diff options
Diffstat (limited to 'src/DotNetOpenAuth.OpenId/OpenId/RelyingParty')
5 files changed, 2 insertions, 440 deletions
diff --git a/src/DotNetOpenAuth.OpenId/OpenId/RelyingParty/IAuthenticationRequest.cs b/src/DotNetOpenAuth.OpenId/OpenId/RelyingParty/IAuthenticationRequest.cs index 92e3233..886029c 100644 --- a/src/DotNetOpenAuth.OpenId/OpenId/RelyingParty/IAuthenticationRequest.cs +++ b/src/DotNetOpenAuth.OpenId/OpenId/RelyingParty/IAuthenticationRequest.cs @@ -7,7 +7,6 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { using System; using System.Collections.Generic; - using System.Diagnostics.Contracts; using System.Linq; using System.Text; using DotNetOpenAuth.Messaging; @@ -18,7 +17,6 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { /// requests that may be queried/modified in specific ways before being /// routed to the OpenID Provider. /// </summary> - [ContractClass(typeof(IAuthenticationRequestContract))] public interface IAuthenticationRequest { /// <summary> /// Gets or sets the mode the Provider should use during authentication. diff --git a/src/DotNetOpenAuth.OpenId/OpenId/RelyingParty/IAuthenticationRequestContract.cs b/src/DotNetOpenAuth.OpenId/OpenId/RelyingParty/IAuthenticationRequestContract.cs deleted file mode 100644 index 4ddc6ae..0000000 --- a/src/DotNetOpenAuth.OpenId/OpenId/RelyingParty/IAuthenticationRequestContract.cs +++ /dev/null @@ -1,111 +0,0 @@ -// <auto-generated /> - -namespace DotNetOpenAuth.OpenId.RelyingParty { - using System; - using System.Collections.Generic; - using System.Diagnostics.Contracts; - using System.Linq; - using System.Text; - using DotNetOpenAuth.Messaging; - using DotNetOpenAuth.OpenId.Messages; - - [ContractClassFor(typeof(IAuthenticationRequest))] - internal abstract class IAuthenticationRequestContract : IAuthenticationRequest { - #region IAuthenticationRequest Members - - AuthenticationRequestMode IAuthenticationRequest.Mode { - get { - throw new NotImplementedException(); - } - - set { - throw new NotImplementedException(); - } - } - - OutgoingWebResponse IAuthenticationRequest.RedirectingResponse { - get { throw new NotImplementedException(); } - } - - Uri IAuthenticationRequest.ReturnToUrl { - get { throw new NotImplementedException(); } - } - - Realm IAuthenticationRequest.Realm { - get { - Contract.Ensures(Contract.Result<Realm>() != null); - throw new NotImplementedException(); - } - } - - Identifier IAuthenticationRequest.ClaimedIdentifier { - get { - throw new NotImplementedException(); - } - } - - bool IAuthenticationRequest.IsDirectedIdentity { - get { throw new NotImplementedException(); } - } - - bool IAuthenticationRequest.IsExtensionOnly { - get { - throw new NotImplementedException(); - } - - set { - throw new NotImplementedException(); - } - } - - IProviderEndpoint IAuthenticationRequest.Provider { - get { - Contract.Ensures(Contract.Result<IProviderEndpoint>() != null); - throw new NotImplementedException(); - } - } - - IdentifierDiscoveryResult IAuthenticationRequest.DiscoveryResult { - get { - Contract.Ensures(Contract.Result<IdentifierDiscoveryResult>() != null); - throw new NotImplementedException(); - } - } - - void IAuthenticationRequest.AddCallbackArguments(IDictionary<string, string> arguments) { - Requires.NotNull(arguments, "arguments"); - Requires.True(arguments.Keys.All(k => !string.IsNullOrEmpty(k)), "arguments"); - Requires.True(arguments.Values.All(v => v != null), "arguments"); - throw new NotImplementedException(); - } - - void IAuthenticationRequest.AddCallbackArguments(string key, string value) { - Requires.NotNullOrEmpty(key, "key"); - Requires.NotNull(value, "value"); - throw new NotImplementedException(); - } - - void IAuthenticationRequest.SetCallbackArgument(string key, string value) { - Requires.NotNullOrEmpty(key, "key"); - Requires.NotNull(value, "value"); - throw new NotImplementedException(); - } - - void IAuthenticationRequest.AddExtension(IOpenIdMessageExtension extension) { - Requires.NotNull(extension, "extension"); - throw new NotImplementedException(); - } - - void IAuthenticationRequest.RedirectToProvider() { - throw new NotImplementedException(); - } - - void IAuthenticationRequest.SetUntrustedCallbackArgument(string key, string value) { - Requires.NotNullOrEmpty(key, "key"); - Requires.NotNull(value, "value"); - throw new NotImplementedException(); - } - - #endregion - } -} diff --git a/src/DotNetOpenAuth.OpenId/OpenId/RelyingParty/IAuthenticationResponse.cs b/src/DotNetOpenAuth.OpenId/OpenId/RelyingParty/IAuthenticationResponse.cs