private async Task <IEndpointResult> ProcessUserInfoRequestAsync(HttpContext context) { _logger.LogDebug("Start userinfo request"); // userinfo requires an access token on the request var tokenUsageResult = await _tokenUsageValidator.ValidateAsync(context); if (tokenUsageResult.TokenFound == false) { var error = "No access token found."; _logger.LogError(error); return(Error(OidcConstants.ProtectedResourceErrors.InvalidToken)); } // validate the request _logger.LogTrace("Calling into userinfo request validator: {type}", _requestValidator.GetType().FullName); var validationResult = await _requestValidator.ValidateRequestAsync(tokenUsageResult.Token); if (validationResult.IsError) { //_logger.LogError("Error validating validationResult.Error); return(Error(validationResult.Error)); } // generate response _logger.LogTrace("Calling into userinfo response generator: {type}", _responseGenerator.GetType().FullName); var response = await _responseGenerator.ProcessAsync(validationResult); _logger.LogDebug("End userinfo request"); return(new UserInfoResult(response)); }
public async Task <IHttpActionResult> GetUserInfo(HttpRequestMessage request) { Logger.Info("Start userinfo request"); if (!_options.Endpoints.UserInfoEndpoint.IsEnabled) { Logger.Warn("Endpoint is disabled. Aborting"); return(NotFound()); } var tokenUsageResult = await _tokenUsageValidator.ValidateAsync(request); if (tokenUsageResult.TokenFound == false) { return(Error(Constants.ProtectedResourceErrors.InvalidToken)); } var tokenResult = await _tokenValidator.ValidateAccessTokenAsync( tokenUsageResult.Token, Constants.StandardScopes.OpenId); if (tokenResult.IsError) { return(Error(tokenResult.Error)); } // pass scopes/claims to profile service var subject = tokenResult.Claims.FirstOrDefault(c => c.Type == Constants.ClaimTypes.Subject).Value; var scopes = tokenResult.Claims.Where(c => c.Type == Constants.ClaimTypes.Scope).Select(c => c.Value); var payload = await _generator.ProcessAsync(subject, scopes); return(new UserInfoResult(payload)); }
public override async Task <IEndpointResult> ProcessAsync(HttpContext context) { Logger.LogDebug("Start authorize2 request"); if (!HttpMethods.IsPost(context.Request.Method)) { Logger.LogWarning("Invalid HTTP request for token endpoint"); return(Error(Authorize2Constants.Authorize2Errors.InvalidRequest)); } var tokenUsageResult = await _tokenUsageValidator.ValidateAsync(context); if (tokenUsageResult.TokenFound == false) { var error = "No access token found."; _logger.LogError(error); return(Error(OidcConstants.ProtectedResourceErrors.InvalidToken)); } if (!context.Request.HasFormContentType) { return(new StatusCodeResult(HttpStatusCode.UnsupportedMediaType)); } // validate the request Logger.LogTrace("Calling into userinfo request validator: {type}", _requestValidator.GetType().FullName); var validationResult = await _requestValidator.ValidateRequestAsync(tokenUsageResult.Token); if (validationResult.IsError) { //_logger.LogError("Error validating validationResult.Error); return(Error(validationResult.Error)); } // validate client var clientResult = await _clientValidator.ValidateAsync(context); if (clientResult.Client == null) { return(Error(Authorize2Constants.Authorize2Errors.InvalidClient)); } // validate request NameValueCollection values = (await context.Request.ReadFormAsync()).AsNameValueCollection(); Logger.LogTrace("Calling into token request validator: {type}", _validator2.GetType().FullName); var requestResult = await _validator2.ValidateRequestAsync(values, clientResult); // var user = await UserSession.GetUserAsync(); var user = validationResult.Subject; var result = await ProcessAuthorizeRequestAsync(values, user, null); Logger.LogTrace("End authorize request. result type: {0}", result?.GetType().ToString() ?? "-none-"); // return Error(Authorize2Constants.Authorize2Errors.InvalidClient); return(new Authorize2Result(result as AuthorizeResult)); }
