tsai
/
openiddict-core
mirror of https://github.com/openiddict/openiddict-core.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Fix the ProcessHostRedirectionResponse handler to be executed early enough

pull/1096/head
Kévin Chalet 6 years ago
parent
29f88f4b43
commit
79de4d2459
10 changed files with 268 additions and 141 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Authentication.cs
  2. 62
      src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Device.cs
  3. 59
      src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Session.cs
  4. 63
      src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.cs
  5. 8
      src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Authentication.cs
  6. 62
      src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Device.cs
  7. 66
      src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Session.cs
  8. 61
      src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.cs
  9. 10
      src/OpenIddict.Validation.AspNetCore/OpenIddictValidationAspNetCoreHandlers.cs
  10. 10
      src/OpenIddict.Validation.Owin/OpenIddictValidationOwinHandlers.cs

8
src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Authentication.cs
View File

@ -288,7 +288,7 @@ namespace OpenIddict.Server.AspNetCore
.AddFilter<RequireHttpRequest>()
.AddFilter<RequireAuthorizationEndpointCachingEnabled>()
.UseSingletonHandler<RemoveCachedRequest>()
.SetOrder(ProcessFormPostResponse.Descriptor.Order - 1_000)
.SetOrder(int.MinValue + 100_000)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
@ -333,7 +333,7 @@ namespace OpenIddict.Server.AspNetCore
= OpenIddictServerHandlerDescriptor.CreateBuilder<ApplyAuthorizationResponseContext>()
.AddFilter<RequireHttpRequest>()
.UseSingletonHandler<ProcessFormPostResponse>()
.SetOrder(ProcessQueryResponse.Descriptor.Order - 1_000)
.SetOrder(50_000)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
@ -423,7 +423,7 @@ namespace OpenIddict.Server.AspNetCore
= OpenIddictServerHandlerDescriptor.CreateBuilder<ApplyAuthorizationResponseContext>()
.AddFilter<RequireHttpRequest>()
.UseSingletonHandler<ProcessQueryResponse>()
.SetOrder(ProcessFragmentResponse.Descriptor.Order - 1_000)
.SetOrder(ProcessFormPostResponse.Descriptor.Order + 1_000)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
@ -487,7 +487,7 @@ namespace OpenIddict.Server.AspNetCore
= OpenIddictServerHandlerDescriptor.CreateBuilder<ApplyAuthorizationResponseContext>()
.AddFilter<RequireHttpRequest>()
.UseSingletonHandler<ProcessFragmentResponse>()
.SetOrder(ProcessLocalErrorResponse<ApplyAuthorizationResponseContext>.Descriptor.Order - 1_000)
.SetOrder(ProcessQueryResponse.Descriptor.Order + 1_000)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();

62
src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Device.cs
View File

@ -4,9 +4,16 @@
* the license and the contributors participating to this project.
*/
using System;
using System.Collections.Immutable;
using System.Threading.Tasks;
using Microsoft.AspNetCore;
using Microsoft.AspNetCore.Authentication;
using Microsoft.Extensions.Logging;
using static OpenIddict.Abstractions.OpenIddictConstants;
using static OpenIddict.Server.AspNetCore.OpenIddictServerAspNetCoreHandlerFilters;
using static OpenIddict.Server.OpenIddictServerEvents;
using SR = OpenIddict.Abstractions.OpenIddictResources;
namespace OpenIddict.Server.AspNetCore
{
@ -44,11 +51,64 @@ namespace OpenIddict.Server.AspNetCore
*/
AttachHttpResponseCode<ApplyVerificationResponseContext>.Descriptor,
AttachCacheControlHeader<ApplyVerificationResponseContext>.Descriptor,
ProcessHostRedirectionResponse.Descriptor,
ProcessPassthroughErrorResponse<ApplyVerificationResponseContext, RequireVerificationEndpointPassthroughEnabled>.Descriptor,
ProcessStatusCodePagesErrorResponse<ApplyVerificationResponseContext>.Descriptor,
ProcessLocalErrorResponse<ApplyVerificationResponseContext>.Descriptor,
ProcessHostRedirectionResponse<ApplyVerificationResponseContext>.Descriptor,
ProcessEmptyResponse<ApplyVerificationResponseContext>.Descriptor);
}
/// <summary>
/// Contains the logic responsible of processing verification responses that should trigger a host redirection.
/// Note: this handler is not used when the OpenID Connect request is not initially handled by ASP.NET Core.
/// </summary>
public class ProcessHostRedirectionResponse : IOpenIddictServerHandler<ApplyVerificationResponseContext>
{
/// <summary>
/// Gets the default descriptor definition assigned to this handler.
/// </summary>
public static OpenIddictServerHandlerDescriptor Descriptor { get; }
= OpenIddictServerHandlerDescriptor.CreateBuilder<ApplyVerificationResponseContext>()
.AddFilter<RequireHttpRequest>()
.UseSingletonHandler<ProcessHostRedirectionResponse>()
.SetOrder(ProcessPassthroughErrorResponse<ApplyVerificationResponseContext, RequireVerificationEndpointPassthroughEnabled>.Descriptor.Order - 1_000)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
/// <inheritdoc/>
public ValueTask HandleAsync(ApplyVerificationResponseContext context)
{
if (context is null)
{
throw new ArgumentNullException(nameof(context));
}
// This handler only applies to ASP.NET Core requests. If the HTTP context cannot be resolved,
// this may indicate that the request was incorrectly processed by another server stack.
var response = context.Transaction.GetHttpRequest()?.HttpContext.Response;
if (response is null)
{
throw new InvalidOperationException(SR.GetResourceString(SR.ID0114));
}
// Note: this handler only redirects the user agent to the address specified
// in the AuthenticationProperties if the error is an access_denied error.
if (!string.Equals(context.Response.Error, Errors.AccessDenied, StringComparison.Ordinal))
{
return default;
}
var properties = context.Transaction.GetProperty<AuthenticationProperties>(typeof(AuthenticationProperties).FullName!);
if (properties is not null && !string.IsNullOrEmpty(properties.RedirectUri))
{
response.Redirect(properties.RedirectUri);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6144));
context.HandleRequest();
}
return default;
}
}
}
}

