okta · laura-rodriguez · Apr 20, 2020 · Apr 15, 2020 · Apr 15, 2020 · Apr 15, 2020
diff --git a/Okta.Auth.Sdk.UnitTests/AuthenticationClientShould.cs b/Okta.Auth.Sdk.UnitTests/AuthenticationClientShould.cs
@@ -140,6 +140,36 @@ public async Task ForgotPasswordWithCallFactor()
                 .Be("https://dotnet.oktapreview.com/api/v1/authn/recovery/factors/CALL/resend");
         }
 
+        [Fact]
+        public async Task AddHeadersToForgotPasswordRequest()
+        {
+            var forgotPasswordOptions = new ForgotPasswordOptions()
+            {
+                FactorType = FactorType.Call,
+                RelayState = "/myapp/some/deep/link/i/want/to/return/to",
+                UserName = "bob-user@test.com",
+                UserAgent = "baz",
+                XForwardedFor = "bar",
+            };
+
+            var mockRequestExecutor = Substitute.For<IRequestExecutor>();
+            mockRequestExecutor
+                .PostAsync(Arg.Any<string>(), Arg.Any<IEnumerable<KeyValuePair<string, string>>>(), Arg.Any<string>(), Arg.Any<CancellationToken>())
+                .Returns(new HttpResponse<string>() { StatusCode = 200 });
+
+            var authnClient = new TesteableAuthnClient(mockRequestExecutor);
+
+            await authnClient.ForgotPasswordAsync(forgotPasswordOptions);
+
+            await mockRequestExecutor.Received().PostAsync(
+                "/api/v1/authn/recovery/password",
+                Arg.Is<IEnumerable<KeyValuePair<string, string>>>(headers => 
+                headers.Any(kvp => kvp.Key == "User-Agent" && kvp.Value == "baz") &&
+                headers.Any(kvp => kvp.Key == "X-Forwarded-For" && kvp.Value == "bar")),
+                Arg.Any<string>(),
+                CancellationToken.None);
+        }
+
         [Fact]
         public async Task ResetPassword()
         {
@@ -221,6 +251,65 @@ await mockRequestExecutor.Received().PostAsync(
                 CancellationToken.None);
         }
 
+        [Fact]
+        public async Task AddHeadersToAuthenticationRequest()
+        {
+            var authOptions = new AuthenticateOptions()
+            {
+                Username = "foo",
+                Password = "bar",
+                XForwardedFor = "baz",
+                UserAgent = "qux",
+                DeviceFingerprint = "quux",
+            };
+
+            var mockRequestExecutor = Substitute.For<IRequestExecutor>();
+            mockRequestExecutor
+                .PostAsync(Arg.Any<string>(), Arg.Any<IEnumerable<KeyValuePair<string, string>>>(), Arg.Any<string>(), Arg.Any<CancellationToken>())
+                .Returns(new HttpResponse<string>() { StatusCode = 200 });
+
+            var authnClient = new TesteableAuthnClient(mockRequestExecutor);
+
+            await authnClient.AuthenticateAsync(authOptions);
+
+            await mockRequestExecutor.Received().PostAsync(
+                "/api/v1/authn",
+                Arg.Is<IEnumerable<KeyValuePair<string, string>>>(headers => 
+                headers.Any(kvp => kvp.Key == "X-Forwarded-For" && kvp.Value == "baz") && 
+                headers.Any(kvp => kvp.Key == "User-Agent" && kvp.Value == "qux") && 
+                headers.Any(kvp => kvp.Key == "X-Device-Fingerprint" && kvp.Value == "quux")),
+                "{\"username\":\"foo\",\"password\":\"bar\"}",
+                CancellationToken.None);
+        }
+
+        [Fact]
+        public async Task AddHeadersToAuthenticationWithActivationTokenRequest()
+        {
+            var authOptions = new AuthenticateWithActivationTokenOptions()
+            {
+                ActivationToken = "foo",
+                XForwardedFor = "baz",
+                UserAgent = "bar",
+            };
+
+            var mockRequestExecutor = Substitute.For<IRequestExecutor>();
+            mockRequestExecutor
+                .PostAsync(Arg.Any<string>(), Arg.Any<IEnumerable<KeyValuePair<string, string>>>(), Arg.Any<string>(), Arg.Any<CancellationToken>())
+                .Returns(new HttpResponse<string>() { StatusCode = 200 });
+
+            var authnClient = new TesteableAuthnClient(mockRequestExecutor);
+
+            await authnClient.AuthenticateAsync(authOptions);
+
+            await mockRequestExecutor.Received().PostAsync(
+                "/api/v1/authn",
+                Arg.Is<IEnumerable<KeyValuePair<string, string>>>(headers => 
+                headers.Any(kvp => kvp.Key == "X-Forwarded-For" && kvp.Value == "baz") &&
+                headers.Any(kvp => kvp.Key == "User-Agent" && kvp.Value == "bar") ),
+                "{\"token\":\"foo\"}",
+                CancellationToken.None);
+        }
+
         [Fact]
         public async Task SendTokenWhenAuthenticatingWithActivationToken()
         {
@@ -869,6 +958,36 @@ await mockRequestExecutor.Received().PostAsync(
                 CancellationToken.None);
         }
 
