tsai
/
openiddict-core
mirror of https://github.com/openiddict/openiddict-core.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Update the ASP.NET Core/OWIN integrations to allow returning authentication tickets with a null or empty principal

pull/1808/head
Kévin Chalet 3 years ago
parent
86555d02e4
commit
7391a3e178
6 changed files with 29 additions and 47 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 16
      src/OpenIddict.Client.AspNetCore/OpenIddictClientAspNetCoreHandler.cs
  2. 9
      src/OpenIddict.Client.Owin/OpenIddictClientOwinHandler.cs
  3. 12
      src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandler.cs
  4. 13
      src/OpenIddict.Server.Owin/OpenIddictServerOwinHandler.cs
  5. 13
      src/OpenIddict.Validation.AspNetCore/OpenIddictValidationAspNetCoreHandler.cs
  6. 13
      src/OpenIddict.Validation.Owin/OpenIddictValidationOwinHandler.cs

16
src/OpenIddict.Client.AspNetCore/OpenIddictClientAspNetCoreHandler.cs
View File

@ -135,6 +135,14 @@ public sealed class OpenIddictClientAspNetCoreHandler : AuthenticationHandler<Op
else if (context.IsRejected)
{
// Note: the missing_token error is special-cased to indicate to ASP.NET Core
// that no authentication result could be produced due to the lack of token.
// This also helps reducing the logging noise when no token is specified.
if (string.Equals(context.Error, Errors.MissingToken, StringComparison.Ordinal))
{
return AuthenticateResult.NoResult();
}
var properties = new AuthenticationProperties(new Dictionary<string, string?>
{
[Properties.Error] = context.Error,
@ -147,11 +155,6 @@ public sealed class OpenIddictClientAspNetCoreHandler : AuthenticationHandler<Op
else
{
if (context.MergedPrincipal is not ClaimsPrincipal principal)
{
return AuthenticateResult.NoResult();
}
// Restore or create a new authentication properties collection and populate it.
var properties = CreateProperties(context.StateTokenPrincipal);
properties.ExpiresUtc = context.StateTokenPrincipal?.GetExpirationDate();
@ -314,7 +317,8 @@ public sealed class OpenIddictClientAspNetCoreHandler : AuthenticationHandler<Op
properties.SetParameter(Properties.UserinfoTokenPrincipal, context.UserinfoTokenPrincipal);
}
return AuthenticateResult.Success(new AuthenticationTicket(principal, properties,
return AuthenticateResult.Success(new AuthenticationTicket(
context.MergedPrincipal ?? new ClaimsPrincipal(new ClaimsIdentity()), properties,
OpenIddictClientAspNetCoreDefaults.AuthenticationScheme));
static AuthenticationProperties CreateProperties(ClaimsPrincipal? principal)

9
src/OpenIddict.Client.Owin/OpenIddictClientOwinHandler.cs
View File

@ -168,11 +168,6 @@ public sealed class OpenIddictClientOwinHandler : AuthenticationHandler<OpenIddi
else
{
if (context.MergedPrincipal is not ClaimsPrincipal principal)
{
return null;
}
// Restore or create a new authentication properties collection and populate it.
var properties = CreateProperties(context.StateTokenPrincipal);
properties.ExpiresUtc = context.StateTokenPrincipal?.GetExpirationDate();
@ -240,7 +235,7 @@ public sealed class OpenIddictClientOwinHandler : AuthenticationHandler<OpenIddi
properties.Dictionary[Tokens.UserinfoToken] = context.UserinfoToken;
}
return new AuthenticationTicket((ClaimsIdentity) principal.Identity, properties);
return new AuthenticationTicket(context.MergedPrincipal?.Identity as ClaimsIdentity, properties);
static AuthenticationProperties CreateProperties(ClaimsPrincipal? principal)
{
@ -270,7 +265,7 @@ public sealed class OpenIddictClientOwinHandler : AuthenticationHandler<OpenIddi
/// <inheritdoc/>
protected override async Task TeardownCoreAsync()
{
// Note: OWIN authentication handlers cannot reliabily write to the response stream
// Note: OWIN authentication handlers cannot reliably write to the response stream
// from ApplyResponseGrantAsync() or ApplyResponseChallengeAsync() because these methods
// are susceptible to be invoked from AuthenticationHandler.OnSendingHeaderCallback(),
// where calling Write() or WriteAsync() on the response stream may result in a deadlock

12
src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandler.cs
View File

@ -186,15 +186,10 @@ public sealed class OpenIddictServerAspNetCoreHandler : AuthenticationHandler<Op
_ => null
};
if (principal is null)
{
return AuthenticateResult.NoResult();
}
// Restore or create a new authentication properties collection and populate it.
var properties = CreateProperties(principal);
properties.ExpiresUtc = principal.GetExpirationDate();
properties.IssuedUtc = principal.GetCreationDate();
properties.ExpiresUtc = principal?.GetExpirationDate();
properties.IssuedUtc = principal?.GetCreationDate();
List<AuthenticationToken>? tokens = null;
@ -311,7 +306,8 @@ public sealed class OpenIddictServerAspNetCoreHandler : AuthenticationHandler<Op
properties.StoreTokens(tokens);
}
return AuthenticateResult.Success(new AuthenticationTicket(principal, properties,
return AuthenticateResult.Success(new AuthenticationTicket(
principal ?? new ClaimsPrincipal(new ClaimsIdentity()), properties,
OpenIddictServerAspNetCoreDefaults.AuthenticationScheme));
}

