/// <summary>Handles the request.</summary>
/// <param name="request">The request.</param>
/// <param name="cancellationToken">A cancellation token to cancel operation.</param>
/// <returns>A Task<HttpResponseMessage></returns>
public override Task<HttpRequestMessage> HandleRequest(HttpRequestMessage request, CancellationToken cancellationToken)
{
request.GetOwinContext().Response.OnSendingHeaders(
response =>
{
((IOwinResponse)response).Environment["HeadersWritten"] = true;
},
request.GetOwinContext().Response);
return base.HandleRequest(request, cancellationToken);
}
public AuthAndUserManager(HttpRequestMessage request)
{
if (request == null)
{
throw new ArgumentException("Http Request must exist in order to use AuthAndUserManager", "request");
}
_userManager = request.GetOwinContext().GetUserManager<ApplicationUserManager>();
_signInManager = request.GetOwinContext().Get<ApplicationSignInManager>();
_roleManager = request.GetOwinContext().Get<ApplicationRoleManager>();
_authentication = request.GetOwinContext().Authentication;
Logger = LoggerFactory.GetLogger(GetType());
}
protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, System.Threading.CancellationToken cancellationToken)
{
var context = request.GetRequestContext();
var user = context.Principal.Identity;
if (!user.IsAuthenticated)
{
IdentityResult result;
ApplicationUserManager userManager = request.GetOwinContext().GetUserManager<ApplicationUserManager>();
var appUser = await userManager.FindByNameAsync(DummyName);
if (appUser == null)
{
appUser = new ApplicationUser() { UserName = DummyName, Email = DummyName };
result = await userManager.CreateAsync(appUser);
}
ClaimsIdentity oAuthIdentity = await appUser.GenerateUserIdentityAsync(userManager, OAuthDefaults.AuthenticationType);
context.Principal = new ClaimsPrincipal(oAuthIdentity);
}
return await base.SendAsync(request, cancellationToken);
}
// http://www.strathweb.com/2013/05/retrieving-the-clients-ip-address-in-asp-net-web-api/
public static string GetClientIpAddressFromHttpContextOrWcfSelfHost(HttpRequestMessage request)
{
request.GetOwinContext();
const string HttpContext = "MS_HttpContext";
const string RemoteEndpointMessage = "System.ServiceModel.Channels.RemoteEndpointMessageProperty";
if (request.Properties.ContainsKey(HttpContext))
{
dynamic ctx = request.Properties[HttpContext];
if (ctx != null)
{
return ctx.Request.UserHostAddress;
}
}
if (request.Properties.ContainsKey(RemoteEndpointMessage))
{
dynamic remoteEndpoint = request.Properties[RemoteEndpointMessage];
if (remoteEndpoint != null)
{
return remoteEndpoint.Address;
}
}
return null;
}
protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
var reqLog = new
{
Method = request.Method,
Url = request.RequestUri.AbsoluteUri,
Headers = request.Headers,
Body = await request.GetOwinContext().Request.ReadBodyAsStringAsync()
};
Logger.DebugFormat("HTTP Request\n{0}", LogSerializer.Serialize(reqLog));
var response = await base.SendAsync(request, cancellationToken);
string body = "";
if (response.Content != null)
{
body = await response.Content.ReadAsStringAsync();
}
var respLog = new
{
StatusCode = response.StatusCode,
Headers = response.Headers,
Body = body
};
Logger.DebugFormat("HTTP Response\n{0}", LogSerializer.Serialize(respLog));
return response;
}
protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request,
CancellationToken cancellationToken)
{
var owinContext = request.GetOwinContext();
request.Properties.Add(OwinHandlerBridgeResponse, owinContext.Response.ToHttpResponseMessage());
return _invoker.SendAsync(request, cancellationToken);
}
protected async override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
// Get the OWIN request
var owinRequest = request.GetOwinContext();
if (owinRequest == null)
throw new Exception("OWIN Context is null.");
// Spin up logging
var logger = LogManager.GetLogger("uManage");
logger.Debug("{{ \"apiRequest\": {{ \"request\": \"{0} {1}\", \"user\": \"{2}\", \"ipAddress\": \"{3}\" }}}}",
request.Method.Method,
request.RequestUri.PathAndQuery.ToLower(),
owinRequest.Authentication.User.Identity.Name.ToLower(),
owinRequest.Request.RemoteIpAddress);
// Time the request/process time for logging purposes
var stopwatch = Stopwatch.StartNew();
// Run the request
var response = await base.SendAsync(request, cancellationToken);
// Stop the stopwatch... it's the final countdown!!!
