private void AssertDisplayProperty <T>(IContentProperties <T> result, Property p)
where T : ContentPropertyBasic
{
var pDto = result.Properties.SingleOrDefault(x => x.Alias == p.Alias);
Assert.IsNotNull(pDto);
//pDto.Alias = p.Alias;
//pDto.Description = p.PropertyType.Description;
//pDto.Label = p.PropertyType.Name;
//pDto.Config = applicationContext.Services.DataTypeService.GetPreValuesByDataTypeId(p.PropertyType.DataTypeDefinitionId);
}
private void AssertProperty(IContentProperties <ContentPropertyDto> result, Property p)
{
AssertBasicProperty(result, p);
var pDto = result.Properties.SingleOrDefault(x => x.Alias == p.Alias);
Assert.IsNotNull(pDto);
Assert.AreEqual(p.PropertyType.Mandatory, pDto.IsRequired);
Assert.AreEqual(p.PropertyType.ValidationRegExp, pDto.ValidationRegExp);
Assert.AreEqual(p.PropertyType.Description, pDto.Description);
Assert.AreEqual(p.PropertyType.Name, pDto.Label);
Assert.AreEqual(Current.Services.DataTypeService.GetDataType(p.PropertyType.DataTypeId), pDto.DataType);
Assert.AreEqual(Current.PropertyEditors[p.PropertyType.PropertyEditorAlias], pDto.PropertyEditor);
}
/// <summary>
/// we will now assign all of the values in the 'save' model to the DTO object
/// </summary>
/// <param name="saveModel"></param>
/// <param name="dto"></param>
public void MapPropertyValuesFromSaved(IContentProperties <ContentPropertyBasic> saveModel, ContentPropertyCollectionDto dto)
{
//NOTE: Don't convert this to linq, this is much quicker
foreach (var p in saveModel.Properties)
{
foreach (var propertyDto in dto.Properties)
{
if (propertyDto.Alias != p.Alias)
{
continue;
}
propertyDto.Value = p.Value;
break;
}
}
}
public override bool ValidatePropertiesData(
MemberSave?model,
IContentProperties <ContentPropertyBasic>?modelWithProperties,
ContentPropertyCollectionDto?dto,
ModelStateDictionary modelState)
{
if (model is null)
{
return(false);
}
if (model.Username.IsNullOrWhiteSpace())
{
modelState.AddPropertyError(
new ValidationResult("Invalid user name", new[] { "value" }),
$"{Constants.PropertyEditors.InternalGenericPropertiesPrefix}login");
}
if (model.Email.IsNullOrWhiteSpace() || new EmailAddressAttribute().IsValid(model.Email) == false)
{
modelState.AddPropertyError(
new ValidationResult("Invalid email", new[] { "value" }),
$"{Constants.PropertyEditors.InternalGenericPropertiesPrefix}email");
}
var validEmail = ValidateUniqueEmail(model);
if (validEmail == false)
{
modelState.AddPropertyError(
new ValidationResult("Email address is already in use", new[] { "value" }),
$"{Constants.PropertyEditors.InternalGenericPropertiesPrefix}email");
}
var validLogin = ValidateUniqueLogin(model);
if (validLogin == false)
{
modelState.AddPropertyError(
new ValidationResult("Username is already in use", new[] { "value" }),
$"{Constants.PropertyEditors.InternalGenericPropertiesPrefix}login");
}
return(base.ValidatePropertiesData(model, modelWithProperties, dto, modelState));
}
/// <summary>
/// This ensures that the internal membership property types are removed from validation before processing the
/// validation
/// since those properties are actually mapped to real properties of the IMember.
/// This also validates any posted data for fields that are sensitive.
/// </summary>
/// <param name="model"></param>
/// <param name="modelWithProperties"></param>
/// <param name="actionContext"></param>
/// <returns></returns>
public override bool ValidateProperties(MemberSave?model, IContentProperties <ContentPropertyBasic>?modelWithProperties, ActionExecutingContext actionContext)
{
var propertiesToValidate = model?.Properties.ToList();
Dictionary <string, PropertyType> defaultProps =
ConventionsHelper.GetStandardPropertyTypeStubs(_shortStringHelper);
var exclude = defaultProps.Select(x => x.Value.Alias).ToArray();
foreach (var remove in exclude)
{
propertiesToValidate?.RemoveAll(property => property.Alias == remove);
}
//if the user doesn't have access to sensitive values, then we need to validate the incoming properties to check
//if a sensitive value is being submitted.
if (_backofficeSecurity?.CurrentUser?.HasAccessToSensitiveData() == false)
{
IMemberType?contentType = _memberTypeService.Get(model?.PersistedContent?.ContentTypeId ?? default);
var sensitiveProperties = contentType?
