private async Task <IEndpointResult> ProcessSignoutCallbackAsync(IdentityServerContext context)
{
if (context.HttpContext.Request.Method != "GET")
{
_logger.LogWarning("Invalid HTTP method for end session endpoint.");
return(new StatusCodeResult(HttpStatusCode.MethodNotAllowed));
}
_logger.LogInformation("Processing singout callback request");
await ClearSignoutMessageIdAsync(context.HttpContext.Request);
var sid = ValidateSid(context.HttpContext.Request);
if (sid == null)
{
return(new StatusCodeResult(HttpStatusCode.BadRequest));
}
// get URLs for iframes
var urls = await GetClientEndSessionUrlsAsync(sid);
// relax CSP to allow those iframe origins
//ConfigureCspResponseHeader(urls);
// clear cookies
ClearSessionCookies(sid);
// get html (with iframes)
return(new EndSessionCallbackResult(urls));
}
public async Task <IEndpointResult> ProcessAsync(IdentityServerContext context)
{
if (context.HttpContext.Request.Method != "GET")
{
_logger.LogWarning("Invalid HTTP method for authorize endpoint.");
return(new StatusCodeResult(HttpStatusCode.MethodNotAllowed));
}
if (context.HttpContext.Request.Path == Constants.ProtocolRoutePaths.Authorize.EnsureLeadingSlash())
{
return(await ProcessAuthorizeAsync(context));
}
if (context.HttpContext.Request.Path == Constants.ProtocolRoutePaths.AuthorizeAfterLogin.EnsureLeadingSlash())
{
return(await ProcessAuthorizeAfterLoginAsync(context));
}
if (context.HttpContext.Request.Path == Constants.ProtocolRoutePaths.AuthorizeAfterConsent.EnsureLeadingSlash())
{
return(await ProcessAuthorizeAfterConsentAsync(context));
}
return(new StatusCodeResult(HttpStatusCode.NotFound));
}
private async Task <IEndpointResult> ProcessTokenRequestAsync(IdentityServerContext context)
{
_logger.LogInformation("Start token request.");
// validate client
var clientResult = await _clientValidator.ValidateAsync(context.HttpContext);
if (clientResult.Client == null)
{
return(new TokenErrorResult(OidcConstants.TokenErrors.InvalidClient));
}
// validate request
var requestResult = await _requestValidator.ValidateRequestAsync(
context.HttpContext.Request.Form.AsNameValueCollection(),
clientResult.Client);
if (requestResult.IsError)
{
return(new TokenErrorResult(requestResult.Error, requestResult.ErrorDescription));
}
// create response
var response = await _responseGenerator.ProcessAsync(requestResult.ValidatedRequest);
// return result
_logger.LogInformation("Token request success.");
return(new TokenResult(response));
}
public void Init()
{
_context = IdentityServerContextHelper.Create();
_validatedAuthorizeRequest = new ValidatedAuthorizeRequest()
{
RedirectUri = "http://client/callback",
State = "123",
ResponseMode = "fragment",
ClientId = "client",
Client = new Client
{
ClientId = "client",
ClientName = "Test Client"
},
Raw = _params,
Subject = _user
};
_stubAuthorizeRequestValidator.Result.IsError = false;
_stubAuthorizeRequestValidator.Result.ValidatedRequest = _validatedAuthorizeRequest;
_subject = new AuthorizeEndpoint(
_fakeEventService,
_fakeLogger,
_context,
_stubAuthorizeRequestValidator,
_stubInteractionGenerator,
_stubResultFactory,
_mockUserConsentResponseMessageStore);
}
public async Task <IEndpointResult> ProcessAsync(IdentityServerContext context)
{
_logger.LogVerbose("Start token request.");
// validate HTTP
if (context.HttpContext.Request.Method != "POST" || !context.HttpContext.Request.HasFormContentType)
{
// todo logging
return(new TokenErrorResult(Constants.TokenErrors.InvalidRequest));
}
// validate client
var clientResult = await _clientValidator.ValidateAsync(context.HttpContext);
if (clientResult.Client == null)
{
return(new TokenErrorResult(Constants.TokenErrors.InvalidClient));
}
// validate request
var requestResult = await _requestValidator.ValidateRequestAsync(
