Merge branch 'development' of https://git01.codeplex.com/forks/tsone/casadev into development

Author: arturl

Release/include/cpprest/asyncrt_utils.h

@@ -147,6 +147,11 @@ namespace conversions
     /// </summary>
     _ASYNCRTIMP std::vector<unsigned char> __cdecl from_base64(const utility::string_t& str);
 
+    /// <summary>
+    /// Convert string to body data
+    /// </summary>
+    _ASYNCRTIMP std::vector<unsigned char> __cdecl to_body_data(const utility::string_t& str);
+
     template <typename Source>
     utility::string_t print_string(const Source &val)
     {

Release/include/cpprest/http_client.h

@@ -67,6 +67,8 @@ namespace http
 namespace client
 {
 
+using namespace web::http::client::experimental;
+
 #ifdef _MS_WINDOWS
 namespace details {
 #ifdef __cplusplus_winrt

Release/include/cpprest/http_client_impl.h

@@ -57,7 +57,7 @@ using namespace utility;
 # define CRLF std::string("\r\n")
 #endif
 
-
+using namespace web::http::client::experimental;
 using namespace web::http::details;
 
 namespace web { namespace http { namespace client { namespace details

Release/include/cpprest/http_helpers.h

@@ -81,7 +81,7 @@ namespace details
     /// Parses the given Content-Type header value to get out actual content type and charset.
     /// If the charset isn't specified the default charset for the content type will be set.
     /// </summary>
-    void parse_content_type_and_charset(const utility::string_t &content_type, utility::string_t &content, utility::string_t &charset); 
+    _ASYNCRTIMP void parse_content_type_and_charset(const utility::string_t &content_type, utility::string_t &content, utility::string_t &charset); 
 
     /// <summary>
     /// Gets the default charset for given content type. If the MIME type is not textual or recognized Latin1 will be returned.

Release/include/cpprest/oauth1_handler.h

@@ -38,6 +38,9 @@ namespace http
 {
 namespace client
 {
+class http_client_config;
+namespace experimental
+{
 
 
 /// <summary>
@@ -92,7 +95,7 @@ struct oauth1_config
     bool is_enabled() const { return !m_key.empty() && !m_secret.empty() && !m_token.empty() && !m_token_secret.empty(); }
 
 private:
-    friend class http_client_config;
+    friend class web::http::client::http_client_config;
     oauth1_config() {}
 
     // Required.
@@ -113,13 +116,13 @@ struct oauth1_config
 class oauth1_handler : public http_pipeline_stage
 {
 public:
-    oauth1_handler(oauth1_config config) :
+    oauth1_handler(oauth1_config cfg) :
         m_random((unsigned int)utility::datetime::utc_timestamp()),
-        m_config(std::move(config))
+        m_config(std::move(cfg))
     {}
 
-    void set_config(oauth1_config config) { m_config = std::move(config); }
-    const oauth1_config& get_config() const { return m_config; }
+    const oauth1_config& config() const { return m_config; }
+    void set_config(oauth1_config cfg) { m_config = std::move(cfg); }
 
     _ASYNCRTIMP virtual pplx::task<http_response> propagate(http_request request) override;
 
@@ -147,6 +150,6 @@ class oauth1_handler : public http_pipeline_stage
 };
 
 
-}}} // namespace web::http::client
+}}}} // namespace web::http::client::experimental
 
 #endif  /* _CASA_OAUTH1_HANDLER_H */

Release/include/cpprest/oauth2_handler.h

@@ -37,53 +37,198 @@ namespace http
 {
 namespace client
 {
+class http_client_config;
+namespace experimental
+{
+
+
+/// <summary>
+/// Exception type for OAuth 2.0 errors.
+/// </summary>
+class oauth2_exception : public std::exception
+{
+public:
+    oauth2_exception(utility::string_t msg) : m_msg(utility::conversions::to_utf8string(std::move(msg))) {}
+    ~oauth2_exception() _noexcept {}
+    const char* what() const _noexcept { return m_msg.c_str(); }
+
+private:
+    std::string m_msg;
+};
 
