Extended IProviderBehavior to be able to force certain Provider-wide security settings.

4 files changed, 51 insertions, 1 deletions

diff --git a/src/DotNetOpenAuth/OpenId/Behaviors/AXFetchAsSregTransform.cs b/src/DotNetOpenAuth/OpenId/Behaviors/AXFetchAsSregTransform.cs
index f895a27..1c124d8 100644
--- a/src/DotNetOpenAuth/OpenId/Behaviors/AXFetchAsSregTransform.cs
+++ b/src/DotNetOpenAuth/OpenId/Behaviors/AXFetchAsSregTransform.cs
@@ -82,6 +82,19 @@ namespace DotNetOpenAuth.OpenId.Behaviors {
 		#region IProviderBehavior Members
 
 		/// <summary>
+		/// Applies a well known set of security requirements to a default set of security settings.
+		/// </summary>
+		/// <param name="securitySettings">The security settings to enhance with the requirements of this profile.</param>
+		/// <remarks>
+		/// Care should be taken to never decrease security when applying a profile.
+		/// Profiles should only enhance security requirements to avoid being
+		/// incompatible with each other.
+		/// </remarks>
+		void IProviderBehavior.ApplySecuritySettings(ProviderSecuritySettings securitySettings) {
+			// Nothing to do here.
+		}
+
+		/// <summary>
 		/// Called when a request is received by the Provider.
 		/// </summary>
 		/// <param name="request">The incoming request.</param>
diff --git a/src/DotNetOpenAuth/OpenId/Behaviors/PpidGeneration.cs b/src/DotNetOpenAuth/OpenId/Behaviors/PpidGeneration.cs
index befc138..b9a3dfc 100644
--- a/src/DotNetOpenAuth/OpenId/Behaviors/PpidGeneration.cs
+++ b/src/DotNetOpenAuth/OpenId/Behaviors/PpidGeneration.cs
@@ -32,6 +32,19 @@ namespace DotNetOpenAuth.OpenId.Behaviors {
 		#region IProviderBehavior Members
 
 		/// <summary>
+		/// Applies a well known set of security requirements to a default set of security settings.
+		/// </summary>
+		/// <param name="securitySettings">The security settings to enhance with the requirements of this profile.</param>
+		/// <remarks>
+		/// Care should be taken to never decrease security when applying a profile.
+		/// Profiles should only enhance security requirements to avoid being
+		/// incompatible with each other.
+		/// </remarks>
+		void IProviderBehavior.ApplySecuritySettings(ProviderSecuritySettings securitySettings) {
+			// No special security to apply here.
+		}
+
+		/// <summary>
 		/// Called when a request is received by the Provider.
 		/// </summary>
 		/// <param name="request">The incoming request.</param>
diff --git a/src/DotNetOpenAuth/OpenId/Provider/IProviderBehavior.cs b/src/DotNetOpenAuth/OpenId/Provider/IProviderBehavior.cs
index 7159c02..48d40d4 100644
--- a/src/DotNetOpenAuth/OpenId/Provider/IProviderBehavior.cs
+++ b/src/DotNetOpenAuth/OpenId/Provider/IProviderBehavior.cs
@@ -16,6 +16,17 @@ namespace DotNetOpenAuth.OpenId.Provider {
 	/// </remarks>
 	internal interface IProviderBehavior {
 		/// <summary>
+		/// Applies a well known set of security requirements to a default set of security settings.
+		/// </summary>
+		/// <param name="securitySettings">The security settings to enhance with the requirements of this profile.</param>
+		/// <remarks>
+		/// Care should be taken to never decrease security when applying a profile.
+		/// Profiles should only enhance security requirements to avoid being
+		/// incompatible with each other.
+		/// </remarks>
+		void ApplySecuritySettings(ProviderSecuritySettings securitySettings);
+
+		/// <summary>
 		/// Called when a request is received by the Provider.
 		/// </summary>
 		/// <param name="request">The incoming request.</param>
diff --git a/src/DotNetOpenAuth/OpenId/Provider/OpenIdProvider.cs b/src/DotNetOpenAuth/OpenId/Provider/OpenIdProvider.cs
index fa40d9f..0f81c8f 100644
--- a/src/DotNetOpenAuth/OpenId/Provider/OpenIdProvider.cs
+++ b/src/DotNetOpenAuth/OpenId/Provider/OpenIdProvider.cs
@@ -8,6 +8,7 @@ namespace DotNetOpenAuth.OpenId.Provider {
 	using System;
 	using System.Collections.Generic;
 	using System.Collections.ObjectModel;
+	using System.Collections.Specialized;
 	using System.ComponentModel;
 	using System.Diagnostics.CodeAnalysis;
 	using System.Diagnostics.Contracts;
@@ -34,7 +35,7 @@ namespace DotNetOpenAuth.OpenId.Provider {
 		/// <summary>
 		/// Backing store for the <see cref="Behaviors"/> property.
 		/// </summary>
-		private readonly Collection<IProviderBehavior> behaviors = new Collection<IProviderBehavior>();
+		private readonly ObservableCollection<IProviderBehavior> behaviors = new ObservableCollection<IProviderBehavior>();
 
 		/// <summary>
 		/// Backing field for the <see cref="SecuritySettings"/> property.
@@ -79,6 +80,7 @@ namespace DotNetOpenAuth.OpenId.Provider {
 
 			this.AssociationStore = associationStore;
 			this.SecuritySettings = DotNetOpenAuthSection.Configuration.OpenId.Provider.SecuritySettings.CreateSecuritySettings();
+			this.behaviors.CollectionChanged += this.OnBehaviorsChanged;
 			foreach (var behavior in DotNetOpenAuthSection.Configuration.OpenId.Provider.Behaviors.CreateInstances(false)) {
 				this.behaviors.Add(behavior);
 			}
@@ -504,5 +506,16 @@ namespace DotNetOpenAuth.OpenId.Provider {
 				return new AutoResponsiveRequest(errorMessage, this.SecuritySettings);
 			}
 		}
+
+		/// <summary>
+		/// Called by derived classes when behaviors are added or removed.
+		/// </summary>
+		/// <param name="sender">The collection being modified.</param>
+		/// <param name="e">The <see cref="System.Collections.Specialized.NotifyCollectionChangedEventArgs"/> instance containing the event data.</param>
+		private void OnBehaviorsChanged(object sender, NotifyCollectionChangedEventArgs e) {
+			foreach (IProviderBehavior profile in e.NewItems) {
+				profile.ApplySecuritySettings(this.SecuritySettings);
+			}
+		}
 	}
 }