diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2008-09-25 17:08:25 -0700 |
|---|---|---|
| committer | Andrew <andrewarnott@gmail.com> | 2008-09-25 17:08:25 -0700 |
| commit | 49c26eba391f16d197697281d6122b9db42b9e11 (patch) | |
| tree | 8ab74995afd1fa08302e34c604a871b9d61d0740 /src/DotNetOAuth/ServiceProvider.cs | |
| parent | 50e34bfe7224576e901efa6748598d31c36df3a5 (diff) | |
| download | DotNetOpenAuth-49c26eba391f16d197697281d6122b9db42b9e11.zip DotNetOpenAuth-49c26eba391f16d197697281d6122b9db42b9e11.tar.gz DotNetOpenAuth-49c26eba391f16d197697281d6122b9db42b9e11.tar.bz2 | |
Added check so that unauthorized request tokens cannot be exchanged for access tokens.
Diffstat (limited to 'src/DotNetOAuth/ServiceProvider.cs')
| -rw-r--r-- | src/DotNetOAuth/ServiceProvider.cs | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/src/DotNetOAuth/ServiceProvider.cs b/src/DotNetOAuth/ServiceProvider.cs index 6b87079..a6ed9e0 100644 --- a/src/DotNetOAuth/ServiceProvider.cs +++ b/src/DotNetOAuth/ServiceProvider.cs @@ -6,6 +6,7 @@ namespace DotNetOAuth {
using System;
+ using System.Globalization;
using System.Web;
using DotNetOAuth.ChannelElements;
using DotNetOAuth.Messages;
@@ -127,6 +128,14 @@ namespace DotNetOAuth { }
internal void SendAccessToken(RequestAccessTokenMessage request) {
+ if (!this.TokenManager.IsRequestTokenAuthorized(request.RequestToken)) {
+ throw new ProtocolException(
+ string.Format(
+ CultureInfo.CurrentCulture,
+ Strings.AccessTokenNotAuthorized,
+ request.RequestToken));
+ }
+
string accessToken = this.TokenGenerator.GenerateAccessToken(request.ConsumerKey);
string tokenSecret = this.TokenGenerator.GenerateSecret();
this.TokenManager.ExpireRequestTokenAndStoreNewAccessToken(request.ConsumerKey, request.RequestToken, accessToken, tokenSecret);
|