diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2012-03-14 21:44:28 -0700 |
|---|---|---|
| committer | Andrew Arnott <andrewarnott@gmail.com> | 2012-03-14 21:44:28 -0700 |
| commit | 85b43c815aa4fb069225ba31f9e763cd15bb6bc9 (patch) | |
| tree | cc66acb6277379098377985e4e61698f6128e454 /src | |
| parent | f4f32954757f128a3c4107df55c674be6314a8d3 (diff) | |
| download | DotNetOpenAuth-85b43c815aa4fb069225ba31f9e763cd15bb6bc9.zip DotNetOpenAuth-85b43c815aa4fb069225ba31f9e763cd15bb6bc9.tar.gz DotNetOpenAuth-85b43c815aa4fb069225ba31f9e763cd15bb6bc9.tar.bz2 | |
Access token endpoint now can respond with appropriate errors.
Diffstat (limited to 'src')
7 files changed, 82 insertions, 64 deletions
diff --git a/src/DotNetOpenAuth.Core/Messaging/OutgoingWebResponseActionResult.cs b/src/DotNetOpenAuth.Core/Messaging/OutgoingWebResponseActionResult.cs index 9569e34..a5fe782 100644 --- a/src/DotNetOpenAuth.Core/Messaging/OutgoingWebResponseActionResult.cs +++ b/src/DotNetOpenAuth.Core/Messaging/OutgoingWebResponseActionResult.cs @@ -34,7 +34,7 @@ namespace DotNetOpenAuth.Messaging { /// </summary> /// <param name="context">The context in which to set the response.</param> public override void ExecuteResult(ControllerContext context) { - this.response.Respond(); + this.response.Respond(context.HttpContext); } } } diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthorizationServer.cs b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthorizationServer.cs index b700858..5ee6602 100644 --- a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthorizationServer.cs +++ b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthorizationServer.cs @@ -97,55 +97,33 @@ namespace DotNetOpenAuth.OAuth2 { } /// <summary> - /// Checks the incoming HTTP request for an access token request and prepares a response if the request message was found. + /// Handles an incoming request to the authorization server's token endpoint. /// </summary> - /// <param name="response">The formulated response, or <c>null</c> if the request was not found..</param> - /// <returns>A value indicating whether any access token request was found in the HTTP request.</returns> - /// <remarks> - /// This method assumes that the authorization server and the resource server are the same and that they share a single - /// asymmetric key for signing and encrypting the access token. If this is not true, use the <see cref="ReadAccessTokenRequest"/> method instead. - /// </remarks> - public bool TryPrepareAccessTokenResponse(out IDirectResponseProtocolMessage response) { - return this.TryPrepareAccessTokenResponse(this.Channel.GetRequestFromContext(), out response); - } - - /// <summary> - /// Checks the incoming HTTP request for an access token request and prepares a response if the request message was found. - /// </summary> - /// <param name="httpRequestInfo">The HTTP request info.</param> - /// <param name="response">The formulated response, or <c>null</c> if the request was not found..</param> - /// <returns>A value indicating whether any access token request was found in the HTTP request.</returns> - /// <remarks> - /// This method assumes that the authorization server and the resource server are the same and that they share a single - /// asymmetric key for signing and encrypting the access token. If this is not true, use the <see cref="ReadAccessTokenRequest"/> method instead. - /// </remarks> - public bool TryPrepareAccessTokenResponse(HttpRequestBase httpRequestInfo, out IDirectResponseProtocolMessage response) { - Requires.NotNull(httpRequestInfo, "httpRequestInfo"); - Contract.Ensures(Contract.Result<bool>() == (Contract.ValueAtReturn<IDirectResponseProtocolMessage>(out response) != null)); - - var request = this.ReadAccessTokenRequest(httpRequestInfo); - if (request != null) { - response = this.PrepareAccessTokenResponse(request); - return true; + /// <param name="request">The HTTP request.</param> + /// <returns>The HTTP response to send to the client.