//[Authenticate(Forms, "/login/")] // Basic, Digest, Oauth, Api public override ViewBase Post(ControllerContext context) { User user; if (!UserService.TryAuthenticateUser(context.User, out user)) { return new StatusCodeView(HttpStatusCode.BadGateway); // TODO: return a better error code that doesn't cause forms authentication to overwrite our response } else if (!UserService.TryAuthorizeUser(user, UserRole.Admin)) { return new StatusCodeView(HttpStatusCode.Forbidden); } var config = new Config(); var updates = config.PopulateWithData(context.Form); using (var db = DataService.Connect()) using (var tx = db.OpenTransaction()) { db.Insert(config); ConfigService.InitializeWithConfig(config); FileService.PregenerateApp(); tx.Commit(); } return new JsonView(new AppViewModel()); }
private ViewBase SendToken(ControllerContext context, ResendAction action, string nameOrEmail) { // If the name or email could not be found, pretend everything is okay. User user; if (!QueryService.TryGetUser(nameOrEmail, out user)) { return null; } // Generate a verification token. user.VerifyToken = UserService.GenerateVerifyToken(); using (var db = DataService.Connect()) using (var tx = db.OpenTransaction()) { db.UpdateOnly(user, u => u.VerifyToken, u => u.Guid == user.Guid); if (ResendAction.Activate == action) { MailService.SendVerifyUser(user.Email, user.VerifyToken); } else { MailService.SendPasswordReset(user.Email, user.VerifyToken); } tx.Commit(); } return new StatusCodeView(HttpStatusCode.Created); }
public override ViewBase Get(ControllerContext context) { string username; if (!this.TryGetUserNameFromContext(context, out username)) { return new StatusCodeView(HttpStatusCode.BadRequest); } User me; if (!UserService.TryAuthenticateUser(context.User, out me)) { return new StatusCodeView(HttpStatusCode.BadGateway); // TODO: return a better error code that doesn't cause forms authentication to overwrite our response } if (username.Equals("0")) { username = "******"; } User user; if (!QueryService.TryGetUserByName(me.Guid, username, out user)) { return new StatusCodeView(HttpStatusCode.NotFound); } return new JsonView(new UserViewModel(user)); }
public override ViewBase Post(ControllerContext context) { User user; if (!UserService.TryAuthenticateUser(context.User, out user)) { return new StatusCodeView(HttpStatusCode.BadGateway); // TODO: return a better error code that doesn't cause forms authentication to overwrite our response } else if (!UserService.TryAuthorizeUser(user, UserRole.Admin)) { return new StatusCodeView(HttpStatusCode.Forbidden); } using (var db = DataService.Connect(true)) { FileService.PregenerateApp(); var issuesIds = db.SqlList<long>("SELECT Id FROM Issue"); foreach (var issueId in issuesIds) { IssueViewModel vm; if (QueryService.TryGetIssueWithCommentsUsingDb(issueId, db, out vm)) { vm.Location = context.ApplicationPath + vm.Id + "/"; var breadcrumbs = new BreadcrumbsViewModel(new Breadcrumb("Issues", context.ApplicationPath), new Breadcrumb("#" + vm.Id + " - " + vm.Title, vm.Location)); FileService.WriteIssue(vm, breadcrumbs); } } } return null; }
public override ViewBase Post(ControllerContext context) { User user; if (!UserService.TryAuthenticateUser(context.User, out user)) { return new StatusCodeView(HttpStatusCode.BadGateway); // TODO: return a better error code that doesn't cause forms authentication to overwrite our response } else if (!UserService.TryAuthorizeUser(user, UserRole.User)) { return new StatusCodeView(HttpStatusCode.Forbidden); } Issue issue = new Issue(); PopulateResults results = issue.PopulateWithData(context.UnvalidatedForm, user.Guid, true); if (results.Errors.Count > 0) { return new JsonView(results.Errors, HttpStatusCode.BadRequest); } issue.Status = IssueStatus.Untriaged; issue.CreatedAt = issue.UpdatedAt; issue.CreatedByUserId = user.Id; IssueViewModel vm = SaveIssue(context, issue); if (vm == null) { return new StatusCodeView(HttpStatusCode.InternalServerError); } return new JsonView(vm, HttpStatusCode.Created); }
