Fixed auth response extension javascript handling.

5 files changed, 26 insertions, 30 deletions

diff --git a/src/DotNetOpenAuth/Messaging/MessagingUtilities.cs b/src/DotNetOpenAuth/Messaging/MessagingUtilities.cs
index c9d5e8f..62a4f64 100644
--- a/src/DotNetOpenAuth/Messaging/MessagingUtilities.cs
+++ b/src/DotNetOpenAuth/Messaging/MessagingUtilities.cs
@@ -796,15 +796,16 @@ namespace DotNetOpenAuth.Messaging {
 		/// on the user agent when assigned to a variable.
 		/// </summary>
 		/// <param name="namesAndValues">The untrusted names and untrusted values to inject into the JSON object.</param>
+		/// <param name="valuesPreEncoded">if set to <c>true</c> the values will NOT be escaped as if it were a pure string.</param>
 		/// <returns>The Javascript JSON object as a string.</returns>
-		internal static string CreateJsonObject(IEnumerable<KeyValuePair<string, string>> namesAndValues) {
+		internal static string CreateJsonObject(IEnumerable<KeyValuePair<string, string>> namesAndValues, bool valuesPreEncoded) {
 			StringBuilder builder = new StringBuilder();
 			builder.Append("{ ");
 
 			foreach (var pair in namesAndValues) {
 				builder.Append(MessagingUtilities.GetSafeJavascriptValue(pair.Key));
 				builder.Append(": ");
-				builder.Append(MessagingUtilities.GetSafeJavascriptValue(pair.Value));
+				builder.Append(valuesPreEncoded ? pair.Value : MessagingUtilities.GetSafeJavascriptValue(pair.Value));
 				builder.Append(",");
 			}
 
diff --git a/src/DotNetOpenAuth/OpenId/Extensions/SimpleRegistration/ClaimsResponse.cs b/src/DotNetOpenAuth/OpenId/Extensions/SimpleRegistration/ClaimsResponse.cs
index a58c754..a5cea00 100644
--- a/src/DotNetOpenAuth/OpenId/Extensions/SimpleRegistration/ClaimsResponse.cs
+++ b/src/DotNetOpenAuth/OpenId/Extensions/SimpleRegistration/ClaimsResponse.cs
@@ -316,7 +316,7 @@ namespace DotNetOpenAuth.OpenId.Extensions.SimpleRegistration {
 			sreg[Constants.language] = this.Language;
 			sreg[Constants.timezone] = this.TimeZone;
 
-			return MessagingUtilities.CreateJsonObject(sreg);
+			return MessagingUtilities.CreateJsonObject(sreg, false);
 		}
 
 		#endregion
diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdAjaxTextBox.js b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdAjaxTextBox.js
index 44e4ff5..4f5a471 100644
--- a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdAjaxTextBox.js
+++ b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdAjaxTextBox.js
@@ -349,13 +349,13 @@ function initAjaxOpenId(box, openid_logo_url, dotnetopenid_logo_url, spinner_url
 		box.dnoi_internal.setVisualCue('setup');
 	};
 
-	box.dnoi_internal.onAuthSuccess = function(discoveryResult, respondingEndpoint) {
+	box.dnoi_internal.onAuthSuccess = function(discoveryResult, respondingEndpoint, extensionResponses) {
 		// visual cue that auth was successful
 		var parsedPositiveAssertion = new window.dnoa_internal.PositiveAssertion(discoveryResult.successAuthData);
 		box.dnoi_internal.claimedIdentifier = parsedPositiveAssertion.claimedIdentifier;
 		box.dnoi_internal.setVisualCue('authenticated', parsedPositiveAssertion.endpoint, parsedPositiveAssertion.claimedIdentifier);
 		if (box.dnoi_internal.onauthenticated) {
-			box.dnoi_internal.onauthenticated(box);
+			box.dnoi_internal.onauthenticated(box, extensionResponses);
 		}
 
 		if (box.dnoi_internal.submitPending) {
diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingPartyAjaxControlBase.cs b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingPartyAjaxControlBase.cs
index 6b4717b..504bd62 100644
--- a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingPartyAjaxControlBase.cs
+++ b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingPartyAjaxControlBase.cs
@@ -385,11 +385,12 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		/// </summary>
 		protected override void ScriptClosingPopupOrIFrame() {
 			Logger.OpenId.InfoFormat("AJAX (iframe) callback from OP: {0}", this.Page.Request.Url);
-			List<string> assignments = new List<string>();
+			string extensionsJson = null;
 
 			var authResponse = RelyingPartyNonVerifying.GetResponse();
 			if (authResponse.Status == AuthenticationStatus.Authenticated) {
 				this.OnUnconfirmedPositiveAssertion(); // event handler will fill the clientScriptExtensions collection.
+				var extensionsDictionary = new Dictionary<string, string>();
 				foreach (var pair in this.clientScriptExtensions) {
 					IClientScriptExtensionResponse extension = (IClientScriptExtensionResponse)authResponse.GetExtension(pair.Key);
 					if (extension == null) {
@@ -397,11 +398,12 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 					}
 					var positiveResponse = (PositiveAuthenticationResponse)authResponse;
 					string js = extension.InitializeJavaScriptData(positiveResponse.Response);
-					if (string.IsNullOrEmpty(js)) {
-						js = "null";
+					if (!string.IsNullOrEmpty(js)) {
+						extensionsDictionary[pair.Value] = js;
 					}
-					assignments.Add(pair.Value + " = " + js);
 				}
+
+				extensionsJson = MessagingUtilities.CreateJsonObject(extensionsDictionary, true);
 			}
 
