public async Task VerifyAuthenticationSucceeds() { // Arrange var endpoint = new MessageReceivingEndpoint("http://live.com/path/?a=b", HttpDeliveryMethods.GetRequest); var request = new AuthorizedTokenRequest(endpoint, new Version("1.0")); var webWorker = new Mock <IOAuthWebWorker>(MockBehavior.Strict); webWorker .Setup(w => w.ProcessUserAuthorizationAsync(It.IsAny <HttpContextBase>(), CancellationToken.None)) .Returns(Task.FromResult(new AccessTokenResponse("ok", "secret", new NameValueCollection()))).Verifiable(); var client = new MockOAuthClient(webWorker.Object); var context = new Mock <HttpContextBase>(); // Act AuthenticationResult result = await client.VerifyAuthenticationAsync(context.Object); // Assert webWorker.Verify(); Assert.True(result.IsSuccessful); Assert.AreEqual("mockoauth", result.Provider); Assert.AreEqual("12345", result.ProviderUserId); Assert.AreEqual("super", result.UserName); Assert.IsNotNull(result.ExtraData); Assert.AreEqual("ok", result.ExtraData["accesstoken"]); }
/// <summary> /// Analyzes an incoming request message payload to discover what kind of /// message is embedded in it and returns the type, or null if no match is found. /// </summary> /// <param name="recipient">The intended or actual recipient of the request message.</param> /// <param name="fields">The name/value pairs that make up the message payload.</param> /// <returns> /// A newly instantiated <see cref="IProtocolMessage"/>-derived object that this message can /// deserialize to. Null if the request isn't recognized as a valid protocol message. /// </returns> /// <remarks> /// The request messages are: /// UnauthorizedTokenRequest /// AuthorizedTokenRequest /// UserAuthorizationRequest /// AccessProtectedResourceRequest /// </remarks> public virtual IDirectedProtocolMessage GetNewRequestMessage(MessageReceivingEndpoint recipient, IDictionary <string, string> fields) { MessageBase message = null; Protocol protocol = Protocol.V10; // default to assuming the less-secure 1.0 instead of 1.0a until we prove otherwise. string token; fields.TryGetValue("oauth_token", out token); try { if (fields.ContainsKey("oauth_consumer_key") && !fields.ContainsKey("oauth_token")) { protocol = fields.ContainsKey("oauth_callback") ? Protocol.V10a : Protocol.V10; message = new UnauthorizedTokenRequest(recipient, protocol.Version); } else if (fields.ContainsKey("oauth_consumer_key") && fields.ContainsKey("oauth_token")) { // Discern between RequestAccessToken and AccessProtectedResources, // which have all the same parameters, by figuring out what type of token // is in the token parameter. bool tokenTypeIsAccessToken = this.tokenManager.GetTokenType(token) == TokenType.AccessToken; if (tokenTypeIsAccessToken) { message = (MessageBase) new AccessProtectedResourceRequest(recipient, protocol.Version); } else { // Discern between 1.0 and 1.0a requests by checking on the consumer version we stored // when the consumer first requested an unauthorized token. protocol = Protocol.Lookup(this.tokenManager.GetRequestToken(token).ConsumerVersion); message = new AuthorizedTokenRequest(recipient, protocol.Version); } } else { // fail over to the message with no required fields at all. if (token != null) { protocol = Protocol.Lookup(this.tokenManager.GetRequestToken(token).ConsumerVersion); } // If a callback parameter is included, that suggests either the consumer // is following OAuth 1.0 instead of 1.0a, or that a hijacker is trying // to attack. Either way, if the consumer started out as a 1.0a, keep it // that way, and we'll just ignore the oauth_callback included in this message // by virtue of the UserAuthorizationRequest message not including it in its // 1.0a payload. message = new UserAuthorizationRequest(recipient, protocol.Version); } if (message != null) { message.SetAsIncoming(); } return(message); } catch (KeyNotFoundException ex) { throw ErrorUtilities.Wrap(ex, OAuthStrings.TokenNotFound); } }
