bool IsMaxAgeExceeded(
AuthorizationResponse response, UserTData data)
{
if (response.MaxAge <= 0)
{
// Don't have to care about the maximum
// authentication age.
return(false);
}
// Calculate the number of seconds that have elapsed
// since the last login.
long age =
TimeUtility.CurrentTimeSeconds()
- data.GetUserAuthenticatedAt();
if (age <= response.MaxAge)
{
// The max age is not exceeded yet.
return(false);
}
// The max age has been exceeded.
return(true);
}
async Task <HttpResponseMessage> HandleInteraction(
AuthorizationResponse response)
{
// Store some variables into TempData so that they can
// be referred to in AuthorizationDecisionController.
var data = new UserTData(TempData);
data.Set("ticket", response.Ticket);
data.SetObject("claimNames", response.Claims);
data.SetObject("claimLocales", response.ClaimsLocales);
// Clear user information in TempData if necessary.
ClearUserDataIfNecessary(response, data);
// Prepare a model object which is needed to render
// the authorization page.
var model = new AuthorizationPageModel(
response, data.GetUserEntity());
// Render the authorization page manually.
string html = await Render(VIEW_NAME, model);
// Return "200 OK" with "text/html".
return(ResponseUtility.OkHtml(html));
}
void AuthenticateUserIfNecessary(UserTData data)
{
// If user information is already stored in TempData.
if (data.HasUserEntity())
{
// Already logged in. No need to authenticate the
// user here again.
return;
}
// Values input to the form in the authorization page.
string loginId = Request.Form["loginId"];
string password = Request.Form["password"];
// Search the user database for the user.
UserEntity entity =
UserDao.GetByCredentials(loginId, password);
// If the user was found.
if (entity != null)
{
// The user was authenticated successfully.
data.SetUserEntity(entity);
data.SetUserAuthenticatedAt(
TimeUtility.CurrentTimeSeconds());
}
}
public async Task <HttpResponseMessage> Post()
{
// Wrap TempData.
var data = new UserTData(TempData);
// Authenticate the user if necessary.
AuthenticateUserIfNecessary(data);
// Flag which indicates whether the user has given
// authorization to the client application or not.
bool authorized = IsClientAuthorized();
// Parameters contained in the authorization request.
string ticket = (string)data.Get("ticket");
string[] claimNames = data.GetObject <string[]>("claimNames");
string[] claimLocales = data.GetObject <string[]>("claimLocales");
// Process the authorization request according to the
// decision made by the user.
return(await HandleDecision(
authorized, ticket, claimNames, claimLocales));
}
void ClearUserDataIfNecessary(
AuthorizationResponse response, UserTData data)
{
// Get the user information from TempData.
var entity = data.GetUserEntity();
// If user information does not exist in TempData.
if (entity == null)
{
// Nothing to clear.
return;
}
// If 'login' is required (= if the "prompt" parameter
// of the authorization request includes "login").
if (IsLoginRequired(response))
{
// Even if a user has already logged in, the user
// needs to be re-authenticated. This simple
// implementation forces the user to log out here.
data.RemoveUserTData();
return;
}
// If the max authentication age has been exceeded.
if (IsMaxAgeExceeded(response, data))
{
// Much time has elapsed since the last login, so
// re-authentication is needed. This simple
// implementation forces the user to log out here.
data.RemoveUserTData();
return;
}
// No need to clear user data.
}
public AuthorizationRequestHandlerSpiImpl(Controller controller)
{
// Wrap TempData.
_userTData = new UserTData(controller.TempData);
}
