Skip to content
This repository has been archived by the owner on Sep 18, 2021. It is now read-only.

Commit

Permalink
Merge branch 'dev'
Browse files Browse the repository at this point in the history
  • Loading branch information
@brockallen
brockallen committed Oct 15, 2015
2 parents 745e50b + 11a0ef9 commit 97592af
Show file tree
Hide file tree
Showing 38 changed files with 401 additions and 320 deletions.
4 changes: 2 additions & 2 deletions GitReleaseManager.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,8 @@ export:
regex-text:
multiline-regex: false
issue-labels-include:
- bug
- feature
- bug fix
- new feature
- enhancement
- breaking change
issue-labels-exclude:
Expand Down
2 changes: 1 addition & 1 deletion default.ps1
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ properties {
$nuget_path = "$src_directory\.nuget\nuget.exe"

$buildNumber = 0;
$version = "2.0.1.0"
$version = "2.0.2.0"
$preRelease = $null
}

Expand Down
14 changes: 11 additions & 3 deletions source/Core/Configuration/CspOptions.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,15 +36,15 @@ public CspOptions()
/// <c>true</c> if enabled; otherwise, <c>false</c>.
/// </value>
public bool Enabled { get; set; }

/// <summary>
/// Allows additional script sources to be indicated.
/// </summary>
/// <value>
/// The script source.
/// </value>
public string ScriptSrc { get; set; }

/// <summary>
/// Allows additional style sources to be indicated.
/// </summary>
Expand All @@ -60,13 +60,21 @@ public CspOptions()
/// The font source.
/// </value>
public string FontSrc { get; set; }

/// <summary>
/// Allows additional connect sources to be indicated.
/// </summary>
/// <value>
/// The connect source.
/// </value>
public string ConnectSrc { get; set; }

/// <summary>
/// Allows additional image sources to be indicated.
/// </summary>
/// <value>
/// The connect source.
/// </value>
public string ImgSrc { get; set; }
}
}
4 changes: 2 additions & 2 deletions source/Core/Configuration/Hosting/SecurityHeadersAttribute.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ public override void OnActionExecuted(HttpActionExecutedContext actionExecutedCo
if (options.CspOptions.Enabled)
{
// img-src as * due to client logos
var value = "default-src 'self'; script-src 'self' {0}; style-src 'self' 'unsafe-inline' {1}; img-src *;";
var value = "default-src 'self'; script-src 'self' {0}; style-src 'self' 'unsafe-inline' {1}; img-src {2};";

if (!String.IsNullOrWhiteSpace(options.CspOptions.FontSrc))
{
Expand All @@ -74,7 +74,7 @@ public override void OnActionExecuted(HttpActionExecutedContext actionExecutedCo
value += String.Format("connect-src {0};", options.CspOptions.ConnectSrc);
}

value = String.Format(value, options.CspOptions.ScriptSrc, options.CspOptions.StyleSrc);
value = String.Format(value, options.CspOptions.ScriptSrc, options.CspOptions.StyleSrc, options.CspOptions.ImgSrc ?? "*");
if (options.Endpoints.EnableCspReportEndpoint)
{
value += " report-uri " + ctx.GetCspReportUrl();
Expand Down
111 changes: 110 additions & 1 deletion source/Core/Configuration/Hosting/WebApiConfig.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,7 +66,116 @@ private static void ConfigureRoutes(IdentityServerOptions options, HttpConfigura
{
if (options.EnableWelcomePage)
{
config.Routes.MapHttpRoute(Constants.RouteNames.Welcome, Constants.RoutePaths.Welcome, new { controller = "Welcome", action = "Get" });
config.Routes.MapHttpRoute(
Constants.RouteNames.Welcome,
Constants.RoutePaths.Welcome,
new { controller = "Welcome", action = "Get" });
}

if (options.Endpoints.EnableAccessTokenValidationEndpoint)
{
config.Routes.MapHttpRoute(
Constants.RouteNames.Oidc.AccessTokenValidation,
Constants.RoutePaths.Oidc.AccessTokenValidation,
new { controller = "AccessTokenValidation" });
}

if (options.Endpoints.EnableAuthorizeEndpoint)
{
config.Routes.MapHttpRoute(
Constants.RouteNames.Oidc.Authorize,
Constants.RoutePaths.Oidc.Authorize,
new { controller = "AuthorizeEndpoint", action = "Get" });
config.Routes.MapHttpRoute(
Constants.RouteNames.Oidc.Consent,
Constants.RoutePaths.Oidc.Consent,
new { controller = "AuthorizeEndpoint", action = "PostConsent" });
config.Routes.MapHttpRoute(
Constants.RouteNames.Oidc.SwitchUser,
Constants.RoutePaths.Oidc.SwitchUser,
new { controller = "AuthorizeEndpoint", action = "LoginAsDifferentUser" });
}

if (options.Endpoints.EnableCheckSessionEndpoint)
{
config.Routes.MapHttpRoute(
Constants.RouteNames.Oidc.CheckSession,
Constants.RoutePaths.Oidc.CheckSession,
new { controller = "CheckSessionEndpoint" });
}

