tsai
/
openiddict-core
mirror of https://github.com/openiddict/openiddict-core.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Avoid using HttpContext.RequestAborted in the provider classes

pull/550/head
Kévin Chalet 8 years ago
parent
6471384676
commit
611e4a521a
6 changed files with 31 additions and 38 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      samples/Mvc.Server/Controllers/AuthorizationController.cs
  2. 28
      src/OpenIddict/OpenIddictProvider.Authentication.cs
  3. 15
      src/OpenIddict/OpenIddictProvider.Exchange.cs
  4. 11
      src/OpenIddict/OpenIddictProvider.Introspection.cs
  5. 11
      src/OpenIddict/OpenIddictProvider.Revocation.cs
  6. 2
      src/OpenIddict/OpenIddictProvider.Session.cs

2
samples/Mvc.Server/Controllers/AuthorizationController.cs
View File

@ -57,7 +57,7 @@ namespace Mvc.Server
"Make sure services.AddOpenIddict().AddMvcBinders() is correctly called."); "Make sure services.AddOpenIddict().AddMvcBinders() is correctly called.");
// Retrieve the application details from the database. // Retrieve the application details from the database.
var application = await _applicationManager.FindByClientIdAsync(request.ClientId, HttpContext.RequestAborted); var application = await _applicationManager.FindByClientIdAsync(request.ClientId);
if (application == null) if (application == null)
{ {
return View("Error", new ErrorViewModel return View("Error", new ErrorViewModel

