public HttpResponseMessage Update() { JavaScriptSerializer jsonSer = new JavaScriptSerializer(); string json = Request.Content.ReadAsStringAsync().Result; APIUser apiUser; try { apiUser = jsonSer.Deserialize <APIUser>(json); } catch (Exception ex) { return(Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Deserialization failure.")); } try { apiUser = APIUserManager.Update(apiUser); } catch (Exception ex) { return(Request.CreateErrorResponse(HttpStatusCode.InternalServerError, "Failed to update API user.")); } return(Request.CreateResponse(HttpStatusCode.OK, apiUser)); }
public HttpResponseMessage GetAll() { List <APIUser> apiUsers = APIUserManager.GetAll().ToList(); foreach (APIUser apiUser in apiUsers) { apiUser.APIKey = string.Format("****************************{0}", apiUser.APIKey.Substring(apiUser.APIKey.Length - 4)); apiUser.EncryptionKey = string.Format("****************************{0}", apiUser.EncryptionKey.Substring(apiUser.EncryptionKey.Length - 4)); } return(Request.CreateResponse(HttpStatusCode.OK, apiUsers)); }
public async Task <HttpResponseMessage> AddPackages(string sessionGuid) { if (!SessionManager.SessionExists(sessionGuid)) { // Session doesn't exist. return(Request.CreateErrorResponse(HttpStatusCode.NotFound, "Invalid session.")); } try { // Does the request contain multipart/form-data? if (!Request.Content.IsMimeMultipartContent()) { throw new HttpResponseException(HttpStatusCode.UnsupportedMediaType); } // Get the api key from the header. string apiKey = Request.Headers.GetValues("x-api-key").FirstOrDefault(); // Get the api user. APIUser apiUser = APIUserManager.FindAndPrepare(apiKey); // Receive files. MultipartMemoryStreamProvider provider = await Request.Content.ReadAsMultipartAsync(); foreach (HttpContent file in provider.Contents) { EventLogManager.Log("httpcontent filename: ", EventLogSeverity.Warning, "hard coded", null); //EventLogManager.Log("httpcontent filename: ", EventLogSeverity.Warning, file.Headers.ContentDisposition.FileName.ToString(), null); //string filename = file.Headers.ContentDisposition.FileName.Replace("\"", ""); string filename = "DonorsTrust_Install.zip"; using (MemoryStream ms = new MemoryStream(await file.ReadAsByteArrayAsync())) { EventLogManager.Log("MemoryStream ms length: ", EventLogSeverity.Warning, ms.Length.ToString(), null); EventLogManager.Log("apiUser.EncryptionKey: ", EventLogSeverity.Warning, apiUser.EncryptionKey.ToString(), null); using (Stream ds = Crypto.Decrypt(ms, apiUser.EncryptionKey)) { SessionManager.AddPackage(sessionGuid, ds, filename); } } } } catch (Exception ex) { EventLogManager.Log("REMOTE_EXCEPTION", EventLogSeverity.Warning, null, ex); return(Request.CreateErrorResponse(HttpStatusCode.InternalServerError, ex.Message)); } return(Request.CreateResponse(HttpStatusCode.Created)); }
public HttpResponseMessage Create(string name, bool bypass = false) { // Check we have a name. if (string.IsNullOrEmpty(name)) { return(Request.CreateResponse(HttpStatusCode.BadRequest)); } // Create user. APIUser apiUser = APIUserManager.Create(name, bypass); return(Request.CreateResponse(HttpStatusCode.Created, apiUser)); }
public HttpResponseMessage GetAll() { List <APIUser> apiUsers = APIUserManager.GetAll().ToList(); // Loop and remove sensitive information. foreach (APIUser apiUser in apiUsers) { apiUser.APIKey_Sha = null; apiUser.EncryptionKey_Enc = null; apiUser.Salt = null; } return(Request.CreateResponse(HttpStatusCode.OK, apiUsers)); }
public override void OnActionExecuting(HttpActionContext actionContext) { base.OnActionExecuting(actionContext); bool authenticated = false; string message = "Access denied."; string apiKey = null; try { // Is there an api key header present? if (actionContext.Request.Headers.Contains("x-api-key")) { // Get the api key from the header. apiKey = actionContext.Request.Headers.GetValues("x-api-key").FirstOrDefault(); // Make sure it's not null and it's 32 characters or we're wasting our time. if (apiKey != null && apiKey.Length == 32) { // Attempt to look up the api user. APIUser apiUser = APIUserManager.GetByAPIKey(apiKey); // Did we find one and double check the api key. if (apiUser != null && apiUser.APIKey == apiKey) { // Genuine API user. authenticated = true; } } } } catch (Exception ex) { // Set appropriate message. message = "An error occurred while trying to authenticate this request."; EventLogManager.Log("AUTH_EXCEPTION", EventLogSeverity.Info, null, ex); } // If authentication failure occurs, return a response without carrying on executing actions. if (!authenticated) { EventLogManager.Log("AUTH_BAD_APIKEY", EventLogSeverity.Warning, string.Format("Authentication failed for API key: {0}.", apiKey)); actionContext.Response = actionContext.Request.CreateErrorResponse(HttpStatusCode.Forbidden, message); } }
