Merge branch 'v3.2' into v3.3

Conflicts:
	src/DotNetOpenAuth/OpenId/Extensions/AttributeExchange/AttributeValues.cs

samples/OpenIdRelyingPartyWebForms/loginProgrammatic.aspx

@@ -12,5 +12,4 @@
 		Visible="False" />
 	<asp:Label ID="loginCanceledLabel" runat="server" EnableViewState="False" Text="Login canceled"
 		Visible="False" />
-	<asp:CheckBox ID="noLoginCheckBox" runat="server" Text="Extensions only (no login) -- most OPs don't yet support this" />
 </asp:Content>

src/DotNetOpenAuth/Configuration/DotNetOpenAuth.xsd

@@ -636,6 +636,14 @@
 								</xs:documentation>
 							</xs:annotation>
 						</xs:attribute>
+						<xs:attribute name="cacheDiscovery" type="xs:boolean">
+							<xs:annotation>
+								<xs:documentation>
+									Whether the results of identifier discovery should be cached for a short time to improve performance
+									on subsequent requests, at the potential risk of reading stale data.
+								</xs:documentation>
+							</xs:annotation>
+						</xs:attribute>
 					</xs:complexType>
 				</xs:element>
 				<xs:element name="oauth">

src/DotNetOpenAuth/OAuth/ConsumerBase.cs

@@ -202,7 +202,7 @@ public class ConsumerBase : IDisposable {
 
 			// Fine-tune our understanding of the SP's supported OAuth version if it's wrong.
 			if (this.ServiceProvider.Version != requestTokenResponse.Version) {
-				Logger.OAuth.WarnFormat("Expected OAuth service provider at endpoint {0} to use OAuth {1} but {2} was detected.  Adjusting service description to new version.", this.ServiceProvider.RequestTokenEndpoint, this.ServiceProvider.Version, requestTokenResponse.Version);
+				Logger.OAuth.WarnFormat("Expected OAuth service provider at endpoint {0} to use OAuth {1} but {2} was detected.  Adjusting service description to new version.", this.ServiceProvider.RequestTokenEndpoint.Location, this.ServiceProvider.Version, requestTokenResponse.Version);
 				this.ServiceProvider.ProtocolVersion = Protocol.Lookup(requestTokenResponse.Version).ProtocolVersion;
 			}
 

src/DotNetOpenAuth/OpenId/Extensions/AttributeExchange/AttributeRequest.cs

@@ -15,6 +15,7 @@ namespace DotNetOpenAuth.OpenId.Extensions.AttributeExchange {
 	/// the Attribute Exchange extension.
 	/// </summary>
 	[Serializable]
+	[DebuggerDisplay("{TypeUri} (required: {IsRequired}) ({Count})")]
 	public class AttributeRequest {
 		/// <summary>
 		/// Backing field for the <see cref="Count"/> property.

src/DotNetOpenAuth/OpenId/Extensions/AttributeExchange/AttributeValues.cs

@@ -7,6 +7,7 @@
 namespace DotNetOpenAuth.OpenId.Extensions.AttributeExchange {
 	using System;
 	using System.Collections.Generic;
+	using System.Diagnostics;
 	using System.Diagnostics.Contracts;
 	using DotNetOpenAuth.Messaging;
 
@@ -16,6 +17,7 @@ namespace DotNetOpenAuth.OpenId.Extensions.AttributeExchange {
 	/// a fetch request, or by a relying party as part of a store request.
 	/// </summary>
 	[Serializable]
+	[DebuggerDisplay("{TypeUri}")]
 	public class AttributeValues {
 		/// <summary>
 		/// Initializes a new instance of the <see cref="AttributeValues"/> class.

src/DotNetOpenAuth/OpenId/Extensions/AttributeExchange/FetchRequest.cs

@@ -8,6 +8,7 @@ namespace DotNetOpenAuth.OpenId.Extensions.AttributeExchange {
 	using System;
 	using System.Collections.Generic;
 	using System.Collections.ObjectModel;
+	using System.Diagnostics.Contracts;
 	using System.Globalization;
 	using System.Linq;
 	using DotNetOpenAuth.Messaging;
@@ -67,7 +68,10 @@ public FetchRequest()
 		/// <value>A collection where the keys are the attribute type URIs, and the value
 		/// is all the attribute request details.</value>
 		public KeyedCollection<string, AttributeRequest> Attributes {
-			get { return this.attributes; }
+			get {
+				Contract.Ensures(Contract.Result<KeyedCollection<string, AttributeRequest>>() != null);
+				return this.attributes;
+			}
 		}
 
 		/// <summary>

src/DotNetOpenAuth/OpenId/Extensions/AttributeExchange/FetchResponse.cs

@@ -7,6 +7,7 @@
 namespace DotNetOpenAuth.OpenId.Extensions.AttributeExchange {
 	using System;
 	using System.Collections.ObjectModel;
+	using System.Diagnostics.Contracts;
 	using System.Linq;
 	using DotNetOpenAuth.Messaging;
 	using DotNetOpenAuth.OpenId.Messages;
@@ -52,7 +53,10 @@ public FetchResponse()
 		/// Gets a sequence of the attributes whose values are provided by the OpenID Provider.
 		/// </summary>
 		public KeyedCollection<string, AttributeValues> Attributes {
-			get { return this.attributesProvided; }
+			get {
+				Contract.Ensures(Contract.Result<KeyedCollection<string, AttributeValues>>() != null);
+				return this.attributesProvided;
+			}
 		}
 
