private static string GetContextId(HttpRequestBase request, CapttiaSection config, Encryption encryption)
{
var contextId = AnonymousIdentifier.GetContextId(request.RequestContext.HttpContext);
// Check for existing cookie
var existingCookie = request.Cookies[config.CookieName];
if (existingCookie != null)
{
var cookieId = existingCookie.Value;
if (!string.IsNullOrWhiteSpace(cookieId))
{
try
{
var decryptedCookieId = encryption.Decrypt(cookieId, config.PassPhraseB);
var cookieBrowserId = AnonymousIdentifier.GetBrowserStampFromId(decryptedCookieId);
var contextBrowserId = AnonymousIdentifier.GetBrowserStampFromId(contextId);
if (cookieBrowserId.Equals(contextBrowserId))
{
contextId = decryptedCookieId;
}
}
catch (CryptographicException)
{
request.Cookies[config.CookieName].Expires = DateTime.Today.AddDays(-1);
}
}
}
return contextId;
}
public static string FormTokenSelector(HttpRequestBase request)
{
if (request == null) throw new ArgumentNullException("request");
var rawValue = request.Form["__RequestVerificationToken"];
return string.IsNullOrWhiteSpace(rawValue) ? null : rawValue;
}
public static string JsonTokenSelector(HttpRequestBase request)
{
if (request == null) throw new ArgumentNullException("request");
long startingPosition = request.InputStream.Position;
var buffer = new byte[4096];
int lastReadCount;
int usedBytesInBuffer = 0;
while ((lastReadCount = request.InputStream.Read(buffer, usedBytesInBuffer, buffer.Length - usedBytesInBuffer)) > 0)
{
usedBytesInBuffer += lastReadCount;
if(usedBytesInBuffer == buffer.Length)
{
Array.Resize(ref buffer,usedBytesInBuffer*2);
}
}
Array.Resize(ref buffer, usedBytesInBuffer);//prune array
var chars = request.ContentEncoding.GetChars(buffer);
var content = new string(chars);
request.InputStream.Position = startingPosition;//Leave stream how we found it
var jsonRequest = JObject.Parse(content);
return (string)jsonRequest["__RequestVerificationToken"];
}
public static int CurrentPage(HttpRequestBase request)
{
int page = 0;
if (int.TryParse(request.QueryString["page"], out page))
return page;
return 1;
}
private static HttpContextBase CreateStubContextBase(HttpRequestBase request)
{
Mock<HttpContextBase> mock = new Mock<HttpContextBase>();
mock.SetupGet(m => m.Request).Returns(request);
IDictionary items = new Dictionary<object, object>();
mock.SetupGet(m => m.Items).Returns(items);
return mock.Object;
}
protected string GetRequestValue(HttpRequestBase request, string field)
{
if (IgnoreUseUnvalidatedValues)
{
// Make sure we do not set this when we are hosted since this is only meant for unit test scenarios.
