diff options
Diffstat (limited to 'samples')
8 files changed, 97 insertions, 38 deletions
diff --git a/samples/OAuthConsumerWpf/Authorize.xaml.cs b/samples/OAuthConsumerWpf/Authorize.xaml.cs index 26e5abc..c28e6cc 100644 --- a/samples/OAuthConsumerWpf/Authorize.xaml.cs +++ b/samples/OAuthConsumerWpf/Authorize.xaml.cs @@ -1,30 +1,28 @@ -using System; -using System.Collections.Generic; -using System.Linq; -using System.Text; -using System.Windows; -using System.Windows.Controls; -using System.Windows.Data; -using System.Windows.Documents; -using System.Windows.Input; -using System.Windows.Media; -using System.Windows.Media.Imaging; -using System.Windows.Shapes; -using System.Threading; -using DotNetOpenAuth.OAuth; -using DotNetOpenAuth.ApplicationBlock; -using System.Xml.Linq; +namespace DotNetOpenAuth.Samples.OAuthConsumerWpf { + using System; + using System.Collections.Generic; + using System.Linq; + using System.Text; + using System.Threading; + using System.Windows; + using System.Windows.Controls; + using System.Windows.Data; + using System.Windows.Documents; + using System.Windows.Input; + using System.Windows.Media; + using System.Windows.Media.Imaging; + using System.Windows.Shapes; + using System.Xml.Linq; + using DotNetOpenAuth.ApplicationBlock; + using DotNetOpenAuth.OAuth; -namespace DotNetOpenAuth.Samples.OAuthConsumerWpf { /// <summary> /// Interaction logic for Authorize.xaml /// </summary> - partial class Authorize : Window { + public partial class Authorize : Window { private DesktopConsumer google; private string requestToken; - internal string AccessToken { get; set; } - internal Authorize(DesktopConsumer consumer) { InitializeComponent(); @@ -42,9 +40,10 @@ namespace DotNetOpenAuth.Samples.OAuthConsumerWpf { finishButton.IsEnabled = true; })); }); - } + internal string AccessToken { get; set; } + private void finishButton_Click(object sender, RoutedEventArgs e) { var grantedAccess = this.google.ProcessUserAuthorization(this.requestToken, verifierBox.Text); this.AccessToken = grantedAccess.AccessToken; diff --git a/samples/OAuthServiceProvider/App_Code/CustomOAuthTypeProvider.cs b/samples/OAuthServiceProvider/App_Code/CustomOAuthTypeProvider.cs index b08c8dc..0932dec 100644 --- a/samples/OAuthServiceProvider/App_Code/CustomOAuthTypeProvider.cs +++ b/samples/OAuthServiceProvider/App_Code/CustomOAuthTypeProvider.cs @@ -24,7 +24,7 @@ public class CustomOAuthMessageFactory : OAuthServiceProviderMessageFactory { // inject our own type here to replace the standard one if (message is UnauthorizedTokenRequest) { - message = new RequestScopedTokenMessage(recipient, new Version(1, 0, 1)); // we're doing 1.0a here + message = new RequestScopedTokenMessage(recipient, message.Version); } return message; diff --git a/samples/OAuthServiceProvider/App_Code/DataClasses.dbml b/samples/OAuthServiceProvider/App_Code/DataClasses.dbml index a11e22d..c05df5f 100644 --- a/samples/OAuthServiceProvider/App_Code/DataClasses.dbml +++ b/samples/OAuthServiceProvider/App_Code/DataClasses.dbml @@ -33,13 +33,14 @@ <Column Name="TokenId" Type="System.Int32" DbType="Int NOT NULL IDENTITY" IsPrimaryKey="true" IsDbGenerated="true" CanBeNull="false" /> <Column Name="Token" Type="System.String" DbType="NVarChar(50) NOT NULL" CanBeNull="false" /> <Column Name="TokenSecret" Type="System.String" DbType="NVarChar(50) NOT NULL" CanBeNull="false" /> - <Column Name="State" Type="TokenAuthorizationState" DbType="Int NOT NULL" CanBeNull="false" /> + <Column Name="State" Type="TokenAuthorizationState" DbType="INT