.PropertyTypes.Where(x => contentType.IsSensitiveProperty(x.Alias))
.ToList();
if (sensitiveProperties is not null)
{
foreach (IPropertyType sensitiveProperty in sensitiveProperties)
{
ContentPropertyBasic?prop =
propertiesToValidate?.FirstOrDefault(x => x.Alias == sensitiveProperty.Alias);
if (prop != null)
{
//this should not happen, this means that there was data posted for a sensitive property that
//the user doesn't have access to, which means that someone is trying to hack the values.
var message = $"property with alias: {prop.Alias} cannot be posted";
actionContext.Result = new NotFoundObjectResult(new InvalidOperationException(message));
return(false);
}
}
}
}
return(ValidateProperties(propertiesToValidate, model?.PersistedContent?.Properties.ToList(), actionContext));
}
/// <summary>
/// We need to manually validate a few things here like email and login to make sure they are valid and aren't duplicates
/// </summary>
/// <param name="model"></param>
/// <param name="dto"></param>
/// <param name="modelState"></param>
/// <param name="modelWithProperties"></param>
/// <returns></returns>
public override bool ValidatePropertyData(MemberSave model, IContentProperties <ContentPropertyBasic> modelWithProperties, ContentPropertyCollectionDto dto, ModelStateDictionary modelState)
{
if (model.Username.IsNullOrWhiteSpace())
{
modelState.AddPropertyError(
new ValidationResult("Invalid user name", new[] { "value" }),
$"{Constants.PropertyEditors.InternalGenericPropertiesPrefix}login");
}
if (model.Email.IsNullOrWhiteSpace() || new EmailAddressAttribute().IsValid(model.Email) == false)
{
modelState.AddPropertyError(
new ValidationResult("Invalid email", new[] { "value" }),
$"{Constants.PropertyEditors.InternalGenericPropertiesPrefix}email");
}
//default provider!
var membershipProvider = Core.Security.MembershipProviderExtensions.GetMembersMembershipProvider();
var validEmail = ValidateUniqueEmail(model, membershipProvider);
if (validEmail == false)
{
modelState.AddPropertyError(
new ValidationResult("Email address is already in use", new[] { "value" }),
$"{Constants.PropertyEditors.InternalGenericPropertiesPrefix}email");
}
var validLogin = ValidateUniqueLogin(model, membershipProvider);
if (validLogin == false)
{
modelState.AddPropertyError(
new ValidationResult("Username is already in use", new[] { "value" }),
$"{Constants.PropertyEditors.InternalGenericPropertiesPrefix}login");
}
return(base.ValidatePropertyData(model, modelWithProperties, dto, modelState));
}
private void AssertBasicProperty <T>(IContentProperties <T> result, Property p)
where T : ContentPropertyBasic
{
var pDto = result.Properties.SingleOrDefault(x => x.Alias == p.Alias);
Assert.IsNotNull(pDto);
Assert.AreEqual(p.Alias, pDto.Alias);
Assert.AreEqual(p.Id, pDto.Id);
if (p.GetValue() == null)
{
Assert.AreEqual(pDto.Value, string.Empty);
}
else if (p.GetValue() is decimal)
{
Assert.AreEqual(pDto.Value, ((decimal)p.GetValue()).ToString(NumberFormatInfo.InvariantInfo));
}
else
{
Assert.AreEqual(pDto.Value, p.GetValue().ToString());
}
}
/// <summary>
/// This ensures that the internal membership property types are removed from validation before processing the validation
/// since those properties are actually mapped to real properties of the IMember.
/// This also validates any posted data for fields that are sensitive.
/// </summary>
/// <param name="model"></param>
/// <param name="modelWithProperties"></param>
/// <param name="actionContext"></param>
/// <returns></returns>
public override bool ValidateProperties(MemberSave model, IContentProperties <ContentPropertyBasic> modelWithProperties, HttpActionContext actionContext)
{
var propertiesToValidate = model.Properties.ToList();
var defaultProps = ConventionsHelper.GetStandardPropertyTypeStubs();
var exclude = defaultProps.Select(x => x.Value.Alias).ToArray();
foreach (var remove in exclude)
{
propertiesToValidate.RemoveAll(property => property.Alias == remove);
}
//if the user doesn't have access to sensitive values, then we need to validate the incoming properties to check
//if a sensitive value is being submitted.
if (UmbracoContextAccessor.UmbracoContext.Security.CurrentUser.HasAccessToSensitiveData() == false)
{
var contentType = _memberTypeService.Get(model.PersistedContent.ContentTypeId);
var sensitiveProperties = contentType
.PropertyTypes.Where(x => contentType.IsSensitiveProperty(x.Alias))
.ToList();
foreach (var sensitiveProperty in sensitiveProperties)
{
var prop = propertiesToValidate.FirstOrDefault(x => x.Alias == sensitiveProperty.Alias);
if (prop != null)
{
//this should not happen, this means that there was data posted for a sensitive property that
//the user doesn't have access to, which means that someone is trying to hack the values.
var message = $"property with alias: {prop.Alias} cannot be posted";
actionContext.Response = actionContext.Request.CreateErrorResponse(HttpStatusCode.NotFound, new InvalidOperationException(message));
return(false);
}
}
}
return(ValidateProperties(propertiesToValidate, model.PersistedContent.Properties.ToList(), actionContext));
}
public ContentSavedState?Resolve(IContent source, IContentProperties <T> destination, ContentSavedState?destMember, ResolutionContext context)
{
return(_inner.Resolve(source, destination, default, context));
