public string CreateNonce(CommentPart comment, TimeSpan delay)
        {
            var challengeToken = new XElement("n", new XAttribute("c", comment.Id), new XAttribute("v", _clock.UtcNow.ToUniversalTime().Add(delay).ToString(CultureInfo.InvariantCulture))).ToString();
            var data           = Encoding.UTF8.GetBytes(challengeToken);

            return(Convert.ToBase64String(_encryptionService.Encode(data)));
        }
        public ActionResult Create(string returnUrl)
        {
            if (!Services.Authorizer.Authorize(Permissions.AddComment, T("Couldn't add comment")))
            {
                return(this.RedirectLocal(returnUrl, "~/"));
            }

            var viewModel = new CommentsCreateViewModel();

            TryUpdateModel(viewModel);

            var context = new CreateCommentContext {
                Author      = viewModel.Name,
                CommentText = viewModel.CommentText,
                Email       = viewModel.Email,
                SiteName    = viewModel.SiteName,
                CommentedOn = viewModel.CommentedOn
            };


            if (ModelState.IsValid)
            {
                if (!String.IsNullOrEmpty(context.SiteName) && !context.SiteName.StartsWith("http://") && !context.SiteName.StartsWith("https://"))
                {
                    context.SiteName = "http://" + context.SiteName;
                }

                CommentPart commentPart = _commentService.CreateComment(context, Services.WorkContext.CurrentSite.As <CommentSettingsPart>().Record.ModerateComments);

                if (commentPart.Record.Status == CommentStatus.Pending)
                {
                    // if the user who submitted the comment has the right to moderate, don't make this comment moderated
                    if (Services.Authorizer.Authorize(Permissions.ManageComments))
                    {
                        commentPart.Record.Status = CommentStatus.Approved;
                    }
                    else
                    {
                        Services.Notifier.Information(T("Your comment will appear after the site administrator approves it."));
                    }
                }
            }
            else
            {
                foreach (var error in ModelState.Values.SelectMany(m => m.Errors).Select(e => e.ErrorMessage))
                {
                    _notifier.Error(T(error));
                }
            }

            if (!ModelState.IsValid)
            {
                TempData["CreateCommentContext.Name"]        = context.Author;
                TempData["CreateCommentContext.CommentText"] = context.CommentText;
                TempData["CreateCommentContext.Email"]       = context.Email;
                TempData["CreateCommentContext.SiteName"]    = context.SiteName;
            }

            return(this.RedirectLocal(returnUrl, "~/"));
        }
        public bool ValidateComment(CommentPart commentPart)
        {
            CommentSettingsPartRecord commentSettingsPartRecord = _orchardServices.WorkContext.CurrentSite.As<CommentSettingsPart>().Record;
            string akismetKey = commentSettingsPartRecord.AkismetKey;
            string akismetUrl = commentSettingsPartRecord.AkismetUrl;
            bool enableSpamProtection = commentSettingsPartRecord.EnableSpamProtection;
            if (enableSpamProtection == false) {
                return true;
            }
            if (String.IsNullOrEmpty(akismetKey)) {
                _notifer.Information(T("Please configure your Akismet key for spam protection"));
                return true;
            }
            if (String.IsNullOrEmpty(akismetUrl)) {
                akismetUrl = "http://www.orchardproject.net";
            }
            Akismet akismetApi = new Akismet(akismetKey, akismetUrl, null);
            AkismetComment akismetComment = new AkismetComment {
                CommentAuthor = commentPart.Record.Author,
                CommentAuthorEmail = commentPart.Record.Email,
                Blog = akismetUrl,
                CommentAuthorUrl = commentPart.Record.SiteName,
                CommentContent = commentPart.Record.CommentText,
                UserAgent = HttpContext.Current.Request.UserAgent,
            };

            if (akismetApi.VerifyKey()) {
                return !akismetApi.CommentCheck(akismetComment); // CommentCheck returning true == spam
            }

            return false;
        }
Exemple #4
0
        public void SendNotificationEmail(CommentPart commentPart)
        {
            try {
                var commentedOn = _orchardServices.ContentManager.Get(commentPart.CommentedOn);
                if (commentedOn == null)
                {
                    return;
                }

                var owner = commentedOn.As <CommonPart>().Owner;
                if (owner == null)
                {
                    return;
                }

                var template = _shapeFactory.Create("Template_Comment_Notification", Arguments.From(new {
                    CommentPart        = commentPart,
                    CommentApproveUrl  = CreateProtectedUrl("Approve", commentPart),
                    CommentModerateUrl = CreateProtectedUrl("Moderate", commentPart),
                    CommentDeleteUrl   = CreateProtectedUrl("Delete", commentPart)
                }));

                var parameters = new Dictionary <string, object> {
                    { "Subject", T("Comment notification").Text },
                    { "Body", _shapeDisplay.Display(template) },
                    { "Recipients", owner.Email }
                };