Debug.Assert(HttpContext.Current == null, "This flag should not be set when we are hosted.");
return request.Form[field];
}
return _useUnvalidatedValues ? request.Unvalidated(field) : request.Form[field];
}
public SeekableBufferedRequestStream(HttpRequestBase request)
{
if (request == null)
{
throw new ArgumentNullException("request");
}
_request = request;
InnerStream = request.GetBufferedInputStream();
}
public WebHostHttpRequestContext(HttpContextBase contextBase, HttpRequestBase requestBase,
HttpRequestMessage request)
{
Contract.Assert(contextBase != null);
Contract.Assert(requestBase != null);
Contract.Assert(request != null);
_contextBase = contextBase;
_requestBase = requestBase;
_request = request;
}
} // End of the constructor
/// <summary>
/// Create new query parameters from a request
/// </summary>
/// <param name="request">A reference to a request object</param>
public QueryParams(HttpRequestBase request)
{
// Set values for instance variables
this.keywords = "";
this.sort_field = "";
this.sort_order = "ASC";
this.page_size = 10;
this.current_page = 1;
// Get the keywords
if (request.Params["kw"] != null)
{
this.keywords = HttpContext.Current.Server.UrlDecode(request.Params["kw"]);
}
// Get the sort field
if (request.Params["sf"] != null)
{
this.sort_field = request.Params["sf"];
}
// Get the sort order
if (request.Params["so"] != null)
{
this.sort_order = request.Params["so"];
}
// Get the page size
if (request.Params["pz"] != null)
{
try
{
this.page_size = Int32.Parse(request.Params["pz"]);
}
catch (Exception ex)
{
string exceptionMessage = ex.Message;
}
}
// Get the page number
if (request.Params["qp"] != null)
{
try
{
this.current_page = Int32.Parse(request.Params["qp"]);
}
catch (Exception ex)
{
string exceptionMessage = ex.Message;
this.current_page = 1;
}
}
} // End of the constructor
public static string GetPageTitle(HttpRequestBase request)
{
XmlDocument doc = GetXmlDocument(request);
XmlAttribute attr = doc.SelectSingleNode("checklist").Attributes["name"];
if (attr != null)
{
return attr.InnerText;
}
return Title;
}
public static string PageName(HttpRequestBase request)
{
string name = GetFileName(request.RawUrl);
var result = Docs.FirstOrDefault(d => d.Key.Equals(name, StringComparison.OrdinalIgnoreCase));
if (result.Value != null)
{
return result.Key;
}
return Title;
}
internal static string GetFilterValue(HttpRequestBase request, string cookieName, string key)
{
var value = request.QueryString[key];
if (String.IsNullOrEmpty(value))
{
var cookie = request.Cookies[cookieName];
if (cookie != null)
{
value = cookie[key];
}
}
return value;
}
/// <summary>
/// Determines whether the specified request is over a secure connection.
/// </summary>
/// <param name="request">The request to test.</param>
/// <param name="settings">The settings used for determining a secure connection.</param>
/// <returns>
/// <c>true</c> if the specified request is over a secure connection; otherwise, <c>false</c>.
/// </returns>
public override bool IsSecureConnection(HttpRequestBase request, Settings settings)
{
Logger.Log("Checking for any header that matches one from OffloadedSecurityServerVariables...");
// Parse the expected security variables and check for each against the server variables.
NameValueCollection expectedSecurityVariables = HttpUtility.ParseQueryString(settings.OffloadedSecurityServerVariables);
bool isSecure = FindAnyNameValueMatch(expectedSecurityVariables, request.ServerVariables);
Logger.Log(isSecure
? "Server variable match found; connection is secure."
: "No match found; connection is presumed not secure.");
return isSecure;
}
public static XmlDocument GetXmlDocument(HttpRequestBase request)
{
string site = GetSiteName(request);
var section = Docs[site];
var pageName = GetPageName(request);
var result = section.Keys.SingleOrDefault(k => k.Equals(pageName, StringComparison.OrdinalIgnoreCase));
if (result != null)
{
return section[result];
}
return Docs[site]["index"];
}
public static string RenderWebPage(WebPage page, StartPage startPage = null, HttpRequestBase request = null)
{
var writer = new StringWriter();
// Create an actual dummy HttpContext that has a request object
var filename = "default.aspx";
var url = "http://localhost/default.aspx";
request = request ?? CreateTestRequest(filename, url).Object;
var httpContext = CreateTestContext(request);
var pageContext = new WebPageContext { HttpContext = httpContext.Object };
page.ExecutePageHierarchy(pageContext, writer, startPage);
return writer.ToString();
}
public static string Subtitle(HttpRequestBase request)
{
if (PageName(request) != Title)
{
int index = request.RawUrl.IndexOf('/', 1);
if (index > -1)
{
return request.RawUrl.Substring(index);
}
return string.Empty;
}
return request.RawUrl;
}
/// <summary>
/// Ruft die SharePoint-Host-URL aus dem QueryString der angegebenen HTTP-Anforderung ab.
