Exemplo n.º 1
0
        public override async Task ValidateLogoutRequest([NotNull] ValidateLogoutRequestContext context)
        {
            var services = context.HttpContext.RequestServices.GetRequiredService <OpenIddictServices <TApplication, TAuthorization, TScope, TToken> >();

            // Skip validation if the optional post_logout_redirect_uri
            // parameter was missing from the logout request.
            if (string.IsNullOrEmpty(context.PostLogoutRedirectUri))
            {
                services.Logger.LogInformation("The logout request validation process was skipped because " +
                                               "the post_logout_redirect_uri parameter was missing.");

                context.Skip();

                return;
            }

            var application = await services.Applications.FindByLogoutRedirectUri(context.PostLogoutRedirectUri);

            if (application == null)
            {
                services.Logger.LogError("The logout request was rejected because the client application corresponding " +
                                         "to the specified post_logout_redirect_uri was not found in the database: " +
                                         "'{PostLogoutRedirectUri}'.", context.PostLogoutRedirectUri);

                context.Reject(
                    error: OpenIdConnectConstants.Errors.InvalidClient,
                    description: "Invalid post_logout_redirect_uri.");

                return;
            }

            context.Validate();
        }
Exemplo n.º 2
0
        public override async Task ValidateLogoutRequest(ValidateLogoutRequestContext context)
        {
            var database = context.HttpContext.RequestServices.GetRequiredService <ApplicationContext>();

            // Skip validation if the post_logout_redirect_uri parameter was missing.
            if (string.IsNullOrEmpty(context.PostLogoutRedirectUri))
            {
                context.Skip();

                return;
            }

            // Note: ValidateClientLogoutRedirectUri is not invoked when post_logout_redirect_uri is null.
            // When provided, post_logout_redirect_uri must exactly match the address registered by the client application.
            if (!await database.Applications.AnyAsync(application => application.LogoutRedirectUri == context.PostLogoutRedirectUri))
            {
                context.Reject(
                    error: OpenIdConnectConstants.Errors.InvalidClient,
                    description: "Invalid post_logout_redirect_uri");

                return;
            }

            context.Validate();
        }
Exemplo n.º 3
0
        public override async Task ValidateLogoutRequest([NotNull] ValidateLogoutRequestContext context)
        {
            var services = context.HttpContext.RequestServices.GetRequiredService <OpenIddictServices <TUser, TApplication> >();

            // Skip validation if the optional post_logout_redirect_uri
            // parameter was missing from the logout request.
            if (string.IsNullOrEmpty(context.PostLogoutRedirectUri))
            {
                context.Skip();

                return;
            }

            var application = await services.Applications.FindApplicationByLogoutRedirectUri(context.PostLogoutRedirectUri);

            if (application == null)
            {
                context.Reject(
                    error: OpenIdConnectConstants.Errors.InvalidClient,
                    description: "Invalid post_logout_redirect_uri.");

                return;
            }

            context.Validate();
        }
Exemplo n.º 4
0
        public override async Task ValidateLogoutRequest([NotNull] ValidateLogoutRequestContext context)
        {
            var applications = context.HttpContext.RequestServices.GetRequiredService <OpenIddictApplicationManager <TApplication> >();
            var logger       = context.HttpContext.RequestServices.GetRequiredService <ILogger <OpenIddictProvider <TApplication, TAuthorization, TScope, TToken> > >();

