public ConsumerRequest(IOAuthContext context, IOAuthConsumerContext consumerContext, IToken token, ICertificateFactory clientSslCertificateFactory)
{
_context = context;
_consumerContext = consumerContext;
_token = token;
_clientSslCertificateFactory = clientSslCertificateFactory;
}
public void SignContextWithToken(IOAuthContext context, IToken token)
{
context.Token = token.Token;
context.TokenSecret = token.TokenSecret;
SignContext(context);
}
public void InspectContext(ProviderPhase phase, IOAuthContext context)
{
if (!_nonceStore.RecordNonceAndCheckIsUnique(context, context.Nonce))
{
throw Error.NonceHasAlreadyBeenUsed(context);
}
}
protected virtual void InspectRequest(IOAuthContext context)
{
foreach (IContextInspector inspector in _inspectors)
{
inspector.InspectContext(context);
}
}
public void InspectContext(ProviderPhase phase, IOAuthContext context)
{
if (phase != ProviderPhase.CreateAccessToken) {
return;
}
var authMode = context.XAuthMode;
if (string.IsNullOrEmpty(authMode)) {
throw Error.EmptyXAuthMode(context);
}
if (!_validateModeFunc(authMode)) {
throw Error.InvalidXAuthMode(context);
}
var username = context.XAuthUsername;
if (string.IsNullOrEmpty(username)) {
throw Error.EmptyXAuthUsername(context);
}
var password = context.XAuthPassword;
if (string.IsNullOrEmpty(password)) {
throw Error.EmptyXAuthPassword(context);
}
if (!_authenticateFunc(username, password)) {
throw Error.FailedXAuthAuthentication(context);
}
}
static void ValidateCallbackUrlIsPartOfRequest(IOAuthContext context)
{
if (string.IsNullOrEmpty(context.CallbackUrl))
{
throw Error.MissingRequiredOAuthParameter(context, Parameters.OAuth_Callback);
}
}
public bool AuthenticateClient(IOAuthContext context)
{
Client actual = ClientRepo.FindClient(context.Client.ClientId);
if (actual == null) return false;
return actual.ClientSecret == context.Client.ClientSecret;
}
public IConsumerRequest CreateConsumerRequest(IOAuthContext context, IOAuthConsumerContext consumerContext, IToken token)
{
if (context == null) throw new ArgumentNullException("context");
if (consumerContext == null) throw new ArgumentNullException("consumerContext");
return new ConsumerRequest(context, consumerContext, token);
}
public RequestForAccessStatus GetStatusOfRequestForAccess(IOAuthContext requestContext)
{
if (requestContext.ConsumerKey == "key" && requestContext.Token == "requestkey")
return RequestForAccessStatus.Granted;
return RequestForAccessStatus.Unknown;
}
public OAuthException(IConsumerResponse consumerResponse, IOAuthContext requestContext, OAuthProblemReport problemReport)
: base(problemReport.ProblemAdvice)
{
ConsumerResponse = consumerResponse;
Report = problemReport;
Context = requestContext;
}
void AssertContextDoesNotIncludeToken(IOAuthContext context)
{
if (context.Token != null)
{
throw Error.RequestForTokenMustNotIncludeTokenInContext(context);
}
}
public void InspectContext(IOAuthContext context)
{
if (!_consumerStore.IsConsumer(context))
{
throw Error.UnknownConsumerKey(context);
}
}
public ConsumerRequest(IOAuthSession oauthSession, IOAuthContext context, IOAuthConsumerContext consumerContext, ICertificateFactory clientSslCertificateFactory)
{
_oauthSession = oauthSession;
_context = context;
_consumerContext = consumerContext;
_clientSslCertificateFactory = clientSslCertificateFactory;
}
public void ConsumeRequestToken(IOAuthContext requestContext)
{
EnsureTestConsumer(requestContext);
if (requestContext.Token != "requestkey")
throw new OAuthException(requestContext, OAuthProblems.TokenRejected,
"The supplied request token is unknown to the provider.");
}