28
src/OpenIddict/OpenIddictProvider.Authentication.cs
View File

@ -253,7 +253,7 @@ namespace OpenIddict
} }
// Retrieve the application details corresponding to the requested client_id. // Retrieve the application details corresponding to the requested client_id.
var application = await Applications.FindByClientIdAsync(context.ClientId, context.HttpContext.RequestAborted); var application = await Applications.FindByClientIdAsync(context.ClientId);
if (application == null) if (application == null)
{ {
Logger.LogError("The authorization request was rejected because the client " + Logger.LogError("The authorization request was rejected because the client " +
@ -274,7 +274,7 @@ namespace OpenIddict
// the authorization endpoint are rejected if the client_id corresponds to a confidential application. // the authorization endpoint are rejected if the client_id corresponds to a confidential application.
// Note: when using the authorization code grant, ValidateTokenRequest is responsible of rejecting // Note: when using the authorization code grant, ValidateTokenRequest is responsible of rejecting
// the token request if the client_id corresponds to an unauthenticated confidential client. // the token request if the client_id corresponds to an unauthenticated confidential client.
if (await Applications.IsConfidentialAsync(application, context.HttpContext.RequestAborted) && if (await Applications.IsConfidentialAsync(application) &&
(context.Request.HasResponseType(OpenIdConnectConstants.ResponseTypes.IdToken) || (context.Request.HasResponseType(OpenIdConnectConstants.ResponseTypes.IdToken) ||
context.Request.HasResponseType(OpenIdConnectConstants.ResponseTypes.Token))) context.Request.HasResponseType(OpenIdConnectConstants.ResponseTypes.Token)))
{ {
@ -286,8 +286,7 @@ namespace OpenIddict
} }
// Reject the request if the application is not allowed to use the authorization endpoint. // Reject the request if the application is not allowed to use the authorization endpoint.
if (!await Applications.HasPermissionAsync(application, if (!await Applications.HasPermissionAsync(application, OpenIddictConstants.Permissions.Endpoints.Authorization))
OpenIddictConstants.Permissions.Endpoints.Authorization, context.HttpContext.RequestAborted))
{ {
Logger.LogError("The authorization request was rejected because the application '{ClientId}' " + Logger.LogError("The authorization request was rejected because the application '{ClientId}' " +
"was not allowed to use the authorization endpoint.", context.ClientId); "was not allowed to use the authorization endpoint.", context.ClientId);
@ -300,8 +299,8 @@ namespace OpenIddict
} }
// Reject the request if the application is not allowed to use the authorization code flow. // Reject the request if the application is not allowed to use the authorization code flow.
if (context.Request.IsAuthorizationCodeFlow() && !await Applications.HasPermissionAsync(application, if (context.Request.IsAuthorizationCodeFlow() && !await Applications.HasPermissionAsync(
OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode, context.HttpContext.RequestAborted)) application, OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode))
{ {
Logger.LogError("The authorization request was rejected because the application '{ClientId}' " + Logger.LogError("The authorization request was rejected because the application '{ClientId}' " +
"was not allowed to use the authorization code flow.", context.ClientId); "was not allowed to use the authorization code flow.", context.ClientId);
@ -314,8 +313,8 @@ namespace OpenIddict
} }
// Reject the request if the application is not allowed to use the implicit flow. // Reject the request if the application is not allowed to use the implicit flow.
if (context.Request.IsImplicitFlow() && !await Applications.HasPermissionAsync(application, if (context.Request.IsImplicitFlow() && !await Applications.HasPermissionAsync(
OpenIddictConstants.Permissions.GrantTypes.Implicit, context.HttpContext.RequestAborted)) application, OpenIddictConstants.Permissions.GrantTypes.Implicit))
{ {
Logger.LogError("The authorization request was rejected because the application '{ClientId}' " + Logger.LogError("The authorization request was rejected because the application '{ClientId}' " +
"was not allowed to use the implicit flow.", context.ClientId); "was not allowed to use the implicit flow.", context.ClientId);
@ -328,11 +327,9 @@ namespace OpenIddict
} }
// Reject the request if the application is not allowed to use the authorization code/implicit flows. // Reject the request if the application is not allowed to use the authorization code/implicit flows.
if (context.Request.IsHybridFlow() && if (context.Request.IsHybridFlow() &&
(!await Applications.HasPermissionAsync(application, (!await Applications.HasPermissionAsync(application, OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode) ||
OpenIddictConstants.Permissions.GrantTypes.AuthorizationCode, context.HttpContext.RequestAborted) || !await Applications.HasPermissionAsync(application, OpenIddictConstants.Permissions.GrantTypes.Implicit)))
!await Applications.HasPermissionAsync(application,
OpenIddictConstants.Permissions.GrantTypes.Implicit, context.HttpContext.RequestAborted)))
{ {
Logger.LogError("The authorization request was rejected because the application '{ClientId}' " + Logger.LogError("The authorization request was rejected because the application '{ClientId}' " +
"was not allowed to use the hybrid flow.", context.ClientId); "was not allowed to use the hybrid flow.", context.ClientId);
@ -347,8 +344,7 @@ namespace OpenIddict
// Reject the request if the offline_access scope was request and if the // Reject the request if the offline_access scope was request and if the
// application is not allowed to use the authorization code/implicit flows. // application is not allowed to use the authorization code/implicit flows.
if (context.Request.HasScope(OpenIdConnectConstants.Scopes.OfflineAccess) && if (context.Request.HasScope(OpenIdConnectConstants.Scopes.OfflineAccess) &&
!await Applications.HasPermissionAsync(application, !await Applications.HasPermissionAsync(application, OpenIddictConstants.Permissions.GrantTypes.RefreshToken))
OpenIddictConstants.Permissions.GrantTypes.RefreshToken, context.HttpContext.RequestAborted))
{ {
Logger.LogError("The authorization request was rejected because the application '{ClientId}' " + Logger.LogError("The authorization request was rejected because the application '{ClientId}' " +
"was not allowed to request the 'offline_access' scope.", context.ClientId); "was not allowed to request the 'offline_access' scope.", context.ClientId);
@ -361,7 +357,7 @@ namespace OpenIddict
} }
// Ensure that the specified redirect_uri is valid and is associated with the client application. // Ensure that the specified redirect_uri is valid and is associated with the client application.
if (!await Applications.ValidateRedirectUriAsync(application, context.RedirectUri, context.HttpContext.RequestAborted)) if (!await Applications.ValidateRedirectUriAsync(application, context.RedirectUri))
{ {
Logger.LogError("The authorization request was rejected because the redirect_uri " + Logger.LogError("The authorization request was rejected because the redirect_uri " +
"was invalid: '{RedirectUri}'.", context.RedirectUri); "was invalid: '{RedirectUri}'.", context.RedirectUri);

