Fix for #14 and #15 - using IAuthenticationContext

sbidy · Jan 10, 2019 · b413835 · b413835
1 parent 62fe8b4
commit b413835
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 28 deletions.
diff --git a/privacyIDEAADFSProvider/Adapter.cs b/privacyIDEAADFSProvider/Adapter.cs
@@ -6,6 +6,7 @@
 using System.Xml;
 using System.Diagnostics;
 using System.Xml.Serialization;
+using System.Collections.Generic;
 
 // old b6483f285cb7b6eb
 // new bf6bdb60967d5ecc 1.3.2
@@ -19,7 +20,6 @@ public class Adapter : IAuthenticationAdapter
         // TODO: Create a property class
         private string privacyIDEAurl;
         public string privacyIDEArealm;
-        public string username;
         string transaction_id = "";
         private bool ssl = true;
         private string token;
@@ -52,13 +52,14 @@ public IAdapterPresentation BeginAuthentication(Claim identityClaim, HttpListene
             // seperates the username from the domain
             // TODO: Map the domain to the ID3A realm
             string[] tmp = identityClaim.Value.Split('\\');
+            string username = "";
             if(tmp.Length > 1) username = tmp[1];
             else username = tmp[0];
             // check if ssl is disabled in the config
             // TODO: Delete for security reasons 
             if (!ssl) ServicePointManager.ServerCertificateValidationCallback += (sender, certificate, chain, sslPolicyErrors) => true;
 
-            // trigger challenge
+             // trigger challenge
             otp_prov = new OTPprovider(privacyIDEAurl);
             // get a new admin token for all requests if the an admin pw is defined
             // #2
@@ -71,8 +72,12 @@ public IAdapterPresentation BeginAuthentication(Claim identityClaim, HttpListene
 #endif
                 transaction_id = otp_prov.triggerChallenge(username, privacyIDEArealm, token);
             }
+            // set vars to context - fix for 14 and 15
+            authContext.Data.Add("userid", username);
+            authContext.Data.Add("realm", privacyIDEArealm);
+            authContext.Data.Add("transaction_id", transaction_id);
 
-            return new AdapterPresentationForm(false, uidefinition, username, privacyIDEArealm, transaction_id);
+            return new AdapterPresentationForm(false, uidefinition);
         }
 
         // TODO remove ?
@@ -123,7 +128,7 @@ public void OnAuthenticationPipelineUnload()
         /// <returns>new instance of IAdapterPresentationForm derived class</returns>
         public IAdapterPresentation OnError(HttpListenerRequest request, ExternalAuthenticationException ex)
         {
-            return new AdapterPresentationForm(true, uidefinition, username, privacyIDEArealm, transaction_id);
+            return new AdapterPresentationForm(true, uidefinition);
         }
         /// <summary>
         /// Function call after the user hits submit - it proofs the values (OTP pin)
@@ -149,7 +154,7 @@ public IAdapterPresentation TryEndAuthentication(IAuthenticationContext authCont
             else
             {
                 //authentication not complete - return new instance of IAdapterPresentationForm derived class and the generic error message
-                return new AdapterPresentationForm(true, uidefinition, username, privacyIDEArealm, transaction_id);
+                return new AdapterPresentationForm(true, uidefinition);
             }
         }
 
@@ -164,10 +169,10 @@ bool ValidateProofData(IProofData proofData, IAuthenticationContext authContext)
             try
             {
                 string otpvalue = (string)proofData.Properties["otpvalue"];
-                // fix for #14
-                string session_user = (string)proofData.Properties["username"];
-                string session_realm = (string)proofData.Properties["realm"];
-                string transaction_id = (string)proofData.Properties["transaction_id"];
+                // fix for #14 and #15
+                string session_user = (string)authContext.Data["userid"];
+                string session_realm = (string)authContext.Data["realm"];
+                string transaction_id = (string)authContext.Data["transaction_id"];
                 // end fix
 #if DEBUG
                 Debug.WriteLine(debugPrefix+"OTP Code: " + otpvalue + " User: " + session_user + " Server: " + session_realm + " Transaction_id: " + transaction_id);

diff --git a/privacyIDEAADFSProvider/AdapterPresentationForm.cs b/privacyIDEAADFSProvider/AdapterPresentationForm.cs
@@ -1,23 +1,16 @@
 using Microsoft.IdentityServer.Web.Authentication.External;
-using System.Diagnostics;
 
 namespace privacyIDEAADFSProvider
 {
     class AdapterPresentationForm : IAdapterPresentationForm
     {
         public ADFSinterface[] inter;
         private bool error = false;
-        private string username = "";
-        private string realm = "";
-        private string id = "";
-
-        public AdapterPresentationForm(bool error, ADFSinterface[] adfsinter, string username, string realm, string id)
+
+        public AdapterPresentationForm(bool error, ADFSinterface[] adfsinter)
         {
             this.error = error;
             this.inter = adfsinter;
-            this.username = username;
-            this.id = id;
-            this.realm = realm;
         }
 
         /// Returns the HTML Form fragment that contains the adapter user interface. This data will be included in the web page that is presented
@@ -46,11 +39,6 @@ public string GetFormHtml(int lcid)
                     }
                 }
             }
-            // fix for #14 and 15
-            htmlTemplate = htmlTemplate.Replace("#USER#", this.username);
-            htmlTemplate = htmlTemplate.Replace("#REALM#", this.realm);
-            htmlTemplate = htmlTemplate.Replace("#ID#", this.id);
-            // end fix
             if (error)
             {
                 htmlTemplate = htmlTemplate.Replace("#ERROR#", errormessage);

diff --git a/privacyIDEAADFSProvider/AuthError.html b/privacyIDEAADFSProvider/AuthError.html
@@ -4,6 +4,11 @@
         <input id="authMethod" type="hidden" name="AuthMethod" value="%AuthMethod%" />
         <input id="context" type="hidden" name="Context" value="%Context%" />
         <!-- End inputs are required by the presentation framework. -->
+        <!-- Inputs for session affinity - Do not modify or remove - See #14 -->
+        <input id="username" type="hidden" name="username" value="#USER#" />
+        <input id="transaction_id" type="hidden" name="transaction_id" value="#ID#" />
+        <input id="realm" type="hidden" name="realm" value="#REALM#" />
+
         <p id="pageIntroductionText" style="color:red"> Wrong One-Time-Password. Please try again!</p>
         <label for="otpvalue" class="block">One-Time-Password</label>
         <input id="otpvalue" name="otpvalue" type="text" value="" class="text" placeholder="OTP Password" size="30" />

diff --git a/privacyIDEAADFSProvider/AuthPage.html b/privacyIDEAADFSProvider/AuthPage.html
@@ -3,11 +3,6 @@
         <!-- These inputs are required by the presentation framework. Do not modify or remove -->
         <input id="authMethod" type="hidden" name="AuthMethod" value="%AuthMethod%" />
         <input id="context" type="hidden" name="Context" value="%Context%" />
-        <!-- Inputs for session affinity - Do not modify or remove - See #14 -->
-        <input id="username" type="hidden" name="username" value="#USER#" />
-        <input id="transaction_id" type="hidden" name="transaction_id" value="#ID#" />
-        <input id="realm" type="hidden" name="realm" value="#REALM#" />
-
         <!-- End inputs are required by the presentation framework. -->
         <p id="pageIntroductionText" style="color:red">#ERROR#</p>
         <label for="otpvalue" class="block">#MESSAGE#</label>