Exemple #1
0
        protected async override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {
            var response = new HttpResponseMessage();

            if (request.RequestUri.AbsoluteUri.StartsWith("https://accounts.google.com/o/oauth2/token"))
            {
                var formData = new FormCollection(await FormReader.ReadFormAsync(await request.Content.ReadAsStreamAsync()));
                if (formData["grant_type"] == "authorization_code")
                {
                    if (formData["code"] == "ValidCode")
                    {
                        if (formData["redirect_uri"] != null && formData["redirect_uri"].EndsWith("signin-google") &&
                            formData["client_id"] == "[ClientId]" && formData["client_secret"] == "[ClientSecret]")
                        {
                            response.Content = new StringContent("{\"access_token\":\"ValidAccessToken\",\"refresh_token\":\"ValidRefreshToken\",\"token_type\":\"Bearer\",\"expires_in\":\"1200\",\"id_token\":\"Token\"}", Encoding.UTF8, "application/json");
                        }
                    }
                }
            }
            else if (request.RequestUri.AbsoluteUri.StartsWith("https://www.googleapis.com/plus/v1/people/me"))
            {
                if (request.Headers.Authorization.Parameter == "ValidAccessToken")
                {
                    response.Content = new StringContent("{ \"kind\": \"plus#person\",\n \"etag\": \"\\\"YFr-hUROXQN7IOa3dUHg9dQ8eq0/2hY18HdHEP8NLykSTVEiAhkKsBE\\\"\",\n \"gender\": \"male\",\n \"emails\": [\n  {\n   \"value\": \"[email protected]\",\n   \"type\": \"account\"\n  }\n ],\n \"objectType\": \"person\",\n \"id\": \"106790274378320830963\",\n \"displayName\": \"AspnetvnextTest AspnetvnextTest\",\n \"name\": {\n  \"familyName\": \"AspnetvnextTest\",\n  \"givenName\": \"FirstName\"\n },\n \"url\": \"https://plus.google.com/106790274378320830963\",\n \"image\": {\n  \"url\": \"https://lh3.googleusercontent.com/-XdUIqdMkCWA/AAAAAAAAAAI/AAAAAAAAAAA/4252rscbv5M/photo.jpg?sz=50\"\n },\n \"isPlusUser\": true,\n \"language\": \"en\",\n \"circledByCount\": 0,\n \"verified\": false\n}\n", Encoding.UTF8, "application/json");
                }
                else
                {
                    response.Content = new StringContent("{\"error\":{\"message\":\"Invalid OAuth access token.\",\"type\":\"OAuthException\",\"code\":190}}");
                }
            }

            return(response);
        }
Exemple #2
0
        private async Task AddValueProviderAsync(ValueProviderFactoryContext context)
        {
            var             request = context.ActionContext.HttpContext.Request;
            IFormCollection form;

            try
            {
                request.Body.Position = 0;
                var body = await request.BodyReader.ReadAsync();

                var CiphertextArray = MessagePackSerializer.Deserialize <byte[][]>(body.Buffer, MessagePack.Resolvers.ContractlessStandardResolver.Options);
                var plainText       = new StringBuilder();

                for (int i = 0; i < CiphertextArray.Length; i++)
                {
                    plainText.Append(_certificate.DecryptFromUTF8bytes(CiphertextArray[i]));
                }
                var formReader = new FormReader(plainText.ToString());
                var formFields = await formReader.ReadFormAsync();

                form = new FormCollection(formFields);
            }
            catch (Exception)
            {
                throw;
                //throw new ValueProviderException(Resources.FormatFailedToReadRequestForm(ex.Message), ex);
            }

            var valueProvider = new FormValueProvider(
                BindingSource.Form,
                form,
                CultureInfo.CurrentCulture);

            context.ValueProviders.Add(valueProvider);
        }
Exemple #3
0
        protected async override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {
            var response = new HttpResponseMessage();

