diff options
Diffstat (limited to 'src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2')
7 files changed, 44 insertions, 80 deletions
diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthorizationServer.cs b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthorizationServer.cs index fdcab8b..fecc6be 100644 --- a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthorizationServer.cs +++ b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthorizationServer.cs @@ -23,20 +23,14 @@ namespace DotNetOpenAuth.OAuth2 { /// </summary> public class AuthorizationServer { /// <summary> - /// The built-in set of client authentication modules. - /// </summary> - private static readonly TypeConfigurationCollection<IClientAuthenticationModule> defaultClientAuthenticationModules = - new TypeConfigurationCollection<IClientAuthenticationModule>(new Type[] { typeof(ClientCredentialHttpBasicReader), typeof(ClientCredentialMessagePartReader) }); - - /// <summary> /// The list of modules that verify client authentication data. /// </summary> - private readonly List<IClientAuthenticationModule> clientAuthenticationModules = new List<IClientAuthenticationModule>(); + private readonly List<ClientAuthenticationModule> clientAuthenticationModules = new List<ClientAuthenticationModule>(); /// <summary> /// The lone aggregate client authentication module that uses the <see cref="clientAuthenticationModules"/> and applies aggregating policy. /// </summary> - private readonly ClientAuthenticationModuleBase aggregatingClientAuthenticationModule; + private readonly ClientAuthenticationModule aggregatingClientAuthenticationModule; /// <summary> /// Initializes a new instance of the <see cref="AuthorizationServer"/> class. @@ -46,16 +40,7 @@ namespace DotNetOpenAuth.OAuth2 { Requires.NotNull(authorizationServer, "authorizationServer"); this.aggregatingClientAuthenticationModule = new AggregatingClientCredentialReader(this.clientAuthenticationModules); this.Channel = new OAuth2AuthorizationServerChannel(authorizationServer, this.aggregatingClientAuthenticationModule); - - var modules = OAuth2Element.Configuration.AuthorizationServer.ClientAuthenticationModules; - if (modules.Count == 0) { - modules = defaultClientAuthenticationModules; - } - - // TODO: work this out once we move configurations into the oauth2 authorization server. - ////this.clientAuthenticationModules.AddRange(modules.CreateInstances(true)); - this.clientAuthenticationModules.Add(new ClientCredentialMessagePartReader(authorizationServer)); - this.clientAuthenticationModules.Add(new ClientCredentialHttpBasicReader(authorizationServer)); + this.clientAuthenticationModules.AddRange(OAuth2AuthorizationServerSection.Configuration.ClientAuthenticationModules.CreateInstances(true)); } /// <summary> @@ -75,7 +60,7 @@ namespace DotNetOpenAuth.OAuth2 { /// <summary> /// Gets the extension modules that can read client authentication data from incoming messages. /// </summary> - public IList<IClientAuthenticationModule> ClientAuthenticationModules { + public IList<ClientAuthenticationModule> ClientAuthenticationModules { get { return this.clientAuthenticationModules; } } diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/AggregatingClientCredentialReader.cs b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/AggregatingClientCredentialReader.cs index 6eff5f5..4f60303 100644 --- a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/AggregatingClientCredentialReader.cs +++ b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/AggregatingClientCredentialReader.cs @@ -17,17 +17,17 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { /// <summary> /// Applies OAuth 2 spec policy for supporting multiple methods of client authentication. /// </summary> - internal class AggregatingClientCredentialReader : ClientAuthenticationModuleBase { + internal class AggregatingClientCredentialReader : ClientAuthenticationModule { /// <summary> /// The set of authenticators to apply to an incoming request. /// </summary> - private readonly IEnumerable<IClientAuthenticationModule> authenticators; + private readonly IEnumerable<ClientAuthenticationModule> authenticators; /// <summary> /// Initializes a new instance of the <see cref="AggregatingClientCredentialReader"/> class. /// </summary> /// <param name="authenticators">The set of authentication modules to apply.</param> - internal AggregatingClientCredentialReader(IEnumerable<IClientAuthenticationModule> authenticators) { + internal AggregatingClientCredentialReader(IEnumerable<ClientAuthenticationModule> authenticators) { Requires.NotNull(authenticators, "readers"); this.authenticators = authenticators; } @@ -35,19 +35,21 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { /// <summary> /// Attempts to extract client identification/authentication information from a message. /// </summary> + /// <param name="authorizationServerHost">The authorization server host.