protected override void IssueToken(IHttpContext httpContext, OAuthRequestContext requestContext)
{
// Generate a request token
IRequestToken token = GenerateToken(TokenType.Request, httpContext, requestContext) as IRequestToken;
// Check to see if the request for a token is oob and that oob is allowed.
if (requestContext.Parameters.Callback.Equals("oob")) {
if (!Provider.AllowOutOfBandCallback)
throw new ParametersRejectedException("Out of band is not supported.", new string[] { OAuthParameterKeys.Callback });
} else {
Uri callbackUri;
if (!Uri.TryCreate(requestContext.Parameters.Callback, UriKind.Absolute, out callbackUri))
throw new ParametersRejectedException("Not a valid Uri.", new string[] { OAuthParameterKeys.Callback });
Provider.CallbackStore.SaveCallback(token, callbackUri);
}
// Store the token
requestContext.RequestToken = token;
Provider.TokenStore.Add(token);
// Add to the response
requestContext.ResponseParameters[OAuthParameterKeys.CallbackConfirmed] = "true"; // The spec never defines when to send false or what will happen if you do.
requestContext.ResponseParameters[OAuthParameterKeys.Token] = token.Token;
requestContext.ResponseParameters[OAuthParameterKeys.TokenSecret] = token.Secret;
}
protected virtual void SetRequestId(OAuthRequestContext context)
{
long timestamp = Int64.Parse(context.Parameters.Timestamp);
context.RequestId = provider.RequestIdValidator.ValidateRequest(context.Parameters.Nonce, timestamp,
context.Parameters.ConsumerKey, context.Parameters.Token);
}
protected override void IssueToken(IHttpContext httpContext, OAuthRequestContext requestContext)
{
// Generate a request token
IRequestToken token = GenerateToken(TokenType.Request, httpContext, requestContext) as IRequestToken;
// Check to see if the request for a token is oob and that oob is allowed.
if (requestContext.Parameters.Callback.Equals("oob"))
{
if (!Provider.AllowOutOfBandCallback)
{
throw new ParametersRejectedException("Out of band is not supported.", new string[] { OAuthParameterKeys.Callback });
}
}
else
{
Uri callbackUri;
if (!Uri.TryCreate(requestContext.Parameters.Callback, UriKind.Absolute, out callbackUri))
{
throw new ParametersRejectedException("Not a valid Uri.", new string[] { OAuthParameterKeys.Callback });
}
Provider.CallbackStore.SaveCallback(token, callbackUri);
}
// Store the token
requestContext.RequestToken = token;
Provider.TokenStore.Add(token);
// Add to the response
requestContext.ResponseParameters[OAuthParameterKeys.CallbackConfirmed] = "true"; // The spec never defines when to send false or what will happen if you do.
requestContext.ResponseParameters[OAuthParameterKeys.Token] = token.Token;
requestContext.ResponseParameters[OAuthParameterKeys.TokenSecret] = token.Secret;
}
protected virtual void CheckVerifier(OAuthRequestContext requestContext)
{
if (!provider.VerificationProvider.IsValid(requestContext.RequestToken, requestContext.Parameters.Verifier))
{
throw new ParametersRejectedException("Invalid verifier for request token.", new string[] { OAuthParameterKeys.Verifier });
}
}
private static void SetRequestId(OAuthRequestContext context)
{
long timestamp = Int64.Parse(context.Parameters.Timestamp);
context.RequestId = OAuthProvider.Current.RequestIdValidator.ValidateRequest(context.Parameters.Nonce, timestamp,
context.Parameters.ConsumerKey, context.Parameters.Token);
}
private static void SetConsumer(OAuthRequestContext context)
{
IConsumer consumer = OAuthProvider.Current.ConsumerStore.Get(context.Parameters.ConsumerKey);
if (consumer == null)
{
throw new OAuthRequestException(null, OAuthProblemTypes.ConsumerKeyUnknown);
}
switch (consumer.Status)
{
case ConsumerStatus.Valid:
context.Consumer = consumer;
break;
case ConsumerStatus.TemporarilyDisabled:
throw new OAuthRequestException(null, OAuthProblemTypes.ConsumerKeyRefused);
case ConsumerStatus.PermanentlyDisabled:
throw new OAuthRequestException(null, OAuthProblemTypes.ConsumerKeyRejected);
