public UserAuthorizationResponse PrepareAuthorizationResponse(UserAuthorizationRequest request) { Requires.NotNull(request, "request"); // It is very important for us to ignore the oauth_callback argument in the // UserAuthorizationRequest if the Consumer is a 1.0a consumer or else we // open up a security exploit. IServiceProviderRequestToken token = this.TokenManager.GetRequestToken(request.RequestToken); Uri callback; if (request.Version >= Protocol.V10a.Version) { // In OAuth 1.0a, we'll prefer the token-specific callback to the pre-registered one. if (token.Callback != null) { callback = token.Callback; } else { IConsumerDescription consumer = this.TokenManager.GetConsumer(token.ConsumerKey); callback = consumer.Callback; } } else { // In OAuth 1.0, we'll prefer the pre-registered callback over the token-specific one // since 1.0 has a security weakness for user-modified callback URIs. IConsumerDescription consumer = this.TokenManager.GetConsumer(token.ConsumerKey); callback = consumer.Callback ?? request.Callback; } return(callback != null?this.PrepareAuthorizationResponse(request, callback) : null); }
public void UpdateToken(IServiceProviderRequestToken token) { // Nothing to do here, since we're using Linq To SQL, and // We call LinqToSql's SubmitChanges method via our Global.Application_EndRequest method. // This is a good pattern because we only save changes if the request didn't end up somehow failing. // But if you DO want to save changes at this point, you could do it like so: ////Global.DataContext.SubmitChanges(); }
/// <summary> /// Ensures that short-lived request tokens included in incoming messages have not expired. /// </summary> /// <param name="message">The incoming message.</param> /// <exception cref="ProtocolException">Thrown when the token in the message has expired.</exception> private void VerifyThrowTokenTimeToLive(ITokenContainingMessage message) { ErrorUtilities.VerifyInternal(!(message is AccessProtectedResourceRequest), "We shouldn't be verifying TTL on access tokens."); if (message == null || string.IsNullOrEmpty(message.Token)) { return; } try { IServiceProviderRequestToken token = this.tokenManager.GetRequestToken(message.Token); TimeSpan ttl = this.securitySettings.MaximumRequestTokenTimeToLive; if (DateTime.Now >= token.CreatedOn.ToLocalTimeSafe() + ttl) { Logger.OAuth.ErrorFormat( "OAuth request token {0} rejected because it was originally issued at {1}, expired at {2}, and it is now {3}.", token.Token, token.CreatedOn, token.CreatedOn + ttl, DateTime.Now); ErrorUtilities.ThrowProtocol(OAuthStrings.TokenNotFound); } } catch (KeyNotFoundException ex) { throw ErrorUtilities.Wrap(ex, OAuthStrings.TokenNotFound); } }
public void UpdateToken(IServiceProviderRequestToken token) { // Nothing to do here, since we're using Linq To SQL, and // We call LinqToSql's SubmitChanges method via our Global.Application_EndRequest method. // This is a good pattern because we only save changes if the request didn't end up somehow failing. // But if you DO want to save changes at this point, you could do it like so: ////Global.DataContext.SubmitChanges(); }
public void UpdateToken(IServiceProviderRequestToken token) { var authToken = OAuthServices.GetToken(token.Token); authToken.VerificationCode = token.VerificationCode; authToken.Callback = token.Callback.AbsoluteUri; authToken.Version = token.ConsumerVersion.ToString(); authToken.Token = token.Token; authToken.VerificationCode = token.VerificationCode; _oAuthServices.UpdateToken(authToken); }
protected void Page_Load(object sender, EventArgs e) { this.MasterPage.VisibleHeader = this.MasterPage.VisibleMainMenu = this.MasterPage.VisibleLeftArea = this.MasterPage.VisibleSubmenu = this.MasterPage.VisibleBreadcrumbs = this.MasterPage.VisibleFooter = this.MasterPage.VisibleHeaderMessage = this.MasterPage.EnableOverlay = false; if (this.EnableEmbeddedStyleSheets) { if (FrameworkConfiguration.Current.WebApplication.MasterPage.Theme == Pages.MasterPageTheme.Modern) { this.Page.Header.Controls.Add(Support.CreateStyleSheetLink(ResourceProvider.GetResourceUrl(ResourceProvider.LogOnModernStyleSheet, true))); } else { this.Page.Header.Controls.Add(Support.CreateStyleSheetLink(ResourceProvider.GetResourceUrl(ResourceProvider.LogOnStyleSheet, true))); } } m_PendingRequest = TokenProvider.Current.GetPendingUserAuthorizationRequest(); if (!IsPostBack) { this.LoadResources(); MainMultiView.ActiveViewIndex = 2; if (m_PendingRequest == null) { //Response.Redirect("~/Members/AuthorizedConsumers.aspx"); // TODO: Need to redirect to user's start page? } else { MainMultiView.ActiveViewIndex = 0; string token = ((ITokenContainingMessage)m_PendingRequest).Token; IServiceProviderRequestToken requestToken = TokenProvider.Current.GetRequestToken(token); OAuthDataSet.OAuthTokenRow requestTokenRow = (OAuthDataSet.OAuthTokenRow)requestToken; ConsumerLiteral.Text = string.Format(CultureInfo.InvariantCulture, Resources.OAuthControl_ConsumerLiteral_Text, TokenProvider.Current.GetConsumer(requestTokenRow.ConsumerId).Key, FrameworkConfiguration.Current.WebApplication.Name); // Generate an unpredictable secret that goes to the user agent and must come back with authorization // to guarantee the user interacted with this page rather than being scripted by an evil Consumer. OAuthAuthorizationSecToken.Value = UserContext.OAuthAuthorizationSecret = TokenProvider.Current.GenerateTokenSecret(); } } }
