コード例 #1
0
        /// <summary>
        /// Perform complete validation of the OAuth request and return a comprehensive result.
        /// </summary>
        /// <param name="requestMode">Desired token request mode.</param>
        /// <param name="uri">URI of the resource.</param>
        /// <param name="httpMethod">Request method.</param>
        /// <param name="arguments">Arguments in the request.</param>
        /// <param name="store">The Token Storage Provider.</param>
        /// <returns>A populated CheckResult object.</returns>
        static CheckResult CheckRequest(ServerRequestMode requestMode, Uri uri, string httpMethod, NameValueCollection arguments, IServerTokenStore store)
        {
            if (!IsSupportedVersion(arguments))
            {
                return new CheckResult(false, FailureTypeToString(FailureSpecificType.UnsupportedVersion), FailureGenericType.BadRequest, FailureSpecificType.UnsupportedVersion);
            }
            if (!HasRequiredArguments(arguments))
            {
                return new CheckResult(false, FailureTypeToString(FailureSpecificType.MissingParameter), FailureGenericType.BadRequest, FailureSpecificType.MissingParameter);
            }
            if (!HasOnlySingleArguments(arguments))
            {
                return new CheckResult(false, FailureTypeToString(FailureSpecificType.DuplicatedParameter), FailureGenericType.BadRequest, FailureSpecificType.DuplicatedParameter);
            }

            if (!IsValidTimestamp(arguments[OAuthArguments.OAuthTimestamp]))
            {
                return new CheckResult(false, FailureTypeToString(FailureSpecificType.InvalidTimestamp) + " - " + OAuthUtility.Timestamp().ToString(CultureInfo.InvariantCulture), FailureGenericType.BadRequest, FailureSpecificType.InvalidTimestamp); 
            }

            if (requestMode == ServerRequestMode.AccessToken)
            {
                if (!IsValidNonce(arguments[OAuthArguments.OAuthConsumerKey], arguments[OAuthArguments.OAuthNonce]))
                {
                    return new CheckResult(false, FailureTypeToString(FailureSpecificType.InvalidNonce), FailureGenericType.Unauthorized, FailureSpecificType.InvalidNonce);
                }
            }
            
            ConsumerRegistration cr = store.FindConsumerRegistration(arguments[OAuthArguments.OAuthConsumerKey]);
            if (cr == null)
            {
                return new CheckResult(false, FailureTypeToString(FailureSpecificType.InvalidConsumerKey), FailureGenericType.Unauthorized, FailureSpecificType.InvalidConsumerKey);
            }

            string tokenSecret = null;
            ServerAccessToken accessToken = null;
            switch (requestMode) 
            {
                case ServerRequestMode.RequestToken:
                    ServerRequestToken rt = store.FindRequestToken(arguments[OAuthArguments.OAuthToken]);
                    if (rt != null) tokenSecret = rt.Secret;
                    break;
                case ServerRequestMode.AccessToken:
                    accessToken = store.FindAccessToken(arguments[OAuthArguments.OAuthToken]);
                    if (accessToken != null) tokenSecret = accessToken.Secret;
                    break;
            }

            try
            {
                if (!IsValidSignature(uri, httpMethod, arguments, cr.ConsumerSecret, tokenSecret, cr.RsaCertificate))
                {
                    string failReason = FailureTypeToString(FailureSpecificType.InvalidSignature) + " - BaseString: " + OAuthUtility.GenerateBaseString(uri, arguments, httpMethod);
                    return new CheckResult(false, failReason, FailureGenericType.Unauthorized, FailureSpecificType.InvalidSignature);
                }
            }
            catch (NotSupportedException)
            {
                string failReason = FailureTypeToString(FailureSpecificType.UnsupportedSignatureMethod);
                return new CheckResult(false, failReason, FailureGenericType.BadRequest, FailureSpecificType.UnsupportedSignatureMethod);
            }

