Introduce OpenIdConnectRequest.HasAcrValue()

kevinchalet · kevinchalet · commit fb7473e5e392 · 2018-07-08T15:51:11.000+02:00
diff --git a/src/AspNet.Security.OpenIdConnect.Primitives/OpenIdConnectExtensions.cs b/src/AspNet.Security.OpenIdConnect.Primitives/OpenIdConnectExtensions.cs
@@ -57,6 +57,31 @@ public static IEnumerable<string> GetScopes([NotNull] this OpenIdConnectRequest
             return GetValues(request.Scope, OpenIdConnectConstants.Separators.Space).Distinct(StringComparer.Ordinal);
         }
 
+        /// <summary>
+        /// Determines whether the requested authentication context class values contain the specified item.
+        /// </summary>
+        /// <param name="request">The <see cref="OpenIdConnectRequest"/> instance.</param>
+        /// <param name="value">The component to look for in the parameter.</param>
+        public static bool HasAcrValue([NotNull] this OpenIdConnectRequest request, [NotNull] string value)
+        {
+            if (request == null)
+            {
+                throw new ArgumentNullException(nameof(request));
+            }
+
+            if (string.IsNullOrEmpty(value))
+            {
+                throw new ArgumentException("The value cannot be null or empty.", nameof(value));
+            }
+
+            if (string.IsNullOrEmpty(request.AcrValues))
+            {
+                return false;
+            }
+
+            return HasValue(request.AcrValues, value, OpenIdConnectConstants.Separators.Space);
+        }
+
         /// <summary>
         /// Determines whether the requested prompt contains the specified value.
         /// </summary>
diff --git a/src/AspNet.Security.OpenIdConnect.Server/OpenIdConnectServerHandler.cs b/src/AspNet.Security.OpenIdConnect.Server/OpenIdConnectServerHandler.cs
@@ -462,7 +462,8 @@ private async Task<bool> SignInAsync(AuthenticationTicket ticket)
                 }
 
                 var scopes = ticket.GetScopes();
-                if (request.IsAuthorizationCodeGrantType() || !new HashSet<string>(scopes).SetEquals(request.GetScopes()))
+                if ((request.IsTokenRequest() && request.IsAuthorizationCodeGrantType()) ||
+                    !new HashSet<string>(scopes).SetEquals(request.GetScopes()))
                 {
                     response.Scope = string.Join(" ", scopes);
                 }
diff --git a/src/Owin.Security.OpenIdConnect.Server/OpenIdConnectServerHandler.cs b/src/Owin.Security.OpenIdConnect.Server/OpenIdConnectServerHandler.cs
@@ -484,7 +484,8 @@ private async Task<bool> HandleSignInAsync(AuthenticationTicket ticket)
                 }
 
                 var scopes = ticket.GetScopes();
-                if (request.IsAuthorizationCodeGrantType() || !new HashSet<string>(scopes).SetEquals(request.GetScopes()))
+                if ((request.IsTokenRequest() && request.IsAuthorizationCodeGrantType()) ||
+                    !new HashSet<string>(scopes).SetEquals(request.GetScopes()))
                 {
                     response.Scope = string.Join(" ", scopes);
                 }
diff --git a/test/AspNet.Security.OpenIdConnect.Primitives.Tests/OpenIdConnectExtensionsTests.cs b/test/AspNet.Security.OpenIdConnect.Primitives.Tests/OpenIdConnectExtensionsTests.cs
@@ -87,6 +87,73 @@ public void GetScopes_ReturnsExpectedScopes(string scope, string[] scopes)
             Assert.Equal(scopes, request.GetScopes());
         }
 
