diff options
| author | Richard Collette <rcollette@yahoo.com> | 2014-12-23 14:46:57 -0500 |
|---|---|---|
| committer | Richard Collette <rcollette@yahoo.com> | 2014-12-23 14:46:57 -0500 |
| commit | 761bdd66da6e9ff6412a76b4a36cb721869f48b1 (patch) | |
| tree | bf76076de5ef0fc34a3b605444ec5870fdbc3cd4 | |
| parent | 2882e4fbaedee5f7c8fa56fe97bf5f60f54430b1 (diff) | |
| download | DotNetOpenAuth-761bdd66da6e9ff6412a76b4a36cb721869f48b1.zip DotNetOpenAuth-761bdd66da6e9ff6412a76b4a36cb721869f48b1.tar.gz DotNetOpenAuth-761bdd66da6e9ff6412a76b4a36cb721869f48b1.tar.bz2 | |
Undo CodeMaid formatting
| -rw-r--r-- | README.md | 4 | ||||
| -rw-r--r-- | samples/OAuth2ProtectedWebApi/Controllers/UserController.cs | 48 | ||||
| -rw-r--r-- | samples/OAuthAuthorizationServer/Controllers/AccountController.cs | 53 | ||||
| -rw-r--r-- | samples/OAuthAuthorizationServer/Controllers/OAuthController.cs | 47 | ||||
| -rw-r--r-- | samples/OAuthAuthorizationServer/Web.config | 2 | ||||
| -rw-r--r-- | samples/OpenIdProviderMvc/Controllers/OpenIdController.cs | 158 | ||||
| -rw-r--r-- | samples/OpenIdRelyingPartyMvc/Controllers/UserController.cs | 62 |
7 files changed, 141 insertions, 233 deletions
@@ -1,9 +1,9 @@ DotNetOpenAuth ============== -A C# implementation of the OpenID, OAuth and InfoCard protocols +[](https://gitter.im/DotNetOpenAuth/DotNetOpenAuth?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) +A C# implementation of the OpenID, OAuth protocols Samples available: * [Source](https://github.com/DotNetOpenAuth/DotNetOpenAuth.Samples) -* [Test Stubs](http://sourceforge.net/projects/dnoa/files/releases/v4.3/v4.3.1/DotNetOpenAuth-4.3.1.13153-samples.7z/download) diff --git a/samples/OAuth2ProtectedWebApi/Controllers/UserController.cs b/samples/OAuth2ProtectedWebApi/Controllers/UserController.cs index dc0bd07..2f9b353 100644 --- a/samples/OAuth2ProtectedWebApi/Controllers/UserController.cs +++ b/samples/OAuth2ProtectedWebApi/Controllers/UserController.cs @@ -1,22 +1,25 @@ -namespace OAuth2ProtectedWebApi.Controllers -{ +namespace OAuth2ProtectedWebApi.Controllers { + using System; + using System.Collections.Generic; + using System.Linq; + using System.Net.Http; + using System.Security.Principal; + using System.Threading.Tasks; + using System.Web; + using System.Web.Mvc; + using System.Web.Security; using DotNetOpenAuth.Messaging; using DotNetOpenAuth.OAuth2; + using DotNetOpenAuth.OAuth2.Messages; using DotNetOpenAuth.OpenId; using DotNetOpenAuth.OpenId.RelyingParty; using OAuth2ProtectedWebApi.Code; - using System; - using System.Threading.Tasks; - using System.Web.Mvc; - using System.Web.Security; - public class UserController : Controller - { + public class UserController : Controller { [Authorize] [HttpGet] [HttpHeader("x-frame-options", "SAMEORIGIN")] // mitigates clickjacking - public async Task<ActionResult> Authorize() - { + public async Task<ActionResult> Authorize() { var authServer = new AuthorizationServer(new AuthorizationServerHost()); var authRequest = await authServer.ReadAuthorizationRequestAsync(this.Request); this.ViewData["scope"] = authRequest.Scope; @@ -26,19 +29,15 @@ [Authorize] [HttpPost, ValidateAntiForgeryToken] - public async Task<ActionResult> Respond(string request, bool approval) - { + public async Task<ActionResult> Respond(string request, bool approval) { var authServer = new AuthorizationServer(new AuthorizationServerHost()); var authRequest = await authServer.ReadAuthorizationRequestAsync(new Uri(request)); IProtocolMessage responseMessage; - if (approval) - { + if (approval) { var grantedResponse = authServer.PrepareApproveAuthorizationRequest( authRequest, this.User.Identity.Name, authRequest.Scope); responseMessage = grantedResponse; - } - else - { + } else { var rejectionResponse = authServer.PrepareRejectAuthorizationRequest(authRequest); rejectionResponse.Error = Protocol.EndUserAuthorizationRequestErrorCodes.AccessDenied; responseMessage = rejectionResponse; @@ -49,14 +48,12 @@ return response.AsActionResult(); } - public async Task<ActionResult> Login(string returnUrl) - { + public async Task<ActionResult> Login(string returnUrl) { var rp = new OpenIdRelyingParty(null); Realm officialWebSiteHome = Realm.AutoDetect; Uri returnTo = new Uri(this.Request.Url, this.Url.Action("Authenticate")); var request = await rp.CreateRequestAsync(WellKnownProviders.Google, officialWebSiteHome, returnTo); - if (returnUrl != null) - { + if (returnUrl != null) { request.SetUntrustedCallbackArgument("returnUrl", returnUrl); } @@ -65,14 +62,11 @@ return redirectingResponse.AsActionResult(); } - public async Task<ActionResult> Authenticate() - { + public async Task<ActionResult> Authenticate() { var rp = new OpenIdRelyingParty(null); var response = await rp.GetResponseAsync(this.Request); - if (response != null) - { - if (response.Status == AuthenticationStatus.Authenticated) - { + if (response != null) { + if (response.Status == AuthenticationStatus.Authenticated) { FormsAuthentication.SetAuthCookie(response.ClaimedIdentifier, false); return this.Redirect(FormsAuthentication.GetRedirectUrl(response.ClaimedIdentifier, false)); } diff --git a/samples/OAuthAuthorizationServer/Controllers/AccountController.cs b/samples/OAuthAuthorizationServer/Controllers/AccountController.cs index b2c725b..f3aa873 100644 --- a/samples/OAuthAuthorizationServer/Controllers/AccountController.cs +++ b/samples/OAuthAuthorizationServer/Controllers/AccountController.cs @@ -1,47 +1,38 @@ -namespace OAuthAuthorizationServer.Controllers -{ +namespace OAuthAuthorizationServer.Controllers { + using System; + using System.Linq; + using System.Threading.Tasks; + using System.Web.Mvc; + using System.Web.Security; using DotNetOpenAuth.Messaging; using DotNetOpenAuth.OpenId; using DotNetOpenAuth.OpenId.RelyingParty; using OAuthAuthorizationServer.Code; using OAuthAuthorizationServer.Models; - using System; - using System.Linq; - using System.Threading.Tasks; - using System.Web.Mvc; - using System.Web.Security; [HandleError] - public class AccountController : Controller - { + public class AccountController : Controller { // ************************************** // URL: /Account/LogOn // ************************************** - public ActionResult LogOn() - { + public ActionResult LogOn() { return View(); } [HttpPost] - public async Task<ActionResult> LogOn(LogOnModel model, string returnUrl) - { - if (ModelState.IsValid) - { + public async Task<ActionResult> LogOn(LogOnModel model, string returnUrl) { + if (ModelState.IsValid) { var rp = new OpenIdRelyingParty(); var request = await rp.CreateRequestAsync(model.UserSuppliedIdentifier, Realm.AutoDetect, new Uri(Request.Url, Url.Action("Authenticate"))); - if (request != null) - { - if (returnUrl != null) - { + if (request != null) { + if (returnUrl != null) { request.AddCallbackArguments("returnUrl", returnUrl); } var response = await request.GetRedirectingResponseAsync(); Response.ContentType = response.Content.Headers.ContentType.ToString(); return response.AsActionResult(); - } - else - { + } else { ModelState.AddModelError(string.Empty, "The identifier you supplied is not recognized as a valid OpenID Identifier."); } } @@ -50,21 +41,16 @@ return View(model); } - public async