From 611e4a521a0fa522ac4266d6a03045c1476f371b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Chalet?= Date: Mon, 5 Feb 2018 18:35:52 +0100 Subject: [PATCH] Avoid using HttpContext.RequestAborted in the provider classes --- .../Controllers/AuthorizationController.cs | 2 +- .../OpenIddictProvider.Authentication.cs | 28 ++++++++----------- src/OpenIddict/OpenIddictProvider.Exchange.cs | 15 +++++----- .../OpenIddictProvider.Introspection.cs | 11 ++++---- .../OpenIddictProvider.Revocation.cs | 11 ++++---- src/OpenIddict/OpenIddictProvider.Session.cs | 2 +- 6 files changed, 31 insertions(+), 38 deletions(-) diff --git a/samples/Mvc.Server/Controllers/AuthorizationController.cs b/samples/Mvc.Server/Controllers/AuthorizationController.cs index 50145847..05339f8e 100644 --- a/samples/Mvc.Server/Controllers/AuthorizationController.cs +++ b/samples/Mvc.Server/Controllers/AuthorizationController.cs @@ -57,7 +57,7 @@ namespace Mvc.Server "Make sure services.AddOpenIddict().AddMvcBinders() is correctly called."); // Retrieve the application details from the database. - var application = await _applicationManager.FindByClientIdAsync(request.ClientId, HttpContext.RequestAborted); + var application = await _applicationManager.FindByClientIdAsync(request.ClientId); if (application == null) { return View("Error", new ErrorViewModel diff --git a/src/OpenIddict/OpenIddictProvider.Authentication.cs b/src/OpenIddict/OpenIddictProvider.Authentication.cs index 1028bd6d..0b20247e 100644 --- a/src/OpenIddict/OpenIddictProvider.Authentication.cs +++ b/src/OpenIddict/OpenIddictProvider.Authentication.cs @@ -253,7 +253,7 @@ namespace OpenIddict } // Retrieve the application details corresponding to the requested client_id. - var application = await Applications.FindByClientIdAsync(context.ClientId, context.HttpContext.RequestAborted); + var application = await Applications.FindByClientIdAsync(context.ClientId); if (application == null) { Logger.LogError("The authorization request was rejected because the client " + @@ -274,7 +274,7 @@ namespace OpenIddict // the authorization endpoint are rejected if the client_id corresponds to a confidential application. // Note: when using the authorization code grant, ValidateTokenRequest is responsible of rejecting // the token request if the client_id corresponds to an unauthenticated confidential client. - if (await Applications.IsConfidentialAsync(application, context.HttpContext.RequestAborted) && + if (await Applications.IsConfidentialAsync(application) && (context.Request.HasResponseType(OpenIdConnectConstants.ResponseTypes.IdToken) || context.Request.HasResponseType(OpenIdConnectConstants.ResponseTypes.Token))) { @@ -286,8 +286,7 @@ namespace OpenIddict } // Reject the request if the application is not allowed to use the authorization endpoint. - if (!await Applications.HasPermissionAsync(application, - OpenIddictConstants.Permissions.Endpoints.Authorization, context.HttpContext.RequestAborted)) + if (!await Applications.HasPermissionAsync(application, OpenIddictConstants.Permissions.Endpoints.Authorization)) { Logger.LogError("The authorization request was rejected because the application '{ClientId}' " + "was not allowed to use the authorization endpoint.", context.ClientId); @@ -300,8 +299,8 @@ namespace OpenIddict } // Reject the request if the application is not allowed to use the authorization code flow. - if (context.Request.IsAuthorizationCodeFlow() && !await Applications.HasPermissionAsync(application, - OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode, context.HttpContext.RequestAborted)) + if (context.Request.IsAuthorizationCodeFlow() && !await Applications.HasPermissionAsync( + application, OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode)) { Logger.LogError("The authorization request was rejected because the application '{ClientId}' " + "was not allowed to use the authorization code flow.", context.ClientId); @@ -314,8 +313,8 @@ namespace OpenIddict } // Reject the request if the application is not allowed to