summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/DotNetOpenAuth.Test/OpenId/RelyingParty/RelyingPartySecuritySettingsTests.cs12
-rw-r--r--src/DotNetOpenAuth/Configuration/OpenIdRelyingPartySecuritySettingsElement.cs16
-rw-r--r--src/DotNetOpenAuth/OpenId/RelyingParty/AuthenticationRequest.cs4
-rw-r--r--src/DotNetOpenAuth/OpenId/RelyingParty/RelyingPartySecuritySettings.cs19
4 files changed, 48 insertions, 3 deletions
diff --git a/src/DotNetOpenAuth.Test/OpenId/RelyingParty/RelyingPartySecuritySettingsTests.cs b/src/DotNetOpenAuth.Test/OpenId/RelyingParty/RelyingPartySecuritySettingsTests.cs
index 3f1cea0..7e342e1 100644
--- a/src/DotNetOpenAuth.Test/OpenId/RelyingParty/RelyingPartySecuritySettingsTests.cs
+++ b/src/DotNetOpenAuth.Test/OpenId/RelyingParty/RelyingPartySecuritySettingsTests.cs
@@ -40,5 +40,17 @@ namespace DotNetOpenAuth.Test.OpenId.RelyingParty {
this.settings.RequireSsl = false;
Assert.IsFalse(this.settings.RequireSsl);
}
+
+ /// <summary>
+ /// Verifies that the <see cref="RelyingPartySecuritySettings.RequireDirectedIdentity"/>
+ /// property getter/setter are implemented correctly.
+ /// </summary>
+ [TestMethod]
+ public void RequireDirectedIdentity() {
+ this.settings.RequireDirectedIdentity = true;
+ Assert.IsTrue(this.settings.RequireDirectedIdentity);
+ this.settings.RequireDirectedIdentity = false;
+ Assert.IsFalse(this.settings.RequireDirectedIdentity);
+ }
}
}
diff --git a/src/DotNetOpenAuth/Configuration/OpenIdRelyingPartySecuritySettingsElement.cs b/src/DotNetOpenAuth/Configuration/OpenIdRelyingPartySecuritySettingsElement.cs
index 7f7dd98..01821e9 100644
--- a/src/DotNetOpenAuth/Configuration/OpenIdRelyingPartySecuritySettingsElement.cs
+++ b/src/DotNetOpenAuth/Configuration/OpenIdRelyingPartySecuritySettingsElement.cs
@@ -36,6 +36,11 @@ namespace DotNetOpenAuth.Configuration {
private const string RequireSslConfigName = "requireSsl";
/// <summary>
+ /// Gets the name of the @requireDirectedIdentity attribute.
+ /// </summary>
+ private const string RequireDirectedIdentityConfigName = "requireDirectedIdentity";
+
+ /// <summary>
/// Gets the name of the @rejectUnsolicitedAssertions attribute.
/// </summary>
private const string RejectUnsolicitedAssertionsConfigName = "rejectUnsolicitedAssertions";
@@ -66,6 +71,16 @@ namespace DotNetOpenAuth.Configuration {
}
/// <summary>
+ /// Gets or sets a value indicating whether only OP Identifiers will be discoverable
+ /// when creating authentication requests.
+ /// </summary>
+ [ConfigurationProperty(RequireDirectedIdentityConfigName, DefaultValue = false)]
+ public bool RequireDirectedIdentity {
+ get { return (bool)this[RequireDirectedIdentityConfigName]; }
+ set { this[RequireDirectedIdentityConfigName] = value; }
+ }
+
+ /// <summary>
/// Gets or sets the minimum OpenID version a Provider is required to support in order for this library to interoperate with it.
/// </summary>
/// <remarks>
@@ -142,6 +157,7 @@ namespace DotNetOpenAuth.Configuration {
RelyingPartySecuritySettings settings = new RelyingPartySecuritySettings();
settings.RequireSsl = this.RequireSsl;
+ settings.RequireDirectedIdentity = this.RequireDirectedIdentity;
settings.MinimumRequiredOpenIdVersion = this.MinimumRequiredOpenIdVersion;
settings.MinimumHashBitLength = this.MinimumHashBitLength;
settings.MaximumHashBitLength = this.MaximumHashBitLength;
diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/AuthenticationRequest.cs b/src/DotNetOpenAuth/OpenId/RelyingParty/AuthenticationRequest.cs
index b3a9020..50db4cf 100644
--- a/src/DotNetOpenAuth/OpenId/RelyingParty/AuthenticationRequest.cs
+++ b/src/DotNetOpenAuth/OpenId/RelyingParty/AuthenticationRequest.cs
@@ -298,9 +298,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
}
// Filter disallowed endpoints.
- if (relyingParty.SecuritySettings.RejectDelegatingIdentifiers) {
- serviceEndpoints = serviceEndpoints.Where(se => se.ClaimedIdentifier == se.ProviderLocalIdentifier);
- }
+ serviceEndpoints = relyingParty.SecuritySettings.FilterEndpoints(serviceEndpoints);
// Call another method that defers request generation.
return CreateInternal(userSuppliedIdentifier, relyingParty, realm, returnToUrl, serviceEndpoints, createNewAssociationsAsNeeded);
diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/RelyingPartySecuritySettings.cs b/src/DotNetOpenAuth/OpenId/RelyingParty/RelyingPartySecuritySettings.cs
index 2019d16..4e2374c 100644
--- a/src/DotNetOpenAuth/OpenId/RelyingParty/RelyingPartySecuritySettings.cs
+++ b/src/DotNetOpenAuth/OpenId/RelyingParty/RelyingPartySecuritySettings.cs
@@ -6,6 +6,8 @@
namespace DotNetOpenAuth.OpenId.RelyingParty {
using System;
+ using System.Collections.Generic;
+ using System.Linq;
using DotNetOpenAuth.Messaging;
/// <summary>
@@ -51,6 +53,12 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
public bool RequireSsl { get; set; }
/// <summary>
+ /// Gets or sets a value indicating whether only OP Identifiers will be discoverable
+ /// when creating authentication requests.
+ /// </summary>
+ public bool RequireDirectedIdentity { get; set; }
+
+ /// <summary>
/// Gets or sets the oldest version of OpenID the remote party is allowed to implement.
/// </summary>
/// <value>Defaults to <see cref="ProtocolVersion.V10"/></value>
@@ -80,5 +88,16 @@ namespace DotNetOpenAuth.OpenId.RelyingParty {
/// directly issued by the Provider that is sending the assertion.
/// </remarks>
public bool RejectDelegatingIdentifiers { get; set; }
+
+ /// <summary>
+ /// Filters out any disallowed endpoints.
+ /// </summary>
+ /// <param name="endpoints">The endpoints discovered on an Identifier.</param>
+ /// <returns>A sequence of endpoints that satisfy all security requirements.</returns>
+ internal IEnumerable<ServiceEndpoint> FilterEndpoints(IEnumerable<ServiceEndpoint> endpoints) {
+ return endpoints
+ .Where(se => !this.RejectDelegatingIdentifiers || se.ClaimedIdentifier == se.ProviderLocalIdentifier)
+ .Where(se => !this.RequireDirectedIdentity || se.ClaimedIdentifier == se.Protocol.ClaimedIdentifierForOPIdentifier);
+ }
}
}
generated by cgit v1.1 at 2025-06-09 21:30:50 +0000