public override async Task ValidateLogoutRequest([NotNull] ValidateLogoutRequestContext context) { // If an optional post_logout_redirect_uri was provided, validate it. if (!string.IsNullOrEmpty(context.PostLogoutRedirectUri)) { if (!Uri.TryCreate(context.PostLogoutRedirectUri, UriKind.Absolute, out Uri uri) || !uri.IsWellFormedOriginalString()) { _logger.LogError("The logout request was rejected because the specified post_logout_redirect_uri was not " + "a valid absolute URL: {PostLogoutRedirectUri}.", context.PostLogoutRedirectUri); context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, description: "The 'post_logout_redirect_uri' parameter must be a valid absolute URL."); return; } if (!string.IsNullOrEmpty(uri.Fragment)) { _logger.LogError("The logout request was rejected because the 'post_logout_redirect_uri' contained " + "a URL fragment: {PostLogoutRedirectUri}.", context.PostLogoutRedirectUri); context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, description: "The 'post_logout_redirect_uri' parameter must not include a fragment."); return; } if (!await _applicationManager.ValidatePostLogoutRedirectUriAsync(context.PostLogoutRedirectUri)) { _logger.LogError("The logout request was rejected because the specified post_logout_redirect_uri " + "was unknown: {PostLogoutRedirectUri}.", context.PostLogoutRedirectUri); context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, description: "The specified 'post_logout_redirect_uri' parameter is not valid."); return; } } context.Validate(); await base.ValidateLogoutRequest(context); }
/// <summary> /// Processes the event. /// </summary> /// <param name="context">The context associated with the event to process.</param> /// <returns> /// A <see cref="ValueTask"/> that can be used to monitor the asynchronous operation. /// </returns> public async ValueTask HandleAsync([NotNull] ProcessRequestContext context) { if (context == null) { throw new ArgumentNullException(nameof(context)); } if (context.EndpointType != OpenIddictServerEndpointType.Logout) { return; } var notification = new ValidateLogoutRequestContext(context.Transaction); await _provider.DispatchAsync(notification); if (notification.IsRequestHandled) { context.HandleRequest(); return; } else if (notification.IsRequestSkipped) { context.SkipRequest(); return; } else if (notification.IsRejected) { context.Reject( error: notification.Error ?? Errors.InvalidRequest, description: notification.ErrorDescription, uri: notification.ErrorUri); return; } if (!string.IsNullOrEmpty(notification.PostLogoutRedirectUri)) { // Store the validated post_logout_redirect_uri as an environment property. context.Transaction.Properties[Properties.ValidatedPostLogoutRedirectUri] = notification.PostLogoutRedirectUri; } context.Logger.LogInformation("The logout request was successfully validated."); }
/// <summary> /// Processes the event. /// </summary> /// <param name="context">The context associated with the event to process.</param> /// <returns> /// A <see cref="ValueTask"/> that can be used to monitor the asynchronous operation. /// </returns> public async ValueTask HandleAsync([NotNull] ProcessRequestContext context) { if (context == null) { throw new ArgumentNullException(nameof(context)); } if (context.EndpointType != OpenIddictServerEndpointType.Logout) { return; } var notification = new ValidateLogoutRequestContext(context.Transaction); await _provider.DispatchAsync(notification); // Store the context object in the transaction so it can be later retrieved by handlers // that want to access the redirect_uri without triggering a new validation process. context.Transaction.SetProperty(typeof(ValidateLogoutRequestContext).FullName, notification); if (notification.IsRequestHandled) { context.HandleRequest(); return; } else if (notification.IsRequestSkipped) { context.SkipRequest(); return; } else if (notification.IsRejected) { context.Reject( error: notification.Error ?? Errors.InvalidRequest, description: notification.ErrorDescription, uri: notification.ErrorUri); return; } context.Logger.LogInformation("The logout request was successfully validated."); }
/// <inheritdoc/> public async ValueTask HandleAsync(ProcessRequestContext context) { if (context is null) { throw new ArgumentNullException(nameof(context)); } var notification = new ValidateLogoutRequestContext(context.Transaction); await _dispatcher.DispatchAsync(notification); // Store the context object in the transaction so it can be later retrieved by handlers // that want to access the redirect_uri without triggering a new validation process. context.Transaction.SetProperty(typeof(ValidateLogoutRequestContext).FullName !, notification); if (notification.IsRequestHandled) { context.HandleRequest(); return; } else if (notification.IsRequestSkipped) { context.SkipRequest(); return; } else if (notification.IsRejected) { context.Reject( error: notification.Error ?? Errors.InvalidRequest, description: notification.ErrorDescription, uri: notification.ErrorUri); return; } context.Logger.LogInformation(SR.GetResourceString(SR.ID6125)); }
public override async Task ValidateLogoutRequest([NotNull] ValidateLogoutRequestContext context) { var options = (OpenIddictServerOptions)context.Options; // If an optional post_logout_redirect_uri was provided, validate it. if (!string.IsNullOrEmpty(context.PostLogoutRedirectUri)) { if (!Uri.TryCreate(context.PostLogoutRedirectUri, UriKind.Absolute, out Uri uri) || !uri.IsWellFormedOriginalString()) { _logger.LogError("The logout request was rejected because the specified post_logout_redirect_uri was not " + "a valid absolute URL: {PostLogoutRedirectUri}.", context.PostLogoutRedirectUri); context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, description: "The 'post_logout_redirect_uri' parameter must be a valid absolute URL."); return; } if (!string.IsNullOrEmpty(uri.Fragment)) { _logger.LogError("The logout request was rejected because the 'post_logout_redirect_uri' contained " + "a URL fragment: {PostLogoutRedirectUri}.", context.PostLogoutRedirectUri); context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, description: "The 'post_logout_redirect_uri' parameter must not include a fragment."); return; } async Task <bool> ValidatePostLogoutRedirectUriAsync(string address) { var applications = await _applicationManager.FindByPostLogoutRedirectUriAsync(address); if (applications.IsDefaultOrEmpty) { return(false); } if (options.IgnoreEndpointPermissions) { return(true); } foreach (var application in applications) { if (await _applicationManager.HasPermissionAsync( application, OpenIddictConstants.Permissions.Endpoints.Logout)) { return(true); } } return(false); } if (!await ValidatePostLogoutRedirectUriAsync(context.PostLogoutRedirectUri)) { _logger.LogError("The logout request was rejected because the specified post_logout_redirect_uri " + "was unknown: {PostLogoutRedirectUri}.", context.PostLogoutRedirectUri); context.Reject( error: OpenIdConnectConstants.Errors.InvalidRequest, description: "The specified 'post_logout_redirect_uri' parameter is not valid."); return; } } context.Validate(); await _eventService.PublishAsync(new OpenIddictServerEvents.ValidateLogoutRequest(context)); }