private async Task <IEndpointResult> ProcessSignoutCallbackAsync(IdentityServerContext context) { if (context.HttpContext.Request.Method != "GET") { _logger.LogWarning("Invalid HTTP method for end session endpoint."); return(new StatusCodeResult(HttpStatusCode.MethodNotAllowed)); } _logger.LogInformation("Processing singout callback request"); await ClearSignoutMessageIdAsync(context.HttpContext.Request); var sid = ValidateSid(context.HttpContext.Request); if (sid == null) { return(new StatusCodeResult(HttpStatusCode.BadRequest)); } // get URLs for iframes var urls = await GetClientEndSessionUrlsAsync(sid); // relax CSP to allow those iframe origins //ConfigureCspResponseHeader(urls); // clear cookies ClearSessionCookies(sid); // get html (with iframes) return(new EndSessionCallbackResult(urls)); }
public async Task <IEndpointResult> ProcessAsync(IdentityServerContext context) { if (context.HttpContext.Request.Method != "GET") { _logger.LogWarning("Invalid HTTP method for authorize endpoint."); return(new StatusCodeResult(HttpStatusCode.MethodNotAllowed)); } if (context.HttpContext.Request.Path == Constants.ProtocolRoutePaths.Authorize.EnsureLeadingSlash()) { return(await ProcessAuthorizeAsync(context)); } if (context.HttpContext.Request.Path == Constants.ProtocolRoutePaths.AuthorizeAfterLogin.EnsureLeadingSlash()) { return(await ProcessAuthorizeAfterLoginAsync(context)); } if (context.HttpContext.Request.Path == Constants.ProtocolRoutePaths.AuthorizeAfterConsent.EnsureLeadingSlash()) { return(await ProcessAuthorizeAfterConsentAsync(context)); } return(new StatusCodeResult(HttpStatusCode.NotFound)); }
private async Task <IEndpointResult> ProcessTokenRequestAsync(IdentityServerContext context) { _logger.LogInformation("Start token request."); // validate client var clientResult = await _clientValidator.ValidateAsync(context.HttpContext); if (clientResult.Client == null) { return(new TokenErrorResult(OidcConstants.TokenErrors.InvalidClient)); } // validate request var requestResult = await _requestValidator.ValidateRequestAsync( context.HttpContext.Request.Form.AsNameValueCollection(), clientResult.Client); if (requestResult.IsError) { return(new TokenErrorResult(requestResult.Error, requestResult.ErrorDescription)); } // create response var response = await _responseGenerator.ProcessAsync(requestResult.ValidatedRequest); // return result _logger.LogInformation("Token request success."); return(new TokenResult(response)); }
public void Init() { _context = IdentityServerContextHelper.Create(); _validatedAuthorizeRequest = new ValidatedAuthorizeRequest() { RedirectUri = "http://client/callback", State = "123", ResponseMode = "fragment", ClientId = "client", Client = new Client { ClientId = "client", ClientName = "Test Client" }, Raw = _params, Subject = _user }; _stubAuthorizeRequestValidator.Result.IsError = false; _stubAuthorizeRequestValidator.Result.ValidatedRequest = _validatedAuthorizeRequest; _subject = new AuthorizeEndpoint( _fakeEventService, _fakeLogger, _context, _stubAuthorizeRequestValidator, _stubInteractionGenerator, _stubResultFactory, _mockUserConsentResponseMessageStore); }
public async Task <IEndpointResult> ProcessAsync(IdentityServerContext context) { _logger.LogVerbose("Start token request."); // validate HTTP if (context.HttpContext.Request.Method != "POST" || !context.HttpContext.Request.HasFormContentType) { // todo logging return(new TokenErrorResult(Constants.TokenErrors.InvalidRequest)); } // validate client var clientResult = await _clientValidator.ValidateAsync(context.HttpContext); if (clientResult.Client == null) { return(new TokenErrorResult(Constants.TokenErrors.InvalidClient)); } // validate request var requestResult = await _requestValidator.ValidateRequestAsync( context.HttpContext.Request.Form.AsNameValueCollection(), clientResult.Client); if (requestResult.IsError) { return(new TokenErrorResult(requestResult.Error, requestResult.ErrorDescription)); } // create response var response = await _responseGenerator.ProcessAsync(requestResult.ValidatedRequest); // return result return(new TokenResult(response)); }
public static EmployeeManager Create(IdentityFactoryOptions <EmployeeManager> options, IOwinContext context) { IdentityServerContext db = context.Get <IdentityServerContext>(); EmployeeManager manager = new EmployeeManager(new UserStore <Employee>(db)); return(manager); }