+        [Fact]
+        public void HasAcrValue_ThrowsAnExceptionForNullRequest()
+        {
+            // Arrange
+            var request = (OpenIdConnectRequest) null;
+
+            // Act and assert
+            var exception = Assert.Throws<ArgumentNullException>(delegate
+            {
+                request.HasAcrValue("mod-mf");
+            });
+
+            Assert.Equal("request", exception.ParamName);
+        }
+
+        [Theory]
+        [InlineData(null)]
+        [InlineData("")]
+        public void HasAcrValue_ThrowsAnExceptionForNullOrEmptyAcrValue(string value)
+        {
+            // Arrange
+            var request = new OpenIdConnectRequest();
+
+            // Act and assert
+            var exception = Assert.Throws<ArgumentException>(delegate
+            {
+                request.HasAcrValue(value);
+            });
+
+            Assert.Equal("value", exception.ParamName);
+            Assert.StartsWith("The value cannot be null or empty.", exception.Message);
+        }
+
+        [Theory]
+        [InlineData(null, false)]
+        [InlineData("mod-mf", true)]
+        [InlineData("mod-mf mod-pr", true)]
+        [InlineData(" mod-mf mod-pr", true)]
+        [InlineData("mod-pr mod-mf", true)]
+        [InlineData("mod-pr mod-mf ", true)]
+        [InlineData("mod-pr mod-mf mod-cstm", true)]
+        [InlineData("mod-pr mod-mf mod-cstm ", true)]
+        [InlineData("mod-pr    mod-mf   mod-cstm ", true)]
+        [InlineData("mod-pr", false)]
+        [InlineData("mod-pr mod-cstm", false)]
+        [InlineData("MOD-MF", false)]
+        [InlineData("MOD-MF MOD-PR", false)]
+        [InlineData(" MOD-MF MOD-PR", false)]
+        [InlineData("MOD-PR MOD-MF", false)]
+        [InlineData("MOD-PR MOD-MF ", false)]
+        [InlineData("MOD-PR MOD-MF MOD-CSTM", false)]
+        [InlineData("MOD-PR MOD-MF MOD-CSTM ", false)]
+        [InlineData("MOD-PR    MOD-MF   MOD-CSTM ", false)]
+        [InlineData("MOD-PR", false)]
+        [InlineData("MOD-PR MOD-CSTM", false)]
+        public void HasAcrValue_ReturnsExpectedResult(string value, bool result)
+        {
+            // Arrange
+            var request = new OpenIdConnectRequest
+            {
+                AcrValues = value
+            };
+
+            // Act and assert
+            Assert.Equal(result, request.HasAcrValue("mod-mf"));
+        }
+
         [Fact]
         public void HasPrompt_ThrowsAnExceptionForNullRequest()
         {

Original file line number	Diff line number	Diff line change
`@@ -462,7 +462,8 @@ private async Task<bool> SignInAsync(AuthenticationTicket ticket)`
`462`	`462`	`}`
`463`	`463`
`464`	`464`	`var scopes = ticket.GetScopes();`
`465`		`- if (request.IsAuthorizationCodeGrantType() \|\| !new HashSet<string>(scopes).SetEquals(request.GetScopes()))`
	`465`	`+ if ((request.IsTokenRequest() && request.IsAuthorizationCodeGrantType()) \|\|`
	`466`	`+ !new HashSet<string>(scopes).SetEquals(request.GetScopes()))`
`466`	`467`	`{`
`467`	`468`	`response.Scope = string.Join(" ", scopes);`
`468`	`469`	`}`
Original file line number	Diff line number	Diff line change
`@@ -484,7 +484,8 @@ private async Task<bool> HandleSignInAsync(AuthenticationTicket ticket)`
`484`	`484`	`}`
`485`	`485`
`486`	`486`	`var scopes = ticket.GetScopes();`
`487`		`- if (request.IsAuthorizationCodeGrantType() \|\| !new HashSet<string>(scopes).SetEquals(request.GetScopes()))`
	`487`	`+ if ((request.IsTokenRequest() && request.IsAuthorizationCodeGrantType()) \|\|`
	`488`	`+ !new HashSet<string>(scopes).SetEquals(request.GetScopes()))`
`488`	`489`	`{`
`489`	`490`	`response.Scope = string.Join(" ", scopes);`
`490`	`491`	`}`