Exemple #1
0
    protected void Page_Load(object sender, EventArgs e)
    {
        if (!IsPostBack)
        {
            Master.SelectedTab = tabID.tabHome;

            if (Page.User.Identity.IsAuthenticated)
            {
                mvServices.SetActiveView(vwAuthenticated);

                foreach (MFBOAuthScope scope in Enum.GetValues(typeof(MFBOAuthScope)))
                {
                    if (scope != MFBOAuthScope.none)
                    {
                        cklScopes.Items.Add(new ListItem(MFBOauthServer.ScopeDescription(scope), scope.ToString()));
                    }
                }

                gvMyServices.DataSource = (util.GetIntParam(Request, "a", 0) != 0 && MyFlightbook.Profile.GetUser(Page.User.Identity.Name).CanSupport) ? MFBOauth2Client.GetAvailableClients() : OwnedClients;
                gvMyServices.DataBind();
            }
            else
            {
                mvServices.SetActiveView(vwGuest);
            }
        }
    }
Exemple #2
0
    protected void gvMyServices_RowUpdating(object sender, GridViewUpdateEventArgs e)
    {
        if (e == null)
        {
            throw new ArgumentNullException("e");
        }

        MFBOauth2Client client = new List <MFBOauth2Client>(OwnedClients)[e.RowIndex];

        client.ClientSecret = (string)e.NewValues["ClientSecret"];
        client.ClientName   = (string)e.NewValues["ClientName"];
        client.Callback     = (string)e.NewValues["Callback"];
        client.Scope        = (string)e.NewValues["Scope"];
        try
        {
            MFBOauthServer.ScopesFromString(client.Scope);  // will throw an exception for an invalid scope.
            client.Commit();
            gvMyServices.EditIndex  = -1;
            OwnedClients            = null; // force a refresh.
            gvMyServices.DataSource = OwnedClients;
            gvMyServices.DataBind();
        }
        catch (UnauthorizedAccessException ex)
        {
            lblErrGV.Text = ex.Message;
        }
        catch (MyFlightbookValidationException ex)
        {
            lblErrGV.Text = ex.Message;
        }
        catch (ArgumentOutOfRangeException ex)
        {
            lblErrGV.Text = ex.Message;
        }
    }
    protected void Page_Load(object sender, EventArgs e)
    {
        if (!IsPostBack)
        {
            Master.SelectedTab = tabID.tabHome;

            if (Page.User.Identity.IsAuthenticated)
            {
                mvServices.SetActiveView(vwAuthenticated);

                foreach (MFBOAuthScope scope in Enum.GetValues(typeof(MFBOAuthScope)))
                {
                    if (scope != MFBOAuthScope.none)
                    {
                        cklScopes.Items.Add(new ListItem(MFBOauthServer.ScopeDescription(scope), scope.ToString()));
                    }
                }

                gvMyServices.DataSource = AdminMode ? MFBOauth2Client.GetAvailableClients() : OwnedClients;
                gvMyServices.DataBind();
            }
            else
            {
                mvServices.SetActiveView(vwGuest);
            }
        }
    }
Exemple #4
0
    protected void Page_Load(object sender, EventArgs e)
    {
        try
        {
            if (!Request.IsSecureConnection)
            {
                throw new HttpException((int)HttpStatusCode.Forbidden, Resources.LocalizedText.oAuthErrNotSecure);
            }

            if (!IsPostBack)
            {
                if ((m_pendingRequest = this.authorizationServer.ReadAuthorizationRequest()) == null)
                {
                    throw new HttpException((int)HttpStatusCode.BadRequest, Resources.LocalizedText.oAuthErrMissingRequest);
                }

                MFBOauth2Client client = (MFBOauth2Client)authorizationServer.AuthorizationServerServices.GetClient(m_pendingRequest.ClientIdentifier);

                if (Uri.Compare(m_pendingRequest.Callback, new Uri(client.Callback), UriComponents.HostAndPort | UriComponents.PathAndQuery, UriFormat.UriEscaped, StringComparison.CurrentCultureIgnoreCase) != 0)
                {
                    throw new HttpException((int)HttpStatusCode.BadRequest, Resources.LocalizedText.oAuthErrBadRedirectURL);
                }

                HashSet <string> allowedScopes = OAuthUtilities.SplitScopes(client.Scope);

                if (!m_pendingRequest.Scope.IsSubsetOf(allowedScopes))
                {
                    throw new HttpException((int)HttpStatusCode.BadRequest, Resources.LocalizedText.oAuthErrUnauthorizedScopes);
                }

                IEnumerable <MFBOAuthScope> requestedScopes = MFBOauthServer.ScopesFromStrings(m_pendingRequest.Scope);

                // See if there are any scopes that are requested that are not allowed.

                IEnumerable <string> lstScopes = MFBOauthServer.ScopeDescriptions(requestedScopes);
                mvScopesRequested.SetActiveView(lstScopes.Count() == 0 ? vwNoScopes : vwRequestedScopes);
                rptPermissions.DataSource = lstScopes;
                rptPermissions.DataBind();

