diff --git a/identity-server/hosts/Shared/Customization/ExtensionGrantValidator.cs b/identity-server/hosts/Shared/Customization/ExtensionGrantValidator.cs index 6a5b40c98..0b3b570ce 100644 --- a/identity-server/hosts/Shared/Customization/ExtensionGrantValidator.cs +++ b/identity-server/hosts/Shared/Customization/ExtensionGrantValidator.cs @@ -8,7 +8,7 @@ namespace Duende.IdentityServer.Hosts.Shared.Customization; public class ExtensionGrantValidator : IExtensionGrantValidator { - public Task ValidateAsync(ExtensionGrantValidationContext context) + public Task ValidateAsync(ExtensionGrantValidationContext context, CT ct) { ArgumentNullException.ThrowIfNull(context); var credential = context.Request.Raw.Get("custom_credential"); diff --git a/identity-server/hosts/Shared/Customization/NoSubjectExtensionGrantValidator.cs b/identity-server/hosts/Shared/Customization/NoSubjectExtensionGrantValidator.cs index 73ab53229..0a39ecd94 100644 --- a/identity-server/hosts/Shared/Customization/NoSubjectExtensionGrantValidator.cs +++ b/identity-server/hosts/Shared/Customization/NoSubjectExtensionGrantValidator.cs @@ -8,7 +8,7 @@ namespace Duende.IdentityServer.Hosts.Shared.Customization; public class NoSubjectExtensionGrantValidator : IExtensionGrantValidator { - public Task ValidateAsync(ExtensionGrantValidationContext context) + public Task ValidateAsync(ExtensionGrantValidationContext context, CT ct) { ArgumentNullException.ThrowIfNull(context); var credential = context.Request.Raw.Get("custom_credential"); diff --git a/identity-server/hosts/Shared/Customization/ParameterizedScopeTokenRequestValidator.cs b/identity-server/hosts/Shared/Customization/ParameterizedScopeTokenRequestValidator.cs index 695c56a72..6ee2a07e8 100644 --- a/identity-server/hosts/Shared/Customization/ParameterizedScopeTokenRequestValidator.cs +++ b/identity-server/hosts/Shared/Customization/ParameterizedScopeTokenRequestValidator.cs @@ -8,7 +8,7 @@ namespace Duende.IdentityServer.Hosts.Shared.Customization; public class ParameterizedScopeTokenRequestValidator : ICustomTokenRequestValidator { - public Task ValidateAsync(CustomTokenRequestValidationContext context) + public Task ValidateAsync(CustomTokenRequestValidationContext context, CT ct) { ArgumentNullException.ThrowIfNull(context); var transaction = context.Result?.ValidatedRequest.ValidatedResources.ParsedScopes.FirstOrDefault(x => x.ParsedName == "transaction"); diff --git a/identity-server/src/AspNetIdentity/ResourceOwnerPasswordValidator.cs b/identity-server/src/AspNetIdentity/ResourceOwnerPasswordValidator.cs index e79c01f96..5260eda99 100644 --- a/identity-server/src/AspNetIdentity/ResourceOwnerPasswordValidator.cs +++ b/identity-server/src/AspNetIdentity/ResourceOwnerPasswordValidator.cs @@ -38,12 +38,8 @@ public class ResourceOwnerPasswordValidator : IResourceOwnerPasswordValid _logger = logger; } - /// - /// Validates the resource owner password credential - /// - /// The context. - /// - public virtual async Task ValidateAsync(ResourceOwnerPasswordValidationContext context) + /// + public virtual async Task ValidateAsync(ResourceOwnerPasswordValidationContext context, CT ct) { var user = await _userManager.FindByNameAsync(context.UserName); if (user != null) diff --git a/identity-server/src/Configuration/Endpoints/DynamicClientRegistrationEndpoint.cs b/identity-server/src/Configuration/Endpoints/DynamicClientRegistrationEndpoint.cs index 1a46cc34a..018954252 100644 --- a/identity-server/src/Configuration/Endpoints/DynamicClientRegistrationEndpoint.cs +++ b/identity-server/src/Configuration/Endpoints/DynamicClientRegistrationEndpoint.cs @@ -62,7 +62,7 @@ public class DynamicClientRegistrationEndpoint var dcrContext = new DynamicClientRegistrationContext(request, httpContext.User); // Validate request values - var validationResult = await _validator.ValidateAsync(dcrContext); + var validationResult = await _validator.ValidateAsync(dcrContext, httpContext.RequestAborted); if (validationResult is DynamicClientRegistrationError validationError) { diff --git a/identity-server/src/Configuration/Validation/DynamicClientRegistration/DynamicClientRegistrationValidator.cs b/identity-server/src/Configuration/Validation/DynamicClientRegistration/DynamicClientRegistrationValidator.cs index 3e38f8238..8d882713d 100644 --- a/identity-server/src/Configuration/Validation/DynamicClientRegistration/DynamicClientRegistrationValidator.cs +++ b/identity-server/src/Configuration/Validation/DynamicClientRegistration/DynamicClientRegistrationValidator.cs @@ -27,81 +27,81 @@ public class DynamicClientRegistrationValidator : IDynamicClientRegistrationVali ILogger logger) => Logger = logger; /// - public async Task ValidateAsync(DynamicClientRegistrationContext context) + public async Task ValidateAsync(DynamicClientRegistrationContext context, CT ct) { - var result = await ValidateSoftwareStatementAsync(context); + var result = await ValidateSoftwareStatementAsync(context, ct); if (result is DynamicClientRegistrationError softwareStatementValidation) { return softwareStatementValidation; } - result = await SetGrantTypesAsync(context); + result = await SetGrantTypesAsync(context, ct); if (result is DynamicClientRegistrationError grantTypeValidation) { return grantTypeValidation; } - result = await SetRedirectUrisAsync(context); + result = await SetRedirectUrisAsync(context, ct); if (result is DynamicClientRegistrationError redirectUrisValidation) { return redirectUrisValidation; } - result = await SetScopesAsync(context); + result = await SetScopesAsync(context, ct); if (result is DynamicClientRegistrationError scopeValidation) { return scopeValidation; } - result = await SetSecretsAsync(context); + result = await SetSecretsAsync(context, ct); if (result is DynamicClientRegistrationError keySetValidation) { return keySetValidation; } - result = await SetClientNameAsync(context); + result = await SetClientNameAsync(context, ct); if (result is DynamicClientRegistrationError nameValidation) { return nameValidation; } - result = await SetLogoutParametersAsync(context); + result = await SetLogoutParametersAsync(context, ct); if (result is DynamicClientRegistrationError logoutValidation) { return logoutValidation; } - result = await SetMaxAgeAsync(context); + result = await SetMaxAgeAsync(context, ct); if (result is DynamicClientRegistrationError maxAgeValidation) { return maxAgeValidation; } - result = await SetUserInterfaceProperties(context); + result = await SetUserInterfaceProperties(context, ct); if (result is DynamicClientRegistrationError miscValidation) { return miscValidation; } - result = await SetPublicClientProperties(context); + result = await SetPublicClientProperties(context, ct); if (result is DynamicClientRegistrationError publicClientValidation) { return publicClientValidation; } - result = await SetAccessTokenProperties(context); + result = await SetAccessTokenProperties(context, ct); if (result is DynamicClientRegistrationError accessTokenValidation) { return accessTokenValidation; } - result = await SetIdTokenProperties(context); + result = await SetIdTokenProperties(context, ct); if (result is DynamicClientRegistrationError idTokenValidation) { return idTokenValidation; } - result = await SetServerSideSessionProperties(context); + result = await SetServerSideSessionProperties(context, ct); if (result is DynamicClientRegistrationError serverSideSessionValidation) { return serverSideSessionValidation; @@ -118,9 +118,10 @@ public class DynamicClientRegistrationValidator : IDynamicClientRegistrationVali /// includes the client model that will have its allowed grant types set, /// the DCR request, and other contextual information. /// + /// The cancellation token. /// A task that returns an , which either /// represents that this step succeeded or failed. - protected virtual Task SetGrantTypesAsync(DynamicClientRegistrationContext context) + protected virtual Task SetGrantTypesAsync(DynamicClientRegistrationContext context, CT ct) { if (context.Request.GrantTypes.Count == 0) { @@ -218,9 +219,10 @@ public class DynamicClientRegistrationValidator : IDynamicClientRegistrationVali /// includes the client model that will have its redirect uri set, the DCR /// request, and other contextual information. /// + /// The cancellation token. /// A task that returns an , which either /// represents that this step succeeded or failed. - protected virtual Task SetRedirectUrisAsync(DynamicClientRegistrationContext context) + protected virtual Task SetRedirectUrisAsync(DynamicClientRegistrationContext context, CT ct) { if (context.Client.AllowedGrantTypes.Contains(GrantType.AuthorizationCode)) { @@ -265,13 +267,14 @@ public class DynamicClientRegistrationValidator : IDynamicClientRegistrationVali /// includes the client model that will have its scopes set, the DCR /// request, and other contextual information. /// + /// The cancellation token. /// A task that returns an , which either /// represents that this step succeeded or failed. - protected virtual Task SetScopesAsync(DynamicClientRegistrationContext context) + protected virtual Task SetScopesAsync(DynamicClientRegistrationContext context, CT ct) { if (string.IsNullOrEmpty(context.Request.Scope)) { - return SetDefaultScopes(context); + return SetDefaultScopes(context, ct); } else { @@ -299,9 +302,10 @@ public class DynamicClientRegistrationValidator : IDynamicClientRegistrationVali /// includes the client model that will have its scopes set, the DCR /// request, and other contextual information. /// + /// The cancellation token. /// A task that returns an , which either /// represents that this step succeeded or failed. - protected virtual Task SetDefaultScopes(DynamicClientRegistrationContext context) + protected virtual Task SetDefaultScopes(DynamicClientRegistrationContext context, CT ct) { Logger.LogDebug("No scopes requested for dynamic client registration, and no default scope behavior implemented. To set default scopes, extend the DynamicClientRegistrationValidator and override the SetDefaultScopes method."); return StepResult.Success(); @@ -314,9 +318,10 @@ public class DynamicClientRegistrationValidator : IDynamicClientRegistrationVali /// includes the client model that will have its secrets set, the DCR /// request, and other contextual information. /// + /// The cancellation token. /// A task that returns an , which either /// represents that this step succeeded or failed. - protected virtual Task SetSecretsAsync(DynamicClientRegistrationContext context) + protected virtual Task SetSecretsAsync(DynamicClientRegistrationContext context, CT ct) { if (context.Request.JwksUri is not null && context.Request.Jwks is not null) { @@ -398,9 +403,10 @@ public class DynamicClientRegistrationValidator : IDynamicClientRegistrationVali /// includes the client model that will have its name set, the DCR request, /// and other contextual information. /// + /// The cancellation token. /// A task that returns an , which either /// represents that this step succeeded or failed. - protected virtual Task SetClientNameAsync(DynamicClientRegistrationContext context) + protected virtual Task SetClientNameAsync(DynamicClientRegistrationContext context, CT ct) { context.Client.ClientName = context.Request?.ClientName; return StepResult.Success(); @@ -417,9 +423,10 @@ public class DynamicClientRegistrationValidator : IDynamicClientRegistrationVali /// includes the client model that will have its logout parameters set, the /// DCR request, and other contextual information. /// + /// The cancellation token. /// A task that returns an , which either /// represents that this step succeeded or failed. - protected virtual Task SetLogoutParametersAsync(DynamicClientRegistrationContext context) + protected virtual Task SetLogoutParametersAsync(DynamicClientRegistrationContext context, CT ct) { context.Client.PostLogoutRedirectUris = context.Request.PostLogoutRedirectUris?.Select(uri => uri.ToString()).ToList() ?? new List(); context.Client.FrontChannelLogoutUri = context.Request.FrontChannelLogoutUri?.AbsoluteUri; @@ -438,9 +445,10 @@ public class DynamicClientRegistrationValidator : IDynamicClientRegistrationVali /// includes the client model that will have its max age set, the DCR /// request, and other contextual information. /// + /// The cancellation token. /// A task that returns an , which either /// represents that this step succeeded or failed. - protected virtual Task SetMaxAgeAsync(DynamicClientRegistrationContext context) + protected virtual Task SetMaxAgeAsync(DynamicClientRegistrationContext context, CT ct) { if (context.Request.DefaultMaxAge.HasValue) { @@ -465,9 +473,10 @@ public class DynamicClientRegistrationValidator : IDynamicClientRegistrationVali /// The dynamic client registration context, which /// includes the client model that is being built up, the DCR request, and /// other contextual information. + /// The cancellation token. /// A task that returns an , which either /// represents that this step succeeded or failed. - protected virtual Task ValidateSoftwareStatementAsync(DynamicClientRegistrationContext context) => StepResult.Success(); + protected virtual Task ValidateSoftwareStatementAsync(DynamicClientRegistrationContext context, CT ct) => StepResult.Success(); /// /// Validates the requested client parameters related to public clients and @@ -479,9 +488,10 @@ public class DynamicClientRegistrationValidator : IDynamicClientRegistrationVali /// includes the client model that will have its public client properties /// set, the DCR request, and other contextual information. /// + /// The cancellation token. /// A task that returns an , which either /// represents that this step succeeded or failed. - protected virtual Task SetPublicClientProperties(DynamicClientRegistrationContext context) + protected virtual Task SetPublicClientProperties(DynamicClientRegistrationContext context, CT ct) { context.Client.AllowedCorsOrigins = context.Request.AllowedCorsOrigins ?? new(); if (context.Request.RequireClientSecret.HasValue) @@ -506,9 +516,10 @@ public class DynamicClientRegistrationValidator : IDynamicClientRegistrationVali /// includes the client model that will have its access token properties /// set, the DCR request, and other contextual information. /// + /// The cancellation token. /// A task that returns an , which either /// represents that this step succeeded or failed. - protected virtual Task SetAccessTokenProperties(DynamicClientRegistrationContext context) + protected virtual Task SetAccessTokenProperties(DynamicClientRegistrationContext context, CT ct) { if (context.Request.AccessTokenType != null) { @@ -540,9 +551,10 @@ public class DynamicClientRegistrationValidator : IDynamicClientRegistrationVali /// includes the client model that will have its id token properties set, /// the DCR request, and other contextual information. /// + /// The cancellation token. /// A task that returns an , which either /// represents that this step succeeded or failed. - protected virtual Task SetIdTokenProperties(DynamicClientRegistrationContext context) + protected virtual Task SetIdTokenProperties(DynamicClientRegistrationContext context, CT ct) { if (context.Request.IdentityTokenLifetime.HasValue) { @@ -567,9 +579,10 @@ public class DynamicClientRegistrationValidator : IDynamicClientRegistrationVali /// includes the client model that will have its server side session /// properties set, the DCR request, and other contextual information. /// + /// The cancellation token. /// A task that returns an , which either /// represents that this step succeeded or failed. - protected virtual Task SetServerSideSessionProperties(DynamicClientRegistrationContext context) + protected virtual Task SetServerSideSessionProperties(DynamicClientRegistrationContext context, CT ct) { if (context.Request.CoordinateLifetimeWithUserSession.HasValue) { @@ -587,11 +600,10 @@ public class DynamicClientRegistrationValidator : IDynamicClientRegistrationVali /// The dynamic client registration context, which /// includes the client model that will have miscellaneous properties set, /// the DCR request, and other contextual information. + /// The cancellation token. /// A task that returns an , which either /// represents that this step succeeded or failed. - /// A task that returns an , which either - /// represents that this step succeeded or failed. - protected virtual Task SetUserInterfaceProperties(DynamicClientRegistrationContext context) + protected virtual Task SetUserInterfaceProperties(DynamicClientRegistrationContext context, CT ct) { // Misc Uris context.Client.LogoUri = context.Request.LogoUri?.ToString(); diff --git a/identity-server/src/Configuration/Validation/DynamicClientRegistration/IDynamicClientRegistrationValidator.cs b/identity-server/src/Configuration/Validation/DynamicClientRegistration/IDynamicClientRegistrationValidator.cs index 3ac77dbe1..008cef971 100644 --- a/identity-server/src/Configuration/Validation/DynamicClientRegistration/IDynamicClientRegistrationValidator.cs +++ b/identity-server/src/Configuration/Validation/DynamicClientRegistration/IDynamicClientRegistrationValidator.cs @@ -16,8 +16,9 @@ public interface IDynamicClientRegistrationValidator /// /// Contextual information about the DCR /// request. + /// The cancellation token. /// A task that returns an , which either /// indicates success or failure. - Task ValidateAsync(DynamicClientRegistrationContext context); + Task ValidateAsync(DynamicClientRegistrationContext context, CT ct); } diff --git a/identity-server/src/IdentityServer/Endpoints/AuthorizeEndpointBase.cs b/identity-server/src/IdentityServer/Endpoints/AuthorizeEndpointBase.cs index 3e3d49295..b0dc4033f 100644 --- a/identity-server/src/IdentityServer/Endpoints/AuthorizeEndpointBase.cs +++ b/identity-server/src/IdentityServer/Endpoints/AuthorizeEndpointBase.cs @@ -84,7 +84,7 @@ internal abstract class AuthorizeEndpointBase : IEndpointHandler } // validate request - var result = await _validator.ValidateAsync(parameters, user); + var result = await _validator.ValidateAsync(parameters, ct, user); if (result.IsError) { diff --git a/identity-server/src/IdentityServer/Endpoints/BackchannelAuthenticationEndpoint.cs b/identity-server/src/IdentityServer/Endpoints/BackchannelAuthenticationEndpoint.cs index 286bfa6cb..65ed839b2 100644 --- a/identity-server/src/IdentityServer/Endpoints/BackchannelAuthenticationEndpoint.cs +++ b/identity-server/src/IdentityServer/Endpoints/BackchannelAuthenticationEndpoint.cs @@ -70,7 +70,7 @@ internal class BackchannelAuthenticationEndpoint : IEndpointHandler _logger.LogDebug("Start backchannel authentication request."); // validate client - var clientResult = await _clientValidator.ValidateAsync(context); + var clientResult = await _clientValidator.ValidateAsync(context, context.RequestAborted); if (clientResult.IsError) { var error = clientResult.Error ?? OidcConstants.BackchannelAuthenticationRequestErrors.InvalidClient; diff --git a/identity-server/src/IdentityServer/Endpoints/DeviceAuthorizationEndpoint.cs b/identity-server/src/IdentityServer/Endpoints/DeviceAuthorizationEndpoint.cs index 1fc3ee409..5d89187ea 100644 --- a/identity-server/src/IdentityServer/Endpoints/DeviceAuthorizationEndpoint.cs +++ b/identity-server/src/IdentityServer/Endpoints/DeviceAuthorizationEndpoint.cs @@ -79,7 +79,7 @@ internal class DeviceAuthorizationEndpoint : IEndpointHandler _logger.LogDebug("Start device authorize request."); // validate client - var clientResult = await _clientValidator.ValidateAsync(context); + var clientResult = await _clientValidator.ValidateAsync(context, context.RequestAborted); if (clientResult.IsError) { var error = clientResult.Error ?? OidcConstants.TokenErrors.InvalidClient; @@ -89,7 +89,7 @@ internal class DeviceAuthorizationEndpoint : IEndpointHandler // validate request var form = (await context.Request.ReadFormAsync()).AsNameValueCollection(); - var requestResult = await _requestValidator.ValidateAsync(form, clientResult); + var requestResult = await _requestValidator.ValidateAsync(form, clientResult, context.RequestAborted); if (requestResult.IsError) { diff --git a/identity-server/src/IdentityServer/Endpoints/IntrospectionEndpoint.cs b/identity-server/src/IdentityServer/Endpoints/IntrospectionEndpoint.cs index 503be41fb..26ddb21e0 100644 --- a/identity-server/src/IdentityServer/Endpoints/IntrospectionEndpoint.cs +++ b/identity-server/src/IdentityServer/Endpoints/IntrospectionEndpoint.cs @@ -100,10 +100,10 @@ internal class IntrospectionEndpoint : IEndpointHandler ApiResource api = null; Client client = null; - var apiResult = await _apiSecretValidator.ValidateAsync(context); + var apiResult = await _apiSecretValidator.ValidateAsync(context, context.RequestAborted); if (apiResult.IsError) { - clientResult = await _clientValidator.ValidateAsync(context); + clientResult = await _clientValidator.ValidateAsync(context, context.RequestAborted); if (clientResult.IsError) { _logger.LogError("Unauthorized call introspection endpoint. aborting."); diff --git a/identity-server/src/IdentityServer/Endpoints/OAuthMetadataEndpoint.cs b/identity-server/src/IdentityServer/Endpoints/OAuthMetadataEndpoint.cs index b55d69ec7..8db1fb715 100644 --- a/identity-server/src/IdentityServer/Endpoints/OAuthMetadataEndpoint.cs +++ b/identity-server/src/IdentityServer/Endpoints/OAuthMetadataEndpoint.cs @@ -51,7 +51,7 @@ internal class OAuthMetadataEndpoint( } context.Request.Path.StartsWithSegments("/.well-known/oauth-authorization-server", StringComparison.OrdinalIgnoreCase, out var issuerSubPath); - if (!await issuerPathValidator.ValidateAsync(issuerSubPath)) + if (!await issuerPathValidator.ValidateAsync(issuerSubPath, context.RequestAborted)) { logger.LogDebug("Request for OAuth discovery document contains invalid sub-path. Returning 404"); return new StatusCodeResult(HttpStatusCode.NotFound); diff --git a/identity-server/src/IdentityServer/Endpoints/PushedAuthorizationEndpoint.cs b/identity-server/src/IdentityServer/Endpoints/PushedAuthorizationEndpoint.cs index ac919383b..fb89816a7 100644 --- a/identity-server/src/IdentityServer/Endpoints/PushedAuthorizationEndpoint.cs +++ b/identity-server/src/IdentityServer/Endpoints/PushedAuthorizationEndpoint.cs @@ -65,7 +65,7 @@ internal class PushedAuthorizationEndpoint : IEndpointHandler } // Authenticate Client - var client = await _clientValidator.ValidateAsync(context); + var client = await _clientValidator.ValidateAsync(context, context.RequestAborted); if (client.IsError) { return CreateErrorResult( @@ -91,7 +91,7 @@ internal class PushedAuthorizationEndpoint : IEndpointHandler } // Perform validations specific to PAR, as well as validation of the pushed parameters - var parValidationResult = await _parValidator.ValidateAsync(validationContext); + var parValidationResult = await _parValidator.ValidateAsync(validationContext, context.RequestAborted); if (parValidationResult.IsError) { return CreateErrorResult( diff --git a/identity-server/src/IdentityServer/Endpoints/TokenEndpoint.cs b/identity-server/src/IdentityServer/Endpoints/TokenEndpoint.cs index 00244a1b3..8e2d2d711 100644 --- a/identity-server/src/IdentityServer/Endpoints/TokenEndpoint.cs +++ b/identity-server/src/IdentityServer/Endpoints/TokenEndpoint.cs @@ -88,7 +88,7 @@ internal class TokenEndpoint : IEndpointHandler _logger.LogDebug("Start token request."); // validate client - var clientResult = await _clientValidator.ValidateAsync(context); + var clientResult = await _clientValidator.ValidateAsync(context, context.RequestAborted); if (clientResult.IsError) { var errorMsg = clientResult.Error ?? OidcConstants.TokenErrors.InvalidClient; diff --git a/identity-server/src/IdentityServer/Endpoints/TokenRevocationEndpoint.cs b/identity-server/src/IdentityServer/Endpoints/TokenRevocationEndpoint.cs index f12ee77dc..e2132ee89 100644 --- a/identity-server/src/IdentityServer/Endpoints/TokenRevocationEndpoint.cs +++ b/identity-server/src/IdentityServer/Endpoints/TokenRevocationEndpoint.cs @@ -89,7 +89,7 @@ internal class TokenRevocationEndpoint : IEndpointHandler _logger.LogDebug("Start revocation request."); // validate client - var clientValidationResult = await _clientValidator.ValidateAsync(context); + var clientValidationResult = await _clientValidator.ValidateAsync(context, context.RequestAborted); if (clientValidationResult.IsError) { var error = clientValidationResult.Error ?? OidcConstants.TokenErrors.InvalidClient; @@ -103,7 +103,7 @@ internal class TokenRevocationEndpoint : IEndpointHandler var form = (await context.Request.ReadFormAsync()).AsNameValueCollection(); _logger.LogTrace("Calling into token revocation request validator: {type}", _requestValidator.GetType().FullName); - var requestValidationResult = await _requestValidator.ValidateRequestAsync(form, clientValidationResult.Client); + var requestValidationResult = await _requestValidator.ValidateRequestAsync(form, clientValidationResult.Client, context.RequestAborted); if (requestValidationResult.IsError) { diff --git a/identity-server/src/IdentityServer/Hosting/DynamicProviders/Store/ValidatingIdentityProviderStore.cs