private static EmailValidationKeyProvider.ValidationResult CheckValidationKey(string queryString) { var request = BuildRequestFromQueryString(queryString); var type = request["type"]; if (String.IsNullOrEmpty(type) || type.ToLowerInvariant() != ConfirmType.EmailChange.ToString().ToLowerInvariant()) { return(EmailValidationKeyProvider.ValidationResult.Invalid); } var email = request["email"]; if (String.IsNullOrEmpty(email) || !email.TestEmailRegex()) { return(EmailValidationKeyProvider.ValidationResult.Invalid); } var key = request["key"]; if (String.IsNullOrEmpty(key)) { return(EmailValidationKeyProvider.ValidationResult.Invalid); } return(EmailValidationKeyProvider.ValidateEmailKey(email + type, key, SetupInfo.ValidEamilKeyInterval)); }
[Create("sendcongratulations", false)] //NOTE: this method doesn't requires auth!!! public void SendCongratulations(Guid userid, string key) { var authInterval = TimeSpan.FromHours(1); var checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(userid.ToString() + ConfirmType.Auth, key, authInterval); switch (checkKeyResult) { case EmailValidationKeyProvider.ValidationResult.Ok: var currentUser = CoreContext.UserManager.GetUsers(userid); StudioNotifyService.Instance.SendCongratulations(currentUser); FirstTimeTenantSettings.SendInstallInfo(currentUser); if (!SetupInfo.IsSecretEmail(currentUser.Email)) { if (SetupInfo.TfaRegistration == "sms") { StudioSmsNotificationSettings.Enable = true; } else if (SetupInfo.TfaRegistration == "code") { TfaAppAuthSettings.Enable = true; } } break; default: throw new SecurityException("Access Denied."); } }
public void ValidateKeyImmediate() { var k1 = EmailValidationKeyProvider.GetEmailKey("*****@*****.**"); Assert.That(EmailValidationKeyProvider.ValidateEmailKey("*****@*****.**", k1) == EmailValidationKeyProvider.ValidationResult.Ok); Assert.That(EmailValidationKeyProvider.ValidateEmailKey("[email protected]", k1) == EmailValidationKeyProvider.ValidationResult.Invalid); }
private static UserInfo GetUser(string query) { if (SecurityContext.IsAuthenticated) { return(CoreContext.UserManager.GetUsers(SecurityContext.CurrentAccount.ID)); } var queryString = HttpUtility.ParseQueryString(query); var email = (queryString["email"] ?? "").Trim(); var type = typeof(ConfirmType).TryParseEnum(queryString["type"] ?? "", ConfirmType.EmpInvite); var checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(email + type, queryString["key"], SetupInfo.ValidAuthKeyInterval); if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Expired) { throw new Exception(Resource.ErrorExpiredActivationLink); } if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Invalid) { throw new Exception(Resource.ErrorConfirmURLError); } var user = CoreContext.UserManager.GetUserByEmail(email); return(user); }
private static void StreamFile(HttpContext context) { try { var fileId = context.Request[FilesLinkUtility.FileId]; var auth = context.Request[FilesLinkUtility.AuthKey]; var userId = context.Request[CommonLinkUtility.ParamName_UserUserID]; Global.Logger.Debug("BoxApp: get file stream " + fileId); int validateTimespan; int.TryParse(WebConfigurationManager.AppSettings["files.stream-url-minute"], out validateTimespan); if (validateTimespan <= 0) { validateTimespan = 5; } var validateResult = EmailValidationKeyProvider.ValidateEmailKey(fileId + userId, auth, TimeSpan.FromMinutes(validateTimespan)); if (validateResult != EmailValidationKeyProvider.ValidationResult.Ok) { var exc = new HttpException((int)HttpStatusCode.Forbidden, FilesCommonResource.ErrorMassage_SecurityException); Global.Logger.Error(string.Format("BoxApp: validate error {0} {1}: {2}", FilesLinkUtility.AuthKey, validateResult, context.Request.Url), exc); throw exc; } var token = Token.GetToken(AppAttr, userId); if (token == null) { Global.Logger.Error("BoxApp: token is null"); throw new SecurityException("Access token is null"); } var request = WebRequest.Create(BoxUrlFile.Replace("{fileId}", fileId) + "/content"); request.Method = "GET"; request.Headers.Add("Authorization", "Bearer " + token.AccessToken); using (var response = request.GetResponse()) using (var stream = new ResponseStream(response)) { stream.StreamCopyTo(context.Response.OutputStream); } } catch (Exception ex) { context.Response.StatusCode = (int)HttpStatusCode.BadRequest; context.Response.Write(ex.Message); Global.Logger.Error("BoxApp: Error request " + context.Request.Url, ex); } try { context.Response.Flush(); context.Response.End(); } catch (HttpException) { } }
