From 402bddc7f0333e686ab2345414311796310fc173 Mon Sep 17 00:00:00 2001 From: Andrew Arnott Date: Mon, 26 Jan 2009 22:20:26 -0800 Subject: [PATCH] FxCop fixes. --- src/DotNetOpenAuth.vsmdi | 849 +++++++++++---------- src/DotNetOpenAuth/GlobalSuppressions.cs | 4 + src/DotNetOpenAuth/Messaging/ErrorUtilities.cs | 2 +- src/DotNetOpenAuth/Messaging/IExtensionMessage.cs | 3 + src/DotNetOpenAuth/Messaging/MessagingUtilities.cs | 9 +- .../Messaging/UntrustedWebRequestHandler.cs | 78 +- src/DotNetOpenAuth/OAuth/ServiceProvider.cs | 2 + .../BackwardCompatibilityBindingElement.cs | 5 +- .../OpenId/ChannelElements/IPrivateSecretStore.cs | 3 + .../ChannelElements/ReturnToNonceBindingElement.cs | 4 +- .../ReturnToSignatureBindingElement.cs | 29 +- .../ChannelElements/SigningBindingElement.cs | 79 +- .../OpenId/Extensions/ExtensionBase.cs | 48 +- .../ProviderAuthenticationPolicy/PolicyResponse.cs | 2 + .../Extensions/SimpleRegistration/ClaimsRequest.cs | 4 + .../SimpleRegistration/ClaimsResponse.cs | 6 - src/DotNetOpenAuth/OpenId/HmacShaAssociation.cs | 2 +- .../Messages/AssociateUnsuccessfulResponse.cs | 3 +- .../OpenId/Messages/IndirectSignedResponse.cs | 34 +- src/DotNetOpenAuth/OpenId/OpenIdUtilities.cs | 2 +- .../OpenId/RelyingParty/OpenIdAjaxTextBox.cs | 90 +-- .../OpenId/RelyingParty/OpenIdLogin.cs | 6 +- .../OpenId/RelyingParty/OpenIdMobileTextBox.cs | 1 + .../OpenId/RelyingParty/OpenIdRelyingParty.cs | 4 +- .../OpenId/RelyingParty/OpenIdTextBox.cs | 32 +- src/DotNetOpenAuth/XrdsPublisher.cs | 1 + 26 files changed, 700 insertions(+), 602 deletions(-) diff --git a/src/DotNetOpenAuth.vsmdi b/src/DotNetOpenAuth.vsmdi index f3b214c..b8359d6 100644 --- a/src/DotNetOpenAuth.vsmdi +++ b/src/DotNetOpenAuth.vsmdi @@ -3,429 +3,430 @@ Fast running unit tests - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -434,7 +435,7 @@ All tests - + diff --git a/src/DotNetOpenAuth/GlobalSuppressions.cs b/src/DotNetOpenAuth/GlobalSuppressions.cs index 4113c73..12e3df0 100644 --- a/src/DotNetOpenAuth/GlobalSuppressions.cs +++ b/src/DotNetOpenAuth/GlobalSuppressions.cs @@ -29,3 +29,7 @@ [assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Naming", "CA1703:ResourceStringsShouldBeSpelledCorrectly", MessageId = "openid", Scope = "resource", Target = "DotNetOpenAuth.OpenId.OpenIdStrings.resources")] [assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Naming", "CA1703:ResourceStringsShouldBeSpelledCorrectly", MessageId = "claimedid", Scope = "resource", Target = "DotNetOpenAuth.OpenId.OpenIdStrings.resources")] [assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Naming", "CA1704:IdentifiersShouldBeSpelledCorrectly", MessageId = "Xri", Scope = "type", Target = "DotNetOpenAuth.OpenId.XriIdentifier")] +[assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Naming", "CA1703:ResourceStringsShouldBeSpelledCorrectly", MessageId = "yyyy-MM-dd", Scope = "resource", Target = "DotNetOpenAuth.OpenId.OpenIdStrings.resources")] +[assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Naming", "CA1703:ResourceStringsShouldBeSpelledCorrectly", MessageId = "usersetupurl", Scope = "resource", Target = "DotNetOpenAuth.OpenId.OpenIdStrings.resources")] +[assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Naming", "CA1703:ResourceStringsShouldBeSpelledCorrectly", MessageId = "birthdate", Scope = "resource", Target = "DotNetOpenAuth.OpenId.OpenIdStrings.resources")] +[assembly: System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Naming", "CA1703:ResourceStringsShouldBeSpelledCorrectly", MessageId = "rehydrated", Scope = "resource", Target = "DotNetOpenAuth.OpenId.OpenIdStrings.resources")] diff --git a/src/DotNetOpenAuth/Messaging/ErrorUtilities.cs b/src/DotNetOpenAuth/Messaging/ErrorUtilities.cs index ce9a42e..10896c2 100644 --- a/src/DotNetOpenAuth/Messaging/ErrorUtilities.cs +++ b/src/DotNetOpenAuth/Messaging/ErrorUtilities.cs @@ -199,7 +199,7 @@ namespace DotNetOpenAuth.Messaging { /// Thrown if evaluates to false. internal static void VerifyArgumentInRange(bool condition, string parameterName, string message, params object[] args) { if (!condition) { - throw new ArgumentOutOfRangeException(parameterName, string.Format(message, args)); + throw new ArgumentOutOfRangeException(parameterName, string.Format(CultureInfo.CurrentCulture, message, args)); } } diff --git a/src/DotNetOpenAuth/Messaging/IExtensionMessage.cs b/src/DotNetOpenAuth/Messaging/IExtensionMessage.cs index afbb8fe..5fc05a6 100644 --- a/src/DotNetOpenAuth/Messaging/IExtensionMessage.cs +++ b/src/DotNetOpenAuth/Messaging/IExtensionMessage.cs @@ -5,9 +5,12 @@ //----------------------------------------------------------------------- namespace DotNetOpenAuth.Messaging { + using System.Diagnostics.CodeAnalysis; + /// /// An interface that extension messages must implement. /// + [SuppressMessage("Microsoft.Design", "CA1040:AvoidEmptyInterfaces", Justification = "Extension messages may gain members later on.")] public interface IExtensionMessage : IMessage { } } diff --git a/src/DotNetOpenAuth/Messaging/MessagingUtilities.cs b/src/DotNetOpenAuth/Messaging/MessagingUtilities.cs index b08c2b0..c774e99 100644 --- a/src/DotNetOpenAuth/Messaging/MessagingUtilities.cs +++ b/src/DotNetOpenAuth/Messaging/MessagingUtilities.cs @@ -51,6 +51,9 @@ namespace DotNetOpenAuth.Messaging { { "=", @"\x3d" }, }; + /// + /// HTTP headers that must be copied using their proper properties instead of directly. + /// private static readonly string[] HeadersToNotCopy = new string[] { "Host", "Connection" }; /// @@ -78,7 +81,8 @@ namespace DotNetOpenAuth.Messaging { /// Gets the query data from the original request (before any URL rewriting has occurred.) /// /// A containing all the parameters in the query string. - public static NameValueCollection GetQueryFromContextNVC() { + [SuppressMessage("Microsoft.Design", "CA1024:UsePropertiesWhereAppropriate", Justification = "Expensive call")] + public static NameValueCollection GetQueryFromContext() { ErrorUtilities.VerifyHttpContext(); HttpRequest request = HttpContext.Current.Request; @@ -99,12 +103,13 @@ namespace DotNetOpenAuth.Messaging { /// Gets the query or form data from the original request (before any URL rewriting has occurred.) /// /// A set of name=value pairs. + [SuppressMessage("Microsoft.Design", "CA1024:UsePropertiesWhereAppropriate", Justification = "Expensive call")] public static NameValueCollection GetQueryOrFormFromContext() { ErrorUtilities.VerifyHttpContext(); HttpRequest request = HttpContext.Current.Request; NameValueCollection query; if (request.RequestType == "GET") { - query = GetQueryFromContextNVC(); + query = GetQueryFromContext(); } else { query = request.Form; } diff --git a/src/DotNetOpenAuth/Messaging/UntrustedWebRequestHandler.cs b/src/DotNetOpenAuth/Messaging/UntrustedWebRequestHandler.cs index f32e1e5..0a2eabf 100644 --- a/src/DotNetOpenAuth/Messaging/UntrustedWebRequestHandler.cs +++ b/src/DotNetOpenAuth/Messaging/UntrustedWebRequestHandler.cs @@ -269,25 +269,24 @@ namespace DotNetOpenAuth.Messaging { #endregion /// - /// Determines whether a given host is whitelisted. - /// - /// The host name to test. - /// - /// true if the host is whitelisted; otherwise, false. - /// - private bool IsHostWhitelisted(string host) { - return this.IsHostInList(host, this.WhitelistHosts, this.WhitelistHostsRegex); - } - - /// - /// Determines whether a given host is blacklisted. + /// Determines whether an IP address is the IPv6 equivalent of "localhost/127.0.0.1". /// - /// The host name to test. + /// The ip address to check. /// - /// true if the host is blacklisted; otherwise, false. + /// true if this is a loopback IP address; false otherwise. /// - private bool IsHostBlacklisted(string host) { - return this.IsHostInList(host, this.BlacklistHosts, this.BlacklistHostsRegex); + private static bool IsIPv6Loopback(IPAddress ip) { + ErrorUtilities.VerifyArgumentNotNull(ip, "ip"); + byte[] addressBytes = ip.GetAddressBytes(); + for (int i = 0; i < addressBytes.Length - 1; i++) { + if (addressBytes[i] != 0) { + return false; + } + } + if (addressBytes[addressBytes.Length - 1] != 1) { + return false; + } + return true; } /// @@ -299,7 +298,7 @@ namespace DotNetOpenAuth.Messaging { /// /// true if the specified host falls within at least one of the given lists; otherwise, false. /// - private bool IsHostInList(string host, ICollection stringList, ICollection regexList) { + private static bool IsHostInList(string host, ICollection stringList, ICollection regexList) { ErrorUtilities.VerifyNonZeroLength(host, "host"); ErrorUtilities.VerifyArgumentNotNull(stringList, "stringList"); ErrorUtilities.VerifyArgumentNotNull(regexList, "regexList"); @@ -317,6 +316,28 @@ namespace DotNetOpenAuth.Messaging { } /// + /// Determines whether a given host is whitelisted. + /// + /// The host name to test. + /// + /// true if the host is whitelisted; otherwise, false. + /// + private bool IsHostWhitelisted(string host) { + return IsHostInList(host, this.WhitelistHosts, this.WhitelistHostsRegex); + } + + /// + /// Determines whether a given host is blacklisted. + /// + /// The host name to test. + /// + /// true if the host is blacklisted; otherwise, false. + /// + private bool IsHostBlacklisted(string host) { + return IsHostInList(host, this.BlacklistHosts, this.BlacklistHostsRegex); + } + + /// /// Verify that the request qualifies under our security policies /// /// The request URI. @@ -369,7 +390,7 @@ namespace DotNetOpenAuth.Messaging { } break; case System.Net.Sockets.AddressFamily.InterNetworkV6: - if (this.IsIPv6Loopback(hostIPAddress)) { + if (IsIPv6Loopback(hostIPAddress)) { return failsUnlessWhitelisted("it is a loopback address."); } break; @@ -391,27 +412,6 @@ namespace DotNetOpenAuth.Messaging { } /// - /// Determines whether an IP address is the IPv6 equivalent of "localhost/127.0.0.1". - /// - /// The ip address to check. - /// - /// true if this is a loopback IP address; false otherwise. - /// - private bool IsIPv6Loopback(IPAddress ip) { - ErrorUtilities.VerifyArgumentNotNull(ip, "ip"); - byte[] addressBytes = ip.GetAddressBytes(); - for (int i = 0; i < addressBytes.Length - 1; i++) { - if (addressBytes[i] != 0) { - return false; - } - } - if (addressBytes[addressBytes.Length - 1] != 1) { - return false; - } - return true; - } - - /// /// Prepares the request by setting timeout and redirect policies. /// /// The request to prepare. diff --git a/src/DotNetOpenAuth/OAuth/ServiceProvider.cs b/src/DotNetOpenAuth/OAuth/ServiceProvider.cs index 2ede84b..e54dfbc 100644 --- a/src/DotNetOpenAuth/OAuth/ServiceProvider.cs +++ b/src/DotNetOpenAuth/OAuth/ServiceProvider.cs @@ -13,6 +13,7 @@ namespace DotNetOpenAuth.OAuth { using DotNetOpenAuth.Messaging.Bindings; using DotNetOpenAuth.OAuth.ChannelElements; using DotNetOpenAuth.OAuth.Messages; + using System.Diagnostics.CodeAnalysis; /// /// A web application that allows access via OAuth. @@ -227,6 +228,7 @@ namespace DotNetOpenAuth.OAuth { /// The message to send to the Consumer using if one is necessary. /// Null if the Consumer did not request a callback. /// + [SuppressMessage("Microsoft.Performance", "CA1822:MarkMembersAsStatic", Justification = "Consistent user experience with instance.")] public UserAuthorizationResponse PrepareAuthorizationResponse(UserAuthorizationRequest request) { ErrorUtilities.VerifyArgumentNotNull(request, "request"); diff --git a/src/DotNetOpenAuth/OpenId/ChannelElements/BackwardCompatibilityBindingElement.cs b/src/DotNetOpenAuth/OpenId/ChannelElements/BackwardCompatibilityBindingElement.cs index 848b427..ac77d1f 100644 --- a/src/DotNetOpenAuth/OpenId/ChannelElements/BackwardCompatibilityBindingElement.cs +++ b/src/DotNetOpenAuth/OpenId/ChannelElements/BackwardCompatibilityBindingElement.cs @@ -20,13 +20,13 @@ namespace DotNetOpenAuth.OpenId.ChannelElements { /// The name of the callback parameter that stores the Provider Endpoint URL /// to tack onto the return_to URI. /// - private static readonly string ProviderEndpointParameterName = "dnoi.op_endpoint"; + private const string ProviderEndpointParameterName = "dnoi.op_endpoint"; /// /// The name of the callback parameter that stores the Claimed Identifier /// to tack onto the return_to URI. /// - private static readonly string ClaimedIdentifierParameterName = "dnoi.claimed_id"; + private const string ClaimedIdentifierParameterName = "dnoi.claimed_id"; #region IChannelBindingElement Members @@ -95,7 +95,6 @@ namespace DotNetOpenAuth.OpenId.ChannelElements { public bool PrepareMessageForReceiving(IProtocolMessage message) { IndirectSignedResponse response = message as IndirectSignedResponse; if (response != null && response.Version.Major < 2) { - var dictionary = new MessageDictionary(response); var protocol = Protocol.Lookup(response.Version); // Although GetReturnToArgument may return null if the parameters are not signed, diff --git a/src/DotNetOpenAuth/OpenId/ChannelElements/IPrivateSecretStore.cs b/src/DotNetOpenAuth/OpenId/ChannelElements/IPrivateSecretStore.cs index 953eeb7..2259361 100644 --- a/src/DotNetOpenAuth/OpenId/ChannelElements/IPrivateSecretStore.cs +++ b/src/DotNetOpenAuth/OpenId/ChannelElements/IPrivateSecretStore.cs @@ -5,6 +5,8 @@ //----------------------------------------------------------------------- namespace DotNetOpenAuth.OpenId.ChannelElements { + using System.Diagnostics.CodeAnalysis; + /// /// Provides access to and persists a private secret that is used for signing. /// @@ -13,6 +15,7 @@ namespace DotNetOpenAuth.OpenId.ChannelElements { /// Gets or sets a secret key that can be used for signing. /// /// A 64-byte binary value, which may contain null bytes. + [SuppressMessage("Microsoft.Performance", "CA1819:PropertiesShouldNotReturnArrays", Justification = "This is a buffer.")] byte[] PrivateSecret { get; set; } } } diff --git a/src/DotNetOpenAuth/OpenId/ChannelElements/ReturnToNonceBindingElement.cs b/src/DotNetOpenAuth/OpenId/ChannelElements/ReturnToNonceBindingElement.cs index 6b4a1ef..62e61be 100644 --- a/src/DotNetOpenAuth/OpenId/ChannelElements/ReturnToNonceBindingElement.cs +++ b/src/DotNetOpenAuth/OpenId/ChannelElements/ReturnToNonceBindingElement.cs @@ -29,12 +29,12 @@ namespace DotNetOpenAuth.OpenId.ChannelElements { /// The parameter of the callback parameter we tack onto the return_to URL /// to store the replay-detection nonce. /// - private static readonly string NonceParameter = "dnoi.request_nonce"; + private const string NonceParameter = "dnoi.request_nonce"; /// /// The length of the generated nonce's random part. /// - private static readonly int NonceByteLength = 128 / 8; // 128-bit nonce + private const int NonceByteLength = 128 / 8; // 128-bit nonce /// /// The nonce store that will allow us to recall which nonces we've seen before. diff --git a/src/DotNetOpenAuth/OpenId/ChannelElements/ReturnToSignatureBindingElement.cs b/src/DotNetOpenAuth/OpenId/ChannelElements/ReturnToSignatureBindingElement.cs index 0c823bc..0e8e895 100644 --- a/src/DotNetOpenAuth/OpenId/ChannelElements/ReturnToSignatureBindingElement.cs +++ b/src/DotNetOpenAuth/OpenId/ChannelElements/ReturnToSignatureBindingElement.cs @@ -27,7 +27,7 @@ namespace DotNetOpenAuth.OpenId.ChannelElements { /// due to its required order in the channel stack and that it doesn't sign /// anything except a particular message part. /// - internal class ReturnToSignatureBindingElement : IChannelBindingElement { + internal class ReturnToSignatureBindingElement : IChannelBindingElement, IDisposable { /// /// The optimal length for a private secret used for signing using the HMACSHA256 class. /// @@ -41,7 +41,7 @@ namespace DotNetOpenAuth.OpenId.ChannelElements { /// The name of the callback parameter we'll tack onto the return_to value /// to store our signature on the return_to parameter. /// - private static readonly string ReturnToSignatureParameterName = "dnoi.return_to_sig"; + private const string ReturnToSignatureParameterName = "dnoi.return_to_sig"; /// /// The hashing algorithm used to generate the private signature on the return_to parameter. @@ -147,6 +147,31 @@ namespace DotNetOpenAuth.OpenId.ChannelElements { #endregion + #region IDisposable Members + + /// + /// Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources. + /// + public void Dispose() { + this.Dispose(true); + GC.SuppressFinalize(this); + } + + /// + /// Releases unmanaged and - optionally - managed resources + /// + /// true to release both managed and unmanaged resources; false to release only unmanaged resources. + protected virtual void Dispose(bool disposing) { + if (disposing) { + IDisposable hasher = this.signingHasher as IDisposable; + if (hasher != null) { + hasher.Dispose(); + } + } + } + + #endregion + /// /// Gets the return to signature. /// diff --git a/src/DotNetOpenAuth/OpenId/ChannelElements/SigningBindingElement.cs b/src/DotNetOpenAuth/OpenId/ChannelElements/SigningBindingElement.cs index cb52655..d912442 100644 --- a/src/DotNetOpenAuth/OpenId/ChannelElements/SigningBindingElement.cs +++ b/src/DotNetOpenAuth/OpenId/ChannelElements/SigningBindingElement.cs @@ -8,6 +8,7 @@ namespace DotNetOpenAuth.OpenId.ChannelElements { using System; using System.Collections.Generic; using System.Diagnostics; + using System.Globalization; using System.Linq; using System.Net.Security; using DotNetOpenAuth.Loggers; @@ -105,7 +106,7 @@ namespace DotNetOpenAuth.OpenId.ChannelElements { Association association = this.GetAssociation(signedMessage); signedMessage.AssociationHandle = association.Handle; signedMessage.SignedParameterOrder = this.GetSignedParameterOrder(signedMessage); - signedMessage.Signature = this.GetSignature(signedMessage, association); + signedMessage.Signature = GetSignature(signedMessage, association); return true; } @@ -134,7 +135,7 @@ namespace DotNetOpenAuth.OpenId.ChannelElements { Association association = this.GetSpecificAssociation(signedMessage); if (association != null) { - string signature = this.GetSignature(signedMessage, association); + string signature = GetSignature(signedMessage, association); if (!string.Equals(signedMessage.Signature, signature, StringComparison.Ordinal)) { Logger.Error("Signature verification failed."); throw new InvalidSignatureException(message); @@ -190,6 +191,41 @@ namespace DotNetOpenAuth.OpenId.ChannelElements { } /// + /// Calculates the signature for a given message. + /// + /// The message to sign or verify. + /// The association to use to sign the message. + /// The calculated signature of the method. + private static string GetSignature(ITamperResistantOpenIdMessage signedMessage, Association association) { + ErrorUtilities.VerifyArgumentNotNull(signedMessage, "signedMessage"); + ErrorUtilities.VerifyNonZeroLength(signedMessage.SignedParameterOrder, "signedMessage.SignedParameterOrder"); + ErrorUtilities.VerifyArgumentNotNull(association, "association"); + + // Prepare the parts to sign, taking care to replace an openid.mode value + // of check_authentication with its original id_res so the signature matches. + Protocol protocol = Protocol.Lookup(signedMessage.Version); + MessageDictionary dictionary = new MessageDictionary(signedMessage); + var parametersToSign = from name in signedMessage.SignedParameterOrder.Split(',') + let prefixedName = Protocol.V20.openid.Prefix + name + select new KeyValuePair(name, dictionary[prefixedName]); + + byte[] dataToSign = KeyValueFormEncoding.GetBytes(parametersToSign); + string signature = Convert.ToBase64String(association.Sign(dataToSign)); + + if (signingLogger.IsDebugEnabled) { + signingLogger.DebugFormat( + CultureInfo.InvariantCulture, + "Signing these message parts: {0}{1}{0}Base64 representation of signed data: {2}{0}Signature: {3}", + Environment.NewLine, + parametersToSign.ToStringDeferred(), + Convert.ToBase64String(dataToSign), + signature); + } + + return signature; + } + + /// /// Gets the value to use for the openid.signed parameter. /// /// The signable message. @@ -229,40 +265,6 @@ namespace DotNetOpenAuth.OpenId.ChannelElements { } /// - /// Calculates the signature for a given message. - /// - /// The message to sign or verify. - /// The association to use to sign the message. - /// The calculated signature of the method. - private string GetSignature(ITamperResistantOpenIdMessage signedMessage, Association association) { - ErrorUtilities.VerifyArgumentNotNull(signedMessage, "signedMessage"); - ErrorUtilities.VerifyNonZeroLength(signedMessage.SignedParameterOrder, "signedMessage.SignedParameterOrder"); - ErrorUtilities.VerifyArgumentNotNull(association, "association"); - - // Prepare the parts to sign, taking care to replace an openid.mode value - // of check_authentication with its original id_res so the