frontend styling fixes
This commit is contained in:
master
@@ -0,0 +1,66 @@
|
||||
|
||||
using Microsoft.Extensions.Logging;
|
||||
using OpenIddict.Abstractions;
|
||||
using OpenIddict.Server;
|
||||
using StellaOps.Authority.Persistence.InMemory.Stores;
|
||||
using StellaOps.Authority.Persistence.Sessions;
|
||||
|
||||
namespace StellaOps.Authority.OpenIddict.Handlers;
|
||||
|
||||
/// <summary>
|
||||
/// Validates authorization requests (authorization code flow) in degraded mode.
|
||||
/// Checks that the client_id exists in the Authority's client store.
|
||||
/// </summary>
|
||||
internal sealed class ValidateAuthorizationRequestHandler
|
||||
: IOpenIddictServerHandler<OpenIddictServerEvents.ValidateAuthorizationRequestContext>
|
||||
{
|
||||
private readonly IAuthorityClientStore clientStore;
|
||||
private readonly ILogger<ValidateAuthorizationRequestHandler> logger;
|
||||
|
||||
public ValidateAuthorizationRequestHandler(
|
||||
IAuthorityClientStore clientStore,
|
||||
ILogger<ValidateAuthorizationRequestHandler> logger)
|
||||
{
|
||||
this.clientStore = clientStore ?? throw new ArgumentNullException(nameof(clientStore));
|
||||
this.logger = logger ?? throw new ArgumentNullException(nameof(logger));
|
||||
}
|
||||
|
||||
public async ValueTask HandleAsync(OpenIddictServerEvents.ValidateAuthorizationRequestContext context)
|
||||
{
|
||||
ArgumentNullException.ThrowIfNull(context);
|
||||
|
||||
var clientId = context.ClientId;
|
||||
|
||||
if (string.IsNullOrWhiteSpace(clientId))
|
||||
{
|
||||
context.Reject(
|
||||
error: OpenIddictConstants.Errors.InvalidClient,
|
||||
description: "The client_id parameter is required.");
|
||||
return;
|
||||
}
|
||||
|
||||
IClientSessionHandle? session = null;
|
||||
var client = await clientStore.FindByClientIdAsync(clientId, context.CancellationToken, session)
|
||||
.ConfigureAwait(false);
|
||||
|
||||
if (client is null)
|
||||
{
|
||||
logger.LogWarning("Authorization request rejected: unknown client_id '{ClientId}'.", clientId);
|
||||
context.Reject(
|
||||
error: OpenIddictConstants.Errors.InvalidClient,
|
||||
description: "The specified client_id is not valid.");
|
||||
return;
|
||||
}
|
||||
|
||||
if (!client.Enabled)
|
||||
{
|
||||
logger.LogWarning("Authorization request rejected: disabled client '{ClientId}'.", clientId);
|
||||
context.Reject(
|
||||
error: OpenIddictConstants.Errors.InvalidClient,
|
||||
description: "The specified client is disabled.");
|
||||
return;
|
||||
}
|
||||
|
||||
logger.LogInformation("Authorization request validated for client '{ClientId}'.", clientId);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,65 @@
|
||||
|
||||
using Microsoft.Extensions.Logging;
|
||||
using OpenIddict.Abstractions;
|
||||
using OpenIddict.Server;
|
||||
using StellaOps.Authority.Persistence.InMemory.Stores;
|
||||
using StellaOps.Authority.Persistence.Sessions;
|
||||
|
||||
namespace StellaOps.Authority.OpenIddict.Handlers;
|
||||
|
||||
/// <summary>
|
||||
/// Validates introspection requests in degraded mode.
|
||||
/// Checks that the client presenting the token is a known, enabled client.