Task<ActionResult> Authenticate(string returnUrl) - { + public async Task<ActionResult> Authenticate(string returnUrl) { var rp = new OpenIdRelyingParty(); var response = await rp.GetResponseAsync(Request); - if (response != null) - { - switch (response.Status) - { + if (response != null) { + switch (response.Status) { case AuthenticationStatus.Authenticated: // Make sure we have a user account for this guy. string identifier = response.ClaimedIdentifier; // convert to string so LinqToSQL expression parsing works. - if (MvcApplication.DataContext.Users.FirstOrDefault(u => u.OpenIDClaimedIdentifier == identifier) == null) - { - MvcApplication.DataContext.Users.InsertOnSubmit(new User - { + if (MvcApplication.DataContext.Users.FirstOrDefault(u => u.OpenIDClaimedIdentifier == identifier) == null) { + MvcApplication.DataContext.Users.InsertOnSubmit(new User { OpenIDFriendlyIdentifier = response.FriendlyIdentifierForDisplay, OpenIDClaimedIdentifier = response.ClaimedIdentifier, }); @@ -85,8 +71,7 @@ // ************************************** // URL: /Account/LogOff // ************************************** - public ActionResult LogOff() - { + public ActionResult LogOff() { FormsAuthentication.SignOut(); return RedirectToAction("Index", "Home"); diff --git a/samples/OAuthAuthorizationServer/Controllers/OAuthController.cs b/samples/OAuthAuthorizationServer/Controllers/OAuthController.cs index 3e512cb..81c73ca 100644 --- a/samples/OAuthAuthorizationServer/Controllers/OAuthController.cs +++ b/samples/OAuthAuthorizationServer/Controllers/OAuthController.cs @@ -1,26 +1,25 @@ -namespace OAuthAuthorizationServer.Controllers
-{
- using DotNetOpenAuth.Messaging;
- using DotNetOpenAuth.OAuth2;
- using OAuthAuthorizationServer.Code;
- using OAuthAuthorizationServer.Models;
+namespace OAuthAuthorizationServer.Controllers {
using System;
+ using System.Collections.Generic;
using System.Linq;
using System.Net;
+ using System.Security.Cryptography;
using System.Threading.Tasks;
using System.Web;
using System.Web.Mvc;
+ using DotNetOpenAuth.Messaging;
+ using DotNetOpenAuth.OAuth2;
+ using OAuthAuthorizationServer.Code;
+ using OAuthAuthorizationServer.Models;
- public class OAuthController : Controller
- {
+ public class OAuthController : Controller {
private readonly AuthorizationServer authorizationServer = new AuthorizationServer(new OAuth2AuthorizationServer());
/// <summary>
/// The OAuth 2.0 token endpoint.
/// </summary>
/// <returns>The response to the Client.</returns>
- public async Task<ActionResult> Token()
- {
+ public async Task<ActionResult> Token() {
var request = await this.authorizationServer.HandleTokenRequestAsync(this.Request, this.Response.ClientDisconnectedToken);
Response.ContentType = request.Content.Headers.ContentType.ToString();
return request.AsActionResult();
@@ -32,27 +31,23 @@ /// <returns>The browser HTML response that prompts the user to authorize the client.</returns>
[Authorize, AcceptVerbs(HttpVerbs.Get | HttpVerbs.Post)]
[HttpHeader("x-frame-options", "SAMEORIGIN")] // mitigates clickjacking
- public async Task<ActionResult> Authorize()
- {
+ public async Task<ActionResult> Authorize() {
var pendingRequest = await this.authorizationServer.ReadAuthorizationRequestAsync(Request, Response.ClientDisconnectedToken);
- if (pendingRequest == null)
- {
+ if (pendingRequest == null) {
throw new HttpException((int)HttpStatusCode.BadRequest, "Missing authorization request.");
}
var requestingClient = MvcApplication.DataContext.Clients.First(c => c.ClientIdentifier == pendingRequest.ClientIdentifier);
// Consider auto-approving if safe to do so.