index 10e99e4..bfdc65d 100644 --- a/src/DotNetOpenAuth.OpenId/OpenId/RelyingParty/IAuthenticationResponse.cs +++ b/src/DotNetOpenAuth.OpenId/OpenId/RelyingParty/IAuthenticationResponse.cs @@ -8,12 +8,12 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { using System; using System.Collections.Generic; using System.Diagnostics.CodeAnalysis; - using System.Diagnostics.Contracts; using System.Globalization; using System.Text; using System.Web; using DotNetOpenAuth.OpenId.Extensions; using DotNetOpenAuth.OpenId.Messages; + using Validation; /// <summary> /// An instance of this interface represents an identity assertion @@ -26,7 +26,6 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { /// assertions. This interface does not offer a way to discern between /// solicited and unsolicited assertions as they should be treated equally. /// </remarks> - [ContractClass(typeof(IAuthenticationResponseContract))] public interface IAuthenticationResponse { /// <summary> /// Gets the Identifier that the end user claims to own. For use with user database storage and lookup. @@ -254,277 +253,4 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { /// </remarks> IOpenIdMessageExtension GetUntrustedExtension(Type extensionType); } - - /// <summary> - /// Code contract for the <see cref="IAuthenticationResponse"/> type. - /// </summary> - [ContractClassFor(typeof(IAuthenticationResponse))] - internal abstract class IAuthenticationResponseContract : IAuthenticationResponse { - /// <summary> - /// Initializes a new instance of the <see cref="IAuthenticationResponseContract"/> class. - /// </summary> - protected IAuthenticationResponseContract() { - } - - #region IAuthenticationResponse Members - - /// <summary> - /// Gets the Identifier that the end user claims to own. For use with user database storage and lookup. - /// May be null for some failed authentications (i.e. failed directed identity authentications). - /// </summary> - /// <value></value> - /// <remarks> - /// <para> - /// This is the secure identifier that should be used for database storage and lookup. - /// It is not always friendly (i.e. =Arnott becomes =!9B72.7DD1.50A9.5CCD), but it protects - /// user identities against spoofing and other attacks. - /// </para> - /// <para> - /// For user-friendly identifiers to display, use the - /// <see cref="IAuthenticationResponse.FriendlyIdentifierForDisplay"/> property. - /// </para> - /// </remarks> - Identifier IAuthenticationResponse.ClaimedIdentifier { - get { throw new NotImplementedException(); } - } - - /// <summary> - /// Gets a user-friendly OpenID Identifier for display purposes ONLY. - /// </summary> - /// <value></value> - /// <remarks> - /// <para> - /// This <i>should</i> be put through <see cref="HttpUtility.HtmlEncode(string)"/> before - /// sending to a browser to secure against javascript injection attacks. - /// </para> - /// <para> - /// This property retains some aspects of the user-supplied identifier that get lost - /// in the <see cref="IAuthenticationResponse.ClaimedIdentifier"/>. For example, XRIs used as user-supplied - /// identifiers (i.e. =Arnott) become unfriendly unique strings (i.e. =!9B72.7DD1.50A9.5CCD). - /// For display purposes, such as text on a web page that says "You're logged in as ...", - /// this property serves to provide the =Arnott string, or whatever else is the most friendly - /// string close to what the user originally typed in. - /// </para> - /// <para> - /// If the user-supplied identifier is a URI, this property will be the URI after all - /// redirects, and with the protocol and fragment trimmed off. - /// If the user-supplied identifier is an XRI, this property will be the original XRI. - /// If the user-supplied identifier is an OpenID Provider identifier (i.e. yahoo.com), - /// this property will be the Claimed Identifier, with the protocol stripped if it is a URI. - /// </para> - /// <para> - /// It is <b>very</b> important that this property <i>never</i> be used for database storage - /// or lookup to avoid identity spoofing and other security risks. For database storage - /// and lookup please use the <see cref="IAuthenticationResponse.ClaimedIdentifier"/> property. - /// </para> - /// </remarks> - string IAuthenticationResponse.FriendlyIdentifierForDisplay { - get { throw new NotImplementedException(); } - } - - /// <summary> - /// Gets the detailed success or failure status of the authentication attempt. - /// </summary> - /// <value></value> - AuthenticationStatus