/// <summary> </summary> public void UpdateToken(IServiceProviderRequestToken token) { var tokenInDb = GlobalApplication.AuthTokens.SingleOrDefault(x => x.Token == token.Token); if (tokenInDb != null) { tokenInDb.VerificationCode = token.VerificationCode; tokenInDb.Callback = token.Callback; //tokenInDb.ConsumerKey = token.ConsumerKey; tokenInDb.Version = token.ConsumerVersion; tokenInDb.Token = token.Token; tokenInDb.VerificationCode = token.VerificationCode; } }
public void UpdateToken(IServiceProviderRequestToken token) { if (token != null) { OAuthDataSet.OAuthTokenRow row = GetOAuthTokenRow(token.Token); if (row != null) { row.RequestTokenVerifier = token.VerificationCode; using (OAuthTokenTableAdapter adapter = new OAuthTokenTableAdapter()) { adapter.Update(row); } } } }
/// <summary> /// Authorise a request token by adding a user to it. /// </summary> /// <param name="username">The username of the user to authorise the request token with.</param> /// <param name="requestToken">The request token being authorised.</param> /// <returns>true if authorisation successful; else null.</returns> /// <exception cref="ArgumentException">Thrown if a parameter is not valid.</exception> /// <exception cref="ArgumentNullException">Thrown if a parameter is null.</exception> /// <exception cref="Glipho.OAuth.OAuthException">Thrown if an error occurs while executing the requested command.</exception> public bool AuthoriseRequestToken(string username, IServiceProviderRequestToken requestToken) { if (string.IsNullOrWhiteSpace(username)) { throw new ArgumentException("username does not have a value.", "username"); } if (requestToken == null) { throw new ArgumentNullException("requestToken", "requestToken is null"); } var token = this.issuedTokens.Get(requestToken.Token) as Database.RequestToken; if (token == null) { return false; } token.Username = username; token.Authorised = true; return this.issuedTokens.Update(requestToken.Token, token); }
public void UpdateToken(IServiceProviderRequestToken token) { // Nothing to do here, since there's no database in this sample. }
/// <summary> /// Persists any changes made to the token. /// </summary> /// <param name="token">The token whose properties have been changed.</param> /// <remarks> /// This library will invoke this method after making a set /// of changes to the token as part of a web request to give the host /// the opportunity to persist those changes to a database. /// Depending on the object persistence framework the host site uses, /// this method MAY not need to do anything (if changes made to the token /// will automatically be saved without any extra handling). /// </remarks> void IServiceProviderTokenManager.UpdateToken(IServiceProviderRequestToken token) { Contract.Requires<ArgumentNullException>(token != null); throw new NotImplementedException(); }
/// <summary> /// Persists any changes made to the token. /// </summary> /// <param name="token">The token whose properties have been changed.</param> /// <exception cref="ArgumentNullException">Thrown if a parameter is null.</exception> /// <exception cref="InvalidOperationException">Thrown if the <paramref name="token"/> is not a <see cref="Database.RequestToken"/>.</exception> /// <exception cref="Glipho.OAuth.OAuthException">Thrown if an error occurs while executing the requested command.</exception> /// <remarks> /// This library will invoke this method after making a set /// of changes to the token as part of a web request to give the host /// the opportunity to persist those changes to a database. /// Depending on the object persistence framework the host site uses, /// this method MAY not need to do anything (if changes made to the token /// will automatically be saved without any extra handling). /// </remarks> public void UpdateToken(IServiceProviderRequestToken token) { if (token == null) { throw new ArgumentNullException("token", "token is null"); } var existing = this.issuedTokens.Get(token.Token) as Database.RequestToken; if (existing == null) { throw new InvalidOperationException(string.Format("token is of type \"{0}\" and not of expected type RequestToken.", token.GetType())); } this.issuedTokens.Update(token.Token, token.ToDataRequestToken(existing)); }
