private static void TryAuthorizeWithToken(DownstreamContext downStreamContext, string jwtToken) { var allowedRoles = GetAllowedRolesForCurrentRoute(downStreamContext); if (allowedRoles == null) { return; } if (jwtToken == null) { throw new UnauthorizedAccessException(); } JwtManager jwtManager = new JwtManager(GetJwtSecretFromEnvironment()); IIdentityProvider identityProvider = jwtManager.Decode <UserToken>(jwtToken); if (identityProvider != null && IsIdentityRoleAllowed(allowedRoles, identityProvider)) { AppendUserInfoToRequest(downStreamContext.DownstreamRequest, identityProvider); return; } throw new UnauthorizedAccessException(); }
// download a history file private static void DownloadHistory(HttpContext context) { try { var fileName = Path.GetFileName(context.Request["fileName"]); var userAddress = Path.GetFileName(context.Request["userAddress"]); var version = System.Convert.ToInt32(context.Request["ver"]); var file = Path.GetFileName(context.Request["file"]); if (JwtManager.Enabled) { string JWTheader = WebConfigurationManager.AppSettings["files.docservice.header"].Equals("") ? "Authorization" : WebConfigurationManager.AppSettings["files.docservice.header"]; if (context.Request.Headers.AllKeys.Contains(JWTheader, StringComparer.InvariantCultureIgnoreCase)) { var headerToken = context.Request.Headers.Get(JWTheader).Substring("Bearer ".Length); string token = JwtManager.Decode(headerToken); if (token == null || token.Equals("")) { context.Response.StatusCode = (int)HttpStatusCode.Forbidden; context.Response.Write("JWT validation failed"); return; } } else { context.Response.StatusCode = (int)HttpStatusCode.Forbidden; context.Response.Write("JWT validation failed"); return; } } var histPath = DocManagerHelper.HistoryDir(DocManagerHelper.StoragePath(fileName, userAddress)); var filePath = Path.Combine(DocManagerHelper.VersionDir(histPath, version), file); // get the path to document version download(filePath, context); } catch (Exception) { context.Response.Write("{ \"error\": \"File not found!\"}"); } }
private static DinazorIdentity AuthenticateMe(string token) { _dinazorIdentity = new DinazorIdentity(); try { var jwtManager = new JwtManager(); var tokenUserResult = jwtManager.Decode(token); if (tokenUserResult.IsSuccess) { return(AuthenticateMe(tokenUserResult.Data)); } TokenUser tokenUser = null; return(AuthenticateMe(tokenUser)); } catch (Exception ex) { throw new Exception("Error while retrieving the authorization details. Please contact administrator.", ex); } }
// download a file private static void Download(HttpContext context) { try { var fileName = Path.IsPathRooted(WebConfigurationManager.AppSettings["storage-path"]) ? context.Request["fileName"] : Path.GetFileName(context.Request["fileName"]); var userAddress = context.Request["userAddress"]; var isEmbedded = context.Request["dmode"]; if (JwtManager.Enabled && isEmbedded == null) { string JWTheader = WebConfigurationManager.AppSettings["files.docservice.header"].Equals("") ? "Authorization" : WebConfigurationManager.AppSettings["files.docservice.header"]; if (context.Request.Headers.AllKeys.Contains(JWTheader, StringComparer.InvariantCultureIgnoreCase)) { var headerToken = context.Request.Headers.Get(JWTheader).Substring("Bearer ".Length); string token = JwtManager.Decode(headerToken); if (token == null || token.Equals("")) { context.Response.StatusCode = (int)HttpStatusCode.Forbidden; context.Response.Write("JWT validation failed"); return; } } } var filePath = DocManagerHelper.ForcesavePath(fileName, userAddress, false); // get the path to the force saved document version if (filePath.Equals("")) { filePath = DocManagerHelper.StoragePath(fileName, userAddress); // or to the original document } download(filePath, context); } catch (Exception) { context.Response.Write("{ \"error\": \"File not found!\"}"); } }
private static void Track(HttpContext context) { var userAddress = context.Request["userAddress"]; var fileName = context.Request["fileName"]; string body; try { using (var receiveStream = context.Request.InputStream) using (var readStream = new StreamReader(receiveStream)) { body = readStream.ReadToEnd(); } } catch (Exception e) { throw new HttpException((int)HttpStatusCode.BadRequest, e.Message); } var jss = new JavaScriptSerializer(); if (string.IsNullOrEmpty(body)) { return; } var fileData = jss.Deserialize <Dictionary <string, object> >(body); if (JwtManager.Enabled) { if (fileData.ContainsKey("token")) { fileData = jss.Deserialize <Dictionary <string, object> >(JwtManager.Decode(fileData["token"].ToString())); } else if (context.Request.Headers.AllKeys.Contains("Authorization", StringComparer.InvariantCultureIgnoreCase)) { var headerToken = context.Request.Headers.Get("Authorization").Substring("Bearer ".Length); fileData = (Dictionary <string, object>)jss.Deserialize <Dictionary <string, object> >(JwtManager.Decode(headerToken))["payload"]; } else { throw new Exception("Expected JWT"); } } var status = (TrackerStatus)(int)fileData["status"]; switch (status) { case TrackerStatus.MustSave: case TrackerStatus.Corrupted: var downloadUri = (string)fileData["url"]; var saved = 1; try { var storagePath = DocManagerHelper.StoragePath(fileName, userAddress); var histDir = DocManagerHelper.HistoryDir(storagePath); var versionDir = DocManagerHelper.VersionDir(histDir, DocManagerHelper.GetFileVersion(histDir) + 1); if (!Directory.Exists(versionDir)) { Directory.CreateDirectory(versionDir); } File.Copy(storagePath, Path.Combine(versionDir, "prev" + Path.GetExtension(fileName))); DownloadToFile(downloadUri, DocManagerHelper.StoragePath(fileName, userAddress)); DownloadToFile((string)fileData["changesurl"], Path.Combine(versionDir, "diff.zip")); var hist = fileData.ContainsKey("changeshistory") ? (string)fileData["changeshistory"] : null; if (string.IsNullOrEmpty(hist) && fileData.ContainsKey("history")) { hist = jss.Serialize(fileData["history"]); } if (!string.IsNullOrEmpty(hist)) { File.WriteAllText(Path.Combine(versionDir, "changes.json"), hist); } File.WriteAllText(Path.Combine(versionDir, "key.txt"), (string)fileData["key"]); } catch (Exception) { saved = 0; } break; } context.Response.Write("{\"error\":0}"); }
public IActionResult T2(string token) { return(Ok(JwtManager.Decode(token))); }