paul/yavsc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

interactif console oauth2 login

Browse Source
This commit is contained in:
Paul Schneider
2018-08-03 02:59:37 +02:00
parent c6a0b6bc75
commit 1f6aaac1fe
4 changed files with 63 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
Yavsc/Startup/Startup.OAuthHelpers.cs
View File

@ -17,11 +17,11 @@ namespace Yavsc
{
private Client GetApplication(string clientId)
{
Client app = null;
using (var dbContext = new ApplicationDbContext())
{
app = dbContext.Applications.FirstOrDefault(x => x.Id == clientId);
}
if (_dbContext==null)
logger.LogError("no db!");
Client app = _dbContext.Applications.FirstOrDefault(x => x.Id == clientId);
if (app==null)
logger.LogError("no app!");
return app;
}
private readonly ConcurrentDictionary<string, string> _authenticationCodes = new ConcurrentDictionary<string, string>(StringComparer.Ordinal);
@ -43,12 +43,18 @@ namespace Yavsc
if (context.TryGetBasicCredentials(out clientId, out clientSecret) ||
context.TryGetFormCredentials(out clientId, out clientSecret))
{
logger.LogInformation($"ValidateClientAuthentication: Got id&secret: ({clientId} {clientSecret})");
logger.LogInformation($"ValidateClientAuthentication: Got id: ({clientId} secret: {clientSecret})");
var client = GetApplication(clientId);
if (client==null) {
context.SetError("invalid_clientId", "Client secret is invalid.");
return Task.FromResult<object>(null);
} else
if (client.Type == ApplicationTypes.NativeConfidential)
{
logger.LogInformation($"NativeConfidential key");
if (string.IsNullOrWhiteSpace(clientSecret))
{
logger.LogInformation($"invalid_clientId: Client secret should be sent.");
context.SetError("invalid_clientId", "Client secret should be sent.");
return Task.FromResult<object>(null);
}
@ -59,6 +65,7 @@ namespace Yavsc
if (client.Secret != clientSecret)
{
context.SetError("invalid_clientId", "Client secret is invalid.");
logger.LogInformation($"invalid_clientId: Client secret is invalid.");
return Task.FromResult<object>(null);
}
}
@ -67,6 +74,7 @@ namespace Yavsc
if (!client.Active)
{
context.SetError("invalid_clientId", "Client is inactive.");
logger.LogInformation($"invalid_clientId: Client is inactive.");
return Task.FromResult<object>(null);
}
@ -75,9 +83,9 @@ namespace Yavsc
logger.LogInformation($"\\o/ ValidateClientAuthentication: Validated ({clientId})");
context.Validated();
}
else Startup.logger.LogInformation($":'( ValidateClientAuthentication: KO ({clientId})");
else logger.LogInformation($":'( ValidateClientAuthentication: KO ({clientId})");
}
else Startup.logger.LogWarning($"ValidateClientAuthentication: neither Basic nor Form credential were found");
else logger.LogWarning($"ValidateClientAuthentication: neither Basic nor Form credential were found");
return Task.FromResult(0);
}
UserManager<ApplicationUser> _usermanager;

7
Yavsc/Startup/Startup.cs
View File

@ -254,10 +254,12 @@ namespace Yavsc
});
CheckServices(services);
}
static ApplicationDbContext _dbContext;
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IHostingEnvironment env,
IOptions<SiteSettings> siteSettings,
public void Configure(
IApplicationBuilder app, IHostingEnvironment env,
ApplicationDbContext dbContext, IOptions<SiteSettings> siteSettings,
IOptions<RequestLocalizationOptions> localizationOptions,
IOptions<OAuth2AppSettings> oauth2SettingsContainer,
IAuthorizationService authorizationService,
@ -267,6 +269,7 @@ namespace Yavsc
UserManager<ApplicationUser> usermanager,
ILoggerFactory loggerFactory)
{
_dbContext = dbContext;
_usermanager = usermanager;
GoogleSettings = googleSettings.Value;
ResourcesHelpers.GlobalLocalizer = localizer;

3
test/Mandatory/ServerSideFixture.cs
View File

@ -18,7 +18,8 @@ namespace test
public EMailer _mailer;
public ILoggerFactory _loggerFactory;
public IEmailSender _mailSender;
public static string ApiKey => "53f4d5da-93a9-4584-82f9-b8fdf243b002" ;
//
public ServerSideFixture()
{
InitTestHost();

59
test/WIP/YavscWorkInProgress.cs
View File

@ -6,6 +6,8 @@ using System;
using System.Collections.Generic;
using System.Linq;
using System.Net;
using System.Security;
using System.Text;
using System.Threading.Tasks;
using Xunit;
using Xunit.Abstractions;
@ -67,31 +69,50 @@ namespace test
throw;
}
}
public struct LoginIntentData
public static string GetPassword()
{
public string clientId;
public string clientSecret;
public string scope;
public string authorizeUrl;
public string redirectUrl;
public string accessTokenUrl;
public string login;
public string pass;
var pwd = new StringBuilder();
while (true)
{
var len = pwd.ToString().Length;
ConsoleKeyInfo i = Console.ReadKey(true);
if (i.Key == ConsoleKey.Enter)
{
break;
}
else if (i.Key == ConsoleKey.Backspace)
{
if (pwd.Length > 0)
{
pwd.Remove(len - 1, 1);
Console.Write("\b \b");
}
}
else
{
pwd.Append(i.KeyChar);
Console.Write("*");
}
}
return pwd.ToString();
}
public static IEnumerable<object[]> GetLoginIntentData(int numTests)
{
var allData = new List<object[]>
{
new object[] {"d9be5e97-c19d-42e4-b444-0e65863b19e1", "blouh", "profile",
"http://localhost:5000/authorize", "http://localhost:5000/oauth/success",
"http://localhost:5000/token","joe", "badpass"
},
new object[] { -4, -6, -10 },
new object[] { -2, 2, 0 },
new object[] { int.MinValue, -1, int.MaxValue },
};
var allData = new List<object[]>();
Console.WriteLine($"Please, enter {numTests}:");
for (int iTest=0; iTest<numTests; iTest++)
{
Console.Write("Please, enter a login:");
var login = Console.ReadLine();
Console.Write("Please, enter a pass:");
var pass = GetPassword();
allData.Add(new object[] { ServerSideFixture.ApiKey, "blouh", "profile",
"http://localhost:5000/authorize", "http://localhost:5000/oauth/success",
"http://localhost:5000/token",login, pass });
}
return allData.Take(numTests);
}