diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2013-01-13 20:18:54 -0800 |
|---|---|---|
| committer | Andrew Arnott <andrewarnott@gmail.com> | 2013-01-13 20:18:54 -0800 |
| commit | 28521b6c8d624be31d2ab1960a1f62dba3eef05c (patch) | |
| tree | d954cb2d7f3f4dc5bfaa330b8e2a9253b34a7f97 | |
| parent | 01849f64960c66a436a251b64227cdfdccfd995a (diff) | |
| download | DotNetOpenAuth-28521b6c8d624be31d2ab1960a1f62dba3eef05c.zip DotNetOpenAuth-28521b6c8d624be31d2ab1960a1f62dba3eef05c.tar.gz DotNetOpenAuth-28521b6c8d624be31d2ab1960a1f62dba3eef05c.tar.bz2 | |
OAuth2.ResourceServer now builds.
5 files changed, 30 insertions, 25 deletions
diff --git a/src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs b/src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs index 4b04052..f90612e 100644 --- a/src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs +++ b/src/DotNetOpenAuth.Core/Messaging/MessagingUtilities.cs @@ -501,13 +501,10 @@ namespace DotNetOpenAuth.Messaging { /// <param name="scheme">The scheme.</param> /// <param name="fields">The fields to include.</param> /// <returns>A value prepared for an HTTP header.</returns> - internal static string AssembleAuthorizationHeader(string scheme, IEnumerable<KeyValuePair<string, string>> fields) { - Requires.NotNullOrEmpty(scheme, "scheme"); + internal static string AssembleAuthorizationHeader(IEnumerable<KeyValuePair<string, string>> fields) { Requires.NotNull(fields, "fields"); var authorization = new StringBuilder(); - authorization.Append(scheme); - authorization.Append(" "); foreach (var pair in fields) { string key = MessagingUtilities.EscapeUriDataStringRfc3986(pair.Key); string value = MessagingUtilities.EscapeUriDataStringRfc3986(pair.Value); diff --git a/src/DotNetOpenAuth.Core/Messaging/StandardMessageFactoryChannel.cs b/src/DotNetOpenAuth.Core/Messaging/StandardMessageFactoryChannel.cs index be37dc4..e90ee44 100644 --- a/src/DotNetOpenAuth.Core/Messaging/StandardMessageFactoryChannel.cs +++ b/src/DotNetOpenAuth.Core/Messaging/StandardMessageFactoryChannel.cs @@ -35,8 +35,8 @@ namespace DotNetOpenAuth.Messaging { /// The binding elements to use in sending and receiving messages. /// The order they are provided is used for outgoing messgaes, and reversed for incoming messages. /// </param> - protected StandardMessageFactoryChannel(ICollection<Type> messageTypes, ICollection<Version> versions, IChannelBindingElement[] bindingElements, IHostFactories hostFactories) - : base(new StandardMessageFactory(), bindingElements, hostFactories) { + protected StandardMessageFactoryChannel(ICollection<Type> messageTypes, ICollection<Version> versions, IHostFactories hostFactories, IChannelBindingElement[] bindingElements = null) + : base(new StandardMessageFactory(), bindingElements ?? new IChannelBindingElement[0], hostFactories) { Requires.NotNull(messageTypes, "messageTypes"); Requires.NotNull(versions, "versions"); diff --git a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/ChannelElements/OAuth2ChannelBase.cs b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/ChannelElements/OAuth2ChannelBase.cs index 1c2c990..52a10f4 100644 --- a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/ChannelElements/OAuth2ChannelBase.cs +++ b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/ChannelElements/OAuth2ChannelBase.cs @@ -33,7 +33,7 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { /// The order they are provided is used for outgoing messgaes, and reversed for incoming messages. /// </param> internal OAuth2ChannelBase(Type[] messageTypes, IChannelBindingElement[] channelBindingElements = null, IHostFactories hostFactories = null) - : base(Requires.NotNull(messageTypes, "messageTypes"), Versions, channelBindingElements ?? new IChannelBindingElement[0], hostFactories ?? new DefaultOAuth2HostFactories()) { + : base(Requires.NotNull(messageTypes, "messageTypes"), Versions, hostFactories ?? new DefaultOAuth2HostFactories(), channelBindingElements ?? new IChannelBindingElement[0]) { } /// <summary> diff --git a/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ChannelElements/OAuth2ResourceServerChannel.cs b/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ChannelElements/OAuth2ResourceServerChannel.cs index 8cf7eeb..83bdfd9 100644 --- a/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ChannelElements/OAuth2ResourceServerChannel.cs +++ b/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ChannelElements/OAuth2ResourceServerChannel.cs @@ -9,13 +9,18 