 		/// <summary>

src/DotNetOpenAuth/OpenId/Provider/ProviderEndpoint.cs

@@ -43,7 +43,12 @@ public class ProviderEndpoint : Control {
 		/// <summary>
 		/// Backing field for the <see cref="Provider"/> property.
 		/// </summary>
-		private static OpenIdProvider provider = CreateProvider();
+		private static OpenIdProvider provider;
+
+		/// <summary>
+		/// The lock that must be obtained when initializing the provider field.
+		/// </summary>
+		private static object providerInitializerLock = new object();
 
 		/// <summary>
 		/// Fired when an incoming OpenID request is an authentication challenge
@@ -64,6 +69,15 @@ public class ProviderEndpoint : Control {
 		/// <value>The default value is an <see cref="OpenIdProvider"/> instance initialized according to the web.config file.</value>
 		public static OpenIdProvider Provider {
 			get {
+				Contract.Ensures(Contract.Result<OpenIdProvider>() != null);
+				if (provider == null) {
+					lock (providerInitializerLock) {
+						if (provider == null) {
+							provider = CreateProvider();
+						}
+					}
+				}
+
 				return provider;
 			}
 
@@ -83,8 +97,14 @@ public class ProviderEndpoint : Control {
 		/// before responding to the relying party's authentication request.
 		/// </remarks>
 		public static IAuthenticationRequest PendingAuthenticationRequest {
-			get { return HttpContext.Current.Session[PendingRequestKey] as IAuthenticationRequest; }
-			set { HttpContext.Current.Session[PendingRequestKey] = value; }
+			get {
+				Contract.Ensures(Contract.Result<IAuthenticationRequest>() == null || PendingRequest != null);
+				return HttpContext.Current.Session[PendingRequestKey] as IAuthenticationRequest;
+			}
+
+			set {
+				HttpContext.Current.Session[PendingRequestKey] = value;
+			}
 		}
 
 		/// <summary>
@@ -97,8 +117,14 @@ public class ProviderEndpoint : Control {
 		/// before responding to the relying party's request.
 		/// </remarks>
 		public static IAnonymousRequest PendingAnonymousRequest {
-			get { return HttpContext.Current.Session[PendingRequestKey] as IAnonymousRequest; }
-			set { HttpContext.Current.Session[PendingRequestKey] = value; }
+			get {
+				Contract.Ensures(Contract.Result<IAnonymousRequest>() == null || PendingRequest != null);
+				return HttpContext.Current.Session[PendingRequestKey] as IAnonymousRequest;
+			}
+
+			set {
+				HttpContext.Current.Session[PendingRequestKey] = value;
+			}
 		}
 
 		/// <summary>
@@ -159,7 +185,7 @@ public class ProviderEndpoint : Control {
 				// Then try the configuration file specified one.  Finally, use the default
 				// in-memory one that's built into OpenIdProvider.
 				// determine what incoming message was received
-				IRequest request = provider.GetRequest();
+				IRequest request = Provider.GetRequest();
 				if (request != null) {
 					PendingRequest = null;
 
@@ -179,7 +205,7 @@ public class ProviderEndpoint : Control {
 						}
 					}
 					if (request.IsResponseReady) {
-						provider.SendResponse(request);
+						Provider.SendResponse(request);
 						Page.Response.End();
 						PendingAuthenticationRequest = null;
 					}
@@ -218,6 +244,7 @@ public class ProviderEndpoint : Control {
 		/// </summary>
 		/// <returns>The new instance of OpenIdProvider.</returns>
 		private static OpenIdProvider CreateProvider() {
+			Contract.Ensures(Contract.Result<OpenIdProvider>() != null);
 			return new OpenIdProvider(DotNetOpenAuthSection.Configuration.OpenId.Provider.ApplicationStore.CreateInstance(OpenIdProvider.HttpApplicationStore));
 		}
 	}

src/DotNetOpenAuth/OpenId/RelyingParty/OpenIdRelyingParty.cs

@@ -99,7 +99,10 @@ public OpenIdRelyingParty(IRelyingPartyApplicationStore applicationStore)
 			// replay attacks.  But only 2.0+ Providers can be expected to provide 
 			// replay protection.
 			if (nonceStore == null) {
-				this.SecuritySettings.MinimumRequiredOpenIdVersion = ProtocolVersion.V20;
+				if (this.SecuritySettings.MinimumRequiredOpenIdVersion < ProtocolVersion.V20) {
+					Logger.OpenId.Warn("Raising minimum OpenID version requirement for Providers to 2.0 to protect this stateless RP from replay attacks.");
+					this.SecuritySettings.MinimumRequiredOpenIdVersion = ProtocolVersion.V20;
+				}
 			}
 
 			this.channel = new OpenIdChannel(associationStore, nonceStore, this.SecuritySettings);