-
Notifications
You must be signed in to change notification settings - Fork 541
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Showing
9 changed files
with
422 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
24 changes: 24 additions & 0 deletions
24
src/AspNet.Security.OAuth.Zoho/AspNet.Security.OAuth.Zoho.csproj
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,24 @@ | ||
| <Project Sdk="Microsoft.NET.Sdk"> | ||
|
|
||
| <PropertyGroup> | ||
| <PackageValidationBaselineVersion>8.2.0</PackageValidationBaselineVersion> | ||
| <TargetFramework>$(DefaultNetCoreTargetFramework)</TargetFramework> | ||
| </PropertyGroup> | ||
|
|
||
| <!-- TODO Enable once this provider is published to NuGet.org --> | ||
| <PropertyGroup> | ||
| <DisablePackageBaselineValidation>true</DisablePackageBaselineValidation> | ||
| </PropertyGroup> | ||
|
|
||
| <PropertyGroup> | ||
| <Description>ASP.NET Core security middleware enabling Zoho authentication.</Description> | ||
| <Authors>Denys Goncharenko</Authors> | ||
| <PackageTags>aspnetcore;authentication;oauth;zoho;security</PackageTags> | ||
| </PropertyGroup> | ||
|
|
||
| <ItemGroup> | ||
| <FrameworkReference Include="Microsoft.AspNetCore.App"/> | ||
| <PackageReference Include="JetBrains.Annotations" PrivateAssets="All"/> | ||
| </ItemGroup> | ||
|
|
||
| </Project> |
53 changes: 53 additions & 0 deletions
53
src/AspNet.Security.OAuth.Zoho/ZohoAuthenticationDefaults.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,53 @@ | ||
| /* | ||
| * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0) | ||
| * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers | ||
| * for more information concerning the license and the contributors participating to this project. | ||
| */ | ||
|
|
||
| namespace AspNet.Security.OAuth.Zoho; | ||
|
|
||
| /// <summary> | ||
| /// Default values used by the Zoho authentication middleware. | ||
| /// </summary> | ||
| public static class ZohoAuthenticationDefaults | ||
| { | ||
| /// <summary> | ||
| /// Default value for <see cref="AuthenticationScheme.Name"/>. | ||
| /// </summary> | ||
| public const string AuthenticationScheme = "Zoho"; | ||
|
|
||
| /// <summary> | ||
| /// Default value for <see cref="AuthenticationScheme.DisplayName"/>. | ||
| /// </summary> | ||
| public static readonly string DisplayName = "Zoho"; | ||
|
|
||
| /// <summary> | ||
| /// Default value for <see cref="AuthenticationSchemeOptions.ClaimsIssuer"/>. | ||
| /// </summary> | ||
| public static readonly string Issuer = "Zoho"; | ||
|
|
||
| /// <summary> | ||
| /// Default value for <see cref="RemoteAuthenticationOptions.CallbackPath"/>. | ||
| /// </summary> | ||
| public static readonly string CallbackPath = "/signin-zoho"; | ||
|
|
||
| /// <summary> | ||
| /// Default value for <see cref="OAuthOptions.AuthorizationEndpoint"/>. | ||
| /// </summary> | ||
| public static readonly string AuthorizationEndpoint = "https://accounts.zoho.com/oauth/v2/auth"; | ||
|
|
||
| /// <summary> | ||
| /// Default value for <see cref="OAuthOptions.TokenEndpoint"/>. | ||
| /// </summary> | ||
| public static readonly string TokenPath = "/oauth/v2/token"; | ||
|
|
||
| /// <summary> | ||
| /// Default value for <see cref="OAuthOptions.TokenEndpoint"/>. | ||
| /// </summary> | ||
| public static readonly string TokenEndpoint = "https://accounts.zoho.com/oauth/v2/token"; | ||
|
|
||
| /// <summary> | ||
| /// Default value for <see cref="OAuthOptions.UserInformationEndpoint"/>. | ||
| /// </summary> | ||
| public static readonly string UserInformationPath = "/oauth/user/info"; | ||
| } |
74 changes: 74 additions & 0 deletions
74
src/AspNet.Security.OAuth.Zoho/ZohoAuthenticationExtensions.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,74 @@ | ||
| /* | ||
| * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0) | ||
| * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers | ||
| * for more information concerning the license and the contributors participating to this project. | ||
| */ | ||
|
|
||
| using Microsoft.Extensions.DependencyInjection; | ||
|
|
||
| namespace AspNet.Security.OAuth.Zoho; | ||
|
|
||
| /// <summary> | ||
| /// Extension methods to add Zoho authentication capabilities to an HTTP application pipeline. | ||
| /// </summary> | ||
| public static class ZohoAuthenticationExtensions | ||
| { | ||
| /// <summary> | ||
| /// Adds <see cref="ZohoAuthenticationHandler"/> to the specified | ||
| /// <see cref="AuthenticationBuilder"/>, which enables Zoho authentication capabilities. | ||
| /// </summary> | ||
| /// <param name="builder">The authentication builder.</param> | ||
| /// <returns>A reference to this instance after the operation has completed.</returns> | ||
| public static AuthenticationBuilder AddZoho([NotNull] this AuthenticationBuilder builder) | ||
| { | ||
| return builder.AddZoho(ZohoAuthenticationDefaults.AuthenticationScheme, options => { }); | ||
| } | ||
|
|
||
| /// <summary> | ||
| /// Adds <see cref="ZohoAuthenticationHandler"/> to the specified | ||
| /// <see cref="AuthenticationBuilder"/>, which enables Zoho authentication capabilities. | ||
| /// </summary> | ||
| /// <param name="builder">The authentication builder.</param> | ||
| /// <param name="configuration">The delegate used to configure the OpenID 2.0 options.</param> | ||
| /// <returns>A reference to this instance after the operation has completed.</returns> | ||
| public static AuthenticationBuilder AddZoho( | ||
| [NotNull] this AuthenticationBuilder builder, | ||
| [NotNull] Action<ZohoAuthenticationOptions> configuration) | ||
| { | ||
| return builder.AddZoho(ZohoAuthenticationDefaults.AuthenticationScheme, configuration); | ||
| } | ||
|
|
||
| /// <summary> | ||
| /// Adds <see cref="ZohoAuthenticationHandler"/> to the specified | ||
| /// <see cref="AuthenticationBuilder"/>, which enables Zoho authentication capabilities. | ||
| /// </summary> | ||
| /// <param name="builder">The authentication builder.</param> | ||
| /// <param name="scheme">The authentication scheme associated with this instance.</param> | ||
| /// <param name="configuration">The delegate used to configure the Zoho options.</param> | ||
| /// <returns>The <see cref="AuthenticationBuilder"/>.</returns> | ||
| public static AuthenticationBuilder AddZoho( | ||
| [NotNull] this AuthenticationBuilder builder, | ||
| [NotNull] string scheme, | ||
| [NotNull] Action<ZohoAuthenticationOptions> configuration) | ||
| { | ||
| return builder.AddZoho(scheme, ZohoAuthenticationDefaults.DisplayName, configuration); | ||
| } | ||
|
|
||
| /// <summary> | ||
| /// Adds <see cref="ZohoAuthenticationHandler"/> to the specified | ||
| /// <see cref="AuthenticationBuilder"/>, which enables Zoho authentication capabilities. | ||
| /// </summary> | ||
| /// <param name="builder">The authentication builder.</param> | ||
| /// <param name="scheme">The authentication scheme associated with this instance.</param> | ||
| /// <param name="caption">The optional display name associated with this instance.</param> | ||
| /// <param name="configuration">The delegate used to configure the Zoho options.</param> | ||
| /// <returns>The <see cref="AuthenticationBuilder"/>.</returns> | ||
| public static AuthenticationBuilder AddZoho( | ||
| [NotNull] this AuthenticationBuilder builder, | ||
| [NotNull] string scheme, | ||
| [CanBeNull] string caption, | ||
| [NotNull] Action<ZohoAuthenticationOptions> configuration) | ||
| { | ||
| return builder.AddOAuth<ZohoAuthenticationOptions, ZohoAuthenticationHandler>(scheme, caption, configuration); | ||
| } | ||
| } |
175 changes: 175 additions & 0 deletions
175
src/AspNet.Security.OAuth.Zoho/ZohoAuthenticationHandler.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,175 @@ | ||
