Backport the token deserialization changes to OpenIddict 1.x

8 years ago · dff9c69205
2 changed files with 39 additions and 40 deletions
--- a/src/OpenIddict/OpenIddictProvider.Serialization.cs
+++ b/src/OpenIddict/OpenIddictProvider.Serialization.cs
@ -32,20 +32,21 @@ namespace OpenIddict
                return;
            }

-            var ticket = await ReceiveTokenAsync(
+            context.Ticket = await ReceiveTokenAsync(
                context.AccessToken, options, context.HttpContext,
                context.Request, context.DataFormat);

-            // If a valid ticket was returned by ReceiveTokenAsync(),
-            // force the OpenID Connect server middleware to use it.
-            if (ticket != null)
+            // Prevent the OpenID Connect server middleware from using
+            // its default logic to deserialize the reference token.
+            if (context.Ticket != null)
            {
-                context.Ticket = ticket;
                context.HandleResponse();
            }

-            // Otherwise, let the OpenID Connect server middleware
-            // deserialize the token using its default internal logic.
+            else
+            {
+                context.SkipToNextMiddleware();
+            }
        }

        public override async Task DeserializeAuthorizationCode([NotNull] DeserializeAuthorizationCodeContext context)
@ -56,20 +57,21 @@ namespace OpenIddict
                return;
            }

-            var ticket = await ReceiveTokenAsync(
+            context.Ticket = await ReceiveTokenAsync(
                context.AuthorizationCode, options, context.HttpContext,
                context.Request, context.DataFormat);

-            // If a valid ticket was returned by ReceiveTokenAsync(),
-            // force the OpenID Connect server middleware to use it.
-            if (ticket != null)
+            // Prevent the OpenID Connect server middleware from using
+            // its default logic to deserialize the reference token.
+            if (context.Ticket != null)
            {
-                context.Ticket = ticket;
                context.HandleResponse();
            }

-            // Otherwise, let the OpenID Connect server middleware
-            // deserialize the token using its default internal logic.
+            else
+            {
+                context.SkipToNextMiddleware();
+            }
        }

        public override async Task DeserializeRefreshToken([NotNull] DeserializeRefreshTokenContext context)
@ -80,20 +82,21 @@ namespace OpenIddict
                return;
            }

-            var ticket = await ReceiveTokenAsync(
+            context.Ticket = await ReceiveTokenAsync(
                context.RefreshToken, options, context.HttpContext,
                context.Request, context.DataFormat);

-            // If a valid ticket was returned by ReceiveTokenAsync(),
-            // force the OpenID Connect server middleware to use it.
-            if (ticket != null)
+            // Prevent the OpenID Connect server middleware from using
+            // its default logic to deserialize the reference token.
+            if (context.Ticket != null)
            {
-                context.Ticket = ticket;
                context.HandleResponse();
            }

-            // Otherwise, let the OpenID Connect server middleware
-            // deserialize the token using its default internal logic.
+            else
+            {
+                context.SkipToNextMiddleware();
+            }
        }

        public override async Task SerializeAccessToken([NotNull] SerializeAccessTokenContext context)
--- a/test/OpenIddict.Tests/OpenIddictProviderTests.Introspection.cs
+++ b/test/OpenIddict.Tests/OpenIddictProviderTests.Introspection.cs
@ -348,22 +348,9 @@ namespace OpenIddict.Tests
            var identity = new ClaimsIdentity(OpenIdConnectServerDefaults.AuthenticationScheme);
            identity.AddClaim(OpenIdConnectConstants.Claims.Subject, "Bob le Bricoleur");