IAuthenticationResponse.Status { - get { throw new NotImplementedException(); } - } - - /// <summary> - /// Gets information about the OpenId Provider, as advertised by the - /// OpenID discovery documents found at the <see cref="IAuthenticationResponse.ClaimedIdentifier"/> - /// location, if available. - /// </summary> - /// <value> - /// The Provider endpoint that issued the positive assertion; - /// or <c>null</c> if information about the Provider is unavailable. - /// </value> - IProviderEndpoint IAuthenticationResponse.Provider { - get { throw new NotImplementedException(); } - } - - /// <summary> - /// Gets the details regarding a failed authentication attempt, if available. - /// This will be set if and only if <see cref="IAuthenticationResponse.Status"/> is <see cref="AuthenticationStatus.Failed"/>. - /// </summary> - /// <value></value> - Exception IAuthenticationResponse.Exception { - get { throw new NotImplementedException(); } - } - - /// <summary> - /// Gets a callback argument's value that was previously added using - /// <see cref="IAuthenticationRequest.AddCallbackArguments(string, string)"/>. - /// </summary> - /// <param name="key">The name of the parameter whose value is sought.</param> - /// <returns> - /// The value of the argument, or null if the named parameter could not be found. - /// </returns> - /// <remarks> - /// <para>This may return any argument on the querystring that came with the authentication response, - /// which may include parameters not explicitly added using - /// <see cref="IAuthenticationRequest.AddCallbackArguments(string, string)"/>.</para> - /// <para>Note that these values are NOT protected against tampering in transit.</para> - /// </remarks> - string IAuthenticationResponse.GetCallbackArgument(string key) { - Requires.NotNullOrEmpty(key, "key"); - throw new NotImplementedException(); - } - - /// <summary> - /// Gets all the callback arguments that were previously added using - /// <see cref="IAuthenticationRequest.AddCallbackArguments(string, string)"/> or as a natural part - /// of the return_to URL. - /// </summary> - /// <returns>A name-value dictionary. Never null.</returns> - /// <remarks> - /// <para>This MAY return any argument on the querystring that came with the authentication response, - /// which may include parameters not explicitly added using - /// <see cref="IAuthenticationRequest.AddCallbackArguments(string, string)"/>.</para> - /// <para>Note that these values are NOT protected against tampering in transit.</para> - /// </remarks> - IDictionary<string, string> IAuthenticationResponse.GetCallbackArguments() { - throw new NotImplementedException(); - } - - /// <summary> - /// Tries to get an OpenID extension that may be present in the response. - /// </summary> - /// <typeparam name="T">The type of extension to look for in the response message.</typeparam> - /// <returns> - /// The extension, if it is found. Null otherwise. - /// </returns> - /// <remarks> - /// <para>Extensions are returned only if the Provider signed them. - /// Relying parties that do not care if the values were modified in - /// transit should use the <see cref="IAuthenticationResponse.GetUntrustedExtension<T>"/> method - /// in order to allow the Provider to not sign the extension. </para> - /// <para>Unsigned extensions are completely unreliable and should be - /// used only to prefill user forms since the user or any other third - /// party may have tampered with the data carried by the extension.</para> - /// <para>Signed extensions are only reliable if the relying party - /// trusts the OpenID Provider that signed them. Signing does not mean - /// the relying party can trust the values -- it only means that the values - /// have not been tampered with since the Provider sent the message.</para> - /// </remarks> - T IAuthenticationResponse.GetExtension<T>() { - throw new NotImplementedException(); - } - - /// <summary> - /// Tries to get an OpenID extension that may be present in the response. - /// </summary> - /// <param name="extensionType">Type of the extension to look for in the response.</param> - /// <returns> - /// The extension, if it is found. Null otherwise. - /// </returns> - /// <remarks> - /// <para>Extensions are returned only if the Provider signed them. - /// Relying parties that do not care if the values were modified in - /// transit should use the <see cref="IAuthenticationResponse.GetUntrustedExtension"/> method - /// in order to allow the Provider to not sign the extension. </para> - /// <para>Unsigned extensions are completely unreliable and should be - /// used only to prefill user forms since the user or any other third - /// party may have tampered with the data carried by the extension.