13
src/OpenIddict.Server.Owin/OpenIddictServerOwinHandler.cs
View File

@ -192,15 +192,10 @@ public sealed class OpenIddictServerOwinHandler : AuthenticationHandler<OpenIddi
_ => null
};
if (principal is null)
{
return null;
}
// Restore or create a new authentication properties collection and populate it.
var properties = CreateProperties(principal);
properties.ExpiresUtc = principal.GetExpirationDate();
properties.IssuedUtc = principal.GetCreationDate();
properties.ExpiresUtc = principal?.GetExpirationDate();
properties.IssuedUtc = principal?.GetCreationDate();
// Attach the tokens to allow any OWIN component (e.g a controller)
// to retrieve them (e.g to make an API request to another application).
@ -240,7 +235,7 @@ public sealed class OpenIddictServerOwinHandler : AuthenticationHandler<OpenIddi
properties.Dictionary[Tokens.UserCode] = context.UserCode;
}
return new AuthenticationTicket((ClaimsIdentity) principal.Identity, properties);
return new AuthenticationTicket(principal?.Identity as ClaimsIdentity, properties);
}
static AuthenticationProperties CreateProperties(ClaimsPrincipal? principal)
@ -270,7 +265,7 @@ public sealed class OpenIddictServerOwinHandler : AuthenticationHandler<OpenIddi
/// <inheritdoc/>
protected override async Task TeardownCoreAsync()
{
// Note: OWIN authentication handlers cannot reliabily write to the response stream
// Note: OWIN authentication handlers cannot reliably write to the response stream
// from ApplyResponseGrantAsync() or ApplyResponseChallengeAsync() because these methods
// are susceptible to be invoked from AuthenticationHandler.OnSendingHeaderCallback(),
// where calling Write() or WriteAsync() on the response stream may result in a deadlock

13
src/OpenIddict.Validation.AspNetCore/OpenIddictValidationAspNetCoreHandler.cs
View File

@ -5,6 +5,7 @@
*/
using System.ComponentModel;
using System.Security.Claims;
using System.Text.Encodings.Web;
using Microsoft.Extensions.Logging;
using Microsoft.Extensions.Options;
@ -162,15 +163,10 @@ public sealed class OpenIddictValidationAspNetCoreHandler : AuthenticationHandle
_ => null
};
if (principal is null)
{
return AuthenticateResult.NoResult();
}
var properties = new AuthenticationProperties
{
ExpiresUtc = principal.GetExpirationDate(),
IssuedUtc = principal.GetCreationDate()
ExpiresUtc = principal?.GetExpirationDate(),
IssuedUtc = principal?.GetCreationDate()
};
List<AuthenticationToken>? tokens = null;
@ -198,7 +194,8 @@ public sealed class OpenIddictValidationAspNetCoreHandler : AuthenticationHandle
properties.StoreTokens(tokens);
}
return AuthenticateResult.Success(new AuthenticationTicket(principal, properties,
return AuthenticateResult.Success(new AuthenticationTicket(
principal ?? new ClaimsPrincipal(new ClaimsIdentity()), properties,
OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme));
}
}

13
src/OpenIddict.Validation.Owin/OpenIddictValidationOwinHandler.cs
View File

@ -170,15 +170,10 @@ public sealed class OpenIddictValidationOwinHandler : AuthenticationHandler<Open
_ => null
};
if (principal is null)
{
return null;
}
var properties = new AuthenticationProperties
{
ExpiresUtc = principal.GetExpirationDate(),
IssuedUtc = principal.GetCreationDate()
ExpiresUtc = principal?.GetExpirationDate(),
IssuedUtc = principal?.GetCreationDate()
};
// Attach the tokens to allow any OWIN/Katana component (e.g a controller)
@ -189,14 +184,14 @@ public sealed class OpenIddictValidationOwinHandler : AuthenticationHandler<Open
properties.Dictionary[TokenTypeHints.AccessToken] = context.AccessToken;
}
return new AuthenticationTicket((ClaimsIdentity) principal.Identity, properties);
return new AuthenticationTicket(principal?.Identity as ClaimsIdentity, properties);
}
}
/// <inheritdoc/>
protected override async Task TeardownCoreAsync()
{
// Note: OWIN authentication handlers cannot reliabily write to the response stream
// Note: OWIN authentication handlers cannot reliably write to the response stream
// from ApplyResponseGrantAsync() or ApplyResponseChallengeAsync() because these methods
// are susceptible to be invoked from AuthenticationHandler.OnSendingHeaderCallback(),
// where calling Write() or WriteAsync() on the response stream may result in a deadlock

Write Preview
Loading…
Cancel
Save