diff options
| author | David Christiansen <coding@davedoes.net> | 2012-07-01 23:06:15 +0100 |
|---|---|---|
| committer | David Christiansen <coding@davedoes.net> | 2012-07-01 23:06:15 +0100 |
| commit | 26e66557540cd70188dce590544c05c7b6ad9f84 (patch) | |
| tree | 9d90ce0788b794a5689d9205ac18d09a6bd7d479 /src/OpenID/OpenIdProviderMvc/Controllers | |
| parent | 3286c37f3a967e7d142534df84604a66be9d176c (diff) | |
| download | DotNetOpenAuth.Samples-26e66557540cd70188dce590544c05c7b6ad9f84.zip DotNetOpenAuth.Samples-26e66557540cd70188dce590544c05c7b6ad9f84.tar.gz DotNetOpenAuth.Samples-26e66557540cd70188dce590544c05c7b6ad9f84.tar.bz2 | |
Upgrade to latest nuget package
Diffstat (limited to 'src/OpenID/OpenIdProviderMvc/Controllers')
| -rw-r--r-- | src/OpenID/OpenIdProviderMvc/Controllers/OpenIdController.cs | 48 |
1 files changed, 44 insertions, 4 deletions
diff --git a/src/OpenID/OpenIdProviderMvc/Controllers/OpenIdController.cs b/src/OpenID/OpenIdProviderMvc/Controllers/OpenIdController.cs index 198c434..6d2cc32 100644 --- a/src/OpenID/OpenIdProviderMvc/Controllers/OpenIdController.cs +++ b/src/OpenID/OpenIdProviderMvc/Controllers/OpenIdController.cs @@ -17,6 +17,16 @@ namespace OpenIdProviderMvc.Controllers { public class OpenIdController : Controller { internal static OpenIdProvider OpenIdProvider = new OpenIdProvider(); + public OpenIdController() + : this(null) { + } + + public OpenIdController(IFormsAuthentication formsAuthentication) { + this.FormsAuth = formsAuthentication ?? new FormsAuthenticationService(); + } + + public IFormsAuthentication FormsAuth { get; private set; } + [ValidateInput(false)] public ActionResult Provider() { IRequest request = OpenIdProvider.GetRequest(); @@ -29,6 +39,29 @@ namespace OpenIdProviderMvc.Controllers { // This is apparently one that the host (the web site itself) has to respond to. ProviderEndpoint.PendingRequest = (IHostProcessedRequest)request; + // If PAPE requires that the user has logged in recently, we may be required to challenge the user to log in. + var papeRequest = ProviderEndpoint.PendingRequest.GetExtension<PolicyRequest>(); + if (papeRequest != null && papeRequest.MaximumAuthenticationAge.HasValue) { + TimeSpan timeSinceLogin = DateTime.UtcNow - this.FormsAuth.SignedInTimestampUtc.Value; + if (timeSinceLogin > papeRequest.MaximumAuthenticationAge.Value) { + // The RP wants the user to have logged in more recently than he has. + // We'll have to redirect the user to a login screen. + return this.RedirectToAction("LogOn", "Account", new { returnUrl = this.Url.Action("ProcessAuthRequest") }); + } + } + + return this.ProcessAuthRequest(); + } else { + // No OpenID request was recognized. This may be a user that stumbled on the OP Endpoint. + return this.View(); + } + } + + public ActionResult ProcessAuthRequest() { + if (ProviderEndpoint.PendingRequest == null) { + return this.RedirectToAction("Index", "Home"); + } + // Try responding immediately if possible. ActionResult response; if (this.AutoRespondIfPossible(out response)) { @@ -42,10 +75,6 @@ namespace OpenIdProviderMvc.Controllers { } return this.RedirectToAction("AskUser"); - } else { - // No OpenID request was recognized. This may be a user that stumbled on the OP Endpoint. - return this.View(); - } } /// <summary> @@ -133,6 +162,17 @@ namespace OpenIdProviderMvc.Controllers { pendingRequest.AddResponseExtension(claimsResponse); } + + // Look for PAPE requests. + var papeRequest = pendingRequest.GetExtension<PolicyRequest>(); + if (papeRequest != null) { + var papeResponse = new PolicyResponse(); + if (papeRequest.MaximumAuthenticationAge.HasValue) { + papeResponse.AuthenticationTimeUtc = this.FormsAuth.SignedInTimestampUtc; + } + + pendingRequest.AddResponseExtension(papeResponse); + } } return OpenIdProvider.PrepareResponse(pendingRequest).AsActionResult(); |