signature matches. - Protocol protocol = Protocol.Lookup(signedMessage.Version); - MessageDictionary dictionary = new MessageDictionary(signedMessage); - var parametersToSign = from name in signedMessage.SignedParameterOrder.Split(',') - let prefixedName = Protocol.V20.openid.Prefix + name - select new KeyValuePair(name, dictionary[prefixedName]); - - byte[] dataToSign = KeyValueFormEncoding.GetBytes(parametersToSign); - string signature = Convert.ToBase64String(association.Sign(dataToSign)); - - if (signingLogger.IsDebugEnabled) { - signingLogger.DebugFormat( - "Signing these message parts: {0}{1}{0}Base64 representation of signed data: {2}{0}Signature: {3}", - Environment.NewLine, - parametersToSign.ToStringDeferred(), - Convert.ToBase64String(dataToSign), - signature); - } - - return signature; - } - - /// /// Gets the association to use to sign or verify a message. /// /// The message to sign or verify. @@ -297,11 +299,12 @@ namespace DotNetOpenAuth.OpenId.ChannelElements { Association association = null; if (!string.IsNullOrEmpty(signedMessage.AssociationHandle)) { + IndirectSignedResponse indirectSignedMessage = signedMessage as IndirectSignedResponse; if (this.IsOnProvider) { // Since we have an association handle, we're either signing with a smart association, // or verifying a dumb one. bool signing = string.IsNullOrEmpty(signedMessage.Signature); - ErrorUtilities.VerifyInternal(signing == (signedMessage is IndirectSignedResponse), "Ooops... somehow we think we're signing a message that isn't a signed response!"); + ErrorUtilities.VerifyInternal(signing == (indirectSignedMessage != null), "Ooops... somehow we think we're signing a message that isn't a signed response!"); AssociationRelyingPartyType type = signing ? AssociationRelyingPartyType.Smart : AssociationRelyingPartyType.Dumb; association = this.opAssociations.GetAssociation(type, signedMessage.AssociationHandle); if (association == null) { @@ -311,7 +314,7 @@ namespace DotNetOpenAuth.OpenId.ChannelElements { signedMessage.AssociationHandle = null; } } else if (this.rpAssociations != null) { // if on a smart RP - Uri providerEndpoint = ((IndirectSignedResponse)signedMessage).ProviderEndpoint; + Uri providerEndpoint = indirectSignedMessage.ProviderEndpoint; association = this.rpAssociations.GetAssociation(providerEndpoint, signedMessage.AssociationHandle); } } diff --git a/src/DotNetOpenAuth/OpenId/Extensions/ExtensionBase.cs b/src/DotNetOpenAuth/OpenId/Extensions/ExtensionBase.cs index 3a70ebe..2fe9a7b 100644 --- a/src/DotNetOpenAuth/OpenId/Extensions/ExtensionBase.cs +++ b/src/DotNetOpenAuth/OpenId/Extensions/ExtensionBase.cs @@ -49,7 +49,7 @@ namespace DotNetOpenAuth.OpenId.Extensions { /// Gets the TypeURI the extension uses in the OpenID protocol and in XRDS advertisements. /// string IOpenIdMessageExtension.TypeUri { - get { return this.typeUri; } + get { return this.TypeUri; } } /// @@ -68,12 +68,12 @@ namespace DotNetOpenAuth.OpenId.Extensions { /// The for an example. /// IEnumerable IOpenIdMessageExtension.AdditionalSupportedTypeUris { - get { return this.additionalSupportedTypeUris; } + get { return this.AdditionalSupportedTypeUris; } } #endregion - #region IMessage Members + #region IMessage Properties /// /// Gets the version of the protocol or extension this message is prepared to implement. @@ -87,9 +87,51 @@ namespace DotNetOpenAuth.OpenId.Extensions { /// Implementations of this interface should ensure that this property never returns null. /// IDictionary IMessage.ExtraData { + get { return this.ExtraData; } + } + + #endregion + + /// + /// Gets the TypeURI the extension uses in the OpenID protocol and in XRDS advertisements. + /// + protected string TypeUri { + get { return this.typeUri; } + } + + /// + /// Gets the additional TypeURIs that are supported by this extension, in preferred order. + /// May be empty if none other than is supported, but + /// should not be null. + /// + /// + /// + /// Useful for reading in messages with an older version of an extension. + /// The value in the property is always checked before + /// trying this list. + /// If you do support multiple versions of an extension using this method, + /// consider adding a CreateResponse method to your request extension class + /// so that the response can have the context it needs to remain compatible + /// given the version of the extension in the request message. + /// The for an example. + /// + protected IEnumerable AdditionalSupportedTypeUris { + get { return this.additionalSupportedTypeUris; } + } + + /// + /// Gets the extra, non-standard Protocol parameters included in the message. + /// + /// + /// + /// Implementations of this interface should ensure that this property never returns null. + /// + protected IDictionary ExtraData { get { return this.extraData; } } + #region IMessage Methods + /// /// Checks the message state for conformity to the protocol specification /// and throws an exception if the message is invalid. diff --git a/src/DotNetOpenAuth/OpenId/Extensions/ProviderAuthenticationPolicy/PolicyResponse.cs b/src/DotNetOpenAuth/OpenId/Extensions/ProviderAuthenticationPolicy/PolicyResponse.cs index b1887b2..727e663 100644 --- a/src/DotNetOpenAuth/OpenId/Extensions/ProviderAuthenticationPolicy/PolicyResponse.cs +++ b/src/DotNetOpenAuth/OpenId/Extensions/ProviderAuthenticationPolicy/PolicyResponse.cs @@ -7,6 +7,7 @@ namespace DotNetOpenAuth.OpenId.Extensions.ProviderAuthenticationPolicy { using System; using System.Collections.Generic; + using System.Diagnostics.CodeAnalysis; using System.Globalization; using DotNetOpenAuth.Messaging; using DotNetOpenAuth.OpenId.Messages; @@ -108,6 +109,7 @@ namespace DotNetOpenAuth.OpenId.Extensions.ProviderAuthenticationPolicy { /// example classifications of authentication methods within the defined /// levels. /// + [SuppressMessage("Microsoft.Naming", "CA1704:IdentifiersShouldBeSpelledCorrectly", MessageId = "Nist", Justification = "Acronym")] public NistAssuranceLevel? NistAssuranceLevel { get { string levelString; diff --git a/src/DotNetOpenAuth/OpenId/Extensions/SimpleRegistration/ClaimsRequest.cs b/src/DotNetOpenAuth/OpenId/Extensions/SimpleRegistration/ClaimsRequest.cs index 0424f09..6860abc 100644 --- a/src/DotNetOpenAuth/OpenId/Extensions/SimpleRegistration/ClaimsRequest.cs +++ b/src/DotNetOpenAuth/OpenId/Extensions/SimpleRegistration/ClaimsRequest.cs @@ -118,6 +118,7 @@ namespace DotNetOpenAuth.OpenId.Extensions.SimpleRegistration { /// Gets or sets the value of the sreg.required parameter. /// /// A comma-delimited list of sreg fields. + [SuppressMessage("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode", Justification = "Called by messaging framework via reflection.")] [MessagePart(Constants.required, AllowEmpty = true)] private string RequiredList { get { return string.Join(",", this.AssembleProfileFields(DemandLevel.Require)); } @@ -128,6 +129,7 @@ namespace DotNetOpenAuth.OpenId.Extensions.SimpleRegistration { /// Gets or sets the value of the sreg.optional parameter. /// /// A comma-delimited list of sreg fields. + [SuppressMessage("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode", Justification = "Called by messaging framework via reflection.")] [MessagePart(Constants.optional, AllowEmpty = true)] private string OptionalList { get { return string.Join(",", this.AssembleProfileFields(DemandLevel.Request)); } @@ -241,6 +243,7 @@ TimeZone = '{8}'"; /// the OpenId specification for field names, omitting the 'openid.sreg' prefix. /// /// The none/request/require state of the listed fields. + [SuppressMessage("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode", Justification = "Called by messaging framework via reflection.")] private void SetProfileRequestFromList(ICollection fieldNames, DemandLevel requestLevel) { foreach (string field in fieldNames) { switch (field) { @@ -283,6 +286,7 @@ TimeZone = '{8}'"; /// /// The demand level (request, require, none). /// An array of the profile parameter names that meet the criteria. + [SuppressMessage("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode", Justification = "Called by messaging framework via reflection.")] private string[] AssembleProfileFields(DemandLevel level) { List fields = new List(10); if (this.Nickname == level) { diff --git a/src/DotNetOpenAuth/OpenId/Extensions/SimpleRegistration/ClaimsResponse.cs b/src/DotNetOpenAuth/OpenId/Extensions/SimpleRegistration/ClaimsResponse.cs index 876315e..7cd8efc 100644 --- a/src/DotNetOpenAuth/OpenId/Extensions/SimpleRegistration/ClaimsResponse.cs +++ b/src/DotNetOpenAuth/OpenId/Extensions/SimpleRegistration/ClaimsResponse.cs @@ -48,11 +48,6 @@ namespace DotNetOpenAuth.OpenId.Extensions.SimpleRegistration { private DateTime? birthDate; /// - /// The TypeURI that must be used in the response, based on the one used in the request. - /// - private string typeUriToUse; - - /// /// Backing field for the property. /// private CultureInfo culture; @@ -74,7 +69,6 @@ namespace DotNetOpenAuth.OpenId.Extensions.SimpleRegistration { internal ClaimsResponse(string typeUriToUse) : base(new Version(1, 0), typeUriToUse, EmptyList.Instance) { ErrorUtilities.VerifyNonZeroLength(typeUriToUse, "typeUriToUse"); - this.typeUriToUse = typeUriToUse; } /// diff --git a/src/DotNetOpenAuth/OpenId/HmacShaAssociation.cs b/src/DotNetOpenAuth/OpenId/HmacShaAssociation.cs index 77cb126..b959d1a 100644 --- a/src/DotNetOpenAuth/OpenId/HmacShaAssociation.cs +++ b/src/DotNetOpenAuth/OpenId/HmacShaAssociation.cs @@ -180,7 +180,7 @@ namespace DotNetOpenAuth.OpenId { sessionType = null; // We use AsEnumerable() to avoid VerificationException (http://stackoverflow.com/questions/478422/why-does-simple-array-and-linq-generate-verificationexception-operation-could-de) - IEnumerable preferredOrder = highSecurityIsBetter ? + IEnumerable preferredOrder = highSecurityIsBetter ? hmacShaAssociationTypes.AsEnumerable() : hmacShaAssociationTypes.Reverse(); foreach (HmacSha sha in preferredOrder) { diff --git a/src/DotNetOpenAuth/OpenId/Messages/AssociateUnsuccessfulResponse.cs b/src/DotNetOpenAuth/OpenId/Messages/AssociateUnsuccessfulResponse.cs index de62933..c5e0fd4 100644 --- a/src/DotNetOpenAuth/OpenId/Messages/AssociateUnsuccessfulResponse.cs +++ b/src/DotNetOpenAuth/OpenId/Messages/AssociateUnsuccessfulResponse.cs @@ -7,6 +7,7 @@ namespace DotNetOpenAuth.OpenId.Messages { using System.Diagnostics; using System.Diagnostics.CodeAnalysis; + using System.Globalization; using DotNetOpenAuth.Messaging; /// @@ -33,7 +34,7 @@ namespace DotNetOpenAuth.OpenId.Messages { /// The originating request. internal AssociateUnsuccessfulResponse(AssociateRequest originatingRequest) : base(originatingRequest) { - this.ErrorMessage = string.Format(OpenIdStrings.AssociationOrSessionTypeUnrecognizedOrNotSupported, originatingRequest.AssociationType, originatingRequest.SessionType); + this.ErrorMessage = string.Format(CultureInfo.CurrentCulture, OpenIdStrings.AssociationOrSessionTypeUnrecognizedOrNotSupported, originatingRequest.AssociationType, originatingRequest.SessionType); } /// diff --git a/src/DotNetOpenAuth/OpenId/Messages/IndirectSignedResponse.cs b/src/DotNetOpenAuth/OpenId/Messages/IndirectSignedResponse.cs index 1e9ac6b..d36cd8f 100644 --- a/src/DotNetOpenAuth/OpenId/Messages/IndirectSignedResponse.cs +++ b/src/DotNetOpenAuth/OpenId/Messages/IndirectSignedResponse.cs @@ -9,6 +9,7 @@ namespace DotNetOpenAuth.OpenId.Messages { using System.Collections.Generic; using System.Collections.Specialized; using System.Diagnostics; + using System.Diagnostics.CodeAnalysis; using System.Globalization; using System.Linq; using System.Net.Security; @@ -248,6 +249,7 @@ namespace DotNetOpenAuth.OpenId.Messages { /// /// /// 2005-05-15T17:11:51ZUNIQUE + [SuppressMessage("Microsoft.Performance", "CA1811:AvoidUncalledPrivateCode", Justification = "Called by messaging framework via reflection.")] [MessagePart("openid.response_nonce", IsRequired = true, AllowEmpty = false, RequiredProtection = ProtectionLevel.Sign, MinVersion = "2.0")] private string ResponseNonce { get { @@ -359,6 +361,21 @@ namespace DotNetOpenAuth.OpenId.Messages { } /// + /// Determines whether one querystring contains every key=value pair that + /// another querystring contains. + /// + /// The querystring that should contain at least all the key=value pairs of the other. + /// The querystring containing the set of key=value pairs to test for in the other. + /// + /// true if contains all the query parameters that does; false otherwise. + /// + private static bool IsQuerySubsetOf(string superset, string subset) { + NameValueCollection subsetArgs = HttpUtility.ParseQueryString(subset); + NameValueCollection supersetArgs = HttpUtility.ParseQueryString(superset); + return subsetArgs.Keys.Cast().All(key => string.Equals(subsetArgs[key], supersetArgs[key], StringComparison.Ordinal)); + } + + /// /// Verifies that the openid.return_to field matches the URL of the actual HTTP request. /// /// @@ -373,26 +390,11 @@ namespace DotNetOpenAuth.OpenId.Messages { string.Equals(this.Recipient.Scheme, this.ReturnTo.Scheme, StringComparison.OrdinalIgnoreCase) && string.Equals(this.Recipient.Authority, this.ReturnTo.Authority, StringComparison.OrdinalIgnoreCase) && string.Equals(this.Recipient.AbsolutePath, this.ReturnTo.AbsolutePath, StringComparison.Ordinal) && - this.IsQuerySubsetOf(this.Recipient.Query, this.ReturnTo.Query), + IsQuerySubsetOf(this.Recipient.Query, this.ReturnTo.Query), OpenIdStrings.ReturnToParamDoesNotMatchRequestUrl, Protocol.openid.return_to, this.ReturnTo, this.Recipient); } - - /// - /// Determines whether one querystring contains every key=value pair that - /// another querystring contains. - /// - /// The querystring that should contain at least all the key=value pairs of the