protected override void IssueToken(IHttpContext httpContext, OAuthRequestContext requestContext)
        {
            // Generate a request token
            IRequestToken token = GenerateToken(TokenType.Request, httpContext, requestContext) as IRequestToken;

            // Check to see if the request for a token is oob and that oob is allowed.
            if (requestContext.Parameters.Callback.Equals("oob")) {
                if (!Provider.AllowOutOfBandCallback)
                    throw new ParametersRejectedException("Out of band is not supported.", new string[] { OAuthParameterKeys.Callback });
            } else {
                Uri callbackUri;

                if (!Uri.TryCreate(requestContext.Parameters.Callback, UriKind.Absolute, out callbackUri))
                    throw new ParametersRejectedException("Not a valid Uri.", new string[] { OAuthParameterKeys.Callback });

                Provider.CallbackStore.SaveCallback(token, callbackUri);
            }

            // Store the token
            requestContext.RequestToken = token;
            Provider.TokenStore.Add(token);

            // Add to the response
            requestContext.ResponseParameters[OAuthParameterKeys.CallbackConfirmed] = "true"; // The spec never defines when to send false or what will happen if you do.
            requestContext.ResponseParameters[OAuthParameterKeys.Token] = token.Token;
            requestContext.ResponseParameters[OAuthParameterKeys.TokenSecret] = token.Secret;
        }
Esempio n. 2
0
        protected virtual void SetRequestId(OAuthRequestContext context)
        {
            long timestamp = Int64.Parse(context.Parameters.Timestamp);

            context.RequestId = provider.RequestIdValidator.ValidateRequest(context.Parameters.Nonce, timestamp,
                                                                            context.Parameters.ConsumerKey, context.Parameters.Token);
        }
        protected override void IssueToken(IHttpContext httpContext, OAuthRequestContext requestContext)
        {
            // Generate a request token
            IRequestToken token = GenerateToken(TokenType.Request, httpContext, requestContext) as IRequestToken;

            // Check to see if the request for a token is oob and that oob is allowed.
            if (requestContext.Parameters.Callback.Equals("oob"))
            {
                if (!Provider.AllowOutOfBandCallback)
                {
                    throw new ParametersRejectedException("Out of band is not supported.", new string[] { OAuthParameterKeys.Callback });
                }
            }
            else
            {
                Uri callbackUri;

                if (!Uri.TryCreate(requestContext.Parameters.Callback, UriKind.Absolute, out callbackUri))
                {
                    throw new ParametersRejectedException("Not a valid Uri.", new string[] { OAuthParameterKeys.Callback });
                }

                Provider.CallbackStore.SaveCallback(token, callbackUri);
            }

            // Store the token
            requestContext.RequestToken = token;
            Provider.TokenStore.Add(token);

            // Add to the response
            requestContext.ResponseParameters[OAuthParameterKeys.CallbackConfirmed] = "true";             // The spec never defines when to send false or what will happen if you do.
            requestContext.ResponseParameters[OAuthParameterKeys.Token]             = token.Token;
            requestContext.ResponseParameters[OAuthParameterKeys.TokenSecret]       = token.Secret;
        }
Esempio n. 4
0
 protected virtual void CheckVerifier(OAuthRequestContext requestContext)
 {
     if (!provider.VerificationProvider.IsValid(requestContext.RequestToken, requestContext.Parameters.Verifier))
     {
         throw new ParametersRejectedException("Invalid verifier for request token.", new string[] { OAuthParameterKeys.Verifier });
     }
 }
Esempio n. 5
0
        private static void SetRequestId(OAuthRequestContext context)
        {
            long timestamp = Int64.Parse(context.Parameters.Timestamp);

            context.RequestId = OAuthProvider.Current.RequestIdValidator.ValidateRequest(context.Parameters.Nonce, timestamp,
                                                                                         context.Parameters.ConsumerKey, context.Parameters.Token);
        }
Esempio n. 6
0
        private static void SetConsumer(OAuthRequestContext context)
        {
            IConsumer consumer = OAuthProvider.Current.ConsumerStore.Get(context.Parameters.ConsumerKey);

            if (consumer == null)
            {
                throw new OAuthRequestException(null, OAuthProblemTypes.ConsumerKeyUnknown);
            }

            switch (consumer.Status)
            {
            case ConsumerStatus.Valid:
                context.Consumer = consumer;
                break;

            case ConsumerStatus.TemporarilyDisabled:
                throw new OAuthRequestException(null, OAuthProblemTypes.ConsumerKeyRefused);

