public object GetHtml(TemplateMetadataDebug request)
{
var feature = HostContext.GetPlugin <TemplatePagesFeature>();
if (!HostContext.DebugMode)
{
RequiredRoleAttribute.AssertRequiredRoles(Request, feature.MetadataDebugAdminRole);
}
if (request.Template != null)
{
return(Any(request));
}
var defaultTemplate = feature.DebugDefaultTemplate ?? DefaultTemplate;
var html = HtmlTemplates.GetMetadataDebugTemplate();
html = html.Replace("{0}", defaultTemplate);
var authsecret = Request.GetParam(Keywords.AuthSecret);
if (HostContext.Config.AdminAuthSecret != null &&
HostContext.Config.AdminAuthSecret == authsecret)
{
html = html.Replace("{ template: template }",
"{ template: template, authsecret:" + feature.DefaultFilters.jsQuotedString(authsecret).ToRawString() + " }");
}
return(html);
}
public object Post(UnAssignRoles request)
{
RequiredRoleAttribute.AssertRequiredRoles(Request, RoleNames.Admin);
request.UserName.ThrowIfNullOrEmpty();
var authRepo = HostContext.AppHost.GetAuthRepository(base.Request);
using (authRepo as IDisposable)
{
var userAuth = authRepo.GetUserAuthByUserName(request.UserName);
if (userAuth == null)
{
throw HttpError.NotFound(request.UserName);
}
authRepo.UnAssignRoles(userAuth, request.Roles, request.Permissions);
return(new UnAssignRolesResponse
{
AllRoles = authRepo.GetRoles(userAuth).ToList(),
AllPermissions = authRepo.GetPermissions(userAuth).ToList(),
});
}
}
public static async Task AssertAccessRoleAsync(IRequest req, string accessRole = null, string authSecret = null, CancellationToken token = default)
{
if (HostContext.Config.AdminAuthSecret == null || HostContext.Config.AdminAuthSecret != authSecret)
{
await RequiredRoleAttribute.AssertRequiredRoleAsync(req, accessRole, token);
}
}
public object Post(UnAssignRoles request)
{
if (!Request.IsInProcessRequest())
{
RequiredRoleAttribute.AssertRequiredRoles(Request, RoleNames.Admin);
}
if (string.IsNullOrEmpty(request.UserName))
{
throw new ArgumentNullException(nameof(request.UserName));
}
var userAuth = AuthRepository.GetUserAuthByUserName(request.UserName);
if (userAuth == null)
{
throw HttpError.NotFound(request.UserName);
}
AuthRepository.UnAssignRoles(userAuth, request.Roles, request.Permissions);
return(new UnAssignRolesResponse
{
AllRoles = AuthRepository.GetRoles(userAuth).ToList(),
AllPermissions = AuthRepository.GetPermissions(userAuth).ToList(),
});
}
public static void AssertAccessRole(IRequest req, string accessRole = null, string authSecret = null)
{
if (HostContext.Config.AdminAuthSecret == null || HostContext.Config.AdminAuthSecret != authSecret)
{
RequiredRoleAttribute.AssertRequiredRoles(req, accessRole);
}
}
public async Task <object> Post(AssignRoles request)
{
if (!Request.IsInProcessRequest())
{
await RequiredRoleAttribute.AssertRequiredRoleAsync(Request, RoleNames.Admin);
}
if (string.IsNullOrEmpty(request.UserName))
{
throw new ArgumentNullException(nameof(request.UserName));
}
var userAuth = await AuthRepositoryAsync.GetUserAuthByUserNameAsync(request.UserName).ConfigAwait();
if (userAuth == null)
{
throw HttpError.NotFound(request.UserName);
}
await AuthRepositoryAsync.AssignRolesAsync(userAuth, request.Roles, request.Permissions).ConfigAwait();
return(new AssignRolesResponse
{
AllRoles = (await AuthRepositoryAsync.GetRolesAsync(userAuth).ConfigAwait()).ToList(),
AllPermissions = (await AuthRepositoryAsync.GetPermissionsAsync(userAuth).ConfigAwait()).ToList(),
});
}
public void Does_validate_RequiredRoles_with_UserAuthRepo_When_Role_not_in_Session()
{
var userWithAdminRole = new UserAuth {
Id = 1, Roles = new[] { RoleNames.Admin }.ToList()
};
userAuthMock.Expect(x => x.GetUserAuth(It.IsAny <IAuthSession>(), It.IsAny <IOAuthTokens>()))
.Returns(userWithAdminRole);
var registrationService = GetRegistrationService();
var requiredRole = new RequiredRoleAttribute(RoleNames.Admin);
var requestContext = (MockRequestContext)registrationService.RequestContext;
requestContext.Container.Register(userAuthMock.Object);
var httpRes = requestContext.Get <IHttpResponse>();
requiredRole.Execute(
requestContext.Get <IHttpRequest>(),
