tsai
/
openiddict-core
mirror of https://github.com/openiddict/openiddict-core.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Remove the parameter-less HasAudience()/HasPresenter()/HasResource()/HasScope() extensions

pull/1179/head
Kévin Chalet 5 years ago
parent
2f3004a66b
commit
b6766e480e
6 changed files with 21 additions and 112 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 32
      src/OpenIddict.Abstractions/Primitives/OpenIddictExtensions.cs
  2. 6
      src/OpenIddict.Server/OpenIddictServerHandlers.Introspection.cs
  3. 6
      src/OpenIddict.Server/OpenIddictServerHandlers.Revocation.cs
  4. 13
      src/OpenIddict.Server/OpenIddictServerHandlers.cs
  5. 6
      src/OpenIddict.Validation/OpenIddictValidationHandlers.cs
  6. 70
      test/OpenIddict.Abstractions.Tests/Primitives/OpenIddictExtensionsTests.cs

32
src/OpenIddict.Abstractions/Primitives/OpenIddictExtensions.cs
View File

@ -1300,14 +1300,6 @@ namespace OpenIddict.Abstractions
public static string? GetTokenType(this ClaimsPrincipal principal) public static string? GetTokenType(this ClaimsPrincipal principal)
=> principal.GetClaim(Claims.Private.TokenType); => principal.GetClaim(Claims.Private.TokenType);
/// <summary>
/// Determines whether the claims principal contains at least one audience.
/// </summary>
/// <param name="principal">The claims principal.</param>
/// <returns><c>true</c> if the principal contains at least one audience.</returns>
public static bool HasAudience(this ClaimsPrincipal principal)
=> principal.HasClaim(Claims.Private.Audience);
/// <summary> /// <summary>
/// Determines whether the claims principal contains the given audience. /// Determines whether the claims principal contains the given audience.
/// </summary> /// </summary>
@ -1329,14 +1321,6 @@ namespace OpenIddict.Abstractions
return principal.HasClaim(Claims.Private.Audience, audience); return principal.HasClaim(Claims.Private.Audience, audience);
} }
/// <summary>
/// Determines whether the claims principal contains at least one presenter.
/// </summary>
/// <param name="principal">The claims principal.</param>
/// <returns><c>true</c> if the principal contains at least one presenter.</returns>
public static bool HasPresenter(this ClaimsPrincipal principal)
=> principal.HasClaim(Claims.Private.Presenter);
/// <summary> /// <summary>
/// Determines whether the claims principal contains the given presenter. /// Determines whether the claims principal contains the given presenter.
/// </summary> /// </summary>
@ -1358,14 +1342,6 @@ namespace OpenIddict.Abstractions
return principal.HasClaim(Claims.Private.Presenter, presenter); return principal.HasClaim(Claims.Private.Presenter, presenter);
} }
/// <summary>
/// Determines whether the claims principal contains at least one resource.
/// </summary>
/// <param name="principal">The claims principal.</param>
/// <returns><c>true</c> if the principal contains at least one resource.</returns>
public static bool HasResource(this ClaimsPrincipal principal)
=> principal.HasClaim(Claims.Private.Resource);
/// <summary> /// <summary>
/// Determines whether the claims principal contains the given resource. /// Determines whether the claims principal contains the given resource.
/// </summary> /// </summary>
@ -1387,14 +1363,6 @@ namespace OpenIddict.Abstractions
return principal.HasClaim(Claims.Private.Resource, resource); return principal.HasClaim(Claims.Private.Resource, resource);
} }
/// <summary>
/// Determines whether the claims principal contains at least one scope.
/// </summary>
/// <param name="principal">The claims principal.</param>
/// <returns><c>true</c> if the principal contains at least one scope.</returns>
public static bool HasScope(this ClaimsPrincipal principal)
=> principal.HasClaim(Claims.Private.Scope);
/// <summary> /// <summary>
/// Determines whether the claims principal contains the given scope. /// Determines whether the claims principal contains the given scope.
/// </summary> /// </summary>

