//
// Summary:
// Writes an opening <form> tag to the response using the specified routing information.
//
// Parameters:
// ajaxHelper:
// The AJAX helper.
//
// routeName:
// The name of the route to use to obtain the form post URL.
//
// routeValues:
// An object that contains the parameters for a route.
//
// ajaxOptions:
// An object that provides options for the asynchronous request.
//
// htmlAttributes:
// An object that contains the HTML attributes to set for the element.
//
// Returns:
// An opening <form> tag.
public static MvcForm BeginSecureRouteForm(this AjaxHelper ajaxHelper, string routeName, RouteValueDictionary routeValues, AjaxOptions ajaxOptions, IDictionary <string, object> htmlAttributes)
{
var form = ajaxHelper.BeginForm(routeName, routeValues, ajaxOptions, htmlAttributes);
ajaxHelper.ViewContext.Writer.Write(AntiForgery.GetHtml());
return(form);
}
//
// Summary:
// Writes an opening <form> tag to the response.
//
// Parameters:
// ajaxHelper:
// The AJAX helper.
//
// actionName:
// The name of the action method that will handle the request.
//
// routeValues:
// An object that contains the parameters for a route. The parameters are retrieved
// through reflection by examining the properties of the object. This object is
// typically created by using object initializer syntax.
//
// ajaxOptions:
// An object that provides options for the asynchronous request.
//
// Returns:
// An opening <form> tag.
public static MvcForm BeginSecureForm(this AjaxHelper ajaxHelper, string actionName, object routeValues, AjaxOptions ajaxOptions)
{
var form = ajaxHelper.BeginForm(actionName, routeValues, ajaxOptions);
ajaxHelper.ViewContext.Writer.Write(AntiForgery.GetHtml());
return(form);
}
public void Begin()
{
_writer.Write("<form action='' class='form-horizontal' data-ajax='true' method='POST'>");
_writer.Write("<fieldset>");
_writer.Write("<div data-msg></div>");
_writer.Write(AntiForgery.GetHtml().ToString());
}
//
// Summary:
// Writes an opening <form> tag to the response using the specified routing information.
//
// Parameters:
// ajaxHelper:
// The AJAX helper.
//
// routeName:
// The name of the route to use to obtain the form post URL.
//
// ajaxOptions:
// An object that provides options for the asynchronous request.
//
// Returns:
// An opening <form> tag.
public static MvcForm BeginSecureRouteForm(this AjaxHelper ajaxHelper, string routeName, AjaxOptions ajaxOptions)
{
var form = ajaxHelper.BeginForm(routeName, ajaxOptions);
ajaxHelper.ViewContext.Writer.Write(AntiForgery.GetHtml());
return(form);
}
public void GetHtml_ThrowsWhenNotCalledInWebContext()
{
Assert.Throws <ArgumentException>(
() => AntiForgery.GetHtml(),
"An HttpContext is required to perform this operation. Check that this operation is being performed during a web request."
);
}
public JsonResult Logoff(string sContactEmail)
{
bool bGoodToLogOff =
string.IsNullOrWhiteSpace(sContactEmail) || (
User.Identity.IsAuthenticated &&
(User.Identity.Name == sContactEmail) &&
(UiOrigin == SessionUiOrigin)
);
if (bGoodToLogOff)
{
this.m_oHelper.Logoff(User.Identity.Name, HttpContext);
return(new BrokerForJsonResult {
antiforgery_token = AntiForgery.GetHtml().ToString(),
});
} // if
ms_oLog.Warn(
"Log off request with contact email {0} while {1} logged in.",
sContactEmail,
User.Identity.IsAuthenticated
? "broker " + User.Identity.Name + " with origin " + SessionUiOrigin + " is"
: "not"
);
return(new BrokerForJsonResult(bExplicitSuccess: false));
} // Logoff
public override void Render(Context context, TextWriter result)
{
var formName = (context[_formName] ?? _formName).ToString();
string actionUrl;
if (_formsMap.TryGetValue(formName, out actionUrl))
{
var themeEngine = (ShopifyLiquidThemeEngine)Template.FileSystem;
var qs = HttpUtility.ParseQueryString(themeEngine.WorkContext.RequestUrl.Query);
var returnUrl = qs["ReturnUrl"];
var actionAbsoluteUrl = themeEngine.UrlBuilder.ToAppAbsolute(actionUrl, themeEngine.WorkContext.CurrentStore, themeEngine.WorkContext.CurrentLanguage);
if (!string.IsNullOrEmpty(returnUrl))
{
actionAbsoluteUrl += string.Concat("?ReturnUrl=", HttpUtility.UrlEncode(returnUrl));
}
result.WriteLine("<form accept-charset=\"UTF-8\" action=\"{0}\" method=\"post\" id=\"{1}\">",
HttpUtility.HtmlAttributeEncode(actionAbsoluteUrl),
HttpUtility.HtmlAttributeEncode(formName));
// add anti forgery token
result.WriteLine(AntiForgery.GetHtml());
RenderAll(NodeList, context, result);
result.WriteLine("</form>");
}
else
{
throw new SyntaxException(string.Concat("Unknow form type ", _formName));
}
}
public JsonResult Login(string LoginEmail, string LoginPassword)
{
ms_oLog.Debug("Broker login request: {0}", LoginEmail);
if (User.Identity.IsAuthenticated)
{
ms_oLog.Warn(
"Login request with contact email {0}: already authorized as {1}.",
LoginEmail,
User.Identity.Name
);
return(new BrokerForJsonResult("You are already logged in."));
} // if
BrokerProperties bp = this.m_oHelper.TryLogin(LoginEmail, LoginPassword, null, null);
if (bp == null)
{
return(new BrokerForJsonResult("Failed to log in."));
}
ms_oLog.Debug("Broker login succeeded for: {0}", LoginEmail);
return(new PropertiesBrokerForJsonResult(oProperties: bp)
{
antiforgery_token = AntiForgery.GetHtml().ToString()
});
} // Login
public static string GenerateAntiForgeryToken()
{
var html = AntiForgery.GetHtml().ToString();
var htmlNode = HtmlNode.CreateNode(html);
var tokenAttr = htmlNode.Attributes["value"];
return(tokenAttr.Value);
}
public void RegisterAjaxAntiForgery(Page page)
{
var ctl = page.FindControl("ClientResourcesFormBottom");
if (ctl != null)
{
ctl.Controls.Add(new LiteralControl(AntiForgery.GetHtml().ToHtmlString()));
}
}
/// <summary>
/// Generates a hidden form field (anti-forgery token) that is validated when the form is submitted.