public override async Task <AuthorizationResponse> LoginWithToken(AuthorizedTokenRequest request, ServerCallContext context) { if (string.IsNullOrEmpty(request.Token)) { return new AuthorizationResponse() { Status = ResponseFactory.createResponse(ResponseType.INVALID_CREDENTIALS) } } ; if (JwtManager.ValidateToken(request.Token, out var uuid)) { // Validate user exists. DbUserModel dbUserModel = await DbUserModel.GetUserFromGuid(uuid); if (dbUserModel != null) { context.UserState["user"] = dbUserModel; return(new AuthorizationResponse() { Status = ResponseFactory.createResponse(ResponseType.SUCCESS), Token = request.Token, User = dbUserModel.AsUser(), }); } } return(new AuthorizationResponse() { Status = ResponseFactory.createResponse(ResponseType.INVALID_CREDENTIALS) }); }
/// <summary> /// Prepares and sends an access token to a Consumer, and invalidates the request token. /// </summary> /// <param name="request">The Consumer's message requesting an access token.</param> /// <returns>The HTTP response to actually send to the Consumer.</returns> public AuthorizedTokenResponse PrepareAccessTokenMessage(AuthorizedTokenRequest request) { if (request == null) { throw new ArgumentNullException("request"); } if (!this.TokenManager.IsRequestTokenAuthorized(request.RequestToken)) { throw new ProtocolException( string.Format( CultureInfo.CurrentCulture, OAuthStrings.AccessTokenNotAuthorized, request.RequestToken)); } string accessToken = this.TokenGenerator.GenerateAccessToken(request.ConsumerKey); string tokenSecret = this.TokenGenerator.GenerateSecret(); this.TokenManager.ExpireRequestTokenAndStoreNewAccessToken(request.ConsumerKey, request.RequestToken, accessToken, tokenSecret); var grantAccess = new AuthorizedTokenResponse(request) { AccessToken = accessToken, TokenSecret = tokenSecret, }; return(grantAccess); }
public void VerifyAuthenticationSucceeds() { // Arrange var endpoint = new MessageReceivingEndpoint("http://live.com/path/?a=b", HttpDeliveryMethods.GetRequest); var request = new AuthorizedTokenRequest(endpoint, new Version("1.0")); var response = new AuthorizedTokenResponse(request) { AccessToken = "ok" }; var webWorker = new Mock <IOAuthWebWorker>(MockBehavior.Strict); webWorker.Setup(w => w.ProcessUserAuthorization()).Returns(response).Verifiable(); var client = new MockOAuthClient(webWorker.Object); var context = new Mock <HttpContextBase>(); // Act AuthenticationResult result = client.VerifyAuthentication(context.Object); // Assert webWorker.Verify(); Assert.True(result.IsSuccessful); Assert.AreEqual("mockoauth", result.Provider); Assert.AreEqual("12345", result.ProviderUserId); Assert.AreEqual("super", result.UserName); Assert.IsNotNull(result.ExtraData); Assert.IsTrue(result.ExtraData.ContainsKey("accesstoken")); Assert.AreEqual("ok", result.ExtraData["accesstoken"]); }
/// <summary> /// Obtains an access token for a new account at the Service Provider via 2-legged OAuth. /// </summary> /// <param name="requestParameters">Any applicable parameters to include in the query string of the token request.</param> /// <returns>The access token.</returns> /// <remarks> /// The token secret is stored in the <see cref="TokenManager"/>. /// </remarks> public string RequestNewClientAccount(IDictionary <string, string> requestParameters = null) { // Obtain an unauthorized request token. Force use of OAuth 1.0 (not 1.0a) so that // we are not expected to provide an oauth_verifier which doesn't apply in 2-legged OAuth. var token = new UnauthorizedTokenRequest(this.ServiceProvider.RequestTokenEndpoint, Protocol.V10.Version) { ConsumerKey = this.ConsumerKey, }; var tokenAccessor = this.Channel.MessageDescriptions.GetAccessor(token); tokenAccessor.AddExtraParameters(requestParameters); var requestTokenResponse = this.Channel.Request <UnauthorizedTokenResponse>(token); this.TokenManager.StoreNewRequestToken(token, requestTokenResponse); var requestAccess = new AuthorizedTokenRequest(this.ServiceProvider.AccessTokenEndpoint, Protocol.V10.Version) { RequestToken = requestTokenResponse.RequestToken, ConsumerKey = this.ConsumerKey, }; var grantAccess = this.Channel.Request <AuthorizedTokenResponse>(requestAccess); this.TokenManager.ExpireRequestTokenAndStoreNewAccessToken(this.ConsumerKey, requestTokenResponse.RequestToken, grantAccess.AccessToken, grantAccess.TokenSecret); return(grantAccess.AccessToken); }
public override AuthorizationResponse LoginWithToken(AuthorizedTokenRequest request, CallOptions options) { AuthorizationResponse response = base.LoginWithToken(request, options); Auth.Login(response.Token); return(response); }
