tsai
/
openiddict-core
mirror of https://github.com/openiddict/openiddict-core.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Incorporate the changes committed in the rel/3.0.3 branch

pull/1245/head
Kévin Chalet 5 years ago
parent
bc64aa72e2 57d5923225
commit
78901e3e7e
6 changed files with 88 additions and 7 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      src/OpenIddict.EntityFramework/Stores/OpenIddictEntityFrameworkAuthorizationStore.cs
  2. 8
      src/OpenIddict.EntityFramework/Stores/OpenIddictEntityFrameworkTokenStore.cs
  3. 8
      src/OpenIddict.EntityFrameworkCore/Stores/OpenIddictEntityFrameworkCoreAuthorizationStore.cs
  4. 8
      src/OpenIddict.EntityFrameworkCore/Stores/OpenIddictEntityFrameworkCoreTokenStore.cs
  5. 6
      src/OpenIddict.Server/OpenIddictServerHandlers.Authentication.cs
  6. 57
      test/OpenIddict.Server.IntegrationTests/OpenIddictServerIntegrationTests.Authentication.cs

8
src/OpenIddict.EntityFramework/Stores/OpenIddictEntityFrameworkAuthorizationStore.cs
View File

@ -633,9 +633,15 @@ namespace OpenIddict.EntityFramework
// and thus prevent them from being concurrently modified outside this block. // and thus prevent them from being concurrently modified outside this block.
using var transaction = CreateTransaction(); using var transaction = CreateTransaction();
// Note: the Oracle MySQL provider doesn't support DateTimeOffset and is unable
// to create a SQL query with an expression calling DateTimeOffset.UtcDateTime.
// To work around this limitation, the threshold represented as a DateTimeOffset
// instance is manually converted to a UTC DateTime instance outside the query.
var date = threshold.UtcDateTime;
var authorizations = var authorizations =
await (from authorization in Authorizations.Include(authorization => authorization.Tokens) await (from authorization in Authorizations.Include(authorization => authorization.Tokens)
where authorization.CreationDate < threshold.UtcDateTime where authorization.CreationDate < date
where authorization.Status != Statuses.Valid || where authorization.Status != Statuses.Valid ||
(authorization.Type == AuthorizationTypes.AdHoc && !authorization.Tokens.Any()) (authorization.Type == AuthorizationTypes.AdHoc && !authorization.Tokens.Any())
orderby authorization.Id orderby authorization.Id

8
src/OpenIddict.EntityFramework/Stores/OpenIddictEntityFrameworkTokenStore.cs
View File

@ -618,9 +618,15 @@ namespace OpenIddict.EntityFramework
// and thus prevent them from being concurrently modified outside this block. // and thus prevent them from being concurrently modified outside this block.
using var transaction = CreateTransaction(); using var transaction = CreateTransaction();
// Note: the Oracle MySQL provider doesn't support DateTimeOffset and is unable
// to create a SQL query with an expression calling DateTimeOffset.UtcDateTime.
// To work around this limitation, the threshold represented as a DateTimeOffset
// instance is manually converted to a UTC DateTime instance outside the query.
var date = threshold.UtcDateTime;
var tokens = await var tokens = await
(from token in Tokens (from token in Tokens
where token.CreationDate < threshold.UtcDateTime where token.CreationDate < date
where (token.Status != Statuses.Inactive && token.Status != Statuses.Valid) || where (token.Status != Statuses.Inactive && token.Status != Statuses.Valid) ||
(token.Authorization != null && token.Authorization.Status != Statuses.Valid) || (token.Authorization != null && token.Authorization.Status != Statuses.Valid) ||
token.ExpirationDate < DateTime.UtcNow token.ExpirationDate < DateTime.UtcNow

8
src/OpenIddict.EntityFrameworkCore/Stores/OpenIddictEntityFrameworkCoreAuthorizationStore.cs
View File

@ -713,9 +713,15 @@ namespace OpenIddict.EntityFrameworkCore
// and thus prevent them from being concurrently modified outside this block. // and thus prevent them from being concurrently modified outside this block.
using var transaction = await CreateTransactionAsync(); using var transaction = await CreateTransactionAsync();
// Note: the Oracle MySQL provider doesn't support DateTimeOffset and is unable
// to create a SQL query with an expression calling DateTimeOffset.UtcDateTime.
// To work around this limitation, the threshold represented as a DateTimeOffset
// instance is manually converted to a UTC DateTime instance outside the query.
var date = threshold.UtcDateTime;
var authorizations = var authorizations =
await (from authorization in Authorizations.Include(authorization => authorization.Tokens).AsTracking() await (from authorization in Authorizations.Include(authorization => authorization.Tokens).AsTracking()
where authorization.CreationDate < threshold.UtcDateTime where authorization.CreationDate < date
where authorization.Status != Statuses.Valid || where authorization.Status != Statuses.Valid ||
(authorization.Type == AuthorizationTypes.AdHoc && !authorization.Tokens.Any()) (authorization.Type == AuthorizationTypes.AdHoc && !authorization.Tokens.Any())
orderby authorization.Id orderby authorization.Id