NOT NULL" CanBeNull="false" /> <Column Name="IssueDate" Type="System.DateTime" DbType="DateTime NOT NULL" CanBeNull="false" /> <Column Name="ConsumerId" Type="System.Int32" DbType="Int NOT NULL" CanBeNull="false" /> <Column Name="UserId" Type="System.Int32" DbType="Int" CanBeNull="true" /> <Column Name="Scope" Type="System.String" DbType="nvarchar(MAX)" CanBeNull="false" /> <Column Name="RequestTokenVerifier" Type="System.String" CanBeNull="true" /> <Column Name="RequestTokenCallback" Type="System.String" CanBeNull="true" /> + <Column Name="ConsumerVersion" Type="System.String" CanBeNull="true" /> <Association Name="OAuthConsumer_OAuthToken" Member="OAuthConsumer" ThisKey="ConsumerId" OtherKey="ConsumerId" Type="OAuthConsumer" IsForeignKey="true" DeleteRule="CASCADE" DeleteOnNull="true" /> <Association Name="User_OAuthToken" Member="User" ThisKey="UserId" OtherKey="UserId" Type="User" IsForeignKey="true" DeleteRule="CASCADE" /> </Type> diff --git a/samples/OAuthServiceProvider/App_Code/DataClasses.dbml.layout b/samples/OAuthServiceProvider/App_Code/DataClasses.dbml.layout index d3f0dce..e8195a7 100644 --- a/samples/OAuthServiceProvider/App_Code/DataClasses.dbml.layout +++ b/samples/OAuthServiceProvider/App_Code/DataClasses.dbml.layout @@ -20,10 +20,10 @@ <elementListCompartment Id="464308c4-d112-4448-b0c9-d9b82fb0ca4e" absoluteBounds="0.64, 3.71, 1.9700000000000002, 0.8262939453125" name="DataPropertiesCompartment" titleTextColor="Black" itemTextColor="Black" /> </nestedChildShapes> </classShape> - <classShape Id="895ebbc8-8352-4c04-9e53-b8e6c8302d36" absoluteBounds="3.5, 3.125, 2, 2.7324039713541666"> + <classShape Id="895ebbc8-8352-4c04-9e53-b8e6c8302d36" absoluteBounds="3.5, 3.125, 2, 2.9247054036458326"> <DataClassMoniker Name="/DataClassesDataContext/OAuthToken" /> <nestedChildShapes> - <elementListCompartment Id="403126d0-3d2a-4af4-b0b8-c489a830bbd4" absoluteBounds="3.515, 3.585, 1.9700000000000002, 2.1724039713541665" name="DataPropertiesCompartment" titleTextColor="Black" itemTextColor="Black" /> + <elementListCompartment Id="403126d0-3d2a-4af4-b0b8-c489a830bbd4" absoluteBounds="3.515, 3.585, 1.9700000000000002, 2.364705403645833" name="DataPropertiesCompartment" titleTextColor="Black" itemTextColor="Black" /> </nestedChildShapes> </classShape> <associationConnector edgePoints="[(2.625 : 1.31814697265625); (3.5 : 1.31814697265625)]" fixedFrom="NotFixed" fixedTo="NotFixed"> @@ -33,14 +33,14 @@ <classShapeMoniker Id="8a79b099-7f87-4766-907a-db2c3e1b5716" /> </nodes> </associationConnector> - <associationConnector edgePoints="[(2.625 : 3.94314697265625); (3.5 : 3.94314697265625)]" fixedFrom="Algorithm" fixedTo="Algorithm"> + <associationConnector edgePoints="[(2.625 : 3.94314697265625); (3.5 : 3.94314697265625)]" fixedFrom="NotFixed" fixedTo="NotFixed"> <AssociationMoniker Name="/DataClassesDataContext/OAuthConsumer/OAuthConsumer_OAuthToken" /> <nodes> <classShapeMoniker Id="f909becb-85b1-4fe6-bb16-3feb3e4fe3ee" /> <classShapeMoniker Id="895ebbc8-8352-4c04-9e53-b8e6c8302d36" /> </nodes> </associationConnector> - <associationConnector edgePoints="[(0.53125 : 2.27089680989583); (0.53125 : 5.27809895833333); (3.5 : 5.27809895833333)]" fixedFrom="Algorithm" fixedTo="Algorithm"> + <associationConnector edgePoints="[(0.53125 : 2.27089680989583); (0.53125 : 5.37424967447917); (3.5 : 5.37424967447917)]" fixedFrom="NotFixed" fixedTo="NotFixed"> <AssociationMoniker Name="/DataClassesDataContext/User/User_OAuthToken" /> <nodes> <classShapeMoniker