/// </summary>
/// <returns>The generated form field (anti-forgery token).</returns>
/// <remarks>
/// The anti-forgery token can be used to help protect your application against cross-site request
/// forgery. To use this feature, call the RequestVerificationToken method from a form and add the
/// <see cref="ValidateRequestVerificationTokenAttribute"/> attribute to the action method that you
/// want to protect setting <see cref="ValidateRequestVerificationTokenAttribute.FormValidation"/>
/// to <c>true</c>, for example:
/// <code>
/// [HttpPost]
/// [ValidateRequestVerificationToken(FormValidation = true)]
/// [SuppressMessage("Security", "SG0016", Justification = "CSRF vulnerability handled via ValidateRequestVerificationToken.")]
/// public void ImportData(CancellationToken cancellationToken)
/// {
/// PostData postData = Request.GetPostData();
/// string myFieldValue = postData.FormData["MyField"];
/// }
/// </code>
/// </remarks>
public IEncodedString RequestVerificationToken()
{
HttpResponseMessage response = m_parent.ViewBag.Response;
if ((object)response == null)
{
throw new NullReferenceException("HttpResponseMessage not found in ViewBag.Response, cannot generate anti-forgery token.");
}
return(new RawString(AntiForgery.GetHtml(response)));
}
private string AntiForgeryToken()
{
if (_antiForgeryToken != null)
{
return(_antiForgeryToken);
}
var tag = AntiForgery.GetHtml().ToString();
_antiForgeryToken = GetAttribute(tag, "value");
return(_antiForgeryToken);
}
public HtmlString GetAntiForgeryToken()
{
try
{
return(AntiForgery.GetHtml());
}
catch (Exception exception)
{
ADXTrace.Instance.TraceError(TraceCategory.Application, string.Format("Failed to generate csrf token: {0}", exception.ToString()));
throw new SecurityException("Failed to generate csrf token for validation");
}
}
public override void TransformPlaceholderElement(TransformPlaceholderElementPipelineArgs args)
{
if (!(args.Element is ExtensibleRenderedJsonRendering extensibleRendering))
{
return;
}
if (!ShouldAddAntiForgeryToken(extensibleRendering))
{
return;
}
var antiForgeryTokenHtml = AntiForgery.GetHtml();
var(name, value) = ParseAntiForgeryToken(antiForgeryTokenHtml);
args.Result.antiForgeryToken = new
{
name,
value
};
}
protected override void Dispose(bool disposing)
{
if (this._disposed)
{
return;
}
this._disposed = true;
//Detect if the call is targeting UmbRegisterController/UmbProfileController/UmbLoginStatusController/UmbLoginController and if it is we automatically output a AntiForgeryToken()
// We have a controllerName and area so we can match
if (_controllerName == "UmbRegister" ||
_controllerName == "UmbProfile" ||
_controllerName == "UmbLoginStatus" ||
_controllerName == "UmbLogin")
{
_viewContext.Writer.Write(AntiForgery.GetHtml().ToString());
}
//write out the hidden surface form routes
_viewContext.Writer.Write("<input name='ufprt' type='hidden' value='" + _encryptedString + "' />");
base.Dispose(disposing);
}
public override void Execute()
{
WriteLiteral("\r\n\r\n");
#line 4 "..\..\packages\PackageSources.cshtml"
// Setup layout
var currentPage = Href(PageUtils.GetPageVirtualPath("PackageSources"));
PageData["BreadCrumbs"].Add(Tuple.Create(PackageManagerResources.ManageSourcesTitle, currentPage));
Page.Desc = PackageManagerResources.ManageSourcesDesc;
Page.SectionTitle = PackageManagerResources.ManageSourcesTitle;
if (IsPost)
{
AntiForgery.Validate();
var action = Request.Form["action"];
var sourceUrl = Request.Form["sourceUrl"];
var sourceName = Request.Form["sourceName"];
try {
if (action.Equals(PackageManagerResources.AddPackageSourceLabel, StringComparison.OrdinalIgnoreCase))
{
ModelState.SetModelValue("sourceName", sourceName);
ModelState.SetModelValue("sourceUrl", sourceUrl);
Uri url;
if (!Uri.TryCreate(sourceUrl, UriKind.Absolute, out url))
{
ModelState.AddError("sourceUrl", PackageManagerResources.Validation_InvalidPackageSourceUrl);
}
else if (!PackageManagerModule.AddPackageSource(source: sourceUrl, name: sourceName))
{
ModelState.AddError("sourceName", PackageManagerResources.Validation_PackageSourceAlreadyExists);
}
else
{
// The feed was successfully added. Clear the model state.
