Merge branch 'v3.1' into v3.2

8 files changed, 44 insertions, 7 deletions

diff --git a/src/DotNetOpenAuth/Configuration/DotNetOpenAuth.xsd b/src/DotNetOpenAuth/Configuration/DotNetOpenAuth.xsd
index 37bfb92..d2b5f14 100644
--- a/src/DotNetOpenAuth/Configuration/DotNetOpenAuth.xsd
+++ b/src/DotNetOpenAuth/Configuration/DotNetOpenAuth.xsd
@@ -636,6 +636,14 @@
 								</xs:documentation>
 							</xs:annotation>
 						</xs:attribute>
+						<xs:attribute name="cacheDiscovery" type="xs:boolean">
+							<xs:annotation>
+								<xs:documentation>
+									Whether the results of identifier discovery should be cached for a short time to improve performance
+									on subsequent requests, at the potential risk of reading stale data.
+								</xs:documentation>
+							</xs:annotation>
+						</xs:attribute>
 					</xs:complexType>
 				</xs:element>
 				<xs:element name="oauth">
diff --git a/src/DotNetOpenAuth/OAuth/ConsumerBase.cs b/src/DotNetOpenAuth/OAuth/ConsumerBase.cs
index 55b40ac..bc78c63 100644
--- a/src/DotNetOpenAuth/OAuth/ConsumerBase.cs
+++ b/src/DotNetOpenAuth/OAuth/ConsumerBase.cs
@@ -208,7 +208,7 @@ namespace DotNetOpenAuth.OAuth {
 
 			// Fine-tune our understanding of the SP's supported OAuth version if it's wrong.
 			if (this.ServiceProvider.Version != requestTokenResponse.Version) {
-				Logger.OAuth.WarnFormat("Expected OAuth service provider at endpoint {0} to use OAuth {1} but {2} was detected.  Adjusting service description to new version.", this.ServiceProvider.RequestTokenEndpoint, this.ServiceProvider.Version, requestTokenResponse.Version);
+				Logger.OAuth.WarnFormat("Expected OAuth service provider at endpoint {0} to use OAuth {1} but {2} was detected.  Adjusting service description to new version.", this.ServiceProvider.RequestTokenEndpoint.Location, this.ServiceProvider.Version, requestTokenResponse.Version);
 				this.ServiceProvider.ProtocolVersion = Protocol.Lookup(requestTokenResponse.Version).ProtocolVersion;
 			}
 
diff --git a/src/DotNetOpenAuth/OpenId/Extensions/AttributeExchange/AttributeRequest.cs b/src/DotNetOpenAuth/OpenId/Extensions/AttributeExchange/AttributeRequest.cs
index e508233..42393f5 100644
--- a/src/DotNetOpenAuth/OpenId/Extensions/AttributeExchange/AttributeRequest.cs
+++ b/src/DotNetOpenAuth/OpenId/Extensions/AttributeExchange/AttributeRequest.cs
@@ -14,6 +14,7 @@ namespace DotNetOpenAuth.OpenId.Extensions.AttributeExchange {
 	/// the Attribute Exchange extension.
 	/// </summary>
 	[Serializable]
+	[DebuggerDisplay("{TypeUri} (required: {IsRequired}) ({Count})")]
 	public class AttributeRequest {
 		/// <summary>
 		/// Backing field for the <see cref="Count"/> property.
diff --git a/src/DotNetOpenAuth/OpenId/Extensions/AttributeExchange/AttributeValues.cs b/src/DotNetOpenAuth/OpenId/Extensions/AttributeExchange/AttributeValues.cs
index e87e188..9047b68 100644
--- a/src/DotNetOpenAuth/OpenId/Extensions/AttributeExchange/AttributeValues.cs
+++ b/src/DotNetOpenAuth/OpenId/Extensions/AttributeExchange/AttributeValues.cs
@@ -7,6 +7,7 @@
 namespace DotNetOpenAuth.OpenId.Extensions.AttributeExchange {
 	using System;
 	using System.Collections.Generic;
+	using System.Diagnostics;
 	using DotNetOpenAuth.Messaging;
 
 	/// <summary>
@@ -15,6 +16,7 @@ namespace DotNetOpenAuth.OpenId.Extensions.AttributeExchange {
 	/// a fetch request, or by a relying party as part of a store request.
 	/// </summary>
 	[Serializable]
+	[DebuggerDisplay("{TypeUri}")]
 	public class AttributeValues {
 		/// <summary>
 		/// Initializes a new instance of the <see cref="AttributeValues"/> class.
diff --git a/src/DotNetOpenAuth/OpenId/Extensions/AttributeExchange/FetchRequest.cs b/src/DotNetOpenAuth/OpenId/Extensions/AttributeExchange/FetchRequest.cs
index a69e226..124a18c 100644
--- a/src/DotNetOpenAuth/OpenId/Extensions/AttributeExchange/FetchRequest.cs
+++ b/src/DotNetOpenAuth/OpenId/Extensions/AttributeExchange/FetchRequest.cs
@@ -8,6 +8,7 @@ namespace DotNetOpenAuth.OpenId.Extensions.AttributeExchange {
 	using System;
 	using System.Collections.Generic;
 	using System.Collections.ObjectModel;
+	using System.Diagnostics.Contracts;
 	using System.Globalization;
 	using System.Linq;
 	using DotNetOpenAuth.Messaging;
@@ -67,7 +68,10 @@ namespace DotNetOpenAuth.OpenId.Extensions.AttributeExchange {
 		/// <value>A collection where the keys are the attribute type URIs, and the value
 		/// is all the attribute request details.</value>
 		public KeyedCollection<string, AttributeRequest> Attributes {
-			get { return this.attributes; }
+			get {
+				Contract.Ensures(Contract.Result<KeyedCollection<string, AttributeRequest>>() != null);
+				return this.attributes;
+			}
 		}
 
