public void Birthdates()
{
var response = new ClaimsResponse();
// Verify that they both start out as null
Assert.IsNull(response.BirthDateRaw);
Assert.IsFalse(response.BirthDate.HasValue);
// Verify that null can be set.
response.BirthDate = null;
response.BirthDateRaw = null;
Assert.IsNull(response.BirthDateRaw);
Assert.IsFalse(response.BirthDate.HasValue);
// Verify that the strong-typed BirthDate property can be set and that it affects the raw property.
response.BirthDate = DateTime.Parse("April 4, 1984");
Assert.AreEqual(4, response.BirthDate.Value.Month);
Assert.AreEqual("1984-04-04", response.BirthDateRaw);
// Verify that the raw property can be set with a complete birthdate and that it affects the strong-typed property.
response.BirthDateRaw = "1998-05-08";
Assert.AreEqual("1998-05-08", response.BirthDateRaw);
Assert.AreEqual(DateTime.Parse("May 8, 1998", CultureInfo.InvariantCulture), response.BirthDate);
// Verify that an partial raw birthdate works, and sets the strong-typed property to null since it cannot be represented.
response.BirthDateRaw = "2000-00-00";
Assert.AreEqual("2000-00-00", response.BirthDateRaw);
Assert.IsFalse(response.BirthDate.HasValue);
}
public void DualIdentifierNoMatchInAssertionVerificationByDefault() {
PositiveAssertionResponse assertion = this.GetPositiveAssertion(true);
ClaimsResponse extension = new ClaimsResponse();
assertion.Extensions.Add(extension);
var rp = CreateRelyingParty();
new PositiveAuthenticationResponse(assertion, rp); // this will throw if it fails to find a match
}
/// <summary>
/// Initializes a new instance of the <see cref="ClaimsResponseShim"/> class.
/// </summary>
/// <param name="response">The Simple Registration response to wrap.</param>
internal ClaimsResponseShim(ClaimsResponse response)
{
Contract.Requires(response != null);
ErrorUtilities.VerifyArgumentNotNull(response, "response");
this.response = response;
}
private void ProccessData(ClaimsResponse claim, string identifier)
{
Email = claim.Email;
FullName = claim.FullName;
Nickname = claim.Nickname ?? claim.Email;
ClaimedIdentifier = identifier;
}
public async Task DualIdentifierNoMatchInAssertionVerificationByDefault() {
PositiveAssertionResponse assertion = this.GetPositiveAssertion(true);
ClaimsResponse extension = new ClaimsResponse();
assertion.Extensions.Add(extension);
var rp = CreateRelyingParty();
await PositiveAuthenticationResponse.CreateAsync(assertion, rp, CancellationToken.None); // this will throw if it fails to find a match
}
public static void Clear()
{
ProfileFields = null;
FetchResponse = null;
FriendlyLoginName = null;
PapePolicies = null;
GoogleAccessToken = null;
}
private void addClaimInfo(ClaimsResponse claim, string identifier)
{
Email = claim.Email;
FullName = claim.FullName;
Nickname = claim.Nickname ?? claim.Email;
IsSignedByProvider = claim.IsSignedByProvider;
ClaimedIdentifier = identifier;
}
public void DualIdentifierMatchesInAssertionVerification() {
PositiveAssertionResponse assertion = this.GetPositiveAssertion(true);
ClaimsResponse extension = new ClaimsResponse();
assertion.Extensions.Add(extension);
var rp = CreateRelyingParty();
rp.SecuritySettings.AllowDualPurposeIdentifiers = true;
new PositiveAuthenticationResponse(assertion, rp); // this will throw if it fails to find a match
}
public void UnifyExtensionsAsSregWithSreg() {
var sregInjected = new ClaimsResponse {
Nickname = "andy",
};
var axInjected = new FetchResponse();
axInjected.Attributes.Add(WellKnownAttributes.Name.Alias, "nate");
this.extensions.Add(sregInjected);
this.extensions.Add(axInjected);
var sreg = ExtensionsInteropHelper.UnifyExtensionsAsSreg(this.response, true);
Assert.AreSame(sregInjected, sreg);
Assert.AreEqual("andy", sreg.Nickname);
}
public void NoRequestedExtensions()
{
var sreg = ExtensionsInteropHelper.UnifyExtensionsAsSreg(this.request);
Assert.IsNull(sreg);
// Make sure we're still able to send an sreg response.
var sregResponse = new ClaimsResponse();
this.request.AddResponseExtension(sregResponse);
ExtensionsInteropHelper.ConvertSregToMatchRequest(this.request);
var extensions = this.GetResponseExtensions();
Assert.AreSame(sregResponse, extensions.Single());
}
public void NoRequestedExtensions() {
var sreg = ExtensionsInteropHelper.UnifyExtensionsAsSreg(this.request);
Assert.IsNull(sreg);
// Make sure we're still able to send an sreg response.
