Skip to content

Commit

Permalink
Update OpenIddictMessage.ToString() to redact custom parameters whose…
Browse files Browse the repository at this point in the history 
… name ends with "_token"
  • Loading branch information
@kevinchalet
kevinchalet committed Dec 17, 2024
1 parent de1a266 commit 11666c4
Show file tree
Hide file tree
Showing 5 changed files with 74 additions and 63 deletions.
6 changes: 6 additions & 0 deletions .github/workflows/build.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,6 +117,12 @@ jobs:
- name: Setup .NET
uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4.0.0

# Note: the dotnet-validate tool requires .NET 6.0, which is no longer installed by default.
- name: Setup .NET
uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4.0.0
with:
dotnet-version: '6.0.x'

- name: Validate NuGet packages
shell: pwsh
run: |
Expand Down
4 changes: 2 additions & 2 deletions shared/OpenIddict.Extensions/OpenIddictHelpers.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -434,7 +434,7 @@ public static IReadOnlyDictionary<string, StringValues> ParseQuery(string query)
}

return query.TrimStart(Separators.QuestionMark[0])
.Split(new[] { Separators.Ampersand[0], Separators.Semicolon[0] }, StringSplitOptions.RemoveEmptyEntries)
.Split([Separators.Ampersand[0], Separators.Semicolon[0]], StringSplitOptions.RemoveEmptyEntries)
.Select(static parameter => parameter.Split(Separators.EqualsSign, StringSplitOptions.RemoveEmptyEntries))
.Select(static parts => (
Key: parts[0] is string key ? Uri.UnescapeDataString(key) : null,
Expand All @@ -458,7 +458,7 @@ public static IReadOnlyDictionary<string, StringValues> ParseFragment(string fra
}

return fragment.TrimStart(Separators.Hash[0])
.Split(new[] { Separators.Ampersand[0], Separators.Semicolon[0] }, StringSplitOptions.RemoveEmptyEntries)
.Split([Separators.Ampersand[0], Separators.Semicolon[0]], StringSplitOptions.RemoveEmptyEntries)
.Select(static parameter => parameter.Split(Separators.EqualsSign, StringSplitOptions.RemoveEmptyEntries))
.Select(static parts => (
Key: parts[0] is string key ? Uri.UnescapeDataString(key) : null,
Expand Down
1 change: 1 addition & 0 deletions src/OpenIddict.Abstractions/Primitives/OpenIddictMessage.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -432,6 +432,7 @@ public override string ToString()
case OpenIddictConstants.Parameters.Password:
case OpenIddictConstants.Parameters.RefreshToken:
case OpenIddictConstants.Parameters.Token:
case { Length: > 6 } name when name.EndsWith("_token", StringComparison.OrdinalIgnoreCase):
writer.WriteStringValue("[redacted]");
continue;
}
Expand Down
68 changes: 36 additions & 32 deletions test/OpenIddict.Abstractions.Tests/Primitives/OpenIddictMessageTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,11 +36,11 @@ public void Constructor_ThrowsAnExceptionForDuplicateParameters()
// Arrange, act and assert
var exception = Assert.Throws<ArgumentException>(delegate
{
return new OpenIddictMessage(new[]
{
return new OpenIddictMessage(
[
new KeyValuePair<string, OpenIddictParameter>("parameter", "Fabrikam"),
new KeyValuePair<string, OpenIddictParameter>("parameter", "Contoso")
});
]);
});

Assert.Equal("name", exception.ParamName);
Expand All @@ -51,10 +51,10 @@ public void Constructor_ThrowsAnExceptionForDuplicateParameters()
public void Constructor_ImportsParameters()
{
// Arrange and act
var message = new OpenIddictMessage(new[]
{
var message = new OpenIddictMessage(
[
new KeyValuePair<string, OpenIddictParameter>("parameter", 42)
});
]);

// Assert
Assert.Equal(42, (long) message.GetParameter("parameter"));
Expand All @@ -66,10 +66,10 @@ public void Constructor_ImportsParameters()
public void Constructor_IgnoresNullOrEmptyParameterNames(string name)
{
// Arrange and act
var message = new OpenIddictMessage(new[]
{
var message = new OpenIddictMessage(
[
new KeyValuePair<string, OpenIddictParameter>(name, "Fabrikam")
});
]);

// Assert
Assert.Equal(0, message.Count);
Expand All @@ -79,11 +79,11 @@ public void Constructor_IgnoresNullOrEmptyParameterNames(string name)
public void Constructor_PreservesEmptyParameters()
{
// Arrange and act
var message = new OpenIddictMessage(new[]
{
var message = new OpenIddictMessage(
[
new KeyValuePair<string, OpenIddictParameter>("null-parameter", (string?) null),
new KeyValuePair<string, OpenIddictParameter>("empty-parameter", string.Empty)
});
]);

