public HttpResponseMessage Get([FromUri] string tenant, [FromUri] string apiPath)
{
try
{
// Run service
using (Profiler.Measure("ConnectorController.Get"))
{
// Prepare request
ConnectorRequest connectorRequest = new ConnectorRequest
{
Verb = ConnectorVerb.Get,
ApiPath = GetApiPath(apiPath),
Payload = null,
TenantName = tenant,
QueryString = GetQueryString( ),
ControllerRootPath = GetControllerAddress( )
};
// Run request
ConnectorResponse response = _connectorService.HandleRequest(connectorRequest);
// Response
return(ConvertResponse(response));
}
}
catch (WebArgumentException)
{
throw;
}
catch (Exception ex)
{
return(UnhandledException(ex));
}
}
/// <summary>
/// Extract authentication information (tenant & API key) from the request.
/// Run the inner request in the context of the identified user.
/// </summary>
/// <param name="request">The request.</param>
/// <returns>The response.</returns>
public ConnectorResponse HandleRequest(ConnectorRequest request)
{
try
{
return(_innerService.HandleRequest(request));
}
catch (WebArgumentException)
{
// For now, just let these ones pass through for the general ExceptionFilter to handle.
throw;
}
catch (Exception ex)
{
return(HandleException(ex));
}
}
/// <summary>
/// Extract authentication information (tenant & API key) from the request.
/// Run the inner request in the context of the identified user.
/// </summary>
/// <param name="request">The request.</param>
/// <returns>The response.</returns>
public ConnectorResponse HandleRequest(ConnectorRequest request)
{
if (request == null)
{
throw new ArgumentNullException(nameof(request));
}
if (request.QueryString == null)
{
throw new ArgumentException("QueryString is not set.", nameof(request));
}
// Diagnostic - no tenant
if (string.IsNullOrEmpty(request.TenantName))
{
return(new ConnectorResponse(HttpStatusCode.NotFound, "No tenant specified"));
}
// Get the API key
string apiKey;
if (!request.QueryString.TryGetValue(ApiKeyParamName, out apiKey) || string.IsNullOrEmpty(apiKey))
{
return(new ConnectorResponse(HttpStatusCode.Unauthorized, "An API key is required as a 'key' argument in the query string."));
}
// Get the tenant
IDisposable tenantAdminContext = GetTenantContext(request.TenantName);
if (tenantAdminContext == null)
{
// If we can't resolve a tenant, then return forbidden.
// This is to avoid tenant discovery.
// I.e. wrong key on the right tenant returns Unauthorized
// So the wrong key on the wrong tenant returns Unauthorized also.
EventLog.Application.WriteWarning("Connector called with invalid tenant: " + request.TenantName);
return(new ConnectorResponse(HttpStatusCode.Unauthorized, InvalidApiKeyOrTenantMessage));
}
using ( tenantAdminContext )
{
// Get the API key entity
ApiKey apiKeyEntity = GetApiKey(apiKey);
if (apiKeyEntity == null || apiKeyEntity.ApiKeyEnabled != true)
{
return(new ConnectorResponse(HttpStatusCode.Unauthorized, InvalidApiKeyOrTenantMessage));
}
// Get the user account
UserAccount userAccount = GetValidUserAccount(apiKeyEntity);
if (userAccount == null)
{
EventLog.Application.WriteWarning("Connector API key failed due to account problem. Tenant={0} Key={1}", request.TenantName, apiKey);
return(new ConnectorResponse(HttpStatusCode.Unauthorized, "Invalid account status."));
}
// Verify key can access API
if (!CanApiKeyAccessApi(apiKeyEntity, request))
{
return(new ConnectorResponse(HttpStatusCode.Forbidden, "Cannot access this API."));
}
// Impersonate user
using (new SetUser(userAccount))
{
return(_innerService.HandleRequest(request));
}
}
}