|
||||
/// </summary>
|
||||
internal sealed class ValidateIntrospectionRequestHandler
|
||||
: IOpenIddictServerHandler<OpenIddictServerEvents.ValidateIntrospectionRequestContext>
|
||||
{
|
||||
private readonly IAuthorityClientStore clientStore;
|
||||
private readonly ILogger<ValidateIntrospectionRequestHandler> logger;
|
||||
|
||||
public ValidateIntrospectionRequestHandler(
|
||||
IAuthorityClientStore clientStore,
|
||||
ILogger<ValidateIntrospectionRequestHandler> logger)
|
||||
{
|
||||
this.clientStore = clientStore ?? throw new ArgumentNullException(nameof(clientStore));
|
||||
this.logger = logger ?? throw new ArgumentNullException(nameof(logger));
|
||||
}
|
||||
|
||||
public async ValueTask HandleAsync(OpenIddictServerEvents.ValidateIntrospectionRequestContext context)
|
||||
{
|
||||
ArgumentNullException.ThrowIfNull(context);
|
||||
|
||||
var clientId = context.ClientId;
|
||||
|
||||
// Introspection can be called without client_id (e.g. resource server presenting its own token)
|
||||
if (string.IsNullOrWhiteSpace(clientId))
|
||||
{
|
||||
logger.LogDebug("Introspection request accepted without client_id.");
|
||||
return;
|
||||
}
|
||||
|
||||
IClientSessionHandle? session = null;
|
||||
var client = await clientStore.FindByClientIdAsync(clientId, context.CancellationToken, session)
|
||||
.ConfigureAwait(false);
|
||||
|
||||
if (client is null)
|
||||
{
|
||||
logger.LogWarning("Introspection request rejected: unknown client_id '{ClientId}'.", clientId);
|
||||
context.Reject(
|
||||
error: OpenIddictConstants.Errors.InvalidClient,
|
||||
description: "The specified client_id is not valid.");
|
||||
return;
|
||||
}
|
||||
|
||||
if (!client.Enabled)
|
||||
{
|
||||
logger.LogWarning("Introspection request rejected: disabled client '{ClientId}'.", clientId);
|
||||
context.Reject(
|
||||
error: OpenIddictConstants.Errors.InvalidClient,
|
||||
description: "The specified client is disabled.");
|
||||
return;
|
||||
}
|
||||
|
||||
logger.LogDebug("Introspection request validated for client '{ClientId}'.", clientId);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,65 @@
|
||||
|
||||
using Microsoft.Extensions.Logging;
|
||||
using OpenIddict.Abstractions;
|
||||
using OpenIddict.Server;
|
||||
using StellaOps.Authority.Persistence.InMemory.Stores;
|
||||
using StellaOps.Authority.Persistence.Sessions;
|
||||
|
||||
namespace StellaOps.Authority.OpenIddict.Handlers;
|
||||
|
||||
/// <summary>
|
||||
/// Validates revocation requests in degraded mode.
|
||||
/// Checks that the client requesting revocation is a known, enabled client.
|
||||
/// </summary>
|
||||
internal sealed class ValidateRevocationRequestHandler
|
||||
: IOpenIddictServerHandler<OpenIddictServerEvents.ValidateRevocationRequestContext>
|
||||
{
|
||||
private readonly IAuthorityClientStore clientStore;
|
||||
private readonly ILogger<ValidateRevocationRequestHandler> logger;
|
||||
|
||||
public ValidateRevocationRequestHandler(
|
||||
IAuthorityClientStore clientStore,
|
||||
ILogger<ValidateRevocationRequestHandler> logger)
|
||||
{
|
||||
this.clientStore = clientStore ?? throw new ArgumentNullException(nameof(clientStore));
|
||||
this.logger = logger ?? throw new ArgumentNullException(nameof(logger));
|
||||
}
|
||||
|
||||
public async ValueTask HandleAsync(OpenIddictServerEvents.ValidateRevocationRequestContext context)
|
||||
{
|
||||
ArgumentNullException.ThrowIfNull(context);
|
||||
|
||||
var clientId = context.ClientId;
|
||||
|
||||
// Revocation can be called without client_id in some configurations
|
||||
if (string.IsNullOrWhiteSpace(clientId))
|
||||
{
|
||||
logger.LogDebug("Revocation request accepted without client_id.");
|
||||
return;
|
||||
}
|
||||
|
||||
IClientSessionHandle? session = null;
|
||||
var client = await clientStore.FindByClientIdAsync(clientId, context.CancellationToken, session)
|
||||
.ConfigureAwait(false);
|
||||
|
||||
if (client is null)
|
||||
{
|
||||
logger.LogWarning("Revocation request rejected: unknown client_id '{ClientId}'.", clientId);
|
||||
context.Reject(
|
||||
error: OpenIddictConstants.Errors.InvalidClient,
|
||||
description: "The specified client_id is not valid.");
|
||||
return;
|
||||
}
|
||||
|
||||
if (!client.Enabled)
|
||||
{
|
||||
logger.LogWarning("Revocation request rejected: disabled client '{ClientId}'.", clientId);
|
||||
context.Reject(
|
||||
error: OpenIddictConstants.Errors.InvalidClient,
|
||||
description: "The specified client is disabled.");
|
||||
return;
|
||||
}
|
||||
|
||||
logger.LogDebug("Revocation request validated for client '{ClientId}'.", clientId);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user