6
src/OpenIddict.Server/OpenIddictServerHandlers.Introspection.cs
View File

@ -796,8 +796,8 @@ namespace OpenIddict.Server
// If the access token doesn't contain any explicit presenter/audience, the token is assumed // If the access token doesn't contain any explicit presenter/audience, the token is assumed
// to be not specific to any resource server/client application and the check is bypassed. // to be not specific to any resource server/client application and the check is bypassed.
if (context.Principal.HasTokenType(TokenTypeHints.AccessToken) && if (context.Principal.HasTokenType(TokenTypeHints.AccessToken) &&
context.Principal.HasAudience() && !context.Principal.HasAudience(context.ClientId) && context.Principal.HasClaim(Claims.Private.Audience) && !context.Principal.HasAudience(context.ClientId) &&
context.Principal.HasPresenter() && !context.Principal.HasPresenter(context.ClientId)) context.Principal.HasClaim(Claims.Private.Presenter) && !context.Principal.HasPresenter(context.ClientId))
{ {
context.Logger.LogError(SR.GetResourceString(SR.ID6106)); context.Logger.LogError(SR.GetResourceString(SR.ID6106));
@ -813,7 +813,7 @@ namespace OpenIddict.Server
// If the refresh token doesn't contain any explicit presenter, the token is // If the refresh token doesn't contain any explicit presenter, the token is
// assumed to be not specific to any client application and the check is bypassed. // assumed to be not specific to any client application and the check is bypassed.
if (context.Principal.HasTokenType(TokenTypeHints.RefreshToken) && if (context.Principal.HasTokenType(TokenTypeHints.RefreshToken) &&
context.Principal.HasPresenter() && !context.Principal.HasPresenter(context.ClientId)) context.Principal.HasClaim(Claims.Private.Presenter) && !context.Principal.HasPresenter(context.ClientId))
{ {
context.Logger.LogError(SR.GetResourceString(SR.ID6108)); context.Logger.LogError(SR.GetResourceString(SR.ID6108));

6
src/OpenIddict.Server/OpenIddictServerHandlers.Revocation.cs
View File

@ -739,8 +739,8 @@ namespace OpenIddict.Server
// If the access token doesn't contain any explicit presenter/audience, the token is assumed // If the access token doesn't contain any explicit presenter/audience, the token is assumed
// to be not specific to any resource server/client application and the check is bypassed. // to be not specific to any resource server/client application and the check is bypassed.
if (context.Principal.HasTokenType(TokenTypeHints.AccessToken) && if (context.Principal.HasTokenType(TokenTypeHints.AccessToken) &&
context.Principal.HasAudience() && !context.Principal.HasAudience(context.ClientId) && context.Principal.HasClaim(Claims.Private.Audience) && !context.Principal.HasAudience(context.ClientId) &&
context.Principal.HasPresenter() && !context.Principal.HasPresenter(context.ClientId)) context.Principal.HasClaim(Claims.Private.Presenter) && !context.Principal.HasPresenter(context.ClientId))
{ {
context.Logger.LogError(SR.GetResourceString(SR.ID6119)); context.Logger.LogError(SR.GetResourceString(SR.ID6119));
@ -756,7 +756,7 @@ namespace OpenIddict.Server
// If the refresh token doesn't contain any explicit presenter, the token is // If the refresh token doesn't contain any explicit presenter, the token is
// assumed to be not specific to any client application and the check is bypassed. // assumed to be not specific to any client application and the check is bypassed.
if (context.Principal.HasTokenType(TokenTypeHints.RefreshToken) && if (context.Principal.HasTokenType(TokenTypeHints.RefreshToken) &&
context.Principal.HasPresenter() && !context.Principal.HasPresenter(context.ClientId)) context.Principal.HasClaim(Claims.Private.Presenter) && !context.Principal.HasPresenter(context.ClientId))
{ {
context.Logger.LogError(SR.GetResourceString(SR.ID6121)); context.Logger.LogError(SR.GetResourceString(SR.ID6121));