public async Task No_Header_no_Body_Get() { var request = new HttpRequestMessage(); request.Method = HttpMethod.Get; var validator = new BearerTokenUsageValidator(); var result = await validator.ValidateAsync(request); result.TokenFound.Should().BeFalse(); }
public async Task <IHttpActionResult> GetUserInfo(HttpRequestMessage request) { Logger.Info("Start userinfo request"); var tokenUsageResult = await _tokenUsageValidator.ValidateAsync(request.GetOwinContext()); if (tokenUsageResult.TokenFound == false) { var error = "No token found."; Logger.Error(error); await RaiseFailureEventAsync(error); return(Error(Constants.ProtectedResourceErrors.InvalidToken)); } Logger.Info("Token found: " + tokenUsageResult.UsageType.ToString()); var tokenResult = await _tokenValidator.ValidateAccessTokenAsync( tokenUsageResult.Token, Constants.StandardScopes.OpenId); if (tokenResult.IsError) { Logger.Error(tokenResult.Error); await RaiseFailureEventAsync(tokenResult.Error); return(Error(tokenResult.Error)); } // pass scopes/claims to profile service var tokenClaims = tokenResult.Claims; if (!tokenClaims.Any(x => x.Type == Constants.ClaimTypes.Subject)) { var error = "Token contains no sub claim"; Logger.Error(error); await RaiseFailureEventAsync(error); return(Error(Constants.ProtectedResourceErrors.InvalidToken)); } var userClaims = tokenClaims.Where(x => !Constants.OidcProtocolClaimTypes.Contains(x.Type) || Constants.AuthenticateResultClaimTypes.Contains(x.Type)); var scopes = tokenResult.Claims.Where(c => c.Type == Constants.ClaimTypes.Scope).Select(c => c.Value); var payload = await _generator.ProcessAsync(userClaims, scopes, tokenResult.Client); Logger.Info("End userinfo request"); await RaiseSuccessEventAsync(); return(new UserInfoResult(payload)); }
public async Task No_Header_no_Body_Get() { var ctx = new DefaultHttpContext(); ctx.Request.Method = "GET"; var validator = new BearerTokenUsageValidator(TestLogger.Create <BearerTokenUsageValidator>()); var result = await validator.ValidateAsync(ctx); result.TokenFound.Should().BeFalse(); }
public async Task No_Header_no_Body_Post() { var ctx = new OwinContext(); ctx.Request.Method = "POST"; var validator = new BearerTokenUsageValidator(); var result = await validator.ValidateAsync(ctx); result.TokenFound.Should().BeFalse(); }
public async Task No_Header_no_Body_Post() { var request = new HttpRequestMessage(); request.Method = HttpMethod.Post; request.Content = new FormUrlEncodedContent(new Dictionary <string, string>()); var validator = new BearerTokenUsageValidator(); var result = await validator.ValidateAsync(request); result.TokenFound.Should().BeFalse(); }
public async Task Whitespaces_Bearer_Scheme_Header() { var request = new HttpRequestMessage(); request.Method = HttpMethod.Get; request.Headers.Add("Authorization", "Bearer "); var validator = new BearerTokenUsageValidator(); var result = await validator.ValidateAsync(request); result.TokenFound.Should().BeFalse(); }
public async Task Whitespaces_Bearer_Scheme_Header() { var ctx = new OwinContext(); ctx.Request.Method = "GET"; ctx.Request.Headers.Add("Authorization", new string[] { "Bearer " }); var validator = new BearerTokenUsageValidator(); var result = await validator.ValidateAsync(ctx); result.TokenFound.Should().BeFalse(); }
public async Task Empty_Bearer_Scheme_Header() { var ctx = new DefaultHttpContext(); ctx.Request.Method = "GET"; ctx.Request.Headers.Add("Authorization", new string[] { "Bearer" }); var validator = new BearerTokenUsageValidator(TestLogger.Create <BearerTokenUsageValidator>()); var result = await validator.ValidateAsync(ctx); result.TokenFound.Should().BeFalse(); }