</returns> + public OutgoingWebResponse HandleTokenRequest(HttpRequestBase request = null) { + if (request == null) { + request = this.Channel.GetRequestFromContext(); } - response = null; - return false; - } - - /// <summary> - /// Reads the access token request. - /// </summary> - /// <param name="requestInfo">The request info.</param> - /// <returns>The Client's request for an access token; or <c>null</c> if no such message was found in the request.</returns> - public AccessTokenRequestBase ReadAccessTokenRequest(HttpRequestBase requestInfo = null) { - if (requestInfo == null) { - requestInfo = this.Channel.GetRequestFromContext(); + AccessTokenRequestBase requestMessage; + IProtocolMessage responseMessage; + try { + if (this.Channel.TryReadFromRequest(request, out requestMessage)) { + // TODO: refreshToken should be set appropriately based on authorization server policy. + responseMessage = this.PrepareAccessTokenResponse(requestMessage); + } else { + responseMessage = new AccessTokenFailedResponse() { + Error = Protocol.AccessTokenRequestErrorCodes.InvalidRequest, + }; + } + } catch (ProtocolException ex) { + responseMessage = new AccessTokenFailedResponse() { + Error = Protocol.AccessTokenRequestErrorCodes.InvalidRequest, + }; } - AccessTokenRequestBase request; - this.Channel.TryReadFromRequest(requestInfo, out request); - return request; + return this.Channel.PrepareResponse(responseMessage); } /// <summary> @@ -214,7 +192,7 @@ namespace DotNetOpenAuth.OAuth2 { /// <param name="request">The request for an access token.</param> /// <param name="includeRefreshToken">If set to <c>true</c>, the response will include a long-lived refresh token.</param> /// <returns>The response message to send to the client.</returns> - public virtual IDirectResponseProtocolMessage PrepareAccessTokenResponse(AccessTokenRequestBase request, bool includeRefreshToken = true) { + private IDirectResponseProtocolMessage PrepareAccessTokenResponse(AccessTokenRequestBase request, bool includeRefreshToken = true) { Requires.NotNull(request, "request"); if (includeRefreshToken) { diff --git a/src/DotNetOpenAuth.OAuth2/OAuth2/Messages/AccessTokenFailedResponse.cs b/src/DotNetOpenAuth.OAuth2/OAuth2/Messages/AccessTokenFailedResponse.cs index 09acbc5..8c4b1c3 100644 --- a/src/DotNetOpenAuth.OAuth2/OAuth2/Messages/AccessTokenFailedResponse.cs +++ b/src/DotNetOpenAuth.OAuth2/OAuth2/Messages/AccessTokenFailedResponse.cs @@ -38,11 +38,18 @@ namespace DotNetOpenAuth.OAuth2.Messages { /// <param name="request">The faulty request.</param> /// <param name="invalidClientCredentialsInAuthorizationHeader">A value indicating whether this error response is in result to a request that had invalid client credentials which were supplied in the HTTP Authorization header.</param> internal AccessTokenFailedResponse(AccessTokenRequestBase request, bool invalidClientCredentialsInAuthorizationHeader) - : base(request) - { + : base(request) { this.invalidClientCredentialsInAuthorizationHeader = invalidClientCredentialsInAuthorizationHeader; } + /// <summary> + /// Initializes a new instance of the <see cref="AccessTokenFailedResponse"/> class. + /// </summary> + /// <param name="version">The protocol version.</param> + internal AccessTokenFailedResponse(Version version = null) + : base(version ?? Protocol.Default.Version) { + } + #region IHttpDirectResponse Members /// <summary> diff --git a/src/DotNetOpenAuth.Test/DotNetOpenAuth.Test.csproj b/src/DotNetOpenAuth.Test/DotNetOpenAuth.Test.csproj index 6f824a1..00c1bb4 100644 --- a/src/DotNetOpenAuth.Test/DotNetOpenAuth.Test.csproj +++ b/src/DotNetOpenAuth.Test/DotNetOpenAuth.Test.csproj @@ -243,6 +243,7 @@ <Compile Include="Mocks\TestChannel.cs" /> <Compile Include="Mocks\TestMessage.cs" /> <Compile Include="Mocks\TestMessageFactory.cs" /> + <Compile Include="OAuth2\AuthorizationServerTests.cs" /> <Compile Include="OAuth2\MessageFactoryTests.cs" /> <Compile Include="OAuth2\UserAgentClientAuthorizeTests.cs" /> <Compile Include="OAuth2\OAuth2Coordinator.cs" /> diff --git a/src/DotNetOpenAuth.Test/OAuth2/AuthorizationServerTests.cs b/src/DotNetOpenAuth.Test/OAuth2/AuthorizationServerTests.cs new file mode 100644 