public void UpdateToken(IServiceProviderRequestToken token) { // Nothing to do here, since we're using Linq To SQL. }
public void UpdateToken(IServiceProviderRequestToken token) { var tokenInDb = Global.AuthTokens.SingleOrDefault(x => x.Token == token.Token); if (tokenInDb != null) { tokenInDb.VerificationCode = token.VerificationCode; tokenInDb.Callback = token.Callback; //tokenInDb.ConsumerKey = token.ConsumerKey; tokenInDb.Version = token.ConsumerVersion; tokenInDb.Token = token.Token; tokenInDb.VerificationCode = token.VerificationCode; } }
/// <summary> /// Persists any changes made to the token. /// </summary> /// <param name="token">The token whose properties have been changed.</param> /// <remarks> /// This library will invoke this method after making a set /// of changes to the token as part of a web request to give the host /// the opportunity to persist those changes to a database. /// Depending on the object persistence framework the host site uses, /// this method MAY not need to do anything (if changes made to the token /// will automatically be saved without any extra handling). /// </remarks> void IServiceProviderTokenManager.UpdateToken(IServiceProviderRequestToken token) { Requires.NotNull(token, "token"); throw new NotImplementedException(); }
/// <summary> /// Persists any changes made to the token. /// </summary> /// <param name="token">The token whose properties have been changed.</param> /// <remarks> /// This library will invoke this method after making a set /// of changes to the token as part of a web request to give the host /// the opportunity to persist those changes to a database. /// Depending on the object persistence framework the host site uses, /// this method MAY not need to do anything (if changes made to the token /// will automatically be saved without any extra handling). /// </remarks> void IServiceProviderTokenManager.UpdateToken(IServiceProviderRequestToken token) { Requires.NotNull(token, "token"); throw new NotImplementedException(); }
public void UpdateToken(IServiceProviderRequestToken token) { // Nothing to do here, since we're using Linq To SQL. }
public void UpdateToken(IServiceProviderRequestToken token) { try { TokenInfo tokenInfo = this.tokens[token.Token]; tokenInfo.Callback = token.Callback; tokenInfo.ConsumerKey = token.ConsumerKey; tokenInfo.ConsumerVersion = token.ConsumerVersion; tokenInfo.CreatedOn = token.CreatedOn; tokenInfo.VerificationCode = token.VerificationCode; } catch (Exception) { throw new KeyNotFoundException("Unrecognized token"); } }
/// <summary> /// Persists any changes made to the token. /// </summary> /// <param name="token">The token whose properties have been changed.</param> /// <remarks> /// This library will invoke this method after making a set /// of changes to the token as part of a web request to give the host /// the opportunity to persist those changes to a database. /// Depending on the object persistence framework the host site uses, /// this method MAY not need to do anything (if changes made to the token /// will automatically be saved without any extra handling). /// </remarks> public void UpdateToken(IServiceProviderRequestToken token) { Database.DataContext.SaveChanges(); }
/// <summary> /// Persists any changes made to the token. /// </summary> /// <param name="token">The token whose properties have been changed.</param> /// <remarks> /// This library will invoke this method after making a set /// of changes to the token as part of a web request to give the host /// the opportunity to persist those changes to a database. /// Depending on the object persistence framework the host site uses, /// this method MAY not need to do anything (if changes made to the token /// will automatically be saved without any extra handling). /// </remarks> public void UpdateToken(IServiceProviderRequestToken token) { Database.DataContext.SaveChanges(); }
/// <summary> /// Persists any changes made to the token. /// </summary> /// <param name="token">The token whose properties have been changed.</param> /// <remarks> /// This library will invoke this method after making a set /// of changes to the token as part of a web request to give the host /// the opportunity to persist those changes to a database. /// Depending on the object persistence framework the host site uses, /// this method MAY not need to do anything (if changes made to the token /// will automatically be saved without any extra handling). /// </remarks> void IServiceProviderTokenManager.UpdateToken(IServiceProviderRequestToken token) { Contract.Requires <ArgumentNullException>(token != null); throw new NotImplementedException(); }
public void UpdateToken(IServiceProviderRequestToken token) { // Nothing to do here, since there's no database in this sample. }