Beispiel #1
0
        private void AssertDisplayProperty <T>(IContentProperties <T> result, Property p)
            where T : ContentPropertyBasic
        {
            var pDto = result.Properties.SingleOrDefault(x => x.Alias == p.Alias);

            Assert.IsNotNull(pDto);

            //pDto.Alias = p.Alias;
            //pDto.Description = p.PropertyType.Description;
            //pDto.Label = p.PropertyType.Name;
            //pDto.Config = applicationContext.Services.DataTypeService.GetPreValuesByDataTypeId(p.PropertyType.DataTypeDefinitionId);
        }
Beispiel #2
0
        private void AssertProperty(IContentProperties <ContentPropertyDto> result, Property p)
        {
            AssertBasicProperty(result, p);

            var pDto = result.Properties.SingleOrDefault(x => x.Alias == p.Alias);

            Assert.IsNotNull(pDto);
            Assert.AreEqual(p.PropertyType.Mandatory, pDto.IsRequired);
            Assert.AreEqual(p.PropertyType.ValidationRegExp, pDto.ValidationRegExp);
            Assert.AreEqual(p.PropertyType.Description, pDto.Description);
            Assert.AreEqual(p.PropertyType.Name, pDto.Label);
            Assert.AreEqual(Current.Services.DataTypeService.GetDataType(p.PropertyType.DataTypeId), pDto.DataType);
            Assert.AreEqual(Current.PropertyEditors[p.PropertyType.PropertyEditorAlias], pDto.PropertyEditor);
        }
Beispiel #3
0
 /// <summary>
 /// we will now assign all of the values in the 'save' model to the DTO object
 /// </summary>
 /// <param name="saveModel"></param>
 /// <param name="dto"></param>
 public void MapPropertyValuesFromSaved(IContentProperties <ContentPropertyBasic> saveModel, ContentPropertyCollectionDto dto)
 {
     //NOTE: Don't convert this to linq, this is much quicker
     foreach (var p in saveModel.Properties)
     {
         foreach (var propertyDto in dto.Properties)
         {
             if (propertyDto.Alias != p.Alias)
             {
                 continue;
             }
             propertyDto.Value = p.Value;
             break;
         }
     }
 }
Beispiel #4
0
    public override bool ValidatePropertiesData(
        MemberSave?model,
        IContentProperties <ContentPropertyBasic>?modelWithProperties,
        ContentPropertyCollectionDto?dto,
        ModelStateDictionary modelState)
    {
        if (model is null)
        {
            return(false);
        }

        if (model.Username.IsNullOrWhiteSpace())
        {
            modelState.AddPropertyError(
                new ValidationResult("Invalid user name", new[] { "value" }),
                $"{Constants.PropertyEditors.InternalGenericPropertiesPrefix}login");
        }

        if (model.Email.IsNullOrWhiteSpace() || new EmailAddressAttribute().IsValid(model.Email) == false)
        {
            modelState.AddPropertyError(
                new ValidationResult("Invalid email", new[] { "value" }),
                $"{Constants.PropertyEditors.InternalGenericPropertiesPrefix}email");
        }

        var validEmail = ValidateUniqueEmail(model);

        if (validEmail == false)
        {
            modelState.AddPropertyError(
                new ValidationResult("Email address is already in use", new[] { "value" }),
                $"{Constants.PropertyEditors.InternalGenericPropertiesPrefix}email");
        }

        var validLogin = ValidateUniqueLogin(model);

        if (validLogin == false)
        {
            modelState.AddPropertyError(
                new ValidationResult("Username is already in use", new[] { "value" }),
                $"{Constants.PropertyEditors.InternalGenericPropertiesPrefix}login");
        }

        return(base.ValidatePropertiesData(model, modelWithProperties, dto, modelState));
    }
Beispiel #5
0
    /// <summary>
    ///     This ensures that the internal membership property types are removed from validation before processing the
    ///     validation
    ///     since those properties are actually mapped to real properties of the IMember.
    ///     This also validates any posted data for fields that are sensitive.
    /// </summary>
    /// <param name="model"></param>
    /// <param name="modelWithProperties"></param>
    /// <param name="actionContext"></param>
    /// <returns></returns>
    public override bool ValidateProperties(MemberSave?model, IContentProperties <ContentPropertyBasic>?modelWithProperties, ActionExecutingContext actionContext)
    {
        var propertiesToValidate = model?.Properties.ToList();
        Dictionary <string, PropertyType> defaultProps =
            ConventionsHelper.GetStandardPropertyTypeStubs(_shortStringHelper);
        var exclude = defaultProps.Select(x => x.Value.Alias).ToArray();

        foreach (var remove in exclude)
        {
            propertiesToValidate?.RemoveAll(property => property.Alias == remove);
        }

        //if the user doesn't have access to sensitive values, then we need to validate the incoming properties to check
        //if a sensitive value is being submitted.
        if (_backofficeSecurity?.CurrentUser?.HasAccessToSensitiveData() == false)
        {
            IMemberType?contentType         = _memberTypeService.Get(model?.PersistedContent?.ContentTypeId ?? default);
            var         sensitiveProperties = contentType?
                                              .PropertyTypes.Where(x => contentType.IsSensitiveProperty(x.Alias))
                                              .ToList();

            if (sensitiveProperties is not null)
            {
                foreach (IPropertyType sensitiveProperty in sensitiveProperties)
                {
                    ContentPropertyBasic?prop =
                        propertiesToValidate?.FirstOrDefault(x => x.Alias == sensitiveProperty.Alias);

                    if (prop != null)
                    {
                        //this should not happen, this means that there was data posted for a sensitive property that
                        //the user doesn't have access to, which means that someone is trying to hack the values.