- if (((OAuth2AuthorizationServer)this.authorizationServer.AuthorizationServerServices).CanBeAutoApproved(pendingRequest))
- {
+ if (((OAuth2AuthorizationServer)this.authorizationServer.AuthorizationServerServices).CanBeAutoApproved(pendingRequest)) {
var approval = this.authorizationServer.PrepareApproveAuthorizationRequest(pendingRequest, HttpContext.User.Identity.Name);
var response = await this.authorizationServer.Channel.PrepareResponseAsync(approval, Response.ClientDisconnectedToken);
Response.ContentType = response.Content.Headers.ContentType.ToString();
return response.AsActionResult();
}
- var model = new AccountAuthorizeModel
- {
+ var model = new AccountAuthorizeModel {
ClientApp = requestingClient.Name,
Scope = pendingRequest.Scope,
AuthorizationRequest = pendingRequest,
@@ -67,24 +62,20 @@ /// <param name="isApproved">if set to <c>true</c>, the user has authorized the Client; <c>false</c> otherwise.</param>
/// <returns>HTML response that redirects the browser to the Client.</returns>
[Authorize, HttpPost, ValidateAntiForgeryToken]
- public async Task<ActionResult> AuthorizeResponse(bool isApproved)
- {
+ public async Task<ActionResult> AuthorizeResponse(bool isApproved) {
var pendingRequest = await this.authorizationServer.ReadAuthorizationRequestAsync(Request, Response.ClientDisconnectedToken);
- if (pendingRequest == null)
- {
+ if (pendingRequest == null) {
throw new HttpException((int)HttpStatusCode.BadRequest, "Missing authorization request.");
}
IDirectedProtocolMessage response;
- if (isApproved)
- {
+ if (isApproved) {
// The authorization we file in our database lasts until the user explicitly revokes it.
// You can cause the authorization to expire by setting the ExpirationDateUTC
// property in the below created ClientAuthorization.
var client = MvcApplication.DataContext.Clients.First(c => c.ClientIdentifier == pendingRequest.ClientIdentifier);
client.ClientAuthorizations.Add(
- new ClientAuthorization
- {
+ new ClientAuthorization {
Scope = OAuthUtilities.JoinScopes(pendingRequest.Scope),
User = MvcApplication.LoggedInUser,
CreatedOnUtc = DateTime.UtcNow,
@@ -94,9 +85,7 @@ // In this simple sample, the user either agrees to the entire scope requested by the client or none of it.
// But in a real app, you could grant a reduced scope of access to the client by passing a scope parameter to this method.
response = this.authorizationServer.PrepareApproveAuthorizationRequest(pendingRequest, User.Identity.Name);
- }
- else
- {
+ } else {
response = this.authorizationServer.PrepareRejectAuthorizationRequest(pendingRequest);
}
diff --git a/samples/OAuthAuthorizationServer/Web.config b/samples/OAuthAuthorizationServer/Web.config index 419c93c..08cd69b 100644 --- a/samples/OAuthAuthorizationServer/Web.config +++ b/samples/OAuthAuthorizationServer/Web.config @@ -71,7 +71,7 @@ </log4net> <connectionStrings> - <add name="DatabaseConnectionString" connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Database4.mdf;Integrated Security=True;User Instance=True" + <add name="DatabaseConnectionString" connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Database4.mdf;Integrated Security=True;User Instance=True" providerName="System.Data.SqlClient" /> </connectionStrings> diff --git a/samples/OpenIdProviderMvc/Controllers/OpenIdController.cs b/samples/OpenIdProviderMvc/Controllers/OpenIdController.cs index fdcbf2c..14014db 100644 --- a/samples/OpenIdProviderMvc/Controllers/OpenIdController.cs +++ b/samples/OpenIdProviderMvc/Controllers/OpenIdController.cs @@ -1,41 +1,40 @@ -namespace OpenIdProviderMvc.Controllers -{ +namespace OpenIdProviderMvc.Controllers { + using System; + using System.Collections.Generic; + using System.Linq; + using System.Net; + using System.Threading.Tasks; + using System.Web; + using System.Web.Mvc; + using System.Web.Mvc.Ajax; using