/// <summary> /// Verifies a MD5 Known User request /// </summary> /// <param name="secretKey"> /// The secret key as configured on the queue /// </param> /// <param name="urlProvider"> /// An optional way of providing the original hashed URL (in case of URL rewrite or similar) /// </param> /// <param name="querystringPrefix">The request to verify /// An optional querystring prefix as configured on the Queue-it account. /// This can be used if there are name collisions with the queuestring parameters appended by Queue-it /// </param> /// <returns>IKnownUser reprecentation of the request</returns> /// <exception cref="System.ArgumentNullException"> /// The Secret Key cannot be null. Invoke KnownUserFactory.Configure or add configuration in config file. /// </exception> /// <exception cref="QueueIT.Security.InvalidKnownUserUrlException"> /// The Known User request does not contaion the required parameters /// </exception> /// <exception cref="QueueIT.Security.InvalidKnownUserHashException"> /// The hash of the request is invalid /// </exception> /// <example> /// <code language="cs"> /// try /// { /// IKnownUser knownUser = KnownUserFactory.VerifyMd5Hash(); /// /// if (knownUser == null) /// throw new UnverifiedKnownUserException(); /// /// if (knownUser.TimeStamp < DateTime.UtcNow.Subtract(TimeSpan.FromMinutes(3))) /// throw new UnverifiedKnownUserException(); /// /// PersistModel model = new PersistModel( /// knownUser.QueueId, /// knownUser.PlaceInQueue, /// knownUser.TimeStamp); /// /// model.Persist(); /// } /// catch (KnownUserException ex) /// { /// Response.Redirect("Error.aspx?queuename=link"); /// } /// </code> /// </example> /// <example> /// PHP example: /// <code language="none"> /// <![CDATA[ /// <?php /// require_once('../QueueIT.Security PHP/KnownUserFactory.php'); /// /// use QueueIT\Security\KnownUserFactory, QueueIT\Security\KnownUserException; /// /// try /// { /// $knownUser = KnownUserFactory::verifyMd5Hash(); /// /// if ($knownUser == null) /// header('Location: link.php'); /// /// if ($knownUser->getTimeStamp()->getTimestamp() < (time() - 180)) /// header('Location: link.php'); /// } /// catch (KnownUserException $ex) /// { /// header('Location: error.php'); /// } /// ?> /// ]]> /// </code> /// </example> /// <example> /// Java EE example: /// <code language="none"> /// <![CDATA[ /// try /// { /// IKnownUser knownUser = KnownUserFactory.verifyMd5Hash(); /// /// if (knownUser == null) { /// response.sendRedirect("link.jsp"); /// return; /// } /// /// if (knownUser.getTimeStamp().getTime() < ((new Date()).getTime() - 180 * 1000)) { /// response.sendRedirect("link.jsp"); /// return; /// } /// } /// catch (KnownUserException ex) /// { /// response.sendRedirect("error.jsp"); /// return; /// } /// ]]> /// </code> /// </example> public static IKnownUser VerifyMd5Hash( string secretKey = null, IKnownUserUrlProvider urlProvider = null, string querystringPrefix = null) { if (string.IsNullOrEmpty(secretKey)) secretKey = SecretKey; if (string.IsNullOrEmpty(querystringPrefix)) querystringPrefix = _defaultQuerystringPrefix; if (urlProvider == null && _defaultUrlProviderFactory != null) urlProvider = _defaultUrlProviderFactory.Invoke(); if (string.IsNullOrEmpty(secretKey)) throw new ArgumentNullException( "secretKey", "The Secret Key cannot be null. Invoke KnownUserFactory. Configure or add configuration in config file."); string url = urlProvider.GetUrl(); ValidateUrl(url); string originalUrl = urlProvider.GetOriginalUrl(querystringPrefix); try { Guid? queueId = ParseQueueId(urlProvider.GetQueueId(querystringPrefix)); string placeInQueueObfuscated = urlProvider.GetPlaceInQueue(querystringPrefix); int? placeInQueue = null; if (!string.IsNullOrEmpty(placeInQueueObfuscated)) { try { placeInQueue = (int)Hashing.DecryptPlaceInQueue(placeInQueueObfuscated); } catch (Exception) { throw new InvalidKnownUserUrlException(); } } DateTime? timeStamp = ParseTimeStamp(urlProvider.GetTimeStamp(querystringPrefix)); string customerId = urlProvider.GetCustomerId(querystringPrefix); string eventId = urlProvider.GetEventId(querystringPrefix); RedirectType redirectType = ParseRedirectType(urlProvider.GetRedirectType(querystringPrefix)); if (!queueId.HasValue && !placeInQueue.HasValue && !timeStamp.HasValue) return null; if (!queueId.HasValue || !placeInQueue.HasValue || !timeStamp.HasValue) throw new InvalidKnownUserUrlException(); string expectedHash = GetExpectedHash(url); ValidateHash(url, secretKey, expectedHash); return new Md5KnownUser(queueId.Value, placeInQueue.Value, timeStamp.Value, customerId, eventId, redirectType, originalUrl); } catch (KnownUserException ex) { ex.OriginalUrl = originalUrl; ex.ValidatedUrl = url; throw; } }