+        [Fact]
+        public async Task AddHeadersToUnlockAccountRequest()
+        {
+            var unlockAccountOptions = new UnlockAccountOptions()
+            {
+                FactorType = new FactorType("sms"),
+                RelayState = "/myapp/some/deep/link/i/want/to/return/to",
+                Username = "dade.murphy@example.com",
+                UserAgent = "baz",
+                XForwardedFor = "bar",
+            };
+
+            var mockRequestExecutor = Substitute.For<IRequestExecutor>();
+            mockRequestExecutor
+                .PostAsync(Arg.Any<string>(), Arg.Any<IEnumerable<KeyValuePair<string, string>>>(), Arg.Any<string>(), Arg.Any<CancellationToken>())
+                .Returns(new HttpResponse<string>() { StatusCode = 200 });
+
+            var authnClient = new TesteableAuthnClient(mockRequestExecutor);
+
+            await authnClient.UnlockAccountAsync(unlockAccountOptions);
+
+            await mockRequestExecutor.Received().PostAsync(
+                "/api/v1/authn/recovery/unlock",
+                Arg.Is<IEnumerable<KeyValuePair<string, string>>>(headers => 
+                headers.Any(kvp => kvp.Key == "User-Agent" && kvp.Value == "baz") &&
+                headers.Any(kvp => kvp.Key == "X-Forwarded-For" && kvp.Value == "bar")),
+                Arg.Any<string>(),
+                CancellationToken.None);
+        }
+
         [Theory]
         [InlineData("sms")]
         [InlineData("call")]

diff --git a/Okta.Auth.Sdk/AuthenticateOptions.cs b/Okta.Auth.Sdk/AuthenticateOptions.cs
@@ -60,6 +60,18 @@ public class AuthenticateOptions
         /// <value>The device fingerprint</value>
         public string DeviceFingerprint { get; set; }
 
+        /// <summary>
+        /// Gets or sets the value for `x-forwarded-for` header.
+        /// </summary>
+        /// <value>The value for `x-forwarded-for` header.</value>
+        public string XForwardedFor { get; set; }
+
+        /// <summary>
+        /// Gets or sets the user agent.
+        /// </summary>
+        /// <value>The user agent.</value>
+        public string UserAgent { get; set; }
+
         /// <summary>
         /// Gets or sets the state token
         /// </summary>

diff --git a/Okta.Auth.Sdk/AuthenticateWithActivationTokenOptions.cs b/Okta.Auth.Sdk/AuthenticateWithActivationTokenOptions.cs
@@ -15,5 +15,17 @@ public class AuthenticateWithActivationTokenOptions
         /// </summary>
         /// <value>The activation token</value>
         public string ActivationToken { get; set; }
+
+        /// <summary>
+        /// Gets or sets the value for `x-forwarded-for` header.
+        /// </summary>
+        /// <value>The value for `x-forwarded-for` header.</value>
+        public string XForwardedFor { get; set; }
+
+        /// <summary>
+        /// Gets or sets the user agent.
+        /// </summary>
+        /// <value>The user agent.</value>
+        public string UserAgent { get; set; }
     }
 }
diff --git a/Okta.Auth.Sdk/AuthenticationClient.cs b/Okta.Auth.Sdk/AuthenticationClient.cs
@@ -87,6 +87,16 @@ protected AuthenticationClient(IDataStore dataStore, OktaClientConfiguration con
                 request.Headers["X-Device-Fingerprint"] = authenticateOptions.DeviceFingerprint;
             }
 