use the implicit flow. - if (context.Request.IsImplicitFlow() && !await Applications.HasPermissionAsync(application, - OpenIddictConstants.Permissions.GrantTypes.Implicit, context.HttpContext.RequestAborted)) + if (context.Request.IsImplicitFlow() && !await Applications.HasPermissionAsync( + application, OpenIddictConstants.Permissions.GrantTypes.Implicit)) { Logger.LogError("The authorization request was rejected because the application '{ClientId}' " + "was not allowed to use the implicit flow.", context.ClientId); @@ -328,11 +327,9 @@ namespace OpenIddict } // Reject the request if the application is not allowed to use the authorization code/implicit flows. - if (context.Request.IsHybridFlow() && - (!await Applications.HasPermissionAsync(application, - OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode, context.HttpContext.RequestAborted) || - !await Applications.HasPermissionAsync(application, - OpenIddictConstants.Permissions.GrantTypes.Implicit, context.HttpContext.RequestAborted))) + if (context.Request.IsHybridFlow() && + (!await Applications.HasPermissionAsync(application, OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode) || + !await Applications.HasPermissionAsync(application, OpenIddictConstants.Permissions.GrantTypes.Implicit))) { Logger.LogError("The authorization request was rejected because the application '{ClientId}' " + "was not allowed to use the hybrid flow.", context.ClientId); @@ -347,8 +344,7 @@ namespace OpenIddict // Reject the request if the offline_access scope was request and if the // application is not allowed to use the authorization code/implicit flows. if (context.Request.HasScope(OpenIdConnectConstants.Scopes.OfflineAccess) && - !await Applications.HasPermissionAsync(application, - OpenIddictConstants.Permissions.GrantTypes.RefreshToken, context.HttpContext.RequestAborted)) + !await Applications.HasPermissionAsync(application, OpenIddictConstants.Permissions.GrantTypes.RefreshToken)) { Logger.LogError("The authorization request was rejected because the application '{ClientId}' " + "was not allowed to request the 'offline_access' scope.", context.ClientId); @@ -361,7 +357,7 @@ namespace OpenIddict } // Ensure that the specified redirect_uri is valid and is associated with the client application. - if (!await Applications.ValidateRedirectUriAsync(application, context.RedirectUri, context.HttpContext.RequestAborted)) + if (!await Applications.ValidateRedirectUriAsync(application, context.RedirectUri)) { Logger.LogError("The authorization request was rejected because the redirect_uri " + "was invalid: '{RedirectUri}'.", context.RedirectUri); diff --git a/src/OpenIddict/OpenIddictProvider.Exchange.cs b/src/OpenIddict/OpenIddictProvider.Exchange.cs index 1dc62c46..4412d52c 100644 --- a/src/OpenIddict/OpenIddictProvider.Exchange.cs +++ b/src/OpenIddict/OpenIddictProvider.Exchange.cs @@ -118,7 +118,7 @@ namespace OpenIddict } // Retrieve the application details corresponding to the requested client_id. - var application = await Applications.FindByClientIdAsync(context.ClientId, context.HttpContext.RequestAborted); + var application = await Applications.FindByClientIdAsync(context.ClientId); if (application == null) { Logger.LogError("The token request was rejected because the client " + @@ -136,8 +136,7 @@ namespace OpenIddict context.Request.SetProperty($"{OpenIddictConstants.Properties.Application}:{context.ClientId}", application); // Reject the request if the application is not allowed to use the token endpoint. - if (!await Applications.HasPermissionAsync(application, - OpenIddictConstants.Permissions.Endpoints.Token, context.HttpContext.RequestAborted)) + if (!await Applications.HasPermissionAsync(application, OpenIddictConstants.Permissions.Endpoints.Token)) { Logger.LogError("The token request was rejected because the application '{ClientId}' " + "was not allowed to use the token endpoint.", context.ClientId); @@ -151,7 +150,7 @@ namespace OpenIddict // Reject the request if the application is not allowed to