From 013c480fec568890cb49b15a8dfa2f0492e510f1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?K=C3=A9vin=20Chalet?= Date: Wed, 4 Oct 2017 20:26:10 +0200 Subject: [PATCH] Update the exception thrown by OpenIddictModelBinder and include the token identifier in the log messages when possible --- src/OpenIddict.Mvc/OpenIddictModelBinder.cs | 4 ++-- src/OpenIddict/OpenIddictProvider.Exchange.cs | 18 ++++++++++++------ .../OpenIddictProvider.Introspection.cs | 3 +-- .../OpenIddictProvider.Revocation.cs | 3 ++- .../OpenIddictModelBinderTests.cs | 4 ++-- 5 files changed, 19 insertions(+), 13 deletions(-) diff --git a/src/OpenIddict.Mvc/OpenIddictModelBinder.cs b/src/OpenIddict.Mvc/OpenIddictModelBinder.cs index a05f33e6..4ca753d2 100644 --- a/src/OpenIddict.Mvc/OpenIddictModelBinder.cs +++ b/src/OpenIddict.Mvc/OpenIddictModelBinder.cs @@ -33,8 +33,8 @@ namespace OpenIddict.Mvc if (request == null) { throw new InvalidOperationException("The OpenID Connect request cannot be retrieved from the ASP.NET context. " + - "Make sure that 'app.UseOpenIddict()' is called before 'app.UseMvc()' and " + - "that the action route corresponds to the endpoint path registered via " + + "Make sure that 'app.UseAuthentication()' is called before 'app.UseMvc()' " + + "and that the action route corresponds to the endpoint path registered via " + "'services.AddOpenIddict().Enable[...]Endpoint(...)'."); } diff --git a/src/OpenIddict/OpenIddictProvider.Exchange.cs b/src/OpenIddict/OpenIddictProvider.Exchange.cs index 16a89997..0b113dd4 100644 --- a/src/OpenIddict/OpenIddictProvider.Exchange.cs +++ b/src/OpenIddict/OpenIddictProvider.Exchange.cs @@ -226,7 +226,8 @@ namespace OpenIddict var token = await Tokens.FindByIdAsync(identifier, context.HttpContext.RequestAborted); if (token == null) { - Logger.LogError("The token request was rejected because the authorization code was no longer valid."); + Logger.LogError("The token request was rejected because the authorization " + + "code '{Identifier}' was not found in the database.", identifier); context.Reject( error: OpenIdConnectConstants.Errors.InvalidGrant, @@ -261,7 +262,8 @@ namespace OpenIddict } } - Logger.LogError("The token request was rejected because the authorization code was already redeemed."); + Logger.LogError("The token request was rejected because the authorization code " + + "'{Identifier}' has already been redeemed.", identifier); context.Reject( error: OpenIdConnectConstants.Errors.InvalidGrant, @@ -272,7 +274,8 @@ namespace OpenIddict else if (!await Tokens.IsValidAsync(token, context.HttpContext.RequestAborted)) { - Logger.LogError("The token request was rejected because the authorization code was no longer valid."); + Logger.LogError("The token request was rejected because the authorization code " + + "'{Identifier}' was no longer valid.", identifier); context.Reject( error: OpenIdConnectConstants.Errors.InvalidGrant, @@ -291,7 +294,8 @@ namespace OpenIddict var token = await Tokens.FindByIdAsync(identifier, context.HttpContext.RequestAborted); if (token == null) { - Logger.LogError("The token request was rejected because the refresh token was already redeemed."); + Logger.LogError("The token request was rejected because the refresh token " + + "'{Identifier}' was not found in the database.", identifier); context.Reject( error: OpenIdConnectConstants.Errors.InvalidGrant, @@ -302,7 +306,8 @@ namespace OpenIddict else if (await Tokens.IsRedeemedAsync(token, context.HttpContext.RequestAborted)) { - Logger.LogError("The token request was rejected because the refresh token was no longer valid."); + Logger.LogError("The token request was rejected because the refresh token " + + "'{Identifier}' has already been redeemed.", identifier); context.Reject( error: OpenIdConnectConstants.Errors.InvalidGrant, @@ -313,7 +318,8 @@ namespace OpenIddict else if (!await Tokens.IsValidAsync(token, context.HttpContext.RequestAborted)) { - Logger.LogError("The token request was rejected because the refresh token was no longer valid."); + Logger.LogError("The token request was rejected because the refresh token " + + "'{Identifier}' was no longer valid.", identifier); context.Reject( error: OpenIdConnectConstants.Errors.InvalidGrant, diff --git a/src/OpenIddict/OpenIddictProvider.Introspection.cs b/src/OpenIddict/OpenIddictProvider.Introspection.cs index 6e44d269..8bc6d3b8 100644 --- a/src/OpenIddict/OpenIddictProvider.Introspection.cs +++ b/src/OpenIddict/OpenIddictProvider.Introspection.cs @@ -129,8 +129,7 @@ namespace OpenIddict var token = await Tokens.FindByIdAsync(identifier, context.HttpContext.RequestAborted); if (token == null || !await Tokens.IsValidAsync(token, context.HttpContext.RequestAborted)) { - Logger.LogInformation("The token {Identifier} was declared as inactive because " + - "it was revoked.", identifier); + Logger.LogInformation("The token '{Identifier}' was declared as inactive because it was revoked.", identifier); context.Active = false; diff --git a/src/OpenIddict/OpenIddictProvider.Revocation.cs b/src/OpenIddict/OpenIddictProvider.Revocation.cs index e86801cd..bfd00957 100644 --- a/src/OpenIddict/OpenIddictProvider.Revocation.cs +++ b/src/OpenIddict/OpenIddictProvider.Revocation.cs @@ -185,7 +185,8 @@ namespace OpenIddict var token = await Tokens.FindByIdAsync(identifier, context.HttpContext.RequestAborted); if (token == null || await Tokens.IsRevokedAsync(token, context.HttpContext.RequestAborted)) { - Logger.LogInformation("The token '{Identifier}' was already revoked.", identifier); + Logger.LogInformation("The token '{Identifier}' was not revoked because " + + "it was already marked as invalid.", identifier); context.Revoked = true; diff --git a/test/OpenIddict.Mvc.Tests/OpenIddictModelBinderTests.cs b/test/OpenIddict.Mvc.Tests/OpenIddictModelBinderTests.cs index 42f4182d..7b0cbc64 100644 --- a/test/OpenIddict.Mvc.Tests/OpenIddictModelBinderTests.cs +++ b/test/OpenIddict.Mvc.Tests/OpenIddictModelBinderTests.cs @@ -70,8 +70,8 @@ namespace OpenIddict.Mvc.Tests }); Assert.Equal("The OpenID Connect request cannot be retrieved from the ASP.NET context. " + - "Make sure that 'app.UseOpenIddict()' is called before 'app.UseMvc()' and " + - "that the action route corresponds to the endpoint path registered via " + + "Make sure that 'app.UseAuthentication()' is called before 'app.UseMvc()' " + + "and that the action route corresponds to the endpoint path registered via " + "'services.AddOpenIddict().Enable[...]Endpoint(...)'.", exception.Message); }