// Assert
Assert.Equal(2, message.Count);
Expand All @@ -93,11 +93,11 @@ public void Constructor_PreservesEmptyParameters()
public void Constructor_CombinesDuplicateParameters()
{
// Arrange and act
var message = new OpenIddictMessage(new[]
{
var message = new OpenIddictMessage(
[
new KeyValuePair<string, string?>("parameter", "Fabrikam"),
new KeyValuePair<string, string?>("parameter", "Contoso")
});
]);

// Assert
Assert.Equal(1, message.Count);
Expand All @@ -108,10 +108,10 @@ public void Constructor_CombinesDuplicateParameters()
public void Constructor_SupportsMultiValuedParameters()
{
// Arrange and act
var message = new OpenIddictMessage(new[]
{
var message = new OpenIddictMessage(
[
new KeyValuePair<string, string?[]?>("parameter", ["Fabrikam", "Contoso"])
});
]);

// Assert
Assert.Equal(1, message.Count);
Expand All @@ -122,10 +122,10 @@ public void Constructor_SupportsMultiValuedParameters()
public void Constructor_ExtractsSingleValuedParameters()
{
// Arrange and act
var message = new OpenIddictMessage(new[]
{
var message = new OpenIddictMessage(
[
new KeyValuePair<string, string?[]?>("parameter", ["Fabrikam"])
});
]);

// Assert
Assert.Equal(1, message.Count);
Expand Down Expand Up @@ -453,17 +453,20 @@ public void TryGetParameter_ReturnsFalseForUnsetParameter()
public void ToString_ReturnsJsonRepresentation()
{
// Arrange
var message = JsonSerializer.Deserialize<OpenIddictMessage>(@"{
""redirect_uris"": [
""https://client.example.org/callback"",
""https://client.example.org/callback2""
],
""client_name"": ""My Example Client"",
""token_endpoint_auth_method"": ""client_secret_basic"",
""logo_uri"": ""https://client.example.org/logo.png"",
""jwks_uri"": ""https://client.example.org/my_public_keys.jwks"",
""example_extension_parameter"": ""example_value""
}")!;
var message = JsonSerializer.Deserialize<OpenIddictMessage>($$"""
{
"redirect_uris": [
"https://client.example.org/callback",
"https://client.example.org/callback2"
],
"client_name": "My Example Client",
"token_endpoint_auth_method": "client_secret_basic",
"logo_uri": "https://client.example.org/logo.png",
"jwks_uri": "https://client.example.org/my_public_keys.jwks",
"example_extension_parameter": "example_value",
"_token": "value"
}
""")!;

var options = new JsonSerializerOptions
{
Expand All @@ -486,6 +489,7 @@ public void ToString_ReturnsJsonRepresentation()
[InlineData(Parameters.Password)]
[InlineData(Parameters.RefreshToken)]
[InlineData(Parameters.Token)]
[InlineData("custom_token")]
public void ToString_ExcludesSensitiveParameters(string parameter)
{
// Arrange
Expand Down
58 changes: 29 additions & 29 deletions test/OpenIddict.Abstractions.Tests/Primitives/OpenIddictParameterTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,11 +60,11 @@ public void Count_ReturnsZeroForString()
public void Count_ReturnsExpectedValueForArray()
{
// Arrange
var parameter = new OpenIddictParameter(new[]
{
var parameter = new OpenIddictParameter(
[
"Fabrikam",
"Contoso"
});
]);

// Act and assert
Assert.Equal(2, parameter.Count);
Expand Down Expand Up @@ -477,12 +477,12 @@ public void GetHashCode_ReturnsUnderlyingHashCodeForArrays()
{
// Arrange, act and assert
Assert.Equal(
new OpenIddictParameter(new string[] { "Fabrikam", "Contoso" }).GetHashCode(),
new OpenIddictParameter(new string[] { "Fabrikam", "Contoso" }).GetHashCode());
new OpenIddictParameter(["Fabrikam", "Contoso"]).GetHashCode(),
new OpenIddictParameter(["Fabrikam", "Contoso"]).GetHashCode());

Assert.NotEqual(
new OpenIddictParameter(new string[] { "Fabrikam", "Contoso" }).GetHashCode(),
new OpenIddictParameter(new string[] { "Contoso", "Fabrikam" }).GetHashCode());
new OpenIddictParameter(["Fabrikam", "Contoso"]).GetHashCode(),
new OpenIddictParameter(["Contoso", "Fabrikam"]).GetHashCode());
}