httpRes,
null);
Assert.That(!httpRes.IsClosed);
}
public object Any(TemplatesAdmin request)
{
var feature = HostContext.AssertPlugin<TemplatePagesFeature>();
RequiredRoleAttribute.AssertRequiredRoles(Request, feature.TemplatesAdminRole);
if (string.IsNullOrEmpty(request.Actions))
return new TemplatesAdminResponse { Results = new[]{ "Available actions: " + string.Join(",", Actions) } };
var actions = request.Actions.Split(',');
var results = new List<string>();
using (var ms = MemoryStreamFactory.GetStream())
{
var scope = new TemplateScopeContext(new PageResult(feature.EmptyPage), ms, new Dictionary<string, object>());
if (actions.Any(x => x.EqualsIgnoreCase(nameof(TemplateProtectedFilters.invalidateAllCaches))))
results.Add(nameof(TemplateProtectedFilters.invalidateAllCaches) + ": " + feature.ProtectedFilters.invalidateAllCaches(scope).ToJsv());
if (actions.Any(x => x.EqualsIgnoreCase(nameof(TemplatePagesFeature.RunInitPage))))
results.Add(nameof(TemplatePagesFeature.RunInitPage) + ": " + feature.RunInitPage());
if (results.Count > 0)
return new TemplatesAdminResponse { Results = results.ToArray() };
}
throw new NotSupportedException("Unknown Action. Available actions: " + string.Join(",", Actions));
}
public object Any(TemplateMetadataDebug request)
{
if (string.IsNullOrEmpty(request.Template))
return null;
var feature = HostContext.GetPlugin<TemplatePagesFeature>();
if (!HostContext.DebugMode)
{
if (HostContext.Config.AdminAuthSecret == null || HostContext.Config.AdminAuthSecret != request.AuthSecret)
{
RequiredRoleAttribute.AssertRequiredRoles(Request, feature.MetadataDebugAdminRole);
}
}
var context = new TemplateContext
{
TemplateFilters = { new TemplateInfoFilters() },
Args =
{
{TemplateConstants.Request, base.Request},
{"request", base.Request},
{"appHost", HostContext.AppHost},
{"appConfig", HostContext.Config},
{"appVirtualFilesPath", HostContext.VirtualFiles.RootDirectory.RealPath},
{"appVirtualFileSourcesPath", HostContext.VirtualFileSources.RootDirectory.RealPath},
{"meta", HostContext.Metadata},
}
}.Init();
feature.Args.Each(x => context.Args[x.Key] = x.Value);
var result = context.EvaluateTemplate(request.Template);
return new HttpResult(result) { ContentType = MimeTypes.PlainText };
}
public static void AssertIsAdminOrDebugMode(IRequest req, string adminRole = null, string authSecret = null)
{
if (!HostContext.DebugMode)
{
if (HostContext.Config.AdminAuthSecret == null || HostContext.Config.AdminAuthSecret != authSecret)
{
RequiredRoleAttribute.AssertRequiredRoles(req, adminRole);
}
}
}
public void Does_validate_AssertRequiredRoles_with_UserAuthRepo_When_Role_not_in_Session()
{
var registrationService = GetRegistrationService();
var request = registrationService.Request;
HostContext.Container.Register(userAuth);
RequiredRoleAttribute.AssertRequiredRoles(request, RoleNames.Admin);
Assert.That(!request.Response.IsClosed);
}
public void Does_validate_RequiredRoles_with_UserAuthRepo_When_Role_not_in_Session()
{
var registrationService = GetRegistrationService();
var requiredRole = new RequiredRoleAttribute(RoleNames.Admin);
var request = registrationService.Request;
HostContext.Container.Register(userAuth);
var httpRes = request.Response;
requiredRole.Execute(request, request.Response, request.OperationName);
Assert.That(!httpRes.IsClosed);
}
public void Does_validate_RequiredRoles_with_UserAuthRepo_When_Role_not_in_Session()
{
var registrationService = GetRegistrationService();
var requiredRole = new RequiredRoleAttribute(RoleNames.Admin);
var request = registrationService.Request;
HostContext.Container.Register(userAuth);
var httpRes = request.Response;
requiredRole.ExecuteAsync(request, request.Response, request.OperationName).Wait();
Assert.That(!httpRes.IsClosed);
}
public void Does_validate_RequiredRoles_with_UserAuthRepo_When_Role_not_in_Session()
{
var registrationService = GetRegistrationService();
var requiredRole = new RequiredRoleAttribute(RoleNames.Admin);
var requestContext = (MockRequestContext)registrationService.RequestContext;
requestContext.Container.Register(userAuth);
