summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/DotNetOpenAuth/Messaging/Bindings/ExpiredMessageException.cs1
-rw-r--r--src/DotNetOpenAuth/Messaging/Reflection/MessagePart.cs1
-rw-r--r--src/DotNetOpenAuth/OAuthWrap/ChannelElements/AccessToken.cs4
-rw-r--r--src/DotNetOpenAuth/OAuthWrap/ChannelElements/DataBag.cs3
-rw-r--r--src/DotNetOpenAuth/OAuthWrap/ChannelElements/OAuthWrapResourceServerChannel.cs2
-rw-r--r--src/DotNetOpenAuth/OAuthWrap/ChannelElements/RefreshToken.cs3
-rw-r--r--src/DotNetOpenAuth/OAuthWrap/IAccessTokenAnalyzer.cs18
-rw-r--r--src/DotNetOpenAuth/OAuthWrap/ResourceServer.cs6
-rw-r--r--src/DotNetOpenAuth/OAuthWrap/StandardAccessTokenAnalyzer.cs4
9 files changed, 32 insertions, 10 deletions
diff --git a/src/DotNetOpenAuth/Messaging/Bindings/ExpiredMessageException.cs b/src/DotNetOpenAuth/Messaging/Bindings/ExpiredMessageException.cs
index 73ce289..31b053e 100644
--- a/src/DotNetOpenAuth/Messaging/Bindings/ExpiredMessageException.cs
+++ b/src/DotNetOpenAuth/Messaging/Bindings/ExpiredMessageException.cs
@@ -22,6 +22,7 @@ namespace DotNetOpenAuth.Messaging.Bindings {
public ExpiredMessageException(DateTime utcExpirationDate, IProtocolMessage faultedMessage)
: base(string.Format(CultureInfo.CurrentCulture, MessagingStrings.ExpiredMessage, utcExpirationDate.ToLocalTime(), DateTime.Now), faultedMessage) {
Contract.Requires<ArgumentException>(utcExpirationDate.Kind == DateTimeKind.Utc);
+ Contract.Requires<ArgumentNullException>(faultedMessage != null, "faultedMessage");
}
/// <summary>
diff --git a/src/DotNetOpenAuth/Messaging/Reflection/MessagePart.cs b/src/DotNetOpenAuth/Messaging/Reflection/MessagePart.cs
index 451bb16..a530df5 100644
--- a/src/DotNetOpenAuth/Messaging/Reflection/MessagePart.cs
+++ b/src/DotNetOpenAuth/Messaging/Reflection/MessagePart.cs
@@ -92,6 +92,7 @@ namespace DotNetOpenAuth.Messaging.Reflection {
};
Map<Uri>(uri => uri.AbsoluteUri, safeUri);
Map<DateTime>(dt => XmlConvert.ToString(dt, XmlDateTimeSerializationMode.Utc), str => XmlConvert.ToDateTime(str, XmlDateTimeSerializationMode.Utc));
+ Map<TimeSpan>(ts => ts.ToString(), str => TimeSpan.Parse(str));
Map<byte[]>(safeFromByteArray, safeToByteArray);
Map<Realm>(realm => realm.ToString(), safeRealm);
Map<Identifier>(id => id.SerializedString, safeIdentifier);
diff --git a/src/DotNetOpenAuth/OAuthWrap/ChannelElements/AccessToken.cs b/src/DotNetOpenAuth/OAuthWrap/ChannelElements/AccessToken.cs
index e8cf3b7..59ebd6e 100644
--- a/src/DotNetOpenAuth/OAuthWrap/ChannelElements/AccessToken.cs
+++ b/src/DotNetOpenAuth/OAuthWrap/ChannelElements/AccessToken.cs
@@ -34,10 +34,12 @@ namespace DotNetOpenAuth.OAuthWrap.ChannelElements {
this.Lifetime = lifetime;
}
+ [MessagePart]
internal TimeSpan? Lifetime { get; set; }
- internal static AccessToken Decode(RSAParameters signingKey, RSAParameters encryptingKey, string value, IProtocolMessage containingMessage = null) {
+ internal static AccessToken Decode(RSAParameters signingKey, RSAParameters encryptingKey, string value, IProtocolMessage containingMessage) {
Contract.Requires<ArgumentException>(!String.IsNullOrEmpty(value));