public void ConsumeAccessToken(IOAuthContext accessContext)
{
EnsureTestConsumer(accessContext);
if (accessContext.Token != "accesskey")
throw new OAuthException(accessContext, OAuthProblems.TokenRejected,
"The supplied access token is unknown to the provider.");
}
public virtual IToken GrantRequestToken(IOAuthContext context)
{
AssertContextDoesNotIncludeToken(context);
InspectRequest(ProviderPhase.GrantRequestToken, context);
return _tokenStore.CreateRequestToken(context);
}
public ConsumerRequest(IOAuthContext context, IOAuthConsumerContext consumerContext, IToken token)
{
if (context == null) throw new ArgumentNullException("context");
if (consumerContext == null) throw new ArgumentNullException("consumerContext");
_context = context;
_consumerContext = consumerContext;
_token = token;
}
public void RequestTokenWithRsaSha1()
{
IOAuthSession session = CreateConsumer(SignatureMethod.RsaSha1);
IOAuthContext context = session.BuildRequestTokenContext("GET").Context;
IToken token = provider.GrantRequestToken(context);
Assert.Equal("requestkey", token.Token);
Assert.Equal("requestsecret", token.TokenSecret);
}
public static Exception MissingRequiredOAuthParameter(IOAuthContext context, string parameterName)
{
var exception = new OAuthException(context, OAuthProblems.ParameterAbset,
string.Format("Missing required parameter : {0}", parameterName));
exception.Report.ParametersAbsent.Add(parameterName);
return(exception);
}
public OAuthException(IOAuthContext context, string problem, string advice, Exception innerException)
: base(advice, innerException)
{
Context = context;
Report = new OAuthProblemReport()
{
Problem = problem, ProblemAdvice = advice
};
}
public RequestForAccessStatus GetStatusOfRequestForAccess(IOAuthContext requestContext)
{
if (requestContext.ConsumerKey == "key" && requestContext.Token == "requestkey")
{
return(RequestForAccessStatus.Granted);
}
return(RequestForAccessStatus.Unknown);
}
public void ConsumeAccessToken(IOAuthContext accessContext)
{
AccessToken accessToken = GetAccessToken(accessContext);
if (accessToken.ExpiryDate < Clock.Now)
{
throw new OAuthException(accessContext, OAuthProblems.TokenExpired, "Token has expired");
}
}
public virtual void InspectContext(ProviderPhase phase, IOAuthContext context)
{
SigningContext signingContext = CreateSignatureContextForConsumer(context);
if (!_signer.ValidateSignature(context, signingContext))
{
throw Error.FailedToValidateSignature(context);
}
}
public static Exception MissingRequiredOAuthParameter(IOAuthContext context, string parameterName)
{
var exception = new OAuthException(context, OAuthProblems.ParameterAbset,
string.Format("Missing required parameter : {0}", parameterName));
exception.Report.ParametersAbsent.Add(parameterName);
return exception;
}
public virtual void AccessProtectedResourceRequest(IOAuthContext context)
{
var token = _tokenStore.GetToken(context);
if (token != null)
context.TokenSecret = token.TokenSecret;
InspectRequest(context);
_tokenStore.ConsumeAccessToken(context);
}
public ActionResult A(IOAuthContext context)
{
var tokenRepository = new TokenRepository();
var tokenStore = new SampleMemoryTokenStore(tokenRepository);
var t = tokenStore.CreateRequestToken(context);
return new EmptyResult();
}
public virtual void InspectContext(ProviderPhase phase, IOAuthContext context)
{
SigningContext signingContext = CreateSignatureContextForConsumer(context);
if (!_signer.ValidateSignature(context, signingContext))
{
throw Error.FailedToValidateSignature(context);
}
}
IContextSignatureImplementation FindImplementationForAuthContext(IOAuthContext authContext)