context.HttpContext.Request.Form.AsNameValueCollection(),
clientResult.Client);
if (requestResult.IsError)
{
return(new TokenErrorResult(requestResult.Error, requestResult.ErrorDescription));
}
// create response
var response = await _responseGenerator.ProcessAsync(requestResult.ValidatedRequest);
// return result
return(new TokenResult(response));
}
public static EmployeeManager Create(IdentityFactoryOptions <EmployeeManager> options,
IOwinContext context)
{
IdentityServerContext db = context.Get <IdentityServerContext>();
EmployeeManager manager = new EmployeeManager(new UserStore <Employee>(db));
return(manager);
}
public async Task Invoke(HttpContext context, IdentityServerContext idsrvContext)
{
var request = context.Request;
idsrvContext.SetHost(Environment.GetEnvironmentVariable("EXTERNAL_URL"));
await _next(context);
}
public async Task <IEndpointResult> ProcessAsync(IdentityServerContext context)
{
// validate HTTP
if (context.HttpContext.Request.Method != "POST")
{
return(new StatusCodeResult(405));
}
var scopeResult = await _scopeSecretValidator.ValidateAsync(context.HttpContext);
if (scopeResult.Scope == null)
{
_logger.LogWarning("Scope unauthorized to call introspection endpoint. aborting.");
return(new StatusCodeResult(401));
}
var parameters = context.HttpContext.Request.Form.AsNameValueCollection();
var validationResult = await _requestValidator.ValidateAsync(parameters, scopeResult.Scope);
var response = await _generator.ProcessAsync(validationResult, scopeResult.Scope);
if (validationResult.IsActive)
{
await RaiseSuccessEventAsync(validationResult.Token, "active", scopeResult.Scope.Name);
return(new IntrospectionResult(response));
}
if (validationResult.IsError)
{
if (validationResult.FailureReason == IntrospectionRequestValidationFailureReason.MissingToken)
{
_logger.LogError("Missing token");
await RaiseFailureEventAsync(validationResult.ErrorDescription, validationResult.Token, scopeResult.Scope.Name);
//todo return BadRequest("missing_token");
return(new StatusCodeResult(400));
}
if (validationResult.FailureReason == IntrospectionRequestValidationFailureReason.InvalidToken)
{
await RaiseSuccessEventAsync(validationResult.Token, "inactive", scopeResult.Scope.Name);
return(new IntrospectionResult(response));
}
if (validationResult.FailureReason == IntrospectionRequestValidationFailureReason.InvalidScope)
{
await RaiseFailureEventAsync("Scope not authorized to introspect token", validationResult.Token, scopeResult.Scope.Name);
return(new IntrospectionResult(response));
}
}
throw new InvalidOperationException("Invalid token introspection outcome");
}
// todo
//protected readonly OwinEnvironmentService _owinEnvironmentService;
/// <summary>
/// Initializes a new instance of the <see cref="DefaultTokenService" /> class. This overloaded constructor is deprecated and will be removed in 3.0.0.
/// </summary>
/// <param name="options">The options.</param>
/// <param name="claimsProvider">The claims provider.</param>
/// <param name="tokenHandles">The token handles.</param>
/// <param name="signingService">The signing service.</param>
/// <param name="events">The events service.</param>
public DefaultTokenService(IdentityServerContext context, IClaimsProvider claimsProvider, ITokenHandleStore tokenHandles, ITokenSigningService signingService, IEventService events, ILoggerFactory loggerFactory)
{
_logger = loggerFactory.CreateLogger <DefaultTokenService>();
_context = context;
_claimsProvider = claimsProvider;
_tokenHandles = tokenHandles;
_signingService = signingService;
_events = events;
}
// todo
//protected readonly OwinEnvironmentService _owinEnvironmentService;
/// <summary>
/// Initializes a new instance of the <see cref="DefaultTokenService" /> class. This overloaded constructor is deprecated and will be removed in 3.0.0.
