#79 Use ICookieManager to Read/Write CSRF Tokens

2017-06-26 21:43:49 +02:00 · 2017-06-26 21:43:49 +02:00 · ddefa9ec12
--- a/src/Microsoft.Owin.Security.Facebook/FacebookAuthenticationHandler.cs
+++ b/src/Microsoft.Owin.Security.Facebook/FacebookAuthenticationHandler.cs
@ -65,7 +65,7 @@ namespace Microsoft.Owin.Security.Facebook
                }

                // OAuth2 10.12 CSRF
-                if (!ValidateCorrelationId(properties, _logger))
+                if (!ValidateCorrelationId(Options.CookieManager, properties, _logger))
                {
                    return new AuthenticationTicket(null, properties);
                }
@ -191,7 +191,7 @@ namespace Microsoft.Owin.Security.Facebook
                }

                // OAuth2 10.12 CSRF
-                GenerateCorrelationId(properties);
+                GenerateCorrelationId(Options.CookieManager, properties);

                // comma separated
                string scope = string.Join(",", Options.Scope);
--- a/src/Microsoft.Owin.Security.Google/GoogleOAuth2AuthenticationHandler.cs
+++ b/src/Microsoft.Owin.Security.Google/GoogleOAuth2AuthenticationHandler.cs
@ -54,7 +54,7 @@ namespace Microsoft.Owin.Security.Google
                }

                // OAuth2 10.12 CSRF
-                if (!ValidateCorrelationId(properties, _logger))
+                if (!ValidateCorrelationId(Options.CookieManager, properties, _logger))
                {
                    return new AuthenticationTicket(null, properties);
                }
@ -176,7 +176,7 @@ namespace Microsoft.Owin.Security.Google
                }

                // OAuth2 10.12 CSRF
-                GenerateCorrelationId(properties);
+                GenerateCorrelationId(Options.CookieManager, properties);

                var queryStrings = new Dictionary<string, string>(StringComparer.OrdinalIgnoreCase);
                queryStrings.Add("response_type", "code");
--- a/src/Microsoft.Owin.Security.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs
+++ b/src/Microsoft.Owin.Security.MicrosoftAccount/MicrosoftAccountAuthenticationHandler.cs
@ -61,7 +61,7 @@ namespace Microsoft.Owin.Security.MicrosoftAccount
                }

                // OAuth2 10.12 CSRF
-                if (!ValidateCorrelationId(properties, _logger))
+                if (!ValidateCorrelationId(Options.CookieManager, properties, _logger))
                {
                    return new AuthenticationTicket(null, properties);
                }
@ -158,7 +158,7 @@ namespace Microsoft.Owin.Security.MicrosoftAccount
                }

                // OAuth2 10.12 CSRF
-                GenerateCorrelationId(extra);
+                GenerateCorrelationId(Options.CookieManager, extra);

                // OAuth2 3.3 space separated                
                string scope = string.Join(" ", Options.Scope);