public async Task UserSetupUrl() {
// Construct a V1 immediate request
Protocol protocol = Protocol.V11;
OpenIdProvider provider = this.CreateProvider();
var immediateRequest = new CheckIdRequest(protocol.Version, OPUri, DotNetOpenAuth.OpenId.AuthenticationRequestMode.Immediate);
immediateRequest.Realm = RPRealmUri;
immediateRequest.ReturnTo = RPUri;
immediateRequest.LocalIdentifier = "http://somebody";
var request = new AuthenticationRequest(provider, immediateRequest);
// Now simulate the request being rejected and extract the user_setup_url
request.IsAuthenticated = false;
Uri userSetupUrl = ((NegativeAssertionResponse)await request.GetResponseAsync(CancellationToken.None)).UserSetupUrl;
Assert.IsNotNull(userSetupUrl);
// Now construct a new request as if it had just come in.
var httpRequest = new HttpRequestMessage(HttpMethod.Get, userSetupUrl);
var setupRequest = (AuthenticationRequest)await provider.GetRequestAsync(httpRequest);
var setupRequestMessage = (CheckIdRequest)setupRequest.RequestMessage;
// And make sure all the right properties are set.
Assert.IsFalse(setupRequestMessage.Immediate);
Assert.AreEqual(immediateRequest.Realm, setupRequestMessage.Realm);
Assert.AreEqual(immediateRequest.ReturnTo, setupRequestMessage.ReturnTo);
Assert.AreEqual(immediateRequest.LocalIdentifier, setupRequestMessage.LocalIdentifier);
Assert.AreEqual(immediateRequest.Version, setupRequestMessage.Version);
}
public void UserSetupUrl() {
// Construct a V1 immediate request
Protocol protocol = Protocol.V11;
OpenIdProvider provider = this.CreateProvider();
CheckIdRequest immediateRequest = new CheckIdRequest(protocol.Version, OPUri, DotNetOpenAuth.OpenId.RelyingParty.AuthenticationRequestMode.Immediate);
immediateRequest.Realm = RPRealmUri;
immediateRequest.ReturnTo = RPUri;
immediateRequest.LocalIdentifier = "http://somebody";
AuthenticationRequest request = new AuthenticationRequest(provider, immediateRequest);
// Now simulate the request being rejected and extract the user_setup_url
request.IsAuthenticated = false;
Uri userSetupUrl = ((NegativeAssertionResponse)request.Response).UserSetupUrl;
Assert.IsNotNull(userSetupUrl);
// Now construct a new request as if it had just come in.
HttpRequestInfo httpRequest = new HttpRequestInfo { UrlBeforeRewriting = userSetupUrl };
var setupRequest = AuthenticationRequest_Accessor.AttachShadow(provider.GetRequest(httpRequest));
CheckIdRequest_Accessor setupRequestMessage = setupRequest.RequestMessage;
// And make sure all the right properties are set.
Assert.IsFalse(setupRequestMessage.Immediate);
Assert.AreEqual(immediateRequest.Realm, setupRequestMessage.Realm);
Assert.AreEqual(immediateRequest.ReturnTo, setupRequestMessage.ReturnTo);
Assert.AreEqual(immediateRequest.LocalIdentifier, setupRequestMessage.LocalIdentifier);
Assert.AreEqual(immediateRequest.Version, setupRequestMessage.Version);
}
public void IsReturnUrlDiscoverableValidButNoMatch() {
this.MockResponder.RegisterMockRPDiscovery();
this.provider.SecuritySettings.RequireSsl = false; // reset for another failure test case
this.checkIdRequest.ReturnTo = new Uri("http://somerandom/host");
this.request = new AuthenticationRequest(this.provider, this.checkIdRequest);
Assert.AreEqual(RelyingPartyDiscoveryResult.NoMatchingReturnTo, this.request.IsReturnUrlDiscoverable(this.provider.Channel.WebRequestHandler));
}
public override void SetUp() {
base.SetUp();
this.protocol = Protocol.Default;
this.provider = this.CreateProvider();
this.checkIdRequest = new CheckIdRequest(this.protocol.Version, OPUri, DotNetOpenAuth.OpenId.AuthenticationRequestMode.Setup);
this.checkIdRequest.Realm = RPRealmUri;
this.checkIdRequest.ReturnTo = RPUri;
this.request = new AuthenticationRequest(this.provider, this.checkIdRequest);
}
public override void SetUp() {
base.SetUp();
var op = this.CreateProvider();
var rpRequest = new CheckIdRequest(Protocol.Default.Version, OPUri, DotNetOpenAuth.OpenId.AuthenticationRequestMode.Setup);
rpRequest.ReturnTo = RPUri;