Id="696d2c69-040e-411d-9257-bb664b743834" /> diff --git a/samples/OAuthServiceProvider/App_Code/DataClasses.designer.cs b/samples/OAuthServiceProvider/App_Code/DataClasses.designer.cs index 998f781..09b7b53 100644 --- a/samples/OAuthServiceProvider/App_Code/DataClasses.designer.cs +++ b/samples/OAuthServiceProvider/App_Code/DataClasses.designer.cs @@ -635,6 +635,8 @@ public partial class OAuthToken : INotifyPropertyChanging, INotifyPropertyChange private string _RequestTokenCallback; + private string _ConsumerVersion; + private EntityRef<OAuthConsumer> _OAuthConsumer; private EntityRef<User> _User; @@ -663,6 +665,8 @@ public partial class OAuthToken : INotifyPropertyChanging, INotifyPropertyChange partial void OnRequestTokenVerifierChanged(); partial void OnRequestTokenCallbackChanging(string value); partial void OnRequestTokenCallbackChanged(); + partial void OnConsumerVersionChanging(string value); + partial void OnConsumerVersionChanged(); #endregion public OAuthToken() @@ -732,7 +736,7 @@ public partial class OAuthToken : INotifyPropertyChanging, INotifyPropertyChange } } - [Column(Storage="_State", DbType="Int NOT NULL", CanBeNull=false)] + [Column(Storage="_State", DbType="INT NOT NULL", CanBeNull=false)] public TokenAuthorizationState State { get @@ -880,6 +884,26 @@ public partial class OAuthToken : INotifyPropertyChanging, INotifyPropertyChange } } + [Column(Storage="_ConsumerVersion")] + public string ConsumerVersion + { + get + { + return this._ConsumerVersion; + } + set + { + if ((this._ConsumerVersion != value)) + { + this.OnConsumerVersionChanging(value); + this.SendPropertyChanging(); + this._ConsumerVersion = value; + this.SendPropertyChanged("ConsumerVersion"); + this.OnConsumerVersionChanged(); + } + } + } + [Association(Name="OAuthConsumer_OAuthToken", Storage="_OAuthConsumer", ThisKey="ConsumerId", OtherKey="ConsumerId", IsForeignKey=true, DeleteOnNull=true, DeleteRule="CASCADE")] public OAuthConsumer OAuthConsumer { diff --git a/samples/OAuthServiceProvider/App_Code/DatabaseTokenManager.cs b/samples/OAuthServiceProvider/App_Code/DatabaseTokenManager.cs index 1a73461..143bbfb 100644 --- a/samples/OAuthServiceProvider/App_Code/DatabaseTokenManager.cs +++ b/samples/OAuthServiceProvider/App_Code/DatabaseTokenManager.cs @@ -52,7 +52,23 @@ public class DatabaseTokenManager : IServiceProviderTokenManager { } public Uri GetRequestTokenCallback(string requestToken) { - return new Uri(Global.DataContext.OAuthTokens.First(token => token.Token == requestToken).RequestTokenCallback); + string callback = Global.DataContext.OAuthTokens.First(token => token.Token == requestToken).RequestTokenCallback; + return callback != null ? new Uri(callback) : null; + } + + public void SetTokenConsumerVersion(string token, Version version) { + if (String.IsNullOrEmpty(token)) { + throw new ArgumentNullException("token"); + } + if (version == null) { + throw new ArgumentNullException("version"); + } + + Global.DataContext.OAuthTokens.First(t => t.Token == token).ConsumerVersion = version.ToString(); + } + + public Version GetTokenConsumerVersion(string token) { + return new Version(Global.DataContext.OAuthTokens.First(t => t.Token == token).ConsumerVersion); } #endregion diff --git a/samples/OAuthServiceProvider/Members/Authorize.aspx b/samples/OAuthServiceProvider/Members/Authorize.aspx index 69f9498..2f5edf1 100644 --- a/samples/OAuthServiceProvider/Members/Authorize.aspx +++ b/samples/OAuthServiceProvider/Members/Authorize.aspx @@ -8,23 +8,31 @@ <b>Warning</b>: Never give your