if (options.Endpoints.EnableClientPermissionsEndpoint)
{
config.Routes.MapHttpRoute(
Constants.RouteNames.ClientPermissions,
Constants.RoutePaths.ClientPermissions,
new { controller = "ClientPermissions" });
}

if (options.Endpoints.EnableCspReportEndpoint)
{
config.Routes.MapHttpRoute(
Constants.RouteNames.CspReport,
Constants.RoutePaths.CspReport,
new { controller = "CspReport" });
}

if (options.Endpoints.EnableDiscoveryEndpoint)
{
config.Routes.MapHttpRoute(
Constants.RouteNames.Oidc.DiscoveryConfiguration,
Constants.RoutePaths.Oidc.DiscoveryConfiguration,
new { controller = "DiscoveryEndpoint", action = "GetConfiguration" });
config.Routes.MapHttpRoute(
Constants.RouteNames.Oidc.DiscoveryWebKeys,
Constants.RoutePaths.Oidc.DiscoveryWebKeys,
new { controller = "DiscoveryEndpoint", action= "GetKeyData" });
}

if (options.Endpoints.EnableEndSessionEndpoint)
{
config.Routes.MapHttpRoute(
Constants.RouteNames.Oidc.EndSession,
Constants.RoutePaths.Oidc.EndSession,
new { controller = "EndSession", action = "Logout" });
}

// this one is always enabled/allowed (for use by our logout page)
config.Routes.MapHttpRoute(
Constants.RouteNames.Oidc.EndSessionCallback,
Constants.RoutePaths.Oidc.EndSessionCallback,
new { controller = "EndSession", action = "LogoutCallback" });

if (options.Endpoints.EnableIdentityTokenValidationEndpoint)
{
config.Routes.MapHttpRoute(
Constants.RouteNames.Oidc.IdentityTokenValidation,
Constants.RoutePaths.Oidc.IdentityTokenValidation,
new { controller = "IdentityTokenValidation" });
}

if (options.Endpoints.EnableTokenEndpoint)
{
config.Routes.MapHttpRoute(
Constants.RouteNames.Oidc.Token,
Constants.RoutePaths.Oidc.Token,
new { controller = "TokenEndpoint", action= "Post" });
}

if (options.Endpoints.EnableTokenRevocationEndpoint)
{
config.Routes.MapHttpRoute(
Constants.RouteNames.Oidc.Revocation,
Constants.RoutePaths.Oidc.Revocation,
new { controller = "RevocationEndpoint", action = "Post" });
}

if (options.Endpoints.EnableUserInfoEndpoint)
{
config.Routes.MapHttpRoute(
Constants.RouteNames.Oidc.UserInfo,
Constants.RoutePaths.Oidc.UserInfo,
new { controller = "UserInfoEndpoint" });
}
}

Expand Down
12 changes: 10 additions & 2 deletions source/Core/Constants.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -541,12 +541,19 @@ public static class RouteNames

public static class Oidc
{
public const string AccessTokenValidation = "idsrv.oidc.accesstokenvalidation";
public const string Authorize = "idsrv.oidc.authorize";
public const string Consent = "idsrv.oidc.consent";
public const string SwitchUser = "idsrv.oidc.switch";
public const string CheckSession = "idsrv.oidc.checksession";
public const string DiscoveryConfiguration = "idsrv.oidc.discoveryconfiguration";
public const string DiscoveryWebKeys = "idsrv.oidc.discoverywebkeys";
public const string EndSession = "idsrv.oidc.endsession";
public const string EndSessionCallback = "idsrv.oidc.endsessioncallback";
public const string CheckSession = "idsrv.oidc.checksession";
public const string IdentityTokenValidation = "idsrv.oidc.identitytokenvalidation";
public const string Token = "idsrv.oidc.token";
public const string Revocation = "idsrv.oidc.revocation";
public const string UserInfo = "idsrv.oidc.userinfo";
}
}

Expand Down Expand Up @@ -584,7 +591,8 @@ public static class Oidc
Oidc.DiscoveryWebKeys,
Oidc.Token,
Oidc.UserInfo,
Oidc.IdentityTokenValidation
Oidc.IdentityTokenValidation,
Oidc.Revocation
};
}

Expand Down
17 changes: 12 additions & 5 deletions source/Core/Endpoints/AuthenticationController.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -598,18 +598,25 @@ public async Task<IHttpActionResult> Logout(string id = null)
}

Logger.Info("Clearing cookies");

sessionCookie.ClearSessionId();
signOutMessageCookie.Clear(id);

ClearAuthenticationCookies();
SignOutOfExternalIdP();

if (user != null && user.Identity.IsAuthenticated)
{
await this.userService.SignOutAsync(new SignOutContext { Subject = user });

var message = signOutMessageCookie.Read(id);
var signOutContext = new SignOutContext
{
Subject = user
};

if (message != null)
{
signOutContext.ClientId = message.ClientId;
}

await this.userService.SignOutAsync(signOutContext);
await eventService.RaiseLogoutEventAsync(user, id, message);
}

Expand Down
16 changes: 0 additions & 16 deletions source/Core/Endpoints/ClientPermissionsController.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,19 +65,11 @@ public ClientPermissionsController(
this.antiForgeryToken = antiForgeryToken;
}

