Move to HttpClient throughout library.

1 files changed, 54 insertions, 51 deletions

diff --git a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/WebServerClient.cs b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/WebServerClient.cs
index 63d96e1..2b5a80a 100644
--- a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/WebServerClient.cs
+++ b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/WebServerClient.cs
@@ -10,10 +10,13 @@ namespace DotNetOpenAuth.OAuth2 {
 	using System.Globalization;
 	using System.Linq;
 	using System.Net;
+	using System.Net.Http;
+	using System.Net.Http.Headers;
 	using System.Text;
+	using System.Threading;
+	using System.Threading.Tasks;
 	using System.Web;
 	using System.Web.Security;
-
 	using DotNetOpenAuth.Configuration;
 	using DotNetOpenAuth.Messaging;
 	using DotNetOpenAuth.OAuth2.Messages;
@@ -29,26 +32,26 @@ namespace DotNetOpenAuth.OAuth2 {
 		private const string XsrfCookieName = "DotNetOpenAuth.WebServerClient.XSRF-Session";
 
 		/// <summary>
-		/// Initializes a new instance of the <see cref="WebServerClient"/> class.
+		/// Initializes a new instance of the <see cref="WebServerClient" /> class.
 		/// </summary>
 		/// <param name="authorizationServer">The authorization server.</param>
 		/// <param name="clientIdentifier">The client identifier.</param>
 		/// <param name="clientSecret">The client secret.</param>
-		public WebServerClient(AuthorizationServerDescription authorizationServer, string clientIdentifier = null, string clientSecret = null)
-			: this(authorizationServer, clientIdentifier, DefaultSecretApplicator(clientSecret)) {
+		/// <param name="hostFactories">The host factories.</param>
+		public WebServerClient(AuthorizationServerDescription authorizationServer, string clientIdentifier = null, string clientSecret = null, IHostFactories hostFactories = null)
+			: this(authorizationServer, clientIdentifier, DefaultSecretApplicator(clientSecret), hostFactories) {
 		}
 
 		/// <summary>
-		/// Initializes a new instance of the <see cref="WebServerClient"/> class.
+		/// Initializes a new instance of the <see cref="WebServerClient" /> class.
 		/// </summary>
 		/// <param name="authorizationServer">The authorization server.</param>
 		/// <param name="clientIdentifier">The client identifier.</param>
-		/// <param name="clientCredentialApplicator">
-		/// The tool to use to apply client credentials to authenticated requests to the Authorization Server.
-		/// May be <c>null</c> for clients with no secret or other means of authentication.
-		/// </param>
-		public WebServerClient(AuthorizationServerDescription authorizationServer, string clientIdentifier, ClientCredentialApplicator clientCredentialApplicator)
-			: base(authorizationServer, clientIdentifier, clientCredentialApplicator) {
+		/// <param name="clientCredentialApplicator">The tool to use to apply client credentials to authenticated requests to the Authorization Server.
+		/// May be <c>null</c> for clients with no secret or other means of authentication.</param>
+		/// <param name="hostFactories"></param>
+		public WebServerClient(AuthorizationServerDescription authorizationServer, string clientIdentifier, ClientCredentialApplicator clientCredentialApplicator, IHostFactories hostFactories = null)
+			: base(authorizationServer, clientIdentifier, clientCredentialApplicator, hostFactories) {
 		}
 
