Add a new filter to allow excluding handlers when token lifetime validation is disabled

5 years ago · 540194f3f3
3 changed files with 18 additions and 5 deletions
--- a/src/OpenIddict.Server/OpenIddictServerExtensions.cs
+++ b/src/OpenIddict.Server/OpenIddictServerExtensions.cs
@ -71,6 +71,7 @@ public static class OpenIddictServerExtensions
        builder.Services.TryAddSingleton<RequireScopePermissionsEnabled>();
        builder.Services.TryAddSingleton<RequireScopeValidationEnabled>();
        builder.Services.TryAddSingleton<RequireTokenEntryCreated>();
+        builder.Services.TryAddSingleton<RequireTokenLifetimeValidationEnabled>();
        builder.Services.TryAddSingleton<RequireTokenPayloadPersisted>();
        builder.Services.TryAddSingleton<RequireTokenRequest>();
        builder.Services.TryAddSingleton<RequireTokenStorageEnabled>();
--- a/src/OpenIddict.Server/OpenIddictServerHandlerFilters.cs
+++ b/src/OpenIddict.Server/OpenIddictServerHandlerFilters.cs
@ -507,6 +507,22 @@ public static class OpenIddictServerHandlerFilters
        }
    }

+    /// <summary>
+    /// Represents a filter that excludes the associated handlers if token lifetime validation was disabled.
+    /// </summary>
+    public class RequireTokenLifetimeValidationEnabled : IOpenIddictServerHandlerFilter<ValidateTokenContext>
+    {
+        public ValueTask<bool> IsActiveAsync(ValidateTokenContext context)
+        {
+            if (context is null)
+            {
+                throw new ArgumentNullException(nameof(context));
+            }
+
+            return new ValueTask<bool>(!context.DisableLifetimeValidation);
+        }
+    }
+
    /// <summary>
    /// Represents a filter that excludes the associated handlers if the token payload is not persisted in the database.
    /// </summary>
--- a/src/OpenIddict.Server/OpenIddictServerHandlers.Protection.cs
+++ b/src/OpenIddict.Server/OpenIddictServerHandlers.Protection.cs
@ -679,6 +679,7 @@ public static partial class OpenIddictServerHandlers
            /// </summary>
            public static OpenIddictServerHandlerDescriptor Descriptor { get; }
                = OpenIddictServerHandlerDescriptor.CreateBuilder<ValidateTokenContext>()
+                    .AddFilter<RequireTokenLifetimeValidationEnabled>()
                    .UseSingletonHandler<ValidateExpirationDate>()
                    .SetOrder(ValidatePrincipal.Descriptor.Order + 1_000)
                    .SetType(OpenIddictServerHandlerType.BuiltIn)
@ -694,11 +695,6 @@ public static partial class OpenIddictServerHandlers

                Debug.Assert(context.Principal is { Identity: ClaimsIdentity }, SR.GetResourceString(SR.ID4006));

-                if (context.DisableLifetimeValidation)
-                {
-                    return default;
-                }
-
                var date = context.Principal.GetExpirationDate();
                if (date.HasValue && date.Value < DateTimeOffset.UtcNow)
                {