Service Provider now rejects OAuth messages from consumers that are too old to meet security requirements.

4 files changed, 22 insertions, 1 deletions

diff --git a/src/DotNetOpenAuth/OAuth/OAuthStrings.Designer.cs b/src/DotNetOpenAuth/OAuth/OAuthStrings.Designer.cs
index b9391ec..81e484f 100644
--- a/src/DotNetOpenAuth/OAuth/OAuthStrings.Designer.cs
+++ b/src/DotNetOpenAuth/OAuth/OAuthStrings.Designer.cs
@@ -115,6 +115,15 @@ namespace DotNetOpenAuth.OAuth {
         }
         
         /// <summary>
+        ///   Looks up a localized string similar to This OAuth service provider requires OAuth consumers to implement OAuth {0}, but this consumer appears to only support {1}..
+        /// </summary>
+        internal static string MinimumConsumerVersionRequirementNotMet {
+            get {
+                return ResourceManager.GetString("MinimumConsumerVersionRequirementNotMet", resourceCulture);
+            }
+        }
+        
+        /// <summary>
         ///   Looks up a localized string similar to The request URL query MUST NOT contain any OAuth Protocol Parameters..
         /// </summary>
         internal static string RequestUrlMustNotHaveOAuthParameters {
diff --git a/src/DotNetOpenAuth/OAuth/OAuthStrings.resx b/src/DotNetOpenAuth/OAuth/OAuthStrings.resx
index 0de00a3..108cf08 100644
--- a/src/DotNetOpenAuth/OAuth/OAuthStrings.resx
+++ b/src/DotNetOpenAuth/OAuth/OAuthStrings.resx
@@ -135,6 +135,9 @@
   <data name="MessageNotAllowedExtraParameters" xml:space="preserve">
     <value>The {0} message included extra data which is not allowed.</value>
   </data>
+  <data name="MinimumConsumerVersionRequirementNotMet" xml:space="preserve">
+    <value>This OAuth service provider requires OAuth consumers to implement OAuth {0}, but this consumer appears to only support {1}.</value>
+  </data>
   <data name="RequestUrlMustNotHaveOAuthParameters" xml:space="preserve">
     <value>The request URL query MUST NOT contain any OAuth Protocol Parameters.</value>
   </data>
diff --git a/src/DotNetOpenAuth/OAuth/Protocol.cs b/src/DotNetOpenAuth/OAuth/Protocol.cs
index 129433d..f535b10 100644
--- a/src/DotNetOpenAuth/OAuth/Protocol.cs
+++ b/src/DotNetOpenAuth/OAuth/Protocol.cs
@@ -62,6 +62,7 @@ namespace DotNetOpenAuth.OAuth {
 		internal static readonly Protocol V10 = new Protocol {
 			dataContractNamespace = DataContractNamespaceV10,
 			Version = new Version(1, 0),
+			ProtocolVersion = ProtocolVersion.V10,
 		};
 
 		/// <summary>
@@ -70,6 +71,7 @@ namespace DotNetOpenAuth.OAuth {
 		internal static readonly Protocol V10a = new Protocol {
 			dataContractNamespace = DataContractNamespaceV10,
 			Version = new Version(V10aVersion),
+			ProtocolVersion = ProtocolVersion.V10a,
 		};
 
 		/// <summary>
@@ -105,6 +107,11 @@ namespace DotNetOpenAuth.OAuth {
 		internal string PublishedVersion { get; private set; }
 
 		/// <summary>
+		/// Gets the <see cref="ProtocolVersion"/> enum value for the <see cref="Protocol"/> instance.
+		/// </summary>
+		internal ProtocolVersion ProtocolVersion { get; private set; }
+
+		/// <summary>
 		/// Gets the namespace to use for this version of the protocol.
 		/// </summary>
 		internal string DataContractNamespace {
diff --git a/src/DotNetOpenAuth/OAuth/ServiceProvider.cs b/src/DotNetOpenAuth/OAuth/ServiceProvider.cs
index a13d12f..d4fe85e 100644
--- a/src/DotNetOpenAuth/OAuth/ServiceProvider.cs
+++ b/src/DotNetOpenAuth/OAuth/ServiceProvider.cs
@@ -180,7 +180,9 @@ namespace DotNetOpenAuth.OAuth {
 		/// <exception cref="ProtocolException">Thrown if an unexpected OAuth message is attached to the incoming request.</exception>
 		public UnauthorizedTokenRequest ReadTokenRequest(HttpRequestInfo request) {
 			UnauthorizedTokenRequest message;
-			this.Channel.TryReadFromRequest(request, out message);
+			if (this.Channel.TryReadFromRequest(request, out message)) {
+				ErrorUtilities.VerifyProtocol(message.Version >= Protocol.Lookup(this.SecuritySettings.MinimumRequiredOAuthVersion).Version, OAuthStrings.MinimumConsumerVersionRequirementNotMet, this.SecuritySettings.MinimumRequiredOAuthVersion, message.Version);
+			}
 			return message;
 		}