예제 #1
0
        // GET /{appName}/oauth/authorize
        //
        public ActionResult Index(string appName, AuthorizeRequest request)
        {
            Tracing.Start("OAuth2 Authorize Endoint");

            // make sure application is registered
            var application = _config.FindApplication(appName);

            if (application == null)
            {
                Tracing.Error("Application not found: " + appName);
                return(HttpNotFound());
            }

            ValidatedRequest validatedRequest;

            try
            {
                validatedRequest = new AuthorizeRequestValidator().Validate(application, request);
            }
            catch (AuthorizeRequestValidationException ex)
            {
                Tracing.Error("Aborting OAuth2 authorization request");
                return(this.AuthorizeValidationError(ex));
            }

            if (validatedRequest.ShowConsent)
            {
                validatedRequest.RememberOptions = GetRememberOptions(application);

                // todo: check first if a remembered consent decision exists
                if (validatedRequest.ResponseType == OAuthConstants.ResponseTypes.Token)
                {
                    var handle = _handleManager.Find(
                        ClaimsPrincipal.Current.GetSubject(),
                        validatedRequest.Client,
                        validatedRequest.Application,
                        validatedRequest.Scopes,
                        StoredGrantType.ConsentDecision);

                    if (handle != null)
                    {
                        Tracing.Verbose("Stored consent decision found.");

                        return(PerformGrant(validatedRequest));
                    }
                }

                // show consent screen
                Tracing.Verbose("Showing consent screen");
                return(View("Consent", validatedRequest));
            }

            Tracing.Verbose("No consent configured for application/client");


            // workaround for bug #139
            validatedRequest.RequestedRefreshTokenExpiration = DateTime.UtcNow.AddYears(50);
            return(PerformGrant(validatedRequest));
        }
예제 #2
0
        public void ValidRequest()
        {
            var validator = new TokenRequestValidator(_handleManager);
            var app       = _testConfig.FindApplication("test");
            var request   = new TokenRequest
            {
                Grant_Type    = OAuthConstants.GrantTypes.RefreshToken,
                Refresh_Token = "abc"
            };

            var result = validator.Validate(app, request, _client);
        }
예제 #3
0
        public void ValidSingleScope()
        {
            var validator = new TokenRequestValidator();
            var app       = _testConfig.FindApplication("test");
            var request   = new TokenRequest
            {
                Grant_Type = "assertion",
                Assertion  = "assertion",
                Scope      = "read"
            };

            var result = validator.Validate(app, request, _client);
        }
예제 #4
0
        public void ValidSingleScope()
        {
            var validator = new TokenRequestValidator();
            var app       = _testConfig.FindApplication("test");
            var request   = new TokenRequest
            {
                Grant_Type = OAuthConstants.GrantTypes.Password,
                UserName   = "******",
                Password   = "******",
                Scope      = "read"
            };

            var result = validator.Validate(app, request, _client);
        }
예제 #5
0
        public void MissingClientPassword()
        {
            var validator = new TokenRequestValidator();
            var app       = _testConfig.FindApplication("test");
            var request   = new TokenRequest
            {
                Grant_Type = OAuthConstants.GrantTypes.Password,
                UserName   = "******",
                Password   = "******",
                Scope      = "read"
            };

            try
            {
                var client = Principal.Create("Test",
                                              new Claim(ClaimTypes.Name, "codeclient"));

                var result = validator.Validate(app, request, client);
            }
            catch (TokenRequestValidationException ex)
            {
                Assert.AreEqual(OAuthConstants.Errors.InvalidClient, ex.OAuthError);
                return;
            }

            Assert.Fail("No exception thrown.");
        }
예제 #6
0
        public void ValidSingleScope()
        {
            var validator = new TokenRequestValidator(_handleManager, _clientManager);
            var app       = _testConfig.FindApplication("test");
            var request   = new TokenRequest
            {
                Grant_Type   = OAuthConstants.GrantTypes.AuthorizationCode,
                Code         = "abc",
                Redirect_Uri = "https://validredirect"
            };

            var result = validator.Validate(app, request, _client);
        }
예제 #7
0
        public void NoParameters()
        {
            var validator = new AuthorizeRequestValidator();
            var app       = _testConfig.FindApplication("test");

            try
            {
                var result = validator.Validate(app, null);
            }
            catch (AuthorizeRequestResourceOwnerException ex)
            {
                // todo: inspect exception
                return;
            }

