private void AssertDisplayProperty <T>(IContentProperties <T> result, Property p) where T : ContentPropertyBasic { var pDto = result.Properties.SingleOrDefault(x => x.Alias == p.Alias); Assert.IsNotNull(pDto); //pDto.Alias = p.Alias; //pDto.Description = p.PropertyType.Description; //pDto.Label = p.PropertyType.Name; //pDto.Config = applicationContext.Services.DataTypeService.GetPreValuesByDataTypeId(p.PropertyType.DataTypeDefinitionId); }
private void AssertProperty(IContentProperties <ContentPropertyDto> result, Property p) { AssertBasicProperty(result, p); var pDto = result.Properties.SingleOrDefault(x => x.Alias == p.Alias); Assert.IsNotNull(pDto); Assert.AreEqual(p.PropertyType.Mandatory, pDto.IsRequired); Assert.AreEqual(p.PropertyType.ValidationRegExp, pDto.ValidationRegExp); Assert.AreEqual(p.PropertyType.Description, pDto.Description); Assert.AreEqual(p.PropertyType.Name, pDto.Label); Assert.AreEqual(Current.Services.DataTypeService.GetDataType(p.PropertyType.DataTypeId), pDto.DataType); Assert.AreEqual(Current.PropertyEditors[p.PropertyType.PropertyEditorAlias], pDto.PropertyEditor); }
/// <summary> /// we will now assign all of the values in the 'save' model to the DTO object /// </summary> /// <param name="saveModel"></param> /// <param name="dto"></param> public void MapPropertyValuesFromSaved(IContentProperties <ContentPropertyBasic> saveModel, ContentPropertyCollectionDto dto) { //NOTE: Don't convert this to linq, this is much quicker foreach (var p in saveModel.Properties) { foreach (var propertyDto in dto.Properties) { if (propertyDto.Alias != p.Alias) { continue; } propertyDto.Value = p.Value; break; } } }
public override bool ValidatePropertiesData( MemberSave?model, IContentProperties <ContentPropertyBasic>?modelWithProperties, ContentPropertyCollectionDto?dto, ModelStateDictionary modelState) { if (model is null) { return(false); } if (model.Username.IsNullOrWhiteSpace()) { modelState.AddPropertyError( new ValidationResult("Invalid user name", new[] { "value" }), $"{Constants.PropertyEditors.InternalGenericPropertiesPrefix}login"); } if (model.Email.IsNullOrWhiteSpace() || new EmailAddressAttribute().IsValid(model.Email) == false) { modelState.AddPropertyError( new ValidationResult("Invalid email", new[] { "value" }), $"{Constants.PropertyEditors.InternalGenericPropertiesPrefix}email"); } var validEmail = ValidateUniqueEmail(model); if (validEmail == false) { modelState.AddPropertyError( new ValidationResult("Email address is already in use", new[] { "value" }), $"{Constants.PropertyEditors.InternalGenericPropertiesPrefix}email"); } var validLogin = ValidateUniqueLogin(model); if (validLogin == false) { modelState.AddPropertyError( new ValidationResult("Username is already in use", new[] { "value" }), $"{Constants.PropertyEditors.InternalGenericPropertiesPrefix}login"); } return(base.ValidatePropertiesData(model, modelWithProperties, dto, modelState)); }
/// <summary> /// This ensures that the internal membership property types are removed from validation before processing the /// validation /// since those properties are actually mapped to real properties of the IMember. /// This also validates any posted data for fields that are sensitive. /// </summary> /// <param name="model"></param> /// <param name="modelWithProperties"></param> /// <param name="actionContext"></param> /// <returns></returns> public override bool ValidateProperties(MemberSave?model, IContentProperties <ContentPropertyBasic>?modelWithProperties, ActionExecutingContext actionContext) { var propertiesToValidate = model?.Properties.ToList(); Dictionary <string, PropertyType> defaultProps = ConventionsHelper.GetStandardPropertyTypeStubs(_shortStringHelper); var exclude = defaultProps.Select(x => x.Value.Alias).ToArray(); foreach (var remove in exclude) { propertiesToValidate?.RemoveAll(property => property.Alias == remove); } //if the user doesn't have access to sensitive values, then we need to validate the incoming properties to check //if a sensitive value is being submitted. if (_backofficeSecurity?.CurrentUser?.HasAccessToSensitiveData() == false) { IMemberType?contentType = _memberTypeService.Get(model?.PersistedContent?.ContentTypeId ?? default); var sensitiveProperties = contentType? .PropertyTypes.Where(x => contentType.IsSensitiveProperty(x.Alias)) .ToList(); if (sensitiveProperties is not null) { foreach (IPropertyType sensitiveProperty in sensitiveProperties) { ContentPropertyBasic?prop = propertiesToValidate?.FirstOrDefault(x => x.Alias == sensitiveProperty.Alias); if (prop != null) { //this should not happen, this means that there was data posted for a sensitive property that //the user doesn't have access to, which means that someone is trying to hack the values. var message = $"property with alias: {prop.Alias} cannot be posted"; actionContext.Result = new NotFoundObjectResult(new InvalidOperationException(message)); return(false); } } } } return(ValidateProperties(propertiesToValidate, model?.PersistedContent?.Properties.ToList(), actionContext)); }