8
src/OpenIddict.EntityFrameworkCore/Stores/OpenIddictEntityFrameworkCoreTokenStore.cs
View File

@ -681,9 +681,15 @@ namespace OpenIddict.EntityFrameworkCore
// and thus prevent them from being concurrently modified outside this block. // and thus prevent them from being concurrently modified outside this block.
using var transaction = await CreateTransactionAsync(); using var transaction = await CreateTransactionAsync();
// Note: the Oracle MySQL provider doesn't support DateTimeOffset and is unable
// to create a SQL query with an expression calling DateTimeOffset.UtcDateTime.
// To work around this limitation, the threshold represented as a DateTimeOffset
// instance is manually converted to a UTC DateTime instance outside the query.
var date = threshold.UtcDateTime;
var tokens = await var tokens = await
(from token in Tokens.AsTracking() (from token in Tokens.AsTracking()
where token.CreationDate < threshold.UtcDateTime where token.CreationDate < date
where (token.Status != Statuses.Inactive && token.Status != Statuses.Valid) || where (token.Status != Statuses.Inactive && token.Status != Statuses.Valid) ||
(token.Authorization != null && token.Authorization.Status != Statuses.Valid) || (token.Authorization != null && token.Authorization.Status != Statuses.Valid) ||
token.ExpirationDate < DateTime.UtcNow token.ExpirationDate < DateTime.UtcNow

6
src/OpenIddict.Server/OpenIddictServerHandlers.Authentication.cs
View File

@ -1588,9 +1588,9 @@ namespace OpenIddict.Server
Debug.Assert(!string.IsNullOrEmpty(context.ClientId), SR.FormatID4000(Parameters.ClientId)); Debug.Assert(!string.IsNullOrEmpty(context.ClientId), SR.FormatID4000(Parameters.ClientId));
// If a code_challenge was provided, the request is always considered valid, // If a code_challenge was provided or if no authorization code is requested, the request is always
// whether the proof key for code exchange requirement is enforced or not. // considered valid, whether the proof key for code exchange requirement is enforced or not.
if (!string.IsNullOrEmpty(context.Request.CodeChallenge)) if (!string.IsNullOrEmpty(context.Request.CodeChallenge) || !context.Request.HasResponseType(ResponseTypes.Code))
{ {
return; return;
} }

57
test/OpenIddict.Server.IntegrationTests/OpenIddictServerIntegrationTests.Authentication.cs
View File

@ -1734,6 +1734,63 @@ namespace OpenIddict.Server.IntegrationTests
Requirements.Features.ProofKeyForCodeExchange, It.IsAny<CancellationToken>()), Times.Never()); Requirements.Features.ProofKeyForCodeExchange, It.IsAny<CancellationToken>()), Times.Never());
} }
[Fact]
public async Task ValidateAuthorizationRequest_RequestIsValidatedWhenCodeIsNotRequestedWithPkceFeatureEnforced()
{
// Arrange
var application = new OpenIddictApplication();
var manager = CreateApplicationManager(mock =>
{
mock.Setup(manager => manager.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()))
.ReturnsAsync(application);
mock.Setup(manager => manager.ValidateRedirectUriAsync(application, "http://www.fabrikam.com/path", It.IsAny<CancellationToken>()))
.ReturnsAsync(true);
mock.Setup(manager => manager.HasRequirementAsync(application,
Requirements.Features.ProofKeyForCodeExchange, It.IsAny<CancellationToken>()))
.ReturnsAsync(true);
});
await using var server = await CreateServerAsync(options =>
{
options.SetRevocationEndpointUris(Array.Empty<Uri>());
options.DisableAuthorizationStorage();
options.DisableTokenStorage();
options.DisableSlidingRefreshTokenExpiration();
options.Services.AddSingleton(manager);
options.AddEventHandler<HandleAuthorizationRequestContext>(builder =>
builder.UseInlineHandler(context =>
{
context.Principal = new ClaimsPrincipal(new ClaimsIdentity("Bearer"))
.SetClaim(Claims.Subject, "Bob le Magnifique");
return default;
}));
});
await using var client = await server.CreateClientAsync();
// Act
var response = await client.PostAsync("/connect/authorize", new OpenIddictRequest
{
ClientId = "Fabrikam",
RedirectUri = "http://www.fabrikam.com/path",
ResponseType = ResponseTypes.Token
});
// Assert
Assert.Null(response.Code);
Assert.NotNull(response.AccessToken);
Mock.Get(manager).Verify(manager => manager.FindByClientIdAsync("Fabrikam", It.IsAny<CancellationToken>()), Times.AtLeastOnce());
Mock.Get(manager).Verify(manager => manager.HasRequirementAsync(application,
Requirements.Features.ProofKeyForCodeExchange, It.IsAny<CancellationToken>()), Times.Never());
}
[Theory] [Theory]
[InlineData("custom_error", null, null)] [InlineData("custom_error", null, null)]
[InlineData("custom_error", "custom_description", null)] [InlineData("custom_error", "custom_description", null)]

Write Preview
Loading…
Cancel
Save