59
src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.Session.cs
View File

@ -14,6 +14,7 @@ using System.Security.Cryptography;
using System.Text.Json;
using System.Threading.Tasks;
using Microsoft.AspNetCore;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.WebUtilities;
using Microsoft.Extensions.Caching.Distributed;
using Microsoft.Extensions.Logging;
@ -52,11 +53,11 @@ namespace OpenIddict.Server.AspNetCore
RemoveCachedRequest.Descriptor,
AttachHttpResponseCode<ApplyLogoutResponseContext>.Descriptor,
AttachCacheControlHeader<ApplyLogoutResponseContext>.Descriptor,
ProcessRedirectionResponse.Descriptor,
ProcessPassthroughErrorResponse<ApplyLogoutResponseContext, RequireLogoutEndpointPassthroughEnabled>.Descriptor,
ProcessStatusCodePagesErrorResponse<ApplyLogoutResponseContext>.Descriptor,
ProcessLocalErrorResponse<ApplyLogoutResponseContext>.Descriptor,
ProcessHostRedirectionResponse<ApplyLogoutResponseContext>.Descriptor,
ProcessQueryResponse.Descriptor,
ProcessHostRedirectionResponse.Descriptor,
ProcessEmptyResponse<ApplyLogoutResponseContext>.Descriptor);
/// <summary>
@ -285,7 +286,7 @@ namespace OpenIddict.Server.AspNetCore
.AddFilter<RequireHttpRequest>()
.AddFilter<RequireLogoutEndpointCachingEnabled>()
.UseSingletonHandler<RemoveCachedRequest>()
.SetOrder(ProcessRedirectionResponse.Descriptor.Order - 1_000)
.SetOrder(int.MinValue + 100_000)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
@ -316,7 +317,7 @@ namespace OpenIddict.Server.AspNetCore
/// Contains the logic responsible of processing logout responses.
/// Note: this handler is not used when the OpenID Connect request is not initially handled by ASP.NET Core.
/// </summary>
public class ProcessRedirectionResponse : IOpenIddictServerHandler<ApplyLogoutResponseContext>
public class ProcessQueryResponse : IOpenIddictServerHandler<ApplyLogoutResponseContext>
{
/// <summary>
/// Gets the default descriptor definition assigned to this handler.
@ -324,8 +325,8 @@ namespace OpenIddict.Server.AspNetCore
public static OpenIddictServerHandlerDescriptor Descriptor { get; }
= OpenIddictServerHandlerDescriptor.CreateBuilder<ApplyLogoutResponseContext>()
.AddFilter<RequireHttpRequest>()
.UseSingletonHandler<ProcessRedirectionResponse>()
.SetOrder(ProcessStatusCodePagesErrorResponse<ApplyLogoutResponseContext>.Descriptor.Order - 1_000)
.UseSingletonHandler<ProcessQueryResponse>()
.SetOrder(ProcessLocalErrorResponse<ApplyLogoutResponseContext>.Descriptor.Order + 250)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
@ -374,6 +375,52 @@ namespace OpenIddict.Server.AspNetCore
return default;
}
}
/// <summary>
/// Contains the logic responsible of processing logout responses that should trigger a host redirection.
/// Note: this handler is not used when the OpenID Connect request is not initially handled by ASP.NET Core.
/// </summary>
public class ProcessHostRedirectionResponse : IOpenIddictServerHandler<ApplyLogoutResponseContext>
{
/// <summary>
/// Gets the default descriptor definition assigned to this handler.
/// </summary>
public static OpenIddictServerHandlerDescriptor Descriptor { get; }
= OpenIddictServerHandlerDescriptor.CreateBuilder<ApplyLogoutResponseContext>()
.AddFilter<RequireHttpRequest>()
.UseSingletonHandler<ProcessHostRedirectionResponse>()
.SetOrder(ProcessQueryResponse.Descriptor.Order + 250)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
/// <inheritdoc/>
public ValueTask HandleAsync(ApplyLogoutResponseContext context)
{
if (context is null)
{
throw new ArgumentNullException(nameof(context));
}
// This handler only applies to ASP.NET Core requests. If the HTTP context cannot be resolved,
// this may indicate that the request was incorrectly processed by another server stack.
var response = context.Transaction.GetHttpRequest()?.HttpContext.Response;
if (response is null)
{
throw new InvalidOperationException(SR.GetResourceString(SR.ID0114));
}
var properties = context.Transaction.GetProperty<AuthenticationProperties>(typeof(AuthenticationProperties).FullName!);
if (properties is not null && !string.IsNullOrEmpty(properties.RedirectUri))
{
response.Redirect(properties.RedirectUri);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6144));
context.HandleRequest();
}
return default;
}
}
}
}
}

