diff options
| author | Andrew Arnott <andrewarnott@gmail.com> | 2011-04-08 06:59:16 -0700 |
|---|---|---|
| committer | Andrew Arnott <andrewarnott@gmail.com> | 2011-04-08 08:01:19 -0700 |
| commit | d73fef358931d9f35818d2c0373f814b3bd9f91d (patch) | |
| tree | 650cb4d4c535dd8b9bc7f800527dc4a85c1a4bbf /src | |
| parent | 4a457e6713d86293b93e049e26e88ba4cc1cfc46 (diff) | |
| download | DotNetOpenAuth-d73fef358931d9f35818d2c0373f814b3bd9f91d.zip DotNetOpenAuth-d73fef358931d9f35818d2c0373f814b3bd9f91d.tar.gz DotNetOpenAuth-d73fef358931d9f35818d2c0373f814b3bd9f91d.tar.bz2 | |
Forces OAuth 2.0 to consider empty parameters to be absent, per the spec requirement.
Diffstat (limited to 'src')
| -rw-r--r-- | src/DotNetOpenAuth/Messaging/Channel.cs | 9 | ||||
| -rw-r--r-- | src/DotNetOpenAuth/OAuth2/ChannelElements/OAuth2ChannelBase.cs | 19 |
2 files changed, 28 insertions, 0 deletions
diff --git a/src/DotNetOpenAuth/Messaging/Channel.cs b/src/DotNetOpenAuth/Messaging/Channel.cs index 800d49d..7ae045f 100644 --- a/src/DotNetOpenAuth/Messaging/Channel.cs +++ b/src/DotNetOpenAuth/Messaging/Channel.cs @@ -720,6 +720,7 @@ namespace DotNetOpenAuth.Messaging { protected virtual IProtocolMessage Receive(Dictionary<string, string> fields, MessageReceivingEndpoint recipient) { Contract.Requires<ArgumentNullException>(fields != null); + this.FilterReceivedFields(fields); IProtocolMessage message = this.MessageFactory.GetNewRequestMessage(recipient, fields); // If there was no data, or we couldn't recognize it as a message, abort. @@ -1216,6 +1217,14 @@ namespace DotNetOpenAuth.Messaging { } /// <summary> + /// Allows preprocessing and validation of message data before an appropriate message type is + /// selected or deserialized. + /// </summary> + /// <param name="fields">The received message data.</param> + protected virtual void FilterReceivedFields(IDictionary<string, string> fields) { + } + + /// <summary> /// Customizes the binding element order for outgoing and incoming messages. /// </summary> /// <param name="outgoingOrder">The outgoing order.</param> diff --git a/src/DotNetOpenAuth/OAuth2/ChannelElements/OAuth2ChannelBase.cs b/src/DotNetOpenAuth/OAuth2/ChannelElements/OAuth2ChannelBase.cs index d9f33a0..d53e7ef 100644 --- a/src/DotNetOpenAuth/OAuth2/ChannelElements/OAuth2ChannelBase.cs +++ b/src/DotNetOpenAuth/OAuth2/ChannelElements/OAuth2ChannelBase.cs @@ -47,5 +47,24 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { internal OAuth2ChannelBase(params IChannelBindingElement[] channelBindingElements) : base(MessageTypes, Versions, channelBindingElements) { } + + /// <summary> + /// Allows preprocessing and validation of message data before an appropriate message type is + /// selected or deserialized. + /// </summary> + /// <param name="fields">The received message data.</param> + protected override void FilterReceivedFields(IDictionary<string, string> fields) { + base.FilterReceivedFields(fields); + + // Apply the OAuth 2.0 section 2.1 requirement: + // Parameters sent without a value MUST be treated as if they were omitted from the request. + // The authorization server SHOULD ignore unrecognized request parameters. + var emptyKeys = from pair in fields + where String.IsNullOrEmpty(pair.Value) + select pair.Key; + foreach (string emptyKey in emptyKeys.ToList()) { + fields.Remove(emptyKey); + } + } } } |