tsai
/
openiddict-core
mirror of https://github.com/openiddict/openiddict-core.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Handle network errors and HTTP response deserialization exceptions more gracefully

pull/1428/head
Kévin Chalet 4 years ago
parent
96bd92a1b8
commit
f14005f85d
4 changed files with 170 additions and 16 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 12
      src/OpenIddict.Abstractions/OpenIddictResources.resx
  2. 42
      src/OpenIddict.Client.SystemNetHttp/OpenIddictClientSystemNetHttpHandlers.Userinfo.cs
  3. 66
      src/OpenIddict.Client.SystemNetHttp/OpenIddictClientSystemNetHttpHandlers.cs
  4. 66
      src/OpenIddict.Validation.SystemNetHttp/OpenIddictValidationSystemNetHttpHandlers.cs

12
src/OpenIddict.Abstractions/OpenIddictResources.resx
View File

@ -1626,6 +1626,12 @@ To register the server services, use 'services.AddOpenIddict().AddClient()'.</va
<data name="ID2135" xml:space="preserve"> <data name="ID2135" xml:space="preserve">
<value>The '{0}' parameter must not include a '{1}' component.</value> <value>The '{0}' parameter must not include a '{1}' component.</value>
</data> </data>
<data name="ID2136" xml:space="preserve">
<value>An error occurred while communicating with the remote HTTP server.</value>
</data>
<data name="ID2137" xml:space="preserve">
<value>An invalid JSON response was returned by the remote HTTP server.</value>
</data>
<data name="ID4000" xml:space="preserve"> <data name="ID4000" xml:space="preserve">
<value>The '{0}' parameter shouldn't be null or empty at this point.</value> <value>The '{0}' parameter shouldn't be null or empty at this point.</value>
</data> </data>
@ -2174,6 +2180,12 @@ This may indicate that the hashed entry is corrupted or malformed.</value>
<data name="ID6181" xml:space="preserve"> <data name="ID6181" xml:space="preserve">
<value>The authorization request was rejected because the '{Parameter}' contained a forbidden parameter: {Name}.</value> <value>The authorization request was rejected because the '{Parameter}' contained a forbidden parameter: {Name}.</value>
</data> </data>
<data name="ID6182" xml:space="preserve">
<value>A network error occured while communicating with the remote HTTP server.</value>
</data>
<data name="ID6183" xml:space="preserve">
<value>An invalid JSON response was returned by the remote HTTP server: {Payload}.</value>
</data>
<data name="ID8000" xml:space="preserve"> <data name="ID8000" xml:space="preserve">
<value>https://documentation.openiddict.com/errors/{0}</value> <value>https://documentation.openiddict.com/errors/{0}</value>
</data> </data>

42
src/OpenIddict.Client.SystemNetHttp/OpenIddictClientSystemNetHttpHandlers.Userinfo.cs
View File

@ -7,6 +7,8 @@
using System.Collections.Immutable; using System.Collections.Immutable;
using System.Diagnostics; using System.Diagnostics;
using System.Net.Http.Headers; using System.Net.Http.Headers;
using System.Text.Json;
using Microsoft.Extensions.Logging;
using static OpenIddict.Client.SystemNetHttp.OpenIddictClientSystemNetHttpConstants; using static OpenIddict.Client.SystemNetHttp.OpenIddictClientSystemNetHttpConstants;
namespace OpenIddict.Client.SystemNetHttp; namespace OpenIddict.Client.SystemNetHttp;
@ -115,13 +117,45 @@ public static partial class OpenIddictClientSystemNetHttpHandlers
{ {
context.Response = new OpenIddictResponse(); context.Response = new OpenIddictResponse();
context.UserinfoToken = await response.Content.ReadAsStringAsync(); context.UserinfoToken = await response.Content.ReadAsStringAsync();
return;
}
try
{
try
{
// Note: ReadFromJsonAsync() automatically validates the content encoding and transparently
// transcodes the response stream if a non-UTF-8 response is returned by the remote server.
context.Response = await response.Content.ReadFromJsonAsync<OpenIddictResponse>();
}
// Initial versions of System.Net.Http.Json were known to eagerly validate the media type returned
// as part of the HTTP Content-Type header and throw a NotSupportedException. If such an exception
// is caught, try to extract the response using the less efficient string-based deserialization,
// that will also take care of handling non-UTF-8 encodings but won't validate the media type.
catch (NotSupportedException)
{
context.Response = JsonSerializer.Deserialize<OpenIddictResponse>(
await response.Content.ReadAsStringAsync());
}
} }
else // If an exception is thrown at this stage, this likely means the returned response was not a valid
// JSON response or was not correctly formatted as a JSON object. This typically happens when
// a server error occurs and a default error page is returned by the remote HTTP server.
// In this case, log the error details and return a generic error to stop processing the event.
catch (Exception exception)
{ {
// Note: ReadFromJsonAsync() automatically validates the content type and the content encoding context.Logger.LogError(exception, SR.GetResourceString(SR.ID6183),
// and transcode the response stream if a non-UTF-8 response is returned by the remote server. await response.Content.ReadAsStringAsync());
context.Response = await response.Content.ReadFromJsonAsync<OpenIddictResponse>();
context.Reject(
error: Errors.ServerError,
description: SR.GetResourceString(SR.ID2137),
uri: SR.FormatID8000(SR.ID2137));
return;
} }
} }
} }