            case ConsumerStatus.PermanentlyDisabled:
                throw new OAuthRequestException(null, OAuthProblemTypes.ConsumerKeyRejected);

            case ConsumerStatus.Unknown:
            default:
                throw new OAuthRequestException(null, OAuthProblemTypes.ConsumerKeyUnknown);
            }
        }
Esempio n. 7
0
        protected virtual void SetRequestToken(OAuthRequestContext requestContext)
        {
            IRequestToken token = provider.TokenStore.Get(requestContext.Parameters.Token, TokenType.Request) as IRequestToken;

            if (token == null)
            {
                throw new OAuthRequestException(null, OAuthProblemTypes.TokenRejected);
            }

            if (!token.ConsumerKey.Equals(requestContext.Parameters.ConsumerKey))
            {
                throw new OAuthRequestException(null, OAuthProblemTypes.TokenRejected);
            }

            switch (token.Status)
            {
            case TokenStatus.Authorized:
                requestContext.RequestToken = token;
                break;

            case TokenStatus.Expired:
                throw new OAuthRequestException(null, OAuthProblemTypes.TokenExpired);

            case TokenStatus.Used:
                throw new OAuthRequestException(null, OAuthProblemTypes.TokenUsed);

            case TokenStatus.Revoked:
                throw new OAuthRequestException(null, OAuthProblemTypes.TokenRevoked);

            case TokenStatus.Unauthorized:
            case TokenStatus.Unknown:
            default:
                throw new OAuthRequestException(null, OAuthProblemTypes.TokenRejected);
            }
        }
Esempio n. 8
0
        private static void SetSignature(IHttpContext httpContext, OAuthRequestContext requestContext)
        {
            // Get the token to sign with
            string tokenSecret;

            if (requestContext.AccessToken != null)
            {
                tokenSecret = requestContext.AccessToken.Secret;
            }
            else if (requestContext.RequestToken != null)
            {
                tokenSecret = requestContext.RequestToken.Secret;
            }
            else
            {
                tokenSecret = null;
            }

            bool isValid = requestContext.SignProvider.ValidateSignature(
                Signature.Create(httpContext.Request.HttpMethod,
                                 new Uri(httpContext.Request.Url.GetLeftPart(UriPartial.Authority) + httpContext.Request.RawUrl),
                                 requestContext.Parameters), requestContext.Parameters.Signature, requestContext.Consumer.Secret, tokenSecret);

            if (!isValid)
            {
                throw new OAuthRequestException(null, OAuthProblemTypes.SignatureInvalid);
            }

            requestContext.IsSignatureValid = true;
        }
Esempio n. 9
0
 protected virtual bool AllowRequest(IHttpContext context, OAuthRequestContext authContext)
 {
     bool allow = true;
     if (provider.ResourceAccessVerifier != null)
         allow = provider.ResourceAccessVerifier.VerifyAccess(context, authContext);
     return allow;
 }
Esempio n. 10
0
        protected virtual bool AllowRequest(IHttpContext context, OAuthRequestContext authContext)
        {
            bool allow = true;

            if (provider.ResourceAccessVerifier != null)
            {
                allow = provider.ResourceAccessVerifier.VerifyAccess(context, authContext);
            }
            return(allow);
        }
Esempio n. 11
0
        public AuthResult Authenticate(AuthRequest authRequest)
        {
            OAuthRequestContext context = new OAuthRequestContext();

            IHttpContext httpContext = HttpContextWrapper.Wrap(authRequest.Context);

            try {
                ParseParameters(httpContext, context);
                SetConsumer(context);
                SetAccessToken(context);
                context.IsOAuthRequest = true;
            } catch (OAuthRequestException ex) {
                // The request may not be an OAuth request so don't pass the exception to the consumer
                context.AddError(ex);
                context.IsOAuthRequest = false;

                AuthResult error = new AuthResult(false, ex.Code, ex.Message);
                CopyParameters(context.ResponseParameters, error.OutputData);
                return(error);
            }

            try {
                SetSignProvider(context);
                SetRequestId(context);
                SetSignature(httpContext, context);
            } catch (OAuthRequestException ex) {
                context.AddError(ex);

                AuthResult error = new AuthResult(false, ex.Code, ex.Message);
                CopyParameters(context.ResponseParameters, error.OutputData);
                return(error);
            }