DotNetOpenAuth.Messaging; + using DotNetOpenAuth.OpenId; + using DotNetOpenAuth.OpenId.Behaviors; using DotNetOpenAuth.OpenId.Extensions.ProviderAuthenticationPolicy; using DotNetOpenAuth.OpenId.Extensions.SimpleRegistration; using DotNetOpenAuth.OpenId.Provider; using DotNetOpenAuth.OpenId.Provider.Behaviors; using OpenIdProviderMvc.Code; - using System; - using System.Net; - using System.Threading.Tasks; - using System.Web.Mvc; - public class OpenIdController : Controller - { + public class OpenIdController : Controller { internal static OpenIdProvider OpenIdProvider = new OpenIdProvider(); public OpenIdController() - : this(null) - { + : this(null) { } - public OpenIdController(IFormsAuthentication formsAuthentication) - { + public OpenIdController(IFormsAuthentication formsAuthentication) { this.FormsAuth = formsAuthentication ?? new FormsAuthenticationService(); } public IFormsAuthentication FormsAuth { get; private set; } [ValidateInput(false)] - public async Task<ActionResult> Provider() - { + public async Task<ActionResult> Provider() { IRequest request = await OpenIdProvider.GetRequestAsync(this.Request, this.Response.ClientDisconnectedToken); - if (request != null) - { + if (request != null) { // Some requests are automatically handled by DotNetOpenAuth. If this is one, go ahead and let it go. - if (request.IsResponseReady) - { + if (request.IsResponseReady) { var response = await OpenIdProvider.PrepareResponseAsync(request, this.Response.ClientDisconnectedToken); Response.ContentType = response.Content.Headers.ContentType.ToString(); return response.AsActionResult(); @@ -46,11 +45,9 @@ namespace OpenIdProviderMvc.Controllers // If PAPE requires that the user has logged in recently, we may be required to challenge the user to log in. var papeRequest = ProviderEndpoint.PendingRequest.GetExtension<PolicyRequest>(); - if (papeRequest != null && papeRequest.MaximumAuthenticationAge.HasValue) - { + if (papeRequest != null && papeRequest.MaximumAuthenticationAge.HasValue) { TimeSpan timeSinceLogin = DateTime.UtcNow - this.FormsAuth.SignedInTimestampUtc.Value; - if (timeSinceLogin > papeRequest.MaximumAuthenticationAge.Value) - { + if (timeSinceLogin > papeRequest.MaximumAuthenticationAge.Value) { // The RP wants the user to have logged in more recently than he has. // We'll have to redirect the user to a login screen. return this.RedirectToAction("LogOn", "Account", new { returnUrl = this.Url.Action("ProcessAuthRequest") }); @@ -58,31 +55,25 @@ namespace OpenIdProviderMvc.Controllers } return await this.ProcessAuthRequest(); - } - else - { + } else { // No OpenID request was recognized. This may be a user that stumbled on the OP Endpoint. return this.View(); } } - public async Task<ActionResult> ProcessAuthRequest() - { - if (ProviderEndpoint.PendingRequest == null) - { + public async Task<ActionResult> ProcessAuthRequest() { + if (ProviderEndpoint.PendingRequest == null) { return this.RedirectToAction("Index", "Home"); } // Try responding immediately if possible. ActionResult response = await this.AutoRespondIfPossibleAsync(); - if (response != null) - { + if (response != null) { return response; } // We can't respond immediately with a positive result. But if we still have to respond immediately... - if (ProviderEndpoint.PendingRequest.Immediate) - { + if (ProviderEndpoint.PendingRequest.Immediate) { // We can't stop to prompt the user -- we must just return a negative response. return await this.SendAssertion(); } @@ -95,24 +86,20 @@ namespace OpenIdProviderMvc.Controllers /// </summary> /// <returns>The response for the user agent.