GenericOAuthValidator.cs

Go to the documentation of this file.

using System;
using System.Collections.Generic;
using System.Net.Http;
using System.Net.Http.Headers;
using System.Net.Mime;
using System.Threading;
using System.Threading.Tasks;
 
using Microsoft.Extensions.Logging;
using Newtonsoft.Json;
using Newtonsoft.Json.Linq;
using Newtonsoft.Json.Serialization;
 
using Tgstation.Server.Api;
using Tgstation.Server.Api.Models;
using Tgstation.Server.Common.Http;
using Tgstation.Server.Host.Configuration;
using Tgstation.Server.Host.Extensions;
 
namespace Tgstation.Server.Host.Security.OAuth
{
    abstract class GenericOAuthValidator : IOAuthValidator
    {
        public abstract OAuthProvider Provider { get; }
 
        public OAuthGatewayStatus GatewayStatus => OAuthConfiguration.Gateway ?? default;
 
        protected ILogger<GenericOAuthValidator> Logger { get; }
 
        protected OAuthConfiguration OAuthConfiguration { get; }
 
        protected abstract Uri TokenUrl { get; }
 
        protected abstract Uri UserInformationUrl { get; }
 
        readonly IAbstractHttpClientFactory httpClientFactory;
 
        protected static JsonSerializerSettings SerializerSettings() => new()
        {
            ContractResolver = new DefaultContractResolver
            {
                NamingStrategy = new SnakeCaseNamingStrategy(),
            },
        };
 
        public GenericOAuthValidator(
            IAbstractHttpClientFactory httpClientFactory,
            ILogger<GenericOAuthValidator> logger,
            OAuthConfiguration oAuthConfiguration)
        {
            this.httpClientFactory = httpClientFactory ?? throw new ArgumentNullException(nameof(httpClientFactory));
            Logger = logger ?? throw new ArgumentNullException(nameof(logger));
            OAuthConfiguration = oAuthConfiguration ?? throw new ArgumentNullException(nameof(oAuthConfiguration));
        }
 
        public async ValueTask<(string? UserID, string AccessCode)?> ValidateResponseCode(string code, bool requireUserID, CancellationToken cancellationToken)
        {
            using var httpClient = CreateHttpClient();
            string? tokenResponsePayload = null;
            string? userInformationPayload = null;
            try
            {
                Logger.LogTrace("Validating response code...");
                using var tokenRequest = new HttpRequestMessage(HttpMethod.Post, TokenUrl);
 
                var tokenRequestPayload = CreateTokenRequest(code);
 
                // roundabout but it works
                var tokenRequestJson = JsonConvert.SerializeObject(
                    tokenRequestPayload,
                    SerializerSettings());
 
                var tokenRequestDictionary = JsonConvert.DeserializeObject<Dictionary<string, string>>(tokenRequestJson)!;
                tokenRequest.Content = new FormUrlEncodedContent(tokenRequestDictionary);
 
                using var tokenResponse = await httpClient.SendAsync(tokenRequest, HttpCompletionOption.ResponseHeadersRead, cancellationToken);
                tokenResponse.EnsureSuccessStatusCode();
                tokenResponsePayload = await tokenResponse.Content.ReadAsStringAsync(cancellationToken);
                var tokenResponseJson = JObject.Parse(tokenResponsePayload);
 
                var accessToken = DecodeTokenPayload(tokenResponseJson);
                if (accessToken == null)
                {
                    Logger.LogTrace("No token from DecodeTokenPayload!");
                    return null;
                }
 
                if (!requireUserID)
                    return (null, AccessCode: accessToken);
 
                Logger.LogTrace("Getting user details...");
 
                var userInfoUrl = OAuthConfiguration?.UserInformationUrlOverride ?? UserInformationUrl;
                using var userInformationRequest = new HttpRequestMessage(HttpMethod.Get, userInfoUrl);
                userInformationRequest.Headers.Authorization = new AuthenticationHeaderValue(
                    ApiHeaders.BearerAuthenticationScheme,
                    accessToken);
 
                using var userInformationResponse = await httpClient.SendAsync(userInformationRequest, HttpCompletionOption.ResponseHeadersRead, cancellationToken);
                userInformationResponse.EnsureSuccessStatusCode();
                userInformationPayload = await userInformationResponse.Content.ReadAsStringAsync(cancellationToken);
 
                var userInformationJson = JObject.Parse(userInformationPayload);
 
                return (DecodeUserInformationPayload(userInformationJson), AccessCode: accessToken);
            }
            catch (Exception ex)
            {
                Logger.LogWarning(
                    ex,
                    "Error while completing OAuth handshake! Payload:{newLine}{responsePayload}",
                    Environment.NewLine,
                    userInformationPayload ?? tokenResponsePayload);
                return null;
            }
        }
 
        public OAuthProviderInfo GetProviderInfo()
            => new()
            {
                ClientId = OAuthConfiguration.ClientId,
                RedirectUri = OAuthConfiguration.RedirectUrl,
                ServerUrl = OAuthConfiguration.ServerUrl,
                GatewayOnly = GatewayStatus.ToBoolean(),
            };
 
        protected abstract string DecodeTokenPayload(dynamic responseJson);
 
        protected abstract string DecodeUserInformationPayload(dynamic responseJson);
 
        protected abstract OAuthTokenRequest CreateTokenRequest(string code);
 
        IHttpClient CreateHttpClient()
        {
            var httpClient = httpClientFactory.CreateClient();
            try
            {
                httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue(MediaTypeNames.Application.Json));
                return httpClient;
            }
            catch
            {
                httpClient.Dispose();
                throw;
            }
        }
    }
}