public void BadFetch() { Uri userUrl = new Uri("http://who.cares/"); IAssociationStore store = new MemoryStore(); Consumer consumer; ArrayList cases = new ArrayList(); cases.Add(null); cases.Add(HttpStatusCode.NotFound); cases.Add(HttpStatusCode.BadRequest); cases.Add(HttpStatusCode.InternalServerError); byte[] data = Encoding.UTF8.GetBytes("Who cares?"); FetchResponse resp; foreach (object code in cases) { if (code == null) resp = null; else resp = new FetchResponse((HttpStatusCode) code, userUrl, "UTF-8", data, data.Length); consumer = new Consumer(store, new BadFetcher(resp)); try { consumer.BeginAuth(userUrl); TestTools.Assert(false, String.Format("Consumer failed to raise FetchException: {0}", code.ToString())); } catch (FetchException e) {} } }
public override bool ValidateUser(string username, string password) { bool ret = true; try { Uri userUri = Utility.NormalizeIdentityUrl(username); HttpContext Context = HttpContext.Current; HttpSessionState Session = Context.Session; HttpRequest Request = Context.Request; HttpResponse Response = Context.Response; Janrain.OpenId.Consumer.Consumer consumer; if (consumerSession == null) { consumerSession = new Janrain.OpenId.Session.SimpleSessionState(); } consumer = new Janrain.OpenId.Consumer.Consumer(consumerSession, Janrain.OpenId.Store.MemoryStore.GetInstance()); if (username != null) { try { AuthRequest request = consumer.Begin(userUri); // Build the trust root UriBuilder builder = new UriBuilder(Request.Url.AbsoluteUri); builder.Query = null; builder.Password = null; builder.UserName = null; builder.Fragment = null; builder.Path = Request.ApplicationPath; // The following approach does not append port 80 in the // no port case. string trustRoot = (new Uri(builder.ToString())).ToString(); // Build the return_to URL builder = new UriBuilder(Request.Url.AbsoluteUri); NameValueCollection col = new NameValueCollection(); col["ReturnUrl"] = Request.QueryString["ReturnUrl"]; builder.Query = Janrain.OpenId.UriUtil.CreateQueryString(col); Uri returnTo = new Uri(builder.ToString()); Uri redirectUrl = request.CreateRedirect(trustRoot, returnTo, AuthRequest.Mode.SETUP); // The following illustrates how to use SREG. String uriString = redirectUrl.AbsoluteUri + "&openid.sreg.optional=" + _optionalInformation; // Get the current page _loginURL = Context.Request.Url.AbsoluteUri; // Redirect the user to the OpenID provider Page Response.Redirect(uriString, true); } catch (System.Threading.ThreadAbortException) { // Consume. This is normal during redirect. } } else { ret = false; } } catch { return false; } return ret; }
public bool ValidateOpenIDUser() { bool ret = true; HttpContext Context = HttpContext.Current; HttpSessionState Session = Context.Session; HttpRequest Request = Context.Request; Janrain.OpenId.Consumer.Consumer consumer; try { if (consumerSession == null) { consumerSession = new Janrain.OpenId.Session.SimpleSessionState(); } consumer = new Janrain.OpenId.Consumer.Consumer(consumerSession, Janrain.OpenId.Store.MemoryStore.GetInstance()); } catch { return false; } if (Request.QueryString["openid.mode"] != null && Request.QueryString["openid.mode"] != "Cancel") { try { _country = (Request.QueryString["openid.sreg.country"] ?? ""); _dayOfBirth = (Request.QueryString["openid.sreg.dob"] ?? ""); _email = (Request.QueryString["openid.sreg.email"] ?? ""); _fullname = (Request.QueryString["openid.sreg.fullname"] ?? ""); _gender = (Request.QueryString["openid.sreg.gender"] ?? ""); _language = (Request.QueryString["openid.sreg.language"] ?? ""); _nickname = (Request.QueryString["openid.sreg.nickname"] ?? ""); _postcode = (Request.QueryString["openid.sreg.postcode"] ?? ""); _timezone = (Request.QueryString["openid.sreg.timezone"] ?? ""); ConsumerResponse resp = consumer.Complete(Request.QueryString); string userIdentity = Utility.IdentityUrlToDisplayString(resp.IdentityUrl); MembershipUser user = GetUserByOpenId(userIdentity, true); ret = (user != null); if (ret) { FormsAuthentication.RedirectFromLoginPage(user.UserName, false); } else { OpenIdNotLinkedException exception = new OpenIdNotLinkedException(userIdentity); throw exception; } } catch (FailureException fexc) { if (WriteExceptionsToEventLog) { Utility.WriteToEventLog(fexc, "ValidateOpenIDUser"); } ret = false; } catch (OpenIdNotLinkedException nlEx) { throw nlEx; } catch (Exception fe) { if (WriteExceptionsToEventLog) { Utility.WriteToEventLog(fe, "ValidateOpenIDUser"); } throw new OpenIdMembershipProviderException(fe.Message, fe.Source, fe.StackTrace); } } else { ret = false; } return ret; }