stopwatch.Stop();
// Log the request complete time and time taken
logger.Debug("{{ \"apiRequestComplete\": {{ \"request\": \"{0} {1}\", \"user\": \"{2}\", \"ipAddress\": \"{3}\", \"timeTaken\": \"{4}ms\" }}}}",
request.Method.Method,
request.RequestUri.PathAndQuery.ToLower(),
owinRequest.Authentication.User.Identity.Name.ToLower(),
owinRequest.Request.RemoteIpAddress,
stopwatch.ElapsedMilliseconds);
return response;
}
public EmbeddedHtmlResult(HttpRequestMessage request, string file, IdentityAdminOptions adminOptions)
{
var pathbase = request.GetOwinContext().Request.PathBase;
this.path = pathbase.Value;
this.file = file;
this.authorization_endpoint = pathbase + Constants.AuthorizePath;
this._adminOptions = adminOptions;
}
public EmbeddedHtmlResult(HttpRequestMessage request, string file, SecurityConfiguration securityConfiguration)
{
var pathbase = request.GetOwinContext().Request.PathBase;
this.path = pathbase.Value;
this.file = file;
this.authorization_endpoint = pathbase + Constants.AuthorizePath;
this.securityConfiguration = securityConfiguration;
}
public static Task <bool> CheckAccessAsync(this HttpRequestMessage request, string action, params string[] resources)
{
var authorizationContext = new ResourceAuthorizationContext(
request.GetOwinContext().Authentication.User ?? Principal.Anonymous,
action,
resources);
return(request.CheckAccessAsync(authorizationContext));
}
public static Task <bool> CheckAccessAsync(this HttpRequestMessage request, IEnumerable <Claim> actions, IEnumerable <Claim> resources)
{
var authorizationContext = new ResourceAuthorizationContext(
request.GetOwinContext().Authentication.User ?? Principal.Anonymous,
actions,
resources);
return(request.CheckAccessAsync(authorizationContext));
}
protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
var DependencyScope = request.GetOwinContext().Get<IDependencyScope>();
if (DependencyScope != null)
{
request.Properties[HttpPropertyKeys.DependencyScope] = DependencyScope;
}
return base.SendAsync(request, cancellationToken);
}
public EmbeddedHtmlResult(HttpRequestMessage request, string file, OAuth2Configuration oauthConfig = null)
{
this.path = request.GetOwinContext().Request.PathBase.Value;
this.file = file;
this.oauthConfig = oauthConfig;
if (oauthConfig != null && oauthConfig.AutomaticallyRenewToken)
{
this.frameCallbackUrl = request.GetUrlHelper().Link(Constants.RouteNames.OAuthFrameCallback, null);
}
}
public void GetOwinContext_ReturnsSetContextInstance()
{
// Arrange
var request = new HttpRequestMessage();
var context = new OwinContext();
request.SetOwinContext(context);
// Act & Asert
Assert.Same(context, request.GetOwinContext());
}
protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
var owin = request.GetOwinContext();
var scope = owin.Get<ILifetimeScope>("idsrv:AutofacScope");
if (scope != null)
{
request.Properties[HttpPropertyKeys.DependencyScope] = new AutofacScope(scope);
}
return base.SendAsync(request, cancellationToken);
}
public static string GetClientIpAddress(this HttpRequestMessage request)
{
var context = request.GetOwinContext();
if (context != null)
{
return(context.Request.RemoteIpAddress);
}
return(null);
}
protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
var owinContext = request.GetOwinContext();
if (owinContext != null)
{
var scopedContainer = owinContext.GetDryIocScopedContainer();
if (scopedContainer != null) // Use existing OWIN ScopeContainer for WebApi dependency resolver
request.Properties[HttpPropertyKeys.DependencyScope] = new DryIocDependencyScope(scopedContainer);
}
return base.SendAsync(request, cancellationToken);
}
public override ODataSerializer GetODataPayloadSerializer(IEdmModel model, Type type, HttpRequestMessage request)
{
var serializer = base.GetODataPayloadSerializer(model, type, request);
if (serializer == null)
{
var response = request.GetOwinContext().Response;
response.OnSendingHeaders(state =>
{
((IOwinResponse)state).StatusCode = (int)HttpStatusCode.NotFound;
}, response);
return _nullEntityTypeSerializer;
}
return serializer;
}
/// <summary>
/// Returns the request number (ordinal) for the request described by <paramref name="webApiRequest" />. This
/// method will return monotonically increasing request numbers if OWIN request logging is enabled
/// via <see cref="AppBuilderExtensions.LogHttpRequests(IAppBuilder, IEnumerable{ILogWriterConfig})" />.
