public Uri CreateResponse(IAuthorizationContext context)
{
UriBuilder result = new UriBuilder(context.RedirectUri);
NameValueCollection queryComponents = GetContextToModify(context);
if (context.Error != null)
{
BuildResponseValues(queryComponents, context.Error.ToResponseValues());
SetModifiedContext(context, result, queryComponents);
return result.Uri;
}
IDictionary<string, object> responseValues;
if (context.ResponseType == Parameters.ResponseTypeValues.AuthorizationCode)
responseValues = ((ITokenizer)context.AuthorizationGrant).ToResponseValues();
else if (context.ResponseType == Parameters.ResponseTypeValues.AccessToken)
responseValues = ((ITokenizer)context.Token).ToResponseValues();
else
throw new InvalidOperationException("invalid type");
BuildResponseValues(queryComponents, responseValues);
queryComponents[Parameters.State] = context.State;
SetModifiedContext(context, result, queryComponents);
return result.Uri;
}
public AuthService(IUserManager userManager, ISessionManager sessionManager, IAuthorizationContext authorizationContext, IServerConfigurationManager config)
{
AuthorizationContext = authorizationContext;
_config = config;
SessionManager = sessionManager;
UserManager = userManager;
}
public void CreateAuthorizationGrant(IAuthorizationContext context)
{
try
{
InspectRequest(context);
IEnumerable<ContextProcessor<IAuthorizationContext>> processors = ServiceLocator.Current.GetAllInstances<ContextProcessor<IAuthorizationContext>>();
bool handled = false;
foreach (ContextProcessor<IAuthorizationContext> processor in processors)
{
if (!processor.IsSatisfiedBy(context)) continue;
processor.Process(context);
handled = true;
break;
}
if (!handled)
throw Errors.UnsupportedResponseType(context, context.ResponseType);
if (!context.IsApproved)
throw Errors.AccessDenied(context);
}
catch (OAuthErrorResponseException<IAuthorizationContext> ex)
{
context.Error = new ErrorResponse
{
Error = ex.Error,
ErrorDescription = ex.Message,
ErrorUri = ex.ErrorUri
};
}
}
private void SetModifiedContext(IAuthorizationContext context, UriBuilder builder, NameValueCollection components)
{
if (context.ResponseType == Parameters.ResponseTypeValues.AccessToken)
builder.Fragment = UriHelper.ReconstructQueryString(components);
else
builder.Query = UriHelper.ReconstructQueryString(components);
}
public AuthService(IUserManager userManager, IAuthorizationContext authorizationContext, IServerConfigurationManager config, IConnectManager connectManager, ISessionManager sessionManager, IDeviceManager deviceManager)
{
AuthorizationContext = authorizationContext;
_config = config;
DeviceManager = deviceManager;
SessionManager = sessionManager;
ConnectManager = connectManager;
UserManager = userManager;
}
private void InspectRequest(IAuthorizationContext context)
{
AssertNoAuthorizationToken(context);
AssertIsClient(context);
AssertRedirectUriIsValid(context);
AssertResourceOwnerIdIsNotBlank(context);
new SpecificationInspector().Inspect(context); // always run the known inspectors
IEnumerable<IContextInspector<IAuthorizationContext>> inspectors = ServiceLocator.Current.GetAllInstances<IContextInspector<IAuthorizationContext>>();
foreach (IContextInspector<IAuthorizationContext> inspector in inspectors)
inspector.Inspect(context);
}
public IAuthorizationGrant IssueAuthorizationGrant(IAuthorizationContext context)
{
AuthorizationGrant grant = new AuthorizationGrant();
Client client = ClientRepo.FindClient(context.Client.ClientId);
grant.Client = client;
grant.ResourceOwnerId = context.ResourceOwnerUsername;
//grant.IsApproved = false;
//grant.ExpiresIn = 120; // 2 minutes
grant.Code = Guid.NewGuid().ToString();
grant.IssuedOn = SharpOAuth2.Provider.Utility.Epoch.ToEpoch(DateTime.Now);
grant.Scope = string.Join(" ", context.Scope);
TokenRepo.AddAuthorizationGrant(grant);
return grant;
}
private static void CommonInvalidRequestSpecificationTest(IAuthorizationContext context, string parameter)
