notazof
/
yavsc
1
0
Fork 0
Code Issues Pull Requests Packages Projects 1 Releases Wiki Activity

interactif console oauth2 login

vnext
Paul Schneider 6 years ago
parent c6a0b6bc75
commit 1f6aaac1fe
4 changed files with 62 additions and 29 deletions
Show Stats Download Patch File Download Diff File

24
Yavsc/Startup/Startup.OAuthHelpers.cs
Unescape Escape View File

@ -17,11 +17,11 @@ namespace Yavsc
{ {
private Client GetApplication(string clientId) private Client GetApplication(string clientId)
{ {
Client app = null; if (_dbContext==null)
using (var dbContext = new ApplicationDbContext()) logger.LogError("no db!");
{ Client app = _dbContext.Applications.FirstOrDefault(x => x.Id == clientId);
app = dbContext.Applications.FirstOrDefault(x => x.Id == clientId); if (app==null)
} logger.LogError("no app!");
return app; return app;
} }
private readonly ConcurrentDictionary<string, string> _authenticationCodes = new ConcurrentDictionary<string, string>(StringComparer.Ordinal); private readonly ConcurrentDictionary<string, string> _authenticationCodes = new ConcurrentDictionary<string, string>(StringComparer.Ordinal);
@ -43,12 +43,18 @@ namespace Yavsc
if (context.TryGetBasicCredentials(out clientId, out clientSecret) || if (context.TryGetBasicCredentials(out clientId, out clientSecret) ||
context.TryGetFormCredentials(out clientId, out clientSecret)) context.TryGetFormCredentials(out clientId, out clientSecret))
{ {
logger.LogInformation($"ValidateClientAuthentication: Got id&secret: ({clientId} {clientSecret})"); logger.LogInformation($"ValidateClientAuthentication: Got id: ({clientId} secret: {clientSecret})");
var client = GetApplication(clientId); var client = GetApplication(clientId);
if (client==null) {
context.SetError("invalid_clientId", "Client secret is invalid.");
return Task.FromResult<object>(null);
} else
if (client.Type == ApplicationTypes.NativeConfidential) if (client.Type == ApplicationTypes.NativeConfidential)
{ {
logger.LogInformation($"NativeConfidential key");
if (string.IsNullOrWhiteSpace(clientSecret)) if (string.IsNullOrWhiteSpace(clientSecret))
{ {
logger.LogInformation($"invalid_clientId: Client secret should be sent.");
context.SetError("invalid_clientId", "Client secret should be sent."); context.SetError("invalid_clientId", "Client secret should be sent.");
return Task.FromResult<object>(null); return Task.FromResult<object>(null);
} }
@ -59,6 +65,7 @@ namespace Yavsc
if (client.Secret != clientSecret) if (client.Secret != clientSecret)
{ {
context.SetError("invalid_clientId", "Client secret is invalid."); context.SetError("invalid_clientId", "Client secret is invalid.");
logger.LogInformation($"invalid_clientId: Client secret is invalid.");
return Task.FromResult<object>(null); return Task.FromResult<object>(null);
} }
} }
@ -67,6 +74,7 @@ namespace Yavsc
if (!client.Active) if (!client.Active)
{ {
context.SetError("invalid_clientId", "Client is inactive."); context.SetError("invalid_clientId", "Client is inactive.");
logger.LogInformation($"invalid_clientId: Client is inactive.");
return Task.FromResult<object>(null); return Task.FromResult<object>(null);
} }
@ -75,9 +83,9 @@ namespace Yavsc
logger.LogInformation($"\\o/ ValidateClientAuthentication: Validated ({clientId})"); logger.LogInformation($"\\o/ ValidateClientAuthentication: Validated ({clientId})");
context.Validated(); context.Validated();
} }
else Startup.logger.LogInformation($":'( ValidateClientAuthentication: KO ({clientId})"); else logger.LogInformation($":'( ValidateClientAuthentication: KO ({clientId})");
} }
else Startup.logger.LogWarning($"ValidateClientAuthentication: neither Basic nor Form credential were found"); else logger.LogWarning($"ValidateClientAuthentication: neither Basic nor Form credential were found");
return Task.FromResult(0); return Task.FromResult(0);
} }
UserManager<ApplicationUser> _usermanager; UserManager<ApplicationUser> _usermanager;

