/// <summary>
/// Redirects or responds to an unauthorized request.
/// </summary>
/// <remarks>Uses the Actions passed to the <see cref="RouteProtector"/> to execute this logic in a framework-agnostic way.</remarks>
/// <param name="acceptHeader">The HTTP <c>Accept</c> header of this request.</param>
/// <param name="requestPath">The OWIN request path of this request.</param>
public void OnUnauthorized(string acceptHeader, string requestPath)
{
_deleteCookie(_configuration.Web.AccessTokenCookie);
_deleteCookie(_configuration.Web.RefreshTokenCookie);
var contentNegotiationResult = ContentNegotiation.NegotiateAcceptHeader(acceptHeader, _configuration.Web.Produces, _logger);
bool isHtmlRequest = contentNegotiationResult.Success && contentNegotiationResult.ContentType == ContentType.Html;
if (isHtmlRequest)
{
var redirectTokenBuilder = new StateTokenBuilder(_client, _configuration.Client.ApiKey)
{
Path = requestPath
};
var loginUri = $"{_configuration.Web.Login.Uri}?{StringConstants.StateTokenName}={redirectTokenBuilder}";
_setStatusCode(302);
_redirect(loginUri);
}
else
{
_setStatusCode(401);
_setHeader("WWW-Authenticate", $"Bearer realm=\"{_configuration.Application.Name}\"");
}
}
private async Task <bool> HandleIdSiteRedirectAsync(
IOwinEnvironment context,
IClient client,
CancellationToken cancellationToken)
{
var application = await client.GetApplicationAsync(_configuration.Application.Href, cancellationToken);
var options = _options as IdSiteRedirectOptions ?? new IdSiteRedirectOptions();
var queryString = QueryStringParser.Parse(context.Request.QueryString, _logger);
var stateToken = queryString.GetString(StringConstants.StateTokenName);
if (string.IsNullOrEmpty(stateToken) || !new StateTokenParser(client, _configuration.Client.ApiKey, stateToken, _logger).Valid)
{
stateToken = new StateTokenBuilder(client, _configuration.Client.ApiKey).ToString();
}
var idSiteUrlBuilder = application.NewIdSiteUrlBuilder()
.SetCallbackUri(options.CallbackUri)
.SetPath(options.Path)
.SetState(stateToken);
if (options.Logout)
{
idSiteUrlBuilder.ForLogout();
}
var idSiteUrl = idSiteUrlBuilder.Build();
return(await HttpResponse.Redirect(context, idSiteUrl));
}
public IActionResult SwitchApplication()
{
var stateToken = new StateTokenBuilder(_client, _client.Configuration.Client.ApiKey)
.ToString();
var uri = _application.NewIdSiteUrlBuilder()
.SetCallbackUri("http://localhost:54919/stormpathCallback")
.SetState(stateToken)
.Build();
return(Redirect(uri));
}
public void FailValidationForIncorrectSecret()
{
var client = CreateClient();
var builder = new StateTokenBuilder(client, new ClientApiKeyConfiguration(id: "foo", secret: "notTheCorrectSecret987"));
builder.Path = "/hello";
var result = builder.ToString();
var parser = new StateTokenParser(client, GetApiKey(), result, null);
parser.Valid.Should().BeFalse();
parser.Path.Should().BeNull();
}
public void RoundtripTokenWithPath()
{
var client = CreateClient();
var builder = new StateTokenBuilder(client, GetApiKey());
builder.Path = "/foo/bar/9";
var result = builder.ToString();
var parser = new StateTokenParser(client, GetApiKey(), result, null);
parser.Valid.Should().BeTrue();
parser.Path.Should().Be("/foo/bar/9");
parser.State.Should().NotBeNullOrEmpty();
}
