From c5efcf37eaa9f7a0b48709bf026c32489417b102 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Chalet?= <kevinchalet@gmail.com>
Date: Mon, 20 Feb 2023 19:09:31 +0100
Subject: [PATCH] Ensure the Windows Runtime types are never loaded on
 platforms that don't support them

---
 ...ctClientSystemIntegrationHandlerFilters.cs | 32 +++++++----
 ...ystemIntegrationHandlers.Authentication.cs |  3 +-
 ...enIddictClientSystemIntegrationHandlers.cs | 56 ++++++++++++++-----
 3 files changed, 65 insertions(+), 26 deletions(-)

diff --git a/src/OpenIddict.Client.SystemIntegration/OpenIddictClientSystemIntegrationHandlerFilters.cs b/src/OpenIddict.Client.SystemIntegration/OpenIddictClientSystemIntegrationHandlerFilters.cs
index f1c953a4..234aeeed 100644
--- a/src/OpenIddict.Client.SystemIntegration/OpenIddictClientSystemIntegrationHandlerFilters.cs
+++ b/src/OpenIddict.Client.SystemIntegration/OpenIddictClientSystemIntegrationHandlerFilters.cs
@@ -5,6 +5,7 @@
  */
 
 using System.ComponentModel;
+using System.Runtime.CompilerServices;
 using Microsoft.Extensions.Options;
 
 namespace OpenIddict.Client.SystemIntegration;
@@ -133,16 +134,21 @@ public static class OpenIddictClientSystemIntegrationHandlerFilters
                 throw new ArgumentNullException(nameof(context));
             }
 
-            if (!context.Transaction.Properties.TryGetValue(
-                typeof(OpenIddictClientSystemIntegrationAuthenticationMode).FullName!, out var result) ||
-                result is not OpenIddictClientSystemIntegrationAuthenticationMode mode)
+#if SUPPORTS_WINDOWS_RUNTIME
+            if (OpenIddictClientSystemIntegrationHelpers.IsWindowsRuntimeSupported())
             {
-                mode = _options.CurrentValue.AuthenticationMode.GetValueOrDefault();
+                if (!context.Transaction.Properties.TryGetValue(
+                    typeof(OpenIddictClientSystemIntegrationAuthenticationMode).FullName!, out var result) ||
+                    result is not OpenIddictClientSystemIntegrationAuthenticationMode mode)
+                {
+                    mode = _options.CurrentValue.AuthenticationMode.GetValueOrDefault();
+                }
+
+                return new(mode is OpenIddictClientSystemIntegrationAuthenticationMode.WebAuthenticationBroker);
             }
+#endif
 
-#pragma warning disable CA1416
-            return new(mode is OpenIddictClientSystemIntegrationAuthenticationMode.WebAuthenticationBroker);
-#pragma warning restore CA1416
+            return new(false);
         }
     }
 
@@ -161,10 +167,16 @@ public static class OpenIddictClientSystemIntegrationHandlerFilters
             }
 
 #if SUPPORTS_WINDOWS_RUNTIME
-            return new(context.Transaction.GetWebAuthenticationResult() is not null);
-#else
-            return new(false);
+            if (OpenIddictClientSystemIntegrationHelpers.IsWindowsRuntimeSupported())
+            {
+                return new(ContainsWebAuthenticationResult(context.Transaction));
+            }
+
+            [MethodImpl(MethodImplOptions.NoInlining)]
+            static bool ContainsWebAuthenticationResult(OpenIddictClientTransaction transaction)
+                => transaction.GetWebAuthenticationResult() is not null;
 #endif
+            return new(false);
         }
     }
 }
diff --git a/src/OpenIddict.Client.SystemIntegration/OpenIddictClientSystemIntegrationHandlers.Authentication.cs b/src/OpenIddict.Client.SystemIntegration/OpenIddictClientSystemIntegrationHandlers.Authentication.cs
index 7e692087..f5cf6520 100644
--- a/src/OpenIddict.Client.SystemIntegration/OpenIddictClientSystemIntegrationHandlers.Authentication.cs
+++ b/src/OpenIddict.Client.SystemIntegration/OpenIddictClientSystemIntegrationHandlers.Authentication.cs
@@ -41,7 +41,8 @@ public static partial class OpenIddictClientSystemIntegrationHandlers
             AttachHttpResponseCode<ApplyRedirectionResponseContext>.Descriptor,
             AttachCacheControlHeader<ApplyRedirectionResponseContext>.Descriptor,
             ProcessEmptyHttpResponse.Descriptor,
-            ProcessUnactionableResponse<ApplyRedirectionResponseContext>.Descriptor);
+            ProcessProtocolActivationResponse<ApplyRedirectionResponseContext>.Descriptor,
+            ProcessWebAuthenticationResultResponse<ApplyRedirectionResponseContext>.Descriptor);
 