// (not really a valid scenario, since OPs don't have public access
// to directly create a response without a request.
var sregResponse = new ClaimsResponse();
this.request.AddResponseExtension(sregResponse);
ExtensionsInteropHelper.ConvertSregToMatchRequest(this.request);
var extensions = this.GetResponseExtensions();
Assert.AreSame(sregResponse, extensions.Single());
}
public void CtorAndProperties() {
var responseMessage = new IndirectSignedResponse(Protocol.V20.Version, this.returnTo);
var ext = new ClaimsResponse();
responseMessage.Extensions.Add(ext);
var response = new PositiveAnonymousResponse(responseMessage);
Assert.AreEqual(AuthenticationStatus.ExtensionsOnly, response.Status);
Assert.AreSame(responseMessage, response.Response);
Assert.IsNull(response.ClaimedIdentifier);
Assert.IsNull(response.FriendlyIdentifierForDisplay);
Assert.IsNull(response.Exception);
Assert.IsNull(response.Provider);
Assert.AreSame(ext, response.GetUntrustedExtension<ClaimsResponse>());
}
public void Valid() {
PositiveAssertionResponse assertion = this.GetPositiveAssertion();
ClaimsResponse extension = new ClaimsResponse();
assertion.Extensions.Add(extension);
var rp = CreateRelyingParty();
var authResponse = new PositiveAuthenticationResponse(assertion, rp);
Assert.AreEqual(AuthenticationStatus.Authenticated, authResponse.Status);
Assert.IsNull(authResponse.Exception);
Assert.AreEqual((string)assertion.ClaimedIdentifier, (string)authResponse.ClaimedIdentifier);
Assert.AreEqual(authResponse.Endpoint.FriendlyIdentifierForDisplay, authResponse.FriendlyIdentifierForDisplay);
Assert.AreSame(extension, authResponse.GetUntrustedExtension(typeof(ClaimsResponse)));
Assert.AreSame(extension, authResponse.GetUntrustedExtension<ClaimsResponse>());
Assert.IsNull(authResponse.GetCallbackArgument("a"));
Assert.AreEqual(0, authResponse.GetCallbackArguments().Count);
}
private void LogUser(string openId, ClaimsResponse profileFields)
{
//recupero l'utente da db, oppure lo creo al volo se non esiste
MTBUser user = DBHelper.LoadUser(openId);
//non esiste? allora lo creo e lo metto nella sessione come NewUser, quindi
//rimando alla pagina User che, solo dopo aver inserito i dati obblicatori, lo metterà
//finalmente in sessione come User
if (user == null)
{
user = new MTBUser();
user.OpenId = openId;
user.Surname = "";
if (profileFields != null)
{
user.Name = profileFields.FullName;
user.EMail = profileFields.Email;
user.Nickname = profileFields.Nickname;
if (profileFields.Gender != null)
{
switch (profileFields.Gender.Value)
{
case Gender.Male:
user.Gender = MTBUser.GenderType.Male;
break;
case Gender.Female:
user.Gender = MTBUser.GenderType.Female;
break;
default:
break;
}
}
if (profileFields.BirthDate != null)
user.BirthDate = profileFields.BirthDate.Value;
}
LoginState.NewUser = user;
Response.Redirect("User.aspx");
}
else
{
LoginState.User = user;
FormsAuthentication.RedirectFromLoginPage("", false);
}
}
private static AuthenticationToken ProcessUserLogin(string claimedIdentifier, string friendlyIdentifier, ClaimsResponse claims, Token samlToken, bool trustedEmail) {
// Create an account for this user if we don't already have one.
AuthenticationToken openidToken = Database.DataContext.AuthenticationTokens.FirstOrDefault(token => token.ClaimedIdentifier == claimedIdentifier);
if (openidToken == null) {
// this is a user we haven't seen before.
