protected void Page_Load(object sender, EventArgs e) { if (!IsPostBack) { Master.SelectedTab = tabID.tabHome; if (Page.User.Identity.IsAuthenticated) { mvServices.SetActiveView(vwAuthenticated); foreach (MFBOAuthScope scope in Enum.GetValues(typeof(MFBOAuthScope))) { if (scope != MFBOAuthScope.none) { cklScopes.Items.Add(new ListItem(MFBOauthServer.ScopeDescription(scope), scope.ToString())); } } gvMyServices.DataSource = AdminMode ? MFBOauth2Client.GetAvailableClients() : OwnedClients; gvMyServices.DataBind(); } else { mvServices.SetActiveView(vwGuest); } } }
protected void gvMyServices_RowUpdating(object sender, GridViewUpdateEventArgs e) { if (e == null) { throw new ArgumentNullException(nameof(e)); } MFBOauth2Client client = new List <MFBOauth2Client>(OwnedClients)[e.RowIndex]; client.ClientSecret = (string)e.NewValues["ClientSecret"]; client.ClientName = (string)e.NewValues["ClientName"]; client.Callbacks = MFBOauth2Client.AllowedCallbacksFromString((string)e.NewValues["CallbacksAsString"]); client.Scope = (string)e.NewValues["Scope"]; try { MFBOauthServer.ScopesFromString(client.Scope); // will throw an exception for an invalid scope. client.Commit(); gvMyServices.EditIndex = -1; OwnedClients = null; // force a refresh. gvMyServices.DataSource = OwnedClients; gvMyServices.DataBind(); } catch (UnauthorizedAccessException ex) { lblErrGV.Text = ex.Message; } catch (MyFlightbookValidationException ex) { lblErrGV.Text = ex.Message; } catch (ArgumentOutOfRangeException ex) { lblErrGV.Text = ex.Message; } }
protected void Page_Load(object sender, EventArgs e) { try { if (!Request.IsSecureConnection) { throw new HttpException((int)HttpStatusCode.Forbidden, Resources.LocalizedText.oAuthErrNotSecure); } if (!IsPostBack) { if ((m_pendingRequest = this.authorizationServer.ReadAuthorizationRequest()) == null) { throw new HttpException((int)HttpStatusCode.BadRequest, Resources.LocalizedText.oAuthErrMissingRequest); } MFBOauth2Client client = (MFBOauth2Client)authorizationServer.AuthorizationServerServices.GetClient(m_pendingRequest.ClientIdentifier); if (Uri.Compare(m_pendingRequest.Callback, new Uri(client.Callback), UriComponents.HostAndPort | UriComponents.PathAndQuery, UriFormat.UriEscaped, StringComparison.CurrentCultureIgnoreCase) != 0) { throw new HttpException((int)HttpStatusCode.BadRequest, Resources.LocalizedText.oAuthErrBadRedirectURL); } HashSet <string> allowedScopes = OAuthUtilities.SplitScopes(client.Scope); if (!m_pendingRequest.Scope.IsSubsetOf(allowedScopes)) { throw new HttpException((int)HttpStatusCode.BadRequest, Resources.LocalizedText.oAuthErrUnauthorizedScopes); } IEnumerable <MFBOAuthScope> requestedScopes = MFBOauthServer.ScopesFromStrings(m_pendingRequest.Scope); // See if there are any scopes that are requested that are not allowed. IEnumerable <string> lstScopes = MFBOauthServer.ScopeDescriptions(requestedScopes); mvScopesRequested.SetActiveView(lstScopes.Count() == 0 ? vwNoScopes : vwRequestedScopes); rptPermissions.DataSource = lstScopes; rptPermissions.DataBind(); ViewState[szVSKeyPendingRequest] = m_pendingRequest; lblClientName.Text = client.ClientName; } else { m_pendingRequest = (EndUserAuthorizationRequest)ViewState[szVSKeyPendingRequest]; } } catch (HttpException ex) { RejectWithError(ex.Message); } catch (MyFlightbook.MyFlightbookException ex) { lblErr.Text = ex.Message; mvAuthorize.SetActiveView(vwErr); } }
protected void gvMyServices_RowCommand(object sender, CommandEventArgs e) { if (e != null && String.Compare(e.CommandName, "_Delete", StringComparison.OrdinalIgnoreCase) == 0) { MFBOauth2Client.DeleteForUser(e.CommandArgument.ToString(), Page.User.Identity.Name); OwnedClients = null; gvMyServices.DataSource = OwnedClients; gvMyServices.DataBind(); } }