</returns> [Authorize] - public async Task<ActionResult> AskUser() - { - if (ProviderEndpoint.PendingRequest == null) - { + public async Task<ActionResult> AskUser() { + if (ProviderEndpoint.PendingRequest == null) { // Oops... precious little we can confirm without a pending OpenID request. return this.RedirectToAction("Index", "Home"); } // The user MAY have just logged in. Try again to respond automatically to the RP if appropriate. ActionResult response = await this.AutoRespondIfPossibleAsync(); - if (response != null) - { + if (response != null) { return response; } if (!ProviderEndpoint.PendingAuthenticationRequest.IsDirectedIdentity && - !this.UserControlsIdentifier(ProviderEndpoint.PendingAuthenticationRequest)) - { + !this.UserControlsIdentifier(ProviderEndpoint.PendingAuthenticationRequest)) { return this.Redirect(this.Url.Action("LogOn", "Account", new { returnUrl = this.Request.Url })); } @@ -122,25 +109,18 @@ namespace OpenIdProviderMvc.Controllers } [HttpPost, Authorize, ValidateAntiForgeryToken] - public async Task<ActionResult> AskUserResponse(bool confirmed) - { + public async Task<ActionResult> AskUserResponse(bool confirmed) { if (!ProviderEndpoint.PendingAuthenticationRequest.IsDirectedIdentity && - !this.UserControlsIdentifier(ProviderEndpoint.PendingAuthenticationRequest)) - { + !this.UserControlsIdentifier(ProviderEndpoint.PendingAuthenticationRequest)) { // The user shouldn't have gotten this far without controlling the identifier we'd send an assertion for. return new HttpStatusCodeResult((int)HttpStatusCode.BadRequest); } - if (ProviderEndpoint.PendingAnonymousRequest != null) - { + if (ProviderEndpoint.PendingAnonymousRequest != null) { ProviderEndpoint.PendingAnonymousRequest.IsApproved = confirmed; - } - else if (ProviderEndpoint.PendingAuthenticationRequest != null) - { + } else if (ProviderEndpoint.PendingAuthenticationRequest != null) { ProviderEndpoint.PendingAuthenticationRequest.IsAuthenticated = confirmed; - } - else - { + } else { throw new InvalidOperationException("There's no pending authentication request!"); } @@ -151,57 +131,47 @@ namespace OpenIdProviderMvc.Controllers /// Sends a positive or a negative assertion, based on how the pending request is currently marked. /// </summary> /// <returns>An MVC redirect result.</returns> - public async Task<ActionResult> SendAssertion() - { + public async Task<ActionResult> SendAssertion() { var pendingRequest = ProviderEndpoint.PendingRequest; var authReq = pendingRequest as IAuthenticationRequest; var anonReq = pendingRequest as IAnonymousRequest; ProviderEndpoint.PendingRequest = null; // clear session static so we don't do this again - if (pendingRequest == null) - { + if (pendingRequest == null) { throw new InvalidOperationException("There's no pending authentication request!"); } // Set safe defaults if somehow the user ended up (perhaps through XSRF) here before electing to send data to the RP. - if (anonReq != null && !anonReq.IsApproved.HasValue) - { + if (anonReq != null && !anonReq.IsApproved.HasValue) { anonReq.IsApproved = false; } - if (authReq != null && !authReq.IsAuthenticated.HasValue) - { + if (authReq != null && !authReq.IsAuthenticated.HasValue) { authReq.IsAuthenticated = false; } - if (authReq != null && authReq.IsAuthenticated.Value) - { - if (authReq.IsDirectedIdentity) - { + if (authReq != null && authReq.IsAuthenticated.Value) { + if (authReq.IsDirectedIdentity) { authReq.LocalIdentifier = Models.User.GetClaimedIdentifierForUser(User.Identity.Name); } - if (!authReq.IsDelegatedIdentifier) - { + if (!authReq.IsDelegatedIdentifier) { authReq.ClaimedIdentifier = authReq.LocalIdentifier; } } // Respond to AX/sreg extension requests only on a positive result. if ((authReq != null && authReq.IsAuthenticated.Value) || - (anonReq != null && anonReq.IsApproved.Value)) - { + (anonReq != null && anonReq.IsApproved.Value)) { // Look for a Simple Registration request. When the AXFetchAsSregTransform behavior is turned on // in the web.config file as it is in this sample, AX requests will come