            // If an optional post_logout_redirect_uri was provided, validate it.
            if (!string.IsNullOrEmpty(context.PostLogoutRedirectUri))
            {
                var application = await applications.FindByLogoutRedirectUri(context.PostLogoutRedirectUri, context.HttpContext.RequestAborted);

                if (application == null)
                {
                    logger.LogError("The logout request was rejected because the client application corresponding " +
                                    "to the specified post_logout_redirect_uri was not found in the database: " +
                                    "'{PostLogoutRedirectUri}'.", context.PostLogoutRedirectUri);

                    context.Reject(
                        error: OpenIdConnectConstants.Errors.InvalidClient,
                        description: "Invalid post_logout_redirect_uri.");

                    return;
                }
            }

            context.Validate();
        }
Exemplo n.º 5
0
        public override async Task ValidateLogoutRequest([NotNull] ValidateLogoutRequestContext context)
        {
            // If an optional post_logout_redirect_uri was provided, validate it.
            if (!string.IsNullOrEmpty(context.PostLogoutRedirectUri))
            {
                if (!Uri.TryCreate(context.PostLogoutRedirectUri, UriKind.Absolute, out Uri uri) || !uri.IsWellFormedOriginalString())
                {
                    Logger.LogError("The logout request was rejected because the specified post_logout_redirect_uri was not " +
                                    "a valid absolute URL: {PostLogoutRedirectUri}.", context.PostLogoutRedirectUri);

                    context.Reject(
                        error: OpenIdConnectConstants.Errors.InvalidRequest,
                        description: "The 'post_logout_redirect_uri' parameter must be a valid absolute URL.");

                    return;
                }

                if (!string.IsNullOrEmpty(uri.Fragment))
                {
                    Logger.LogError("The logout request was rejected because the 'post_logout_redirect_uri' contained " +
                                    "a URL fragment: {PostLogoutRedirectUri}.", context.PostLogoutRedirectUri);

                    context.Reject(
                        error: OpenIdConnectConstants.Errors.InvalidRequest,
                        description: "The 'post_logout_redirect_uri' parameter must not include a fragment.");

                    return;
                }

                if (!await Applications.ValidatePostLogoutRedirectUriAsync(context.PostLogoutRedirectUri))
                {
                    Logger.LogError("The logout request was rejected because the specified post_logout_redirect_uri " +
                                    "was unknown: {PostLogoutRedirectUri}.", context.PostLogoutRedirectUri);

                    context.Reject(
                        error: OpenIdConnectConstants.Errors.InvalidRequest,
                        description: "The specified 'post_logout_redirect_uri' parameter is not valid.");

                    return;
                }
            }

            context.Validate();
        }
        public override async Task ValidateLogoutRequest(ValidateLogoutRequestContext context)
        {
            // When provided, post_logout_redirect_uri must exactly
            // match the address registered by the client application.
            if (!string.IsNullOrEmpty(context.PostLogoutRedirectUri) &&
                !await _database.Applications.AnyAsync(application => application.LogoutRedirectUri == context.PostLogoutRedirectUri))
            {
                context.Reject(
                    error: OpenIdConnectConstants.Errors.InvalidRequest,
                    description: "The specified 'post_logout_redirect_uri' is invalid.");

                return;
            }

            context.Validate();
        }
Exemplo n.º 7
0
        /// <summary>
        /// Represents an event called for each request to the logout endpoint
        /// to determine if the request is valid and should continue.
        /// </summary>
        /// <param name="context">The context instance associated with this event.</param>
        public override async Task ValidateLogoutRequest(ValidateLogoutRequestContext context)
        {
            // When provided, post_logout_redirect_uri must exactly
            // match the address registered by the client application.
            if (!context.PostLogoutRedirectUri.IsNullOrWhiteSpace())
            {
                var rockContext       = new RockContext();
                var authClientService = new AuthClientService(rockContext);
                var authClient        = await authClientService.GetByPostLogoutRedirectUrlAsync(context.PostLogoutRedirectUri);

                if (authClient == null)
                {
                    context.Reject(
                        error: OpenIdConnectConstants.Errors.InvalidRequest,
                        description: "The specified 'post_logout_redirect_uri' is invalid.");

                    return;
                }
            }

            context.Validate();
        }
Exemplo n.º 8
0
        public override async Task ValidateLogoutRequest([NotNull] ValidateLogoutRequestContext context)
        {
            var clientMgr = context.HttpContext.RequestServices.GetRequiredService <OidcClientManager>();