63
src/OpenIddict.Server.AspNetCore/OpenIddictServerAspNetCoreHandlers.cs
View File

@ -783,7 +783,7 @@ namespace OpenIddict.Server.AspNetCore
= OpenIddictServerHandlerDescriptor.CreateBuilder<TContext>()
.AddFilter<RequireHttpRequest>()
.UseSingletonHandler<AttachHttpResponseCode<TContext>>()
.SetOrder(AttachCacheControlHeader<TContext>.Descriptor.Order - 1_000)
.SetOrder(100_000)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
@ -843,7 +843,7 @@ namespace OpenIddict.Server.AspNetCore
= OpenIddictServerHandlerDescriptor.CreateBuilder<TContext>()
.AddFilter<RequireHttpRequest>()
.UseSingletonHandler<AttachCacheControlHeader<TContext>>()
.SetOrder(AttachWwwAuthenticateHeader<TContext>.Descriptor.Order - 1_000)
.SetOrder(AttachHttpResponseCode<TContext>.Descriptor.Order + 1_000)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
@ -890,7 +890,7 @@ namespace OpenIddict.Server.AspNetCore
= OpenIddictServerHandlerDescriptor.CreateBuilder<TContext>()
.AddFilter<RequireHttpRequest>()
.UseSingletonHandler<AttachWwwAuthenticateHeader<TContext>>()
.SetOrder(ProcessChallengeErrorResponse<TContext>.Descriptor.Order - 1_000)
.SetOrder(AttachCacheControlHeader<TContext>.Descriptor.Order + 1_000)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
@ -1004,7 +1004,7 @@ namespace OpenIddict.Server.AspNetCore
= OpenIddictServerHandlerDescriptor.CreateBuilder<TContext>()
.AddFilter<RequireHttpRequest>()
.UseSingletonHandler<ProcessChallengeErrorResponse<TContext>>()
.SetOrder(ProcessJsonResponse<TContext>.Descriptor.Order - 1_000)
.SetOrder(AttachWwwAuthenticateHeader<TContext>.Descriptor.Order + 1_000)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
@ -1050,7 +1050,7 @@ namespace OpenIddict.Server.AspNetCore
= OpenIddictServerHandlerDescriptor.CreateBuilder<TContext>()
.AddFilter<RequireHttpRequest>()
.UseSingletonHandler<ProcessJsonResponse<TContext>>()
.SetOrder(ProcessPassthroughErrorResponse<TContext, IOpenIddictServerHandlerFilter<TContext>>.Descriptor.Order - 1_000)
.SetOrder(ProcessChallengeErrorResponse<TContext>.Descriptor.Order + 1_000)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
@ -1112,7 +1112,7 @@ namespace OpenIddict.Server.AspNetCore
.AddFilter<RequireErrorPassthroughEnabled>()
.AddFilter<TFilter>()
.UseSingletonHandler<ProcessPassthroughErrorResponse<TContext, TFilter>>()
.SetOrder(ProcessStatusCodePagesErrorResponse<TContext>.Descriptor.Order - 1_000)
.SetOrder(ProcessJsonResponse<TContext>.Descriptor.Order + 1_000)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
@ -1160,7 +1160,7 @@ namespace OpenIddict.Server.AspNetCore
.AddFilter<RequireHttpRequest>()
.AddFilter<RequireStatusCodePagesIntegrationEnabled>()
.UseSingletonHandler<ProcessStatusCodePagesErrorResponse<TContext>>()
.SetOrder(ProcessLocalErrorResponse<TContext>.Descriptor.Order - 1_000)
.SetOrder(ProcessPassthroughErrorResponse<TContext, IOpenIddictServerHandlerFilter<TContext>>.Descriptor.Order + 1_000)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
@ -1219,7 +1219,7 @@ namespace OpenIddict.Server.AspNetCore
= OpenIddictServerHandlerDescriptor.CreateBuilder<TContext>()
.AddFilter<RequireHttpRequest>()
.UseSingletonHandler<ProcessLocalErrorResponse<TContext>>()
.SetOrder(ProcessEmptyResponse<TContext>.Descriptor.Order - 1_000)
.SetOrder(ProcessStatusCodePagesErrorResponse<TContext>.Descriptor.Order + 1_000)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
@ -1282,53 +1282,6 @@ namespace OpenIddict.Server.AspNetCore
}
}
/// <summary>
/// Contains the logic responsible of processing empty OpenID Connect responses that should trigger a host redirection.
/// Note: this handler is not used when the OpenID Connect request is not initially handled by ASP.NET Core.
/// </summary>
public class ProcessHostRedirectionResponse<TContext> : IOpenIddictServerHandler<TContext>
where TContext : BaseRequestContext
{
/// <summary>
/// Gets the default descriptor definition assigned to this handler.
/// </summary>
public static OpenIddictServerHandlerDescriptor Descriptor { get; }
= OpenIddictServerHandlerDescriptor.CreateBuilder<TContext>()
.AddFilter<RequireHttpRequest>()
.UseSingletonHandler<ProcessHostRedirectionResponse<TContext>>()
.SetOrder(ProcessEmptyResponse<TContext>.Descriptor.Order - 1_000)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
/// <inheritdoc/>
public ValueTask HandleAsync(TContext context)
{
if (context is null)
{
throw new ArgumentNullException(nameof(context));
}
// This handler only applies to ASP.NET Core requests. If the HTTP context cannot be resolved,
// this may indicate that the request was incorrectly processed by another server stack.
var response = context.Transaction.GetHttpRequest()?.HttpContext.Response;
if (response is null)
{
throw new InvalidOperationException(SR.GetResourceString(SR.ID0114));
}
var properties = context.Transaction.GetProperty<AuthenticationProperties>(typeof(AuthenticationProperties).FullName!);
if (properties is not null && !string.IsNullOrEmpty(properties.RedirectUri))
{
response.Redirect(properties.RedirectUri);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6144));
context.HandleRequest();
}
return default;
}
}
/// <summary>
/// Contains the logic responsible of processing OpenID Connect responses that don't specify any parameter.
/// Note: this handler is not used when the OpenID Connect request is not initially handled by ASP.NET Core.