-            var ticket = new AuthenticationTicket(
-                new ClaimsPrincipal(identity),
-                new AuthenticationProperties(),
-                OpenIdConnectServerDefaults.AuthenticationScheme);
-
-            ticket.SetTokenId("3E228451-1555-46F7-A471-951EFBA23A56");
-            ticket.SetTokenUsage(OpenIdConnectConstants.TokenUsages.AccessToken);
-
-            var format = new Mock<ISecureDataFormat<AuthenticationTicket>>();
-
-            format.Setup(mock => mock.Unprotect("2YotnFZFEjr1zCsicMWpAA"))
-                .Returns(ticket);
-
            var manager = CreateTokenManager(instance =>
            {
-                instance.Setup(mock => mock.FindByIdAsync("3E228451-1555-46F7-A471-951EFBA23A56", It.IsAny<CancellationToken>()))
+                instance.Setup(mock => mock.FindByHashAsync("coYFMTIt6jDp2O41qaUfV+XGhPsils3Z3YfmUvudrVw=", It.IsAny<CancellationToken>()))
                    .ReturnsAsync(value: null);
            });

@ -385,8 +372,6 @@ namespace OpenIddict.Tests

                builder.Services.AddSingleton(manager);

-                builder.Configure(options => options.AccessTokenFormat = format.Object);
-
                builder.UseReferenceTokens();
            });

@ -397,14 +382,15 @@ namespace OpenIddict.Tests
            {
                ClientId = "Fabrikam",
                ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw",
-                Token = "2YotnFZFEjr1zCsicMWpAA"
+                Token = "QaTk2f6UPe9trKismGBJr0OIs0KqpvNrqRsJqGuJAAI"
            });

            // Assert
            Assert.Single(response.GetParameters());
            Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]);

-            Mock.Get(manager).Verify(mock => mock.FindByIdAsync("3E228451-1555-46F7-A471-951EFBA23A56", It.IsAny<CancellationToken>()), Times.Once());
+
+            Mock.Get(manager).Verify(mock => mock.FindByHashAsync("coYFMTIt6jDp2O41qaUfV+XGhPsils3Z3YfmUvudrVw=", It.IsAny<CancellationToken>()), Times.Exactly(3));
        }

        [Fact]
@ -431,6 +417,15 @@ namespace OpenIddict.Tests

            var manager = CreateTokenManager(instance =>
            {
+                instance.Setup(mock => mock.FindByHashAsync("coYFMTIt6jDp2O41qaUfV+XGhPsils3Z3YfmUvudrVw=", It.IsAny<CancellationToken>()))
+                    .ReturnsAsync(token);
+
+                instance.Setup(mock => mock.GetIdAsync(token, It.IsAny<CancellationToken>()))
+                    .ReturnsAsync("3E228451-1555-46F7-A471-951EFBA23A56");
+
+                instance.Setup(mock => mock.GetCiphertextAsync(token, It.IsAny<CancellationToken>()))
+                    .ReturnsAsync("2YotnFZFEjr1zCsicMWpAA");
+
                instance.Setup(mock => mock.FindByIdAsync("3E228451-1555-46F7-A471-951EFBA23A56", It.IsAny<CancellationToken>()))
                    .ReturnsAsync(token);

@ -468,13 +463,14 @@ namespace OpenIddict.Tests
            {
                ClientId = "Fabrikam",
                ClientSecret = "7Fjfp0ZBr1KtDRbnfVdmIw",
-                Token = "2YotnFZFEjr1zCsicMWpAA"
+                Token = "QaTk2f6UPe9trKismGBJr0OIs0KqpvNrqRsJqGuJAAI"
            });

            // Assert
            Assert.Single(response.GetParameters());
            Assert.False((bool) response[OpenIdConnectConstants.Claims.Active]);

+            Mock.Get(manager).Verify(mock => mock.FindByHashAsync("coYFMTIt6jDp2O41qaUfV+XGhPsils3Z3YfmUvudrVw=", It.IsAny<CancellationToken>()), Times.Once());
            Mock.Get(manager).Verify(mock => mock.FindByIdAsync("3E228451-1555-46F7-A471-951EFBA23A56", It.IsAny<CancellationToken>()), Times.Once());
            Mock.Get(manager).Verify(mock => mock.IsValidAsync(token, It.IsAny<CancellationToken>()), Times.Once());
        }