this.extensions = rpRequest.Extensions;
this.request = new AuthenticationRequest(op, rpRequest);
this.request.IsAuthenticated = true;
}
public void IsReturnUrlDiscoverable()
{
Protocol protocol = Protocol.Default;
OpenIdProvider provider = this.CreateProvider();
CheckIdRequest checkIdRequest = new CheckIdRequest(protocol.Version, OPUri, DotNetOpenAuth.OpenId.RelyingParty.AuthenticationRequestMode.Setup);
checkIdRequest.Realm = RPRealmUri;
checkIdRequest.ReturnTo = RPUri;
AuthenticationRequest request = new AuthenticationRequest(provider, checkIdRequest);
Assert.IsFalse(request.IsReturnUrlDiscoverable(this.MockResponder.MockWebRequestHandler));
this.MockResponder.RegisterMockRPDiscovery();
request = new AuthenticationRequest(provider, checkIdRequest);
Assert.IsTrue(request.IsReturnUrlDiscoverable(this.MockResponder.MockWebRequestHandler));
}
public void IsReturnUrlDiscoverableRequireSsl() {
this.MockResponder.RegisterMockRPDiscovery();
this.checkIdRequest.Realm = RPRealmUriSsl;
this.checkIdRequest.ReturnTo = RPUriSsl;
// Try once with RequireSsl
this.provider.SecuritySettings.RequireSsl = true;
this.request = new AuthenticationRequest(this.provider, this.checkIdRequest);
Assert.AreEqual(RelyingPartyDiscoveryResult.Success, this.request.IsReturnUrlDiscoverable(this.provider.Channel.WebRequestHandler));
// And again without RequireSsl
this.provider.SecuritySettings.RequireSsl = false;
this.request = new AuthenticationRequest(this.provider, this.checkIdRequest);
Assert.AreEqual(RelyingPartyDiscoveryResult.Success, this.request.IsReturnUrlDiscoverable(this.provider.Channel.WebRequestHandler));
}
public void Serializable() {
OpenIdProvider provider = this.CreateProvider();
CheckIdRequest immediateRequest = new CheckIdRequest(Protocol.Default.Version, OPUri, DotNetOpenAuth.OpenId.AuthenticationRequestMode.Immediate);
immediateRequest.Realm = RPRealmUri;
immediateRequest.ReturnTo = RPUri;
immediateRequest.LocalIdentifier = "http://somebody";
AuthenticationRequest request = new AuthenticationRequest(provider, immediateRequest);
MemoryStream ms = new MemoryStream();
IFormatter formatter = new BinaryFormatter();
formatter.Serialize(ms, request);
ms.Position = 0;
var req2 = (AuthenticationRequest)formatter.Deserialize(ms);
Assert.That(req2, Is.Not.Null);
}
public async Task IsReturnUrlDiscoverableRequireSsl() {
this.RegisterMockRPDiscovery(ssl: false);
this.RegisterMockRPDiscovery(ssl: true);
this.checkIdRequest.Realm = RPRealmUriSsl;
this.checkIdRequest.ReturnTo = RPUriSsl;
// Try once with RequireSsl
this.provider.SecuritySettings.RequireSsl = true;
this.request = new AuthenticationRequest(this.provider, this.checkIdRequest);
Assert.AreEqual(RelyingPartyDiscoveryResult.Success, await this.request.IsReturnUrlDiscoverableAsync(this.HostFactories, CancellationToken.None));
// And again without RequireSsl
this.provider.SecuritySettings.RequireSsl = false;
this.request = new AuthenticationRequest(this.provider, this.checkIdRequest);
Assert.AreEqual(RelyingPartyDiscoveryResult.Success, await this.request.IsReturnUrlDiscoverableAsync(this.HostFactories, CancellationToken.None));
}
/// <summary>
/// Gets the incoming OpenID request if there is one, or null if none was detected.
/// </summary>
/// <param name="request">The incoming HTTP request to extract the message from.</param>
/// <param name="cancellationToken">The cancellation token.</param>
/// <returns>
/// The request that the hosting Provider should process and then transmit the response for.
/// Null if no valid OpenID request was detected in the given HTTP request.
/// </returns>
/// <exception cref="ProtocolException">Thrown if the incoming message is recognized
/// but deviates from the protocol specification irrecoverably.</exception>
/// <remarks>
/// Requests may be infrastructural to OpenID and allow auto-responses, or they may
/// be authentication requests where the Provider site has to make decisions based
/// on its own user database and policies.