8
src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Authentication.cs
View File

@ -282,7 +282,7 @@ namespace OpenIddict.Server.Owin
.AddFilter<RequireOwinRequest>()
.AddFilter<RequireAuthorizationEndpointCachingEnabled>()
.UseSingletonHandler<RemoveCachedRequest>()
.SetOrder(ProcessFormPostResponse.Descriptor.Order - 1_000)
.SetOrder(int.MinValue + 100_000)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
@ -327,7 +327,7 @@ namespace OpenIddict.Server.Owin
= OpenIddictServerHandlerDescriptor.CreateBuilder<ApplyAuthorizationResponseContext>()
.AddFilter<RequireOwinRequest>()
.UseSingletonHandler<ProcessFormPostResponse>()
.SetOrder(ProcessQueryResponse.Descriptor.Order - 1_000)
.SetOrder(50_000)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
@ -418,7 +418,7 @@ namespace OpenIddict.Server.Owin
= OpenIddictServerHandlerDescriptor.CreateBuilder<ApplyAuthorizationResponseContext>()
.AddFilter<RequireOwinRequest>()
.UseSingletonHandler<ProcessQueryResponse>()
.SetOrder(ProcessFragmentResponse.Descriptor.Order - 1_000)
.SetOrder(ProcessFormPostResponse.Descriptor.Order + 1_000)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
@ -482,7 +482,7 @@ namespace OpenIddict.Server.Owin
= OpenIddictServerHandlerDescriptor.CreateBuilder<ApplyAuthorizationResponseContext>()
.AddFilter<RequireOwinRequest>()
.UseSingletonHandler<ProcessFragmentResponse>()
.SetOrder(ProcessLocalErrorResponse<ApplyAuthorizationResponseContext>.Descriptor.Order - 1_000)
.SetOrder(ProcessQueryResponse.Descriptor.Order + 1_000)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();