            // Skip validation if the post_logout_redirect_uri parameter was missing.
            if (string.IsNullOrEmpty(context.PostLogoutRedirectUri))
            {
                context.Skip();

                return;
            }

            // When provided, post_logout_redirect_uri must exactly match the address registered by the client application.
            if (!clientMgr.IsValidPostLogoutRedirectUri(context.PostLogoutRedirectUri))
            {
                context.Reject(
                    error: OpenIdConnectConstants.Errors.InvalidClient,
                    description: "Invalid post_logout_redirect_uri");

                return;
            }

            context.Validate();
        }
        public override async Task ValidateLogoutRequest(ValidateLogoutRequestContext context) {
            var database = context.HttpContext.RequestServices.GetRequiredService<ApplicationContext>();

            // Skip validation if the post_logout_redirect_uri parameter was missing.
            if (string.IsNullOrEmpty(context.PostLogoutRedirectUri)) {
                context.Skip();

                return;
            }

            // When provided, post_logout_redirect_uri must exactly match the address registered by the client application.
            if (!await database.Applications.AnyAsync(application => application.LogoutRedirectUri == context.PostLogoutRedirectUri)) {
                context.Reject(
                    error: OpenIdConnectConstants.Errors.InvalidClient,
                    description: "Invalid post_logout_redirect_uri");

                return;
            }

            context.Validate();
        }
Exemplo n.º 10
0
        public override async Task ValidateLogoutRequest([NotNull] ValidateLogoutRequestContext context)
        {
            var options = (OpenIddictServerOptions)context.Options;

            // If an optional post_logout_redirect_uri was provided, validate it.
            if (!string.IsNullOrEmpty(context.PostLogoutRedirectUri))
            {
                if (!Uri.TryCreate(context.PostLogoutRedirectUri, UriKind.Absolute, out Uri uri) || !uri.IsWellFormedOriginalString())
                {
                    _logger.LogError("The logout request was rejected because the specified post_logout_redirect_uri was not " +
                                     "a valid absolute URL: {PostLogoutRedirectUri}.", context.PostLogoutRedirectUri);

                    context.Reject(
                        error: OpenIdConnectConstants.Errors.InvalidRequest,
                        description: "The 'post_logout_redirect_uri' parameter must be a valid absolute URL.");

                    return;
                }

                if (!string.IsNullOrEmpty(uri.Fragment))
                {
                    _logger.LogError("The logout request was rejected because the 'post_logout_redirect_uri' contained " +
                                     "a URL fragment: {PostLogoutRedirectUri}.", context.PostLogoutRedirectUri);

                    context.Reject(
                        error: OpenIdConnectConstants.Errors.InvalidRequest,
                        description: "The 'post_logout_redirect_uri' parameter must not include a fragment.");

                    return;
                }

                async Task <bool> ValidatePostLogoutRedirectUriAsync(string address)
                {
                    var applications = await _applicationManager.FindByPostLogoutRedirectUriAsync(address);

                    if (applications.IsDefaultOrEmpty)
                    {
                        return(false);
                    }

                    if (options.IgnoreEndpointPermissions)
                    {
                        return(true);
                    }

                    foreach (var application in applications)
                    {
                        if (await _applicationManager.HasPermissionAsync(
                                application, OpenIddictConstants.Permissions.Endpoints.Logout))
                        {
                            return(true);
                        }
                    }

                    return(false);
                }

                if (!await ValidatePostLogoutRedirectUriAsync(context.PostLogoutRedirectUri))
                {
                    _logger.LogError("The logout request was rejected because the specified post_logout_redirect_uri " +
                                     "was unknown: {PostLogoutRedirectUri}.", context.PostLogoutRedirectUri);

                    context.Reject(
                        error: OpenIdConnectConstants.Errors.InvalidRequest,
                        description: "The specified 'post_logout_redirect_uri' parameter is not valid.");

                    return;
                }
            }

            context.Validate();

            await _eventService.PublishAsync(new OpenIddictServerEvents.ValidateLogoutRequest(context));
        }