/// <summary> /// Used to query app info from an ID /// </summary> /// <param name="e"></param> /// <param name="path"></param> /// <returns></returns> public static async Task OnQueryRequest(Microsoft.AspNetCore.Http.HttpContext e) { //Decode request OAuthInfoRequest request = Program.DecodePostBody <OAuthInfoRequest>(e); //Find the application DbOauthApp app = await Program.connection.GetOAuthAppByAppID(request.client_id); if (app == null) { throw new StandardError("App not found.", StandardErrorCode.NotFound); } //Get all scopes that are usable List <OAuthScopeEntry> scopes = OAuthScopeStatics.GetOAuthScopes(request.scopes); if (scopes.Count == 0) { throw new StandardError("No scopes found.", StandardErrorCode.InvalidInput); } //Determine if this is dangerous bool is_dangerous = false; foreach (var s in scopes) { is_dangerous = is_dangerous || s.is_dangerous; } //Create scopes URL string scopesSeparated = ""; foreach (var s in scopes) { scopesSeparated += s.id + ","; } scopesSeparated.TrimEnd(','); //Respond string baseUrl = Program.connection.config.hosts.master + "/api"; await Program.QuickWriteJsonToDoc(e, new OAuthInfoResponse { name = app.name, description = app.description, icon = app.icon_url, is_dangerous = is_dangerous, scopes = scopes, client_id = app.client_id, endpoints = new OAuthInfoResponse_Endpoints { authorize = baseUrl + "/auth/oauth/authorize?client_id=" + app.client_id + "&scopes=" + System.Web.HttpUtility.UrlEncode(scopesSeparated), report = baseUrl + "/auth/oauth/report" } }); }
public async Task <DbOauthApp> GetOAuthAppByInternalID(ObjectId id) { var filterBuilder = Builders <DbOauthApp> .Filter; var filter = filterBuilder.Eq("_id", id); var result = await system_oauth_apps.FindAsync(filter); DbOauthApp c = await result.FirstOrDefaultAsync(); if (c == null) { return(null); } return(c); }
/// <summary> /// Used to obtain an access token from a backend server /// </summary> /// <param name="e"></param> /// <returns></returns> public static async Task OnVerifyRequest(Microsoft.AspNetCore.Http.HttpContext e) { //Decode request VerifyRequestPayload request = Program.DecodePostBody <VerifyRequestPayload>(e); //Find the application DbOauthApp app = await Program.connection.GetOAuthAppByAppID(request.client_id); if (app == null) { throw new StandardError("App not found.", StandardErrorCode.NotFound); } //Verify that the secret matches if (request.client_secret != app.client_secret) { throw new StandardError("Client secret does not match!", StandardErrorCode.InternalSigninError); } //Get a token using this var token = await Program.connection.GetTokenByPreflightAsync(request.preflight_token); if (token == null) { await Program.QuickWriteJsonToDoc(e, new VerifyResponsePayload { ok = false }); return; } //Deactivate preflight token internally token.oauth_preflight = null; await token.UpdateAsync(Program.connection); //Create and write a response await Program.QuickWriteJsonToDoc(e, new VerifyResponsePayload { access_token = token.token, scopes = token.oauth_scopes, ok = true }); }
public static async Task OnCreateRequest(Microsoft.AspNetCore.Http.HttpContext e, DbUser u) { //Decode request body CreateApplicationRequest request = Program.DecodePostBody <CreateApplicationRequest>(e); //Verify that all required elements are listed List <EditResponseError> errors = new List <EditResponseError>(); if (request.name == null) { errors.Add(new EditResponseError("NAME", "This field is required.")); } if (request.description == null) { errors.Add(new EditResponseError("DESCRIPTION", "This field is required.")); } if (request.redirect_uri == null) { errors.Add(new EditResponseError("REDIRECT_URI", "This field is required.")); } if (await TryRespondWithError(e, errors)) { return; } //Verify that all fields match requirements if (request.name.Length == 0) { errors.Add(new EditResponseError("NAME", "This field is required.")); } else if (request.name.Length < 2) { errors.Add(new EditResponseError("NAME", "Name must be at least 2 characters long.")); } else if (request.name.Length > 24) { errors.Add(new EditResponseError("NAME", "Name must be at less than 24 characters.")); } if (request.description.Length == 0) { errors.Add(new EditResponseError("DESCRIPTION", "This field is required.")); } else if (request.description.Length < 2) { errors.Add(new EditResponseError("DESCRIPTION", "Description must be at least 2 characters long.")); } else if (request.description.Length > 256) { errors.Add(new EditResponseError("DESCRIPTION", "Description must be at less than 256 characters.")); } if (!request.redirect_uri.StartsWith("http://") && !request.redirect_uri.StartsWith("https://")) { errors.Add(new EditResponseError("REDIRECT_URI", "Only http and https redirects are permitted.")); } if (await TryRespondWithError(e, errors)) { return; } //If an icon is set, verify it string icon = null; if (request.icon_token != null) { var iconInfo = await Program.connection.GetUserContentByToken(request.icon_token); if (iconInfo == null) { errors.Add(new EditResponseError("ICON", "Icon verification failed.")); } else if (iconInfo.application_id != ICON_APP_ID) { errors.Add(new EditResponseError("ICON", "Icon verification failed.")); } else { icon = iconInfo.url; } } //Generate an application ID and secret string appId = LibDeltaSystem.Tools.SecureStringTool.GenerateSecureString(24); while (await Program.connection.GetOAuthAppByAppID(appId) != null) { appId = LibDeltaSystem.Tools.SecureStringTool.GenerateSecureString(24); } string appSecret = LibDeltaSystem.Tools.SecureStringTool.GenerateSecureString(42); //Create oauth app DbOauthApp app = new DbOauthApp { client_id = appId, client_secret = appSecret, description = request.description, icon_url = icon, name = request.name, owner_id = u.id, redirect_uri = request.redirect_uri, _id = MongoDB.Bson.ObjectId.GenerateNewId() }; //Insert in database await Program.connection.system_oauth_apps.InsertOneAsync(app); //Write app info await Program.QuickWriteJsonToDoc(e, app); }