case ConsumerStatus.Unknown:
default:
throw new OAuthRequestException(null, OAuthProblemTypes.ConsumerKeyUnknown);
}
}
protected virtual void SetRequestToken(OAuthRequestContext requestContext)
{
IRequestToken token = provider.TokenStore.Get(requestContext.Parameters.Token, TokenType.Request) as IRequestToken;
if (token == null)
{
throw new OAuthRequestException(null, OAuthProblemTypes.TokenRejected);
}
if (!token.ConsumerKey.Equals(requestContext.Parameters.ConsumerKey))
{
throw new OAuthRequestException(null, OAuthProblemTypes.TokenRejected);
}
switch (token.Status)
{
case TokenStatus.Authorized:
requestContext.RequestToken = token;
break;
case TokenStatus.Expired:
throw new OAuthRequestException(null, OAuthProblemTypes.TokenExpired);
case TokenStatus.Used:
throw new OAuthRequestException(null, OAuthProblemTypes.TokenUsed);
case TokenStatus.Revoked:
throw new OAuthRequestException(null, OAuthProblemTypes.TokenRevoked);
case TokenStatus.Unauthorized:
case TokenStatus.Unknown:
default:
throw new OAuthRequestException(null, OAuthProblemTypes.TokenRejected);
}
}
private static void SetSignature(IHttpContext httpContext, OAuthRequestContext requestContext)
{
// Get the token to sign with
string tokenSecret;
if (requestContext.AccessToken != null)
{
tokenSecret = requestContext.AccessToken.Secret;
}
else if (requestContext.RequestToken != null)
{
tokenSecret = requestContext.RequestToken.Secret;
}
else
{
tokenSecret = null;
}
bool isValid = requestContext.SignProvider.ValidateSignature(
Signature.Create(httpContext.Request.HttpMethod,
new Uri(httpContext.Request.Url.GetLeftPart(UriPartial.Authority) + httpContext.Request.RawUrl),
requestContext.Parameters), requestContext.Parameters.Signature, requestContext.Consumer.Secret, tokenSecret);
if (!isValid)
{
throw new OAuthRequestException(null, OAuthProblemTypes.SignatureInvalid);
}
requestContext.IsSignatureValid = true;
}
protected virtual bool AllowRequest(IHttpContext context, OAuthRequestContext authContext)
{
bool allow = true;
if (provider.ResourceAccessVerifier != null)
allow = provider.ResourceAccessVerifier.VerifyAccess(context, authContext);
return allow;
}
protected virtual bool AllowRequest(IHttpContext context, OAuthRequestContext authContext)
{
bool allow = true;
if (provider.ResourceAccessVerifier != null)
{
allow = provider.ResourceAccessVerifier.VerifyAccess(context, authContext);
}
return(allow);
}
public AuthResult Authenticate(AuthRequest authRequest)
{
OAuthRequestContext context = new OAuthRequestContext();
IHttpContext httpContext = HttpContextWrapper.Wrap(authRequest.Context);
try {
ParseParameters(httpContext, context);
SetConsumer(context);
SetAccessToken(context);
context.IsOAuthRequest = true;
} catch (OAuthRequestException ex) {
// The request may not be an OAuth request so don't pass the exception to the consumer
context.AddError(ex);
context.IsOAuthRequest = false;
AuthResult error = new AuthResult(false, ex.Code, ex.Message);
CopyParameters(context.ResponseParameters, error.OutputData);
return(error);
}
try {
SetSignProvider(context);
SetRequestId(context);
SetSignature(httpContext, context);
} catch (OAuthRequestException ex) {
context.AddError(ex);
AuthResult error = new AuthResult(false, ex.Code, ex.Message);
CopyParameters(context.ResponseParameters, error.OutputData);
return(error);
}
UpdateAccessToken(httpContext, context);
bool canAccess;
try {
canAccess = VerifyAccess(authRequest.PathName, httpContext, context);
} catch (AuthenticationException ex) {
AuthResult error = new AuthResult(false, ex.Code, ex.Message);
CopyParameters(context.ResponseParameters, error.OutputData);
return(error);
}
AuthResult result = new AuthResult(canAccess);
CopyParameters(context.ResponseParameters, result.OutputData);
return(result);
}
public AuthResult Authenticate(AuthRequest authRequest)
{
OAuthRequestContext context = new OAuthRequestContext();
IHttpContext httpContext = HttpContextWrapper.Wrap(authRequest.Context);