private void StreamFile(HttpContext context) { try { var fileId = context.Request.Query[FilesLinkUtility.FileId]; var auth = context.Request.Query[FilesLinkUtility.AuthKey]; var userId = context.Request.Query[CommonLinkUtility.ParamName_UserUserID]; Logger.Debug("BoxApp: get file stream " + fileId); var validateResult = EmailValidationKeyProvider.ValidateEmailKey(fileId + userId, auth, Global.StreamUrlExpire); if (validateResult != EmailValidationKeyProvider.ValidationResult.Ok) { var exc = new HttpException((int)HttpStatusCode.Forbidden, FilesCommonResource.ErrorMassage_SecurityException); Logger.Error(string.Format("BoxApp: validate error {0} {1}: {2}", FilesLinkUtility.AuthKey, validateResult, context.Request.Url()), exc); throw exc; } Token token = null; if (Guid.TryParse(userId, out var userIdGuid)) { token = TokenHelper.GetToken(AppAttr, userIdGuid); } if (token == null) { Logger.Error("BoxApp: token is null"); throw new SecurityException("Access token is null"); } var request = (HttpWebRequest)WebRequest.Create(BoxUrlFile.Replace("{fileId}", fileId) + "/content"); request.Method = "GET"; request.Headers.Add("Authorization", "Bearer " + token); using var stream = new ResponseStream(request.GetResponse()); stream.CopyTo(context.Response.Body); } catch (Exception ex) { context.Response.StatusCode = (int)HttpStatusCode.BadRequest; context.Response.WriteAsync(ex.Message).Wait(); Logger.Error("BoxApp: Error request " + context.Request.Url(), ex); } try { context.Response.Body.Flush(); //TODO //context.Response.Body.SuppressContent = true; //context.ApplicationInstance.CompleteRequest(); } catch (HttpException ex) { Logger.Error("BoxApp StreamFile", ex); } }
private static void StreamFile(HttpContext context) { try { var id = context.Request[FilesLinkUtility.FileId]; var auth = context.Request[FilesLinkUtility.AuthKey]; int version; int.TryParse(context.Request[FilesLinkUtility.Version], out version); int validateTimespan; int.TryParse(WebConfigurationManager.AppSettings["files.stream-url-minute"], out validateTimespan); if (validateTimespan <= 0) { validateTimespan = 5; } var validateResult = EmailValidationKeyProvider.ValidateEmailKey(id + version, auth, TimeSpan.FromMinutes(validateTimespan)); if (validateResult != EmailValidationKeyProvider.ValidationResult.Ok) { var exc = new HttpException((int)HttpStatusCode.Forbidden, FilesCommonResource.ErrorMassage_SecurityException); Global.Logger.Error(string.Format("{0} {1}: {2}", FilesLinkUtility.AuthKey, validateResult, context.Request.Url), exc); throw exc; } using (var fileDao = Global.DaoFactory.GetFileDao()) { fileDao.InvalidateCache(id); var file = version > 0 ? fileDao.GetFile(id, version) : fileDao.GetFile(id); using (var stream = fileDao.GetFileStream(file)) { context.Response.AddHeader("Content-Length", stream.CanSeek ? stream.Length.ToString(CultureInfo.InvariantCulture) : file.ContentLength.ToString(CultureInfo.InvariantCulture)); stream.StreamCopyTo(context.Response.OutputStream); } } } catch (Exception ex) { context.Response.StatusCode = (int)HttpStatusCode.BadRequest; context.Response.Write(ex.Message); Global.Logger.Error("Error for: " + context.Request.Url, ex); } try { context.Response.Flush(); context.Response.End(); } catch (HttpException) { } }
public void ValidateKey_Delayed() { var k1 = EmailValidationKeyProvider.GetEmailKey("*****@*****.**"); System.Threading.Thread.Sleep(100); Assert.That(EmailValidationKeyProvider.ValidateEmailKey("*****@*****.**", k1, TimeSpan.FromMilliseconds(150)) == EmailValidationKeyProvider.ValidationResult.Ok); System.Threading.Thread.Sleep(100); Assert.That(EmailValidationKeyProvider.ValidateEmailKey("*****@*****.**", k1, TimeSpan.FromMilliseconds(150)) == EmailValidationKeyProvider.ValidationResult.Expired); }