15
src/OpenIddict/OpenIddictProvider.Exchange.cs
View File

@ -118,7 +118,7 @@ namespace OpenIddict
} }
// Retrieve the application details corresponding to the requested client_id. // Retrieve the application details corresponding to the requested client_id.
var application = await Applications.FindByClientIdAsync(context.ClientId, context.HttpContext.RequestAborted); var application = await Applications.FindByClientIdAsync(context.ClientId);
if (application == null) if (application == null)
{ {
Logger.LogError("The token request was rejected because the client " + Logger.LogError("The token request was rejected because the client " +
@ -136,8 +136,7 @@ namespace OpenIddict
context.Request.SetProperty($"{OpenIddictConstants.Properties.Application}:{context.ClientId}", application); context.Request.SetProperty($"{OpenIddictConstants.Properties.Application}:{context.ClientId}", application);
// Reject the request if the application is not allowed to use the token endpoint. // Reject the request if the application is not allowed to use the token endpoint.
if (!await Applications.HasPermissionAsync(application, if (!await Applications.HasPermissionAsync(application, OpenIddictConstants.Permissions.Endpoints.Token))
OpenIddictConstants.Permissions.Endpoints.Token, context.HttpContext.RequestAborted))
{ {
Logger.LogError("The token request was rejected because the application '{ClientId}' " + Logger.LogError("The token request was rejected because the application '{ClientId}' " +
"was not allowed to use the token endpoint.", context.ClientId); "was not allowed to use the token endpoint.", context.ClientId);
@ -151,7 +150,7 @@ namespace OpenIddict
// Reject the request if the application is not allowed to use the specified grant type. // Reject the request if the application is not allowed to use the specified grant type.
if (!await Applications.HasPermissionAsync(application, if (!await Applications.HasPermissionAsync(application,
OpenIddictConstants.Permissions.Prefixes.GrantType + context.Request.GrantType, context.HttpContext.RequestAborted)) OpenIddictConstants.Permissions.Prefixes.GrantType + context.Request.GrantType))
{ {
Logger.LogError("The token request was rejected because the application '{ClientId}' was not allowed to " + Logger.LogError("The token request was rejected because the application '{ClientId}' was not allowed to " +
"use the specified grant type: {GrantType}.", context.ClientId, context.Request.GrantType); "use the specified grant type: {GrantType}.", context.ClientId, context.Request.GrantType);
@ -163,7 +162,7 @@ namespace OpenIddict
return; return;
} }
if (await Applications.IsPublicAsync(application, context.HttpContext.RequestAborted)) if (await Applications.IsPublicAsync(application))
{ {
// Note: public applications are not allowed to use the client credentials grant. // Note: public applications are not allowed to use the client credentials grant.
if (context.Request.IsClientCredentialsGrantType()) if (context.Request.IsClientCredentialsGrantType())
@ -215,7 +214,7 @@ namespace OpenIddict
return; return;
} }
if (!await Applications.ValidateClientSecretAsync(application, context.ClientSecret, context.HttpContext.RequestAborted)) if (!await Applications.ValidateClientSecretAsync(application, context.ClientSecret))
{ {
Logger.LogError("The token request was rejected because the confidential or hybrid application " + Logger.LogError("The token request was rejected because the confidential or hybrid application " +
"'{ClientId}' didn't specify valid client credentials.", context.ClientId); "'{ClientId}' didn't specify valid client credentials.", context.ClientId);
@ -263,7 +262,7 @@ namespace OpenIddict
// If the authorization code/refresh token is already marked as redeemed, this may indicate that // If the authorization code/refresh token is already marked as redeemed, this may indicate that
// it was compromised. In this case, revoke the authorization and all the associated tokens. // it was compromised. In this case, revoke the authorization and all the associated tokens.
// See https://tools.ietf.org/html/rfc6749#section-10.5 for more information. // See https://tools.ietf.org/html/rfc6749#section-10.5 for more information.
if (await Tokens.IsRedeemedAsync(token, context.HttpContext.RequestAborted)) if (await Tokens.IsRedeemedAsync(token))
{ {
// Try to revoke the authorization and the associated tokens. // Try to revoke the authorization and the associated tokens.
// If the operation fails, the helpers will automatically log // If the operation fails, the helpers will automatically log
@ -284,7 +283,7 @@ namespace OpenIddict
return; return;
} }
else if (!await Tokens.IsValidAsync(token, context.HttpContext.RequestAborted)) else if (!await Tokens.IsValidAsync(token))
{ {
Logger.LogError("The token request was rejected because the authorization code " + Logger.LogError("The token request was rejected because the authorization code " +
"or refresh token '{Identifier}' was no longer valid.", identifier); "or refresh token '{Identifier}' was no longer valid.", identifier);

