diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2008-09-25 17:08:25 -0700 |
|---|---|---|
| committer | Andrew <andrewarnott@gmail.com> | 2008-09-25 17:08:25 -0700 |
| commit | 49c26eba391f16d197697281d6122b9db42b9e11 (patch) | |
| tree | 8ab74995afd1fa08302e34c604a871b9d61d0740 /src/DotNetOAuth.Test | |
| parent | 50e34bfe7224576e901efa6748598d31c36df3a5 (diff) | |
| download | DotNetOpenAuth-49c26eba391f16d197697281d6122b9db42b9e11.zip DotNetOpenAuth-49c26eba391f16d197697281d6122b9db42b9e11.tar.gz DotNetOpenAuth-49c26eba391f16d197697281d6122b9db42b9e11.tar.bz2 | |
Added check so that unauthorized request tokens cannot be exchanged for access tokens.
Diffstat (limited to 'src/DotNetOAuth.Test')
| -rw-r--r-- | src/DotNetOAuth.Test/Mocks/InMemoryTokenManager.cs | 24 | ||||
| -rw-r--r-- | src/DotNetOAuth.Test/Scenarios/AppendixScenarios.cs | 1 |
2 files changed, 25 insertions, 0 deletions
diff --git a/src/DotNetOAuth.Test/Mocks/InMemoryTokenManager.cs b/src/DotNetOAuth.Test/Mocks/InMemoryTokenManager.cs index 0454fb8..622a098 100644 --- a/src/DotNetOAuth.Test/Mocks/InMemoryTokenManager.cs +++ b/src/DotNetOAuth.Test/Mocks/InMemoryTokenManager.cs @@ -14,6 +14,7 @@ namespace DotNetOAuth.Test.Mocks { internal class InMemoryTokenManager : ITokenManager {
private Dictionary<string, string> consumersAndSecrets = new Dictionary<string, string>();
private Dictionary<string, string> tokensAndSecrets = new Dictionary<string, string>();
+ private List<string> authorizedRequestTokens = new List<string>();
#region ITokenManager Members
@@ -29,7 +30,22 @@ namespace DotNetOAuth.Test.Mocks { this.tokensAndSecrets[requestToken] = requestTokenSecret;
}
+ /// <summary>
+ /// Checks whether a given request token has already been authorized
+ /// by some user for use by the Consumer that requested it.
+ /// </summary>
+ /// <param name="requestToken">The Consumer's request token.</param>
+ /// <returns>
+ /// True if the request token has already been fully authorized by the user
+ /// who owns the relevant protected resources. False if the token has not yet
+ /// been authorized, has expired or does not exist.
+ /// </returns>
+ public bool IsRequestTokenAuthorized(string requestToken) {
+ return this.authorizedRequestTokens.Contains(requestToken);
+ }
+
public void ExpireRequestTokenAndStoreNewAccessToken(string consumerKey, string requestToken, string accessToken, string accessTokenSecret) {
+ this.authorizedRequestTokens.Remove(requestToken);
this.tokensAndSecrets.Remove(requestToken);
this.tokensAndSecrets[accessToken] = accessTokenSecret;
}
@@ -39,5 +55,13 @@ namespace DotNetOAuth.Test.Mocks { internal void AddConsumer(string key, string secret) {
this.consumersAndSecrets.Add(key, secret);
}
+
+ internal void AuthorizedRequestToken(string requestToken) {
+ if (requestToken == null) {
+ throw new ArgumentNullException("requestToken");
+ }
+
+ this.authorizedRequestTokens.Add(requestToken);
+ }
}
}
diff --git a/src/DotNetOAuth.Test/Scenarios/AppendixScenarios.cs b/src/DotNetOAuth.Test/Scenarios/AppendixScenarios.cs index aefa0ea..d5e93e9 100644 --- a/src/DotNetOAuth.Test/Scenarios/AppendixScenarios.cs +++ b/src/DotNetOAuth.Test/Scenarios/AppendixScenarios.cs @@ -41,6 +41,7 @@ namespace DotNetOAuth.Test { var requestTokenMessage = sp.ReadTokenRequest();
sp.SendUnauthorizedTokenResponse(requestTokenMessage);
var authRequest = sp.ReadAuthorizationRequest();
+ tokenManager.AuthorizedRequestToken(authRequest.RequestToken);
sp.SendAuthorizationResponse(authRequest);
var accessRequest = sp.ReadAccessTokenRequest();
sp.SendAccessToken(accessRequest);
|