[Fact]
Expand Down Expand Up @@ -623,11 +623,11 @@ public void GetNamedParameter_ReturnsNullForPrimitiveValues()
public void GetNamedParameter_ReturnsNullForArrays()
{
// Arrange
var parameter = new OpenIddictParameter(new[]
{
var parameter = new OpenIddictParameter(
[
"Fabrikam",
"Contoso"
});
]);

// Act and assert
Assert.Null(parameter.GetNamedParameter("Fabrikam"));
Expand Down Expand Up @@ -720,11 +720,11 @@ public void GetUnnamedParameter_ReturnsNullForPrimitiveValues()
public void GetUnnamedParameter_ReturnsNullForOutOfRangeArrayIndex()
{
// Arrange
var parameter = new OpenIddictParameter(new[]
{
var parameter = new OpenIddictParameter(
[
"Fabrikam",
"Contoso"
});
]);

// Act and assert
Assert.Null(parameter.GetUnnamedParameter(2));
Expand All @@ -734,11 +734,11 @@ public void GetUnnamedParameter_ReturnsNullForOutOfRangeArrayIndex()
public void GetUnnamedParameter_ReturnsExpectedNodeForArray()
{
// Arrange
var parameter = new OpenIddictParameter(new[]
{
var parameter = new OpenIddictParameter(
[
"Fabrikam",
"Contoso"
});
]);

// Act and assert
Assert.Equal("Fabrikam", (string?) parameter.GetUnnamedParameter(0));
Expand Down Expand Up @@ -1118,7 +1118,7 @@ public void IsNullOrEmpty_ReturnsFalseForNonEmptyValues()
Assert.False(OpenIddictParameter.IsNullOrEmpty(new OpenIddictParameter(42)));
Assert.False(OpenIddictParameter.IsNullOrEmpty(new OpenIddictParameter((long?) 42)));
Assert.False(OpenIddictParameter.IsNullOrEmpty(new OpenIddictParameter("Fabrikam")));
Assert.False(OpenIddictParameter.IsNullOrEmpty(new OpenIddictParameter(new[] { "Fabrikam" })));
Assert.False(OpenIddictParameter.IsNullOrEmpty(new OpenIddictParameter(["Fabrikam"])));

Assert.False(OpenIddictParameter.IsNullOrEmpty(new OpenIddictParameter(
JsonSerializer.Deserialize<JsonElement>(@"[""Fabrikam""]"))));
Expand Down Expand Up @@ -1188,11 +1188,11 @@ public void ToString_ReturnsStringValue()
public void ToString_ReturnsSimpleRepresentationForArrays()
{
// Arrange
var parameter = new OpenIddictParameter(new[]
{
var parameter = new OpenIddictParameter(
[
"Fabrikam",
"Contoso"
});
]);

// Act and assert
Assert.Equal("Fabrikam, Contoso", parameter.ToString());
Expand Down Expand Up @@ -1325,11 +1325,11 @@ public void TryGetNamedParameter_ReturnsFalseForPrimitiveValues()
public void TryGetNamedParameter_ReturnsFalseForArrays()
{
// Arrange
var parameter = new OpenIddictParameter(new[]
{
var parameter = new OpenIddictParameter(
[
"Fabrikam",
"Contoso"
});
]);

// Act and assert
Assert.False(parameter.TryGetNamedParameter("Fabrikam", out var value));
Expand Down Expand Up @@ -1429,11 +1429,11 @@ public void TryGetUnnamedParameter_ReturnsFalseForPrimitiveValues()
public void GetParameter_ReturnsFalseForOutOfRangeArrayIndex()
{
// Arrange
var parameter = new OpenIddictParameter(new[]
{
var parameter = new OpenIddictParameter(
[
"Fabrikam",
"Contoso"
});
]);

// Act and assert
Assert.False(parameter.TryGetUnnamedParameter(2, out var value));
Expand All @@ -1444,11 +1444,11 @@ public void GetParameter_ReturnsFalseForOutOfRangeArrayIndex()
public void TryGetUnnamedParameter_ReturnsExpectedNodeForArray()
{
// Arrange
var parameter = new OpenIddictParameter(new[]
{
var parameter = new OpenIddictParameter(
[
"Fabrikam",
"Contoso"
});
]);

// Act and assert
Assert.True(parameter.TryGetUnnamedParameter(0, out var value));
Expand Down

0 comments on commit 11666c4

Please sign in to comment.