62
src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Device.cs
View File

@ -4,9 +4,16 @@
* the license and the contributors participating to this project.
*/
using System;
using System.Collections.Immutable;
using System.Threading.Tasks;
using Microsoft.Extensions.Logging;
using Microsoft.Owin.Security;
using Owin;
using static OpenIddict.Abstractions.OpenIddictConstants;
using static OpenIddict.Server.OpenIddictServerEvents;
using static OpenIddict.Server.Owin.OpenIddictServerOwinHandlerFilters;
using SR = OpenIddict.Abstractions.OpenIddictResources;
namespace OpenIddict.Server.Owin
{
@ -44,10 +51,63 @@ namespace OpenIddict.Server.Owin
*/
AttachHttpResponseCode<ApplyVerificationResponseContext>.Descriptor,
AttachCacheControlHeader<ApplyVerificationResponseContext>.Descriptor,
ProcessHostRedirectionResponse.Descriptor,
ProcessPassthroughErrorResponse<ApplyVerificationResponseContext, RequireVerificationEndpointPassthroughEnabled>.Descriptor,
ProcessLocalErrorResponse<ApplyVerificationResponseContext>.Descriptor,
ProcessHostRedirectionResponse<ApplyVerificationResponseContext>.Descriptor,
ProcessEmptyResponse<ApplyVerificationResponseContext>.Descriptor);
}
/// <summary>
/// Contains the logic responsible of processing verification responses that should trigger a host redirection.
/// Note: this handler is not used when the OpenID Connect request is not initially handled by OWIN.
/// </summary>
public class ProcessHostRedirectionResponse : IOpenIddictServerHandler<ApplyVerificationResponseContext>
{
/// <summary>
/// Gets the default descriptor definition assigned to this handler.
/// </summary>
public static OpenIddictServerHandlerDescriptor Descriptor { get; }
= OpenIddictServerHandlerDescriptor.CreateBuilder<ApplyVerificationResponseContext>()
.AddFilter<RequireOwinRequest>()
.UseSingletonHandler<ProcessHostRedirectionResponse>()
.SetOrder(ProcessPassthroughErrorResponse<ApplyVerificationResponseContext, RequireVerificationEndpointPassthroughEnabled>.Descriptor.Order - 1_000)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
/// <inheritdoc/>
public ValueTask HandleAsync(ApplyVerificationResponseContext context)
{
if (context is null)
{
throw new ArgumentNullException(nameof(context));
}
// This handler only applies to OWIN requests. If The OWIN request cannot be resolved,
// this may indicate that the request was incorrectly processed by another server stack.
var response = context.Transaction.GetOwinRequest()?.Context.Response;
if (response is null)
{
throw new InvalidOperationException(SR.GetResourceString(SR.ID0120));
}
// Note: this handler only redirects the user agent to the address specified
// in the AuthenticationProperties if the error is an access_denied error.
if (!string.Equals(context.Response.Error, Errors.AccessDenied, StringComparison.Ordinal))
{
return default;
}
var properties = context.Transaction.GetProperty<AuthenticationProperties>(typeof(AuthenticationProperties).FullName!);
if (properties is not null && !string.IsNullOrEmpty(properties.RedirectUri))
{
response.Redirect(properties.RedirectUri);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6144));
context.HandleRequest();
}
return default;
}
}
}
}

