/// <summary>
        /// Prepares the return value for the GetRequest method in the event of an exception.
        /// </summary>
        /// <param name="ex">The exception that forms the basis of the error response.  Must not be null.</param>
        /// <param name="request">The incoming HTTP request.  Must not be null.</param>
        /// <param name="incomingMessage">The incoming message.  May be null in the case that it was malformed.</param>
        /// <returns>
        /// Either the <see cref="IRequest"/> to return to the host site or null to indicate no response could be reasonably created and that the caller should rethrow the exception.
        /// </returns>
        private IRequest GetErrorResponse(ProtocolException ex, HttpRequestMessage request, IDirectedProtocolMessage incomingMessage)
        {
            Requires.NotNull(ex, "ex");
            Requires.NotNull(request, "request");

            Logger.OpenId.ErrorException("An exception was generated while processing an incoming OpenID request.", ex);
            IErrorMessage errorMessage;

            // We must create the appropriate error message type (direct vs. indirect)
            // based on what we see in the request.
            string returnTo = HttpUtility.ParseQueryString(request.RequestUri.Query)[Protocol.Default.openid.return_to];

            if (returnTo != null)
            {
                // An indirect request message from the RP
                // We need to return an indirect response error message so the RP can consume it.
                // Consistent with OpenID 2.0 section 5.2.3.
                var indirectRequest = incomingMessage as SignedResponseRequest;
                if (indirectRequest != null)
                {
                    errorMessage = new IndirectErrorResponse(indirectRequest);
                }
                else
                {
                    errorMessage = new IndirectErrorResponse(Protocol.Default.Version, new Uri(returnTo));
                }
            }
            else if (request.Method == HttpMethod.Post)
            {
                // A direct request message from the RP
                // We need to return a direct response error message so the RP can consume it.
                // Consistent with OpenID 2.0 section 5.1.2.2.
                errorMessage = new DirectErrorResponse(Protocol.Default.Version, incomingMessage);
            }
            else
            {
                // This may be an indirect request from an RP that was so badly
                // formed that we cannot even return an error to the RP.
                // The best we can do is display an error to the user.
                // Returning null cues the caller to "throw;"
                return(null);
            }

            errorMessage.ErrorMessage = ex.ToStringDescriptive();

            // Allow host to log this error and issue a ticket #.
            // We tear off the field to a local var for thread safety.
            IErrorReporting hostErrorHandler = this.ErrorReporting;

            if (hostErrorHandler != null)
            {
                errorMessage.Contact   = hostErrorHandler.Contact;
                errorMessage.Reference = hostErrorHandler.LogError(ex);
            }

            if (incomingMessage != null)
            {
                return(new AutoResponsiveRequest(incomingMessage, errorMessage, this.SecuritySettings));
            }
            else
            {
                return(new AutoResponsiveRequest(errorMessage, this.SecuritySettings));
            }
        }
Ejemplo n.º 2
0
        /// <summary>
        /// Prepares the return value for the GetRequest method in the event of an exception.
        /// </summary>
        /// <param name="ex">The exception that forms the basis of the error response.  Must not be null.</param>
        /// <param name="httpRequestInfo">The incoming HTTP request.  Must not be null.</param>
        /// <param name="incomingMessage">The incoming message.  May be null in the case that it was malformed.</param>
        /// <returns>
        /// Either the <see cref="IRequest"/> to return to the host site or null to indicate no response could be reasonably created and that the caller should rethrow the exception.
        /// </returns>
        private IRequest GetErrorResponse(ProtocolException ex, HttpRequestInfo httpRequestInfo, IDirectedProtocolMessage incomingMessage)
        {
            ErrorUtilities.VerifyArgumentNotNull(ex, "ex");
            ErrorUtilities.VerifyArgumentNotNull(httpRequestInfo, "httpRequestInfo");

            Logger.Error("An exception was generated while processing an incoming OpenID request.", ex);
            IErrorMessage errorMessage;

            // We must create the appropriate error message type (direct vs. indirect)
            // based on what we see in the request.
            if (httpRequestInfo.QueryString[Protocol.Default.openid.return_to] != null)
            {
                // An indirect request message from the RP
                // We need to return an indirect response error message so the RP can consume it.
                // Consistent with OpenID 2.0 section 5.2.3.
                var indirectRequest = incomingMessage as SignedResponseRequest;
                if (indirectRequest != null)
                {
                    errorMessage = new IndirectErrorResponse(indirectRequest);
                }
                else
                {
                    errorMessage = new IndirectErrorResponse(Protocol.Default.Version, new Uri(httpRequestInfo.QueryString[Protocol.Default.openid.return_to]));
                }
            }
            else if (httpRequestInfo.HttpMethod == "POST")
            {
                // A direct request message from the RP
                // We need to return a direct response error message so the RP can consume it.
                // Consistent with OpenID 2.0 section 5.1.2.2.
                errorMessage = new DirectErrorResponse(Protocol.Default.Version, incomingMessage);
            }
            else
            {
                // This may be an indirect request from an RP that was so badly
                // formed that we cannot even return an error to the RP.
                // The best we can do is display an error to the user.
                // Returning null cues the caller to "throw;"
                return(null);
            }

            errorMessage.ErrorMessage = ex.GetAllMessages();

            // Allow host to log this error and issue a ticket #.
            // We tear off the field to a local var for thread safety.
            IErrorReporting hostErrorHandler = this.ErrorReporting;

            if (hostErrorHandler != null)
            {
                errorMessage.Contact   = hostErrorHandler.Contact;
                errorMessage.Reference = hostErrorHandler.LogError(ex);
            }

            if (incomingMessage != null)
            {
                return(new AutoResponsiveRequest(this, incomingMessage, errorMessage));
            }
            else
            {
                return(new AutoResponsiveRequest(this, errorMessage));
            }
        }