            if (request.RequestUri.AbsoluteUri.StartsWith("https://login.live.com/oauth20_token.srf"))
            {
                var formData = new FormCollection(await FormReader.ReadFormAsync(await request.Content.ReadAsStreamAsync()));
                if (formData["grant_type"] == "authorization_code")
                {
                    if (formData["code"] == "ValidCode")
                    {
                        if (formData["redirect_uri"] != null && formData["redirect_uri"].EndsWith("signin-microsoft") &&
                            formData["client_id"] == "[ClientId]" && formData["client_secret"] == "[ClientSecret]")
                        {
                            response.Content = new StringContent("{\"token_type\":\"bearer\",\"expires_in\":3600,\"scope\":\"wl.basic\",\"access_token\":\"ValidAccessToken\",\"refresh_token\":\"ValidRefreshToken\",\"authentication_token\":\"ValidAuthenticationToken\"}");
                        }
                    }
                }
            }
            else if (request.RequestUri.AbsoluteUri.StartsWith("https://apis.live.net/v5.0/me"))
            {
                if (request.Headers.Authorization.Parameter == "ValidAccessToken")
                {
                    response.Content = new StringContent("{\r   \"id\": \"fccf9a24999f4f4f\", \r   \"name\": \"AspnetvnextTest AspnetvnextTest\", \r   \"first_name\": \"AspnetvnextTest\", \r   \"last_name\": \"AspnetvnextTest\", \r   \"link\": \"https://profile.live.com/\", \r   \"gender\": null, \r   \"locale\": \"en_US\", \r   \"updated_time\": \"2013-08-27T22:18:14+0000\"\r}");
                }
                else
                {
                    response.Content = new StringContent("{\r   \"error\": {\r      \"code\": \"request_token_invalid\", \r      \"message\": \"The access token isn't valid.\"\r   }\r}", Encoding.UTF8, "text/javascript");
                }
            }

            return(response);
        }
Exemple #4
0
        public async Task ReadFormAsync_EmptyValuedAtEndAllowed()
        {
            // Arrange
            var formContent = Encoding.UTF8.GetBytes("foo=");
            var body        = new MemoryStream(formContent);

            var formCollection = await FormReader.ReadFormAsync(body);

            // Assert
            Assert.Equal("", formCollection["foo"].FirstOrDefault());
        }
Exemple #5
0
        public async Task ReadFormAsync_EmptyKeyWithAdditionalEntryAllowed()
        {
            // Arrange
            var formContent = Encoding.UTF8.GetBytes("=bar&baz=2");
            var body        = new MemoryStream(formContent);

            var formCollection = await FormReader.ReadFormAsync(body);

            // Assert
            Assert.Equal("bar", formCollection[""].FirstOrDefault());
            Assert.Equal("2", formCollection["baz"].FirstOrDefault());
        }
Exemple #6
0
    public async Task ReadSmallFormAsyncStream()
    {
        var bytes  = Encoding.UTF8.GetBytes("foo=bar&baz=boo");
        var stream = new MemoryStream(bytes);

        for (var i = 0; i < 1000; i++)
        {
            var formReader = new FormReader(stream);
            await formReader.ReadFormAsync();

            stream.Position = 0;
        }
    }
Exemple #7
0
        protected async override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {
            var response = new HttpResponseMessage();

            if (request.RequestUri.AbsoluteUri.StartsWith("https://api.twitter.com/oauth/access_token"))
            {
                var formData = new FormCollection(await FormReader.ReadFormAsync(await request.Content.ReadAsStreamAsync()));
                if (formData["oauth_verifier"] == "valid_oauth_verifier")
                {
                    if (_requestTokenEndpointInvoked)
                    {
                        var response_Form_data = new List <KeyValuePair <string, string> >()
                        {
                            new KeyValuePair <string, string>("oauth_token", "valid_oauth_token"),
                            new KeyValuePair <string, string>("oauth_token_secret", "valid_oauth_token_secret"),
                            new KeyValuePair <string, string>("user_id", "valid_user_id"),
                            new KeyValuePair <string, string>("screen_name", "valid_screen_name"),
                        };

                        response.Content = new FormUrlEncodedContent(response_Form_data);
                    }
                    else
                    {
                        response.StatusCode = HttpStatusCode.InternalServerError;
                        response.Content    = new StringContent("RequestTokenEndpoint is not invoked");
                    }
                    return(response);
                }
                response.StatusCode = (HttpStatusCode)400;
                return(response);
            }
            else if (request.RequestUri.AbsoluteUri.StartsWith("https://api.twitter.com/oauth/request_token"))
            {
                var response_Form_data = new List <KeyValuePair <string, string> >()
                {
                    new KeyValuePair <string, string>("oauth_callback_confirmed", "true"),
                    new KeyValuePair <string, string>("oauth_token", "valid_oauth_token"),
                    new KeyValuePair <string, string>("oauth_token_secret", "valid_oauth_token_secret")
                };