            UpdateAccessToken(httpContext, context);

            bool canAccess;

            try {
                canAccess = VerifyAccess(authRequest.PathName, httpContext, context);
            } catch (AuthenticationException ex) {
                AuthResult error = new AuthResult(false, ex.Code, ex.Message);
                CopyParameters(context.ResponseParameters, error.OutputData);
                return(error);
            }

            AuthResult result = new AuthResult(canAccess);

            CopyParameters(context.ResponseParameters, result.OutputData);
            return(result);
        }
Esempio n. 12
0
        public AuthResult Authenticate(AuthRequest authRequest)
        {
            OAuthRequestContext context = new OAuthRequestContext();

            IHttpContext httpContext = HttpContextWrapper.Wrap(authRequest.Context);

            try {
                ParseParameters(httpContext, context);
                SetConsumer(context);
                SetAccessToken(context);
                context.IsOAuthRequest = true;
            } catch (OAuthRequestException ex) {
                // The request may not be an OAuth request so don't pass the exception to the consumer
                context.AddError(ex);
                context.IsOAuthRequest = false;

                AuthResult error = new AuthResult(false, ex.Code, ex.Message);
                CopyParameters(context.ResponseParameters, error.OutputData);
                return error;
            }

            try {
                SetSignProvider(context);
                SetRequestId(context);
                SetSignature(httpContext, context);
            } catch (OAuthRequestException ex) {
                context.AddError(ex);

                AuthResult error = new AuthResult(false, ex.Code, ex.Message);
                CopyParameters(context.ResponseParameters, error.OutputData);
                return error;
            }

            UpdateAccessToken(httpContext, context);

            bool canAccess;

            try {
                canAccess = VerifyAccess(authRequest.PathName, httpContext, context);
            } catch (AuthenticationException ex) {
                AuthResult error = new AuthResult(false, ex.Code, ex.Message);
                CopyParameters(context.ResponseParameters, error.OutputData);
                return error;
            }

            AuthResult result = new AuthResult(canAccess);
            CopyParameters(context.ResponseParameters, result.OutputData);
            return result;
        }
        protected override void IssueToken(IHttpContext httpContext, OAuthRequestContext requestContext)
        {
            // Generate an access token
            IAccessToken accessToken = GenerateToken(TokenType.Access, httpContext, requestContext) as IAccessToken;
            if (accessToken == null)
                throw new InvalidOperationException();

            // Mark the token as authorized
            accessToken.ChangeStatus(TokenStatus.Authorized);

            // Don't store the token
            // Don't mark the request token as used

            // Add to the response
            requestContext.ResponseParameters[OAuthParameterKeys.Token] = accessToken.Token;
            requestContext.ResponseParameters[OAuthParameterKeys.TokenSecret] = accessToken.Secret;
        }
        protected override void ParseParameters(IHttpContext httpContext, OAuthRequestContext requestContext)
        {
            // Try to parse the parameters
            OAuthParameters parameters = OAuthParameters.Parse(httpContext.Request, OAuthParameterSources.ServiceProviderDefault);

            /*
             * Check for missing required parameters:
             *
             * The consumer key, signature method, signature, timestamp and nonce parameters
             * are all required
             */
            parameters.RequireAllOf(
                OAuthParameterKeys.ConsumerKey,
                OAuthParameterKeys.Token,
                OAuthParameterKeys.SignatureMethod,
                OAuthParameterKeys.Signature,
                OAuthParameterKeys.Timestamp,
                OAuthParameterKeys.Nonce,
                OAuthParameterKeys.Verifier);

            /*
             * The version parameter is optional, but it if is present its value must be 1.0
             */
            if (parameters.Version != null)
            {
                parameters.RequireVersion("1.0");
            }

            /*
             * Check that there are no other parameters except for realm, version and
             * the required parameters
             */
            parameters.AllowOnly(
                OAuthParameterKeys.ConsumerKey,
                OAuthParameterKeys.Token,
                OAuthParameterKeys.SignatureMethod,
                OAuthParameterKeys.Signature,
                OAuthParameterKeys.Timestamp,
                OAuthParameterKeys.Nonce,
                OAuthParameterKeys.Verifier,
                OAuthParameterKeys.Version,                        // (optional)
                OAuthParameterKeys.Realm);                         // (optional)

            requestContext.Parameters = parameters;
        }
Esempio n. 15
0
        private static void SetSignProvider(OAuthRequestContext context)
        {
            ISignProvider signingProvider = SignProviders.GetProvider(context.Parameters.SignatureMethod);

            if (signingProvider == null)
            {
                // There is no signing provider for this signature method
                throw new OAuthRequestException(null, OAuthProblemTypes.SignatureMethodRejected);
            }

