public void BadFetch()
{
Uri userUrl = new Uri("http://who.cares/");
IAssociationStore store = new MemoryStore();
Consumer consumer;
ArrayList cases = new ArrayList();
cases.Add(null);
cases.Add(HttpStatusCode.NotFound);
cases.Add(HttpStatusCode.BadRequest);
cases.Add(HttpStatusCode.InternalServerError);
byte[] data = Encoding.UTF8.GetBytes("Who cares?");
FetchResponse resp;
foreach (object code in cases)
{
if (code == null)
resp = null;
else
resp = new FetchResponse((HttpStatusCode) code, userUrl, "UTF-8", data, data.Length);
consumer = new Consumer(store, new BadFetcher(resp));
try
{
consumer.BeginAuth(userUrl);
TestTools.Assert(false, String.Format("Consumer failed to raise FetchException: {0}", code.ToString()));
}
catch (FetchException e) {}
}
}
public override bool ValidateUser(string username, string password)
{
bool ret = true;
try
{
Uri userUri = Utility.NormalizeIdentityUrl(username);
HttpContext Context = HttpContext.Current;
HttpSessionState Session = Context.Session;
HttpRequest Request = Context.Request;
HttpResponse Response = Context.Response;
Janrain.OpenId.Consumer.Consumer consumer;
if (consumerSession == null)
{
consumerSession = new Janrain.OpenId.Session.SimpleSessionState();
}
consumer = new Janrain.OpenId.Consumer.Consumer(consumerSession,
Janrain.OpenId.Store.MemoryStore.GetInstance());
if (username != null)
{
try
{
AuthRequest request = consumer.Begin(userUri);
// Build the trust root
UriBuilder builder = new UriBuilder(Request.Url.AbsoluteUri);
builder.Query = null;
builder.Password = null;
builder.UserName = null;
builder.Fragment = null;
builder.Path = Request.ApplicationPath;
// The following approach does not append port 80 in the
// no port case.
string trustRoot = (new Uri(builder.ToString())).ToString();
// Build the return_to URL
builder = new UriBuilder(Request.Url.AbsoluteUri);
NameValueCollection col = new NameValueCollection();
col["ReturnUrl"] = Request.QueryString["ReturnUrl"];
builder.Query = Janrain.OpenId.UriUtil.CreateQueryString(col);
Uri returnTo = new Uri(builder.ToString());
Uri redirectUrl = request.CreateRedirect(trustRoot, returnTo, AuthRequest.Mode.SETUP);
// The following illustrates how to use SREG.
String uriString = redirectUrl.AbsoluteUri + "&openid.sreg.optional=" + _optionalInformation;
// Get the current page
_loginURL = Context.Request.Url.AbsoluteUri;
// Redirect the user to the OpenID provider Page
Response.Redirect(uriString, true);
}
catch (System.Threading.ThreadAbortException)
{
// Consume. This is normal during redirect.