public async Task Invoke(HttpContext context, IdentityServerContext idsrvContext) { var request = context.Request; idsrvContext.SetHost(Environment.GetEnvironmentVariable("EXTERNAL_URL")); await _next(context); }
public async Task <IEndpointResult> ProcessAsync(IdentityServerContext context) { // validate HTTP if (context.HttpContext.Request.Method != "POST") { return(new StatusCodeResult(405)); } var scopeResult = await _scopeSecretValidator.ValidateAsync(context.HttpContext); if (scopeResult.Scope == null) { _logger.LogWarning("Scope unauthorized to call introspection endpoint. aborting."); return(new StatusCodeResult(401)); } var parameters = context.HttpContext.Request.Form.AsNameValueCollection(); var validationResult = await _requestValidator.ValidateAsync(parameters, scopeResult.Scope); var response = await _generator.ProcessAsync(validationResult, scopeResult.Scope); if (validationResult.IsActive) { await RaiseSuccessEventAsync(validationResult.Token, "active", scopeResult.Scope.Name); return(new IntrospectionResult(response)); } if (validationResult.IsError) { if (validationResult.FailureReason == IntrospectionRequestValidationFailureReason.MissingToken) { _logger.LogError("Missing token"); await RaiseFailureEventAsync(validationResult.ErrorDescription, validationResult.Token, scopeResult.Scope.Name); //todo return BadRequest("missing_token"); return(new StatusCodeResult(400)); } if (validationResult.FailureReason == IntrospectionRequestValidationFailureReason.InvalidToken) { await RaiseSuccessEventAsync(validationResult.Token, "inactive", scopeResult.Scope.Name); return(new IntrospectionResult(response)); } if (validationResult.FailureReason == IntrospectionRequestValidationFailureReason.InvalidScope) { await RaiseFailureEventAsync("Scope not authorized to introspect token", validationResult.Token, scopeResult.Scope.Name); return(new IntrospectionResult(response)); } } throw new InvalidOperationException("Invalid token introspection outcome"); }
// todo //protected readonly OwinEnvironmentService _owinEnvironmentService; /// <summary> /// Initializes a new instance of the <see cref="DefaultTokenService" /> class. This overloaded constructor is deprecated and will be removed in 3.0.0. /// </summary> /// <param name="options">The options.</param> /// <param name="claimsProvider">The claims provider.</param> /// <param name="tokenHandles">The token handles.</param> /// <param name="signingService">The signing service.</param> /// <param name="events">The events service.</param> public DefaultTokenService(IdentityServerContext context, IClaimsProvider claimsProvider, ITokenHandleStore tokenHandles, ITokenSigningService signingService, IEventService events, ILoggerFactory loggerFactory) { _logger = loggerFactory.CreateLogger <DefaultTokenService>(); _context = context; _claimsProvider = claimsProvider; _tokenHandles = tokenHandles; _signingService = signingService; _events = events; }
// todo //protected readonly OwinEnvironmentService _owinEnvironmentService; /// <summary> /// Initializes a new instance of the <see cref="DefaultTokenService" /> class. This overloaded constructor is deprecated and will be removed in 3.0.0. /// </summary> /// <param name="options">The options.</param> /// <param name="claimsProvider">The claims provider.</param> /// <param name="tokenHandles">The token handles.</param> /// <param name="creationService">The signing service.</param> /// <param name="events">The events service.</param> public DefaultTokenService(IdentityServerContext context, IClaimsProvider claimsProvider, ITokenHandleStore tokenHandles, ITokenCreationService creationService, IEventService events, ILogger <DefaultTokenService> logger) { _logger = logger; _context = context; _claimsProvider = claimsProvider; _tokenHandles = tokenHandles; _creationService = creationService; _events = events; }