/// <summary> /// We need to manually validate a few things here like email and login to make sure they are valid and aren't duplicates /// </summary> /// <param name="model"></param> /// <param name="dto"></param> /// <param name="modelState"></param> /// <param name="modelWithProperties"></param> /// <returns></returns> public override bool ValidatePropertyData(MemberSave model, IContentProperties <ContentPropertyBasic> modelWithProperties, ContentPropertyCollectionDto dto, ModelStateDictionary modelState) { if (model.Username.IsNullOrWhiteSpace()) { modelState.AddPropertyError( new ValidationResult("Invalid user name", new[] { "value" }), $"{Constants.PropertyEditors.InternalGenericPropertiesPrefix}login"); } if (model.Email.IsNullOrWhiteSpace() || new EmailAddressAttribute().IsValid(model.Email) == false) { modelState.AddPropertyError( new ValidationResult("Invalid email", new[] { "value" }), $"{Constants.PropertyEditors.InternalGenericPropertiesPrefix}email"); } //default provider! var membershipProvider = Core.Security.MembershipProviderExtensions.GetMembersMembershipProvider(); var validEmail = ValidateUniqueEmail(model, membershipProvider); if (validEmail == false) { modelState.AddPropertyError( new ValidationResult("Email address is already in use", new[] { "value" }), $"{Constants.PropertyEditors.InternalGenericPropertiesPrefix}email"); } var validLogin = ValidateUniqueLogin(model, membershipProvider); if (validLogin == false) { modelState.AddPropertyError( new ValidationResult("Username is already in use", new[] { "value" }), $"{Constants.PropertyEditors.InternalGenericPropertiesPrefix}login"); } return(base.ValidatePropertyData(model, modelWithProperties, dto, modelState)); }
private void AssertBasicProperty <T>(IContentProperties <T> result, Property p) where T : ContentPropertyBasic { var pDto = result.Properties.SingleOrDefault(x => x.Alias == p.Alias); Assert.IsNotNull(pDto); Assert.AreEqual(p.Alias, pDto.Alias); Assert.AreEqual(p.Id, pDto.Id); if (p.GetValue() == null) { Assert.AreEqual(pDto.Value, string.Empty); } else if (p.GetValue() is decimal) { Assert.AreEqual(pDto.Value, ((decimal)p.GetValue()).ToString(NumberFormatInfo.InvariantInfo)); } else { Assert.AreEqual(pDto.Value, p.GetValue().ToString()); } }
/// <summary> /// This ensures that the internal membership property types are removed from validation before processing the validation /// since those properties are actually mapped to real properties of the IMember. /// This also validates any posted data for fields that are sensitive. /// </summary> /// <param name="model"></param> /// <param name="modelWithProperties"></param> /// <param name="actionContext"></param> /// <returns></returns> public override bool ValidateProperties(MemberSave model, IContentProperties <ContentPropertyBasic> modelWithProperties, HttpActionContext actionContext) { var propertiesToValidate = model.Properties.ToList(); var defaultProps = ConventionsHelper.GetStandardPropertyTypeStubs(); var exclude = defaultProps.Select(x => x.Value.Alias).ToArray(); foreach (var remove in exclude) { propertiesToValidate.RemoveAll(property => property.Alias == remove); } //if the user doesn't have access to sensitive values, then we need to validate the incoming properties to check //if a sensitive value is being submitted. if (UmbracoContextAccessor.UmbracoContext.Security.CurrentUser.HasAccessToSensitiveData() == false) { var contentType = _memberTypeService.Get(model.PersistedContent.ContentTypeId); var sensitiveProperties = contentType .PropertyTypes.Where(x => contentType.IsSensitiveProperty(x.Alias)) .ToList(); foreach (var sensitiveProperty in sensitiveProperties) { var prop = propertiesToValidate.FirstOrDefault(x => x.Alias == sensitiveProperty.Alias); if (prop != null) { //this should not happen, this means that there was data posted for a sensitive property that //the user doesn't have access to, which means that someone is trying to hack the values. var message = $"property with alias: {prop.Alias} cannot be posted"; actionContext.Response = actionContext.Request.CreateErrorResponse(HttpStatusCode.NotFound, new InvalidOperationException(message)); return(false); } } } return(ValidateProperties(propertiesToValidate, model.PersistedContent.Properties.ToList(), actionContext)); }
public ContentSavedState?Resolve(IContent source, IContentProperties <T> destination, ContentSavedState?destMember, ResolutionContext context) { return(_inner.Resolve(source, destination, default, context));