From b6766e480ef82c7e150c6deef794ecb2682c3419 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Chalet?= Date: Wed, 25 Nov 2020 16:28:58 +0100 Subject: [PATCH] Remove the parameter-less HasAudience()/HasPresenter()/HasResource()/HasScope() extensions --- .../Primitives/OpenIddictExtensions.cs | 32 --------- .../OpenIddictServerHandlers.Introspection.cs | 6 +- .../OpenIddictServerHandlers.Revocation.cs | 6 +- .../OpenIddictServerHandlers.cs | 13 ++-- .../OpenIddictValidationHandlers.cs | 6 +- .../Primitives/OpenIddictExtensionsTests.cs | 70 ++----------------- 6 files changed, 21 insertions(+), 112 deletions(-) diff --git a/src/OpenIddict.Abstractions/Primitives/OpenIddictExtensions.cs b/src/OpenIddict.Abstractions/Primitives/OpenIddictExtensions.cs index 40136ed0..65a239de 100644 --- a/src/OpenIddict.Abstractions/Primitives/OpenIddictExtensions.cs +++ b/src/OpenIddict.Abstractions/Primitives/OpenIddictExtensions.cs @@ -1300,14 +1300,6 @@ namespace OpenIddict.Abstractions public static string? GetTokenType(this ClaimsPrincipal principal) => principal.GetClaim(Claims.Private.TokenType); - /// - /// Determines whether the claims principal contains at least one audience. - /// - /// The claims principal. - /// true if the principal contains at least one audience. - public static bool HasAudience(this ClaimsPrincipal principal) - => principal.HasClaim(Claims.Private.Audience); - /// /// Determines whether the claims principal contains the given audience. /// @@ -1329,14 +1321,6 @@ namespace OpenIddict.Abstractions return principal.HasClaim(Claims.Private.Audience, audience); } - /// - /// Determines whether the claims principal contains at least one presenter. - /// - /// The claims principal. - /// true if the principal contains at least one presenter. - public static bool HasPresenter(this ClaimsPrincipal principal) - => principal.HasClaim(Claims.Private.Presenter); - /// /// Determines whether the claims principal contains the given presenter. /// @@ -1358,14 +1342,6 @@ namespace OpenIddict.Abstractions return principal.HasClaim(Claims.Private.Presenter, presenter); } - /// - /// Determines whether the claims principal contains at least one resource. - /// - /// The claims principal. - /// true if the principal contains at least one resource. - public static bool HasResource(this ClaimsPrincipal principal) - => principal.HasClaim(Claims.Private.Resource); - /// /// Determines whether the claims principal contains the given resource. /// @@ -1387,14 +1363,6 @@ namespace OpenIddict.Abstractions return principal.HasClaim(Claims.Private.Resource, resource); } - /// - /// Determines whether the claims principal contains at least one scope. - /// - /// The claims principal. - /// true if the principal contains at least one scope. - public static bool HasScope(this ClaimsPrincipal principal) - => principal.HasClaim(Claims.Private.Scope); - /// /// Determines whether the claims principal contains the given scope. /// diff --git a/src/OpenIddict.Server/OpenIddictServerHandlers.Introspection.cs b/src/OpenIddict.Server/OpenIddictServerHandlers.Introspection.cs index ea19f4e5..6d537a97 100644 --- a/src/OpenIddict.Server/OpenIddictServerHandlers.Introspection.cs +++ b/src/OpenIddict.Server/OpenIddictServerHandlers.Introspection.cs @@ -796,8 +796,8 @@ namespace OpenIddict.Server // If the access token doesn't contain any explicit presenter/audience, the token is assumed // to be not specific to any resource server/client application and the check is bypassed. if (context.Principal.HasTokenType(TokenTypeHints.AccessToken) && - context.Principal.HasAudience() && !context.Principal.HasAudience(context.ClientId) && - context.Principal.HasPresenter() && !context.Principal.HasPresenter(context.ClientId)) + context.Principal.HasClaim(Claims.Private.Audience) && !context.Principal.HasAudience(context.ClientId) && + context.Principal.HasClaim(Claims.Private.Presenter) && !context.Principal.HasPresenter(context.ClientId)) { context.Logger.LogError(SR.GetResourceString(SR.ID6106)); @@ -813,7 +813,7 @@ namespace OpenIddict.Server // If the refresh token doesn't contain any explicit presenter, the token is // assumed to be not specific to any client application and the check is bypassed. if (context.Principal.HasTokenType(TokenTypeHints.RefreshToken) && - context.Principal.HasPresenter() && !context.Principal.HasPresenter(context.ClientId)) + context.Principal.HasClaim(Claims.Private.Presenter) && !context.Principal.HasPresenter(context.ClientId)) { context.Logger.LogError(SR.GetResourceString(SR.ID6108)); diff --git a/src/OpenIddict.Server/OpenIddictServerHandlers.Revocation.cs b/src/OpenIddict.Server/OpenIddictServerHandlers.Revocation.cs index 0b8614fa..4f7ee927 100644 --- a/src/OpenIddict.Server/OpenIddictServerHandlers.Revocation.cs +++ b/src/OpenIddict.Server/OpenIddictServerHandlers.Revocation.cs @@ -739,8 +739,8 @@ namespace OpenIddict.Server // If the access token doesn't contain any explicit presenter/audience, the token is assumed // to be not specific to any resource server/client application and the check is bypassed. if (context.Principal.HasTokenType(TokenTypeHints.AccessToken) && - context.Principal.HasAudience() && !context.Principal.HasAudience(context.ClientId) && - context.Principal.HasPresenter() && !context.Principal.HasPresenter(context.ClientId)) + context.Principal.HasClaim(Claims.Private.Audience) && !context.Principal.HasAudience(context.ClientId) && + context.Principal.HasClaim(Claims.Private.Presenter) && !context.Principal.HasPresenter(context.ClientId)) { context.Logger.LogError(SR.GetResourceString(SR.ID6119)); @@ -756,7 +756,7 @@ namespace OpenIddict.Server // If the refresh token doesn't contain any explicit presenter, the token is // assumed to be not specific to any client application and the check is bypassed. if (context.Principal.HasTokenType(TokenTypeHints.RefreshToken) && - context.Principal.HasPresenter() && !context.Principal.HasPresenter(context.ClientId)) + context.Principal.HasClaim(Claims.Private.Presenter) && !context.Principal.HasPresenter(context.ClientId)) { context.Logger.LogError(SR.GetResourceString(SR.ID6121)); diff --git a/src/OpenIddict.Server/OpenIddictServerHandlers.cs b/src/OpenIddict.Server/OpenIddictServerHandlers.cs index 36eaed3e..0df503fb 100644 --- a/src/OpenIddict.Server/OpenIddictServerHandlers.cs +++ b/src/OpenIddict.Server/OpenIddictServerHandlers.cs @@ -624,7 +624,7 @@ namespace OpenIddict.Server // In OpenIddict 3.0, the audiences allowed to receive a token are stored in "oi_aud". // If no such claim exists, try to infer them from the standard "aud" JWT claims. - if (!context.Principal.HasAudience()) + if (!context.Principal.HasClaim(Claims.Private.Audience)) { var audiences = context.Principal.GetClaims(Claims.Audience); if (audiences.Any()) @@ -641,7 +641,7 @@ namespace OpenIddict.Server // specified. To ensure presenters stored in JWT tokens created by OpenIddict 1.x/2.x // can still be read with OpenIddict 3.0, the presenter is automatically inferred from // the "azp" or "client_id" claim if no "oi_prst" claim was found in the principal. - if (!context.Principal.HasPresenter()) + if (!context.Principal.HasClaim(Claims.Private.Presenter)) { var presenter = context.Principal.GetClaim(Claims.AuthorizedParty) ?? context.Principal.GetClaim(Claims.ClientId); @@ -655,7 +655,7 @@ namespace OpenIddict.Server // In OpenIddict 3.0, the scopes granted to an application are stored in "oi_scp". // If no such claim exists, try to infer them from the standard "scope" JWT claim, // which is guaranteed to be a unique space-separated claim containing all the values. - if (!context.Principal.HasScope()) + if (!context.Principal.HasClaim(Claims.Private.Scope)) { var scope = context.Principal.GetClaim(Claims.Scope); if (!string.IsNullOrEmpty(scope)) @@ -1510,7 +1510,7 @@ namespace OpenIddict.Server // Always include the "openid" scope when the developer doesn't explicitly call SetScopes. // Note: the application is allowed to specify a