diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2012-04-05 17:25:47 -0700 |
|---|---|---|
| committer | Andrew Arnott <andrewarnott@gmail.com> | 2012-04-05 17:25:47 -0700 |
| commit | 16484ccebc862403f4a6dd77770bd7f30f2b0225 (patch) | |
| tree | 87cbec848891e44100e8f2119701004740e993a9 /src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ResourceServer.cs | |
| parent | f8931a0317a30a74ab2341e1215138a6e8070bf3 (diff) | |
| parent | 2a67db4f550ecdb86e9adb05fb46b42650a375c0 (diff) | |
| download | DotNetOpenAuth-16484ccebc862403f4a6dd77770bd7f30f2b0225.zip DotNetOpenAuth-16484ccebc862403f4a6dd77770bd7f30f2b0225.tar.gz DotNetOpenAuth-16484ccebc862403f4a6dd77770bd7f30f2b0225.tar.bz2 | |
Merge branch 'v4.0'
Conflicts:
src/DotNetOpenAuth.OAuth2.Client/DotNetOpenAuth.OAuth2.Client.csproj
src/DotNetOpenAuth.OAuth2.ResourceServer/DotNetOpenAuth.OAuth2.ResourceServer.csproj
src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ResourceServer.cs
Diffstat (limited to 'src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ResourceServer.cs')
| -rw-r--r-- | src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ResourceServer.cs | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ResourceServer.cs b/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ResourceServer.cs index c2e48b8..9540d10 100644 --- a/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ResourceServer.cs +++ b/src/DotNetOpenAuth.OAuth2.ResourceServer/OAuth2/ResourceServer.cs @@ -93,12 +93,12 @@ namespace DotNetOpenAuth.OAuth2 { ErrorUtilities.VerifyHost(accessToken != null, "IAccessTokenAnalyzer.DeserializeAccessToken returned a null reslut."); if (string.IsNullOrEmpty(accessToken.User) && string.IsNullOrEmpty(accessToken.ClientIdentifier)) { Logger.OAuth.Error("Access token rejected because both the username and client id properties were null or empty."); - ErrorUtilities.ThrowProtocol(OAuth2Strings.InvalidAccessToken); + ErrorUtilities.ThrowProtocol(ResourceServerStrings.InvalidAccessToken); } return null; } else { - var response = new UnauthorizedResponse(new ProtocolException(OAuth2Strings.MissingAccessToken)); + var response = new UnauthorizedResponse(new ProtocolException(ResourceServerStrings.MissingAccessToken)); accessToken = null; return this.Channel.PrepareResponse(response); @@ -126,8 +126,8 @@ namespace DotNetOpenAuth.OAuth2 { if (result == null) { // Mitigates attacks on this approach of differentiating clients from resource owners // by checking that a username doesn't look suspiciously engineered to appear like the other type. - ErrorUtilities.VerifyProtocol(accessToken.User == null || string.IsNullOrEmpty(this.ClientPrincipalPrefix) || !accessToken.User.StartsWith(this.ClientPrincipalPrefix, StringComparison.OrdinalIgnoreCase), OAuth2Strings.ResourceOwnerNameLooksLikeClientIdentifier); - ErrorUtilities.VerifyProtocol(accessToken.ClientIdentifier == null || string.IsNullOrEmpty(this.ResourceOwnerPrincipalPrefix) || !accessToken.ClientIdentifier.StartsWith(this.ResourceOwnerPrincipalPrefix, StringComparison.OrdinalIgnoreCase), OAuth2Strings.ClientIdentifierLooksLikeResourceOwnerName); + ErrorUtilities.VerifyProtocol(accessToken.User == null || string.IsNullOrEmpty(this.ClientPrincipalPrefix) || !accessToken.User.StartsWith(this.ClientPrincipalPrefix, StringComparison.OrdinalIgnoreCase), ResourceServerStrings.ResourceOwnerNameLooksLikeClientIdentifier); + ErrorUtilities.VerifyProtocol(accessToken.ClientIdentifier == null || string.IsNullOrEmpty(this.ResourceOwnerPrincipalPrefix) || !accessToken.ClientIdentifier.StartsWith(this.ResourceOwnerPrincipalPrefix, StringComparison.OrdinalIgnoreCase), ResourceServerStrings.ClientIdentifierLooksLikeResourceOwnerName); string principalUserName = !string.IsNullOrEmpty(accessToken.User) ? this.ResourceOwnerPrincipalPrefix + accessToken.User |