in as SReg requests. var claimsRequest = pendingRequest.GetExtension<ClaimsRequest>(); - if (claimsRequest != null) - { + if (claimsRequest != null) { var claimsResponse = claimsRequest.CreateResponse(); // This simple respond to a request check may be enhanced to only respond to an individual attribute // request if the user consents to it explicitly, in which case this response extension creation can take // place in the confirmation page action rather than here. - if (claimsRequest.Email != DemandLevel.NoRequest) - { + if (claimsRequest.Email != DemandLevel.NoRequest) { claimsResponse.Email = User.Identity.Name + "@dotnetopenauth.net"; } @@ -210,11 +180,9 @@ namespace OpenIdProviderMvc.Controllers // Look for PAPE requests. var papeRequest = pendingRequest.GetExtension<PolicyRequest>(); - if (papeRequest != null) - { + if (papeRequest != null) { var papeResponse = new PolicyResponse(); - if (papeRequest.MaximumAuthenticationAge.HasValue) - { + if (papeRequest.MaximumAuthenticationAge.HasValue) { papeResponse.AuthenticationTimeUtc = this.FormsAuth.SignedInTimestampUtc; } @@ -231,28 +199,23 @@ namespace OpenIdProviderMvc.Controllers /// Attempts to formulate an automatic response to the RP if the user's profile allows it. /// </summary> /// <returns>The ActionResult for the caller to return, or <c>null</c> if no automatic response can be made.</returns> - private async Task<ActionResult> AutoRespondIfPossibleAsync() - { + private async Task<ActionResult> AutoRespondIfPossibleAsync() { // If the odds are good we can respond to this one immediately (without prompting the user)... if (await ProviderEndpoint.PendingRequest.IsReturnUrlDiscoverableAsync(OpenIdProvider.Channel.HostFactories, this.Response.ClientDisconnectedToken) == RelyingPartyDiscoveryResult.Success && User.Identity.IsAuthenticated - && this.HasUserAuthorizedAutoLogin(ProviderEndpoint.PendingRequest)) - { + && this.HasUserAuthorizedAutoLogin(ProviderEndpoint.PendingRequest)) { // Is this is an identity authentication request? (as opposed to an anonymous request)... - if (ProviderEndpoint.PendingAuthenticationRequest != null) - { + if (ProviderEndpoint.PendingAuthenticationRequest != null) { // If this is directed identity, or if the claimed identifier being checked is controlled by the current user... if (ProviderEndpoint.PendingAuthenticationRequest.IsDirectedIdentity - || this.UserControlsIdentifier(ProviderEndpoint.PendingAuthenticationRequest)) - { + || this.UserControlsIdentifier(ProviderEndpoint.PendingAuthenticationRequest)) { ProviderEndpoint.PendingAuthenticationRequest.IsAuthenticated = true; return await this.SendAssertion(); } } // If this is an anonymous request, we can respond to that too. - if (ProviderEndpoint.PendingAnonymousRequest != null) - { + if (ProviderEndpoint.PendingAnonymousRequest != null) { ProviderEndpoint.PendingAnonymousRequest.IsApproved = true; return await this.SendAssertion(); } @@ -269,18 +232,14 @@ namespace OpenIdProviderMvc.Controllers /// <c>true</c> if it is safe to respond affirmatively to this request and all extensions /// without further user confirmation; otherwise, <c>false</c>. /// </returns> - private bool HasUserAuthorizedAutoLogin(IHostProcessedRequest request) - { + private bool HasUserAuthorizedAutoLogin(IHostProcessedRequest request) { // TODO: host should implement this method meaningfully, consulting their user database. // Make sure the user likes the RP - if (true/*User.UserLikesRP(request.Realm))*/) - { + if (true/*User.UserLikesRP(request.Realm))*/) { // And make sure the RP is only asking for information about the user that the user has granted before. - if (true/*User.HasGrantedExtensions(request)*/) - { + if (true/*User.HasGrantedExtensions(request)*/) { // For now for the purposes of the sample, we'll disallow auto-logins when an sreg request is present. - if (request.GetExtension<ClaimsRequest>() != null) - { + if (request.GetExtension<ClaimsRequest>() != null) { return false; } @@ -298,15 +257,12 @@ namespace OpenIdProviderMvc.Controllers /// </summary> /// <param name="authReq">The authentication request.