private async Task <IEndpointResult> ProcessUserInfoRequestAsync(HttpContext context) { _logger.LogDebug("Start userinfo request"); var tokenUsageResult = await _tokenUsageValidator.ValidateAsync(context); if (tokenUsageResult.TokenFound == false) { var error = "No access token found."; _logger.LogError(error); await RaiseFailureEventAsync(error); return(Error(OidcConstants.ProtectedResourceErrors.InvalidToken)); } _logger.LogDebug("Token found: {bearerTokenUsageType}", tokenUsageResult.UsageType.ToString()); var tokenResult = await _tokenValidator.ValidateAccessTokenAsync( tokenUsageResult.Token, Constants.StandardScopes.OpenId); if (tokenResult.IsError) { _logger.LogError(tokenResult.Error); await RaiseFailureEventAsync(tokenResult.Error); return(Error(tokenResult.Error)); } // pass scopes/claims to profile service var claims = tokenResult.Claims.Where(x => !Constants.Filters.ProtocolClaimsFilter.Contains(x.Type)); var subject = Principal.Create("UserInfo", claims.ToArray()); if (subject.FindFirst(JwtClaimTypes.Subject) == null) { var error = "Token contains no sub claim"; _logger.LogError(error); await RaiseFailureEventAsync(error); return(Error(OidcConstants.ProtectedResourceErrors.InvalidToken)); } var scopes = tokenResult.Claims.Where(c => c.Type == JwtClaimTypes.Scope).Select(c => c.Value); var payload = await _generator.ProcessAsync(subject, scopes, tokenResult.Client); _logger.LogDebug("End userinfo request"); await RaiseSuccessEventAsync(); return(new UserInfoResult(payload)); }
public async Task Valid_Bearer_Scheme_Header() { var ctx = new OwinContext(); ctx.Request.Method = "GET"; ctx.Request.Headers.Add("Authorization", new string[] { "Bearer token" }); var validator = new BearerTokenUsageValidator(); var result = await validator.ValidateAsync(ctx); result.TokenFound.Should().BeTrue(); result.Token.Should().Be("token"); result.UsageType.Should().Be(BearerTokenUsageType.AuthorizationHeader); }
public async Task Valid_Bearer_Scheme_Header() { var request = new HttpRequestMessage(); request.Method = HttpMethod.Get; request.Headers.Add("Authorization", "Bearer token"); var validator = new BearerTokenUsageValidator(); var result = await validator.ValidateAsync(request); result.TokenFound.Should().BeTrue(); result.Token.Should().Be("token"); result.UsageType.Should().Be(BearerTokenUsageType.AuthorizationHeader); }
public async Task Body_Post_no_Token() { var ctx = new OwinContext(); ctx.Request.Method = "POST"; ctx.Request.ContentType = "application/x-www-form-urlencoded"; var body = "foo=bar"; ctx.Request.Body = new MemoryStream(Encoding.UTF8.GetBytes(body)); var validator = new BearerTokenUsageValidator(); var result = await validator.ValidateAsync(ctx); result.TokenFound.Should().BeFalse(); }
public async Task Body_Post_Whitespace_Token() { var ctx = new DefaultHttpContext(); ctx.Request.Method = "POST"; ctx.Request.ContentType = "application/x-www-form-urlencoded"; var body = "access_token= "; ctx.Request.Body = new MemoryStream(Encoding.UTF8.GetBytes(body)); var validator = new BearerTokenUsageValidator(TestLogger.Create <BearerTokenUsageValidator>()); var result = await validator.ValidateAsync(ctx); result.TokenFound.Should().BeFalse(); }
public async Task Body_Post_Whitespace_Token() { var request = new HttpRequestMessage(); request.Method = HttpMethod.Post; request.Content = new FormUrlEncodedContent(new Dictionary <string, string> { { "access_token", " " } }); var validator = new BearerTokenUsageValidator(); var result = await validator.ValidateAsync(request); result.TokenFound.Should().BeFalse(); }