ModelState.Clear();
}
}
else if (action.Equals(PackageManagerResources.DeleteLabel, StringComparison.OrdinalIgnoreCase))
{
PackageManagerModule.RemovePackageSource(sourceName);
}
else if (action.Equals(PackageManagerResources.RestoreDefaultSources, StringComparison.OrdinalIgnoreCase))
{
foreach (var packageSource in PackageManagerModule.DefaultSources)
{
PackageManagerModule.AddPackageSource(packageSource);
}
}
} catch (UnauthorizedAccessException) {
#line default
#line hidden
WriteLiteral(" <div class=\"message error\">\r\n ");
#line 42 "..\..\packages\PackageSources.cshtml"
Write(String.Format(CultureInfo.CurrentCulture, PackageManagerResources.PackageSourceFileInstructions, PackageManagerModule.PackageSourceFilePath));
#line default
#line hidden
WriteLiteral("\r\n </div>\r\n");
#line 44 "..\..\packages\PackageSources.cshtml"
}
}
var numSources = PackageManagerModule.PackageSources.Count();
#line default
#line hidden
WriteLiteral("\r\n");
#line 50 "..\..\packages\PackageSources.cshtml"
Write(Html.ValidationSummary(excludeFieldErrors: true));
#line default
#line hidden
WriteLiteral("\r\n\r\n<table id=\"feeds\">\r\n<thead>\r\n <tr>\r\n <th scope=\"col\">");
#line 55 "..\..\packages\PackageSources.cshtml"
Write(PackageManagerResources.SourceNameLabel);
#line default
#line hidden
WriteLiteral("</th>\r\n <th scope=\"col\">");
#line 56 "..\..\packages\PackageSources.cshtml"
Write(PackageManagerResources.SourceUrlLabel);
#line default
#line hidden
WriteLiteral("</th>\r\n <th></th>\r\n </tr>\r\n</thead>\r\n<tbody> \r\n");
#line 61 "..\..\packages\PackageSources.cshtml"
foreach (var source in PackageManagerModule.PackageSources)
{
#line default
#line hidden
WriteLiteral(" <tr>\r\n <td>");
#line 63 "..\..\packages\PackageSources.cshtml"
Write(source.Name);
#line default
#line hidden
WriteLiteral("</td>\r\n <td><a href=\"");
#line 64 "..\..\packages\PackageSources.cshtml"
Write(source.Source);
#line default
#line hidden
WriteLiteral("\">");
#line 64 "..\..\packages\PackageSources.cshtml"
Write(source.Source);
#line default
#line hidden
WriteLiteral("</a></td>\r\n <td>\r\n");
#line 66 "..\..\packages\PackageSources.cshtml"
if (numSources > 1)
{
#line default
#line hidden
WriteLiteral(" <form method=\"post\" action=\"\">\r\n <input type=\"" +
"hidden\" name=\"sourceName\" value=\"");
#line 68 "..\..\packages\PackageSources.cshtml"
Write(source.Name);
#line default
#line hidden
WriteLiteral("\" />\r\n <input type=\"submit\" name=\"action\" value=\"");
#line 69 "..\..\packages\PackageSources.cshtml"
Write(PackageManagerResources.DeleteLabel);
#line default
#line hidden
WriteLiteral("\" />\r\n ");
#line 70 "..\..\packages\PackageSources.cshtml"
Write(AntiForgery.GetHtml());
#line default
#line hidden
WriteLiteral("\r\n </form>\r\n");
#line 72 "..\..\packages\PackageSources.cshtml"
}
#line default
#line hidden
WriteLiteral(" </td>\r\n </tr>\r\n");
#line 75 "..\..\packages\PackageSources.cshtml"
}
#line default
#line hidden
WriteLiteral("</tbody>\r\n</table>\r\n<br />\r\n<form method=\"post\" action=\"\">\r\n");
#line 80 "..\..\packages\PackageSources.cshtml"
Write(AntiForgery.GetHtml());
#line default
#line hidden
WriteLiteral("\r\n<fieldset>\r\n <legend>");
#line 82 "..\..\packages\PackageSources.cshtml"
Write(PackageManagerResources.AddPackageSourceLabel);
#line default
#line hidden
WriteLiteral("</legend>\r\n <ol>\r\n <li>\r\n <label for=\"feedName\">");
#line 85 "..\..\packages\PackageSources.cshtml"
Write(PackageManagerResources.SourceNameLabel);
#line default
#line hidden
WriteLiteral(":</label>\r\n ");
#line 86 "..\..\packages\PackageSources.cshtml"
Write(Html.TextBox("sourceName"));
#line default
#line hidden
WriteLiteral(" ");
#line 86 "..\..\packages\PackageSources.cshtml"
Write(Html.ValidationMessage("sourceName"));
#line default
#line hidden
WriteLiteral("\r\n </li>\r\n <li>\r\n <label for=\"feedUrl\">");
#line 89 "..\..\packages\PackageSources.cshtml"
Write(PackageManagerResources.SourceUrlLabel);
#line default
#line hidden
WriteLiteral(":</label>\r\n ");
#line 90 "..\..\packages\PackageSources.cshtml"
Write(Html.TextBox("sourceUrl"));
#line default
#line hidden
WriteLiteral(" ");
#line 90 "..\..\packages\PackageSources.cshtml"
Write(Html.ValidationMessage("sourceUrl"));
#line default
#line hidden
WriteLiteral("\r\n </li>\r\n </ol>\r\n <p class=\"form-actions\">\r\n \r\n <input ty" +
"pe=\"submit\" name=\"action\" class=\"long-input\" value=\"");
#line 95 "..\..\packages\PackageSources.cshtml"
Write(PackageManagerResources.AddPackageSourceLabel);
#line default
#line hidden
WriteLiteral("\" />\r\n </p>\r\n</fieldset>\r\n</form>\r\n\r\n");
#line 100 "..\..\packages\PackageSources.cshtml"
if (PackageManagerModule.DefaultSources.Intersect(PackageManagerModule.PackageSources).Count() != PackageManagerModule.DefaultSources.Count())
{
#line default
#line hidden
WriteLiteral(" <p>\r\n <form method=\"post\" action=\"\">\r\n ");
#line 104 "..\..\packages\PackageSources.cshtml"
Write(AntiForgery.GetHtml());
#line default
#line hidden
WriteLiteral("\r\n <fieldset class=\"no-border\"> \r\n <input type=\"submit" +
"\" name=\"action\" class=\"long-input\" value=\"");
#line 106 "..\..\packages\PackageSources.cshtml"