                _messageService.Send("Email", parameters);
            }
            catch (Exception e) {
                Logger.Error(e, "An unexpected error occured while sending a notification email");
            }
        }
Exemple #5
0
 private CommentEntry CreateCommentEntry(CommentPart item)
 {
     return(new CommentEntry {
         Comment = item.Record,
         CommentedOn = _commentService.GetCommentedContent(item.CommentedOn),
         IsChecked = false,
     });
 }
Exemple #6
0
        private string CreateProtectedUrl(string action, CommentPart part) {
            var workContext = _workContextAccessor.GetContext();
            if (workContext.HttpContext != null) {
                var url = new UrlHelper(workContext.HttpContext.Request.RequestContext);
                return url.AbsoluteAction(action, "Comment", new {area = "Orchard.Comments", nonce = _commentService.CreateNonce(part, TimeSpan.FromDays(7))});
            }

            return null;
        }
Exemple #7
0
        public void UpdateComment(int id, string name, string email, string siteName, string commentText, CommentStatus status)
        {
            CommentPart commentPart = GetComment(id);

            commentPart.Record.Author      = name;
            commentPart.Record.Email       = email;
            commentPart.Record.SiteName    = siteName;
            commentPart.Record.CommentText = commentText;
            commentPart.Record.Status      = status;
        }
Exemple #8
0
        public string CreateProtectedUrl(string action, CommentPart part)
        {
            var workContext = _orchardServices.WorkContext;

            if (workContext.HttpContext != null)
            {
                var url = new UrlHelper(workContext.HttpContext.Request.RequestContext);
                return(url.AbsoluteAction(action, "Comment", new { area = "Orchard.Comments", nonce = CreateNonce(part, TimeSpan.FromDays(7)) }));
            }

            return(null);
        }
        public bool ValidateComment(CommentPart commentPart)
        {
            var text = commentPart.Author + System.Environment.NewLine
                       + commentPart.CommentText + System.Environment.NewLine
                       + commentPart.Email + System.Environment.NewLine
                       + commentPart.SiteName + System.Environment.NewLine;

            dynamic context = new ExpandoObject();
            context.Checked = false;
            context.IsSpam = false;
            context.Text = text;

            _spamEventHandler.CheckSpam(context);

            return !context.IsSpam;
        }
Exemple #10
0
        public bool ValidateComment(CommentPart commentPart)
        {
            var text = commentPart.Author + System.Environment.NewLine
                       + commentPart.CommentText + System.Environment.NewLine
                       + commentPart.Email + System.Environment.NewLine
                       + commentPart.SiteName + System.Environment.NewLine;

            dynamic context = new ExpandoObject();

            context.Checked = false;
            context.IsSpam  = false;
            context.Text    = text;

            _spamEventHandler.CheckSpam(context);

            return(!context.IsSpam);
        }
Exemple #11
0
        public ActionResult Edit(int id)
        {
            try {
                CommentPart commentPart = _commentService.GetComment(id);
                var         viewModel   = new CommentsEditViewModel {
                    CommentText = commentPart.Record.CommentText,
                    Email       = commentPart.Record.Email,
                    Id          = commentPart.Record.Id,
                    Name        = commentPart.Record.Author,
                    SiteName    = commentPart.Record.SiteName,
                    Status      = commentPart.Record.Status,
                };
                return(View(viewModel));
            } catch (Exception exception) {
                this.Error(exception, T("Editing comment failed: {0}", exception.Message), Logger, Services.Notifier);

                return(RedirectToAction("Index"));
            }
        }
Exemple #12
0
        public async Task <IActionResult> SavePublicComment(string id, string contentItemId, string comment, string attachment)
        {
            ContentItem content;

            if (!string.IsNullOrWhiteSpace(contentItemId))
            {
                content = await _contentManager.GetAsync(contentItemId, VersionOptions.Latest);
            }
            else
            {
                content = await _contentManager.NewAsync("PublicComment");

                await _contentManager.CreateAsync(content, VersionOptions.Draft);
            }

            attachment = string.IsNullOrEmpty(attachment) ? "" : attachment;

            var model = new CommentPart(comment, attachment);


            await _contentManager.PublishAsync(content);