                _requestTokenEndpointInvoked = true;
                response.Content             = new FormUrlEncodedContent(response_Form_data);
                return(response);
            }

            throw new NotImplementedException(request.RequestUri.AbsoluteUri);
        }
Exemple #8
0
        /// <summary>
        /// Gets the parameter base string.
        /// </summary>
        /// <param name="request">The HTTP request to be signed.</param>
        /// <param name="config">OAuth config information.</param>
        /// <param name="nonce">The nonce for this request.</param>
        /// <param name="timestamp">The timestamp for this request.</param>
        /// <param name="version">The OAuth version.</param>
        /// <returns>The parameter base string.</returns>
        public async Task <string> GetParameterBase(
            HttpRequestMessage request,
            OAuthConfig config,
            string nonce,
            string timestamp,
            string version)
        {
            Dictionary <string, StringValues> parameters = new Dictionary <string, StringValues>();

            if (request.Content != null &&
                request.Content.Headers.ContentType.MediaType == "application/x-www-form-urlencoded")
            {
                var content = await request.Content.ReadAsStringAsync().ConfigureAwait(false);

                var fr = new FormReader(content);
                parameters.Merge(await fr.ReadFormAsync().ConfigureAwait(false));
            }

            var queryParams = QueryHelpers.ParseQuery(request.RequestUri.Query);

            parameters.Merge(queryParams);

            parameters.Add("oauth_consumer_key", config.ConsumerKey);
            parameters.Add("oauth_nonce", nonce);
            parameters.Add("oauth_signature_method", this.SignatureMethod);
            parameters.Add("oauth_timestamp", timestamp);
            parameters.Add("oauth_token", config.AccessToken);
            parameters.Add("oauth_version", version);

            string parameterBase = string.Empty;

            foreach (var param in parameters.OrderBy(pair => pair.Key))
            {
                foreach (var value in param.Value.OrderBy(v => v))
                {
                    if (parameterBase.Length > 0)
                    {
                        parameterBase += "&";
                    }

                    parameterBase += Uri.EscapeDataString(param.Key)
                                     + "=" + Uri.EscapeDataString(value);
                }
            }

            return(parameterBase);
        }
Exemple #9
0
        private static bool IsFormWithClientCredentials(HttpContent content, string expectedClientId, string expectedClientSecret)
        {
            if (!(content is FormUrlEncodedContent))
            {
                return(false);
            }

            var contentStream = content.ReadAsStreamAsync().Result;

            using (var reader = new FormReader(contentStream))
            {
                var formData = reader.ReadFormAsync().Result;

                Assert.Equal(expectedClientId, formData["client_id"]);
                Assert.Equal(expectedClientSecret, formData["client_secret"]);
                return(true);
            }
        }
Exemple #10
0
        protected async override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
        {
            var response = new HttpResponseMessage();

            if (request.RequestUri.AbsoluteUri.StartsWith("https://graph.facebook.com/v2.5/oauth/access_token"))
            {
                var formData = new FormCollection(await FormReader.ReadFormAsync(await request.Content.ReadAsStreamAsync()));
                if (formData["grant_type"] == "authorization_code")
                {
                    if (formData["code"] == "ValidCode")
                    {
                        Helpers.ThrowIfConditionFailed(() => ((string)formData["redirect_uri"]).EndsWith("signin-facebook"), "Redirect URI is not ending with /signin-facebook");
                        Helpers.ThrowIfConditionFailed(() => formData["client_id"] == "[AppId]", "Invalid client Id received");
                        Helpers.ThrowIfConditionFailed(() => formData["client_secret"] == "[AppSecret]", "Invalid client secret received");
                        response.Content = new StringContent("{ \"access_token\": \"ValidAccessToken\", \"expires_in\": \"100\" }");
                        return(response);
                    }
                    response.StatusCode = (HttpStatusCode)400;
                    return(response);
                }
            }
            else if (request.RequestUri.AbsoluteUri.StartsWith("https://graph.facebook.com/v2.5/me"))
            {
                var queryParameters = new QueryCollection(QueryHelpers.ParseQuery(request.RequestUri.Query));
                Helpers.ThrowIfConditionFailed(() => queryParameters["appsecret_proof"].Count > 0, "appsecret_proof is empty");
                if (queryParameters["access_token"] == "ValidAccessToken")
                {
                    response.Content = new StringContent("{\"id\":\"Id\",\"name\":\"AspnetvnextTest AspnetvnextTest\",\"first_name\":\"AspnetvnextTest\",\"last_name\":\"AspnetvnextTest\",\"link\":\"https:\\/\\/www.facebook.com\\/myLink\",\"username\":\"AspnetvnextTest.AspnetvnextTest.7\",\"gender\":\"male\",\"email\":\"AspnetvnextTest\\u0040test.com\",\"timezone\":-7,\"locale\":\"en_US\",\"verified\":true,\"updated_time\":\"2013-08-06T20:38:48+0000\",\"CertValidatorInvoked\":\"ValidAccessToken\"}");
                }
                else
                {
                    response.Content = new StringContent("{\"error\":{\"message\":\"Invalid OAuth access token.\",\"type\":\"OAuthException\",\"code\":190}}");
                }
                return(response);
            }

            throw new NotImplementedException(request.RequestUri.AbsoluteUri);
        }
Exemple #11
0
        public async Task Register(ModificationContext modificationContext, IJSEngine engine)
        {
            FormCollection formFields = null;

