/// <summary>
        /// Searches an incoming HTTP request for data that could be used to assemble
        /// a protocol request message.
        /// </summary>
        /// <param name="request">The HTTP request to search.</param>
        /// <returns>A dictionary of data in the request.  Should never be null, but may be empty.</returns>
        protected override IDirectedProtocolMessage ReadFromRequestInternal(HttpRequestInfo request)
        {
            ErrorUtilities.VerifyArgumentNotNull(request, "request");

            // First search the Authorization header.  Use it exclusively if it's present.
            string authorization = request.Headers[HttpRequestHeader.Authorization];

            if (authorization != null)
            {
                string[] authorizationSections = authorization.Split(';');                 // TODO: is this the right delimiter?
                string   oauthPrefix           = Protocol.Default.AuthorizationHeaderScheme + " ";

                // The Authorization header may have multiple uses, and OAuth may be just one of them.
                // Go through each one looking for an OAuth one.
                foreach (string auth in authorizationSections)
                {
                    string trimmedAuth = auth.Trim();
                    if (trimmedAuth.StartsWith(oauthPrefix, StringComparison.Ordinal))
                    {
                        // We found an Authorization: OAuth header.
                        // Parse it according to the rules in section 5.4.1 of the V1.0 spec.
                        var fields = new Dictionary <string, string>();
                        foreach (string stringPair in trimmedAuth.Substring(oauthPrefix.Length).Split(','))
                        {
                            string[] keyValueStringPair = stringPair.Trim().Split('=');
                            string   key   = Uri.UnescapeDataString(keyValueStringPair[0]);
                            string   value = Uri.UnescapeDataString(keyValueStringPair[1].Trim('"'));
                            fields.Add(key, value);
                        }

                        return((IDirectedProtocolMessage)this.Receive(fields, request.GetRecipient()));
                    }
                }
            }

            // We didn't find an OAuth authorization header.  Revert to other payload methods.
            IDirectedProtocolMessage message = base.ReadFromRequestInternal(request);

            // Add receiving HTTP transport information required for signature generation.
            var signedMessage = message as ITamperResistantOAuthMessage;

            if (signedMessage != null)
            {
                signedMessage.Recipient  = request.Url;
                signedMessage.HttpMethod = request.HttpMethod;
            }

            return(message);
        }
Beispiel #2
0
        /// <summary>
        /// Searches an incoming HTTP request for data that could be used to assemble
        /// a protocol request message.
        /// </summary>
        /// <param name="request">The HTTP request to search.</param>
        /// <returns>The deserialized message, if one is found.  Null otherwise.</returns>
        protected override IDirectedProtocolMessage ReadFromRequestCore(HttpRequestInfo request)
        {
            var fields = new Dictionary <string, string>();

            // First search the Authorization header.
            string authorization = request.Headers[HttpRequestHeader.Authorization];

            if (authorization != null)
            {
                string[] authorizationSections = authorization.Split(';');                 // TODO: is this the right delimiter?
                string   oauthPrefix           = Protocol.AuthorizationHeaderScheme + " ";

                // The Authorization header may have multiple uses, and OAuth may be just one of them.
                // Go through each one looking for an OAuth one.
                foreach (string auth in authorizationSections)
                {
                    string trimmedAuth = auth.Trim();
                    if (trimmedAuth.StartsWith(oauthPrefix, StringComparison.Ordinal))
                    {
                        // We found an Authorization: OAuth header.
                        // Parse it according to the rules in section 5.4.1 of the V1.0 spec.
                        foreach (string stringPair in trimmedAuth.Substring(oauthPrefix.Length).Split(','))
                        {
                            string[] keyValueStringPair = stringPair.Trim().Split('=');
                            string   key   = Uri.UnescapeDataString(keyValueStringPair[0]);
                            string   value = Uri.UnescapeDataString(keyValueStringPair[1].Trim('"'));
                            fields.Add(key, value);
                        }
                    }
                }
            }

            // Scrape the entity
            if (!string.IsNullOrEmpty(request.Headers[HttpRequestHeader.ContentType]))
            {
                ContentType contentType = new ContentType(request.Headers[HttpRequestHeader.ContentType]);
                if (string.Equals(contentType.MediaType, HttpFormUrlEncoded, StringComparison.Ordinal))
                {
                    foreach (string key in request.Form)
                    {
                        fields.Add(key, request.Form[key]);
                    }
                }
            }

            // Scrape the query string
            foreach (string key in request.QueryStringBeforeRewriting)
            {
                if (key != null)
                {
                    fields.Add(key, request.QueryStringBeforeRewriting[key]);
                }
                else
                {
                    Logger.OAuth.WarnFormat("Ignoring query string parameter '{0}' since it isn't a standard name=value parameter.", request.QueryStringBeforeRewriting[key]);
                }
            }

            MessageReceivingEndpoint recipient;

            try {
                recipient = request.GetRecipient();
            } catch (ArgumentException ex) {
                Logger.OAuth.WarnFormat("Unrecognized HTTP request: " + ex.ToString());
                return(null);
            }

            // Deserialize the message using all the data we've collected.
            var message = (IDirectedProtocolMessage)this.Receive(fields, recipient);

            // Add receiving HTTP transport information required for signature generation.
            var signedMessage = message as ITamperResistantOAuthMessage;

            if (signedMessage != null)
            {
                signedMessage.Recipient  = request.UrlBeforeRewriting;
                signedMessage.HttpMethod = request.HttpMethod;
            }

            return(message);
        }