/// </remarks>
public async Task <IRequest> GetRequestAsync(HttpRequestMessage request, CancellationToken cancellationToken = default(CancellationToken))
{
Requires.NotNull(request, "request");
IDirectedProtocolMessage incomingMessage = null;
try {
incomingMessage = await this.Channel.ReadFromRequestAsync(request, cancellationToken);
if (incomingMessage == null)
{
// If the incoming request does not resemble an OpenID message at all,
// it's probably a user who just navigated to this URL, and we should
// just return null so the host can display a message to the user.
if (request.Method == HttpMethod.Get && !request.RequestUri.QueryStringContainPrefixedParameters(Protocol.Default.openid.Prefix))
{
return(null);
}
ErrorUtilities.ThrowProtocol(MessagingStrings.UnexpectedMessageReceivedOfMany);
}
IRequest result = null;
var checkIdMessage = incomingMessage as CheckIdRequest;
if (checkIdMessage != null)
{
result = new AuthenticationRequest(this, checkIdMessage);
}
if (result == null)
{
var extensionOnlyRequest = incomingMessage as SignedResponseRequest;
if (extensionOnlyRequest != null)
{
result = new AnonymousRequest(this, extensionOnlyRequest);
}
}
if (result == null)
{
var checkAuthMessage = incomingMessage as CheckAuthenticationRequest;
if (checkAuthMessage != null)
{
result = new AutoResponsiveRequest(incomingMessage, new CheckAuthenticationResponseProvider(checkAuthMessage, this), this.SecuritySettings);
}
}
if (result == null)
{
var associateMessage = incomingMessage as IAssociateRequestProvider;
if (associateMessage != null)
{
result = new AutoResponsiveRequest(incomingMessage, AssociateRequestProviderTools.CreateResponse(associateMessage, this.AssociationStore, this.SecuritySettings), this.SecuritySettings);
}
}
if (result != null)
{
foreach (var behavior in this.Behaviors)
{
if (await behavior.OnIncomingRequestAsync(result, cancellationToken))
{
// This behavior matched this request.
break;
}
}
return(result);
}
throw ErrorUtilities.ThrowProtocol(MessagingStrings.UnexpectedMessageReceivedOfMany);
} catch (ProtocolException ex) {
IRequest errorResponse = this.GetErrorResponse(ex, request, incomingMessage);
if (errorResponse == null)
{
throw;
}
return(errorResponse);
}
}
public void IsReturnUrlDiscoverableValidResponse() {
this.MockResponder.RegisterMockRPDiscovery();
this.request = new AuthenticationRequest(this.provider, this.checkIdRequest);
Assert.AreEqual(RelyingPartyDiscoveryResult.Success, this.request.IsReturnUrlDiscoverable(this.provider.Channel.WebRequestHandler));
}
/// <summary>
/// Gets the incoming OpenID request if there is one, or null if none was detected.
/// </summary>
/// <param name="httpRequestInfo">The incoming HTTP request to extract the message from.</param>
/// <returns>
/// The request that the hosting Provider should process and then transmit the response for.
/// Null if no valid OpenID request was detected in the given HTTP request.
/// </returns>
/// <remarks>
/// Requests may be infrastructural to OpenID and allow auto-responses, or they may
/// be authentication requests where the Provider site has to make decisions based
/// on its own user database and policies.
/// </remarks>
/// <exception cref="ProtocolException">Thrown if the incoming message is recognized
/// but deviates from the protocol specification irrecoverably.</exception>
public IRequest GetRequest(HttpRequestInfo httpRequestInfo)
{
Contract.Requires(httpRequestInfo != null);
ErrorUtilities.VerifyArgumentNotNull(httpRequestInfo, "httpRequestInfo");
IDirectedProtocolMessage incomingMessage = null;
try {
incomingMessage = this.Channel.ReadFromRequest(httpRequestInfo);
if (incomingMessage == null) {
// If the incoming request does not resemble an OpenID message at all,
// it's probably a user who just navigated to this URL, and we should
// just return null so the host can display a message to the user.
if (httpRequestInfo.HttpMethod == "GET" && !httpRequestInfo.UrlBeforeRewriting.QueryStringContainPrefixedParameters(Protocol.Default.openid.Prefix)) {
return null;
}
ErrorUtilities.ThrowProtocol(MessagingStrings.UnexpectedMessageReceivedOfMany);
}
IRequest result = null;
var checkIdMessage = incomingMessage as CheckIdRequest;
if (checkIdMessage != null) {
result = new AuthenticationRequest(this, checkIdMessage);
}
if (result == null) {
var extensionOnlyRequest = incomingMessage as SignedResponseRequest;
if (extensionOnlyRequest != null) {
result = new AnonymousRequest(this, extensionOnlyRequest);
}
}
if (result == null) {
var checkAuthMessage = incomingMessage as CheckAuthenticationRequest;
if (checkAuthMessage != null) {
result = new AutoResponsiveRequest(incomingMessage, new CheckAuthenticationResponse(checkAuthMessage, this), this.SecuritySettings);
}
}
if (result == null) {
var associateMessage = incomingMessage as AssociateRequest;
if (associateMessage != null) {
result = new AutoResponsiveRequest(incomingMessage, associateMessage.CreateResponse(this.AssociationStore, this.SecuritySettings), this.SecuritySettings);
}
}
if (result != null) {
foreach (var behavior in this.Behaviors) {
if (behavior.OnIncomingRequest(result)) {
// This behavior matched this request.
