OpenIdRelyingParty.EndpointFilter now consulted before successfully receiving an unsolicited positive assertion.

Fixes #118

5 files changed, 140 insertions, 2 deletions

diff --git a/src/DotNetOpenAuth/DotNetOpenAuth.csproj b/src/DotNetOpenAuth/DotNetOpenAuth.csproj
index 0c69c51..5dad6f0 100644
--- a/src/DotNetOpenAuth/DotNetOpenAuth.csproj
+++ b/src/DotNetOpenAuth/DotNetOpenAuth.csproj
@@ -448,6 +448,7 @@
     <Compile Include="OpenId\RelyingParty\RelyingPartySecuritySettings.cs" />
     <Compile Include="OpenId\RelyingParty\ServiceEndpoint.cs" />
     <Compile Include="OpenId\OpenIdXrdsHelper.cs" />
+    <Compile Include="OpenId\RelyingParty\SimpleXrdsProviderEndpoint.cs" />
     <Compile Include="OpenId\RelyingParty\StandardRelyingPartyApplicationStore.cs" />
     <Compile Include="OpenId\SecuritySettings.cs" />
     <Compile Include="Messaging\UntrustedWebRequestHandler.cs" />
diff --git a/src/DotNetOpenAuth/OpenId/OpenIdStrings.Designer.cs b/src/DotNetOpenAuth/OpenId/OpenIdStrings.Designer.cs
index 4533f4d..4c44439 100644
--- a/src/DotNetOpenAuth/OpenId/OpenIdStrings.Designer.cs
+++ b/src/DotNetOpenAuth/OpenId/OpenIdStrings.Designer.cs
@@ -1,7 +1,7 @@
 //------------------------------------------------------------------------------
 // <auto-generated>
 //     This code was generated by a tool.
-//     Runtime Version:2.0.50727.4912
+//     Runtime Version:2.0.50727.4927
 //
 //     Changes to this file may cause incorrect behavior and will be lost if
 //     the code is regenerated.
@@ -443,6 +443,15 @@ namespace DotNetOpenAuth.OpenId {
         }
         