66
src/OpenIddict.Client.SystemNetHttp/OpenIddictClientSystemNetHttpHandlers.cs
View File

@ -10,6 +10,8 @@ using System.Diagnostics;
using System.Diagnostics.CodeAnalysis; using System.Diagnostics.CodeAnalysis;
using System.Net.Http.Headers; using System.Net.Http.Headers;
using System.Text; using System.Text;
using System.Text.Json;
using Microsoft.Extensions.Logging;
namespace OpenIddict.Client.SystemNetHttp; namespace OpenIddict.Client.SystemNetHttp;
@ -254,11 +256,30 @@ public static partial class OpenIddictClientSystemNetHttpHandlers
// If supported, import the HTTP version from the client instance. // If supported, import the HTTP version from the client instance.
request.Version = client.DefaultRequestVersion; request.Version = client.DefaultRequestVersion;
#endif #endif
var response = await client.SendAsync(request, HttpCompletionOption.ResponseContentRead) ?? HttpResponseMessage response;
throw new InvalidOperationException(SR.GetResourceString(SR.ID0175));
try
{
response = await client.SendAsync(request, HttpCompletionOption.ResponseContentRead);
}
// If an exception is thrown at this stage, this likely means a persistent network error occurred.
// In this case, log the error details and return a generic error to stop processing the event.
catch (Exception exception)
{
context.Logger.LogError(exception, SR.GetResourceString(SR.ID6182));
context.Reject(
error: Errors.ServerError,
description: SR.GetResourceString(SR.ID2136),
uri: SR.FormatID8000(SR.ID2136));
return;
}
// Store the HttpResponseMessage in the transaction properties. // Store the HttpResponseMessage in the transaction properties.
context.Transaction.SetProperty(typeof(HttpResponseMessage).FullName!, response); context.Transaction.SetProperty(typeof(HttpResponseMessage).FullName!, response ??
throw new InvalidOperationException(SR.GetResourceString(SR.ID0175)));
} }
} }
@ -332,9 +353,42 @@ public static partial class OpenIddictClientSystemNetHttpHandlers
// The status code is deliberately not validated to ensure even errored responses // The status code is deliberately not validated to ensure even errored responses
// (typically in the 4xx range) can be deserialized and handled by the event handlers. // (typically in the 4xx range) can be deserialized and handled by the event handlers.
// Note: ReadFromJsonAsync() automatically validates the content type and the content encoding try
// and transcode the response stream if a non-UTF-8 response is returned by the remote server. {
context.Transaction.Response = await response.Content.ReadFromJsonAsync<OpenIddictResponse>(); try
{
// Note: ReadFromJsonAsync() automatically validates the content encoding and transparently
// transcodes the response stream if a non-UTF-8 response is returned by the remote server.
context.Transaction.Response = await response.Content.ReadFromJsonAsync<OpenIddictResponse>();
}
// Initial versions of System.Net.Http.Json were known to eagerly validate the media type returned
// as part of the HTTP Content-Type header and throw a NotSupportedException. If such an exception
// is caught, try to extract the response using the less efficient string-based deserialization,
// that will also take care of handling non-UTF-8 encodings but won't validate the media type.
catch (NotSupportedException)
{
context.Transaction.Response = JsonSerializer.Deserialize<OpenIddictResponse>(
await response.Content.ReadAsStringAsync());
}
}
// If an exception is thrown at this stage, this likely means the returned response was not a valid
// JSON response or was not correctly formatted as a JSON object. This typically happens when
// a server error occurs and a default error page is returned by the remote HTTP server.
// In this case, log the error details and return a generic error to stop processing the event.
catch (Exception exception)
{
context.Logger.LogError(exception, SR.GetResourceString(SR.ID6183),
await response.Content.ReadAsStringAsync());
context.Reject(
error: Errors.ServerError,
description: SR.GetResourceString(SR.ID2137),
uri: SR.FormatID8000(SR.ID2137));
return;
}
} }
} }

