Owner = owner;
DataModels.Client client = ClientModel.GetClientByID(ApprovalResponse.client_id);
if (client == null)
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.invalid_request, "Invalid Client ID", data);
}
data.Client = client;
List <DataModels.Scope> scopes = ScopeModel.GetScopeDetails(ApprovalResponse.approved_scopes).ToList();
string scope = "";
if (scopes != null)
{
scopes.ForEach((cur) => scope += cur.scope_name + " ");
}
data.RequestedScopes = scopes;
DataModels.Approval approval = new DataModels.Approval()
{
client_id = client.id,
resource_owner_id = owner.id,
type = DataModels.ApprovalTypes.user_granted,
scope = scope,
};
if (!ApprovalModel.AddOrUpdateApproval(approval))
{
throw TokenErrorUtility.CreateError(DataModels.ErrorCodes.server_error, "Error storing approval", data);
}
return(new HttpResult(data)
{
StatusCode = System.Net.HttpStatusCode.Redirect,
Location = ApprovalResponse.redirect
});
}
