1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
|
//-----------------------------------------------------------------------
// <copyright file="OpenIdHelper.cs" company="Outercurve Foundation">
// Copyright (c) Outercurve Foundation. All rights reserved.
// </copyright>
//-----------------------------------------------------------------------
namespace DotNetOpenAuth.Mvc {
using System;
using System.Collections.Generic;
using System.Diagnostics.CodeAnalysis;
using System.Globalization;
using System.IO;
using System.Linq;
using System.Text;
using System.Web;
using System.Web.Mvc;
using System.Web.Routing;
using System.Web.UI;
using DotNetOpenAuth.Configuration;
using DotNetOpenAuth.Messaging;
using DotNetOpenAuth.OpenId;
using DotNetOpenAuth.OpenId.RelyingParty;
using Validation;
/// <summary>
/// Methods that generate HTML or Javascript for hosting AJAX OpenID "controls" on
/// ASP.NET MVC web sites.
/// </summary>
public static class OpenIdHelper {
/// <summary>
/// Emits a series of stylesheet import tags to support the AJAX OpenID Selector.
/// </summary>
/// <param name="html">The <see cref="HtmlHelper"/> on the view.</param>
/// <returns>HTML that should be sent directly to the browser.</returns>
[SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "False positive.")]
public static string OpenIdSelectorStyles(this HtmlHelper html) {
Requires.NotNull(html, "html");
using (var result = new StringWriter(CultureInfo.CurrentCulture)) {
result.WriteStylesheetLink(OpenId.RelyingParty.OpenIdSelector.EmbeddedStylesheetResourceName);
result.WriteStylesheetLink(OpenId.RelyingParty.OpenIdAjaxTextBox.EmbeddedStylesheetResourceName);
return result.ToString();
}
}
/// <summary>
/// Emits a series of script import tags and some inline script to support the AJAX OpenID Selector.
/// </summary>
/// <param name="html">The <see cref="HtmlHelper"/> on the view.</param>
/// <returns>HTML that should be sent directly to the browser.</returns>
public static string OpenIdSelectorScripts(this HtmlHelper html) {
return OpenIdSelectorScripts(html, null, null);
}
/// <summary>
/// Emits a series of script import tags and some inline script to support the AJAX OpenID Selector.
/// </summary>
/// <param name="html">The <see cref="HtmlHelper"/> on the view.</param>
/// <param name="selectorOptions">An optional instance of an <see cref="OpenIdSelector"/> control, whose properties have been customized to express how this MVC control should be rendered.</param>
/// <param name="additionalOptions">An optional set of additional script customizations.</param>
/// <returns>
/// HTML that should be sent directly to the browser.
/// </returns>
[SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "False positive")]
public static string OpenIdSelectorScripts(this HtmlHelper html, OpenIdSelector selectorOptions, OpenIdAjaxOptions additionalOptions) {
Requires.NotNull(html, "html");
bool selectorOptionsOwned = false;
if (selectorOptions == null) {
selectorOptionsOwned = true;
selectorOptions = new OpenId.RelyingParty.OpenIdSelector();
}
try {
if (additionalOptions == null) {
additionalOptions = new OpenIdAjaxOptions();
}
using (StringWriter result = new StringWriter(CultureInfo.CurrentCulture)) {
if (additionalOptions.ShowDiagnosticIFrame || additionalOptions.ShowDiagnosticTrace) {
string scriptFormat = @"window.openid_visible_iframe = {0}; // causes the hidden iframe to show up
window.openid_trace = {1}; // causes lots of messages";
result.WriteScriptBlock(string.Format(
CultureInfo.InvariantCulture,
scriptFormat,
additionalOptions.ShowDiagnosticIFrame ? "true" : "false",
additionalOptions.ShowDiagnosticTrace ? "true" : "false"));
}
var scriptResources = new[] {
OpenIdRelyingPartyControlBase.EmbeddedJavascriptResource,
OpenIdRelyingPartyAjaxControlBase.EmbeddedAjaxJavascriptResource,
OpenId.RelyingParty.OpenIdAjaxTextBox.EmbeddedScriptResourceName,
};
result.WriteScriptTags(scriptResources);
if (selectorOptions.DownloadYahooUILibrary) {
result.WriteScriptTagsUrls(new[] { "https://ajax.googleapis.com/ajax/libs/yui/2.8.0r4/build/yuiloader/yuiloader-min.js" });
}
using (var blockBuilder = new StringWriter(CultureInfo.CurrentCulture)) {
if (selectorOptions.DownloadYahooUILibrary) {
blockBuilder.WriteLine(@" try {
if (YAHOO) {
var loader = new YAHOO.util.YUILoader({
require: ['button', 'menu'],
loadOptional: false,
combine: true
});
loader.insert();
}
} catch (e) { }");
}
blockBuilder.WriteLine("window.aspnetapppath = '{0}';", VirtualPathUtility.AppendTrailingSlash(HttpContext.Current.Request.ApplicationPath));
// Positive assertions can last no longer than this library is willing to consider them valid,
// and when they come with OP private associations they last no longer than the OP is willing
// to consider them valid. We assume the OP will hold them valid for at least five minutes.