66
src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.Session.cs
View File

@ -19,6 +19,7 @@ using Microsoft.Extensions.Options;
using Microsoft.IdentityModel.JsonWebTokens;
using Microsoft.IdentityModel.Tokens;
using Microsoft.Owin.Infrastructure;
using Microsoft.Owin.Security;
using Owin;
using static OpenIddict.Abstractions.OpenIddictConstants;
using static OpenIddict.Server.OpenIddictServerEvents;
@ -52,10 +53,10 @@ namespace OpenIddict.Server.Owin
RemoveCachedRequest.Descriptor,
AttachHttpResponseCode<ApplyLogoutResponseContext>.Descriptor,
AttachCacheControlHeader<ApplyLogoutResponseContext>.Descriptor,
ProcessRedirectionResponse.Descriptor,
ProcessPassthroughErrorResponse<ApplyLogoutResponseContext, RequireLogoutEndpointPassthroughEnabled>.Descriptor,
ProcessLocalErrorResponse<ApplyLogoutResponseContext>.Descriptor,
ProcessHostRedirectionResponse<ApplyLogoutResponseContext>.Descriptor,
ProcessQueryResponse.Descriptor,
ProcessHostRedirectionResponse.Descriptor,
ProcessEmptyResponse<ApplyLogoutResponseContext>.Descriptor);
/// <summary>
@ -279,7 +280,7 @@ namespace OpenIddict.Server.Owin
.AddFilter<RequireOwinRequest>()
.AddFilter<RequireLogoutEndpointCachingEnabled>()
.UseSingletonHandler<RemoveCachedRequest>()
.SetOrder(ProcessRedirectionResponse.Descriptor.Order - 1_000)
.SetOrder(int.MinValue + 100_000)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
@ -310,7 +311,7 @@ namespace OpenIddict.Server.Owin
/// Contains the logic responsible of processing logout responses.
/// Note: this handler is not used when the OpenID Connect request is not initially handled by OWIN.
/// </summary>
public class ProcessRedirectionResponse : IOpenIddictServerHandler<ApplyLogoutResponseContext>
public class ProcessQueryResponse : IOpenIddictServerHandler<ApplyLogoutResponseContext>
{
/// <summary>
/// Gets the default descriptor definition assigned to this handler.
@ -318,8 +319,8 @@ namespace OpenIddict.Server.Owin
public static OpenIddictServerHandlerDescriptor Descriptor { get; }
= OpenIddictServerHandlerDescriptor.CreateBuilder<ApplyLogoutResponseContext>()
.AddFilter<RequireOwinRequest>()
.UseSingletonHandler<ProcessRedirectionResponse>()
.SetOrder(ProcessPassthroughErrorResponse<ApplyLogoutResponseContext, IOpenIddictServerHandlerFilter<ApplyLogoutResponseContext>>.Descriptor.Order - 1_000)
.UseSingletonHandler<ProcessQueryResponse>()
.SetOrder(ProcessLocalErrorResponse<ApplyLogoutResponseContext>.Descriptor.Order + 250)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
@ -368,6 +369,59 @@ namespace OpenIddict.Server.Owin
return default;
}
}
/// <summary>
/// Contains the logic responsible of processing verification responses that should trigger a host redirection.
/// Note: this handler is not used when the OpenID Connect request is not initially handled by OWIN.
/// </summary>
public class ProcessHostRedirectionResponse : IOpenIddictServerHandler<ApplyVerificationResponseContext>
{
/// <summary>
/// Gets the default descriptor definition assigned to this handler.
/// </summary>
public static OpenIddictServerHandlerDescriptor Descriptor { get; }
= OpenIddictServerHandlerDescriptor.CreateBuilder<ApplyVerificationResponseContext>()
.AddFilter<RequireOwinRequest>()
.UseSingletonHandler<ProcessHostRedirectionResponse>()
.SetOrder(ProcessQueryResponse.Descriptor.Order + 250)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
/// <inheritdoc/>
public ValueTask HandleAsync(ApplyVerificationResponseContext context)
{
if (context is null)
{
throw new ArgumentNullException(nameof(context));
}
// This handler only applies to OWIN requests. If The OWIN request cannot be resolved,
// this may indicate that the request was incorrectly processed by another server stack.
var response = context.Transaction.GetOwinRequest()?.Context.Response;
if (response is null)
{
throw new InvalidOperationException(SR.GetResourceString(SR.ID0120));
}
// Note: this handler only redirects the user agent to the address specified
// in the AuthenticationProperties if the error is an access_denied error.
if (!string.Equals(context.Response.Error, Errors.AccessDenied, StringComparison.Ordinal))
{
return default;
}
var properties = context.Transaction.GetProperty<AuthenticationProperties>(typeof(AuthenticationProperties).FullName!);
if (properties is not null && !string.IsNullOrEmpty(properties.RedirectUri))
{
response.Redirect(properties.RedirectUri);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6144));
context.HandleRequest();
}
return default;
}
}
}
}
}