Write(PackageManagerResources.RestoreDefaultSources);
#line default
#line hidden
WriteLiteral("\" />\r\n </fieldset>\r\n </form>\r\n </p>\r\n");
#line 110 "..\..\packages\PackageSources.cshtml"
}
#line default
#line hidden
}
public MvcHtmlString AntiForgeryToken()
{
return(new MvcHtmlString(AntiForgery.GetHtml().ToString()));
}
public MvcHtmlString AntiForgeryToken(string salt, string domain, string path)
{
//Disabled to compile MVC3 with the newer System.Web.WebPages helpers
//return new MvcHtmlString(AntiForgery.GetHtml(ViewContext.HttpContext, salt, domain, path).ToString());
return(new MvcHtmlString(AntiForgery.GetHtml().ToString()));
}
public override void Execute()
{
WriteLiteral("\r\n\r\n");
WriteLiteral("\r\n");
DefineSection("PackageHead", () => {
WriteLiteral(" \r\n <script type=\"text/javascript\" src=\"");
Write(Href("scripts/PackageAction.js"));
WriteLiteral("\"></script>\r\n <noscript>");
Write(PackageManagerResources.JavascriptRequired);
WriteLiteral("</noscript>\r\n");
});
WriteLiteral("\r\n\r\n");
// Read from request
var packageId = Request["package"];
var version = Request["version"];
WebProjectManager projectManager;
try {
projectManager = new WebProjectManager(PackageManagerModule.ActiveSource.Source, PackageManagerModule.SiteRoot);
} catch (Exception exception) {
WriteLiteral(" <div class=\"error message\">");
Write(exception.Message);
WriteLiteral("</div>\r\n");
return;
}
IPackage package = projectManager.LocalRepository.FindPackage(packageId, version != null ? SemanticVersion.Parse(version) : null);
if (package == null)
{
ModelState.AddFormError(PackageManagerResources.BadRequest);
Write(Html.ValidationSummary());
return;
}
// Set up layout values
var packagesHomeUrl = Href(PageUtils.GetPackagesHome(), Request.Url.Query);
Page.SectionTitle = String.Format(CultureInfo.CurrentCulture, PackageManagerResources.UninstallPackageDesc, package.GetDisplayName());
if (IsPost)
{
AntiForgery.Validate();
bool removeDependencies = Request.Form["removeDependencies"].AsBool(false);
try {
projectManager.UninstallPackage(package, removeDependencies: removeDependencies);
} catch (Exception exception) {
ModelState.AddFormError(exception.Message);
}
if (ModelState.IsValid)
{
Response.Redirect(packagesHomeUrl + "&action-completed=Uninstall");
}
else
{
Write(Html.ValidationSummary(String.Format(CultureInfo.CurrentCulture, PackageManagerResources.PackageUninstallationError, package.GetDisplayName())));
}
return;
}
var encodedPackageName = Html.Encode(package.GetDisplayName());
WriteLiteral(" <h4>");
Write(Html.Raw(String.Format(CultureInfo.CurrentCulture, PackageManagerResources.AreYouSureUninstall, encodedPackageName)));
WriteLiteral("</h4>\r\n");
WriteLiteral("<form method=\"post\" action=\"\" id=\"submitForm\">\r\n<fieldset class=\"no-border\">\r\n " +
" ");
Write(AntiForgery.GetHtml());
WriteLiteral("\r\n <input type=\"hidden\" name=\"package\" value=\"");
Write(packageId);
WriteLiteral("\" />\r\n <input type=\"hidden\" name=\"version\" value=\"");
Write(version);
WriteLiteral("\" />\r\n");
if (package.Dependencies.Any())
{
WriteLiteral(" <div>\r\n <label><input type=\"checkbox\" name=\"removeDependencies" +
"\" value=\"true\" checked=\"checked\"/>");
Write(PackageManagerResources.RemoveDependencies);
WriteLiteral("</label>\r\n </div>\r\n");
WriteLiteral(" <br />\r\n");
}
WriteLiteral(" <input type=\"submit\" value=\"");
Write(PackageManagerResources.UninstallPackage);
WriteLiteral("\" />\r\n \r\n <input type=\"reset\" value=\"");
Write(PackageManagerResources.Cancel);
WriteLiteral("\" data-returnurl=\"");
Write(packagesHomeUrl);
WriteLiteral("\" />\r\n</fieldset>\r\n</form>");
}
public override void Execute()
{
WriteLiteral("\r\n\r\n");
WriteLiteral("\r\n");
DefineSection("PackageHead", () => {
WriteLiteral(" \r\n <script type=\"text/javascript\" src=\"");
#line 9 "..\..\packages\Install.cshtml"
Write(Href("scripts/PackageAction.js"));
#line default
#line hidden
WriteLiteral("\"></script>\r\n <noscript>");
#line 10 "..\..\packages\Install.cshtml"
Write(PackageManagerResources.JavascriptRequired);
#line default
#line hidden
WriteLiteral("</noscript>\r\n");
});
WriteLiteral("\r\n");
#line 12 "..\..\packages\Install.cshtml"
// Read params from request
var sourceName = Request["source"];
var packageId = Request["package"];
var version = Request["version"];
var packageSource = PageUtils.GetPackageSource(sourceName);
WebProjectManager projectManager;
try {
projectManager = new WebProjectManager(packageSource.Source, PackageManagerModule.SiteRoot);
} catch (Exception exception) {
#line default
#line hidden
WriteLiteral(" <div class=\"error message\">");
#line 24 "..\..\packages\Install.cshtml"
Write(exception.Message);
#line default
#line hidden
WriteLiteral("</div>\r\n");
#line 25 "..\..\packages\Install.cshtml"
return;
}
IPackage package = projectManager.SourceRepository.FindPackage(packageId, version != null ? SemanticVersion.Parse(version) : null);
if (package == null)
{
ModelState.AddFormError(PackageManagerResources.BadRequest);
#line default
#line hidden
#line 31 "..\..\packages\Install.cshtml"
Write(Html.ValidationSummary());
#line default
#line hidden