public async Task Valid_Body_Post() { var ctx = new OwinContext(); ctx.Request.Method = "POST"; ctx.Request.ContentType = "application/x-www-form-urlencoded"; var body = "access_token=token"; ctx.Request.Body = new MemoryStream(Encoding.UTF8.GetBytes(body)); var validator = new BearerTokenUsageValidator(); var result = await validator.ValidateAsync(ctx); result.TokenFound.Should().BeTrue(); result.Token.Should().Be("token"); result.UsageType.Should().Be(BearerTokenUsageType.PostBody); }
public async Task Valid_Body_Post() { var request = new HttpRequestMessage(); request.Method = HttpMethod.Post; request.Content = new FormUrlEncodedContent(new Dictionary <string, string> { { "access_token", "token" } }); var validator = new BearerTokenUsageValidator(); var result = await validator.ValidateAsync(request); result.TokenFound.Should().BeTrue(); result.Token.Should().Be("token"); result.UsageType.Should().Be(BearerTokenUsageType.PostBody); }
public async Task <IEndpointResult> ProcessAsync(IdentityServerContext context) { if (context.HttpContext.Request.Method != "GET" && context.HttpContext.Request.Method != "POST") { return(new StatusCodeResult(405)); } _logger.LogVerbose("Start userinfo request"); var tokenUsageResult = await _tokenUsageValidator.ValidateAsync(context.HttpContext); if (tokenUsageResult.TokenFound == false) { var error = "No token found."; _logger.LogError(error); await RaiseFailureEventAsync(error); return(Error(OidcConstants.ProtectedResourceErrors.InvalidToken)); } _logger.LogInformation("Token found: {token}", tokenUsageResult.UsageType.ToString()); var tokenResult = await _tokenValidator.ValidateAccessTokenAsync( tokenUsageResult.Token, Constants.StandardScopes.OpenId); if (tokenResult.IsError) { _logger.LogError(tokenResult.Error); await RaiseFailureEventAsync(tokenResult.Error); return(Error(tokenResult.Error)); } // pass scopes/claims to profile service var subject = tokenResult.Claims.FirstOrDefault(c => c.Type == JwtClaimTypes.Subject).Value; var scopes = tokenResult.Claims.Where(c => c.Type == JwtClaimTypes.Scope).Select(c => c.Value); var payload = await _generator.ProcessAsync(subject, scopes, tokenResult.Client); _logger.LogInformation("End userinfo request"); await RaiseSuccessEventAsync(); return(new UserInfoResult(payload)); }
private async Task <IEndpointResult> ProcessUserInfoRequestAsync(HttpContext context) { _logger.LogDebug("Start userinfo request"); // userinfo requires an access token on the request var tokenUsageResult = await _tokenUsageValidator.ValidateAsync(context); if (tokenUsageResult.TokenFound == false) { var error = "No access token found."; _logger.LogError(error); return(Error(OidcConstants.ProtectedResourceErrors.InvalidToken)); } // validate the request _logger.LogTrace("Calling into userinfo request validator: {type}", _requestValidator.GetType().FullName); var validationResult = await _requestValidator.ValidateRequestAsync(tokenUsageResult.Token); if (validationResult.IsError) { //_logger.LogError("Error validating validationResult.Error); return(Error(validationResult.Error)); } // generate response _logger.LogTrace("Calling into userinfo response generator: {type}", _responseGenerator.GetType().FullName); var response = await _responseGenerator.ProcessAsync(validationResult); var id = response.Values.LastOrDefault(); var serelizeArrayId = JsonConvert.SerializeObject(id); serelizeArrayId = serelizeArrayId.Replace("[", ""); serelizeArrayId = serelizeArrayId.Replace("]", ""); serelizeArrayId = serelizeArrayId.Replace("\"", ""); var respon = await _usersService.GetByIdUserTest(serelizeArrayId); _logger.LogDebug("End userinfo request"); return(new UserInfoResult(respon)); }