{
IContextSignatureImplementation impl =
_implementations.FirstOrDefault(i => i.MethodName == authContext.SignatureMethod);
if (impl != null) return impl;
throw Error.UnknownSignatureMethod(authContext.SignatureMethod);
}
public IToken GetAccessTokenAssociatedWithRequestToken(IOAuthContext requestContext)
{
EnsureTestConsumer(requestContext);
if (requestContext.Token != "requestkey")
throw new OAuthException(requestContext, OAuthProblems.TokenRejected, "Expected Token \"requestkey\"");
return new TokenBase {ConsumerKey = "key", Realm = null, Token = "accesskey", TokenSecret = AccessSecret};
}
public void ConsumeAccessToken(IOAuthContext accessContext)
{
AccessToken accessToken = _repository.GetAccessToken(accessContext.Token);
if (accessToken.ExpireyDate < DateTime.Now)
{
throw new OAuthException(accessContext, OAuthProblems.TokenExpired,
"Token has expired (they're only valid for 1 minute)");
}
}
public void RequestTokenWithInvalidConsumerKeyThrowsException()
{
IOAuthSession session = CreateConsumer(SignatureMethod.PlainText);
session.ConsumerContext.ConsumerKey = "invalid";
IOAuthContext context = session.BuildRequestTokenContext("GET").Context;
var ex = Assert.Throws <OAuthException>(() => provider.GrantRequestToken(context));
Assert.Equal("Unknown Consumer (Realm: , Key: invalid)", ex.Message);
}
public void RequestTokenWithHmacSha1WithInvalidSignatureThrows()
{
IOAuthSession session = CreateConsumer(SignatureMethod.HmacSha1);
IOAuthContext context = session.BuildRequestTokenContext("GET").Context;
context.Signature = "wrong";
var ex = Assert.Throws <OAuthException>(() => (provider.GrantRequestToken(context)));
Assert.Equal("Failed to validate signature", ex.Message);
}
public void InspectContext(ProviderPhase phase, IOAuthContext context)
{
if (context.SignatureMethod == SignatureMethod.PlainText ||
String.IsNullOrEmpty(context.BodyHash)) return;
if (!context.BodyHash.EqualsInConstantTime(context.GenerateBodyHash()))
{
throw Error.FailedToValidateBodyHash(context);
}
}
public void ConsumeAccessToken(IOAuthContext accessContext)
{
AccessToken accessToken = GetAccessToken(accessContext);
if (accessToken.ExpiryDateUtc < DateTime.UtcNow)
{
throw new OAuthException(accessContext, OAuthProblems.TokenExpired,
"Token has expired (they're only valid for 1 minute)");
}
}
static void UseUpRequestToken(IOAuthContext requestContext, RequestToken requestToken)
{
if (requestToken.UsedUp)
{
throw new OAuthException(requestContext, OAuthProblems.TokenRejected,
"The request token has already be consumed.");
}
requestToken.UsedUp = true;
}
public void ConsumeRequestToken(IOAuthContext requestContext)
{
EnsureTestConsumer(requestContext);
if (requestContext.Token != "requestkey")
{
throw new OAuthException(requestContext, OAuthProblems.TokenRejected,
"The supplied request token is unknown to the provider.");
}
}
public void ConsumeRequestToken(IOAuthContext requestContext)
{
if (requestContext == null) throw new ArgumentNullException("requestContext");
RequestToken requestToken = GetRequestToken(requestContext);
UseUpRequestToken(requestContext, requestToken);
_requestTokenRepository.SaveToken(requestToken);
}
public void ExchangeTokensWhenVerifierIsWrongThrowsException()
{
IOAuthSession session = CreateConsumer(SignatureMethod.RsaSha1);
IOAuthContext context = session.BuildExchangeRequestTokenForAccessTokenContext(
new TokenBase {
ConsumerKey = "key", Token = "requestkey"
}, "GET", "wrong").Context;
provider.ExchangeRequestTokenForAccessToken(context);
}
public void ExchangeTokensWhenVerifierIsMatchDoesNotThrowException()
{