            MediaTypeHeaderValue contentType;

            MediaTypeHeaderValue.TryParse(modificationContext.ContentType, out contentType);

            _originalEncoding = contentType?.Encoding ?? Encoding.UTF8;

            if (HasApplicationFormContentType(contentType))
            {
                var encoding = FilterEncoding(contentType.Encoding);

                using (var formReader = new FormReader(modificationContext.ContentStream, encoding)
                {
                    ValueCountLimit = _options.Value.FormOptions.ValueCountLimit,
                    KeyLengthLimit = _options.Value.FormOptions.KeyLengthLimit,
                    ValueLengthLimit = _options.Value.FormOptions.ValueLengthLimit,
                })
                {
                    formFields = new FormCollection(await formReader.ReadFormAsync());
                }
            }
            else if (HasMultipartFormContentType(contentType))
            {
                _isMultiPart = true;

                _originalBoundary = GetBoundary(contentType, _options.Value.FormOptions.MultipartBoundaryLengthLimit);

                formFields = await GetMultipartFormCollection(modificationContext);
            }

            _internalForm = formFields ?? FormCollection.Empty;

            if (modificationContext.ContentStream.CanSeek)
            {
                modificationContext.ContentStream.Seek(0, SeekOrigin.Begin);
            }

            _formFieldContainer = new Dictionary <string, List <string> >();

            foreach (var field in _internalForm)
            {
                foreach (var value in field.Value)
                {
                    if (_formFieldContainer.ContainsKey(field.Key))
                    {
                        _formFieldContainer[field.Key].Add(value);
                    }
                    else
                    {
                        _formFieldContainer.Add(field.Key, new List <string> {
                            value
                        });
                    }
                }
            }

            engine.InitializeFormApi(_formFieldContainer, _formFiles);
        }
Exemple #12
0
        private async Task <IFormCollection> InnerReadFormAsync(CancellationToken cancellationToken)
        {
            if (!HasFormContentType)
            {
                throw new InvalidOperationException("Incorrect Content-Type: " + _request.ContentType);
            }

            cancellationToken.ThrowIfCancellationRequested();

            //if (_options.BufferBody)
            //{
            //    _request.EnableRewind(_options.MemoryBufferThreshold, _options.BufferBodyLengthLimit);
            //}

            FormCollection     formFields = null;
            FormFileCollection files      = null;

            // Some of these code paths use StreamReader which does not support cancellation tokens.
            using (cancellationToken.Register((state) => ((HttpContext)state).Abort(), _request.HttpContext))
            {
                var contentType = ContentType;
                // Check the content-type
                if (HasApplicationFormContentType(contentType))
                {
                    var encoding = FilterEncoding(contentType.Encoding);
                    using (var formReader = new FormReader(_request.Body, encoding)
                    {
                        ValueCountLimit = _options.ValueCountLimit,
                        KeyLengthLimit = _options.KeyLengthLimit,
                        ValueLengthLimit = _options.ValueLengthLimit,
                    })
                    {
                        formFields = new FormCollection(await formReader.ReadFormAsync(cancellationToken));
                    }
                }
                else if (HasMultipartFormContentType(contentType))
                {
                    var formAccumulator = new KeyValueAccumulator();

                    var boundary        = GetBoundary(contentType, _options.MultipartBoundaryLengthLimit);
                    var multipartReader = new MultipartReader(boundary, _request.Body)
                    {
                        HeadersCountLimit  = _options.MultipartHeadersCountLimit,
                        HeadersLengthLimit = _options.MultipartHeadersLengthLimit,
                        BodyLengthLimit    = _options.MultipartBodyLengthLimit,
                    };
                    var section = await multipartReader.ReadNextSectionAsync(cancellationToken);

                    while (section != null)
                    {
                        // Parse the content disposition here and pass it further to avoid reparsings
                        ContentDispositionHeaderValue contentDisposition;
                        ContentDispositionHeaderValue.TryParse(section.ContentDisposition, out contentDisposition);

                        if (contentDisposition.IsFileDisposition())
                        {
                            var fileSection = new FileMultipartSection(section, contentDisposition);

                            FormFile file;
                            if (section.Body.CanSeek)
                            {
                                // Find the end
                                await section.Body.ConsumeAsync(cancellationToken);

