Adding token property to MessageReceivedNotification

2015-01-16 11:49:57 -08:00 · 2015-01-16 11:49:57 -08:00 · cdbd003bb1
parent de56109c16
commit cdbd003bb1
3 changed files with 42 additions and 14 deletions
--- a/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationHandler.cs
+++ b/src/Microsoft.AspNet.Security.OAuthBearer/OAuthBearerAuthenticationHandler.cs
@ -59,23 +59,29 @@ namespace Microsoft.AspNet.Security.OAuthBearer
                    return null;
                }

-                string authorization = Request.Headers.Get("Authorization");
+                // If application retrieved token from somewhere else, use that.
+                token = messageReceivedNotification.Token;

-                // If no authorization header found, nothing to process further
-                if (String.IsNullOrEmpty(authorization))
-                {
-                    return null;
-                }
-
-                if (authorization.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase))
-                {
-                     token = authorization.Substring("Bearer ".Length).Trim();
-                }
-
-                // If no token found, no further work possible
                if (string.IsNullOrEmpty(token))
                {
-                    return null;
+                    string authorization = Request.Headers.Get("Authorization");
+
+                    // If no authorization header found, nothing to process further
+                    if (string.IsNullOrEmpty(authorization))
+                    {
+                        return null;
+                    }
+
+                    if (authorization.StartsWith("Bearer ", StringComparison.OrdinalIgnoreCase))
+                    {
+                        token = authorization.Substring("Bearer ".Length).Trim();
+                    }
+
+                    // If no token found, no further work possible
+                    if (string.IsNullOrEmpty(token))
+                    {
+                        return null;
+                    }
                }

                // notify user token was received
--- a/src/Microsoft.AspNet.Security/Notifications/MessageReceivedNotification.cs
+++ b/src/Microsoft.AspNet.Security/Notifications/MessageReceivedNotification.cs
@ -12,5 +12,10 @@ namespace Microsoft.AspNet.Security.Notifications
        }

        public TMessage ProtocolMessage { get; set; }
+
+        /// <summary>
+        /// Bearer Token. This will give application an opportunity to retrieve token from an alternation location.
+        /// </summary>
+        public string Token { get; set; }
    }
 }
--- a/test/Microsoft.AspNet.Security.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
+++ b/test/Microsoft.AspNet.Security.Test/OAuthBearer/OAuthBearerMiddlewareTests.cs
@ -137,6 +137,23 @@ namespace Microsoft.AspNet.Security.OAuthBearer
            return Task.FromResult<object>(null);
        }

+        [Fact]
+        public async Task RetrievingTokenFromAlternateLocation()
+        {
+            var server = CreateServer(options => {
+                options.Notifications.MessageReceived = MessageReceived;
+                options.Notifications.SecurityTokenReceived = SecurityTokenReceived;
+            });
+            var response = await SendAsync(server, "http://example.com/oauth", "Bearer Token");
+            response.Response.StatusCode.ShouldBe(HttpStatusCode.OK);
+        }
+
+        private static Task MessageReceived(MessageReceivedNotification<HttpContext, OAuthBearerAuthenticationOptions> notification)
+        {
+            notification.Token = "CustomToken";
+            return Task.FromResult<object>(null);
+        }
+
        class BlobTokenValidator : ISecurityTokenValidator
        {