IOAuthSession session = CreateConsumer(SignatureMethod.RsaSha1);
IOAuthContext context = session.BuildExchangeRequestTokenForAccessTokenContext(
new TokenBase {
ConsumerKey = "key", Token = "requestkey"
}, "GET", "GzvVb5WjWfHKa/0JuFupaMyn").Context;
provider.ExchangeRequestTokenForAccessToken(context);
}
public void ConsumeAccessToken(IOAuthContext accessContext)
{
EnsureTestConsumer(accessContext);
if (accessContext.Token != "accesskey")
{
throw new OAuthException(accessContext, OAuthProblems.TokenRejected,
"The supplied access token is unknown to the provider.");
}
}
public void RequestTokenWithoutCallbackWillThrowException()
{
IOAuthSession session = CreateConsumer(SignatureMethod.PlainText);
IOAuthContext context = session.BuildRequestTokenContext("GET").Context;
context.CallbackUrl = null; // clear parameter, as it will default to "oob"
var ex = Assert.Throws <OAuthException>(() => provider.GrantRequestToken(context));
Assert.Equal("Missing required parameter : oauth_callback", ex.Message);
}
public IToken GetAccessTokenAssociatedWithRequestToken(IOAuthContext requestContext)
{
RequestToken requestToken = GetRequestToken(requestContext);
var access_token = requestToken.AccessToken;
// unlink the access token so we can't issue it again
requestToken.AccessToken = null;
this._requestTokenRepository.SaveToken(requestToken);
return(access_token);
}
public void ExchangeTokensWhenVerifierIsWrongThrowsException()
{
IOAuthSession session = CreateConsumer(SignatureMethod.RsaSha1);
IOAuthContext context = session.BuildExchangeRequestTokenForAccessTokenContext(
new TokenBase {
ConsumerKey = "key", Token = "requestkey"
}, "GET", "wrong").Context;
var ex = Assert.Throws <OAuthException>(() => provider.ExchangeRequestTokenForAccessToken(context));
Assert.Equal("The parameter \"oauth_verifier\" was rejected", ex.Message);
}
protected virtual SigningContext CreateSignatureContextForConsumer(IOAuthContext context)
{
var signingContext = new SigningContext {ConsumerSecret = _consumerStore.GetConsumerSecret(context)};
if (SignatureMethodRequiresCertificate(context.SignatureMethod))
{
signingContext.Algorithm = _consumerStore.GetConsumerPublicKey(context);
}
return signingContext;
}
public void AccessTokenWithHmacSha1()
{
IOAuthSession session = CreateConsumer(SignatureMethod.HmacSha1);
IOAuthContext context = session.BuildAccessTokenContext("GET", "client_auth", "username", "password").Context;
context.TokenSecret = null;
IToken accessToken = provider.CreateAccessToken(context);
Assert.Equal("accesskey", accessToken.Token);
Assert.Equal("accesssecret", accessToken.TokenSecret);
}
public void InspectContext(ProviderPhase phase, IOAuthContext context)
{
if (phase == ProviderPhase.GrantRequestToken)
{
ValidateCallbackUrlIsPartOfRequest(context);
}
else if (phase == ProviderPhase.ExchangeRequestTokenForAccessToken)
{
ValidateVerifierMatchesStoredVerifier(context);
}
}
public void RequestTokenWithRsaSha1WithInvalidSignatureThrows()
{
IOAuthSession session = CreateConsumer(SignatureMethod.RsaSha1);
IOAuthContext context = session.BuildRequestTokenContext("GET").Context;
context.Signature =
"eeh8hLNIlNNq1Xrp7BOCc+xgY/K8AmjxKNM7UdLqqcvNSmJqcPcf7yQIOvu8oj5R/mDvBpSb3+CEhxDoW23gggsddPIxNdOcDuEOenugoCifEY6nRz8sbtYt3GHXsDS2esEse/N8bWgDdOm2FRDKuy9OOluQuKXLjx5wkD/KYMY=";
var ex = Assert.Throws <OAuthException>(() => provider.GrantRequestToken(context));
Assert.Equal("Failed to validate signature", ex.Message);
}
public IToken GetToken(IOAuthContext context)
{
var token = (IToken)null;
if (!string.IsNullOrEmpty(context.Token))
{
token = _repository.GetAccessToken(context.Token) ??
