diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2012-12-24 15:22:26 -0800 |
|---|---|---|
| committer | Andrew Arnott <andrewarnott@gmail.com> | 2012-12-24 15:22:26 -0800 |
| commit | edfa728182604ab7782a174ba3f6731f039df1b8 (patch) | |
| tree | ac75f725208bcc81ee709c658870023426fc458c /src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2 | |
| parent | dd44e2f0be06168911d3e8aefbe2f10eb4c8fd99 (diff) | |
| download | DotNetOpenAuth-edfa728182604ab7782a174ba3f6731f039df1b8.zip DotNetOpenAuth-edfa728182604ab7782a174ba3f6731f039df1b8.tar.gz DotNetOpenAuth-edfa728182604ab7782a174ba3f6731f039df1b8.tar.bz2 | |
CreateAccessToken reveals username to host
IAuthorizationServerHost.CreateAccessToken now has access to authoring
usernames.
Fixes #219
Diffstat (limited to 'src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2')
4 files changed, 52 insertions, 2 deletions
diff --git a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/AccessTokenRequestBase.cs b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/AccessTokenRequestBase.cs index 9ab6837..e405a85 100644 --- a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/AccessTokenRequestBase.cs +++ b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/AccessTokenRequestBase.cs @@ -48,6 +48,23 @@ namespace DotNetOpenAuth.OAuth2.Messages { IAccessTokenResult IAccessTokenRequestInternal.AccessTokenResult { get; set; } /// <summary> + /// Gets the username of the authorizing user, when applicable. + /// </summary> + /// <value> + /// A non-empty string; or <c>null</c> when no user has authorized this access token. + /// </value> + public virtual string UserName { + get { + IAccessTokenRequestInternal request = this; + if (request.AccessTokenResult != null && request.AccessTokenResult.AccessToken != null) { + return request.AccessTokenResult.AccessToken.User; + } + + return null; + } + } + + /// <summary> /// Gets the type of the grant. /// </summary> /// <value>The type of the grant.</value> diff --git a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/AccessTokenResourceOwnerPasswordCredentialsRequest.cs b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/AccessTokenResourceOwnerPasswordCredentialsRequest.cs index 52e65be..02859e1 100644 --- a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/AccessTokenResourceOwnerPasswordCredentialsRequest.cs +++ b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/AccessTokenResourceOwnerPasswordCredentialsRequest.cs @@ -51,7 +51,7 @@ namespace DotNetOpenAuth.OAuth2.Messages { /// Gets the name on the account whose data on the resource server is accessible using this authorization. /// </summary> string IAuthorizationDescription.User { - get { return this.UserName; } + get { return this.RequestingUserName; } } /// <summary> @@ -64,6 +64,16 @@ namespace DotNetOpenAuth.OAuth2.Messages { #endregion /// <summary> + /// Gets the username of the authorizing user, when applicable. + /// </summary> + /// <value> + /// A non-empty string; or <c>null</c> when no user has authorized this access token. + /// </value> + public override string UserName { + get { return base.UserName ?? this.RequestingUserName; } + } + + /// <summary> /// Gets the type of the grant. /// </summary> /// <value>The type of the grant.</value> @@ -76,7 +86,7 @@ namespace DotNetOpenAuth.OAuth2.Messages { /// </summary> /// <value>The username on the user's account.</value> [MessagePart(Protocol.username, IsRequired = true)] - internal string UserName { get; set; } + internal string RequestingUserName { get; set; } /// <summary> /// Gets or sets the user's password. diff --git a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/EndUserAuthorizationImplicitRequest.cs b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/EndUserAuthorizationImplicitRequest.cs index 8932cd3..6f7ba7d 100644 --- a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/EndUserAuthorizationImplicitRequest.cs +++ b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/EndUserAuthorizationImplicitRequest.cs @@ -48,6 +48,23 @@ namespace DotNetOpenAuth.OAuth2.Messages { IAccessTokenResult IAccessTokenRequestInternal.AccessTokenResult { get; set; } /// <summary> + /// Gets the username of the authorizing user, when applicable. + /// </summary> + /// <value> + /// A non-empty string; or <c>null</c> when no user has authorized this access token. + /// </value> + string IAccessTokenRequest.UserName { + get { + IAccessTokenRequestInternal request = this; + if (request.AccessTokenResult != null && request.AccessTokenResult.AccessToken != null) { + return request.AccessTokenResult.AccessToken.User; + } + + return null; + } + } + + /// <summary> /// Gets a value indicating whether the client requesting the access token has authenticated itself. /// </summary> /// <value> diff --git a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/IAccessTokenRequest.cs b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/IAccessTokenRequest.cs index 65378f9..81acb77 100644 --- a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/IAccessTokenRequest.cs +++ b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/IAccessTokenRequest.cs @@ -30,6 +30,12 @@ namespace DotNetOpenAuth.OAuth2.Messages { string ClientIdentifier { get; } /// <summary> + /// Gets the username of the authorizing user, when applicable. + /// </summary> + /// <value>A non-empty string; or <c>null</c> when no user has authorized this access token.</value> + string UserName { get; } + + /// <summary> /// Gets the scope of operations the client is allowed to invoke. /// </summary> HashSet<string> Scope { get; } |