Access token endpoint now can respond with appropriate errors.

AArnott · AArnott · commit 85b43c815aa4 · 2012-03-14T21:44:28.000-07:00
diff --git a/projecttemplates/MvcRelyingParty/OAuthTokenEndpoint.ashx.cs b/projecttemplates/MvcRelyingParty/OAuthTokenEndpoint.ashx.cs
@@ -40,12 +40,7 @@ public bool IsReusable {
 		/// <param name="context">An <see cref="T:System.Web.HttpContext"/> object that provides references to the intrinsic server objects (for example, Request, Response, Session, and Server) used to service HTTP requests.</param>
 		public void ProcessRequest(HttpContext context) {
 			var serviceProvider = OAuthServiceProvider.AuthorizationServer;
-			IDirectResponseProtocolMessage response;
-			if (serviceProvider.TryPrepareAccessTokenResponse(new HttpRequestWrapper(context.Request), out response)) {
-				serviceProvider.Channel.Respond(response);
-			} else {
-				throw new InvalidOperationException();
-			}
+			serviceProvider.HandleTokenRequest().Respond();
 		}
 	}
 }
diff --git a/projecttemplates/WebFormsRelyingParty/OAuthTokenEndpoint.ashx.cs b/projecttemplates/WebFormsRelyingParty/OAuthTokenEndpoint.ashx.cs
@@ -39,13 +39,7 @@ public bool IsReusable {
 		/// </summary>
 		/// <param name="context">An <see cref="T:System.Web.HttpContext"/> object that provides references to the intrinsic server objects (for example, Request, Response, Session, and Server) used to service HTTP requests.</param>
 		public void ProcessRequest(HttpContext context) {
-			var serviceProvider = OAuthServiceProvider.AuthorizationServer;
-			IDirectResponseProtocolMessage response;
-			if (serviceProvider.TryPrepareAccessTokenResponse(new HttpRequestWrapper(context.Request), out response)) {
-				serviceProvider.Channel.Respond(response);
-			} else {
-				throw new InvalidOperationException();
-			}
+			OAuthServiceProvider.AuthorizationServer.HandleTokenRequest().Respond();
 		}
 	}
 }
diff --git a/samples/OAuthAuthorizationServer/Controllers/OAuthController.cs b/samples/OAuthAuthorizationServer/Controllers/OAuthController.cs
@@ -21,12 +21,7 @@ public class OAuthController : Controller {
 		/// </summary>
 		/// <returns>The response to the Client.</returns>
 		public ActionResult Token() {
-			IDirectResponseProtocolMessage response;
-			if (this.authorizationServer.TryPrepareAccessTokenResponse(out response)) {
-				return this.authorizationServer.Channel.PrepareResponse(response).AsActionResult();
-			} else {
-				throw new HttpException((int)HttpStatusCode.BadRequest, "Missing OAuth 2.0 request message.");
-			}
+			return this.authorizationServer.HandleTokenRequest(this.Request).AsActionResult();
 		}
 
 		/// <summary>
diff --git a/src/DotNetOpenAuth.Core/Messaging/OutgoingWebResponseActionResult.cs b/src/DotNetOpenAuth.Core/Messaging/OutgoingWebResponseActionResult.cs
@@ -34,7 +34,7 @@ internal OutgoingWebResponseActionResult(OutgoingWebResponse response) {
 		/// </summary>
 		/// <param name="context">The context in which to set the response.</param>
 		public override void ExecuteResult(ControllerContext context) {
-			this.response.Respond();
+			this.response.Respond(context.HttpContext);
 		}
 	}
 }
diff --git a/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthorizationServer.cs b/src/DotNetOpenAuth.OAuth2.AuthorizationServer/OAuth2/AuthorizationServer.cs
@@ -97,55 +97,33 @@ public void RejectAuthorizationRequest(EndUserAuthorizationRequest authorization
 		}
 