/// </summary>
/// <param name="webApiRequest">An <see cref="HttpRequestMessage" /> for the current request.</param>
/// <returns>The request number for the current OWIN request.</returns>
public static long GetRequestNumber(this HttpRequestMessage webApiRequest)
{
Contract.Requires <ArgumentNullException>(webApiRequest != null);
IOwinContext owinContext = webApiRequest.GetOwinContext();
if (owinContext == null)
{
return(0);
}
else
{
return(owinContext.GetRequestNumber());
}
}
protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
if (request == null) throw new ArgumentNullException("request");
var owinContext = request.GetOwinContext();
if (owinContext == null) return base.SendAsync(request, cancellationToken);
var lifetimeScope = owinContext.GetAutofacLifetimeScope();
if (lifetimeScope == null) return base.SendAsync(request, cancellationToken);
var dependencyScope = new AutofacWebApiDependencyScope(lifetimeScope);
request.Properties[HttpPropertyKeys.DependencyScope] = dependencyScope;
return base.SendAsync(request, cancellationToken);
}
/// <summary>
/// Stores <paramref name="exception" /> in the owin context dictionary, to support preventing duplicate
/// logging of the exception.
/// </summary>
/// <param name="webApiRequest">An <see cref="HttpRequestMessage" /> for the current request.</param>
/// <param name="exception">An exception to store. If <c>null</c>, the stored exception is cleared.</param>
public static void LoggedRequestException(this HttpRequestMessage webApiRequest, Exception exception)
{
Contract.Requires <ArgumentNullException>(webApiRequest != null);
IOwinContext owinContext = webApiRequest.GetOwinContext();
if (owinContext != null)
{
owinContext.LoggedRequestException(exception);
}
else
{
// If no OWIN, use the Web API request dictionary
webApiRequest.Properties[c_lastLoggedExceptionKey] = exception;
}
}
public void GetOwinContext_ReturnsOwinContextAndRemovesEnvironmentProperty_AfterSetEnvironmentProperty()
{
// Arrange
using (HttpRequestMessage request = new HttpRequestMessage())
{
var environment = new Dictionary<string, object>();
request.Properties.Add("MS_OwinEnvironment", environment);
// Act
var context = request.GetOwinContext();
// Assert
Assert.NotNull(context);
Assert.Same(environment, context.Environment);
Assert.False(request.Properties.ContainsKey("MS_OwinEnvironment"));
}
}
/// <summary>
/// Returns <c>true</c> if <see cref="LoggedRequestException" /> was previously called for the same request,
/// and same exception. Reference comparison is used to match the exception. This method is used to
/// prevent duplicate logging of the exception.
/// </summary>
/// <param name="webApiRequest">An <see cref="HttpRequestMessage" /> for the current request.</param>
/// <param name="exception">An exception to compare to a stored exception. May not be <c>null</c>.</param>
/// <returns><c>true</c> if <paramref name="exception" /> has already been logged for this request.</returns>
public static bool HasRequestExceptionBeenLogged(this HttpRequestMessage webApiRequest, Exception exception)
{
Contract.Requires <ArgumentNullException>(webApiRequest != null);
Contract.Requires <ArgumentNullException>(exception != null);
IOwinContext owinContext = webApiRequest.GetOwinContext();
if (owinContext != null)
{
return(owinContext.HasRequestExceptionBeenLogged(exception));
}
else
{
// If no OWIN, use the Web API request dictionary
object previousException;
webApiRequest.Properties.TryGetValue(c_lastLoggedExceptionKey, out previousException);
return(ReferenceEquals(exception, previousException as Exception));
}
}
public async Task<IHttpActionResult> GetUserInfo(HttpRequestMessage request)
{
Logger.Info("Start userinfo request");
var tokenUsageResult = await _tokenUsageValidator.ValidateAsync(request.GetOwinContext());
if (tokenUsageResult.TokenFound == false)
{
var error = "No token found.";
Logger.Error(error);
await RaiseFailureEventAsync(error);
return Error(Constants.ProtectedResourceErrors.InvalidToken);
}
Logger.Info("Token found: " + tokenUsageResult.UsageType.ToString());
var tokenResult = await _tokenValidator.ValidateAccessTokenAsync(
tokenUsageResult.Token,
Constants.StandardScopes.OpenId);
if (tokenResult.IsError)
{
Logger.Error(tokenResult.Error);
await RaiseFailureEventAsync(tokenResult.Error);
return Error(tokenResult.Error);
}
// pass scopes/claims to profile service
var subject = tokenResult.Claims.FirstOrDefault(c => c.Type == Constants.ClaimTypes.Subject).Value;
var scopes = tokenResult.Claims.Where(c => c.Type == Constants.ClaimTypes.Scope).Select(c => c.Value);
var payload = await _generator.ProcessAsync(subject, scopes, tokenResult.Client);
Logger.Info("End userinfo request");
await RaiseSuccessEventAsync();
return new UserInfoResult(payload);
}
/// <summary>
/// Sends an HTTP request to the inner handler to send to the server as an asynchronous operation.