try {
ParseParameters(httpContext, context);
SetConsumer(context);
SetAccessToken(context);
context.IsOAuthRequest = true;
} catch (OAuthRequestException ex) {
// The request may not be an OAuth request so don't pass the exception to the consumer
context.AddError(ex);
context.IsOAuthRequest = false;
AuthResult error = new AuthResult(false, ex.Code, ex.Message);
CopyParameters(context.ResponseParameters, error.OutputData);
return error;
}
try {
SetSignProvider(context);
SetRequestId(context);
SetSignature(httpContext, context);
} catch (OAuthRequestException ex) {
context.AddError(ex);
AuthResult error = new AuthResult(false, ex.Code, ex.Message);
CopyParameters(context.ResponseParameters, error.OutputData);
return error;
}
UpdateAccessToken(httpContext, context);
bool canAccess;
try {
canAccess = VerifyAccess(authRequest.PathName, httpContext, context);
} catch (AuthenticationException ex) {
AuthResult error = new AuthResult(false, ex.Code, ex.Message);
CopyParameters(context.ResponseParameters, error.OutputData);
return error;
}
AuthResult result = new AuthResult(canAccess);
CopyParameters(context.ResponseParameters, result.OutputData);
return result;
}
protected override void IssueToken(IHttpContext httpContext, OAuthRequestContext requestContext)
{
// Generate an access token
IAccessToken accessToken = GenerateToken(TokenType.Access, httpContext, requestContext) as IAccessToken;
if (accessToken == null)
throw new InvalidOperationException();
// Mark the token as authorized
accessToken.ChangeStatus(TokenStatus.Authorized);
// Don't store the token
// Don't mark the request token as used
// Add to the response
requestContext.ResponseParameters[OAuthParameterKeys.Token] = accessToken.Token;
requestContext.ResponseParameters[OAuthParameterKeys.TokenSecret] = accessToken.Secret;
}
protected override void ParseParameters(IHttpContext httpContext, OAuthRequestContext requestContext)
{
// Try to parse the parameters
OAuthParameters parameters = OAuthParameters.Parse(httpContext.Request, OAuthParameterSources.ServiceProviderDefault);
/*
* Check for missing required parameters:
*
* The consumer key, signature method, signature, timestamp and nonce parameters
* are all required
*/
parameters.RequireAllOf(
OAuthParameterKeys.ConsumerKey,
OAuthParameterKeys.Token,
OAuthParameterKeys.SignatureMethod,
OAuthParameterKeys.Signature,
OAuthParameterKeys.Timestamp,
OAuthParameterKeys.Nonce,
OAuthParameterKeys.Verifier);
/*
* The version parameter is optional, but it if is present its value must be 1.0
*/
if (parameters.Version != null)
{
parameters.RequireVersion("1.0");
}
/*
* Check that there are no other parameters except for realm, version and
* the required parameters
*/
parameters.AllowOnly(
OAuthParameterKeys.ConsumerKey,
OAuthParameterKeys.Token,
OAuthParameterKeys.SignatureMethod,
OAuthParameterKeys.Signature,
OAuthParameterKeys.Timestamp,
OAuthParameterKeys.Nonce,
OAuthParameterKeys.Verifier,
OAuthParameterKeys.Version, // (optional)
OAuthParameterKeys.Realm); // (optional)
requestContext.Parameters = parameters;
}
private static void SetSignProvider(OAuthRequestContext context)
{
ISignProvider signingProvider = SignProviders.GetProvider(context.Parameters.SignatureMethod);
if (signingProvider == null)
{
// There is no signing provider for this signature method
throw new OAuthRequestException(null, OAuthProblemTypes.SignatureMethodRejected);
}
// Double check the signing provider declares that it can handle the signature method
if (!signingProvider.SignatureMethod.Equals(context.Parameters.SignatureMethod))
{
throw new OAuthRequestException(null, OAuthProblemTypes.SignatureMethodRejected);
}
context.SignProvider = signingProvider;
}
public TokenIssueResult ProcessIssueRequest(IHttpContext context)
{
OAuthRequestContext authContext = new OAuthRequestContext();
// Check request parameters
try {
// TODO: Should we ensure the realm parameter, if present, matches the configured realm?