         /// <summary>
         /// Contains the logic responsible for initiating authorization requests using the web authentication broker.
diff --git a/src/OpenIddict.Client.SystemIntegration/OpenIddictClientSystemIntegrationHandlers.cs b/src/OpenIddict.Client.SystemIntegration/OpenIddictClientSystemIntegrationHandlers.cs
index ccf4d1a3..56d0d0bd 100644
--- a/src/OpenIddict.Client.SystemIntegration/OpenIddictClientSystemIntegrationHandlers.cs
+++ b/src/OpenIddict.Client.SystemIntegration/OpenIddictClientSystemIntegrationHandlers.cs
@@ -1753,10 +1753,10 @@ public static partial class OpenIddictClientSystemIntegrationHandlers
     }
 
     /// <summary>
-    /// Contains the logic responsible for marking OpenID Connect responses
-    /// returned via protocol activations or web authentication results as processed.
+    /// Contains the logic responsible for marking OpenID Connect
+    /// responses returned via protocol activations as processed.
     /// </summary>
-    public sealed class ProcessUnactionableResponse<TContext> : IOpenIddictClientHandler<TContext>
+    public sealed class ProcessProtocolActivationResponse<TContext> : IOpenIddictClientHandler<TContext>
         where TContext : BaseRequestContext
     {
         /// <summary>
@@ -1764,8 +1764,9 @@ public static partial class OpenIddictClientSystemIntegrationHandlers
         /// </summary>
         public static OpenIddictClientHandlerDescriptor Descriptor { get; }
             = OpenIddictClientHandlerDescriptor.CreateBuilder<TContext>()
-                .UseSingletonHandler<ProcessUnactionableResponse<TContext>>()
-                .SetOrder(int.MaxValue)
+                .AddFilter<RequireProtocolActivation>()
+                .UseSingletonHandler<ProcessProtocolActivationResponse<TContext>>()
+                .SetOrder(ProcessWebAuthenticationResultResponse<TContext>.Descriptor.Order - 1_000)
                 .SetType(OpenIddictClientHandlerType.BuiltIn)
                 .Build();
 
@@ -1783,19 +1784,44 @@ public static partial class OpenIddictClientSystemIntegrationHandlers
             //
             // Note: this logic applies to both successful and errored responses.
 
-            if (context.Transaction.GetProtocolActivation() is not null)
-            {
-                context.HandleRequest();
-                return default;
-            }
+            context.HandleRequest();
+            return default;
+        }
+    }
 
-#if SUPPORTS_WINDOWS_RUNTIME
-            if (context.Transaction.GetWebAuthenticationResult() is not null)
+    /// <summary>
+    /// Contains the logic responsible for marking OpenID Connect
+    /// responses returned via web authentication results as processed.
+    /// </summary>
+    public sealed class ProcessWebAuthenticationResultResponse<TContext> : IOpenIddictClientHandler<TContext>
+        where TContext : BaseRequestContext
+    {
+        /// <summary>
+        /// Gets the default descriptor definition assigned to this handler.
+        /// </summary>
+        public static OpenIddictClientHandlerDescriptor Descriptor { get; }
+            = OpenIddictClientHandlerDescriptor.CreateBuilder<TContext>()
+                .AddFilter<RequireWebAuthenticationResult>()
+                .UseSingletonHandler<ProcessWebAuthenticationResultResponse<TContext>>()
+                .SetOrder(int.MaxValue)
+                .SetType(OpenIddictClientHandlerType.BuiltIn)
+                .Build();
+
+        /// <inheritdoc/>
+        public ValueTask HandleAsync(TContext context)
+        {
+            if (context is null)
             {
-                context.HandleRequest();
-                return default;
+                throw new ArgumentNullException(nameof(context));
             }
-#endif
+
+            // For both protocol activations (initial or redirected) and web-view-like results,
+            // no proper response can be generated and eventually displayed to the user. In this
+            // case, simply stop processing the response and mark the request as fully handled.
+            //
+            // Note: this logic applies to both successful and errored responses.
+
+            context.HandleRequest();
             return default;
         }
     }