User user = new User();
openidToken = new AuthenticationToken {
ClaimedIdentifier = claimedIdentifier,
FriendlyIdentifier = friendlyIdentifier,
};
user.AuthenticationTokens.Add(openidToken);
// Gather information about the user if it's available.
if (claims != null) {
if (!string.IsNullOrEmpty(claims.Email)) {
user.EmailAddress = claims.Email;
user.EmailAddressVerified = trustedEmail;
}
if (!string.IsNullOrEmpty(claims.FullName)) {
if (claims.FullName.IndexOf(' ') > 0) {
user.FirstName = claims.FullName.Substring(0, claims.FullName.IndexOf(' ')).Trim();
user.LastName = claims.FullName.Substring(claims.FullName.IndexOf(' ')).Trim();
} else {
user.FirstName = claims.FullName;
}
}
} else if (samlToken != null) {
string email, givenName, surname;
if (samlToken.Claims.TryGetValue(ClaimTypes.Email, out email)) {
user.EmailAddress = email;
user.EmailAddressVerified = trustedEmail;
}
if (samlToken.Claims.TryGetValue(ClaimTypes.GivenName, out givenName)) {
user.FirstName = givenName;
}
if (samlToken.Claims.TryGetValue(ClaimTypes.Surname, out surname)) {
user.LastName = surname;
}
}
Database.DataContext.AddToUsers(user);
} else {
openidToken.UsageCount++;
openidToken.LastUsedUtc = DateTime.UtcNow;
}
return openidToken;
}
/// <summary>
/// Tests equality of two <see cref="ClaimsResponse"/> objects.
/// </summary>
/// <param name="obj">The <see cref="T:System.Object"/> to compare with the current <see cref="T:System.Object"/>.</param>
/// <returns>
/// true if the specified <see cref="T:System.Object"/> is equal to the current <see cref="T:System.Object"/>; otherwise, false.
/// </returns>
/// <exception cref="T:System.NullReferenceException">
/// The <paramref name="obj"/> parameter is null.
/// </exception>
public override bool Equals(object obj)
{
ClaimsResponse other = obj as ClaimsResponse;
if (other == null)
{
return(false);
}
return
(this.BirthDateRaw.EqualsNullSafe(other.BirthDateRaw) &&
this.Country.EqualsNullSafe(other.Country) &&
this.Language.EqualsNullSafe(other.Language) &&
this.Email.EqualsNullSafe(other.Email) &&
this.FullName.EqualsNullSafe(other.FullName) &&
this.Gender.Equals(other.Gender) &&
this.Nickname.EqualsNullSafe(other.Nickname) &&
this.PostalCode.EqualsNullSafe(other.PostalCode) &&
this.TimeZone.EqualsNullSafe(other.TimeZone));
}
internal static LoginProfile ProfileFromOpenId(ClaimsResponse spprofile, FetchResponse fetchprofile, string claimedId, string realmUrlString)
{
var profile = new LoginProfile
{
Link = claimedId,
Id = claimedId,
Provider = ProviderConstants.OpenId,
};
if (spprofile != null)
{
//Fill
profile.BirthDay = spprofile.BirthDateRaw;
profile.DisplayName = spprofile.FullName;
profile.EMail = spprofile.Email;
profile.Name = spprofile.Nickname;
profile.Gender = spprofile.Gender.HasValue ? spprofile.Gender.Value.ToString() : "";
profile.TimeZone = spprofile.TimeZone;
profile.Locale = spprofile.Language;
}
if (fetchprofile != null)
{
profile.Name = fetchprofile.GetAttributeValue(WellKnownAttributes.Name.Alias);
profile.LastName = fetchprofile.GetAttributeValue(WellKnownAttributes.Name.Last);
profile.FirstName = fetchprofile.GetAttributeValue(WellKnownAttributes.Name.First);
profile.DisplayName = fetchprofile.GetAttributeValue(WellKnownAttributes.Name.FullName);
profile.MiddleName = fetchprofile.GetAttributeValue(WellKnownAttributes.Name.Middle);