/// </summary>
/// <param name="request">The HTTP request message to send to the server.</param>
/// <param name="cancellationToken">A cancellation token to cancel operation.</param>
/// <returns>
/// Returns <see cref="T:System.Threading.Tasks.Task`1" />. The task object representing the asynchronous operation.
/// </returns>
protected override Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
var owinContext = request.GetOwinContext();
if (owinContext == null) return base.SendAsync(request, cancellationToken);
var routes = request.GetConfiguration().Routes;
if (routes == null) return base.SendAsync(request, cancellationToken);
var routeData = routes.GetRouteData(request);
if (routeData == null) return base.SendAsync(request, cancellationToken);
var subRoutes = routeData.Values["MS_SubRoutes"] as IHttpRouteData[];
if (subRoutes == null) return base.SendAsync(request, cancellationToken);
var routeTemplate = subRoutes[0].Route.RouteTemplate;
owinContext.Environment.Add("metrics-net.routetemplate", routeTemplate);
return base.SendAsync(request, cancellationToken);
}
IHttpController IHttpControllerActivator.Create(HttpRequestMessage request, HttpControllerDescriptor controllerDescriptor, Type controllerType)
{
if (typeof(UmbracoApiControllerBase).IsAssignableFrom(controllerType))
{
var owinContext = request.GetOwinContext();
//Create mocked services that we are going to pass to the callback for unit tests to modify
// before passing these services to the main container objects
var mockedTypedContent = Mock.Of<ITypedPublishedContentQuery>();
var mockedContentService = Mock.Of<IContentService>();
var mockedContentTypeService = Mock.Of<IContentTypeService>();
var mockedMediaService = Mock.Of<IMediaService>();
var mockedMemberService = Mock.Of<IMemberService>();
var mockedTextService = Mock.Of<ILocalizedTextService>();
var mockedDataTypeService = Mock.Of<IDataTypeService>();
var serviceContext = new ServiceContext(
dataTypeService:mockedDataTypeService,
contentTypeService:mockedContentTypeService,
contentService: mockedContentService,
mediaService: mockedMediaService,
memberService: mockedMemberService,
localizedTextService: mockedTextService);
//new app context
var appCtx = ApplicationContext.EnsureContext(
new DatabaseContext(Mock.Of<IDatabaseFactory>(), Mock.Of<ILogger>(), Mock.Of<ISqlSyntaxProvider>(), "test"),
//pass in mocked services
serviceContext,
CacheHelper.CreateDisabledCacheHelper(),
new ProfilingLogger(Mock.Of<ILogger>(), Mock.Of<IProfiler>()),
true);
//httpcontext with an auth'd user
var httpContext = Mock.Of<HttpContextBase>(http => http.User == owinContext.Authentication.User);
//chuck it into the props since this is what MS does when hosted
request.Properties["MS_HttpContext"] = httpContext;
var backofficeIdentity = (UmbracoBackOfficeIdentity)owinContext.Authentication.User.Identity;
var webSecurity = new Mock<WebSecurity>(null, null);
//mock CurrentUser
webSecurity.Setup(x => x.CurrentUser)
.Returns(Mock.Of<IUser>(u => u.IsApproved == true
&& u.IsLockedOut == false
&& u.AllowedSections == backofficeIdentity.AllowedApplications
&& u.Email == "*****@*****.**"
&& u.Id == (int)backofficeIdentity.Id
&& u.Language == "en"
&& u.Name == backofficeIdentity.RealName
&& u.StartContentId == backofficeIdentity.StartContentNode
&& u.StartMediaId == backofficeIdentity.StartMediaNode
&& u.Username == backofficeIdentity.Username));
//mock Validate
webSecurity.Setup(x => x.ValidateCurrentUser())
.Returns(() => true);
var umbCtx = UmbracoContext.EnsureContext(
//set the user of the HttpContext
httpContext,
appCtx,
webSecurity.Object,
Mock.Of<IUmbracoSettingsSection>(section => section.WebRouting == Mock.Of<IWebRoutingSection>(routingSection => routingSection.UrlProviderMode == UrlProviderMode.Auto.ToString())),
Enumerable.Empty<IUrlProvider>(),