{
IContextInspector<IAuthorizationContext> inspector = new SpecificationInspector();
try
{
inspector.Inspect(context);
Assert.Fail("No exception was thrown");
}
catch (OAuthErrorResponseException<IAuthorizationContext> ex)
{
Assert.AreEqual(Parameters.ErrorParameters.ErrorValues.InvalidRequest, ex.Error);
Assert.AreEqual("The '" + parameter + "' parameter is required and missing, unsupported, or malformed", ex.Message);
}
catch (Exception)
{
Assert.Fail("Threw an unexpected exception");
}
}
private async Task ValidateDomainOwnershipAsync(IAuthorizationContext authorizationContext, CancellationToken cancellationToken)
{
cancellationToken.ThrowIfCancellationRequested();
var authorization = await authorizationContext.Resource();
var domainName = authorization.Identifier.Value;
_logger.LogDebug("Requesting authorization to create certificate for {domainName}", domainName);
cancellationToken.ThrowIfCancellationRequested();
var httpChallenge = await authorizationContext.Http();
cancellationToken.ThrowIfCancellationRequested();
if (httpChallenge == null)
{
throw new InvalidOperationException($"Did not receive challenge information for challenge type {ChallengeTypes.Http01}");
}
var keyAuth = httpChallenge.KeyAuthz;
_challengeStore.AddChallengeResponse(httpChallenge.Token, keyAuth);
cancellationToken.ThrowIfCancellationRequested();
_logger.LogDebug("Requesting completion of challenge to prove ownership of domain {domainName}", domainName);
var challenge = await httpChallenge.Validate();
var retries = 60;
var delay = TimeSpan.FromSeconds(2);
while (retries > 0)
{
retries--;
cancellationToken.ThrowIfCancellationRequested();
authorization = await authorizationContext.Resource();
_logger.LogAcmeAction("GetAuthorization", authorization);
switch (authorization.Status)
{
case AuthorizationStatus.Valid:
return;
case AuthorizationStatus.Pending:
await Task.Delay(delay);
continue;
case AuthorizationStatus.Invalid:
throw InvalidAuthorizationError(authorization);
case AuthorizationStatus.Revoked:
throw new InvalidOperationException($"The authorization to verify domainName '{domainName}' has been revoked.");
case AuthorizationStatus.Expired:
throw new InvalidOperationException($"The authorization to verify domainName '{domainName}' has expired.");
default:
throw new ArgumentOutOfRangeException("Unexpected response from server while validating domain ownership.");
}
}
throw new TimeoutException("Timed out waiting for domain ownership validation.");
}
public VideosService(ILibraryManager libraryManager, IUserManager userManager, IDtoService dtoService, IItemRepository itemRepo, IFileSystem fileSystem, IServerConfigurationManager config, IAuthorizationContext authContext)
{
_libraryManager = libraryManager;
_userManager = userManager;
_dtoService = dtoService;
_itemRepo = itemRepo;
_fileSystem = fileSystem;
_config = config;
_authContext = authContext;
}
/// <summary>
/// Initializes a new instance of the <see cref="BaseItemsByNameService{TItemType}" /> class.
/// </summary>
/// <param name="userManager">The user manager.</param>
/// <param name="libraryManager">The library manager.</param>
/// <param name="userDataRepository">The user data repository.</param>
/// <param name="itemRepository">The item repository.</param>
/// <param name="dtoService">The dto service.</param>
protected BaseItemsByNameService(IUserManager userManager, ILibraryManager libraryManager, IUserDataManager userDataRepository, IItemRepository itemRepository, IDtoService dtoService, IAuthorizationContext authorizationContext)
{
UserManager = userManager;
LibraryManager = libraryManager;
UserDataRepository = userDataRepository;
ItemRepository = itemRepository;
DtoService = dtoService;
AuthorizationContext = authorizationContext;
}
/// <summary>
/// Initializes a new instance of the <see cref="GamesService" /> class.