</param> /// <param name="requestMessage">The incoming message.</param> /// <param name="clientIdentifier">Receives the client identifier, if one was found.</param> /// <returns>The level of the extracted client information.</returns> - public override ClientAuthenticationResult TryAuthenticateClient(AuthenticatedClientRequestBase requestMessage, out string clientIdentifier) { + public override ClientAuthenticationResult TryAuthenticateClient(IAuthorizationServerHost authorizationServerHost, AuthenticatedClientRequestBase requestMessage, out string clientIdentifier) { + Requires.NotNull(authorizationServerHost, "authorizationServerHost"); Requires.NotNull(requestMessage, "requestMessage"); - IClientAuthenticationModule authenticator = null; + ClientAuthenticationModule authenticator = null; ClientAuthenticationResult result = ClientAuthenticationResult.NoAuthenticationRecognized; clientIdentifier = null; foreach (var candidateAuthenticator in this.authenticators) { string candidateClientIdentifier; - var resultCandidate = candidateAuthenticator.TryAuthenticateClient(requestMessage, out candidateClientIdentifier); + var resultCandidate = candidateAuthenticator.TryAuthenticateClient(authorizationServerHost, requestMessage, out candidateClientIdentifier); ErrorUtilities.VerifyProtocol( result == ClientAuthenticationResult.NoAuthenticationRecognized || resultCandidate == ClientAuthenticationResult.NoAuthenticationRecognized, diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/ClientAuthenticationModuleBase.cs b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/ClientAuthenticationModuleBase.cs index 262116d..e835e1e 100644 --- a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/ClientAuthenticationModuleBase.cs +++ b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/ClientAuthenticationModuleBase.cs @@ -15,32 +15,24 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { using DotNetOpenAuth.OAuth2.Messages; /// <summary> - /// A convenient base class for imlementations of the <see cref="IClientAuthenticationModule"/> interface. + /// A base class for extensions that can read incoming messages and extract the client identifier and + /// possibly authentication information (like a shared secret, signed nonce, etc.) /// </summary> - public abstract class ClientAuthenticationModuleBase : IClientAuthenticationModule { + public abstract class ClientAuthenticationModule { /// <summary> - /// Initializes a new instance of the <see cref="ClientAuthenticationModuleBase"/> class. + /// Initializes a new instance of the <see cref="ClientAuthenticationModule"/> class. /// </summary> - protected ClientAuthenticationModuleBase() { + protected ClientAuthenticationModule() { } /// <summary> /// Attempts to extract client identification/authentication information from a message. /// </summary> + /// <param name="authorizationServerHost">The authorization server host.</param> /// <param name="requestMessage">The incoming message.</param> /// <param name="clientIdentifier">Receives the client identifier, if one was found.</param> /// <returns>The level of the extracted client information.</returns> - public abstract ClientAuthenticationResult TryAuthenticateClient(AuthenticatedClientRequestBase requestMessage, out string clientIdentifier); - - /// <summary> - /// Attempts to extract client identification/authentication information from a message. - /// </summary> - /// <param name="requestMessage">The incoming message. Always an instance of <see cref="AuthenticatedClientRequestBase"/></param> - /// <param name="clientIdentifier">Receives the client identifier, if one was found.</param> - /// <returns>The level of the extracted client information.</returns> - public ClientAuthenticationResult TryAuthenticateClient(IDirectedProtocolMessage requestMessage, out string clientIdentifier) { - return this.TryAuthenticateClient((AuthenticatedClientRequestBase)requestMessage, out clientIdentifier); - } + public abstract ClientAuthenticationResult TryAuthenticateClient(IAuthorizationServerHost authorizationServerHost, AuthenticatedClientRequestBase requestMessage, out string clientIdentifier); /// <summary> /// Validates a client identifier and shared secret against the authoriation server's database. diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/ClientCredentialHttpBasicReader.cs b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/ClientCredentialHttpBasicReader.cs index b375d29..44af332 100644 --- a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/ClientCredentialHttpBasicReader.cs +++ b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/ClientCredentialHttpBasicReader.cs @@ -16,34 +16,22 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { /// <summary> /// Reads client authentication information from the HTTP Authorization header via Basic authentication. /// </summary> - public class ClientCredentialHttpBasicReader : ClientAuthenticationModuleBase { - /// <summary> - /// The authorization server host. - /// </summary> - private readonly IAuthorizationServerHost authorizationServerHost; - - /// <summary> - /// Initializes a new instance of the <see cref="ClientCredentialHttpBasicReader"/> class. - /// </summary> - /// <param name="authorizationServerHost">The authorization server host.</param> - public ClientCredentialHttpBasicReader(IAuthorizationServerHost authorizationServerHost) { - Requires.NotNull(authorizationServerHost, "authorizationServerHost"); - this.authorizationServerHost = authorizationServerHost; - } - + public class ClientCredentialHttpBasicReader : ClientAuthenticationModule { /// <summary> /// Attempts to extract client identification/authentication information from a message. /// </summary> + /// <param name="authorizationServerHost">The authorization server host.</param> /// <param name="requestMessage">The incoming message.</param> /// <param name="clientIdentifier">Receives the client identifier, if one was found.</param> /// <returns>The level of the extracted client information.</returns> - public override ClientAuthenticationResult TryAuthenticateClient(AuthenticatedClientRequestBase requestMessage, out string clientIdentifier) { + public override ClientAuthenticationResult TryAuthenticateClient(IAuthorizationServerHost authorizationServerHost, AuthenticatedClientRequestBase requestMessage, out string clientIdentifier) { + Requires.NotNull(authorizationServerHost, "authorizationServerHost"); Requires.NotNull(requestMessage, "requestMessage"); var credential = OAuthUtilities.ParseHttpBasicAuth(requestMessage.Headers); if (credential != null) { clientIdentifier = credential.UserName; - return TryAuthenticateClient(this.authorizationServerHost, credential.UserName, credential.Password); + return TryAuthenticateClient(authorizationServerHost, credential.UserName, credential.Password); } clientIdentifier = null; diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/ClientCredentialMessagePartReader.cs b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/ClientCredentialMessagePartReader.cs index 2df68a6..6579df2 100644 --- a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/ClientCredentialMessagePartReader.cs +++ b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/ClientCredentialMessagePartReader.cs @@ -15,31 +15,20 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { /// <summary> /// Reads client authentication information from the message payload itself (POST entity as a URI-encoded parameter). /// </summary> - public class ClientCredentialMessagePartReader : ClientAuthenticationModuleBase { - /// <summary> - /// The authorization server host. - /// </summary> - private readonly IAuthorizationServerHost authorizationServerHost; - - /// <summary> - /// Initializes a new instance of the <see cref="ClientCredentialMessagePartReader"/> class. - /// </summary> - /// <param name="authorizationServerHost">The authorization server host.</param> - public ClientCredentialMessagePartReader(IAuthorizationServerHost authorizationServerHost) { - Requires.NotNull(authorizationServerHost, "authorizationServerHost"); - this.authorizationServerHost = authorizationServerHost; - } - + public class ClientCredentialMessagePartReader : ClientAuthenticationModule { /// <summary> /// Attempts to extract client identification/authentication information from a message. /// </summary> + /// <param name="authorizationServerHost">The authorization server host.</param> /// <param name="requestMessage">The incoming message.</param> /// <param name="clientIdentifier">Receives the client identifier, if one was found.</param> /// <returns>The level of the extracted client information.