profile.Salutation = fetchprofile.GetAttributeValue(WellKnownAttributes.Name.Prefix);
profile.Avatar = fetchprofile.GetAttributeValue(WellKnownAttributes.Media.Images.Default);
profile.EMail = fetchprofile.GetAttributeValue(WellKnownAttributes.Contact.Email);
profile.Gender = fetchprofile.GetAttributeValue(WellKnownAttributes.Person.Gender);
profile.BirthDay = fetchprofile.GetAttributeValue(WellKnownAttributes.BirthDate.WholeBirthDate);
}
profile.RealmUrl = realmUrlString;
return profile;
}
private bool IsValidForUserCreation(OpenIdEventArgs e, ClaimsResponse claim)
{
bool result = true;
if (claim == null) { return false; }
if (String.IsNullOrEmpty(claim.Email)) { return false; }
if (String.IsNullOrEmpty(claim.FullName)) { return false; }
if (!Email.IsValidEmailAddressSyntax(claim.Email)) { return false; }
mojoProfileConfiguration profileConfig = mojoProfileConfiguration.GetConfig();
if (profileConfig.HasRequiredCustomProperties()) { result = false; }
return result;
}
private void DisplayResults(OpenIdEventArgs e, ClaimsResponse claim)
{
litResult.Text = "uri: " + e.ClaimedIdentifier.ToString() + "<br />"
+ "Full Name: " + claim.FullName + "<br />"
+ "Nickname: " + claim.Nickname + "<br />"
+ "Birthdate: " + claim.BirthDate.ToString() + "<br />"
+ "Country: " + claim.Country + "<br />"
+ "Culture: " + claim.Culture.ToString() + "<br />"
+ "Gender: " + claim.Gender + "<br />"
+ "Language: " + claim.Language + "<br />"
+ "MailAddress: " + claim.MailAddress + "<br />"
+ "Postal Code: " + claim.PostalCode + " <br />"
+ "Email: " + claim.Email + "<br />"
+ "TimeZone: " + claim.TimeZone + "<br />";
}
public static ClaimsResponse UnifyExtensionsAsSreg(this RelyingParty.IAuthenticationResponse response, bool allowUnsigned) {
Contract.Requires<ArgumentNullException>(response != null);
var resp = (RelyingParty.IAuthenticationResponse)response;
var sreg = allowUnsigned ? resp.GetUntrustedExtension<ClaimsResponse>() : resp.GetExtension<ClaimsResponse>();
if (sreg != null) {
return sreg;
}
AXAttributeFormats formats = AXAttributeFormats.All;
sreg = new ClaimsResponse();
var fetchResponse = allowUnsigned ? resp.GetUntrustedExtension<FetchResponse>() : resp.GetExtension<FetchResponse>();
if (fetchResponse != null) {
((IOpenIdMessageExtension)sreg).IsSignedByRemoteParty = fetchResponse.IsSignedByProvider;
sreg.BirthDateRaw = fetchResponse.GetAttributeValue(WellKnownAttributes.BirthDate.WholeBirthDate, formats);
sreg.Country = fetchResponse.GetAttributeValue(WellKnownAttributes.Contact.HomeAddress.Country, formats);
sreg.PostalCode = fetchResponse.GetAttributeValue(WellKnownAttributes.Contact.HomeAddress.PostalCode, formats);
sreg.Email = fetchResponse.GetAttributeValue(WellKnownAttributes.Contact.Email, formats);
sreg.FullName = fetchResponse.GetAttributeValue(WellKnownAttributes.Name.FullName, formats);
sreg.Language = fetchResponse.GetAttributeValue(WellKnownAttributes.Preferences.Language, formats);
sreg.Nickname = fetchResponse.GetAttributeValue(WellKnownAttributes.Name.Alias, formats);
sreg.TimeZone = fetchResponse.GetAttributeValue(WellKnownAttributes.Preferences.TimeZone, formats);
string gender = fetchResponse.GetAttributeValue(WellKnownAttributes.Person.Gender, formats);
if (gender != null) {
sreg.Gender = (Gender)genderEncoder.Decode(gender);
}
}
return sreg;
}
/// <summary>
/// Initializes a new instance of the <see cref="ClaimsResponseShim"/> class.
