public ChangesPushContent(RavenDbApiController controller)
		{
			Connected = true;
			Id = controller.GetQueryStringValue("id");
			if (string.IsNullOrEmpty(Id))
				throw new ArgumentException("Id is mandatory");
		}
Esempio n. 2
0
		public void InitializeFrom(RavenDbApiController other)
		{
			DatabaseName = other.DatabaseName;
			queryFromPostRequest = other.queryFromPostRequest;
			Configuration = other.Configuration;
			ControllerContext = other.ControllerContext;
			ActionContext = other.ActionContext;
		}
Esempio n. 3
0
 public void InitializeFrom(RavenDbApiController other)
 {
     DatabaseName         = other.DatabaseName;
     queryFromPostRequest = other.queryFromPostRequest;
     Configuration        = other.Configuration;
     ControllerContext    = other.ControllerContext;
     ActionContext        = other.ActionContext;
 }
Esempio n. 4
0
		public IPrincipal GetUser(RavenDbApiController controller, bool hasApiKey)
		{
			var token = GetToken(controller);

			if (token == null)
			{
				WriteAuthorizationChallenge(controller, hasApiKey ? 412 : 401, "invalid_request", "The access token is required");

				return null;
			}

			AccessTokenBody tokenBody;
			if (!AccessToken.TryParseBody(controller.DatabasesLandlord.SystemConfiguration.OAuthTokenKey, token, out tokenBody))
			{
				WriteAuthorizationChallenge(controller, 401, "invalid_token", "The access token is invalid");

				return null;
			}

			return new OAuthPrincipal(tokenBody, null);
		}
		public IPrincipal GetUser(RavenDbApiController controller)
		{
			Func<HttpResponseMessage> onRejectingRequest;
			var databaseName = controller.DatabaseName ?? Constants.SystemDatabase;
			var userCreated = TryCreateUser(controller, databaseName, out onRejectingRequest);
			if (userCreated == false)
				onRejectingRequest();
			return userCreated ? controller.User : null;
		}
		public List<string> GetApprovedResources(IPrincipal user, RavenDbApiController controller, string[] databases)
		{
			var authHeader = controller.GetHeader("Authorization");

			List<string> approved;
			if (string.IsNullOrEmpty(authHeader) == false && authHeader.StartsWith("Bearer "))
				approved = oAuthRequestAuthorizer.GetApprovedResources(user);
			else
				approved = windowsRequestAuthorizer.GetApprovedResources(user);

			if (approved.Contains("*"))
				return databases.ToList();

			return approved;
		}
	    public IPrincipal GetUser(RavenDbApiController controller)
		{
            if (controller.WasAlreadyAuthorizedUsingSingleAuthToken)
            {
                return controller.User;
            }

			var hasApiKey = "True".Equals(controller.GetQueryStringValue("Has-Api-Key"), StringComparison.CurrentCultureIgnoreCase);
			var authHeader = controller.GetHeader("Authorization");
			var hasOAuthTokenInCookie = controller.HasCookie("OAuth-Token");
			if (hasApiKey || hasOAuthTokenInCookie ||
				string.IsNullOrEmpty(authHeader) == false && authHeader.StartsWith("Bearer "))
			{
				return oAuthRequestAuthorizer.GetUser(controller, hasApiKey);
			}
			return windowsRequestAuthorizer.GetUser(controller);
		}
Esempio n. 8
0
		public ConnectionState For(string id, RavenDbApiController controller = null)
		{
			return connections.GetOrAdd(id, _ =>
			{
				IEventsTransport eventsTransport = null;
				if (controller != null)
					eventsTransport = new ChangesPushContent(controller);
				
				var connectionState = new ConnectionState(eventsTransport);
				TimeSensitiveStore.Missing(id);
				return connectionState;
			});
		}
		public string GenerateSingleUseAuthToken(DocumentDatabase db, IPrincipal user, RavenDbApiController controller)
		{
			var token = new OneTimeToken
			{
				DatabaseName = controller.DatabaseName,
				GeneratedAt = SystemTime.UtcNow,
				User = user
			};
			var tokenString = Guid.NewGuid().ToString();

			singleUseAuthTokens.TryAdd(tokenString, token);

			if (singleUseAuthTokens.Count > 25)
			{
				foreach (var oneTimeToken in singleUseAuthTokens.Where(x => (x.Value.GeneratedAt - SystemTime.UtcNow).TotalMinutes > 5))
				{
					OneTimeToken value;
					singleUseAuthTokens.TryRemove(oneTimeToken.Key, out value);
				}
			}

			return tokenString;
		}