61
src/OpenIddict.Server.Owin/OpenIddictServerOwinHandlers.cs
View File

@ -720,7 +720,7 @@ namespace OpenIddict.Server.Owin
= OpenIddictServerHandlerDescriptor.CreateBuilder<TContext>()
.AddFilter<RequireOwinRequest>()
.UseSingletonHandler<AttachHttpResponseCode<TContext>>()
.SetOrder(AttachCacheControlHeader<TContext>.Descriptor.Order - 1_000)
.SetOrder(100_000)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
@ -780,7 +780,7 @@ namespace OpenIddict.Server.Owin
= OpenIddictServerHandlerDescriptor.CreateBuilder<TContext>()
.AddFilter<RequireOwinRequest>()
.UseSingletonHandler<AttachCacheControlHeader<TContext>>()
.SetOrder(AttachWwwAuthenticateHeader<TContext>.Descriptor.Order - 1_000)
.SetOrder(AttachHttpResponseCode<TContext>.Descriptor.Order + 1_000)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
@ -827,7 +827,7 @@ namespace OpenIddict.Server.Owin
= OpenIddictServerHandlerDescriptor.CreateBuilder<TContext>()
.AddFilter<RequireOwinRequest>()
.UseSingletonHandler<AttachWwwAuthenticateHeader<TContext>>()
.SetOrder(ProcessChallengeErrorResponse<TContext>.Descriptor.Order - 1_000)
.SetOrder(AttachCacheControlHeader<TContext>.Descriptor.Order + 1_000)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
@ -941,7 +941,7 @@ namespace OpenIddict.Server.Owin
= OpenIddictServerHandlerDescriptor.CreateBuilder<TContext>()
.AddFilter<RequireOwinRequest>()
.UseSingletonHandler<ProcessChallengeErrorResponse<TContext>>()
.SetOrder(ProcessJsonResponse<TContext>.Descriptor.Order - 1_000)
.SetOrder(AttachWwwAuthenticateHeader<TContext>.Descriptor.Order + 1_000)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
@ -987,7 +987,7 @@ namespace OpenIddict.Server.Owin
= OpenIddictServerHandlerDescriptor.CreateBuilder<TContext>()
.AddFilter<RequireOwinRequest>()
.UseSingletonHandler<ProcessJsonResponse<TContext>>()
.SetOrder(ProcessPassthroughErrorResponse<TContext, IOpenIddictServerHandlerFilter<TContext>>.Descriptor.Order - 1_000)
.SetOrder(ProcessChallengeErrorResponse<TContext>.Descriptor.Order + 1_000)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
@ -1049,7 +1049,7 @@ namespace OpenIddict.Server.Owin
.AddFilter<RequireErrorPassthroughEnabled>()
.AddFilter<TFilter>()
.UseSingletonHandler<ProcessPassthroughErrorResponse<TContext, TFilter>>()
.SetOrder(ProcessLocalErrorResponse<TContext>.Descriptor.Order - 1_000)
.SetOrder(ProcessJsonResponse<TContext>.Descriptor.Order + 1_000)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
@ -1099,7 +1099,7 @@ namespace OpenIddict.Server.Owin
= OpenIddictServerHandlerDescriptor.CreateBuilder<TContext>()
.AddFilter<RequireOwinRequest>()
.UseSingletonHandler<ProcessLocalErrorResponse<TContext>>()
.SetOrder(ProcessEmptyResponse<TContext>.Descriptor.Order - 1_000)
.SetOrder(ProcessPassthroughErrorResponse<TContext, IOpenIddictServerHandlerFilter<TContext>>.Descriptor.Order + 1_000)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
@ -1162,53 +1162,6 @@ namespace OpenIddict.Server.Owin
}
}
/// <summary>
/// Contains the logic responsible of processing empty OpenID Connect responses that should trigger a host redirection.
/// Note: this handler is not used when the OpenID Connect request is not initially handled by OWIN.
/// </summary>
public class ProcessHostRedirectionResponse<TContext> : IOpenIddictServerHandler<TContext>
where TContext : BaseRequestContext
{
/// <summary>
/// Gets the default descriptor definition assigned to this handler.
/// </summary>
public static OpenIddictServerHandlerDescriptor Descriptor { get; }
= OpenIddictServerHandlerDescriptor.CreateBuilder<TContext>()
.AddFilter<RequireOwinRequest>()
.UseSingletonHandler<ProcessHostRedirectionResponse<TContext>>()
.SetOrder(ProcessEmptyResponse<TContext>.Descriptor.Order - 1_000)
.SetType(OpenIddictServerHandlerType.BuiltIn)
.Build();
/// <inheritdoc/>
public ValueTask HandleAsync(TContext context)
{
if (context is null)
{
throw new ArgumentNullException(nameof(context));
}
// This handler only applies to OWIN requests. If The OWIN request cannot be resolved,
// this may indicate that the request was incorrectly processed by another server stack.
var response = context.Transaction.GetOwinRequest()?.Context.Response;
if (response is null)
{
throw new InvalidOperationException(SR.GetResourceString(SR.ID0120));
}
var properties = context.Transaction.GetProperty<AuthenticationProperties>(typeof(AuthenticationProperties).FullName!);
if (properties is not null && !string.IsNullOrEmpty(properties.RedirectUri))
{
response.Redirect(properties.RedirectUri);
context.Logger.LogInformation(SR.GetResourceString(SR.ID6144));
context.HandleRequest();
}
return default;
}
}
/// <summary>
/// Contains the logic responsible of processing OpenID Connect responses that don't specify any parameter.
/// Note: this handler is not used when the OpenID Connect request is not initially handled by OWIN.

10
src/OpenIddict.Validation.AspNetCore/OpenIddictValidationAspNetCoreHandlers.cs
View File