 			string payload = "document.URL";
@@ -414,7 +416,12 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 				payloadUri.AppendQueryArgs(Page.Request.Form.ToDictionary());
 				payload = MessagingUtilities.GetSafeJavascriptValue(payloadUri.Uri.AbsoluteUri);
 			}
-			this.CallbackUserAgentMethod("dnoa_internal.processAuthorizationResult(" + payload + ")", assignments.ToArray());
+
+			if (!string.IsNullOrEmpty(extensionsJson)) {
+				payload += ", " + extensionsJson;
+			}
+
+			this.CallbackUserAgentMethod("dnoa_internal.processAuthorizationResult(" + payload + ")");
 		}
 
 		/// <summary>
@@ -490,27 +497,11 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
 		/// <param name="methodCall">The method to call on the OpenIdAjaxTextBox, including
 		/// parameters.  (i.e. "callback('arg1', 2)").  No escaping is done by this method.</param>
 		private void CallbackUserAgentMethod(string methodCall) {
-			this.CallbackUserAgentMethod(methodCall, null);
-		}
-
-		/// <summary>
-		/// Invokes a method on a parent frame/window's OpenIdAjaxTextBox,
-		/// and closes the calling popup window if applicable.
-		/// </summary>
-		/// <param name="methodCall">The method to call on the OpenIdAjaxTextBox, including
-		/// parameters.  (i.e. "callback('arg1', 2)").  No escaping is done by this method.</param>
-		/// <param name="preAssignments">An optional list of assignments to make to the input box object before placing the method call.</param>
-		private void CallbackUserAgentMethod(string methodCall, string[] preAssignments) {
 			Logger.OpenId.InfoFormat("Sending Javascript callback: {0}", methodCall);
 			Page.Response.Write(@"<html><body><script language='javascript'>
 	var inPopup = !window.frameElement;
 	var objSrc = inPopup ? window.opener : window.frameElement;
 ");
-			if (preAssignments != null) {
-				foreach (string assignment in preAssignments) {
-					Page.Response.Write(string.Format(CultureInfo.InvariantCulture, "	objSrc.{0};\n", assignment));
-				}
-			}
 
 			// Something about calling objSrc.{0} can somehow cause FireFox to forget about the inPopup variable,
 			// so we have to actually put the test for it ABOVE the call to objSrc.{0} so that it already 
diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingPartyAjaxControlBase.js b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingPartyAjaxControlBase.js
index c6f6a75..24d238e 100644
--- a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingPartyAjaxControlBase.js
+++ b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingPartyAjaxControlBase.js
@@ -181,9 +181,13 @@ window.OpenIdIdentifier = function(identifier) {
 
 /// <summary>Invoked by RP web server when an authentication has completed.</summary>
 /// <remarks>The duty of this method is to distribute the notification to the appropriate tracking object.</remarks>
-window.dnoa_internal.processAuthorizationResult = function(resultUrl) {
+window.dnoa_internal.processAuthorizationResult = function(resultUrl, extensionResponses) {
 	//trace('processAuthorizationResult ' + resultUrl);
 	var resultUri = new window.dnoa_internal.Uri(resultUrl);
+	trace('processing auth result with extensionResponses: ' + extensionResponses);
+	if (extensionResponses) {
+		extensionResponses = eval(extensionResponses);
+	}
 
 	// Find the tracking object responsible for this request.
 	var userSuppliedIdentifier = resultUri.getQueryArgValue('dnoa.userSuppliedIdentifier');
@@ -203,7 +207,7 @@ window.dnoa_internal.processAuthorizationResult = function(resultUrl) {
 
 	if (window.dnoa_internal.isAuthSuccessful(resultUri)) {
 		discoveryResult.successAuthData = resultUrl;
-		respondingEndpoint.onAuthSuccess(resultUri);
+		respondingEndpoint.onAuthSuccess(resultUri, extensionResponses);
 
 		var parsedPositiveAssertion = new window.dnoa_internal.PositiveAssertion(resultUri);
 		if (parsedPositiveAssertion.claimedIdentifier && parsedPositiveAssertion.claimedIdentifier != discoveryResult.claimedIdentifier) {
@@ -334,7 +338,7 @@ window.dnoa_internal.DiscoveryResult = function(identifier, discoveryInfo) {
 			}
 		};
 
-		this.onAuthSuccess = function(authUri) {
+		this.onAuthSuccess = function(authUri, extensionResponses) {
 			if (thisServiceEndpoint.completeAttempt(true)) {
 				trace(thisServiceEndpoint.host + " authenticated!");
 				thisServiceEndpoint.result = window.dnoa_internal.authSuccess;
@@ -342,7 +346,7 @@ window.dnoa_internal.DiscoveryResult = function(identifier, discoveryInfo) {
 				thisServiceEndpoint.response = authUri;
 				thisDiscoveryResult.abortAll();
 				if (thisDiscoveryResult.onAuthSuccess) {
-					thisDiscoveryResult.onAuthSuccess(thisDiscoveryResult, thisServiceEndpoint);
+					thisDiscoveryResult.onAuthSuccess(thisDiscoveryResult, thisServiceEndpoint, extensionResponses);
 				}
 			}
 		};