#line 31 "..\..\packages\Install.cshtml"
return;
}
Page.SectionTitle = String.Format(CultureInfo.CurrentCulture, PackageManagerResources.InstallPackageDesc, package.GetDisplayName());
var packagesHomeUrl = Href(PageUtils.GetPackagesHome(), Request.Url.Query);
if (IsPost)
{
AntiForgery.Validate();
try {
projectManager.InstallPackage(package);
} catch (Exception exception) {
ModelState.AddFormError(exception.Message);
}
if (ModelState.IsValid)
{
Response.Redirect(packagesHomeUrl + "&action-completed=Install");
}
else
{
#line default
#line hidden
#line 50 "..\..\packages\Install.cshtml"
Write(Html.ValidationSummary(String.Format(CultureInfo.CurrentCulture, PackageManagerResources.PackageInstallationError, package.GetDisplayName())));
#line default
#line hidden
#line 50 "..\..\packages\Install.cshtml"
return;
}
}
#line default
#line hidden
WriteLiteral("\r\n");
#line 56 "..\..\packages\Install.cshtml"
Write(RenderPage("_PackageDetails.cshtml", new Dictionary <string, object> {
{ "Package", package }
}));
#line default
#line hidden
WriteLiteral("\r\n\r\n");
#line 58 "..\..\packages\Install.cshtml"
var licensePackages = projectManager.GetPackagesRequiringLicenseAcceptance(package);
if (licensePackages.Any())
{
#line default
#line hidden
WriteLiteral(" <hr />\r\n");
WriteLiteral(" <ul>\r\n");
#line 63 "..\..\packages\Install.cshtml"
foreach (var licensePackage in licensePackages.Where(p => PageUtils.IsValidLicenseUrl(p.LicenseUrl)))
{
#line default
#line hidden
WriteLiteral(" <li>\r\n <strong>");
#line 65 "..\..\packages\Install.cshtml"
Write(licensePackage.Id);
#line default
#line hidden
WriteLiteral(" ");
#line 65 "..\..\packages\Install.cshtml"
Write(licensePackage.Version);
#line default
#line hidden
WriteLiteral("</strong> \r\n (");
#line 66 "..\..\packages\Install.cshtml"
Write(PackageManagerResources.AuthorsLabel);
#line default
#line hidden
WriteLiteral(": <span class=\"package-author\">");
#line 66 "..\..\packages\Install.cshtml"
Write(String.Join(PackageManagerResources.WordSeparator, licensePackage.Authors));
#line default
#line hidden
WriteLiteral("</span>)\r\n <br />\r\n <a href=\"");
#line 68 "..\..\packages\Install.cshtml"
Write(licensePackage.LicenseUrl);
#line default
#line hidden
WriteLiteral("\" target=\"_blank\">");
#line 68 "..\..\packages\Install.cshtml"
Write(PackageManagerResources.ViewLicenseTerms);
#line default
#line hidden
WriteLiteral("</a>\r\n </li>\r\n");
#line 70 "..\..\packages\Install.cshtml"
}
#line default
#line hidden
WriteLiteral(" </ul> \r\n");
#line 72 "..\..\packages\Install.cshtml"
}
else
{
#line default
#line hidden
WriteLiteral(" <br />\r\n");
WriteLiteral(" <hr />\r\n");
#line 75 "..\..\packages\Install.cshtml"
}
#line default
#line hidden
WriteLiteral("\r\n<form method=\"post\" action=\"\" id=\"submitForm\">\r\n<p>");
#line 79 "..\..\packages\Install.cshtml"
Write(PackageManagerResources.Disclaimer);
#line default
#line hidden
WriteLiteral("</p> \r\n<fieldset class=\"no-border install\">\r\n <input type=\"hidden\" name=\"so" +
"urce\" value=\"");
#line 81 "..\..\packages\Install.cshtml"
Write(sourceName);
#line default
#line hidden
WriteLiteral("\" />\r\n <input type=\"hidden\" name=\"package\" value=\"");
#line 82 "..\..\packages\Install.cshtml"
Write(packageId);
#line default
#line hidden
WriteLiteral("\" />\r\n <input type=\"hidden\" name=\"version\" value=\"");
#line 83 "..\..\packages\Install.cshtml"
Write(version);
#line default
#line hidden
WriteLiteral("\" />\r\n ");
#line 84 "..\..\packages\Install.cshtml"
Write(AntiForgery.GetHtml());
#line default
#line hidden
WriteLiteral("\r\n\r\n <input type=\"submit\" value=\"");
#line 86 "..\..\packages\Install.cshtml"
Write(PackageManagerResources.InstallPackage);
#line default
#line hidden
WriteLiteral("\" />\r\n <input type=\"reset\" value=\"");
#line 87 "..\..\packages\Install.cshtml"
Write(PackageManagerResources.Cancel);
#line default
#line hidden
WriteLiteral("\" data-returnurl=\"");
#line 87 "..\..\packages\Install.cshtml"
Write(packagesHomeUrl);
#line default
#line hidden
WriteLiteral("\" />\r\n</fieldset>\r\n \r\n\r\n</form>");
}
/// <inheritdoc />
public virtual TagBuilder GenerateAntiForgery([NotNull] ViewContext viewContext)
{
var tagBuilder = _antiForgery.GetHtml(viewContext.HttpContext);
return(tagBuilder);
}
public void GetHtml_ThrowsOnNullContext()
{
Assert.ThrowsArgumentNull(() => AntiForgery.GetHtml(null, null, null, null), "httpContext");
}
public WizardHtmlForm(StandardFormWizardPage page, Wizard wizard, object htmlAttributes)
{
_page = page;
var htmlAttributesDictionary = new Dictionary <string, IList <string> >
{
{
"class", new List <string>
{
"form",
"formwizard-" + wizard.Name.ToLowerInvariant(),
}
}
};
var action = String.Empty;
var dictionary = Functions.ObjectToDictionary(htmlAttributes);
if (dictionary != null)
{
if (dictionary.ContainsKey("class"))
{
htmlAttributesDictionary["class"].Add((string)dictionary["class"]);
}
if (dictionary.ContainsKey("action"))
{
action = (string)dictionary["action"];
}
}
page.WriteLiteral($"<form method=\"post\" action=\"{action}\"");
foreach (var kvp in htmlAttributesDictionary)
{
page.WriteLiteral(" " + kvp.Key + "=\"");