protected void btnAddClient_Click(object sender, EventArgs e) { Page.Validate("newClient"); if (Page.IsValid) { List <string> lst = new List <string>(); foreach (ListItem li in cklScopes.Items) { if (li.Selected) { lst.Add(li.Value); } } string szScopes = String.Join(",", lst); MFBOauth2Client client = new MFBOauth2Client(txtClient.Text, txtSecret.Text, "https://" + txtCallback.Text, txtName.Text, szScopes, Page.User.Identity.Name); try { MFBOauthServer.ScopesFromString(szScopes); // will throw an exception for an invalid scope. client.Commit(); // will throw any exception. OwnedClients = null; // force a refresh. gvMyServices.DataSource = OwnedClients; gvMyServices.DataBind(); txtCallback.Text = txtClient.Text = txtName.Text = txtSecret.Text = string.Empty; foreach (ListItem li in cklScopes.Items) { li.Selected = false; } Expando.ExpandoControl.Collapsed = true; util.NotifyAdminEvent("oAuth client created", String.Format(CultureInfo.CurrentCulture, "User: {0}, Name: {1}", Page.User.Identity.Name, client.ClientName), ProfileRoles.maskCanReport); } catch (UnauthorizedAccessException ex) { lblErr.Text = ex.Message; } catch (MyFlightbookValidationException ex) { lblErr.Text = ex.Message; } catch (ArgumentOutOfRangeException ex) { lblErr.Text = ex.Message; } } }
protected void btnYes_Click(object sender, EventArgs e) { if (m_pendingRequest == null) { throw new HttpException((int)HttpStatusCode.BadRequest, Resources.LocalizedText.oAuthErrMissingRequest); } MFBOauth2Client client = (MFBOauth2Client)authorizationServer.AuthorizationServerServices.GetClient(m_pendingRequest.ClientIdentifier); MFBOauthClientAuth ca = new MFBOauthClientAuth { Scope = OAuthUtilities.JoinScopes(m_pendingRequest.Scope), ClientId = m_pendingRequest.ClientIdentifier, UserId = Page.User.Identity.Name, ExpirationDateUtc = DateTime.UtcNow.AddDays(14) }; if (ca.fCommit()) { EndUserAuthorizationSuccessResponseBase resp = authorizationServer.PrepareApproveAuthorizationRequest(m_pendingRequest, Page.User.Identity.Name); OutgoingWebResponse wr = authorizationServer.Channel.PrepareResponse(resp); wr.Send(); } else { RejectWithError(Resources.LocalizedText.oAuthErrCreationFailed); } }
protected void Page_Load(object sender, EventArgs e) { try { if (!Request.IsSecureConnection) { throw new HttpException((int)HttpStatusCode.Forbidden, Resources.LocalizedText.oAuthErrNotSecure); } if (!IsPostBack) { if ((m_pendingRequest = this.authorizationServer.ReadAuthorizationRequest()) == null) { throw new HttpException((int)HttpStatusCode.BadRequest, Resources.LocalizedText.oAuthErrMissingRequest); } MFBOauth2Client client = (MFBOauth2Client)authorizationServer.AuthorizationServerServices.GetClient(m_pendingRequest.ClientIdentifier); bool fIsValidCallback = false; foreach (string callback in client.Callbacks) { if (Uri.Compare(m_pendingRequest.Callback, new Uri(callback), UriComponents.HostAndPort | UriComponents.PathAndQuery, UriFormat.SafeUnescaped, StringComparison.CurrentCultureIgnoreCase) == 0) { fIsValidCallback = true; break; } } if (!fIsValidCallback) { throw new HttpException((int)HttpStatusCode.BadRequest, String.Format(System.Globalization.CultureInfo.CurrentCulture, Resources.LocalizedText.oAuthErrBadRedirectURL, m_pendingRequest.Callback.ToString())); } HashSet <string> allowedScopes = OAuthUtilities.SplitScopes(client.Scope); if (!m_pendingRequest.Scope.IsSubsetOf(allowedScopes)) { throw new HttpException((int)HttpStatusCode.BadRequest, Resources.LocalizedText.oAuthErrUnauthorizedScopes); } IEnumerable <MFBOAuthScope> requestedScopes = MFBOauthServer.ScopesFromStrings(m_pendingRequest.Scope); // See if there are any scopes that are requested that are not allowed. IEnumerable <string> lstScopes = MFBOauthServer.ScopeDescriptions(requestedScopes); mvScopesRequested.SetActiveView(!lstScopes.Any() ? vwNoScopes : vwRequestedScopes); rptPermissions.DataSource = lstScopes; rptPermissions.DataBind(); ViewState[szVSKeyPendingRequest] = m_pendingRequest; lblClientName.Text = HttpUtility.HtmlEncode(client.ClientName); } else { m_pendingRequest = (EndUserAuthorizationRequest)ViewState[szVSKeyPendingRequest]; } } catch (Exception ex) when(ex is HttpException || ex is ProtocolException || ex is ProtocolFaultResponseException || ex is MyFlightbook.MyFlightbookException) { lblErr.Text = ex.Message; mvAuthorize.SetActiveView(vwErr); } }
protected void Page_Load(object sender, EventArgs e) { if (!IsPostBack) { Master.SelectedTab = tabID.tabHome; if (Page.User.Identity.IsAuthenticated) { mvServices.SetActiveView(vwAuthenticated); foreach (MFBOAuthScope scope in Enum.GetValues(typeof(MFBOAuthScope))) { if (scope != MFBOAuthScope.none) { cklScopes.Items.Add(new ListItem(MFBOauthServer.ScopeDescription(scope), scope.ToString())); } } gvMyServices.DataSource = (util.GetIntParam(Request, "a", 0) != 0 && MyFlightbook.Profile.GetUser(Page.User.Identity.Name).CanSupport) ? MFBOauth2Client.GetAvailableClients() : OwnedClients; gvMyServices.DataBind(); } else { mvServices.SetActiveView(vwGuest); } } }