(IToken)_repository.GetRequestToken(context.Token);
}
return(token);
}
public void setup()
{
_headers = new NameValueCollection();
_oAuthSession = MockRepository.GenerateMock<IOAuthSession>();
_oAuthContext = MockRepository.GenerateMock<IOAuthContext>();
_oAuthContext.Expect(x => x.Headers).Return(_headers);
_consumerRequest = new ConsumerRequest(_oAuthSession, _oAuthContext, null, null);
}
public bool AuthenticateClient(IOAuthContext context)
{
Client actual = ClientRepo.FindClient(context.Client.ClientId);
if (actual == null)
{
return(false);
}
return(actual.ClientSecret == context.Client.ClientSecret);
}
public void InspectContext(ProviderPhase phase, IOAuthContext context)
{
if (phase == ProviderPhase.GrantRequestToken)
{
ValidateCallbackUrlIsPartOfRequest(context);
}
else if (phase == ProviderPhase.ExchangeRequestTokenForAccessToken)
{
ValidateVerifierMatchesStoredVerifier(context);
}
}
public void AccessProtectedResourceWithPlainText()
{
IOAuthSession session = CreateConsumer(SignatureMethod.PlainText);
session.AccessToken = new TokenBase {
ConsumerKey = "key", Token = "accesskey", TokenSecret = "accesssecret"
};
IOAuthContext context = session.Request().Get().ForUrl("http://localhost/protected.rails").SignWithToken().Context;
context.TokenSecret = null;
provider.AccessProtectedResourceRequest(context);
}
IContextSignatureImplementation FindImplementationForAuthContext(IOAuthContext authContext)
{
IContextSignatureImplementation impl =
_implementations.FirstOrDefault(i => i.MethodName == authContext.SignatureMethod);
if (impl != null)
{
return(impl);
}
throw Error.UnknownSignatureMethod(authContext.SignatureMethod);
}
RequestToken GetRequestToken(IOAuthContext context)
{
try
{
return _requestTokenRepository.GetToken(context.Token);
}
catch (Exception exception)
{
// TODO: log exception
throw Error.UnknownToken(context, context.Token, exception);
}
}
public virtual void AccessProtectedResourceRequest(IOAuthContext context)
{
var token = _tokenStore.GetToken(context);
if (token != null)
{
context.TokenSecret = token.TokenSecret;
}
InspectRequest(context);
_tokenStore.ConsumeAccessToken(context);
}
AccessToken GetAccessToken(IOAuthContext context)
{
try
{
return(_accessTokenRepository.GetToken(context.Token));
}
catch (Exception exception)
{
// TODO: log exception
throw Error.UnknownToken(context, context.Token, exception);
}
}
public void ExchangeTokensWhenVerifierIsMissingThrowsException()
{
string verifier = null;
IOAuthSession session = CreateConsumer(SignatureMethod.RsaSha1);
IOAuthContext context = session.BuildExchangeRequestTokenForAccessTokenContext(
new TokenBase {
ConsumerKey = "key", Token = "requestkey"
}, "GET", verifier).Context;
var ex = Assert.Throws <OAuthException>(() => provider.ExchangeRequestTokenForAccessToken(context));
Assert.Equal("Missing required parameter : oauth_verifier", ex.Message);
}
public IConsumerRequest CreateConsumerRequest(IOAuthContext context, IOAuthConsumerContext consumerContext, IToken token)
{
if (context == null)
{
throw new ArgumentNullException("context");
}
if (consumerContext == null)
{
throw new ArgumentNullException("consumerContext");
}
return(new ConsumerRequest(context, consumerContext, token));
}
protected virtual SigningContext CreateSignatureContextForConsumer(IOAuthContext context)
{
var signingContext = new SigningContext {
ConsumerSecret = _consumerStore.GetConsumerSecret(context)
};
if (SignatureMethodRequiresCertificate(context.SignatureMethod))
{
signingContext.Algorithm = _consumerStore.GetConsumerPublicKey(context);
}
return(signingContext);
}
public void ConsumeRequestToken(IOAuthContext requestContext)
{
if (requestContext == null)
{
throw new ArgumentNullException("requestContext");
}
RequestToken requestToken = GetRequestToken(requestContext);
UseUpRequestToken(requestContext, requestToken);
_requestTokenRepository.SaveToken(requestToken);
}