/// </summary>
/// <param name="response">The Simple Registration response to wrap.</param>
internal ClaimsResponseShim(ClaimsResponse response)
{
Requires.NotNull(response, "response");
this.response = response;
}
public void InvalidRawBirthdate() {
var response = new ClaimsResponse();
response.BirthDateRaw = "2008";
}
private void ParameterizedAXTest(AXAttributeFormats format)
{
var axInjected = new FetchRequest();
axInjected.Attributes.AddOptional(ExtensionsInteropHelper_Accessor.TransformAXFormat(WellKnownAttributes.Name.Alias, format));
axInjected.Attributes.AddRequired(ExtensionsInteropHelper_Accessor.TransformAXFormat(WellKnownAttributes.Name.FullName, format));
this.extensions.Add(axInjected);
var sreg = ExtensionsInteropHelper.UnifyExtensionsAsSreg(this.request);
Assert.AreSame(sreg, this.request.GetExtension<ClaimsRequest>());
Assert.AreEqual(DemandLevel.Request, sreg.Nickname);
Assert.AreEqual(DemandLevel.Require, sreg.FullName);
Assert.AreEqual(DemandLevel.NoRequest, sreg.Language);
var sregResponse = new ClaimsResponse {
Nickname = "andy",
};
this.request.AddResponseExtension(sregResponse);
ExtensionsInteropHelper.ConvertSregToMatchRequest(this.request);
var extensions = this.GetResponseExtensions();
var axResponse = extensions.OfType<FetchResponse>().Single();
Assert.AreEqual("andy", axResponse.GetAttributeValue(ExtensionsInteropHelper_Accessor.TransformAXFormat(WellKnownAttributes.Name.Alias, format)));
}
public bool ValidateOpenIDUser()
{
try
{
var response = consumer.GetResponse();
if (response.Status != AuthenticationStatus.Authenticated)
{
return false;
}
_sreg = response.GetExtension<ClaimsResponse>();
MembershipUser user = GetUserByOpenId(response.ClaimedIdentifier, true);
if (user != null)
{
FormsAuthentication.RedirectFromLoginPage(user.UserName, false);
return true; // never reached, due to redirect
}
else
{
throw new OpenIdNotLinkedException(response.ClaimedIdentifier);
}
}
catch (ProtocolException ex)
{
if (WriteExceptionsToEventLog)
{
Utility.WriteToEventLog(ex, "ValidateOpenIDUser");
}
return false;
}
catch (OpenIdNotLinkedException nlEx)
{
throw nlEx;
}
}
public void SetOpenIdProfileFields(ClaimsResponse value) {
if (value == null) {
throw new ArgumentNullException("value");
}
this.DateOfBirth = value.BirthDate;
this.countryDropdownList.SelectedValue = value.Country;
this.emailTextBox.Text = value.Email;
this.fullnameTextBox.Text = value.FullName;
this.Gender = value.Gender;
this.languageDropdownList.SelectedValue = value.Language;
this.nicknameTextBox.Text = value.Nickname;
this.postcodeTextBox.Text = value.PostalCode;
this.timezoneDropdownList.SelectedValue = value.TimeZone;
}
public void UnifyExtensionsAsSregWithBothSregAndAX()
{
var sregInjected = new ClaimsRequest {
Nickname = DemandLevel.Request,
};
this.extensions.Add(sregInjected);
var axInjected = new FetchRequest();
axInjected.Attributes.AddOptional(WellKnownAttributes.Contact.Email);
this.extensions.Add(axInjected);
var sreg = ExtensionsInteropHelper.UnifyExtensionsAsSreg(this.request);
Assert.AreSame(sregInjected, sreg);
Assert.AreEqual(DemandLevel.Request, sreg.Nickname);
Assert.AreEqual(DemandLevel.NoRequest, sreg.Email);
var sregResponseInjected = new ClaimsResponse {
Nickname = "andy",
};
this.request.AddResponseExtension(sregResponseInjected);
var axResponseInjected = new FetchResponse();
axResponseInjected.Attributes.Add(WellKnownAttributes.Contact.Email, "*****@*****.**");
this.request.AddResponseExtension(axResponseInjected);
ExtensionsInteropHelper.ConvertSregToMatchRequest(this.request);
var extensions = this.GetResponseExtensions();
var sregResponse = extensions.OfType<ClaimsResponse>().Single();
Assert.AreEqual("andy", sregResponse.Nickname);
var axResponse = extensions.OfType<FetchResponse>().Single();
Assert.AreEqual("*****@*****.**", axResponse.GetAttributeValue(WellKnownAttributes.Contact.Email));
}
public OpenIdUser(ClaimsResponse claim, string identifier)
{
ProccessData(claim, identifier);
}
public OpenIdUser(ClaimsResponse claim, string identifier)
{
addClaimInfo(claim, identifier);
}
public static void Clear()
{
ProfileFields = null;
FriendlyLoginName = null;
PapePolicies = null;
}
private bool IsValidForUserCreation(OpenIdEventArgs e, ClaimsResponse claim)
{
if (e == null) return false;
if (claim == null) return false;
if (e.ClaimedIdentifier == null) { return false; }
if (String.IsNullOrEmpty(claim.Email)) { return false; }
if (String.IsNullOrEmpty(claim.FullName)) { return false; }
if (!Email.IsValidEmailAddressSyntax(claim.Email)) return false;
// if custom profile fields are required
// must pass them on to registration page
mojoProfileConfiguration profileConfig = mojoProfileConfiguration.GetConfig();
if (profileConfig != null)
{
if (profileConfig.HasRequiredCustomProperties()) return false;
}
return true;
}
public void EmptyMailAddress() {
ClaimsResponse response = new ClaimsResponse(Constants.sreg_ns);
response.Email = string.Empty;
Assert.IsNull(response.MailAddress);
}