            Assert.Fail("No exception thrown.");
        }
예제 #8
0
        public void ValidSingleScope()
        {
            var validator = new TokenRequestValidator(_clientManager);
            var app       = _testConfig.FindApplication("test");
            var request   = new TokenRequest
            {
                Grant_Type = OAuthConstants.GrantTypes.ClientCredentials,
                Scope      = "read"
            };

            var result = validator.Validate(app, request, _client);
        }
예제 #9
0
        public HttpResponseMessage Post(string appName, TokenRequest request)
        {
            Tracing.Start("OAuth2 Token Endpoint");

            // make sure application is registered
            var application = _config.FindApplication(appName);

            if (application == null)
            {
                Tracing.Error("Application not found: " + appName);
                return(Request.CreateErrorResponse(HttpStatusCode.NotFound, "Not found"));
            }

            // validate token request
            ValidatedRequest validatedRequest;

            try
            {
                validatedRequest = new TokenRequestValidator(_handleManager).Validate(application, request, ClaimsPrincipal.Current);
            }
            catch (TokenRequestValidationException ex)
            {
                Tracing.Error("Aborting OAuth2 token request");
                return(Request.CreateOAuthErrorResponse(ex.OAuthError));
            }

            // switch over the grant type
            if (validatedRequest.GrantType.Equals(OAuthConstants.GrantTypes.Password))
            {
                return(ProcessResourceOwnerCredentialRequest(validatedRequest));
            }
            else if (validatedRequest.GrantType.Equals(OAuthConstants.GrantTypes.AuthorizationCode))
            {
                return(ProcessAuthorizationCodeRequest(validatedRequest));
            }
            else if (string.Equals(validatedRequest.GrantType, OAuthConstants.GrantTypes.RefreshToken))
            {
                return(ProcessRefreshTokenRequest(validatedRequest));
            }
            else if (string.Equals(validatedRequest.GrantType, OAuthConstants.GrantTypes.ClientCredentials))
            {
                return(ProcessClientCredentialsRequest(validatedRequest));
            }

            Tracing.Error("invalid grant type: " + request.Grant_Type);
            return(Request.CreateOAuthErrorResponse(OAuthConstants.Errors.UnsupportedGrantType));
        }
예제 #10
0
        public void ValidRequestSingleScope()
        {
            var validator = new AuthorizeRequestValidator();
            var app       = _testConfig.FindApplication("test");
            var request   = new AuthorizeRequest
            {
                client_id     = "implicitclient",
                response_type = "token",
                scope         = "read",
                redirect_uri  = "https://test2.local"
            };

            var result = validator.Validate(app, request);
        }
예제 #11
0
        public void ValidRequestSingleScope()
        {
            var validator = new AuthorizeRequestValidator();
            var app       = _testConfig.FindApplication("test");
            var request   = new AuthorizeRequest
            {
                client_id     = "codeclient",
                response_type = "code",
                scope         = "read",
                redirect_uri  = "https://prod.local"
            };

            var result = validator.Validate(app, new List <IdentityMembership>(), request);
        }
예제 #12
0
        public void NeedsGranted()
        {
            var validator = new AuthorizeRequestValidator();
            var app       = _testConfig.FindApplication("test");
            var request   = new AuthorizeRequest
            {
                client_id     = "implicitclient",
                response_type = "token",
                scope         = "needs",
                redirect_uri  = "https://test2.local",
                context       = "11234"
            };
            var memberships = new List <IdentityMembership>();

            memberships.Add(new IdentityMembership()
            {
                CanAccessNeeds = true, MembershipID = 11234
            });

            var result = validator.Validate(app, new List <IdentityMembership>(), request);

            Assert.AreEqual("11234", result.context);
        }