tsai
/
openiddict-core
mirror of https://github.com/openiddict/openiddict-core.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Simplify Data Protection's ValidateToken helper signature

pull/1316/head
Kévin Chalet 4 years ago
parent
16be566c2d
commit
2297abe1bb
2 changed files with 51 additions and 44 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 76
      src/OpenIddict.Server.DataProtection/OpenIddictServerDataProtectionHandlers.Protection.cs
  2. 19
      src/OpenIddict.Validation.DataProtection/OpenIddictValidationDataProtectionHandlers.Protection.cs

76
src/OpenIddict.Server.DataProtection/OpenIddictServerDataProtectionHandlers.Protection.cs
View File

@ -98,49 +98,49 @@ namespace OpenIddict.Server.DataProtection
0 => context.TokenTypeHint switch 0 => context.TokenTypeHint switch
{ {
TokenTypeHints.AuthorizationCode => TokenTypeHints.AuthorizationCode =>
ValidateToken(context.Token, TokenTypeHints.AuthorizationCode) ?? ValidateToken(TokenTypeHints.AuthorizationCode) ??
ValidateToken(context.Token, TokenTypeHints.AccessToken) ?? ValidateToken(TokenTypeHints.AccessToken) ??
ValidateToken(context.Token, TokenTypeHints.RefreshToken) ?? ValidateToken(TokenTypeHints.RefreshToken) ??
ValidateToken(context.Token, TokenTypeHints.DeviceCode) ?? ValidateToken(TokenTypeHints.DeviceCode) ??
ValidateToken(context.Token, TokenTypeHints.UserCode), ValidateToken(TokenTypeHints.UserCode),
TokenTypeHints.DeviceCode => TokenTypeHints.DeviceCode =>
ValidateToken(context.Token, TokenTypeHints.DeviceCode) ?? ValidateToken(TokenTypeHints.DeviceCode) ??
ValidateToken(context.Token, TokenTypeHints.AccessToken) ?? ValidateToken(TokenTypeHints.AccessToken) ??
ValidateToken(context.Token, TokenTypeHints.RefreshToken) ?? ValidateToken(TokenTypeHints.RefreshToken) ??
ValidateToken(context.Token, TokenTypeHints.AuthorizationCode) ?? ValidateToken(TokenTypeHints.AuthorizationCode) ??
ValidateToken(context.Token, TokenTypeHints.UserCode), ValidateToken(TokenTypeHints.UserCode),
TokenTypeHints.RefreshToken => TokenTypeHints.RefreshToken =>
ValidateToken(context.Token, TokenTypeHints.RefreshToken) ?? ValidateToken(TokenTypeHints.RefreshToken) ??
ValidateToken(context.Token, TokenTypeHints.AccessToken) ?? ValidateToken(TokenTypeHints.AccessToken) ??
ValidateToken(context.Token, TokenTypeHints.AuthorizationCode) ?? ValidateToken(TokenTypeHints.AuthorizationCode) ??
ValidateToken(context.Token, TokenTypeHints.DeviceCode) ?? ValidateToken(TokenTypeHints.DeviceCode) ??
ValidateToken(context.Token, TokenTypeHints.UserCode), ValidateToken(TokenTypeHints.UserCode),
TokenTypeHints.UserCode => TokenTypeHints.UserCode =>
ValidateToken(context.Token, TokenTypeHints.UserCode) ?? ValidateToken(TokenTypeHints.UserCode) ??
ValidateToken(context.Token, TokenTypeHints.AccessToken) ?? ValidateToken(TokenTypeHints.AccessToken) ??
ValidateToken(context.Token, TokenTypeHints.RefreshToken) ?? ValidateToken(TokenTypeHints.RefreshToken) ??
ValidateToken(context.Token, TokenTypeHints.AuthorizationCode) ?? ValidateToken(TokenTypeHints.AuthorizationCode) ??
ValidateToken(context.Token, TokenTypeHints.DeviceCode), ValidateToken(TokenTypeHints.DeviceCode),
_ => _ =>
ValidateToken(context.Token, TokenTypeHints.AccessToken) ?? ValidateToken(TokenTypeHints.AccessToken) ??
ValidateToken(context.Token, TokenTypeHints.RefreshToken) ?? ValidateToken(TokenTypeHints.RefreshToken) ??
ValidateToken(context.Token, TokenTypeHints.AuthorizationCode) ?? ValidateToken(TokenTypeHints.AuthorizationCode) ??
ValidateToken(context.Token, TokenTypeHints.DeviceCode) ?? ValidateToken(TokenTypeHints.DeviceCode) ??
ValidateToken(context.Token, TokenTypeHints.UserCode), ValidateToken(TokenTypeHints.UserCode),
}, },
// If a single valid token type was set, ignore the specified token type hint. // If a single valid token type was set, ignore the specified token type hint.
1 => context.ValidTokenTypes.ElementAt(0) switch 1 => context.ValidTokenTypes.ElementAt(0) switch
{ {
TokenTypeHints.AccessToken => ValidateToken(context.Token, TokenTypeHints.AccessToken), TokenTypeHints.AccessToken => ValidateToken(TokenTypeHints.AccessToken),
TokenTypeHints.RefreshToken => ValidateToken(context.Token, TokenTypeHints.RefreshToken), TokenTypeHints.RefreshToken => ValidateToken(TokenTypeHints.RefreshToken),
TokenTypeHints.AuthorizationCode => ValidateToken(context.Token, TokenTypeHints.AuthorizationCode), TokenTypeHints.AuthorizationCode => ValidateToken(TokenTypeHints.AuthorizationCode),
TokenTypeHints.DeviceCode => ValidateToken(context.Token, TokenTypeHints.DeviceCode), TokenTypeHints.DeviceCode => ValidateToken(TokenTypeHints.DeviceCode),
TokenTypeHints.UserCode => ValidateToken(context.Token, TokenTypeHints.UserCode), TokenTypeHints.UserCode => ValidateToken(TokenTypeHints.UserCode),
_ => null // The token type is not supported by the Data Protection integration (e.g identity tokens). _ => null // The token type is not supported by the Data Protection integration (e.g identity tokens).
}, },
@ -162,11 +162,11 @@ namespace OpenIddict.Server.DataProtection
}) })
.Select(type => type switch .Select(type => type switch
{ {
TokenTypeHints.AccessToken => ValidateToken(context.Token, TokenTypeHints.AccessToken), TokenTypeHints.AccessToken => ValidateToken(TokenTypeHints.AccessToken),
TokenTypeHints.RefreshToken => ValidateToken(context.Token, TokenTypeHints.RefreshToken), TokenTypeHints.RefreshToken => ValidateToken(TokenTypeHints.RefreshToken),
TokenTypeHints.AuthorizationCode => ValidateToken(context.Token, TokenTypeHints.AuthorizationCode), TokenTypeHints.AuthorizationCode => ValidateToken(TokenTypeHints.AuthorizationCode),
TokenTypeHints.DeviceCode => ValidateToken(context.Token, TokenTypeHints.DeviceCode), TokenTypeHints.DeviceCode => ValidateToken(TokenTypeHints.DeviceCode),
TokenTypeHints.UserCode => ValidateToken(context.Token, TokenTypeHints.UserCode), TokenTypeHints.UserCode => ValidateToken(TokenTypeHints.UserCode),
_ => null // The token type is not supported by the Data Protection integration (e.g identity tokens). _ => null // The token type is not supported by the Data Protection integration (e.g identity tokens).
}) })
@ -190,7 +190,7 @@ namespace OpenIddict.Server.DataProtection
return default; return default;
ClaimsPrincipal? ValidateToken(string token, string type) ClaimsPrincipal? ValidateToken(string type)
{ {
// Create a Data Protection protector using the provider registered in the options. // Create a Data Protection protector using the provider registered in the options.
var protector = _options.CurrentValue.DataProtectionProvider.CreateProtector(type switch var protector = _options.CurrentValue.DataProtectionProvider.CreateProtector(type switch
@ -221,7 +221,7 @@ namespace OpenIddict.Server.DataProtection
try try
{ {
using var buffer = new MemoryStream(protector.Unprotect(Base64UrlEncoder.DecodeBytes(token))); using var buffer = new MemoryStream(protector.Unprotect(Base64UrlEncoder.DecodeBytes(context.Token)));
using var reader = new BinaryReader(buffer); using var reader = new BinaryReader(buffer);
// Note: since the data format relies on a data protector using different "purposes" strings // Note: since the data format relies on a data protector using different "purposes" strings
@ -231,7 +231,7 @@ namespace OpenIddict.Server.DataProtection
catch (Exception exception) catch (Exception exception)
{ {
context.Logger.LogTrace(exception, SR.GetResourceString(SR.ID6153), token); context.Logger.LogTrace(exception, SR.GetResourceString(SR.ID6153), context.Token);
return null; return null;
} }