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { using System.Collections.Generic; using System.Linq; using System.Net; + using System.Net.Http; + using System.Net.Http.Headers; using System.Net.Mime; using System.Text; + using System.Threading; + using System.Threading.Tasks; using System.Web; using DotNetOpenAuth.Messaging; using DotNetOpenAuth.Messaging.Reflection; using DotNetOpenAuth.OAuth2.Messages; using Validation; + using HttpRequestHeaders = DotNetOpenAuth.Messaging.HttpRequestHeaders; /// <summary> /// The channel for the OAuth protocol. @@ -36,8 +41,8 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { /// <summary> /// Initializes a new instance of the <see cref="OAuth2ResourceServerChannel"/> class. /// </summary> - protected internal OAuth2ResourceServerChannel() - : base(MessageTypes, Versions) { + protected internal OAuth2ResourceServerChannel(IHostFactories hostFactories = null) + : base(MessageTypes, Versions, hostFactories ?? new DefaultOAuth2HostFactories()) { // TODO: add signing (authenticated request) binding element. } @@ -48,7 +53,7 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { /// <returns> /// The deserialized message, if one is found. Null otherwise. /// </returns> - protected override IDirectedProtocolMessage ReadFromRequestCore(HttpRequestBase request) { + protected override IDirectedProtocolMessage ReadFromRequestCore(HttpRequestBase request, CancellationToken cancellationToken) { var fields = new Dictionary<string, string>(); string accessToken; if ((accessToken = SearchForBearerAccessTokenInRequest(request)) != null) { @@ -81,7 +86,7 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { /// The deserialized message parts, if found. Null otherwise. /// </returns> /// <exception cref="ProtocolException">Thrown when the response is not valid.</exception> - protected override IDictionary<string, string> ReadFromResponseCore(IncomingWebResponse response) { + protected override Task<IDictionary<string, string>> ReadFromResponseCoreAsync(HttpResponseMessage response) { // We never expect resource servers to send out direct requests, // and therefore won't have direct responses. throw new NotImplementedException(); @@ -98,8 +103,8 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { /// <remarks> /// This method implements spec OAuth V1.0 section 5.3. /// </remarks> - protected override OutgoingWebResponse PrepareDirectResponse(IProtocolMessage response) { - var webResponse = new OutgoingWebResponse(); + protected override HttpResponseMessage PrepareDirectResponse(IProtocolMessage response) { + var webResponse = new HttpResponseMessage(); // The only direct response from a resource server is some authorization error (400, 401, 403). var unauthorizedResponse = response as UnauthorizedResponse; @@ -108,12 +113,12 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { // First initialize based on the specifics within the message. ApplyMessageTemplate(response, webResponse); if (!(response is IHttpDirectResponse)) { - webResponse.Status = HttpStatusCode.Unauthorized; + webResponse.StatusCode = HttpStatusCode.Unauthorized; } // Now serialize all the message parts into the WWW-Authenticate header. var fields = this.MessageDescriptions.GetAccessor(response); - webResponse.Headers[HttpResponseHeader.WwwAuthenticate] = MessagingUtilities.AssembleAuthorizationHeader(unauthorizedResponse.Scheme, fields); + webResponse.Headers.WwwAuthenticate.Add(new AuthenticationHeaderValue(unauthorizedResponse.Scheme, MessagingUtilities.AssembleAuthorizationHeader(fields))); return webResponse; } diff --git a/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ResourceServer.cs b/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ResourceServer.cs index bd129c0..ffeff59 100644 --- a/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ResourceServer.cs +++ b/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ResourceServer.cs @@ -15,6 +15,8 @@ namespace DotNetOpenAuth.OAuth2 { using System.ServiceModel.Channels; using System.Text; using System.Text.RegularExpressions; + using System.Threading; + using System.Threading.Tasks; using System.Web; using ChannelElements; using DotNetOpenAuth.OAuth.ChannelElements; @@ -86,7 +88,7 @@ namespace DotNetOpenAuth.OAuth2 { /// Thrown when the client is not authorized. This exception should be caught and the /// <see cref="ProtocolFaultResponseException.ErrorResponseMessage"/> message should be returned to the client. /// </exception> - public virtual AccessToken GetAccessToken(HttpRequestBase