                                var name     = fileSection.Name;
                                var fileName = fileSection.FileName;


                                if (section.BaseStreamOffset.HasValue)
                                {
                                    // Relative reference to buffered request body
                                    file = new StreamFormFile(_request.Body, section.BaseStreamOffset.Value, section.Body.Length, name, fileName);
                                }
                                else
                                {
                                    // Individually buffered file body
                                    file = new StreamFormFile(section.Body, 0, section.Body.Length, name, fileName);
                                }
                                file.Headers = new HeaderDictionary(section.Headers);
                            }
                            else
                            {
                                //// Enable buffering for the file if not already done for the full body
                                //section.EnableRewind(
                                //    _request.HttpContext.Response.RegisterForDispose,
                                //    _options.MemoryBufferThreshold, _options.MultipartBodyLengthLimit);

                                //read all bytes.
                                var bytes = await section.Body.ReadAllBytesAsync(cancellationToken);

                                var name     = fileSection.Name;
                                var fileName = fileSection.FileName;

                                if (section.BaseStreamOffset.HasValue)
                                {
                                    // Relative reference to buffered request body
                                    file = new BufferedFormFile(new ArraySegment <byte>(bytes, (int)section.BaseStreamOffset.Value, (int)section.Body.Length), name, fileName);
                                }
                                else
                                {
                                    // Individually buffered file body
                                    file = new BufferedFormFile(new ArraySegment <byte>(bytes, 0, (int)section.Body.Length), name, fileName);
                                }
                                file.Headers = new HeaderDictionary(section.Headers);
                            }

                            if (files == null)
                            {
                                files = new FormFileCollection();
                            }
                            if (files.Count >= _options.ValueCountLimit)
                            {
                                throw new InvalidDataException($"Form value count limit {_options.ValueCountLimit} exceeded.");
                            }
                            files.Add(file);
                        }
                        else if (contentDisposition.IsFormDisposition())
                        {
                            var formDataSection = new FormMultipartSection(section, contentDisposition);

                            // Content-Disposition: form-data; name="key"
                            //
                            // value

                            // Do not limit the key name length here because the mulipart headers length limit is already in effect.
                            var key   = formDataSection.Name;
                            var value = await formDataSection.GetValueAsync();

                            formAccumulator.Append(key, value);
                            if (formAccumulator.ValueCount > _options.ValueCountLimit)
                            {
                                throw new InvalidDataException($"Form value count limit {_options.ValueCountLimit} exceeded.");
                            }
                        }
                        else
                        {
                            System.Diagnostics.Debug.Assert(false, "Unrecognized content-disposition for this section: " + section.ContentDisposition);
                        }

                        section = await multipartReader.ReadNextSectionAsync(cancellationToken);
                    }

                    if (formAccumulator.HasValues)
                    {
                        formFields = new FormCollection(formAccumulator.GetResults(), files);
                    }
                }
            }

            // Rewind so later readers don't have to.
            if (_request.Body.CanSeek)
            {
                _request.Body.Seek(0, SeekOrigin.Begin);
            }

            if (formFields != null)
            {
                Form = formFields;
            }
            else if (files != null)
            {
                Form = new FormCollection(null, files);
            }
            else
            {
                Form = FormCollection.Empty;
            }

            return(Form);
        }
Exemple #13
0
 protected override async Task <Dictionary <string, StringValues> > ReadFormAsync(FormReader reader)
 {
     return(await reader.ReadFormAsync());
 }
Exemple #14
0
        public async Task <IActionResult> AuthorizePost(string transactionId)
        {
            var result = await connector.ExecuteTransaction(transactionId,
                                                            async payload =>
            {
                var formReader     = new FormReader(payload);
                var values         = await formReader.ReadFormAsync().ConfigureAwait(false);
                var formCollection = new FormCollection(values);

                var amount     = decimal.Parse(formCollection["Amount"].Single());
                var customerId = formCollection["CustomerId"].Single();

                return(new AuthorizeRequest
                {
                    CustomerId = customerId,
                    TransactionId = transactionId,
                    Amount = amount
                }, customerId.Substring(0, 2));
            },
                                                            async session =>
            {
                Account account;
                try
                {
                    account = await session.TransactionContext.Batch()
                              .ReadItemAsync <Account>(session.Payload.CustomerId);
                }
                catch (CosmosException e)
                {
                    if (e.StatusCode == HttpStatusCode.NotFound)
                    {
                        account = new Account
                        {
                            Number       = session.Payload.CustomerId,
                            Partition    = session.Payload.CustomerId.Substring(0, 2),
                            Balance      = 0,
                            Transactions = new List <Transaction>()
                        };
                    }
                    else
                    {
                        throw new Exception("Error while loading account data", e);
                    }
                }