 
 /// <summary>
-/// Oauth2 configuration.
+/// OAuth 2.0 configuration.
+///
+/// Encapsulates functionality for:
+/// - Authenticating requests with an access token.
+/// - Performing the OAuth 2.0 authorization code grant authorization flow.
+///   See: http://tools.ietf.org/html/rfc6749#section-4.1
+///
+/// Usage for authorization:
+/// 1. Set service and client/app parameters:
+/// - Client/app key & secret (as provided by the service).
+/// - The service authorization endpoint and token endpoint.
+/// - Your client/app redirect URI.
+/// - Set if bearer token is passed in query or header field (default: header).
+///   See: http://tools.ietf.org/html/rfc6750#section-2
+/// - If the service uses "non-standard" access token key, set it also (default: "access_token").
+/// 2. Open web browser with URI from build_authorization_uri().
+/// - The passed state string should be unique for this authorization session.
+/// 3. In the web browser, the resource owner clicks "Yes" to authorize your client/app.
+/// 4. To signal authorization, web browser is redirected to redirect_uri().
+/// 5. The redirect contains the authorization code and the state string.
+/// 6. Check the state string equals the one in step 2.
+/// 7. Pass the authorization code to fetch_token() to create a token fetch task.
+///
+/// Usage for issuing authenticated requests:
+/// 1. Obtain token. (Perform authorization as above or get token otherwise.)
+/// 2. Use http_client_config::set_oauth2() to set configuration, and construct http_client using it.
+/// 3. All requests issued with that http_client will be OAuth 2.0 -authenticated.
+///
 /// </summary>
-struct oauth2_config
+class oauth2_config
 {
-    oauth2_config(utility::string_t token) : m_token(std::move(token)) {}
+public:
+    oauth2_config(utility::string_t client_key, utility::string_t client_secret,
+            utility::string_t auth_endpoint, utility::string_t token_endpoint,
+            utility::string_t redirect_uri) :
+                m_client_key(client_key),
+                m_client_secret(client_secret),
+                m_auth_endpoint(auth_endpoint),
+                m_token_endpoint(token_endpoint),
+                m_redirect_uri(redirect_uri),
+                m_bearer_auth(true),
+                m_http_basic_auth(true),
+                m_access_token_key(_XPLATSTR("access_token"))
+    {
+    }
+
+    oauth2_config(utility::string_t token) :
+        m_token(std::move(token)),
+        m_bearer_auth(true),
+        m_http_basic_auth(true),
+        m_access_token_key(_XPLATSTR("access_token"))
+    {
+    }
+
+    /// <summary>
+    /// Builds an authorization URI to be loaded in the web browser.
+    /// The URI is built with auth_endpoint() as basis.
+    /// </summary>
+    _ASYNCRTIMP utility::string_t build_authorization_uri() const;
+
+    /// <summary>
+    /// Parses authorization code from the redirected URI when resource owner
+    /// has accepted the authorization.
+    /// Redirected URI must satisfy the following (otherwise an exception is thrown):
+    /// - Must contain both 'code' and 'state' query parameters.
+    /// - The 'state' parameter must be equal to state().
+    /// </summary>
+    _ASYNCRTIMP utility::string_t parse_code_from_redirected_uri(uri redirected_uri) const;
+
+    /// <summary>
+    /// Creates a task to fetch token from the token endpoint.
+    /// The task creates a request to the token_endpoint() which is used exchange an authorization code to an access token.
+    /// If successful, resulting token is set as active via set_token().
+    /// </summary>
+    /// <param name="authorization_code">Code received via redirect upon successful authorization.</param>
+    _ASYNCRTIMP pplx::task<void> fetch_token(utility::string_t authorization_code);
+
+    bool is_enabled() const { return !m_token.empty(); }
+
+    const utility::string_t& client_key() const { return m_client_key; }
+    void set_client_key(utility::string_t client_key) { m_client_key = std::move(client_key); }
+
+    const utility::string_t& client_secret() const { return m_client_secret; }
+    void set_client_secret(utility::string_t client_secret) { m_client_secret = std::move(client_secret); }
+
+    const utility::string_t& auth_endpoint() const { return m_auth_endpoint; }
+    void set_auth_endpoint(utility::string_t auth_endpoint) { m_auth_endpoint = std::move(auth_endpoint); }
+
+    const utility::string_t& token_endpoint() const { return m_token_endpoint; }
+    void set_token_endpoint(utility::string_t token_endpoint) { m_token_endpoint = std::move(token_endpoint); }
+
+    const utility::string_t& redirect_uri() const { return m_redirect_uri; }
+    void set_redirect_uri(utility::string_t redirect_uri) { m_redirect_uri = std::move(redirect_uri); }
+
+    const utility::string_t& scope() const { return m_scope; }
+    void set_scope(utility::string_t scope) { m_scope = std::move(scope); }
+
+    const utility::string_t& state() const { return m_state; }
+    /// <summary>
+    /// State string should be unique for each authorization session.
+    /// This state string should be returned by the authorization server on redirect
+    /// </summary>
+    void set_state(utility::string_t state) { m_state = std::move(state); }
 
     const utility::string_t& token() const { return m_token; }
     void set_token(utility::string_t token) { m_token = std::move(token); }
 
