protected void yesButton_Click(object sender, EventArgs e)
{
this.outerMultiView.SetActiveView(this.authorizationGrantedView);
var consumer = OAuthServiceProvider.PendingAuthorizationConsumer;
var tokenManager = OAuthServiceProvider.ServiceProvider.TokenManager;
var pendingRequest = OAuthServiceProvider.PendingAuthorizationRequest;
ITokenContainingMessage requestTokenMessage = pendingRequest;
var requestToken = tokenManager.GetRequestToken(requestTokenMessage.Token);
OAuthServiceProvider.AuthorizePendingRequestToken();
// The rest of this method only executes if we couldn't automatically
// redirect to the consumer.
if (pendingRequest.IsUnsafeRequest)
{
this.verifierMultiView.SetActiveView(this.noCallbackView);
}
else
{
this.verifierMultiView.SetActiveView(this.verificationCodeView);
string verifier = ServiceProvider.CreateVerificationCode(consumer.VerificationCodeFormat, consumer.VerificationCodeLength);
this.verificationCodeLabel.Text = HttpUtility.HtmlEncode(verifier);
requestToken.VerificationCode = verifier;
tokenManager.UpdateToken(requestToken);
}
}
public static void AuthorizePendingRequestToken()
{
ITokenContainingMessage tokenMessage = PendingOAuthAuthorization;
TokenManager.AuthorizeRequestToken(tokenMessage.Token, LoggedInUser);
PendingOAuthAuthorization = null;
}
/// <summary>
/// Ensures that short-lived request tokens included in incoming messages have not expired.
/// </summary>
/// <param name="message">The incoming message.</param>
/// <exception cref="ProtocolException">Thrown when the token in the message has expired.</exception>
private void VerifyThrowTokenTimeToLive(ITokenContainingMessage message)
{
ErrorUtilities.VerifyInternal(!(message is AccessProtectedResourceRequest), "We shouldn't be verifying TTL on access tokens.");
if (message == null || string.IsNullOrEmpty(message.Token))
{
return;
}
try {
IServiceProviderRequestToken token = this.tokenManager.GetRequestToken(message.Token);
TimeSpan ttl = this.securitySettings.MaximumRequestTokenTimeToLive;
if (DateTime.Now >= token.CreatedOn.ToLocalTimeSafe() + ttl)
{
Logger.OAuth.ErrorFormat(
"OAuth request token {0} rejected because it was originally issued at {1}, expired at {2}, and it is now {3}.",
token.Token,
token.CreatedOn,
token.CreatedOn + ttl,
DateTime.Now);
ErrorUtilities.ThrowProtocol(OAuthStrings.TokenNotFound);
}
} catch (KeyNotFoundException ex) {
throw ErrorUtilities.Wrap(ex, OAuthStrings.TokenNotFound);
}
}
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
if (Global.PendingOAuthAuthorization == null)
{
Response.Redirect("~/Members/AuthorizedConsumers.aspx");
}
else
{
ITokenContainingMessage pendingToken = Global.PendingOAuthAuthorization;
var token = Global.DataContext.OAuthTokens.Single(t => t.Token == pendingToken.Token);
this.desiredAccessLabel.Text = token.Scope;
this.consumerLabel.Text = Global.TokenManager.GetConsumerForToken(token.Token).ConsumerKey;
// Generate an unpredictable secret that goes to the user agent and must come back
// with authorization to guarantee the user interacted with this page rather than
// being scripted by an evil Consumer.
byte[] randomData = new byte[8];
CryptoRandomDataGenerator.GetBytes(randomData);
this.AuthorizationSecret = Convert.ToBase64String(randomData);
this.OAuthAuthorizationSecToken.Value = this.AuthorizationSecret;
this.OAuth10ConsumerWarning.Visible = Global.PendingOAuthAuthorization.IsUnsafeRequest;
}
}
}
protected internal UserAuthorizationRequest PrepareRequestUserAuthorization(Uri callback, IDictionary <string, string> requestParameters, IDictionary <string, string> redirectParameters, out string requestToken)
{
// Obtain an unauthorized request token. Assume the OAuth version given in the service description.
