Ensure the Windows Runtime types are never loaded on platforms that don't support them

3 years ago · c5efcf37ea
3 changed files with 65 additions and 26 deletions
--- a/src/OpenIddict.Client.SystemIntegration/OpenIddictClientSystemIntegrationHandlerFilters.cs
+++ b/src/OpenIddict.Client.SystemIntegration/OpenIddictClientSystemIntegrationHandlerFilters.cs
@ -5,6 +5,7 @@
 */

 using System.ComponentModel;
+using System.Runtime.CompilerServices;
 using Microsoft.Extensions.Options;

 namespace OpenIddict.Client.SystemIntegration;
@ -133,16 +134,21 @@ public static class OpenIddictClientSystemIntegrationHandlerFilters
                throw new ArgumentNullException(nameof(context));
            }

-            if (!context.Transaction.Properties.TryGetValue(
-                typeof(OpenIddictClientSystemIntegrationAuthenticationMode).FullName!, out var result) ||
-                result is not OpenIddictClientSystemIntegrationAuthenticationMode mode)
+#if SUPPORTS_WINDOWS_RUNTIME
+            if (OpenIddictClientSystemIntegrationHelpers.IsWindowsRuntimeSupported())
            {
-                mode = _options.CurrentValue.AuthenticationMode.GetValueOrDefault();
+                if (!context.Transaction.Properties.TryGetValue(
+                    typeof(OpenIddictClientSystemIntegrationAuthenticationMode).FullName!, out var result) ||
+                    result is not OpenIddictClientSystemIntegrationAuthenticationMode mode)
+                {
+                    mode = _options.CurrentValue.AuthenticationMode.GetValueOrDefault();
+                }
+
+                return new(mode is OpenIddictClientSystemIntegrationAuthenticationMode.WebAuthenticationBroker);
            }
+#endif

-#pragma warning disable CA1416
-            return new(mode is OpenIddictClientSystemIntegrationAuthenticationMode.WebAuthenticationBroker);
-#pragma warning restore CA1416
+            return new(false);
        }
    }

@ -161,10 +167,16 @@ public static class OpenIddictClientSystemIntegrationHandlerFilters
            }

 #if SUPPORTS_WINDOWS_RUNTIME
-            return new(context.Transaction.GetWebAuthenticationResult() is not null);
-#else
-            return new(false);
+            if (OpenIddictClientSystemIntegrationHelpers.IsWindowsRuntimeSupported())
+            {
+                return new(ContainsWebAuthenticationResult(context.Transaction));
+            }
+
+            [MethodImpl(MethodImplOptions.NoInlining)]
+            static bool ContainsWebAuthenticationResult(OpenIddictClientTransaction transaction)
+                => transaction.GetWebAuthenticationResult() is not null;
 #endif
+            return new(false);
        }
    }
 }
--- a/src/OpenIddict.Client.SystemIntegration/OpenIddictClientSystemIntegrationHandlers.Authentication.cs
+++ b/src/OpenIddict.Client.SystemIntegration/OpenIddictClientSystemIntegrationHandlers.Authentication.cs
@ -41,7 +41,8 @@ public static partial class OpenIddictClientSystemIntegrationHandlers
            AttachHttpResponseCode<ApplyRedirectionResponseContext>.Descriptor,
            AttachCacheControlHeader<ApplyRedirectionResponseContext>.Descriptor,
            ProcessEmptyHttpResponse.Descriptor,
-            ProcessUnactionableResponse<ApplyRedirectionResponseContext>.Descriptor);
+            ProcessProtocolActivationResponse<ApplyRedirectionResponseContext>.Descriptor,
+            ProcessWebAuthenticationResultResponse<ApplyRedirectionResponseContext>.Descriptor);

        /// <summary>
        /// Contains the logic responsible for initiating authorization requests using the web authentication broker.
--- a/src/OpenIddict.Client.SystemIntegration/OpenIddictClientSystemIntegrationHandlers.cs
+++ b/src/OpenIddict.Client.SystemIntegration/OpenIddictClientSystemIntegrationHandlers.cs
@ -1753,10 +1753,10 @@ public static partial class OpenIddictClientSystemIntegrationHandlers
    }

    /// <summary>
-    /// Contains the logic responsible for marking OpenID Connect responses
-    /// returned via protocol activations or web authentication results as processed.
+    /// Contains the logic responsible for marking OpenID Connect
+    /// responses returned via protocol activations as processed.
    /// </summary>
-    public sealed class ProcessUnactionableResponse<TContext> : IOpenIddictClientHandler<TContext>
+    public sealed class ProcessProtocolActivationResponse<TContext> : IOpenIddictClientHandler<TContext>
        where TContext : BaseRequestContext
    {
        /// <summary>
@ -1764,8 +1764,9 @@ public static partial class OpenIddictClientSystemIntegrationHandlers
        /// </summary>
        public static OpenIddictClientHandlerDescriptor Descriptor { get; }
            = OpenIddictClientHandlerDescriptor.CreateBuilder<TContext>()
-                .UseSingletonHandler<ProcessUnactionableResponse<TContext>>()
-                .SetOrder(int.MaxValue)
+                .AddFilter<RequireProtocolActivation>()
+                .UseSingletonHandler<ProcessProtocolActivationResponse<TContext>>()
+                .SetOrder(ProcessWebAuthenticationResultResponse<TContext>.Descriptor.Order - 1_000)
                .SetType(OpenIddictClientHandlerType.BuiltIn)
                .Build();

@ -1783,19 +1784,44 @@ public static partial class OpenIddictClientSystemIntegrationHandlers
            //
            // Note: this logic applies to both successful and errored responses.

-            if (context.Transaction.GetProtocolActivation() is not null)
-            {
-                context.HandleRequest();
-                return default;
-            }
+            context.HandleRequest();
+            return default;
+        }
+    }

-#if SUPPORTS_WINDOWS_RUNTIME
-            if (context.Transaction.GetWebAuthenticationResult() is not null)
+    /// <summary>
+    /// Contains the logic responsible for marking OpenID Connect
+    /// responses returned via web authentication results as processed.
+    /// </summary>
+    public sealed class ProcessWebAuthenticationResultResponse<TContext> : IOpenIddictClientHandler<TContext>
+        where TContext : BaseRequestContext
+    {
+        /// <summary>
+        /// Gets the default descriptor definition assigned to this handler.
+        /// </summary>
+        public static OpenIddictClientHandlerDescriptor Descriptor { get; }
+            = OpenIddictClientHandlerDescriptor.CreateBuilder<TContext>()
+                .AddFilter<RequireWebAuthenticationResult>()
+                .UseSingletonHandler<ProcessWebAuthenticationResultResponse<TContext>>()
+                .SetOrder(int.MaxValue)
+                .SetType(OpenIddictClientHandlerType.BuiltIn)
+                .Build();
+
+        /// <inheritdoc/>
+        public ValueTask HandleAsync(TContext context)
+        {
+            if (context is null)
            {
-                context.HandleRequest();
-                return default;
+                throw new ArgumentNullException(nameof(context));
            }
-#endif
+
+            // For both protocol activations (initial or redirected) and web-view-like results,
+            // no proper response can be generated and eventually displayed to the user. In this
+            // case, simply stop processing the response and mark the request as fully handled.
+            //
+            // Note: this logic applies to both successful and errored responses.
+
+            context.HandleRequest();
            return default;
        }
    }