b/identity-server/src/IdentityServer/Hosting/DynamicProviders/Store/ValidatingIdentityProviderStore.cs index 8da46e115..91587581d 100644 --- a/identity-server/src/IdentityServer/Hosting/DynamicProviders/Store/ValidatingIdentityProviderStore.cs +++ b/identity-server/src/IdentityServer/Hosting/DynamicProviders/Store/ValidatingIdentityProviderStore.cs @@ -50,7 +50,7 @@ public class ValidatingIdentityProviderStore : IIdentityProviderStore _logger.LogTrace("Calling into identity provider configuration validator: {validatorType}", _validatorType); var context = new IdentityProviderConfigurationValidationContext(idp); - await _validator.ValidateAsync(context); + await _validator.ValidateAsync(context, ct); if (context.IsValid) { diff --git a/identity-server/src/IdentityServer/Hosting/LocalApiAuthentication/LocalApiAuthenticationHandler.cs b/identity-server/src/IdentityServer/Hosting/LocalApiAuthentication/LocalApiAuthenticationHandler.cs index 4b24f079e..9d8301a91 100644 --- a/identity-server/src/IdentityServer/Hosting/LocalApiAuthentication/LocalApiAuthenticationHandler.cs +++ b/identity-server/src/IdentityServer/Hosting/LocalApiAuthentication/LocalApiAuthenticationHandler.cs @@ -131,7 +131,7 @@ public class LocalApiAuthenticationHandler : AuthenticationHandler : IClientStore _logger.LogTrace("Calling into client configuration validator: {validatorType}", _validatorType); var context = new ClientConfigurationValidationContext(client); - await _validator.ValidateAsync(context); + await _validator.ValidateAsync(context, ct); if (context.IsValid) { @@ -88,7 +88,7 @@ public class ValidatingClientStore : IClientStore { _logger.LogTrace("Calling into client configuration validator: {validatorType}", _validatorType); var context = new ClientConfigurationValidationContext(client); - await _validator.ValidateAsync(context); + await _validator.ValidateAsync(context, ct); if (context.IsValid) { _logger.LogDebug("client configuration validation for client {clientId} succeeded.", client.ClientId); diff --git a/identity-server/src/IdentityServer/Test/TestBackchannelLoginUserValidator.cs b/identity-server/src/IdentityServer/Test/TestBackchannelLoginUserValidator.cs index fee8f7be9..dbc819658 100644 --- a/identity-server/src/IdentityServer/Test/TestBackchannelLoginUserValidator.cs +++ b/identity-server/src/IdentityServer/Test/TestBackchannelLoginUserValidator.cs @@ -22,7 +22,7 @@ public class TestBackchannelLoginUserValidator : IBackchannelAuthenticationUserV public TestBackchannelLoginUserValidator(TestUserStore testUserStore) => _testUserStore = testUserStore; /// - public Task ValidateRequestAsync(BackchannelAuthenticationUserValidatorContext userValidatorContext) + public Task ValidateRequestAsync(BackchannelAuthenticationUserValidatorContext userValidatorContext, CT ct) { var result = new BackchannelAuthenticationUserValidationResult(); diff --git a/identity-server/src/IdentityServer/Test/TestUserResourceOwnerPasswordValidator.cs b/identity-server/src/IdentityServer/Test/TestUserResourceOwnerPasswordValidator.cs index 2e729b302..e0b833e1d 100644 --- a/identity-server/src/IdentityServer/Test/TestUserResourceOwnerPasswordValidator.cs +++ b/identity-server/src/IdentityServer/Test/TestUserResourceOwnerPasswordValidator.cs @@ -27,12 +27,8 @@ public class TestUserResourceOwnerPasswordValidator : IResourceOwnerPasswordVali _timeProvider = timeProvider; } - /// - /// Validates the resource owner password credential - /// - /// The context. - /// - public Task ValidateAsync(ResourceOwnerPasswordValidationContext context) + /// + public Task ValidateAsync(ResourceOwnerPasswordValidationContext context, CT ct) { if (_users.ValidateCredentials(context.UserName, context.Password)) { diff --git a/identity-server/src/IdentityServer/Validation/Default/ApiSecretValidator.cs b/identity-server/src/IdentityServer/Validation/Default/ApiSecretValidator.cs index 803e05154..bd9f9e325 100644 --- a/identity-server/src/IdentityServer/Validation/Default/ApiSecretValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/ApiSecretValidator.cs @@ -42,8 +42,10 @@ public class ApiSecretValidator : IApiSecretValidator /// Validates the secret on the current request. /// /// The context. + /// The cancellation token. /// - public async Task ValidateAsync(HttpContext context) + /// + public async Task ValidateAsync(HttpContext context, CT ct) { using var activity = Tracing.ValidationActivitySource.StartActivity("ApiSecretValidator.Validate"); @@ -54,20 +56,20 @@ public class ApiSecretValidator : IApiSecretValidator IsError = true }; - var parsedSecret = await _parser.ParseAsync(context); + var parsedSecret = await _parser.ParseAsync(context, ct); if (parsedSecret == null) { - await RaiseFailureEventAsync("unknown", "No API id or secret found", context.RequestAborted); + await RaiseFailureEventAsync("unknown", "No API id or secret found", ct); _logger.LogError("No API secret found"); return fail; } // load API resource - var apis = await _resources.FindApiResourcesByNameAsync(new[] { parsedSecret.Id }, context.RequestAborted); + var apis = await _resources.FindApiResourcesByNameAsync(new[] { parsedSecret.Id }, ct); if (apis == null || !apis.Any()) { - await RaiseFailureEventAsync(parsedSecret.Id, "Unknown API resource", context.RequestAborted); + await RaiseFailureEventAsync(parsedSecret.Id, "Unknown API resource", ct); _logger.LogError("No API resource with that name found. aborting"); return fail; @@ -75,7 +77,7 @@ public class ApiSecretValidator : IApiSecretValidator if (apis.Count() > 1) { - await RaiseFailureEventAsync(parsedSecret.Id, "Invalid API resource", context.RequestAborted); + await RaiseFailureEventAsync(parsedSecret.Id, "Invalid API resource", ct); _logger.LogError("More than one API resource with that name found. aborting"); return fail; @@ -85,13 +87,13 @@ public class ApiSecretValidator : IApiSecretValidator if (api.Enabled == false) { - await RaiseFailureEventAsync(parsedSecret.Id, "API resource not enabled", context.RequestAborted); + await RaiseFailureEventAsync(parsedSecret.Id, "API resource not enabled", ct); _logger.LogError("API resource not enabled. aborting."); return fail; } - var result = await _validator.ValidateAsync(api.ApiSecrets, parsedSecret); + var result = await _validator.ValidateAsync(api.ApiSecrets, parsedSecret, ct); if (result.Success) { _logger.LogDebug("API resource validation success"); @@ -102,11 +104,11 @@ public class ApiSecretValidator : IApiSecretValidator Resource = api }; - await RaiseSuccessEventAsync(api.Name, parsedSecret.Type, context.RequestAborted); + await RaiseSuccessEventAsync(api.Name, parsedSecret.Type, ct); return success; } - await RaiseFailureEventAsync(api.Name, "Invalid API secret", context.RequestAborted); + await RaiseFailureEventAsync(api.Name, "Invalid API secret", ct); _logger.LogError("API validation failed."); return fail; diff --git a/identity-server/src/IdentityServer/Validation/Default/AuthorizeRequestValidator.cs b/identity-server/src/IdentityServer/Validation/Default/AuthorizeRequestValidator.cs index 2a462c623..688895986 100644 --- a/identity-server/src/IdentityServer/Validation/Default/AuthorizeRequestValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/AuthorizeRequestValidator.cs @@ -1,6 +1,7 @@ // Copyright (c) Duende Software. All rights reserved. // See LICENSE in the project root for license information. +#nullable enable using System.Collections.Specialized; using System.Security.Claims; @@ -36,8 +37,6 @@ internal class AuthorizeRequestValidator : IAuthorizeRequestValidator private readonly ResponseTypeEqualityComparer _responseTypeEqualityComparer = new ResponseTypeEqualityComparer(); - private CT _ct; - public AuthorizeRequestValidator( IdentityServerOptions options, @@ -69,19 +68,18 @@ internal class AuthorizeRequestValidator : IAuthorizeRequestValidator public async Task ValidateAsync( NameValueCollection parameters, - ClaimsPrincipal subject = null, + CT ct, + ClaimsPrincipal? subject = null, AuthorizeRequestType authorizeRequestType = AuthorizeRequestType.Authorize) { using var activity = Tracing.BasicActivitySource.StartActivity("AuthorizeRequestValidator.Validate"); - _ct = CT.None; - _sanitizedLogger.LogDebug("Start authorize request protocol validation"); var request = new ValidatedAuthorizeRequest { Options = _options, - IssuerName = await _issuerNameService.GetCurrentAsync(default), + IssuerName = await _issuerNameService.GetCurrentAsync(ct), Subject = subject ?? Principal.Anonymous, Raw = parameters ?? throw new ArgumentNullException(nameof(parameters)), AuthorizeRequestType = authorizeRequestType @@ -96,21 +94,21 @@ internal class AuthorizeRequestValidator : IAuthorizeRequestValidator // load client_id // client_id must always be present on the request - var loadClientResult = await LoadClientAsync(request); + var loadClientResult = await LoadClientAsync(request, ct); if (loadClientResult.IsError) { return loadClientResult; } // load request object - var roLoadResult = await _requestObjectValidator.LoadRequestObjectAsync(request, _ct); + var roLoadResult = await _requestObjectValidator.LoadRequestObjectAsync(request, ct); if (roLoadResult.IsError) { return roLoadResult; } // validate request object - var roValidationResult = await _requestObjectValidator.ValidateRequestObjectAsync(request, _ct); + var roValidationResult = await _requestObjectValidator.ValidateRequestObjectAsync(request, ct); if (roValidationResult.IsError) { return roValidationResult; @@ -124,7 +122,7 @@ internal class AuthorizeRequestValidator : IAuthorizeRequestValidator } // validate client_id and redirect_uri - var clientResult = await ValidateClientAsync(request); + var clientResult = await ValidateClientAsync(request, ct); if (clientResult.IsError) { return clientResult; @@ -138,14 +136,14 @@ internal class AuthorizeRequestValidator : IAuthorizeRequestValidator } // scope, scope restrictions and plausibility, and resource indicators - var scopeResult = await ValidateScopeAndResourceAsync(request); + var scopeResult = await ValidateScopeAndResourceAsync(request, ct); if (scopeResult.IsError) { return scopeResult; } // nonce, prompt, acr_values, login_hint etc. - var optionalResult = await ValidateOptionalParametersAsync(request); + var optionalResult = await ValidateOptionalParametersAsync(request, ct); if (optionalResult.IsError) { return optionalResult; @@ -157,13 +155,13 @@ internal class AuthorizeRequestValidator : IAuthorizeRequestValidator { Result = new AuthorizeRequestValidationResult(request) }; - await _customValidator.ValidateAsync(context); + await _customValidator.ValidateAsync(context, ct); var customResult = context.Result; if (customResult.IsError) { LogError("Error in custom validation", customResult.Error, request); - return Invalid(request, customResult.Error, customResult.ErrorDescription); + return Invalid(request, customResult.Error ?? OidcConstants.AuthorizeErrors.InvalidRequest, customResult.ErrorDescription); } _sanitizedLogger.LogTrace("Authorize request protocol validation successful"); @@ -198,7 +196,7 @@ internal class AuthorizeRequestValidator : IAuthorizeRequestValidator return Valid(request); } - private async Task LoadClientAsync(ValidatedAuthorizeRequest request) + private async Task LoadClientAsync(ValidatedAuthorizeRequest request, CT ct) { ////////////////////////////////////////////////////////// // client_id must be present @@ -211,12 +209,12 @@ internal class AuthorizeRequestValidator : IAuthorizeRequestValidator return Invalid(request, description: "Invalid client_id"); } - request.ClientId = clientId; + request.ClientId = clientId!; ////////////////////////////////////////////////////////// // check for valid client ////////////////////////////////////////////////////////// - var client = await _clients.FindEnabledClientByIdAsync(request.ClientId, _ct); + var client = await _clients.FindEnabledClientByIdAsync(request.ClientId, ct); if (client == null) { LogError("Unknown client or not enabled", request.ClientId, request); @@ -228,7 +226,7 @@ internal class AuthorizeRequestValidator : IAuthorizeRequestValidator return Valid(request); } - private async Task ValidateClientAsync(ValidatedAuthorizeRequest request) + private async Task ValidateClientAsync(ValidatedAuthorizeRequest request, CT ct) { ////////////////////////////////////////////////////////// // check request object requirement @@ -252,7 +250,7 @@ internal class AuthorizeRequestValidator : IAuthorizeRequestValidator return Invalid(request, description: "Invalid redirect_uri"); } - if (!redirectUri.IsUri()) + if (!redirectUri!.IsUri()) { LogError("malformed redirect_uri", redirectUri, request); return Invalid(request, description: "Invalid redirect_uri"); @@ -270,14 +268,14 @@ internal class AuthorizeRequestValidator : IAuthorizeRequestValidator ////////////////////////////////////////////////////////// // check if redirect_uri is valid ////////////////////////////////////////////////////////// - var uriContext = new RedirectUriValidationContext(redirectUri, request); - if (await _uriValidator.IsRedirectUriValidAsync(uriContext) == false) + var uriContext = new RedirectUriValidationContext(redirectUri!, request); + if (await _uriValidator.IsRedirectUriValidAsync(uriContext, ct) == false) { LogError("Invalid redirect_uri", redirectUri, request); return Invalid(request, OidcConstants.AuthorizeErrors.InvalidRequest, "Invalid redirect_uri"); } - request.RedirectUri = redirectUri; + request.RedirectUri = redirectUri!; return Valid(request); } @@ -477,7 +475,7 @@ internal class AuthorizeRequestValidator : IAuthorizeRequestValidator return Valid(request); } - private async Task ValidateScopeAndResourceAsync(ValidatedAuthorizeRequest request) + private async Task ValidateScopeAndResourceAsync(ValidatedAuthorizeRequest request, CT ct) { ////////////////////////////////////////////////////////// // scope must be present @@ -551,7 +549,7 @@ internal class AuthorizeRequestValidator : IAuthorizeRequestValidator Client = request.Client, Scopes = request.RequestedScopes, ResourceIndicators = resourceIndicators, - }, default); + }, ct); if (!validatedResources.Succeeded) { @@ -566,7 +564,7 @@ internal class AuthorizeRequestValidator : IAuthorizeRequestValidator } } - _licenseUsage.ResourceIndicatorsUsed(resourceIndicators); + _licenseUsage.ResourceIndicatorsUsed(resourceIndicators!); IdentityServerLicenseValidator.Instance.ValidateResourceIndicators(resourceIndicators); if (validatedResources.Resources.IdentityResources.Count > 0 && !request.IsOpenIdRequest) @@ -619,7 +617,7 @@ internal class AuthorizeRequestValidator : IAuthorizeRequestValidator return Valid(request); } - private async Task ValidateOptionalParametersAsync(ValidatedAuthorizeRequest request) + private async Task ValidateOptionalParametersAsync(ValidatedAuthorizeRequest request, CT ct) { ////////////////////////////////////////////////////////// // check nonce @@ -800,7 +798,7 @@ internal class AuthorizeRequestValidator : IAuthorizeRequestValidator ////////////////////////////////////////////////////////// if (request.Subject.IsAuthenticated()) { - var sessionId = await _userSession.GetSessionIdAsync(default); + var sessionId = await _userSession.GetSessionIdAsync(ct); if (sessionId.IsPresent()) { request.SessionId = sessionId; @@ -844,7 +842,7 @@ internal class AuthorizeRequestValidator : IAuthorizeRequestValidator return true; } - private static AuthorizeRequestValidationResult Invalid(ValidatedAuthorizeRequest request, string error = OidcConstants.AuthorizeErrors.InvalidRequest, string description = null) => new AuthorizeRequestValidationResult(request, error, description); + private static AuthorizeRequestValidationResult Invalid(ValidatedAuthorizeRequest request, string error = OidcConstants.AuthorizeErrors.InvalidRequest, string? description = null) => new AuthorizeRequestValidationResult(request, error, description); private static AuthorizeRequestValidationResult Valid(ValidatedAuthorizeRequest request) => new AuthorizeRequestValidationResult(request); @@ -854,7 +852,7 @@ internal class AuthorizeRequestValidator : IAuthorizeRequestValidator _sanitizedLogger.LogError(message + "\n{@requestDetails}", requestDetails); } - private void LogError(string message, string detail, ValidatedAuthorizeRequest request) + private void LogError(string message, string? detail, ValidatedAuthorizeRequest request) { var requestDetails = new AuthorizeRequestValidationLog(request, _options.Logging.AuthorizeRequestSensitiveValuesFilter); _sanitizedLogger.LogError(message + ": {detail}\n{@requestDetails}", detail, requestDetails); diff --git a/identity-server/src/IdentityServer/Validation/Default/BackchannelAuthenticationRequestValidator.cs b/identity-server/src/IdentityServer/Validation/Default/BackchannelAuthenticationRequestValidator.cs index 90310040b..702aa9f7e 100644 --- a/identity-server/src/IdentityServer/Validation/Default/BackchannelAuthenticationRequestValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/BackchannelAuthenticationRequestValidator.cs @@ -94,7 +94,7 @@ internal class BackchannelAuthenticationRequestValidator : IBackchannelAuthentic ////////////////////////////////////////////////////////// // validate request object ////////////////////////////////////////////////////////// - var roValidationResult = await TryValidateRequestObjectAsync(); + var roValidationResult = await TryValidateRequestObjectAsync(ct); if (!roValidationResult.Success) { return roValidationResult.ErrorResult; @@ -165,7 +165,7 @@ internal class BackchannelAuthenticationRequestValidator : IBackchannelAuthentic Client = _validatedRequest.Client, Scopes = _validatedRequest.RequestedScopes, ResourceIndicators = resourceIndicators, - }, default); + }, ct); if (!validatedResources.Succeeded) { @@ -391,7 +391,7 @@ internal class BackchannelAuthenticationRequestValidator : IBackchannelAuthentic IdTokenHintClaims = _validatedRequest.IdTokenHintClaims, UserCode = _validatedRequest.UserCode, BindingMessage = _validatedRequest.BindingMessage - }); + }, ct); if (userResult.IsError) { @@ -440,7 +440,7 @@ internal class BackchannelAuthenticationRequestValidator : IBackchannelAuthentic var result = new BackchannelAuthenticationRequestValidationResult(_validatedRequest); var customValidationContext = new CustomBackchannelAuthenticationRequestValidationContext(result); - await _customValidator.ValidateAsync(customValidationContext); + await _customValidator.ValidateAsync(customValidationContext, ct); if (customValidationContext.ValidationResult.IsError) { LogError("Custom validation of backchannel authorize request failed"); @@ -451,7 +451,7 @@ internal class BackchannelAuthenticationRequestValidator : IBackchannelAuthentic return result; } - private async Task<(bool Success, BackchannelAuthenticationRequestValidationResult ErrorResult)> TryValidateRequestObjectAsync() + private async Task<(bool Success, BackchannelAuthenticationRequestValidationResult ErrorResult)> TryValidateRequestObjectAsync(CT ct) { ////////////////////////////////////////////////////////// // validate request object @@ -465,7 +465,7 @@ internal class BackchannelAuthenticationRequestValidator : IBackchannelAuthentic JwtTokenString = _validatedRequest.RequestObject, StrictJarValidation = false, IncludeJti = true - }); + }, ct); if (jwtRequestValidationResult.IsError) { LogError("request JWT validation failure", jwtRequestValidationResult.Error); diff --git a/identity-server/src/IdentityServer/Validation/Default/BasicAuthenticationSecretParser.cs b/identity-server/src/IdentityServer/Validation/Default/BasicAuthenticationSecretParser.cs index f94013834..6c8152c32 100644 --- a/identity-server/src/IdentityServer/Validation/Default/BasicAuthenticationSecretParser.cs +++ b/identity-server/src/IdentityServer/Validation/Default/BasicAuthenticationSecretParser.cs @@ -45,7 +45,8 @@ public class BasicAuthenticationSecretParser : ISecretParser /// /// A parsed secret /// - public Task ParseAsync(HttpContext context) + /// + public Task ParseAsync(HttpContext context, CT ct) { _logger.LogDebug("Start parsing Basic Authentication secret"); diff --git a/identity-server/src/IdentityServer/Validation/Default/ClientSecretValidator.cs b/identity-server/src/IdentityServer/Validation/Default/ClientSecretValidator.cs index 0a8337df1..a15306f48 100644 --- a/identity-server/src/IdentityServer/Validation/Default/ClientSecretValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/ClientSecretValidator.cs @@ -39,12 +39,8 @@ public class ClientSecretValidator : IClientSecretValidator _logger = logger; } - /// - /// Validates the current request. - /// - /// The context. - /// - public async Task ValidateAsync(HttpContext context) + /// + public async Task ValidateAsync(HttpContext context, CT ct) { using var activity = Tracing.ValidationActivitySource.StartActivity("ClientSecretValidator.Validate"); @@ -56,10 +52,10 @@ public class ClientSecretValidator : IClientSecretValidator Error = IdentityModel.OidcConstants.TokenErrors.InvalidClient }; - var parsedSecret = await _parser.ParseAsync(context); + var parsedSecret = await _parser.ParseAsync(context, ct); if (parsedSecret == null) { - await RaiseFailureEventAsync("unknown", "No client id found", context.RequestAborted); + await RaiseFailureEventAsync("unknown", "No client id found", ct); _logger.LogError("No client identifier found"); @@ -68,10 +64,10 @@ public class ClientSecretValidator : IClientSecretValidator } // load client - var client = await _clients.FindEnabledClientByIdAsync(parsedSecret.Id, context.RequestAborted); + var client = await _clients.FindEnabledClientByIdAsync(parsedSecret.Id, ct); if (client == null) { - await RaiseFailureEventAsync(parsedSecret.Id, "Unknown client", context.RequestAborted); + await RaiseFailureEventAsync(parsedSecret.Id, "Unknown client", ct); _logger.LogError("No client with id '{clientId}' found. aborting", parsedSecret.Id); return fail; @@ -84,10 +80,10 @@ public class ClientSecretValidator : IClientSecretValidator } else { - secretValidationResult = await _validator.ValidateAsync(client.ClientSecrets, parsedSecret); + secretValidationResult = await _validator.ValidateAsync(client.ClientSecrets, parsedSecret, ct); if (secretValidationResult.Success == false) { - await RaiseFailureEventAsync(client.ClientId, "Invalid client secret", context.RequestAborted); + await RaiseFailureEventAsync(client.ClientId, "Invalid client secret", ct); _logger.LogError("Client secret validation failed for client: {clientId}.", client.ClientId); return fail; @@ -104,7 +100,7 @@ public class ClientSecretValidator : IClientSecretValidator Confirmation = secretValidationResult?.Confirmation }; - await RaiseSuccessEventAsync(client.ClientId, parsedSecret.Type, context.RequestAborted); + await RaiseSuccessEventAsync(client.ClientId, parsedSecret.Type, ct); return success; } diff --git a/identity-server/src/IdentityServer/Validation/Default/DefaultClientConfigurationValidator.cs b/identity-server/src/IdentityServer/Validation/Default/DefaultClientConfigurationValidator.cs index 8a2a0e215..3c9bbc134 100644 --- a/identity-server/src/IdentityServer/Validation/Default/DefaultClientConfigurationValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/DefaultClientConfigurationValidator.cs @@ -25,8 +25,9 @@ public class DefaultClientConfigurationValidator : IClientConfigurationValidator /// Determines whether the configuration of a client is valid. /// /// The context. + /// The cancellation token. /// - public async Task ValidateAsync(ClientConfigurationValidationContext context) + public async Task ValidateAsync(ClientConfigurationValidationContext context, CT ct) { using var activity = Tracing.ValidationActivitySource.StartActivity("DefaultClientConfigurationValidator.Validate"); diff --git a/identity-server/src/IdentityServer/Validation/Default/DefaultCustomAuthorizeRequestValidator.cs b/identity-server/src/IdentityServer/Validation/Default/DefaultCustomAuthorizeRequestValidator.cs index 74a3e5f1f..e81ec0efd 100644 --- a/identity-server/src/IdentityServer/Validation/Default/DefaultCustomAuthorizeRequestValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/DefaultCustomAuthorizeRequestValidator.cs @@ -13,5 +13,7 @@ internal class DefaultCustomAuthorizeRequestValidator : ICustomAuthorizeRequestV /// Custom validation logic for the authorize request. /// /// The context. - public Task ValidateAsync(CustomAuthorizeRequestValidationContext context) => Task.CompletedTask; + /// The cancellation token. + /// + public Task ValidateAsync(CustomAuthorizeRequestValidationContext context, CT ct) => Task.CompletedTask; } diff --git a/identity-server/src/IdentityServer/Validation/Default/DefaultCustomBackchannelAuthenticationValidator.cs b/identity-server/src/IdentityServer/Validation/Default/DefaultCustomBackchannelAuthenticationValidator.cs index b597659ee..15fa35dbb 100644 --- a/identity-server/src/IdentityServer/Validation/Default/DefaultCustomBackchannelAuthenticationValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/DefaultCustomBackchannelAuthenticationValidator.cs @@ -11,5 +11,6 @@ namespace Duende.IdentityServer.Validation; public class DefaultCustomBackchannelAuthenticationValidator : ICustomBackchannelAuthenticationValidator { /// - public Task ValidateAsync(CustomBackchannelAuthenticationRequestValidationContext customValidationContext) => Task.CompletedTask; + /// + public Task ValidateAsync(CustomBackchannelAuthenticationRequestValidationContext customValidationContext, CT ct) => Task.CompletedTask; } diff --git a/identity-server/src/IdentityServer/Validation/Default/DefaultCustomTokenRequestValidator.cs b/identity-server/src/IdentityServer/Validation/Default/DefaultCustomTokenRequestValidator.cs index 46ce763d1..9882bb14e 100644 --- a/identity-server/src/IdentityServer/Validation/Default/DefaultCustomTokenRequestValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/DefaultCustomTokenRequestValidator.cs @@ -13,8 +13,10 @@ internal class DefaultCustomTokenRequestValidator : ICustomTokenRequestValidator /// Custom validation logic for a token request. /// /// The context. + /// The cancellation token. /// /// The validation result /// - public Task ValidateAsync(CustomTokenRequestValidationContext context) => Task.CompletedTask; + /// + public Task ValidateAsync(CustomTokenRequestValidationContext context, CT ct) => Task.CompletedTask; } diff --git a/identity-server/src/IdentityServer/Validation/Default/DefaultCustomTokenValidator.cs b/identity-server/src/IdentityServer/Validation/Default/DefaultCustomTokenValidator.cs index b62a3855f..a1b41c747 100644 --- a/identity-server/src/IdentityServer/Validation/Default/DefaultCustomTokenValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/DefaultCustomTokenValidator.cs @@ -32,17 +32,13 @@ public class DefaultCustomTokenValidator : ICustomTokenValidator /// Custom validation logic for access tokens. /// /// The validation result so far. + /// The cancellation token. /// /// The validation result /// - public virtual Task ValidateAccessTokenAsync(TokenValidationResult result) => Task.FromResult(result); + /// + public virtual Task ValidateAccessTokenAsync(TokenValidationResult result, CT ct) => Task.FromResult(result); - /// - /// Custom validation logic for identity tokens. - /// - /// The validation result so far. - /// - /// The validation result - /// - public virtual Task ValidateIdentityTokenAsync(TokenValidationResult result) => Task.FromResult(result); + /// + public virtual Task ValidateIdentityTokenAsync(TokenValidationResult result, CT ct) => Task.FromResult(result); } diff --git a/identity-server/src/IdentityServer/Validation/Default/DefaultDPoPProofValidator.cs b/identity-server/src/IdentityServer/Validation/Default/DefaultDPoPProofValidator.cs index 913bb3ac1..47bfb4d36 100644 --- a/identity-server/src/IdentityServer/Validation/Default/DefaultDPoPProofValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/DefaultDPoPProofValidator.cs @@ -69,7 +69,7 @@ public class DefaultDPoPProofValidator : IDPoPProofValidator } /// - public async Task ValidateAsync(DPoPProofValidatonContext context) + public async Task ValidateAsync(DPoPProofValidatonContext context, CT ct) { var result = new DPoPProofValidatonResult() { IsError = false }; @@ -96,7 +96,7 @@ public class DefaultDPoPProofValidator : IDPoPProofValidator return result; } - await ValidatePayloadAsync(context, result); + await ValidatePayloadAsync(context, result, ct); if (result.IsError) { Logger.LogDebug("Failed to validate DPoP payload"); @@ -284,7 +284,7 @@ public class DefaultDPoPProofValidator : IDPoPProofValidator /// /// Validates the payload. /// - protected virtual async Task ValidatePayloadAsync(DPoPProofValidatonContext context, DPoPProofValidatonResult result) + protected virtual async Task ValidatePayloadAsync(DPoPProofValidatonContext context, DPoPProofValidatonResult result, CT ct) { if (context.ValidateAccessToken) { @@ -370,7 +370,7 @@ public class DefaultDPoPProofValidator : IDPoPProofValidator } // we do replay at the end so we only add to the reply cache if everything else is ok - await ValidateReplayAsync(context, result); + await ValidateReplayAsync(context, result, ct); if (result.IsError) { result.ErrorDescription = "Detected replay of DPoP proof token."; @@ -381,9 +381,9 @@ public class DefaultDPoPProofValidator : IDPoPProofValidator /// /// Validates is the token has been replayed. /// - protected virtual async Task ValidateReplayAsync(DPoPProofValidatonContext context, DPoPProofValidatonResult result) + protected virtual async Task ValidateReplayAsync(DPoPProofValidatonContext context, DPoPProofValidatonResult result, CT ct) { - if (await ReplayCache.ExistsAsync(ReplayCachePurpose, result.TokenId, default)) + if (await ReplayCache.ExistsAsync(ReplayCachePurpose, result.TokenId, ct)) { Logger.LogDebug("Detected DPoP proof token replay for jti {jti}", result.TokenId); result.IsError = true; @@ -410,7 +410,7 @@ public class DefaultDPoPProofValidator : IDPoPProofValidator Logger.LogDebug("Adding proof token with jti {jti} to replay cache for duration {cacheDuration}", result.TokenId, cacheDuration); - await ReplayCache.AddAsync(ReplayCachePurpose, result.TokenId, TimeProvider.GetUtcNow().Add(cacheDuration), default); + await ReplayCache.AddAsync(ReplayCachePurpose, result.TokenId, TimeProvider.GetUtcNow().Add(cacheDuration), ct); } /// diff --git a/identity-server/src/IdentityServer/Validation/Default/DefaultIdentityProviderConfigurationValidator.cs b/identity-server/src/IdentityServer/Validation/Default/DefaultIdentityProviderConfigurationValidator.cs index 348b6a6f7..519485c36 100644 --- a/identity-server/src/IdentityServer/Validation/Default/DefaultIdentityProviderConfigurationValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/DefaultIdentityProviderConfigurationValidator.cs @@ -21,7 +21,7 @@ public class DefaultIdentityProviderConfigurationValidator : IIdentityProviderCo public DefaultIdentityProviderConfigurationValidator(IdentityServerOptions options) => _options = options; /// - public virtual async Task ValidateAsync(IdentityProviderConfigurationValidationContext context) + public virtual async Task ValidateAsync(IdentityProviderConfigurationValidationContext context, CT ct) { using var activity = Tracing.ValidationActivitySource.StartActivity("DefaultIdentityProviderConfigurationValidator.Validate"); diff --git a/identity-server/src/IdentityServer/Validation/Default/DefaultIssuerPathValidator.cs b/identity-server/src/IdentityServer/Validation/Default/DefaultIssuerPathValidator.cs index c012dd0b6..522397cc8 100644 --- a/identity-server/src/IdentityServer/Validation/Default/DefaultIssuerPathValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/DefaultIssuerPathValidator.cs @@ -9,7 +9,7 @@ namespace Duende.IdentityServer.Validation; public class DefaultIssuerPathValidator(IIssuerNameService issuerNameService, ILogger logger) : IIssuerPathValidator { - public async Task ValidateAsync(string path) + public async Task ValidateAsync(string path, CT ct) { //if there is no path, this is fine since the default issuer is probably being used if (path.IsMissing()) @@ -18,7 +18,7 @@ public class DefaultIssuerPathValidator(IIssuerNameService issuerNameService, IL } //if there is a path, then we should be matching against an explicitly configured issuer - var currentIssuer = await issuerNameService.GetCurrentAsync(default); + var currentIssuer = await issuerNameService.GetCurrentAsync(ct); if (!Uri.TryCreate(currentIssuer, UriKind.Absolute, out var uri)) { logger.LogDebug("Current issuer is not a valid absolute URI: {Issuer}", currentIssuer.SanitizeLogParameter()); diff --git a/identity-server/src/IdentityServer/Validation/Default/DeviceAuthorizationRequestValidator.cs b/identity-server/src/IdentityServer/Validation/Default/DeviceAuthorizationRequestValidator.cs index a40c9254a..e9b0949de 100644 --- a/identity-server/src/IdentityServer/Validation/Default/DeviceAuthorizationRequestValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/DeviceAuthorizationRequestValidator.cs @@ -28,7 +28,7 @@ internal class DeviceAuthorizationRequestValidator : IDeviceAuthorizationRequest _logger = logger; } - public async Task ValidateAsync(NameValueCollection parameters, ClientSecretValidationResult clientValidationResult) + public async Task ValidateAsync(NameValueCollection parameters, ClientSecretValidationResult clientValidationResult, CT ct) { using var activity = Tracing.BasicActivitySource.StartActivity("DeviceAuthorizationRequestValidator.Validate"); @@ -46,7 +46,7 @@ internal class DeviceAuthorizationRequestValidator : IDeviceAuthorizationRequest return clientResult; } - var scopeResult = await ValidateScopeAsync(request); + var scopeResult = await ValidateScopeAsync(request, ct); if (scopeResult.IsError) { return scopeResult; @@ -101,7 +101,7 @@ internal class DeviceAuthorizationRequestValidator : IDeviceAuthorizationRequest return Valid(request); } - private async Task ValidateScopeAsync(ValidatedDeviceAuthorizationRequest request) + private async Task ValidateScopeAsync(ValidatedDeviceAuthorizationRequest request, CT ct) { ////////////////////////////////////////////////////////// // scope must be present @@ -148,7 +148,7 @@ internal class DeviceAuthorizationRequestValidator : IDeviceAuthorizationRequest { Client = request.Client, Scopes = request.RequestedScopes - }, default); + }, ct); if (!validatedResources.Succeeded) { diff --git a/identity-server/src/IdentityServer/Validation/Default/EndSessionRequestValidator.cs b/identity-server/src/IdentityServer/Validation/Default/EndSessionRequestValidator.cs index 57357bac3..dc755bf03 100644 --- a/identity-server/src/IdentityServer/Validation/Default/EndSessionRequestValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/EndSessionRequestValidator.cs @@ -145,7 +145,7 @@ public class EndSessionRequestValidator : IEndSessionRequestValidator var redirectUri = parameters.Get(OidcConstants.EndSessionRequest.PostLogoutRedirectUri); if (redirectUri.IsPresent()) { - if (await UriValidator.IsPostLogoutRedirectUriValidAsync(redirectUri, validatedRequest.Client)) + if (await UriValidator.IsPostLogoutRedirectUriValidAsync(redirectUri, validatedRequest.Client, ct)) { validatedRequest.PostLogOutUri = redirectUri; } diff --git a/identity-server/src/IdentityServer/Validation/Default/ExtensionGrantValidator.cs b/identity-server/src/IdentityServer/Validation/Default/ExtensionGrantValidator.cs index 25e1bfa05..ca5e00da6 100644 --- a/identity-server/src/IdentityServer/Validation/Default/ExtensionGrantValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/ExtensionGrantValidator.cs @@ -44,8 +44,9 @@ public class ExtensionGrantValidator /// Validates the request. /// /// The request. + /// The cancellation token. /// - public async Task ValidateAsync(ValidatedTokenRequest request) + public async Task ValidateAsync(ValidatedTokenRequest request, CT ct) { var validator = _validators.FirstOrDefault(v => v.GrantType.Equals(request.GrantType, StringComparison.Ordinal)); @@ -64,7 +65,7 @@ public class ExtensionGrantValidator Request = request }; - await validator.ValidateAsync(context); + await validator.ValidateAsync(context, ct); return context.Result; } catch (Exception e) diff --git a/identity-server/src/IdentityServer/Validation/Default/HashedSharedSecretValidator.cs b/identity-server/src/IdentityServer/Validation/Default/HashedSharedSecretValidator.cs index 52060fcb5..a498e743e 100644 --- a/identity-server/src/IdentityServer/Validation/Default/HashedSharedSecretValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/HashedSharedSecretValidator.cs @@ -27,11 +27,13 @@ public class HashedSharedSecretValidator : ISecretValidator /// /// The stored secrets. /// The received secret. + /// The cancellation token. /// /// A validation result /// /// Id or credential - public Task ValidateAsync(IEnumerable secrets, ParsedSecret parsedSecret) + /// + public Task ValidateAsync(IEnumerable secrets, ParsedSecret parsedSecret, CT ct) { var fail = Task.FromResult(new SecretValidationResult { Success = false }); var success = Task.FromResult(new SecretValidationResult { Success = true }); diff --git a/identity-server/src/IdentityServer/Validation/Default/JwtBearerClientAssertionSecretParser.cs b/identity-server/src/IdentityServer/Validation/Default/JwtBearerClientAssertionSecretParser.cs index c9c3d6deb..ef4479c3a 100644 --- a/identity-server/src/IdentityServer/Validation/Default/JwtBearerClientAssertionSecretParser.cs +++ b/identity-server/src/IdentityServer/Validation/Default/JwtBearerClientAssertionSecretParser.cs @@ -44,10 +44,12 @@ public class JwtBearerClientAssertionSecretParser : ISecretParser /// Used for "private_key_jwt" client authentication method as defined in http://openid.net/specs/openid-connect-core-1_0.html#ClientAuthentication /// /// The HTTP context + /// The cancellation token. /// /// A parsed secret /// - public async Task ParseAsync(HttpContext context) + /// + public async Task ParseAsync(HttpContext context, CT ct) { _logger.LogDebug("Start parsing for JWT client assertion in post body"); @@ -57,7 +59,7 @@ public class JwtBearerClientAssertionSecretParser : ISecretParser return null; } - var body = await context.Request.ReadFormAsync(); + var body = await context.Request.ReadFormAsync(ct); if (body != null) { diff --git a/identity-server/src/IdentityServer/Validation/Default/JwtRequestValidator.cs b/identity-server/src/IdentityServer/Validation/Default/JwtRequestValidator.cs index b77e92a1e..896a39187 100644 --- a/identity-server/src/IdentityServer/Validation/Default/JwtRequestValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/JwtRequestValidator.cs @@ -29,14 +29,14 @@ public class JwtRequestValidator : IJwtRequestValidator /// /// The audience URI to use /// - protected async Task GetAudienceUri() + protected async Task GetAudienceUri(CT ct) { if (_audienceUri.IsPresent()) { return _audienceUri; } - return await IssuerNameService.GetCurrentAsync(default); + return await IssuerNameService.GetCurrentAsync(ct); } /// @@ -82,7 +82,7 @@ public class JwtRequestValidator : IJwtRequestValidator } /// - public virtual async Task ValidateAsync(JwtRequestValidationContext context) + public virtual async Task ValidateAsync(JwtRequestValidationContext context, CT ct) { using var activity = Tracing.BasicActivitySource.StartActivity("JwtRequestValidator.Validate"); @@ -119,7 +119,7 @@ public class JwtRequestValidator : IJwtRequestValidator JsonWebToken jwtSecurityToken; try { - jwtSecurityToken = await ValidateJwtAsync(context, trustedKeys); + jwtSecurityToken = await ValidateJwtAsync(context, trustedKeys, ct); } catch (Exception e) { @@ -156,7 +156,7 @@ public class JwtRequestValidator : IJwtRequestValidator /// /// Validates the JWT token /// - protected virtual async Task ValidateJwtAsync(JwtRequestValidationContext context, IEnumerable keys) + protected virtual async Task ValidateJwtAsync(JwtRequestValidationContext context, IEnumerable keys, CT ct) { var tokenValidationParameters = new TokenValidationParameters { @@ -166,7 +166,7 @@ public class JwtRequestValidator : IJwtRequestValidator ValidIssuer = context.Client.ClientId, ValidateIssuer = true, - ValidAudience = await GetAudienceUri(), + ValidAudience = await GetAudienceUri(ct), ValidateAudience = true, RequireSignedTokens = true, diff --git a/identity-server/src/IdentityServer/Validation/Default/MutualTlsSecretParser.cs b/identity-server/src/IdentityServer/Validation/Default/MutualTlsSecretParser.cs index 2f1e3eb41..7c8c89434 100644 --- a/identity-server/src/IdentityServer/Validation/Default/MutualTlsSecretParser.cs +++ b/identity-server/src/IdentityServer/Validation/Default/MutualTlsSecretParser.cs @@ -38,8 +38,10 @@ public class MutualTlsSecretParser : ISecretParser /// Parses the HTTP context /// /// + /// The cancellation token. /// - public async Task ParseAsync(HttpContext context) + /// + public async Task ParseAsync(HttpContext context, CT ct) { _logger.LogDebug("Start parsing for client id in post body"); @@ -49,7 +51,7 @@ public class MutualTlsSecretParser : ISecretParser return null; } - var body = await context.Request.ReadFormAsync(); + var body = await context.Request.ReadFormAsync(ct); if (body != null) { @@ -64,7 +66,7 @@ public class MutualTlsSecretParser : ISecretParser return null; } - var clientCertificate = await context.Connection.GetClientCertificateAsync(); + var clientCertificate = await context.Connection.GetClientCertificateAsync(ct); if (clientCertificate is null) { diff --git a/identity-server/src/IdentityServer/Validation/Default/NopBackchannelAuthenticationUserValidator.cs b/identity-server/src/IdentityServer/Validation/Default/NopBackchannelAuthenticationUserValidator.cs index 85c72039b..da7b8f1e6 100644 --- a/identity-server/src/IdentityServer/Validation/Default/NopBackchannelAuthenticationUserValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/NopBackchannelAuthenticationUserValidator.cs @@ -12,7 +12,7 @@ namespace Duende.IdentityServer.Validation; public class NopBackchannelAuthenticationUserValidator : IBackchannelAuthenticationUserValidator { /// - public Task ValidateRequestAsync(BackchannelAuthenticationUserValidatorContext userValidatorContext) + public Task ValidateRequestAsync(BackchannelAuthenticationUserValidatorContext userValidatorContext, CT ct) { var result = new BackchannelAuthenticationUserValidationResult { diff --git a/identity-server/src/IdentityServer/Validation/Default/NopClientConfigurationValidator.cs b/identity-server/src/IdentityServer/Validation/Default/NopClientConfigurationValidator.cs index a02edfa2a..663fd1f09 100644 --- a/identity-server/src/IdentityServer/Validation/Default/NopClientConfigurationValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/NopClientConfigurationValidator.cs @@ -14,8 +14,10 @@ public class NopClientConfigurationValidator : IClientConfigurationValidator /// Determines whether the configuration of a client is valid. /// /// The context. + /// The cancellation token. /// - public Task ValidateAsync(ClientConfigurationValidationContext context) + /// + public Task ValidateAsync(ClientConfigurationValidationContext context, CT ct) { context.IsValid = true; return Task.CompletedTask; diff --git a/identity-server/src/IdentityServer/Validation/Default/NotSupportedResouceOwnerCredentialValidator.cs b/identity-server/src/IdentityServer/Validation/Default/NotSupportedResouceOwnerCredentialValidator.cs index fac26c1de..19f126b7b 100644 --- a/identity-server/src/IdentityServer/Validation/Default/NotSupportedResouceOwnerCredentialValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/NotSupportedResouceOwnerCredentialValidator.cs @@ -25,8 +25,10 @@ public class NotSupportedResourceOwnerPasswordValidator : IResourceOwnerPassword /// Validates the resource owner password credential /// /// The context. + /// The cancellation token. /// - public Task ValidateAsync(ResourceOwnerPasswordValidationContext context) + /// + public Task ValidateAsync(ResourceOwnerPasswordValidationContext context, CT ct) { context.Result = new GrantValidationResult(TokenRequestErrors.UnsupportedGrantType); diff --git a/identity-server/src/IdentityServer/Validation/Default/PlainTextSharedSecretValidator.cs b/identity-server/src/IdentityServer/Validation/Default/PlainTextSharedSecretValidator.cs index 1099c1fbe..da890aec5 100644 --- a/identity-server/src/IdentityServer/Validation/Default/PlainTextSharedSecretValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/PlainTextSharedSecretValidator.cs @@ -27,11 +27,13 @@ public class PlainTextSharedSecretValidator : ISecretValidator /// /// The stored secrets. /// The received secret. + /// The cancellation token. /// /// A validation result /// /// id or credential is missing. - public Task ValidateAsync(IEnumerable secrets, ParsedSecret parsedSecret) + /// + public Task ValidateAsync(IEnumerable secrets, ParsedSecret parsedSecret, CT ct) { var fail = Task.FromResult(new SecretValidationResult { Success = false }); var success = Task.FromResult(new SecretValidationResult { Success = true }); diff --git a/identity-server/src/IdentityServer/Validation/Default/PostBodySecretParser.cs b/identity-server/src/IdentityServer/Validation/Default/PostBodySecretParser.cs index 799227fbb..e24e94b05 100644 --- a/identity-server/src/IdentityServer/Validation/Default/PostBodySecretParser.cs +++ b/identity-server/src/IdentityServer/Validation/Default/PostBodySecretParser.cs @@ -42,10 +42,12 @@ public class PostBodySecretParser : ISecretParser /// Tries to find a secret on the context that can be used for authentication /// /// The HTTP context. + /// The cancellation token. /// /// A parsed secret /// - public async Task ParseAsync(HttpContext context) + /// + public async Task ParseAsync(HttpContext context, CT ct) { _logger.LogDebug("Start parsing for secret in post body"); @@ -55,7 +57,7 @@ public class PostBodySecretParser : ISecretParser return null; } - var body = await context.Request.ReadFormAsync(); + var body = await context.Request.ReadFormAsync(ct); if (body != null) { diff --git a/identity-server/src/IdentityServer/Validation/Default/PrivateKeyJwtSecretValidator.cs b/identity-server/src/IdentityServer/Validation/Default/PrivateKeyJwtSecretValidator.cs index 325592898..418d981e6 100644 --- a/identity-server/src/IdentityServer/Validation/Default/PrivateKeyJwtSecretValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/PrivateKeyJwtSecretValidator.cs @@ -48,11 +48,13 @@ public class PrivateKeyJwtSecretValidator : ISecretValidator /// /// The stored secrets. /// The received secret. + /// The cancellation token. /// /// A validation result /// /// ParsedSecret.Credential is not a JWT token - public async Task ValidateAsync(IEnumerable secrets, ParsedSecret parsedSecret) + /// + public async Task ValidateAsync(IEnumerable secrets, ParsedSecret parsedSecret, CT ct) { var fail = new SecretValidationResult { Success = false }; var success = new SecretValidationResult { Success = true }; @@ -124,7 +126,7 @@ public class PrivateKeyJwtSecretValidator : ISecretValidator ValidAlgorithms = _options.SupportedClientAssertionSigningAlgorithms }; - var issuer = await _issuerNameService.GetCurrentAsync(default); + var issuer = await _issuerNameService.GetCurrentAsync(ct); if (enforceStrictAud) { @@ -153,7 +155,7 @@ public class PrivateKeyJwtSecretValidator : ISecretValidator // token endpoint URL string.Concat(_urls.BaseUrl.EnsureTrailingSlash(), ProtocolRoutePaths.Token), // issuer URL + token (legacy support) - string.Concat((await _issuerNameService.GetCurrentAsync(default)).EnsureTrailingSlash(), ProtocolRoutePaths.Token), + string.Concat((await _issuerNameService.GetCurrentAsync(ct)).EnsureTrailingSlash(), ProtocolRoutePaths.Token), // issuer URL issuer, // CIBA endpoint: https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html#auth_request @@ -193,14 +195,14 @@ public class PrivateKeyJwtSecretValidator : ISecretValidator return fail; } - if (await _replayCache.ExistsAsync(Purpose, jti, default)) + if (await _replayCache.ExistsAsync(Purpose, jti, ct)) { _logger.LogError("jti is found in replay cache. Possible replay attack."); return fail; } else { - await _replayCache.AddAsync(Purpose, jti, exp.AddMinutes(5), default); + await _replayCache.AddAsync(Purpose, jti, exp.AddMinutes(5), ct); } return success; diff --git a/identity-server/src/IdentityServer/Validation/Default/PushedAuthorizationRequestValidator.cs b/identity-server/src/IdentityServer/Validation/Default/PushedAuthorizationRequestValidator.cs index a5618c8e0..8ccbf387a 100644 --- a/identity-server/src/IdentityServer/Validation/Default/PushedAuthorizationRequestValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/PushedAuthorizationRequestValidator.cs @@ -44,7 +44,7 @@ internal class PushedAuthorizationRequestValidator( IMtlsEndpointGenerator mtlsEndpointGenerator, ILogger logger) : IPushedAuthorizationRequestValidator { - public async Task ValidateAsync(PushedAuthorizationRequestValidationContext context) + public async Task ValidateAsync(PushedAuthorizationRequestValidationContext context, CT ct) { // Licensing licenseUsage.FeatureUsed(LicenseFeature.PAR); @@ -96,7 +96,7 @@ internal class PushedAuthorizationRequestValidator( Method = "POST", Url = parUrl }; - var dpopValidationResult = await dpopProofValidator.ValidateAsync(dpopContext); + var dpopValidationResult = await dpopProofValidator.ValidateAsync(dpopContext, ct); if (dpopValidationResult.ServerIssuedNonce != null) { return PushedAuthorizationValidationResult.CreateServerNonceResult(dpopValidationResult.ServerIssuedNonce); @@ -131,7 +131,7 @@ internal class PushedAuthorizationRequestValidator( } // -- Authorization Parameter Validation -- - var authorizeRequestValidation = await authorizeRequestValidator.ValidateAsync(context.RequestParameters, + var authorizeRequestValidation = await authorizeRequestValidator.ValidateAsync(context.RequestParameters, ct, authorizeRequestType: AuthorizeRequestType.PushedAuthorization); if (authorizeRequestValidation.IsError) { diff --git a/identity-server/src/IdentityServer/Validation/Default/RequestObjectValidator.cs b/identity-server/src/IdentityServer/Validation/Default/RequestObjectValidator.cs index 2554d2b20..f72c4016e 100644 --- a/identity-server/src/IdentityServer/Validation/Default/RequestObjectValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/RequestObjectValidator.cs @@ -229,7 +229,7 @@ internal class RequestObjectValidator : IRequestObjectValidator { Client = request.Client, JwtTokenString = request.RequestObject - }); + }, ct); if (jwtRequestValidationResult.IsError) { LogError("request JWT validation failure", request); diff --git a/identity-server/src/IdentityServer/Validation/Default/SecretParser.cs b/identity-server/src/IdentityServer/Validation/Default/SecretParser.cs index 40462d353..89e56695e 100644 --- a/identity-server/src/IdentityServer/Validation/Default/SecretParser.cs +++ b/identity-server/src/IdentityServer/Validation/Default/SecretParser.cs @@ -31,14 +31,16 @@ public class SecretParser : ISecretsListParser /// Checks the context to find a secret. /// /// The HTTP context. + /// The cancellation token. /// - public async Task ParseAsync(HttpContext context) + /// + public async Task ParseAsync(HttpContext context, CT ct) { // see if a registered parser finds a secret on the request ParsedSecret bestSecret = null; foreach (var parser in _parsers) { - var parsedSecret = await parser.ParseAsync(context); + var parsedSecret = await parser.ParseAsync(context, ct); if (parsedSecret != null) { _logger.LogDebug("Parser found secret: {type}", parser.GetType().Name); diff --git a/identity-server/src/IdentityServer/Validation/Default/SecretValidator.cs b/identity-server/src/IdentityServer/Validation/Default/SecretValidator.cs index 442e3cf9e..9bc2eca92 100644 --- a/identity-server/src/IdentityServer/Validation/Default/SecretValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/SecretValidator.cs @@ -35,8 +35,10 @@ public class SecretValidator : ISecretsListValidator /// /// The parsed secret. /// The secrets. + /// The cancellation token. /// - public async Task ValidateAsync(IEnumerable secrets, ParsedSecret parsedSecret) + /// + public async Task ValidateAsync(IEnumerable secrets, ParsedSecret parsedSecret, CT ct) { var secretsArray = secrets as Secret[] ?? secrets.ToArray(); @@ -50,7 +52,7 @@ public class SecretValidator : ISecretsListValidator // see if a registered validator can validate the secret foreach (var validator in _validators) { - var secretValidationResult = await validator.ValidateAsync(currentSecrets, parsedSecret); + var secretValidationResult = await validator.ValidateAsync(currentSecrets, parsedSecret, ct); if (secretValidationResult.Success) { diff --git a/identity-server/src/IdentityServer/Validation/Default/StrictRedirectUriValidator.cs b/identity-server/src/IdentityServer/Validation/Default/StrictRedirectUriValidator.cs index 7e08bb6c6..affdcd025 100644 --- a/identity-server/src/IdentityServer/Validation/Default/StrictRedirectUriValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/StrictRedirectUriValidator.cs @@ -55,19 +55,21 @@ public class StrictRedirectUriValidator : IRedirectUriValidator /// /// The requested URI. /// The client. + /// The cancellation token. /// /// true is the URI is valid; false otherwise. /// - public virtual Task IsPostLogoutRedirectUriValidAsync(string requestedUri, Client client) => Task.FromResult(StringCollectionContainsString(client.PostLogoutRedirectUris, requestedUri)); + public virtual Task IsPostLogoutRedirectUriValidAsync(string requestedUri, Client client, CT ct) => Task.FromResult(StringCollectionContainsString(client.PostLogoutRedirectUris, requestedUri)); /// /// Determines whether a redirect uri is valid for a context. /// /// The context. + /// The cancellation token. /// /// true is the URI is valid; false otherwise. /// - public virtual Task IsRedirectUriValidAsync(RedirectUriValidationContext context) + public virtual Task IsRedirectUriValidAsync(RedirectUriValidationContext context, CT ct) { // Check if special case handling for PAR is enabled and that the client // is a confidential client. If so, any pushed redirect uri is allowed diff --git a/identity-server/src/IdentityServer/Validation/Default/StrictRedirectUriValidatorAppAuth.cs b/identity-server/src/IdentityServer/Validation/Default/StrictRedirectUriValidatorAppAuth.cs index fe8b00e9f..7baee22bb 100644 --- a/identity-server/src/IdentityServer/Validation/Default/StrictRedirectUriValidatorAppAuth.cs +++ b/identity-server/src/IdentityServer/Validation/Default/StrictRedirectUriValidatorAppAuth.cs @@ -27,9 +27,9 @@ public class StrictRedirectUriValidatorAppAuth : StrictRedirectUriValidator : base(options) => _logger = logger; /// - public override async Task IsRedirectUriValidAsync(RedirectUriValidationContext context) + public override async Task IsRedirectUriValidAsync(RedirectUriValidationContext context, CT ct) { - var isAllowed = await base.IsRedirectUriValidAsync(context); + var isAllowed = await base.IsRedirectUriValidAsync(context, ct); if (isAllowed) { return isAllowed; @@ -49,12 +49,13 @@ public class StrictRedirectUriValidatorAppAuth : StrictRedirectUriValidator /// /// The requested URI. /// The client. + /// The cancellation token. /// /// true is the URI is valid; false otherwise. /// - public override async Task IsPostLogoutRedirectUriValidAsync(string requestedUri, Client client) + public override async Task IsPostLogoutRedirectUriValidAsync(string requestedUri, Client client, CT ct) { - var isAllowed = await base.IsPostLogoutRedirectUriValidAsync(requestedUri, client); + var isAllowed = await base.IsPostLogoutRedirectUriValidAsync(requestedUri, client, ct); if (isAllowed) { return isAllowed; diff --git a/identity-server/src/IdentityServer/Validation/Default/TokenRequestValidator.cs b/identity-server/src/IdentityServer/Validation/Default/TokenRequestValidator.cs index 50e99951f..fbec2a308 100644 --- a/identity-server/src/IdentityServer/Validation/Default/TokenRequestValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/TokenRequestValidator.cs @@ -263,7 +263,7 @@ internal class TokenRequestValidator : ITokenRequestValidator Url = tokenUrl, Method = "POST", }; - var dpopResult = await _dPoPProofValidator.ValidateAsync(dpopContext); + var dpopResult = await _dPoPProofValidator.ValidateAsync(dpopContext, _ct); if (dpopResult.IsError) { LogError(dpopResult.ErrorDescription ?? dpopResult.Error); @@ -298,7 +298,7 @@ internal class TokenRequestValidator : ITokenRequestValidator _logger.LogTrace("Calling into custom request validator: {type}", _customRequestValidator.GetType().FullName); var customValidationContext = new CustomTokenRequestValidationContext { Result = result }; - await _customRequestValidator.ValidateAsync(customValidationContext); + await _customRequestValidator.ValidateAsync(customValidationContext, _ct); if (customValidationContext.Result.IsError) { @@ -622,7 +622,7 @@ internal class TokenRequestValidator : ITokenRequestValidator Password = password, Request = _validatedRequest }; - await _resourceOwnerValidator.ValidateAsync(resourceOwnerContext); + await _resourceOwnerValidator.ValidateAsync(resourceOwnerContext, _ct); if (resourceOwnerContext.Result.IsError) { @@ -1042,7 +1042,7 @@ internal class TokenRequestValidator : ITokenRequestValidator ///////////////////////////////////////////// // validate custom grant type ///////////////////////////////////////////// - var result = await _extensionGrantValidator.ValidateAsync(_validatedRequest); + var result = await _extensionGrantValidator.ValidateAsync(_validatedRequest, _ct); if (result == null) { diff --git a/identity-server/src/IdentityServer/Validation/Default/TokenRevocationRequestValidator.cs b/identity-server/src/IdentityServer/Validation/Default/TokenRevocationRequestValidator.cs index 2b0beb10a..b791713a3 100644 --- a/identity-server/src/IdentityServer/Validation/Default/TokenRevocationRequestValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/TokenRevocationRequestValidator.cs @@ -35,7 +35,9 @@ internal class TokenRevocationRequestValidator : ITokenRevocationRequestValidato /// or /// client /// - public Task ValidateRequestAsync(NameValueCollection parameters, Client client) + /// The cancellation token. + /// + public Task ValidateRequestAsync(NameValueCollection parameters, Client client, CT ct) { using var activity = Tracing.BasicActivitySource.StartActivity("TokenRevocationRequestValidator.ValidateRequest"); diff --git a/identity-server/src/IdentityServer/Validation/Default/TokenValidator.cs b/identity-server/src/IdentityServer/Validation/Default/TokenValidator.cs index 35dd13b78..57e976913 100644 --- a/identity-server/src/IdentityServer/Validation/Default/TokenValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/TokenValidator.cs @@ -106,7 +106,7 @@ internal class TokenValidator : ITokenValidator } _logger.LogDebug("Calling into custom token validator: {type}", _customValidator.GetType().FullName); - var customResult = await _customValidator.ValidateIdentityTokenAsync(result); + var customResult = await _customValidator.ValidateIdentityTokenAsync(result, ct); if (customResult.IsError) { @@ -253,7 +253,7 @@ internal class TokenValidator : ITokenValidator } _logger.LogDebug("Calling into custom token validator: {type}", _customValidator.GetType().FullName); - var customResult = await _customValidator.ValidateAccessTokenAsync(result); + var customResult = await _customValidator.ValidateAccessTokenAsync(result, ct); if (customResult.IsError) { diff --git a/identity-server/src/IdentityServer/Validation/Default/X509NameSecretValidator.cs b/identity-server/src/IdentityServer/Validation/Default/X509NameSecretValidator.cs index 816ab9f55..12d7b9e60 100644 --- a/identity-server/src/IdentityServer/Validation/Default/X509NameSecretValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/X509NameSecretValidator.cs @@ -23,7 +23,8 @@ public class X509NameSecretValidator : ISecretValidator public X509NameSecretValidator(ILogger logger) => _logger = logger; /// - public Task ValidateAsync(IEnumerable secrets, ParsedSecret parsedSecret) + /// + public Task ValidateAsync(IEnumerable secrets, ParsedSecret parsedSecret, CT ct) { var fail = Task.FromResult(new SecretValidationResult { Success = false }); diff --git a/identity-server/src/IdentityServer/Validation/Default/X509ThumbprintSecretValidator.cs b/identity-server/src/IdentityServer/Validation/Default/X509ThumbprintSecretValidator.cs index 518e21e22..967c4737d 100644 --- a/identity-server/src/IdentityServer/Validation/Default/X509ThumbprintSecretValidator.cs +++ b/identity-server/src/IdentityServer/Validation/Default/X509ThumbprintSecretValidator.cs @@ -23,7 +23,8 @@ public class X509ThumbprintSecretValidator : ISecretValidator public X509ThumbprintSecretValidator(ILogger logger) => _logger = logger; /// - public Task ValidateAsync(IEnumerable secrets, ParsedSecret parsedSecret) + /// + public Task ValidateAsync(IEnumerable secrets, ParsedSecret parsedSecret, CT ct) { var fail = Task.FromResult(new SecretValidationResult { Success = false }); diff --git a/identity-server/src/IdentityServer/Validation/IApiSecretValidator.cs b/identity-server/src/IdentityServer/Validation/IApiSecretValidator.cs index 7d48d5e2e..ab8f9de0c 100644 --- a/identity-server/src/IdentityServer/Validation/IApiSecretValidator.cs +++ b/identity-server/src/IdentityServer/Validation/IApiSecretValidator.cs @@ -17,6 +17,7 @@ public interface IApiSecretValidator /// Tries to authenticate an API client based on the incoming request /// /// The context. + /// The cancellation token. /// - Task ValidateAsync(HttpContext context); + Task ValidateAsync(HttpContext context, CT ct); } diff --git a/identity-server/src/IdentityServer/Validation/IAuthorizeRequestValidator.cs b/identity-server/src/IdentityServer/Validation/IAuthorizeRequestValidator.cs index 77ae6e3fe..520ae18cb 100644 --- a/identity-server/src/IdentityServer/Validation/IAuthorizeRequestValidator.cs +++ b/identity-server/src/IdentityServer/Validation/IAuthorizeRequestValidator.cs @@ -1,6 +1,7 @@ // Copyright (c) Duende Software. All rights reserved. // See LICENSE in the project root for license information. +#nullable enable using System.Collections.Specialized; using System.Security.Claims; @@ -16,8 +17,9 @@ public interface IAuthorizeRequestValidator /// Validates authorize request parameters. /// /// + /// The cancellation token. /// /// /// - Task ValidateAsync(NameValueCollection parameters, ClaimsPrincipal subject = null, AuthorizeRequestType authorizeRequestType = AuthorizeRequestType.Authorize); + Task ValidateAsync(NameValueCollection parameters, CT ct, ClaimsPrincipal? subject = null, AuthorizeRequestType authorizeRequestType = AuthorizeRequestType.Authorize); } diff --git a/identity-server/src/IdentityServer/Validation/IBackchannelAuthenticationUserValidator.cs b/identity-server/src/IdentityServer/Validation/IBackchannelAuthenticationUserValidator.cs index de8c4cce6..bf12612be 100644 --- a/identity-server/src/IdentityServer/Validation/IBackchannelAuthenticationUserValidator.cs +++ b/identity-server/src/IdentityServer/Validation/IBackchannelAuthenticationUserValidator.cs @@ -15,6 +15,7 @@ public interface IBackchannelAuthenticationUserValidator /// Validates the user. /// /// + /// The cancellation token. /// - Task ValidateRequestAsync(BackchannelAuthenticationUserValidatorContext userValidatorContext); + Task ValidateRequestAsync(BackchannelAuthenticationUserValidatorContext userValidatorContext, CT ct); } diff --git a/identity-server/src/IdentityServer/Validation/IClientConfigurationValidator.cs b/identity-server/src/IdentityServer/Validation/IClientConfigurationValidator.cs index f5be628f5..94dd88624 100644 --- a/identity-server/src/IdentityServer/Validation/IClientConfigurationValidator.cs +++ b/identity-server/src/IdentityServer/Validation/IClientConfigurationValidator.cs @@ -15,6 +15,7 @@ public interface IClientConfigurationValidator /// Determines whether the configuration of a client is valid. /// /// The context. + /// The cancellation token. /// - Task ValidateAsync(ClientConfigurationValidationContext context); + Task ValidateAsync(ClientConfigurationValidationContext context, CT ct); } diff --git a/identity-server/src/IdentityServer/Validation/IClientSecretValidator.cs b/identity-server/src/IdentityServer/Validation/IClientSecretValidator.cs index de57e7239..fa996c03f 100644 --- a/identity-server/src/IdentityServer/Validation/IClientSecretValidator.cs +++ b/identity-server/src/IdentityServer/Validation/IClientSecretValidator.cs @@ -17,6 +17,7 @@ public interface IClientSecretValidator /// Tries to authenticate a client based on the incoming request /// /// The context. + /// The cancellation token. /// - Task ValidateAsync(HttpContext context); + Task ValidateAsync(HttpContext context, CT ct); } diff --git a/identity-server/src/IdentityServer/Validation/ICustomAuthorizeRequestValidator.cs b/identity-server/src/IdentityServer/Validation/ICustomAuthorizeRequestValidator.cs index 8d4231b47..f277b6bfc 100644 --- a/identity-server/src/IdentityServer/Validation/ICustomAuthorizeRequestValidator.cs +++ b/identity-server/src/IdentityServer/Validation/ICustomAuthorizeRequestValidator.cs @@ -15,5 +15,6 @@ public interface ICustomAuthorizeRequestValidator /// Custom validation logic for the authorize request. /// /// The context. - Task ValidateAsync(CustomAuthorizeRequestValidationContext context); + /// The cancellation token. + Task ValidateAsync(CustomAuthorizeRequestValidationContext context, CT ct); } diff --git a/identity-server/src/IdentityServer/Validation/ICustomBackchannelAuthenticationValidator.cs b/identity-server/src/IdentityServer/Validation/ICustomBackchannelAuthenticationValidator.cs index a488d4fc2..8bc4812a2 100644 --- a/identity-server/src/IdentityServer/Validation/ICustomBackchannelAuthenticationValidator.cs +++ b/identity-server/src/IdentityServer/Validation/ICustomBackchannelAuthenticationValidator.cs @@ -13,6 +13,7 @@ public interface ICustomBackchannelAuthenticationValidator /// Validates a CIBA authentication request. /// /// + /// The cancellation token. /// - Task ValidateAsync(CustomBackchannelAuthenticationRequestValidationContext customValidationContext); + Task ValidateAsync(CustomBackchannelAuthenticationRequestValidationContext customValidationContext, CT ct); } diff --git a/identity-server/src/IdentityServer/Validation/ICustomTokenRequestValidator.cs b/identity-server/src/IdentityServer/Validation/ICustomTokenRequestValidator.cs index bf6c98dd6..e7c394a98 100644 --- a/identity-server/src/IdentityServer/Validation/ICustomTokenRequestValidator.cs +++ b/identity-server/src/IdentityServer/Validation/ICustomTokenRequestValidator.cs @@ -15,8 +15,9 @@ public interface ICustomTokenRequestValidator /// Custom validation logic for a token request. /// /// The context. + /// The cancellation token. /// /// The validation result /// - Task ValidateAsync(CustomTokenRequestValidationContext context); + Task ValidateAsync(CustomTokenRequestValidationContext context, CT ct); } diff --git a/identity-server/src/IdentityServer/Validation/ICustomTokenValidator.cs b/identity-server/src/IdentityServer/Validation/ICustomTokenValidator.cs index 981217f56..b5c72f843 100644 --- a/identity-server/src/IdentityServer/Validation/ICustomTokenValidator.cs +++ b/identity-server/src/IdentityServer/Validation/ICustomTokenValidator.cs @@ -15,13 +15,15 @@ public interface ICustomTokenValidator /// Custom validation logic for access tokens. /// /// The validation result so far. + /// The cancellation token. /// The validation result - Task ValidateAccessTokenAsync(TokenValidationResult result); + Task ValidateAccessTokenAsync(TokenValidationResult result, CT ct); /// /// Custom validation logic for identity tokens. /// /// The validation result so far. + /// The cancellation token. /// The validation result - Task ValidateIdentityTokenAsync(TokenValidationResult result); + Task ValidateIdentityTokenAsync(TokenValidationResult result, CT ct); } diff --git a/identity-server/src/IdentityServer/Validation/IDPoPProofValidator.cs b/identity-server/src/IdentityServer/Validation/IDPoPProofValidator.cs index d0ed27327..0370a4748 100644 --- a/identity-server/src/IdentityServer/Validation/IDPoPProofValidator.cs +++ b/identity-server/src/IdentityServer/Validation/IDPoPProofValidator.cs @@ -14,5 +14,7 @@ public interface IDPoPProofValidator /// /// Validates the DPoP proof. /// - Task ValidateAsync(DPoPProofValidatonContext context); + /// The validation context. + /// The cancellation token. + Task ValidateAsync(DPoPProofValidatonContext context, CT ct); } diff --git a/identity-server/src/IdentityServer/Validation/IDeviceAuthorizationRequestValidator.cs b/identity-server/src/IdentityServer/Validation/IDeviceAuthorizationRequestValidator.cs index af47fbd32..da609386d 100644 --- a/identity-server/src/IdentityServer/Validation/IDeviceAuthorizationRequestValidator.cs +++ b/identity-server/src/IdentityServer/Validation/IDeviceAuthorizationRequestValidator.cs @@ -16,6 +16,7 @@ public interface IDeviceAuthorizationRequestValidator /// /// /// + /// The cancellation token. /// - Task ValidateAsync(NameValueCollection parameters, ClientSecretValidationResult clientValidationResult); + Task ValidateAsync(NameValueCollection parameters, ClientSecretValidationResult clientValidationResult, CT ct); } diff --git a/identity-server/src/IdentityServer/Validation/IExtensionGrantValidator.cs b/identity-server/src/IdentityServer/Validation/IExtensionGrantValidator.cs index bf5ffaba6..53fc082ab 100644 --- a/identity-server/src/IdentityServer/Validation/IExtensionGrantValidator.cs +++ b/identity-server/src/IdentityServer/Validation/IExtensionGrantValidator.cs @@ -15,10 +15,11 @@ public interface IExtensionGrantValidator /// Validates the custom grant request. /// /// The context. + /// The cancellation token. /// /// A principal /// - Task ValidateAsync(ExtensionGrantValidationContext context); + Task ValidateAsync(ExtensionGrantValidationContext context, CT ct); /// /// Returns the grant type this validator can deal with diff --git a/identity-server/src/IdentityServer/Validation/IIdentityProviderConfigurationValidator.cs b/identity-server/src/IdentityServer/Validation/IIdentityProviderConfigurationValidator.cs index f2cd693b0..8801a592f 100644 --- a/identity-server/src/IdentityServer/Validation/IIdentityProviderConfigurationValidator.cs +++ b/identity-server/src/IdentityServer/Validation/IIdentityProviderConfigurationValidator.cs @@ -15,6 +15,7 @@ public interface IIdentityProviderConfigurationValidator /// Determines whether the configuration of an identity provider is valid. /// /// The context. + /// The cancellation token. /// - Task ValidateAsync(IdentityProviderConfigurationValidationContext context); + Task ValidateAsync(IdentityProviderConfigurationValidationContext context, CT ct); } diff --git a/identity-server/src/IdentityServer/Validation/IIssuerPathValidator.cs b/identity-server/src/IdentityServer/Validation/IIssuerPathValidator.cs index a4ba4172a..b55adedba 100644 --- a/identity-server/src/IdentityServer/Validation/IIssuerPathValidator.cs +++ b/identity-server/src/IdentityServer/Validation/IIssuerPathValidator.cs @@ -9,6 +9,7 @@ public interface IIssuerPathValidator /// Validates that the path is valid for issuer URIs used. /// /// A path component of a URI to validate against the issuer for the current request. + /// The cancellation token. /// True if the path component is valid in for the issuer in the context of the current request. - Task ValidateAsync(string path); + Task ValidateAsync(string path, CT ct); } diff --git a/identity-server/src/IdentityServer/Validation/IJwtRequestValidator.cs b/identity-server/src/IdentityServer/Validation/IJwtRequestValidator.cs index bd4fbcfd3..1bf081cc6 100644 --- a/identity-server/src/IdentityServer/Validation/IJwtRequestValidator.cs +++ b/identity-server/src/IdentityServer/Validation/IJwtRequestValidator.cs @@ -14,5 +14,7 @@ public interface IJwtRequestValidator /// /// Validates a JWT request object /// - Task ValidateAsync(JwtRequestValidationContext context); + /// The validation context. + /// The cancellation token. + Task ValidateAsync(JwtRequestValidationContext context, CT ct); } diff --git a/identity-server/src/IdentityServer/Validation/IPushedAuthorizationRequestValidator.cs b/identity-server/src/IdentityServer/Validation/IPushedAuthorizationRequestValidator.cs index cef624396..cbc38c1cd 100644 --- a/identity-server/src/IdentityServer/Validation/IPushedAuthorizationRequestValidator.cs +++ b/identity-server/src/IdentityServer/Validation/IPushedAuthorizationRequestValidator.cs @@ -20,8 +20,9 @@ public interface IPushedAuthorizationRequestValidator /// Validates the pushed authorization request. /// /// The validation context + /// The cancellation token. /// A task containing a pushed authorization result that either /// wraps the validated request values or indicates the error code and /// description. - Task ValidateAsync(PushedAuthorizationRequestValidationContext context); + Task ValidateAsync(PushedAuthorizationRequestValidationContext context, CT ct); } diff --git a/identity-server/src/IdentityServer/Validation/IRedirectUriValidator.cs b/identity-server/src/IdentityServer/Validation/IRedirectUriValidator.cs index 312445f31..7e8feddbd 100644 --- a/identity-server/src/IdentityServer/Validation/IRedirectUriValidator.cs +++ b/identity-server/src/IdentityServer/Validation/IRedirectUriValidator.cs @@ -27,7 +27,9 @@ public interface IRedirectUriValidator /// /// Determines whether a redirect URI is valid for a client. /// - Task IsRedirectUriValidAsync(RedirectUriValidationContext context) + /// The validation context. + /// The cancellation token. + Task IsRedirectUriValidAsync(RedirectUriValidationContext context, CT ct) #pragma warning disable CS0618 // Type or member is obsolete => IsRedirectUriValidAsync(context.RequestedUri, context.Client); #pragma warning restore CS0618 // Type or member is obsolete @@ -37,8 +39,9 @@ public interface IRedirectUriValidator /// /// The requested URI. /// The client. + /// The cancellation token. /// true is the URI is valid; false otherwise. - Task IsPostLogoutRedirectUriValidAsync(string requestedUri, Client client); + Task IsPostLogoutRedirectUriValidAsync(string requestedUri, Client client, CT ct); } /// diff --git a/identity-server/src/IdentityServer/Validation/IResourceOwnerPasswordValidator.cs b/identity-server/src/IdentityServer/Validation/IResourceOwnerPasswordValidator.cs index bb9a6d239..5bb220bcc 100644 --- a/identity-server/src/IdentityServer/Validation/IResourceOwnerPasswordValidator.cs +++ b/identity-server/src/IdentityServer/Validation/IResourceOwnerPasswordValidator.cs @@ -15,5 +15,6 @@ public interface IResourceOwnerPasswordValidator /// Validates the resource owner password credential /// /// The context. - Task ValidateAsync(ResourceOwnerPasswordValidationContext context); + /// The cancellation token. + Task ValidateAsync(ResourceOwnerPasswordValidationContext context, CT ct); } diff --git a/identity-server/src/IdentityServer/Validation/ISecretParser.cs b/identity-server/src/IdentityServer/Validation/ISecretParser.cs index 8a5abedd0..7fe4a4975 100644 --- a/identity-server/src/IdentityServer/Validation/ISecretParser.cs +++ b/identity-server/src/IdentityServer/Validation/ISecretParser.cs @@ -18,10 +18,11 @@ public interface ISecretParser /// Tries to find a secret on the context that can be used for authentication /// /// The HTTP context. + /// The cancellation token. /// /// A parsed secret /// - Task ParseAsync(HttpContext context); + Task ParseAsync(HttpContext context, CT ct); /// /// Returns the authentication method name that this parser implements diff --git a/identity-server/src/IdentityServer/Validation/ISecretValidator.cs b/identity-server/src/IdentityServer/Validation/ISecretValidator.cs index 8822ac07b..a8508258d 100644 --- a/identity-server/src/IdentityServer/Validation/ISecretValidator.cs +++ b/identity-server/src/IdentityServer/Validation/ISecretValidator.cs @@ -18,6 +18,7 @@ public interface ISecretValidator /// /// The stored secrets. /// The received secret. + /// The cancellation token. /// A validation result - Task ValidateAsync(IEnumerable secrets, ParsedSecret parsedSecret); + Task ValidateAsync(IEnumerable secrets, ParsedSecret parsedSecret, CT ct); } diff --git a/identity-server/src/IdentityServer/Validation/ISecretsListParser.cs b/identity-server/src/IdentityServer/Validation/ISecretsListParser.cs index f6adf3463..1a92cbe81 100644 --- a/identity-server/src/IdentityServer/Validation/ISecretsListParser.cs +++ b/identity-server/src/IdentityServer/Validation/ISecretsListParser.cs @@ -18,10 +18,11 @@ public interface ISecretsListParser /// Tries to find the best secret on the context that can be used for authentication /// /// The HTTP context. + /// The cancellation token. /// /// A parsed secret /// - Task ParseAsync(HttpContext context); + Task ParseAsync(HttpContext context, CT ct); /// /// Gets all available authentication methods. diff --git a/identity-server/src/IdentityServer/Validation/ISecretsListValidator.cs b/identity-server/src/IdentityServer/Validation/ISecretsListValidator.cs index 806e698ce..5b54818e9 100644 --- a/identity-server/src/IdentityServer/Validation/ISecretsListValidator.cs +++ b/identity-server/src/IdentityServer/Validation/ISecretsListValidator.cs @@ -18,6 +18,7 @@ public interface ISecretsListValidator /// /// The stored secrets. /// The received secret. + /// The cancellation token. /// A validation result - Task ValidateAsync(IEnumerable secrets, ParsedSecret parsedSecret); + Task ValidateAsync(IEnumerable secrets, ParsedSecret parsedSecret, CT ct); } diff --git a/identity-server/src/IdentityServer/Validation/ITokenRevocationRequestValidator.cs b/identity-server/src/IdentityServer/Validation/ITokenRevocationRequestValidator.cs index 59e11e8e6..9f995d220 100644 --- a/identity-server/src/IdentityServer/Validation/ITokenRevocationRequestValidator.cs +++ b/identity-server/src/IdentityServer/Validation/ITokenRevocationRequestValidator.cs @@ -17,6 +17,7 @@ public interface ITokenRevocationRequestValidator /// /// The parameters. /// The client. + /// The cancellation token. /// - Task ValidateRequestAsync(NameValueCollection parameters, Client client); + Task ValidateRequestAsync(NameValueCollection parameters, Client client, CT ct); } diff --git a/identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/ConfirmationSecretValidator.cs b/identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/ConfirmationSecretValidator.cs index 03f5ffd1a..e797ad79b 100644 --- a/identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/ConfirmationSecretValidator.cs +++ b/identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/ConfirmationSecretValidator.cs @@ -10,7 +10,7 @@ namespace Duende.IdentityServer.IntegrationTests.Clients.Setup; public class ConfirmationSecretValidator : ISecretValidator { - public Task ValidateAsync(IEnumerable secrets, ParsedSecret parsedSecret) + public Task ValidateAsync(IEnumerable secrets, ParsedSecret parsedSecret, CT ct) { if (secrets.Any()) { diff --git a/identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/CustomResponseExtensionGrantValidator.cs b/identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/CustomResponseExtensionGrantValidator.cs index 7f2d873d1..d210f712d 100644 --- a/identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/CustomResponseExtensionGrantValidator.cs +++ b/identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/CustomResponseExtensionGrantValidator.cs @@ -9,7 +9,7 @@ namespace Duende.IdentityServer.IntegrationTests.Clients.Setup; public class CustomResponseExtensionGrantValidator : IExtensionGrantValidator { - public Task ValidateAsync(ExtensionGrantValidationContext context) + public Task ValidateAsync(ExtensionGrantValidationContext context, CT ct) { var response = new Dictionary { diff --git a/identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/CustomResponseResourceOwnerValidator.cs b/identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/CustomResponseResourceOwnerValidator.cs index 3aa7e8944..5b96b16ce 100644 --- a/identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/CustomResponseResourceOwnerValidator.cs +++ b/identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/CustomResponseResourceOwnerValidator.cs @@ -9,7 +9,7 @@ namespace Duende.IdentityServer.IntegrationTests.Clients.Setup; public class CustomResponseResourceOwnerValidator : IResourceOwnerPasswordValidator { - public Task ValidateAsync(ResourceOwnerPasswordValidationContext context) + public Task ValidateAsync(ResourceOwnerPasswordValidationContext context, CT ct) { var response = new Dictionary { diff --git a/identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/DynamicParameterExtensionGrantValidator.cs b/identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/DynamicParameterExtensionGrantValidator.cs index 7f7e5d1c0..5adf7f390 100644 --- a/identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/DynamicParameterExtensionGrantValidator.cs +++ b/identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/DynamicParameterExtensionGrantValidator.cs @@ -10,7 +10,7 @@ namespace Duende.IdentityServer.IntegrationTests.Clients.Setup; public class DynamicParameterExtensionGrantValidator : IExtensionGrantValidator { - public Task ValidateAsync(ExtensionGrantValidationContext context) + public Task ValidateAsync(ExtensionGrantValidationContext context, CT ct) { var impersonatedClient = context.Request.Raw.Get("impersonated_client"); var lifetime = context.Request.Raw.Get("lifetime"); diff --git a/identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/ExtensionGrantValidator.cs b/identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/ExtensionGrantValidator.cs index b523bca09..ffb625c42 100644 --- a/identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/ExtensionGrantValidator.cs +++ b/identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/ExtensionGrantValidator.cs @@ -10,7 +10,7 @@ namespace Duende.IdentityServer.IntegrationTests.Clients.Setup; public class ExtensionGrantValidator : IExtensionGrantValidator { - public Task ValidateAsync(ExtensionGrantValidationContext context) + public Task ValidateAsync(ExtensionGrantValidationContext context, CT ct) { var credential = context.Request.Raw.Get("custom_credential"); var extraClaim = context.Request.Raw.Get("extra_claim"); diff --git a/identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/ExtensionGrantValidator2.cs b/identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/ExtensionGrantValidator2.cs index 518430d8c..1d0f8b0bc 100644 --- a/identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/ExtensionGrantValidator2.cs +++ b/identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/ExtensionGrantValidator2.cs @@ -8,7 +8,7 @@ namespace Duende.IdentityServer.IntegrationTests.Clients.Setup; public class ExtensionGrantValidator2 : IExtensionGrantValidator { - public Task ValidateAsync(ExtensionGrantValidationContext context) + public Task ValidateAsync(ExtensionGrantValidationContext context, CT ct) { var credential = context.Request.Raw.Get("custom_credential"); diff --git a/identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/NoSubjectExtensionGrantValidator.cs b/identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/NoSubjectExtensionGrantValidator.cs index d43d11df0..3cc8175d3 100644 --- a/identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/NoSubjectExtensionGrantValidator.cs +++ b/identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/NoSubjectExtensionGrantValidator.cs @@ -9,7 +9,7 @@ namespace Duende.IdentityServer.IntegrationTests.Clients.Setup; public class NoSubjectExtensionGrantValidator : IExtensionGrantValidator { - public Task ValidateAsync(ExtensionGrantValidationContext context) + public Task ValidateAsync(ExtensionGrantValidationContext context, CT ct) { var credential = context.Request.Raw.Get("custom_credential"); diff --git a/identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/TestCustomTokenRequestValidator.cs b/identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/TestCustomTokenRequestValidator.cs index f731f8b9d..6d03445dd 100644 --- a/identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/TestCustomTokenRequestValidator.cs +++ b/identity-server/test/IdentityServer.IntegrationTests/Clients/Setup/TestCustomTokenRequestValidator.cs @@ -8,7 +8,7 @@ namespace Duende.IdentityServer.IntegrationTests.Clients.Setup; public class TestCustomTokenRequestValidator : ICustomTokenRequestValidator { - public Task ValidateAsync(CustomTokenRequestValidationContext context) + public Task ValidateAsync(CustomTokenRequestValidationContext context, CT ct) { context.Result.CustomResponse = new Dictionary { diff --git a/identity-server/test/IdentityServer.IntegrationTests/Common/MockCibaUserValidator.cs b/identity-server/test/IdentityServer.IntegrationTests/Common/MockCibaUserValidator.cs index 880a24c32..4767ba309 100644 --- a/identity-server/test/IdentityServer.IntegrationTests/Common/MockCibaUserValidator.cs +++ b/identity-server/test/IdentityServer.IntegrationTests/Common/MockCibaUserValidator.cs @@ -11,7 +11,7 @@ internal class MockCibaUserValidator : IBackchannelAuthenticationUserValidator public BackchannelAuthenticationUserValidationResult Result { get; set; } = new BackchannelAuthenticationUserValidationResult(); public BackchannelAuthenticationUserValidatorContext UserValidatorContext { get; set; } - public Task ValidateRequestAsync(BackchannelAuthenticationUserValidatorContext userValidatorContext) + public Task ValidateRequestAsync(BackchannelAuthenticationUserValidatorContext userValidatorContext, CT ct) { UserValidatorContext = userValidatorContext; return Task.FromResult(Result); diff --git a/identity-server/test/IdentityServer.IntegrationTests/Common/MockCustomBackchannelAuthenticationValidator.cs b/identity-server/test/IdentityServer.IntegrationTests/Common/MockCustomBackchannelAuthenticationValidator.cs index 07e0d609b..8507efeab 100644 --- a/identity-server/test/IdentityServer.IntegrationTests/Common/MockCustomBackchannelAuthenticationValidator.cs +++ b/identity-server/test/IdentityServer.IntegrationTests/Common/MockCustomBackchannelAuthenticationValidator.cs @@ -16,7 +16,7 @@ internal class MockCustomBackchannelAuthenticationValidator : ICustomBackchannel /// public Action Thunk { get; set; } = delegate { }; - public Task ValidateAsync(CustomBackchannelAuthenticationRequestValidationContext customValidationContext) + public Task ValidateAsync(CustomBackchannelAuthenticationRequestValidationContext customValidationContext, CT ct) { Thunk(customValidationContext); Context = customValidationContext; diff --git a/identity-server/test/IdentityServer.UnitTests/Endpoints/Authorize/StubAuthorizeRequestValidator.cs b/identity-server/test/IdentityServer.UnitTests/Endpoints/Authorize/StubAuthorizeRequestValidator.cs index c4e88c481..8dcf503bf 100644 --- a/identity-server/test/IdentityServer.UnitTests/Endpoints/Authorize/StubAuthorizeRequestValidator.cs +++ b/identity-server/test/IdentityServer.UnitTests/Endpoints/Authorize/StubAuthorizeRequestValidator.cs @@ -12,7 +12,7 @@ public class StubAuthorizeRequestValidator : IAuthorizeRequestValidator { public AuthorizeRequestValidationResult Result { get; set; } - public Task ValidateAsync(NameValueCollection parameters, ClaimsPrincipal subject = null, AuthorizeRequestType authorizeRequestType = AuthorizeRequestType.Authorize) + public Task ValidateAsync(NameValueCollection parameters, CT ct, ClaimsPrincipal subject = null, AuthorizeRequestType authorizeRequestType = AuthorizeRequestType.Authorize) { Result.ValidatedRequest.Raw = parameters; return Task.FromResult(Result); diff --git a/identity-server/test/IdentityServer.UnitTests/Endpoints/Token/StubClientSecretValidator.cs b/identity-server/test/IdentityServer.UnitTests/Endpoints/Token/StubClientSecretValidator.cs index 1a665c28d..75de77876 100644 --- a/identity-server/test/IdentityServer.UnitTests/Endpoints/Token/StubClientSecretValidator.cs +++ b/identity-server/test/IdentityServer.UnitTests/Endpoints/Token/StubClientSecretValidator.cs @@ -11,5 +11,5 @@ internal class StubClientSecretValidator : IClientSecretValidator { public ClientSecretValidationResult Result { get; set; } - public Task ValidateAsync(HttpContext context) => Task.FromResult(Result); + public Task ValidateAsync(HttpContext context, CT ct) => Task.FromResult(Result); } diff --git a/identity-server/test/IdentityServer.UnitTests/Services/Default/ParRedirectUriValidatorTests.cs b/identity-server/test/IdentityServer.UnitTests/Services/Default/ParRedirectUriValidatorTests.cs index 8d055d893..e4d8e0146 100644 --- a/identity-server/test/IdentityServer.UnitTests/Services/Default/ParRedirectUriValidatorTests.cs +++ b/identity-server/test/IdentityServer.UnitTests/Services/Default/ParRedirectUriValidatorTests.cs @@ -31,7 +31,7 @@ public class ParRedirectUriValidatorTests { RequireClientSecret = true, } - }); + }, default); result.ShouldBe(true); } @@ -57,7 +57,7 @@ public class ParRedirectUriValidatorTests { RequireClientSecret = true, } - }); + }, default); result.ShouldBe(true); } @@ -82,7 +82,7 @@ public class ParRedirectUriValidatorTests RequestParameters = pushedParameters, RequestedUri = notThePushedRedirectUri, Client = new Client() - }); + }, default); result.ShouldBe(false); } @@ -110,7 +110,7 @@ public class ParRedirectUriValidatorTests { RedirectUris = { "https://registered.example.com" } } - }); + }, default); registeredRedirectUri.ShouldNotBe(pushedRedirectUri); result.ShouldBe(true); @@ -139,7 +139,7 @@ public class ParRedirectUriValidatorTests { RedirectUris = { "https://registered.example.com" } } - }); + }, default); registeredRedirectUri.ShouldNotBe(requestedRedirectUri); result.ShouldBe(false); diff --git a/identity-server/test/IdentityServer.UnitTests/Stores/ValidatingClientStoreTests.cs b/identity-server/test/IdentityServer.UnitTests/Stores/ValidatingClientStoreTests.cs index d077e78b5..be738566c 100644 --- a/identity-server/test/IdentityServer.UnitTests/Stores/ValidatingClientStoreTests.cs +++ b/identity-server/test/IdentityServer.UnitTests/Stores/ValidatingClientStoreTests.cs @@ -182,7 +182,7 @@ public class ValidatingClientStoreTests _errorMessage = errorMessage; } - public Task ValidateAsync(ClientConfigurationValidationContext context) + public Task ValidateAsync(ClientConfigurationValidationContext context, CT ct) { var isValid = _validationFunc != null ? _validationFunc(context.Client) : _isValid; diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ClientValidation_Code.cs b/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ClientValidation_Code.cs index a2848a395..56c9bfa36 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ClientValidation_Code.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ClientValidation_Code.cs @@ -13,6 +13,7 @@ namespace UnitTests.Validation.AuthorizeRequest_Validation; public class Authorize_ClientValidation_Code { private IdentityServerOptions _options = TestIdentityServerOptions.Create(); + private readonly CT _ct = TestContext.Current.CancellationToken; [Fact] [Trait("Category", "AuthorizeRequest Client Validation - Code")] @@ -25,7 +26,7 @@ public class Authorize_ClientValidation_Code parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidScope); @@ -42,7 +43,7 @@ public class Authorize_ClientValidation_Code parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest); @@ -60,7 +61,7 @@ public class Authorize_ClientValidation_Code parameters.Add(OidcConstants.AuthorizeRequest.Nonce, "abc"); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.UnauthorizedClient); @@ -78,7 +79,7 @@ public class Authorize_ClientValidation_Code parameters.Add(OidcConstants.AuthorizeRequest.Nonce, "abc"); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.UnauthorizedClient); @@ -95,7 +96,7 @@ public class Authorize_ClientValidation_Code parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.UnauthorizedClient); @@ -112,7 +113,7 @@ public class Authorize_ClientValidation_Code parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidScope); diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ClientValidation_IdToken.cs b/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ClientValidation_IdToken.cs index 2353a176e..77783beab 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ClientValidation_IdToken.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ClientValidation_IdToken.cs @@ -13,6 +13,7 @@ namespace UnitTests.Validation.AuthorizeRequest_Validation; public class Authorize_ClientValidation_IdToken { private IdentityServerOptions _options = TestIdentityServerOptions.Create(); + private readonly CT _ct = TestContext.Current.CancellationToken; [Fact] [Trait("Category", "AuthorizeRequest Client Validation - IdToken")] @@ -26,7 +27,7 @@ public class Authorize_ClientValidation_IdToken parameters.Add(OidcConstants.AuthorizeRequest.Nonce, "abc"); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidScope); diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ClientValidation_Invalid.cs b/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ClientValidation_Invalid.cs index ef35ac122..046057556 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ClientValidation_Invalid.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ClientValidation_Invalid.cs @@ -13,6 +13,7 @@ namespace UnitTests.Validation.AuthorizeRequest_Validation; public class Authorize_ClientValidation_Invalid { private const string Category = "AuthorizeRequest Client Validation - Invalid"; + private readonly CT _ct = TestContext.Current.CancellationToken; private IdentityServerOptions _options = TestIdentityServerOptions.Create(); @@ -27,7 +28,7 @@ public class Authorize_ClientValidation_Invalid parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.IdToken); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.UnauthorizedClient); diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ClientValidation_Token.cs b/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ClientValidation_Token.cs index c44198a06..4e38e4549 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ClientValidation_Token.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ClientValidation_Token.cs @@ -13,6 +13,7 @@ namespace UnitTests.Validation.AuthorizeRequest_Validation; public class Authorize_ClientValidation_Token { private const string Category = "AuthorizeRequest Client Validation - Token"; + private readonly CT _ct = TestContext.Current.CancellationToken; private IdentityServerOptions _options = TestIdentityServerOptions.Create(); @@ -27,7 +28,7 @@ public class Authorize_ClientValidation_Token parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Token); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidScope); @@ -45,7 +46,7 @@ public class Authorize_ClientValidation_Token parameters.Add(OidcConstants.AuthorizeRequest.Nonce, "abc"); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest); @@ -64,7 +65,7 @@ public class Authorize_ClientValidation_Token parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.CodeIdTokenToken); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest); diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ClientValidation_Valid.cs b/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ClientValidation_Valid.cs index cf0ff34db..ac4d544bb 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ClientValidation_Valid.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ClientValidation_Valid.cs @@ -13,6 +13,7 @@ namespace UnitTests.Validation.AuthorizeRequest_Validation; public class Authorize_ClientValidation_Valid { private const string Category = "AuthorizeRequest Client Validation - Valid"; + private readonly CT _ct = TestContext.Current.CancellationToken; private IdentityServerOptions _options = TestIdentityServerOptions.Create(); @@ -27,7 +28,7 @@ public class Authorize_ClientValidation_Valid parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.IsError.ShouldBeFalse(); } @@ -43,7 +44,7 @@ public class Authorize_ClientValidation_Valid parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.IsError.ShouldBeFalse(); } @@ -59,7 +60,7 @@ public class Authorize_ClientValidation_Valid parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.IsError.ShouldBeFalse(); } @@ -75,7 +76,7 @@ public class Authorize_ClientValidation_Valid parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.IsError.ShouldBeFalse(); } @@ -92,7 +93,7 @@ public class Authorize_ClientValidation_Valid parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.CodeIdToken); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.IsError.ShouldBeFalse(); } @@ -109,7 +110,7 @@ public class Authorize_ClientValidation_Valid parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.CodeIdTokenToken); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.IsError.ShouldBeFalse(); } @@ -126,7 +127,7 @@ public class Authorize_ClientValidation_Valid parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.CodeIdToken); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.IsError.ShouldBeFalse(); } @@ -143,7 +144,7 @@ public class Authorize_ClientValidation_Valid parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.CodeIdTokenToken); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.IsError.ShouldBeFalse(); } @@ -160,7 +161,7 @@ public class Authorize_ClientValidation_Valid parameters.Add(OidcConstants.AuthorizeRequest.Nonce, "abc"); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.IsError.ShouldBeFalse(); } @@ -177,7 +178,7 @@ public class Authorize_ClientValidation_Valid parameters.Add(OidcConstants.AuthorizeRequest.Nonce, "abc"); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.IsError.ShouldBeFalse(); } @@ -194,7 +195,7 @@ public class Authorize_ClientValidation_Valid parameters.Add(OidcConstants.AuthorizeRequest.Nonce, "abc"); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.IsError.ShouldBeFalse(); } @@ -210,7 +211,7 @@ public class Authorize_ClientValidation_Valid parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Token); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.IsError.ShouldBeFalse(); } @@ -227,7 +228,7 @@ public class Authorize_ClientValidation_Valid parameters.Add(OidcConstants.AuthorizeRequest.Nonce, "abc"); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.IsError.ShouldBeFalse(); } diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ProtocolValidation_CustomValidator.cs b/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ProtocolValidation_CustomValidator.cs index 7a360880e..803015ffb 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ProtocolValidation_CustomValidator.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ProtocolValidation_CustomValidator.cs @@ -28,7 +28,7 @@ public class Authorize_ProtocolValidation_CustomValidator parameters.Add(OidcConstants.AuthorizeRequest.RedirectUri, "https://server/cb"); parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code); - var result = await _subject.ValidateAsync(parameters); + var result = await _subject.ValidateAsync(parameters, default); _stubAuthorizeRequestValidator.WasCalled.ShouldBeTrue(); } @@ -47,7 +47,7 @@ public class Authorize_ProtocolValidation_CustomValidator { ctx.Result = new AuthorizeRequestValidationResult(ctx.Result.ValidatedRequest, "foo", "bar"); }; - var result = await _subject.ValidateAsync(parameters); + var result = await _subject.ValidateAsync(parameters, default); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("foo"); @@ -60,7 +60,7 @@ public class StubAuthorizeRequestValidator : ICustomAuthorizeRequestValidator public Action Callback; public bool WasCalled { get; set; } - public Task ValidateAsync(CustomAuthorizeRequestValidationContext context) + public Task ValidateAsync(CustomAuthorizeRequestValidationContext context, CT ct) { WasCalled = true; Callback?.Invoke(context); diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ProtocolValidation_Invalid.cs b/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ProtocolValidation_Invalid.cs index 3002a2fa1..61637b76f 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ProtocolValidation_Invalid.