</param> /// <returns><c>true</c> if the user controls the identifier; <c>false</c> otherwise.</returns> - private bool UserControlsIdentifier(IAuthenticationRequest authReq) - { - if (authReq == null) - { + private bool UserControlsIdentifier(IAuthenticationRequest authReq) { + if (authReq == null) { throw new ArgumentNullException("authReq"); } - if (User == null || User.Identity == null) - { + if (User == null || User.Identity == null) { return false; } diff --git a/samples/OpenIdRelyingPartyMvc/Controllers/UserController.cs b/samples/OpenIdRelyingPartyMvc/Controllers/UserController.cs index 99f92a4..defc762 100644 --- a/samples/OpenIdRelyingPartyMvc/Controllers/UserController.cs +++ b/samples/OpenIdRelyingPartyMvc/Controllers/UserController.cs @@ -1,82 +1,66 @@ -namespace OpenIdRelyingPartyMvc.Controllers -{ - using DotNetOpenAuth.Messaging; - using DotNetOpenAuth.OpenId; - using DotNetOpenAuth.OpenId.RelyingParty; +namespace OpenIdRelyingPartyMvc.Controllers { + using System; + using System.Collections.Generic; + using System.Linq; using System.Threading.Tasks; + using System.Web; using System.Web.Mvc; using System.Web.Security; + using DotNetOpenAuth.Messaging; + using DotNetOpenAuth.OpenId; + using DotNetOpenAuth.OpenId.RelyingParty; - public class UserController : Controller - { + public class UserController : Controller { private static OpenIdRelyingParty openid = new OpenIdRelyingParty(); - public ActionResult Index() - { - if (!User.Identity.IsAuthenticated) - { + public ActionResult Index() { + if (!User.Identity.IsAuthenticated) { Response.Redirect("~/User/Login?ReturnUrl=Index"); } return View("Index"); } - public ActionResult Logout() - { + public ActionResult Logout() { FormsAuthentication.SignOut(); return Redirect("~/Home"); } - public ActionResult Login() - { + public ActionResult Login() { // Stage 1: display login form to user return View("Login"); } [ValidateInput(false)] - public async Task<ActionResult> Authenticate(string returnUrl) - { + public async Task<ActionResult> Authenticate(string returnUrl) { var response = await openid.GetResponseAsync(this.Request, this.Response.ClientDisconnectedToken); - if (response == null) - { + if (response == null) { // Stage 2: user submitting Identifier Identifier id; - if (Identifier.TryParse(Request.Form["openid_identifier"], out id)) - { - try - { + if (Identifier.TryParse(Request.Form["openid_identifier"], out id)) { + try { var request = await openid.CreateRequestAsync(Request.Form["openid_identifier"]); var redirectingResponse = await request.GetRedirectingResponseAsync(this.Response.ClientDisconnectedToken); Response.ContentType = redirectingResponse.Content.Headers.ContentType.ToString(); return redirectingResponse.AsActionResult(); - } - catch (ProtocolException ex) - { + } catch (ProtocolException ex) { ViewData["Message"] = ex.Message; return View("Login"); } - } - else - { + } else { ViewData["Message"] = "Invalid identifier"; return View("Login"); } - } - else - { + } else { // Stage 3: OpenID Provider sending assertion response - switch (response.Status) - { + switch (response.Status) { case AuthenticationStatus.Authenticated: Session["FriendlyIdentifier"] = response.FriendlyIdentifierForDisplay; var cookie = FormsAuthentication.GetAuthCookie(response.ClaimedIdentifier, false); Response.SetCookie(cookie); - if (!string.IsNullOrEmpty(returnUrl)) - { + if (!string.IsNullOrEmpty(returnUrl)) { return Redirect(returnUrl); - } - else - { + } else { return RedirectToAction("Index", "Home"); } case AuthenticationStatus.Canceled: |