public void SetUp() { var guid = Guid.NewGuid().ToString(); var mockMailSender = new Mock <IEMailService>(); mockMailSender.Setup(x => x.SendMail(It.IsAny <EMailMessage>())); var mockCacheRepository = new Mock <ICacheRepository>(); mockCacheRepository .Setup(x => x.Read <TokenCache>(It.IsAny <string>())) .Returns(_tokenCache); var webHostBuilder = new WebHostBuilder() .UseContentRoot(Directory.GetCurrentDirectory()) .UseEnvironment("Test") .UseKestrel() .UseStartup <Startup>() .ConfigureTestServices(services => { services.RemoveAll <IdentityServerContext>(); services.AddDbContext <IdentityServerContext>(options => { options.UseInMemoryDatabase(guid); }); services.RemoveAll <IEMailService>(); services.AddSingleton(mockMailSender.Object); services.RemoveAll <IDistributedCache>(); services.AddDistributedMemoryCache(); }) .ConfigureServices(services => { services.RemoveAll <IdentityServerContext>(); services.AddDbContext <IdentityServerContext>(options => { options.UseInMemoryDatabase(guid); }); services.RemoveAll <IEMailService>(); services.AddSingleton(mockMailSender.Object); services.RemoveAll <IDistributedCache>(); services.AddDistributedMemoryCache(); }); _server = new TestServer(webHostBuilder); _context = _server.Services.GetService <IdentityServerContext>(); _context.Database.EnsureDeleted(); _context.Database.EnsureCreated(); _repository = _server.Services.GetService <IAccountRepository>(); _client = _server.CreateClient(); // _client.DefaultRequestHeaders.Accept.Clear(); // _client.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); // _client.BaseAddress = new Uri("http://localhost"); }
public DiscoveryEndpoint(IdentityServerOptions options, IdentityServerContext context, IScopeStore scopes, ILogger <DiscoveryEndpoint> logger, IEnumerable <IValidationKeysStore> keys, CustomGrantValidator customGrants, SecretParser parsers) { _options = options; _scopes = scopes; _logger = logger; _context = context; _customGrants = customGrants; _parsers = parsers; _keys = keys; }
public FranceConnectTokenValidator(IdentityServerOptions options, IdentityServerContext context, IClientStore clients, ITokenHandleStore tokenHandles, ICustomTokenValidator customValidator, IEnumerable<IValidationKeysStore> keys, ILogger<TokenValidator> logger) { _options = options; _context = context; _clients = clients; _tokenHandles = tokenHandles; _customValidator = customValidator; _keys = keys; _logger = logger; }
public async Task <IEndpointResult> ProcessAsync(IdentityServerContext context) { if (context.HttpContext.Request.Method != "GET" && context.HttpContext.Request.Method != "POST") { _logger.LogWarning("Invalid HTTP method for userinfo endpoint."); return(new StatusCodeResult(405)); } return(await ProcessUserInfoRequestAsync(context)); }
public DiscoveryEndpoint(IdentityServerOptions options, IdentityServerContext context, IScopeStore scopes, ILogger <DiscoveryEndpoint> logger, ISigningKeyService keyService, CustomGrantValidator customGrants, SecretParser parsers) { _options = options; _scopes = scopes; _logger = logger; _keyService = keyService; _context = context; _customGrants = customGrants; _parsers = parsers; }
public IdentityRepository(IdentityServerContext dbContext, UserManager <User> userManager, RoleManager <Role> roleManager, IMapper mapper) { DbContext = dbContext; UserManager = userManager; RoleManager = roleManager; Mapper = mapper; }
public EndSessionRequestValidatorTests() { _user = IdentityServer4.IdentityServerPrincipal.Create("alice", "Alice"); _context = IdentityServerContextHelper.Create(); _subject = new EndSessionRequestValidator( TestLogger.Create <EndSessionRequestValidator>(), _context, _stubTokenValidator, _stubRedirectUriValidator); }
public override Task ExecuteAsync(IdentityServerContext context) { if (!Url.IsLocalUrl()) { // this converts the relative redirect path to an absolute one if we're // redirecting to a different server ParamValue = context.GetIdentityServerBaseUrl().EnsureTrailingSlash() + ParamValue.RemoveLeadingSlash(); } return(base.ExecuteAsync(context)); }
public async Task ExecuteAsync(IdentityServerContext context) { context.HttpContext.Response.ContentType = "text/html; charset=UTF-8"; if (DisableCache) { context.HttpContext.Response.SetNoCache(); } var html = GetHtml(); await context.HttpContext.Response.WriteAsync(html, Encoding.UTF8); }
public EndSessionRequestValidator( ILogger <EndSessionRequestValidator> logger, IdentityServerContext context, ITokenValidator tokenValidator, IRedirectUriValidator uriValidator) { _context = context; _tokenValidator = tokenValidator; _uriValidator = uriValidator; _logger = logger; }