                account.Balance -= session.Payload.Amount;
                session.TransactionContext.Batch().UpsertItem(account);
                await session.Send(new SettleTransaction
                {
                    AccountNumber = account.Number,
                    Amount        = session.Payload.Amount,
                    TransactionId = transactionId
                });

                return(new StoredResponse(200, null));
            });

            if (result.Body != null)
            {
                Response.Body = result.Body;
            }
            return(StatusCode(result.Code));
        }
Exemple #15
0
        public async Task <IFormCollection> ReadFormAsync(CancellationToken cancellationToken)
        {
            if (Form != null)
            {
                return(Form);
            }

            if (!HasFormContentType)
            {
                throw new InvalidOperationException("Incorrect Content-Type: " + _request.ContentType);
            }

            cancellationToken.ThrowIfCancellationRequested();

            _request.EnableRewind();

            IDictionary <string, string[]> formFields = null;
            var files = new FormFileCollection();

            // Some of these code paths use StreamReader which does not support cancellation tokens.
            using (cancellationToken.Register(_request.HttpContext.Abort))
            {
                var contentType = ContentType;
                // Check the content-type
                if (HasApplicationFormContentType(contentType))
                {
                    var encoding = FilterEncoding(contentType.Encoding);
                    formFields = await FormReader.ReadFormAsync(_request.Body, encoding, cancellationToken);
                }
                else if (HasMultipartFormContentType(contentType))
                {
                    var formAccumulator = new KeyValueAccumulator <string, string>(StringComparer.OrdinalIgnoreCase);

                    var boundary        = GetBoundary(contentType);
                    var multipartReader = new MultipartReader(boundary, _request.Body);
                    var section         = await multipartReader.ReadNextSectionAsync(cancellationToken);

                    while (section != null)
                    {
                        var headers = new HeaderDictionary(section.Headers);
                        ContentDispositionHeaderValue contentDisposition;
                        ContentDispositionHeaderValue.TryParse(headers.Get(HeaderNames.ContentDisposition), out contentDisposition);
                        if (HasFileContentDisposition(contentDisposition))
                        {
                            // Find the end
                            await section.Body.DrainAsync(cancellationToken);

                            var file = new FormFile(_request.Body, section.BaseStreamOffset.Value, section.Body.Length)
                            {
                                Headers = headers,
                            };
                            files.Add(file);
                        }
                        else if (HasFormDataContentDisposition(contentDisposition))
                        {
                            // Content-Disposition: form-data; name="key"
                            //
                            // value

                            var key = HeaderUtilities.RemoveQuotes(contentDisposition.Name);
                            MediaTypeHeaderValue mediaType;
                            MediaTypeHeaderValue.TryParse(headers.Get(HeaderNames.ContentType), out mediaType);
                            var encoding = FilterEncoding(mediaType?.Encoding);
                            using (var reader = new StreamReader(section.Body, encoding, detectEncodingFromByteOrderMarks: true, bufferSize: 1024, leaveOpen: true))
                            {
                                var value = await reader.ReadToEndAsync();

                                formAccumulator.Append(key, value);
                            }
                        }
                        else
                        {
                            System.Diagnostics.Debug.Assert(false, "Unrecognized content-disposition for this section: " + headers.Get(HeaderNames.ContentDisposition));
                        }

                        section = await multipartReader.ReadNextSectionAsync(cancellationToken);
                    }

                    formFields = formAccumulator.GetResults();
                }
            }

            Form = new FormCollection(formFields, files);
            return(Form);
        }
Exemple #16
0
        public static IEndpointConventionBuilder UseFilteredAutoForeignKeys(this IEndpointRouteBuilder builder, string explicitTenantParam, bool forAreas, bool withAuthorization = true)
        {
            bool forExplicitTenants = !string.IsNullOrEmpty(explicitTenantParam);

            ContextExtensions.Init();
            RequestDelegate dlg = async context =>
            {
                //{{connection:regex(^[\\w_]+$)}}/{{table:regex(^[\\w_]+$)}}
                RouteData        routeData        = context.GetRouteData();
                ActionDescriptor actionDescriptor = new ActionDescriptor();
                ActionContext    actionContext    = new ActionContext(context, routeData, actionDescriptor);
                var ok = !withAuthorization || context.RequestServices.VerifyCurrentUser();
                if (ok)
                {
                    if (context.Request.RouteValues.ContainsKey("dataResolveHint"))
                    {
                        var baseHint = ((string)context.Request.RouteValues["dataResolveHint"])?.Split("/")
                                       .Select(n => HttpUtility.UrlDecode(n)).ToArray();
                        if (baseHint is { Length : 2 })
                        {
                            string area = null;
                            if (context.Request.RouteValues.ContainsKey("area"))
                            {
                                area = (string)context.Request.RouteValues["area"];
                            }