var token = new UnauthorizedTokenRequest(this.ServiceProvider.RequestTokenEndpoint, this.ServiceProvider.Version)
{
ConsumerKey = this.ConsumerKey,
Callback = callback,
};
var tokenAccessor = this.Channel.MessageDescriptions.GetAccessor(token);
tokenAccessor.AddExtraParameters(requestParameters);
var requestTokenResponse = this.Channel.Request <UnauthorizedTokenResponse>(token);
this.TokenManager.StoreNewRequestToken(token, requestTokenResponse);
// Fine-tune our understanding of the SP's supported OAuth version if it's wrong.
if (this.ServiceProvider.Version != requestTokenResponse.Version)
{
Logger.OAuth.WarnFormat("Expected OAuth service provider at endpoint {0} to use OAuth {1} but {2} was detected. Adjusting service description to new version.", this.ServiceProvider.RequestTokenEndpoint.Location, this.ServiceProvider.Version, requestTokenResponse.Version);
this.ServiceProvider.ProtocolVersion = Protocol.Lookup(requestTokenResponse.Version).ProtocolVersion;
}
// Request user authorization. The OAuth version will automatically include
// or drop the callback that we're setting here.
ITokenContainingMessage assignedRequestToken = requestTokenResponse;
var requestAuthorization = new UserAuthorizationRequest(this.ServiceProvider.UserAuthorizationEndpoint, assignedRequestToken.Token, requestTokenResponse.Version)
{
Callback = callback,
};
var requestAuthorizationAccessor = this.Channel.MessageDescriptions.GetAccessor(requestAuthorization);
requestAuthorizationAccessor.AddExtraParameters(redirectParameters);
requestToken = requestAuthorization.RequestToken;
return(requestAuthorization);
}
private static UserAuthorizationResponse AuthorizePendingRequestTokenAndGetResponse()
{
var pendingRequest = PendingAuthorizationRequest;
if (pendingRequest == null)
{
throw new InvalidOperationException("No pending authorization request to authorize.");
}
ITokenContainingMessage msg = pendingRequest;
var token = Database.DataContext.IssuedTokens.OfType <IssuedRequestToken>().First(t => t.Token == msg.Token);
token.Authorize();
PendingAuthorizationRequest = null;
var response = serviceProvider.PrepareAuthorizationResponse(pendingRequest);
return(response);
}
protected void allowAccessButton_Click(object sender, EventArgs e)
{
this.RegisterAsyncTask(
new PageAsyncTask(
async ct => {
if (this.AuthorizationSecret != this.OAuthAuthorizationSecToken.Value)
{
throw new ArgumentException(); // probably someone trying to hack in.
}
this.AuthorizationSecret = null; // clear one time use secret
var pending = Global.PendingOAuthAuthorization;
Global.AuthorizePendingRequestToken();
this.multiView.ActiveViewIndex = 1;
ServiceProvider sp = new ServiceProvider(Constants.SelfDescription, Global.TokenManager);
var response = sp.PrepareAuthorizationResponse(pending);
if (response != null)
{
var responseMessage = await sp.Channel.PrepareResponseAsync(response, Response.ClientDisconnectedToken);
await responseMessage.SendAsync();
this.Context.Response.End();
}
else
{
if (pending.IsUnsafeRequest)
{
this.verifierMultiView.ActiveViewIndex = 1;
}
else
{
string verifier = ServiceProvider.CreateVerificationCode(VerificationCodeFormat.AlphaNumericNoLookAlikes, 10);
this.verificationCodeLabel.Text = verifier;
ITokenContainingMessage requestTokenMessage = pending;
var requestToken = Global.TokenManager.GetRequestToken(requestTokenMessage.Token);
requestToken.VerificationCode = verifier;
Global.TokenManager.UpdateToken(requestToken);
}
}
}));
}
/// <summary> </summary>
protected void Authtorize_Click(object sender, EventArgs e)
{
if (this.AuthorizationSecret != this.OAuthAuthorizationSecToken.Value)
{
throw new ArgumentException(); // probably someone trying to hack in.