/// </summary>
/// <param name="options">The options.</param>
/// <param name="claimsProvider">The claims provider.</param>
/// <param name="tokenHandles">The token handles.</param>
/// <param name="creationService">The signing service.</param>
/// <param name="events">The events service.</param>
public DefaultTokenService(IdentityServerContext context, IClaimsProvider claimsProvider, ITokenHandleStore tokenHandles, ITokenCreationService creationService, IEventService events, ILogger <DefaultTokenService> logger)
{
_logger = logger;
_context = context;
_claimsProvider = claimsProvider;
_tokenHandles = tokenHandles;
_creationService = creationService;
_events = events;
}
public void SetUp()
{
var guid = Guid.NewGuid().ToString();
var mockMailSender = new Mock <IEMailService>();
mockMailSender.Setup(x => x.SendMail(It.IsAny <EMailMessage>()));
var mockCacheRepository = new Mock <ICacheRepository>();
mockCacheRepository
.Setup(x => x.Read <TokenCache>(It.IsAny <string>()))
.Returns(_tokenCache);
var webHostBuilder = new WebHostBuilder()
.UseContentRoot(Directory.GetCurrentDirectory())
.UseEnvironment("Test")
.UseKestrel()
.UseStartup <Startup>()
.ConfigureTestServices(services =>
{
services.RemoveAll <IdentityServerContext>();
services.AddDbContext <IdentityServerContext>(options => { options.UseInMemoryDatabase(guid); });
services.RemoveAll <IEMailService>();
services.AddSingleton(mockMailSender.Object);
services.RemoveAll <IDistributedCache>();
services.AddDistributedMemoryCache();
})
.ConfigureServices(services =>
{
services.RemoveAll <IdentityServerContext>();
services.AddDbContext <IdentityServerContext>(options => { options.UseInMemoryDatabase(guid); });
services.RemoveAll <IEMailService>();
services.AddSingleton(mockMailSender.Object);
services.RemoveAll <IDistributedCache>();
services.AddDistributedMemoryCache();
});
_server = new TestServer(webHostBuilder);
_context = _server.Services.GetService <IdentityServerContext>();
_context.Database.EnsureDeleted();
_context.Database.EnsureCreated();
_repository = _server.Services.GetService <IAccountRepository>();
_client = _server.CreateClient();
// _client.DefaultRequestHeaders.Accept.Clear();
// _client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
// _client.BaseAddress = new Uri("http://localhost");
}
public DiscoveryEndpoint(IdentityServerOptions options, IdentityServerContext context, IScopeStore scopes, ILogger <DiscoveryEndpoint> logger, IEnumerable <IValidationKeysStore> keys, CustomGrantValidator customGrants, SecretParser parsers)
{
_options = options;
_scopes = scopes;
_logger = logger;
_context = context;
_customGrants = customGrants;
_parsers = parsers;
_keys = keys;
}
public FranceConnectTokenValidator(IdentityServerOptions options, IdentityServerContext context, IClientStore clients, ITokenHandleStore tokenHandles, ICustomTokenValidator customValidator, IEnumerable<IValidationKeysStore> keys, ILogger<TokenValidator> logger)
{
_options = options;
_context = context;
_clients = clients;
_tokenHandles = tokenHandles;
_customValidator = customValidator;
_keys = keys;
_logger = logger;
}
public async Task <IEndpointResult> ProcessAsync(IdentityServerContext context)
{
if (context.HttpContext.Request.Method != "GET" && context.HttpContext.Request.Method != "POST")
{
_logger.LogWarning("Invalid HTTP method for userinfo endpoint.");
return(new StatusCodeResult(405));
}
return(await ProcessUserInfoRequestAsync(context));
}
public DiscoveryEndpoint(IdentityServerOptions options, IdentityServerContext context, IScopeStore scopes, ILogger <DiscoveryEndpoint> logger, ISigningKeyService keyService, CustomGrantValidator customGrants, SecretParser parsers)
{
_options = options;
_scopes = scopes;
_logger = logger;
_keyService = keyService;
_context = context;
_customGrants = customGrants;
_parsers = parsers;
}
public IdentityRepository(IdentityServerContext dbContext,
UserManager <User> userManager,
RoleManager <Role> roleManager,
IMapper mapper)
{
DbContext = dbContext;
UserManager = userManager;
RoleManager = roleManager;
Mapper = mapper;
}
public EndSessionRequestValidatorTests()
{
_user = IdentityServer4.IdentityServerPrincipal.Create("alice", "Alice");
_context = IdentityServerContextHelper.Create();
_subject = new EndSessionRequestValidator(
TestLogger.Create <EndSessionRequestValidator>(),
_context,
_stubTokenValidator,
_stubRedirectUriValidator);
}
public override Task ExecuteAsync(IdentityServerContext context)
{
if (!Url.IsLocalUrl())
{
// this converts the relative redirect path to an absolute one if we're
// redirecting to a different server
ParamValue = context.GetIdentityServerBaseUrl().EnsureTrailingSlash() + ParamValue.RemoveLeadingSlash();
}
return(base.ExecuteAsync(context));
}