                            var connection =
                                RegexValidate(baseHint[0], "^[\\w_]+$")
                                    ? baseHint[0]
                                    : null; //(string) context.Request.RouteValues["connection"];
                            var dbContext = context.RequestServices.ContextForFkQuery(connection, area);
                            if (dbContext != null)
                            {
                                var table = RegexValidate(baseHint[1], dbContext.CustomFkSettings?.CustomTableValidation ?? "^[\\w_]+$")
                                    ? baseHint[1]
                                    : null; //(string) context.Request.RouteValues["table"];

                                FormReader former          = new FormReader(context.Request.Body);
                                var        formsDictionary = await former.ReadFormAsync();

                                //LogEnvironment.LogEvent(Stringify(formsDictionary), LogSeverity.Report);
                                var        newDic     = TranslateForm(formsDictionary, true);
                                JsonResult result     = null;
                                bool       authorized = true;
                                try
                                {
                                    result = new JsonResult(dbContext.ReadForeignKey(table, postedFilter: newDic)
                                                            .ToDummyDataSourceResult());
                                }
                                catch (SecurityException)
                                {
                                    authorized = false;
                                }

                                if (authorized)
                                {
                                    await result.ExecuteResultAsync(actionContext);

                                    return;
                                }

                                UnauthorizedResult ill = new UnauthorizedResult();
                                await ill.ExecuteResultAsync(actionContext);

                                return;
                            }
                        }
                    }
Exemple #17
0
    public void Configure(IApplicationBuilder app)
    {
        app.Run(async context =>
        {
            if (context.Request.Path.Value != "/debit")
            {
                context.Response.StatusCode = 404;
                return;
            }

            var connector = context.RequestServices.GetRequiredService <IMachineInterfaceConnector <string> >();

            if (string.Equals(context.Request.Method, "PUT", StringComparison.OrdinalIgnoreCase))
            {
                var requestId = context.Request.Query["rid"];
                await connector.StoreRequest(requestId, context.Request.Body);
                context.Response.StatusCode = 200;
            }
            else if (string.Equals(context.Request.Method, "POST", StringComparison.OrdinalIgnoreCase))
            {
                var requestId = context.Request.Query["rid"];
                var accountId = context.Request.Query["account"];
                var response  = await connector.ExecuteTransaction(requestId, accountId, async session =>
                {
                    var formReader     = new FormReader(session.PutRequestBody);
                    var values         = await formReader.ReadFormAsync().ConfigureAwait(false);
                    var formCollection = new FormCollection(values);

                    var debit = int.Parse(formCollection["debit-value"].Single());

                    Account account;
                    try
                    {
                        account = await session.TransactionContext.Batch().ReadItemAsync <Account>(accountId);
                    }
                    catch (CosmosException e)
                    {
                        if (e.StatusCode == HttpStatusCode.NotFound)
                        {
                            account = new Account
                            {
                                Id            = accountId,
                                AccountNumber = accountId
                            };
                        }
                        else
                        {
                            throw;
                        }
                    }

                    account.Value -= debit;
                    if (account.Value < 0)
                    {
                        return(new StoredResponse(499, null));
                    }

                    session.TransactionContext.Batch().UpsertItem(account);
                    return(new StoredResponse(200, null));
                });
                context.Response.StatusCode = response.Code;
            }
            else if (string.Equals(context.Request.Method, "DELETE", StringComparison.OrdinalIgnoreCase))
            {
                var requestId = context.Request.Query["rid"];
                await connector.DeleteResponse(requestId);
                context.Response.StatusCode = 200;
            }
            else
            {
                context.Response.StatusCode = 404;
            }
        });
    }
Exemple #18
0
        private async Task <IFormCollection> InnerReadFormAsync(CancellationToken cancellationToken)
        {
            if (!HasFormContentType)
            {
                throw new InvalidOperationException("Incorrect Content-Type: " + _request.ContentType);
            }

            cancellationToken.ThrowIfCancellationRequested();

            if (_options.BufferBody)
            {
                _request.EnableRewind(_options.MemoryBufferThreshold, _options.BufferBodyLengthLimit);
            }

            FormCollection     formFields = null;
            FormFileCollection files      = null;