use the specified grant type. if (!await Applications.HasPermissionAsync(application, - OpenIddictConstants.Permissions.Prefixes.GrantType + context.Request.GrantType, context.HttpContext.RequestAborted)) + OpenIddictConstants.Permissions.Prefixes.GrantType + context.Request.GrantType)) { Logger.LogError("The token request was rejected because the application '{ClientId}' was not allowed to " + "use the specified grant type: {GrantType}.", context.ClientId, context.Request.GrantType); @@ -163,7 +162,7 @@ namespace OpenIddict return; } - if (await Applications.IsPublicAsync(application, context.HttpContext.RequestAborted)) + if (await Applications.IsPublicAsync(application)) { // Note: public applications are not allowed to use the client credentials grant. if (context.Request.IsClientCredentialsGrantType()) @@ -215,7 +214,7 @@ namespace OpenIddict return; } - if (!await Applications.ValidateClientSecretAsync(application, context.ClientSecret, context.HttpContext.RequestAborted)) + if (!await Applications.ValidateClientSecretAsync(application, context.ClientSecret)) { Logger.LogError("The token request was rejected because the confidential or hybrid application " + "'{ClientId}' didn't specify valid client credentials.", context.ClientId); @@ -263,7 +262,7 @@ namespace OpenIddict // If the authorization code/refresh token is already marked as redeemed, this may indicate that // it was compromised. In this case, revoke the authorization and all the associated tokens. // See https://tools.ietf.org/html/rfc6749#section-10.5 for more information. - if (await Tokens.IsRedeemedAsync(token, context.HttpContext.RequestAborted)) + if (await Tokens.IsRedeemedAsync(token)) { // Try to revoke the authorization and the associated tokens. // If the operation fails, the helpers will automatically log @@ -284,7 +283,7 @@ namespace OpenIddict return; } - else if (!await Tokens.IsValidAsync(token, context.HttpContext.RequestAborted)) + else if (!await Tokens.IsValidAsync(token)) { Logger.LogError("The token request was rejected because the authorization code " + "or refresh token '{Identifier}' was no longer valid.", identifier); diff --git a/src/OpenIddict/OpenIddictProvider.Introspection.cs b/src/OpenIddict/OpenIddictProvider.Introspection.cs index e066d458..2508f3f4 100644 --- a/src/OpenIddict/OpenIddictProvider.Introspection.cs +++ b/src/OpenIddict/OpenIddictProvider.Introspection.cs @@ -51,7 +51,7 @@ namespace OpenIddict } // Retrieve the application details corresponding to the requested client_id. - var application = await Applications.FindByClientIdAsync(context.ClientId, context.HttpContext.RequestAborted); + var application = await Applications.FindByClientIdAsync(context.ClientId); if (application == null) { Logger.LogError("The introspection request was rejected because the client " + @@ -69,8 +69,7 @@ namespace OpenIddict context.Request.SetProperty($"{OpenIddictConstants.Properties.Application}:{context.ClientId}", application); // Reject the request if the application is not allowed to use the introspection endpoint. - if (!await Applications.HasPermissionAsync(application, - OpenIddictConstants.Permissions.Endpoints.Introspection, context.HttpContext.RequestAborted)) + if (!await Applications.HasPermissionAsync(application, OpenIddictConstants.Permissions.Endpoints.Introspection)) { Logger.LogError("The introspection request was rejected because the application '{ClientId}' " + "was not allowed to use the introspection endpoint.", context.ClientId); @@ -83,7 +82,7 @@ namespace OpenIddict } // Reject introspection requests sent by public applications. - if (await Applications.IsPublicAsync(application, context.HttpContext.RequestAborted)) + if (await Applications.IsPublicAsync(application)) { Logger.LogError("The introspection request was rejected because the public application " + "'{ClientId}' was not allowed to use this endpoint.", context.ClientId); @@ -96,7 +95,7 @@ namespace OpenIddict } // Validate the client credentials. - if (!await