 		/// <summary>
diff --git a/src/DotNetOpenAuth/OpenId/Extensions/AttributeExchange/FetchResponse.cs b/src/DotNetOpenAuth/OpenId/Extensions/AttributeExchange/FetchResponse.cs
index 758b20c..14b1caa 100644
--- a/src/DotNetOpenAuth/OpenId/Extensions/AttributeExchange/FetchResponse.cs
+++ b/src/DotNetOpenAuth/OpenId/Extensions/AttributeExchange/FetchResponse.cs
@@ -7,6 +7,7 @@
 namespace DotNetOpenAuth.OpenId.Extensions.AttributeExchange {
 	using System;
 	using System.Collections.ObjectModel;
+	using System.Diagnostics.Contracts;
 	using System.Linq;
 	using DotNetOpenAuth.Messaging;
 	using DotNetOpenAuth.OpenId.Messages;
@@ -52,7 +53,10 @@ namespace DotNetOpenAuth.OpenId.Extensions.AttributeExchange {
 		/// Gets a sequence of the attributes whose values are provided by the OpenID Provider.
 		/// </summary>
 		public KeyedCollection<string, AttributeValues> Attributes {
-			get { return this.attributesProvided; }
+			get {
+				Contract.Ensures(Contract.Result<KeyedCollection<string, AttributeValues>>() != null);
+				return this.attributesProvided;
+			}
 		}
 
 		/// <summary>
diff --git a/src/DotNetOpenAuth/OpenId/Provider/ProviderEndpoint.cs b/src/DotNetOpenAuth/OpenId/Provider/ProviderEndpoint.cs
index a0d3c61..a87b0f6 100644
--- a/src/DotNetOpenAuth/OpenId/Provider/ProviderEndpoint.cs
+++ b/src/DotNetOpenAuth/OpenId/Provider/ProviderEndpoint.cs
@@ -43,7 +43,12 @@ namespace DotNetOpenAuth.OpenId.Provider {
 		/// <summary>
 		/// Backing field for the <see cref="Provider"/> property.
 		/// </summary>
-		private static OpenIdProvider provider = CreateProvider();
+		private static OpenIdProvider provider;
+
+		/// <summary>
+		/// The lock that must be obtained when initializing the provider field.
+		/// </summary>
+		private static object providerInitializerLock = new object();
 
 		/// <summary>
 		/// Fired when an incoming OpenID request is an authentication challenge
@@ -64,6 +69,15 @@ namespace DotNetOpenAuth.OpenId.Provider {
 		/// <value>The default value is an <see cref="OpenIdProvider"/> instance initialized according to the web.config file.</value>
 		public static OpenIdProvider Provider {
 			get {
+				Contract.Ensures(Contract.Result<OpenIdProvider>() != null);
+				if (provider == null) {
+					lock (providerInitializerLock) {
+						if (provider == null) {
+							provider = CreateProvider();
+						}
+					}
+				}
+
 				return provider;
 			}
 
@@ -171,7 +185,7 @@ namespace DotNetOpenAuth.OpenId.Provider {
 				// Then try the configuration file specified one.  Finally, use the default
 				// in-memory one that's built into OpenIdProvider.
 				// determine what incoming message was received
-				IRequest request = provider.GetRequest();
+				IRequest request = Provider.GetRequest();
 				if (request != null) {
 					PendingRequest = null;
 
@@ -191,7 +205,7 @@ namespace DotNetOpenAuth.OpenId.Provider {
 						}
 					}
 					if (request.IsResponseReady) {
-						provider.SendResponse(request);
+						Provider.SendResponse(request);
 						Page.Response.End();
 						PendingAuthenticationRequest = null;
 					}
@@ -230,6 +244,7 @@ namespace DotNetOpenAuth.OpenId.Provider {
 		/// </summary>
 		/// <returns>The new instance of OpenIdProvider.</returns>
 		private static OpenIdProvider CreateProvider() {
+			Contract.Ensures(Contract.Result<OpenIdProvider>() != null);
 			return new OpenIdProvider(DotNetOpenAuthSection.Configuration.OpenId.Provider.ApplicationStore.CreateInstance(OpenIdProvider.HttpApplicationStore));
 		}
 	}
diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs
index 1fe6521..ff17410 100644
--- a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs
+++ b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs
@@ -100,7 +100,10 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 			// replay attacks.  But only 2.0+ Providers can be expected to provide 
 			// replay protection.
 			if (nonceStore == null) {
-				this.SecuritySettings.MinimumRequiredOpenIdVersion = ProtocolVersion.V20;
+				if (this.SecuritySettings.MinimumRequiredOpenIdVersion < ProtocolVersion.V20) {
+					Logger.OpenId.Warn("Raising minimum OpenID version requirement for Providers to 2.0 to protect this stateless RP from replay attacks.");
+					this.SecuritySettings.MinimumRequiredOpenIdVersion = ProtocolVersion.V20;
+				}
 			}
 
 			this.channel = new OpenIdChannel(associationStore, nonceStore, this.SecuritySettings);