Merge pull request #32 from Jarga/dev

leastprivilege · web-flow · commit e529bbd132a3 · 2018-07-11T17:28:21.000+02:00
Add OAuth2Introspection Events
diff --git a/src/IdentityModel.AspNetCore.OAuth2Introspection/OAuth2IntrospectionEvents.cs b/src/IdentityModel.AspNetCore.OAuth2Introspection/OAuth2IntrospectionEvents.cs
@@ -0,0 +1,25 @@
+﻿using System;
+using System.Security.Claims;
+using System.Threading.Tasks;
+
+namespace IdentityModel.AspNetCore.OAuth2Introspection
+{    
+    /// <summary>
+     /// Default implementation.
+     /// </summary>
+    public class OAuth2IntrospectionEvents
+    {
+
+        /// <summary>
+        /// Gets or sets the function that is invoked when the CreatingTicket method is invoked.
+        /// </summary>
+        public Func<ClaimsPrincipal, Task> OnCreatingTicket { get; set; } = context => Task.CompletedTask;
+
+        /// <summary>
+        /// Invoked after the provider successfully authenticates a user.
+        /// </summary>
+        /// <param name="principal">Contains claims set hydtrated from the introspection response <see cref="System.Security.Claims.ClaimsPrincipal"/>.</param>
+        /// <returns>A <see cref="Task"/> representing the completed operation.</returns>
+        public virtual Task CreatingTicket(ClaimsPrincipal principal) => OnCreatingTicket(principal);
+    }
+}
diff --git a/src/IdentityModel.AspNetCore.OAuth2Introspection/OAuth2IntrospectionHandler.cs b/src/IdentityModel.AspNetCore.OAuth2Introspection/OAuth2IntrospectionHandler.cs
@@ -44,6 +44,17 @@ public OAuth2IntrospectionHandler(
             _cache = cache;
         }
 
+
+        /// <summary>
+        /// The handler calls methods on the events which give the application control at certain points where processing is occurring. 
+        /// If it is not provided a default instance is supplied which does nothing when the methods are called.
+        /// </summary>
+        protected new OAuth2IntrospectionEvents Events
+        {
+            get { return (OAuth2IntrospectionEvents)base.Events; }
+            set { base.Events = value; }
+        }
+
         /// <summary>
         /// Tries to authenticate a reference token on the current request
         /// </summary>
@@ -68,7 +79,7 @@ protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
                 var claims = await _cache.GetClaimsAsync(token).ConfigureAwait(false);
                 if (claims != null)
                 {
-                    var ticket = CreateTicket(claims);
+                    var ticket = await CreateTicket(claims);
 
                     _logger.LogTrace("Token found in cache.");
 
@@ -101,7 +112,7 @@ protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
 
                 if (response.IsActive)
                 {
-                    var ticket = CreateTicket(response.Claims);
+                    var ticket = await CreateTicket(response.Claims);
 
                     if (Options.SaveToken)
                     {
@@ -150,11 +161,13 @@ private async Task<IntrospectionResponse> LoadClaimsForToken(string token)
             }).ConfigureAwait(false);
         }
 
-        private AuthenticationTicket CreateTicket(IEnumerable<Claim> claims)
+        private async Task<AuthenticationTicket> CreateTicket(IEnumerable<Claim> claims)
         {
             var id = new ClaimsIdentity(claims, Scheme.Name, Options.NameClaimType, Options.RoleClaimType);
             var principal = new ClaimsPrincipal(id);
 
+            await Events.CreatingTicket(principal);
+
             return new AuthenticationTicket(principal, new AuthenticationProperties(), Scheme.Name);
         }
     }
diff --git a/src/IdentityModel.AspNetCore.OAuth2Introspection/OAuth2IntrospectionOptions.cs b/src/IdentityModel.AspNetCore.OAuth2Introspection/OAuth2IntrospectionOptions.cs
@@ -18,6 +18,13 @@ namespace Microsoft.AspNetCore.Builder
     /// </summary>
     public class OAuth2IntrospectionOptions : AuthenticationSchemeOptions
     {
+        /// <summary>
+        /// Dafault options constructor
+        /// </summary>
+        public OAuth2IntrospectionOptions()
+        {
+            Events = new OAuth2IntrospectionEvents();
+        }
         /// <summary>
         /// Sets the base-path of the token provider.
         /// If set, the OpenID Connect discovery document will be used to find the introspection endpoint.
@@ -113,6 +120,15 @@ public class OAuth2IntrospectionOptions : AuthenticationSchemeOptions
         /// </summary>
         public Func<HttpRequest, string> TokenRetriever { get; set; } = TokenRetrieval.FromAuthorizationHeader();
 
