tsai
/
openiddict-core
mirror of https://github.com/openiddict/openiddict-core.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Simplify Data Protection's ValidateToken helper signature

pull/1316/head
Kévin Chalet 4 years ago
parent
16be566c2d
commit
2297abe1bb
2 changed files with 51 additions and 44 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 76
      src/OpenIddict.Server.DataProtection/OpenIddictServerDataProtectionHandlers.Protection.cs
  2. 19
      src/OpenIddict.Validation.DataProtection/OpenIddictValidationDataProtectionHandlers.Protection.cs

76
src/OpenIddict.Server.DataProtection/OpenIddictServerDataProtectionHandlers.Protection.cs
View File

@ -98,49 +98,49 @@ namespace OpenIddict.Server.DataProtection
0 => context.TokenTypeHint switch
{
TokenTypeHints.AuthorizationCode =>
ValidateToken(context.Token, TokenTypeHints.AuthorizationCode) ??
ValidateToken(context.Token, TokenTypeHints.AccessToken) ??
ValidateToken(context.Token, TokenTypeHints.RefreshToken) ??
ValidateToken(context.Token, TokenTypeHints.DeviceCode) ??
ValidateToken(context.Token, TokenTypeHints.UserCode),
ValidateToken(TokenTypeHints.AuthorizationCode) ??
ValidateToken(TokenTypeHints.AccessToken) ??
ValidateToken(TokenTypeHints.RefreshToken) ??
ValidateToken(TokenTypeHints.DeviceCode) ??
ValidateToken(TokenTypeHints.UserCode),
TokenTypeHints.DeviceCode =>
ValidateToken(context.Token, TokenTypeHints.DeviceCode) ??
ValidateToken(context.Token, TokenTypeHints.AccessToken) ??
ValidateToken(context.Token, TokenTypeHints.RefreshToken) ??
ValidateToken(context.Token, TokenTypeHints.AuthorizationCode) ??
ValidateToken(context.Token, TokenTypeHints.UserCode),
ValidateToken(TokenTypeHints.DeviceCode) ??
ValidateToken(TokenTypeHints.AccessToken) ??
ValidateToken(TokenTypeHints.RefreshToken) ??
ValidateToken(TokenTypeHints.AuthorizationCode) ??
ValidateToken(TokenTypeHints.UserCode),
TokenTypeHints.RefreshToken =>
ValidateToken(context.Token, TokenTypeHints.RefreshToken) ??
ValidateToken(context.Token, TokenTypeHints.AccessToken) ??
ValidateToken(context.Token, TokenTypeHints.AuthorizationCode) ??
ValidateToken(context.Token, TokenTypeHints.DeviceCode) ??
ValidateToken(context.Token, TokenTypeHints.UserCode),
ValidateToken(TokenTypeHints.RefreshToken) ??
ValidateToken(TokenTypeHints.AccessToken) ??
ValidateToken(TokenTypeHints.AuthorizationCode) ??
ValidateToken(TokenTypeHints.DeviceCode) ??
ValidateToken(TokenTypeHints.UserCode),
TokenTypeHints.UserCode =>
ValidateToken(context.Token, TokenTypeHints.UserCode) ??
ValidateToken(context.Token, TokenTypeHints.AccessToken) ??
ValidateToken(context.Token, TokenTypeHints.RefreshToken) ??
ValidateToken(context.Token, TokenTypeHints.AuthorizationCode) ??
ValidateToken(context.Token, TokenTypeHints.DeviceCode),
ValidateToken(TokenTypeHints.UserCode) ??
ValidateToken(TokenTypeHints.AccessToken) ??
ValidateToken(TokenTypeHints.RefreshToken) ??
ValidateToken(TokenTypeHints.AuthorizationCode) ??
ValidateToken(TokenTypeHints.DeviceCode),
_ =>
ValidateToken(context.Token, TokenTypeHints.AccessToken) ??
ValidateToken(context.Token, TokenTypeHints.RefreshToken) ??
ValidateToken(context.Token, TokenTypeHints.AuthorizationCode) ??
ValidateToken(context.Token, TokenTypeHints.DeviceCode) ??
ValidateToken(context.Token, TokenTypeHints.UserCode),
ValidateToken(TokenTypeHints.AccessToken) ??
ValidateToken(TokenTypeHints.RefreshToken) ??
ValidateToken(TokenTypeHints.AuthorizationCode) ??
ValidateToken(TokenTypeHints.DeviceCode) ??
ValidateToken(TokenTypeHints.UserCode),
},
// If a single valid token type was set, ignore the specified token type hint.
1 => context.ValidTokenTypes.ElementAt(0) switch
{
TokenTypeHints.AccessToken => ValidateToken(context.Token, TokenTypeHints.AccessToken),
TokenTypeHints.RefreshToken => ValidateToken(context.Token, TokenTypeHints.RefreshToken),
TokenTypeHints.AuthorizationCode => ValidateToken(context.Token, TokenTypeHints.AuthorizationCode),
TokenTypeHints.DeviceCode => ValidateToken(context.Token, TokenTypeHints.DeviceCode),
TokenTypeHints.UserCode => ValidateToken(context.Token, TokenTypeHints.UserCode),
TokenTypeHints.AccessToken => ValidateToken(TokenTypeHints.AccessToken),
TokenTypeHints.RefreshToken => ValidateToken(TokenTypeHints.RefreshToken),
TokenTypeHints.AuthorizationCode => ValidateToken(TokenTypeHints.AuthorizationCode),
TokenTypeHints.DeviceCode => ValidateToken(TokenTypeHints.DeviceCode),
TokenTypeHints.UserCode => ValidateToken(TokenTypeHints.UserCode),
_ => null // The token type is not supported by the Data Protection integration (e.g identity tokens).
},
@ -162,11 +162,11 @@ namespace OpenIddict.Server.DataProtection
})
.Select(type => type switch
{
TokenTypeHints.AccessToken => ValidateToken(context.Token, TokenTypeHints.AccessToken),
TokenTypeHints.RefreshToken => ValidateToken(context.Token, TokenTypeHints.RefreshToken),
TokenTypeHints.AuthorizationCode => ValidateToken(context.Token, TokenTypeHints.AuthorizationCode),
TokenTypeHints.DeviceCode => ValidateToken(context.Token, TokenTypeHints.DeviceCode),
TokenTypeHints.UserCode => ValidateToken(context.Token, TokenTypeHints.UserCode),
TokenTypeHints.AccessToken => ValidateToken(TokenTypeHints.AccessToken),
TokenTypeHints.RefreshToken => ValidateToken(TokenTypeHints.RefreshToken),
TokenTypeHints.AuthorizationCode => ValidateToken(TokenTypeHints.AuthorizationCode),
TokenTypeHints.DeviceCode => ValidateToken(TokenTypeHints.DeviceCode),
TokenTypeHints.UserCode => ValidateToken(TokenTypeHints.UserCode),
_ => null // The token type is not supported by the Data Protection integration (e.g identity tokens).
})
@ -190,7 +190,7 @@ namespace OpenIddict.Server.DataProtection
return default;
ClaimsPrincipal? ValidateToken(string token, string type)
ClaimsPrincipal? ValidateToken(string type)
{
// Create a Data Protection protector using the provider registered in the options.
var protector = _options.CurrentValue.DataProtectionProvider.CreateProtector(type switch
@ -221,7 +221,7 @@ namespace OpenIddict.Server.DataProtection
try
{
using var buffer = new MemoryStream(protector.Unprotect(Base64UrlEncoder.DecodeBytes(token)));
using var buffer = new MemoryStream(protector.Unprotect(Base64UrlEncoder.DecodeBytes(context.Token)));
using var reader = new BinaryReader(buffer);
// Note: since the data format relies on a data protector using different "purposes" strings
@ -231,7 +231,7 @@ namespace OpenIddict.Server.DataProtection
catch (Exception exception)
{
context.Logger.LogTrace(exception, SR.GetResourceString(SR.ID6153), token);
context.Logger.LogTrace(exception, SR.GetResourceString(SR.ID6153), context.Token);
return null;
}

