public HttpResponse Process(RequestInfo requestInfo)
{
var principal = requestInfo.User;
string path = requestInfo.Context.Request.RawUrl;
// Verificar os recursos exclusivos de utilizadores autenticados.
if ((path.Contains("props") || path.Contains("edit") || path.Contains("new")) && principal.IsInRole(Roles.Anonimo))
return Forbidden();
// Verificar os recursos exclusivos de utilizadores coordenadores.
if (path.Contains("accept") && principal.IsInRole(Roles.Utilizador))
return Forbidden();
// Permitir só ao criador da proposta a possibilidade de a alterar.
if ((path.Contains("props") && path.Contains("edit")))
{
long id;
if (long.TryParse(path.Split('/')[2], out id))
{
Proposal prop = RepositoryLocator.Get<long, Proposal>().GetById(id);
if (!prop.Owner.Equals(principal.Identity.Name) || !prop.State.Equals(AbstractEntity<long>.Status.Pending))
return Forbidden();
}
else
throw new ArgumentException("Não foi possível receber o identificador da proposta, indicado no URI.");
}
// Se passou nas verificações anteriores significa que pode aceder ao recurso.
return _nextFilter.Process(requestInfo);
}
public HttpResponse Process(RequestInfo requestInfo)
{
var ctx = requestInfo.Context;
if (ctx.Request.Url.AbsolutePath.Contains("private"))
{
string auth = ctx.Request.Headers["Authorization"];
if (auth == null)
{
var resp = new HttpResponse(401, new TextContent("Not Authorized"));
resp.WithHeader("WWW-Authenticate", "Basic realm=\"Private Area\"");
return resp;
}
auth = auth.Replace("Basic ", "");
string userPassDecoded = Encoding.UTF8.GetString(Convert.FromBase64String(auth));
string []userPasswd = userPassDecoded.Split(':');
string user = userPasswd[0];
string passwd = userPasswd[1];
requestInfo.User = new GenericPrincipal(new GenericIdentity(user), null);
Console.WriteLine("Authentication: {0} - {1}", auth, userPassDecoded);
}
return _nextFilter.Process(requestInfo);
}
public HttpResponse Process(RequestInfo requestInfo)
{
var ctx = requestInfo.Context;
UriTemplateTable t;
if (!_tables.TryGetValue(ctx.Request.HttpMethod, out t))
{
return new HttpResponse(HttpStatusCode.MethodNotAllowed);
}
var match = t.MatchSingle(ctx.Request.Url);
if (match == null)
{
return new HttpResponse(HttpStatusCode.NotFound, new NotFound());
}
requestInfo.Match = match;
var resp = (match.Data as ICommand).Execute(requestInfo);
return resp;
}
public HttpResponse Process(RequestInfo requestInfo)
{
var auth = requestInfo.Context.Request.Headers["Authorization"];
if (auth == null)
{
if (requestInfo.Context.Request.RawUrl.Equals("/login"))
return NotAuthorized();
requestInfo.User = new GenericPrincipal(new GenericIdentity("", "Basic"), new[]{Roles.Anonimo});
}
else
{
auth = auth.Replace("Basic ", "");
string[] userPasswd = Encoding.UTF8.GetString(Convert.FromBase64String(auth)).Split(':');
string user = userPasswd[0];
string password = userPasswd[1];
// Verificar se as credenciais fornecidas estão correctas
try
{
if (!User.IsCorrect(user, password))
return NotAuthorized();
}
catch (InvalidOperationException e)
{
return new HttpResponse(HttpStatusCode.Unauthorized, new TextContent(e.Message));
}
requestInfo.User = new GenericPrincipal(new GenericIdentity(user, "Basic"), User.GetRoles(user));
if (requestInfo.Context.Request.RawUrl.Equals("/login"))
return new HttpResponse(HttpStatusCode.Redirect).WithHeader("Location", "/");
}
return _nextFilter.Process(requestInfo);
}
public HttpResponse Execute(RequestInfo req)
{
return new HttpResponse(200, new HtmlDoc("dummy"));
}