protected virtual string GetRequestInfoJavaScript(string webScreenKey, string webScreenName)
        {
            var info = AppInfo.GetAppInfo();

            using (var writer = new StringWriter()) {
                writer.Write("    <script id=\"_OSrequestInfoScript\" type=\"text/javascript\">(function(global) { ");
                writer.Write("global.outsystems = global.outsystems || {};");
                writer.Write("global.outsystems.internal = global.outsystems.internal || {};");
                if (Settings.GetBool(Settings.Configs.JavascriptAPI_ShowHiddenFields))
                {
                    writer.Write("global.outsystems.internal.showHiddenFields = true;");
                }
                writer.Write("global.outsystems.internal.requestInfo = {");
                //  #564602 OSVisit and OSVisitor cookies allow HTML injection -check if cookies' value  was modified
                writer.Write("visitorKey:'{0}',", GuidUtils.IsGuid(info.VisitorId) ? info.VisitorId : "");
                writer.Write("visitKey:'{0}',", GuidUtils.IsGuid(info.VisitId) ? info.VisitId : "");
                writer.Write("sessionKey:'{0}',", info.OsContext.Session.SessionIDHash);
                writer.Write("userKey:'{0}',", info.OsContext.Session.UserIdGuid);

                var  perfTracer       = info.OsContext.RequestTracer;
                bool perfTracerExists = perfTracer != null;
                writer.Write("requestKey:'{0}',", (perfTracerExists) ? perfTracer.RequestKey : "");
                writer.Write("webScreenKey:'{0}',", ObjectKeyUtils.DatabaseValue(ObjectKey.Parse(webScreenKey)));
                writer.Write("webScreenName:'{0}',", webScreenName);
                writer.Write("espaceKey:'{0}',", (perfTracerExists) ? perfTracer.ModuleKey : info.eSpaceUID);
                writer.Write("espaceName:'{0}',", (perfTracerExists) ? perfTracer.ModuleName : info.eSpaceName);
                writer.Write("applicationKey:'{0}',", (perfTracerExists) ? perfTracer.ApplicationKey : info.ApplicationUID);
                writer.Write("applicationName:'{0}',", (perfTracerExists) ? perfTracer.ApplicationName : info.ApplicationName);
                writer.Write("tenantKey:'{0}',", (perfTracerExists) ? perfTracer.TenantKey : info.Tenant.Id_Guid);
                writer.Write("tenantName:'{0}',", (perfTracerExists) ? perfTracer.TenantName : info.Tenant.Name);
                writer.Write("environmentKey:'{0}',", (perfTracerExists) ? perfTracer.EnvironmentKey : info.EnvironmentKey);
                writer.Write("environmentName:'{0}',", (perfTracerExists) ? perfTracer.EnvironmentName : info.EnvironmentName);
                if (Settings.GetBool(Settings.Configs.JavascriptAPI_ShowHiddenFields))
                {
                    writer.Write("username:'******',", info.OsContext.Session.UserName);
                    writer.Write("frontendName:'{0}',", (perfTracerExists) ? perfTracer.FrontEndName : info.FrontendName);
                }
                // #664816 - When the host serial on OSSYS_SERVER is different from the one in the windows registry the FrontendName will not be read from the DB.
                // We do a null check here to prevent this not vital information from stopping the application load.
                string value = null;
                if (perfTracerExists)
                {
                    value = string.IsNullOrEmpty(perfTracer.FrontEndName) ? "" :
                            SecureConfidentialInformationEncryption.EncryptWithAlgorithm(perfTracer.FrontEndName, SecureConfidentialInformationEncryption.FixedKeyAES128.Instance);
                }
                else
                {
                    value = string.IsNullOrEmpty(info.FrontendName) ? "" :
                            SecureConfidentialInformationEncryption.EncryptWithAlgorithm(info.FrontendName, SecureConfidentialInformationEncryption.FixedKeyAES128.Instance);
                }
                writer.Write("frontendKey:'{0}'", value);
                writer.Write("}");
                writer.Write("})(this);");
                writer.Write("</script>\n");
                return(writer.ToString());
            }
        }
Beispiel #2
0
 public static string Encrypt(string password, Version targetServerVersion)
 {
     return(ENCRYPTED_SYMMETRIC_PREFIX
            + SecureConfidentialInformationEncryption.EncryptWithAlgorithm(password, SecureConfidentialInformationEncryption.FixedKeyAES128.Instance));
 }