public HttpResponse Process(RequestInfo requestInfo)
        {
            var principal = requestInfo.User;
            string path = requestInfo.Context.Request.RawUrl;

            // Verificar os recursos exclusivos de utilizadores autenticados.
            if ((path.Contains("props") || path.Contains("edit") || path.Contains("new")) && principal.IsInRole(Roles.Anonimo))
                return Forbidden();

            // Verificar os recursos exclusivos de utilizadores coordenadores.
            if (path.Contains("accept") && principal.IsInRole(Roles.Utilizador))
                return Forbidden();

            // Permitir só ao criador da proposta a possibilidade de a alterar.
            if ((path.Contains("props") && path.Contains("edit")))
            {
                long id;
                if (long.TryParse(path.Split('/')[2], out id))
                {
                    Proposal prop = RepositoryLocator.Get<long, Proposal>().GetById(id);
                    if (!prop.Owner.Equals(principal.Identity.Name) || !prop.State.Equals(AbstractEntity<long>.Status.Pending))
                        return Forbidden();
                }
                else
                    throw new ArgumentException("Não foi possível receber o identificador da proposta, indicado no URI.");
            }

            // Se passou nas verificações anteriores significa que pode aceder ao recurso.
            return _nextFilter.Process(requestInfo);
        }
        public HttpResponse Process(RequestInfo requestInfo)
        {
            var ctx = requestInfo.Context;
            if (ctx.Request.Url.AbsolutePath.Contains("private"))
            {
                string auth = ctx.Request.Headers["Authorization"];
                if (auth == null)
                {
                    var resp = new HttpResponse(401, new TextContent("Not Authorized"));

                    resp.WithHeader("WWW-Authenticate", "Basic realm=\"Private Area\"");
                    return resp;

                }

                auth = auth.Replace("Basic ", "");
                string userPassDecoded = Encoding.UTF8.GetString(Convert.FromBase64String(auth));
                string []userPasswd = userPassDecoded.Split(':');
                string user = userPasswd[0];
                string passwd = userPasswd[1];
                requestInfo.User = new GenericPrincipal(new GenericIdentity(user), null);

                Console.WriteLine("Authentication: {0} - {1}", auth, userPassDecoded);
            }

            return _nextFilter.Process(requestInfo);
        }
Ejemplo n.º 3
0
        public HttpResponse Process(RequestInfo requestInfo)
        {
            var ctx = requestInfo.Context;
            UriTemplateTable t;
            if (!_tables.TryGetValue(ctx.Request.HttpMethod, out t))
            {
                return new HttpResponse(HttpStatusCode.MethodNotAllowed);
            }

            var match = t.MatchSingle(ctx.Request.Url);
            if (match == null)
            {
                return new HttpResponse(HttpStatusCode.NotFound, new NotFound());
            }

            requestInfo.Match = match;
            var resp = (match.Data as ICommand).Execute(requestInfo);
            return resp;
        }
        public HttpResponse Process(RequestInfo requestInfo)
        {
            var auth = requestInfo.Context.Request.Headers["Authorization"];

            if (auth == null)
            {
                if (requestInfo.Context.Request.RawUrl.Equals("/login"))
                    return NotAuthorized();

                requestInfo.User = new GenericPrincipal(new GenericIdentity("", "Basic"), new[]{Roles.Anonimo});
            }
            else
            {
                auth = auth.Replace("Basic ", "");
                string[] userPasswd = Encoding.UTF8.GetString(Convert.FromBase64String(auth)).Split(':');
                string user = userPasswd[0];
                string password = userPasswd[1];

                // Verificar se as credenciais fornecidas estão correctas
                try
                {
                    if (!User.IsCorrect(user, password))
                        return NotAuthorized();
                }
                catch (InvalidOperationException e)
                {
                    return new HttpResponse(HttpStatusCode.Unauthorized, new TextContent(e.Message));
                }

                requestInfo.User = new GenericPrincipal(new GenericIdentity(user, "Basic"), User.GetRoles(user));

                if (requestInfo.Context.Request.RawUrl.Equals("/login"))
                    return new HttpResponse(HttpStatusCode.Redirect).WithHeader("Location", "/");
            }

            return _nextFilter.Process(requestInfo);
        }
Ejemplo n.º 5
0
 public HttpResponse Execute(RequestInfo req)
 {
     return new HttpResponse(200, new HtmlDoc("dummy"));
 }