diff options
Diffstat (limited to 'src/DotNetOpenAuth.OAuth2.AuthorizationServer')
5 files changed, 35 insertions, 47 deletions
diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthorizationServer.cs b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthorizationServer.cs index a5f7d9b..edc821f 100644 --- a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthorizationServer.cs +++ b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthorizationServer.cs @@ -12,6 +12,8 @@ namespace DotNetOpenAuth.OAuth2 { using System.Net.Http; using System.Security.Cryptography; using System.Text; + using System.Threading; + using System.Threading.Tasks; using System.Web; using DotNetOpenAuth.Configuration; using DotNetOpenAuth.Messaging; @@ -46,7 +48,7 @@ namespace DotNetOpenAuth.OAuth2 { Requires.NotNull(authorizationServer, "authorizationServer"); this.aggregatingClientAuthenticationModule = new AggregatingClientCredentialReader(this.clientAuthenticationModules); this.Channel = new OAuth2AuthorizationServerChannel(authorizationServer, this.aggregatingClientAuthenticationModule); - this.clientAuthenticationModules.AddRange(OAuth2AuthorizationServerSection.Configuration.ClientAuthenticationModules.CreateInstances(true)); + this.clientAuthenticationModules.AddRange(OAuth2AuthorizationServerSection.Configuration.ClientAuthenticationModules.CreateInstances(true, null)); this.ScopeSatisfiedCheck = DefaultScopeSatisfiedCheck; } @@ -87,13 +89,13 @@ namespace DotNetOpenAuth.OAuth2 { /// <returns>The incoming request, or null if no OAuth message was attached.</returns> /// <exception cref="ProtocolException">Thrown if an unexpected OAuth message is attached to the incoming request.</exception> [SuppressMessage("Microsoft.Naming", "CA2204:Literals should be spelled correctly", MessageId = "unauthorizedclient", Justification = "Protocol required.")] - public EndUserAuthorizationRequest ReadAuthorizationRequest(HttpRequestBase request = null) { + public async Task<EndUserAuthorizationRequest> ReadAuthorizationRequestAsync(HttpRequestBase request = null, CancellationToken cancellationToken = default (CancellationToken)) { if (request == null) { request = this.Channel.GetRequestFromContext(); } - EndUserAuthorizationRequest message; - if (this.Channel.TryReadFromRequest(request, out message)) { + var message = await this.Channel.TryReadFromRequestAsync<EndUserAuthorizationRequest>(cancellationToken, request); + if (message != null) { if (message.ResponseType == EndUserAuthorizationResponseType.AuthorizationCode) { // Clients with no secrets can only request implicit grant types. var client = this.AuthorizationServerServices.GetClientOrThrow(message.ClientIdentifier); @@ -105,38 +107,12 @@ namespace DotNetOpenAuth.OAuth2 { } /// <summary> - /// Approves an authorization request and sends an HTTP response to the user agent to redirect the user back to the Client. - /// </summary> - /// <param name="authorizationRequest">The authorization request to approve.</param> - /// <param name="userName">The username of the account that approved the request (or whose data will be accessed by the client).</param> - /// <param name="scopes">The scope of access the client should be granted. If <c>null</c>, all scopes in the original request will be granted.</param> - /// <param name="callback">The Client callback URL to use when formulating the redirect to send the user agent back to the Client.</param> - public void ApproveAuthorizationRequest(EndUserAuthorizationRequest authorizationRequest, string userName, IEnumerable<string> scopes = null, Uri callback = null) { - Requires.NotNull(authorizationRequest, "authorizationRequest"); - - var response = this.PrepareApproveAuthorizationRequest(authorizationRequest, userName, scopes, callback); - this.Channel.Respond(response); - } - - /// <summary> - /// Rejects an authorization request and sends an HTTP response to the user agent to redirect the user back to the Client. - /// </summary> - /// <param name="authorizationRequest">The authorization request to disapprove.</param> - /// <param name="callback">The Client callback URL to use when formulating the redirect to send the user agent back to the Client.</param> - public void RejectAuthorizationRequest(EndUserAuthorizationRequest authorizationRequest, Uri callback = null) { - Requires.NotNull(authorizationRequest, "authorizationRequest"); - - var response = this.PrepareRejectAuthorizationRequest(authorizationRequest, callback); - this.Channel.Respond(response); - } - - /// <summary> /// Handles an incoming request to the authorization server's token endpoint. /// </summary> /// <param name="request">The HTTP request.</param> /// <returns>The HTTP response to send to the client.</returns> - public OutgoingWebResponse HandleTokenRequest(HttpRequestMessage request) { - return this.HandleTokenRequest(new HttpRequestInfo(request)); + public Task<HttpResponseMessage> HandleTokenRequestAsync(HttpRequestMessage request) { + return this.HandleTokenRequestAsync(new HttpRequestInfo(request)); } /// <summary> @@ -144,7 +120,7 @@ namespace DotNetOpenAuth.OAuth2 { /// </summary> /// <param name="request">The HTTP request.