foreach (var itm in kvp.Value)
{
page.WriteLiteral(itm + " ");
}
page.WriteLiteral("\"");
}
if (wizard.HasFileUpload)
{
page.WriteLiteral(" enctype=\"multipart/form-data\"");
}
page.WriteLiteral(" data-renderer=\"" + page.FormRenderer.GetType().AssemblyQualifiedName + "\"");
page.WriteLiteral(">");
page.WriteLiteral("<input type=\"hidden\" name=\"__type\" value=\"" + HttpUtility.HtmlAttributeEncode(wizard.Name) + "\" />");
for (int i = 0; i < wizard.Steps.Count; i++)
{
var step = wizard.Steps[i];
RenderHiddenField("step_" + (i + 1), "step_" + (i + 1), step.FormName);
}
foreach (var field in wizard.Fields.Where(f => f.Label == null))
{
RenderHiddenField(field.Name, field.Id, field.Value == null ? String.Empty : field.GetValueAsString());
}
if (!wizard.DisableAntiForgery)
{
page.WriteLiteral(AntiForgery.GetHtml());
}
}
public override void Execute()
{
WriteLiteral("\r\n\r\n");
#line 4 "..\..\Login.cshtml"
Page.Title = AdminResources.LoginTitle;
// No admin password has been registered so redirect
if (!AdminSecurity.HasAdminPassword())
{
SiteAdmin.RedirectToRegister(Response);
return;
}
if (IsPost)
{
AntiForgery.Validate();
var password = Request.Form["password"];
if (AdminSecurity.CheckPassword(password))
{
// Get the return url
var returnUrl = SiteAdmin.GetReturnUrl(Request) ?? SiteAdmin.AdminVirtualPath;
// Set the admin auth cookie
AdminSecurity.SetAuthCookie(Response);
// Redirect to the return url
Response.Redirect(returnUrl);
}
else
{
ModelState.AddError("password", AdminResources.Validation_PasswordIncorrect);
}
}
#line default
#line hidden
WriteLiteral("\r\n");
DefineSection("Head", () => {
WriteLiteral("\r\n <script type=\"text/javascript\">\r\n function showForgotPasswordInfo(){\r\n " +
" document.getElementById(\'forgotPasswordInfo\').style.display = \'\';\r\n }\r\n" +
" </script>\r\n");
});
WriteLiteral("\r\n\r\n");
#line 41 "..\..\Login.cshtml"
Write(Html.ValidationSummary());
#line default
#line hidden
WriteLiteral("\r\n<br />\r\n\r\n<form method=\"post\" action=\"\">\r\n ");
#line 45 "..\..\Login.cshtml"
Write(AntiForgery.GetHtml());
#line default
#line hidden
WriteLiteral("\r\n <fieldset>\r\n <ol>\r\n <li class=\"password\">\r\n <label for" +
"=\"password\">");
#line 49 "..\..\Login.cshtml"
Write(AdminResources.Password);
#line default
#line hidden
WriteLiteral(":</label>\r\n ");
#line 50 "..\..\Login.cshtml"
Write(Html.Password("password"));
#line default
#line hidden
WriteLiteral(" ");
#line 50 "..\..\Login.cshtml"
Write(Html.ValidationMessage("password", "*"));
#line default
#line hidden
WriteLiteral("\r\n </ol>\r\n <p class=\"form-actions\">\r\n <input type=\"submit\" value=\"");
#line 53 "..\..\Login.cshtml"
Write(AdminResources.Login);
#line default
#line hidden
WriteLiteral("\" />\r\n </p>\r\n </fieldset>\r\n <p>\r\n <a href=\"#\" onclick=\"showForgot" +
"PasswordInfo(); return false;\">");
#line 57 "..\..\Login.cshtml"
Write(AdminResources.ForgotPassword);
#line default
#line hidden
WriteLiteral("</a>\r\n </p>\r\n</form>\r\n<br />\r\n");
#line 61 "..\..\Login.cshtml"
var passwordFileLocation = AdminSecurity.AdminPasswordFile.TrimStart('~', '/');
var forgotPasswordHelp = String.Format(CultureInfo.CurrentCulture, AdminResources.AdminPasswordChangeInstructions, Html.Encode(passwordFileLocation));
#line default
#line hidden
WriteLiteral("<span id=\"forgotPasswordInfo\" style=\"display: none\">");
#line 65 "..\..\Login.cshtml"
Write(Html.Raw(forgotPasswordHelp));
#line default
#line hidden
WriteLiteral("</span>");
}
public MvcHtmlString AntiForgeryToken()
{
return(MvcHtmlString.Create(AntiForgery.GetHtml().ToString()));
}
public override void Execute()
{
WriteLiteral("\r\n\r\n");
WriteLiteral("\r\n");
DefineSection("PackageHead", () => {
WriteLiteral(" \r\n <script type=\"text/javascript\" src=\"");
#line 8 "..\..\packages\Update.cshtml"
Write(Href("scripts/PackageAction.js"));
#line default
#line hidden
WriteLiteral("\"></script>\r\n <noscript>");
#line 9 "..\..\packages\Update.cshtml"
Write(PackageManagerResources.JavascriptRequired);
#line default
#line hidden
WriteLiteral("</noscript>\r\n");
});
WriteLiteral("\r\n");
#line 11 "..\..\packages\Update.cshtml"
// Read params from request
var sourceName = Request["source"];
var packageId = Request["package"];
var versionString = Request["version"];
var packageSource = PageUtils.GetPackageSource(sourceName);
var version = !versionString.IsEmpty() ? SemanticVersion.Parse(versionString) : null;
WebProjectManager projectManager;
try {
projectManager = new WebProjectManager(packageSource.Source, PackageManagerModule.SiteRoot);
} catch (Exception exception) {
#line default
#line hidden
WriteLiteral(" <div class=\"error message\">");
#line 24 "..\..\packages\Update.cshtml"
Write(exception.Message);
#line default
#line hidden
WriteLiteral("</div>\r\n");
#line 25 "..\..\packages\Update.cshtml"
return;
}
var updatePackage = projectManager.SourceRepository.FindPackage(packageId, version);
if (updatePackage == null)
{
ModelState.AddFormError(PackageManagerResources.BadRequest);
#line default
#line hidden
#line 30 "..\..\packages\Update.cshtml"
Write(Html.ValidationSummary());
#line default
#line hidden
#line 30 "..\..\packages\Update.cshtml"