public void BadParse() { IAssociationStore store = new MemoryStore(); Uri userUrl = new Uri("http://user.example.com/"); string[] cases = { "", "http://not.in.a.link.tag/", "<link rel=\"openid.server\" href=\"not.in.html.or.head\" />" }; Fetcher fetcher; Consumer consumer; foreach (string userPage in cases) { fetcher = new TestFetcher(userUrl, userPage, null); consumer = new Consumer(store, fetcher); try { consumer.BeginAuth(userUrl); TestTools.Assert(false, String.Format("Shouldn't have succeeded with user_page=[{0}]", userPage)); } catch (ParseException e) {} } }
private void Success(Uri userUri, Uri delegateUri, string links, Consumer.Mode immediate) { MemoryStore store = new MemoryStore(); string mode; if (immediate == Consumer.Mode.IMMEDIATE) mode = "checkid_immediate"; else mode = "checkid_setup"; string userPage = String.Format(USER_PAGE_PAT, links); string test_handle = "Snarky"; AssociationInfo info = new AssociationInfo( Encoding.ASCII.GetBytes("another 20-byte key."), test_handle); Fetcher fetcher = new TestFetcher(userUri, userPage, info); Consumer consumer = new Consumer(store, fetcher); AuthRequest request = consumer.BeginAuth(userUri); Uri returnTo = new Uri(consumerUri.AbsoluteUri, true); string trustRoot = consumerUri.AbsoluteUri; Uri redirectUri = consumer.CreateRedirect(immediate, request, returnTo, trustRoot); NameValueCollection q = FormParser.Parse(Encoding.UTF8.GetBytes(redirectUri.Query.Substring(1))); string errmsg = redirectUri.AbsoluteUri; TestTools.Assert(q.Count == 5, errmsg); TestTools.Assert(q["openid.mode"] == mode, errmsg); TestTools.Assert(q["openid.identity"] == delegateUri.AbsoluteUri, errmsg); TestTools.Assert(q["openid.trust_root"] == trustRoot, errmsg); TestTools.Assert(q["openid.assoc_handle"] == test_handle, errmsg); TestTools.Assert(q["openid.return_to"] == returnTo.AbsoluteUri, errmsg); TestTools.Assert(redirectUri.AbsoluteUri.StartsWith(serverUri.AbsoluteUri), errmsg); NameValueCollection query = new NameValueCollection(); query.Add("openid.mode", "id_res"); query.Add("openid.return_to", returnTo.AbsoluteUri); query.Add("openid.identity", delegateUri.AbsoluteUri); query.Add("openid.assoc_handle", test_handle); Association assoc = store.GetAssociation(serverUri, test_handle); string sig = assoc.SignDict(new string[] { "mode", "return_to", "identity" }, query, "openid."); query.Add("openid.sig", sig); query.Add("openid.signed", "mode,return_to,identity"); object result; Consumer.Status status = consumer.CompleteAuth(request.token, query, out result); TestTools.Assert(status == Consumer.Status.SUCCESS); TestTools.Assert(((Uri)result).AbsoluteUri == userUri.AbsoluteUri, String.Format("info:{0}\nuserUri:{1}", info, userUri)); }
private void AuthenticateRequest(Object sender, EventArgs e) { Consumer consumer = new Consumer(new MemoryStore(), new SimpleFetcher()); HttpContext Context = HttpContext.Current; HttpSessionState Session = Context.Session; HttpRequest Request = Context.Request; HttpResponse Response = Context.Response; if (Request.Url.AbsolutePath != "/login.aspx") return; if (Request.HttpMethod.ToLower() == "post") { string urlStr = Request.Form["openid_url"]; if (urlStr != null) { Uri userUri = UriUtil.NormalizeUri(urlStr); try { AuthRequest oidreq = consumer.BeginAuth(userUri); // XXX: construct this from login path and ReturnTo param UriBuilder builder = new UriBuilder(Request.Url.AbsoluteUri); if (Session == null) UriUtil.AppendQueryArgument(builder, TOKEN_KEY, oidreq.token); else Session[TOKEN_KEY] = oidreq.token; Uri returnTo = new Uri(builder.ToString(), true); builder = new UriBuilder(Request.Url.AbsoluteUri); builder.Query = null; builder.Password = null; builder.UserName = null; builder.Fragment = null; builder.Path = Request.ApplicationPath; string trustRoot = builder.ToString(); Uri redirectUri = consumer.CreateRedirect(Consumer.Mode.SETUP, oidreq, returnTo, trustRoot); Response.Redirect(redirectUri.AbsoluteUri); } catch (FetchException fe) { Context.Items.Add("errmsg", "Failed to fetch identity page."); } } } else if (Request.QueryString["openid.mode"] != null) { // XXX: this needs to handle checkid_immediate string token; if (Session == null) token = Request.QueryString[TOKEN_KEY]; else { token = (String) Session[TOKEN_KEY]; Session.Remove(TOKEN_KEY); } if (token == null) { Context.Items.Add("errmsg", "Token was null."); } else { object result; Consumer.Status status = consumer.CompleteAuth(token, Request.QueryString, out result); switch (status) { case Consumer.Status.FAILURE: Context.Items.Add("errmsg", String.Format("Verification of {0} failed.", result.ToString())); break; case Consumer.Status.SUCCESS: if (result != null) { FormsAuthentication.RedirectFromLoginPage( ((Uri) result).AbsoluteUri, false); return; } else { Context.Items.Add("errmsg", "Verification Cancelled."); } break; } } } }