13
src/OpenIddict.Server/OpenIddictServerHandlers.cs
View File

@ -624,7 +624,7 @@ namespace OpenIddict.Server
// In OpenIddict 3.0, the audiences allowed to receive a token are stored in "oi_aud". // In OpenIddict 3.0, the audiences allowed to receive a token are stored in "oi_aud".
// If no such claim exists, try to infer them from the standard "aud" JWT claims. // If no such claim exists, try to infer them from the standard "aud" JWT claims.
if (!context.Principal.HasAudience()) if (!context.Principal.HasClaim(Claims.Private.Audience))
{ {
var audiences = context.Principal.GetClaims(Claims.Audience); var audiences = context.Principal.GetClaims(Claims.Audience);
if (audiences.Any()) if (audiences.Any())
@ -641,7 +641,7 @@ namespace OpenIddict.Server
// specified. To ensure presenters stored in JWT tokens created by OpenIddict 1.x/2.x // specified. To ensure presenters stored in JWT tokens created by OpenIddict 1.x/2.x
// can still be read with OpenIddict 3.0, the presenter is automatically inferred from // can still be read with OpenIddict 3.0, the presenter is automatically inferred from
// the "azp" or "client_id" claim if no "oi_prst" claim was found in the principal. // the "azp" or "client_id" claim if no "oi_prst" claim was found in the principal.
if (!context.Principal.HasPresenter()) if (!context.Principal.HasClaim(Claims.Private.Presenter))
{ {
var presenter = context.Principal.GetClaim(Claims.AuthorizedParty) ?? var presenter = context.Principal.GetClaim(Claims.AuthorizedParty) ??
context.Principal.GetClaim(Claims.ClientId); context.Principal.GetClaim(Claims.ClientId);
@ -655,7 +655,7 @@ namespace OpenIddict.Server
// In OpenIddict 3.0, the scopes granted to an application are stored in "oi_scp". // In OpenIddict 3.0, the scopes granted to an application are stored in "oi_scp".
// If no such claim exists, try to infer them from the standard "scope" JWT claim, // If no such claim exists, try to infer them from the standard "scope" JWT claim,
// which is guaranteed to be a unique space-separated claim containing all the values. // which is guaranteed to be a unique space-separated claim containing all the values.
if (!context.Principal.HasScope()) if (!context.Principal.HasClaim(Claims.Private.Scope))
{ {
var scope = context.Principal.GetClaim(Claims.Scope); var scope = context.Principal.GetClaim(Claims.Scope);
if (!string.IsNullOrEmpty(scope)) if (!string.IsNullOrEmpty(scope))
@ -1510,7 +1510,7 @@ namespace OpenIddict.Server
// Always include the "openid" scope when the developer doesn't explicitly call SetScopes. // Always include the "openid" scope when the developer doesn't explicitly call SetScopes.
// Note: the application is allowed to specify a different "scopes": in this case, // Note: the application is allowed to specify a different "scopes": in this case,
// don't replace the "scopes" property stored in the authentication ticket. // don't replace the "scopes" property stored in the authentication ticket.
if (!context.Principal.HasScope() && context.Request.HasScope(Scopes.OpenId)) if (!context.Principal.HasClaim(Claims.Private.Scope) && context.Request.HasScope(Scopes.OpenId))
{ {
context.Principal.SetScopes(Scopes.OpenId); context.Principal.SetScopes(Scopes.OpenId);
} }
@ -1546,7 +1546,7 @@ namespace OpenIddict.Server
// Add the validated client_id to the list of authorized presenters, // Add the validated client_id to the list of authorized presenters,
// unless the presenters were explicitly set by the developer. // unless the presenters were explicitly set by the developer.
if (!context.Principal.HasPresenter() && !string.IsNullOrEmpty(context.ClientId)) if (!context.Principal.HasClaim(Claims.Private.Presenter) && !string.IsNullOrEmpty(context.ClientId))
{ {
context.Principal.SetPresenters(context.ClientId); context.Principal.SetPresenters(context.ClientId);
} }
@ -1581,7 +1581,8 @@ namespace OpenIddict.Server
Debug.Assert(context.Principal is { Identity: ClaimsIdentity }, SR.GetResourceString(SR.ID4006)); Debug.Assert(context.Principal is { Identity: ClaimsIdentity }, SR.GetResourceString(SR.ID4006));
// When a "resources" property cannot be found in the ticket, infer it from the "audiences" property. // When a "resources" property cannot be found in the ticket, infer it from the "audiences" property.
if (context.Principal.HasAudience() && !context.Principal.HasResource()) if (context.Principal.HasClaim(Claims.Private.Audience) &&
!context.Principal.HasClaim(Claims.Private.Resource))
{ {
context.Principal.SetResources(context.Principal.GetAudiences()); context.Principal.SetResources(context.Principal.GetAudiences());
} }