different "scopes": in this case, // don't replace the "scopes" property stored in the authentication ticket. - if (!context.Principal.HasScope() && context.Request.HasScope(Scopes.OpenId)) + if (!context.Principal.HasClaim(Claims.Private.Scope) && context.Request.HasScope(Scopes.OpenId)) { context.Principal.SetScopes(Scopes.OpenId); } @@ -1546,7 +1546,7 @@ namespace OpenIddict.Server // Add the validated client_id to the list of authorized presenters, // unless the presenters were explicitly set by the developer. - if (!context.Principal.HasPresenter() && !string.IsNullOrEmpty(context.ClientId)) + if (!context.Principal.HasClaim(Claims.Private.Presenter) && !string.IsNullOrEmpty(context.ClientId)) { context.Principal.SetPresenters(context.ClientId); } @@ -1581,7 +1581,8 @@ namespace OpenIddict.Server Debug.Assert(context.Principal is { Identity: ClaimsIdentity }, SR.GetResourceString(SR.ID4006)); // When a "resources" property cannot be found in the ticket, infer it from the "audiences" property. - if (context.Principal.HasAudience() && !context.Principal.HasResource()) + if (context.Principal.HasClaim(Claims.Private.Audience) && + !context.Principal.HasClaim(Claims.Private.Resource)) { context.Principal.SetResources(context.Principal.GetAudiences()); } diff --git a/src/OpenIddict.Validation/OpenIddictValidationHandlers.cs b/src/OpenIddict.Validation/OpenIddictValidationHandlers.cs index 8cbcc902..dbb1f248 100644 --- a/src/OpenIddict.Validation/OpenIddictValidationHandlers.cs +++ b/src/OpenIddict.Validation/OpenIddictValidationHandlers.cs @@ -460,7 +460,7 @@ namespace OpenIddict.Validation // In OpenIddict 3.0, the audiences allowed to receive a token are stored in "oi_aud". // If no such claim exists, try to infer them from the standard "aud" JWT claims. - if (!context.Principal.HasAudience()) + if (!context.Principal.HasClaim(Claims.Private.Audience)) { var audiences = context.Principal.GetClaims(Claims.Audience); if (audiences.Any()) @@ -477,7 +477,7 @@ namespace OpenIddict.Validation // specified. To ensure presenters stored in JWT tokens created by OpenIddict 1.x/2.x // can still be read with OpenIddict 3.0, the presenter is automatically inferred from // the "azp" or "client_id" claim if no "oi_prst" claim was found in the principal. - if (!context.Principal.HasPresenter()) + if (!context.Principal.HasClaim(Claims.Private.Presenter)) { var presenter = context.Principal.GetClaim(Claims.AuthorizedParty) ?? context.Principal.GetClaim(Claims.ClientId); @@ -491,7 +491,7 @@ namespace OpenIddict.Validation // In OpenIddict 3.0, the scopes granted to an application are stored in "oi_scp". // If no such claim exists, try to infer them from the standard "scope" JWT claim, // which is guaranteed to be a unique space-separated claim containing all the values. - if (!context.Principal.HasScope()) + if (!context.Principal.HasClaim(Claims.Private.Scope)) { var scope = context.Principal.GetClaim(Claims.Scope); if (!string.IsNullOrEmpty(scope)) diff --git a/test/OpenIddict.Abstractions.Tests/Primitives/OpenIddictExtensionsTests.cs b/test/OpenIddict.Abstractions.Tests/Primitives/OpenIddictExtensionsTests.cs index 62a911ee..79a607c5 100644 --- a/test/OpenIddict.Abstractions.Tests/Primitives/OpenIddictExtensionsTests.cs +++ b/test/OpenIddict.Abstractions.Tests/Primitives/OpenIddictExtensionsTests.cs @@ -1982,21 +1982,6 @@ namespace OpenIddict.Abstractions.Tests.Primitives Assert.StartsWith(SR.GetResourceString(SR.ID0186), exception.Message); } - [Theory] - [InlineData(new string[0], false)] - [InlineData(new[] { "fabrikam" }, true)] - public void HasAudience_ReturnsExpectedResult(string[] audience, bool result) - { - // Arrange - var identity = new ClaimsIdentity(); - var principal = new ClaimsPrincipal(identity); - - principal.SetClaims(Claims.Private.Audience, audience.ToImmutableArray()); - - // Act and assert - Assert.Equal(result, principal.HasAudience()); - } - [Theory] [InlineData(new string[0], false)] [InlineData(new[] { "contoso" }, false)] @@ -2007,7 +1992,7 @@ namespace OpenIddict.Abstractions.Tests.Primitives [InlineData(new[] { "CONTOSO", "FABRIKAM" }, false)] [InlineData(new[] { "FABRIKAM" }, false)] [InlineData(new[] { "FABRIKAM", "CONTOSO" }, false)] - public void HasAudience_ReturnsAppropriateResult(string[] audience, bool result) + public void HasAudience_ReturnsExpectedResult(string[] audience, bool result) { // Arrange var identity = new ClaimsIdentity(); @@ -2046,21 +2031,6 @@ namespace OpenIddict.Abstractions.Tests.Primitives Assert.StartsWith(SR.GetResourceString(SR.ID0187), exception.Message); } - [Theory] - [InlineData(new string[0], false)] - [InlineData(new[] { "fabrikam" }, true)] - public void HasPresenter_ReturnsExpectedResult(string[] presenter, bool result) - { - // Arrange - var identity = new ClaimsIdentity(); - var principal = new ClaimsPrincipal(identity); - - principal.SetClaims(Claims.Private.Presenter, presenter.ToImmutableArray()); - - // Act and assert - Assert.Equal(result, principal.HasPresenter()); - } - [Theory] [InlineData(new string[0], false)] [InlineData(new[] { "contoso" }, false)] @@ -2071,7 +2041,7 @@ namespace OpenIddict.Abstractions.Tests.Primitives [InlineData(new[] { "CONTOSO", "FABRIKAM" }, false)] [InlineData(new[] { "FABRIKAM" }, false)] [InlineData(new[] { "FABRIKAM", "CONTOSO" }, false)] - public void HasPresenter_ReturnsAppropriateResult(string[] presenter, bool result) + public void HasPresenter_ReturnsExpectedResult(string[] presenter, bool result) { // Arrange var identity = new ClaimsIdentity(); @@ -2110,21 +2080,6 @@ namespace OpenIddict.Abstractions.Tests.Primitives Assert.StartsWith(SR.GetResourceString(SR.ID0062), exception.Message); } - [Theory] - [InlineData(new string[0], false)] - [InlineData(new[] { "fabrikam" }, true)] - public void HasResource_ReturnsExpectedResult(string[] resource, bool result) - { - // Arrange - var identity = new ClaimsIdentity(); - var principal = new ClaimsPrincipal(identity); - - principal.SetClaims(Claims.Private.Resource, resource.ToImmutableArray()); - - // Act and assert - Assert.Equal(result, principal.HasResource()); - } - [Theory] [InlineData(new string[0], false)] [InlineData(new[] { "contoso" }, false)] @@ -2135,7 +2090,7 @@ namespace OpenIddict.Abstractions.Tests.Primitives [InlineData(new[] { "CONTOSO", "FABRIKAM" }, false)] [InlineData(new[] { "FABRIKAM" }, false)] [InlineData(new[] { "FABRIKAM", "CONTOSO" }, false)] - public void HasResource_ReturnsAppropriateResult(string[] resource, bool result) + public void HasResource_ReturnsExpectedResult(string[] resource, bool result) { // Arrange var identity = new ClaimsIdentity(); @@ -2148,7 +2103,7 @@ namespace OpenIddict.Abstractions.Tests.Primitives } [Fact] - public void HasScope_ThrowsAnExceptionForNullPrincipal() + public void ClaimsPrincipal_HasScope_ThrowsAnExceptionForNullPrincipal() { // Arrange var principal = (ClaimsPrincipal) null!; @@ -2174,21 +2129,6 @@ namespace OpenIddict.Abstractions.Tests.Primitives Assert.StartsWith(SR.GetResourceString(SR.ID0180), exception.Message); } - [Theory] - [InlineData(new string[0], false)] - [InlineData(new[] { "openid" }, true)] - public void ClaimsPrincipal_HasScope_ReturnsExpectedResult(string[] scope, bool result) - { - // Arrange - var identity = new ClaimsIdentity(); - var principal = new ClaimsPrincipal(identity); - - principal.SetClaims(Claims.Private.Scope, scope.ToImmutableArray()); - - // Act and assert - Assert.Equal(result, principal.HasScope()); - } - [Theory] [InlineData(new string[0], false)] [InlineData(new[] { "profile" }, false)] @@ -2199,7 +2139,7 @@ namespace OpenIddict.Abstractions.Tests.Primitives [InlineData(new[] { "PROFILE", "OPENID" }, false)] [InlineData(new[] { "OPENID" }, false)] [InlineData(new[] { "OPENID", "PROFILE" }, false)] - public void HasScope_ReturnsAppropriateResult(string[] scope, bool result) + public void ClaimsPrincipal_HasScope_ReturnsExpectedResult(string[] scope, bool result) { // Arrange var identity = new ClaimsIdentity();