login credentials to another web site or application. </div> <asp:HiddenField runat="server" ID="OAuthAuthorizationSecToken" EnableViewState="false" /> - <p>The client web site or application - <asp:Label ID="consumerLabel" Font-Bold="true" runat="server" Text="[consumer]" /> - wants access to your - <asp:Label ID="desiredAccessLabel" Font-Bold="true" runat="server" Text="[protected resource]" />. - </p> + <p>The client web site or application <asp:Label ID="consumerLabel" Font-Bold="true" + runat="server" Text="[consumer]" /> wants access to your <asp:Label ID="desiredAccessLabel" + Font-Bold="true" runat="server" Text="[protected resource]" />. </p> <p>Do you want to allow this? </p> <div> <asp:Button ID="allowAccessButton" runat="server" Text="Yes" OnClick="allowAccessButton_Click" /> - <asp:Button ID="denyAccessButton" runat="server" Text="No" - onclick="denyAccessButton_Click" /> + <asp:Button ID="denyAccessButton" runat="server" Text="No" OnClick="denyAccessButton_Click" /> </div> <p>If you grant access now, you can revoke it at any time by returning to this page. </p> + <asp:Panel runat="server" BackColor="Red" ForeColor="White" Font-Bold="true" Visible="false" ID="OAuth10ConsumerWarning"> + This website is registered with service_PROVIDER_DOMAIN_NAME to make authorization requests, but has not been configured to send requests securely. If you grant access but you did not initiate this request at consumer_DOMAIN_NAME, it may be possible for other users of consumer_DOMAIN_NAME to access your data. We recommend you deny access unless you are certain that you initiated this request directly with consumer_DOMAIN_NAME. + </asp:Panel> </asp:View> <asp:View runat="server"> - <p>Authorization has been granted. Please inform the consumer application or web site - of this. </p> + <p>Authorization has been granted.</p> + <asp:MultiView runat="server" ID="verifierMultiView" ActiveViewIndex="0"> + <asp:View runat="server"> + <p>You must enter this verification code at the Consumer: <asp:Label runat="server" + ID="verificationCodeLabel" /> </p> + </asp:View> + <asp:View ID="View1" runat="server"> + <p>You may now close this window and return to the Consumer. </p> + </asp:View> + </asp:MultiView> </asp:View> <asp:View runat="server"> <p>Authorization has been denied. You're free to do whatever now. </p> diff --git a/samples/OAuthServiceProvider/Members/Authorize.aspx.cs b/samples/OAuthServiceProvider/Members/Authorize.aspx.cs index b3094c9..e396017 100644 --- a/samples/OAuthServiceProvider/Members/Authorize.aspx.cs +++ b/samples/OAuthServiceProvider/Members/Authorize.aspx.cs @@ -37,6 +37,8 @@ public partial class Authorize : System.Web.UI.Page { CryptoRandomDataGenerator.GetBytes(randomData); this.AuthorizationSecret = Convert.ToBase64String(randomData); OAuthAuthorizationSecToken.Value = this.AuthorizationSecret; + + OAuth10ConsumerWarning.Visible = Global.PendingOAuthAuthorization.IsUnsafeRequest; } } } @@ -54,6 +56,15 @@ public partial class Authorize : System.Web.UI.Page { var response = sp.PrepareAuthorizationResponse(pending); if (response != null) { sp.Channel.Send(response); + } else { + if (pending.IsUnsafeRequest) { + verifierMultiView.ActiveViewIndex = 1; + } else { + string verifier = ServiceProvider.CreateVerificationCode(VerificationCodeFormat.AlphaNumericNoLookAlikes, 10); + verificationCodeLabel.Text = verifier; + ITokenContainingMessage requestTokenMessage = pending; + Global.TokenManager.SetRequestTokenVerifier(requestTokenMessage.Token, verifier); + } } } |