public override ViewBase Delete(ControllerContext context) { long issueId; if (!this.TryGetIssueIdFromContext(context, out issueId)) { return new StatusCodeView(HttpStatusCode.BadRequest); } User user; if (!UserService.TryAuthenticateUser(context.User, out user)) { return new StatusCodeView(HttpStatusCode.BadGateway); // TODO: return a better error code that doesn't cause forms authentication to overwrite our response } Issue issue; using (var db = DataService.Connect(true)) { issue = db.GetByIdOrDefault<Issue>(issueId); if (issue == null) { return new StatusCodeView(HttpStatusCode.NotFound); } } if (user.Id != issue.CreatedByUserId && !user.IsInRole(UserRole.Contributor)) { return new StatusCodeView(HttpStatusCode.Forbidden); } this.DeleteIssue(issue.Id); return null; }
public IssueViewModel SaveIssue(ControllerContext context, Issue issue) { IssueViewModel vm = null; using (var db = DataService.Connect()) using (var tx = db.BeginTransaction()) { db.Insert(issue); issue.Id = db.GetLastInsertId(); var issueSearch = new FullTextSearchIssue() { DocId = issue.Id, Text = issue.Text, Title = issue.Title, }; db.InsertParam(issueSearch); if (QueryService.TryGetIssueWithCommentsUsingDb(issue.Id, db, out vm)) { vm.Location = context.ApplicationPath + vm.Id + "/"; var breadcrumbs = new BreadcrumbsViewModel(new Breadcrumb("Issues", context.ApplicationPath), new Breadcrumb("#" + vm.Id + " - " + vm.Title, vm.Location)); FileService.WriteIssue(vm, breadcrumbs); tx.Commit(); } } return vm; }
public override ViewBase Get(ControllerContext context) { Query q = QueryService.ParseQuery(context.QueryString); User user; if (q.Filters != null && q.Filters.Any(f => f.Column.Equals("user", StringComparison.OrdinalIgnoreCase)) && !UserService.TryAuthenticateUser(context.User, out user)) { FormsAuthentication.RedirectToLoginPage(QueryService.RecreateQueryString(q)); return null; } var issuesPaged = QueryService.QueryIssues(context.User, q); var pagePrefix = context.ControllerPath + QueryService.RecreateQueryString(q) + "&page="; RootViewModel vm = new RootViewModel() { Breadcrumbs = new BreadcrumbsViewModel(new Breadcrumb("Issues", context.ControllerPath)), Issues = issuesPaged.Issues, Page = new PaginationViewModel(q.Page, q.Count, issuesPaged.Total, pagePrefix), }; string path = q.Template ?? "search.mustache"; return new TemplateView(path, vm); }
public override ViewBase Get(ControllerContext context) { long issueId; if (!Int64.TryParse(context.RouteData.Values["issue"] as string, out issueId)) { return new StatusCodeView(HttpStatusCode.BadRequest); } User user; if (!UserService.TryAuthenticateUser(context.User, out user)) { return new StatusCodeView(HttpStatusCode.Unauthorized); } IssueViewModel issue; if (!QueryService.TryGetIssueWithComments(issueId, out issue)) { return new StatusCodeView(HttpStatusCode.NotFound); } if (!user.Email.Equals(issue.AssignedToUserEmail) && !user.Email.Equals(issue.CreatedByUserEmail) && !user.IsInRole(UserRole.Contributor)) { return new RedirectView("~/accessdenied/"); } return new TemplateView("bugform.mustache", new { app = new AppViewModel(), issue = issue }); }
public override ViewBase Get(ControllerContext context) { string query = context.QueryString["q"] ?? String.Empty; using (var db = DataService.Connect(true)) { var usernames = db.Select<User>(ev => ev.Select(u => u.UserName).Where(u => u.UserName.Contains(query))).Select(u => u.UserName); return new JsonView(usernames); } }
public override ViewBase Get(ControllerContext context) { string token = context.RouteData.Values["token"] as string; if (String.IsNullOrEmpty(token)) { return new StatusCodeView(HttpStatusCode.BadRequest); } return VerifyToken(context, token); }
public override ViewBase Get(ControllerContext context) { User me; if (!UserService.TryAuthenticateUser(context.User, out me)) { return new StatusCodeView(HttpStatusCode.Unauthorized); } return new TemplateView("userform.mustache", new { app = new AppViewModel(), user = new UserViewModel(me), }); }