@ -346,7 +346,7 @@ namespace OpenIddict.Validation.AspNetCore
= OpenIddictValidationHandlerDescriptor.CreateBuilder<TContext>()
.AddFilter<RequireHttpRequest>()
.UseSingletonHandler<AttachHttpResponseCode<TContext>>()
.SetOrder(AttachCacheControlHeader<TContext>.Descriptor.Order - 1_000)
.SetOrder(100_000)
.SetType(OpenIddictValidationHandlerType.BuiltIn)
.Build();
@ -398,7 +398,7 @@ namespace OpenIddict.Validation.AspNetCore
= OpenIddictValidationHandlerDescriptor.CreateBuilder<TContext>()
.AddFilter<RequireHttpRequest>()
.UseSingletonHandler<AttachCacheControlHeader<TContext>>()
.SetOrder(AttachWwwAuthenticateHeader<TContext>.Descriptor.Order - 1_000)
.SetOrder(AttachHttpResponseCode<TContext>.Descriptor.Order + 1_000)
.SetType(OpenIddictValidationHandlerType.BuiltIn)
.Build();
@ -445,7 +445,7 @@ namespace OpenIddict.Validation.AspNetCore
= OpenIddictValidationHandlerDescriptor.CreateBuilder<TContext>()
.AddFilter<RequireHttpRequest>()
.UseSingletonHandler<AttachWwwAuthenticateHeader<TContext>>()
.SetOrder(ProcessChallengeErrorResponse<TContext>.Descriptor.Order - 1_000)
.SetOrder(AttachCacheControlHeader<TContext>.Descriptor.Order + 1_000)
.SetType(OpenIddictValidationHandlerType.BuiltIn)
.Build();
@ -550,7 +550,7 @@ namespace OpenIddict.Validation.AspNetCore
= OpenIddictValidationHandlerDescriptor.CreateBuilder<TContext>()
.AddFilter<RequireHttpRequest>()
.UseSingletonHandler<ProcessChallengeErrorResponse<TContext>>()
.SetOrder(ProcessJsonResponse<TContext>.Descriptor.Order - 1_000)
.SetOrder(AttachWwwAuthenticateHeader<TContext>.Descriptor.Order + 1_000)
.SetType(OpenIddictValidationHandlerType.BuiltIn)
.Build();
@ -596,7 +596,7 @@ namespace OpenIddict.Validation.AspNetCore
= OpenIddictValidationHandlerDescriptor.CreateBuilder<TContext>()
.AddFilter<RequireHttpRequest>()
.UseSingletonHandler<ProcessJsonResponse<TContext>>()
.SetOrder(int.MaxValue - 100_000)
.SetOrder(ProcessChallengeErrorResponse<TContext>.Descriptor.Order + 1_000)
.SetType(OpenIddictValidationHandlerType.BuiltIn)
.Build();

10
src/OpenIddict.Validation.Owin/OpenIddictValidationOwinHandlers.cs
View File

@ -348,7 +348,7 @@ namespace OpenIddict.Validation.Owin
= OpenIddictValidationHandlerDescriptor.CreateBuilder<TContext>()
.AddFilter<RequireOwinRequest>()
.UseSingletonHandler<AttachHttpResponseCode<TContext>>()
.SetOrder(AttachCacheControlHeader<TContext>.Descriptor.Order - 1_000)
.SetOrder(100_000)
.SetType(OpenIddictValidationHandlerType.BuiltIn)
.Build();
@ -400,7 +400,7 @@ namespace OpenIddict.Validation.Owin
= OpenIddictValidationHandlerDescriptor.CreateBuilder<TContext>()
.AddFilter<RequireOwinRequest>()
.UseSingletonHandler<AttachCacheControlHeader<TContext>>()
.SetOrder(AttachWwwAuthenticateHeader<TContext>.Descriptor.Order - 1_000)
.SetOrder(AttachHttpResponseCode<TContext>.Descriptor.Order + 1_000)
.SetType(OpenIddictValidationHandlerType.BuiltIn)
.Build();
@ -447,7 +447,7 @@ namespace OpenIddict.Validation.Owin
= OpenIddictValidationHandlerDescriptor.CreateBuilder<TContext>()
.AddFilter<RequireOwinRequest>()
.UseSingletonHandler<AttachWwwAuthenticateHeader<TContext>>()
.SetOrder(ProcessChallengeErrorResponse<TContext>.Descriptor.Order - 1_000)
.SetOrder(AttachCacheControlHeader<TContext>.Descriptor.Order + 1_000)
.SetType(OpenIddictValidationHandlerType.BuiltIn)
.Build();
@ -557,7 +557,7 @@ namespace OpenIddict.Validation.Owin
= OpenIddictValidationHandlerDescriptor.CreateBuilder<TContext>()
.AddFilter<RequireOwinRequest>()
.UseSingletonHandler<ProcessChallengeErrorResponse<TContext>>()
.SetOrder(ProcessJsonResponse<TContext>.Descriptor.Order - 1_000)
.SetOrder(AttachWwwAuthenticateHeader<TContext>.Descriptor.Order + 1_000)
.SetType(OpenIddictValidationHandlerType.BuiltIn)
.Build();
@ -603,7 +603,7 @@ namespace OpenIddict.Validation.Owin
= OpenIddictValidationHandlerDescriptor.CreateBuilder<TContext>()
.AddFilter<RequireOwinRequest>()
.UseSingletonHandler<ProcessJsonResponse<TContext>>()
.SetOrder(int.MaxValue - 100_000)
.SetOrder(ProcessChallengeErrorResponse<TContext>.Descriptor.Order + 1_000)
.SetType(OpenIddictValidationHandlerType.BuiltIn)
.Build();

Write Preview
Loading…
Cancel
Save