ParseParameters(context, authContext);
SetSignProvider(authContext);
SetConsumer(authContext);
SetRequestId(authContext);
SetRequestToken(authContext);
SetSignature(context, authContext);
CheckVerifier(authContext);
} catch (OAuthRequestException ex) {
authContext.AddError(ex);
TokenIssueResult error = new TokenIssueResult(false, ex.Message, ex.Problem);
error.Parameters.Add(authContext.ResponseParameters);
return(error);
}
// Allow the application to decide whether to issue the access token
bool isRequestAllowed = AllowRequest(context, authContext);
if (isRequestAllowed)
{
// Allow the application to add additional response parameters
AddApplicationResponseParameters(authContext, GetAdditionalResponseParameters(context, authContext));
// Issue the token
IssueToken(context, authContext);
TokenIssueResult result = new TokenIssueResult(true);
result.Parameters.Add(authContext.ResponseParameters);
return(result);
}
else
{
TokenIssueResult error = new TokenIssueResult(false);
error.Parameters.Add(authContext.ResponseParameters);
return(error);
}
}
private static void AddApplicationResponseParameters(OAuthRequestContext requestContext, NameValueCollection additionalParameters)
{
if (additionalParameters == null)
{
return;
}
// Remove any oauth_ prefixed parameters from the application's additional response
foreach (string key in additionalParameters.AllKeys)
{
if (key.StartsWith(OAuthParameterKeys.OAuthParameterPrefix, StringComparison.Ordinal))
{
additionalParameters.Remove(key);
}
}
// Add the application's custom parameters
requestContext.ResponseParameters.Add(additionalParameters);
}
protected override void ParseParameters(IHttpContext httpContext, OAuthRequestContext requestContext)
{
// Try to parse the parameters
OAuthParameters parameters = OAuthParameters.Parse(httpContext.Request, OAuthParameterSources.ServiceProviderDefault);
/*
* Check for missing required parameters:
*
* The consumer key, signature method, signature, timestamp and nonce parameters
* are all required
*/
parameters.RequireAllOf(
OAuthParameterKeys.ConsumerKey,
OAuthParameterKeys.Token,
OAuthParameterKeys.SignatureMethod,
OAuthParameterKeys.Signature,
OAuthParameterKeys.Timestamp,
OAuthParameterKeys.Nonce,
OAuthParameterKeys.Verifier);
/*
* The version parameter is optional, but it if is present its value must be 1.0
*/
if (parameters.Version != null)
parameters.RequireVersion("1.0");
/*
* Check that there are no other parameters except for realm, version and
* the required parameters
*/
parameters.AllowOnly(
OAuthParameterKeys.ConsumerKey,
OAuthParameterKeys.Token,
OAuthParameterKeys.SignatureMethod,
OAuthParameterKeys.Signature,
OAuthParameterKeys.Timestamp,
OAuthParameterKeys.Nonce,
OAuthParameterKeys.Verifier,
OAuthParameterKeys.Version, // (optional)
OAuthParameterKeys.Realm); // (optional)
requestContext.Parameters = parameters;
}
private void SetAccessToken(OAuthRequestContext context)
{
IAccessToken accessToken;
if (context.Parameters.Token == null && consumerRequests)
{
accessToken = new EmptyAccessToken(context.Consumer.Key);
}
else if ((accessToken = (IAccessToken)OAuthProvider.Current.TokenStore.Get(context.Parameters.Token, TokenType.Access)) == null)
{
throw new OAuthRequestException(null, OAuthProblemTypes.TokenRejected);
}
/*
* Ensure the token was issued to the same consumer as this request purports
* to be from.