double assertionLifetimeInMilliseconds = Math.Min(TimeSpan.FromMinutes(5).TotalMilliseconds, Math.Min(OpenIdElement.Configuration.MaxAuthenticationTime.TotalMilliseconds, DotNetOpenAuthSection.Messaging.MaximumMessageLifetime.TotalMilliseconds));
blockBuilder.WriteLine(
"{0} = {1};",
OpenIdRelyingPartyAjaxControlBase.MaxPositiveAssertionLifetimeJsName,
assertionLifetimeInMilliseconds.ToString(CultureInfo.InvariantCulture));
if (additionalOptions.PreloadedDiscoveryResults != null) {
blockBuilder.WriteLine(additionalOptions.PreloadedDiscoveryResults);
}
string discoverUrl = VirtualPathUtility.AppendTrailingSlash(HttpContext.Current.Request.ApplicationPath) + html.RouteCollection["OpenIdDiscover"].GetVirtualPath(html.ViewContext.RequestContext, new RouteValueDictionary(new { identifier = "xxx" })).VirtualPath;
string blockFormat = @" {0} = function (argument, resultFunction, errorCallback) {{
jQuery.ajax({{
async: true,
dataType: 'text',
error: function (request, status, error) {{ errorCallback(status, argument); }},
success: function (result) {{ resultFunction(result, argument); }},
url: '{1}'.replace('xxx', encodeURIComponent(argument))
}});
}};";
blockBuilder.WriteLine(blockFormat, OpenIdRelyingPartyAjaxControlBase.CallbackJSFunctionAsync, discoverUrl);
blockFormat = @" window.postLoginAssertion = function (positiveAssertion) {{
$('#{0}')[0].setAttribute('value', positiveAssertion);
if ($('#{1}')[0] && !$('#{1}')[0].value) {{ // popups have no ReturnUrl predefined, but full page LogOn does.
$('#{1}')[0].setAttribute('value', window.parent.location.href);
}}
document.forms[{2}].submit();
}};";
blockBuilder.WriteLine(
blockFormat,
additionalOptions.AssertionHiddenFieldId,
additionalOptions.ReturnUrlHiddenFieldId,
additionalOptions.FormKey);
blockFormat = @" $(function () {{
var box = document.getElementsByName('openid_identifier')[0];
initAjaxOpenId(box, {0}, {1}, {2}, {3}, {4}, {5},
null, // js function to invoke on receiving a positive assertion
{6}, {7}, {8}, {9}, {10}, {11}, {12}, {13}, {14}, {15}, {16}, {17},
false, // auto postback
null); // PostBackEventReference (unused in MVC)
}});";
blockBuilder.WriteLine(
blockFormat,
MessagingUtilities.GetSafeJavascriptValue(Util.GetWebResourceUrl(typeof(OpenIdRelyingPartyControlBase), OpenIdTextBox.EmbeddedLogoResourceName)),
MessagingUtilities.GetSafeJavascriptValue(Util.GetWebResourceUrl(typeof(OpenIdRelyingPartyControlBase), OpenId.RelyingParty.OpenIdAjaxTextBox.EmbeddedSpinnerResourceName)),
MessagingUtilities.GetSafeJavascriptValue(Util.GetWebResourceUrl(typeof(OpenIdRelyingPartyControlBase), OpenId.RelyingParty.OpenIdAjaxTextBox.EmbeddedLoginSuccessResourceName)),
MessagingUtilities.GetSafeJavascriptValue(Util.GetWebResourceUrl(typeof(OpenIdRelyingPartyControlBase), OpenId.RelyingParty.OpenIdAjaxTextBox.EmbeddedLoginFailureResourceName)),
selectorOptions.Throttle,
selectorOptions.Timeout.TotalMilliseconds,
MessagingUtilities.GetSafeJavascriptValue(selectorOptions.TextBox.LogOnText),