}
}
else
{
ret = false;
}
}
catch
{
return false;
}
return ret;
}
public bool ValidateOpenIDUser()
{
bool ret = true;
HttpContext Context = HttpContext.Current;
HttpSessionState Session = Context.Session;
HttpRequest Request = Context.Request;
Janrain.OpenId.Consumer.Consumer consumer;
try
{
if (consumerSession == null)
{
consumerSession = new Janrain.OpenId.Session.SimpleSessionState();
}
consumer = new Janrain.OpenId.Consumer.Consumer(consumerSession,
Janrain.OpenId.Store.MemoryStore.GetInstance());
}
catch
{
return false;
}
if (Request.QueryString["openid.mode"] != null && Request.QueryString["openid.mode"] != "Cancel")
{
try
{
_country = (Request.QueryString["openid.sreg.country"] ?? "");
_dayOfBirth = (Request.QueryString["openid.sreg.dob"] ?? "");
_email = (Request.QueryString["openid.sreg.email"] ?? "");
_fullname = (Request.QueryString["openid.sreg.fullname"] ?? "");
_gender = (Request.QueryString["openid.sreg.gender"] ?? "");
_language = (Request.QueryString["openid.sreg.language"] ?? "");
_nickname = (Request.QueryString["openid.sreg.nickname"] ?? "");
_postcode = (Request.QueryString["openid.sreg.postcode"] ?? "");
_timezone = (Request.QueryString["openid.sreg.timezone"] ?? "");
ConsumerResponse resp = consumer.Complete(Request.QueryString);
string userIdentity = Utility.IdentityUrlToDisplayString(resp.IdentityUrl);
MembershipUser user = GetUserByOpenId(userIdentity, true);
ret = (user != null);
if (ret)
{
FormsAuthentication.RedirectFromLoginPage(user.UserName, false);
}
else
{
OpenIdNotLinkedException exception = new OpenIdNotLinkedException(userIdentity);
throw exception;
}
}
catch (FailureException fexc)
{
if (WriteExceptionsToEventLog)
{
Utility.WriteToEventLog(fexc, "ValidateOpenIDUser");
}
ret = false;
}
catch (OpenIdNotLinkedException nlEx)
{
throw nlEx;
}
catch (Exception fe)
{
if (WriteExceptionsToEventLog)
{
Utility.WriteToEventLog(fe, "ValidateOpenIDUser");
}
throw new OpenIdMembershipProviderException(fe.Message, fe.Source, fe.StackTrace);
}
}
else
{
ret = false;
}
return ret;
}
public void BadParse()
{
IAssociationStore store = new MemoryStore();
Uri userUrl = new Uri("http://user.example.com/");
string[] cases =
{ "",
"http://not.in.a.link.tag/",
"<link rel=\"openid.server\" href=\"not.in.html.or.head\" />"
};
Fetcher fetcher;
Consumer consumer;
foreach (string userPage in cases)
{
fetcher = new TestFetcher(userUrl, userPage, null);
consumer = new Consumer(store, fetcher);
try {
consumer.BeginAuth(userUrl);
TestTools.Assert(false, String.Format("Shouldn't have succeeded with user_page=[{0}]", userPage));
}
catch (ParseException e) {}
}
}
private void Success(Uri userUri, Uri delegateUri, string links, Consumer.Mode immediate)
{
MemoryStore store = new MemoryStore();
string mode;
if (immediate == Consumer.Mode.IMMEDIATE)
mode = "checkid_immediate";
else
mode = "checkid_setup";
string userPage = String.Format(USER_PAGE_PAT, links);
string test_handle = "Snarky";
AssociationInfo info = new AssociationInfo(
Encoding.ASCII.GetBytes("another 20-byte key."), test_handle);
Fetcher fetcher = new TestFetcher(userUri, userPage, info);
Consumer consumer = new Consumer(store, fetcher);
AuthRequest request = consumer.BeginAuth(userUri);
Uri returnTo = new Uri(consumerUri.AbsoluteUri, true);
string trustRoot = consumerUri.AbsoluteUri;
Uri redirectUri = consumer.CreateRedirect(immediate, request, returnTo, trustRoot);
NameValueCollection q = FormParser.Parse(Encoding.UTF8.GetBytes(redirectUri.Query.Substring(1)));
string errmsg = redirectUri.AbsoluteUri;
TestTools.Assert(q.Count == 5, errmsg);