            // Double check the signing provider declares that it can handle the signature method
            if (!signingProvider.SignatureMethod.Equals(context.Parameters.SignatureMethod))
            {
                throw new OAuthRequestException(null, OAuthProblemTypes.SignatureMethodRejected);
            }

            context.SignProvider = signingProvider;
        }
Esempio n. 16
0
        public TokenIssueResult ProcessIssueRequest(IHttpContext context)
        {
            OAuthRequestContext authContext = new OAuthRequestContext();

            // Check request parameters
            try {
                // TODO: Should we ensure the realm parameter, if present, matches the configured realm?
                ParseParameters(context, authContext);
                SetSignProvider(authContext);
                SetConsumer(authContext);
                SetRequestId(authContext);
                SetRequestToken(authContext);
                SetSignature(context, authContext);
                CheckVerifier(authContext);
            } catch (OAuthRequestException ex) {
                authContext.AddError(ex);

                TokenIssueResult error = new TokenIssueResult(false, ex.Message, ex.Problem);
                error.Parameters.Add(authContext.ResponseParameters);
                return(error);
            }

            // Allow the application to decide whether to issue the access token
            bool isRequestAllowed = AllowRequest(context, authContext);

            if (isRequestAllowed)
            {
                // Allow the application to add additional response parameters
                AddApplicationResponseParameters(authContext, GetAdditionalResponseParameters(context, authContext));

                // Issue the token
                IssueToken(context, authContext);

                TokenIssueResult result = new TokenIssueResult(true);
                result.Parameters.Add(authContext.ResponseParameters);
                return(result);
            }
            else
            {
                TokenIssueResult error = new TokenIssueResult(false);
                error.Parameters.Add(authContext.ResponseParameters);
                return(error);
            }
        }
Esempio n. 17
0
        private static void AddApplicationResponseParameters(OAuthRequestContext requestContext, NameValueCollection additionalParameters)
        {
            if (additionalParameters == null)
            {
                return;
            }

            // Remove any oauth_ prefixed parameters from the application's additional response
            foreach (string key in additionalParameters.AllKeys)
            {
                if (key.StartsWith(OAuthParameterKeys.OAuthParameterPrefix, StringComparison.Ordinal))
                {
                    additionalParameters.Remove(key);
                }
            }

            // Add the application's custom parameters
            requestContext.ResponseParameters.Add(additionalParameters);
        }
        protected override void ParseParameters(IHttpContext httpContext, OAuthRequestContext requestContext)
        {
            // Try to parse the parameters
            OAuthParameters parameters = OAuthParameters.Parse(httpContext.Request, OAuthParameterSources.ServiceProviderDefault);

            /*
             * Check for missing required parameters:
             *
             * The consumer key, signature method, signature, timestamp and nonce parameters
             * are all required
             */
            parameters.RequireAllOf(
                    OAuthParameterKeys.ConsumerKey,
                    OAuthParameterKeys.Token,
                    OAuthParameterKeys.SignatureMethod,
                    OAuthParameterKeys.Signature,
                    OAuthParameterKeys.Timestamp,
                    OAuthParameterKeys.Nonce,
                    OAuthParameterKeys.Verifier);

            /*
             * The version parameter is optional, but it if is present its value must be 1.0
             */
            if (parameters.Version != null)
                parameters.RequireVersion("1.0");

            /*
             * Check that there are no other parameters except for realm, version and
             * the required parameters
             */
            parameters.AllowOnly(
                    OAuthParameterKeys.ConsumerKey,
                    OAuthParameterKeys.Token,
                    OAuthParameterKeys.SignatureMethod,
                    OAuthParameterKeys.Signature,
                    OAuthParameterKeys.Timestamp,
                    OAuthParameterKeys.Nonce,
                    OAuthParameterKeys.Verifier,
                    OAuthParameterKeys.Version, // (optional)
                    OAuthParameterKeys.Realm); // (optional)

            requestContext.Parameters = parameters;
        }
Esempio n. 19
0
        private void SetAccessToken(OAuthRequestContext context)
        {
            IAccessToken accessToken;

            if (context.Parameters.Token == null && consumerRequests)
            {
                accessToken = new EmptyAccessToken(context.Consumer.Key);
            }
            else if ((accessToken = (IAccessToken)OAuthProvider.Current.TokenStore.Get(context.Parameters.Token, TokenType.Access)) == null)
            {
                throw new OAuthRequestException(null, OAuthProblemTypes.TokenRejected);
            }