public override ViewBase Get(ControllerContext context) { User user; if (!UserService.TryAuthenticateUser(context.User, out user)) { return new StatusCodeView(HttpStatusCode.Unauthorized); } if (!user.IsInRole(UserRole.Admin)) { return new RedirectView("~/accessdenied/"); } return new TemplateView("admin.mustache", new { app = new AppViewModel(), breadcrumbs = ConfigService.ExternalBreadcrumbs, mail = ConfigService.Mail }); }
public override ViewBase Get(ControllerContext context) { Query q = QueryService.ParseQuery(context.QueryString); QueriedIssuesViewModel issues = QueryService.QueryIssues(context.User, q); issues.Issues.ForEach(i => i.Location = context.ApplicationPath + i.Id + "/"); // TODO: come up with a better way of handling this. var pagePrefix = context.ControllerPath + QueryService.RecreateQueryString(q) + "&page="; IssuesApiViewModel vm = new IssuesApiViewModel() { Issues = issues.Issues, Page = new PaginationViewModel(q.Page, q.Count, issues.Total, pagePrefix), }; return new JsonView(vm); }
public override ViewBase Post(ControllerContext context) { string fullname = context.Form["fullname"]; string email = context.Form["email"]; string password = context.Form["password"]; string verifyPassword = context.Form["verifypassword"]; string username = context.Form["username"]; var errors = VerifyData(email, password, verifyPassword, username); if (errors.Length > 0) { return new JsonView(errors, HttpStatusCode.BadRequest); } // Default username to email. if (String.IsNullOrEmpty(username)) { username = email; } User user = UserService.Create(email, password, username); user.FullName = String.IsNullOrEmpty(fullname) ? null : fullname; user.VerifyToken = UserService.GenerateVerifyToken(); using (var db = DataService.Connect()) using (var tx = db.OpenTransaction()) { db.Insert(user); user.Id = db.GetLastInsertId(); // First user magically becomes an admin. if (user.Id == 1) { user.Role = UserRole.Admin; user.VerifyToken = null; db.Update(user); } else { MailService.SendVerifyUser(user.Email, user.VerifyToken); } tx.Commit(); } return new JsonView(new UserViewModel(user), HttpStatusCode.Created); }
public override ViewBase Post(ControllerContext context) { string token = context.RouteData.Values["token"] as string; if (String.IsNullOrEmpty(token)) { return new StatusCodeView(HttpStatusCode.BadRequest); } string password = context.Form["password"] ?? String.Empty; string confirm = context.Form["verifypassword"]; if (String.IsNullOrEmpty(password) && password.Equals(confirm)) { return new StatusCodeView(HttpStatusCode.BadRequest); } return VerifyToken(context, token, password); }
public override ViewBase Get(ControllerContext context) { long issueId; if (!this.TryGetIssueIdFromContext(context, out issueId)) { return new StatusCodeView(HttpStatusCode.BadRequest); } IssueViewModel issue; if (!QueryService.TryGetIssueWithComments(issueId, out issue)) { return new StatusCodeView(HttpStatusCode.NotFound); } issue.Location = context.ApplicationPath + issue.Id + "/"; return new JsonView(issue); }
public override ViewBase Post(ControllerContext context) { ResendAction action; string actionData = context.RouteData.Values["action"] as string; if (!Enum.TryParse<ResendAction>(actionData, true, out action)) { return new StatusCodeView(HttpStatusCode.BadRequest); } string email = context.Form["email"]; if (String.IsNullOrEmpty(email)) { return new StatusCodeView(HttpStatusCode.BadRequest); } return SendToken(context, action, email); }
public override ViewBase Put(ControllerContext context) { string username; if (!this.TryGetUserNameFromContext(context, out username)) { return new StatusCodeView(HttpStatusCode.BadRequest); } else if (username.Equals("0")) { username = "******"; } User me; if (!UserService.TryAuthenticateUser(context.User, out me)) { return new StatusCodeView(HttpStatusCode.BadGateway); // TODO: return a better error code that doesn't cause forms authentication to overwrite our response } User user; if (!QueryService.TryGetUserByName(context.User, username, out user)) { return new StatusCodeView(HttpStatusCode.NotFound); } var results = user.PopulateWithData(context.Form, me); if (results.Errors.Count == 0) { using (var db = DataService.Connect()) using (var tx = db.BeginTransaction()) { db.UpdateOnly(user, v => v.Update(results.Updates.Keys.ToArray()).Where(u => u.Id == user.Id)); if (results.Updates.Any(u => u.Key.Equals("VerifyToken"))) { MailService.SendVerifyUser(user.Email, user.VerifyToken); } tx.Commit(); } } return new JsonView(new { user = new UserViewModel(user), errors = results.Errors }, results.Errors.Count == 0 ? HttpStatusCode.OK : HttpStatusCode.BadRequest); }