/// <summary> /// Verifies a MD5 Known User request /// </summary> /// <param name="secretKey"> /// The secret key as configured on the queue /// </param> /// <param name="urlProvider"> /// An optional way of providing the original hashed URL (in case of URL rewrite or similar) /// </param> /// <param name="querystringPrefix">The request to verify /// An optional querystring prefix as configured on the Queue-it account. /// This can be used if there are name collisions with the queuestring parameters appended by Queue-it /// </param> /// <returns>IKnownUser reprecentation of the request</returns> /// <exception cref="System.ArgumentNullException"> /// The Secret Key cannot be null. Invoke KnownUserFactory.Configure or add configuration in config file. /// </exception> /// <exception cref="QueueIT.Security.InvalidKnownUserUrlException"> /// The Known User request does not contaion the required parameters /// </exception> /// <exception cref="QueueIT.Security.InvalidKnownUserHashException"> /// The hash of the request is invalid /// </exception> /// <example> /// <code language="cs"> /// try /// { /// IKnownUser knownUser = KnownUserFactory.VerifyMd5Hash(); /// /// if (knownUser == null) /// throw new UnverifiedKnownUserException(); /// /// if (knownUser.TimeStamp < DateTime.UtcNow.Subtract(TimeSpan.FromMinutes(3))) /// throw new UnverifiedKnownUserException(); /// /// PersistModel model = new PersistModel( /// knownUser.QueueId, /// knownUser.PlaceInQueue, /// knownUser.TimeStamp); /// /// model.Persist(); /// } /// catch (KnownUserException ex) /// { /// Response.Redirect("Error.aspx?queuename=link"); /// } /// </code> /// </example> /// <example> /// PHP example: /// <code language="none"> /// <![CDATA[ /// <?php /// require_once('../QueueIT.Security PHP/KnownUserFactory.php'); /// /// use QueueIT\Security\KnownUserFactory, QueueIT\Security\KnownUserException; /// /// try /// { /// $knownUser = KnownUserFactory::verifyMd5Hash(); /// /// if ($knownUser == null) /// header('Location: link.php'); /// /// if ($knownUser->getTimeStamp()->getTimestamp() < (time() - 180)) /// header('Location: link.php'); /// } /// catch (KnownUserException $ex) /// { /// header('Location: error.php'); /// } /// ?> /// ]]> /// </code> /// </example> /// <example> /// Java EE example: /// <code language="none"> /// <![CDATA[ /// try /// { /// IKnownUser knownUser = KnownUserFactory.verifyMd5Hash(); /// /// if (knownUser == null) { /// response.sendRedirect("link.jsp"); /// return; /// } /// /// if (knownUser.getTimeStamp().getTime() < ((new Date()).getTime() - 180 * 1000)) { /// response.sendRedirect("link.jsp"); /// return; /// } /// } /// catch (KnownUserException ex) /// { /// response.sendRedirect("error.jsp"); /// return; /// } /// ]]> /// </code> /// </example> public static IKnownUser VerifyMd5Hash( string secretKey = null, IKnownUserUrlProvider urlProvider = null, string querystringPrefix = null) { if (string.IsNullOrEmpty(secretKey)) { secretKey = SecretKey; } if (string.IsNullOrEmpty(querystringPrefix)) { querystringPrefix = _defaultQuerystringPrefix; } if (urlProvider == null && _defaultUrlProviderFactory != null) { urlProvider = _defaultUrlProviderFactory.Invoke(); } if (string.IsNullOrEmpty(secretKey)) { throw new ArgumentNullException( "secretKey", "The Secret Key cannot be null. Invoke KnownUserFactory. Configure or add configuration in config file."); } string url = urlProvider.GetUrl(); ValidateUrl(url); string originalUrl = urlProvider.GetOriginalUrl(querystringPrefix); try { Guid? queueId = ParseQueueId(urlProvider.GetQueueId(querystringPrefix)); string placeInQueueObfuscated = urlProvider.GetPlaceInQueue(querystringPrefix); int? placeInQueue = null; if (!string.IsNullOrEmpty(placeInQueueObfuscated)) { try { placeInQueue = (int)Hashing.DecryptPlaceInQueue(placeInQueueObfuscated); } catch (Exception) { throw new InvalidKnownUserUrlException(); } } DateTime? timeStamp = ParseTimeStamp(urlProvider.GetTimeStamp(querystringPrefix)); string customerId = urlProvider.GetCustomerId(querystringPrefix); string eventId = urlProvider.GetEventId(querystringPrefix); RedirectType redirectType = ParseRedirectType(urlProvider.GetRedirectType(querystringPrefix)); if (!queueId.HasValue && !placeInQueue.HasValue && !timeStamp.HasValue) { return(null); } if (!queueId.HasValue || !placeInQueue.HasValue || !timeStamp.HasValue) { throw new InvalidKnownUserUrlException(); } string expectedHash = GetExpectedHash(url); ValidateHash(url, secretKey, expectedHash); return(new Md5KnownUser(queueId.Value, placeInQueue.Value, timeStamp.Value, customerId, eventId, redirectType, originalUrl)); } catch (KnownUserException ex) { ex.OriginalUrl = originalUrl; ex.ValidatedUrl = url; throw; } }