66
src/OpenIddict.Validation.SystemNetHttp/OpenIddictValidationSystemNetHttpHandlers.cs
View File

@ -10,6 +10,8 @@ using System.Diagnostics;
using System.Diagnostics.CodeAnalysis; using System.Diagnostics.CodeAnalysis;
using System.Net.Http.Headers; using System.Net.Http.Headers;
using System.Text; using System.Text;
using System.Text.Json;
using Microsoft.Extensions.Logging;
namespace OpenIddict.Validation.SystemNetHttp; namespace OpenIddict.Validation.SystemNetHttp;
@ -253,11 +255,30 @@ public static partial class OpenIddictValidationSystemNetHttpHandlers
// If supported, import the HTTP version from the client instance. // If supported, import the HTTP version from the client instance.
request.Version = client.DefaultRequestVersion; request.Version = client.DefaultRequestVersion;
#endif #endif
var response = await client.SendAsync(request, HttpCompletionOption.ResponseContentRead) ?? HttpResponseMessage response;
throw new InvalidOperationException(SR.GetResourceString(SR.ID0175));
try
{
response = await client.SendAsync(request, HttpCompletionOption.ResponseContentRead);
}
// If an exception is thrown at this stage, this likely means a persistent network error occurred.
// In this case, log the error details and return a generic error to stop processing the event.
catch (Exception exception)
{
context.Logger.LogError(exception, SR.GetResourceString(SR.ID6182));
context.Reject(
error: Errors.ServerError,
description: SR.GetResourceString(SR.ID2136),
uri: SR.FormatID8000(SR.ID2136));
return;
}
// Store the HttpResponseMessage in the transaction properties. // Store the HttpResponseMessage in the transaction properties.
context.Transaction.SetProperty(typeof(HttpResponseMessage).FullName!, response); context.Transaction.SetProperty(typeof(HttpResponseMessage).FullName!, response ??
throw new InvalidOperationException(SR.GetResourceString(SR.ID0175)));
} }
} }
@ -331,9 +352,42 @@ public static partial class OpenIddictValidationSystemNetHttpHandlers
// The status code is deliberately not validated to ensure even errored responses // The status code is deliberately not validated to ensure even errored responses
// (typically in the 4xx range) can be deserialized and handled by the event handlers. // (typically in the 4xx range) can be deserialized and handled by the event handlers.
// Note: ReadFromJsonAsync() automatically validates the content type and the content encoding try
// and transcode the response stream if a non-UTF-8 response is returned by the remote server. {
context.Transaction.Response = await response.Content.ReadFromJsonAsync<OpenIddictResponse>(); try
{
// Note: ReadFromJsonAsync() automatically validates the content encoding and transparently
// transcodes the response stream if a non-UTF-8 response is returned by the remote server.
context.Transaction.Response = await response.Content.ReadFromJsonAsync<OpenIddictResponse>();
}
// Initial versions of System.Net.Http.Json were known to eagerly validate the media type returned
// as part of the HTTP Content-Type header and throw a NotSupportedException. If such an exception
// is caught, try to extract the response using the less efficient string-based deserialization,
// that will also take care of handling non-UTF-8 encodings but won't validate the media type.
catch (NotSupportedException)
{
context.Transaction.Response = JsonSerializer.Deserialize<OpenIddictResponse>(
await response.Content.ReadAsStringAsync());
}
}
// If an exception is thrown at this stage, this likely means the returned response was not a valid
// JSON response or was not correctly formatted as a JSON object. This typically happens when
// a server error occurs and a default error page is returned by the remote HTTP server.
// In this case, log the error details and return a generic error to stop processing the event.
catch (Exception exception)
{
context.Logger.LogError(exception, SR.GetResourceString(SR.ID6183),
await response.Content.ReadAsStringAsync());
context.Reject(
error: Errors.ServerError,
description: SR.GetResourceString(SR.ID2137),
uri: SR.FormatID8000(SR.ID2137));
return;
}
} }
} }

Write Preview
Loading…
Cancel
Save