public OAuthServiceCall(HttpRequest request) { if (request == null) { throw new ArgumentNullException("request"); } OriginalRequest = request; ServiceCall = ServiceFromString(request.PathInfo); ResponseCallback = util.GetStringParam(request, "callback"); ResultFormat = (util.GetIntParam(request, "json", 0) != 0) ? (String.IsNullOrEmpty(ResponseCallback) ? OutputFormat.JSON : OutputFormat.JSONP) : OutputFormat.XML; using (RSACryptoServiceProvider rsaSigning = new RSACryptoServiceProvider()) { using (RSACryptoServiceProvider rsaEncryption = new RSACryptoServiceProvider()) { rsaSigning.ImportParameters(OAuth2AuthorizationServer.AuthorizationServerSigningPublicKey); rsaEncryption.ImportParameters(OAuth2AuthorizationServer.CreateAuthorizationServerSigningKey()); ResourceServer server = new ResourceServer(new StandardAccessTokenAnalyzer(rsaSigning, rsaEncryption)); Token = server.GetAccessToken(); if (Token.Lifetime.HasValue && Token.UtcIssued.Add(Token.Lifetime.Value).CompareTo(DateTime.UtcNow) < 0) { throw new MyFlightbookException("oAuth2 - Token has expired!"); } if (String.IsNullOrEmpty(Token.User)) { throw new MyFlightbookException("Invalid oAuth token - no user"); } GeneratedAuthToken = MFBWebService.AuthTokenFromOAuthToken(Token); } } }
private void AddFlight(Stream s, MFBWebService mfbSvc) { string szFormat = GetOptionalParam("format") ?? "Native"; LogbookEntry le = (szFormat.CompareCurrentCultureIgnoreCase("LTP") == 0) ? JsonConvert.DeserializeObject <LogTenPro>(GetRequiredParam("flight"), new JsonConverter[] { new MFBDateTimeConverter() }).ToLogbookEntry() : le = GetRequiredParam <LogbookEntry>("le"); WriteObject(s, mfbSvc.CommitFlightWithOptions(GeneratedAuthToken, le, GetRequiredParam <PostingOptions>("po"))); }
protected void Page_Load(object sender, EventArgs e) { if (String.Compare(Request.HttpMethod, "GET", StringComparison.OrdinalIgnoreCase) == 0) { return; } if (!Request.IsSecureConnection) { throw new HttpException((int)HttpStatusCode.Forbidden, "Image upload MUST be on a secure channel"); } if (ShuntState.IsShunted) { throw new MyFlightbookException(ShuntState.ShuntMessage); } System.Web.UI.HtmlControls.HtmlInputFile imgPicture = (System.Web.UI.HtmlControls.HtmlInputFile)FindControl("imgPicture"); if (imgPicture == null) { throw new MyFlightbookException("No control named 'imgPicture' found!"); } string szErr = "OK"; try { string szUser = string.Empty; string szAuth = Request.Form["txtAuthToken"]; if (String.IsNullOrEmpty(szAuth)) { // check for an oAuth token using (OAuthServiceCall service = new OAuthServiceCall(Request)) { szAuth = service.GeneratedAuthToken; // Verify that you're allowed to modify images. if (!MFBOauthServer.CheckScope(service.Token.Scope, MFBOAuthScope.images)) { throw new UnauthorizedAccessException(String.Format(CultureInfo.CurrentCulture, "Requested action requires scope \"{0}\", which is not granted.", MFBOAuthScope.images.ToString())); } } } using (MFBWebService ws = new MFBWebService()) { szUser = ws.GetEncryptedUser(szAuth); } if (string.IsNullOrEmpty(szUser)) { throw new MyFlightbookException(Resources.WebService.errBadAuth); } HttpPostedFile pf = imgPicture.PostedFile; if (pf == null || pf.ContentLength == 0) { throw new MyFlightbookException(Resources.WebService.errNoImageProvided); } // Upload the image, and then perform a pseudo idempotency check on it. MFBImageInfo mfbii = UploadForUser(szUser, pf, Request.Form["txtComment"] ?? string.Empty); mfbii.IdempotencyCheck(); } catch (MyFlightbookException ex) { szErr = ex.Message; } Response.Clear(); Response.ContentType = "text/plain; charset=utf-8"; Response.Write(szErr); }