/// </summary>
/// <param name="httpRequest">Die angegebene HTTP-Anforderung.</param>
/// <returns>Die SharePoint-Host-URL. Gibt <c>null</c> zurück, wenn die HTTP-Anforderung die SharePoint-Host-URL nicht enthält.</returns>
public static Uri GetSPHostUrl(HttpRequestBase httpRequest)
{
if (httpRequest == null)
{
throw new ArgumentNullException("httpRequest");
}
string spHostUrlString = TokenHelper.EnsureTrailingSlash(httpRequest.QueryString[SPHostUrlKey]);
Uri spHostUrl;
if (Uri.TryCreate(spHostUrlString, UriKind.Absolute, out spHostUrl) &&
(spHostUrl.Scheme == Uri.UriSchemeHttp || spHostUrl.Scheme == Uri.UriSchemeHttps))
{
return spHostUrl;
}
return null;
}
public static Mock<HttpContextBase> CreateTestContext(HttpRequestBase request = null, HttpResponseBase response = null, IDictionary items = null)
{
items = items ?? new Hashtable();
request = request ?? CreateTestRequest("default.cshtml", "http://localhost/default.cshtml").Object;
if (response == null)
{
var mockResponse = new Mock<HttpResponseBase>();
mockResponse.Setup(r => r.Cookies).Returns(new HttpCookieCollection());
response = mockResponse.Object;
}
var httpContext = new Mock<HttpContextBase>();
httpContext.SetupGet(c => c.Items).Returns(items);
httpContext.SetupGet(c => c.Request).Returns(request);
httpContext.SetupGet(c => c.Response).Returns(response);
return httpContext;
}
/// <summary>
/// Writes a CAPTTIA element to the form.
/// </summary>
/// <param name="html"></param>
/// <param name="request"></param>
/// <returns></returns>
public static MvcHtmlString Capttia(this HtmlHelper html, HttpRequestBase request)
{
var config = ConfigurationManager.GetSection("capttia") as CapttiaSection;
var encryption = new Encryption();
var ids = new ScriptIds(config.ModuleName);
string contextId = GetContextId(request, config, encryption);
// Place it in a cookie
var cookieContextId = encryption.Encrypt(contextId, config.PassPhraseB);
request.RequestContext.HttpContext.Response.SetCookie(new HttpCookie(config.CookieName, cookieContextId) { HttpOnly = true });
// Place it on the form
var formId = encryption.Encrypt(contextId, config.PassPhrase);
var token = JavaScript.EncodeForSingleQuotes(formId);
return MvcHtmlString.Create(GetHoneyPot(ids) + GetScriptElement(ids, token));
}
public static XmlDocument GetXmlDocument(HttpRequestBase request)
{
string name = GetFileName(request.RawUrl);
if (HttpRuntime.Cache["data"] == null)
{
BuildCache(folder);
HttpRuntime.Cache.Insert("data", "test", new CacheDependency(folder));
}
var result = Docs.FirstOrDefault(d => d.Key.Equals(name, StringComparison.OrdinalIgnoreCase));
if (result.Value != null)
{
return result.Value;
}
return Docs["items"]; ;
}
internal static bool IsAuthenticated(HttpRequestBase request)
{
HttpCookie authCookie = request.Cookies[AuthCookieName];
// Not authenticated if there is no cookie
if (authCookie == null)
{
return false;
}
try
{
return IsValidAuthCookie(authCookie);
}
catch
{
// If decryption fails, it may be a bad cookie
return false;
}
}
public static string Subtitle(HttpRequestBase request)
{
if (PageName(request) != Title)
{
string clean = request.RawUrl.Trim('/');