public void VerifyAuthenticationFailsIfAccessTokenIsInvalid() { // Arrange var endpoint = new MessageReceivingEndpoint("http://live.com/path/?a=b", HttpDeliveryMethods.GetRequest); var request = new AuthorizedTokenRequest(endpoint, new Version("1.0")); var response = new AuthorizedTokenResponse(request) { AccessToken = "invalid token" }; var webWorker = new Mock <IOAuthWebWorker>(MockBehavior.Strict); webWorker.Setup(w => w.ProcessUserAuthorization()).Returns(response).Verifiable(); var client = new MockOAuthClient(webWorker.Object); var context = new Mock <HttpContextBase>(); // Act AuthenticationResult result = client.VerifyAuthentication(context.Object); // Assert webWorker.Verify(); Assert.False(result.IsSuccessful); }
public override AsyncUnaryCall <AuthorizationResponse> LoginWithTokenAsync(AuthorizedTokenRequest request, CallOptions options) { AsyncUnaryCall <AuthorizationResponse> response = base.LoginWithTokenAsync(request, options); response.ResponseAsync.ContinueWith((authResponse) => { Auth.Login(authResponse.Result.Token); }); return(response); }
public override AuthorizationResponse LoginWithToken(AuthorizedTokenRequest request, Metadata headers = null, DateTime?deadline = null, CancellationToken cancellationToken = default(CancellationToken)) { AuthorizationResponse response = base.LoginWithToken(request, headers, deadline, cancellationToken); Auth.Login(response.Token); return(response); }
public override AsyncUnaryCall <AuthorizationResponse> LoginWithTokenAsync(AuthorizedTokenRequest request, Metadata headers = null, DateTime?deadline = null, CancellationToken cancellationToken = default(CancellationToken)) { AsyncUnaryCall <AuthorizationResponse> response = base.LoginWithTokenAsync(request, headers, deadline, cancellationToken); response.ResponseAsync.ContinueWith((authResponse) => { Auth.Login(authResponse.Result.Token); }); return(response); }
/// <summary> /// Exchanges a given request token for access token. /// </summary> /// <param name="requestToken">The request token that the user has authorized.</param> /// <returns>The access token assigned by the Service Provider.</returns> protected AuthorizedTokenResponse ProcessUserAuthorization(string requestToken) { var requestAccess = new AuthorizedTokenRequest(this.ServiceProvider.AccessTokenEndpoint) { RequestToken = requestToken, ConsumerKey = this.ConsumerKey, }; var grantAccess = this.Channel.Request <AuthorizedTokenResponse>(requestAccess); this.TokenManager.ExpireRequestTokenAndStoreNewAccessToken(this.ConsumerKey, requestToken, grantAccess.AccessToken, grantAccess.TokenSecret); return(grantAccess); }
/// <summary> /// Exchanges a given request token for access token. /// </summary> /// <param name="requestToken">The request token that the user has authorized.</param> /// <param name="verifier">The verifier code.</param> /// <returns> /// The access token assigned by the Service Provider. /// </returns> protected AuthorizedTokenResponse ProcessUserAuthorization(string requestToken, string verifier) { Requires.NotNullOrEmpty(requestToken, "requestToken"); var requestAccess = new AuthorizedTokenRequest(this.ServiceProvider.AccessTokenEndpoint, this.ServiceProvider.Version) { RequestToken = requestToken, VerificationCode = verifier, ConsumerKey = this.ConsumerKey, }; var grantAccess = this.Channel.Request <AuthorizedTokenResponse>(requestAccess); this.TokenManager.ExpireRequestTokenAndStoreNewAccessToken(this.ConsumerKey, requestToken, grantAccess.AccessToken, grantAccess.TokenSecret); return(grantAccess); }
/// <summary> /// Exchanges a given request token for access token. /// </summary> /// <param name="requestToken">The request token that the user has authorized.</param> /// <param name="verifier">The verifier code.</param> /// <returns> /// The access token assigned by the Service Provider. /// </returns> protected AuthorizedTokenResponse ProcessUserAuthorization(string requestToken, string verifier) { Contract.Requires <ArgumentException>(!String.IsNullOrEmpty(requestToken)); Contract.Ensures(Contract.Result <AuthorizedTokenResponse>() != null); var requestAccess = new AuthorizedTokenRequest(this.ServiceProvider.AccessTokenEndpoint, this.ServiceProvider.Version) { RequestToken = requestToken, VerificationCode = verifier, ConsumerKey = this.ConsumerKey, }; var grantAccess = this.Channel.Request <AuthorizedTokenResponse>(requestAccess); this.TokenManager.ExpireRequestTokenAndStoreNewAccessToken(this.ConsumerKey, requestToken, grantAccess.AccessToken, grantAccess.TokenSecret); return(grantAccess); }
