diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2009-02-13 08:50:31 -0800 |
|---|---|---|
| committer | Andrew Arnott <andrewarnott@gmail.com> | 2009-02-13 08:50:31 -0800 |
| commit | 59fed63b4a9ec2103caf7eb64f82ea16d4a4f75d (patch) | |
| tree | f79b591f0b37aa38cab548315dcbc9ea41dd79f5 | |
| parent | ee9d1020a9d512bc2c84a681ff0e01f3ac8c12fc (diff) | |
| download | DotNetOpenAuth-59fed63b4a9ec2103caf7eb64f82ea16d4a4f75d.zip DotNetOpenAuth-59fed63b4a9ec2103caf7eb64f82ea16d4a4f75d.tar.gz DotNetOpenAuth-59fed63b4a9ec2103caf7eb64f82ea16d4a4f75d.tar.bz2 | |
Fixed positive assertion checking so that OpenID version is included in check, per the OpenID 2.0 spec.
| -rw-r--r-- | src/DotNetOpenId/RelyingParty/AuthenticationResponse.cs | 10 | ||||
| -rw-r--r-- | src/DotNetOpenId/Strings.Designer.cs | 11 | ||||
| -rw-r--r-- | src/DotNetOpenId/Strings.resx | 3 |
3 files changed, 23 insertions, 1 deletions
diff --git a/src/DotNetOpenId/RelyingParty/AuthenticationResponse.cs b/src/DotNetOpenId/RelyingParty/AuthenticationResponse.cs index d0dd33b..20b6958 100644 --- a/src/DotNetOpenId/RelyingParty/AuthenticationResponse.cs +++ b/src/DotNetOpenId/RelyingParty/AuthenticationResponse.cs @@ -358,6 +358,16 @@ namespace DotNetOpenId.RelyingParty { ServiceEndpoint tokenEndpoint, ServiceEndpoint responseEndpoint) {
Logger.Debug("Verifying assertion matches identifier discovery results...");
+
+ // Verify that the actual version of the OP endpoint matches discovery.
+ Protocol actualProtocol = Protocol.Detect(query);
+ Protocol discoveredProtocol = (tokenEndpoint ?? responseEndpoint).Protocol;
+ if (!actualProtocol.Equals(discoveredProtocol)) {
+ throw new OpenIdException(string.Format(CultureInfo.CurrentCulture,
+ Strings.OpenIdDiscoveredAndActualVersionMismatch,
+ actualProtocol.Version, discoveredProtocol.Version));
+ }
+
if ((tokenEndpoint ?? responseEndpoint).Protocol.Version.Major < 2) {
Debug.Assert(tokenEndpoint != null, "Our OpenID 1.x implementation requires an RP token. And this should have been verified by our caller.");
// For 1.x OPs, we only need to verify that the OP Local Identifier
diff --git a/src/DotNetOpenId/Strings.Designer.cs b/src/DotNetOpenId/Strings.Designer.cs index 94528bb..0af791f 100644 --- a/src/DotNetOpenId/Strings.Designer.cs +++ b/src/DotNetOpenId/Strings.Designer.cs @@ -1,7 +1,7 @@ //------------------------------------------------------------------------------
// <auto-generated>
// This code was generated by a tool.
-// Runtime Version:2.0.50727.3053
+// Runtime Version:2.0.50727.3521
//
// Changes to this file may cause incorrect behavior and will be lost if
// the code is regenerated.
@@ -488,6 +488,15 @@ namespace DotNetOpenId { }
/// <summary>
+ /// Looks up a localized string similar to Positive assertion sent with OpenID version {0} but Identifier discovery suggested it would be {1}..
+ /// </summary>
+ internal static string OpenIdDiscoveredAndActualVersionMismatch {
+ get {
+ return ResourceManager.GetString("OpenIdDiscoveredAndActualVersionMismatch", resourceCulture);
+ }
+ }
+
+ /// <summary>
/// Looks up a localized string similar to No OpenId endpoint found..
/// </summary>
internal static string OpenIdEndpointNotFound {
diff --git a/src/DotNetOpenId/Strings.resx b/src/DotNetOpenId/Strings.resx index a8a2c28..6bebc76 100644 --- a/src/DotNetOpenId/Strings.resx +++ b/src/DotNetOpenId/Strings.resx @@ -325,4 +325,7 @@ Discovered endpoint info: <data name="ClaimedIdentifierCannotBeSetOnDelegatedAuthentication" xml:space="preserve">
<value>The ClaimedIdentifier property cannot be set when IsDelegatedIdentifier is true to avoid breaking OpenID URL delegation.</value>
</data>
+ <data name="OpenIdDiscoveredAndActualVersionMismatch" xml:space="preserve">
+ <value>Positive assertion sent with OpenID version {0} but Identifier discovery suggested it would be {1}.</value>
+ </data>
</root>
\ No newline at end of file |