</para> - /// <para>Signed extensions are only reliable if the relying party - /// trusts the OpenID Provider that signed them. Signing does not mean - /// the relying party can trust the values -- it only means that the values - /// have not been tampered with since the Provider sent the message.</para> - /// </remarks> - IOpenIdMessageExtension IAuthenticationResponse.GetExtension(Type extensionType) { - Requires.NotNullSubtype<IOpenIdMessageExtension>(extensionType, "extensionType"); - ////ErrorUtilities.VerifyArgument(typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType), string.Format(CultureInfo.CurrentCulture, OpenIdStrings.TypeMustImplementX, typeof(IOpenIdMessageExtension).FullName)); - throw new NotImplementedException(); - } - - /// <summary> - /// Tries to get an OpenID extension that may be present in the response, without - /// requiring it to be signed by the Provider. - /// </summary> - /// <typeparam name="T">The type of extension to look for in the response message.</typeparam> - /// <returns> - /// The extension, if it is found. Null otherwise. - /// </returns> - /// <remarks> - /// <para>Extensions are returned whether they are signed or not. - /// Use the <see cref="IAuthenticationResponse.GetExtension<T>"/> method to retrieve - /// extension responses only if they are signed by the Provider to - /// protect against tampering. </para> - /// <para>Unsigned extensions are completely unreliable and should be - /// used only to prefill user forms since the user or any other third - /// party may have tampered with the data carried by the extension.</para> - /// <para>Signed extensions are only reliable if the relying party - /// trusts the OpenID Provider that signed them. Signing does not mean - /// the relying party can trust the values -- it only means that the values - /// have not been tampered with since the Provider sent the message.</para> - /// </remarks> - T IAuthenticationResponse.GetUntrustedExtension<T>() { - throw new NotImplementedException(); - } - - /// <summary> - /// Tries to get an OpenID extension that may be present in the response, without - /// requiring it to be signed by the Provider. - /// </summary> - /// <param name="extensionType">Type of the extension to look for in the response.</param> - /// <returns> - /// The extension, if it is found. Null otherwise. - /// </returns> - /// <remarks> - /// <para>Extensions are returned whether they are signed or not. - /// Use the <see cref="IAuthenticationResponse.GetExtension"/> method to retrieve - /// extension responses only if they are signed by the Provider to - /// protect against tampering. </para> - /// <para>Unsigned extensions are completely unreliable and should be - /// used only to prefill user forms since the user or any other third - /// party may have tampered with the data carried by the extension.</para> - /// <para>Signed extensions are only reliable if the relying party - /// trusts the OpenID Provider that signed them. Signing does not mean - /// the relying party can trust the values -- it only means that the values - /// have not been tampered with since the Provider sent the message.</para> - /// </remarks> - IOpenIdMessageExtension IAuthenticationResponse.GetUntrustedExtension(Type extensionType) { - Requires.NotNullSubtype<IOpenIdMessageExtension>(extensionType, "extensionType"); - ////ErrorUtilities.VerifyArgument(typeof(IOpenIdMessageExtension).IsAssignableFrom(extensionType), string.Format(CultureInfo.CurrentCulture, OpenIdStrings.TypeMustImplementX, typeof(IOpenIdMessageExtension).FullName)); - throw new NotImplementedException(); - } - - /// <summary> - /// Gets a callback argument's value that was previously added using - /// <see cref="IAuthenticationRequest.AddCallbackArguments(string, string)"/>. - /// </summary> - /// <param name="key">The name of the parameter whose value is sought.</param> - /// <returns> - /// The value of the argument, or null if the named parameter could not be found. - /// </returns> - /// <remarks> - /// Callback parameters are only available even if the RP is in stateless mode, - /// or the callback parameters are otherwise unverifiable as untampered with. - /// Therefore, use this method only when the callback argument is not to be - /// used to make a security-sensitive decision. - /// </remarks> - string IAuthenticationResponse.GetUntrustedCallbackArgument(string key) { - Requires.NotNullOrEmpty(key, "key"); - throw new NotImplementedException(); - } - - /// <summary> - /// Gets all the callback arguments that were previously added using - /// <see cref="IAuthenticationRequest.AddCallbackArguments(string, string)"/> or as a natural part - /// of the return_to URL. - /// </summary> - /// <returns>A name-value dictionary. Never null.