public ChangesPushContent(RavenDbApiController controller)
{
Connected = true;
Id = controller.GetQueryStringValue("id");
if (string.IsNullOrEmpty(Id))
throw new ArgumentException("Id is mandatory");
}
public void InitializeFrom(RavenDbApiController other)
{
DatabaseName = other.DatabaseName;
queryFromPostRequest = other.queryFromPostRequest;
Configuration = other.Configuration;
ControllerContext = other.ControllerContext;
ActionContext = other.ActionContext;
}
public void InitializeFrom(RavenDbApiController other)
{
DatabaseName = other.DatabaseName;
queryFromPostRequest = other.queryFromPostRequest;
Configuration = other.Configuration;
ControllerContext = other.ControllerContext;
ActionContext = other.ActionContext;
}
public IPrincipal GetUser(RavenDbApiController controller, bool hasApiKey)
{
var token = GetToken(controller);
if (token == null)
{
WriteAuthorizationChallenge(controller, hasApiKey ? 412 : 401, "invalid_request", "The access token is required");
return null;
}
AccessTokenBody tokenBody;
if (!AccessToken.TryParseBody(controller.DatabasesLandlord.SystemConfiguration.OAuthTokenKey, token, out tokenBody))
{
WriteAuthorizationChallenge(controller, 401, "invalid_token", "The access token is invalid");
return null;
}
return new OAuthPrincipal(tokenBody, null);
}
public IPrincipal GetUser(RavenDbApiController controller)
{
Func<HttpResponseMessage> onRejectingRequest;
var databaseName = controller.DatabaseName ?? Constants.SystemDatabase;
var userCreated = TryCreateUser(controller, databaseName, out onRejectingRequest);
if (userCreated == false)
onRejectingRequest();
return userCreated ? controller.User : null;
}
public List<string> GetApprovedResources(IPrincipal user, RavenDbApiController controller, string[] databases)
{
var authHeader = controller.GetHeader("Authorization");
List<string> approved;
if (string.IsNullOrEmpty(authHeader) == false && authHeader.StartsWith("Bearer "))
approved = oAuthRequestAuthorizer.GetApprovedResources(user);
else
approved = windowsRequestAuthorizer.GetApprovedResources(user);
if (approved.Contains("*"))
return databases.ToList();
return approved;
}
public IPrincipal GetUser(RavenDbApiController controller)
{
if (controller.WasAlreadyAuthorizedUsingSingleAuthToken)
{
return controller.User;
}
var hasApiKey = "True".Equals(controller.GetQueryStringValue("Has-Api-Key"), StringComparison.CurrentCultureIgnoreCase);
var authHeader = controller.GetHeader("Authorization");
var hasOAuthTokenInCookie = controller.HasCookie("OAuth-Token");
if (hasApiKey || hasOAuthTokenInCookie ||
string.IsNullOrEmpty(authHeader) == false && authHeader.StartsWith("Bearer "))
{
return oAuthRequestAuthorizer.GetUser(controller, hasApiKey);
}
return windowsRequestAuthorizer.GetUser(controller);
}
public ConnectionState For(string id, RavenDbApiController controller = null)
{
return connections.GetOrAdd(id, _ =>
{
IEventsTransport eventsTransport = null;
if (controller != null)
eventsTransport = new ChangesPushContent(controller);
var connectionState = new ConnectionState(eventsTransport);
TimeSensitiveStore.Missing(id);
return connectionState;
});
}
public string GenerateSingleUseAuthToken(DocumentDatabase db, IPrincipal user, RavenDbApiController controller)
{
var token = new OneTimeToken
{
DatabaseName = controller.DatabaseName,
GeneratedAt = SystemTime.UtcNow,
User = user
};
var tokenString = Guid.NewGuid().ToString();
singleUseAuthTokens.TryAdd(tokenString, token);
if (singleUseAuthTokens.Count > 25)
{
foreach (var oneTimeToken in singleUseAuthTokens.Where(x => (x.Value.GeneratedAt - SystemTime.UtcNow).TotalMinutes > 5))
{
OneTimeToken value;
singleUseAuthTokens.TryRemove(oneTimeToken.Key, out value);
}
}
return tokenString;
}