 		/// <summary>
-		/// Checks the incoming HTTP request for an access token request and prepares a response if the request message was found.
+		/// Handles an incoming request to the authorization server's token endpoint.
 		/// </summary>
-		/// <param name="response">The formulated response, or <c>null</c> if the request was not found..</param>
-		/// <returns>A value indicating whether any access token request was found in the HTTP request.</returns>
-		/// <remarks>
-		/// This method assumes that the authorization server and the resource server are the same and that they share a single
-		/// asymmetric key for signing and encrypting the access token.  If this is not true, use the <see cref="ReadAccessTokenRequest"/> method instead.
-		/// </remarks>
-		public bool TryPrepareAccessTokenResponse(out IDirectResponseProtocolMessage response) {
-			return this.TryPrepareAccessTokenResponse(this.Channel.GetRequestFromContext(), out response);
-		}
-
-		/// <summary>
-		/// Checks the incoming HTTP request for an access token request and prepares a response if the request message was found.
-		/// </summary>
-		/// <param name="httpRequestInfo">The HTTP request info.</param>
-		/// <param name="response">The formulated response, or <c>null</c> if the request was not found..</param>
-		/// <returns>A value indicating whether any access token request was found in the HTTP request.</returns>
-		/// <remarks>
-		/// This method assumes that the authorization server and the resource server are the same and that they share a single
-		/// asymmetric key for signing and encrypting the access token.  If this is not true, use the <see cref="ReadAccessTokenRequest"/> method instead.
-		/// </remarks>
-		public bool TryPrepareAccessTokenResponse(HttpRequestBase httpRequestInfo, out IDirectResponseProtocolMessage response) {
-			Requires.NotNull(httpRequestInfo, "httpRequestInfo");
-			Contract.Ensures(Contract.Result<bool>() == (Contract.ValueAtReturn<IDirectResponseProtocolMessage>(out response) != null));
-
-			var request = this.ReadAccessTokenRequest(httpRequestInfo);
-			if (request != null) {
-				response = this.PrepareAccessTokenResponse(request);
-				return true;
+		/// <param name="request">The HTTP request.</param>
+		/// <returns>The HTTP response to send to the client.</returns>
+		public OutgoingWebResponse HandleTokenRequest(HttpRequestBase request = null) {
+			if (request == null) {
+				request = this.Channel.GetRequestFromContext();
 			}
 
-			response = null;
-			return false;
-		}
-
-		/// <summary>
-		/// Reads the access token request.
-		/// </summary>
-		/// <param name="requestInfo">The request info.</param>
-		/// <returns>The Client's request for an access token; or <c>null</c> if no such message was found in the request.</returns>
-		public AccessTokenRequestBase ReadAccessTokenRequest(HttpRequestBase requestInfo = null) {
-			if (requestInfo == null) {
-				requestInfo = this.Channel.GetRequestFromContext();
+			AccessTokenRequestBase requestMessage;
+			IProtocolMessage responseMessage;
+			try {
+				if (this.Channel.TryReadFromRequest(request, out requestMessage)) {
+					// TODO: refreshToken should be set appropriately based on authorization server policy.
+					responseMessage = this.PrepareAccessTokenResponse(requestMessage);
+				} else {
+					responseMessage = new AccessTokenFailedResponse() {
+						Error = Protocol.AccessTokenRequestErrorCodes.InvalidRequest,
+					};
+				}
+			} catch (ProtocolException ex) {
+				responseMessage = new AccessTokenFailedResponse() {
+					Error = Protocol.AccessTokenRequestErrorCodes.InvalidRequest,
+				};
 			}
 
-			AccessTokenRequestBase request;
-			this.Channel.TryReadFromRequest(requestInfo, out request);
-			return request;
+			return this.Channel.PrepareResponse(responseMessage);
 		}
 
 		/// <summary>
@@ -214,7 +192,7 @@ public EndUserAuthorizationSuccessResponseBase PrepareApproveAuthorizationReques
 		/// <param name="request">The request for an access token.</param>
 		/// <param name="includeRefreshToken">If set to <c>true</c>, the response will include a long-lived refresh token.</param>
 		/// <returns>The response message to send to the client.</returns>
-		public virtual IDirectResponseProtocolMessage PrepareAccessTokenResponse(AccessTokenRequestBase request, bool includeRefreshToken = true) {
+		private IDirectResponseProtocolMessage PrepareAccessTokenResponse(AccessTokenRequestBase request, bool includeRefreshToken = true) {
 			Requires.NotNull(request, "request");
 
 			if (includeRefreshToken) {
diff --git a/src/DotNetOpenAuth.OAuth2/OAuth2/Messages/AccessTokenFailedResponse.cs b/src/DotNetOpenAuth.OAuth2/OAuth2/Messages/AccessTokenFailedResponse.cs
@@ -38,11 +38,18 @@ internal AccessTokenFailedResponse(AccessTokenRequestBase request)
 		/// <param name="request">The faulty request.</param>
 		/// <param name="invalidClientCredentialsInAuthorizationHeader">A value indicating whether this error response is in result to a request that had invalid client credentials which were supplied in the HTTP Authorization header.</param>
 		internal AccessTokenFailedResponse(AccessTokenRequestBase request, bool invalidClientCredentialsInAuthorizationHeader)
-			: base(request)
-		{
+			: base(request) {
 			this.invalidClientCredentialsInAuthorizationHeader = invalidClientCredentialsInAuthorizationHeader;
 		}
 
