public async Task Invoke(HttpContext context, IAuthenticationService authenticationService) { try { BasicAuthenticationParser parser = new BasicAuthenticationParser(context); // put in the authHeader and get the username and password from the parser parser.ParseHeader(); string username = parser.Username; string password = parser.Password; // find the usernamd and password in the database int?userId = CheckReturnUserId(username, password); if (userId != null) { // add the user to the context AssignUserToContext(context, userId); } await next(context); } catch (FormatException) { Debug.WriteLine("Format issues"); } }
public void ReportBadPayloadInvalid() { var parser = new BasicAuthenticationParser("Basic foobar", null); parser.IsValid.Should().BeFalse(); parser.Username.Should().BeNullOrEmpty(); }
public void ReportNonBasicHeaderInvalid() { var parser = new BasicAuthenticationParser("Bearer foobar", null); parser.IsValid.Should().BeFalse(); parser.Username.Should().BeNullOrEmpty(); }
public void ReportEmptyHeaderInvalid() { var parser = new BasicAuthenticationParser(string.Empty, null); parser.IsValid.Should().BeFalse(); parser.Username.Should().BeNullOrEmpty(); }
public void ParseValidPayload(string header, string username, string password) { var parser = new BasicAuthenticationParser(header, null); parser.IsValid.Should().BeTrue(); parser.Username.Should().Be(username); parser.Password.Should().Be(password); }
private async Task <bool> ExecuteClientCredentialsFlow(IOwinEnvironment context, IClient client, CancellationToken cancellationToken) { var basicHeaderParser = new BasicAuthenticationParser(context.Request.Headers.GetString("Authorization"), _logger); if (!basicHeaderParser.IsValid) { await Error.Create <OauthInvalidRequest>(context, cancellationToken); return(true); } var preLoginContext = new PreLoginContext(context) { Login = basicHeaderParser.Username }; await _handlers.PreLoginHandler(preLoginContext, cancellationToken).ConfigureAwait(false); var request = new ClientCredentialsGrantRequest { Id = basicHeaderParser.Username, Secret = basicHeaderParser.Password }; if (preLoginContext.AccountStore != null) { request.AccountStoreHref = preLoginContext.AccountStore.Href; } var application = await client .GetApplicationAsync(_configuration.Application.Href, cancellationToken) .ConfigureAwait(false); IOauthGrantAuthenticationResult tokenResult; try { tokenResult = await application .ExecuteOauthRequestAsync(request, cancellationToken) .ConfigureAwait(false); } // Catch error 10019 (API Authentication failed) catch (ResourceException rex) when(rex.Code == 10019) { return(await Error.Create <OauthInvalidClient>(context, cancellationToken).ConfigureAwait(false)); } var accessToken = await tokenResult.GetAccessTokenAsync(cancellationToken).ConfigureAwait(false); var account = await accessToken.GetAccountAsync(cancellationToken).ConfigureAwait(false); var postLoginContext = new PostLoginContext(context, account); await _handlers.PostLoginHandler(postLoginContext, cancellationToken).ConfigureAwait(false); var sanitizer = new GrantResultResponseSanitizer(); return(await JsonResponse.Ok(context, sanitizer.SanitizeResponseWithoutRefreshToken(tokenResult)).ConfigureAwait(false)); }
private async Task <bool> ExecuteClientCredentialsFlow(IOwinEnvironment context, IClient client, CancellationToken cancellationToken) { var jsonErrorHandler = new Func <AbstractError, CancellationToken, Task>((err, ct) => Error.Create(context, err, ct)); var basicHeaderParser = new BasicAuthenticationParser(context.Request.Headers.GetString("Authorization"), _logger); if (!basicHeaderParser.IsValid) { await jsonErrorHandler(new OauthInvalidRequest(), cancellationToken); return(true); } var executor = new LoginExecutor(client, _configuration, _handlers, _logger); var application = await client .GetApplicationAsync(_configuration.Application.Href, cancellationToken) .ConfigureAwait(false); var tokenResult = await executor.ClientCredentialsGrantAsync( context, application, jsonErrorHandler, basicHeaderParser.Username, basicHeaderParser.Password, cancellationToken); if (tokenResult == null) { return(true); // Some error occurred and the handler was invoked } await executor.HandlePostLoginAsync(context, tokenResult, cancellationToken); var sanitizer = new GrantResultResponseSanitizer(); return(await JsonResponse.Ok(context, sanitizer.SanitizeResponseWithoutRefreshToken(tokenResult)).ConfigureAwait(false)); }