}
this.AuthorizationSecret = null; // clear one time use secret
var pending = GlobalApplication.PendingOAuthAuthorization;
GlobalApplication.AuthorizePendingRequestToken();
this.multiView.ActiveViewIndex = 1;
ServiceProvider sp = new ServiceProvider(Constants.SelfDescription, GlobalApplication.TokenManager);
var response = sp.PrepareAuthorizationResponse(pending);
if (response != null)
{
sp.Channel.Send(response);
}
else
{
if (pending.IsUnsafeRequest)
{
this.verifierMultiView.ActiveViewIndex = 1;
}
else
{
string verifier = ServiceProvider.CreateVerificationCode(VerificationCodeFormat.AlphaNumericNoLookAlikes, 10);
this.verificationCodeLabel.Text = verifier;
ITokenContainingMessage requestTokenMessage = pending;
var requestToken = GlobalApplication.TokenManager.GetRequestToken(requestTokenMessage.Token);
requestToken.VerificationCode = verifier;
GlobalApplication.TokenManager.UpdateToken(requestToken);
}
}
}
public ActionResult Authorize(bool isApproved)
{
if (isApproved)
{
var consumer = OAuthServiceProvider.PendingAuthorizationConsumer;
var tokenManager = OAuthServiceProvider.ServiceProvider.TokenManager;
var pendingRequest = OAuthServiceProvider.PendingAuthorizationRequest;
ITokenContainingMessage requestTokenMessage = pendingRequest;
var requestToken = tokenManager.GetRequestToken(requestTokenMessage.Token);
var response = OAuthServiceProvider.AuthorizePendingRequestTokenAsWebResponse();
if (response != null)
{
// The consumer provided a callback URL that can take care of everything else.
return(response.AsActionResult());
}
var model = new AccountAuthorizeModel {
ConsumerApp = consumer.Name,
};
if (!pendingRequest.IsUnsafeRequest)
{
model.VerificationCode = ServiceProvider.CreateVerificationCode(consumer.VerificationCodeFormat, consumer.VerificationCodeLength);
requestToken.VerificationCode = model.VerificationCode;
tokenManager.UpdateToken(requestToken);
}
return(View("AuthorizeApproved", model));
}
else
{
OAuthServiceProvider.PendingAuthorizationRequest = null;
return(View("AuthorizeDenied"));
}
}
protected internal UserAuthorizationRequest PrepareRequestUserAuthorization(Uri callback, IDictionary <string, string> requestParameters, IDictionary <string, string> redirectParameters, out string requestToken)
{
// Obtain an unauthorized request token.
var token = new UnauthorizedTokenRequest(this.ServiceProvider.RequestTokenEndpoint)
{
ConsumerKey = this.ConsumerKey,
};
token.AddExtraParameters(requestParameters);
var requestTokenResponse = this.Channel.Request <UnauthorizedTokenResponse>(token);
this.TokenManager.StoreNewRequestToken(token, requestTokenResponse);
// Request user authorization.
ITokenContainingMessage assignedRequestToken = requestTokenResponse;
var requestAuthorization = new UserAuthorizationRequest(this.ServiceProvider.UserAuthorizationEndpoint, assignedRequestToken.Token)
{
Callback = callback,
};
requestAuthorization.AddExtraParameters(redirectParameters);
requestToken = requestAuthorization.RequestToken;
return(requestAuthorization);
}
/// <summary>
/// Ensures that short-lived request tokens included in incoming messages have not expired.
/// </summary>
/// <param name="message">The incoming message.</param>
/// <exception cref="ProtocolException">Thrown when the token in the message has expired.</exception>
private void VerifyThrowTokenTimeToLive(ITokenContainingMessage message) {
ErrorUtilities.VerifyInternal(!(message is AccessProtectedResourceRequest), "We shouldn't be verifying TTL on access tokens.");
if (message == null || string.IsNullOrEmpty(message.Token)) {
return;
}
try {
IServiceProviderRequestToken token = this.tokenManager.GetRequestToken(message.Token);
TimeSpan ttl = this.securitySettings.MaximumRequestTokenTimeToLive;
if (DateTime.Now >= token.CreatedOn.ToLocalTimeSafe() + ttl) {
Logger.OAuth.ErrorFormat(
"OAuth request token {0} rejected because it was originally issued at {1}, expired at {2}, and it is now {3}.",
token.Token,
token.CreatedOn,
token.CreatedOn + ttl,
DateTime.Now);
ErrorUtilities.ThrowProtocol(OAuthStrings.TokenNotFound);
}
} catch (KeyNotFoundException ex) {
throw ErrorUtilities.Wrap(ex, OAuthStrings.TokenNotFound);
}
}
