public void Json_is_valid_post_body_type()
{
var result = ContentNegotiation.DetectBodyType(ApplicationJson);
result.Success.Should().BeTrue();
result.ContentType.ToString().Should().Be(ApplicationJson);
}
public void Form_urlencoded_is_valid_post_body_type()
{
var result = ContentNegotiation.DetectBodyType(FormUrlEncoded);
result.Success.Should().BeTrue();
result.ContentType.ToString().Should().Be(FormUrlEncoded);
}
protected virtual Task <bool> PostAsync(IOwinEnvironment context, IClient client, ContentNegotiationResult contentNegotiationResult, CancellationToken cancellationToken)
{
var rawBodyContentType = context.Request.Headers.GetString("Content-Type");
var bodyContentTypeDetectionResult = ContentNegotiation.DetectBodyType(rawBodyContentType);
if (!bodyContentTypeDetectionResult.Success)
{
throw new Exception($"The Content-Type '{rawBodyContentType}' is invalid.");
}
if (contentNegotiationResult.ContentType == ContentType.Json)
{
return(PostJsonAsync(context, client, bodyContentTypeDetectionResult.ContentType, cancellationToken));
}
if (contentNegotiationResult.ContentType == ContentType.Html)
{
return(PostHtmlAsync(context, client, bodyContentTypeDetectionResult.ContentType, cancellationToken));
}
// Do nothing and pass on to next middleware.
return(Task.FromResult(false));
}
protected override async Task <bool> PostAsync(IOwinEnvironment context, IClient client, ContentNegotiationResult contentNegotiationResult, CancellationToken cancellationToken)
{
Caching.AddDoNotCacheHeaders(context);
var rawBodyContentType = context.Request.Headers.GetString("Content-Type");
var bodyContentTypeDetectionResult = ContentNegotiation.DetectBodyType(rawBodyContentType);
var isValidContentType = bodyContentTypeDetectionResult.Success && bodyContentTypeDetectionResult.ContentType == ContentType.FormUrlEncoded;
if (!isValidContentType)
{
await Error.Create <OauthInvalidRequest>(context, cancellationToken);
return(true);
}
var requestBody = await context.Request.GetBodyAsStringAsync(cancellationToken);
var formData = FormContentParser.Parse(requestBody, _logger);
var grantType = formData.GetString("grant_type");
if (string.IsNullOrEmpty(grantType))
{
await Error.Create <OauthInvalidRequest>(context, cancellationToken);
return(true);
}
try
{
if (grantType.Equals("client_credentials", StringComparison.OrdinalIgnoreCase) &&
_configuration.Web.Oauth2.Client_Credentials.Enabled)
{
await ExecuteClientCredentialsFlow(context, client, cancellationToken);
return(true);
}
if (grantType.Equals("password", StringComparison.OrdinalIgnoreCase) &&
_configuration.Web.Oauth2.Password.Enabled)
{
var username = WebUtility.UrlDecode(formData.GetString("username"));
var password = WebUtility.UrlDecode(formData.GetString("password"));
await ExecutePasswordFlow(context, client, username, password, cancellationToken);
return(true);
}
if (grantType.Equals("refresh_token", StringComparison.OrdinalIgnoreCase) &&
_configuration.Web.Oauth2.Password.Enabled)
{
var refreshToken = WebUtility.UrlDecode(formData.GetString("refresh_token"));
await ExecuteRefreshFlow(context, client, refreshToken, cancellationToken);
return(true);
}
}
catch (ResourceException rex)
{
// Special handling of API errors for the OAuth route
return(await Error.Create(context, new OauthError(rex.Message, rex.GetProperty("error")), cancellationToken));
}
return(await Error.Create <OauthUnsupportedGrant>(context, cancellationToken));
}
public void TextHtml_is_valid_post_body_type()
{
var result = ContentNegotiation.DetectBodyType(TextHtml);
result.Success.Should().BeFalse();
}
public void TextPlain_is_valid_post_body_type()
{
var result = ContentNegotiation.DetectBodyType("text/plain");
result.Success.Should().BeFalse();
}