if (Docs.Any(d => d.Key.Equals(clean, StringComparison.OrdinalIgnoreCase)))
return string.Empty;
int index = clean.IndexOf('/', 1);
if (index > -1)
{
return clean.Substring(index);
}
return string.Empty;
}
return request.RawUrl;
}
public static XmlDocument GetXmlDocument(HttpRequestBase request)
{
string section = GetSiteName(request);
if (Docs.ContainsKey(section))
{
var site = Docs[section];
var pageName = GetPageName(request);
var result = site.Keys.SingleOrDefault(k => k.Equals(pageName, StringComparison.OrdinalIgnoreCase));
if (result != null)
{
return site[result];
}
else if (site["index"] != null)
{
return site["index"];
}
}
return Docs[defaultSite]["index"];
}
public object FetchActiveRecord(Type paramType, string paramName,
HttpRequestBase request,
IDictionary<string, object> customActionParameters)
{
bool isArray = paramType.IsArray;
if (isArray)
paramType = paramType.GetElementType();
ActiveRecordModel model = ActiveRecordModel.GetModel(paramType);
if (model == null) {
throw new ApplicationException(String.Format("'{0}' is not an ActiveRecord " +
"class. It could not be bound to an [ARFetch] attribute.", paramType.Name));
}
if (model.CompositeKey != null) {
throw new ApplicationException("ARFetch only supports single-attribute primary keys");
}
String webParamName = attr.RequestParameterName ?? paramName;
if (!isArray) {
string value = GetParameterValue(webParamName, customActionParameters, request);
return LoadActiveRecord(paramType, value, model);
}
object[] pks = GetParameterValues(webParamName, customActionParameters, request);
Array objs = Array.CreateInstance(paramType, pks.Length);
for (int i = 0; i < objs.Length; i++) {
objs.SetValue(LoadActiveRecord(paramType, pks[i], model), i);
}
return objs;
}
public static MarkdownPage GetCurrentPage(HttpRequestBase request)
{
string raw = request.QueryString["path"];
if (string.IsNullOrWhiteSpace(raw))
return IndexPage;
try {
string[] segments = raw.Split(new[] { "/" }, StringSplitOptions.RemoveEmptyEntries);
MarkdownPage page = IndexPage;
foreach (string segment in segments)
{
page = page.Children.First(c => c.Slug.Equals(segment, StringComparison.OrdinalIgnoreCase));
}
return page;
}
catch (Exception ex)
{
throw new HttpException(404, "Page not found", ex);
}
}
/// <summary> /// Erstellt eine SharePointContext-Instanz. /// </summary> /// <param name="spHostUrl">Die URL des SharePoint-Hosts.</param> /// <param name="spAppWebUrl">Die SharePoint-App-Web-URL.</param> /// <param name="spLanguage">Die SharePoint-Sprache.</param> /// <param name="spClientTag">Das SharePoint-Clienttag.</param> /// <param name="spProductNumber">Die SharePoint-Produktnummer.</param> /// <param name="httpRequest">Die HTTP-Anforderung.</param> /// <returns>Die SharePointContext-Instanz. Gibt <c>null</c> zurück, wenn Fehler auftreten.</returns> protected abstract SharePointContext CreateSharePointContext(Uri spHostUrl, Uri spAppWebUrl, string spLanguage, string spClientTag, string spProductNumber, HttpRequestBase httpRequest);
/// <summary>
/// Erstellt eine SharePointContext-Instanz mit der angegebenen HTTP-Anforderung.