public bool ValidateOpenIDUser() { bool ret = true; HttpContext Context = HttpContext.Current; HttpSessionState Session = Context.Session; HttpRequest Request = Context.Request; Janrain.OpenId.Consumer.Consumer consumer; try { if (consumerSession == null) { consumerSession = new Janrain.OpenId.Session.SimpleSessionState(); } consumer = new Janrain.OpenId.Consumer.Consumer(consumerSession, Janrain.OpenId.Store.MemoryStore.GetInstance()); } catch { return(false); } if (Request.QueryString["openid.mode"] != null && Request.QueryString["openid.mode"] != "Cancel") { try { _country = (Request.QueryString["openid.sreg.country"] ?? ""); _dayOfBirth = (Request.QueryString["openid.sreg.dob"] ?? ""); _email = (Request.QueryString["openid.sreg.email"] ?? ""); _fullname = (Request.QueryString["openid.sreg.fullname"] ?? ""); _gender = (Request.QueryString["openid.sreg.gender"] ?? ""); _language = (Request.QueryString["openid.sreg.language"] ?? ""); _nickname = (Request.QueryString["openid.sreg.nickname"] ?? ""); _postcode = (Request.QueryString["openid.sreg.postcode"] ?? ""); _timezone = (Request.QueryString["openid.sreg.timezone"] ?? ""); ConsumerResponse resp = consumer.Complete(Request.QueryString); string userIdentity = Utility.IdentityUrlToDisplayString(resp.IdentityUrl); MembershipUser user = GetUserByOpenId(userIdentity, true); ret = (user != null); if (ret) { FormsAuthentication.RedirectFromLoginPage(user.UserName, false); } else { OpenIdNotLinkedException exception = new OpenIdNotLinkedException(userIdentity); throw exception; } } catch (FailureException fexc) { if (WriteExceptionsToEventLog) { Utility.WriteToEventLog(fexc, "ValidateOpenIDUser"); } ret = false; } catch (OpenIdNotLinkedException nlEx) { throw nlEx; } catch (Exception fe) { if (WriteExceptionsToEventLog) { Utility.WriteToEventLog(fe, "ValidateOpenIDUser"); } throw new OpenIdMembershipProviderException(fe.Message, fe.Source, fe.StackTrace); } } else { ret = false; } return(ret); }
public override bool ValidateUser(string username, string password) { bool ret = true; try { Uri userUri = Utility.NormalizeIdentityUrl(username); HttpContext Context = HttpContext.Current; HttpSessionState Session = Context.Session; HttpRequest Request = Context.Request; HttpResponse Response = Context.Response; Janrain.OpenId.Consumer.Consumer consumer; if (consumerSession == null) { consumerSession = new Janrain.OpenId.Session.SimpleSessionState(); } consumer = new Janrain.OpenId.Consumer.Consumer(consumerSession, Janrain.OpenId.Store.MemoryStore.GetInstance()); if (username != null) { try { AuthRequest request = consumer.Begin(userUri); // Build the trust root UriBuilder builder = new UriBuilder(Request.Url.AbsoluteUri); builder.Query = null; builder.Password = null; builder.UserName = null; builder.Fragment = null; builder.Path = Request.ApplicationPath; // The following approach does not append port 80 in the // no port case. string trustRoot = (new Uri(builder.ToString())).ToString(); // Build the return_to URL builder = new UriBuilder(Request.Url.AbsoluteUri); NameValueCollection col = new NameValueCollection(); col["ReturnUrl"] = Request.QueryString["ReturnUrl"]; builder.Query = Janrain.OpenId.UriUtil.CreateQueryString(col); Uri returnTo = new Uri(builder.ToString()); Uri redirectUrl = request.CreateRedirect(trustRoot, returnTo, AuthRequest.Mode.SETUP); // The following illustrates how to use SREG. String uriString = redirectUrl.AbsoluteUri + "&openid.sreg.optional=" + _optionalInformation; // Get the current page _loginURL = Context.Request.Url.AbsoluteUri; // Redirect the user to the OpenID provider Page Response.Redirect(uriString, true); } catch (System.Threading.ThreadAbortException) { // Consume. This is normal during redirect. } } else { ret = false; } } catch { return(false); } return(ret); }