From 6cd46a5c10094ba9f4379fbccc3b9c05a01bf034 Mon Sep 17 00:00:00 2001 From: Derek Date: Tue, 19 Jul 2016 17:18:42 -0500 Subject: [PATCH] Remote auth expiration fix (#893) Remote auth expiration fix, and move ISystemClock to the base AuthenticationProperties --- .../CookieAuthenticationOptions.cs | 6 ------ .../JwtBearerOptions.cs | 6 ------ .../OAuthHandler.cs | 5 +---- .../OAuthOptions.cs | 6 ------ .../OpenIdConnectHandler.cs | 5 +---- .../OpenIdConnectOptions.cs | 6 ------ .../TwitterHandler.cs | 8 +++----- .../TwitterOptions.cs | 6 ------ .../AuthenticationOptions.cs | 8 ++++++++ .../RemoteAuthenticationHandler.cs | 2 +- 10 files changed, 14 insertions(+), 44 deletions(-) diff --git a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs index f9455f23a5..b425612508 100644 --- a/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs +++ b/src/Microsoft.AspNetCore.Authentication.Cookies/CookieAuthenticationOptions.cs @@ -138,12 +138,6 @@ namespace Microsoft.AspNetCore.Builder /// public ISecureDataFormat TicketDataFormat { get; set; } - /// - /// For testing purposes only. - /// - [EditorBrowsable(EditorBrowsableState.Never)] - public ISystemClock SystemClock { get; set; } - /// /// The component used to get cookies from the request or set them on the response. /// diff --git a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs index 1d73b843ee..2aedf30d52 100644 --- a/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs +++ b/src/Microsoft.AspNetCore.Authentication.JwtBearer/JwtBearerOptions.cs @@ -95,12 +95,6 @@ namespace Microsoft.AspNetCore.Builder /// public bool RefreshOnIssuerKeyNotFound { get; set; } = true; - /// - /// For testing purposes only. - /// - [EditorBrowsable(EditorBrowsableState.Never)] - public ISystemClock SystemClock { get; set; } = new SystemClock(); - /// /// Gets the ordered list of used to validate access tokens. /// diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs index ddd26d9f01..12b85ae7e6 100644 --- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs +++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthHandler.cs @@ -175,10 +175,7 @@ namespace Microsoft.AspNetCore.Authentication.OAuth throw new ArgumentNullException(nameof(context)); } - var properties = new AuthenticationProperties(context.Properties) - { - ExpiresUtc = Options.SystemClock.UtcNow.Add(Options.RemoteAuthenticationTimeout) - }; + var properties = new AuthenticationProperties(context.Properties); if (string.IsNullOrEmpty(properties.RedirectUri)) { diff --git a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs index 57ecba2f48..9591d9c44d 100644 --- a/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs +++ b/src/Microsoft.AspNetCore.Authentication.OAuth/OAuthOptions.cs @@ -64,11 +64,5 @@ namespace Microsoft.AspNetCore.Builder /// Gets or sets the type used to secure data handled by the middleware. /// public ISecureDataFormat StateDataFormat { get; set; } - - /// - /// For testing purposes only. - /// - [EditorBrowsable(EditorBrowsableState.Never)] - public ISystemClock SystemClock { get; set; } = new SystemClock(); } } diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs index 6488d10d72..df7caf3317 100644 --- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs +++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectHandler.cs @@ -259,10 +259,7 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect // order for local RedirectUri // 1. challenge.Properties.RedirectUri // 2. CurrentUri if RedirectUri is not set) - var properties = new AuthenticationProperties(context.Properties) - { - ExpiresUtc = Options.SystemClock.UtcNow.Add(Options.RemoteAuthenticationTimeout) - }; + var properties = new AuthenticationProperties(context.Properties); if (string.IsNullOrEmpty(properties.RedirectUri)) { diff --git a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs index b5f6c03daa..181444b055 100644 --- a/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs +++ b/src/Microsoft.AspNetCore.Authentication.OpenIdConnect/OpenIdConnectOptions.cs @@ -202,11 +202,5 @@ namespace Microsoft.AspNetCore.Builder /// This is disabled by default. /// public bool SkipUnrecognizedRequests { get; set; } = false; - - /// - /// For testing purposes only. - /// - [EditorBrowsable(EditorBrowsableState.Never)] - public ISystemClock SystemClock { get; set; } = new SystemClock(); } } diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs index 4fbf35aaa1..20d06beafc 100644 --- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs +++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterHandler.cs @@ -131,10 +131,7 @@ namespace Microsoft.AspNetCore.Authentication.Twitter throw new ArgumentNullException(nameof(context)); } - var properties = new AuthenticationProperties(context.Properties) - { - ExpiresUtc = Options.SystemClock.UtcNow.Add(Options.RemoteAuthenticationTimeout) - }; + var properties = new AuthenticationProperties(context.Properties); if (string.IsNullOrEmpty(properties.RedirectUri)) { @@ -148,7 +145,8 @@ namespace Microsoft.AspNetCore.Authentication.Twitter var cookieOptions = new CookieOptions { HttpOnly = true, - Secure = Request.IsHttps + Secure = Request.IsHttps, + Expires = Options.SystemClock.UtcNow.Add(Options.RemoteAuthenticationTimeout), }; Response.Cookies.Append(StateCookie, Options.StateDataFormat.Protect(requestToken), cookieOptions); diff --git a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs index 8ab399a8f9..bf54b7fbb9 100644 --- a/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs +++ b/src/Microsoft.AspNetCore.Authentication.Twitter/TwitterOptions.cs @@ -59,11 +59,5 @@ namespace Microsoft.AspNetCore.Builder get { return (ITwitterEvents)base.Events; } set { base.Events = value; } } - - /// - /// For testing purposes only. - /// - [EditorBrowsable(EditorBrowsableState.Never)] - public ISystemClock SystemClock { get; set; } = new SystemClock(); } } diff --git a/src/Microsoft.AspNetCore.Authentication/AuthenticationOptions.cs b/src/Microsoft.AspNetCore.Authentication/AuthenticationOptions.cs index 04d050b06e..34ec577f18 100644 --- a/src/Microsoft.AspNetCore.Authentication/AuthenticationOptions.cs +++ b/src/Microsoft.AspNetCore.Authentication/AuthenticationOptions.cs @@ -1,7 +1,9 @@ // Copyright (c) .NET Foundation. All rights reserved. // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information. +using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Http.Authentication; +using System.ComponentModel; namespace Microsoft.AspNetCore.Builder { @@ -47,5 +49,11 @@ namespace Microsoft.AspNetCore.Builder /// Additional information about the authentication type which is made available to the application. /// public AuthenticationDescription Description { get; set; } = new AuthenticationDescription(); + + /// + /// For testing purposes only. + /// + [EditorBrowsable(EditorBrowsableState.Never)] + public ISystemClock SystemClock { get; set; } = new SystemClock(); } } diff --git a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs index f1ad0d0559..72a4fe5900 100644 --- a/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs +++ b/src/Microsoft.AspNetCore.Authentication/RemoteAuthenticationHandler.cs @@ -149,7 +149,7 @@ namespace Microsoft.AspNetCore.Authentication { HttpOnly = true, Secure = Request.IsHttps, - Expires = properties.ExpiresUtc + Expires = Options.SystemClock.UtcNow.Add(Options.RemoteAuthenticationTimeout), }; properties.Items[CorrelationProperty] = correlationId;