MessagingUtilities.GetSafeJavascriptValue(selectorOptions.TextBox.LogOnToolTip),
selectorOptions.TextBox.ShowLogOnPostBackButton ? "true" : "false",
MessagingUtilities.GetSafeJavascriptValue(selectorOptions.TextBox.LogOnPostBackToolTip),
MessagingUtilities.GetSafeJavascriptValue(selectorOptions.TextBox.RetryText),
MessagingUtilities.GetSafeJavascriptValue(selectorOptions.TextBox.RetryToolTip),
MessagingUtilities.GetSafeJavascriptValue(selectorOptions.TextBox.BusyToolTip),
MessagingUtilities.GetSafeJavascriptValue(selectorOptions.TextBox.IdentifierRequiredMessage),
MessagingUtilities.GetSafeJavascriptValue(selectorOptions.TextBox.LogOnInProgressMessage),
MessagingUtilities.GetSafeJavascriptValue(selectorOptions.TextBox.AuthenticationSucceededToolTip),
MessagingUtilities.GetSafeJavascriptValue(selectorOptions.TextBox.AuthenticatedAsToolTip),
MessagingUtilities.GetSafeJavascriptValue(selectorOptions.TextBox.AuthenticationFailedToolTip));
result.WriteScriptBlock(blockBuilder.ToString());
result.WriteScriptTags(OpenId.RelyingParty.OpenIdSelector.EmbeddedScriptResourceName);
Reporting.RecordFeatureUse("MVC " + typeof(OpenIdSelector).Name);
return result.ToString();
}
}
} catch {
if (selectorOptionsOwned) {
selectorOptions.Dispose();
}
throw;
}
}
/// <summary>
/// Emits the HTML to render an OpenID Provider button as a part of the overall OpenID Selector UI.
/// </summary>
/// <param name="html">The <see cref="HtmlHelper"/> on the view.</param>
/// <param name="providerIdentifier">The OP Identifier.</param>
/// <param name="imageUrl">The URL of the image to display on the button.</param>
/// <returns>
/// HTML that should be sent directly to the browser.
/// </returns>
public static string OpenIdSelectorOPButton(this HtmlHelper html, Identifier providerIdentifier, string imageUrl) {
Requires.NotNull(html, "html");
Requires.NotNull(providerIdentifier, "providerIdentifier");
Requires.NotNullOrEmpty(imageUrl, "imageUrl");
return OpenIdSelectorButton(html, providerIdentifier, "OPButton", imageUrl);
}
/// <summary>
/// Emits the HTML to render a generic OpenID button as a part of the overall OpenID Selector UI,
/// allowing the user to enter their own OpenID.
/// </summary>
/// <param name="html">The <see cref="HtmlHelper"/> on the view.</param>
/// <param name="imageUrl">The URL of the image to display on the button.</param>
/// <returns>
/// HTML that should be sent directly to the browser.
/// </returns>
public static string OpenIdSelectorOpenIdButton(this HtmlHelper html, string imageUrl) {
Requires.NotNull(html, "html");
Requires.NotNullOrEmpty(imageUrl, "imageUrl");
return OpenIdSelectorButton(html, "OpenIDButton", "OpenIDButton", imageUrl);
}
/// <summary>
/// Emits the HTML to render the entire OpenID Selector UI.
/// </summary>
/// <param name="html">The <see cref="HtmlHelper"/> on the view.</param>
/// <param name="buttons">The buttons to include on the selector.</param>
/// <returns>
/// HTML that should be sent directly to the browser.