                        var message = $"property with alias: {prop.Alias} cannot be posted";
                        actionContext.Result = new NotFoundObjectResult(new InvalidOperationException(message));
                        return(false);
                    }
                }
            }
        }

        return(ValidateProperties(propertiesToValidate, model?.PersistedContent?.Properties.ToList(), actionContext));
    }
        /// <summary>
        /// We need to manually validate a few things here like email and login to make sure they are valid and aren't duplicates
        /// </summary>
        /// <param name="model"></param>
        /// <param name="dto"></param>
        /// <param name="modelState"></param>
        /// <param name="modelWithProperties"></param>
        /// <returns></returns>
        public override bool ValidatePropertyData(MemberSave model, IContentProperties <ContentPropertyBasic> modelWithProperties, ContentPropertyCollectionDto dto, ModelStateDictionary modelState)
        {
            if (model.Username.IsNullOrWhiteSpace())
            {
                modelState.AddPropertyError(
                    new ValidationResult("Invalid user name", new[] { "value" }),
                    $"{Constants.PropertyEditors.InternalGenericPropertiesPrefix}login");
            }

            if (model.Email.IsNullOrWhiteSpace() || new EmailAddressAttribute().IsValid(model.Email) == false)
            {
                modelState.AddPropertyError(
                    new ValidationResult("Invalid email", new[] { "value" }),
                    $"{Constants.PropertyEditors.InternalGenericPropertiesPrefix}email");
            }

            //default provider!
            var membershipProvider = Core.Security.MembershipProviderExtensions.GetMembersMembershipProvider();

            var validEmail = ValidateUniqueEmail(model, membershipProvider);

            if (validEmail == false)
            {
                modelState.AddPropertyError(
                    new ValidationResult("Email address is already in use", new[] { "value" }),
                    $"{Constants.PropertyEditors.InternalGenericPropertiesPrefix}email");
            }

            var validLogin = ValidateUniqueLogin(model, membershipProvider);

            if (validLogin == false)
            {
                modelState.AddPropertyError(
                    new ValidationResult("Username is already in use", new[] { "value" }),
                    $"{Constants.PropertyEditors.InternalGenericPropertiesPrefix}login");
            }

            return(base.ValidatePropertyData(model, modelWithProperties, dto, modelState));
        }
Beispiel #7
0
        private void AssertBasicProperty <T>(IContentProperties <T> result, Property p)
            where T : ContentPropertyBasic
        {
            var pDto = result.Properties.SingleOrDefault(x => x.Alias == p.Alias);

            Assert.IsNotNull(pDto);
            Assert.AreEqual(p.Alias, pDto.Alias);
            Assert.AreEqual(p.Id, pDto.Id);

            if (p.GetValue() == null)
            {
                Assert.AreEqual(pDto.Value, string.Empty);
            }
            else if (p.GetValue() is decimal)
            {
                Assert.AreEqual(pDto.Value, ((decimal)p.GetValue()).ToString(NumberFormatInfo.InvariantInfo));
            }
            else
            {
                Assert.AreEqual(pDto.Value, p.GetValue().ToString());
            }
        }
        /// <summary>
        /// This ensures that the internal membership property types are removed from validation before processing the validation
        /// since those properties are actually mapped to real properties of the IMember.
        /// This also validates any posted data for fields that are sensitive.
        /// </summary>
        /// <param name="model"></param>
        /// <param name="modelWithProperties"></param>
        /// <param name="actionContext"></param>
        /// <returns></returns>
        public override bool ValidateProperties(MemberSave model, IContentProperties <ContentPropertyBasic> modelWithProperties, HttpActionContext actionContext)
        {
            var propertiesToValidate = model.Properties.ToList();
            var defaultProps         = ConventionsHelper.GetStandardPropertyTypeStubs();
            var exclude = defaultProps.Select(x => x.Value.Alias).ToArray();

            foreach (var remove in exclude)
            {
                propertiesToValidate.RemoveAll(property => property.Alias == remove);
            }

            //if the user doesn't have access to sensitive values, then we need to validate the incoming properties to check
            //if a sensitive value is being submitted.
            if (UmbracoContextAccessor.UmbracoContext.Security.CurrentUser.HasAccessToSensitiveData() == false)
            {
                var contentType         = _memberTypeService.Get(model.PersistedContent.ContentTypeId);
                var sensitiveProperties = contentType
                                          .PropertyTypes.Where(x => contentType.IsSensitiveProperty(x.Alias))
                                          .ToList();

                foreach (var sensitiveProperty in sensitiveProperties)
                {
                    var prop = propertiesToValidate.FirstOrDefault(x => x.Alias == sensitiveProperty.Alias);

                    if (prop != null)
                    {
                        //this should not happen, this means that there was data posted for a sensitive property that
                        //the user doesn't have access to, which means that someone is trying to hack the values.

                        var message = $"property with alias: {prop.Alias} cannot be posted";
                        actionContext.Response = actionContext.Request.CreateErrorResponse(HttpStatusCode.NotFound, new InvalidOperationException(message));
                        return(false);
                    }
                }
            }

            return(ValidateProperties(propertiesToValidate, model.PersistedContent.Properties.ToList(), actionContext));
        }
Beispiel #9
0
 public ContentSavedState?Resolve(IContent source, IContentProperties <T> destination, ContentSavedState?destMember, ResolutionContext context)
 {
     return(_inner.Resolve(source, destination, default, context));