6
src/OpenIddict.Validation/OpenIddictValidationHandlers.cs
View File

@ -460,7 +460,7 @@ namespace OpenIddict.Validation
// In OpenIddict 3.0, the audiences allowed to receive a token are stored in "oi_aud". // In OpenIddict 3.0, the audiences allowed to receive a token are stored in "oi_aud".
// If no such claim exists, try to infer them from the standard "aud" JWT claims. // If no such claim exists, try to infer them from the standard "aud" JWT claims.
if (!context.Principal.HasAudience()) if (!context.Principal.HasClaim(Claims.Private.Audience))
{ {
var audiences = context.Principal.GetClaims(Claims.Audience); var audiences = context.Principal.GetClaims(Claims.Audience);
if (audiences.Any()) if (audiences.Any())
@ -477,7 +477,7 @@ namespace OpenIddict.Validation
// specified. To ensure presenters stored in JWT tokens created by OpenIddict 1.x/2.x // specified. To ensure presenters stored in JWT tokens created by OpenIddict 1.x/2.x
// can still be read with OpenIddict 3.0, the presenter is automatically inferred from // can still be read with OpenIddict 3.0, the presenter is automatically inferred from
// the "azp" or "client_id" claim if no "oi_prst" claim was found in the principal. // the "azp" or "client_id" claim if no "oi_prst" claim was found in the principal.
if (!context.Principal.HasPresenter()) if (!context.Principal.HasClaim(Claims.Private.Presenter))
{ {
var presenter = context.Principal.GetClaim(Claims.AuthorizedParty) ?? var presenter = context.Principal.GetClaim(Claims.AuthorizedParty) ??
context.Principal.GetClaim(Claims.ClientId); context.Principal.GetClaim(Claims.ClientId);
@ -491,7 +491,7 @@ namespace OpenIddict.Validation
// In OpenIddict 3.0, the scopes granted to an application are stored in "oi_scp". // In OpenIddict 3.0, the scopes granted to an application are stored in "oi_scp".
// If no such claim exists, try to infer them from the standard "scope" JWT claim, // If no such claim exists, try to infer them from the standard "scope" JWT claim,
// which is guaranteed to be a unique space-separated claim containing all the values. // which is guaranteed to be a unique space-separated claim containing all the values.
if (!context.Principal.HasScope()) if (!context.Principal.HasClaim(Claims.Private.Scope))
{ {
var scope = context.Principal.GetClaim(Claims.Scope); var scope = context.Principal.GetClaim(Claims.Scope);
if (!string.IsNullOrEmpty(scope)) if (!string.IsNullOrEmpty(scope))

70
test/OpenIddict.Abstractions.Tests/Primitives/OpenIddictExtensionsTests.cs
View File