11
src/OpenIddict/OpenIddictProvider.Introspection.cs
View File

@ -51,7 +51,7 @@ namespace OpenIddict
} }
// Retrieve the application details corresponding to the requested client_id. // Retrieve the application details corresponding to the requested client_id.
var application = await Applications.FindByClientIdAsync(context.ClientId, context.HttpContext.RequestAborted); var application = await Applications.FindByClientIdAsync(context.ClientId);
if (application == null) if (application == null)
{ {
Logger.LogError("The introspection request was rejected because the client " + Logger.LogError("The introspection request was rejected because the client " +
@ -69,8 +69,7 @@ namespace OpenIddict
context.Request.SetProperty($"{OpenIddictConstants.Properties.Application}:{context.ClientId}", application); context.Request.SetProperty($"{OpenIddictConstants.Properties.Application}:{context.ClientId}", application);
// Reject the request if the application is not allowed to use the introspection endpoint. // Reject the request if the application is not allowed to use the introspection endpoint.
if (!await Applications.HasPermissionAsync(application, if (!await Applications.HasPermissionAsync(application, OpenIddictConstants.Permissions.Endpoints.Introspection))
OpenIddictConstants.Permissions.Endpoints.Introspection, context.HttpContext.RequestAborted))
{ {
Logger.LogError("The introspection request was rejected because the application '{ClientId}' " + Logger.LogError("The introspection request was rejected because the application '{ClientId}' " +
"was not allowed to use the introspection endpoint.", context.ClientId); "was not allowed to use the introspection endpoint.", context.ClientId);
@ -83,7 +82,7 @@ namespace OpenIddict
} }
// Reject introspection requests sent by public applications. // Reject introspection requests sent by public applications.
if (await Applications.IsPublicAsync(application, context.HttpContext.RequestAborted)) if (await Applications.IsPublicAsync(application))
{ {
Logger.LogError("The introspection request was rejected because the public application " + Logger.LogError("The introspection request was rejected because the public application " +
"'{ClientId}' was not allowed to use this endpoint.", context.ClientId); "'{ClientId}' was not allowed to use this endpoint.", context.ClientId);
@ -96,7 +95,7 @@ namespace OpenIddict
} }
// Validate the client credentials. // Validate the client credentials.
if (!await Applications.ValidateClientSecretAsync(application, context.ClientSecret, context.HttpContext.RequestAborted)) if (!await Applications.ValidateClientSecretAsync(application, context.ClientSecret))
{ {
Logger.LogError("The introspection request was rejected because the confidential or hybrid application " + Logger.LogError("The introspection request was rejected because the confidential or hybrid application " +
"'{ClientId}' didn't specify valid client credentials.", context.ClientId); "'{ClientId}' didn't specify valid client credentials.", context.ClientId);
@ -147,7 +146,7 @@ namespace OpenIddict
var token = context.Request.GetProperty<TToken>($"{OpenIddictConstants.Properties.Token}:{identifier}"); var token = context.Request.GetProperty<TToken>($"{OpenIddictConstants.Properties.Token}:{identifier}");
Debug.Assert(token != null, "The token shouldn't be null."); Debug.Assert(token != null, "The token shouldn't be null.");
if (!await Tokens.IsValidAsync(token, context.HttpContext.RequestAborted)) if (!await Tokens.IsValidAsync(token))
{ {
Logger.LogInformation("The token '{Identifier}' was declared as inactive because it was revoked.", identifier); Logger.LogInformation("The token '{Identifier}' was declared as inactive because it was revoked.", identifier);