*/
if (!accessToken.ConsumerKey.Equals(context.Parameters.ConsumerKey))
{
throw new OAuthRequestException(null, OAuthProblemTypes.TokenRejected);
}
switch (accessToken.Status)
{
case TokenStatus.Authorized:
context.AccessToken = accessToken;
break;
case TokenStatus.Expired:
throw new OAuthRequestException(null, OAuthProblemTypes.TokenExpired);
case TokenStatus.Used:
throw new OAuthRequestException(null, OAuthProblemTypes.TokenUsed);
case TokenStatus.Revoked:
throw new OAuthRequestException(null, OAuthProblemTypes.TokenRevoked);
case TokenStatus.Unauthorized:
case TokenStatus.Unknown:
default:
throw new OAuthRequestException(null, OAuthProblemTypes.TokenRejected);
}
}
private void ParseParameters(IHttpContext httpContext, OAuthRequestContext context)
{
// Try to parse the parameters
OAuthParameters parameters = OAuthParameters.Parse(httpContext.Request);
/*
* Check for missing required parameters:
*
* The consumer key, token, signature method, signature, timestamp and nonce parameters
* are all required
*/
if (consumerRequests)
{
parameters.RequireAllOf(
OAuthParameterKeys.ConsumerKey,
OAuthParameterKeys.SignatureMethod,
OAuthParameterKeys.Signature,
OAuthParameterKeys.Timestamp,
OAuthParameterKeys.Nonce);
}
else
{
// For 3 legged TokenParameter is required
parameters.RequireAllOf(
OAuthParameterKeys.ConsumerKey,
OAuthParameterKeys.Token,
OAuthParameterKeys.SignatureMethod,
OAuthParameterKeys.Signature,
OAuthParameterKeys.Timestamp,
OAuthParameterKeys.Nonce);
}
/*
* The version parameter is optional, but it if is present its value must be 1.0
*/
if (parameters.Version != null)
{
parameters.RequireVersion("1.0");
}
context.Parameters = parameters;
}
protected override void IssueToken(IHttpContext httpContext, OAuthRequestContext requestContext)
{
// Generate an access token
IAccessToken accessToken = GenerateToken(TokenType.Access, httpContext, requestContext) as IAccessToken;
if (accessToken == null)
{
throw new InvalidOperationException();
}
// Mark the token as authorized
accessToken.ChangeStatus(TokenStatus.Authorized);
// Don't store the token
// Don't mark the request token as used
// Add to the response
requestContext.ResponseParameters[OAuthParameterKeys.Token] = accessToken.Token;
requestContext.ResponseParameters[OAuthParameterKeys.TokenSecret] = accessToken.Secret;
}
public TokenIssueResult ProcessIssueRequest(IHttpContext context)
{
OAuthRequestContext authContext = new OAuthRequestContext();
// Check request parameters
try {
// TODO: Should we ensure the realm parameter, if present, matches the configured realm?
