Using QueryHelpers helps avoid issue #365.
This commit is contained in:
parent
5bb5662e74
commit
bdab4d95fd
|
|
@ -51,10 +51,10 @@ namespace Microsoft.AspNet.Authentication.Facebook
|
||||||
|
|
||||||
protected override async Task<AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens)
|
protected override async Task<AuthenticationTicket> CreateTicketAsync(ClaimsIdentity identity, AuthenticationProperties properties, OAuthTokenResponse tokens)
|
||||||
{
|
{
|
||||||
var endpoint = Options.UserInformationEndpoint + "?access_token=" + UrlEncoder.UrlEncode(tokens.AccessToken);
|
var endpoint = QueryHelpers.AddQueryString(Options.UserInformationEndpoint, "access_token", tokens.AccessToken);
|
||||||
if (Options.SendAppSecretProof)
|
if (Options.SendAppSecretProof)
|
||||||
{
|
{
|
||||||
endpoint += "&appsecret_proof=" + GenerateAppSecretProof(tokens.AccessToken);
|
endpoint = QueryHelpers.AddQueryString(endpoint, "appsecret_proof", GenerateAppSecretProof(tokens.AccessToken));
|
||||||
}
|
}
|
||||||
|
|
||||||
var response = await Backchannel.GetAsync(endpoint, Context.RequestAborted);
|
var response = await Backchannel.GetAsync(endpoint, Context.RequestAborted);
|
||||||
|
|
|
||||||
|
|
@ -3,15 +3,21 @@
|
||||||
|
|
||||||
using System;
|
using System;
|
||||||
using System.Net;
|
using System.Net;
|
||||||
|
using System.Net.Http;
|
||||||
|
using System.Collections.Generic;
|
||||||
|
using System.Text;
|
||||||
|
using System.Linq;
|
||||||
using System.Threading.Tasks;
|
using System.Threading.Tasks;
|
||||||
using Microsoft.AspNet.Authentication.OAuth;
|
using Microsoft.AspNet.Authentication.OAuth;
|
||||||
using Microsoft.AspNet.Builder;
|
using Microsoft.AspNet.Builder;
|
||||||
|
using Microsoft.AspNet.DataProtection;
|
||||||
using Microsoft.AspNet.Http;
|
using Microsoft.AspNet.Http;
|
||||||
using Microsoft.AspNet.Http.Authentication;
|
using Microsoft.AspNet.Http.Authentication;
|
||||||
using Microsoft.AspNet.TestHost;
|
using Microsoft.AspNet.TestHost;
|
||||||
using Microsoft.Framework.DependencyInjection;
|
using Microsoft.Framework.DependencyInjection;
|
||||||
using Microsoft.Framework.WebEncoders;
|
using Microsoft.Framework.WebEncoders;
|
||||||
using Shouldly;
|
using Shouldly;
|
||||||
|
using Newtonsoft.Json;
|
||||||
using Xunit;
|
using Xunit;
|
||||||
|
|
||||||
namespace Microsoft.AspNet.Authentication.Facebook
|
namespace Microsoft.AspNet.Authentication.Facebook
|
||||||
|
|
@ -168,6 +174,76 @@ namespace Microsoft.AspNet.Authentication.Facebook
|
||||||
location.ShouldContain("state=");
|
location.ShouldContain("state=");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
[Fact]
|
||||||
|
public async Task CustomUserInfoEndpointHasValidGraphQuery()
|
||||||
|
{
|
||||||
|
var customUserInfoEndpoint = "https://graph.facebook.com/me?fields=email,timezone,picture";
|
||||||
|
string finalUserInfoEndpoint = string.Empty;
|
||||||
|
var stateFormat = new PropertiesDataFormat(new EphemeralDataProtectionProvider().CreateProtector("FacebookTest"));
|
||||||
|
var server = CreateServer(
|
||||||
|
app =>