/// </summary>
/// <param name="userManager">The user manager.</param>
/// <param name="userDataRepository">The user data repository.</param>
/// <param name="libraryManager">The library manager.</param>
/// <param name="itemRepo">The item repo.</param>
/// <param name="dtoService">The dto service.</param>
public GamesService(IUserManager userManager, IUserDataManager userDataRepository, ILibraryManager libraryManager, IItemRepository itemRepo, IDtoService dtoService, IAuthorizationContext authContext)
{
_userManager = userManager;
_userDataRepository = userDataRepository;
_libraryManager = libraryManager;
_itemRepo = itemRepo;
_dtoService = dtoService;
_authContext = authContext;
}
public bool IsAccessApproved(IAuthorizationContext context)
{
InspectRequest(context);
return ServiceFactory.ClientService.IsAccessGranted(context.Client, context.Scope, context.ResourceOwnerUsername);
}
private void AssertRedirectUriIsValid(IAuthorizationContext context)
{
if (!ServiceFactory.ClientService.ValidateRedirectUri(context))
throw new OAuthFatalException(string.Format(CultureInfo.CurrentUICulture,
AuthorizationEndpointResources.InvalidRedirectUri, context.RedirectUri.ToString()));
}
public GetTokenDtoAuthorizationHandler(IApplicationUserContext applicationUserContext, IAuthorizationContext <ApplicationUserContext> context)
: base(applicationUserContext, context)
{
AllowAnonymous = true;
}
public SavePortfolioTransactionAuthorizationHandler(IApplicationUserContext applicationUserContext, IAuthorizationContext <int> context)
: base(applicationUserContext, context)
{
IsLoggedIn();
}
private void AssertResourceOwnerIdIsNotBlank(IAuthorizationContext context)
{
if (string.IsNullOrWhiteSpace(context.ResourceOwnerUsername))
throw new OAuthFatalException(AuthorizationEndpointResources.ResourceOwnerNotIncluded);
}
private string GetResource(IAuthorizationContext authorizationContext)
{
authorizationContext.TryGet <Resource>("Resource", out var resource);
return(resource != null ? resource.Value : "default");
}
public UserLibraryService(IUserManager userManager, ILibraryManager libraryManager, IUserDataManager userDataRepository, IDtoService dtoService, IUserViewManager userViewManager, IFileSystem fileSystem, IAuthorizationContext authContext)
{
_userManager = userManager;
_libraryManager = libraryManager;
_userDataRepository = userDataRepository;
_dtoService = dtoService;
_userViewManager = userViewManager;
_fileSystem = fileSystem;
_authContext = authContext;
}
public Task <AuthorizationResult> GetAuthorizationResult(IReadOnlyCollection <string> options, IAuthorizationContext authorizationContext)
{
if (!_userContext.IsSupportConsoleUser())
{
return(IsAuthorizedResult());
}
if (!IsAuthorized(GetResource(authorizationContext), authorizationContext))
{
return(IsNotAuthorizedResult(new Tier2UserAccessNotGranted()));
}
return(IsAuthorizedResult());
}
protected override void Execute(IAuthorizationContext context)
{
context.HasPermission = false;
}
private void AssertNoAuthorizationToken(IAuthorizationContext context)
{
if (context.Token != null)
throw new OAuthFatalException(AuthorizationEndpointResources.AuthorizationContextContainsToken);
}
public SessionContext(IUserManager userManager, IAuthorizationContext authContext, ISessionManager sessionManager)
{
_userManager = userManager;
_authContext = authContext;
_sessionManager = sessionManager;
}
public SessionsService(ISessionManager sessionManager, IServerApplicationHost appHost, IUserManager userManager, IAuthorizationContext authContext, IAuthenticationRepository authRepo, IDeviceManager deviceManager, ISessionContext sessionContext)
{
_sessionManager = sessionManager;
_userManager = userManager;
_authContext = authContext;
_authRepo = authRepo;
_deviceManager = deviceManager;
_sessionContext = sessionContext;
_appHost = appHost;
}
public SubtitleService(ILibraryManager libraryManager, ISubtitleManager subtitleManager, ISubtitleEncoder subtitleEncoder, IMediaSourceManager mediaSourceManager, IProviderManager providerManager, IFileSystem fileSystem, IAuthorizationContext authContext)
{
_libraryManager = libraryManager;
_subtitleManager = subtitleManager;
_subtitleEncoder = subtitleEncoder;
_mediaSourceManager = mediaSourceManager;
_providerManager = providerManager;
_fileSystem = fileSystem;
_authContext = authContext;
}
private void AssertIsClient(IAuthorizationContext context)
{
if (!ServiceFactory.ClientService.IsClient(context))
throw Errors.UnauthorizedClient(context, context.Client);
}
/// <summary>
/// Initializes a new instance of the <see cref="LibraryService" /> class.