true); //replace it
var urlHelper = new Mock<IUrlProvider>();
urlHelper.Setup(provider => provider.GetUrl(It.IsAny<UmbracoContext>(), It.IsAny<int>(), It.IsAny<Uri>(), It.IsAny<UrlProviderMode>()))
.Returns("/hello/world/1234");
var membershipHelper = new MembershipHelper(umbCtx, Mock.Of<MembershipProvider>(), Mock.Of<RoleProvider>());
var umbHelper = new UmbracoHelper(umbCtx,
Mock.Of<IPublishedContent>(),
mockedTypedContent,
Mock.Of<IDynamicPublishedContentQuery>(),
Mock.Of<ITagQuery>(),
Mock.Of<IDataTypeService>(),
new UrlProvider(umbCtx, new[]
{
urlHelper.Object
}, UrlProviderMode.Auto),
Mock.Of<ICultureDictionary>(),
Mock.Of<IUmbracoComponentRenderer>(),
membershipHelper);
var searchProvider = Mock.Of<BaseSearchProvider>();
return CreateController(controllerType, request, umbHelper, mockedTypedContent, serviceContext, searchProvider);
}
//default
return base.Create(request, controllerDescriptor, controllerType);
}
public void GetOwinContext_ReturnsOwinContext_AfterSetContextEnvironment()
{
// Arrange
var request = new HttpRequestMessage();
var environment = new Dictionary<string, object>();
request.SetOwinEnvironment(environment);
// Act
IOwinContext context = request.GetOwinContext();
// Assert
Assert.IsType<OwinContext>(context);
Assert.Same(environment, context.Environment);
}
/// <summary>Handles the response.</summary>
/// <param name="request">The request.</param>
/// <param name="response">The response.</param>
/// <param name="cancellationToken">A cancellation token to cancel operation.</param>
/// <returns>The handled response.</returns>
public override async Task<HttpResponseMessage> HandleResponse(HttpRequestMessage request, HttpResponseMessage response, CancellationToken cancellationToken)
{
// Check if headers are already written, and skip processing if they are
if (request.GetOwinContext().Response.Environment.ContainsKey("HeadersWritten"))
{
bool written;
bool.TryParse(request.GetOwinContext().Response.Environment["HeadersWritten"].ToString(), out written);
if (written)
{
return response;
}
}
return await base.HandleResponse(request, response, cancellationToken);
}
internal static IDependencyScope GetOwinDependencyScope(this HttpRequestMessage request)
{
IServiceProvider requestContainer = request.GetOwinContext().Environment.GetRequestContainer();
return(new OwinDependencyScopeWebApiAdapter(requestContainer));
}
internal static IAuthenticationManager GetAuthenticationManager(HttpRequestMessage request)
{
IOwinContext context = request.GetOwinContext();
if (context == null)
{
return null;
}
return context.Authentication;
}
public static IDependencyScope GetOwinDependencyScope(this HttpRequestMessage request)
{
IOwinDependencyScope owinDependencyScope = request.GetOwinContext().GetRequestDependencyScope();
return(new OwinDependencyScopeWebApiAdapter(owinDependencyScope));
}
public static Task <bool> CheckAccessAsync(this HttpRequestMessage request, ResourceAuthorizationContext authorizationContext)
{
return(request.GetOwinContext().CheckAccessAsync(authorizationContext));
}
public EmbeddedHtmlResult(HttpRequestMessage request, string file, OAuth2Configuration oauthConfig = null)
{
this.path = request.GetOwinContext().Request.PathBase.Value;
this.file = file;
this.oauthConfig = oauthConfig;
}
public static TenantContext <TTenant> GetTenantContext <TTenant>(this HttpRequestMessage request)
{
Ensure.Argument.NotNull(request, "request");
return(request.GetOwinContext().Environment.GetTenantContext <TTenant>());
}
public IHttpController Create(HttpRequestMessage request, HttpControllerDescriptor controllerDescriptor, Type controllerType)
{
var owinResolver = request.GetOwinContext().Environment[Constants.ContainerKey] as IOwinDependencyResolver;
var controller = owinResolver.Resolve(controllerType) as IHttpController;
return controller;
}