+            if (!string.IsNullOrEmpty(authenticateOptions.XForwardedFor))
+            {
+                request.Headers["X-Forwarded-For"] = authenticateOptions.XForwardedFor;
+            }
+
+            if (!string.IsNullOrEmpty(authenticateOptions.UserAgent))
+            {
+                request.Headers["User-Agent"] = authenticateOptions.UserAgent;
+            }
+
             return await PostAsync<AuthenticationResponse>(
                 request, cancellationToken).ConfigureAwait(false);
         }
@@ -99,12 +109,24 @@ protected AuthenticationClient(IDataStore dataStore, OktaClientConfiguration con
                 ActivationToken = authenticateOptions.ActivationToken,
             };
 
-            return await PostAsync<AuthenticationResponse>(
-                new HttpRequest
-                {
-                    Uri = "/api/v1/authn",
-                    Payload = authenticationRequest,
-                }, cancellationToken).ConfigureAwait(false);
+            var request = new HttpRequest
+            {
+                Uri = "/api/v1/authn",
+                Payload = authenticationRequest,
+
+            };
+
+            if (!string.IsNullOrEmpty(authenticateOptions.UserAgent))
+            {
+                request.Headers["User-Agent"] = authenticateOptions.UserAgent;
+            }
+
+            if (!string.IsNullOrEmpty(authenticateOptions.XForwardedFor))
+            {
+                request.Headers["X-Forwarded-For"] = authenticateOptions.XForwardedFor;
+            }
+
+            return await PostAsync<AuthenticationResponse>(request, cancellationToken).ConfigureAwait(false);
         }
 
         /// <inheritdoc/>
@@ -135,12 +157,23 @@ protected AuthenticationClient(IDataStore dataStore, OktaClientConfiguration con
                 FactorType = forgotPasswordOptions.FactorType,
             };
 
-            return await PostAsync<AuthenticationResponse>(
-                new HttpRequest
-                {
-                    Uri = "/api/v1/authn/recovery/password",
-                    Payload = forgotPasswordRequest,
-                }, cancellationToken).ConfigureAwait(false);
+            var request = new HttpRequest
+            {
+                Uri = "/api/v1/authn/recovery/password",
+                Payload = forgotPasswordRequest,
+            };
+
+            if (!string.IsNullOrEmpty(forgotPasswordOptions.UserAgent))
+            {
+                request.Headers["User-Agent"] = forgotPasswordOptions.UserAgent;
+            }
+
+            if (!string.IsNullOrEmpty(forgotPasswordOptions.XForwardedFor))
+            {
+                request.Headers["X-Forwarded-For"] = forgotPasswordOptions.XForwardedFor;
+            }
+
+            return await PostAsync<AuthenticationResponse>(request, cancellationToken).ConfigureAwait(false);
         }
 
         /// <inheritdoc/>
@@ -506,12 +539,23 @@ protected AuthenticationClient(IDataStore dataStore, OktaClientConfiguration con
                 Username = unlockAccountOptions.Username,
             };
 
-            return await PostAsync<AuthenticationResponse>(
-                new HttpRequest
-                {
-                    Uri = $"/api/v1/authn/recovery/unlock",
-                    Payload = unlockAccountRequest,
-                }, cancellationToken).ConfigureAwait(false);
+            var request = new HttpRequest
+            {
+                Uri = $"/api/v1/authn/recovery/unlock",
+                Payload = unlockAccountRequest,
+            };
+
+            if (!string.IsNullOrEmpty(unlockAccountOptions.UserAgent))
+            {
+                request.Headers["User-Agent"] = unlockAccountOptions.UserAgent;
+            }
+
+            if (!string.IsNullOrEmpty(unlockAccountOptions.XForwardedFor))
+            {
+                request.Headers["X-Forwarded-For"] = unlockAccountOptions.XForwardedFor;
+            }
+
+            return await PostAsync<AuthenticationResponse>(request, cancellationToken).ConfigureAwait(false);
         }
 