</returns> - public override ClientAuthenticationResult TryAuthenticateClient(AuthenticatedClientRequestBase requestMessage, out string clientIdentifier) { + public override ClientAuthenticationResult TryAuthenticateClient(IAuthorizationServerHost authorizationServerHost, AuthenticatedClientRequestBase requestMessage, out string clientIdentifier) { + Requires.NotNull(authorizationServerHost, "authorizationServerHost"); Requires.NotNull(requestMessage, "requestMessage"); + clientIdentifier = requestMessage.ClientIdentifier; - return TryAuthenticateClient(this.authorizationServerHost, requestMessage.ClientIdentifier, requestMessage.ClientSecret); + return TryAuthenticateClient(authorizationServerHost, requestMessage.ClientIdentifier, requestMessage.ClientSecret); } } } diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs index 40f3df8..e114208 100644 --- a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs +++ b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs @@ -26,15 +26,23 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { /// <summary> /// The aggregating client authentication module. /// </summary> - private readonly IClientAuthenticationModule clientAuthenticationModule; + private readonly ClientAuthenticationModule clientAuthenticationModule; + + /// <summary> + /// The authorization server host that applies. + /// </summary> + private readonly IAuthorizationServerHost authorizationServer; /// <summary> /// Initializes a new instance of the <see cref="MessageValidationBindingElement"/> class. /// </summary> /// <param name="clientAuthenticationModule">The aggregating client authentication module.</param> - internal MessageValidationBindingElement(IClientAuthenticationModule clientAuthenticationModule) { + internal MessageValidationBindingElement(ClientAuthenticationModule clientAuthenticationModule, IAuthorizationServerHost authorizationServer) { Requires.NotNull(clientAuthenticationModule, "clientAuthenticationModule"); + Requires.NotNull(authorizationServer, "authorizationServer"); + this.clientAuthenticationModule = clientAuthenticationModule; + this.authorizationServer = authorizationServer; } /// <summary> @@ -95,7 +103,7 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { var authenticatedClientRequest = message as AuthenticatedClientRequestBase; if (authenticatedClientRequest != null) { string clientIdentifier; - var result = this.clientAuthenticationModule.TryAuthenticateClient(authenticatedClientRequest, out clientIdentifier); + var result = this.clientAuthenticationModule.TryAuthenticateClient(this.authorizationServer, authenticatedClientRequest, out clientIdentifier); AuthServerUtilities.TokenEndpointVerify(result != ClientAuthenticationResult.ClientIdNotAuthenticated, Protocol.AccessTokenRequestErrorCodes.UnauthorizedClient); // an empty secret is not allowed for client authenticated calls. AuthServerUtilities.TokenEndpointVerify(result == ClientAuthenticationResult.ClientAuthenticated, Protocol.AccessTokenRequestErrorCodes.InvalidClient, AuthServerStrings.ClientSecretMismatch); authenticatedClientRequest.ClientIdentifier = clientIdentifier; diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/OAuth2AuthorizationServerChannel.cs b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/OAuth2AuthorizationServerChannel.cs index 8c3ed4a..53dfb54 100644 --- a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/OAuth2AuthorizationServerChannel.cs +++ b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/OAuth2AuthorizationServerChannel.cs @@ -36,7 +36,7 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { /// </summary> /// <param name="authorizationServer">The authorization server.</param> /// <param name="clientAuthenticationModule">The aggregating client authentication module.</param> - protected internal OAuth2AuthorizationServerChannel(IAuthorizationServerHost authorizationServer, IClientAuthenticationModule clientAuthenticationModule) + protected internal OAuth2AuthorizationServerChannel(IAuthorizationServerHost authorizationServer, ClientAuthenticationModule clientAuthenticationModule) : base(MessageTypes, InitializeBindingElements(authorizationServer, clientAuthenticationModule)) { Requires.NotNull(authorizationServer, "authorizationServer"); this.AuthorizationServer = authorizationServer; @@ -111,14 +111,14 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { /// <returns> /// An array of binding elements used to initialize the channel. /// </returns> - private static IChannelBindingElement[] InitializeBindingElements(IAuthorizationServerHost authorizationServer, IClientAuthenticationModule clientAuthenticationModule) { + private static IChannelBindingElement[] InitializeBindingElements(IAuthorizationServerHost authorizationServer, ClientAuthenticationModule clientAuthenticationModule) { Requires.NotNull(authorizationServer, "authorizationServer"); Requires.NotNull(clientAuthenticationModule, "clientAuthenticationModule"); var bindingElements = new List<IChannelBindingElement>(); // The order they are provided is used for outgoing messgaes, and reversed for incoming messages. - bindingElements.Add(new MessageValidationBindingElement(clientAuthenticationModule)); + bindingElements.Add(new MessageValidationBindingElement(clientAuthenticationModule, authorizationServer)); bindingElements.Add(new TokenCodeSerializationBindingElement()); return bindingElements.ToArray(); |