public override object Authenticate(IServiceBase authService, IAuthSession session, Authenticate request) { var tokens = Init(authService, ref session, request); //Transferring AccessToken/Secret from Mobile/Desktop App to Server if (request?.AccessToken != null && VerifyAccessToken != null) { if (!VerifyAccessToken(request.AccessToken)) { return(HttpError.Unauthorized("AccessToken is not for client_id: " + ConsumerKey)); } var isHtml = authService.Request.IsHtml(); var failedResult = AuthenticateWithAccessToken(authService, session, tokens, request.AccessToken); if (failedResult != null) { return(ConvertToClientError(failedResult, isHtml)); } return(isHtml ? authService.Redirect(SuccessRedirectUrlFilter(this, session.ReferrerUrl.SetParam("s", "1"))) : null); //return default AuthenticateResponse } var httpRequest = authService.Request; var error = httpRequest.QueryString["error_reason"] ?? httpRequest.QueryString["error"] ?? httpRequest.QueryString["error_code"] ?? httpRequest.QueryString["error_description"]; var hasError = !error.IsNullOrEmpty(); if (hasError) { Log.Error($"OAuth2 Error callback. {httpRequest.QueryString}"); return(authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.SetParam("f", error)))); } var code = httpRequest.QueryString[Keywords.Code]; var isPreAuthCallback = !code.IsNullOrEmpty(); if (!isPreAuthCallback) { var oauthstate = SessionExtensions.CreateRandomSessionId(); var preAuthUrl = AuthorizeUrl .AddQueryParam("response_type", "code") .AddQueryParam("client_id", ConsumerKey) .AddQueryParam("redirect_uri", this.CallbackUrl) .AddQueryParam("scope", string.Join(" ", Scopes)) .AddQueryParam(Keywords.State, oauthstate); if (session is AuthUserSession authSession) { (authSession.Meta ?? (authSession.Meta = new Dictionary <string, string>()))["oauthstate"] = oauthstate; } this.SaveSession(authService, session, SessionExpiry); return(authService.Redirect(PreAuthUrlFilter(this, preAuthUrl))); } try { var state = httpRequest.QueryString[Keywords.State]; if (state != null && session is AuthUserSession authSession) { if (authSession.Meta.TryGetValue("oauthstate", out var oauthState) && state != oauthState) { return(authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.SetParam("f", "InvalidState")))); } authSession.Meta.Remove("oauthstate"); } var contents = GetAccessTokenJson(code); var authInfo = JsonObject.Parse(contents); var accessToken = authInfo["access_token"]; return(AuthenticateWithAccessToken(authService, session, tokens, accessToken) ?? authService.Redirect(SuccessRedirectUrlFilter(this, session.ReferrerUrl.SetParam("s", "1")))); //Haz Access! } catch (WebException we) { string errorBody = we.GetResponseBody(); var statusCode = ((HttpWebResponse)we.Response).StatusCode; if (statusCode == HttpStatusCode.BadRequest) { return(authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.SetParam("f", "AccessTokenFailed")))); } } //Shouldn't get here return(authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.SetParam("f", "Unknown")))); }
public override async Task <object> AuthenticateAsync(IServiceBase authService, IAuthSession session, Authenticate request, CancellationToken token = default) { var tokens = Init(authService, ref session, request); var ctx = CreateAuthContext(authService, session, tokens); //Transferring AccessToken/Secret from Mobile/Desktop App to Server if (request?.AccessToken != null && VerifyAccessTokenAsync != null) { if (!await VerifyAccessTokenAsync(request.AccessToken, ctx).ConfigAwait()) { return(HttpError.Unauthorized(ErrorMessages.InvalidAccessToken.Localize(authService.Request))); } var isHtml = authService.Request.IsHtml(); var failedResult = await AuthenticateWithAccessTokenAsync(authService, session, tokens, request.AccessToken, ctx.AuthInfo, token : token).ConfigAwait(); if (failedResult != null) { return(ConvertToClientError(failedResult, isHtml)); } return(isHtml ? await authService.Redirect(SuccessRedirectUrlFilter(ctx, session.ReferrerUrl.SetParam("s", "1"))).SuccessAuthResultAsync(authService, session).ConfigAwait() : null); //return default AuthenticateResponse } var httpRequest = authService.Request; var error = httpRequest.GetQueryStringOrForm("error_reason") ?? httpRequest.GetQueryStringOrForm("error") ?? httpRequest.GetQueryStringOrForm("error_code") ?? httpRequest.GetQueryStringOrForm("error_description"); var hasError = !error.IsNullOrEmpty(); if (hasError) { var httpParams = HttpUtils.HasRequestBody(httpRequest.Verb) ? httpRequest.QueryString : httpRequest.FormData; Log.Error($"OAuth2 Error callback. {httpParams}"); return(authService.Redirect(FailedRedirectUrlFilter(ctx, session.ReferrerUrl.SetParam("f", error)))); } var code = httpRequest.GetQueryStringOrForm(Keywords.Code); var isPreAuthCallback = !code.IsNullOrEmpty(); if (!isPreAuthCallback) { var oauthstate = session.Id; var preAuthUrl = AuthorizeUrl .AddQueryParam("response_type", "code") .AddQueryParam("client_id", ConsumerKey) .AddQueryParam("redirect_uri", this.CallbackUrl) .AddQueryParam("scope", string.Join(" ", Scopes)) .AddQueryParam(Keywords.State, oauthstate); if (ResponseMode != null) { preAuthUrl = preAuthUrl.AddQueryParam("response_mode", ResponseMode); } if (session is AuthUserSession authSession) { (authSession.Meta ?? (authSession.Meta = new Dictionary <string, string>()))["oauthstate"] = oauthstate; } await this.SaveSessionAsync(authService, session, SessionExpiry, token).ConfigAwait(); return(authService.Redirect(PreAuthUrlFilter(ctx, preAuthUrl))); } try { var state = httpRequest.GetQueryStringOrForm(Keywords.State); if (state != null && session is AuthUserSession authSession) { if (authSession.Meta == null) { authSession.Meta = new Dictionary <string, string>(); } if (authSession.Meta.TryGetValue("oauthstate", out var oauthState) && state != oauthState) { return(authService.Redirect(FailedRedirectUrlFilter(ctx, session.ReferrerUrl.SetParam("f", "InvalidState")))); } authSession.Meta.Remove("oauthstate"); } var contents = await GetAccessTokenJsonAsync(code, ctx, token).ConfigAwait(); var authInfo = (Dictionary <string, object>)JSON.parse(contents); ctx.AuthInfo = authInfo.ToStringDictionary(); var accessToken = (string)authInfo["access_token"]; var redirectUrl = SuccessRedirectUrlFilter(ctx, session.ReferrerUrl.SetParam("s", "1")); var errorResult = await AuthenticateWithAccessTokenAsync(authService, session, tokens, accessToken, ctx.AuthInfo, token).ConfigAwait(); if (errorResult != null) { return(errorResult); } //Haz Access! if (HostContext.Config?.UseSameSiteCookies == true) { // Workaround Set-Cookie HTTP Header not being honoured in 302 Redirects var redirectHtml = HtmlTemplates.GetHtmlRedirectTemplate(redirectUrl); return(await new HttpResult(redirectHtml, MimeTypes.Html).SuccessAuthResultAsync(authService, session).ConfigAwait()); } return(await authService.Redirect(redirectUrl).SuccessAuthResultAsync(authService, session).ConfigAwait()); } catch (WebException we) { var errorBody = await we.GetResponseBodyAsync(token).ConfigAwait(); Log.Error($"Failed to get Access Token for '{Provider}': {errorBody}"); var statusCode = ((HttpWebResponse)we.Response).StatusCode; if (statusCode == HttpStatusCode.BadRequest) { return(authService.Redirect(FailedRedirectUrlFilter(ctx, session.ReferrerUrl.SetParam("f", "AccessTokenFailed")))); } } //Shouldn't get here return(authService.Redirect(FailedRedirectUrlFilter(ctx, session.ReferrerUrl.SetParam("f", "Unknown")))); }
public override object Authenticate(IServiceBase authService, IAuthSession session, Authenticate request) { var tokens = Init(authService, ref session, request); //Transfering AccessToken/Secret from Mobile/Desktop App to Server if (request?.AccessToken != null) { if (!AuthHttpGateway.VerifyGoogleAccessToken(ConsumerKey, request.AccessToken)) { return(HttpError.Unauthorized("AccessToken is not for client_id: " + ConsumerKey)); } var isHtml = authService.Request.IsHtml(); var failedResult = AuthenticateWithAccessToken(authService, session, tokens, request.AccessToken); if (failedResult != null) { return(ConvertToClientError(failedResult, isHtml)); } return(isHtml ? authService.Redirect(SuccessRedirectUrlFilter(this, session.ReferrerUrl.SetParam("s", "1"))) : null); //return default AuthenticateResponse } var httpRequest = authService.Request; var error = httpRequest.QueryString["error_reason"] ?? httpRequest.QueryString["error"] ?? httpRequest.QueryString["error_code"] ?? httpRequest.QueryString["error_description"]; var hasError = !error.IsNullOrEmpty(); if (hasError) { Log.Error($"Google error callback. {httpRequest.QueryString}"); return(authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.SetParam("f", error)))); } var code = httpRequest.QueryString[Keywords.Code]; var isPreAuthCallback = !code.IsNullOrEmpty(); if (!isPreAuthCallback) { var preAuthUrl = AuthorizeUrl .AddQueryParam("response_type", "code") .AddQueryParam("client_id", ConsumerKey) .AddQueryParam("redirect_uri", this.CallbackUrl) .AddQueryParam("scope", string.Join(" ", Scopes)); this.SaveSession(authService, session, SessionExpiry); return(authService.Redirect(PreAuthUrlFilter(this, preAuthUrl))); } try { var accessTokenUrl = $"{AccessTokenUrl}?code={code}&client_id={ConsumerKey}&client_secret={ConsumerSecret}&redirect_uri={this.CallbackUrl.UrlEncode()}&grant_type=authorization_code"; var contents = AccessTokenUrlFilter(this, accessTokenUrl).PostToUrl(""); var authInfo = JsonObject.Parse(contents); var accessToken = authInfo["access_token"]; return(AuthenticateWithAccessToken(authService, session, tokens, accessToken) ?? authService.Redirect(SuccessRedirectUrlFilter(this, session.ReferrerUrl.SetParam("s", "1")))); //Haz Access! } catch (WebException we) { string errorBody = we.GetResponseBody(); var statusCode = ((HttpWebResponse)we.Response).StatusCode; if (statusCode == HttpStatusCode.BadRequest) { return(authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.SetParam("f", "AccessTokenFailed")))); } } //Shouldn't get here return(authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.SetParam("f", "Unknown")))); }