            //return Ok(StatusCodes.Status200OK);
            int returnCode = await new ContentHelper(_contentManager, _session, _contentDefinitionManager, _contentAliasManager).EditCommentPOST(content.ContentItemId, true, id, User.Identity.Name, model, async contentItem =>
            {
                await _contentManager.PublishAsync(contentItem);
                var typeDefinition = _contentDefinitionManager.GetTypeDefinition(contentItem.ContentType);

                _notifier.Success(string.IsNullOrWhiteSpace(typeDefinition.DisplayName)
                      ? T["Your content has been published."]
                      : T["Your {0} has been published.", typeDefinition.DisplayName]);
            });

            if (returnCode == StatusCodes.Status204NoContent)
            {
                return(NotFound());
            }
            else
            {
                return(StatusCode(returnCode));
            }
        }
        public ActionResult Edit(int id)
        {
            CommentPart commentPart = _commentService.GetComment(id);

            if (commentPart == null)
            {
                return(new HttpNotFoundResult());
            }

            var viewModel = new CommentsEditViewModel {
                CommentText = commentPart.Record.CommentText,
                Email       = commentPart.Record.Email,
                Id          = commentPart.Record.Id,
                Name        = commentPart.Record.Author,
                SiteName    = commentPart.Record.SiteName,
                Status      = commentPart.Record.Status,
            };

            return(View(viewModel));
        }
Exemple #14
0
        public async Task <IActionResult> MakePublicComment(string id, string contentItemId)
        {
            ContentItem content = null;

            if (!string.IsNullOrWhiteSpace(contentItemId))
            {
                content = await _contentManager.GetAsync(contentItemId, VersionOptions.Latest);
            }
            if (content == null)
            {
                return(NotFound());
            }
            var model = new CommentPart(content.Content.AdminComment.Comment.Html.ToString(), content.Content.AdminComment.Attachment.Text.ToString());

            await _contentManager.RemoveAsync(content);

            ContentItem contentPublic = await _contentManager.NewAsync("PublicComment");

            await _contentManager.CreateAsync(contentPublic, VersionOptions.Draft);

            await _contentManager.PublishAsync(contentPublic);

            int returnCode = await new ContentHelper(_contentManager, _session, _contentDefinitionManager, _contentAliasManager).EditCommentPOST(contentPublic.ContentItemId, true, id, User.Identity.Name, model, async contentItem =>
            {
                await _contentManager.PublishAsync(contentItem);
                var typeDefinition = _contentDefinitionManager.GetTypeDefinition(contentItem.ContentType);
                _notifier.Success(string.IsNullOrWhiteSpace(typeDefinition.DisplayName)
                    ? T["Your content has been published."]
                    : T["Your {0} has been published.", typeDefinition.DisplayName]);
            });

            if (returnCode == StatusCodes.Status204NoContent)
            {
                return(NotFound());
            }
            else
            {
                return(StatusCode(returnCode));
            }
        }
        public bool CanCreateComment(CommentPart commentPart)
        {
            if (commentPart == null)
            {
                return(false);
            }

            var container = _orchardServices.ContentManager.Get(commentPart.CommentedOn);

            if (container == null)
            {
                return(false);
            }

            var commentsPart = container.As <CommentsPart>();

            if (commentsPart == null)
            {
                return(false);
            }

            var settings = commentsPart.TypePartDefinition.Settings.GetModel <CommentsPartSettings>();

            if (!commentsPart.CommentsActive)
            {
                return(false);
            }

            if (settings.MustBeAuthenticated && _orchardServices.WorkContext.CurrentUser == null)
            {
                return(false);
            }

            if (!CanStillCommentOn(commentsPart))
            {
                return(false);
            }

            return(true);
        }
        public bool ValidateComment(CommentPart commentPart)
        {
            CommentSettingsPartRecord commentSettingsPartRecord = _orchardServices.WorkContext.CurrentSite.As <CommentSettingsPart>().Record;
            string akismetKey           = commentSettingsPartRecord.AkismetKey;
            string akismetUrl           = commentSettingsPartRecord.AkismetUrl;
            bool   enableSpamProtection = commentSettingsPartRecord.EnableSpamProtection;

            if (enableSpamProtection == false)
            {
                return(true);
            }
            if (String.IsNullOrEmpty(akismetKey))
            {
                _notifer.Information(T("Please configure your Akismet key for spam protection"));
                return(true);
            }
            if (String.IsNullOrEmpty(akismetUrl))
            {
                akismetUrl = "http://www.orchardproject.net";
            }
            Akismet        akismetApi     = new Akismet(akismetKey, akismetUrl, null);
            AkismetComment akismetComment = new AkismetComment {
                CommentAuthor      = commentPart.Record.Author,
                CommentAuthorEmail = commentPart.Record.Email,
                Blog             = akismetUrl,
                CommentAuthorUrl = commentPart.Record.SiteName,
                CommentContent   = commentPart.Record.CommentText,
                UserAgent        = HttpContext.Current.Request.UserAgent,
            };