other. - /// The querystring containing the set of key=value pairs to test for in the other. - /// - /// true if contains all the query parameters that does; false otherwise. - /// - private bool IsQuerySubsetOf(string superset, string subset) { - NameValueCollection subsetArgs = HttpUtility.ParseQueryString(subset); - NameValueCollection supersetArgs = HttpUtility.ParseQueryString(superset); - return subsetArgs.Keys.Cast().All(key => string.Equals(subsetArgs[key], supersetArgs[key], StringComparison.Ordinal)); - } } } diff --git a/src/DotNetOpenAuth/OpenId/OpenIdUtilities.cs b/src/DotNetOpenAuth/OpenId/OpenIdUtilities.cs index ebb7415..e1e99f7 100644 --- a/src/DotNetOpenAuth/OpenId/OpenIdUtilities.cs +++ b/src/DotNetOpenAuth/OpenId/OpenIdUtilities.cs @@ -109,7 +109,7 @@ namespace DotNetOpenAuth.OpenId { /// The hosting page that has the realm value to resolve. /// The realm, which may begin with "*." or "~/". /// The fully-qualified realm. - [SuppressMessage("Microsoft.Usage", "CA1806:DoNotIgnoreMethodResults", MessageId = "DotNetOpenId.Realm", Justification = "Using Uri ctor for validation.")] + [SuppressMessage("Microsoft.Usage", "CA1806:DoNotIgnoreMethodResults", MessageId = "DotNetOpenAuth.OpenId.Realm", Justification = "Using ctor for validation.")] internal static UriBuilder GetResolvedRealm(Page page, string realm) { ErrorUtilities.VerifyArgumentNotNull(page, "page"); diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdAjaxTextBox.cs b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdAjaxTextBox.cs index 5172800..2076b8e 100644 --- a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdAjaxTextBox.cs +++ b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdAjaxTextBox.cs @@ -36,7 +36,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { /// [DefaultProperty("Text"), ValidationProperty("Text")] [ToolboxData("<{0}:OpenIdAjaxTextBox runat=\"server\" />")] - public class OpenIdAjaxTextBox : WebControl, ICallbackEventHandler { + public sealed class OpenIdAjaxTextBox : WebControl, ICallbackEventHandler { /// /// The name of the manifest stream containing the OpenIdAjaxTextBox.js file. /// @@ -567,7 +567,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { /// Gets or sets the OpenID of the relying party web site. /// [SuppressMessage("Microsoft.Usage", "CA1806:DoNotIgnoreMethodResults", MessageId = "System.Uri", Justification = "Using Uri.ctor for validation.")] - [SuppressMessage("Microsoft.Usage", "CA1806:DoNotIgnoreMethodResults", MessageId = "DotNetOpenId.Realm", Justification = "Using ctor for validation.")] + [SuppressMessage("Microsoft.Usage", "CA1806:DoNotIgnoreMethodResults", MessageId = "DotNetOpenAuth.OpenId.Realm", Justification = "Using ctor for validation.")] [SuppressMessage("Microsoft.Usage", "CA2234:PassSystemUriObjectsInsteadOfStrings", Justification = "Property grid on form designer only supports primitive types.")] [SuppressMessage("Microsoft.Design", "CA1056:UriPropertiesShouldNotBeStrings", Justification = "Property grid on form designer only supports primitive types.")] [Bindable(true)] @@ -640,7 +640,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { /// /// A that represents the foreground color of the control. The default is . /// - [Obsolete, Browsable(false), Bindable(false)] + [Obsolete("This property does not do anything."), Browsable(false), Bindable(false)] public override System.Drawing.Color ForeColor { get { throw new NotSupportedException(); } set { throw new NotSupportedException(); } @@ -652,7 +652,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { /// /// A that represents the background color of the control. The default is , which indicates that this property is not set. /// - [Obsolete, Browsable(false), Bindable(false)] + [Obsolete("This property does not do anything."), Browsable(false), Bindable(false)] public override System.Drawing.Color BackColor { get { throw new NotSupportedException(); } set { throw new NotSupportedException(); } @@ -664,7 +664,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { /// /// A that represents the border color of the control. The default is , which indicates that this property is not set. /// - [Obsolete, Browsable(false), Bindable(false)] + [Obsolete("This property does not do anything."), Browsable(false), Bindable(false)] public override System.Drawing.Color BorderColor { get { throw new NotSupportedException(); } set { throw new NotSupportedException(); } @@ -679,7 +679,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { /// /// The specified border width is a negative value. /// - [Obsolete, Browsable(false), Bindable(false)] + [Obsolete("This property does not do anything."), Browsable(false), Bindable(false)] public override Unit BorderWidth { get { return Unit.Empty; } set { throw new NotSupportedException(); } @@ -691,7 +691,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { /// /// One of the enumeration values. The default is NotSet. /// - [Obsolete, Browsable(false), Bindable(false)] + [Obsolete("This property does not do anything."), Browsable(false), Bindable(false)] public override BorderStyle BorderStyle { get { return BorderStyle.None; } set { throw new NotSupportedException(); } @@ -703,7 +703,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { /// /// A that represents the font properties of the Web server control. /// - [Obsolete, Browsable(false), Bindable(false)] + [Obsolete("This property does not do anything."), Browsable(false), Bindable(false)] public override FontInfo Font { get { return null; } } @@ -717,7 +717,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { /// /// The height was set to a negative value. /// - [Obsolete, Browsable(false), Bindable(false)] + [Obsolete("This property does not do anything."), Browsable(false), Bindable(false)] public override Unit Height { get { return Unit.Empty; } set { throw new NotSupportedException(); } @@ -732,7 +732,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { /// /// The width of the Web server control was set to a negative value. /// - [Obsolete, Browsable(false), Bindable(false)] + [Obsolete("This property does not do anything."), Browsable(false), Bindable(false)] public override Unit Width { get { return Unit.Empty; } set { throw new NotSupportedException(); } @@ -744,7 +744,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { /// /// The text displayed when the mouse pointer hovers over the Web server control. The default is . /// - [Obsolete, Browsable(false), Bindable(false)] + [Obsolete("This property does not do anything."), Browsable(false), Bindable(false)] public override string ToolTip { get { return string.Empty; } set { throw new NotSupportedException(); } @@ -759,7 +759,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { /// /// The skin specified in the property does not exist in the theme. /// - [Obsolete, Browsable(false), Bindable(false)] + [Obsolete("This