Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update OpenIddictMessage.ToString() to redact custom parameters whose name ends with "_token" #2236

Merged
merged 1 commit into from
Dec 17, 2024
Merged

Update OpenIddictMessage.ToString() to redact custom parameters whose name ends with "_token" #2236

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions .github/workflows/build.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,12 @@ jobs:
- name: Setup .NET
uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4.0.0

# Note: the dotnet-validate tool requires .NET 6.0, which is no longer installed by default.
- name: Setup .NET
uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4.0.0
with:
dotnet-version: '6.0.x'

- name: Validate NuGet packages
shell: pwsh
run: |
Expand Down
4 changes: 2 additions & 2 deletions shared/OpenIddict.Extensions/OpenIddictHelpers.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -434,7 +434,7 @@ public static IReadOnlyDictionary<string, StringValues> ParseQuery(string query)
}

return query.TrimStart(Separators.QuestionMark[0])
.Split(new[] { Separators.Ampersand[0], Separators.Semicolon[0] }, StringSplitOptions.RemoveEmptyEntries)
.Split([Separators.Ampersand[0], Separators.Semicolon[0]], StringSplitOptions.RemoveEmptyEntries)
.Select(static parameter => parameter.Split(Separators.EqualsSign, StringSplitOptions.RemoveEmptyEntries))
.Select(static parts => (
Key: parts[0] is string key ? Uri.UnescapeDataString(key) : null,
Expand All @@ -458,7 +458,7 @@ public static IReadOnlyDictionary<string, StringValues> ParseFragment(string fra
}

return fragment.TrimStart(Separators.Hash[0])
.Split(new[] { Separators.Ampersand[0], Separators.Semicolon[0] }, StringSplitOptions.RemoveEmptyEntries)
.Split([Separators.Ampersand[0], Separators.Semicolon[0]], StringSplitOptions.RemoveEmptyEntries)
.Select(static parameter => parameter.Split(Separators.EqualsSign, StringSplitOptions.RemoveEmptyEntries))
.Select(static parts => (
Key: parts[0] is string key ? Uri.UnescapeDataString(key) : null,
Expand Down
1 change: 1 addition & 0 deletions src/OpenIddict.Abstractions/Primitives/OpenIddictMessage.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -432,6 +432,7 @@ public override string ToString()
case OpenIddictConstants.Parameters.Password:
case OpenIddictConstants.Parameters.RefreshToken:
case OpenIddictConstants.Parameters.Token:
case { Length: > 6 } name when name.EndsWith("_token", StringComparison.OrdinalIgnoreCase):
writer.WriteStringValue("[redacted]");
continue;
}
Expand Down
68 changes: 36 additions & 32 deletions test/OpenIddict.Abstractions.Tests/Primitives/OpenIddictMessageTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,11 +36,11 @@ public void Constructor_ThrowsAnExceptionForDuplicateParameters()
// Arrange, act and assert
var exception = Assert.Throws<ArgumentException>(delegate
{
return new OpenIddictMessage(new[]
{
return new OpenIddictMessage(
[
new KeyValuePair<string, OpenIddictParameter>("parameter", "Fabrikam"),
new KeyValuePair<string, OpenIddictParameter>("parameter", "Contoso")
});
]);
});

Assert.Equal("name", exception.ParamName);
Expand All @@ -51,10 +51,10 @@ public void Constructor_ThrowsAnExceptionForDuplicateParameters()
public void Constructor_ImportsParameters()
{
// Arrange and act
var message = new OpenIddictMessage(new[]
{
var message = new OpenIddictMessage(
[
new KeyValuePair<string, OpenIddictParameter>("parameter", 42)
});
]);

// Assert
Assert.Equal(42, (long) message.GetParameter("parameter"));
Expand All @@ -66,10 +66,10 @@ public void Constructor_ImportsParameters()
public void Constructor_IgnoresNullOrEmptyParameterNames(string name)
{
// Arrange and act
var message = new OpenIddictMessage(new[]
{
var message = new OpenIddictMessage(
[
new KeyValuePair<string, OpenIddictParameter>(name, "Fabrikam")
});
]);

// Assert
Assert.Equal(0, message.Count);
Expand All @@ -79,11 +79,11 @@ public void Constructor_IgnoresNullOrEmptyParameterNames(string name)
public void Constructor_PreservesEmptyParameters()
{
// Arrange and act
var message = new OpenIddictMessage(new[]
{
var message = new OpenIddictMessage(
[
new KeyValuePair<string, OpenIddictParameter>("null-parameter", (string?) null),
new KeyValuePair<string, OpenIddictParameter>("empty-parameter", string.Empty)
});
]);