19
src/OpenIddict.Validation.DataProtection/OpenIddictValidationDataProtectionHandlers.Protection.cs
View File

@ -73,9 +73,16 @@ namespace OpenIddict.Validation.DataProtection
// Note: unlike the equivalent handler in the server stack, the logic used here is // Note: unlike the equivalent handler in the server stack, the logic used here is
// simpler as only access tokens are currently supported by the validation stack. // simpler as only access tokens are currently supported by the validation stack.
var principal = context.ValidTokenTypes.Count is 0 || context.ValidTokenTypes.Contains(TokenTypeHints.AccessToken) ? var principal = context.ValidTokenTypes.Count switch
ValidateToken(context.Token, TokenTypeHints.AccessToken) : {
null; // If no valid token type was set, all supported token types are allowed.
0 => ValidateToken(TokenTypeHints.AccessToken),
_ when context.ValidTokenTypes.Contains(TokenTypeHints.AccessToken)
=> ValidateToken(TokenTypeHints.AccessToken),
_ => null // The token type is not supported by the Data Protection integration (e.g identity tokens).
};
if (principal is null) if (principal is null)
{ {
@ -93,7 +100,7 @@ namespace OpenIddict.Validation.DataProtection
return default; return default;
ClaimsPrincipal? ValidateToken(string token, string type) ClaimsPrincipal? ValidateToken(string type)
{ {
// Create a Data Protection protector using the provider registered in the options. // Create a Data Protection protector using the provider registered in the options.
var protector = _options.CurrentValue.DataProtectionProvider.CreateProtector(type switch var protector = _options.CurrentValue.DataProtectionProvider.CreateProtector(type switch
@ -108,7 +115,7 @@ namespace OpenIddict.Validation.DataProtection
try try
{ {
using var buffer = new MemoryStream(protector.Unprotect(Base64UrlEncoder.DecodeBytes(token))); using var buffer = new MemoryStream(protector.Unprotect(Base64UrlEncoder.DecodeBytes(context.Token)));
using var reader = new BinaryReader(buffer); using var reader = new BinaryReader(buffer);
// Note: since the data format relies on a data protector using different "purposes" strings // Note: since the data format relies on a data protector using different "purposes" strings
@ -118,7 +125,7 @@ namespace OpenIddict.Validation.DataProtection
catch (Exception exception) catch (Exception exception)
{ {
context.Logger.LogTrace(exception, SR.GetResourceString(SR.ID6153), token); context.Logger.LogTrace(exception, SR.GetResourceString(SR.ID6153), context.Token);
return null; return null;
} }

Write Preview
Loading…
Cancel
Save