                ViewState[szVSKeyPendingRequest] = m_pendingRequest;

                lblClientName.Text = client.ClientName;
            }
            else
            {
                m_pendingRequest = (EndUserAuthorizationRequest)ViewState[szVSKeyPendingRequest];
            }
        }
        catch (HttpException ex)
        {
            RejectWithError(ex.Message);
        }
        catch (MyFlightbook.MyFlightbookException ex)
        {
            lblErr.Text = ex.Message;
            mvAuthorize.SetActiveView(vwErr);
        }
    }
Exemple #5
0
    protected void btnAddClient_Click(object sender, EventArgs e)
    {
        Page.Validate("newClient");
        if (Page.IsValid)
        {
            List <string> lst = new List <string>();
            foreach (ListItem li in cklScopes.Items)
            {
                if (li.Selected)
                {
                    lst.Add(li.Value);
                }
            }
            string          szScopes = String.Join(",", lst);
            MFBOauth2Client client   = new MFBOauth2Client(txtClient.Text, txtSecret.Text, "https://" + txtCallback.Text, txtName.Text, szScopes, Page.User.Identity.Name);
            try
            {
                MFBOauthServer.ScopesFromString(szScopes); // will throw an exception for an invalid scope.
                client.Commit();                           // will throw any exception.
                OwnedClients            = null;            // force a refresh.
                gvMyServices.DataSource = OwnedClients;
                gvMyServices.DataBind();
                txtCallback.Text = txtClient.Text = txtName.Text = txtSecret.Text = string.Empty;
                foreach (ListItem li in cklScopes.Items)
                {
                    li.Selected = false;
                }
                Expando.ExpandoControl.Collapsed = true;

                util.NotifyAdminEvent("oAuth client created", String.Format(CultureInfo.CurrentCulture, "User: {0}, Name: {1}", Page.User.Identity.Name, client.ClientName), ProfileRoles.maskCanReport);
            }
            catch (UnauthorizedAccessException ex)
            {
                lblErr.Text = ex.Message;
            }
            catch (MyFlightbookValidationException ex)
            {
                lblErr.Text = ex.Message;
            }
            catch (ArgumentOutOfRangeException ex)
            {
                lblErr.Text = ex.Message;
            }
        }
    }
 protected void gvOAuthClients_RowDataBound(object sender, GridViewRowEventArgs e)
 {
     if (e == null)
     {
         throw new ArgumentNullException("e");
     }
     if (e.Row.RowType == DataControlRowType.DataRow)
     {
         MFBOauthClientAuth oauth = (MFBOauthClientAuth)e.Row.DataItem;
         if (oauth.Scope != null)
         {
             IEnumerable <string> lstScopes = MFBOauthServer.ScopeDescriptions(MFBOauthServer.ScopesFromString(oauth.Scope));
             ((MultiView)e.Row.FindControl("mvScopesRequested")).SetActiveView(lstScopes.Count() == 0 ? ((View)e.Row.FindControl("vwNoScopes")) : ((View)e.Row.FindControl("vwRequestedScopes")));
             Repeater rpt = (Repeater)e.Row.FindControl("rptPermissions");
             rpt.DataSource = lstScopes;
             rpt.DataBind();
         }
     }
 }
        protected void Page_Load(object sender, EventArgs e)
        {
            try
            {
                if (!Request.IsSecureConnection)
                {
                    throw new HttpException((int)HttpStatusCode.Forbidden, Resources.LocalizedText.oAuthErrNotSecure);
                }

                if (!IsPostBack)
                {
                    if ((m_pendingRequest = this.authorizationServer.ReadAuthorizationRequest()) == null)
                    {
                        throw new HttpException((int)HttpStatusCode.BadRequest, Resources.LocalizedText.oAuthErrMissingRequest);
                    }

                    MFBOauth2Client client = (MFBOauth2Client)authorizationServer.AuthorizationServerServices.GetClient(m_pendingRequest.ClientIdentifier);

                    bool fIsValidCallback = false;
                    foreach (string callback in client.Callbacks)
                    {
                        if (Uri.Compare(m_pendingRequest.Callback, new Uri(callback), UriComponents.HostAndPort | UriComponents.PathAndQuery, UriFormat.SafeUnescaped, StringComparison.CurrentCultureIgnoreCase) == 0)
                        {
                            fIsValidCallback = true;
                            break;
                        }
                    }
                    if (!fIsValidCallback)
                    {
                        throw new HttpException((int)HttpStatusCode.BadRequest, String.Format(System.Globalization.CultureInfo.CurrentCulture, Resources.LocalizedText.oAuthErrBadRedirectURL, m_pendingRequest.Callback.ToString()));
                    }

                    HashSet <string> allowedScopes = OAuthUtilities.SplitScopes(client.Scope);

                    if (!m_pendingRequest.Scope.IsSubsetOf(allowedScopes))
                    {
                        throw new HttpException((int)HttpStatusCode.BadRequest, Resources.LocalizedText.oAuthErrUnauthorizedScopes);
                    }

                    IEnumerable <MFBOAuthScope> requestedScopes = MFBOauthServer.ScopesFromStrings(m_pendingRequest.Scope);

                    // See if there are any scopes that are requested that are not allowed.

                    IEnumerable <string> lstScopes = MFBOauthServer.ScopeDescriptions(requestedScopes);
                    mvScopesRequested.SetActiveView(!lstScopes.Any() ? vwNoScopes : vwRequestedScopes);
                    rptPermissions.DataSource = lstScopes;
                    rptPermissions.DataBind();

                    ViewState[szVSKeyPendingRequest] = m_pendingRequest;

                    lblClientName.Text = HttpUtility.HtmlEncode(client.ClientName);
                }
                else
                {
                    m_pendingRequest = (EndUserAuthorizationRequest)ViewState[szVSKeyPendingRequest];
                }
            }
            catch (Exception ex) when(ex is HttpException || ex is ProtocolException || ex is ProtocolFaultResponseException || ex is MyFlightbook.MyFlightbookException)
            {
                lblErr.Text = ex.Message;
                mvAuthorize.SetActiveView(vwErr);
            }
        }