/// <summary> /// Executes the requested service, writing any result to the specified output stream /// </summary> /// <param name="s">The output stream to which to write</param> public void Execute(Stream s) { string szResult = string.Empty; CheckAuth(); using (MFBWebService mfbSvc = new MFBWebService()) { switch (ServiceCall) { case OAuthServiceID.AddAircraftForUser: WriteObject(s, mfbSvc.AddAircraftForUser(GeneratedAuthToken, GetRequiredParam("szTail"), GetRequiredParam <int>("idModel"), GetRequiredParam <int>("idInstanceType"))); break; case OAuthServiceID.AircraftForUser: WriteObject(s, mfbSvc.AircraftForUser(GeneratedAuthToken)); break; case OAuthServiceID.AvailablePropertyTypesForUser: WriteObject(s, mfbSvc.AvailablePropertyTypesForUser(GeneratedAuthToken)); break; case OAuthServiceID.CommitFlightWithOptions: case OAuthServiceID.addFlight: AddFlight(s, mfbSvc); break; case OAuthServiceID.currency: case OAuthServiceID.GetCurrencyForUser: WriteObject(s, mfbSvc.GetCurrencyForUser(GeneratedAuthToken)); break; case OAuthServiceID.DeleteAircraftForUser: WriteObject(s, mfbSvc.DeleteAircraftForUser(GeneratedAuthToken, GetRequiredParam <int>("idAircraft"))); break; case OAuthServiceID.DeleteImage: mfbSvc.DeleteImage(GeneratedAuthToken, GetRequiredParam <MFBImageInfo>("mfbii")); break; case OAuthServiceID.DeleteLogbookEntry: WriteObject(s, mfbSvc.DeleteLogbookEntry(GeneratedAuthToken, GetRequiredParam <int>("idFlight"))); break; case OAuthServiceID.DeletePropertiesForFlight: mfbSvc.DeletePropertiesForFlight(GeneratedAuthToken, GetRequiredParam <int>("idFlight"), GetRequiredParam <int[]>("rgPropIds")); break; case OAuthServiceID.FlightPathForFlight: WriteObject(s, mfbSvc.FlightPathForFlight(GeneratedAuthToken, GetRequiredParam <int>("idFlight"))); break; case OAuthServiceID.FlightPathForFlightGPX: WriteObject(s, mfbSvc.FlightPathForFlightGPX(GeneratedAuthToken, GetRequiredParam <int>("idFlight"))); break; case OAuthServiceID.FlightsWithQueryAndOffset: WriteObject(s, mfbSvc.FlightsWithQueryAndOffset(GeneratedAuthToken, GetRequiredParam <FlightQuery>("fq"), GetRequiredParam <int>("offset"), GetRequiredParam <int>("maxCount"))); break; case OAuthServiceID.MakesAndModels: WriteObject(s, mfbSvc.MakesAndModels()); break; case OAuthServiceID.PropertiesForFlight: WriteObject(s, mfbSvc.PropertiesForFlight(GeneratedAuthToken, GetRequiredParam <int>("idFlight"))); break; case OAuthServiceID.totals: case OAuthServiceID.TotalsForUserWithQuery: WriteObject(s, mfbSvc.TotalsForUserWithQuery(GeneratedAuthToken, GetOptionalParam <FlightQuery>("fq"))); break; case OAuthServiceID.UpdateImageAnnotation: mfbSvc.UpdateImageAnnotation(GeneratedAuthToken, GetRequiredParam <MFBImageInfo>("mfbii")); break; case OAuthServiceID.UpdateMaintenanceForAircraftWithFlagsAndNotes: mfbSvc.UpdateMaintenanceForAircraftWithFlagsAndNotes(GeneratedAuthToken, GetRequiredParam <Aircraft>("ac")); break; case OAuthServiceID.VisitedAirports: WriteObject(s, mfbSvc.VisitedAirports(GeneratedAuthToken)); break; case OAuthServiceID.GetNamedQueries: WriteObject(s, mfbSvc.GetNamedQueriesForUser(GeneratedAuthToken)); break; case OAuthServiceID.AddNamedQuery: WriteObject(s, mfbSvc.AddNamedQueryForUser(GeneratedAuthToken, GetRequiredParam <CannedQuery>("fq"), GetRequiredParam <string>("szName"))); break; case OAuthServiceID.DeleteNamedQuery: WriteObject(s, mfbSvc.DeleteNamedQueryForUser(GeneratedAuthToken, GetRequiredParam <CannedQuery>("cq"))); break; case OAuthServiceID.none: case OAuthServiceID.UploadImage: // not serviced here. default: throw new InvalidOperationException(); } } }
protected void Page_Load(object sender, EventArgs e) { Master.SelectedTab = tabID.tabUnknown; string szUser = String.Empty; if (!IsPostBack) { lblErr.Text = String.Empty; string szAuthToken = util.GetStringParam(Request, "auth"); if (!String.IsNullOrEmpty(szAuthToken)) { using (MFBWebService ws = new MFBWebService()) szUser = ws.GetEncryptedUser(szAuthToken); } bool fIsLocalOrSecure = MFBWebService.CheckSecurity(Request); // If no valid auth token, fall back to the authenticated name. if (String.IsNullOrEmpty(szUser) && Page.User.Identity.IsAuthenticated && fIsLocalOrSecure) { szUser = Page.User.Identity.Name; } // Require