+		/// <summary>
+		/// Initializes a new instance of the <see cref="AccessTokenFailedResponse"/> class.
+		/// </summary>
+		/// <param name="version">The protocol version.</param>
+		internal AccessTokenFailedResponse(Version version = null)
+			: base(version ?? Protocol.Default.Version) {
+		}
+
 		#region IHttpDirectResponse Members
 
 		/// <summary>
diff --git a/src/DotNetOpenAuth.Test/DotNetOpenAuth.Test.csproj b/src/DotNetOpenAuth.Test/DotNetOpenAuth.Test.csproj
@@ -243,6 +243,7 @@
     <Compile Include="Mocks\TestChannel.cs" />
     <Compile Include="Mocks\TestMessage.cs" />
     <Compile Include="Mocks\TestMessageFactory.cs" />
+    <Compile Include="OAuth2\AuthorizationServerTests.cs" />
     <Compile Include="OAuth2\MessageFactoryTests.cs" />
     <Compile Include="OAuth2\UserAgentClientAuthorizeTests.cs" />
     <Compile Include="OAuth2\OAuth2Coordinator.cs" />
diff --git a/src/DotNetOpenAuth.Test/OAuth2/AuthorizationServerTests.cs b/src/DotNetOpenAuth.Test/OAuth2/AuthorizationServerTests.cs
@@ -0,0 +1,44 @@
+﻿//-----------------------------------------------------------------------
+// <copyright file="AuthorizationServerTests.cs" company="Andrew Arnott">
+//     Copyright (c) Andrew Arnott. All rights reserved.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace DotNetOpenAuth.Test.OAuth2 {
+	using System;
+	using System.Collections.Generic;
+	using System.Linq;
+	using System.Text;
+	using DotNetOpenAuth.OAuth2;
+	using DotNetOpenAuth.OAuth2.Messages;
+	using NUnit.Framework;
+
+	/// <summary>
+	/// Verifies authorization server functionality.
+	/// </summary>
+	[TestFixture]
+	public class AuthorizationServerTests : OAuth2TestBase {
+		/// <summary>
+		/// Verifies that authorization server responds with an appropriate error response.
+		/// </summary>
+		[Test]
+		public void ErrorResponseTest() {
+			var coordinator = new OAuth2Coordinator<UserAgentClient>(
+				AuthorizationServerDescription,
+				AuthorizationServerMock,
+				new UserAgentClient(AuthorizationServerDescription),
+				client => {
+					var request = new AccessTokenAuthorizationCodeRequest(AuthorizationServerDescription)
+					{ ClientIdentifier = ClientId, ClientSecret = ClientSecret, AuthorizationCode = "foo" };
+
+					var response = client.Channel.Request<AccessTokenFailedResponse>(request);
+					Assert.That(response.Error, Is.Not.Null.And.Not.Empty);
+					Assert.That(response.Error, Is.EqualTo(Protocol.AccessTokenRequestErrorCodes.InvalidRequest));
+				},
+				server => {
+					server.HandleTokenRequest().Respond();
+				});
+			coordinator.Run();
+		}
+	}
+}
diff --git a/src/DotNetOpenAuth.Test/OAuth2/UserAgentClientAuthorizeTests.cs b/src/DotNetOpenAuth.Test/OAuth2/UserAgentClientAuthorizeTests.cs
@@ -41,11 +41,7 @@ public void AuthorizationCodeGrant() {
 					var request = server.ReadAuthorizationRequest();
 					Assert.That(request, Is.Not.Null);
 					server.ApproveAuthorizationRequest(request, ResourceOwnerUsername);
-					var tokenRequest = server.ReadAccessTokenRequest();
-					IAccessTokenRequest accessTokenRequest = tokenRequest;
-					Assert.That(accessTokenRequest.ClientAuthenticated);
-					var tokenResponse = server.PrepareAccessTokenResponse(tokenRequest);
-					server.Channel.Respond(tokenResponse);
+					server.HandleTokenRequest().Respond();
 				});
 			coordinator.Run();
 		}
diff --git a/src/DotNetOpenAuth.Test/OAuth2/WebServerClientAuthorizeTests.cs b/src/DotNetOpenAuth.Test/OAuth2/WebServerClientAuthorizeTests.cs
@@ -37,11 +37,7 @@ public void AuthorizationCodeGrant() {
 					var request = server.ReadAuthorizationRequest();
 					Assert.That(request, Is.Not.Null);
 					server.ApproveAuthorizationRequest(request, ResourceOwnerUsername);
-					var tokenRequest = server.ReadAccessTokenRequest();
-					IAccessTokenRequest accessTokenRequest = tokenRequest;
-					Assert.That(accessTokenRequest.ClientAuthenticated);
-					var tokenResponse = server.PrepareAccessTokenResponse(tokenRequest);
-					server.Channel.Respond(tokenResponse);
+					server.HandleTokenRequest().Respond();
 				});
 			coordinator.Run();
 		}
@@ -58,9 +54,7 @@ public void ResourceOwnerPasswordCredentialGrant() {
 					Assert.That(authState.RefreshToken, Is.Not.Null.And.Not.Empty);
 				},
 				server => {
-					var request = server.ReadAccessTokenRequest();
-					var response = server.PrepareAccessTokenResponse(request);
-					server.Channel.Respond(response);
+					server.HandleTokenRequest().Respond();
 				});
 			coordinator.Run();
 		}
@@ -81,9 +75,7 @@ public void ClientCredentialGrant() {
 					Assert.That(authState.RefreshToken, Is.Null);
 				},
 				server => {
-					var request = server.ReadAccessTokenRequest();
-					var response = server.PrepareAccessTokenResponse(request);
-					server.Channel.Respond(response);
+					server.HandleTokenRequest().Respond();
 				});
 			coordinator.Run();
 		}