            /*
             * Ensure the token was issued to the same consumer as this request purports
             * to be from.
             */
            if (!accessToken.ConsumerKey.Equals(context.Parameters.ConsumerKey))
            {
                throw new OAuthRequestException(null, OAuthProblemTypes.TokenRejected);
            }

            switch (accessToken.Status)
            {
            case TokenStatus.Authorized:
                context.AccessToken = accessToken;
                break;

            case TokenStatus.Expired:
                throw new OAuthRequestException(null, OAuthProblemTypes.TokenExpired);

            case TokenStatus.Used:
                throw new OAuthRequestException(null, OAuthProblemTypes.TokenUsed);

            case TokenStatus.Revoked:
                throw new  OAuthRequestException(null, OAuthProblemTypes.TokenRevoked);

            case TokenStatus.Unauthorized:
            case TokenStatus.Unknown:
            default:
                throw new OAuthRequestException(null, OAuthProblemTypes.TokenRejected);
            }
        }
Esempio n. 20
0
        private void ParseParameters(IHttpContext httpContext, OAuthRequestContext context)
        {
            // Try to parse the parameters
            OAuthParameters parameters = OAuthParameters.Parse(httpContext.Request);

            /*
             * Check for missing required parameters:
             *
             * The consumer key, token, signature method, signature, timestamp and nonce parameters
             * are all required
             */
            if (consumerRequests)
            {
                parameters.RequireAllOf(
                    OAuthParameterKeys.ConsumerKey,
                    OAuthParameterKeys.SignatureMethod,
                    OAuthParameterKeys.Signature,
                    OAuthParameterKeys.Timestamp,
                    OAuthParameterKeys.Nonce);
            }
            else
            {
                // For 3 legged TokenParameter is required
                parameters.RequireAllOf(
                    OAuthParameterKeys.ConsumerKey,
                    OAuthParameterKeys.Token,
                    OAuthParameterKeys.SignatureMethod,
                    OAuthParameterKeys.Signature,
                    OAuthParameterKeys.Timestamp,
                    OAuthParameterKeys.Nonce);
            }

            /*
             * The version parameter is optional, but it if is present its value must be 1.0
             */
            if (parameters.Version != null)
            {
                parameters.RequireVersion("1.0");
            }

            context.Parameters = parameters;
        }
        protected override void IssueToken(IHttpContext httpContext, OAuthRequestContext requestContext)
        {
            // Generate an access token
            IAccessToken accessToken = GenerateToken(TokenType.Access, httpContext, requestContext) as IAccessToken;

            if (accessToken == null)
            {
                throw new InvalidOperationException();
            }

            // Mark the token as authorized
            accessToken.ChangeStatus(TokenStatus.Authorized);

            // Don't store the token
            // Don't mark the request token as used

            // Add to the response
            requestContext.ResponseParameters[OAuthParameterKeys.Token]       = accessToken.Token;
            requestContext.ResponseParameters[OAuthParameterKeys.TokenSecret] = accessToken.Secret;
        }
Esempio n. 22
0
        public TokenIssueResult ProcessIssueRequest(IHttpContext context)
        {
            OAuthRequestContext authContext = new OAuthRequestContext();

            // Check request parameters
            try {
                // TODO: Should we ensure the realm parameter, if present, matches the configured realm?
                ParseParameters(context, authContext);
                SetSignProvider(authContext);
                SetConsumer(authContext);
                SetRequestId(authContext);
                SetRequestToken(authContext);
                SetSignature(context, authContext);
                CheckVerifier(authContext);
            } catch (OAuthRequestException ex) {
                authContext.AddError(ex);

                TokenIssueResult error = new TokenIssueResult(false, ex.Message, ex.Problem);
                error.Parameters.Add(authContext.ResponseParameters);
                return error;
            }

            // Allow the application to decide whether to issue the access token
            bool isRequestAllowed = AllowRequest(context, authContext);

            if (isRequestAllowed) {
                // Allow the application to add additional response parameters
                AddApplicationResponseParameters(authContext, GetAdditionalResponseParameters(context, authContext));

                // Issue the token
                IssueToken(context, authContext);

                TokenIssueResult result = new TokenIssueResult(true);
                result.Parameters.Add(authContext.ResponseParameters);
                return result;
            } else {
                TokenIssueResult error = new TokenIssueResult(false);
                error.Parameters.Add(authContext.ResponseParameters);
                return error;
            }
        }
        protected override void ParseParameters(IHttpContext httpContext, OAuthRequestContext requestContext)
        {
            // Try to parse the parameters
            OAuthParameters parameters = OAuthParameters.Parse(httpContext.Request, OAuthParameterSources.ServiceProviderDefault);