TestTools.Assert(q["openid.mode"] == mode, errmsg);
TestTools.Assert(q["openid.identity"] == delegateUri.AbsoluteUri, errmsg);
TestTools.Assert(q["openid.trust_root"] == trustRoot, errmsg);
TestTools.Assert(q["openid.assoc_handle"] == test_handle, errmsg);
TestTools.Assert(q["openid.return_to"] == returnTo.AbsoluteUri, errmsg);
TestTools.Assert(redirectUri.AbsoluteUri.StartsWith(serverUri.AbsoluteUri), errmsg);
NameValueCollection query = new NameValueCollection();
query.Add("openid.mode", "id_res");
query.Add("openid.return_to", returnTo.AbsoluteUri);
query.Add("openid.identity", delegateUri.AbsoluteUri);
query.Add("openid.assoc_handle", test_handle);
Association assoc = store.GetAssociation(serverUri, test_handle);
string sig = assoc.SignDict(new string[] { "mode", "return_to", "identity" }, query, "openid.");
query.Add("openid.sig", sig);
query.Add("openid.signed", "mode,return_to,identity");
object result;
Consumer.Status status = consumer.CompleteAuth(request.token, query, out result);
TestTools.Assert(status == Consumer.Status.SUCCESS);
TestTools.Assert(((Uri)result).AbsoluteUri == userUri.AbsoluteUri, String.Format("info:{0}\nuserUri:{1}", info, userUri));
}
private void AuthenticateRequest(Object sender, EventArgs e)
{
Consumer consumer = new Consumer(new MemoryStore(), new SimpleFetcher());
HttpContext Context = HttpContext.Current;
HttpSessionState Session = Context.Session;
HttpRequest Request = Context.Request;
HttpResponse Response = Context.Response;
if (Request.Url.AbsolutePath != "/login.aspx")
return;
if (Request.HttpMethod.ToLower() == "post")
{
string urlStr = Request.Form["openid_url"];
if (urlStr != null)
{
Uri userUri = UriUtil.NormalizeUri(urlStr);
try
{
AuthRequest oidreq = consumer.BeginAuth(userUri);
// XXX: construct this from login path and ReturnTo param
UriBuilder builder = new UriBuilder(Request.Url.AbsoluteUri);
if (Session == null)
UriUtil.AppendQueryArgument(builder, TOKEN_KEY, oidreq.token);
else
Session[TOKEN_KEY] = oidreq.token;
Uri returnTo = new Uri(builder.ToString(), true);
builder = new UriBuilder(Request.Url.AbsoluteUri);
builder.Query = null;
builder.Password = null;
builder.UserName = null;
builder.Fragment = null;
builder.Path = Request.ApplicationPath;
string trustRoot = builder.ToString();
Uri redirectUri = consumer.CreateRedirect(Consumer.Mode.SETUP, oidreq, returnTo, trustRoot);
Response.Redirect(redirectUri.AbsoluteUri);
}
catch (FetchException fe)
{
Context.Items.Add("errmsg", "Failed to fetch identity page.");
}
}
}
else if (Request.QueryString["openid.mode"] != null)
{
// XXX: this needs to handle checkid_immediate
string token;
if (Session == null)
token = Request.QueryString[TOKEN_KEY];
else
{
token = (String) Session[TOKEN_KEY];
Session.Remove(TOKEN_KEY);
}
if (token == null)
{
Context.Items.Add("errmsg", "Token was null.");
}
else
{
object result;
Consumer.Status status = consumer.CompleteAuth(token, Request.QueryString, out result);
switch (status)
{
case Consumer.Status.FAILURE:
Context.Items.Add("errmsg", String.Format("Verification of {0} failed.", result.ToString()));
break;
case Consumer.Status.SUCCESS:
if (result != null)
{
FormsAuthentication.RedirectFromLoginPage(
((Uri) result).AbsoluteUri, false);
return;
}
else
{
Context.Items.Add("errmsg", "Verification Cancelled.");
}
break;
}
}
}
}
public bool ValidateOpenIDUser()
{
bool ret = true;
HttpContext Context = HttpContext.Current;
HttpSessionState Session = Context.Session;
HttpRequest Request = Context.Request;
Janrain.OpenId.Consumer.Consumer consumer;
try
{
if (consumerSession == null)