property does not do anything."), Browsable(false), Bindable(false)] public override string SkinID { get { return string.Empty; } set { throw new NotSupportedException(); } @@ -770,7 +770,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { /// /// true to use themes; otherwise, false. The default is false. /// - [Obsolete, Browsable(false), Bindable(false)] + [Obsolete("This property does not do anything."), Browsable(false), Bindable(false)] public override bool EnableTheming { get { return false; } set { throw new NotSupportedException(); } @@ -902,38 +902,6 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { #endregion /// - /// Fires the event. - /// - /// The request. - protected virtual void OnLoggingIn(IAuthenticationRequest request) { - var loggingIn = this.LoggingIn; - if (loggingIn != null) { - loggingIn(this, new OpenIdEventArgs(request)); - } - } - - /// - /// Fires the event. - /// - protected virtual void OnUnconfirmedPositiveAssertion() { - var unconfirmedPositiveAssertion = this.UnconfirmedPositiveAssertion; - if (unconfirmedPositiveAssertion != null) { - unconfirmedPositiveAssertion(this, null); - } - } - - /// - /// Fires the event. - /// - /// The response. - protected virtual void OnLoggedIn(IAuthenticationResponse response) { - var loggedIn = this.LoggedIn; - if (loggedIn != null) { - loggedIn(this, new OpenIdEventArgs(response)); - } - } - - /// /// Prepares the control for loading. /// /// The object that contains the event data. @@ -1052,6 +1020,38 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { } /// + /// Fires the event. + /// + /// The request. + private void OnLoggingIn(IAuthenticationRequest request) { + var loggingIn = this.LoggingIn; + if (loggingIn != null) { + loggingIn(this, new OpenIdEventArgs(request)); + } + } + + /// + /// Fires the event. + /// + private void OnUnconfirmedPositiveAssertion() { + var unconfirmedPositiveAssertion = this.UnconfirmedPositiveAssertion; + if (unconfirmedPositiveAssertion != null) { + unconfirmedPositiveAssertion(this, null); + } + } + + /// + /// Fires the event. + /// + /// The response. + private void OnLoggedIn(IAuthenticationResponse response) { + var loggedIn = this.LoggedIn; + if (loggedIn != null) { + loggedIn(this, new OpenIdEventArgs(response)); + } + } + + /// /// Invokes a method on a parent frame/window's OpenIdAjaxTextBox, /// and closes the calling popup window if applicable. /// diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdLogin.cs b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdLogin.cs index aa6925d..7167d19 100644 --- a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdLogin.cs +++ b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdLogin.cs @@ -12,6 +12,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { using System.Web.UI; using System.Web.UI.HtmlControls; using System.Web.UI.WebControls; + using System.Globalization; /// /// An ASP.NET control providing a complete OpenID login experience. @@ -458,6 +459,9 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { /// /// Gets or sets the starting tab index to distribute across the controls. /// + [SuppressMessage("Microsoft.Usage", "CA2233:OperationsShouldNotOverflow", MessageId = "value+1")] + [SuppressMessage("Microsoft.Usage", "CA2233:OperationsShouldNotOverflow", MessageId = "value+2")] + [SuppressMessage("Microsoft.Usage", "CA2233:OperationsShouldNotOverflow", MessageId = "value+3")] public override short TabIndex { get { return base.TabIndex; @@ -715,7 +719,7 @@ idselector_input_id = '" + WrappedTextBox.ClientID + @"'; base.OnFailed(response); if (!string.IsNullOrEmpty(this.FailedMessageText)) { - this.errorLabel.Text = string.Format(this.FailedMessageText, response.Exception.Message); + this.errorLabel.Text = string.Format(CultureInfo.CurrentCulture, this.FailedMessageText, response.Exception.Message); this.errorLabel.Visible = true; } } diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdMobileTextBox.cs b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdMobileTextBox.cs index 6c9da66..3a884f2 100644 --- a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdMobileTextBox.cs +++ b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdMobileTextBox.cs @@ -274,6 +274,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { /// Gets or sets the OpenID of the relying party web site. /// [SuppressMessage("Microsoft.Usage", "CA1806:DoNotIgnoreMethodResults", MessageId = "System.Uri", Justification = "Using Uri.ctor for validation.")] + [SuppressMessage("Microsoft.Usage", "CA1806:DoNotIgnoreMethodResults", MessageId = "DotNetOpenAuth.OpenId", Justification = "Using ctor for validation.")] [SuppressMessage("Microsoft.Design", "CA1056:UriPropertiesShouldNotBeStrings", Justification = "Bindable property must be simple type")] [Bindable(true), DefaultValue(RealmUrlDefault), Category(BehaviorCategory)] [Description("The OpenID Realm of the relying party web site.")] diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs index 1c57605..9166be8 100644 --- a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs +++ b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs @@ -313,7 +313,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { /// The processed authentication response if there is any; null otherwise. public IAuthenticationResponse GetResponse(HttpRequestInfo httpRequestInfo) { try { - var message = this.Channel.ReadFromRequest(); + var message = this.Channel.ReadFromRequest(httpRequestInfo); PositiveAssertionResponse positiveAssertion; NegativeAssertionResponse negativeAssertion; if ((positiveAssertion = message as PositiveAssertionResponse) != null) { @@ -427,7 +427,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { // Trim off any parameters with an "openid." prefix, and a few known others // to avoid carrying state from a prior login attempt. returnTo.Query = string.Empty; - NameValueCollection queryParams = MessagingUtilities.GetQueryFromContextNVC(); + NameValueCollection queryParams = MessagingUtilities.GetQueryFromContext(); var returnToParams = new Dictionary(queryParams.Count); foreach (string key in queryParams) { if (!IsOpenIdSupportingParameter(key)) { diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdTextBox.cs b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdTextBox.cs index 767d925..49471de 100644 --- a/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdTextBox.cs +++ b/src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdTextBox.cs @@ -370,6 +370,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { /// Gets or sets the OpenID of the relying party web site. /// [SuppressMessage("Microsoft.Usage", "CA1806:DoNotIgnoreMethodResults", MessageId = "System.Uri", Justification = "Using Uri.ctor for validation.")] + [SuppressMessage("Microsoft.Usage", "CA1806:DoNotIgnoreMethodResults", MessageId = "DotNetOpenAuth.OpenId.Realm", Justification = "Using ctor for validation.")] [SuppressMessage("Microsoft.Design", "CA1056:UriPropertiesShouldNotBeStrings", Justification = "Bindable property must be simple type")] [Bindable(true), DefaultValue(RealmUrlDefault), Category(BehaviorCategory)] [Description("The OpenID Realm of the relying party web site.")] @@ -399,19 +400,20 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { /// /// Gets or sets the OpenID ReturnTo of the relying party web site. /// + [SuppressMessage("Microsoft.Usage", "CA2234:PassSystemUriObjectsInsteadOfStrings")] [SuppressMessage("Microsoft.Usage", "CA1806:DoNotIgnoreMethodResults", MessageId = "System.Uri", Justification = "Using Uri.ctor for validation.")] [SuppressMessage("Microsoft.Design", "CA1056:UriPropertiesShouldNotBeStrings", Justification = "Bindable property must be simple type")] [Bindable(true), DefaultValue(ReturnToUrlDefault), Category(BehaviorCategory)] [Description("The OpenID ReturnTo of the relying party web site.")] public string ReturnToUrl { get { - return (string)(ViewState[ReturnToUrlViewStateKey] ?? ReturnToUrlDefault); + return (string)(this.ViewState[ReturnToUrlViewStateKey] ?? ReturnToUrlDefault); } set { - if (Page != null && !DesignMode) { + if (this.Page != null && !this.DesignMode) { // Validate new value by trying to construct a Uri based on it. - new Uri(MessagingUtilities.GetRequestUrlFromContext(), Page.ResolveUrl(value)); // throws an exception on failure. + new Uri(MessagingUtilities.GetRequestUrlFromContext(), this.Page.ResolveUrl(value)); // throws an exception on failure. } else { // We can't fully test it, but it should start with either ~/ or a protocol. if (Regex.IsMatch(value, @"^https?://")) { @@ -423,7 +425,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { } } - ViewState[ReturnToUrlViewStateKey] = value; + this.ViewState[ReturnToUrlViewStateKey] = value; } } @@ -689,7 +691,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { /// /// A that represents the foreground color of the control. The default is . /// - [Obsolete, Browsable(false), Bindable(false)] + [Obsolete("This property does not do anything."), Browsable(false), Bindable(false)] public override System.Drawing.Color ForeColor { get { throw new NotSupportedException(); } set { throw new NotSupportedException(); } @@ -701,7 +703,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { /// /// A that represents the background color of the control. The default is , which indicates that this property is not set. /// - [Obsolete, Browsable(false), Bindable(false)] + [Obsolete("This property does not do anything."), Browsable(false), Bindable(false)] public override System.Drawing.Color BackColor { get { throw new NotSupportedException(); } set { throw new NotSupportedException(); } @@ -713,7 +715,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { /// /// A that represents the border color of the control. The default is , which indicates that this property is not set. /// - [Obsolete, Browsable(false), Bindable(false)] + [Obsolete("This property does not do anything."), Browsable(false), Bindable(false)] public override System.Drawing.Color BorderColor { get { throw new NotSupportedException(); } set { throw new NotSupportedException(); } @@ -728,7 +730,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { /// /// The specified border width is a negative value. /// - [Obsolete, Browsable(false), Bindable(false)] + [Obsolete("This property does not do anything."), Browsable(false), Bindable(false)] public override Unit BorderWidth { get { return Unit.Empty; } set { throw new NotSupportedException(); } @@ -740,7 +742,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { /// /// One of the enumeration values. The default is NotSet. /// - [Obsolete, Browsable(false), Bindable(false)] + [Obsolete("This property does not do anything."), Browsable(false), Bindable(false)] public override BorderStyle BorderStyle { get { return BorderStyle.None; } set { throw new NotSupportedException(); } @@ -752,7 +754,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { /// /// A that represents the font properties of the Web server control. /// - [Obsolete, Browsable(false), Bindable(false)] + [Obsolete("This property does not do anything."), Browsable(false), Bindable(false)] public override FontInfo Font { get { return null; } } @@ -766,7 +768,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { /// /// The height was set to a negative value. /// - [Obsolete, Browsable(false), Bindable(false)] + [Obsolete("This property does not do anything."), Browsable(false), Bindable(false)] public override Unit Height { get { return Unit.Empty; } set { throw new NotSupportedException(); } @@ -781,7 +783,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { /// /// The width of the Web server control was set to a negative value. /// - [Obsolete, Browsable(false), Bindable(false)] + [Obsolete("This property does not do anything."), Browsable(false), Bindable(false)] public override Unit Width { get { return Unit.Empty; } set { throw new NotSupportedException(); } @@ -793,7 +795,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { /// /// The text displayed when the mouse pointer hovers over the Web server control. The default is . /// - [Obsolete, Browsable(false), Bindable(false)] + [Obsolete("This property does not do anything."), Browsable(false), Bindable(false)] public override string ToolTip { get { return string.Empty; } set { throw new NotSupportedException(); } @@ -808,7 +810,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { /// /// The skin specified in the property does not exist in the theme. /// - [Obsolete, Browsable(false), Bindable(false)] + [Obsolete("This property does not do anything."), Browsable(false), Bindable(false)] public override string SkinID { get { return string.Empty; } set { throw new NotSupportedException(); } @@ -819,7 +821,7 @@ namespace DotNetOpenAuth.OpenId.RelyingParty { /// /// true to use themes; otherwise, false. The default is false. /// - [Obsolete, Browsable(false), Bindable(false)] + [Obsolete("This property does not do anything."), Browsable(false), Bindable(false)] public override bool EnableTheming { get { return false; } set { throw new NotSupportedException(); } diff --git a/src/DotNetOpenAuth/XrdsPublisher.cs b/src/DotNetOpenAuth/XrdsPublisher.cs index 142e5b4..f0971a3 100644 --- a/src/DotNetOpenAuth/XrdsPublisher.cs +++ b/src/DotNetOpenAuth/XrdsPublisher.cs @@ -43,6 +43,7 @@ namespace DotNetOpenAuth { /// An ASP.NET control that advertises an XRDS document and even responds to specially /// crafted requests to retrieve it. /// + [SuppressMessage("Microsoft.Naming", "CA1704:IdentifiersShouldBeSpelledCorrectly", MessageId = "Xrds", Justification = "Correct spelling")] [DefaultProperty("XrdsLocation")] [ToolboxData("<{0}:XrdsPublisher runat=server>")] public class XrdsPublisher : Control { -- 2.11.4.GIT