// Assert
Assert.Equal(2, message.Count);
Expand All @@ -93,11 +93,11 @@ public void Constructor_PreservesEmptyParameters()
public void Constructor_CombinesDuplicateParameters()
{
// Arrange and act
var message = new OpenIddictMessage(new[]
{
var message = new OpenIddictMessage(
[
new KeyValuePair<string, string?>("parameter", "Fabrikam"),
new KeyValuePair<string, string?>("parameter", "Contoso")
});
]);

// Assert
Assert.Equal(1, message.Count);
Expand All @@ -108,10 +108,10 @@ public void Constructor_CombinesDuplicateParameters()
public void Constructor_SupportsMultiValuedParameters()
{
// Arrange and act
var message = new OpenIddictMessage(new[]
{
var message = new OpenIddictMessage(
[
new KeyValuePair<string, string?[]?>("parameter", ["Fabrikam", "Contoso"])
});
]);

// Assert
Assert.Equal(1, message.Count);
Expand All @@ -122,10 +122,10 @@ public void Constructor_SupportsMultiValuedParameters()
public void Constructor_ExtractsSingleValuedParameters()
{
// Arrange and act
var message = new OpenIddictMessage(new[]
{
var message = new OpenIddictMessage(
[
new KeyValuePair<string, string?[]?>("parameter", ["Fabrikam"])
});
]);

// Assert
Assert.Equal(1, message.Count);
Expand Down Expand Up @@ -453,17 +453,20 @@ public void TryGetParameter_ReturnsFalseForUnsetParameter()
public void ToString_ReturnsJsonRepresentation()
{
// Arrange
var message = JsonSerializer.Deserialize<OpenIddictMessage>(@"{
""redirect_uris"": [
""https://client.example.org/callback"",
""https://client.example.org/callback2""
],
""client_name"": ""My Example Client"",
""token_endpoint_auth_method"": ""client_secret_basic"",
""logo_uri"": ""https://client.example.org/logo.png"",
""jwks_uri"": ""https://client.example.org/my_public_keys.jwks"",
""example_extension_parameter"": ""example_value""
}")!;
var message = JsonSerializer.Deserialize<OpenIddictMessage>($$"""
{
"redirect_uris": [
"https://client.example.org/callback",
"https://client.example.org/callback2"
],
"client_name": "My Example Client",
"token_endpoint_auth_method": "client_secret_basic",
"logo_uri": "https://client.example.org/logo.png",
"jwks_uri": "https://client.example.org/my_public_keys.jwks",
"example_extension_parameter": "example_value",
"_token": "value"
}
""")!;

var options = new JsonSerializerOptions
{
Expand All @@ -486,6 +489,7 @@ public void ToString_ReturnsJsonRepresentation()
[InlineData(Parameters.Password)]
[InlineData(Parameters.RefreshToken)]
[InlineData(Parameters.Token)]
[InlineData("custom_token")]
public void ToString_ExcludesSensitiveParameters(string parameter)
{
// Arrange
Expand Down
58 changes: 29 additions & 29 deletions test/OpenIddict.Abstractions.Tests/Primitives/OpenIddictParameterTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,11 +60,11 @@ public void Count_ReturnsZeroForString()
public void Count_ReturnsExpectedValueForArray()
{
// Arrange
var parameter = new OpenIddictParameter(new[]
{
var parameter = new OpenIddictParameter(
[
"Fabrikam",
"Contoso"
});
]);

// Act and assert
Assert.Equal(2, parameter.Count);
Expand Down Expand Up @@ -477,12 +477,12 @@ public void GetHashCode_ReturnsUnderlyingHashCodeForArrays()
{
// Arrange, act and assert
Assert.Equal(
new OpenIddictParameter(new string[] { "Fabrikam", "Contoso" }).GetHashCode(),
new OpenIddictParameter(new string[] { "Fabrikam", "Contoso" }).GetHashCode());
new OpenIddictParameter(["Fabrikam", "Contoso"]).GetHashCode(),
new OpenIddictParameter(["Fabrikam", "Contoso"]).GetHashCode());

Assert.NotEqual(
new OpenIddictParameter(new string[] { "Fabrikam", "Contoso" }).GetHashCode(),
new OpenIddictParameter(new string[] { "Contoso", "Fabrikam" }).GetHashCode());
new OpenIddictParameter(["Fabrikam", "Contoso"]).GetHashCode(),
new OpenIddictParameter(["Contoso", "Fabrikam"]).GetHashCode());
}