/// </returns>
[SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "False positive.")]
[SuppressMessage("Microsoft.Usage", "CA2202:Do not dispose objects multiple times", Justification = "Not a problem for this type.")]
public static string OpenIdSelector(this HtmlHelper html, params SelectorButton[] buttons) {
Requires.NotNull(html, "html");
Requires.NotNull(buttons, "buttons");
using (var writer = new StringWriter(CultureInfo.CurrentCulture)) {
using (var h = new HtmlTextWriter(writer)) {
h.AddAttribute(HtmlTextWriterAttribute.Class, "OpenIdProviders");
h.RenderBeginTag(HtmlTextWriterTag.Ul);
foreach (SelectorButton button in buttons) {
var op = button as SelectorProviderButton;
if (op != null) {
h.Write(OpenIdSelectorOPButton(html, op.OPIdentifier, op.Image));
continue;
}
var openid = button as SelectorOpenIdButton;
if (openid != null) {
h.Write(OpenIdSelectorOpenIdButton(html, openid.Image));
continue;
}
ErrorUtilities.VerifySupported(false, "The {0} button is not yet supported for MVC.", button.GetType().Name);
}
h.RenderEndTag(); // ul
if (buttons.OfType<SelectorOpenIdButton>().Any()) {
h.Write(OpenIdAjaxTextBox(html));
}
}
return writer.ToString();
}
}
/// <summary>
/// Emits the HTML to render the <see cref="OpenIdAjaxTextBox"/> control as a part of the overall
/// OpenID Selector UI.
/// </summary>
/// <param name="html">The <see cref="HtmlHelper"/> on the view.</param>
/// <returns>
/// HTML that should be sent directly to the browser.
/// </returns>
[SuppressMessage("Microsoft.Usage", "CA1801:ReviewUnusedParameters", MessageId = "html", Justification = "Breaking change, and it's an extension method so it's useful.")]
public static string OpenIdAjaxTextBox(this HtmlHelper html) {
return @"<div style='display: none' id='OpenIDForm'>
<span class='OpenIdAjaxTextBox' style='display: inline-block; position: relative; font-size: 16px'>
<input name='openid_identifier' id='openid_identifier' size='40' style='padding-left: 18px; border-style: solid; border-width: 1px; border-color: lightgray' />
</span>
</div>";
}
/// <summary>
/// Emits the HTML to render a button as a part of the overall OpenID Selector UI.
/// </summary>
/// <param name="html">The <see cref="HtmlHelper"/> on the view.</param>
/// <param name="id">The value to assign to the HTML id attribute.</param>
/// <param name="cssClass">The value to assign to the HTML class attribute.</param>
/// <param name="imageUrl">The URL of the image to draw on the button.</param>
/// <returns>
/// HTML that should be sent directly to the browser.
/// </returns>
[SuppressMessage("Microsoft.Usage", "CA2202:Do not dispose objects multiple times", Justification = "Not a problem for this type.")]
[SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "False positive.")]
private static string OpenIdSelectorButton(this HtmlHelper html, string id, string cssClass, string imageUrl) {
Requires.NotNull(html, "html");
Requires.NotNull(id, "id");
Requires.NotNullOrEmpty(imageUrl, "imageUrl");
using (var writer = new StringWriter(CultureInfo.CurrentCulture)) {
using (var h = new HtmlTextWriter(writer)) {
h.AddAttribute(HtmlTextWriterAttribute.Id, id);
if (!string.IsNullOrEmpty(cssClass)) {
h.AddAttribute(HtmlTextWriterAttribute.Class, cssClass);
}
h.RenderBeginTag(HtmlTextWriterTag.Li);
h.AddAttribute(HtmlTextWriterAttribute.Href, "#");
h.RenderBeginTag(HtmlTextWriterTag.A);
h.RenderBeginTag(HtmlTextWriterTag.Div);
h.RenderBeginTag(HtmlTextWriterTag.Div);
h.AddAttribute(HtmlTextWriterAttribute.Src, imageUrl);
h.RenderBeginTag(HtmlTextWriterTag.Img);
h.RenderEndTag();
h.AddAttribute(HtmlTextWriterAttribute.Src, Util.GetWebResourceUrl(typeof(OpenIdSelector), OpenId.RelyingParty.OpenIdAjaxTextBox.EmbeddedLoginSuccessResourceName));
h.AddAttribute(HtmlTextWriterAttribute.Class, "loginSuccess");
h.AddAttribute(HtmlTextWriterAttribute.Title, "Authenticated as {0}");
h.RenderBeginTag(HtmlTextWriterTag.Img);
h.RenderEndTag();
h.RenderEndTag(); // div
h.AddAttribute(HtmlTextWriterAttribute.Class, "ui-widget-overlay");
h.RenderBeginTag(HtmlTextWriterTag.Div);
h.RenderEndTag(); // div
h.RenderEndTag(); // div
h.RenderEndTag(); // a
h.RenderEndTag(); // li
}
return writer.ToString();
}
}
/// <summary>
/// Emits <script> tags that import a given set of scripts given their URLs.
