Locked down contract for when tokens are not found.

author: Andrew Arnott <andrewarnott@gmail.com> 2009-06-09 22:08:27 -0700
committer: Andrew Arnott <andrewarnott@gmail.com> 2009-06-09 22:08:27 -0700
commit: 5f77f7d85cec7a50b7fcefec08283f240ba0fd10 (patch)
tree: fa6356cb472fe9a0002b7efc00f4e297a83427f9
parent: 20e1ff638edac9e9522e71467ae09d60f77c91d6 (diff)
download: DotNetOpenAuth-5f77f7d85cec7a50b7fcefec08283f240ba0fd10.zip
DotNetOpenAuth-5f77f7d85cec7a50b7fcefec08283f240ba0fd10.tar.gz
DotNetOpenAuth-5f77f7d85cec7a50b7fcefec08283f240ba0fd10.tar.bz2
5 files changed, 57 insertions, 36 deletions
diff --git a/samples/OAuthServiceProvider/App_Code/DatabaseTokenManager.cs b/samples/OAuthServiceProvider/App_Code/DatabaseTokenManager.cs
index f4f34de..8ca4539 100644
--- a/samples/OAuthServiceProvider/App_Code/DatabaseTokenManager.cs
+++ b/samples/OAuthServiceProvider/App_Code/DatabaseTokenManager.cs
@@ -18,14 +18,18 @@ public class DatabaseTokenManager : IServiceProviderTokenManager {
 		var consumerRow = Global.DataContext.OAuthConsumers.SingleOrDefault(
 			consumerCandidate => consumerCandidate.ConsumerKey == consumerKey);
 		if (consumerRow == null) {
-			throw new ArgumentException();
+			throw new KeyNotFoundException();
 		}
 
 		return consumerRow;
 	}
 
 	public IServiceProviderRequestToken GetRequestToken(string token) {
-		return Global.DataContext.OAuthTokens.First(t => t.Token == token);
+		try {
+			return Global.DataContext.OAuthTokens.First(t => t.Token == token);
+		} catch (InvalidOperationException ex) {
+			throw new KeyNotFoundException("Unrecognized token", ex);
+		}
 	}
 
 	#endregion
diff --git a/src/DotNetOpenAuth/OAuth/ChannelElements/IServiceProviderTokenManager.cs b/src/DotNetOpenAuth/OAuth/ChannelElements/IServiceProviderTokenManager.cs
index f841aa9..fa008ac 100644
--- a/src/DotNetOpenAuth/OAuth/ChannelElements/IServiceProviderTokenManager.cs
+++ b/src/DotNetOpenAuth/OAuth/ChannelElements/IServiceProviderTokenManager.cs
@@ -19,15 +19,16 @@ namespace DotNetOpenAuth.OAuth.ChannelElements {
 		/// Gets the Consumer description for a given a Consumer Key.
 		/// </summary>
 		/// <param name="consumerKey">The Consumer Key.</param>
-		/// <returns>A description of the consumer.</returns>
-		/// <exception cref="ArgumentException">Thrown if the consumer key cannot be found.</exception>
+		/// <returns>A description of the consumer.  Never null.</returns>
+		/// <exception cref="KeyNotFoundException">Thrown if the consumer key cannot be found.</exception>
 		IConsumerDescription GetConsumer(string consumerKey);
 
 		/// <summary>
 		/// Gets details on the named request token.
 		/// </summary>
 		/// <param name="token">The request token.</param>
-		/// <returns>A description of the token</returns>
+		/// <returns>A description of the token.  Never null.</returns>
+		/// <exception cref="KeyNotFoundException">Thrown if the token cannot be found.</exception>
 		IServiceProviderRequestToken GetRequestToken(string token);
 	}
 }
diff --git a/src/DotNetOpenAuth/OAuth/ChannelElements/OAuthServiceProviderMessageFactory.cs b/src/DotNetOpenAuth/OAuth/ChannelElements/OAuthServiceProviderMessageFactory.cs
index 63925c0..4727a6d 100644
--- a/src/DotNetOpenAuth/OAuth/ChannelElements/OAuthServiceProviderMessageFactory.cs
+++ b/src/DotNetOpenAuth/OAuth/ChannelElements/OAuthServiceProviderMessageFactory.cs
@@ -58,43 +58,47 @@ namespace DotNetOpenAuth.OAuth.ChannelElements {
 			string token;
 			fields.TryGetValue("oauth_token", out token);
 
-			if (fields.ContainsKey("oauth_consumer_key") && !fields.ContainsKey("oauth_token")) {
-				protocol = fields.ContainsKey("oauth_callback") ? Protocol.V10a : Protocol.V10;
-				message = new UnauthorizedTokenRequest(recipient, protocol.Version);
-			} else if (fields.ContainsKey("oauth_consumer_key") && fields.ContainsKey("oauth_token")) {
-				// Discern between RequestAccessToken and AccessProtectedResources,
-				// which have all the same parameters, by figuring out what type of token
-				// is in the token parameter.
-				bool tokenTypeIsAccessToken = this.tokenManager.GetTokenType(token) == TokenType.AccessToken;
+			try {
+				if (fields.ContainsKey("oauth_consumer_key") && !fields.ContainsKey("oauth_token")) {
+					protocol = fields.ContainsKey("oauth_callback") ? Protocol.V10a : Protocol.V10;
+					message = new UnauthorizedTokenRequest(recipient, protocol.Version);
+				} else if (fields.ContainsKey("oauth_consumer_key") && fields.ContainsKey("oauth_token")) {
+					// Discern between RequestAccessToken and AccessProtectedResources,
+					// which have all the same parameters, by figuring out what type of token
+					// is in the token parameter.
+					bool tokenTypeIsAccessToken = this.tokenManager.GetTokenType(token) == TokenType.AccessToken;
 
