diff options
5 files changed, 23 insertions, 10 deletions
diff --git a/projecttemplates/RelyingPartyLogic/OAuthAuthorizationServer.cs b/projecttemplates/RelyingPartyLogic/OAuthAuthorizationServer.cs index b729bed..0e4721f 100644 --- a/projecttemplates/RelyingPartyLogic/OAuthAuthorizationServer.cs +++ b/projecttemplates/RelyingPartyLogic/OAuthAuthorizationServer.cs @@ -119,11 +119,15 @@ namespace RelyingPartyLogic { /// </summary> /// <param name="userName">Username on the account.</param> /// <param name="password">The user's password.</param> + /// <param name="accessRequest"> + /// The access request the credentials came with. + /// This may be useful if the authorization server wishes to apply some policy based on the client that is making the request. + /// </param> /// <returns> /// <c>true</c> if the given credentials are valid; otherwise, <c>false</c>. /// </returns> /// <exception cref="NotSupportedException">May be thrown if the authorization server does not support the resource owner password credential grant type.</exception> - public bool IsResourceOwnerCredentialValid(string userName, string password) { + public bool IsResourceOwnerCredentialValid(string userName, string password, IAccessTokenRequest accessRequest) { // This web site delegates user authentication to OpenID Providers, and as such no users have local passwords with this server. throw new NotSupportedException(); } diff --git a/samples/OAuthAuthorizationServer/Code/OAuth2AuthorizationServer.cs b/samples/OAuthAuthorizationServer/Code/OAuth2AuthorizationServer.cs index af98072..f377dc7 100644 --- a/samples/OAuthAuthorizationServer/Code/OAuth2AuthorizationServer.cs +++ b/samples/OAuthAuthorizationServer/Code/OAuth2AuthorizationServer.cs @@ -77,7 +77,7 @@ return this.IsAuthorizationValid(authorization.Scope, authorization.ClientIdentifier, authorization.UtcIssued, authorization.User); } - public bool IsResourceOwnerCredentialValid(string userName, string password) { + public bool IsResourceOwnerCredentialValid(string userName, string password, IAccessTokenRequest accessRequest) { // This web site delegates user authentication to OpenID Providers, and as such no users have local passwords with this server. throw new NotSupportedException(); } diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs index efdbf4d..10d1463 100644 --- a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs +++ b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs @@ -95,7 +95,7 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { var resourceOwnerPasswordCarrier = message as AccessTokenResourceOwnerPasswordCredentialsRequest; if (resourceOwnerPasswordCarrier != null) { try { - if (this.AuthorizationServer.IsResourceOwnerCredentialValid(resourceOwnerPasswordCarrier.UserName, resourceOwnerPasswordCarrier.Password)) { + if (this.AuthorizationServer.IsResourceOwnerCredentialValid(resourceOwnerPasswordCarrier.UserName, resourceOwnerPasswordCarrier.Password, resourceOwnerPasswordCarrier)) { resourceOwnerPasswordCarrier.CredentialsValidated = true; } else { Logger.OAuth.ErrorFormat( diff --git a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/IAuthorizationServerHost.cs b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/IAuthorizationServerHost.cs index 61ba7e2..70165c0 100644 --- a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/IAuthorizationServerHost.cs +++ b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/IAuthorizationServerHost.cs @@ -19,7 +19,7 @@ namespace DotNetOpenAuth.OAuth2 { /// <summary> /// Provides host-specific authorization server services needed by this library. /// </summary> - [ContractClass(typeof(IAuthorizationServerContract))] + [ContractClass(typeof(IAuthorizationServerHostContract))] public interface IAuthorizationServerHost { /// <summary> /// Gets the store for storing crypto keys used to symmetrically encrypt and sign authorization codes and refresh tokens. @@ -84,22 +84,26 @@ namespace DotNetOpenAuth.OAuth2 { /// </summary> /// <param name="userName">Username on the account.</param> /// <param name="password">The user's password.</param> + /// <param name="accessRequest"> + /// The access request the credentials came with. + /// This may be useful if the authorization server wishes to apply some policy based on the client that is making the request. + /// </param> /// <returns> /// <c>true</c> if the given credentials are valid; otherwise, <c>false</c>. /// </returns> /// <exception cref="NotSupportedException">May be thrown if the authorization server does not support the resource owner password credential grant type.</exception> - bool IsResourceOwnerCredentialValid(string userName, string password); + bool IsResourceOwnerCredentialValid(string userName, string password, IAccessTokenRequest accessRequest); } /// <summary> /// Code Contract for the <see cref="IAuthorizationServerHost"/> interface. /// </summary> [ContractClassFor(typeof(IAuthorizationServerHost))] - internal abstract class IAuthorizationServerContract : IAuthorizationServerHost { + internal abstract class IAuthorizationServerHostContract : IAuthorizationServerHost { /// <summary> - /// Prevents a default instance of the <see cref="IAuthorizationServerContract"/> class from being created. + /// Prevents a default instance of the <see cref="IAuthorizationServerHostContract"/> class from being created. /// </summary> - private IAuthorizationServerContract() { + private IAuthorizationServerHostContract() { } /// <summary> @@ -167,13 +171,18 @@ namespace DotNetOpenAuth.OAuth2 { /// </summary> /// <param name="userName">Username on the account.</param> /// <param name="password">The user's password.</param> + /// <param name="accessRequest"> + /// The access request the credentials came with. + /// This may be useful if the authorization server wishes to apply some policy based on the client that is making the request. + /// </param> /// <returns> /// <c>true</c> if the given credentials are valid; otherwise, <c>false</c>. /// </returns> /// <exception cref="NotSupportedException">May be thrown if the authorization server does not support the resource owner password credential grant type.</exception> - bool IAuthorizationServerHost.IsResourceOwnerCredentialValid(string userName, string password) { + bool IAuthorizationServerHost.IsResourceOwnerCredentialValid(string userName, string password, IAccessTokenRequest accessRequest) { Contract.Requires(!string.IsNullOrEmpty(userName)); Contract.Requires(password != null); + Contract.Requires(accessRequest != null); throw new NotImplementedException(); } diff --git a/src/DotNetOpenAuth.Test/OAuth2/OAuth2TestBase.cs b/src/DotNetOpenAuth.Test/OAuth2/OAuth2TestBase.cs index c84e2c1..8f2ddec 100644 --- a/src/DotNetOpenAuth.Test/OAuth2/OAuth2TestBase.cs +++ b/src/DotNetOpenAuth.Test/OAuth2/OAuth2TestBase.cs @@ -53,7 +53,7 @@ namespace DotNetOpenAuth.Test.OAuth2 { d => d.ClientIdentifier == ClientId && d.User == ResourceOwnerUsername && MessagingUtilities.AreEquivalent(d.Scope, TestScopes)))).Returns(true); - authHostMock.Setup(m => m.IsResourceOwnerCredentialValid(ResourceOwnerUsername, ResourceOwnerPassword)).Returns(true); + authHostMock.Setup(m => m.IsResourceOwnerCredentialValid(ResourceOwnerUsername, ResourceOwnerPassword, It.IsAny<IAccessTokenRequest>())).Returns(true); authHostMock.Setup(m => m.GetAccessTokenParameters(It.IsAny<IAccessTokenRequest>())).Returns(new AccessTokenParameters()); return authHostMock; } |