         /// <inheritdoc/>

diff --git a/Okta.Auth.Sdk/ForgotPasswordOptions.cs b/Okta.Auth.Sdk/ForgotPasswordOptions.cs
@@ -27,5 +27,17 @@ public class ForgotPasswordOptions
         /// </summary>
         /// <value>The factor type</value>
         public FactorType FactorType { get; set; }
+
+        /// <summary>
+        /// Gets or sets the value for `x-forwarded-for` header.
+        /// </summary>
+        /// <value>The value for `x-forwarded-for` header.</value>
+        public string XForwardedFor { get; set; }
+
+        /// <summary>
+        /// Gets or sets the user agent.
+        /// </summary>
+        /// <value>The user agent.</value>
+        public string UserAgent { get; set; }
     }
 }
diff --git a/Okta.Auth.Sdk/UnlockAccountOptions.cs b/Okta.Auth.Sdk/UnlockAccountOptions.cs
@@ -27,5 +27,17 @@ public class UnlockAccountOptions
         /// </summary>
         /// <value>The factor type</value>
         public FactorType FactorType { get; set; }
+
+        /// <summary>
+        /// Gets or sets the value for `x-forwarded-for` header.
+        /// </summary>
+        /// <value>The value for `x-forwarded-for` header.</value>
+        public string XForwardedFor { get; set; }
+
+        /// <summary>
+        /// Gets or sets the user agent.
+        /// </summary>
+        /// <value>The user agent.</value>
+        public string UserAgent { get; set; }
     }
 }
diff --git a/Okta.Sdk.Abstractions.UnitTests/DefaultDataStoreShould.cs b/Okta.Sdk.Abstractions.UnitTests/DefaultDataStoreShould.cs
@@ -177,6 +177,29 @@ await mockRequestExecutor.Received().GetAsync(
                 CancellationToken.None);
         }
 
+
+        [Fact]
+        public async Task DoNotOvewriteUserAgentWhenProvided()
+        {
+            var mockRequestExecutor = Substitute.For<IRequestExecutor>();
+            mockRequestExecutor
+                .GetAsync(Arg.Any<string>(), Arg.Any<IEnumerable<KeyValuePair<string, string>>>(), Arg.Any<CancellationToken>())
+                .Returns(new HttpResponse<string>() { StatusCode = 200 });
+
+            var dataStore = new DefaultDataStore(mockRequestExecutor, new DefaultSerializer(), new ResourceFactory(null, null, null), NullLogger.Instance, new UserAgentBuilder("okta-sdk-dotnet", UserAgentHelper.SdkVersion));
+            var request = new HttpRequest { Uri = "https://foo.dev" };
+            request.Headers["User-Agent"] = "foo bar baz";
+
+            await dataStore.GetAsync<TestResource>(request, new RequestContext(), CancellationToken.None);
+
+            // Assert that the request sent to the RequestExecutor included the User-Agent header
+            await mockRequestExecutor.Received().GetAsync(
+                "https://foo.dev",
+                Arg.Is<IEnumerable<KeyValuePair<string, string>>>(
+                    headers => headers.Any(kvp => kvp.Key == "User-Agent" && kvp.Value == "foo bar baz")),
+                CancellationToken.None);
+        }
+
         [Fact]
         public async Task AddContextUserAgentToRequests()
         {

diff --git a/Okta.Sdk.Abstractions/DefaultDataStore.cs b/Okta.Sdk.Abstractions/DefaultDataStore.cs
@@ -92,7 +92,11 @@ private void AddUserAgent(HttpRequest request)
                 request.Headers = new Dictionary<string, string>();
             }
 
-            request.Headers["User-Agent"] = _userAgentBuilder.GetUserAgent();
+            // User-Agent is not overwritten if provided
+            if (!request.Headers.ContainsKey("User-Agent") || string.IsNullOrEmpty(request.Headers["User-Agent"]))
+            {
+                request.Headers["User-Agent"] = _userAgentBuilder.GetUserAgent();
+            }
         }
 
         private static void ApplyContextToRequest(HttpRequest request, RequestContext context)