var httpRes = requestContext.Get<IHttpResponse>();
requiredRole.Execute(
requestContext.Get<IHttpRequest>(),
httpRes,
null);
Assert.That(!httpRes.IsClosed);
}
public void Does_validate_RequiredRoles_with_UserAuthRepo_When_Role_not_in_Session()
{
var registrationService = GetRegistrationService();
var requiredRole = new RequiredRoleAttribute(RoleNames.Admin);
var requestContext = (MockRequestContext)registrationService.RequestContext;
requestContext.Container.Register(userAuth);
var httpRes = requestContext.Get <IHttpResponse>();
requiredRole.Execute(
requestContext.Get <IHttpRequest>(),
httpRes,
null);
Assert.That(!httpRes.IsClosed);
}
public object Post(UnAssignRoles request)
{
RequiredRoleAttribute.AssertRequiredRoles(Request, RoleNames.Admin);
request.UserName.ThrowIfNullOrEmpty();
var userAuth = UserAuthRepo.GetUserAuthByUserName(request.UserName);
if (userAuth == null)
{
throw HttpError.NotFound(request.UserName);
}
UserAuthRepo.UnAssignRoles(userAuth, request.Roles, request.Permissions);
return(new UnAssignRolesResponse {
AllRoles = UserAuthRepo.GetRoles(userAuth).ToList(),
AllPermissions = UserAuthRepo.GetPermissions(userAuth).ToList(),
});
}
private bool ZeroUsersOrIsAdmin()
{
// can only make changes while there are no users in the system
// OR user is authenticated and is an admin
var userCount = Db.Count <UserAuth>();
if (userCount > 0)
{
if (!base.IsAuthenticated)
{
new AuthenticateAttribute().ExecuteAsync(base.Request, base.Response, null).Wait();
return(false);
}
else if (!base.GetSession().HasRole(RoleNames.Admin, base.AuthRepository))
{
RequiredRoleAttribute.AssertRequiredRoles(Request, RoleNames.Admin);
return(false);
}
}
return(true);
}
/// <summary>Anies the given request.</summary>
///
/// <exception cref="Exception">Thrown when an exception error condition occurs.</exception>
///
/// <param name="request">The request.</param>
///
/// <returns>An object.</returns>
public object Any(RequestLogs request)
{
if (RequestLogger == null)
{
throw new Exception("No IRequestLogger is registered");
}
RequiredRoleAttribute.AssertRequiredRoles(RequestContext, RequestLogger.RequiredRoles);
if (request.EnableSessionTracking.HasValue)
{
RequestLogger.EnableSessionTracking = request.EnableSessionTracking.Value;
}
var now = DateTime.UtcNow;
var logs = RequestLogger.GetLatestLogs(request.Take).AsQueryable();
if (request.BeforeSecs.HasValue)
{
logs = logs.Where(x => (now - x.DateTime) <= TimeSpan.FromSeconds(request.BeforeSecs.Value));
}
if (request.AfterSecs.HasValue)
{
logs = logs.Where(x => (now - x.DateTime) > TimeSpan.FromSeconds(request.AfterSecs.Value));
}
if (!request.IpAddress.IsNullOrEmpty())
{
logs = logs.Where(x => x.IpAddress == request.IpAddress);
}
if (!request.UserAuthId.IsNullOrEmpty())
{
logs = logs.Where(x => x.UserAuthId == request.UserAuthId);
}
if (!request.SessionId.IsNullOrEmpty())
{
logs = logs.Where(x => x.SessionId == request.SessionId);
}
if (!request.Referer.IsNullOrEmpty())
{
logs = logs.Where(x => x.Referer == request.Referer);
}
if (!request.PathInfo.IsNullOrEmpty())
{
logs = logs.Where(x => x.PathInfo == request.PathInfo);
}
if (!request.Ids.IsEmpty())
{
logs = logs.Where(x => request.Ids.Contains(x.Id));
}
if (request.BeforeId.HasValue)
{
logs = logs.Where(x => x.Id <= request.BeforeId);
}
if (request.AfterId.HasValue)
{
logs = logs.Where(x => x.Id > request.AfterId);
}
if (request.WithErrors.HasValue)
{
logs = request.WithErrors.Value
? logs.Where(x => x.ErrorResponse != null)
: logs.Where(x => x.ErrorResponse == null);
}
if (request.DurationLongerThan.HasValue)
{
logs = logs.Where(x => x.RequestDuration > request.DurationLongerThan.Value);
}
if (request.DurationLessThan.HasValue)
{
logs = logs.Where(x => x.RequestDuration < request.DurationLessThan.Value);
}
var results = logs.Skip(request.Skip).OrderByDescending(x => x.Id).ToList();
return(new RequestLogsResponse {
Results = results,
Usage = Usage,
});
}
public object Any(RequiresRole request)
{
RequiredRoleAttribute.AssertRequiredRoles(Request, request.Role ?? RoleNames.Admin);
return(request);
}