+ Contract.Requires<ArgumentNullException>(containingMessage != null, "containingMessage");
Contract.Ensures(Contract.Result<AccessToken>() != null);
var self = new AccessToken(signingKey, encryptingKey);
diff --git a/src/DotNetOpenAuth/OAuthWrap/ChannelElements/DataBag.cs b/src/DotNetOpenAuth/OAuthWrap/ChannelElements/DataBag.cs
index 207fae8..ccc9baf 100644
--- a/src/DotNetOpenAuth/OAuthWrap/ChannelElements/DataBag.cs
+++ b/src/DotNetOpenAuth/OAuthWrap/ChannelElements/DataBag.cs
@@ -124,8 +124,9 @@ namespace DotNetOpenAuth.OAuthWrap.ChannelElements {
return Convert.ToBase64String(encoded);
}
- protected virtual void Decode(string value, IProtocolMessage containingMessage = null) {
+ protected virtual void Decode(string value, IProtocolMessage containingMessage) {
Contract.Requires<ArgumentException>(!String.IsNullOrEmpty(value));
+ Contract.Requires<ArgumentNullException>(containingMessage != null, "containingMessage");
byte[] encoded = Convert.FromBase64String(value);
diff --git a/src/DotNetOpenAuth/OAuthWrap/ChannelElements/OAuthWrapResourceServerChannel.cs b/src/DotNetOpenAuth/OAuthWrap/ChannelElements/OAuthWrapResourceServerChannel.cs
index 4e10f06..b3671fd 100644
--- a/src/DotNetOpenAuth/OAuthWrap/ChannelElements/OAuthWrapResourceServerChannel.cs
+++ b/src/DotNetOpenAuth/OAuthWrap/ChannelElements/OAuthWrapResourceServerChannel.cs
@@ -134,7 +134,7 @@ namespace DotNetOpenAuth.OAuthWrap.ChannelElements {
var httpResponse = response as IHttpDirectResponse;
webResponse.Status = httpResponse != null ? httpResponse.HttpStatusCode : HttpStatusCode.Unauthorized;
foreach (string headerName in httpResponse.Headers) {
- webResponse.Headers.Add(headerName);
+ webResponse.Headers.Add(headerName, httpResponse.Headers[headerName]);
}
// Now serialize all the message parts into the WWW-Authenticate header.
diff --git a/src/DotNetOpenAuth/OAuthWrap/ChannelElements/RefreshToken.cs b/src/DotNetOpenAuth/OAuthWrap/ChannelElements/RefreshToken.cs
index d813453..751b9bf 100644
--- a/src/DotNetOpenAuth/OAuthWrap/ChannelElements/RefreshToken.cs
+++ b/src/DotNetOpenAuth/OAuthWrap/ChannelElements/RefreshToken.cs
@@ -33,9 +33,10 @@ namespace DotNetOpenAuth.OAuthWrap.ChannelElements {
this.Scope = authorization.Scope;
}
- internal static RefreshToken Decode(byte[] secret, string value, IProtocolMessage containingMessage = null) {
+ internal static RefreshToken Decode(byte[] secret, string value, IProtocolMessage containingMessage) {
Contract.Requires<ArgumentNullException>(secret != null, "secret");
Contract.Requires<ArgumentException>(!String.IsNullOrEmpty(value));
+ Contract.Requires<ArgumentNullException>(containingMessage != null, "containingMessage");
Contract.Ensures(Contract.Result<RefreshToken>() != null);
var self = new RefreshToken(secret);
diff --git a/src/DotNetOpenAuth/OAuthWrap/IAccessTokenAnalyzer.cs b/src/DotNetOpenAuth/OAuthWrap/IAccessTokenAnalyzer.cs
index 85ae9d5..98bd60a 100644
--- a/src/DotNetOpenAuth/OAuthWrap/IAccessTokenAnalyzer.cs
+++ b/src/DotNetOpenAuth/OAuthWrap/IAccessTokenAnalyzer.cs
@@ -7,10 +7,26 @@
namespace DotNetOpenAuth.OAuthWrap {
using System;
using System.Collections.Generic;
+ using System.Diagnostics.Contracts;
using System.Linq;