-				if (tokenTypeIsAccessToken) {
-					message = (MessageBase)new AccessProtectedResourceRequest(recipient, protocol.Version);
+					if (tokenTypeIsAccessToken) {
+						message = (MessageBase)new AccessProtectedResourceRequest(recipient, protocol.Version);
+					} else {
+						// Discern between 1.0 and 1.0a requests by checking on the consumer version we stored
+						// when the consumer first requested an unauthorized token.
+						protocol = Protocol.Lookup(this.tokenManager.GetRequestToken(token).ConsumerVersion);
+						message = new AuthorizedTokenRequest(recipient, protocol.Version);
+					}
 				} else {
-					// Discern between 1.0 and 1.0a requests by checking on the consumer version we stored
-					// when the consumer first requested an unauthorized token.
-					protocol = Protocol.Lookup(this.tokenManager.GetRequestToken(token).ConsumerVersion);
-					message = new AuthorizedTokenRequest(recipient, protocol.Version);
-				}
-			} else {
-				// fail over to the message with no required fields at all.
-				if (token != null) {
-					protocol = Protocol.Lookup(this.tokenManager.GetRequestToken(token).ConsumerVersion);
+					// fail over to the message with no required fields at all.
+					if (token != null) {
+						protocol = Protocol.Lookup(this.tokenManager.GetRequestToken(token).ConsumerVersion);
+					}
+
+					// If a callback parameter is included, that suggests either the consumer
+					// is following OAuth 1.0 instead of 1.0a, or that a hijacker is trying
+					// to attack.  Either way, if the consumer started out as a 1.0a, keep it
+					// that way, and we'll just ignore the oauth_callback included in this message
+					// by virtue of the UserAuthorizationRequest message not including it in its
+					// 1.0a payload.
+					message = new UserAuthorizationRequest(recipient, protocol.Version);
 				}
 
-				// If a callback parameter is included, that suggests either the consumer
-				// is following OAuth 1.0 instead of 1.0a, or that a hijacker is trying
-				// to attack.  Either way, if the consumer started out as a 1.0a, keep it
-				// that way, and we'll just ignore the oauth_callback included in this message
-				// by virtue of the UserAuthorizationRequest message not including it in its
-				// 1.0a payload.
-				message = new UserAuthorizationRequest(recipient, protocol.Version);
-			}
+				if (message != null) {
+					message.SetAsIncoming();
+				}
 
-			if (message != null) {
-				message.SetAsIncoming();
+				return message;
+			} catch (KeyNotFoundException ex) {
+				throw ErrorUtilities.Wrap(ex, OAuthStrings.TokenNotFound);
 			}
-
-			return message;
 		}
 
 		/// <summary>
diff --git a/src/DotNetOpenAuth/OAuth/OAuthStrings.Designer.cs b/src/DotNetOpenAuth/OAuth/OAuthStrings.Designer.cs
index 81e484f..689998a 100644
--- a/src/DotNetOpenAuth/OAuth/OAuthStrings.Designer.cs
+++ b/src/DotNetOpenAuth/OAuth/OAuthStrings.Designer.cs
@@ -151,6 +151,15 @@ namespace DotNetOpenAuth.OAuth {
         }
         
         /// <summary>
+        ///   Looks up a localized string similar to A token in the message was not recognized by the service provider..
+        /// </summary>
+        internal static string TokenNotFound {
+            get {
+                return ResourceManager.GetString("TokenNotFound", resourceCulture);
+            }
+        }
+        
+        /// <summary>
         ///   Looks up a localized string similar to The RSA-SHA1 signing binding element has not been set with a certificate for signing..
         /// </summary>
         internal static string X509CertificateNotProvidedForSigning {
diff --git a/src/DotNetOpenAuth/OAuth/OAuthStrings.resx b/src/DotNetOpenAuth/OAuth/OAuthStrings.resx
index 108cf08..a40b35d 100644
--- a/src/DotNetOpenAuth/OAuth/OAuthStrings.resx
+++ b/src/DotNetOpenAuth/OAuth/OAuthStrings.resx
@@ -147,6 +147,9 @@
   <data name="SigningElementsMustShareSameProtection" xml:space="preserve">
     <value>All signing elements must offer the same message protection.</value>
   </data>
+  <data name="TokenNotFound" xml:space="preserve">
+    <value>A token in the message was not recognized by the service provider.</value>
+  </data>
   <data name="X509CertificateNotProvidedForSigning" xml:space="preserve">
     <value>The RSA-SHA1 signing binding element has not been set with a certificate for signing.</value>
   </data>
author	Andrew Arnott <andrewarnott@gmail.com>	2009-06-09 22:08:27 -0700
committer	Andrew Arnott <andrewarnott@gmail.com>	2009-06-09 22:08:27 -0700
commit	5f77f7d85cec7a50b7fcefec08283f240ba0fd10 (patch)
tree	fa6356cb472fe9a0002b7efc00f4e297a83427f9
parent	20e1ff638edac9e9522e71467ae09d60f77c91d6 (diff)
download	DotNetOpenAuth-5f77f7d85cec7a50b7fcefec08283f240ba0fd10.zip DotNetOpenAuth-5f77f7d85cec7a50b7fcefec08283f240ba0fd10.tar.gz DotNetOpenAuth-5f77f7d85cec7a50b7fcefec08283f240ba0fd10.tar.bz2