a secure connection for other than debugging. if (!fIsLocalOrSecure && !Request.IsSecureConnection) { szUser = string.Empty; } try { if (String.IsNullOrEmpty(szUser)) { throw new MyFlightbookException(Resources.SignOff.errSignNotAuthorized); } int idFlight = util.GetIntParam(Request, "idFlight", LogbookEntry.idFlightNew); if (idFlight == LogbookEntry.idFlightNew) { throw new MyFlightbookException(Resources.SignOff.errSignNotAuthorized); } LogbookEntry le = new LogbookEntry(); if (!le.FLoadFromDB(idFlight, szUser)) { throw new MyFlightbookException(Resources.SignOff.errSignNotAuthorized); } mfbSignFlight.Flight = le; CFIStudentMap sm = new CFIStudentMap(szUser); if (sm.Instructors.Count() == 0) { mfbSignFlight.SigningMode = Controls_mfbSignFlight.SignMode.AdHoc; mfbSignFlight.CFIProfile = null; mvSignFlight.SetActiveView(vwAcceptTerms); } else { cmbInstructors.DataSource = sm.Instructors; cmbInstructors.DataBind(); mvSignFlight.SetActiveView(vwPickInstructor); } lblHeader.Text = String.Format(System.Globalization.CultureInfo.CurrentCulture, Resources.SignOff.SignFlightHeader, MyFlightbook.Profile.GetUser(le.User).UserFullName); lblDisclaimerResponse.Text = Branding.ReBrand(Resources.SignOff.SignDisclaimerAgreement1); lblDisclaimerResponse2.Text = Branding.ReBrand(Resources.SignOff.SignDisclaimerAgreement2); } catch (MyFlightbookException ex) { lblErr.Text = ex.Message; } } }
protected void Page_Load(object sender, EventArgs e) { string szDestErr = "~/Default.aspx"; string szUser = util.GetStringParam(Request, "u"); string szPass = util.GetStringParam(Request, "p"); string szDest = util.GetStringParam(Request, "d"); if (!MFBWebService.CheckSecurity(Request) || String.IsNullOrEmpty(szUser) || String.IsNullOrEmpty(szPass) || String.IsNullOrEmpty(szDest)) { Response.Redirect(szDestErr); } // look for admin emulation in the form of string[] rgUsers = szUser.Split(new char[] { ':' }, StringSplitOptions.RemoveEmptyEntries); string szEmulate = string.Empty; if (rgUsers != null && rgUsers.Length == 2) { szEmulate = rgUsers[0]; szUser = rgUsers[1]; } szUser = Membership.GetUserNameByEmail(szUser); if (Membership.ValidateUser(szUser, szPass)) { if (!String.IsNullOrEmpty(szEmulate)) // emulation requested - validate that the authenticated user is actually authorized!!! { Profile pf = MyFlightbook.Profile.GetUser(szUser); if (pf.CanSupport || pf.CanManageData) { // see if the emulated user actually exists pf = MyFlightbook.Profile.GetUser(szEmulate); if (!pf.IsValid()) { throw new MyFlightbookException("No such user: "******"iPhone") || Request.UserAgent.Contains("iPad")) { if (String.Compare(szDest, "students", StringComparison.CurrentCultureIgnoreCase) == 0) { szDest = "instructors"; } else if (String.Compare(szDest, "instructors", StringComparison.CurrentCultureIgnoreCase) == 0) { szDest = "students"; } } szDest = RedirForDest(szDest, lstParams); // this is something of a hack, but pass on any additional parameters foreach (string szKey in Request.QueryString.Keys) { if (szKey != "u" && szKey != "p" && szKey != "d") { lstParams.Add(String.Format(CultureInfo.InvariantCulture, "{0}={1}", szKey, Request.Params[szKey])); } } if (lstParams.Contains("naked=1")) { Session["IsNaked"] = true; } if (szDest.Length == 0) { Response.Redirect(szDestErr); } else { string szUrlRedir = String.Format(CultureInfo.InvariantCulture, "javascript:window.top.location='{0}?{1}'", ResolveUrl(szDest), String.Join("&", lstParams.ToArray())); Page.ClientScript.RegisterStartupScript(this.GetType(), "StartupRedir", szUrlRedir, true); } }