            /*
            * Check for missing required parameters:
            *
            * The consumer key, signature method, signature, timestamp and nonce parameters
            * are all required
            */
            parameters.RequireAllOf(OAuthParameterKeys.ConsumerKey, OAuthParameterKeys.SignatureMethod,
                                    OAuthParameterKeys.Signature, OAuthParameterKeys.Timestamp, OAuthParameterKeys.Nonce,
                                    OAuthParameterKeys.Callback);

            // The version parameter is optional, but it if is present its value must be 1.0
            if (parameters.Version != null)
                parameters.RequireVersion("1.0");

            requestContext.Parameters = parameters;
        }
        protected override void ParseParameters(IHttpContext httpContext, OAuthRequestContext requestContext)
        {
            // Try to parse the parameters
            OAuthParameters parameters = OAuthParameters.Parse(httpContext.Request, OAuthParameterSources.ServiceProviderDefault);

            /*
             * Check for missing required parameters:
             *
             * The consumer key, signature method, signature, timestamp and nonce parameters
             * are all required
             */
            parameters.RequireAllOf(OAuthParameterKeys.ConsumerKey, OAuthParameterKeys.SignatureMethod,
                                    OAuthParameterKeys.Signature, OAuthParameterKeys.Timestamp, OAuthParameterKeys.Nonce,
                                    OAuthParameterKeys.Callback);

            // The version parameter is optional, but it if is present its value must be 1.0
            if (parameters.Version != null)
            {
                parameters.RequireVersion("1.0");
            }

            requestContext.Parameters = parameters;
        }
Esempio n. 25
0
        protected virtual void SetRequestToken(OAuthRequestContext requestContext)
        {
            IRequestToken token = provider.TokenStore.Get(requestContext.Parameters.Token, TokenType.Request) as IRequestToken;
            if (token == null)
                throw new OAuthRequestException(null, OAuthProblemTypes.TokenRejected);

            if (!token.ConsumerKey.Equals(requestContext.Parameters.ConsumerKey))
                throw new OAuthRequestException(null, OAuthProblemTypes.TokenRejected);

            switch (token.Status) {
                case TokenStatus.Authorized:
                    requestContext.RequestToken = token;
                    break;

                case TokenStatus.Expired:
                    throw new OAuthRequestException(null, OAuthProblemTypes.TokenExpired);
                case TokenStatus.Used:
                    throw new OAuthRequestException(null, OAuthProblemTypes.TokenUsed);
                case TokenStatus.Revoked:
                    throw new OAuthRequestException(null, OAuthProblemTypes.TokenRevoked);
                case TokenStatus.Unauthorized:
                case TokenStatus.Unknown:
                default:
                    throw new OAuthRequestException(null, OAuthProblemTypes.TokenRejected);
            }
        }
Esempio n. 26
0
        protected virtual bool VerifyAccess(string pathName, IHttpContext httpContext, OAuthRequestContext requestContext)
        {
            if (accessVerifier == null)
            {
                return(true);
            }

            return(accessVerifier.CanAccess(pathName, httpContext, requestContext));
        }
Esempio n. 27
0
        private static void SetSignature(IHttpContext httpContext, OAuthRequestContext requestContext)
        {
            // Get the token to sign with
            string tokenSecret;

            if (requestContext.AccessToken != null)
                tokenSecret = requestContext.AccessToken.Secret;
            else if (requestContext.RequestToken != null)
                tokenSecret = requestContext.RequestToken.Secret;
            else
                tokenSecret = null;

            bool isValid = requestContext.SignProvider.ValidateSignature(
                Signature.Create(httpContext.Request.HttpMethod,
                                 new Uri(httpContext.Request.Url.GetLeftPart(UriPartial.Authority) + httpContext.Request.RawUrl),
                                 requestContext.Parameters), requestContext.Parameters.Signature, requestContext.Consumer.Secret, tokenSecret);

            if (!isValid)
                throw new OAuthRequestException(null, OAuthProblemTypes.SignatureInvalid);

