diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2012-03-08 20:21:24 -0800 |
|---|---|---|
| committer | Andrew Arnott <andrewarnott@gmail.com> | 2012-03-08 20:21:24 -0800 |
| commit | 0c3d7d0b7da295a6cc875a686afb673f36f981c5 (patch) | |
| tree | 48827817b98e2119921d3406778d71b7a8337671 /src/DotNetOpenAuth.OAuth2.Client/OAuth2/WebServerClient.cs | |
| parent | adad8ced8fc37ead73b1dc9ace246066103911fb (diff) | |
| download | DotNetOpenAuth-0c3d7d0b7da295a6cc875a686afb673f36f981c5.zip DotNetOpenAuth-0c3d7d0b7da295a6cc875a686afb673f36f981c5.tar.gz DotNetOpenAuth-0c3d7d0b7da295a6cc875a686afb673f36f981c5.tar.bz2 | |
Fixed NullReferenceException causing a unit test failure.
Diffstat (limited to 'src/DotNetOpenAuth.OAuth2.Client/OAuth2/WebServerClient.cs')
| -rw-r--r-- | src/DotNetOpenAuth.OAuth2.Client/OAuth2/WebServerClient.cs | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/WebServerClient.cs b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/WebServerClient.cs index 42fa62b..cb25733 100644 --- a/src/DotNetOpenAuth.OAuth2.Client/OAuth2/WebServerClient.cs +++ b/src/DotNetOpenAuth.OAuth2.Client/OAuth2/WebServerClient.cs @@ -89,7 +89,11 @@ namespace DotNetOpenAuth.OAuth2 { // If the host is implementing the authorization tracker though, they're handling this protection themselves. if (this.AuthorizationTracker == null) { var context = this.Channel.GetHttpContext(); - request.ClientState = context.Session.SessionID; + if (context.Session != null) { + request.ClientState = context.Session.SessionID; + } else { + Logger.OAuth.WarnFormat("No request context discovered, so no client state parameter could be set to mitigate XSRF attacks."); + } } return this.Channel.PrepareResponse(request); @@ -117,7 +121,12 @@ namespace DotNetOpenAuth.OAuth2 { ErrorUtilities.VerifyProtocol(authorizationState != null, OAuth2Strings.AuthorizationResponseUnexpectedMismatch); } else { var context = this.Channel.GetHttpContext(); - ErrorUtilities.VerifyProtocol(String.Equals(response.ClientState, context.Session.SessionID, StringComparison.Ordinal), OAuth2Strings.AuthorizationResponseUnexpectedMismatch); + if (context.Session != null) { + ErrorUtilities.VerifyProtocol(String.Equals(response.ClientState, context.Session.SessionID, StringComparison.Ordinal), OAuth2Strings.AuthorizationResponseUnexpectedMismatch); + } else { + Logger.OAuth.WarnFormat("No request context discovered, so no client state parameter could be checked to mitigate XSRF attacks."); + } + authorizationState = new AuthorizationState { Callback = callback }; } var success = response as EndUserAuthorizationSuccessAuthCodeResponse; |