Merge branch 'OAuthSimple' into httpclient

1 files changed, 105 insertions, 109 deletions

diff --git a/samples/DotNetOpenAuth.ApplicationBlock/TwitterConsumer.cs b/samples/DotNetOpenAuth.ApplicationBlock/TwitterConsumer.cs
index e665d96..16f1c92 100644
--- a/samples/DotNetOpenAuth.ApplicationBlock/TwitterConsumer.cs
+++ b/samples/DotNetOpenAuth.ApplicationBlock/TwitterConsumer.cs
@@ -30,27 +30,23 @@ namespace DotNetOpenAuth.ApplicationBlock {
 	/// <summary>
 	/// A consumer capable of communicating with Twitter.
 	/// </summary>
-	public static class TwitterConsumer {
+	public class TwitterConsumer : Consumer {
 		/// <summary>
 		/// The description of Twitter's OAuth protocol URIs for use with actually reading/writing
 		/// a user's private Twitter data.
 		/// </summary>
-		public static readonly ServiceProviderDescription ServiceDescription = new ServiceProviderDescription {
-			RequestTokenEndpoint = new MessageReceivingEndpoint("http://twitter.com/oauth/request_token", HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest),
-			UserAuthorizationEndpoint = new MessageReceivingEndpoint("http://twitter.com/oauth/authorize", HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest),
-			AccessTokenEndpoint = new MessageReceivingEndpoint("http://twitter.com/oauth/access_token", HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest),
-			TamperProtectionElements = new ITamperProtectionChannelBindingElement[] { new HmacSha1SigningBindingElement() },
-		};
+		public static readonly ServiceProviderDescription ServiceDescription = new ServiceProviderDescription(
+			"https://api.twitter.com/oauth/request_token",
+			"https://api.twitter.com/oauth/authorize",
+			"https://api.twitter.com/oauth/access_token");
 
 		/// <summary>
 		/// The description of Twitter's OAuth protocol URIs for use with their "Sign in with Twitter" feature.
 		/// </summary>
-		public static readonly ServiceProviderDescription SignInWithTwitterServiceDescription = new ServiceProviderDescription {
-			RequestTokenEndpoint = new MessageReceivingEndpoint("http://twitter.com/oauth/request_token", HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest),
-			UserAuthorizationEndpoint = new MessageReceivingEndpoint("http://twitter.com/oauth/authenticate", HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest),
-			AccessTokenEndpoint = new MessageReceivingEndpoint("http://twitter.com/oauth/access_token", HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest),
-			TamperProtectionElements = new ITamperProtectionChannelBindingElement[] { new HmacSha1SigningBindingElement() },
-		};
+		public static readonly ServiceProviderDescription SignInWithTwitterServiceDescription = new ServiceProviderDescription(
+			"https://api.twitter.com/oauth/request_token",
+			"https://api.twitter.com/oauth/authenticate",
+			"https://api.twitter.com/oauth/access_token");
 
 		/// <summary>
 		/// The URI to get a user's favorites.
@@ -69,21 +65,26 @@ namespace DotNetOpenAuth.ApplicationBlock {
 		private static readonly Uri VerifyCredentialsEndpoint = new Uri("http://api.twitter.com/1/account/verify_credentials.xml");
 
 		/// <summary>
-		/// The consumer used for the Sign in to Twitter feature.
+		/// Initializes a new instance of the <see cref="TwitterConsumer"/> class.
 		/// </summary>
-		private static WebConsumer signInConsumer;
-
-		/// <summary>
-		/// The lock acquired to initialize the <see cref="signInConsumer"/> field.
-		/// </summary>
-		private static object signInConsumerInitLock = new object();
+		public TwitterConsumer() {
+			this.ServiceProvider = ServiceDescription;
+			this.ConsumerKey = ConfigurationManager.AppSettings["twitterConsumerKey"];
+			this.ConsumerSecret = ConfigurationManager.AppSettings["twitterConsumerSecret"];
+			this.TemporaryCredentialStorage = HttpContext.Current != null
+												  ? (ITemporaryCredentialStorage)new CookieTemporaryCredentialStorage()
+												  : new MemoryTemporaryCredentialStorage();
+		}
 
 		/// <summary>
-		/// Initializes static members of the <see cref="TwitterConsumer"/> class.
+		/// Initializes a new instance of the <see cref="TwitterConsumer"/> class.
 		/// </summary>
-		static TwitterConsumer() {
-			// Twitter can't handle the Expect 100 Continue HTTP header. 
-			ServicePointManager.FindServicePoint(GetFavoritesEndpoint).Expect100Continue = false;
+		/// <param name="consumerKey">The consumer key.</param>
+		/// <param name="consumerSecret">The consumer secret.</param>
+		public TwitterConsumer(string consumerKey, string consumerSecret)
+			: this() {
+			this.ConsumerKey = consumerKey;
+			this.ConsumerSecret = consumerSecret;
 		}
 