 		/// <summary>
@@ -60,34 +63,28 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// <summary>
 		/// Prepares a request for user authorization from an authorization server.
 		/// </summary>
-		/// <param name="scope">The scope of authorized access requested.</param>
-		/// <param name="returnTo">The URL the authorization server should redirect the browser (typically on this site) to when the authorization is completed.  If null, the current request's URL will be used.</param>
-		public void RequestUserAuthorization(IEnumerable<string> scope = null, Uri returnTo = null) {
-			var authorizationState = new AuthorizationState(scope) {
-				Callback = returnTo,
-			};
-			this.PrepareRequestUserAuthorization(authorizationState).Send();
-		}
-
-		/// <summary>
-		/// Prepares a request for user authorization from an authorization server.
-		/// </summary>
 		/// <param name="scopes">The scope of authorized access requested.</param>
 		/// <param name="returnTo">The URL the authorization server should redirect the browser (typically on this site) to when the authorization is completed.  If null, the current request's URL will be used.</param>
-		/// <returns>The authorization request.</returns>
-		public OutgoingWebResponse PrepareRequestUserAuthorization(IEnumerable<string> scopes = null, Uri returnTo = null) {
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns>
+		/// The authorization request.
+		/// </returns>
+		public Task<HttpResponseMessage> PrepareRequestUserAuthorizationAsync(IEnumerable<string> scopes = null, Uri returnTo = null, CancellationToken cancellationToken = default(CancellationToken)) {
 			var authorizationState = new AuthorizationState(scopes) {
 				Callback = returnTo,
 			};
-			return this.PrepareRequestUserAuthorization(authorizationState);
+			return this.PrepareRequestUserAuthorizationAsync(authorizationState, cancellationToken);
 		}
 
 		/// <summary>
 		/// Prepares a request for user authorization from an authorization server.
 		/// </summary>
 		/// <param name="authorization">The authorization state to associate with this particular request.</param>
-		/// <returns>The authorization request.</returns>
-		public OutgoingWebResponse PrepareRequestUserAuthorization(IAuthorizationState authorization) {
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns>
+		/// The authorization request.
+		/// </returns>
+		public async Task<HttpResponseMessage> PrepareRequestUserAuthorizationAsync(IAuthorizationState authorization, CancellationToken cancellationToken = default(CancellationToken)) {
 			Requires.NotNull(authorization, "authorization");
 			RequiresEx.ValidState(authorization.Callback != null || (HttpContext.Current != null && HttpContext.Current.Request != null), MessagingStrings.HttpContextRequired);
 			RequiresEx.ValidState(!string.IsNullOrEmpty(this.ClientIdentifier), Strings.RequiredPropertyNotYetPreset, "ClientIdentifier");
@@ -108,23 +105,18 @@ namespace DotNetOpenAuth.OAuth2 {
 			// Mitigate XSRF attacks by including a state value that would be unpredictable between users, but
 			// verifiable for the same user/session.
 			// If the host is implementing the authorization tracker though, they're handling this protection themselves.
-			HttpCookie cookie = null;
+			var cookies = new List<CookieHeaderValue>();
 			if (this.AuthorizationTracker == null) {
-				var context = this.Channel.GetHttpContext();
-
 				string xsrfKey = MessagingUtilities.GetNonCryptoRandomDataAsBase64(16);
-				cookie = new HttpCookie(XsrfCookieName, xsrfKey) {
+				cookies.Add(new CookieHeaderValue(XsrfCookieName, xsrfKey) {
 					HttpOnly = true,
 					Secure = FormsAuthentication.RequireSSL,
-					////Expires = DateTime.Now.Add(OAuth2ClientSection.Configuration.MaxAuthorizationTime), // we prefer session cookies to persistent ones
-				};
+				});
 				request.ClientState = xsrfKey;
 			}
 
-			var response = this.Channel.PrepareResponse(request);
-			if (cookie != null) {
-				response.Cookies.Add(cookie);
-			}
+			var response = await this.Channel.PrepareResponseAsync(request, cancellationToken);
+			response.Headers.AddCookies(cookies);
 