            requestContext.IsSignatureValid = true;
        }
Esempio n. 28
0
 protected virtual NameValueCollection GetAdditionalResponseParameters(IHttpContext httpContext, OAuthRequestContext requestContext)
 {
     // By default, there are no extra parameters
     return(null);
 }
 protected override void CheckVerifier(OAuthRequestContext requestContext)
 {
 }
 protected override void CheckVerifier(OAuthRequestContext requestContext)
 {
 }
Esempio n. 31
0
        private void SetAccessToken(OAuthRequestContext context)
        {
            IAccessToken accessToken;

            if (context.Parameters.Token == null && consumerRequests) {
                accessToken = new EmptyAccessToken(context.Consumer.Key);
            } else if ((accessToken = (IAccessToken) OAuthProvider.Current.TokenStore.Get(context.Parameters.Token, TokenType.Access)) == null)
                throw new OAuthRequestException(null, OAuthProblemTypes.TokenRejected);

            /*
             * Ensure the token was issued to the same consumer as this request purports
             * to be from.
             */
            if (!accessToken.ConsumerKey.Equals(context.Parameters.ConsumerKey))
                throw new OAuthRequestException(null, OAuthProblemTypes.TokenRejected);

            switch (accessToken.Status) {
                case TokenStatus.Authorized:
                    context.AccessToken = accessToken;
                    break;

                case TokenStatus.Expired:
                    throw new OAuthRequestException(null, OAuthProblemTypes.TokenExpired);
                case TokenStatus.Used:
                    throw new OAuthRequestException(null, OAuthProblemTypes.TokenUsed);
                case TokenStatus.Revoked:
                    throw new  OAuthRequestException(null, OAuthProblemTypes.TokenRevoked);
                case TokenStatus.Unauthorized:
                case TokenStatus.Unknown:
                default:
                    throw new OAuthRequestException(null, OAuthProblemTypes.TokenRejected);
            }
        }
Esempio n. 32
0
 private void UpdateAccessToken(IHttpContext httpContext, OAuthRequestContext context)
 {
     // TODO: Update access token according to its usage policy...
 }
Esempio n. 33
0
        protected IToken GenerateToken(TokenType tokenType, IHttpContext httpContext, OAuthRequestContext requestContext)
        {
            IToken token;
            do {
                if (tokenType == TokenType.Request) {
                    token = provider.TokenGenerator.CreateRequestToken(requestContext.Consumer, requestContext.Parameters);
                } else {
                    token = provider.TokenGenerator.CreateAccessToken(requestContext.Consumer, requestContext.RequestToken);
                }
            }
            while (provider.TokenStore.Get(token.Token, tokenType) != null);

            return token;
        }
Esempio n. 34
0
 protected virtual void CheckVerifier(OAuthRequestContext requestContext)
 {
     if (!provider.VerificationProvider.IsValid(requestContext.RequestToken, requestContext.Parameters.Verifier))
         throw new ParametersRejectedException("Invalid verifier for request token.", new string[] { OAuthParameterKeys.Verifier });
 }
Esempio n. 35
0
 protected virtual NameValueCollection GetAdditionalResponseParameters(IHttpContext httpContext, OAuthRequestContext requestContext)
 {
     // By default, there are no extra parameters
     return null;
 }
Esempio n. 36
0
 protected abstract void IssueToken(IHttpContext httpContext, OAuthRequestContext requestContext);
Esempio n. 37
0
        private static void SetSignProvider(OAuthRequestContext context)
        {
            ISignProvider signingProvider = SignProviders.GetProvider(context.Parameters.SignatureMethod);

            if (signingProvider == null)
                // There is no signing provider for this signature method
                throw new OAuthRequestException(null, OAuthProblemTypes.SignatureMethodRejected);

            // Double check the signing provider declares that it can handle the signature method
            if (!signingProvider.SignatureMethod.Equals(context.Parameters.SignatureMethod))
                throw new OAuthRequestException(null, OAuthProblemTypes.SignatureMethodRejected);

            context.SignProvider = signingProvider;
        }
Esempio n. 38
0
 protected virtual void SetRequestId(OAuthRequestContext context)
 {
     long timestamp = Int64.Parse(context.Parameters.Timestamp);
     context.RequestId = provider.RequestIdValidator.ValidateRequest(context.Parameters.Nonce, timestamp,
                                                            context.Parameters.ConsumerKey, context.Parameters.Token);
 }
Esempio n. 39
0
        protected IToken GenerateToken(TokenType tokenType, IHttpContext httpContext, OAuthRequestContext requestContext)
        {
            IToken token;

            do
            {
                if (tokenType == TokenType.Request)
                {
                    token = provider.TokenGenerator.CreateRequestToken(requestContext.Consumer, requestContext.Parameters);
                }
                else
                {
                    token = provider.TokenGenerator.CreateAccessToken(requestContext.Consumer, requestContext.RequestToken);
                }
            }while (provider.TokenStore.Get(token.Token, tokenType) != null);

            return(token);
        }
Esempio n. 40
0
        private void ParseParameters(IHttpContext httpContext, OAuthRequestContext context)
        {
            // Try to parse the parameters
            OAuthParameters parameters = OAuthParameters.Parse(httpContext.Request);