Applications.ValidateClientSecretAsync(application, context.ClientSecret, context.HttpContext.RequestAborted)) + if (!await Applications.ValidateClientSecretAsync(application, context.ClientSecret)) { Logger.LogError("The introspection request was rejected because the confidential or hybrid application " + "'{ClientId}' didn't specify valid client credentials.", context.ClientId); @@ -147,7 +146,7 @@ namespace OpenIddict var token = context.Request.GetProperty($"{OpenIddictConstants.Properties.Token}:{identifier}"); Debug.Assert(token != null, "The token shouldn't be null."); - if (!await Tokens.IsValidAsync(token, context.HttpContext.RequestAborted)) + if (!await Tokens.IsValidAsync(token)) { Logger.LogInformation("The token '{Identifier}' was declared as inactive because it was revoked.", identifier); diff --git a/src/OpenIddict/OpenIddictProvider.Revocation.cs b/src/OpenIddict/OpenIddictProvider.Revocation.cs index 72f85ef9..09a610d3 100644 --- a/src/OpenIddict/OpenIddictProvider.Revocation.cs +++ b/src/OpenIddict/OpenIddictProvider.Revocation.cs @@ -77,7 +77,7 @@ namespace OpenIddict } // Retrieve the application details corresponding to the requested client_id. - var application = await Applications.FindByClientIdAsync(context.ClientId, context.HttpContext.RequestAborted); + var application = await Applications.FindByClientIdAsync(context.ClientId); if (application == null) { Logger.LogError("The revocation request was rejected because the client " + @@ -95,8 +95,7 @@ namespace OpenIddict context.Request.SetProperty($"{OpenIddictConstants.Properties.Application}:{context.ClientId}", application); // Reject the request if the application is not allowed to use the revocation endpoint. - if (!await Applications.HasPermissionAsync(application, - OpenIddictConstants.Permissions.Endpoints.Revocation, context.HttpContext.RequestAborted)) + if (!await Applications.HasPermissionAsync(application, OpenIddictConstants.Permissions.Endpoints.Revocation)) { Logger.LogError("The revocation request was rejected because the application '{ClientId}' " + "was not allowed to use the revocation endpoint.", context.ClientId); @@ -109,7 +108,7 @@ namespace OpenIddict } // Reject revocation requests containing a client_secret if the application is a public client. - if (await Applications.IsPublicAsync(application, context.HttpContext.RequestAborted)) + if (await Applications.IsPublicAsync(application)) { if (!string.IsNullOrEmpty(context.ClientSecret)) { @@ -147,7 +146,7 @@ namespace OpenIddict return; } - if (!await Applications.ValidateClientSecretAsync(application, context.ClientSecret, context.HttpContext.RequestAborted)) + if (!await Applications.ValidateClientSecretAsync(application, context.ClientSecret)) { Logger.LogError("The revocation request was rejected because the confidential or hybrid application " + "'{ClientId}' didn't specify valid client credentials.", context.ClientId); @@ -201,7 +200,7 @@ namespace OpenIddict var token = context.Request.GetProperty($"{OpenIddictConstants.Properties.Token}:{identifier}"); Debug.Assert(token != null, "The token shouldn't be null."); - if (await Tokens.IsRevokedAsync(token, context.HttpContext.RequestAborted)) + if (await Tokens.IsRevokedAsync(token)) { Logger.LogInformation("The token '{Identifier}' was not revoked because " + "it was already marked as invalid.", identifier); diff --git a/src/OpenIddict/OpenIddictProvider.Session.cs b/src/OpenIddict/OpenIddictProvider.Session.cs index 09e94030..3787b2ef 100644 --- a/src/OpenIddict/OpenIddictProvider.Session.cs +++ b/src/OpenIddict/OpenIddictProvider.Session.cs @@ -109,7 +109,7 @@ namespace OpenIddict return; } - if (!await Applications.ValidatePostLogoutRedirectUriAsync(context.PostLogoutRedirectUri, context.HttpContext.RequestAborted)) + if (!await Applications.ValidatePostLogoutRedirectUriAsync(context.PostLogoutRedirectUri)) { Logger.LogError("The logout request was rejected because the specified post_logout_redirect_uri " + "was unknown: {PostLogoutRedirectUri}.", context.PostLogoutRedirectUri);