diff options
| -rw-r--r-- | src/DotNetOpenAuth/Messaging/Channel.cs | 9 | ||||
| -rw-r--r-- | src/DotNetOpenAuth/OAuth2/ChannelElements/OAuth2ChannelBase.cs | 19 |
2 files changed, 28 insertions, 0 deletions
diff --git a/src/DotNetOpenAuth/Messaging/Channel.cs b/src/DotNetOpenAuth/Messaging/Channel.cs index 800d49d..7ae045f 100644 --- a/src/DotNetOpenAuth/Messaging/Channel.cs +++ b/src/DotNetOpenAuth/Messaging/Channel.cs @@ -720,6 +720,7 @@ namespace DotNetOpenAuth.Messaging { protected virtual IProtocolMessage Receive(Dictionary<string, string> fields, MessageReceivingEndpoint recipient) { Contract.Requires<ArgumentNullException>(fields != null); + this.FilterReceivedFields(fields); IProtocolMessage message = this.MessageFactory.GetNewRequestMessage(recipient, fields); // If there was no data, or we couldn't recognize it as a message, abort. @@ -1216,6 +1217,14 @@ namespace DotNetOpenAuth.Messaging { } /// <summary> + /// Allows preprocessing and validation of message data before an appropriate message type is + /// selected or deserialized. + /// </summary> + /// <param name="fields">The received message data.</param> + protected virtual void FilterReceivedFields(IDictionary<string, string> fields) { + } + + /// <summary> /// Customizes the binding element order for outgoing and incoming messages. /// </summary> /// <param name="outgoingOrder">The outgoing order.</param> diff --git a/src/DotNetOpenAuth/OAuth2/ChannelElements/OAuth2ChannelBase.cs b/src/DotNetOpenAuth/OAuth2/ChannelElements/OAuth2ChannelBase.cs index d9f33a0..d53e7ef 100644 --- a/src/DotNetOpenAuth/OAuth2/ChannelElements/OAuth2ChannelBase.cs +++ b/src/DotNetOpenAuth/OAuth2/ChannelElements/OAuth2ChannelBase.cs @@ -47,5 +47,24 @@ namespace DotNetOpenAuth.OAuth2.ChannelElements { internal OAuth2ChannelBase(params IChannelBindingElement[] channelBindingElements) : base(MessageTypes, Versions, channelBindingElements) { } + + /// <summary> + /// Allows preprocessing and validation of message data before an appropriate message type is + /// selected or deserialized. + /// </summary> + /// <param name="fields">The received message data.</param> + protected override void FilterReceivedFields(IDictionary<string, string> fields) { + base.FilterReceivedFields(fields); + + // Apply the OAuth 2.0 section 2.1 requirement: + // Parameters sent without a value MUST be treated as if they were omitted from the request. + // The authorization server SHOULD ignore unrecognized request parameters. + var emptyKeys = from pair in fields + where String.IsNullOrEmpty(pair.Value) + select pair.Key; + foreach (string emptyKey in emptyKeys.ToList()) { + fields.Remove(emptyKey); + } + } } } |