示例#1
0
            public void GivenSomeTokenWithNoExtraData_ThrowsIfTokenInvalid()
            {
                // Arrange.
                var antiForgery = new AntiForgery();
                var guid        = Guid.NewGuid();
                var token       = guid.ToString();

                // Act/Assert.
                Assert.Throws <AuthenticationException>(() => antiForgery.ValidateToken(token, "YOU'VE BEEN HAXED SUCKA!"));
            }
示例#2
0
            public void GivenSomeTokenWithExtraData_ThrowsIfTokenInvalid()
            {
                // Arrange.
                const string expectedExtraData = "/abc/123";
                var          antiForgery       = new AntiForgery();
                var          guid  = Guid.NewGuid();
                var          token = guid.ToString();
                string       kept  = String.Format("{0}|{1}", token, Convert.ToBase64String(Encoding.UTF8.GetBytes(expectedExtraData)));

                // Act/Assert.
                Assert.Throws <AuthenticationException>(() => antiForgery.ValidateToken(token, "YOU'VE BEEN HAXED SUCKA!"));
            }
示例#3
0
            public void GivenSomeTokenWithNoExtraData_ReturnsNullIfTokenValid()
            {
                // Arrange.
                var antiForgery = new AntiForgery();
                var guid        = Guid.NewGuid();
                var token       = guid.ToString();

                // Act.
                var result = antiForgery.ValidateToken(token, token);

                // Assert.
                Assert.Null(result);
            }
示例#4
0
            public void GivenSomeBadExtraData_ValidateToken_ReturnsABaddaBingBaddaBoom()
            {
                // Arrange.
                var          antiForgery = new AntiForgery();
                const string badToken    = "MultiPass|Bzzzzzt";

                // Act.
                var result = Assert.Throws <FormatException>(() => antiForgery.ValidateToken(badToken, "MultiPass"));

                // Assert.
                Assert.NotNull(result);
                Assert.Equal("Invalid length for a Base-64 char array or string.", result.Message);
            }
示例#5
0
            public void GivenSomeTokenWithExtraData_ReturnsExtraDataIfTokenValid()
            {
                // Arrange.
                const string expectedExtraData = "/abc/123";
                var          antiForgery       = new AntiForgery();
                var          guid  = Guid.NewGuid();
                var          token = guid.ToString();
                string       kept  = String.Format("{0}|{1}", token, Convert.ToBase64String(Encoding.UTF8.GetBytes(expectedExtraData)));

                // Act.
                var actualExtraData = antiForgery.ValidateToken(kept, token);

                // Assert.
                Assert.Equal(expectedExtraData, actualExtraData);
            }
        public ActionResult AuthenticateCallback(string providerkey)
        {
            if (string.IsNullOrEmpty(providerkey))
            {
                throw new ArgumentException("No provider key was supplied on the callback.");
            }

            // Determine which settings we need, based on the Provider.
            var settings = AuthenticationService.GetAuthenticateServiceSettings(providerkey, Request.Url,
                                                                                Url.CallbackFromOAuthProvider());

            // Pull the "ToKeep" token from the cookie and the "ToSend" token from the query string
            var keptToken     = DeserializeToken(Request);
            var recievedToken = Request.QueryString["state"];

            if (string.IsNullOrEmpty(recievedToken))
            {
                throw new InvalidOperationException(
                          "No state/recievedToken was retrieved from the provider. Are you sure you passed any state/token data to provider .. and .. that the provider can send it back to us? We need this to prevent any Cross site request forgery.");
            }

            // Validate the token against the recieved one and grab extra data
            string extraData = AntiForgery.ValidateToken(keptToken, recievedToken);

            var model = new AuthenticateCallbackViewModel();

            try
            {
                // Grab the authenticated client information.
                model.AuthenticatedClient = AuthenticationService.GetAuthenticatedClient(settings, Request.QueryString);
            }
            catch (Exception exception)
            {
                model.Exception = exception;
            }

            // If we have a redirect Url, lets grab this :)
            // NOTE: We've implimented the extraData part of the tokenData as the redirect url.
            if (!string.IsNullOrEmpty(extraData))
            {
                model.RedirectUrl = new Uri(extraData);
            }

            // Finally! We can hand over the logic to the consumer to do whatever they want.
            return(View("AuthenticateCallback", model));
        }