diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2009-06-09 21:45:59 -0700 |
|---|---|---|
| committer | Andrew Arnott <andrewarnott@gmail.com> | 2009-06-09 21:45:59 -0700 |
| commit | 392d487b5d5d62b032ae591bdfd1cb2a352273b2 (patch) | |
| tree | 92d824f638d6406c45c711242fd01a5bfcd26f87 | |
| parent | 9adb22045de6a81a0fe2651f8022eb5c9ce3709c (diff) | |
| download | DotNetOpenAuth-392d487b5d5d62b032ae591bdfd1cb2a352273b2.zip DotNetOpenAuth-392d487b5d5d62b032ae591bdfd1cb2a352273b2.tar.gz DotNetOpenAuth-392d487b5d5d62b032ae591bdfd1cb2a352273b2.tar.bz2 | |
Fixed bug where we were looking up access tokens as if they were request tokens.
| -rw-r--r-- | src/DotNetOpenAuth.Test/OAuth/ChannelElements/OAuthChannelTests.cs | 8 | ||||
| -rw-r--r-- | src/DotNetOpenAuth/OAuth/ChannelElements/OAuthServiceProviderMessageFactory.cs | 20 |
2 files changed, 16 insertions, 12 deletions
diff --git a/src/DotNetOpenAuth.Test/OAuth/ChannelElements/OAuthChannelTests.cs b/src/DotNetOpenAuth.Test/OAuth/ChannelElements/OAuthChannelTests.cs index 1251e2c..82d211a 100644 --- a/src/DotNetOpenAuth.Test/OAuth/ChannelElements/OAuthChannelTests.cs +++ b/src/DotNetOpenAuth.Test/OAuth/ChannelElements/OAuthChannelTests.cs @@ -47,22 +47,22 @@ namespace DotNetOpenAuth.Test.ChannelElements { [TestMethod, ExpectedException(typeof(ArgumentNullException))] public void CtorNullStore() { - new OAuthChannel(this.signingElement, null, new InMemoryTokenManager(), new TestMessageFactory()); + new OAuthChannel(new RsaSha1SigningBindingElement(new InMemoryTokenManager()), null, new InMemoryTokenManager(), new TestMessageFactory()); } [TestMethod, ExpectedException(typeof(ArgumentNullException))] public void CtorNullTokenManager() { - new OAuthChannel(this.signingElement, this.nonceStore, null, new TestMessageFactory()); + new OAuthChannel(new RsaSha1SigningBindingElement(new InMemoryTokenManager()), this.nonceStore, null, new TestMessageFactory()); } [TestMethod] public void CtorSimpleConsumer() { - new OAuthChannel(this.signingElement, this.nonceStore, (IConsumerTokenManager)new InMemoryTokenManager()); + new OAuthChannel(new RsaSha1SigningBindingElement(new InMemoryTokenManager()), this.nonceStore, (IConsumerTokenManager)new InMemoryTokenManager()); } [TestMethod] public void CtorSimpleServiceProvider() { - new OAuthChannel(this.signingElement, this.nonceStore, (IServiceProviderTokenManager)new InMemoryTokenManager()); + new OAuthChannel(new RsaSha1SigningBindingElement(new InMemoryTokenManager()), this.nonceStore, (IServiceProviderTokenManager)new InMemoryTokenManager()); } [TestMethod] diff --git a/src/DotNetOpenAuth/OAuth/ChannelElements/OAuthServiceProviderMessageFactory.cs b/src/DotNetOpenAuth/OAuth/ChannelElements/OAuthServiceProviderMessageFactory.cs index d8e3af2..63925c0 100644 --- a/src/DotNetOpenAuth/OAuth/ChannelElements/OAuthServiceProviderMessageFactory.cs +++ b/src/DotNetOpenAuth/OAuth/ChannelElements/OAuthServiceProviderMessageFactory.cs @@ -56,11 +56,7 @@ namespace DotNetOpenAuth.OAuth.ChannelElements { MessageBase message = null; Protocol protocol = Protocol.V10; // default to assuming the less-secure 1.0 instead of 1.0a until we prove otherwise. string token; - if (fields.TryGetValue("oauth_token", out token)) { - // Discern between 1.0 and 1.0a requests by checking on the consumer version we stored - // when the consumer first requested an unauthorized token. - protocol = Protocol.Lookup(this.tokenManager.GetRequestToken(token).ConsumerVersion); - } + fields.TryGetValue("oauth_token", out token); if (fields.ContainsKey("oauth_consumer_key") && !fields.ContainsKey("oauth_token")) { protocol = fields.ContainsKey("oauth_callback") ? Protocol.V10a : Protocol.V10; @@ -71,11 +67,19 @@ namespace DotNetOpenAuth.OAuth.ChannelElements { // is in the token parameter. bool tokenTypeIsAccessToken = this.tokenManager.GetTokenType(token) == TokenType.AccessToken; - message = tokenTypeIsAccessToken ? - (MessageBase)new AccessProtectedResourceRequest(recipient, protocol.Version) : - new AuthorizedTokenRequest(recipient, protocol.Version); + if (tokenTypeIsAccessToken) { + message = (MessageBase)new AccessProtectedResourceRequest(recipient, protocol.Version); + } else { + // Discern between 1.0 and 1.0a requests by checking on the consumer version we stored + // when the consumer first requested an unauthorized token. + protocol = Protocol.Lookup(this.tokenManager.GetRequestToken(token).ConsumerVersion); + message = new AuthorizedTokenRequest(recipient, protocol.Version); + } } else { // fail over to the message with no required fields at all. + if (token != null) { + protocol = Protocol.Lookup(this.tokenManager.GetRequestToken(token).ConsumerVersion); + } // If a callback parameter is included, that suggests either the consumer // is following OAuth 1.0 instead of 1.0a, or that a hijacker is trying |