            /*
             * Check for missing required parameters:
             *
             * The consumer key, token, signature method, signature, timestamp and nonce parameters
             * are all required
             */
            if (consumerRequests) {
                parameters.RequireAllOf(
                        OAuthParameterKeys.ConsumerKey,
                        OAuthParameterKeys.SignatureMethod,
                        OAuthParameterKeys.Signature,
                        OAuthParameterKeys.Timestamp,
                        OAuthParameterKeys.Nonce);
            } else {
                // For 3 legged TokenParameter is required
                parameters.RequireAllOf(
                        OAuthParameterKeys.ConsumerKey,
                        OAuthParameterKeys.Token,
                        OAuthParameterKeys.SignatureMethod,
                        OAuthParameterKeys.Signature,
                        OAuthParameterKeys.Timestamp,
                        OAuthParameterKeys.Nonce);
            }

            /*
             * The version parameter is optional, but it if is present its value must be 1.0
             */
            if (parameters.Version != null)
                parameters.RequireVersion("1.0");

            context.Parameters = parameters;
        }
Esempio n. 41
0
 protected abstract void IssueToken(IHttpContext httpContext, OAuthRequestContext requestContext);
Esempio n. 42
0
 private static void SetRequestId(OAuthRequestContext context)
 {
     long timestamp = Int64.Parse(context.Parameters.Timestamp);
     context.RequestId = OAuthProvider.Current.RequestIdValidator.ValidateRequest(context.Parameters.Nonce, timestamp,
                                                            context.Parameters.ConsumerKey, context.Parameters.Token);
 }
 protected override void SetRequestToken(OAuthRequestContext requestContext)
 {
 }
Esempio n. 44
0
 protected abstract void ParseParameters(IHttpContext request, OAuthRequestContext requestContext);
Esempio n. 45
0
        protected virtual void SetConsumer(OAuthRequestContext context)
        {
            IConsumer consumer = provider.ConsumerStore.Get(context.Parameters.ConsumerKey);
            if (consumer == null)
                throw new OAuthRequestException(null, OAuthProblemTypes.ConsumerKeyUnknown);

            switch (consumer.Status) {
                case ConsumerStatus.Valid:
                    context.Consumer = consumer;
                    break;

                case ConsumerStatus.TemporarilyDisabled:
                    throw new OAuthRequestException(null, OAuthProblemTypes.ConsumerKeyRefused);
                case ConsumerStatus.PermanentlyDisabled:
                    throw new OAuthRequestException(null, OAuthProblemTypes.ConsumerKeyRejected);
                case ConsumerStatus.Unknown:
                default:
                    throw new OAuthRequestException(null, OAuthProblemTypes.ConsumerKeyUnknown);
            }
        }
Esempio n. 46
0
        protected virtual bool VerifyAccess(string pathName, IHttpContext httpContext, OAuthRequestContext requestContext)
        {
            if (accessVerifier == null)
                return true;

            return accessVerifier.CanAccess(pathName, httpContext, requestContext);
        }
 protected override void SetRequestToken(OAuthRequestContext requestContext)
 {
 }
Esempio n. 48
0
        private static void AddApplicationResponseParameters(OAuthRequestContext requestContext, NameValueCollection additionalParameters)
        {
            if (additionalParameters == null)
                return;

            // Remove any oauth_ prefixed parameters from the application's additional response
            foreach (string key in additionalParameters.AllKeys)
                if (key.StartsWith(OAuthParameterKeys.OAuthParameterPrefix, StringComparison.Ordinal))
                    additionalParameters.Remove(key);

            // Add the application's custom parameters
            requestContext.ResponseParameters.Add(additionalParameters);
        }
Esempio n. 49
0
 private void UpdateAccessToken(IHttpContext httpContext, OAuthRequestContext context)
 {
     // TODO: Update access token according to its usage policy...
 }
Esempio n. 50
0
 protected abstract void ParseParameters(IHttpContext request, OAuthRequestContext requestContext);