11
src/OpenIddict/OpenIddictProvider.Revocation.cs
View File

@ -77,7 +77,7 @@ namespace OpenIddict
} }
// Retrieve the application details corresponding to the requested client_id. // Retrieve the application details corresponding to the requested client_id.
var application = await Applications.FindByClientIdAsync(context.ClientId, context.HttpContext.RequestAborted); var application = await Applications.FindByClientIdAsync(context.ClientId);
if (application == null) if (application == null)
{ {
Logger.LogError("The revocation request was rejected because the client " + Logger.LogError("The revocation request was rejected because the client " +
@ -95,8 +95,7 @@ namespace OpenIddict
context.Request.SetProperty($"{OpenIddictConstants.Properties.Application}:{context.ClientId}", application); context.Request.SetProperty($"{OpenIddictConstants.Properties.Application}:{context.ClientId}", application);
// Reject the request if the application is not allowed to use the revocation endpoint. // Reject the request if the application is not allowed to use the revocation endpoint.
if (!await Applications.HasPermissionAsync(application, if (!await Applications.HasPermissionAsync(application, OpenIddictConstants.Permissions.Endpoints.Revocation))
OpenIddictConstants.Permissions.Endpoints.Revocation, context.HttpContext.RequestAborted))
{ {
Logger.LogError("The revocation request was rejected because the application '{ClientId}' " + Logger.LogError("The revocation request was rejected because the application '{ClientId}' " +
"was not allowed to use the revocation endpoint.", context.ClientId); "was not allowed to use the revocation endpoint.", context.ClientId);
@ -109,7 +108,7 @@ namespace OpenIddict
} }
// Reject revocation requests containing a client_secret if the application is a public client. // Reject revocation requests containing a client_secret if the application is a public client.
if (await Applications.IsPublicAsync(application, context.HttpContext.RequestAborted)) if (await Applications.IsPublicAsync(application))
{ {
if (!string.IsNullOrEmpty(context.ClientSecret)) if (!string.IsNullOrEmpty(context.ClientSecret))
{ {
@ -147,7 +146,7 @@ namespace OpenIddict
return; return;
} }
if (!await Applications.ValidateClientSecretAsync(application, context.ClientSecret, context.HttpContext.RequestAborted)) if (!await Applications.ValidateClientSecretAsync(application, context.ClientSecret))
{ {
Logger.LogError("The revocation request was rejected because the confidential or hybrid application " + Logger.LogError("The revocation request was rejected because the confidential or hybrid application " +
"'{ClientId}' didn't specify valid client credentials.", context.ClientId); "'{ClientId}' didn't specify valid client credentials.", context.ClientId);
@ -201,7 +200,7 @@ namespace OpenIddict
var token = context.Request.GetProperty<TToken>($"{OpenIddictConstants.Properties.Token}:{identifier}"); var token = context.Request.GetProperty<TToken>($"{OpenIddictConstants.Properties.Token}:{identifier}");
Debug.Assert(token != null, "The token shouldn't be null."); Debug.Assert(token != null, "The token shouldn't be null.");
if (await Tokens.IsRevokedAsync(token, context.HttpContext.RequestAborted)) if (await Tokens.IsRevokedAsync(token))
{ {
Logger.LogInformation("The token '{Identifier}' was not revoked because " + Logger.LogInformation("The token '{Identifier}' was not revoked because " +
"it was already marked as invalid.", identifier); "it was already marked as invalid.", identifier);

2
src/OpenIddict/OpenIddictProvider.Session.cs
View File

@ -109,7 +109,7 @@ namespace OpenIddict
return; return;
} }
if (!await Applications.ValidatePostLogoutRedirectUriAsync(context.PostLogoutRedirectUri, context.HttpContext.RequestAborted)) if (!await Applications.ValidatePostLogoutRedirectUriAsync(context.PostLogoutRedirectUri))
{ {
Logger.LogError("The logout request was rejected because the specified post_logout_redirect_uri " + Logger.LogError("The logout request was rejected because the specified post_logout_redirect_uri " +
"was unknown: {PostLogoutRedirectUri}.", context.PostLogoutRedirectUri); "was unknown: {PostLogoutRedirectUri}.", context.PostLogoutRedirectUri);

Write Preview
Loading…
Cancel
Save