/// </summary>
/// <param name="writer">The writer to emit the tags to.</param>
/// <param name="scriptUrls">The locations of the scripts to import.</param>
private static void WriteScriptTagsUrls(this TextWriter writer, IEnumerable<string> scriptUrls) {
Requires.NotNull(writer, "writer");
Requires.NotNull(scriptUrls, "scriptUrls");
foreach (string script in scriptUrls) {
writer.WriteLine("<script type='text/javascript' src='{0}'></script>", script);
}
}
/// <summary>
/// Writes out script tags that import a script from resources embedded in this assembly.
/// </summary>
/// <param name="writer">The writer to emit the tags to.</param>
/// <param name="resourceName">Name of the resource.</param>
private static void WriteScriptTags(this TextWriter writer, string resourceName) {
Requires.NotNull(writer, "writer");
Requires.NotNullOrEmpty(resourceName, "resourceName");
WriteScriptTags(writer, new[] { resourceName });
}
/// <summary>
/// Writes out script tags that import scripts from resources embedded in this assembly.
/// </summary>
/// <param name="writer">The writer to emit the tags to.</param>
/// <param name="resourceNames">The resource names.</param>
private static void WriteScriptTags(this TextWriter writer, IEnumerable<string> resourceNames) {
Requires.NotNull(writer, "writer");
Requires.NotNull(resourceNames, "resourceNames");
writer.WriteScriptTagsUrls(resourceNames.Select(r => Util.GetWebResourceUrl(typeof(OpenIdRelyingPartyControlBase), r)));
}
/// <summary>
/// Writes a given script block, surrounding it with <script> and CDATA tags.
/// </summary>
/// <param name="writer">The writer to emit the tags to.</param>
/// <param name="script">The script to inline on the page.</param>
private static void WriteScriptBlock(this TextWriter writer, string script) {
Requires.NotNull(writer, "writer");
Requires.NotNullOrEmpty(script, "script");
writer.WriteLine("<script type='text/javascript' language='javascript'><!--");
writer.WriteLine("//<![CDATA[");
writer.WriteLine(script);
writer.WriteLine("//]]>--></script>");
}
/// <summary>
/// Writes a given CSS link.
/// </summary>
/// <param name="writer">The writer to emit the tags to.</param>
/// <param name="resourceName">Name of the resource containing the CSS content.</param>
private static void WriteStylesheetLink(this TextWriter writer, string resourceName) {
Requires.NotNull(writer, "writer");
Requires.NotNullOrEmpty(resourceName, "resourceName");
WriteStylesheetLinkUrl(writer, Util.GetWebResourceUrl(typeof(OpenIdRelyingPartyAjaxControlBase), resourceName));
}
/// <summary>
/// Writes a given CSS link.
/// </summary>
/// <param name="writer">The writer to emit the tags to.</param>
/// <param name="stylesheet">The stylesheet to link in.</param>
private static void WriteStylesheetLinkUrl(this TextWriter writer, string stylesheet) {
Requires.NotNull(writer, "writer");
Requires.NotNullOrEmpty(stylesheet, "stylesheet");
writer.WriteLine("<link rel='stylesheet' type='text/css' href='{0}' />", stylesheet);
}
}
}
|