index 0000000..f3d8feb --- /dev/null +++ b/src/DotNetOpenAuth.Test/OAuth2/AuthorizationServerTests.cs @@ -0,0 +1,44 @@ +//----------------------------------------------------------------------- +// <copyright file="AuthorizationServerTests.cs" company="Andrew Arnott"> +// Copyright (c) Andrew Arnott. All rights reserved. +// </copyright> +//----------------------------------------------------------------------- + +namespace DotNetOpenAuth.Test.OAuth2 { + using System; + using System.Collections.Generic; + using System.Linq; + using System.Text; + using DotNetOpenAuth.OAuth2; + using DotNetOpenAuth.OAuth2.Messages; + using NUnit.Framework; + + /// <summary> + /// Verifies authorization server functionality. + /// </summary> + [TestFixture] + public class AuthorizationServerTests : OAuth2TestBase { + /// <summary> + /// Verifies that authorization server responds with an appropriate error response. + /// </summary> + [Test] + public void ErrorResponseTest() { + var coordinator = new OAuth2Coordinator<UserAgentClient>( + AuthorizationServerDescription, + AuthorizationServerMock, + new UserAgentClient(AuthorizationServerDescription), + client => { + var request = new AccessTokenAuthorizationCodeRequest(AuthorizationServerDescription) + { ClientIdentifier = ClientId, ClientSecret = ClientSecret, AuthorizationCode = "foo" }; + + var response = client.Channel.Request<AccessTokenFailedResponse>(request); + Assert.That(response.Error, Is.Not.Null.And.Not.Empty); + Assert.That(response.Error, Is.EqualTo(Protocol.AccessTokenRequestErrorCodes.InvalidRequest)); + }, + server => { + server.HandleTokenRequest().Respond(); + }); + coordinator.Run(); + } + } +} diff --git a/src/DotNetOpenAuth.Test/OAuth2/UserAgentClientAuthorizeTests.cs b/src/DotNetOpenAuth.Test/OAuth2/UserAgentClientAuthorizeTests.cs index b00cd8e..97c0f56 100644 --- a/src/DotNetOpenAuth.Test/OAuth2/UserAgentClientAuthorizeTests.cs +++ b/src/DotNetOpenAuth.Test/OAuth2/UserAgentClientAuthorizeTests.cs @@ -41,11 +41,7 @@ namespace DotNetOpenAuth.Test.OAuth2 { var request = server.ReadAuthorizationRequest(); Assert.That(request, Is.Not.Null); server.ApproveAuthorizationRequest(request, ResourceOwnerUsername); - var tokenRequest = server.ReadAccessTokenRequest(); - IAccessTokenRequest accessTokenRequest = tokenRequest; - Assert.That(accessTokenRequest.ClientAuthenticated); - var tokenResponse = server.PrepareAccessTokenResponse(tokenRequest); - server.Channel.Respond(tokenResponse); + server.HandleTokenRequest().Respond(); }); coordinator.Run(); } diff --git a/src/DotNetOpenAuth.Test/OAuth2/WebServerClientAuthorizeTests.cs b/src/DotNetOpenAuth.Test/OAuth2/WebServerClientAuthorizeTests.cs index 0bb4378..fe0abd2 100644 --- a/src/DotNetOpenAuth.Test/OAuth2/WebServerClientAuthorizeTests.cs +++ b/src/DotNetOpenAuth.Test/OAuth2/WebServerClientAuthorizeTests.cs @@ -37,11 +37,7 @@ namespace DotNetOpenAuth.Test.OAuth2 { var request = server.ReadAuthorizationRequest(); Assert.That(request, Is.Not.Null); server.ApproveAuthorizationRequest(request, ResourceOwnerUsername); - var tokenRequest = server.ReadAccessTokenRequest(); - IAccessTokenRequest accessTokenRequest = tokenRequest; - Assert.That(accessTokenRequest.ClientAuthenticated); - var tokenResponse = server.PrepareAccessTokenResponse(tokenRequest); - server.Channel.Respond(tokenResponse); + server.HandleTokenRequest().Respond(); }); coordinator.Run(); } @@ -58,9 +54,7 @@ namespace DotNetOpenAuth.Test.OAuth2 { Assert.That(authState.RefreshToken, Is.Not.Null.And.Not.Empty); }, server => { - var request = server.ReadAccessTokenRequest(); - var response = server.PrepareAccessTokenResponse(request); - server.Channel.Respond(response); + server.HandleTokenRequest().Respond(); }); coordinator.Run(); } @@ -81,9 +75,7 @@ namespace DotNetOpenAuth.Test.OAuth2 { Assert.That(authState.RefreshToken, Is.Null); }, server => { - var request = server.ReadAccessTokenRequest(); - var response = server.PrepareAccessTokenResponse(request); - server.Channel.Respond(response); + server.HandleTokenRequest().Respond(); }); coordinator.Run(); } |