ParseParameters(context, authContext);
SetSignProvider(authContext);
SetConsumer(authContext);
SetRequestId(authContext);
SetRequestToken(authContext);
SetSignature(context, authContext);
CheckVerifier(authContext);
} catch (OAuthRequestException ex) {
authContext.AddError(ex);
TokenIssueResult error = new TokenIssueResult(false, ex.Message, ex.Problem);
error.Parameters.Add(authContext.ResponseParameters);
return error;
}
// Allow the application to decide whether to issue the access token
bool isRequestAllowed = AllowRequest(context, authContext);
if (isRequestAllowed) {
// Allow the application to add additional response parameters
AddApplicationResponseParameters(authContext, GetAdditionalResponseParameters(context, authContext));
// Issue the token
IssueToken(context, authContext);
TokenIssueResult result = new TokenIssueResult(true);
result.Parameters.Add(authContext.ResponseParameters);
return result;
} else {
TokenIssueResult error = new TokenIssueResult(false);
error.Parameters.Add(authContext.ResponseParameters);
return error;
}
}
protected override void ParseParameters(IHttpContext httpContext, OAuthRequestContext requestContext)
{
// Try to parse the parameters
OAuthParameters parameters = OAuthParameters.Parse(httpContext.Request, OAuthParameterSources.ServiceProviderDefault);
/*
* Check for missing required parameters:
*
* The consumer key, signature method, signature, timestamp and nonce parameters
* are all required
*/
parameters.RequireAllOf(OAuthParameterKeys.ConsumerKey, OAuthParameterKeys.SignatureMethod,
OAuthParameterKeys.Signature, OAuthParameterKeys.Timestamp, OAuthParameterKeys.Nonce,
OAuthParameterKeys.Callback);
// The version parameter is optional, but it if is present its value must be 1.0
if (parameters.Version != null)
parameters.RequireVersion("1.0");
requestContext.Parameters = parameters;
}
protected override void ParseParameters(IHttpContext httpContext, OAuthRequestContext requestContext)
{
// Try to parse the parameters
OAuthParameters parameters = OAuthParameters.Parse(httpContext.Request, OAuthParameterSources.ServiceProviderDefault);
/*
* Check for missing required parameters:
*
* The consumer key, signature method, signature, timestamp and nonce parameters
* are all required
*/
parameters.RequireAllOf(OAuthParameterKeys.ConsumerKey, OAuthParameterKeys.SignatureMethod,
OAuthParameterKeys.Signature, OAuthParameterKeys.Timestamp, OAuthParameterKeys.Nonce,
OAuthParameterKeys.Callback);
// The version parameter is optional, but it if is present its value must be 1.0
if (parameters.Version != null)
{
parameters.RequireVersion("1.0");
}
requestContext.Parameters = parameters;
}
protected virtual void SetRequestToken(OAuthRequestContext requestContext)
{
IRequestToken token = provider.TokenStore.Get(requestContext.Parameters.Token, TokenType.Request) as IRequestToken;
if (token == null)
throw new OAuthRequestException(null, OAuthProblemTypes.TokenRejected);
if (!token.ConsumerKey.Equals(requestContext.Parameters.ConsumerKey))
throw new OAuthRequestException(null, OAuthProblemTypes.TokenRejected);
switch (token.Status) {
case TokenStatus.Authorized:
requestContext.RequestToken = token;
break;
case TokenStatus.Expired:
throw new OAuthRequestException(null, OAuthProblemTypes.TokenExpired);
case TokenStatus.Used:
throw new OAuthRequestException(null, OAuthProblemTypes.TokenUsed);
case TokenStatus.Revoked:
throw new OAuthRequestException(null, OAuthProblemTypes.TokenRevoked);
case TokenStatus.Unauthorized:
case TokenStatus.Unknown:
default:
throw new OAuthRequestException(null, OAuthProblemTypes.TokenRejected);
}
}
protected virtual bool VerifyAccess(string pathName, IHttpContext httpContext, OAuthRequestContext requestContext)
{
if (accessVerifier == null)
{
return(true);
}
return(accessVerifier.CanAccess(pathName, httpContext, requestContext));
}
private static void SetSignature(IHttpContext httpContext, OAuthRequestContext requestContext)
{
// Get the token to sign with
string tokenSecret;
if (requestContext.AccessToken != null)
tokenSecret = requestContext.AccessToken.Secret;
else if (requestContext.RequestToken != null)
tokenSecret = requestContext.RequestToken.Secret;
else
tokenSecret = null;
bool isValid = requestContext.SignProvider.ValidateSignature(
Signature.Create(httpContext.Request.HttpMethod,
new Uri(httpContext.Request.Url.GetLeftPart(UriPartial.Authority) + httpContext.Request.RawUrl),
requestContext.Parameters), requestContext.Parameters.Signature, requestContext.Consumer.Secret, tokenSecret);
if (!isValid)
throw new OAuthRequestException(null, OAuthProblemTypes.SignatureInvalid);
requestContext.IsSignatureValid = true;
}
protected virtual NameValueCollection GetAdditionalResponseParameters(IHttpContext httpContext, OAuthRequestContext requestContext)
{
// By default, there are no extra parameters
return(null);
}
protected override void CheckVerifier(OAuthRequestContext requestContext)
{
}
protected override void CheckVerifier(OAuthRequestContext requestContext)
{
}
private void SetAccessToken(OAuthRequestContext context)
{
IAccessToken accessToken;
if (context.Parameters.Token == null && consumerRequests) {
accessToken = new EmptyAccessToken(context.Consumer.Key);
} else if ((accessToken = (IAccessToken) OAuthProvider.Current.TokenStore.Get(context.Parameters.Token, TokenType.Access)) == null)
throw new OAuthRequestException(null, OAuthProblemTypes.TokenRejected);
/*
* Ensure the token was issued to the same consumer as this request purports
* to be from.