            // Some of these code paths use StreamReader which does not support cancellation tokens.
            using (cancellationToken.Register((state) => ((HttpContext)state).Abort(), _request.HttpContext))
            {
                var contentType = ContentType;
                // Check the content-type
                if (HasApplicationFormContentType(contentType))
                {
                    var encoding = FilterEncoding(contentType.Encoding);
                    using (var formReader = new FormReader(_request.Body, encoding)
                    {
                        ValueCountLimit = _options.ValueCountLimit,
                        KeyLengthLimit = _options.KeyLengthLimit,
                        ValueLengthLimit = _options.ValueLengthLimit,
                    })
                    {
                        formFields = new FormCollection(await formReader.ReadFormAsync(cancellationToken));
                    }
                }
                else if (HasMultipartFormContentType(contentType))
                {
                    var formAccumulator = new KeyValueAccumulator();

                    var boundary        = GetBoundary(contentType, _options.MultipartBoundaryLengthLimit);
                    var multipartReader = new MultipartReader(boundary, _request.Body)
                    {
                        HeadersCountLimit  = _options.MultipartHeadersCountLimit,
                        HeadersLengthLimit = _options.MultipartHeadersLengthLimit,
                        BodyLengthLimit    = _options.MultipartBodyLengthLimit,
                    };
                    var section = await multipartReader.ReadNextSectionAsync(cancellationToken);

                    while (section != null)
                    {
                        ContentDispositionHeaderValue contentDisposition;
                        ContentDispositionHeaderValue.TryParse(section.ContentDisposition, out contentDisposition);
                        if (HasFileContentDisposition(contentDisposition))
                        {
                            // Enable buffering for the file if not already done for the full body
                            section.EnableRewind(_request.HttpContext.Response.RegisterForDispose,
                                                 _options.MemoryBufferThreshold, _options.MultipartBodyLengthLimit);
                            // Find the end
                            await section.Body.DrainAsync(cancellationToken);

                            var name     = HeaderUtilities.RemoveQuotes(contentDisposition.Name) ?? string.Empty;
                            var fileName = HeaderUtilities.RemoveQuotes(contentDisposition.FileName) ?? string.Empty;

                            FormFile file;
                            if (section.BaseStreamOffset.HasValue)
                            {
                                // Relative reference to buffered request body
                                file = new FormFile(_request.Body, section.BaseStreamOffset.Value, section.Body.Length, name, fileName);
                            }
                            else
                            {
                                // Individually buffered file body
                                file = new FormFile(section.Body, 0, section.Body.Length, name, fileName);
                            }
                            file.Headers = new HeaderDictionary(section.Headers);

                            if (files == null)
                            {
                                files = new FormFileCollection();
                            }
                            if (files.Count >= _options.ValueCountLimit)
                            {
                                throw new InvalidDataException($"Form value count limit {_options.ValueCountLimit} exceeded.");
                            }
                            files.Add(file);
                        }
                        else if (HasFormDataContentDisposition(contentDisposition))
                        {
                            // Content-Disposition: form-data; name="key"
                            //
                            // value

                            // Do not limit the key name length here because the mulipart headers length limit is already in effect.
                            var key = HeaderUtilities.RemoveQuotes(contentDisposition.Name);
                            MediaTypeHeaderValue mediaType;
                            MediaTypeHeaderValue.TryParse(section.ContentType, out mediaType);
                            var encoding = FilterEncoding(mediaType?.Encoding);
                            using (var reader = new StreamReader(section.Body, encoding, detectEncodingFromByteOrderMarks: true, bufferSize: 1024, leaveOpen: true))
                            {
                                // The value length limit is enforced by MultipartBodyLengthLimit
                                var value = await reader.ReadToEndAsync();

                                formAccumulator.Append(key, value);
                                if (formAccumulator.ValueCount > _options.ValueCountLimit)
                                {
                                    throw new InvalidDataException($"Form value count limit {_options.ValueCountLimit} exceeded.");
                                }
                            }
                        }
                        else
                        {
                            System.Diagnostics.Debug.Assert(false, "Unrecognized content-disposition for this section: " + section.ContentDisposition);
                        }

                        section = await multipartReader.ReadNextSectionAsync(cancellationToken);
                    }

                    if (formAccumulator.HasValues)
                    {
                        formFields = new FormCollection(formAccumulator.GetResults(), files);
                    }
                }
            }

            // Rewind so later readers don't have to.
            if (_request.Body.CanSeek)
            {
                _request.Body.Seek(0, SeekOrigin.Begin);
            }

            if (formFields != null)
            {
                Form = formFields;
            }
            else if (files != null)
            {
                Form = new FormCollection(null, files);
            }
            else
            {
                Form = FormCollection.Empty;
            }

            return(Form);
        }