-    bool is_enabled() const { return !m_token.empty(); }
+    bool bearer_auth() const { return m_bearer_auth; }
+    /// <summary>
+    /// Bearer token passing method. This must be selected based on what the service accepts.
+    /// True means token is passed in the request header. (http://tools.ietf.org/html/rfc6750#section-2.1)
+    /// False means token in passed in the query parameters. (http://tools.ietf.org/html/rfc6750#section-2.3)
+    /// Default: True.
+    /// </summary>
+    void set_bearer_auth(bool enable) { m_bearer_auth = std::move(enable); }
+
+    bool http_basic_auth() const { return m_http_basic_auth; }
+    /// <summary>
+    /// Token endpoint authorization method. This must be selected based on what the service accepts.
+    /// True means HTTP Basic is used for authentication.
+    /// False means client key & secret are passed in the HTTP request body.
+    /// Default: True.
+    /// </summary>
+    void set_http_basic_auth(bool enable) { m_http_basic_auth = std::move(enable); }
+
+    const utility::string_t&  access_token_key() const { return m_access_token_key; }
+    /// <summary>
+    /// Set custom access token key field in the case service requires a "non-standard" key.
+    /// Default access token key is "access_token".
+    /// </summary>
+    void set_access_token_key(utility::string_t access_token_key) { m_access_token_key = std::move(access_token_key); }
 
 private:
-    friend class http_client_config;
+    friend class web::http::client::http_client_config;
     oauth2_config() {}
 
+    utility::string_t m_client_key;
+    utility::string_t m_client_secret;
+    utility::string_t m_auth_endpoint;
+    utility::string_t m_token_endpoint;
+    utility::string_t m_redirect_uri;
+    utility::string_t m_scope;
+    utility::string_t m_state;
+
+    bool m_bearer_auth;
+    bool m_http_basic_auth;
+    utility::string_t m_access_token_key;
+
     utility::string_t m_token;
 };
 
 
 /// <summary>
-/// Oauth2 handler. Specialization of http_pipeline_stage.
+/// OAuth 2.0 handler.
+/// Specialization of http_pipeline_stage to perform OAuth 2.0 request authentication.
 /// </summary>
 class oauth2_handler : public http_pipeline_stage
 {
 public:
-    oauth2_handler(oauth2_config config) : m_config(std::move(config)) {}
+    oauth2_handler(oauth2_config cfg) : m_config(std::move(cfg)) {}
 
-    void set_config(oauth2_config config) { m_config = std::move(config); }
-    const oauth2_config& get_config() const { return m_config; }
+    const oauth2_config& config() const { return m_config; }
+    void set_config(oauth2_config cfg) { m_config = std::move(cfg); }
 
-    virtual pplx::task<http_response> propagate(http_request request) override
-    {
-        if (m_config.is_enabled())
-        {
-            request.headers().add(_XPLATSTR("Authorization"), _XPLATSTR("Bearer ") + m_config.token());
-        }
-        return next_stage()->propagate(request);
-    }
+    _ASYNCRTIMP virtual pplx::task<http_response> propagate(http_request request) override;
 
 private:
     oauth2_config m_config;
 };
 
 
-}}} // namespace web::http::client
+}}}} // namespace web::http::client::experimental
 
 #endif  /* _CASA_OAUTH2_HANDLER_H */

Release/samples/OAuth2Live/App.xaml

@@ -0,0 +1,20 @@
+<Application
+    x:Class="OAuth2Live.App"
+    xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
+    xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
+    xmlns:local="using:OAuth2Live">
+
+    <Application.Resources>
+        <ResourceDictionary>
+            <ResourceDictionary.MergedDictionaries>
+
+                <!-- 
+                    Styles that define common aspects of the platform look and feel
+                    Required by Visual Studio project and item templates
+                 -->
+                <ResourceDictionary Source="Common/StandardStyles.xaml"/>
+            </ResourceDictionary.MergedDictionaries>
+
+        </ResourceDictionary>
+    </Application.Resources>
+</Application>