return;
}
var package = projectManager.LocalRepository.FindPackage(packageId);
// Layout
Page.SectionTitle = String.Format(CultureInfo.CurrentCulture, PackageManagerResources.UpdatePackageDesc, package.GetDisplayName(), updatePackage.Version);
var packagesHomeUrl = Href(PageUtils.GetPackagesHome(), Request.Url.Query);
if (IsPost)
{
AntiForgery.Validate();
try {
projectManager.UpdatePackage(updatePackage);
} catch (Exception exception) {
ModelState.AddFormError(exception.Message);
}
if (ModelState.IsValid)
{
Response.Redirect(packagesHomeUrl + "&action-completed=Update");
}
else
{
#line default
#line hidden
#line 52 "..\..\packages\Update.cshtml"
Write(Html.ValidationSummary(String.Format(CultureInfo.CurrentCulture, PackageManagerResources.PackageUpdateError, package.GetDisplayName())));
#line default
#line hidden
#line 52 "..\..\packages\Update.cshtml"
}
return;
}
#line default
#line hidden
WriteLiteral("\r\n");
#line 58 "..\..\packages\Update.cshtml"
Write(RenderPage("_PackageDetails.cshtml", new Dictionary <string, object> {
{ "Package", updatePackage }
}));
#line default
#line hidden
WriteLiteral("\r\n<br />\r\n<form method=\"post\" action=\"\" id=\"submitForm\">\r\n ");
#line 61 "..\..\packages\Update.cshtml"
Write(AntiForgery.GetHtml());
#line default
#line hidden
WriteLiteral("\r\n <input type=\"hidden\" name=\"source\" value=\"");
#line 62 "..\..\packages\Update.cshtml"
Write(sourceName);
#line default
#line hidden
WriteLiteral("\" />\r\n <input type=\"hidden\" name=\"package\" value=\"");
#line 63 "..\..\packages\Update.cshtml"
Write(packageId);
#line default
#line hidden
WriteLiteral("\" />\r\n <input type=\"hidden\" name=\"version\" value=\"");
#line 64 "..\..\packages\Update.cshtml"
Write(version);
#line default
#line hidden
WriteLiteral("\" />\r\n\r\n <input type=\"submit\" value=\"");
#line 66 "..\..\packages\Update.cshtml"
Write(PackageManagerResources.UpdatePackage);
#line default
#line hidden
WriteLiteral("\" />\r\n <input type=\"reset\" value=\"");
#line 67 "..\..\packages\Update.cshtml"
Write(PackageManagerResources.Cancel);
#line default
#line hidden
WriteLiteral("\" data-returnurl=\"");
#line 67 "..\..\packages\Update.cshtml"
Write(packagesHomeUrl);
#line default
#line hidden
WriteLiteral("\" />\r\n <br /><br />\r\n</form>");
}
public override void Render(Context context, TextWriter result)
{
result.Write(AntiForgery.GetHtml().ToHtmlString());
}
public JsonResult SignUp(
User model,
string FirstName,
string Surname,
string signupPass1,
string signupPass2,
string securityQuestion,
string mobilePhone,
string mobileCode,
string isInCaptchaMode,
int whiteLabelId
)
{
string id = Guid.NewGuid().ToString("N");
const int idChunkSize = 4;
string uniqueID = string.Join("-",
Enumerable.Range(0, id.Length / idChunkSize).Select(i => id.Substring(i * idChunkSize, idChunkSize))
);
log.Debug("Sign up client attempt id: '{0}'...", uniqueID);
this.cookiesToRemoveOnSignup.Clear();
if (!ModelState.IsValid)
{
return(GetModelStateErrors(ModelState));
}
if (model.SecurityAnswer.Length > 199)
{
throw new Exception(DbStrings.MaximumAnswerLengthExceeded);
}
CustomerOrigin uiOrigin = UiCustomerOrigin.Get();
string alibabaID = GetAndRemoveCookie("alibaba_id");
if (uiOrigin.IsAlibaba() && string.IsNullOrWhiteSpace(alibabaID))
{
return(Json(new {
success = false,
errorMessage = "No Alibaba customer id provided.",
}, JsonRequestBehavior.AllowGet));
} // if
var blm = new WizardBrokerLeadModel(Session);
CampaignSourceRef campaignSourceRef = null;
if (!blm.BrokerFillsForCustomer)
{
campaignSourceRef = new CampaignSourceRef {
FContent = GetAndRemoveCookie("fcontent"),
FMedium = GetAndRemoveCookie("fmedium"),
FName = GetAndRemoveCookie("fname"),
FSource = GetAndRemoveCookie("fsource"),
FTerm = GetAndRemoveCookie("fterm"),
FUrl = GetAndRemoveCookie("furl"),
FDate = ToDate(GetAndRemoveCookie("fdate")),
RContent = GetAndRemoveCookie("rcontent"),
RMedium = GetAndRemoveCookie("rmedium"),
RName = GetAndRemoveCookie("rname"),
RSource = GetAndRemoveCookie("rsource"),
RTerm = GetAndRemoveCookie("rterm"),
RUrl = GetAndRemoveCookie("rurl"),
RDate = ToDate(GetAndRemoveCookie("rdate")),
};
} // if
string visitTimes = GetAndRemoveCookie("sourceref_time");
var signupModel = new SignupCustomerMultiOriginModel {
UserName = model.EMail,
Origin = uiOrigin.GetOrigin(),
RawPassword = new DasKennwort(signupPass1),
RawPasswordAgain = new DasKennwort(signupPass2),
PasswordQuestion = Convert.ToInt32(securityQuestion),
PasswordAnswer = model.SecurityAnswer,
RemoteIp = RemoteIp(),
FirstName = FirstName,
LastName = Surname,
CaptchaMode = isInCaptchaMode == "True",
MobilePhone = mobilePhone,
MobileVerificationCode = mobileCode,
BrokerFillsForCustomer = blm.BrokerFillsForCustomer,
WhiteLabelID = whiteLabelId,
IsTest = (Request.Cookies["istest"] != null) ? true : (bool?)null,
CampaignSourceRef = campaignSourceRef,
GoogleCookie = blm.BrokerFillsForCustomer ? string.Empty : GetAndRemoveCookie("__utmz"),
ReferenceSource = blm.BrokerFillsForCustomer ? "Broker" : GetAndRemoveCookie("sourceref"),
AlibabaID = blm.BrokerFillsForCustomer ? null : GetAndRemoveCookie("alibaba_id"),
ABTesting = GetAndRemoveCookie("ezbobab"),
VisitTimes = visitTimes,
FirstVisitTime = HttpUtility.UrlDecode(visitTimes),
RequestedLoanAmount = GetAndRemoveCookie("loan_amount"),
RequestedLoanTerm = GetAndRemoveCookie("loan_period"),
BrokerLeadID = blm.LeadID,
BrokerLeadEmail = blm.LeadEmail,
BrokerLeadFirstName = blm.FirstName,
};
log.Debug(
"Sign up client attempt id: '{0}', model is {1}.",
uniqueID,
signupModel.ToLogStr()
);
try {
log.Debug("Sign up client attempt id: '{0}', requesting backend sign up.", uniqueID);
UserLoginActionResult signupResult = this.serviceClient.Instance.SignupCustomerMultiOrigin(signupModel);
log.Debug("Sign up client attempt id: '{0}', backend sign up complete.", uniqueID);
MembershipCreateStatus status = (MembershipCreateStatus)Enum.Parse(
typeof(MembershipCreateStatus),
signupResult.Status
);
log.Debug("Sign up client attempt id: '{0}', status is {1}.", uniqueID, status);
if (status == MembershipCreateStatus.DuplicateEmail)
{
return(Json(
new {
success = false,
errorMessage = signupResult.ErrorMessage,
},
JsonRequestBehavior.AllowGet
));
} // if
if ((status != MembershipCreateStatus.Success) || !string.IsNullOrWhiteSpace(signupResult.ErrorMessage))
{
throw new Exception(string.IsNullOrWhiteSpace(signupResult.ErrorMessage)
? string.Format("Failed to sign up (error code is '{0}').", uniqueID)
: signupResult.ErrorMessage
);
} // if
ObjectFactory.GetInstance <IEzbobWorkplaceContext>().SessionId =
signupResult.SessionID.ToString(CultureInfo.InvariantCulture);
Session["UserSessionId"] = signupResult.SessionID;
this.context.SetSessionOrigin(uiOrigin.GetOrigin());
FormsAuthentication.SetAuthCookie(model.EMail, false);
HttpContext.User = new GenericPrincipal(new GenericIdentity(model.EMail), new[] { "Customer" });
RemoveCookiesOnSignup();
log.Debug("Sign up client attempt id: '{0}', sign up complete.", uniqueID);
return(Json(
new {
success = true,
antiforgery_token = AntiForgery.GetHtml().ToString(),
refNumber = signupResult.RefNumber,
},
JsonRequestBehavior.AllowGet
));
} catch (Exception e) {
log.Alert(e, "Failed to sign up, client attempt id: {0}.", uniqueID);
return(Json(
new {
success = false,
errorMessage = string.Format(
"Failed to sign up, please call support (error code is '{0}').",
uniqueID
),
},
JsonRequestBehavior.AllowGet
));
} // try
} // SignUp
public override void Execute()
{
WriteLiteral("\r\n\r\n");
#line 4 "..\..\Register.cshtml"
Page.Title = AdminResources.RegisterTitle;
var adminPath = SiteAdmin.AdminVirtualPath.TrimStart('~');
Page.Desc = String.Format(CultureInfo.CurrentCulture, AdminResources.RegisterDesc, Html.Encode(adminPath));
// If the password is already set the redirect to login
if (AdminSecurity.HasAdminPassword())
{
SiteAdmin.RedirectToLogin(Response);
return;
}
if (IsPost)
{
AntiForgery.Validate();
var password = Request.Form["password"];
var reenteredPassword = Request.Form["repassword"];
if (password.IsEmpty())
{
ModelState.AddError("password", AdminResources.Validation_PasswordRequired);
}
else if (password != reenteredPassword)
{
ModelState.AddError("repassword", AdminResources.Validation_PasswordsDoNotMatch);
}
if (ModelState.IsValid)
{
// Save the admin password
if (AdminSecurity.SaveTemporaryPassword(password))
{
// Get the return url
var returnUrl = SiteAdmin.GetReturnUrl(Request) ?? SiteAdmin.AdminVirtualPath;
// Redirect to the return url
Response.Redirect(returnUrl);
}
else
{
// Add a validation error since creating the password.txt failed
ModelState.AddFormError(AdminResources.AdminModuleRequiresAccessToAppData);
}
}
}
#line default
#line hidden
WriteLiteral("\r\n<br/>\r\n\r\n");
#line 47 "..\..\Register.cshtml"
Write(Html.ValidationSummary());
#line default
#line hidden
WriteLiteral("\r\n\r\n<form method=\"post\" action=\"\">\r\n");
#line 50 "..\..\Register.cshtml"
Write(AntiForgery.GetHtml());
#line default
#line hidden
WriteLiteral("\r\n<fieldset>\r\n <ol>\r\n <li class=\"password\">\r\n <label for=\"pa" +
"ssword\">");
#line 54 "..\..\Register.cshtml"
Write(AdminResources.EnterPassword);
#line default
#line hidden
WriteLiteral("</label>\r\n ");
#line 55 "..\..\Register.cshtml"
Write(Html.Password("password"));
#line default
#line hidden
WriteLiteral(" ");
#line 55 "..\..\Register.cshtml"
Write(Html.ValidationMessage("password", "*"));
#line default
#line hidden
WriteLiteral("\r\n </li>\r\n <li class=\"password\">\r\n <label>");
#line 58 "..\..\Register.cshtml"
Write(AdminResources.ReenterPassword);
#line default
#line hidden
WriteLiteral("</label>\r\n ");
#line 59 "..\..\Register.cshtml"
Write(Html.Password("repassword"));
#line default
#line hidden
WriteLiteral(" ");
#line 59 "..\..\Register.cshtml"
Write(Html.ValidationMessage("repassword", "*"));
#line default
#line hidden
WriteLiteral("\r\n </li>\r\n </ol>\r\n <p class=\"form-actions\">\r\n <input type=\"su" +
"bmit\" value=\"");
#line 63 "..\..\Register.cshtml"
Write(AdminResources.CreatePassword);
#line default
#line hidden
WriteLiteral("\" class=\"long-input\" />\r\n </p>\r\n</fieldset>\r\n</form>\r\n");
}
public MvcHtmlString AntiForgeryToken(string salt, string domain, string path)
{
return(new MvcHtmlString(AntiForgery.GetHtml(ViewContext.HttpContext, salt, domain, path).ToString()));
}