|
||||||
|
{
|
||||||
|
app.UseFacebookAuthentication();
|
||||||
|
app.UseCookieAuthentication();
|
||||||
|
},
|
||||||
|
services =>
|
||||||
|
{
|
||||||
|
services.AddAuthentication();
|
||||||
|
services.ConfigureFacebookAuthentication(options =>
|
||||||
|
{
|
||||||
|
options.AppId = "Test App Id";
|
||||||
|
options.AppSecret = "Test App Secret";
|
||||||
|
options.StateDataFormat = stateFormat;
|
||||||
|
options.UserInformationEndpoint = customUserInfoEndpoint;
|
||||||
|
options.BackchannelHttpHandler = new TestHttpMessageHandler
|
||||||
|
{
|
||||||
|
Sender = req =>
|
||||||
|
{
|
||||||
|
if (req.RequestUri.GetLeftPart(UriPartial.Path) == FacebookAuthenticationDefaults.TokenEndpoint)
|
||||||
|
{
|
||||||
|
var res = new HttpResponseMessage(HttpStatusCode.OK);
|
||||||
|
var tokenResponse = new Dictionary<string, string>
|
||||||
|
{
|
||||||
|
{ "access_token", "TestAuthToken" },
|
||||||
|
};
|
||||||
|
res.Content = new FormUrlEncodedContent(tokenResponse);
|
||||||
|
return res;
|
||||||
|
}
|
||||||
|
if (req.RequestUri.GetLeftPart(UriPartial.Path) ==
|
||||||
|
new Uri(customUserInfoEndpoint).GetLeftPart(UriPartial.Path))
|
||||||
|
{
|
||||||
|
finalUserInfoEndpoint = req.RequestUri.ToString();
|
||||||
|
var res = new HttpResponseMessage(HttpStatusCode.OK);
|
||||||
|
var graphResponse = JsonConvert.SerializeObject(new
|
||||||
|
{
|
||||||
|
id = "TestProfileId",
|
||||||
|
name = "TestName"
|
||||||
|
});
|
||||||
|
res.Content = new StringContent(graphResponse, Encoding.UTF8);
|
||||||
|
return res;
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
};
|
||||||
|
});
|
||||||
|
}, handler: null);
|
||||||
|
|
||||||
|
var properties = new AuthenticationProperties();
|
||||||
|
var correlationKey = ".AspNet.Correlation.Facebook";
|
||||||
|
var correlationValue = "TestCorrelationId";
|
||||||
|
properties.Items.Add(correlationKey, correlationValue);
|
||||||
|
properties.RedirectUri = "/me";
|
||||||
|
var state = stateFormat.Protect(properties);
|
||||||
|
var transaction = await server.SendAsync(
|
||||||
|
"https://example.com/signin-facebook?code=TestCode&state=" + UrlEncoder.Default.UrlEncode(state),
|
||||||
|
correlationKey + "=" + correlationValue);
|
||||||
|
transaction.Response.StatusCode.ShouldBe(HttpStatusCode.Redirect);
|
||||||
|
transaction.Response.Headers.Location.ToString().ShouldBe("/me");
|
||||||
|
finalUserInfoEndpoint.Count(c => c == '?').ShouldBe(1);
|
||||||
|
finalUserInfoEndpoint.ShouldContain("fields=email,timezone,picture");
|
||||||
|
finalUserInfoEndpoint.ShouldContain("&access_token=");
|
||||||
|
}
|
||||||
|
|
||||||
private static TestServer CreateServer(Action<IApplicationBuilder> configure, Action<IServiceCollection> configureServices, Func<HttpContext, bool> handler)
|
private static TestServer CreateServer(Action<IApplicationBuilder> configure, Action<IServiceCollection> configureServices, Func<HttpContext, bool> handler)
|
||||||
{
|
{
|
||||||
return TestServer.Create(app =>
|
return TestServer.Create(app =>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue