diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2012-04-16 08:39:47 -0700 |
|---|---|---|
| committer | Andrew Arnott <andrewarnott@gmail.com> | 2012-04-16 08:39:47 -0700 |
| commit | 4fefd4dac5970d0a294dfe3278c70f5fdd8da08f (patch) | |
| tree | e013a6cee423c1176dcaf17aa698cb861ebbea0f /src | |
| parent | d553771d2730774921c0f778e797f033bd84085d (diff) | |
| download | DotNetOpenAuth-4fefd4dac5970d0a294dfe3278c70f5fdd8da08f.zip DotNetOpenAuth-4fefd4dac5970d0a294dfe3278c70f5fdd8da08f.tar.gz DotNetOpenAuth-4fefd4dac5970d0a294dfe3278c70f5fdd8da08f.tar.bz2 | |
Authorization server hosts may now provide canonical usernames for the resource owner given correct resource owner credentials.
Fixes #103
Diffstat (limited to 'src')
3 files changed, 17 insertions, 4 deletions
diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs index 10d1463..7361fb9 100644 --- a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs +++ b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs @@ -95,8 +95,11 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { var resourceOwnerPasswordCarrier = message as AccessTokenResourceOwnerPasswordCredentialsRequest; if (resourceOwnerPasswordCarrier != null) { try { - if (this.AuthorizationServer.IsResourceOwnerCredentialValid(resourceOwnerPasswordCarrier.UserName, resourceOwnerPasswordCarrier.Password, resourceOwnerPasswordCarrier)) { + string canonicalUserName; + if (this.AuthorizationServer.IsResourceOwnerCredentialValid(resourceOwnerPasswordCarrier.UserName, resourceOwnerPasswordCarrier.Password, resourceOwnerPasswordCarrier, out canonicalUserName)) { + ErrorUtilities.VerifyHost(!string.IsNullOrEmpty(canonicalUserName), "IsResourceOwnerCredentialValid did not initialize out parameter."); resourceOwnerPasswordCarrier.CredentialsValidated = true; + resourceOwnerPasswordCarrier.UserName = canonicalUserName; } else { Logger.OAuth.ErrorFormat( "Resource owner password credential for user \"{0}\" rejected by authorization server host.", diff --git a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/IAuthorizationServerHost.cs b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/IAuthorizationServerHost.cs index 70165c0..c31ec81 100644 --- a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/IAuthorizationServerHost.cs +++ b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/IAuthorizationServerHost.cs @@ -88,11 +88,15 @@ namespace DotNetOpenAuth.OAuth2 { /// The access request the credentials came with. /// This may be useful if the authorization server wishes to apply some policy based on the client that is making the request. /// </param> + /// <param name="canonicalUserName"> + /// Receives the canonical username (normalized for the resource server) of the user, for valid credentials; + /// Or <c>null</c> if the return value is false. + /// </param> /// <returns> /// <c>true</c> if the given credentials are valid; otherwise, <c>false</c>. /// </returns> /// <exception cref="NotSupportedException">May be thrown if the authorization server does not support the resource owner password credential grant type.</exception> - bool IsResourceOwnerCredentialValid(string userName, string password, IAccessTokenRequest accessRequest); + bool IsResourceOwnerCredentialValid(string userName, string password, IAccessTokenRequest accessRequest, out string canonicalUserName); } /// <summary> @@ -175,14 +179,19 @@ namespace DotNetOpenAuth.OAuth2 { /// The access request the credentials came with. /// This may be useful if the authorization server wishes to apply some policy based on the client that is making the request. /// </param> + /// <param name="canonicalUserName"> + /// Receives the canonical username (normalized for the resource server) of the user, for valid credentials; + /// Or <c>null</c> if the return value is false. + /// </param> /// <returns> /// <c>true</c> if the given credentials are valid; otherwise, <c>false</c>. /// </returns> /// <exception cref="NotSupportedException">May be thrown if the authorization server does not support the resource owner password credential grant type.</exception> - bool IAuthorizationServerHost.IsResourceOwnerCredentialValid(string userName, string password, IAccessTokenRequest accessRequest) { + bool IAuthorizationServerHost.IsResourceOwnerCredentialValid(string userName, string password, IAccessTokenRequest accessRequest, out string canonicalUserName) { Contract.Requires(!string.IsNullOrEmpty(userName)); Contract.Requires(password != null); Contract.Requires(accessRequest != null); + Contract.Ensures(!Contract.Result<bool>() || !string.IsNullOrEmpty(Contract.ValueAtReturn<string>(out canonicalUserName))); throw new NotImplementedException(); } diff --git a/src/DotNetOpenAuth.Test/OAuth2/OAuth2TestBase.cs b/src/DotNetOpenAuth.Test/OAuth2/OAuth2TestBase.cs index 8f2ddec..e6fd81e 100644 --- a/src/DotNetOpenAuth.Test/OAuth2/OAuth2TestBase.cs +++ b/src/DotNetOpenAuth.Test/OAuth2/OAuth2TestBase.cs @@ -53,7 +53,8 @@ namespace DotNetOpenAuth.Test.OAuth2 { d => d.ClientIdentifier == ClientId && d.User == ResourceOwnerUsername && MessagingUtilities.AreEquivalent(d.Scope, TestScopes)))).Returns(true); - authHostMock.Setup(m => m.IsResourceOwnerCredentialValid(ResourceOwnerUsername, ResourceOwnerPassword, It.IsAny<IAccessTokenRequest>())).Returns(true); + string canonicalUserName = ResourceOwnerUsername; + authHostMock.Setup(m => m.IsResourceOwnerCredentialValid(ResourceOwnerUsername, ResourceOwnerPassword, It.IsAny<IAccessTokenRequest>(), out canonicalUserName)).Returns(true); authHostMock.Setup(m => m.GetAccessTokenParameters(It.IsAny<IAccessTokenRequest>())).Returns(new AccessTokenParameters()); return authHostMock; } |