/// <summary>
/// Validates the current user
/// </summary>
/// <param name="httpContext"></param>
/// <param name="throwExceptions">set to true if you want exceptions to be thrown if failed</param>
/// <returns></returns>
internal ValidateRequestAttempt ValidateCurrentUser(HttpContextBase httpContext, bool throwExceptions = false)
{
if (UmbracoUserContextId != "")
{
var uid = GetUserId(UmbracoUserContextId);
var timeout = GetTimeout(UmbracoUserContextId);
if (timeout > DateTime.Now.Ticks)
{
var user = User.GetUser(uid);
// Check for console access
if (user.Disabled || (user.NoConsole && GlobalSettings.RequestIsInUmbracoApplication(httpContext) && GlobalSettings.RequestIsLiveEditRedirector(httpContext) == false))
{
if (throwExceptions)
{
throw new ArgumentException("You have no priviledges to the umbraco console. Please contact your administrator");
}
return(ValidateRequestAttempt.FailedNoPrivileges);
}
UpdateLogin(timeout);
return(ValidateRequestAttempt.Success);
}
if (throwExceptions)
{
throw new ArgumentException("User has timed out!!");
}
return(ValidateRequestAttempt.FailedTimedOut);
}
if (throwExceptions)
{
throw new InvalidOperationException("The user has no umbraco contextid - try logging in");
}
return(ValidateRequestAttempt.FailedNoContextId);
}
/// <summary>
/// Validates the current user assigned to the request and ensures the stored user data is valid
/// </summary>
/// <param name="throwExceptions">set to true if you want exceptions to be thrown if failed</param>
/// <returns></returns>
internal ValidateRequestAttempt ValidateCurrentUser(bool throwExceptions)
{
//This will first check if the current user is already authenticated - which should be the case in nearly all circumstances
// since the authentication happens in the Module, that authentication also checks the ticket expiry. We don't
// need to check it a second time because that requires another decryption phase and nothing can tamper with it during the request.
if (IsAuthenticated() == false)
{
//There is no user
if (throwExceptions)
{
throw new InvalidOperationException("The user has no umbraco contextid - try logging in");
}
return(ValidateRequestAttempt.FailedNoContextId);
}
var user = CurrentUser;
// Check for console access
if (user == null || user.IsApproved == false || (user.IsLockedOut && GlobalSettings.RequestIsInUmbracoApplication(_httpContext)))
{
if (throwExceptions)
{
throw new ArgumentException("You have no priviledges to the umbraco console. Please contact your administrator");
}
return(ValidateRequestAttempt.FailedNoPrivileges);
}
return(ValidateRequestAttempt.Success);
}
/// <summary>
/// Ensures that the request is a document request (i.e. one that the module should handle)
/// </summary>
/// <param name="httpContext"></param>
/// <param name="uri"></param>
/// <returns></returns>
bool EnsureDocumentRequest(HttpContextBase httpContext, Uri uri)
{
var maybeDoc = true;
var lpath = uri.AbsolutePath.ToLowerInvariant();
// handle directory-urls used for asmx
// legacy - what's the point really?
if (maybeDoc && GlobalSettings.UseDirectoryUrls)
{
int asmxPos = lpath.IndexOf(".asmx/");
if (asmxPos >= 0)
{
// use uri.AbsolutePath, not path, 'cos path has been lowercased
httpContext.RewritePath(uri.AbsolutePath.Substring(0, asmxPos + 5), // filePath
uri.AbsolutePath.Substring(asmxPos + 5), // pathInfo
uri.Query.TrimStart('?'));
maybeDoc = false;
}
}
// a document request should be
// /foo/bar/nil
// /foo/bar/nil/
// /foo/bar/nil.aspx
// where /foo is not a reserved path
// if the path contains an extension that is not .aspx
// then it cannot be a document request
if (maybeDoc && lpath.Contains('.') && !lpath.EndsWith(".aspx"))
{
maybeDoc = false;
}
// at that point, either we have no extension, or it is .aspx
// if the path is reserved then it cannot be a document request
if (maybeDoc && GlobalSettings.IsReservedPathOrUrl(lpath))
{
maybeDoc = false;
}
//NOTE: No need to warn, plus if we do we should log the document, as this message doesn't really tell us anything :)
//if (!maybeDoc)
//{
// LogHelper.Warn<UmbracoModule>("Not a document");
//}
return(maybeDoc);
}
