public void Should_allow_default_tokens_for_any_identity_and_purpose() { const string tokenType = "session"; var sessionToken = _tokenStore.CreateToken(tokenType); var token = _tokenStore.GetToken(tokenType, sessionToken); Assert.IsNotNull(token); Assert.AreEqual(sessionToken, token.Value); Assert.IsTrue(string.IsNullOrEmpty(token.Identity)); Assert.IsTrue(string.IsNullOrEmpty(token.Purpose)); Assert.AreEqual(TokenStatus.Allowed, token.Status); const string identity = "urn:user:431"; const string purpose = "login"; token = _tokenStore.GetToken(tokenType, sessionToken, purpose, identity); Assert.IsNotNull(token); Assert.AreEqual(sessionToken, token.Value); Assert.AreEqual(purpose, token.Purpose); Assert.AreEqual(identity, token.Identity); Assert.AreEqual(TokenStatus.Allowed, token.Status); }
private void SendPasswordReset(IOwinContext context, Identification identification) { var form = context.Request.ReadFormAsync().Result; var userName = form["username"]; if (userName == null) { SetOutcome(context, identification, "No user name provided"); } else { var token = _tokenStore.CreateToken("passwordReset", new[] { "ResetPassword" }, userName); var session = context.GetFeature <ISession>(); if (session != null) { session.Set("reset-token", token); } SetOutcome(context, identification, "Password reset token is: " + token); } GoHome(context, identification); }
/// <summary> /// This method injects an access token into any html page that needs /// one, and also injects Javascript to delete the token when the /// page is unloaded. /// </summary> private Task InjectToken(IOwinContext context, Func <Task> next) { var response = context.Response; var newStream = new MemoryStream(); var originalStream = response.Body; response.Body = newStream; return(next().ContinueWith(downstream => { if (downstream.Exception != null) { throw downstream.Exception; } response.Body = originalStream; if (string.Equals(response.ContentType, "text/html", StringComparison.OrdinalIgnoreCase)) { var encoding = Encoding.UTF8; var originalBytes = newStream.ToArray(); var html = encoding.GetString(originalBytes); var apiToken = string.Empty; if (html.Contains("{{api-token}}")) { apiToken = _tokenStore.CreateToken("api"); var unloadStript = "<script>\n" + "window.onunload = function(){\n" + " var xhttp = new XMLHttpRequest();\n" + " xhttp.open('DELETE', '" + _deleteTokenPath.Value + "', true);\n" + " xhttp.setRequestHeader('api-token', '" + apiToken + "');\n" + " xhttp.send();\n" + "}\n" + "</script>\n"; html = html.Replace("</body>", unloadStript + "</body>"); } var identification = context.GetFeature <IIdentification>(); var identity = identification == null ? string.Empty : (identification.IsAnonymous ? "Anonymous" : identification.Identity); var session = context.GetFeature <ISession>(); var regex = new Regex("{{([^}]+)}}"); html = regex.Replace(html, m => { var key = m.Groups[1].Value.ToLower(); switch (key) { case "api-token": return apiToken; case "identity": return identity; default: return session == null ? string.Empty : (session.Get <string>(key) ?? string.Empty); } }); var newBytes = encoding.GetBytes(html); originalStream.Write(newBytes, 0, newBytes.Length); } else { newStream.WriteTo(originalStream); } })); }