summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/DotNetOpenAuth.Core/Messaging/MessagePartAttribute.cs9
-rw-r--r--src/DotNetOpenAuth.Core/Messaging/Reflection/MessagePart.cs10
-rw-r--r--src/DotNetOpenAuth.Core/Util.cs10
-rw-r--r--src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/AccessTokenResourceOwnerPasswordCredentialsRequest.cs2
-rw-r--r--src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/AuthenticatedClientRequestBase.cs2
5 files changed, 30 insertions, 3 deletions
diff --git a/src/DotNetOpenAuth.Core/Messaging/MessagePartAttribute.cs b/src/DotNetOpenAuth.Core/Messaging/MessagePartAttribute.cs
index 6fd95ee..8ef9b7e 100644
--- a/src/DotNetOpenAuth.Core/Messaging/MessagePartAttribute.cs
+++ b/src/DotNetOpenAuth.Core/Messaging/MessagePartAttribute.cs
@@ -101,6 +101,15 @@ namespace DotNetOpenAuth.Messaging {
}
/// <summary>
+ /// Gets or sets a value indicating whether the value contained by this property contains
+ /// sensitive information that should generally not be logged.
+ /// </summary>
+ /// <value>
+ /// <c>true</c> if this instance is security sensitive; otherwise, <c>false</c>.
+ /// </value>
+ public bool IsSecuritySensitive { get; set; }
+
+ /// <summary>
/// Gets or sets the minimum version of the protocol this attribute applies to
/// and overrides any attributes with lower values for this property.
/// </summary>
diff --git a/src/DotNetOpenAuth.Core/Messaging/Reflection/MessagePart.cs b/src/DotNetOpenAuth.Core/Messaging/Reflection/MessagePart.cs
index b2c4664..0f140d6 100644
--- a/src/DotNetOpenAuth.Core/Messaging/Reflection/MessagePart.cs
+++ b/src/DotNetOpenAuth.Core/Messaging/Reflection/MessagePart.cs
@@ -115,6 +115,7 @@ namespace DotNetOpenAuth.Messaging.Reflection {
this.RequiredProtection = attribute.RequiredProtection;
this.IsRequired = attribute.IsRequired;
this.AllowEmpty = attribute.AllowEmpty;
+ this.IsSecuritySensitive = attribute.IsSecuritySensitive;
this.memberDeclaredType = (this.field != null) ? this.field.FieldType : this.property.PropertyType;
this.defaultMemberValue = DeriveDefaultValue(this.memberDeclaredType);
@@ -189,6 +190,15 @@ namespace DotNetOpenAuth.Messaging.Reflection {
internal bool IsConstantValueAvailableStatically { get; set; }
/// <summary>
+ /// Gets or sets a value indicating whether the value contained by this property contains
+ /// sensitive information that should generally not be logged.
+ /// </summary>
+ /// <value>
+ /// <c>true</c> if this instance is security sensitive; otherwise, <c>false</c>.
+ /// </value>
+ internal bool IsSecuritySensitive { get; set; }
+
+ /// <summary>
/// Gets the static constant value for this message part without a message instance.
/// </summary>
internal string StaticConstantValue {
diff --git a/src/DotNetOpenAuth.Core/Util.cs b/src/DotNetOpenAuth.Core/Util.cs
index e9d617a..3babba5 100644
--- a/src/DotNetOpenAuth.Core/Util.cs
+++ b/src/DotNetOpenAuth.Core/Util.cs
@@ -16,6 +16,7 @@ namespace DotNetOpenAuth {
using DotNetOpenAuth.Configuration;
using DotNetOpenAuth.Messaging;
+ using DotNetOpenAuth.Messaging.Reflection;
/// <summary>
/// A grab-bag utility class.
@@ -105,9 +106,16 @@ namespace DotNetOpenAuth {
////Contract.Requires(pairs != null); // CC: anonymous method can't handle it
ErrorUtilities.VerifyArgumentNotNull(pairs, "pairs");
var dictionary = pairs as IDictionary<K, V>;
+ var messageDictionary = pairs as MessageDictionary;
StringBuilder sb = new StringBuilder(dictionary != null ? dictionary.Count * 40 : 200);
foreach (var pair in pairs) {
- sb.AppendFormat("\t{0}: {1}{2}", pair.Key, pair.Value, Environment.NewLine);
+ var key = pair.Key.ToString();
+ string value = pair.Value.ToString();
+ if (messageDictionary != null && messageDictionary.Description.Mapping[key].IsSecuritySensitive) {
+ value = "********";
+ }
+
+ sb.AppendFormat("\t{0}: {1}{2}", key, value, Environment.NewLine);
}
return sb.ToString();
});
diff --git a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/AccessTokenResourceOwnerPasswordCredentialsRequest.cs b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/AccessTokenResourceOwnerPasswordCredentialsRequest.cs
index 52e65be..a5d958a 100644
--- a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/AccessTokenResourceOwnerPasswordCredentialsRequest.cs
+++ b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/AccessTokenResourceOwnerPasswordCredentialsRequest.cs
@@ -82,7 +82,7 @@ namespace DotNetOpenAuth.OAuth2.Messages {
/// Gets or sets the user's password.
/// </summary>
/// <value>The password.</value>
- [MessagePart(Protocol.password, IsRequired = true)]
+ [MessagePart(Protocol.password, IsRequired = true, IsSecuritySensitive = true)]
internal string Password { get; set; }
/// <summary>
diff --git a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/AuthenticatedClientRequestBase.cs b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/AuthenticatedClientRequestBase.cs
index 4631d83..96eecbb 100644
--- a/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/AuthenticatedClientRequestBase.cs
+++ b/src/DotNetOpenAuth.OAuth2.ClientAuthorization/OAuth2/Messages/AuthenticatedClientRequestBase.cs
@@ -44,7 +44,7 @@ namespace DotNetOpenAuth.OAuth2.Messages {
/// <remarks>
/// REQUIRED. The client secret as described in Section 2.1 (Client Credentials). OPTIONAL if no client secret was issued.
/// </remarks>
- [MessagePart(Protocol.client_secret, IsRequired = false)]
+ [MessagePart(Protocol.client_secret, IsRequired = false, IsSecuritySensitive = true)]
public string ClientSecret { get; internal set; }
/// <summary>
generated by cgit v1.1 at 2025-05-20 05:00:07 +0000