| /* | ||
| * Licensed under the Apache License, Version 2.0 (http://www.apache.org/licenses/LICENSE-2.0) | ||
| * See https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers | ||
| * for more information concerning the license and the contributors participating to this project. | ||
| */ | ||
|
|
||
| using System.Net; | ||
| using System.Net.Http.Headers; | ||
| using System.Net.Mime; | ||
| using System.Security.Claims; | ||
| using System.Text.Encodings.Web; | ||
| using System.Text.Json; | ||
| using Microsoft.Extensions.Logging; | ||
| using Microsoft.Extensions.Options; | ||
|
|
||
| namespace AspNet.Security.OAuth.Zoho; | ||
|
|
||
| public partial class ZohoAuthenticationHandler : OAuthHandler<ZohoAuthenticationOptions> | ||
| { | ||
| public ZohoAuthenticationHandler( | ||
| [NotNull] IOptionsMonitor<ZohoAuthenticationOptions> options, | ||
| [NotNull] ILoggerFactory logger, | ||
| [NotNull] UrlEncoder encoder) | ||
| : base(options, logger, encoder) | ||
| { | ||
| } | ||
|
|
||
| protected override async Task<AuthenticationTicket> CreateTicketAsync( | ||
| [NotNull] ClaimsIdentity identity, | ||
| [NotNull] AuthenticationProperties properties, | ||
| [NotNull] OAuthTokenResponse tokens) | ||
| { | ||
| var userInformationEndpoint = CreateEndpoint(ZohoAuthenticationDefaults.UserInformationPath); | ||
| using var requestMessage = new HttpRequestMessage(HttpMethod.Get, userInformationEndpoint); | ||
| requestMessage.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue(MediaTypeNames.Application.Json)); | ||
| requestMessage.Headers.Authorization = new AuthenticationHeaderValue("Bearer", tokens.AccessToken); | ||
| requestMessage.Version = Backchannel.DefaultRequestVersion; | ||
|
|
||
| using var response = await Backchannel.SendAsync(requestMessage, HttpCompletionOption.ResponseHeadersRead, Context.RequestAborted); | ||
| if (!response.IsSuccessStatusCode) | ||
| { | ||
| await Log.UserProfileErrorAsync(Logger, response, Context.RequestAborted); | ||
| throw new HttpRequestException("An error occurred while retrieving the user profile."); | ||
| } | ||
|
|
||
| using var payload = JsonDocument.Parse(await response.Content.ReadAsStringAsync(Context.RequestAborted)); | ||
|
|
||
| var principal = new ClaimsPrincipal(identity); | ||
| var context = new OAuthCreatingTicketContext(principal, properties, Context, Scheme, Options, Backchannel, tokens, payload.RootElement); | ||
| context.RunClaimActions(); | ||
|
|
||
| await Events.CreatingTicket(context); | ||
| return new AuthenticationTicket(context.Principal!, context.Properties, Scheme.Name); | ||
| } | ||
|
|
||
| protected override async Task<OAuthTokenResponse> ExchangeCodeAsync(OAuthCodeExchangeContext context) | ||
| { | ||
| var nameValueCollection = new Dictionary<string, string?> | ||
| { | ||
| ["client_id"] = Options.ClientId, | ||
| ["client_secret"] = Options.ClientSecret, | ||
| ["code"] = context.Code, | ||
| ["redirect_uri"] = context.RedirectUri, | ||
| ["grant_type"] = "authorization_code" | ||
| }; | ||
|
|
||
| if (context.Properties.Items.TryGetValue(OAuthConstants.CodeVerifierKey, out var codeVerifier)) | ||
| { | ||
| nameValueCollection.Add(OAuthConstants.CodeVerifierKey, codeVerifier!); | ||
| context.Properties.Items.Remove(OAuthConstants.CodeVerifierKey); | ||
| } | ||
|
|
||
| var tokenEndpoint = CreateEndpoint(ZohoAuthenticationDefaults.TokenPath); | ||
| using var request = new HttpRequestMessage(HttpMethod.Post, tokenEndpoint); | ||
| request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue(MediaTypeNames.Application.Json)); | ||
| request.Content = new FormUrlEncodedContent(nameValueCollection); | ||
| request.Version = Backchannel.DefaultRequestVersion; | ||
|
|
||
| using var response = await Backchannel.SendAsync(request, Context.RequestAborted); | ||