 		/// <summary>
@@ -96,46 +97,68 @@ namespace DotNetOpenAuth.ApplicationBlock {
 			}
 		}
 
+		public static Consumer CreateConsumer(bool forWeb = true) {
+			string consumerKey = ConfigurationManager.AppSettings["twitterConsumerKey"];
+			string consumerSecret = ConfigurationManager.AppSettings["twitterConsumerSecret"];
+			if (IsTwitterConsumerConfigured) {
+				ITemporaryCredentialStorage storage = forWeb ? (ITemporaryCredentialStorage)new CookieTemporaryCredentialStorage() : new MemoryTemporaryCredentialStorage();
+				return new Consumer(consumerKey, consumerSecret, ServiceDescription, storage) {
+					HostFactories = new TwitterHostFactories(),
+				};
+			} else {
+				throw new InvalidOperationException("No Twitter OAuth consumer key and secret could be found in web.config AppSettings.");
+			}
+		}
+
 		/// <summary>
-		/// Gets the consumer to use for the Sign in to Twitter feature.
+		/// Prepares a redirect that will send the user to Twitter to sign in.
 		/// </summary>
-		/// <value>The twitter sign in.</value>
-		private static WebConsumer TwitterSignIn {
-			get {
-				if (signInConsumer == null) {
-					lock (signInConsumerInitLock) {
-						if (signInConsumer == null) {
-							signInConsumer = new WebConsumer(SignInWithTwitterServiceDescription, ShortTermUserSessionTokenManager);
-						}
-					}
-				}
-
-				return signInConsumer;
+		/// <param name="forceNewLogin">if set to <c>true</c> the user will be required to re-enter their Twitter credentials even if already logged in to Twitter.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns>
+		/// The redirect message.
+		/// </returns>
+		public static async Task<Uri> StartSignInWithTwitterAsync(bool forceNewLogin = false, CancellationToken cancellationToken = default(CancellationToken)) {
+			var redirectParameters = new Dictionary<string, string>();
+			if (forceNewLogin) {
+				redirectParameters["force_login"] = "true";
 			}
-		}
+			Uri callback = MessagingUtilities.GetRequestUrlFromContext().StripQueryArgumentsWithPrefix("oauth_");
 
-		private static InMemoryTokenManager ShortTermUserSessionTokenManager {
-			get {
-				var store = HttpContext.Current.Session;
-				var tokenManager = (InMemoryTokenManager)store["TwitterShortTermUserSessionTokenManager"];
-				if (tokenManager == null) {
-					string consumerKey = ConfigurationManager.AppSettings["twitterConsumerKey"];
-					string consumerSecret = ConfigurationManager.AppSettings["twitterConsumerSecret"];
-					if (IsTwitterConsumerConfigured) {
-						tokenManager = new InMemoryTokenManager(consumerKey, consumerSecret);
-						store["TwitterShortTermUserSessionTokenManager"] = tokenManager;
-					} else {
-						throw new InvalidOperationException("No Twitter OAuth consumer key and secret could be found in web.config AppSettings.");
-					}
-				}
+			var consumer = CreateConsumer();
+			consumer.ServiceProvider = SignInWithTwitterServiceDescription;
+			Uri redirectUrl = await consumer.RequestUserAuthorizationAsync(callback, cancellationToken: cancellationToken);
+			return redirectUrl;
+		}
 
-				return tokenManager;
+		/// <summary>
+		/// Checks the incoming web request to see if it carries a Twitter authentication response,
+		/// and provides the user's Twitter screen name and unique id if available.
+		/// </summary>
+		/// <param name="completeUrl">The URL that came back from the service provider to complete the authorization.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns>
+		/// A tuple with the screen name and Twitter unique user ID if successful; otherwise <c>null</c>.
+		/// </returns>
+		public static async Task<Tuple<string, int>> TryFinishSignInWithTwitterAsync(Uri completeUrl = null, CancellationToken cancellationToken = default(CancellationToken)) {
+			var consumer = CreateConsumer();
+			consumer.ServiceProvider = SignInWithTwitterServiceDescription;
+			var response = await consumer.ProcessUserAuthorizationAsync(completeUrl ?? HttpContext.Current.Request.Url, cancellationToken: cancellationToken);
+			if (response == null) {
+				return null;
 			}
+
+			string screenName = response.ExtraData["screen_name"];
+			int userId = int.Parse(response.ExtraData["user_id"]);
+			return Tuple.Create(screenName, userId);
 		}
 
