diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2009-12-03 16:08:28 -0800 |
|---|---|---|
| committer | Andrew Arnott <andrewarnott@gmail.com> | 2009-12-03 16:12:43 -0800 |
| commit | 8abf278677e35d90ae2ab0a1c01c15181cbab012 (patch) | |
| tree | 071f0d34a7211ee0c3c4a8129006ed01fae75de6 /src | |
| parent | 2d83483e397c8ebaee513e036005c6b34d33af02 (diff) | |
| download | DotNetOpenAuth-8abf278677e35d90ae2ab0a1c01c15181cbab012.zip DotNetOpenAuth-8abf278677e35d90ae2ab0a1c01c15181cbab012.tar.gz DotNetOpenAuth-8abf278677e35d90ae2ab0a1c01c15181cbab012.tar.bz2 | |
Basic validation is now performed on incoming extensions and invalid extensions are dropped.
Diffstat (limited to 'src')
| -rw-r--r-- | src/DotNetOpenAuth/Messaging/Reflection/MessageDescription.cs | 2 | ||||
| -rw-r--r-- | src/DotNetOpenAuth/OpenId/ChannelElements/ExtensionsBindingElement.cs | 14 |
2 files changed, 13 insertions, 3 deletions
diff --git a/src/DotNetOpenAuth/Messaging/Reflection/MessageDescription.cs b/src/DotNetOpenAuth/Messaging/Reflection/MessageDescription.cs index 5cb7877..bc982ef 100644 --- a/src/DotNetOpenAuth/Messaging/Reflection/MessageDescription.cs +++ b/src/DotNetOpenAuth/Messaging/Reflection/MessageDescription.cs @@ -114,7 +114,7 @@ namespace DotNetOpenAuth.Messaging.Reflection { /// <summary> /// Ensures the message parts pass basic validation. /// </summary> - /// <param name="parts">The key/value pairs of the serialzied message.</param> + /// <param name="parts">The key/value pairs of the serialized message.</param> internal void EnsureMessagePartsPassBasicValidation(IDictionary<string, string> parts) { this.EnsureRequiredMessagePartsArePresent(parts.Keys); this.EnsureRequiredProtocolMessagePartsAreNotEmpty(parts); diff --git a/src/DotNetOpenAuth/OpenId/ChannelElements/ExtensionsBindingElement.cs b/src/DotNetOpenAuth/OpenId/ChannelElements/ExtensionsBindingElement.cs index a352c76..40ed463 100644 --- a/src/DotNetOpenAuth/OpenId/ChannelElements/ExtensionsBindingElement.cs +++ b/src/DotNetOpenAuth/OpenId/ChannelElements/ExtensionsBindingElement.cs @@ -92,7 +92,12 @@ namespace DotNetOpenAuth.OpenId.ChannelElements { // OpenID 2.0 Section 12 forbids two extensions with the same TypeURI in the same message. ErrorUtilities.VerifyProtocol(!extensionManager.ContainsExtension(extension.TypeUri), OpenIdStrings.ExtensionAlreadyAddedWithSameTypeURI, extension.TypeUri); - var extensionDictionary = this.Channel.MessageDescriptions.GetAccessor(extension).Serialize(); + // Ensure that we're sending out a valid extension. + var extensionDescription = this.Channel.MessageDescriptions.Get(extension); + var extensionDictionary = extensionDescription.GetDictionary(extension).Serialize(); + extensionDescription.EnsureMessagePartsPassBasicValidation(extensionDictionary); + + // Add the extension to the outgoing message payload. extensionManager.AddExtensionArguments(extension.TypeUri, extensionDictionary); } else { Logger.OpenId.WarnFormat("Unexpected extension type {0} did not implement {1}.", protocolExtension.GetType(), typeof(IOpenIdMessageExtension).Name); @@ -183,7 +188,12 @@ namespace DotNetOpenAuth.OpenId.ChannelElements { IOpenIdMessageExtension extension = this.ExtensionFactory.Create(typeUri, extensionData, message, isAtProvider); if (extension != null) { try { - MessageDictionary extensionDictionary = this.Channel.MessageDescriptions.GetAccessor(extension); + // Make sure the extension fulfills spec requirements before deserializing it. + MessageDescription messageDescription = this.Channel.MessageDescriptions.Get(extension); + messageDescription.EnsureMessagePartsPassBasicValidation(extensionData); + + // Deserialize the extension. + MessageDictionary extensionDictionary = messageDescription.GetDictionary(extension); foreach (var pair in extensionData) { extensionDictionary[pair.Key] = pair.Value; } |