Beispiel #1
0
        private static void CheckSecureAction(ICustomAttributeProvider method, ControllerActionData actionData)
        {
            object[] dataActionAttributes = method.GetCustomAttributes(typeof(SecureActionAttribute), false);
            if (dataActionAttributes.Length == 0)
            {
                return;
            }

            SecureActionAttribute attribute = (SecureActionAttribute)dataActionAttributes[0];

            actionData.AntiForgery      = actionData.Secure = true;
            actionData.AllowRouteTokens = attribute.AllowRouteTokens;
            actionData.AntiForgerySalt  = attribute.AntiForgerySalt;
        }
Beispiel #2
0
        private static void CheckActionFilters(ICustomAttributeProvider method, ControllerActionData actionData)
        {
            object[] filterAttributes = method.GetCustomAttributes(typeof(FilterAttribute), false);
            if (filterAttributes.Length == 0)
            {
                return;
            }

            for (int index = 0; index < filterAttributes.Length; index++)
            {
                FilterAttribute attribute = (FilterAttribute)filterAttributes[index];
                actionData.Filters.Add(attribute);
            }
        }
Beispiel #3
0
        private static void CheckAntiForgeryAction(ICustomAttributeProvider method, ControllerActionData actionData)
        {
            if (actionData.Secure)
            {
                return;
            }

            object[] dataActionAttributes = method.GetCustomAttributes(typeof(AntiForgeryAttribute), false);
            if (dataActionAttributes.Length == 0)
            {
                return;
            }

            actionData.AntiForgery     = true;
            actionData.AntiForgerySalt = ((AntiForgeryAttribute)dataActionAttributes[0]).Salt;
        }
        private ActionResult ExecuteControllerAction(IPortalContext context, IController controller)
        {
            string actionName = context.Request.ActionName.ToUpper(CultureInfo.InvariantCulture);
            Dictionary <string, ControllerActionData> actionDataList = actionDataListInitializer.Value;

            if (actionDataList.ContainsKey(actionName))
            {
                ControllerActionData actionData  = actionDataList[actionName];
                IHttpRequest         httpRequest = context.HttpContext.Request;
                if (actionData.Secure && (!RequiredRequestType.Equals(httpRequest.RequestType, StringComparison.OrdinalIgnoreCase) || !RequiredContentType.Equals(httpRequest.ContentType, StringComparison.OrdinalIgnoreCase)))
                {
                    WriteJsonServerException("Invalid Request", context.HttpContext);
                }

                try
                {
                    ActionResult action = actionData.CallMethod(controller, serializer, context.HttpContext.Request.InputStream, context.Request.Tokens);
                    if (action == null)
                    {
                        throw new ControllerResultException("Controller did not return an ActionResult.");
                    }

                    action.ViewPaths = BaseViewVirtualPaths.ToArray();
                    return(action);
                }
                catch (Exception ex)
                {
                    if (actionData.Secure)
#if DEBUG
                    {
                        string message = ex.Message;
                        if (ex.InnerException != null)
                        {
                            message += " " + ex.InnerException.Message;
                        }
                        WriteJsonServerException(message, context.HttpContext);
                    }
#endif
#if !DEBUG
                    { WriteJsonServerException(ex.Message, context.HttpContext); }
#endif

                    { else
                      {
                          throw;
                      } }
Beispiel #5
0
        private static ControllerActionData CreateActionDataObject(MethodInfo method)
        {
            ControllerActionData actionData = new ControllerActionData();

            CheckSecureAction(method, actionData);
            CheckAntiForgeryAction(method, actionData);
            CheckActionFilters(method, actionData);

            DynamicMethod dm = new DynamicMethod(ActionExecuterMethodPrefix + method.Name,
                                                 MethodAttributes.Static | MethodAttributes.Public,
                                                 CallingConventions.Standard,
                                                 typeof(ActionResult),
                                                 new[] { typeof(object), typeof(List <object>) },
                                                 method.DeclaringType, false);

            ParameterInfo[] parameters = method.GetParameters();
            MethodInfo      getItem    = typeof(List <object>).GetMethod("get_Item", new[] { typeof(int) });

            ILGenerator il = dm.GetILGenerator();

            il.Emit(OpCodes.Ldarg_0);
            il.Emit(OpCodes.Castclass, method.DeclaringType);

            for (int i = 0; i < parameters.Length; i++)
            {
                ParameterInfo parameter = parameters[i];

                il.Emit(OpCodes.Ldarg_1);
                il.Emit(OpCodes.Ldc_I4, i);
                il.EmitCall(OpCodes.Callvirt, getItem, null);

                actionData.Parameters.Add(new ActionParameter(parameter.Name, parameter.ParameterType));
            }

            il.EmitCall(OpCodes.Callvirt, method, null);
            il.Emit(OpCodes.Ret);

            actionData.RegisterMethodDelegate((ActionExecuter)dm.CreateDelegate(typeof(ActionExecuter)));
            return(actionData);
        }