[Fact]
Expand Down Expand Up @@ -623,11 +623,11 @@ public void GetNamedParameter_ReturnsNullForPrimitiveValues()
public void GetNamedParameter_ReturnsNullForArrays()
{
// Arrange
var parameter = new OpenIddictParameter(new[]
{
var parameter = new OpenIddictParameter(
[
"Fabrikam",
"Contoso"
});
]);

// Act and assert
Assert.Null(parameter.GetNamedParameter("Fabrikam"));
Expand Down Expand Up @@ -720,11 +720,11 @@ public void GetUnnamedParameter_ReturnsNullForPrimitiveValues()
public void GetUnnamedParameter_ReturnsNullForOutOfRangeArrayIndex()
{
// Arrange
var parameter = new OpenIddictParameter(new[]
{
var parameter = new OpenIddictParameter(
[
"Fabrikam",
"Contoso"
});
]);

// Act and assert
Assert.Null(parameter.GetUnnamedParameter(2));
Expand All @@ -734,11 +734,11 @@ public void GetUnnamedParameter_ReturnsNullForOutOfRangeArrayIndex()
public void GetUnnamedParameter_ReturnsExpectedNodeForArray()
{
// Arrange
var parameter = new OpenIddictParameter(new[]
{
var parameter = new OpenIddictParameter(
[
"Fabrikam",
"Contoso"
});
]);

// Act and assert
Assert.Equal("Fabrikam", (string?) parameter.GetUnnamedParameter(0));
Expand Down Expand Up @@ -1118,7 +1118,7 @@ public void IsNullOrEmpty_ReturnsFalseForNonEmptyValues()
Assert.False(OpenIddictParameter.IsNullOrEmpty(new OpenIddictParameter(42)));
Assert.False(OpenIddictParameter.IsNullOrEmpty(new OpenIddictParameter((long?) 42)));
Assert.False(OpenIddictParameter.IsNullOrEmpty(new OpenIddictParameter("Fabrikam")));
Assert.False(OpenIddictParameter.IsNullOrEmpty(new OpenIddictParameter(new[] { "Fabrikam" })));
Assert.False(OpenIddictParameter.IsNullOrEmpty(new OpenIddictParameter(["Fabrikam"])));

Assert.False(OpenIddictParameter.IsNullOrEmpty(new OpenIddictParameter(
JsonSerializer.Deserialize<JsonElement>(@"[""Fabrikam""]"))));
Expand Down Expand Up @@ -1188,11 +1188,11 @@ public void ToString_ReturnsStringValue()
public void ToString_ReturnsSimpleRepresentationForArrays()
{
// Arrange
var parameter = new OpenIddictParameter(new[]
{
var parameter = new OpenIddictParameter(
[
"Fabrikam",
"Contoso"
});
]);

// Act and assert
Assert.Equal("Fabrikam, Contoso", parameter.ToString());
Expand Down Expand Up @@ -1325,11 +1325,11 @@ public void TryGetNamedParameter_ReturnsFalseForPrimitiveValues()
public void TryGetNamedParameter_ReturnsFalseForArrays()
{
// Arrange
var parameter = new OpenIddictParameter(new[]
{
var parameter = new OpenIddictParameter(
[
"Fabrikam",
"Contoso"
});
]);

// Act and assert
Assert.False(parameter.TryGetNamedParameter("Fabrikam", out var value));
Expand Down Expand Up @@ -1429,11 +1429,11 @@ public void TryGetUnnamedParameter_ReturnsFalseForPrimitiveValues()
public void GetParameter_ReturnsFalseForOutOfRangeArrayIndex()
{
// Arrange
var parameter = new OpenIddictParameter(new[]
{
var parameter = new OpenIddictParameter(
[
"Fabrikam",
"Contoso"
});
]);

// Act and assert
Assert.False(parameter.TryGetUnnamedParameter(2, out var value));
Expand All @@ -1444,11 +1444,11 @@ public void GetParameter_ReturnsFalseForOutOfRangeArrayIndex()
public void TryGetUnnamedParameter_ReturnsExpectedNodeForArray()
{
// Arrange
var parameter = new OpenIddictParameter(new[]
{
var parameter = new OpenIddictParameter(
[
"Fabrikam",
"Contoso"
});
]);

// Act and assert
Assert.True(parameter.TryGetUnnamedParameter(0, out var value));
Expand Down
Loading