-		public static async Task<JArray> GetUpdatesAsync(
-			ConsumerBase twitter, string accessToken, CancellationToken cancellationToken = default(CancellationToken)) {
-			using (var httpClient = twitter.CreateHttpClient(accessToken)) {
+		public async Task<JArray> GetUpdatesAsync(AccessToken accessToken, CancellationToken cancellationToken = default(CancellationToken)) {
+			if (String.IsNullOrEmpty(accessToken.Token)) {
+				throw new ArgumentNullException("accessToken.Token");
+			}
+
+			using (var httpClient = this.CreateHttpClient(accessToken)) {
 				using (var response = await httpClient.GetAsync(GetFriendTimelineStatusEndpoint, cancellationToken)) {
 					response.EnsureSuccessStatusCode();
 					string jsonString = await response.Content.ReadAsStringAsync();
@@ -145,8 +168,12 @@ namespace DotNetOpenAuth.ApplicationBlock {
 			}
 		}
 
-		public static async Task<XDocument> GetFavorites(ConsumerBase twitter, string accessToken, CancellationToken cancellationToken = default(CancellationToken)) {
-			using (var httpClient = twitter.CreateHttpClient(accessToken)) {
+		public async Task<XDocument> GetFavorites(AccessToken accessToken, CancellationToken cancellationToken = default(CancellationToken)) {
+			if (String.IsNullOrEmpty(accessToken.Token)) {
+				throw new ArgumentNullException("accessToken.Token");
+			}
+
+			using (var httpClient = this.CreateHttpClient(accessToken)) {
 				using (HttpResponseMessage response = await httpClient.GetAsync(GetFavoritesEndpoint, cancellationToken)) {
 					response.EnsureSuccessStatusCode();
 					return XDocument.Parse(await response.Content.ReadAsStringAsync());
@@ -154,7 +181,7 @@ namespace DotNetOpenAuth.ApplicationBlock {
 			}
 		}
 
-		public static async Task<XDocument> UpdateProfileBackgroundImageAsync(ConsumerBase twitter, string accessToken, string image, bool tile, CancellationToken cancellationToken) {
+		public async Task<XDocument> UpdateProfileBackgroundImageAsync(AccessToken accessToken, string image, bool tile, CancellationToken cancellationToken) {
 			var imageAttachment = new StreamContent(File.OpenRead(image));
 			imageAttachment.Headers.ContentType = new MediaTypeHeaderValue("image/" + Path.GetExtension(image).Substring(1).ToLowerInvariant());
 			HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, UpdateProfileBackgroundImageEndpoint);
@@ -163,7 +190,7 @@ namespace DotNetOpenAuth.ApplicationBlock {
 			content.Add(new StringContent(tile.ToString().ToLowerInvariant()), "tile");
 			request.Content = content;
 			request.Headers.ExpectContinue = false;
-			using (var httpClient = twitter.CreateHttpClient(accessToken)) {
+			using (var httpClient = this.CreateHttpClient(accessToken)) {
 				using (HttpResponseMessage response = await httpClient.SendAsync(request, cancellationToken)) {
 					response.EnsureSuccessStatusCode();
 					string responseString = await response.Content.ReadAsStringAsync();
@@ -172,19 +199,19 @@ namespace DotNetOpenAuth.ApplicationBlock {
 			}
 		}
 
-		public static Task<XDocument> UpdateProfileImageAsync(ConsumerBase twitter, string accessToken, string pathToImage, CancellationToken cancellationToken = default(CancellationToken)) {
+		public Task<XDocument> UpdateProfileImageAsync(AccessToken accessToken, string pathToImage, CancellationToken cancellationToken = default(CancellationToken)) {
 			string contentType = "image/" + Path.GetExtension(pathToImage).Substring(1).ToLowerInvariant();
-			return UpdateProfileImageAsync(twitter, accessToken, File.OpenRead(pathToImage), contentType, cancellationToken);
+			return this.UpdateProfileImageAsync(accessToken, File.OpenRead(pathToImage), contentType, cancellationToken);
 		}
 
-		public static async Task<XDocument> UpdateProfileImageAsync(ConsumerBase twitter, string accessToken, Stream image, string contentType, CancellationToken cancellationToken = default(CancellationToken)) {
+		public async Task<XDocument> UpdateProfileImageAsync(AccessToken accessToken, Stream image, string contentType, CancellationToken cancellationToken = default(CancellationToken)) {
 			var imageAttachment = new StreamContent(image);
 			imageAttachment.Headers.ContentType = new MediaTypeHeaderValue(contentType);
 			HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, UpdateProfileImageEndpoint);
 			var content = new MultipartFormDataContent();
 			content.Add(imageAttachment, "image", "twitterPhoto");
 			request.Content = content;
-			using (var httpClient = twitter.CreateHttpClient(accessToken)) {
+			using (var httpClient = this.CreateHttpClient(accessToken)) {
 				using (HttpResponseMessage response = await httpClient.SendAsync(request, cancellationToken)) {
 					response.EnsureSuccessStatusCode();
 					string responseString = await response.Content.ReadAsStringAsync();
@@ -193,8 +220,8 @@ namespace DotNetOpenAuth.ApplicationBlock {
 			}
 		}
 
