diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2009-12-01 22:20:40 -0800 |
|---|---|---|
| committer | Andrew Arnott <andrewarnott@gmail.com> | 2009-12-01 22:20:40 -0800 |
| commit | 979eaae1722e8c65a7c6b366892f96a1e1d2b34b (patch) | |
| tree | 46fa083a164910162f95612fc9a0475061670de2 | |
| parent | 174eedd845a6ff6deeb1ad05c79bb6f80390e9ce (diff) | |
| download | DotNetOpenAuth-979eaae1722e8c65a7c6b366892f96a1e1d2b34b.zip DotNetOpenAuth-979eaae1722e8c65a7c6b366892f96a1e1d2b34b.tar.gz DotNetOpenAuth-979eaae1722e8c65a7c6b366892f96a1e1d2b34b.tar.bz2 | |
Fixed a couple of bugs that were causing too many auth requests to be generated, and OPs with buggy association code to be attempted multiple times.
| -rw-r--r-- | src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs | 5 | ||||
| -rw-r--r-- | src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingPartyControlBase.cs | 9 |
2 files changed, 12 insertions, 2 deletions
diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs index bdf6c5b..b00ee65 100644 --- a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs +++ b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs @@ -406,7 +406,10 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { Contract.Requires<ArgumentNullException>(userSuppliedIdentifier != null); Contract.Requires<ArgumentNullException>(realm != null); Contract.Ensures(Contract.Result<IEnumerable<IAuthenticationRequest>>() != null); - Contract.Ensures(Contract.ForAll(Contract.Result<IEnumerable<IAuthenticationRequest>>(), el => el != null)); + + // This next code contract is a BAD idea, because it causes each authentication request to be generated + // at least an extra time. + ////Contract.Ensures(Contract.ForAll(Contract.Result<IEnumerable<IAuthenticationRequest>>(), el => el != null)); // Build the return_to URL UriBuilder returnTo = new UriBuilder(this.Channel.GetRequestFromContext().UrlBeforeRewriting); diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingPartyControlBase.cs b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingPartyControlBase.cs index 4cf2648..09fcbcb 100644 --- a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingPartyControlBase.cs +++ b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingPartyControlBase.cs @@ -943,7 +943,14 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { req.SetUntrustedCallbackArgument(ReturnToReceivingControlId, this.ClientID); } - ((AuthenticationRequest)req).AssociationPreference = this.AssociationPreference; + // Apply the control's association preference to this auth request, but only if + // it is less demanding (greater ordinal value) than the existing one. + // That way, we protect against retrying an association that was already attempted. + var authReq = ((AuthenticationRequest)req); + if (authReq.AssociationPreference < this.AssociationPreference) { + authReq.AssociationPreference = this.AssociationPreference; + } + if (this.OnLoggingIn(req)) { yield return req; } |