[Route(Constants.RoutePaths.ClientPermissions)]
[HttpGet]
public async Task<IHttpActionResult> ShowPermissions()
{
Logger.Info("Permissions page requested");

if (!options.Endpoints.EnableClientPermissionsEndpoint)
{
Logger.Error("Permissions page disabled, returning 404");
await eventService.RaiseFailureEndpointEventAsync(EventConstants.EndpointNames.ClientPermissions, "endpoint disabled");
return NotFound();
}

if (User == null || User.Identity == null || User.Identity.IsAuthenticated == false)
{
Logger.Info("User not authenticated, redirecting to login");
Expand All @@ -89,20 +81,12 @@ public async Task<IHttpActionResult> ShowPermissions()
return await RenderPermissionsPage();
}

[Route(Constants.RoutePaths.ClientPermissions, Name = Constants.RouteNames.ClientPermissions)]
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IHttpActionResult> RevokePermission(RevokeClientPermission model)
{
Logger.Info("Revoke permissions requested");

if (!options.Endpoints.EnableClientPermissionsEndpoint)
{
Logger.Error("Permissions page disabled, returning 404");
await eventService.RaiseFailureEndpointEventAsync(EventConstants.EndpointNames.ClientPermissions, "endpoint disabled");
return NotFound();
}

if (User == null || User.Identity == null || User.Identity.IsAuthenticated == false)
{
Logger.Info("User not authenticated, redirecting to login");
Expand Down
23 changes: 2 additions & 21 deletions source/Core/Endpoints/Connect/AccessTokenValidationController.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,6 @@ namespace IdentityServer3.Core.Endpoints
/// <summary>
/// Endpoint for validating access tokens
/// </summary>
[RoutePrefix(Constants.RoutePaths.Oidc.AccessTokenValidation)]
[NoCache]
internal class AccessTokenValidationController : ApiController
{
Expand All @@ -54,20 +53,11 @@ public AccessTokenValidationController(TokenValidator validator, IdentityServerO
/// GET
/// </summary>
/// <returns>Claims if token is valid</returns>
[Route]
[HttpGet]
public async Task<IHttpActionResult> Get()
{
Logger.Info("Start access token validation request");

if (!_options.Endpoints.EnableAccessTokenValidationEndpoint)
{
var error = "Endpoint is disabled. Aborting";
Logger.Warn(error);
await RaiseFailureEventAsync(error);

return NotFound();
}

var parameters = Request.RequestUri.ParseQueryString();
return await ProcessRequest(parameters);
}
Expand All @@ -76,20 +66,11 @@ public async Task<IHttpActionResult> Get()
/// POST
/// </summary>
/// <returns>Claims if token is valid</returns>
[Route]
[HttpPost]
public async Task<IHttpActionResult> Post()
{
Logger.Info("Start access token validation request");

if (!_options.Endpoints.EnableAccessTokenValidationEndpoint)
{
var error = "Endpoint is disabled. Aborting";
Logger.Warn(error);
await RaiseFailureEventAsync(error);

return NotFound();
}

var parameters = await Request.GetOwinContext().ReadRequestFormAsNameValueCollectionAsync();
return await ProcessRequest(parameters);
}
Expand Down
13 changes: 1 addition & 12 deletions source/Core/Endpoints/Connect/AuthorizeEndpointController.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,20 +92,11 @@ public AuthorizeEndpointController(
/// </summary>
/// <param name="request">The request.</param>
/// <returns></returns>
[Route(Constants.RoutePaths.Oidc.Authorize, Name = Constants.RouteNames.Oidc.Authorize)]
[HttpGet]
public async Task<IHttpActionResult> Get(HttpRequestMessage request)
{
Logger.Info("Start authorize request");

if (!_options.Endpoints.EnableAuthorizeEndpoint)
{
var error = "Endpoint is disabled. Aborting";
Logger.Warn(error);
await RaiseFailureEventAsync(error);

return NotFound();
}

var response = await ProcessRequestAsync(request.RequestUri.ParseQueryString());

Logger.Info("End authorize request");
Expand Down Expand Up @@ -174,7 +165,6 @@ private async Task<IHttpActionResult> ProcessRequestAsync(NameValueCollection pa
return await CreateAuthorizeResponseAsync(request);
}

[Route(Constants.RoutePaths.Oidc.Consent, Name = Constants.RouteNames.Oidc.Consent)]
[HttpPost]
[ValidateAntiForgeryToken]
public Task<IHttpActionResult> PostConsent(UserConsent model)
Expand All @@ -183,7 +173,6 @@ public Task<IHttpActionResult> PostConsent(UserConsent model)
return ProcessRequestAsync(Request.RequestUri.ParseQueryString(), model ?? new UserConsent());
}

[Route(Constants.RoutePaths.Oidc.SwitchUser, Name = Constants.RouteNames.Oidc.SwitchUser)]
[HttpGet]
public async Task<IHttpActionResult> LoginAsDifferentUser()
{
Expand Down
Loading

0 comments on commit 97592af

Please sign in to comment.