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ProtocolValidation_Invalid.cs @@ -19,7 +19,7 @@ public class Authorize_ProtocolValidation_Invalid { var validator = Factory.CreateAuthorizeRequestValidator(); - Func act = () => validator.ValidateAsync(null); + Func act = () => validator.ValidateAsync(null, default); await act.ShouldThrowAsync(); } @@ -29,7 +29,7 @@ public class Authorize_ProtocolValidation_Invalid public async Task Empty_Parameters() { var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(new NameValueCollection()); + var result = await validator.ValidateAsync(new NameValueCollection(), default); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest); @@ -47,7 +47,7 @@ public class Authorize_ProtocolValidation_Invalid parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Token); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, default); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidScope); @@ -65,7 +65,7 @@ public class Authorize_ProtocolValidation_Invalid parameters.Add(OidcConstants.AuthorizeRequest.Nonce, "abc"); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, default); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest); @@ -82,7 +82,7 @@ public class Authorize_ProtocolValidation_Invalid parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Token); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, default); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidScope); @@ -99,7 +99,7 @@ public class Authorize_ProtocolValidation_Invalid parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.IdToken); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, default); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest); @@ -115,7 +115,7 @@ public class Authorize_ProtocolValidation_Invalid parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, default); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest); @@ -131,7 +131,7 @@ public class Authorize_ProtocolValidation_Invalid parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, default); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest); @@ -147,7 +147,7 @@ public class Authorize_ProtocolValidation_Invalid parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, default); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest); @@ -166,7 +166,7 @@ public class Authorize_ProtocolValidation_Invalid parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, default); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest); @@ -183,7 +183,7 @@ public class Authorize_ProtocolValidation_Invalid parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, default); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest); @@ -199,7 +199,7 @@ public class Authorize_ProtocolValidation_Invalid parameters.Add(OidcConstants.AuthorizeRequest.RedirectUri, "https://server/cb"); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, default); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest); @@ -216,7 +216,7 @@ public class Authorize_ProtocolValidation_Invalid parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, "unknown"); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, default); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.UnsupportedResponseType); @@ -234,7 +234,7 @@ public class Authorize_ProtocolValidation_Invalid parameters.Add(OidcConstants.AuthorizeRequest.ResponseMode, OidcConstants.ResponseModes.Query); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, default); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest); @@ -252,7 +252,7 @@ public class Authorize_ProtocolValidation_Invalid parameters.Add(OidcConstants.AuthorizeRequest.ResponseMode, OidcConstants.ResponseModes.Query); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, default); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest); @@ -270,7 +270,7 @@ public class Authorize_ProtocolValidation_Invalid parameters.Add(OidcConstants.AuthorizeRequest.ResponseMode, OidcConstants.ResponseModes.Query); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, default); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest); @@ -288,7 +288,7 @@ public class Authorize_ProtocolValidation_Invalid parameters.Add(OidcConstants.AuthorizeRequest.ResponseMode, OidcConstants.ResponseModes.Query); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, default); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest); @@ -306,7 +306,7 @@ public class Authorize_ProtocolValidation_Invalid parameters.Add(OidcConstants.AuthorizeRequest.ResponseMode, OidcConstants.ResponseModes.Query); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, default); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest); @@ -324,7 +324,7 @@ public class Authorize_ProtocolValidation_Invalid parameters.Add(OidcConstants.AuthorizeRequest.MaxAge, "malformed"); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, default); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest); @@ -342,7 +342,7 @@ public class Authorize_ProtocolValidation_Invalid parameters.Add(OidcConstants.AuthorizeRequest.MaxAge, "-1"); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, default); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest); @@ -360,7 +360,7 @@ public class Authorize_ProtocolValidation_Invalid parameters.Add(OidcConstants.AuthorizeRequest.ResponseMode, OidcConstants.ResponseModes.Query); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, default); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest); @@ -378,7 +378,7 @@ public class Authorize_ProtocolValidation_Invalid parameters.Add(OidcConstants.AuthorizeRequest.ResponseMode, OidcConstants.ResponseModes.Query); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, default); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest); @@ -397,7 +397,7 @@ public class Authorize_ProtocolValidation_Invalid parameters.Add(OidcConstants.AuthorizeRequest.Prompt, "none login"); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, default); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest); diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ProtocolValidation_PKCE.cs b/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ProtocolValidation_PKCE.cs index ea57fe7a9..97aa425e6 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ProtocolValidation_PKCE.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ProtocolValidation_PKCE.cs @@ -31,7 +31,7 @@ public class Authorize_ProtocolValidation_Valid_PKCE parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, default); result.IsError.ShouldBe(true); result.ErrorDescription.ShouldBe("Transform algorithm not supported"); @@ -52,7 +52,7 @@ public class Authorize_ProtocolValidation_Valid_PKCE parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, default); result.IsError.ShouldBe(false); } @@ -71,7 +71,7 @@ public class Authorize_ProtocolValidation_Valid_PKCE parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, default); result.IsError.ShouldBe(false); } @@ -90,7 +90,7 @@ public class Authorize_ProtocolValidation_Valid_PKCE parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, default); result.IsError.ShouldBe(true); result.ErrorDescription.ShouldBe("Transform algorithm not supported"); @@ -108,7 +108,7 @@ public class Authorize_ProtocolValidation_Valid_PKCE parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, default); result.IsError.ShouldBe(true); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest); @@ -126,7 +126,7 @@ public class Authorize_ProtocolValidation_Valid_PKCE parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.CodeIdToken); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, default); result.IsError.ShouldBe(true); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest); @@ -150,7 +150,7 @@ public class Authorize_ProtocolValidation_Valid_PKCE parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, default); result.IsError.ShouldBe(true); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest); @@ -174,7 +174,7 @@ public class Authorize_ProtocolValidation_Valid_PKCE parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, default); result.IsError.ShouldBe(true); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest); @@ -197,7 +197,7 @@ public class Authorize_ProtocolValidation_Valid_PKCE parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, default); result.IsError.ShouldBe(true); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidRequest); diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ProtocolValidation_Resources.cs b/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ProtocolValidation_Resources.cs index 09334abef..1f8013cf5 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ProtocolValidation_Resources.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ProtocolValidation_Resources.cs @@ -20,6 +20,7 @@ namespace UnitTests.Validation.AuthorizeRequest_Validation; public class Authorize_ProtocolValidation_Resources { private const string Category = "AuthorizeRequest Protocol Validation - Resources"; + private readonly CT _ct = TestContext.Current.CancellationToken; private readonly AuthorizeRequestValidator _subject; @@ -69,7 +70,7 @@ public class Authorize_ProtocolValidation_Resources parameters.Add(OidcConstants.AuthorizeRequest.RedirectUri, "https://client1"); parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code); - var result = await _subject.ValidateAsync(parameters); + var result = await _subject.ValidateAsync(parameters, _ct); result.IsError.ShouldBe(false); result.ValidatedRequest.RequestedResourceIndicators.ShouldBeEmpty(); @@ -86,7 +87,7 @@ public class Authorize_ProtocolValidation_Resources parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code); parameters.Add("resource", "not_uri"); - var result = await _subject.ValidateAsync(parameters); + var result = await _subject.ValidateAsync(parameters, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_target"); @@ -103,7 +104,7 @@ public class Authorize_ProtocolValidation_Resources parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code); parameters.Add("resource", "http://resource1"); - var result = await _subject.ValidateAsync(parameters); + var result = await _subject.ValidateAsync(parameters, _ct); result.IsError.ShouldBeFalse(); } @@ -119,7 +120,7 @@ public class Authorize_ProtocolValidation_Resources parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Token); parameters.Add("resource", "http://resource1"); - var result = await _subject.ValidateAsync(parameters); + var result = await _subject.ValidateAsync(parameters, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_target"); @@ -136,7 +137,7 @@ public class Authorize_ProtocolValidation_Resources parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code); parameters.Add("resource", "http://resource1" + new string('x', 512)); - var result = await _subject.ValidateAsync(parameters); + var result = await _subject.ValidateAsync(parameters, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_target"); @@ -153,7 +154,7 @@ public class Authorize_ProtocolValidation_Resources parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code); parameters.Add("resource", "http://resource1#fragment"); - var result = await _subject.ValidateAsync(parameters); + var result = await _subject.ValidateAsync(parameters, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_target"); @@ -172,7 +173,7 @@ public class Authorize_ProtocolValidation_Resources parameters.Add("resource", "http://resource2"); parameters.Add("resource", "urn:test1"); - var result = await _subject.ValidateAsync(parameters); + var result = await _subject.ValidateAsync(parameters, _ct); result.IsError.ShouldBeFalse(); result.ValidatedRequest.RequestedResourceIndicators @@ -195,7 +196,7 @@ public class Authorize_ProtocolValidation_Resources { InvalidScopes = { "foo" } }; - var result = await _subject.ValidateAsync(parameters); + var result = await _subject.ValidateAsync(parameters, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_scope"); @@ -206,7 +207,7 @@ public class Authorize_ProtocolValidation_Resources { InvalidResourceIndicators = { "foo" } }; - var result = await _subject.ValidateAsync(parameters); + var result = await _subject.ValidateAsync(parameters, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_target"); diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ProtocolValidation_Valid.cs b/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ProtocolValidation_Valid.cs index 8e2e5aaa9..3c05ebea7 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ProtocolValidation_Valid.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/AuthorizeRequest Validation/Authorize_ProtocolValidation_Valid.cs @@ -12,6 +12,7 @@ namespace UnitTests.Validation.AuthorizeRequest_Validation; public class Authorize_ProtocolValidation_Valid { private const string Category = "AuthorizeRequest Protocol Validation - Valid"; + private readonly CT _ct = TestContext.Current.CancellationToken; [Fact] [Trait("Category", Category)] @@ -24,7 +25,7 @@ public class Authorize_ProtocolValidation_Valid parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.IsError.ShouldBe(false); } @@ -40,7 +41,7 @@ public class Authorize_ProtocolValidation_Valid parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.IsError.ShouldBeFalse(); } @@ -56,7 +57,7 @@ public class Authorize_ProtocolValidation_Valid parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Code); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.IsError.ShouldBeFalse(); } @@ -72,7 +73,7 @@ public class Authorize_ProtocolValidation_Valid parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.Token); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.IsError.ShouldBeFalse(); } @@ -89,7 +90,7 @@ public class Authorize_ProtocolValidation_Valid parameters.Add(OidcConstants.AuthorizeRequest.Nonce, "abc"); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.IsError.ShouldBeFalse(); } @@ -106,7 +107,7 @@ public class Authorize_ProtocolValidation_Valid parameters.Add(OidcConstants.AuthorizeRequest.Nonce, "abc"); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.IsError.ShouldBeFalse(); } @@ -124,7 +125,7 @@ public class Authorize_ProtocolValidation_Valid parameters.Add(OidcConstants.AuthorizeRequest.Nonce, "abc"); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.IsError.ShouldBeFalse(); } @@ -142,7 +143,7 @@ public class Authorize_ProtocolValidation_Valid parameters.Add(OidcConstants.AuthorizeRequest.Nonce, "abc"); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.IsError.ShouldBeFalse(); } @@ -158,7 +159,7 @@ public class Authorize_ProtocolValidation_Valid parameters.Add(OidcConstants.AuthorizeRequest.ResponseType, OidcConstants.ResponseTypes.CodeToken); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.IsError.ShouldBeFalse(); } @@ -175,7 +176,7 @@ public class Authorize_ProtocolValidation_Valid parameters.Add(OidcConstants.AuthorizeRequest.ResponseMode, OidcConstants.ResponseModes.Fragment); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.IsError.ShouldBeFalse(); } @@ -193,7 +194,7 @@ public class Authorize_ProtocolValidation_Valid parameters.Add(OidcConstants.AuthorizeRequest.Prompt, OidcConstants.PromptModes.None); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.ValidatedRequest.SessionId.ShouldNotBeNull(); } @@ -211,7 +212,7 @@ public class Authorize_ProtocolValidation_Valid parameters.Add(OidcConstants.AuthorizeRequest.Prompt, OidcConstants.PromptModes.Consent + ' ' + OidcConstants.PromptModes.Login); var validator = Factory.CreateAuthorizeRequestValidator(); - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.ValidatedRequest.PromptModes.Count().ShouldBe(2); result.ValidatedRequest.PromptModes.ShouldContain(OidcConstants.PromptModes.Login); @@ -233,13 +234,13 @@ public class Authorize_ProtocolValidation_Valid { parameters[OidcConstants.AuthorizeRequest.Prompt] = "consent login"; - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.ValidatedRequest.PromptModes.ShouldBe([OidcConstants.PromptModes.Consent, OidcConstants.PromptModes.Login]); } { parameters[OidcConstants.AuthorizeRequest.Prompt] = "consent login"; parameters[Constants.ProcessedPrompt] = "login"; - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.ValidatedRequest.PromptModes.ShouldBe([OidcConstants.PromptModes.Consent]); result.ValidatedRequest.OriginalPromptModes.ShouldBe([OidcConstants.PromptModes.Consent, OidcConstants.PromptModes.Login]); result.ValidatedRequest.ProcessedPromptModes.ShouldBe([OidcConstants.PromptModes.Login]); @@ -247,7 +248,7 @@ public class Authorize_ProtocolValidation_Valid { parameters[OidcConstants.AuthorizeRequest.Prompt] = "consent login"; parameters[Constants.ProcessedPrompt] = "login consent"; - var result = await validator.ValidateAsync(parameters); + var result = await validator.ValidateAsync(parameters, _ct); result.ValidatedRequest.PromptModes.ShouldBeEmpty(); result.ValidatedRequest.OriginalPromptModes.ShouldBe([OidcConstants.PromptModes.Consent, OidcConstants.PromptModes.Login]); result.ValidatedRequest.ProcessedPromptModes.ShouldBe([OidcConstants.PromptModes.Consent, OidcConstants.PromptModes.Login], true); diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/ClientConfigurationValidation.cs b/identity-server/test/IdentityServer.UnitTests/Validation/ClientConfigurationValidation.cs index db62bbcee..05dd2cd97 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/ClientConfigurationValidation.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/ClientConfigurationValidation.cs @@ -501,7 +501,7 @@ public class ClientConfigurationValidation private async Task ValidateAsync(Client client) { var context = new ClientConfigurationValidationContext(client); - await _validator.ValidateAsync(context); + await _validator.ValidateAsync(context, default); return context; } diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/DPoPProofValidatorTests.cs b/identity-server/test/IdentityServer.UnitTests/Validation/DPoPProofValidatorTests.cs index 0a221da00..43c5b0928 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/DPoPProofValidatorTests.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/DPoPProofValidatorTests.cs @@ -23,6 +23,7 @@ namespace UnitTests.Validation; public class DPoPProofValidatorTests { private const string Category = "DPoP validator tests"; + private readonly CT _ct = TestContext.Current.CancellationToken; private IdentityServerOptions _options = new IdentityServerOptions(); private FakeTimeProvider _timeProvider = new FakeTimeProvider(); @@ -133,7 +134,7 @@ public class DPoPProofValidatorTests { _context.ProofToken = CreateDPoPProofToken(); - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeFalse(); result.JsonWebKeyThumbprint.ShouldBe(_JKT); @@ -150,7 +151,7 @@ public class DPoPProofValidatorTests _payload["ath"] = accessTokenHash; _context.ProofToken = CreateDPoPProofToken(); - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeFalse(); result.JsonWebKeyThumbprint.ShouldBe(_JKT); @@ -182,7 +183,7 @@ public class DPoPProofValidatorTests _context.AccessTokenClaims = [CnfClaim()]; _context.ProofToken = CreateDPoPProofToken(); - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidDPoPProof); @@ -199,7 +200,7 @@ public class DPoPProofValidatorTests _payload["ath"] = "invalid"; _context.ProofToken = CreateDPoPProofToken(); - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); result.ErrorDescription.ShouldBe("Invalid 'ath' value."); @@ -217,7 +218,7 @@ public class DPoPProofValidatorTests _payload["ath"] = accessTokenHash; _context.ProofToken = CreateDPoPProofToken(); - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidDPoPProof); @@ -236,7 +237,7 @@ public class DPoPProofValidatorTests _payload["ath"] = accessTokenHash; _context.ProofToken = CreateDPoPProofToken(); - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidDPoPProof); @@ -254,7 +255,7 @@ public class DPoPProofValidatorTests _payload["ath"] = accessTokenHash; _context.ProofToken = CreateDPoPProofToken(); - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidDPoPProof); @@ -272,7 +273,7 @@ public class DPoPProofValidatorTests _payload["ath"] = accessTokenHash; _context.ProofToken = CreateDPoPProofToken(); - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidDPoPProof); @@ -294,7 +295,7 @@ public class DPoPProofValidatorTests _payload["ath"] = accessTokenHash; _context.ProofToken = CreateDPoPProofToken(); - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidDPoPProof); @@ -312,7 +313,7 @@ public class DPoPProofValidatorTests _payload["ath"] = accessTokenHash; _context.ProofToken = CreateDPoPProofToken(); - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidDPoPProof); @@ -343,7 +344,7 @@ public class DPoPProofValidatorTests _context.ProofToken = CreateDPoPProofToken(); _now = _now.AddMinutes(5); - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeFalse(); } @@ -354,7 +355,7 @@ public class DPoPProofValidatorTests _context.ProofToken = CreateDPoPProofToken(); _now = _now.AddMinutes(-5); - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeFalse(); } } @@ -376,11 +377,11 @@ public class DPoPProofValidatorTests _now = _now.AddMinutes(5); { - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeFalse(); } { - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); } } @@ -393,11 +394,11 @@ public class DPoPProofValidatorTests _now = _now.AddMinutes(-5); { - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeFalse(); } { - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); } } @@ -417,7 +418,7 @@ public class DPoPProofValidatorTests _context.ProofToken = CreateDPoPProofToken(); _now = _now.AddMinutes(5); - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeFalse(); } @@ -427,7 +428,7 @@ public class DPoPProofValidatorTests _context.ProofToken = CreateDPoPProofToken(); _now = _now.AddMinutes(-5); - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeFalse(); } } @@ -447,11 +448,11 @@ public class DPoPProofValidatorTests _now = _now.AddMinutes(5); { - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeFalse(); } { - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); } } @@ -463,11 +464,11 @@ public class DPoPProofValidatorTests _now = _now.AddMinutes(-5); { - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeFalse(); } { - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); } } @@ -483,11 +484,11 @@ public class DPoPProofValidatorTests _context.ProofToken = CreateDPoPProofToken(); { - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeFalse(); } { - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); } } @@ -498,7 +499,7 @@ public class DPoPProofValidatorTests { _context.ProofToken = ""; - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_dpop_proof"); } @@ -509,7 +510,7 @@ public class DPoPProofValidatorTests { _context.ProofToken = "malformed"; - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_dpop_proof"); @@ -523,7 +524,7 @@ public class DPoPProofValidatorTests _context.ProofToken = CreateDPoPProofToken(); - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_dpop_proof"); @@ -540,7 +541,7 @@ public class DPoPProofValidatorTests _context.ProofToken = CreateDPoPProofToken("HS256", key); - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_dpop_proof"); @@ -555,7 +556,7 @@ public class DPoPProofValidatorTests _context.ProofToken = CreateDPoPProofToken(); - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_dpop_proof"); @@ -569,7 +570,7 @@ public class DPoPProofValidatorTests _context.ProofToken = CreateDPoPProofToken(); - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_dpop_proof"); @@ -583,7 +584,7 @@ public class DPoPProofValidatorTests _context.ProofToken = CreateDPoPProofToken(); - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_dpop_proof"); @@ -597,7 +598,7 @@ public class DPoPProofValidatorTests _context.ProofToken = CreateDPoPProofToken(); - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_dpop_proof"); @@ -613,7 +614,7 @@ public class DPoPProofValidatorTests _context.ProofToken = CreateDPoPProofToken(); - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_dpop_proof"); @@ -627,7 +628,7 @@ public class DPoPProofValidatorTests _context.ProofToken = CreateDPoPProofToken(); - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_dpop_proof"); @@ -641,7 +642,7 @@ public class DPoPProofValidatorTests _context.ProofToken = CreateDPoPProofToken(); - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_dpop_proof"); @@ -655,7 +656,7 @@ public class DPoPProofValidatorTests _context.ProofToken = CreateDPoPProofToken(); - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_dpop_proof"); @@ -669,7 +670,7 @@ public class DPoPProofValidatorTests _context.ProofToken = CreateDPoPProofToken(); - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_dpop_proof"); @@ -683,7 +684,7 @@ public class DPoPProofValidatorTests _context.ProofToken = CreateDPoPProofToken(); - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_dpop_proof"); @@ -697,7 +698,7 @@ public class DPoPProofValidatorTests _context.ProofToken = CreateDPoPProofToken(); - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_dpop_proof"); @@ -711,7 +712,7 @@ public class DPoPProofValidatorTests _context.ProofToken = CreateDPoPProofToken(); - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_dpop_proof"); @@ -725,7 +726,7 @@ public class DPoPProofValidatorTests _context.ProofToken = CreateDPoPProofToken(); - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_dpop_proof"); @@ -740,7 +741,7 @@ public class DPoPProofValidatorTests _context.ProofToken = CreateDPoPProofToken(); _context.ClientClockSkew = TimeSpan.FromMinutes(1); - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeFalse(); } @@ -755,7 +756,7 @@ public class DPoPProofValidatorTests _context.ProofToken = CreateDPoPProofToken(); - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_dpop_proof"); @@ -771,7 +772,7 @@ public class DPoPProofValidatorTests _context.ProofToken = CreateDPoPProofToken(); - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeFalse(); } @@ -786,7 +787,7 @@ public class DPoPProofValidatorTests _context.ProofToken = CreateDPoPProofToken(); - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_dpop_proof"); @@ -801,7 +802,7 @@ public class DPoPProofValidatorTests _context.ProofToken = CreateDPoPProofToken(); - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("invalid_dpop_proof"); @@ -815,7 +816,7 @@ public class DPoPProofValidatorTests _context.ExpirationValidationMode = DPoPTokenExpirationValidationMode.Nonce; _context.ProofToken = CreateDPoPProofToken(); - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("use_dpop_nonce"); @@ -829,7 +830,7 @@ public class DPoPProofValidatorTests _context.ExpirationValidationMode = DPoPTokenExpirationValidationMode.Nonce; _context.ProofToken = CreateDPoPProofToken(); - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); @@ -837,7 +838,7 @@ public class DPoPProofValidatorTests _context.ProofToken = CreateDPoPProofToken(); - result = await _subject.ValidateAsync(_context); + result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeFalse(); result.JsonWebKeyThumbprint.ShouldBe(_JKT); @@ -850,7 +851,7 @@ public class DPoPProofValidatorTests _context.ProofToken = CreateDPoPProofToken(); _context.ExpirationValidationMode = DPoPTokenExpirationValidationMode.Nonce; - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); @@ -858,7 +859,7 @@ public class DPoPProofValidatorTests _context.ProofToken = CreateDPoPProofToken(); - result = await _subject.ValidateAsync(_context); + result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("use_dpop_nonce"); @@ -872,7 +873,7 @@ public class DPoPProofValidatorTests _context.ExpirationValidationMode = DPoPTokenExpirationValidationMode.Nonce; _context.ProofToken = CreateDPoPProofToken(); - var result = await _subject.ValidateAsync(_context); + var result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); @@ -883,7 +884,7 @@ public class DPoPProofValidatorTests _context.ProofToken = CreateDPoPProofToken(); - result = await _subject.ValidateAsync(_context); + result = await _subject.ValidateAsync(_context, _ct); result.IsError.ShouldBeTrue(); result.Error.ShouldBe("use_dpop_nonce"); diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/DefaultIssuerPathValidatorTests.cs b/identity-server/test/IdentityServer.UnitTests/Validation/DefaultIssuerPathValidatorTests.cs index 1422e0485..c7e688e8f 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/DefaultIssuerPathValidatorTests.