</returns> - /// <remarks> - /// Callback parameters are only available even if the RP is in stateless mode, - /// or the callback parameters are otherwise unverifiable as untampered with. - /// Therefore, use this method only when the callback argument is not to be - /// used to make a security-sensitive decision. - /// </remarks> - IDictionary<string, string> IAuthenticationResponse.GetUntrustedCallbackArguments() { - Contract.Ensures(Contract.Result<IDictionary<string, string>>() != null); - throw new NotImplementedException(); - } - - #endregion - } } diff --git a/src/DotNetOpenAuth.OpenId/OpenId/RelyingParty/IRelyingPartyBehavior.cs b/src/DotNetOpenAuth.OpenId/OpenId/RelyingParty/IRelyingPartyBehavior.cs index 0113f62..b056fcd 100644 --- a/src/DotNetOpenAuth.OpenId/OpenId/RelyingParty/IRelyingPartyBehavior.cs +++ b/src/DotNetOpenAuth.OpenId/OpenId/RelyingParty/IRelyingPartyBehavior.cs @@ -6,12 +6,11 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { using System; - using System.Diagnostics.Contracts; + using Validation; /// <summary> /// Applies a custom security policy to certain OpenID security settings and behaviors. /// </summary> - [ContractClass(typeof(IRelyingPartyBehaviorContract))] public interface IRelyingPartyBehavior { /// <summary> /// Applies a well known set of security requirements to a default set of security settings. @@ -40,53 +39,4 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { /// <param name="assertion">The positive assertion.</param> void OnIncomingPositiveAssertion(IAuthenticationResponse assertion); } - - /// <summary> - /// Contract class for the <see cref="IRelyingPartyBehavior"/> interface. - /// </summary> - [ContractClassFor(typeof(IRelyingPartyBehavior))] - internal abstract class IRelyingPartyBehaviorContract : IRelyingPartyBehavior { - /// <summary> - /// Prevents a default instance of the <see cref="IRelyingPartyBehaviorContract"/> class from being created. - /// </summary> - private IRelyingPartyBehaviorContract() { - } - - #region IRelyingPartyBehavior Members - - /// <summary> - /// Applies a well known set of security requirements to a default set of security settings. - /// </summary> - /// <param name="securitySettings">The security settings to enhance with the requirements of this profile.</param> - /// <remarks> - /// Care should be taken to never decrease security when applying a profile. - /// Profiles should only enhance security requirements to avoid being - /// incompatible with each other. - /// </remarks> - void IRelyingPartyBehavior.ApplySecuritySettings(RelyingPartySecuritySettings securitySettings) { - Requires.NotNull(securitySettings, "securitySettings"); - } - - /// <summary> - /// Called when an authentication request is about to be sent. - /// </summary> - /// <param name="request">The request.</param> - /// <remarks> - /// Implementations should be prepared to be called multiple times on the same outgoing message - /// without malfunctioning. - /// </remarks> - void IRelyingPartyBehavior.OnOutgoingAuthenticationRequest(IAuthenticationRequest request) { - Requires.NotNull(request, "request"); - } - - /// <summary> - /// Called when an incoming positive assertion is received. - /// </summary> - /// <param name="assertion">The positive assertion.</param> - void IRelyingPartyBehavior.OnIncomingPositiveAssertion(IAuthenticationResponse assertion) { - Requires.NotNull(assertion, "assertion"); - } - - #endregion - } } diff --git a/src/DotNetOpenAuth.OpenId/OpenId/RelyingParty/RelyingPartySecuritySettings.cs b/src/DotNetOpenAuth.OpenId/OpenId/RelyingParty/RelyingPartySecuritySettings.cs index 77ccbca..e866f24 100644 --- a/src/DotNetOpenAuth.OpenId/OpenId/RelyingParty/RelyingPartySecuritySettings.cs +++ b/src/DotNetOpenAuth.OpenId/OpenId/RelyingParty/RelyingPartySecuritySettings.cs @@ -9,7 +9,6 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { using System.Collections.Generic; using System.Collections.ObjectModel; using System.Diagnostics.CodeAnalysis; - using System.Diagnostics.Contracts; using System.Linq; using DotNetOpenAuth.Messaging; |