public override void OnActionExecuting(HttpActionContext actionContext) { base.OnActionExecuting(actionContext); bool authenticated = false; string message = "Access denied."; string apiKey = null; try { apiKey = actionContext.Request.GetApiKey(); EventLogManager.Log("api-key is", EventLogSeverity.Info, apiKey); // Make sure it's not null and it's 32 characters or we're wasting our time. if (apiKey != null && apiKey.Length == 32) { EventLogManager.Log("Find APIUSER using key", EventLogSeverity.Info, apiKey); // Attempt to look up the api user. APIUser apiUser = APIUserManager.FindAndPrepare(apiKey); EventLogManager.Log("APIUSER.prepared ", EventLogSeverity.Info, apiUser.Prepared.ToString()); // Did we find one and is it ready to use? if (apiUser != null && apiUser.Prepared) { EventLogManager.Log("Authenticated URI: ", EventLogSeverity.Info, "True: " + actionContext.Request.RequestUri); // Genuine API user. authenticated = true; } } } catch (Exception ex) { // Set appropriate message. message = "An error occurred while trying to authenticate this request."; EventLogManager.Log("AUTH_EXCEPTION", EventLogSeverity.Info, null, ex); } // If authentication failure occurs, return a response without carrying on executing actions. if (!authenticated) { EventLogManager.Log("AUTH_BAD_APIKEY", EventLogSeverity.Warning, string.Format("Authentication failed for API key: {0}.", apiKey)); actionContext.Response = actionContext.Request.CreateErrorResponse(HttpStatusCode.Forbidden, message); } }
public HttpResponseMessage Delete(int id) { APIUser apiUser = APIUserManager.GetById(id); if (apiUser == null) { return(Request.CreateErrorResponse(HttpStatusCode.NotFound, "API user not found.")); } try { APIUserManager.Delete(apiUser); } catch (Exception ex) { return(Request.CreateErrorResponse(HttpStatusCode.InternalServerError, "Failed to delete API user.")); } return(Request.CreateResponse(HttpStatusCode.NoContent)); }
public override void OnActionExecuting(HttpActionContext actionContext) { base.OnActionExecuting(actionContext); // Get whitelist state. bool whitelistDisabled; try { // Attempt to retrieve disabled state. whitelistDisabled = SettingManager.GetSetting("WHITELIST", "STATE").Value.ToLower() == "false"; } catch (SettingNotFoundException ex) { // Setting not set, default to off. whitelistDisabled = true; } // Get api user. string apiKey = actionContext.Request.GetApiKey(); APIUser apiUser = APIUserManager.GetByAPIKey(apiKey); // Is the whitelist disabled or does the api user have permission to // bypass it? if (whitelistDisabled || (apiUser != null && apiUser.BypassIPWhitelist)) { // No need to perform whitelisting checks, return early. return; } bool authenticated = false; string message = "Access denied."; string forwardingAddress = null; string clientIpAddress = null; try { // There is a strong possibility that this is not the ip address of the machine // that sent the request. Being behind a load balancer with transparancy switched // off or being served through CloudFlare will both affect this value. clientIpAddress = HttpContext.Current.Request.UserHostAddress; // We need to get the X-Forwarded-For header from the request, if this is set we // should use it instead of the ip address from the request. string forwardedFor = HttpContext.Current.Request.Headers.Get("X-Forwarded-For"); // Forwarded for set? if (forwardedFor != null) { forwardingAddress = clientIpAddress; clientIpAddress = forwardedFor; } // Got the ip address? if (!string.IsNullOrEmpty(clientIpAddress)) { // Is it whitelisted or localhost? if (IPSpecManager.IsWhitelisted(clientIpAddress) || clientIpAddress.Equals("127.0.0.1")) { authenticated = true; } } } catch (Exception ex) { // Set appropriate message. message = "An error occurred while trying to authenticate this request."; EventLogManager.Log("AUTH_EXCEPTION", EventLogSeverity.Info, null, ex); } // If authentication failure occurs, return a response without carrying on executing actions. if (!authenticated) { string log = string.Format("Whitelist check failed for IP address: {0}.", clientIpAddress); // Was it forwarded? if (forwardingAddress != null) { log = string.Format("Whitelist check failed for IP address: {0}, forwarded by: {1}.", clientIpAddress, forwardingAddress); } EventLogManager.Log("AUTH_BAD_IPADDRESS", EventLogSeverity.Warning, log); actionContext.Response = actionContext.Request.CreateErrorResponse(HttpStatusCode.Forbidden, message); } }