/// </summary>
/// <param name="httpRequest">Die HTTP-Anforderung.</param>
/// <returns>Die SharePointContext-Instanz. Gibt <c>null</c> zurück, wenn Fehler auftreten.</returns>
public SharePointContext CreateSharePointContext(HttpRequestBase httpRequest)
{
if (httpRequest == null)
{
throw new ArgumentNullException("httpRequest");
}
// SPHostUrl
Uri spHostUrl = SharePointContext.GetSPHostUrl(httpRequest);
if (spHostUrl == null)
{
return null;
}
// SPAppWebUrl
string spAppWebUrlString = TokenHelper.EnsureTrailingSlash(httpRequest.QueryString[SharePointContext.SPAppWebUrlKey]);
Uri spAppWebUrl;
if (!Uri.TryCreate(spAppWebUrlString, UriKind.Absolute, out spAppWebUrl) ||
!(spAppWebUrl.Scheme == Uri.UriSchemeHttp || spAppWebUrl.Scheme == Uri.UriSchemeHttps))
{
spAppWebUrl = null;
}
// SPLanguage
string spLanguage = httpRequest.QueryString[SharePointContext.SPLanguageKey];
if (string.IsNullOrEmpty(spLanguage))
{
return null;
}
// SPClientTag
string spClientTag = httpRequest.QueryString[SharePointContext.SPClientTagKey];
if (string.IsNullOrEmpty(spClientTag))
{
return null;
}
// SPProductNumber
string spProductNumber = httpRequest.QueryString[SharePointContext.SPProductNumberKey];
if (string.IsNullOrEmpty(spProductNumber))
{
return null;
}
return CreateSharePointContext(spHostUrl, spAppWebUrl, spLanguage, spClientTag, spProductNumber, httpRequest);
}
internal static WebImage GetImageFromRequest(HttpRequestBase request, string postedFileName = null) {
Debug.Assert(request != null);
if ((request.Files == null) || (request.Files.Count == 0)) {
return null;
}
HttpPostedFileBase file = string.IsNullOrEmpty(postedFileName) ? request.Files[0] : request.Files[postedFileName];
if (file == null || file.ContentLength < 1) {
return null;
}
// The content type is specified by the browser and is unreliable.
// Disregard content type, acquire mime type.
ImageFormat format;
string mimeType = MimeMapping.GetMimeMapping(file.FileName);
if (!ConversionUtil.TryFromStringToImageFormat(mimeType, out format)) {
// Unsupported image format.
return null;
}
WebImage webImage = new WebImage(file.InputStream);
webImage.FileName = file.FileName;
return webImage;
}
protected override SharePointContext CreateSharePointContext(Uri spHostUrl, Uri spAppWebUrl, string spLanguage, string spClientTag, string spProductNumber, HttpRequestBase httpRequest)
{
string contextTokenString = TokenHelper.GetContextTokenFromRequest(httpRequest);
if (string.IsNullOrEmpty(contextTokenString))
{
return null;
}
SharePointContextToken contextToken = null;
try
{
contextToken = TokenHelper.ReadAndValidateContextToken(contextTokenString, httpRequest.Url.Authority);
}
catch (WebException)
{
return null;
}
catch (AudienceUriValidationFailedException)
{
return null;
}
return new SharePointAcsContext(spHostUrl, spAppWebUrl, spLanguage, spClientTag, spProductNumber, contextTokenString, contextToken);
}
protected override SharePointContext CreateSharePointContext(Uri spHostUrl, Uri spAppWebUrl, string spLanguage, string spClientTag, string spProductNumber, HttpRequestBase httpRequest)
{
WindowsIdentity logonUserIdentity = httpRequest.LogonUserIdentity;
if (logonUserIdentity == null || !logonUserIdentity.IsAuthenticated || logonUserIdentity.IsGuest || logonUserIdentity.User == null)
{
return null;
}
return new SharePointHighTrustContext(spHostUrl, spAppWebUrl, spLanguage, spClientTag, spProductNumber, logonUserIdentity);
}
/// <summary>
/// Determina si la función especificada existe bajo el nombre de autenticación especificado y tiene permiso
/// </ summary>
/// <param name = "request"> </ param>
/// <param name = "authorizeName"> utilizado para nombrar la autenticación de inicio de sesión diferente </ param>
/// <param name = "roles"> role </ param>
/// <returns></returns>
public static bool IsAuthenticatedRole(this HttpRequestBase request, string authorizeName, string roles)
{
HttpCookie authCookie = AuthenticationHelper.GetAuthCookie(authorizeName);
return(AuthenticationHelper.CheckAuthorization(authCookie, roles));
}