{
consumerSession = new Janrain.OpenId.Session.SimpleSessionState();
}
consumer = new Janrain.OpenId.Consumer.Consumer(consumerSession,
Janrain.OpenId.Store.MemoryStore.GetInstance());
}
catch
{
return(false);
}
if (Request.QueryString["openid.mode"] != null && Request.QueryString["openid.mode"] != "Cancel")
{
try
{
_country = (Request.QueryString["openid.sreg.country"] ?? "");
_dayOfBirth = (Request.QueryString["openid.sreg.dob"] ?? "");
_email = (Request.QueryString["openid.sreg.email"] ?? "");
_fullname = (Request.QueryString["openid.sreg.fullname"] ?? "");
_gender = (Request.QueryString["openid.sreg.gender"] ?? "");
_language = (Request.QueryString["openid.sreg.language"] ?? "");
_nickname = (Request.QueryString["openid.sreg.nickname"] ?? "");
_postcode = (Request.QueryString["openid.sreg.postcode"] ?? "");
_timezone = (Request.QueryString["openid.sreg.timezone"] ?? "");
ConsumerResponse resp = consumer.Complete(Request.QueryString);
string userIdentity = Utility.IdentityUrlToDisplayString(resp.IdentityUrl);
MembershipUser user = GetUserByOpenId(userIdentity, true);
ret = (user != null);
if (ret)
{
FormsAuthentication.RedirectFromLoginPage(user.UserName, false);
}
else
{
OpenIdNotLinkedException exception = new OpenIdNotLinkedException(userIdentity);
throw exception;
}
}
catch (FailureException fexc)
{
if (WriteExceptionsToEventLog)
{
Utility.WriteToEventLog(fexc, "ValidateOpenIDUser");
}
ret = false;
}
catch (OpenIdNotLinkedException nlEx)
{
throw nlEx;
}
catch (Exception fe)
{
if (WriteExceptionsToEventLog)
{
Utility.WriteToEventLog(fe, "ValidateOpenIDUser");
}
throw new OpenIdMembershipProviderException(fe.Message, fe.Source, fe.StackTrace);
}
}
else
{
ret = false;
}
return(ret);
}
public override bool ValidateUser(string username, string password)
{
bool ret = true;
try
{
Uri userUri = Utility.NormalizeIdentityUrl(username);
HttpContext Context = HttpContext.Current;
HttpSessionState Session = Context.Session;
HttpRequest Request = Context.Request;
HttpResponse Response = Context.Response;
Janrain.OpenId.Consumer.Consumer consumer;
if (consumerSession == null)
{
consumerSession = new Janrain.OpenId.Session.SimpleSessionState();
}
consumer = new Janrain.OpenId.Consumer.Consumer(consumerSession,
Janrain.OpenId.Store.MemoryStore.GetInstance());
if (username != null)
{
try
{
AuthRequest request = consumer.Begin(userUri);
// Build the trust root
UriBuilder builder = new UriBuilder(Request.Url.AbsoluteUri);
builder.Query = null;
builder.Password = null;
builder.UserName = null;
builder.Fragment = null;
builder.Path = Request.ApplicationPath;
// The following approach does not append port 80 in the
// no port case.
string trustRoot = (new Uri(builder.ToString())).ToString();
// Build the return_to URL
builder = new UriBuilder(Request.Url.AbsoluteUri);
NameValueCollection col = new NameValueCollection();
col["ReturnUrl"] = Request.QueryString["ReturnUrl"];
builder.Query = Janrain.OpenId.UriUtil.CreateQueryString(col);
Uri returnTo = new Uri(builder.ToString());
Uri redirectUrl = request.CreateRedirect(trustRoot, returnTo, AuthRequest.Mode.SETUP);
// The following illustrates how to use SREG.
String uriString = redirectUrl.AbsoluteUri + "&openid.sreg.optional=" + _optionalInformation;
// Get the current page
_loginURL = Context.Request.Url.AbsoluteUri;
// Redirect the user to the OpenID provider Page
Response.Redirect(uriString, true);
}
catch (System.Threading.ThreadAbortException)
{
// Consume. This is normal during redirect.
}
}
else
{
ret = false;
}
}
catch
{
return(false);
}
return(ret);
}