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/DefaultIssuerPathValidatorTests.cs @@ -17,7 +17,7 @@ public class DefaultIssuerPathValidatorTests var subject = new DefaultIssuerPathValidator(issuerNameService, logger); var path = "/foo"; - var result = await subject.ValidateAsync(path); + var result = await subject.ValidateAsync(path, default); result.ShouldBeTrue(); } @@ -30,7 +30,7 @@ public class DefaultIssuerPathValidatorTests var subject = new DefaultIssuerPathValidator(issuerNameService, logger); var path = string.Empty; - var result = await subject.ValidateAsync(path); + var result = await subject.ValidateAsync(path, default); result.ShouldBeTrue(); } @@ -42,7 +42,7 @@ public class DefaultIssuerPathValidatorTests var logger = new FakeLogger(); var subject = new DefaultIssuerPathValidator(issuerNameService, logger); - var result = await subject.ValidateAsync(null); + var result = await subject.ValidateAsync(null, default); result.ShouldBeTrue(); } @@ -55,7 +55,7 @@ public class DefaultIssuerPathValidatorTests var subject = new DefaultIssuerPathValidator(issuerNameService, logger); var path = "/foo"; - var result = await subject.ValidateAsync(path); + var result = await subject.ValidateAsync(path, default); result.ShouldBeTrue(); } @@ -68,7 +68,7 @@ public class DefaultIssuerPathValidatorTests var subject = new DefaultIssuerPathValidator(issuerNameService, logger); var path = "/foo"; - var result = await subject.ValidateAsync(path); + var result = await subject.ValidateAsync(path, default); result.ShouldBeTrue(); } @@ -81,7 +81,7 @@ public class DefaultIssuerPathValidatorTests var subject = new DefaultIssuerPathValidator(issuerNameService, logger); var path = "/foo/bar"; - var result = await subject.ValidateAsync(path); + var result = await subject.ValidateAsync(path, default); result.ShouldBeTrue(); } @@ -94,7 +94,7 @@ public class DefaultIssuerPathValidatorTests var subject = new DefaultIssuerPathValidator(issuerNameService, logger); var path = "/foo"; - var result = await subject.ValidateAsync(path); + var result = await subject.ValidateAsync(path, default); result.ShouldBeFalse(); } @@ -107,7 +107,7 @@ public class DefaultIssuerPathValidatorTests var subject = new DefaultIssuerPathValidator(issuerNameService, logger); var path = "/foo"; - var result = await subject.ValidateAsync(path); + var result = await subject.ValidateAsync(path, default); result.ShouldBeFalse(); } diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/DeviceAuthorizationRequestValidation.cs b/identity-server/test/IdentityServer.UnitTests/Validation/DeviceAuthorizationRequestValidation.cs index 6814090f7..f394fc2c8 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/DeviceAuthorizationRequestValidation.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/DeviceAuthorizationRequestValidation.cs @@ -30,7 +30,7 @@ public class DeviceAuthorizationRequestValidation { var validator = Factory.CreateDeviceAuthorizationRequestValidator(); - Func act = () => validator.ValidateAsync(null, null); + Func act = () => validator.ValidateAsync(null, null, default); await act.ShouldThrowAsync(); } @@ -42,7 +42,7 @@ public class DeviceAuthorizationRequestValidation testClient.ProtocolType = IdentityServerConstants.ProtocolTypes.WsFederation; var validator = Factory.CreateDeviceAuthorizationRequestValidator(); - var result = await validator.ValidateAsync(testParameters, new ClientSecretValidationResult { Client = testClient }); + var result = await validator.ValidateAsync(testParameters, new ClientSecretValidationResult { Client = testClient }, default); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.UnauthorizedClient); @@ -55,7 +55,7 @@ public class DeviceAuthorizationRequestValidation testClient.AllowedGrantTypes = GrantTypes.Implicit; var validator = Factory.CreateDeviceAuthorizationRequestValidator(); - var result = await validator.ValidateAsync(testParameters, new ClientSecretValidationResult { Client = testClient }); + var result = await validator.ValidateAsync(testParameters, new ClientSecretValidationResult { Client = testClient }, default); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.UnauthorizedClient); @@ -68,7 +68,7 @@ public class DeviceAuthorizationRequestValidation var parameters = new NameValueCollection { { "scope", "resource2" } }; var validator = Factory.CreateDeviceAuthorizationRequestValidator(); - var result = await validator.ValidateAsync(parameters, new ClientSecretValidationResult { Client = testClient }); + var result = await validator.ValidateAsync(parameters, new ClientSecretValidationResult { Client = testClient }, default); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidScope); @@ -81,7 +81,7 @@ public class DeviceAuthorizationRequestValidation var parameters = new NameValueCollection { { "scope", Guid.NewGuid().ToString() } }; var validator = Factory.CreateDeviceAuthorizationRequestValidator(); - var result = await validator.ValidateAsync(parameters, new ClientSecretValidationResult { Client = testClient }); + var result = await validator.ValidateAsync(parameters, new ClientSecretValidationResult { Client = testClient }, default); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidScope); @@ -94,7 +94,7 @@ public class DeviceAuthorizationRequestValidation var parameters = new NameValueCollection { { "scope", "openid" } }; var validator = Factory.CreateDeviceAuthorizationRequestValidator(); - var result = await validator.ValidateAsync(parameters, new ClientSecretValidationResult { Client = testClient }); + var result = await validator.ValidateAsync(parameters, new ClientSecretValidationResult { Client = testClient }, default); result.IsError.ShouldBeFalse(); result.ValidatedRequest.IsOpenIdRequest.ShouldBeTrue(); @@ -116,7 +116,7 @@ public class DeviceAuthorizationRequestValidation var parameters = new NameValueCollection { { "scope", "resource" } }; var validator = Factory.CreateDeviceAuthorizationRequestValidator(); - var result = await validator.ValidateAsync(parameters, new ClientSecretValidationResult { Client = testClient }); + var result = await validator.ValidateAsync(parameters, new ClientSecretValidationResult { Client = testClient }, default); result.IsError.ShouldBeFalse(); result.ValidatedRequest.IsOpenIdRequest.ShouldBeFalse(); @@ -140,7 +140,7 @@ public class DeviceAuthorizationRequestValidation var parameters = new NameValueCollection { { "scope", "openid resource offline_access" } }; var validator = Factory.CreateDeviceAuthorizationRequestValidator(); - var result = await validator.ValidateAsync(parameters, new ClientSecretValidationResult { Client = testClient }); + var result = await validator.ValidateAsync(parameters, new ClientSecretValidationResult { Client = testClient }, default); result.IsError.ShouldBeFalse(); result.ValidatedRequest.IsOpenIdRequest.ShouldBeTrue(); @@ -168,7 +168,8 @@ public class DeviceAuthorizationRequestValidation var result = await validator.ValidateAsync( new NameValueCollection(), - new ClientSecretValidationResult { Client = testClient }); + new ClientSecretValidationResult { Client = testClient }, + default); result.IsError.ShouldBeFalse(); result.ValidatedRequest.RequestedScopes.ShouldContain(testClient.AllowedScopes); @@ -183,7 +184,8 @@ public class DeviceAuthorizationRequestValidation var result = await validator.ValidateAsync( new NameValueCollection(), - new ClientSecretValidationResult { Client = testClient }); + new ClientSecretValidationResult { Client = testClient }, + default); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.AuthorizeErrors.InvalidScope); diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/EndSessionRequestValidation/StubRedirectUriValidator.cs b/identity-server/test/IdentityServer.UnitTests/Validation/EndSessionRequestValidation/StubRedirectUriValidator.cs index db37fa947..84005f56c 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/EndSessionRequestValidation/StubRedirectUriValidator.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/EndSessionRequestValidation/StubRedirectUriValidator.cs @@ -12,7 +12,9 @@ public class StubRedirectUriValidator : IRedirectUriValidator public bool IsRedirectUriValid { get; set; } public bool IsPostLogoutRedirectUriValid { get; set; } - public Task IsPostLogoutRedirectUriValidAsync(string requestedUri, Client client) => Task.FromResult(IsPostLogoutRedirectUriValid); + public Task IsPostLogoutRedirectUriValidAsync(string requestedUri, Client client, CT ct) => Task.FromResult(IsPostLogoutRedirectUriValid); +#pragma warning disable CS0618 public Task IsRedirectUriValidAsync(string requestedUri, Client client) => Task.FromResult(IsRedirectUriValid); +#pragma warning restore CS0618 } diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/IdentityProviderConfigurationValidation.cs b/identity-server/test/IdentityServer.UnitTests/Validation/IdentityProviderConfigurationValidation.cs index 8efc267dd..314319e8b 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/IdentityProviderConfigurationValidation.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/IdentityProviderConfigurationValidation.cs @@ -38,7 +38,7 @@ public class IdentityProviderConfigurationValidation }; var ctx = new IdentityProviderConfigurationValidationContext(idp); - await _validator.ValidateAsync(ctx); + await _validator.ValidateAsync(ctx, default); ctx.IsValid.ShouldBeTrue(); } @@ -53,7 +53,7 @@ public class IdentityProviderConfigurationValidation }; var ctx = new IdentityProviderConfigurationValidationContext(idp); - await _validator.ValidateAsync(ctx); + await _validator.ValidateAsync(ctx, default); ctx.IsValid.ShouldBeFalse(); ctx.ErrorMessage.ShouldContain("registered"); @@ -71,7 +71,7 @@ public class IdentityProviderConfigurationValidation }; var ctx = new IdentityProviderConfigurationValidationContext(idp); - await _validator.ValidateAsync(ctx); + await _validator.ValidateAsync(ctx, default); ctx.IsValid.ShouldBeTrue(); } @@ -91,7 +91,7 @@ public class IdentityProviderConfigurationValidation idp.Scheme = ""; var ctx = new IdentityProviderConfigurationValidationContext(idp); - await _validator.ValidateAsync(ctx); + await _validator.ValidateAsync(ctx, default); ctx.IsValid.ShouldBeFalse(); ctx.ErrorMessage.ToLowerInvariant().ShouldContain("scheme"); @@ -112,7 +112,7 @@ public class IdentityProviderConfigurationValidation }; var ctx = new IdentityProviderConfigurationValidationContext(idp); - await _validator.ValidateAsync(ctx); + await _validator.ValidateAsync(ctx, default); ctx.IsValid.ShouldBeFalse(); ctx.ErrorMessage.ToLowerInvariant().ShouldContain("clientid"); @@ -134,7 +134,7 @@ public class IdentityProviderConfigurationValidation }; var ctx = new IdentityProviderConfigurationValidationContext(idp); - await _validator.ValidateAsync(ctx); + await _validator.ValidateAsync(ctx, default); ctx.IsValid.ShouldBeTrue(); } @@ -154,7 +154,7 @@ public class IdentityProviderConfigurationValidation }; var ctx = new IdentityProviderConfigurationValidationContext(idp); - await _validator.ValidateAsync(ctx); + await _validator.ValidateAsync(ctx, default); ctx.IsValid.ShouldBeFalse(); ctx.ErrorMessage.ToLowerInvariant().ShouldContain("authority"); @@ -175,7 +175,7 @@ public class IdentityProviderConfigurationValidation }; var ctx = new IdentityProviderConfigurationValidationContext(idp); - await _validator.ValidateAsync(ctx); + await _validator.ValidateAsync(ctx, default); ctx.IsValid.ShouldBeFalse(); ctx.ErrorMessage.ToLowerInvariant().ShouldContain("responsetype"); @@ -196,7 +196,7 @@ public class IdentityProviderConfigurationValidation }; var ctx = new IdentityProviderConfigurationValidationContext(idp); - await _validator.ValidateAsync(ctx); + await _validator.ValidateAsync(ctx, default); ctx.IsValid.ShouldBeFalse(); ctx.ErrorMessage.ToLowerInvariant().ShouldContain("scope"); @@ -217,7 +217,7 @@ public class IdentityProviderConfigurationValidation }; var ctx = new IdentityProviderConfigurationValidationContext(idp); - await _validator.ValidateAsync(ctx); + await _validator.ValidateAsync(ctx, default); ctx.IsValid.ShouldBeTrue(); } diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/RevocationRequestValidation.cs b/identity-server/test/IdentityServer.UnitTests/Validation/RevocationRequestValidation.cs index 754ce9805..43e1d4cf6 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/RevocationRequestValidation.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/RevocationRequestValidation.cs @@ -50,7 +50,7 @@ public class RevocationRequestValidation { var parameters = new NameValueCollection(); - var result = await _validator.ValidateRequestAsync(parameters, _client); + var result = await _validator.ValidateRequestAsync(parameters, _client, default); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidRequest); @@ -65,7 +65,7 @@ public class RevocationRequestValidation { "token_type_hint", "access_token" } }; - var result = await _validator.ValidateRequestAsync(parameters, _client); + var result = await _validator.ValidateRequestAsync(parameters, _client, default); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(OidcConstants.TokenErrors.InvalidRequest); @@ -81,7 +81,7 @@ public class RevocationRequestValidation { "token_type_hint", "access_token" } }; - var result = await _validator.ValidateRequestAsync(parameters, _client); + var result = await _validator.ValidateRequestAsync(parameters, _client, default); result.IsError.ShouldBeFalse(); result.Token.ShouldBe("foo"); @@ -98,7 +98,7 @@ public class RevocationRequestValidation { "token_type_hint", "refresh_token" } }; - var result = await _validator.ValidateRequestAsync(parameters, _client); + var result = await _validator.ValidateRequestAsync(parameters, _client, default); result.IsError.ShouldBeFalse(); result.Token.ShouldBe("foo"); @@ -114,7 +114,7 @@ public class RevocationRequestValidation { "token", "foo" } }; - var result = await _validator.ValidateRequestAsync(parameters, _client); + var result = await _validator.ValidateRequestAsync(parameters, _client, default); result.IsError.ShouldBeFalse(); result.Token.ShouldBe("foo"); @@ -131,7 +131,7 @@ public class RevocationRequestValidation { "token_type_hint", "invalid" } }; - var result = await _validator.ValidateRequestAsync(parameters, _client); + var result = await _validator.ValidateRequestAsync(parameters, _client, default); result.IsError.ShouldBeTrue(); result.Error.ShouldBe(Constants.RevocationErrors.UnsupportedTokenType); diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/Secrets/BasicAuthenticationCredentialParsing.cs b/identity-server/test/IdentityServer.UnitTests/Validation/Secrets/BasicAuthenticationCredentialParsing.cs index 9077e5a56..afe327b47 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/Secrets/BasicAuthenticationCredentialParsing.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/Secrets/BasicAuthenticationCredentialParsing.cs @@ -16,6 +16,7 @@ namespace UnitTests.Validation.Secrets; public class BasicAuthenticationSecretParsing { private const string Category = "Secrets - Basic Authentication Secret Parsing"; + private readonly CT _ct = TestContext.Current.CancellationToken; private IdentityServerOptions _options; private BasicAuthenticationSecretParser _parser; @@ -32,7 +33,7 @@ public class BasicAuthenticationSecretParsing { var context = new DefaultHttpContext(); - var secret = await _parser.ParseAsync(context); + var secret = await _parser.ParseAsync(context, _ct); secret.ShouldBeNull(); } @@ -48,7 +49,7 @@ public class BasicAuthenticationSecretParsing context.Request.Headers.Append("Authorization", new StringValues(headerValue)); - var secret = await _parser.ParseAsync(context); + var secret = await _parser.ParseAsync(context, _ct); secret.Type.ShouldBe(IdentityServerConstants.ParsedSecretTypes.SharedSecret); secret.Id.ShouldBe("client"); @@ -79,7 +80,7 @@ public class BasicAuthenticationSecretParsing var headerValue = $"Basic {Convert.ToBase64String(encoding.GetBytes(credential))}"; context.Request.Headers.Append("Authorization", new StringValues(headerValue)); - var secret = await _parser.ParseAsync(context); + var secret = await _parser.ParseAsync(context, _ct); secret.Type.ShouldBe(IdentityServerConstants.ParsedSecretTypes.SharedSecret); secret.Id.ShouldBe(userName); @@ -104,7 +105,7 @@ public class BasicAuthenticationSecretParsing var headerValue = $"Basic {credential}"; context.Request.Headers.Append("Authorization", new StringValues(headerValue)); - var secret = await _parser.ParseAsync(context); + var secret = await _parser.ParseAsync(context, _ct); secret.Type.ShouldBe(IdentityServerConstants.ParsedSecretTypes.SharedSecret); secret.Id.ShouldBe(userName); @@ -121,7 +122,7 @@ public class BasicAuthenticationSecretParsing Convert.ToBase64String(Encoding.UTF8.GetBytes("client:"))); context.Request.Headers.Append("Authorization", new StringValues(headerValue)); - var secret = await _parser.ParseAsync(context); + var secret = await _parser.ParseAsync(context, _ct); secret.Type.ShouldBe(IdentityServerConstants.ParsedSecretTypes.NoSecret); secret.Id.ShouldBe("client"); @@ -136,7 +137,7 @@ public class BasicAuthenticationSecretParsing context.Request.Headers.Append("Authorization", new StringValues(string.Empty)); - var secret = await _parser.ParseAsync(context); + var secret = await _parser.ParseAsync(context, _ct); secret.ShouldBeNull(); } @@ -154,7 +155,7 @@ public class BasicAuthenticationSecretParsing Convert.ToBase64String(Encoding.UTF8.GetBytes(credential))); context.Request.Headers.Append("Authorization", new StringValues(headerValue)); - var secret = await _parser.ParseAsync(context); + var secret = await _parser.ParseAsync(context, _ct); secret.ShouldBeNull(); } @@ -171,7 +172,7 @@ public class BasicAuthenticationSecretParsing Convert.ToBase64String(Encoding.UTF8.GetBytes(credential))); context.Request.Headers.Append("Authorization", new StringValues(headerValue)); - var secret = await _parser.ParseAsync(context); + var secret = await _parser.ParseAsync(context, _ct); secret.ShouldBeNull(); } @@ -200,7 +201,7 @@ public class BasicAuthenticationSecretParsing Convert.ToBase64String(Encoding.UTF8.GetBytes(credential))); context.Request.Headers.Append("Authorization", new StringValues(headerValue)); - var secret = await parser.ParseAsync(context); + var secret = await parser.ParseAsync(context, _ct); secret.Id.ShouldBe(clientId); secret.Credential.ShouldBe(clientSecret); } @@ -244,7 +245,7 @@ public class BasicAuthenticationSecretParsing Convert.ToBase64String(Encoding.UTF8.GetBytes(credential))); context.Request.Headers.Append("Authorization", new StringValues(headerValue)); - var secret = await parser.ParseAsync(context); + var secret = await parser.ParseAsync(context, _ct); secret.ShouldBeNull(); } @@ -256,7 +257,7 @@ public class BasicAuthenticationSecretParsing context.Request.Headers.Append("Authorization", new StringValues("Basic ")); - var secret = await _parser.ParseAsync(context); + var secret = await _parser.ParseAsync(context, _ct); secret.ShouldBeNull(); } @@ -269,7 +270,7 @@ public class BasicAuthenticationSecretParsing context.Request.Headers.Append("Authorization", new StringValues("Unknown")); - var secret = await _parser.ParseAsync(context); + var secret = await _parser.ParseAsync(context, _ct); secret.ShouldBeNull(); } @@ -282,7 +283,7 @@ public class BasicAuthenticationSecretParsing context.Request.Headers.Append("Authorization", new StringValues("Basic somerandomdata")); - var secret = await _parser.ParseAsync(context); + var secret = await _parser.ParseAsync(context, _ct); secret.ShouldBeNull(); } @@ -297,7 +298,7 @@ public class BasicAuthenticationSecretParsing Convert.ToBase64String(Encoding.UTF8.GetBytes("client"))); context.Request.Headers.Append("Authorization", new StringValues(headerValue)); - var secret = await _parser.ParseAsync(context); + var secret = await _parser.ParseAsync(context, _ct); secret.ShouldBeNull(); } diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/Secrets/ClientAssertionSecretParsing.cs b/identity-server/test/IdentityServer.UnitTests/Validation/Secrets/ClientAssertionSecretParsing.cs index 0782cb58e..651340ef2 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/Secrets/ClientAssertionSecretParsing.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/Secrets/ClientAssertionSecretParsing.cs @@ -18,6 +18,7 @@ public class ClientAssertionSecretParsing { private IdentityServerOptions _options; private JwtBearerClientAssertionSecretParser _parser; + private readonly CT _ct = TestContext.Current.CancellationToken; public ClientAssertionSecretParsing() { @@ -32,7 +33,7 @@ public class ClientAssertionSecretParsing context.Request.Body = new MemoryStream(); context.Request.ContentType = "application/x-www-form-urlencoded"; - var secret = await _parser.ParseAsync(context); + var secret = await _parser.ParseAsync(context, _ct); secret.ShouldBeNull(); } @@ -50,7 +51,7 @@ public class ClientAssertionSecretParsing context.Request.Body = new MemoryStream(Encoding.UTF8.GetBytes(body)); context.Request.ContentType = "application/x-www-form-urlencoded"; - var secret = await _parser.ParseAsync(context); + var secret = await _parser.ParseAsync(context, _ct); secret.ShouldNotBeNull(); secret.Type.ShouldBe(IdentityServerConstants.ParsedSecretTypes.JwtBearer); @@ -68,7 +69,7 @@ public class ClientAssertionSecretParsing context.Request.Body = new MemoryStream(Encoding.UTF8.GetBytes(body)); context.Request.ContentType = "application/x-www-form-urlencoded"; - var secret = await _parser.ParseAsync(context); + var secret = await _parser.ParseAsync(context, _ct); secret.ShouldBeNull(); } @@ -83,7 +84,7 @@ public class ClientAssertionSecretParsing context.Request.Body = new MemoryStream(Encoding.UTF8.GetBytes(body)); context.Request.ContentType = "application/x-www-form-urlencoded"; - var secret = await _parser.ParseAsync(context); + var secret = await _parser.ParseAsync(context, _ct); secret.ShouldBeNull(); } @@ -97,7 +98,7 @@ public class ClientAssertionSecretParsing context.Request.Body = new MemoryStream(Encoding.UTF8.GetBytes(body)); context.Request.ContentType = "application/x-www-form-urlencoded"; - var secret = await _parser.ParseAsync(context); + var secret = await _parser.ParseAsync(context, _ct); secret.ShouldBeNull(); } @@ -113,7 +114,7 @@ public class ClientAssertionSecretParsing context.Request.Body = new MemoryStream(Encoding.UTF8.GetBytes(body)); context.Request.ContentType = "application/x-www-form-urlencoded"; - var secret = await _parser.ParseAsync(context); + var secret = await _parser.ParseAsync(context, _ct); secret.ShouldBeNull(); } @@ -129,7 +130,7 @@ public class ClientAssertionSecretParsing context.Request.Body = new MemoryStream(Encoding.UTF8.GetBytes(body)); context.Request.ContentType = "application/x-www-form-urlencoded"; - var secret = await _parser.ParseAsync(context); + var secret = await _parser.ParseAsync(context, _ct); secret.ShouldBeNull(); } diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/Secrets/ClientSecretValidation.cs b/identity-server/test/IdentityServer.UnitTests/Validation/Secrets/ClientSecretValidation.cs index 647058ca8..116f5fb05 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/Secrets/ClientSecretValidation.