 			return response;
 		}
@@ -133,34 +125,45 @@ namespace DotNetOpenAuth.OAuth2 {
 		/// Processes the authorization response from an authorization server, if available.
 		/// </summary>
 		/// <param name="request">The incoming HTTP request that may carry an authorization response.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
 		/// <returns>The authorization state that contains the details of the authorization.</returns>
-		public IAuthorizationState ProcessUserAuthorization(HttpRequestBase request = null) {
+		public Task<IAuthorizationState> ProcessUserAuthorizationAsync(
+			HttpRequestBase request = null, CancellationToken cancellationToken = default(CancellationToken)) {
+			request = request ?? this.Channel.GetRequestFromContext();
+			return this.ProcessUserAuthorizationAsync(request.AsHttpRequestMessage(), cancellationToken);
+		}
+
+		/// <summary>
+		/// Processes the authorization response from an authorization server, if available.
+		/// </summary>
+		/// <param name="request">The incoming HTTP request that may carry an authorization response.</param>
+		/// <param name="cancellationToken">The cancellation token.</param>
+		/// <returns>The authorization state that contains the details of the authorization.</returns>
+		public async Task<IAuthorizationState> ProcessUserAuthorizationAsync(HttpRequestMessage request, CancellationToken cancellationToken = default(CancellationToken)) {
+			Requires.NotNull(request, "request");
 			RequiresEx.ValidState(!string.IsNullOrEmpty(this.ClientIdentifier), Strings.RequiredPropertyNotYetPreset, "ClientIdentifier");
 			RequiresEx.ValidState(this.ClientCredentialApplicator != null, Strings.RequiredPropertyNotYetPreset, "ClientCredentialApplicator");
 
-			if (request == null) {
-				request = this.Channel.GetRequestFromContext();
-			}
-
-			IMessageWithClientState response;
-			if (this.Channel.TryReadFromRequest<IMessageWithClientState>(request, out response)) {
-				Uri callback = MessagingUtilities.StripMessagePartsFromQueryString(request.GetPublicFacingUrl(), this.Channel.MessageDescriptions.Get(response));
+			var response = await this.Channel.TryReadFromRequestAsync<IMessageWithClientState>(request, cancellationToken);
+			if (response != null) {
+				Uri callback = request.RequestUri.StripMessagePartsFromQueryString(this.Channel.MessageDescriptions.Get(response));
 				IAuthorizationState authorizationState;
 				if (this.AuthorizationTracker != null) {
 					authorizationState = this.AuthorizationTracker.GetAuthorizationState(callback, response.ClientState);
 					ErrorUtilities.VerifyProtocol(authorizationState != null, ClientStrings.AuthorizationResponseUnexpectedMismatch);
 				} else {
-					var context = this.Channel.GetHttpContext();
-
-					HttpCookie cookie = request.Cookies[XsrfCookieName];
-					ErrorUtilities.VerifyProtocol(cookie != null && string.Equals(response.ClientState, cookie.Value, StringComparison.Ordinal), ClientStrings.AuthorizationResponseUnexpectedMismatch);
+					var xsrfCookieValue = (from cookieHeader in request.Headers.GetCookies()
+										   from cookie in cookieHeader.Cookies
+										   where cookie.Name == XsrfCookieName
+										   select cookie.Value).FirstOrDefault();
+					ErrorUtilities.VerifyProtocol(xsrfCookieValue != null && string.Equals(response.ClientState, xsrfCookieValue, StringComparison.Ordinal), ClientStrings.AuthorizationResponseUnexpectedMismatch);
 					authorizationState = new AuthorizationState { Callback = callback };
 				}
 				var success = response as EndUserAuthorizationSuccessAuthCodeResponse;
 				var failure = response as EndUserAuthorizationFailedResponse;
 				ErrorUtilities.VerifyProtocol(success != null || failure != null, MessagingStrings.UnexpectedMessageReceivedOfMany);
 				if (success != null) {
-					this.UpdateAuthorizationWithResponse(authorizationState, success);
+					await this.UpdateAuthorizationWithResponseAsync(authorizationState, success, cancellationToken);
 				} else { // failure
 					Logger.OAuth.Info("User refused to grant the requested authorization at the Authorization Server.");
 					authorizationState.Delete();