</param> /// <returns>The HTTP response to send to the client.</returns> - public OutgoingWebResponse HandleTokenRequest(HttpRequestBase request = null) { + public async Task<HttpResponseMessage> HandleTokenRequestAsync(HttpRequestBase request = null, CancellationToken cancellationToken = default(CancellationToken)) { if (request == null) { request = this.Channel.GetRequestFromContext(); } @@ -152,7 +128,8 @@ namespace DotNetOpenAuth.OAuth2 { AccessTokenRequestBase requestMessage; IProtocolMessage responseMessage; try { - if (this.Channel.TryReadFromRequest(request, out requestMessage)) { + requestMessage = await this.Channel.TryReadFromRequestAsync<AccessTokenRequestBase>(cancellationToken, request); + if (requestMessage != null) { var accessTokenResult = this.AuthorizationServerServices.CreateAccessToken(requestMessage); ErrorUtilities.VerifyHost(accessTokenResult != null, "IAuthorizationServerHost.CreateAccessToken must not return null."); @@ -179,7 +156,7 @@ namespace DotNetOpenAuth.OAuth2 { responseMessage = new AccessTokenFailedResponse() { Error = Protocol.AccessTokenRequestErrorCodes.InvalidRequest }; } - return this.Channel.PrepareResponse(responseMessage); + return await this.Channel.PrepareResponseAsync(responseMessage, cancellationToken); } /// <summary> diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/AuthServerBindingElementBase.cs b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/AuthServerBindingElementBase.cs index 9d3a52c..d824663 100644 --- a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/AuthServerBindingElementBase.cs +++ b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/AuthServerBindingElementBase.cs @@ -9,6 +9,8 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { using System.Collections.Generic; using System.Linq; using System.Text; + using System.Threading; + using System.Threading.Tasks; using Messaging; /// <summary> @@ -64,7 +66,7 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { /// Implementations that provide message protection must honor the /// <see cref="MessagePartAttribute.RequiredProtection"/> properties where applicable. /// </remarks> - public abstract MessageProtections? ProcessOutgoingMessage(IProtocolMessage message); + public abstract Task<MessageProtections?> ProcessOutgoingMessageAsync(IProtocolMessage message, CancellationToken cancellationToken); /// <summary> /// Performs any transformation on an incoming message that may be necessary and/or @@ -83,6 +85,6 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { /// Implementations that provide message protection must honor the /// <see cref="MessagePartAttribute.RequiredProtection"/> properties where applicable. /// </remarks> - public abstract MessageProtections? ProcessIncomingMessage(IProtocolMessage message); + public abstract Task<MessageProtections?> ProcessIncomingMessageAsync(IProtocolMessage message, CancellationToken cancellationToken); } } diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs index 6d4220b..ac2977b 100644 --- a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs +++ b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/MessageValidationBindingElement.cs @@ -10,6 +10,8 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { using System.Globalization; using System.Linq; using System.Text; + using System.Threading; + using System.Threading.Tasks; using DotNetOpenAuth.OAuth2.Messages; using Messaging; using Validation; @@ -60,7 +62,7 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { /// Implementations that provide message protection must honor the /// <see cref="MessagePartAttribute.RequiredProtection"/> properties where applicable. /// </remarks> - public override MessageProtections? ProcessOutgoingMessage(IProtocolMessage message) { + public override Task<MessageProtections?> ProcessOutgoingMessageAsync(IProtocolMessage message, CancellationToken cancellationToken) { var accessTokenResponse = message as AccessTokenSuccessResponse; if (accessTokenResponse != null) { var directResponseMessage = (IDirectResponseProtocolMessage)accessTokenResponse; @@ -88,7 +90,7 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { /// Implementations that provide message protection must honor the /// <see cref="MessagePartAttribute.RequiredProtection"/> properties where applicable. /// </remarks> - public override MessageProtections? ProcessIncomingMessage(IProtocolMessage message) { + public override async Task<MessageProtections?