*/
if (!accessToken.ConsumerKey.Equals(context.Parameters.ConsumerKey))
throw new OAuthRequestException(null, OAuthProblemTypes.TokenRejected);
switch (accessToken.Status) {
case TokenStatus.Authorized:
context.AccessToken = accessToken;
break;
case TokenStatus.Expired:
throw new OAuthRequestException(null, OAuthProblemTypes.TokenExpired);
case TokenStatus.Used:
throw new OAuthRequestException(null, OAuthProblemTypes.TokenUsed);
case TokenStatus.Revoked:
throw new OAuthRequestException(null, OAuthProblemTypes.TokenRevoked);
case TokenStatus.Unauthorized:
case TokenStatus.Unknown:
default:
throw new OAuthRequestException(null, OAuthProblemTypes.TokenRejected);
}
}
private void UpdateAccessToken(IHttpContext httpContext, OAuthRequestContext context)
{
// TODO: Update access token according to its usage policy...
}
protected IToken GenerateToken(TokenType tokenType, IHttpContext httpContext, OAuthRequestContext requestContext)
{
IToken token;
do {
if (tokenType == TokenType.Request) {
token = provider.TokenGenerator.CreateRequestToken(requestContext.Consumer, requestContext.Parameters);
} else {
token = provider.TokenGenerator.CreateAccessToken(requestContext.Consumer, requestContext.RequestToken);
}
}
while (provider.TokenStore.Get(token.Token, tokenType) != null);
return token;
}
protected virtual void CheckVerifier(OAuthRequestContext requestContext)
{
if (!provider.VerificationProvider.IsValid(requestContext.RequestToken, requestContext.Parameters.Verifier))
throw new ParametersRejectedException("Invalid verifier for request token.", new string[] { OAuthParameterKeys.Verifier });
}
protected virtual NameValueCollection GetAdditionalResponseParameters(IHttpContext httpContext, OAuthRequestContext requestContext)
{
// By default, there are no extra parameters
return null;
}
protected abstract void IssueToken(IHttpContext httpContext, OAuthRequestContext requestContext);
private static void SetSignProvider(OAuthRequestContext context)
{
ISignProvider signingProvider = SignProviders.GetProvider(context.Parameters.SignatureMethod);
if (signingProvider == null)
// There is no signing provider for this signature method
throw new OAuthRequestException(null, OAuthProblemTypes.SignatureMethodRejected);
// Double check the signing provider declares that it can handle the signature method
if (!signingProvider.SignatureMethod.Equals(context.Parameters.SignatureMethod))
throw new OAuthRequestException(null, OAuthProblemTypes.SignatureMethodRejected);
context.SignProvider = signingProvider;
}
protected virtual void SetRequestId(OAuthRequestContext context)
{
long timestamp = Int64.Parse(context.Parameters.Timestamp);
context.RequestId = provider.RequestIdValidator.ValidateRequest(context.Parameters.Nonce, timestamp,
context.Parameters.ConsumerKey, context.Parameters.Token);
}
protected IToken GenerateToken(TokenType tokenType, IHttpContext httpContext, OAuthRequestContext requestContext)
{
IToken token;
do
{
if (tokenType == TokenType.Request)
{
token = provider.TokenGenerator.CreateRequestToken(requestContext.Consumer, requestContext.Parameters);
}
else
{
token = provider.TokenGenerator.CreateAccessToken(requestContext.Consumer, requestContext.RequestToken);
}
}while (provider.TokenStore.Get(token.Token, tokenType) != null);
return(token);
}