/// </summary>
public LibraryService(IItemRepository itemRepo, ILibraryManager libraryManager, IUserManager userManager,
IDtoService dtoService, IUserDataManager userDataManager, IAuthorizationContext authContext, IActivityManager activityManager, ILocalizationManager localization)
{
_itemRepo = itemRepo;
_libraryManager = libraryManager;
_userManager = userManager;
_dtoService = dtoService;
_userDataManager = userDataManager;
_authContext = authContext;
_activityManager = activityManager;
_localization = localization;
}
/// <summary>
/// Initializes a new instance of the <see cref="ImageService" /> class.
/// </summary>
public ImageService(IUserManager userManager, ILibraryManager libraryManager, IProviderManager providerManager, IItemRepository itemRepo, IImageProcessor imageProcessor, IFileSystem fileSystem, IAuthorizationContext authContext)
{
_userManager = userManager;
_libraryManager = libraryManager;
_providerManager = providerManager;
_itemRepo = itemRepo;
_imageProcessor = imageProcessor;
_fileSystem = fileSystem;
_authContext = authContext;
}
private NameValueCollection GetContextToModify(IAuthorizationContext context)
{
if (context.ResponseType == Parameters.ResponseTypeValues.AccessToken)
return new NameValueCollection();
else
return HttpUtility.ParseQueryString(context.RedirectUri.Query);
}
/// <summary>
/// Initializes a new instance of the <see cref="TvShowsService" /> class.
/// </summary>
/// <param name="userManager">The user manager.</param>
/// <param name="userDataManager">The user data repository.</param>
/// <param name="libraryManager">The library manager.</param>
public TvShowsService(IUserManager userManager, IUserDataManager userDataManager, ILibraryManager libraryManager, IItemRepository itemRepo, IDtoService dtoService, ITVSeriesManager tvSeriesManager, IAuthorizationContext authContext)
{
_userManager = userManager;
_userDataManager = userDataManager;
_libraryManager = libraryManager;
_itemRepo = itemRepo;
_dtoService = dtoService;
_tvSeriesManager = tvSeriesManager;
_authContext = authContext;
}
public DynamicHlsService(IServerConfigurationManager serverConfig, IUserManager userManager, ILibraryManager libraryManager, IIsoManager isoManager, IMediaEncoder mediaEncoder, IFileSystem fileSystem, IDlnaManager dlnaManager, ISubtitleEncoder subtitleEncoder, IDeviceManager deviceManager, IMediaSourceManager mediaSourceManager, IZipClient zipClient, IJsonSerializer jsonSerializer, IAuthorizationContext authorizationContext, INetworkManager networkManager) : base(serverConfig, userManager, libraryManager, isoManager, mediaEncoder, fileSystem, dlnaManager, subtitleEncoder, deviceManager, mediaSourceManager, zipClient, jsonSerializer, authorizationContext)
{
NetworkManager = networkManager;
}
public GetListPortfolioTransactionsConsolidationDtoAuthorizationHandler(IApplicationUserContext applicationUserContext, IAuthorizationContext <List <PortfolioTransactionsConsolidationDto> > context)
: base(applicationUserContext, context)
{
IsLoggedIn();
}
public SessionContext(IUserManager userManager, IAuthorizationContext authContext, ISessionManager sessionManager)
{
_userManager = userManager;
_authContext = authContext;
_sessionManager = sessionManager;
}
/// <summary>
/// Initializes a new instance of the <see cref="MoviesService" /> class.
/// </summary>
public MoviesService(IUserManager userManager, ILibraryManager libraryManager, IDtoService dtoService, IServerConfigurationManager config, IAuthorizationContext authContext)
{
_userManager = userManager;
_libraryManager = libraryManager;
_dtoService = dtoService;
_config = config;
_authContext = authContext;
}