7
Yavsc/Startup/Startup.cs
Unescape Escape View File

@ -254,10 +254,12 @@ namespace Yavsc
}); });
CheckServices(services); CheckServices(services);
} }
static ApplicationDbContext _dbContext;
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline. // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env, public void Configure(
IOptions<SiteSettings> siteSettings, IApplicationBuilder app, IHostingEnvironment env,
ApplicationDbContext dbContext, IOptions<SiteSettings> siteSettings,
IOptions<RequestLocalizationOptions> localizationOptions, IOptions<RequestLocalizationOptions> localizationOptions,
IOptions<OAuth2AppSettings> oauth2SettingsContainer, IOptions<OAuth2AppSettings> oauth2SettingsContainer,
IAuthorizationService authorizationService, IAuthorizationService authorizationService,
@ -267,6 +269,7 @@ namespace Yavsc
UserManager<ApplicationUser> usermanager, UserManager<ApplicationUser> usermanager,
ILoggerFactory loggerFactory) ILoggerFactory loggerFactory)
{ {
_dbContext = dbContext;
_usermanager = usermanager; _usermanager = usermanager;
GoogleSettings = googleSettings.Value; GoogleSettings = googleSettings.Value;
ResourcesHelpers.GlobalLocalizer = localizer; ResourcesHelpers.GlobalLocalizer = localizer;

3
test/Mandatory/ServerSideFixture.cs
Unescape Escape View File

@ -18,7 +18,8 @@ namespace test
public EMailer _mailer; public EMailer _mailer;
public ILoggerFactory _loggerFactory; public ILoggerFactory _loggerFactory;
public IEmailSender _mailSender; public IEmailSender _mailSender;
public static string ApiKey => "53f4d5da-93a9-4584-82f9-b8fdf243b002" ;
//
public ServerSideFixture() public ServerSideFixture()
{ {
InitTestHost(); InitTestHost();

57
test/WIP/YavscWorkInProgress.cs
Unescape Escape View File

@ -6,6 +6,8 @@ using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.Linq; using System.Linq;
using System.Net; using System.Net;
using System.Security;
using System.Text;
using System.Threading.Tasks; using System.Threading.Tasks;
using Xunit; using Xunit;
using Xunit.Abstractions; using Xunit.Abstractions;
@ -67,31 +69,50 @@ namespace test
throw; throw;
} }
} }
public struct LoginIntentData public static string GetPassword()
{ {
public string clientId; var pwd = new StringBuilder();
public string clientSecret; while (true)
public string scope; {
public string authorizeUrl; var len = pwd.ToString().Length;
public string redirectUrl; ConsoleKeyInfo i = Console.ReadKey(true);
public string accessTokenUrl; if (i.Key == ConsoleKey.Enter)
public string login; {
public string pass; break;
}
else if (i.Key == ConsoleKey.Backspace)
{
if (pwd.Length > 0)
{
pwd.Remove(len - 1, 1);
Console.Write("\b \b");
}
}
else
{
pwd.Append(i.KeyChar);
Console.Write("*");
}
}
return pwd.ToString();
} }
public static IEnumerable<object[]> GetLoginIntentData(int numTests) public static IEnumerable<object[]> GetLoginIntentData(int numTests)
{ {
var allData = new List<object[]> var allData = new List<object[]>();
Console.WriteLine($"Please, enter {numTests}:");
for (int iTest=0; iTest<numTests; iTest++)
{ {
new object[] {"d9be5e97-c19d-42e4-b444-0e65863b19e1", "blouh", "profile", Console.Write("Please, enter a login:");
"http://localhost:5000/authorize", "http://localhost:5000/oauth/success", var login = Console.ReadLine();
"http://localhost:5000/token","joe", "badpass" Console.Write("Please, enter a pass:");
}, var pass = GetPassword();
new object[] { -4, -6, -10 },
new object[] { -2, 2, 0 },
new object[] { int.MinValue, -1, int.MaxValue },
};
allData.Add(new object[] { ServerSideFixture.ApiKey, "blouh", "profile",
"http://localhost:5000/authorize", "http://localhost:5000/oauth/success",
"http://localhost:5000/token",login, pass });
}
return allData.Take(numTests); return allData.Take(numTests);
} }

Write Preview
Loading…