public override ViewBase Get(ControllerContext context) { User me; if (!UserService.TryAuthenticateUser(context.User, out me)) { return new StatusCodeView(HttpStatusCode.Unauthorized); } User user; long id; string idString = context.RouteData.Values["id"] as string; if (String.IsNullOrEmpty(idString)) { user = me; } else if (!UserService.TryAuthorizeUser(me, UserRole.User)) { return new StatusCodeView(HttpStatusCode.Unauthorized); } else if (!Int64.TryParse(idString, out id)) { return new StatusCodeView(HttpStatusCode.BadRequest); } else { using (var db = DataService.Connect(true)) { user = db.GetByIdOrDefault<User>(id); if (user == null) { return new StatusCodeView(HttpStatusCode.NotFound); } } } return new TemplateView("user.mustache", new { app = new AppViewModel(), breadcrumbs = ConfigService.ExternalBreadcrumbs, user = new UserViewModel(user), me = new UserViewModel(me) }); }
public override ViewBase Get(ControllerContext context) { var query = context.QueryString; HttpStatusCode statusCode = HttpStatusCode.NotFound; string referrer = context.Referrer != null ? context.Referrer.AbsoluteUri : String.Empty; if (query.Count > 0) { string[] s = query.Get(0).Split(new char[] { ';' }); statusCode = (HttpStatusCode)Convert.ToInt32(s[0]); if (String.IsNullOrEmpty(referrer) && s.Length > 1) { referrer = s[1]; } } Log.InfoFormat("url: {0} referrer: {1}", context.Url.AbsoluteUri, referrer); return new TemplateView("notfound.mustache", new { ReferralUri = referrer, StatusCode = statusCode }, statusCode); }
public ViewBase VerifyToken(ControllerContext context, string token, string password = null) { if (!token.StartsWith("t")) { return new StatusCodeView(HttpStatusCode.BadRequest); } token = token.Substring(1); // remove the expected "t" from the beginning of the token. DateTime issued; if (!UserService.TryValidateVerificationToken(token, out issued)) { return new StatusCodeView(HttpStatusCode.BadRequest); } using (var db = DataService.Connect()) { User user = db.FirstOrDefault<User>(u => u.VerifyToken == token); if (user == null) { return new StatusCodeView(HttpStatusCode.NotFound); } string passwordHash = user.PasswordHash; if (!String.IsNullOrEmpty(password)) { passwordHash = UserService.CalculatePasswordHash(user.Guid, user.Salt, password); } // Verification tokens are one shot deals. This one is dead now. // Also, ensure the user is verifed now. UserRole role = (user.Role == UserRole.Unverfied) ? UserRole.User : user.Role; db.UpdateOnly(new User { VerifyToken = null, Role = role, PasswordHash = passwordHash }, u => new { u.VerifyToken, u.Role, u.PasswordHash }, u => u.Guid == user.Guid); } return null; }
public override ViewBase Get(ControllerContext context) { context.GetOutput().Write("<html><head><title>Everything</title></head><body><h1>Everything</h1></body></html>"); return null; }
public override ViewBase Put(ControllerContext context) { long issueId; if (!this.TryGetIssueIdFromContext(context, out issueId)) { return new StatusCodeView(HttpStatusCode.BadRequest); } User user; if (!UserService.TryAuthenticateUser(context.User, out user)) { return new StatusCodeView(HttpStatusCode.BadGateway); // TODO: return a better error code that doesn't cause forms authentication to overwrite our response } Issue issue; using (var db = DataService.Connect(true)) { issue = db.GetByIdOrDefault<Issue>(issueId); if (issue == null) { return new StatusCodeView(HttpStatusCode.NotFound); } } if (!user.IsInRole(UserRole.User)) { return new StatusCodeView(HttpStatusCode.Forbidden); } bool