/// <summary> /// Prepares and sends an access token to a Consumer, and invalidates the request token. /// </summary> /// <param name="request">The Consumer's message requesting an access token.</param> /// <returns>The HTTP response to actually send to the Consumer.</returns> public AuthorizedTokenResponse PrepareAccessTokenMessage(AuthorizedTokenRequest request) { Requires.NotNull(request, "request"); ErrorUtilities.VerifyProtocol(this.TokenManager.IsRequestTokenAuthorized(request.RequestToken), OAuthStrings.AccessTokenNotAuthorized, request.RequestToken); string accessToken = this.TokenGenerator.GenerateAccessToken(request.ConsumerKey); string tokenSecret = this.TokenGenerator.GenerateSecret(); this.TokenManager.ExpireRequestTokenAndStoreNewAccessToken(request.ConsumerKey, request.RequestToken, accessToken, tokenSecret); var grantAccess = new AuthorizedTokenResponse(request) { AccessToken = accessToken, TokenSecret = tokenSecret, }; return(grantAccess); }
public async Task VerifyAuthenticationFailsIfAccessTokenIsInvalid() { // Arrange var endpoint = new MessageReceivingEndpoint("http://live.com/path/?a=b", HttpDeliveryMethods.GetRequest); var request = new AuthorizedTokenRequest(endpoint, new Version("1.0")); var webWorker = new Mock <IOAuthWebWorker>(MockBehavior.Strict); webWorker.Setup(w => w.ProcessUserAuthorizationAsync(It.IsAny <HttpContextBase>(), CancellationToken.None)).Returns(Task.FromResult <AccessTokenResponse>(null)).Verifiable(); var client = new MockOAuthClient(webWorker.Object); var context = new Mock <HttpContextBase>(); // Act AuthenticationResult result = await client.VerifyAuthenticationAsync(context.Object); // Assert webWorker.Verify(); Assert.False(result.IsSuccessful); }
/// <summary> /// Processes an incoming authorization-granted message from an SP and obtains an access token. /// </summary> /// <param name="openIdAuthenticationResponse">The OpenID authentication response that may be carrying an authorized request token.</param> /// <returns> /// The access token, or null if OAuth authorization was denied by the user or service provider. /// </returns> /// <remarks> /// The access token, if granted, is automatically stored in the <see cref="ConsumerBase.TokenManager"/>. /// The token manager instance must implement <see cref="IOpenIdOAuthTokenManager"/>. /// </remarks> public AuthorizedTokenResponse ProcessUserAuthorization(IAuthenticationResponse openIdAuthenticationResponse) { Contract.Requires <ArgumentNullException>(openIdAuthenticationResponse != null); Contract.Requires <InvalidOperationException>(this.TokenManager is IOpenIdOAuthTokenManager); var openidTokenManager = this.TokenManager as IOpenIdOAuthTokenManager; ErrorUtilities.VerifyOperation(openidTokenManager != null, OAuthStrings.OpenIdOAuthExtensionRequiresSpecialTokenManagerInterface, typeof(IOpenIdOAuthTokenManager).FullName); // The OAuth extension is only expected in positive assertion responses. if (openIdAuthenticationResponse.Status != AuthenticationStatus.Authenticated) { return(null); } // Retrieve the OAuth extension var positiveAuthorization = openIdAuthenticationResponse.GetExtension <AuthorizationApprovedResponse>(); if (positiveAuthorization == null) { return(null); } // Prepare a message to exchange the request token for an access token. // We are careful to use a v1.0 message version so that the oauth_verifier is not required. var requestAccess = new AuthorizedTokenRequest(this.ServiceProvider.AccessTokenEndpoint, Protocol.V10.Version) { RequestToken = positiveAuthorization.RequestToken, ConsumerKey = this.ConsumerKey, }; // Retrieve the access token and store it in the token manager. openidTokenManager.StoreOpenIdAuthorizedRequestToken(this.ConsumerKey, positiveAuthorization); var grantAccess = this.Channel.Request <AuthorizedTokenResponse>(requestAccess); this.TokenManager.ExpireRequestTokenAndStoreNewAccessToken(this.ConsumerKey, positiveAuthorization.RequestToken, grantAccess.AccessToken, grantAccess.TokenSecret); // Provide the caller with the access token so it may be associated with the user // that is logging in. return(grantAccess); }