From af5272ab69d6a752e39832a41c954eebfd309ec4 Mon Sep 17 00:00:00 2001
From: Joe DeCock <josephdecock@gmail.com>
Date: Sat, 28 Oct 2023 20:25:50 -0500
Subject: [PATCH] Make AuthorizeHttpWriter public, add virtuals

---
 .../Endpoints/Results/AuthorizeResult.cs      | 38 ++++++++++++++++---
 1 file changed, 32 insertions(+), 6 deletions(-)

diff --git a/src/IdentityServer/Endpoints/Results/AuthorizeResult.cs b/src/IdentityServer/Endpoints/Results/AuthorizeResult.cs
index 698e361a9..5b014e017 100644
--- a/src/IdentityServer/Endpoints/Results/AuthorizeResult.cs
+++ b/src/IdentityServer/Endpoints/Results/AuthorizeResult.cs
@@ -38,8 +38,14 @@ public AuthorizeResult(AuthorizeResponse response)
     }
 }
 
-internal class AuthorizeHttpWriter : IHttpResponseWriter<AuthorizeResult>
+/// <summary>
+/// Writes http responses for <see cref="AuthorizeResult"/>s.
+/// </summary>
+public class AuthorizeHttpWriter : IHttpResponseWriter<AuthorizeResult>
 {
+    /// <summary>
+    /// Initializes a new instance of the <see cref="AuthorizeHttpWriter"/> class.
+    /// </summary>
     public AuthorizeHttpWriter(
         IdentityServerOptions options,
         IUserSession userSession,
@@ -63,6 +69,7 @@ public AuthorizeHttpWriter(
     private readonly IServerUrls _urls;
     private readonly IClock _clock;
 
+    /// <inheritdoc />
     public async Task WriteHttpResponse(AuthorizeResult result, HttpContext context)
     {
         await ConsumePushedAuthorizationRequest(result);
@@ -86,7 +93,6 @@ private async Task ConsumePushedAuthorizationRequest(AuthorizeResult result)
         }
     }
 
-
     private async Task ProcessErrorAsync(AuthorizeResponse response, HttpContext context)
     {
         // these are the conditions where we can send a response 
@@ -111,7 +117,7 @@ private async Task ProcessErrorAsync(AuthorizeResponse response, HttpContext con
         }
     }
 
-    protected async Task ProcessResponseAsync(AuthorizeResponse response, HttpContext context)
+    private async Task ProcessResponseAsync(AuthorizeResponse response, HttpContext context)
     {
         if (!response.IsError)
         {
@@ -178,11 +184,31 @@ private string BuildRedirectUri(AuthorizeResponse response)
         return uri;
     }
 
-    private const string FormPostHtml = "<html><head><meta http-equiv='X-UA-Compatible' content='IE=edge' /><base target='_self'/></head><body><form method='post' action='{uri}'>{body}<noscript><button>Click to continue</button></noscript></form><script>window.addEventListener('load', function(){document.forms[0].submit();});</script></body></html>";
+    private const string DefaultFormPostHeadTags = "<head><meta http-equiv='X-UA-Compatible' content='IE=edge' /><base target='_self'/></head>";
+    private const string DefaultFormPostBodyTags = "<body><form method='post' action='{uri}'>{body}<noscript><button>Click to continue</button></noscript></form><script>window.addEventListener('load', function(){document.forms[0].submit();});</script></body>";
 
-    private string GetFormPostHtml(AuthorizeResponse response)
+    /// <summary>
+    /// Gets the header tags that will be included in the response when
+    /// response_mode is form_post.
+    /// </summary>
+    protected virtual string FormPostHeader => DefaultFormPostHeadTags;
+    
+    /// <summary>
+    /// Gets the body tags that will be included in the response when
+    /// response_mode is form_post. The string "{body}" (including the curly
+    /// braces) within this string will be replaced with the response
+    /// parameters, serialized as form data.
+    /// </summary>
+    protected virtual string FormPostBody => DefaultFormPostBodyTags;
+
+    /// <summary>
+    /// Gets the html that will set as the response when response_mode is
+    /// form_post. 
+    /// </summary>
+    /// <param name="response"></param>
+    protected virtual string GetFormPostHtml(AuthorizeResponse response)
     {
-        var html = FormPostHtml;
+        var html = $"<html>{FormPostHeader}{FormPostBody}</html>";
 
         var url = response.Request.RedirectUri;
         url = HtmlEncoder.Default.Encode(url);