            if (akismetApi.VerifyKey())
            {
                return(!akismetApi.CommentCheck(akismetComment)); // CommentCheck returning true == spam
            }

            return(false);
        }
Exemple #17
0
        public async Task <int> EditCommentPOST(string contentItemId, bool isPublic, string id, string User, CommentPart viewModel, Func <ContentItem, Task> conditionallyPublish)
        {
            var content = await _contentManager.GetAsync(contentItemId, VersionOptions.DraftRequired);

            if (content == null)
            {
                return(StatusCodes.Status204NoContent);
            }
            if (isPublic)
            {
                content.Content.PublicComment = JToken.FromObject(viewModel);
            }
            else
            {
                content.Content.AdminComment = JToken.FromObject(viewModel);
            }
            content.Owner       = User;
            content.DisplayText = id;

            await conditionallyPublish(content);

            _session.Save(content);

            var typeDefinition = _contentDefinitionManager.GetTypeDefinition(content.ContentType);

            return(StatusCodes.Status201Created);
        }
Exemple #18
0
        public void SendNotificationEmail(CommentPart commentPart) {
            try {
                var commentedOn = _orchardServices.ContentManager.Get(commentPart.CommentedOn);
                if (commentedOn == null) {
                    return;
                }

                var owner = commentedOn.As<CommonPart>().Owner;
                if (owner == null) {
                    return;
                }

                var template = _shapeFactory.Create("Template_Comment_Notification", Arguments.From(new {
                    CommentPart = commentPart,
                    CommentApproveUrl = CreateProtectedUrl("Approve", commentPart),
                    CommentModerateUrl = CreateProtectedUrl("Moderate", commentPart),
                    CommentDeleteUrl = CreateProtectedUrl("Delete", commentPart)
                }));

                var parameters = new Dictionary<string, object> {
                        {"Subject", T("Comment notification").Text},
                        {"Body", _shapeDisplay.Display(template)},
                        {"Recipients", owner.Email}
                    };

                _messageService.Send("Email", parameters);
            }
            catch(Exception e) {
                Logger.Error(e, "An unexpected error occured while sending a notification email");
            }
        }
Exemple #19
0
        public bool CanCreateComment(CommentPart commentPart) {
            if (commentPart == null) {
                return false;
            }

            var container = _orchardServices.ContentManager.Get(commentPart.CommentedOn);
            
            if (container == null) {
                return false;
            }

            var commentsPart = container.As<CommentsPart>();
            if (commentsPart == null) {
                return false;
            }
            
            var settings = commentsPart.TypePartDefinition.Settings.GetModel<CommentsPartSettings>();
            if (!commentsPart.CommentsActive) {
                return false;
            }

            if (settings.MustBeAuthenticated && _orchardServices.WorkContext.CurrentUser == null) {
                return false;
            }
            
            if (!CanStillCommentOn(commentsPart)) {
                return false;
            }

            return true;
        }
Exemple #20
0
 public string CreateNonce(CommentPart comment, TimeSpan delay) {
     var challengeToken = new XElement("n", new XAttribute("c", comment.Id), new XAttribute("v", _clock.UtcNow.ToUniversalTime().Add(delay).ToString(CultureInfo.InvariantCulture))).ToString();
     var data = Encoding.UTF8.GetBytes(challengeToken);
     return Convert.ToBase64String(_encryptionService.Encode(data));
 }
Exemple #21
0
        public void ApproveComment(int commentId)
        {
            CommentPart commentPart = GetComment(commentId);

            commentPart.Record.Status = CommentStatus.Approved;
        }
Exemple #22
0
        public void UnapproveComment(int commentId)
        {
            CommentPart commentPart = GetComment(commentId);

            commentPart.Record.Status = CommentStatus.Pending;
        }
		private bool validateContactMessage(ContactUsFormViewModel form)
		{
			var comment = new CommentPart() { Record = new CommentPartRecord {
														Author		= form.Name,
														Email		= form.Email,
														CommentText	= form.Message,
														SiteName	= "",
													} };
			return _commentValidator.ValidateComment(comment);
		}
 public bool ValidateComment(CommentPart commentPart)
 {
     return(true);
 }
Exemple #25
0
        public void MarkCommentAsSpam(int commentId)
        {
            CommentPart commentPart = GetComment(commentId);

            commentPart.Record.Status = CommentStatus.Spam;
        }