> ProcessIncomingMessageAsync(IProtocolMessage message, CancellationToken cancellationToken) { bool applied = false; // Check that the client secret is correct for client authenticated messages. diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/OAuth2AuthorizationServerChannel.cs b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/OAuth2AuthorizationServerChannel.cs index 249f5e7..e8d609e 100644 --- a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/OAuth2AuthorizationServerChannel.cs +++ b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/OAuth2AuthorizationServerChannel.cs @@ -7,7 +7,12 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { using System; using System.Collections.Generic; + using System.Net.Http; + using System.Net.Http.Headers; using System.Net.Mime; + using System.Text; + using System.Threading; + using System.Threading.Tasks; using System.Web; using DotNetOpenAuth.Messaging; using DotNetOpenAuth.OAuth2.AuthServer.Messages; @@ -61,7 +66,7 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { /// The deserialized message parts, if found. Null otherwise. /// </returns> /// <exception cref="ProtocolException">Thrown when the response is not valid.</exception> - protected override IDictionary<string, string> ReadFromResponseCore(IncomingWebResponse response) { + protected override Task<IDictionary<string, string>> ReadFromResponseCoreAsync(HttpResponseMessage response) { throw new NotImplementedException(); } @@ -75,11 +80,11 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { /// <remarks> /// This method implements spec OAuth V1.0 section 5.3. /// </remarks> - protected override OutgoingWebResponse PrepareDirectResponse(IProtocolMessage response) { - var webResponse = new OutgoingWebResponse(); + protected override HttpResponseMessage PrepareDirectResponse(IProtocolMessage response) { + var webResponse = new HttpResponseMessage(); ApplyMessageTemplate(response, webResponse); string json = this.SerializeAsJson(response); - webResponse.SetResponse(json, new ContentType(JsonEncoded)); + webResponse.Content = new StringContent(json, Encoding.UTF8, JsonEncoded); return webResponse; } @@ -90,7 +95,7 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { /// <returns> /// The deserialized message, if one is found. Null otherwise. /// </returns> - protected override IDirectedProtocolMessage ReadFromRequestCore(HttpRequestBase request) { + protected override IDirectedProtocolMessage ReadFromRequestCore(HttpRequestBase request, CancellationToken cancellationToken) { if (!string.IsNullOrEmpty(request.Url.Fragment)) { var fields = HttpUtility.ParseQueryString(request.Url.Fragment.Substring(1)).ToDictionary(); @@ -105,7 +110,7 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { return (IDirectedProtocolMessage)this.Receive(fields, recipient); } - return base.ReadFromRequestCore(request); + return base.ReadFromRequestCore(request, cancellationToken); } /// <summary> diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/TokenCodeSerializationBindingElement.cs b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/TokenCodeSerializationBindingElement.cs index 5a1dbae..f24fa7f 100644 --- a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/TokenCodeSerializationBindingElement.cs +++ b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/ChannelElements/TokenCodeSerializationBindingElement.cs @@ -12,6 +12,8 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { using System.Linq; using System.Security.Cryptography; using System.Text; + using System.Threading; + using System.Threading.Tasks; using DotNetOpenAuth.Messaging; using DotNetOpenAuth.Messaging.Bindings; using DotNetOpenAuth.OAuth2.AuthServer.ChannelElements; @@ -45,7 +47,7 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { /// Implementations that provide message protection must honor the /// <see cref="MessagePartAttribute.RequiredProtection"/> properties where applicable. /// </remarks> - public override MessageProtections? ProcessOutgoingMessage(IProtocolMessage message) { + public override async Task<MessageProtections?> ProcessOutgoingMessageAsync(IProtocolMessage message, CancellationToken cancellationToken) { var directResponse = message as IDirectResponseProtocolMessage; var request = directResponse != null ? directResponse.OriginatingRequest as IAccessTokenRequestInternal : null; @@ -98,7 +100,7 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { [SuppressMessage("Microsoft.Naming", "CA2204:Literals should be spelled correctly", MessageId = "incorrectclientcredentials", Justification = "Protocol requirement")] [SuppressMessage("Microsoft.Naming", "CA2204:Literals should be spelled correctly", MessageId = "authorizationexpired", Justification = "Protocol requirement")] [SuppressMessage("Microsoft.Globalization", "CA1303:Do not pass literals as localized parameters", MessageId = "DotNetOpenAuth.Messaging.ErrorUtilities.VerifyProtocol(System.Boolean,System.String,System.Object[])", Justification = "Protocol requirement")] - public override MessageProtections? ProcessIncomingMessage(IProtocolMessage message) { + public override async Task<MessageProtections?> ProcessIncomingMessageAsync(IProtocolMessage message, CancellationToken cancellationToken) { var authCodeCarrier = message as IAuthorizationCodeCarryingRequest; if (authCodeCarrier != null) { var authorizationCodeFormatter = AuthorizationCode.CreateFormatter(this.AuthorizationServer); |