+        /// <summary>
+        /// Gets or sets the <see cref="OAuth2IntrospectionEvents"/> used to handle authentication events.
+        /// </summary>
+        public new OAuth2IntrospectionEvents Events
+        {
+            get { return (OAuth2IntrospectionEvents)base.Events; }
+            set { base.Events = value; }
+        }
+
         internal AsyncLazy<IntrospectionClient> IntrospectionClient { get; set; }
         internal ConcurrentDictionary<string, AsyncLazy<IntrospectionResponse>> LazyIntrospections { get; set; }
 

Original file line number	Diff line number	Diff line change
`@@ -44,6 +44,17 @@ public OAuth2IntrospectionHandler(`
`44`	`44`	`_cache = cache;`
`45`	`45`	`}`
`46`	`46`
	`47`	`+`
	`48`	`+ /// <summary>`
	`49`	`+ /// The handler calls methods on the events which give the application control at certain points where processing is occurring.`
	`50`	`+ /// If it is not provided a default instance is supplied which does nothing when the methods are called.`
	`51`	`+ /// </summary>`
	`52`	`+ protected new OAuth2IntrospectionEvents Events`
	`53`	`+ {`
	`54`	`+ get { return (OAuth2IntrospectionEvents)base.Events; }`
	`55`	`+ set { base.Events = value; }`
	`56`	`+ }`
	`57`	`+`
`47`	`58`	`/// <summary>`
`48`	`59`	`/// Tries to authenticate a reference token on the current request`
`49`	`60`	`/// </summary>`
`@@ -68,7 +79,7 @@ protected override async Task<AuthenticateResult> HandleAuthenticateAsync()`
`68`	`79`	`var claims = await _cache.GetClaimsAsync(token).ConfigureAwait(false);`
`69`	`80`	`if (claims != null)`
`70`	`81`	`{`
`71`		`- var ticket = CreateTicket(claims);`
	`82`	`+ var ticket = await CreateTicket(claims);`
`72`	`83`
`73`	`84`	`_logger.LogTrace("Token found in cache.");`
`74`	`85`
`@@ -101,7 +112,7 @@ protected override async Task<AuthenticateResult> HandleAuthenticateAsync()`
`101`	`112`
`102`	`113`	`if (response.IsActive)`
`103`	`114`	`{`
`104`		`- var ticket = CreateTicket(response.Claims);`
	`115`	`+ var ticket = await CreateTicket(response.Claims);`
`105`	`116`
`106`	`117`	`if (Options.SaveToken)`
`107`	`118`	`{`
`@@ -150,11 +161,13 @@ private async Task<IntrospectionResponse> LoadClaimsForToken(string token)`
`150`	`161`	`}).ConfigureAwait(false);`
`151`	`162`	`}`
`152`	`163`
`153`		`- private AuthenticationTicket CreateTicket(IEnumerable<Claim> claims)`
	`164`	`+ private async Task<AuthenticationTicket> CreateTicket(IEnumerable<Claim> claims)`
`154`	`165`	`{`
`155`	`166`	`var id = new ClaimsIdentity(claims, Scheme.Name, Options.NameClaimType, Options.RoleClaimType);`
`156`	`167`	`var principal = new ClaimsPrincipal(id);`
`157`	`168`
	`169`	`+ await Events.CreatingTicket(principal);`
	`170`	`+`
`158`	`171`	`return new AuthenticationTicket(principal, new AuthenticationProperties(), Scheme.Name);`
`159`	`172`	`}`
`160`	`173`	`}`