huahaofeng
/
aspnetcore
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'release' into dev

This commit is contained in:
Chris R 2015-08-22 21:20:11 -07:00
parent 5a7e091330 86962ab12c
commit c29ede3e78
3 changed files with 11 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationHandler.cs
View File

@ -409,6 +409,8 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
ticket = await GetUserInformationAsync(properties, tokenEndpointResponse.Message, ticket);
}
await ValidateOpenIdConnectProtocolAsync(jwt, null);
var securityTokenValidatedNotification = await RunSecurityTokenValidatedNotificationAsync(message, ticket);
if (securityTokenValidatedNotification.HandledResponse)
{
@ -419,9 +421,6 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
return null;
}
// If id_token is received using code only flow, no need to validate chash.
await ValidateOpenIdConnectProtocolAsync(jwt, message, false);
return ticket;
}
@ -443,6 +442,8 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
var validationParameters = Options.TokenValidationParameters.Clone();
ticket = ValidateToken(message.IdToken, message, properties, validationParameters, out jwt);
await ValidateOpenIdConnectProtocolAsync(jwt, message);
var securityTokenValidatedNotification = await RunSecurityTokenValidatedNotificationAsync(message, ticket);
if (securityTokenValidatedNotification.HandledResponse)
{
@ -453,8 +454,6 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
return null;
}
await ValidateOpenIdConnectProtocolAsync(jwt, message);
if (message.Code != null)
{
var authorizationCodeReceivedNotification = await RunAuthorizationCodeReceivedNotificationAsync(message, properties, ticket, jwt);
@ -879,7 +878,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
return ticket;
}
private async Task ValidateOpenIdConnectProtocolAsync(JwtSecurityToken jwt, OpenIdConnectMessage message, bool ValidateCHash = true)
private async Task ValidateOpenIdConnectProtocolAsync(JwtSecurityToken jwt, OpenIdConnectMessage message)
{
string nonce = jwt.Payload.Nonce;
if (Options.CacheNonces)
@ -902,16 +901,13 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
var protocolValidationContext = new OpenIdConnectProtocolValidationContext
{
ProtocolMessage = message,
IdToken = jwt,
ClientId = Options.ClientId,
Nonce = nonce
};
// If authorization code is null, protocol validator does not validate the chash
if (ValidateCHash)
{
protocolValidationContext.AuthorizationCode = message.Code;
}
Options.ProtocolValidator.Validate(jwt, protocolValidationContext);
Options.ProtocolValidator.Validate(protocolValidationContext);
}
/// <summary>

2
src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationOptions.cs
View File

@ -58,7 +58,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
BackchannelTimeout = TimeSpan.FromMinutes(1);
Caption = OpenIdConnectAuthenticationDefaults.Caption;
GetClaimsFromUserInfoEndpoint = false;
ProtocolValidator = new OpenIdConnectProtocolValidator();
ProtocolValidator = new OpenIdConnectProtocolValidator() { RequireState = false };
RefreshOnIssuerKeyNotFound = true;
ResponseMode = OpenIdConnectResponseModes.FormPost;
ResponseType = OpenIdConnectResponseTypes.CodeIdToken;

1
test/Microsoft.AspNet.Authentication.Test/OpenIdConnect/OpenIdConnectHandlerTests.cs
View File

@ -384,6 +384,7 @@ namespace Microsoft.AspNet.Authentication.Tests.OpenIdConnect
{
DefaultOptions(options);
options.ResponseType = OpenIdConnectResponseTypes.Code;
options.ProtocolValidator.RequireNonce = false;
options.StateDataFormat = new AuthenticationPropertiesFormaterKeyValue();
options.GetClaimsFromUserInfoEndpoint = true;
options.SecurityTokenValidators = new Collection<ISecurityTokenValidator> { MockSecurityTokenValidator() };