httpRequestInfo = null, params string[] requiredScopes) { + public virtual async Task<AccessToken> GetAccessTokenAsync(HttpRequestBase httpRequestInfo = null, CancellationToken cancellationToken = default(CancellationToken), params string[] requiredScopes) { Requires.NotNull(requiredScopes, "requiredScopes"); RequiresEx.ValidState(this.ScopeSatisfiedCheck != null, Strings.RequiredPropertyNotYetPreset); if (httpRequestInfo == null) { @@ -96,7 +98,8 @@ namespace DotNetOpenAuth.OAuth2 { AccessToken accessToken; AccessProtectedResourceRequest request = null; try { - if (this.Channel.TryReadFromRequest<AccessProtectedResourceRequest>(httpRequestInfo, out request)) { + request = await this.Channel.TryReadFromRequestAsync<AccessProtectedResourceRequest>(cancellationToken, httpRequestInfo); + if (request != null) { accessToken = this.AccessTokenAnalyzer.DeserializeAccessToken(request, request.AccessToken); ErrorUtilities.VerifyHost(accessToken != null, "IAccessTokenAnalyzer.DeserializeAccessToken returned a null reslut."); if (string.IsNullOrEmpty(accessToken.User) && string.IsNullOrEmpty(accessToken.ClientIdentifier)) { @@ -139,9 +142,9 @@ namespace DotNetOpenAuth.OAuth2 { /// Thrown when the client is not authorized. This exception should be caught and the /// <see cref="ProtocolFaultResponseException.ErrorResponseMessage"/> message should be returned to the client. /// </exception> - public virtual AccessToken GetAccessToken(HttpRequestMessage request, params string[] requiredScopes) { + public virtual Task<AccessToken> GetAccessTokenAsync(HttpRequestMessage request, CancellationToken cancellationToken = default(CancellationToken), params string[] requiredScopes) { Requires.NotNull(request, "request"); - return this.GetAccessToken(new HttpRequestInfo(request), requiredScopes); + return this.GetAccessTokenAsync(new HttpRequestInfo(request), cancellationToken, requiredScopes); } /// <summary> @@ -156,8 +159,8 @@ namespace DotNetOpenAuth.OAuth2 { /// Thrown when the client is not authorized. This exception should be caught and the /// <see cref="ProtocolFaultResponseException.ErrorResponseMessage"/> message should be returned to the client. /// </exception> - public virtual IPrincipal GetPrincipal(HttpRequestBase httpRequestInfo = null, params string[] requiredScopes) { - AccessToken accessToken = this.GetAccessToken(httpRequestInfo, requiredScopes); + public virtual async Task<IPrincipal> GetPrincipalAsync(HttpRequestBase httpRequestInfo = null, CancellationToken cancellationToken = default(CancellationToken), params string[] requiredScopes) { + AccessToken accessToken = await this.GetAccessTokenAsync(httpRequestInfo, cancellationToken, requiredScopes); // Mitigates attacks on this approach of differentiating clients from resource owners // by checking that a username doesn't look suspiciously engineered to appear like the other type. @@ -186,11 +189,11 @@ namespace DotNetOpenAuth.OAuth2 { /// Thrown when the client is not authorized. This exception should be caught and the /// <see cref="ProtocolFaultResponseException.ErrorResponseMessage"/> message should be returned to the client. /// </exception> - public virtual IPrincipal GetPrincipal(HttpRequestMessageProperty request, Uri requestUri, params string[] requiredScopes) { + public virtual Task<IPrincipal> GetPrincipalAsync(HttpRequestMessageProperty request, Uri requestUri, CancellationToken cancellationToken = default(CancellationToken), params string[] requiredScopes) { Requires.NotNull(request, "request"); Requires.NotNull(requestUri, "requestUri"); - return this.GetPrincipal(new HttpRequestInfo(request, requestUri), requiredScopes); + return this.GetPrincipalAsync(new HttpRequestInfo(request, requestUri), cancellationToken, requiredScopes); } /// <summary> @@ -205,9 +208,9 @@ namespace DotNetOpenAuth.OAuth2 { /// Thrown when the client is not authorized. This exception should be caught and the /// <see cref="ProtocolFaultResponseException.ErrorResponseMessage"/> message should be returned to the client. /// </exception> - public IPrincipal GetPrincipal(HttpRequestMessage request, params string[] requiredScopes) { + public Task<IPrincipal> GetPrincipalAsync(HttpRequestMessage request, CancellationToken cancellationToken = default(CancellationToken), params string[] requiredScopes) { Requires.NotNull(request, "request"); - return this.GetPrincipal(new HttpRequestInfo(request), requiredScopes); + return this.GetPrincipalAsync(new HttpRequestInfo(request), cancellationToken, requiredScopes); } } } |