protected void Page_Load(object sender, EventArgs e) { Master.SelectedTab = tabID.tabUnknown; if (!IsPostBack) { lblErr.Text = String.Empty; string szAuthToken = util.GetStringParam(Request, "auth"); if (!String.IsNullOrEmpty(szAuthToken)) { Username = MFBWebService.GetEncryptedUser(szAuthToken); } bool fIsLocalOrSecure = MFBWebService.CheckSecurity(Request); // If no valid auth token, fall back to the authenticated name. if (String.IsNullOrEmpty(Username) && Page.User.Identity.IsAuthenticated && fIsLocalOrSecure) { Username = Page.User.Identity.Name; } // Require a secure connection for other than debugging. if (!fIsLocalOrSecure && !Request.IsSecureConnection) { Username = string.Empty; } try { if (String.IsNullOrEmpty(Username)) { throw new MyFlightbookException(Resources.SignOff.errSignNotAuthorized); } int idFlight = util.GetIntParam(Request, "idFlight", LogbookEntry.idFlightNew); if (idFlight == LogbookEntry.idFlightNew) { throw new MyFlightbookException(Resources.SignOff.errSignNotAuthorized); } LogbookEntry le = new LogbookEntry(); if (!le.FLoadFromDB(idFlight, Username)) { throw new MyFlightbookException(Resources.SignOff.errSignNotAuthorized); } mfbSignFlight.Flight = le; CFIStudentMap sm = new CFIStudentMap(Username); if (Username == null) { throw new MyFlightbookValidationException("No username for previously signed flights"); } Dictionary <string, LogbookEntry> d = PreviouslySignedAdhocFlights; // If no instructors, and no previously signed flights, assume ad-hoc and go straight to accept terms. if (!sm.Instructors.Any() && d.Keys.Count == 0) { mfbSignFlight.SigningMode = Controls_mfbSignFlight.SignMode.AdHoc; mfbSignFlight.CFIProfile = null; mvSignFlight.SetActiveView(vwAcceptTerms); } else { rptInstructors.DataSource = sm.Instructors; rptInstructors.DataBind(); List <string> lstKeys = new List <string>(d.Keys); lstKeys.Sort(); List <LogbookEntry> lstPrevInstructors = new List <LogbookEntry>(); foreach (string sz in lstKeys) { lstPrevInstructors.Add(d[sz]); } rptPriorInstructors.DataSource = lstPrevInstructors; rptPriorInstructors.DataBind(); mvSignFlight.SetActiveView(vwPickInstructor); } lblHeader.Text = String.Format(CultureInfo.CurrentCulture, Resources.SignOff.SignFlightHeader, MyFlightbook.Profile.GetUser(le.User).UserFullName); lblDisclaimerResponse.Text = Branding.ReBrand(Resources.SignOff.SignDisclaimerAgreement1); lblDisclaimerResponse2.Text = Branding.ReBrand(Resources.SignOff.SignDisclaimerAgreement2); } catch (MyFlightbookException ex) { lblErr.Text = ex.Message; } } }
protected void Page_Load(object sender, EventArgs e) { string szDest = ""; string szDestErr = "~/Default.aspx"; string szUser = util.GetStringParam(Request, "u"); string szPass = util.GetStringParam(Request, "p"); szDest = util.GetStringParam(Request, "d"); if (!MFBWebService.CheckSecurity(Request) || String.IsNullOrEmpty(szUser) || String.IsNullOrEmpty(szPass) || String.IsNullOrEmpty(szDest)) { Response.Redirect(szDestErr); } szUser = Membership.GetUserNameByEmail(szUser); if (Membership.ValidateUser(szUser, szPass)) { FormsAuthentication.SetAuthCookie(szUser, false); } List <string> lstParams = new List <string>(); // BUGBUG: I got students/instructors reversed in iPhone. if (Request.UserAgent.Contains("iPhone") || Request.UserAgent.Contains("iPad")) { if (String.Compare(szDest, "students", StringComparison.CurrentCultureIgnoreCase) == 0) { szDest = "instructors"; } else if (String.Compare(szDest, "instructors", StringComparison.CurrentCultureIgnoreCase) == 0) { szDest = "students"; } } szDest = RedirForDest(szDest, lstParams); // this is something of a hack, but pass on any additional parameters foreach (string szKey in Request.QueryString.Keys) { if (szKey != "u" && szKey != "p" && szKey != "d") { lstParams.Add(String.Format(CultureInfo.InvariantCulture, "{0}={1}", szKey, Request.Params[szKey])); } } if (lstParams.Contains("naked=1")) { Session["IsNaked"] = true; } if (szDest.Length == 0) { Response.Redirect(szDestErr); } else { string szUrlRedir = String.Format(CultureInfo.InvariantCulture, "javascript:window.top.location='{0}?{1}'", ResolveUrl(szDest), String.Join("&", lstParams.ToArray())); Page.ClientScript.RegisterStartupScript(this.GetType(), "StartupRedir", szUrlRedir, true); } }