Merge branch 'release' into dev

This commit is contained in:
Chris R 2015-08-25 13:54:41 -07:00
commit d6882ce4a5
1 changed files with 18 additions and 17 deletions

View File

@ -403,14 +403,14 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
ticket = ValidateToken(idToken, message, properties, validationParameters, out jwt); ticket = ValidateToken(idToken, message, properties, validationParameters, out jwt);
await ValidateOpenIdConnectProtocolAsync(null, message);
if (Options.GetClaimsFromUserInfoEndpoint) if (Options.GetClaimsFromUserInfoEndpoint)
{ {
Logger.LogDebug(Resources.OIDCH_0040_Sending_Request_UIEndpoint); Logger.LogDebug(Resources.OIDCH_0040_Sending_Request_UIEndpoint);
ticket = await GetUserInformationAsync(properties, tokenEndpointResponse.Message, ticket); ticket = await GetUserInformationAsync(properties, tokenEndpointResponse.Message, ticket);
} }
await ValidateOpenIdConnectProtocolAsync(jwt, null);
var securityTokenValidatedNotification = await RunSecurityTokenValidatedNotificationAsync(message, ticket); var securityTokenValidatedNotification = await RunSecurityTokenValidatedNotificationAsync(message, ticket);
if (securityTokenValidatedNotification.HandledResponse) if (securityTokenValidatedNotification.HandledResponse)
{ {
@ -528,8 +528,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
var subjectClaimType = identity.FindFirst(ClaimTypes.NameIdentifier); var subjectClaimType = identity.FindFirst(ClaimTypes.NameIdentifier);
if (subjectClaimType == null) if (subjectClaimType == null)
{ {
Logger.LogError(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0041_Subject_Claim_Not_Found, identity.ToString())); throw new OpenIdConnectProtocolException(string.Format(CultureInfo.InvariantCulture, Resources.OIDCH_0041_Subject_Claim_Not_Found, identity.ToString()));
return ticket;
} }
var userInfoSubjectClaimValue = user.Value<string>(JwtRegisteredClaimNames.Sub); var userInfoSubjectClaimValue = user.Value<string>(JwtRegisteredClaimNames.Sub);
@ -537,8 +536,7 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
// check if the sub claim matches // check if the sub claim matches
if (userInfoSubjectClaimValue == null || !string.Equals(userInfoSubjectClaimValue, subjectClaimType.Value, StringComparison.Ordinal)) if (userInfoSubjectClaimValue == null || !string.Equals(userInfoSubjectClaimValue, subjectClaimType.Value, StringComparison.Ordinal))
{ {
Logger.LogError(Resources.OIDCH_0039_Subject_Claim_Mismatch); throw new OpenIdConnectProtocolException(Resources.OIDCH_0039_Subject_Claim_Mismatch);
return ticket;
} }
foreach (var claim in identity.Claims) foreach (var claim in identity.Claims)
@ -880,24 +878,27 @@ namespace Microsoft.AspNet.Authentication.OpenIdConnect
private async Task ValidateOpenIdConnectProtocolAsync(JwtSecurityToken jwt, OpenIdConnectMessage message) private async Task ValidateOpenIdConnectProtocolAsync(JwtSecurityToken jwt, OpenIdConnectMessage message)
{ {
string nonce = jwt.Payload.Nonce; string nonce = jwt?.Payload.Nonce;
if (Options.CacheNonces) if (!string.IsNullOrEmpty(nonce))
{ {
if (await Options.NonceCache.GetAsync(nonce) != null) if (Options.CacheNonces)
{ {
await Options.NonceCache.RemoveAsync(nonce); if (await Options.NonceCache.GetAsync(nonce) != null)
{
await Options.NonceCache.RemoveAsync(nonce);
}
else
{
// If the nonce cannot be removed, it was
// already used and MUST be rejected.
nonce = null;
}
} }
else else
{ {
// If the nonce cannot be removed, it was nonce = ReadNonceCookie(nonce);
// already used and MUST be rejected.
nonce = null;
} }
} }
else
{
nonce = ReadNonceCookie(nonce);
}
var protocolValidationContext = new OpenIdConnectProtocolValidationContext var protocolValidationContext = new OpenIdConnectProtocolValidationContext
{ {