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/Secrets/ClientSecretValidation.cs @@ -24,7 +24,7 @@ public class ClientSecretValidation context.Request.Body = new MemoryStream(Encoding.UTF8.GetBytes(body)); context.Request.ContentType = "application/x-www-form-urlencoded"; - var result = await validator.ValidateAsync(context); + var result = await validator.ValidateAsync(context, default); result.IsError.ShouldBeFalse(); result.Client.ClientId.ShouldBe("roclient"); @@ -42,7 +42,7 @@ public class ClientSecretValidation context.Request.Body = new MemoryStream(Encoding.UTF8.GetBytes(body)); context.Request.ContentType = "application/x-www-form-urlencoded"; - var result = await validator.ValidateAsync(context); + var result = await validator.ValidateAsync(context, default); result.IsError.ShouldBeTrue(); } @@ -59,7 +59,7 @@ public class ClientSecretValidation context.Request.Body = new MemoryStream(Encoding.UTF8.GetBytes(body)); context.Request.ContentType = "application/x-www-form-urlencoded"; - var result = await validator.ValidateAsync(context); + var result = await validator.ValidateAsync(context, default); result.IsError.ShouldBeFalse(); result.Client.ClientId.ShouldBe("roclient.public"); @@ -78,7 +78,7 @@ public class ClientSecretValidation context.Request.Body = new MemoryStream(Encoding.UTF8.GetBytes(body)); context.Request.ContentType = "application/x-www-form-urlencoded"; - var result = await validator.ValidateAsync(context); + var result = await validator.ValidateAsync(context, default); result.IsError.ShouldBeFalse(); result.Client.ClientId.ShouldBe("client.implicit"); @@ -96,7 +96,7 @@ public class ClientSecretValidation context.Request.Body = new MemoryStream(Encoding.UTF8.GetBytes(body)); context.Request.ContentType = "application/x-www-form-urlencoded"; - var result = await validator.ValidateAsync(context); + var result = await validator.ValidateAsync(context, default); result.IsError.ShouldBeTrue(); } diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/Secrets/FormPostCredentialParsing.cs b/identity-server/test/IdentityServer.UnitTests/Validation/Secrets/FormPostCredentialParsing.cs index 7983c2030..bfede3a2d 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/Secrets/FormPostCredentialParsing.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/Secrets/FormPostCredentialParsing.cs @@ -15,6 +15,7 @@ namespace UnitTests.Validation.Secrets; public class FormPostCredentialExtraction { private const string Category = "Secrets - Form Post Secret Parsing"; + private readonly CT _ct = TestContext.Current.CancellationToken; private IdentityServerOptions _options; private PostBodySecretParser _parser; @@ -32,7 +33,7 @@ public class FormPostCredentialExtraction var context = new DefaultHttpContext(); context.Request.Body = new MemoryStream(); - var secret = await _parser.ParseAsync(context); + var secret = await _parser.ParseAsync(context, _ct); secret.ShouldBeNull(); } @@ -48,7 +49,7 @@ public class FormPostCredentialExtraction context.Request.Body = new MemoryStream(Encoding.UTF8.GetBytes(body)); context.Request.ContentType = "application/x-www-form-urlencoded"; - var secret = await _parser.ParseAsync(context); + var secret = await _parser.ParseAsync(context, _ct); secret.Type.ShouldBe(IdentityServerConstants.ParsedSecretTypes.SharedSecret); secret.Id.ShouldBe("client"); @@ -67,7 +68,7 @@ public class FormPostCredentialExtraction context.Request.Body = new MemoryStream(Encoding.UTF8.GetBytes(body)); context.Request.ContentType = "application/x-www-form-urlencoded"; - var secret = await _parser.ParseAsync(context); + var secret = await _parser.ParseAsync(context, _ct); secret.ShouldBeNull(); } @@ -84,7 +85,7 @@ public class FormPostCredentialExtraction context.Request.Body = new MemoryStream(Encoding.UTF8.GetBytes(body)); context.Request.ContentType = "application/x-www-form-urlencoded"; - var secret = await _parser.ParseAsync(context); + var secret = await _parser.ParseAsync(context, _ct); secret.ShouldBeNull(); } @@ -100,7 +101,7 @@ public class FormPostCredentialExtraction context.Request.Body = new MemoryStream(Encoding.UTF8.GetBytes(body)); context.Request.ContentType = "application/x-www-form-urlencoded"; - var secret = await _parser.ParseAsync(context); + var secret = await _parser.ParseAsync(context, _ct); secret.ShouldBeNull(); } @@ -116,7 +117,7 @@ public class FormPostCredentialExtraction context.Request.Body = new MemoryStream(Encoding.UTF8.GetBytes(body)); context.Request.ContentType = "application/x-www-form-urlencoded"; - var secret = await _parser.ParseAsync(context); + var secret = await _parser.ParseAsync(context, _ct); secret.ShouldNotBeNull(); secret.Type.ShouldBe(IdentityServerConstants.ParsedSecretTypes.NoSecret); @@ -133,7 +134,7 @@ public class FormPostCredentialExtraction context.Request.Body = new MemoryStream(Encoding.UTF8.GetBytes(body)); context.Request.ContentType = "application/x-www-form-urlencoded"; - var secret = await _parser.ParseAsync(context); + var secret = await _parser.ParseAsync(context, _ct); secret.ShouldBeNull(); } diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/Secrets/HashedSharedSecretValidation.cs b/identity-server/test/IdentityServer.UnitTests/Validation/Secrets/HashedSharedSecretValidation.cs index da4524c00..d48c7974e 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/Secrets/HashedSharedSecretValidation.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/Secrets/HashedSharedSecretValidation.cs @@ -33,7 +33,7 @@ public class HashedSharedSecretValidation Type = IdentityServerConstants.ParsedSecretTypes.SharedSecret }; - var result = await _validator.ValidateAsync(client.ClientSecrets, secret); + var result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeTrue(); } @@ -52,7 +52,7 @@ public class HashedSharedSecretValidation Type = "invalid" }; - var result = await _validator.ValidateAsync(client.ClientSecrets, secret); + var result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeFalse(); } @@ -71,19 +71,19 @@ public class HashedSharedSecretValidation Type = IdentityServerConstants.ParsedSecretTypes.SharedSecret }; - var result = await _validator.ValidateAsync(client.ClientSecrets, secret); + var result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeTrue(); secret.Credential = "foobar"; - result = await _validator.ValidateAsync(client.ClientSecrets, secret); + result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeTrue(); secret.Credential = "quux"; - result = await _validator.ValidateAsync(client.ClientSecrets, secret); + result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeTrue(); secret.Credential = "notexpired"; - result = await _validator.ValidateAsync(client.ClientSecrets, secret); + result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeTrue(); } @@ -101,7 +101,7 @@ public class HashedSharedSecretValidation Type = IdentityServerConstants.ParsedSecretTypes.SharedSecret }; - var result = await _validator.ValidateAsync(client.ClientSecrets, secret); + var result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeFalse(); } @@ -120,7 +120,7 @@ public class HashedSharedSecretValidation Type = IdentityServerConstants.ParsedSecretTypes.SharedSecret }; - var result = await _validator.ValidateAsync(client.ClientSecrets, secret); + var result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeFalse(); } @@ -137,7 +137,7 @@ public class HashedSharedSecretValidation Type = IdentityServerConstants.ParsedSecretTypes.SharedSecret }; - var result = await _validator.ValidateAsync(client.ClientSecrets, secret); + var result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeFalse(); } @@ -155,7 +155,7 @@ public class HashedSharedSecretValidation Credential = "secret" }; - var result = await _validator.ValidateAsync(client.ClientSecrets, secret); + var result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeFalse(); } } diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/Secrets/MutualTlsSecretValidation.cs b/identity-server/test/IdentityServer.UnitTests/Validation/Secrets/MutualTlsSecretValidation.cs index bd2b6d25c..a1906a2fc 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/Secrets/MutualTlsSecretValidation.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/Secrets/MutualTlsSecretValidation.cs @@ -39,7 +39,7 @@ public class MutualTlsSecretValidation Type = IdentityServerConstants.ParsedSecretTypes.SharedSecret }; - var result = await validator.ValidateAsync(client.ClientSecrets, secret); + var result = await validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeFalse(); } @@ -60,7 +60,7 @@ public class MutualTlsSecretValidation Type = IdentityServerConstants.ParsedSecretTypes.X509Certificate }; - Func act = async () => await validator.ValidateAsync(client.ClientSecrets, secret); + Func act = async () => await validator.ValidateAsync(client.ClientSecrets, secret, _ct); await act.ShouldThrowAsync(); } @@ -80,7 +80,7 @@ public class MutualTlsSecretValidation Type = IdentityServerConstants.ParsedSecretTypes.X509Certificate }; - var result = await validator.ValidateAsync(client.ClientSecrets, secret); + var result = await validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeFalse(); } @@ -101,7 +101,7 @@ public class MutualTlsSecretValidation Type = IdentityServerConstants.ParsedSecretTypes.X509Certificate }; - var result = await validator.ValidateAsync(client.ClientSecrets, secret); + var result = await validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeTrue(); } @@ -126,7 +126,7 @@ public class MutualTlsSecretValidation Type = IdentityServerConstants.ParsedSecretTypes.SharedSecret }; - var result = await validator.ValidateAsync(client.ClientSecrets, secret); + var result = await validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeFalse(); } @@ -147,7 +147,7 @@ public class MutualTlsSecretValidation Type = IdentityServerConstants.ParsedSecretTypes.X509Certificate }; - Func act = async () => await validator.ValidateAsync(client.ClientSecrets, secret); + Func act = async () => await validator.ValidateAsync(client.ClientSecrets, secret, _ct); await act.ShouldThrowAsync(); } @@ -167,7 +167,7 @@ public class MutualTlsSecretValidation Type = IdentityServerConstants.ParsedSecretTypes.X509Certificate }; - var result = await validator.ValidateAsync(client.ClientSecrets, secret); + var result = await validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeFalse(); } @@ -188,7 +188,7 @@ public class MutualTlsSecretValidation Type = IdentityServerConstants.ParsedSecretTypes.X509Certificate }; - var result = await validator.ValidateAsync(client.ClientSecrets, secret); + var result = await validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeTrue(); } diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/Secrets/PlainTextClientSecretValidation.cs b/identity-server/test/IdentityServer.UnitTests/Validation/Secrets/PlainTextClientSecretValidation.cs index e2fdc194b..e8696e0e6 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/Secrets/PlainTextClientSecretValidation.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/Secrets/PlainTextClientSecretValidation.cs @@ -33,7 +33,7 @@ public class PlainTextClientSecretValidation Type = IdentityServerConstants.ParsedSecretTypes.SharedSecret }; - var result = await _validator.ValidateAsync(client.ClientSecrets, secret); + var result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeTrue(); } @@ -52,7 +52,7 @@ public class PlainTextClientSecretValidation Type = "invalid" }; - var result = await _validator.ValidateAsync(client.ClientSecrets, secret); + var result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeFalse(); } @@ -71,19 +71,19 @@ public class PlainTextClientSecretValidation Type = IdentityServerConstants.ParsedSecretTypes.SharedSecret }; - var result = await _validator.ValidateAsync(client.ClientSecrets, secret); + var result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeTrue(); secret.Credential = "foobar"; - result = await _validator.ValidateAsync(client.ClientSecrets, secret); + result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeTrue(); secret.Credential = "quux"; - result = await _validator.ValidateAsync(client.ClientSecrets, secret); + result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeTrue(); secret.Credential = "notexpired"; - result = await _validator.ValidateAsync(client.ClientSecrets, secret); + result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeTrue(); } @@ -101,7 +101,7 @@ public class PlainTextClientSecretValidation Type = IdentityServerConstants.ParsedSecretTypes.SharedSecret }; - var result = await _validator.ValidateAsync(client.ClientSecrets, secret); + var result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeFalse(); } @@ -120,7 +120,7 @@ public class PlainTextClientSecretValidation Type = IdentityServerConstants.ParsedSecretTypes.SharedSecret }; - var result = await _validator.ValidateAsync(client.ClientSecrets, secret); + var result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeFalse(); } @@ -137,7 +137,7 @@ public class PlainTextClientSecretValidation Type = IdentityServerConstants.ParsedSecretTypes.SharedSecret }; - var result = await _validator.ValidateAsync(client.ClientSecrets, secret); + var result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeFalse(); } @@ -155,7 +155,7 @@ public class PlainTextClientSecretValidation Credential = "secret" }; - var result = await _validator.ValidateAsync(client.ClientSecrets, secret); + var result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeFalse(); } } diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/Secrets/PrivateKeyJwtSecretValidation.cs b/identity-server/test/IdentityServer.UnitTests/Validation/Secrets/PrivateKeyJwtSecretValidation.cs index 618245a13..f3edd8cc3 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/Secrets/PrivateKeyJwtSecretValidation.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/Secrets/PrivateKeyJwtSecretValidation.cs @@ -110,7 +110,7 @@ public class PrivateKeyJwtSecretValidation Type = IdentityServerConstants.ParsedSecretTypes.JwtBearer }; - var result = await _validator.ValidateAsync(client.ClientSecrets, secret); + var result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeFalse(); } @@ -128,7 +128,7 @@ public class PrivateKeyJwtSecretValidation Type = IdentityServerConstants.ParsedSecretTypes.JwtBearer }; - var result = await _validator.ValidateAsync(client.ClientSecrets, secret); + var result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeFalse(); } @@ -146,7 +146,7 @@ public class PrivateKeyJwtSecretValidation Type = IdentityServerConstants.ParsedSecretTypes.JwtBearer }; - var result = await _validator.ValidateAsync(client.ClientSecrets, secret); + var result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeTrue(); } @@ -176,7 +176,7 @@ public class PrivateKeyJwtSecretValidation Type = IdentityServerConstants.ParsedSecretTypes.JwtBearer }; - var result = await _validator.ValidateAsync(client.ClientSecrets, secret); + var result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeTrue(); } @@ -202,7 +202,7 @@ public class PrivateKeyJwtSecretValidation Type = IdentityServerConstants.ParsedSecretTypes.JwtBearer }; - var result = await _validator.ValidateAsync(client.ClientSecrets, secret); + var result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBe(expectSuccess, result.Error); } @@ -228,7 +228,7 @@ public class PrivateKeyJwtSecretValidation Type = IdentityServerConstants.ParsedSecretTypes.JwtBearer }; - var result = await _validator.ValidateAsync(client.ClientSecrets, secret); + var result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBe(expectSuccess, result.Error); } @@ -258,7 +258,7 @@ public class PrivateKeyJwtSecretValidation Type = IdentityServerConstants.ParsedSecretTypes.JwtBearer }; - var result = await _validator.ValidateAsync(client.ClientSecrets, secret); + var result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBe(expectedResult); } @@ -288,7 +288,7 @@ public class PrivateKeyJwtSecretValidation Type = IdentityServerConstants.ParsedSecretTypes.JwtBearer }; - var result = await _validator.ValidateAsync(client.ClientSecrets, secret); + var result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBe(expectedResult); } @@ -315,7 +315,7 @@ public class PrivateKeyJwtSecretValidation Type = IdentityServerConstants.ParsedSecretTypes.JwtBearer }; - var result = await _validator.ValidateAsync(client.ClientSecrets, secret); + var result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBe(expectedResult); } @@ -332,10 +332,10 @@ public class PrivateKeyJwtSecretValidation Type = IdentityServerConstants.ParsedSecretTypes.JwtBearer }; - var result = await _validator.ValidateAsync(client.ClientSecrets, secret); + var result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeTrue(); - result = await _validator.ValidateAsync(client.ClientSecrets, secret); + result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeFalse(); } @@ -352,7 +352,7 @@ public class PrivateKeyJwtSecretValidation Type = IdentityServerConstants.ParsedSecretTypes.JwtBearer }; - var result = await _validator.ValidateAsync(client.ClientSecrets, secret); + var result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeFalse(); } @@ -373,7 +373,7 @@ public class PrivateKeyJwtSecretValidation Type = IdentityServerConstants.ParsedSecretTypes.JwtBearer }; - var result = await _validator.ValidateAsync(client.ClientSecrets, secret); + var result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeFalse(); } @@ -394,7 +394,7 @@ public class PrivateKeyJwtSecretValidation Type = IdentityServerConstants.ParsedSecretTypes.JwtBearer }; - var result = await _validator.ValidateAsync(client.ClientSecrets, secret); + var result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeFalse(); } @@ -413,7 +413,7 @@ public class PrivateKeyJwtSecretValidation Type = IdentityServerConstants.ParsedSecretTypes.JwtBearer }; - var result = await _validator.ValidateAsync(client.ClientSecrets, secret); + var result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeFalse(); } @@ -434,7 +434,7 @@ public class PrivateKeyJwtSecretValidation Type = IdentityServerConstants.ParsedSecretTypes.JwtBearer }; - var result = await _validator.ValidateAsync(client.ClientSecrets, secret); + var result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeFalse(); } @@ -455,7 +455,7 @@ public class PrivateKeyJwtSecretValidation _options.JwtValidationClockSkew = TimeSpan.FromSeconds(5); - var result = await _validator.ValidateAsync(client.ClientSecrets, secret); + var result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeFalse(); } @@ -476,7 +476,7 @@ public class PrivateKeyJwtSecretValidation _options.SupportedClientAssertionSigningAlgorithms = ["Test"]; - var result = await _validator.ValidateAsync(client.ClientSecrets, secret); + var result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeFalse(); } diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/Secrets/SecretValidation.cs b/identity-server/test/IdentityServer.UnitTests/Validation/Secrets/SecretValidation.cs index ff222eadb..62e1350f4 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/Secrets/SecretValidation.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/Secrets/SecretValidation.cs @@ -42,7 +42,7 @@ public class SecretValidation Type = IdentityServerConstants.ParsedSecretTypes.SharedSecret }; - var result = await _validator.ValidateAsync(client.ClientSecrets, secret); + var result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeTrue(); } @@ -61,7 +61,7 @@ public class SecretValidation Type = "invalid" }; - var result = await _validator.ValidateAsync(client.ClientSecrets, secret); + var result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeFalse(); } @@ -80,19 +80,19 @@ public class SecretValidation Type = IdentityServerConstants.ParsedSecretTypes.SharedSecret }; - var result = await _validator.ValidateAsync(client.ClientSecrets, secret); + var result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeTrue(); secret.Credential = "foobar"; - result = await _validator.ValidateAsync(client.ClientSecrets, secret); + result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeTrue(); secret.Credential = "quux"; - result = await _validator.ValidateAsync(client.ClientSecrets, secret); + result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeTrue(); secret.Credential = "notexpired"; - result = await _validator.ValidateAsync(client.ClientSecrets, secret); + result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeTrue(); } @@ -110,7 +110,7 @@ public class SecretValidation Type = IdentityServerConstants.ParsedSecretTypes.SharedSecret }; - var result = await _validator.ValidateAsync(client.ClientSecrets, secret); + var result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeFalse(); } @@ -129,7 +129,7 @@ public class SecretValidation Type = IdentityServerConstants.ParsedSecretTypes.SharedSecret }; - var result = await _validator.ValidateAsync(client.ClientSecrets, secret); + var result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeFalse(); } @@ -147,7 +147,7 @@ public class SecretValidation Type = IdentityServerConstants.ParsedSecretTypes.SharedSecret }; - var result = await _validator.ValidateAsync(client.ClientSecrets, secret); + var result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeFalse(); } @@ -164,7 +164,7 @@ public class SecretValidation Type = IdentityServerConstants.ParsedSecretTypes.SharedSecret }; - var result = await _validator.ValidateAsync(client.ClientSecrets, secret); + var result = await _validator.ValidateAsync(client.ClientSecrets, secret, _ct); result.Success.ShouldBeFalse(); } } diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/Setup/TestGrantValidator.cs b/identity-server/test/IdentityServer.UnitTests/Validation/Setup/TestGrantValidator.cs index dec703ba3..e8b507c7d 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/Setup/TestGrantValidator.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/Setup/TestGrantValidator.cs @@ -28,7 +28,7 @@ internal class TestGrantValidator : IExtensionGrantValidator return Task.FromResult(new GrantValidationResult("bob", "CustomGrant")); } - public Task ValidateAsync(ExtensionGrantValidationContext context) + public Task ValidateAsync(ExtensionGrantValidationContext context, CT ct) { if (_isInvalid) { diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/Setup/TestResourceOwnerPasswordValidator.cs b/identity-server/test/IdentityServer.UnitTests/Validation/Setup/TestResourceOwnerPasswordValidator.cs index 898014a24..ffcd225ad 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/Setup/TestResourceOwnerPasswordValidator.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/Setup/TestResourceOwnerPasswordValidator.cs @@ -23,7 +23,7 @@ public class TestResourceOwnerPasswordValidator : IResourceOwnerPasswordValidato _erroDescription = errorDescription; } - public Task ValidateAsync(ResourceOwnerPasswordValidationContext context) + public Task ValidateAsync(ResourceOwnerPasswordValidationContext context, CT ct) { if (_sendError) { diff --git a/identity-server/test/IdentityServer.UnitTests/Validation/StrictRedirectUriValidatorAppAuthValidation.cs b/identity-server/test/IdentityServer.UnitTests/Validation/StrictRedirectUriValidatorAppAuthValidation.cs index 9e6b9ac9a..fcfac93ac 100644 --- a/identity-server/test/IdentityServer.UnitTests/Validation/StrictRedirectUriValidatorAppAuthValidation.cs +++ b/identity-server/test/IdentityServer.UnitTests/Validation/StrictRedirectUriValidatorAppAuthValidation.cs @@ -48,7 +48,7 @@ public class StrictRedirectUriValidatorAppAuthValidation { RequestedUri = requestedUri, Client = clientWithValidLoopbackRedirectUri - }); + }, default); result.ShouldBeTrue(); } @@ -79,7 +79,7 @@ public class StrictRedirectUriValidatorAppAuthValidation { RequestedUri = requestedUri, Client = clientWithValidLoopbackRedirectUri - }); + }, default); result.ShouldBeFalse(); } @@ -93,7 +93,7 @@ public class StrictRedirectUriValidatorAppAuthValidation { RequestedUri = "http://127.0.0.1", Client = clientWithNoRedirectUris, - }); + }, default); result.ShouldBeFalse(); } }