using System.Text;
+ using DotNetOpenAuth.Messaging;
public interface IAccessTokenAnalyzer {
- bool TryValidateAccessToken(string accessToken, out string user, out string scope);
+ bool TryValidateAccessToken(IDirectedProtocolMessage message, string accessToken, out string user, out string scope);
}
+
+ internal abstract class IAccessTokenAnalyzerContract : IAccessTokenAnalyzer {
+ private IAccessTokenAnalyzerContract() {
+ }
+
+ bool IAccessTokenAnalyzer.TryValidateAccessToken(IDirectedProtocolMessage message, string accessToken, out string user, out string scope) {
+ Contract.Requires<ArgumentNullException>(message != null, "message");
+ Contract.Requires<ArgumentException>(!String.IsNullOrEmpty(accessToken));
+ Contract.Ensures(Contract.Result<bool>() == (Contract.ValueAtReturn<string>(out user) != null));
+
+ throw new NotImplementedException();
+ }
+ }
+
}
diff --git a/src/DotNetOpenAuth/OAuthWrap/ResourceServer.cs b/src/DotNetOpenAuth/OAuthWrap/ResourceServer.cs
index 6370b9d..29f5172 100644
--- a/src/DotNetOpenAuth/OAuthWrap/ResourceServer.cs
+++ b/src/DotNetOpenAuth/OAuthWrap/ResourceServer.cs
@@ -62,10 +62,10 @@ namespace DotNetOpenAuth.OAuthWrap {
public virtual OutgoingWebResponse VerifyAccess(HttpRequestInfo httpRequestInfo, out string username, out string scope) {
Contract.Requires<ArgumentNullException>(httpRequestInfo != null, "httpRequestInfo");
+ AccessProtectedResourceRequest request = null;
try {
- AccessProtectedResourceRequest request;
if (this.Channel.TryReadFromRequest<AccessProtectedResourceRequest>(httpRequestInfo, out request)) {
- if (this.AccessTokenAnalyzer.TryValidateAccessToken(request.AccessToken, out username, out scope)) {
+ if (this.AccessTokenAnalyzer.TryValidateAccessToken(request, request.AccessToken, out username, out scope)) {
// No errors to return.
return null;
}
@@ -75,7 +75,7 @@ namespace DotNetOpenAuth.OAuthWrap {
throw ErrorUtilities.ThrowProtocol("Missing access token.");
}
} catch (ProtocolException ex) {
- var response = new UnauthorizedResponse(null, ex);
+ var response = new UnauthorizedResponse(request, ex);
username = null;
scope = null;
diff --git a/src/DotNetOpenAuth/OAuthWrap/StandardAccessTokenAnalyzer.cs b/src/DotNetOpenAuth/OAuthWrap/StandardAccessTokenAnalyzer.cs
index 3797cba..01b2ef6 100644
--- a/src/DotNetOpenAuth/OAuthWrap/StandardAccessTokenAnalyzer.cs
+++ b/src/DotNetOpenAuth/OAuthWrap/StandardAccessTokenAnalyzer.cs
@@ -24,8 +24,8 @@ namespace DotNetOpenAuth.OAuthWrap {
public RSAParameters ResourceServerPrivateEncryptionKey { get; private set; }
- public bool TryValidateAccessToken(string accessToken, out string user, out string scope) {
- var token = AccessToken.Decode(this.AuthorizationServerPublicSigningKey, this.ResourceServerPrivateEncryptionKey, accessToken);
+ public bool TryValidateAccessToken(IDirectedProtocolMessage message, string accessToken, out string user, out string scope) {
+ var token = AccessToken.Decode(this.AuthorizationServerPublicSigningKey, this.ResourceServerPrivateEncryptionKey, accessToken, message);
user = token.User;
scope = token.Scope;
return true;
generated by cgit v1.1 at 2025-05-28 22:45:52 +0000