19
src/OpenIddict.Validation.DataProtection/OpenIddictValidationDataProtectionHandlers.Protection.cs
View File

@ -73,9 +73,16 @@ namespace OpenIddict.Validation.DataProtection
// Note: unlike the equivalent handler in the server stack, the logic used here is
// simpler as only access tokens are currently supported by the validation stack.
var principal = context.ValidTokenTypes.Count is 0 || context.ValidTokenTypes.Contains(TokenTypeHints.AccessToken) ?
ValidateToken(context.Token, TokenTypeHints.AccessToken) :
null;
var principal = context.ValidTokenTypes.Count switch
{
// If no valid token type was set, all supported token types are allowed.
0 => ValidateToken(TokenTypeHints.AccessToken),
_ when context.ValidTokenTypes.Contains(TokenTypeHints.AccessToken)
=> ValidateToken(TokenTypeHints.AccessToken),
_ => null // The token type is not supported by the Data Protection integration (e.g identity tokens).
};
if (principal is null)
{
@ -93,7 +100,7 @@ namespace OpenIddict.Validation.DataProtection
return default;
ClaimsPrincipal? ValidateToken(string token, string type)
ClaimsPrincipal? ValidateToken(string type)
{
// Create a Data Protection protector using the provider registered in the options.
var protector = _options.CurrentValue.DataProtectionProvider.CreateProtector(type switch
@ -108,7 +115,7 @@ namespace OpenIddict.Validation.DataProtection
try
{
using var buffer = new MemoryStream(protector.Unprotect(Base64UrlEncoder.DecodeBytes(token)));
using var buffer = new MemoryStream(protector.Unprotect(Base64UrlEncoder.DecodeBytes(context.Token)));
using var reader = new BinaryReader(buffer);
// Note: since the data format relies on a data protector using different "purposes" strings
@ -118,7 +125,7 @@ namespace OpenIddict.Validation.DataProtection
catch (Exception exception)
{
context.Logger.LogTrace(exception, SR.GetResourceString(SR.ID6153), token);
context.Logger.LogTrace(exception, SR.GetResourceString(SR.ID6153), context.Token);
return null;
}

Write Preview
Loading…
Cancel
Save