break;
}
}
return result;
}
throw ErrorUtilities.ThrowProtocol(MessagingStrings.UnexpectedMessageReceivedOfMany);
} catch (ProtocolException ex) {
IRequest errorResponse = this.GetErrorResponse(ex, httpRequestInfo, incomingMessage);
if (errorResponse == null) {
throw;
}
return errorResponse;
}
}
/// <summary>
/// Gets the incoming OpenID request if there is one, or null if none was detected.
/// </summary>
/// <param name="httpRequestInfo">The incoming HTTP request to extract the message from.</param>
/// <returns>
/// The request that the hosting Provider should process and then transmit the response for.
/// Null if no valid OpenID request was detected in the given HTTP request.
/// </returns>
/// <remarks>
/// Requests may be infrastructural to OpenID and allow auto-responses, or they may
/// be authentication requests where the Provider site has to make decisions based
/// on its own user database and policies.
/// </remarks>
/// <exception cref="ProtocolException">Thrown if the incoming message is recognized
/// but deviates from the protocol specification irrecoverably.</exception>
public IRequest GetRequest(HttpRequestInfo httpRequestInfo)
{
Contract.Requires <ArgumentNullException>(httpRequestInfo != null);
IDirectedProtocolMessage incomingMessage = null;
try {
incomingMessage = this.Channel.ReadFromRequest(httpRequestInfo);
if (incomingMessage == null)
{
// If the incoming request does not resemble an OpenID message at all,
// it's probably a user who just navigated to this URL, and we should
// just return null so the host can display a message to the user.
if (httpRequestInfo.HttpMethod == "GET" && !httpRequestInfo.UrlBeforeRewriting.QueryStringContainPrefixedParameters(Protocol.Default.openid.Prefix))
{
return(null);
}
ErrorUtilities.ThrowProtocol(MessagingStrings.UnexpectedMessageReceivedOfMany);
}
IRequest result = null;
var checkIdMessage = incomingMessage as CheckIdRequest;
if (checkIdMessage != null)
{
result = new AuthenticationRequest(this, checkIdMessage);
}
if (result == null)
{
var extensionOnlyRequest = incomingMessage as SignedResponseRequest;
if (extensionOnlyRequest != null)
{
result = new AnonymousRequest(this, extensionOnlyRequest);
}
}
if (result == null)
{
var checkAuthMessage = incomingMessage as CheckAuthenticationRequest;
if (checkAuthMessage != null)
{
result = new AutoResponsiveRequest(incomingMessage, new CheckAuthenticationResponse(checkAuthMessage, this), this.SecuritySettings);
}
}
if (result == null)
{
var associateMessage = incomingMessage as AssociateRequest;
if (associateMessage != null)
{
result = new AutoResponsiveRequest(incomingMessage, associateMessage.CreateResponse(this.AssociationStore, this.SecuritySettings), this.SecuritySettings);
}
}
if (result != null)
{
foreach (var behavior in this.Behaviors)
{
if (behavior.OnIncomingRequest(result))
{
// This behavior matched this request.
break;
}
}
return(result);
}
throw ErrorUtilities.ThrowProtocol(MessagingStrings.UnexpectedMessageReceivedOfMany);
} catch (ProtocolException ex) {
IRequest errorResponse = this.GetErrorResponse(ex, httpRequestInfo, incomingMessage);
if (errorResponse == null)
{
throw;
}
return(errorResponse);
}
}
public async Task IsReturnUrlDiscoverableValidButNoMatch() {
this.RegisterMockRPDiscovery(false);
this.provider.SecuritySettings.RequireSsl = false; // reset for another failure test case
this.checkIdRequest.ReturnTo = new Uri("http://somerandom/host");
this.request = new AuthenticationRequest(this.provider, this.checkIdRequest);
Assert.AreEqual(
RelyingPartyDiscoveryResult.NoMatchingReturnTo,
await this.request.IsReturnUrlDiscoverableAsync(this.provider.Channel.HostFactories, CancellationToken.None));
}
public async Task IsReturnUrlDiscoverableValidResponse() {
this.RegisterMockRPDiscovery(false);
this.request = new AuthenticationRequest(this.provider, this.checkIdRequest);
Assert.AreEqual(RelyingPartyDiscoveryResult.Success, await this.request.IsReturnUrlDiscoverableAsync(this.provider.Channel.HostFactories, CancellationToken.None));
}