private static void SeedDatabase(IDocumentStore documentStore) { using (var session = documentStore.OpenSession()) { var adminUser = new Account { CodingExperience = 10, Company = "AGRC", Confirmation = new EmailConfirmation(ConfigurationManager.AppSettings["api_explorer_api_key"]) { ConfirmationDate = DateTime.UtcNow, Confirmed = true, TimesSent = 0 }, ContactRoute = "email", Email = ConfigurationManager.AppSettings["admin_email"], FirstName = "AGRC", JobCategory = "Geography", JobTitle = "Government", KeyQuota = new KeyQuota(1) { KeysUsed = 1 }, LastName = "AGRC", Password = CommandExecutor.ExecuteCommand(new HashPasswordCommand(ConfigurationManager.AppSettings["admin_password"])).Result }; if (!session.Query<Account>().Any(x => x.Email == ConfigurationManager.AppSettings["admin_email"])) { session.Store(adminUser); var explorerKey = new ApiKey(ConfigurationManager.AppSettings["api_explorer_api_key"]) { AccountId = adminUser.Id, ApiKeyStatus = ApiKey.KeyStatus.Active, AppStatus = ApiKey.ApplicationStatus.Production, CreatedAtTicks = DateTime.UtcNow.Ticks, Deleted = false, IsMachineName = false, Pattern = ".*/beta/webapi/*", RegexPattern = ".*/beta/webapi/*", Type = ApiKey.ApplicationType.Browser }; session.Store(explorerKey); } if (!session.Query<AdminContainer>().Any()) { session.Store(new AdminContainer(ConfigurationManager.AppSettings["admin_email"].Split(';'))); } session.SaveChanges(); } }
public KeyCreatedEmailCommand(Account account, ApiKey newKey) { Account = account; NewKey = newKey; }
public WhitelistItems(string key, ApiKey.KeyStatus status) { Key = key; Status = status; }
public LogRequestCommand(ApiKey key, object container, IDocumentStore store) { _store = store; Key = key; Container = container; }
protected override async Task<HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { if (!request.Properties.Any()) { //properties is null under test need to add basic configuration request.Properties.Add(HttpPropertyKeys.HttpConfigurationKey, new HttpConfiguration()); } if (DocumentStore == null || DocumentStore.WasDisposed) { DocumentStore = request.GetDependencyScope().GetService(typeof (IDocumentStore)) as IDocumentStore; } var apikey = await ApiKeyProvider.GetApiFromRequestAsync(request); if (string.IsNullOrWhiteSpace(apikey)) { var response = request.CreateResponse(HttpStatusCode.BadRequest, new ResultContainer { Status = (int) HttpStatusCode.BadRequest, Message = "Missing API key." }, new MediaTypeHeaderValue("application/json")); return response; } using (var s = DocumentStore.OpenSession()) { _invalidResponse = request.CreateResponse(HttpStatusCode.BadRequest, new ResultContainer { Status = (int) HttpStatusCode.BadRequest, Message = "Invalid API key." }, new MediaTypeHeaderValue("application/json")); var key = s.Query<ApiKey, IndexApiKey>() .Customize(c => c.WaitForNonStaleResultsAsOfNow()) .Include(x => x.AccountId) .SingleOrDefault(x => x.Key == apikey); if (key == null && apikey != "agrc-ago") { return _invalidResponse; } var validateUser = true; // TODO: some sort of agency ago whitelist container if (apikey == "agrc-ago") { // referrer: http://utah.maps.arcgis.com/home/webmap/viewer.html?useExisting=1 key = new ApiKey(apikey) { RegexPattern = @"^http(?:s)?://(?:utah\.maps|www)\.arcgis\.com", Type = ApiKey.ApplicationType.Browser, AppStatus = ApiKey.ApplicationStatus.Production }; #if DEBUG key.RegexPattern = ".*"; #endif validateUser = false; } var isWhitelisted = s.Query<WhitelistContainer>() .SingleOrDefault(x => x.Items.Any(y => y.Key == key.Key)); if (isWhitelisted != null) { return await base.SendAsync(request, cancellationToken); } if (validateUser) { var user = s.Load<Account>(key.AccountId); if (user == null || !user.Confirmation.Confirmed) { return request.CreateResponse(HttpStatusCode.BadRequest, new ResultContainer { Status = (int) HttpStatusCode.BadRequest, Message = "Invalid key owner. Key does not belong to user or user has not been confirmed. " + "Browse to your profile and click the confirm button next to your email. " + "Follow the instructions in your inbox." }, new MediaTypeHeaderValue("application/json")); } if (key.Deleted || key.ApiKeyStatus == ApiKey.KeyStatus.Disabled) { return request.CreateResponse(HttpStatusCode.BadRequest, new ResultContainer { Status = (int) HttpStatusCode.BadRequest, Message = "Key no longer exists or has been deactivated." }, new MediaTypeHeaderValue("application/json")); } } var response = await ValidateRequest(key, request, cancellationToken); if (response != null) { return response; } } return await base.SendAsync(request, cancellationToken); }
private async Task<HttpResponseMessage> ValidateRequest(ApiKey key, HttpRequestMessage request, CancellationToken cancellationToken) { if (key.Type == ApiKey.ApplicationType.Browser) { var pattern = new Regex(key.RegexPattern, RegexOptions.IgnoreCase); var referrer = request.Headers.Referrer; var hasOrigin = request.Headers.Where(x => x.Key == Origin).ToList(); if (referrer == null && !hasOrigin.Any()) { return request.CreateResponse(HttpStatusCode.BadRequest, new ResultContainer { Status = (int) HttpStatusCode.BadRequest, Message = "Referrer http header is missing. " + "Turn off any security solutions that hide this header to use this service." }, new MediaTypeHeaderValue("application/json")); } var corsOriginHeader = hasOrigin.FirstOrDefault(); var corsOriginValue = ""; if (corsOriginHeader.Key != null) { corsOriginValue = corsOriginHeader.Value.SingleOrDefault(); } if (key.AppStatus == ApiKey.ApplicationStatus.Development && IsLocalDevelopment(referrer, corsOriginValue)) { return await base.SendAsync(request, cancellationToken); } if (!ApiKeyPatternMatches(pattern, corsOriginValue, referrer)) { return _invalidResponse; } } else { var ip = key.Pattern; var userHostAddress = IpProvider.GetIp(request); if (ip != userHostAddress) { return request.CreateResponse(HttpStatusCode.BadRequest, new ResultContainer { Status = (int) HttpStatusCode.BadRequest, Message = string.Format("Invalid API key. Pattern does not match {0}.", userHostAddress) }, new MediaTypeHeaderValue("application/json")); } } return null; }