Exemple #1
0
        public async Task <ContentResult> Authorize(
            [FromQuery(Name = "state")] string state = null,
            [FromQuery(Name = "code")] string code   = null,
            [FromQuery(Name = "error")] string error = null)
        {
            if (string.IsNullOrEmpty(state))
            {
                // return Test HTML
                return(new ContentResult
                {
                    Content = "<form method=\"post\"><input type=\"submit\" value=\"Authorize\" /></form>",
                    ContentType = "text/html",
                    StatusCode = 200
                });
            }

            string userId = HttpHelper.GetUserId(HttpContext);

            // if Spotify returned an error, throw it
            if (error != null)
            {
                throw new SpotifyApiErrorException(error);
            }

            // Use the code to request a token
            var tokens = await _userAccounts.RequestAccessRefreshToken(code);

            //TODO: check state is valid
            await _userStateService.ValidateState(state, userId);

            // Save the Token
            await _tokenService.SetSpotifyAccessToken(userId, tokens);

            //TODO: Get the Spotify Username

            // Create a User if not exists
            await _userService.CreateUserIfNotExists(userId);

            // Get a Ringo Token
            var ringoToken = await _tokenService.GetRingoAccessToken(userId);

            // return an HTML result that posts a message back to the opening window and then closes itself.
            return(new ContentResult
            {
                ContentType = "text/html",
                StatusCode = (int)HttpStatusCode.OK,
                Content = $"<html><body><script>window.opener.postMessage(\"{ userId },{ ringoToken }\", \"*\");window.close()</script></body></html>"
            });
        }
Exemple #2
0
        public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
        {
            // Only run if Controller / Action is decorated with [AuthSpotifyBearer]
            var attribute = context.ActionDescriptor.FilterDescriptors
                            .Select(x => x.Filter).OfType <AuthSpotifyBearerAttribute>().FirstOrDefault();

            if (attribute == null)
            {
                await next();

                return;
            }

            // if no auth header => Forbidden
            string bearer = HttpHelper.GetBearerToken(context.HttpContext);

            if (bearer == null)
            {
                context.Result = new StatusCodeResult(403);
                return;
            }

            // if user exists and user has been authorized and token has not expired and token matches bearer => Continue
            string userId     = HttpHelper.GetUserId(context.HttpContext);
            var    ringoToken = await _tokens.GetRingoAccessToken(userId);

            if (
                ringoToken == null ||
                ringoToken.AccessTokenExpired ||
                ringoToken.AccessToken != bearer)
            {
                context.Result = new StatusCodeResult(403);
                return;
            }

            await next();
        }