public async Task ExecuteAsync(IdentityServerContext context)
{
context.HttpContext.Response.ContentType = "text/html; charset=UTF-8";
if (DisableCache)
{
context.HttpContext.Response.SetNoCache();
}
var html = GetHtml();
await context.HttpContext.Response.WriteAsync(html, Encoding.UTF8);
}
public EndSessionRequestValidator(
ILogger <EndSessionRequestValidator> logger,
IdentityServerContext context,
ITokenValidator tokenValidator,
IRedirectUriValidator uriValidator)
{
_context = context;
_tokenValidator = tokenValidator;
_uriValidator = uriValidator;
_logger = logger;
}
public TokenValidator(IdentityServerContext context, IClientStore clients, ITokenHandleStore tokenHandles, ICustomTokenValidator customValidator, IEnumerable <IValidationKeysStore> keys, ILogger <TokenValidator> logger)
{
_context = context;
_clients = clients;
_tokenHandles = tokenHandles;
_customValidator = customValidator;
_keys = keys;
_logger = logger;
_log = new TokenValidationLog();
}
public LoginController(
LoginService loginService,
SignInInteraction signInInteraction,
ILogger <LoginController> logger,
IdentityServerContext context)
{
_loginService = loginService;
_signInInteraction = signInInteraction;
_logger = logger;
_context = context;
}
public Task <IEndpointResult> ProcessAsync(IdentityServerContext context)
{
if (context.HttpContext.Request.Method != "GET")
{
return(Task.FromResult <IEndpointResult>(new StatusCodeResult(HttpStatusCode.MethodNotAllowed)));
}
_logger.LogInformation("Check session iframe request");
return(Task.FromResult <IEndpointResult>(new CheckSessionResult(_sessionCookie.GetCookieName())));
}
public async Task ExecuteAsync(IdentityServerContext context)
{
var dto = new ErrorDto
{
error = Error,
error_description = ErrorDescription
};
context.HttpContext.Response.StatusCode = 400;
context.HttpContext.Response.SetNoCache();
await context.HttpContext.Response.WriteJsonAsync(dto);
}
public TokenValidator(IdentityServerOptions options, IdentityServerContext context, IClientStore clients, ITokenHandleStore tokenHandles, ICustomTokenValidator customValidator, ISigningKeyService keyService, ILogger <TokenValidator> logger)
{
_options = options;
_context = context;
_clients = clients;
_tokenHandles = tokenHandles;
_customValidator = customValidator;
_keyService = keyService;
_logger = logger;
_log = new TokenValidationLog();
}
public override async Task ExecuteAsync(IdentityServerContext context)
{
context.HttpContext.Response.ContentType = "text/html; charset=UTF-8";
context.HttpContext.Response.SetNoCache();
var html = _html;
html = html.Replace("{uri}", Response.RedirectUri);
html = html.Replace("{body}", BuildFormBody(Response));
await context.HttpContext.Response.WriteAsync(html, Encoding.UTF8);
}
public async Task <IEndpointResult> ProcessAsync(IdentityServerContext context)
{
_logger.LogTrace("Processing introspection request.");
// validate HTTP
if (context.HttpContext.Request.Method != "POST")
{
_logger.LogWarning("Introspection endpoint only supports POST requests");
return(new StatusCodeResult(405));
}
return(await ProcessIntrospectionRequestAsync(context));
}
async Task <IEndpointResult> ProcessAuthorizeAsync(IdentityServerContext context)
{
_logger.LogInformation("Start Authorize Request");
var values = context.HttpContext.Request.Query.AsNameValueCollection();
var user = await _context.GetIdentityServerUserAsync();
var result = await ProcessAuthorizeRequestAsync(values, user, null);
_logger.LogInformation("End Authorize Request. Result type: {0}", result?.GetType().ToString() ?? "-none-");
return(result);
}
public Task ExecuteAsync(IdentityServerContext context)
{
var redirect = context.GetIdentityServerBaseUrl().EnsureTrailingSlash() + Path.RemoveLeadingSlash();
if (Id.IsPresent())
{
redirect = redirect.AddQueryString("id=" + Id);
}
context.HttpContext.Response.Redirect(redirect);
return(Task.FromResult(0));
}
public DefaultUserInteractionService(
IdentityServerContext context,
IAuthorizeRequestValidator validator,
IMessageStore <LogoutMessage> logoutMessageStore,
IMessageStore <ErrorMessage> errorMessageStore,
IMessageStore <ConsentResponse> consentMessageStore)
{
_context = context;
_validator = validator;
_logoutMessageStore = logoutMessageStore;
_errorMessageStore = errorMessageStore;
_consentMessageStore = consentMessageStore;
}
public async Task <IEndpointResult> ProcessAsync(IdentityServerContext context)
{
_logger.LogTrace("Processing token request.");
// validate HTTP
if (context.HttpContext.Request.Method != "POST" || !context.HttpContext.Request.HasFormContentType)
{
_logger.LogWarning("Invalid HTTP request for token endpoint");
return(new TokenErrorResult(OidcConstants.TokenErrors.InvalidRequest));
}
return(await ProcessTokenRequestAsync(context));
}