-		public static async Task<XDocument> VerifyCredentialsAsync(ConsumerBase twitter, string accessToken, CancellationToken cancellationToken = default(CancellationToken)) {
-			using (var httpClient = twitter.CreateHttpClient(accessToken)) {
+		public async Task<XDocument> VerifyCredentialsAsync(AccessToken accessToken, CancellationToken cancellationToken = default(CancellationToken)) {
+			using (var httpClient = this.CreateHttpClient(accessToken)) {
 				using (var response = await httpClient.GetAsync(VerifyCredentialsEndpoint, cancellationToken)) {
 					response.EnsureSuccessStatusCode();
 					using (var stream = await response.Content.ReadAsStreamAsync()) {
@@ -204,57 +231,26 @@ namespace DotNetOpenAuth.ApplicationBlock {
 			}
 		}
 
-		public static async Task<string> GetUsername(ConsumerBase twitter, string accessToken, CancellationToken cancellationToken = default(CancellationToken)) {
-			XDocument xml = await VerifyCredentialsAsync(twitter, accessToken, cancellationToken);
+		public async Task<string> GetUsername(AccessToken accessToken, CancellationToken cancellationToken = default(CancellationToken)) {
+			XDocument xml = await this.VerifyCredentialsAsync(accessToken, cancellationToken);
 			XPathNavigator nav = xml.CreateNavigator();
 			return nav.SelectSingleNode("/user/screen_name").Value;
 		}
 
-		/// <summary>
-		/// Prepares a redirect that will send the user to Twitter to sign in.
-		/// </summary>
-		/// <param name="forceNewLogin">if set to <c>true</c> the user will be required to re-enter their Twitter credentials even if already logged in to Twitter.</param>
-		/// <param name="cancellationToken">The cancellation token.</param>
-		/// <returns>
-		/// The redirect message.
-		/// </returns>
-		/// <remarks>
-		/// Call <see cref="OutgoingWebResponse.Send" /> or
-		/// <c>return StartSignInWithTwitter().<see cref="MessagingUtilities.AsActionResult">AsActionResult()</see></c>
-		/// to actually perform the redirect.
-		/// </remarks>
-		public static async Task<HttpResponseMessage> StartSignInWithTwitterAsync(bool forceNewLogin = false, CancellationToken cancellationToken = default(CancellationToken)) {
-			var redirectParameters = new Dictionary<string, string>();
-			if (forceNewLogin) {
-				redirectParameters["force_login"] = "true";
-			}
-			Uri callback = MessagingUtilities.GetRequestUrlFromContext().StripQueryArgumentsWithPrefix("oauth_");
-			var request = await TwitterSignIn.PrepareRequestUserAuthorizationAsync(callback, null, redirectParameters, cancellationToken);
-			return await TwitterSignIn.Channel.PrepareResponseAsync(request, cancellationToken);
-		}
+		private class TwitterHostFactories : IHostFactories {
+			private static readonly IHostFactories underlyingFactories = new DefaultOAuthHostFactories();
 
-		/// <summary>
-		/// Checks the incoming web request to see if it carries a Twitter authentication response,
-		/// and provides the user's Twitter screen name and unique id if available.
-		/// </summary>
-		/// <param name="cancellationToken">The cancellation token.</param>
-		/// <returns>
-		/// A tuple with the screen name and Twitter unique user ID if successful; otherwise <c>null</c>.
-		/// </returns>
-		public static async Task<Tuple<string, int>> TryFinishSignInWithTwitterAsync(CancellationToken cancellationToken = default(CancellationToken)) {
-			var response = await TwitterSignIn.ProcessUserAuthorizationAsync(cancellationToken: cancellationToken);
-			if (response == null) {
-				return null;
+			public HttpMessageHandler CreateHttpMessageHandler() {
+				return new WebRequestHandler();
 			}
 
-			string screenName = response.ExtraData["screen_name"];
-			int userId = int.Parse(response.ExtraData["user_id"]);
-
-			// If we were going to make this LOOK like OpenID even though it isn't,
-			// this seems like a reasonable, secure claimed id to allow the user to assume.
-			////OpenId.Identifier fake_claimed_id = string.Format(CultureInfo.InvariantCulture, "http://twitter.com/{0}#{1}", screenName, userId);
+			public HttpClient CreateHttpClient(HttpMessageHandler handler = null) {
+				var client = underlyingFactories.CreateHttpClient(handler);
 
-			return Tuple.Create(screenName, userId);
+				// Twitter can't handle the Expect 100 Continue HTTP header. 
+				client.DefaultRequestHeaders.ExpectContinue = false;
+				return client;
+			}
 		}
 	}
 }