unassigned = (issue.AssignedToUserId == 0); bool owner = (user.Id == issue.AssignedToUserId || user.Id == issue.CreatedByUserId); bool contributor = user.IsInRole(UserRole.Contributor); PopulateResults results = issue.PopulateWithData(context.UnvalidatedForm, user.Guid); if (results.Errors.Count > 0) { return new JsonView(results.Errors, HttpStatusCode.BadRequest); } // Only a few fields can be updated by normal users. if (!owner && !contributor) { // AssignedTo may be changed if the issue isn't assigned to anyone. Status can be // changed but if it is changed we'll check it further next. Remove anything else. var disallowed = results.Updates.Keys.Where(s => !((unassigned && s == "AssignedToUserId") || s == "Status" || s == "UpdatedAt")).ToList(); foreach (var remove in disallowed) { results.Updates.Remove(remove); } // If status is being changed, ensure it's being set to untriaged. PopulateResults.UpdatedValue statusChange; if (results.Updates.TryGetValue("Status", out statusChange) && (IssueStatus)statusChange.New != IssueStatus.Untriaged) { results.Updates.Remove("Status"); } } string comment = context.UnvalidatedForm.Get("comment"); IssueViewModel vm = UpdateIssue(context, issue, user.Id, comment, results.Updates); if (vm == null) { return new StatusCodeView(HttpStatusCode.InternalServerError); } return new JsonView(vm); }
public IssueViewModel UpdateIssue(ControllerContext context, Issue issue, long userId, string commentText, Dictionary<string, PopulateResults.UpdatedValue> updates) { IssueViewModel vm = null; IssueComment comment = new IssueComment(); comment.IssueId = issue.Id; comment.CommentByUserId = userId; comment.CreatedAt = issue.UpdatedAt; comment.Text = commentText; foreach (var kvp in updates) { if (kvp.Key.Equals("UpdatedAt", StringComparison.OrdinalIgnoreCase)) { continue; } object oldValue = kvp.Value.FriendlyOld ?? kvp.Value.Old ?? String.Empty; object newValue = kvp.Value.FriendlyNew ?? kvp.Value.New ?? String.Empty; IssueChange change = new IssueChange(); change.Column = kvp.Value.FriendlyName ?? kvp.Key; change.Old = oldValue.ToString(); change.New = newValue.ToString(); comment.Changes.Add(change); } comment.Changes.Sort(); using (var db = DataService.Connect()) using (var tx = db.BeginTransaction()) { // If there is some sort of recognizable change. if (!String.IsNullOrEmpty(comment.Text) || comment.Changes.Count > 0) { db.UpdateOnly(issue, v => v.Update(updates.Keys.ToArray()).Where(i => i.Id == issue.Id)); if (updates.ContainsKey("Text") || updates.ContainsKey("Title")) { db.Update<FullTextSearchIssue>(new { Text = issue.Text, Title = issue.Title }, s => s.DocId == issue.Id); } db.Insert(comment); comment.Id = db.GetLastInsertId(); } if (QueryService.TryGetIssueWithCommentsUsingDb(issue.Id, db, out vm)) { vm.Location = context.ApplicationPath + vm.Id + "/"; var breadcrumbs = new BreadcrumbsViewModel(new Breadcrumb("Issues", context.ApplicationPath), new Breadcrumb("#" + vm.Id + " - " + vm.Title, vm.Location)); FileService.WriteIssue(vm, breadcrumbs); tx.Commit(); // best effort email about changes to issue. try { MailService.SendIssueComment(vm, comment.Id); } catch (Exception e) { LogManager.GetLogger("error").Error(String.Format(" failed to send update about issue #{0}, comment #{1}", issue.Id, comment.Id), e); } } } return vm; }
public bool TryGetUserNameFromContext(ControllerContext context, out string username) { username = context.RouteData.Values["username"] as string; return username != null; }
public override ViewBase Get(ControllerContext context) { return new StatusCodeView(HttpStatusCode.NotImplemented); }
public override ViewBase Post(ControllerContext context) { // Forward POST to PUT for those clients that only use POST. return this.Put(context); }
public bool TryGetIssueIdFromContext(ControllerContext context, out long issueId) { string value = context.RouteData.Values["issue"] as string; return Int64.TryParse(value, out issueId); }
public override ViewBase Get(ControllerContext context) { return new JsonView(new AppViewModel()); }