private void ParseParameters(IHttpContext httpContext, OAuthRequestContext context)
{
// Try to parse the parameters
OAuthParameters parameters = OAuthParameters.Parse(httpContext.Request);
/*
* Check for missing required parameters:
*
* The consumer key, token, signature method, signature, timestamp and nonce parameters
* are all required
*/
if (consumerRequests) {
parameters.RequireAllOf(
OAuthParameterKeys.ConsumerKey,
OAuthParameterKeys.SignatureMethod,
OAuthParameterKeys.Signature,
OAuthParameterKeys.Timestamp,
OAuthParameterKeys.Nonce);
} else {
// For 3 legged TokenParameter is required
parameters.RequireAllOf(
OAuthParameterKeys.ConsumerKey,
OAuthParameterKeys.Token,
OAuthParameterKeys.SignatureMethod,
OAuthParameterKeys.Signature,
OAuthParameterKeys.Timestamp,
OAuthParameterKeys.Nonce);
}
/*
* The version parameter is optional, but it if is present its value must be 1.0
*/
if (parameters.Version != null)
parameters.RequireVersion("1.0");
context.Parameters = parameters;
}
protected abstract void IssueToken(IHttpContext httpContext, OAuthRequestContext requestContext);
private static void SetRequestId(OAuthRequestContext context)
{
long timestamp = Int64.Parse(context.Parameters.Timestamp);
context.RequestId = OAuthProvider.Current.RequestIdValidator.ValidateRequest(context.Parameters.Nonce, timestamp,
context.Parameters.ConsumerKey, context.Parameters.Token);
}
protected override void SetRequestToken(OAuthRequestContext requestContext)
{
}
protected abstract void ParseParameters(IHttpContext request, OAuthRequestContext requestContext);
protected virtual void SetConsumer(OAuthRequestContext context)
{
IConsumer consumer = provider.ConsumerStore.Get(context.Parameters.ConsumerKey);
if (consumer == null)
throw new OAuthRequestException(null, OAuthProblemTypes.ConsumerKeyUnknown);
switch (consumer.Status) {
case ConsumerStatus.Valid:
context.Consumer = consumer;
break;
case ConsumerStatus.TemporarilyDisabled:
throw new OAuthRequestException(null, OAuthProblemTypes.ConsumerKeyRefused);
case ConsumerStatus.PermanentlyDisabled:
throw new OAuthRequestException(null, OAuthProblemTypes.ConsumerKeyRejected);
case ConsumerStatus.Unknown:
default:
throw new OAuthRequestException(null, OAuthProblemTypes.ConsumerKeyUnknown);
}
}
protected virtual bool VerifyAccess(string pathName, IHttpContext httpContext, OAuthRequestContext requestContext)
{
if (accessVerifier == null)
return true;
return accessVerifier.CanAccess(pathName, httpContext, requestContext);
}
protected override void SetRequestToken(OAuthRequestContext requestContext)
{
}
private static void AddApplicationResponseParameters(OAuthRequestContext requestContext, NameValueCollection additionalParameters)
{
if (additionalParameters == null)
return;
// Remove any oauth_ prefixed parameters from the application's additional response
foreach (string key in additionalParameters.AllKeys)
if (key.StartsWith(OAuthParameterKeys.OAuthParameterPrefix, StringComparison.Ordinal))
additionalParameters.Remove(key);
// Add the application's custom parameters
requestContext.ResponseParameters.Add(additionalParameters);
}
private void UpdateAccessToken(IHttpContext httpContext, OAuthRequestContext context)
{
// TODO: Update access token according to its usage policy...
}
protected abstract void ParseParameters(IHttpContext request, OAuthRequestContext requestContext);