            CheckResult result = new CheckResult(true, null, FailureGenericType.None, FailureSpecificType.None);
            result.Consumer = cr;
            result.AccessToken = accessToken;

            return result;
        }
コード例 #2
0
        /// <summary>
        /// Abstract method to handle token requests.
        /// </summary>
        /// <param name="request">Abstracted HTTP request object.</param>
        /// <param name="response">Abstracted HTTP response object.</param>
        /// <param name="mode">Token request mode.</param>
        /// <param name="store">Token storage provider.</param>
        static void HandleHttpTokenRequest(AbstractRequest request, AbstractResponse response, ServerRequestMode mode, IServerTokenStore store)
        {
            StreamWriter sw = new StreamWriter(response.OutputStream);
            NameValueCollection nvc = null;
            nvc = DecodeRequest(request);
            if (nvc == null) 
            {
                response.StatusCode = 400;
                sw.Write("Unsupported HTTP request method");
                sw.Dispose();
                return;
            }

            TokenProcessingResult result = HandleTokenRequest(mode, request.Url, request.HttpMethod, nvc, store);
            if (!result.Success)
            {
                switch (result.FailGenericCondition)
                {
                    case FailureGenericType.BadRequest:
                        response.StatusCode = 400;
                        break;
                    case FailureGenericType.Unauthorized:
                        response.StatusCode = 401;
                        break;
                }
                sw.Write(result.FailReason);
                sw.Dispose();
                return;
            }

            sw.Write(OAuthUtility.ArgsToVal(result.ResponseArguments, AuthenticationMethod.Post));
            sw.Dispose();
        }
コード例 #3
0
        /// <summary>
        /// Handle a token request using raw request arguments.
        /// </summary>
        /// <param name="mode">The request OAuth mode for processing token requests.</param>
        /// <param name="uri">The URI of the resource.</param>
        /// <param name="requestMethod">The request method used.</param>
        /// <param name="arguments">The arguments in the request.</param>
        /// <param name="store">The Token Storage Provider.</param>
        /// <returns>A processing result object that contains all the important result data.</returns>
        static TokenProcessingResult HandleTokenRequest(ServerRequestMode mode, Uri uri, string requestMethod, NameValueCollection arguments, IServerTokenStore store)
        {
            NameValueCollection nvc = new NameValueCollection(arguments);
            nvc.Remove(Strings.Realm);

            CheckResult result = CheckRequest(ServerRequestMode.RequestToken, uri, requestMethod, nvc, store);
            if (!result.Success)
            {
                return new TokenProcessingResult(false, result.FailReason, result.FailGenericCondition, result.FailSpecificCondition);
            }

            OAuthToken token = null;

            switch (mode)
            {
                case ServerRequestMode.RequestToken:
                    token = BuildAndStoreRequestToken(result.Consumer.ConsumerKey, null, store);
                    break;
                case ServerRequestMode.AccessToken:
                    token = RetrieveAccessTokenUsingRequestToken(nvc[OAuthArguments.OAuthToken], store);
                    if (token == null) return new TokenProcessingResult(false, FailureTypeToString(FailureSpecificType.InvalidToken), FailureGenericType.Unauthorized, FailureSpecificType.InvalidToken);
                    break;
            }

            if (token != null)
            {
                NameValueCollection outcollection = new NameValueCollection();
                outcollection.Add(OAuthArguments.OAuthToken, token.Key);
                outcollection.Add(OAuthArguments.OAuthTokenSecret, token.Secret);
                TokenProcessingResult tresult = new TokenProcessingResult(true, null, FailureGenericType.None, FailureSpecificType.None);
                tresult.ResponseArguments.Add(outcollection);
                return tresult;
            }
            return new TokenProcessingResult(false, "Bad request", FailureGenericType.BadRequest, FailureSpecificType.None);
        }
コード例 #4
0
 /// <summary>
 /// Process and respond to a token request using HttpListenerRequest and HttpListenerResponse objects.
 /// </summary>
 /// <param name="request">Request to process.</param>
 /// <param name="response">Response object to respond with.</param>
 /// <param name="mode">Token request mode.</param>
 /// <param name="store">Token storage object.</param>
 public static void HandleTokenRequest(HttpListenerRequest request, HttpListenerResponse response, ServerRequestMode mode, IServerTokenStore store)
 {
     AbstractRequest arequest = new AbstractRequest(request);
     AbstractResponse aresponse = new AbstractResponse(response);
     HandleHttpTokenRequest(arequest, aresponse, mode, store);
 }