Original file line number	Diff line number	Diff line change
`@@ -40,12 +40,7 @@ public bool IsReusable {`
`40`	`40`	`/// <param name="context">An <see cref="T:System.Web.HttpContext"/> object that provides references to the intrinsic server objects (for example, Request, Response, Session, and Server) used to service HTTP requests.</param>`
`41`	`41`	`public void ProcessRequest(HttpContext context) {`
`42`	`42`	`var serviceProvider = OAuthServiceProvider.AuthorizationServer;`
`43`		`- IDirectResponseProtocolMessage response;`
`44`		`- if (serviceProvider.TryPrepareAccessTokenResponse(new HttpRequestWrapper(context.Request), out response)) {`
`45`		`- serviceProvider.Channel.Respond(response);`
`46`		`- } else {`
`47`		`- throw new InvalidOperationException();`
`48`		`- }`
	`43`	`+ serviceProvider.HandleTokenRequest().Respond();`
`49`	`44`	`}`
`50`	`45`	`}`
`51`	`46`	`}`
Original file line number	Diff line number	Diff line change
`@@ -39,13 +39,7 @@ public bool IsReusable {`
`39`	`39`	`/// </summary>`
`40`	`40`	`/// <param name="context">An <see cref="T:System.Web.HttpContext"/> object that provides references to the intrinsic server objects (for example, Request, Response, Session, and Server) used to service HTTP requests.</param>`
`41`	`41`	`public void ProcessRequest(HttpContext context) {`
`42`		`- var serviceProvider = OAuthServiceProvider.AuthorizationServer;`
`43`		`- IDirectResponseProtocolMessage response;`
`44`		`- if (serviceProvider.TryPrepareAccessTokenResponse(new HttpRequestWrapper(context.Request), out response)) {`
`45`		`- serviceProvider.Channel.Respond(response);`
`46`		`- } else {`
`47`		`- throw new InvalidOperationException();`
`48`		`- }`
	`42`	`+ OAuthServiceProvider.AuthorizationServer.HandleTokenRequest().Respond();`
`49`	`43`	`}`
`50`	`44`	`}`
`51`	`45`	`}`
Original file line number	Diff line number	Diff line change
`@@ -34,7 +34,7 @@ internal OutgoingWebResponseActionResult(OutgoingWebResponse response) {`
`34`	`34`	`/// </summary>`
`35`	`35`	`/// <param name="context">The context in which to set the response.</param>`
`36`	`36`	`public override void ExecuteResult(ControllerContext context) {`
`37`		`- this.response.Respond();`
	`37`	`+ this.response.Respond(context.HttpContext);`
`38`	`38`	`}`
`39`	`39`	`}`
`40`	`40`	`}`