public TokenValidator(IdentityServerContext context, IClientStore clients, ITokenHandleStore tokenHandles, ICustomTokenValidator customValidator, IEnumerable <IValidationKeysStore> keys, ILogger <TokenValidator> logger) { _context = context; _clients = clients; _tokenHandles = tokenHandles; _customValidator = customValidator; _keys = keys; _logger = logger; _log = new TokenValidationLog(); }
public LoginController( LoginService loginService, SignInInteraction signInInteraction, ILogger <LoginController> logger, IdentityServerContext context) { _loginService = loginService; _signInInteraction = signInInteraction; _logger = logger; _context = context; }
public Task <IEndpointResult> ProcessAsync(IdentityServerContext context) { if (context.HttpContext.Request.Method != "GET") { return(Task.FromResult <IEndpointResult>(new StatusCodeResult(HttpStatusCode.MethodNotAllowed))); } _logger.LogInformation("Check session iframe request"); return(Task.FromResult <IEndpointResult>(new CheckSessionResult(_sessionCookie.GetCookieName()))); }
public async Task ExecuteAsync(IdentityServerContext context) { var dto = new ErrorDto { error = Error, error_description = ErrorDescription }; context.HttpContext.Response.StatusCode = 400; context.HttpContext.Response.SetNoCache(); await context.HttpContext.Response.WriteJsonAsync(dto); }
public TokenValidator(IdentityServerOptions options, IdentityServerContext context, IClientStore clients, ITokenHandleStore tokenHandles, ICustomTokenValidator customValidator, ISigningKeyService keyService, ILogger <TokenValidator> logger) { _options = options; _context = context; _clients = clients; _tokenHandles = tokenHandles; _customValidator = customValidator; _keyService = keyService; _logger = logger; _log = new TokenValidationLog(); }
public override async Task ExecuteAsync(IdentityServerContext context) { context.HttpContext.Response.ContentType = "text/html; charset=UTF-8"; context.HttpContext.Response.SetNoCache(); var html = _html; html = html.Replace("{uri}", Response.RedirectUri); html = html.Replace("{body}", BuildFormBody(Response)); await context.HttpContext.Response.WriteAsync(html, Encoding.UTF8); }
public async Task <IEndpointResult> ProcessAsync(IdentityServerContext context) { _logger.LogTrace("Processing introspection request."); // validate HTTP if (context.HttpContext.Request.Method != "POST") { _logger.LogWarning("Introspection endpoint only supports POST requests"); return(new StatusCodeResult(405)); } return(await ProcessIntrospectionRequestAsync(context)); }
async Task <IEndpointResult> ProcessAuthorizeAsync(IdentityServerContext context) { _logger.LogInformation("Start Authorize Request"); var values = context.HttpContext.Request.Query.AsNameValueCollection(); var user = await _context.GetIdentityServerUserAsync(); var result = await ProcessAuthorizeRequestAsync(values, user, null); _logger.LogInformation("End Authorize Request. Result type: {0}", result?.GetType().ToString() ?? "-none-"); return(result); }
public Task ExecuteAsync(IdentityServerContext context) { var redirect = context.GetIdentityServerBaseUrl().EnsureTrailingSlash() + Path.RemoveLeadingSlash(); if (Id.IsPresent()) { redirect = redirect.AddQueryString("id=" + Id); } context.HttpContext.Response.Redirect(redirect); return(Task.FromResult(0)); }
public DefaultUserInteractionService( IdentityServerContext context, IAuthorizeRequestValidator validator, IMessageStore <LogoutMessage> logoutMessageStore, IMessageStore <ErrorMessage> errorMessageStore, IMessageStore <ConsentResponse> consentMessageStore) { _context = context; _validator = validator; _logoutMessageStore = logoutMessageStore; _errorMessageStore = errorMessageStore; _consentMessageStore = consentMessageStore; }
public async Task <IEndpointResult> ProcessAsync(IdentityServerContext context) { _logger.LogTrace("Processing token request."); // validate HTTP if (context.HttpContext.Request.Method != "POST" || !context.HttpContext.Request.HasFormContentType) { _logger.LogWarning("Invalid HTTP request for token endpoint"); return(new TokenErrorResult(OidcConstants.TokenErrors.InvalidRequest)); } return(await ProcessTokenRequestAsync(context)); }