@ -1982,21 +1982,6 @@ namespace OpenIddict.Abstractions.Tests.Primitives
Assert.StartsWith(SR.GetResourceString(SR.ID0186), exception.Message); Assert.StartsWith(SR.GetResourceString(SR.ID0186), exception.Message);
} }
[Theory]
[InlineData(new string[0], false)]
[InlineData(new[] { "fabrikam" }, true)]
public void HasAudience_ReturnsExpectedResult(string[] audience, bool result)
{
// Arrange
var identity = new ClaimsIdentity();
var principal = new ClaimsPrincipal(identity);
principal.SetClaims(Claims.Private.Audience, audience.ToImmutableArray());
// Act and assert
Assert.Equal(result, principal.HasAudience());
}
[Theory] [Theory]
[InlineData(new string[0], false)] [InlineData(new string[0], false)]
[InlineData(new[] { "contoso" }, false)] [InlineData(new[] { "contoso" }, false)]
@ -2007,7 +1992,7 @@ namespace OpenIddict.Abstractions.Tests.Primitives
[InlineData(new[] { "CONTOSO", "FABRIKAM" }, false)] [InlineData(new[] { "CONTOSO", "FABRIKAM" }, false)]
[InlineData(new[] { "FABRIKAM" }, false)] [InlineData(new[] { "FABRIKAM" }, false)]
[InlineData(new[] { "FABRIKAM", "CONTOSO" }, false)] [InlineData(new[] { "FABRIKAM", "CONTOSO" }, false)]
public void HasAudience_ReturnsAppropriateResult(string[] audience, bool result) public void HasAudience_ReturnsExpectedResult(string[] audience, bool result)
{ {
// Arrange // Arrange
var identity = new ClaimsIdentity(); var identity = new ClaimsIdentity();
@ -2046,21 +2031,6 @@ namespace OpenIddict.Abstractions.Tests.Primitives
Assert.StartsWith(SR.GetResourceString(SR.ID0187), exception.Message); Assert.StartsWith(SR.GetResourceString(SR.ID0187), exception.Message);
} }
[Theory]
[InlineData(new string[0], false)]
[InlineData(new[] { "fabrikam" }, true)]
public void HasPresenter_ReturnsExpectedResult(string[] presenter, bool result)
{
// Arrange
var identity = new ClaimsIdentity();
var principal = new ClaimsPrincipal(identity);
principal.SetClaims(Claims.Private.Presenter, presenter.ToImmutableArray());
// Act and assert
Assert.Equal(result, principal.HasPresenter());
}
[Theory] [Theory]
[InlineData(new string[0], false)] [InlineData(new string[0], false)]
[InlineData(new[] { "contoso" }, false)] [InlineData(new[] { "contoso" }, false)]
@ -2071,7 +2041,7 @@ namespace OpenIddict.Abstractions.Tests.Primitives
[InlineData(new[] { "CONTOSO", "FABRIKAM" }, false)] [InlineData(new[] { "CONTOSO", "FABRIKAM" }, false)]
[InlineData(new[] { "FABRIKAM" }, false)] [InlineData(new[] { "FABRIKAM" }, false)]
[InlineData(new[] { "FABRIKAM", "CONTOSO" }, false)] [InlineData(new[] { "FABRIKAM", "CONTOSO" }, false)]
public void HasPresenter_ReturnsAppropriateResult(string[] presenter, bool result) public void HasPresenter_ReturnsExpectedResult(string[] presenter, bool result)
{ {
// Arrange // Arrange
var identity = new ClaimsIdentity(); var identity = new ClaimsIdentity();
@ -2110,21 +2080,6 @@ namespace OpenIddict.Abstractions.Tests.Primitives
Assert.StartsWith(SR.GetResourceString(SR.ID0062), exception.Message); Assert.StartsWith(SR.GetResourceString(SR.ID0062), exception.Message);
} }
[Theory]
[InlineData(new string[0], false)]
[InlineData(new[] { "fabrikam" }, true)]
public void HasResource_ReturnsExpectedResult(string[] resource, bool result)
{
// Arrange
var identity = new ClaimsIdentity();
var principal = new ClaimsPrincipal(identity);
principal.SetClaims(Claims.Private.Resource, resource.ToImmutableArray());
// Act and assert
Assert.Equal(result, principal.HasResource());
}
[Theory] [Theory]
[InlineData(new string[0], false)] [InlineData(new string[0], false)]
[InlineData(new[] { "contoso" }, false)] [InlineData(new[] { "contoso" }, false)]
@ -2135,7 +2090,7 @@ namespace OpenIddict.Abstractions.Tests.Primitives
[InlineData(new[] { "CONTOSO", "FABRIKAM" }, false)] [InlineData(new[] { "CONTOSO", "FABRIKAM" }, false)]
[InlineData(new[] { "FABRIKAM" }, false)] [InlineData(new[] { "FABRIKAM" }, false)]
[InlineData(new[] { "FABRIKAM", "CONTOSO" }, false)] [InlineData(new[] { "FABRIKAM", "CONTOSO" }, false)]
public void HasResource_ReturnsAppropriateResult(string[] resource, bool result) public void HasResource_ReturnsExpectedResult(string[] resource, bool result)
{ {
// Arrange // Arrange
var identity = new ClaimsIdentity(); var identity = new ClaimsIdentity();
@ -2148,7 +2103,7 @@ namespace OpenIddict.Abstractions.Tests.Primitives
} }
[Fact] [Fact]
public void HasScope_ThrowsAnExceptionForNullPrincipal() public void ClaimsPrincipal_HasScope_ThrowsAnExceptionForNullPrincipal()
{ {
// Arrange // Arrange
var principal = (ClaimsPrincipal) null!; var principal = (ClaimsPrincipal) null!;
@ -2174,21 +2129,6 @@ namespace OpenIddict.Abstractions.Tests.Primitives
Assert.StartsWith(SR.GetResourceString(SR.ID0180), exception.Message); Assert.StartsWith(SR.GetResourceString(SR.ID0180), exception.Message);
} }
[Theory]
[InlineData(new string[0], false)]
[InlineData(new[] { "openid" }, true)]
public void ClaimsPrincipal_HasScope_ReturnsExpectedResult(string[] scope, bool result)
{
// Arrange
var identity = new ClaimsIdentity();
var principal = new ClaimsPrincipal(identity);
principal.SetClaims(Claims.Private.Scope, scope.ToImmutableArray());
// Act and assert
Assert.Equal(result, principal.HasScope());
}
[Theory] [Theory]
[InlineData(new string[0], false)] [InlineData(new string[0], false)]
[InlineData(new[] { "profile" }, false)] [InlineData(new[] { "profile" }, false)]
@ -2199,7 +2139,7 @@ namespace OpenIddict.Abstractions.Tests.Primitives
[InlineData(new[] { "PROFILE", "OPENID" }, false)] [InlineData(new[] { "PROFILE", "OPENID" }, false)]
[InlineData(new[] { "OPENID" }, false)] [InlineData(new[] { "OPENID" }, false)]
[InlineData(new[] { "OPENID", "PROFILE" }, false)] [InlineData(new[] { "OPENID", "PROFILE" }, false)]
public void HasScope_ReturnsAppropriateResult(string[] scope, bool result) public void ClaimsPrincipal_HasScope_ReturnsExpectedResult(string[] scope, bool result)
{ {
// Arrange // Arrange
var identity = new ClaimsIdentity(); var identity = new ClaimsIdentity();

Write Preview
Loading…
Cancel
Save