TerribleDev/OwinOAuthProviders
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
927a7b9068ebb26f12b5ea4645c171c55b37aaab
OwinOAuthProviders/src/Owin.Security.Providers.Steam/SteamAuthenticationHandler.cs
James Ruskin 35ea1c9d79 Update Steam OpenID Regex to handle HTTPS 
Steam have updated their implementation to return https URIs in claimedID (please see [this thread](https://www.reddit.com/r/Steam/comments/8a7gsu/steam_openid_broken_for_many_websites_fix_inside/)).

The current version of the `_accountIDRegex` does not handle this.

This change should fix this. Arguably, we should not include the option to accept http, as Steam have (seemingly) irrevocably changed this.

This should solve [Issue #234](https://github.com/TerribleDev/OwinOAuthProviders/issues/234).
2018-04-30 11:49:04 +01:00

34 lines
1.6 KiB
C#
Raw Blame History

using Microsoft.Owin.Logging;
using Newtonsoft.Json;
using System.Collections.Generic;
using System.Net.Http;
using System.Security.Claims;
using System.Text.RegularExpressions;
using Owin.Security.Providers.OpenIDBase;
namespace Owin.Security.Providers.Steam
{
internal sealed class SteamAuthenticationHandler : OpenIDAuthenticationHandlerBase<SteamAuthenticationOptions>
{
private readonly Regex _accountIDRegex = new Regex(@"^https?://steamcommunity\.com/openid/id/(7[0-9]{15,25})$", RegexOptions.Compiled);
private const string UserInfoUri = "http://api.steampowered.com/ISteamUser/GetPlayerSummaries/v0002/?key={0}&steamids={1}";
public SteamAuthenticationHandler(HttpClient httpClient, ILogger logger) : base(httpClient, logger)
{ }
protected override void SetIdentityInformations(ClaimsIdentity identity, string claimedID, IDictionary<string, string> attributeExchangeProperties)
{
var accountIDMatch = _accountIDRegex.Match(claimedID);
if (!accountIDMatch.Success) return;
var accountID = accountIDMatch.Groups[1].Value;
var getUserInfoTask = HTTPClient.GetStringAsync(string.Format(UserInfoUri, Options.ApplicationKey, accountID));
getUserInfoTask.Wait();
var userInfoRaw = getUserInfoTask.Result;
dynamic userInfo = JsonConvert.DeserializeObject<dynamic>(userInfoRaw);
identity.AddClaim(new Claim(ClaimTypes.Name, (string)userInfo.response.players[0].personaname, "http://www.w3.org/2001/XMLSchema#string", Options.AuthenticationType));
}
}
}
Reference in New Issue View Git Blame Copy Permalink