| if (!response.IsSuccessStatusCode) | ||
| { | ||
| await Log.ExchangeCodeErrorAsync(Logger, response, Context.RequestAborted); | ||
| return OAuthTokenResponse.Failed(new Exception("An error occurred while retrieving an access token.")); | ||
| } | ||
|
|
||
| var payload = JsonDocument.Parse(await response.Content.ReadAsStringAsync(Context.RequestAborted)); | ||
|
|
||
| return OAuthTokenResponse.Success(payload); | ||
| } | ||
|
|
||
| /// <summary> | ||
| /// Creates the endpoint for the Zoho API using the location parameter. | ||
| /// If the location parameter doesn't match any of the supported locations, the default location (US) is used. | ||
| /// We don't use the <c>accounts-server</c> parameter for security reasons. | ||
| /// </summary> | ||
| /// <param name="path">The request path.</param> | ||
| /// <returns>The API endpoint for the Zoho API.</returns> | ||
| private string CreateEndpoint(string path) | ||
| { | ||
| var location = Context.Request.Query["location"]; | ||
|
|
||
| var domain = location.ToString().ToLowerInvariant() switch | ||
| { | ||
| "au" => "https://accounts.zoho.com.au", | ||
| "ca" => "https://accounts.zohocloud.ca", | ||
| "eu" => "https://accounts.zoho.eu", | ||
| "us" => "https://accounts.zoho.com", | ||
| "in" => "https://accounts.zoho.in", | ||
| "jp" => "https://accounts.zoho.jp", | ||
| "sa" => "https://accounts.zoho.sa", | ||
| "uk" => "https://accounts.zoho.uk", | ||
| _ => "https://accounts.zoho.com" | ||
| }; | ||
|
|
||
| var builder = new UriBuilder(domain) | ||
| { | ||
| Path = path, | ||
| Port = -1, | ||
| Scheme = Uri.UriSchemeHttps, | ||
| }; | ||
|
|
||
| return builder.Uri.ToString(); | ||
| } | ||
|
|
||
| private static partial class Log | ||
| { | ||
| internal static async Task UserProfileErrorAsync(ILogger logger, HttpResponseMessage response, CancellationToken cancellationToken) | ||
| { | ||
| UserProfileError( | ||
| logger, | ||
| response.StatusCode, | ||
| response.Headers.ToString(), | ||
| await response.Content.ReadAsStringAsync(cancellationToken)); | ||
| } | ||
|
|
||
| internal static async Task ServerInfoErrorAsync(ILogger logger, HttpResponseMessage response, CancellationToken cancellationToken) | ||
| { | ||
| ServerInfoErrorAsync( | ||
| logger, | ||
| response.StatusCode, | ||
| response.Headers.ToString(), | ||
| await response.Content.ReadAsStringAsync(cancellationToken)); | ||
| } | ||
|
|
||
| internal static async Task ExchangeCodeErrorAsync(ILogger logger, HttpResponseMessage response, CancellationToken cancellationToken) | ||
| { | ||
| ExchangeCodeError( | ||
| logger, | ||
| response.StatusCode, | ||
| response.Headers.ToString(), | ||
| await response.Content.ReadAsStringAsync(cancellationToken)); | ||
| } | ||
|
|
||
| [LoggerMessage(1, LogLevel.Error, "An error occurred while retrieving the user profile: the remote server returned a {Status} response with the following payload: {Headers} {Body}.")] | ||
| private static partial void UserProfileError( | ||
| ILogger logger, | ||
| System.Net.HttpStatusCode status, | ||
| string headers, | ||
| string body); | ||
|
|
||
| [LoggerMessage(2, LogLevel.Error, "An error occurred while retrieving the server info: the remote server returned a {Status} response with the following payload: {Headers} {Body}.")] | ||
| private static partial void ServerInfoErrorAsync( | ||
| ILogger logger, | ||
| HttpStatusCode status, | ||
| string headers, | ||
| string body); | ||
|
|
||
| [LoggerMessage(3, LogLevel.Error, "An error occurred while retrieving an access token: the remote server returned a {Status} response with the following payload: {Headers} {Body}.")] | ||
| private static partial void ExchangeCodeError( | ||
| ILogger logger, | ||
| HttpStatusCode status, | ||
| string headers, | ||
| string body); | ||
| } | ||
| } |
Oops, something went wrong.