public void Should_allow_default_tokens_for_any_identity_and_purpose()
{
const string tokenType = "session";
var sessionToken = _tokenStore.CreateToken(tokenType);
var token = _tokenStore.GetToken(tokenType, sessionToken);
Assert.IsNotNull(token);
Assert.AreEqual(sessionToken, token.Value);
Assert.IsTrue(string.IsNullOrEmpty(token.Identity));
Assert.IsTrue(string.IsNullOrEmpty(token.Purpose));
Assert.AreEqual(TokenStatus.Allowed, token.Status);
const string identity = "urn:user:431";
const string purpose = "login";
token = _tokenStore.GetToken(tokenType, sessionToken, purpose, identity);
Assert.IsNotNull(token);
Assert.AreEqual(sessionToken, token.Value);
Assert.AreEqual(purpose, token.Purpose);
Assert.AreEqual(identity, token.Identity);
Assert.AreEqual(TokenStatus.Allowed, token.Status);
}
private void SendPasswordReset(IOwinContext context, Identification identification)
{
var form = context.Request.ReadFormAsync().Result;
var userName = form["username"];
if (userName == null)
{
SetOutcome(context, identification, "No user name provided");
}
else
{
var token = _tokenStore.CreateToken("passwordReset", new[] { "ResetPassword" }, userName);
var session = context.GetFeature <ISession>();
if (session != null)
{
session.Set("reset-token", token);
}
SetOutcome(context, identification, "Password reset token is: " + token);
}
GoHome(context, identification);
}
/// <summary>
/// This method injects an access token into any html page that needs
/// one, and also injects Javascript to delete the token when the
/// page is unloaded.
/// </summary>
private Task InjectToken(IOwinContext context, Func <Task> next)
{
var response = context.Response;
var newStream = new MemoryStream();
var originalStream = response.Body;
response.Body = newStream;
return(next().ContinueWith(downstream =>
{
if (downstream.Exception != null)
{
throw downstream.Exception;
}
response.Body = originalStream;
if (string.Equals(response.ContentType, "text/html", StringComparison.OrdinalIgnoreCase))
{
var encoding = Encoding.UTF8;
var originalBytes = newStream.ToArray();
var html = encoding.GetString(originalBytes);
var apiToken = string.Empty;
if (html.Contains("{{api-token}}"))
{
apiToken = _tokenStore.CreateToken("api");
var unloadStript = "<script>\n" +
"window.onunload = function(){\n" +
" var xhttp = new XMLHttpRequest();\n" +
" xhttp.open('DELETE', '" + _deleteTokenPath.Value + "', true);\n" +
" xhttp.setRequestHeader('api-token', '" + apiToken + "');\n" +
" xhttp.send();\n" +
"}\n" +
"</script>\n";
html = html.Replace("</body>", unloadStript + "</body>");
}
var identification = context.GetFeature <IIdentification>();
var identity = identification == null ? string.Empty : (identification.IsAnonymous ? "Anonymous" : identification.Identity);
var session = context.GetFeature <ISession>();
var regex = new Regex("{{([^}]+)}}");
html = regex.Replace(html, m =>
{
var key = m.Groups[1].Value.ToLower();
switch (key)
{
case "api-token": return apiToken;
case "identity": return identity;
default: return session == null ? string.Empty : (session.Get <string>(key) ?? string.Empty);
}
});
var newBytes = encoding.GetBytes(html);
originalStream.Write(newBytes, 0, newBytes.Length);
}
else
{
newStream.WriteTo(originalStream);
}
}));
}