         /// <summary>
+        ///   Looks up a localized string similar to An positive OpenID assertion was received from OP endpoint {0} that is not on this relying party&apos;s whitelist..
+        /// </summary>
+        internal static string PositiveAssertionFromNonWhitelistedProvider {
+            get {
+                return ResourceManager.GetString("PositiveAssertionFromNonWhitelistedProvider", resourceCulture);
+            }
+        }
+        
+        /// <summary>
         ///   Looks up a localized string similar to Unable to find the signing secret by the handle &apos;{0}&apos;..
         /// </summary>
         internal static string PrivateRPSecretNotFound {
diff --git a/src/DotNetOpenAuth/OpenId/OpenIdStrings.resx b/src/DotNetOpenAuth/OpenId/OpenIdStrings.resx
index 5a84f32..0cc193b 100644
--- a/src/DotNetOpenAuth/OpenId/OpenIdStrings.resx
+++ b/src/DotNetOpenAuth/OpenId/OpenIdStrings.resx
@@ -304,4 +304,7 @@ Discovered endpoint info:
   <data name="RequireSslNotSatisfiedByAssertedClaimedId" xml:space="preserve">
     <value>Sorry.  This site only accepts OpenIDs that are HTTPS-secured, but {0} is not a secure Identifier.</value>
   </data>
-</root>
+  <data name="PositiveAssertionFromNonWhitelistedProvider" xml:space="preserve">
+    <value>An positive OpenID assertion was received from OP endpoint {0} that is not on this relying party's whitelist.</value>
+  </data>
+</root>
\ No newline at end of file
diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs
index 042dfcd..7efa60c 100644
--- a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs
+++ b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs
@@ -344,6 +344,16 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 				PositiveAssertionResponse positiveAssertion;
 				NegativeAssertionResponse negativeAssertion;
 				if ((positiveAssertion = message as PositiveAssertionResponse) != null) {
+					if (this.EndpointFilter != null) {
+						// We need to make sure that this assertion is coming from an endpoint
+						// that the host deems acceptable.
+						var providerEndpoint = new SimpleXrdsProviderEndpoint(positiveAssertion);
+						ErrorUtilities.VerifyProtocol(
+							this.EndpointFilter(providerEndpoint),
+							OpenIdStrings.PositiveAssertionFromNonWhitelistedProvider,
+							providerEndpoint.Uri);
+					}
+
 					return new PositiveAuthenticationResponse(positiveAssertion, this);
 				} else if ((negativeAssertion = message as NegativeAssertionResponse) != null) {
 					return new NegativeAuthenticationResponse(negativeAssertion);
diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/SimpleXrdsProviderEndpoint.cs b/src/DotNetOpenAuth/OpenId/RelyingParty/SimpleXrdsProviderEndpoint.cs
new file mode 100644
index 0000000..912b8f4
--- /dev/null
+++ b/src/DotNetOpenAuth/OpenId/RelyingParty/SimpleXrdsProviderEndpoint.cs
@@ -0,0 +1,115 @@
+//-----------------------------------------------------------------------
+// <copyright file="SimpleXrdsProviderEndpoint.cs" company="Andrew Arnott">
+//     Copyright (c) Andrew Arnott. All rights reserved.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace DotNetOpenAuth.OpenId.RelyingParty {
+	using System;
+	using DotNetOpenAuth.OpenId.Messages;
+
+	/// <summary>
+	/// A very simple IXrdsProviderEndpoint implementation for verifying that all positive
+	/// assertions (particularly unsolicited ones) are received from OP endpoints that
+	/// are deemed permissible by the host RP.
+	/// </summary>
+	internal class SimpleXrdsProviderEndpoint : IXrdsProviderEndpoint {
+		/// <summary>
+		/// Initializes a new instance of the <see cref="SimpleXrdsProviderEndpoint"/> class.
+		/// </summary>
+		/// <param name="positiveAssertion">The positive assertion.</param>
+		internal SimpleXrdsProviderEndpoint(PositiveAssertionResponse positiveAssertion) {
+			this.Uri = positiveAssertion.ProviderEndpoint;
+			this.Version = positiveAssertion.Version;
+		}
+
+		#region IXrdsProviderEndpoint Properties
+
+		/// <summary>
+		/// Gets the priority associated with this service that may have been given
+		/// in the XRDS document.
+		/// </summary>
+		public int? ServicePriority {
+			get { return null; }
+		}
+
+		/// <summary>
+		/// Gets the priority associated with the service endpoint URL.
+		/// </summary>
+		/// <remarks>
+		/// When sorting by priority, this property should be considered second after
+		/// <see cref="ServicePriority"/>.
+		/// </remarks>
+		public int? UriPriority {
+			get { return null; }
+		}
+
+		#endregion
+
+		#region IProviderEndpoint Members
+
+		/// <summary>
+		/// Gets the detected version of OpenID implemented by the Provider.
+		/// </summary>
+		public Version Version { get; private set; }
+
+		/// <summary>
+		/// Gets the URL that the OpenID Provider receives authentication requests at.
+		/// </summary>
+		/// <value></value>
+		public Uri Uri { get; private set; }
+
+		/// <summary>
+		/// Checks whether the OpenId Identifier claims support for a given extension.
+		/// </summary>
+		/// <typeparam name="T">The extension whose support is being queried.</typeparam>
+		/// <returns>
+		/// True if support for the extension is advertised.  False otherwise.
+		/// </returns>
+		/// <remarks>
+		/// Note that a true or false return value is no guarantee of a Provider's
+		/// support for or lack of support for an extension.  The return value is
+		/// determined by how the authenticating user filled out his/her XRDS document only.
+		/// The only way to be sure of support for a given extension is to include
+		/// the extension in the request and see if a response comes back for that extension.
+		/// </remarks>
+		public bool IsExtensionSupported<T>() where T : DotNetOpenAuth.OpenId.Messages.IOpenIdMessageExtension, new() {
+			throw new NotSupportedException();
+		}
+
+		/// <summary>
+		/// Checks whether the OpenId Identifier claims support for a given extension.
+		/// </summary>
+		/// <param name="extensionType">The extension whose support is being queried.</param>
+		/// <returns>
+		/// True if support for the extension is advertised.  False otherwise.
+		/// </returns>
+		/// <remarks>
+		/// Note that a true or false return value is no guarantee of a Provider's
+		/// support for or lack of support for an extension.  The return value is
+		/// determined by how the authenticating user filled out his/her XRDS document only.
+		/// The only way to be sure of support for a given extension is to include
+		/// the extension in the request and see if a response comes back for that extension.
+		/// </remarks>
+		public bool IsExtensionSupported(Type extensionType) {
+			throw new NotSupportedException();
+		}
+
+		#endregion
+
+		#region IXrdsProviderEndpoint Methods
+
+		/// <summary>
+		/// Checks for the presence of a given Type URI in an XRDS service.
+		/// </summary>
+		/// <param name="typeUri">The type URI to check for.</param>
+		/// <returns>
+		/// 	<c>true</c> if the service type uri is present; <c>false</c> otherwise.
+		/// </returns>
+		public bool IsTypeUriPresent(string typeUri) {
+			throw new NotSupportedException();
+		}
+
+		#endregion
+	}
+}