private static void DifferenceFile(HttpContext context) { var id = context.Request[FilesLinkUtility.FileId]; var auth = context.Request[FilesLinkUtility.AuthKey]; int version; int.TryParse(context.Request[FilesLinkUtility.Version] ?? "", out version); var validateResult = EmailValidationKeyProvider.ValidateEmailKey(id + version, auth ?? "", Global.StreamUrlExpire); if (validateResult == EmailValidationKeyProvider.ValidationResult.Ok) { try { using (var fileDao = Global.DaoFactory.GetFileDao()) { fileDao.InvalidateCache(id); var file = version > 0 ? fileDao.GetFile(id, version) : fileDao.GetFile(id); using (var stream = fileDao.GetDifferenceStream(file)) { context.Response.AddHeader("Content-Length", stream.Length.ToString(CultureInfo.InvariantCulture)); stream.StreamCopyTo(context.Response.OutputStream); } } } catch (Exception ex) { context.Response.StatusCode = (int)HttpStatusCode.InternalServerError; context.Response.Write(ex.Message); Global.Logger.Error("Error for: " + context.Request.Url, ex); } } else { var exc = new HttpException((int)HttpStatusCode.Forbidden, FilesCommonResource.ErrorMassage_SecurityException); Global.Logger.Error(string.Format("{0} {1}: {2}", FilesLinkUtility.AuthKey, validateResult, context.Request.Url), exc); context.Response.StatusCode = (int)HttpStatusCode.Forbidden; context.Response.Write(FilesCommonResource.ErrorMassage_SecurityException); } try { context.Response.Flush(); context.Response.End(); } catch (HttpException) { } }
private static void TempFile(HttpContext context) { var fileName = context.Request[FilesLinkUtility.FileTitle]; var auth = context.Request[FilesLinkUtility.AuthKey]; var validateResult = EmailValidationKeyProvider.ValidateEmailKey(fileName, auth ?? "", Global.StreamUrlExpire); if (validateResult != EmailValidationKeyProvider.ValidationResult.Ok) { var exc = new HttpException((int)HttpStatusCode.Forbidden, FilesCommonResource.ErrorMassage_SecurityException); Global.Logger.Error(string.Format("{0} {1}: {2}", FilesLinkUtility.AuthKey, validateResult, context.Request.Url), exc); context.Response.StatusCode = (int)HttpStatusCode.Forbidden; context.Response.Write(FilesCommonResource.ErrorMassage_SecurityException); return; } context.Response.Clear(); context.Response.ContentType = MimeMapping.GetMimeMapping(fileName); context.Response.AddHeader("Content-Disposition", ContentDispositionUtil.GetHeaderValue(fileName)); var store = Global.GetStore(); var path = Path.Combine("temp_stream", fileName); if (!store.IsFile(FileConstant.StorageDomainTmp, path)) { context.Response.StatusCode = (int)HttpStatusCode.NotFound; context.Response.Write(FilesCommonResource.ErrorMassage_FileNotFound); return; } using (var readStream = store.GetReadStream(FileConstant.StorageDomainTmp, path)) { context.Response.AddHeader("Content-Length", readStream.Length.ToString(CultureInfo.InvariantCulture)); readStream.StreamCopyTo(context.Response.OutputStream); } store.Delete(FileConstant.StorageDomainTmp, path); try { context.Response.Flush(); context.Response.SuppressContent = true; context.ApplicationInstance.CompleteRequest(); } catch (HttpException he) { Global.Logger.ErrorFormat("TempFile", he); } }
[Create(@"login", false, false)] //NOTE: this method doesn't requires auth!!! //NOTE: this method doesn't check payment!!! public bool AuthenticateMe(string userName, string password, string key) { var authInterval = TimeSpan.FromMinutes(5); var checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(userName + password + ConfirmType.Auth, key, authInterval); if (checkKeyResult != EmailValidationKeyProvider.ValidationResult.Ok) { throw new SecurityException("Access Denied."); } bool viaEmail; var user = GetUser(userName, password, null, null, out viaEmail); return(user != null); }
[Create("sendcongratulations", false)] //NOTE: this method doesn't requires auth!!! public void SendCongratulations(Guid userid, string key) { var authInterval = TimeSpan.FromHours(1); var checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(userid.ToString() + ConfirmType.Auth, key, authInterval); switch (checkKeyResult) { case EmailValidationKeyProvider.ValidationResult.Ok: var currentUser = CoreContext.UserManager.GetUsers(userid); StudioNotifyService.Instance.SendCongratulations(currentUser); break; default: throw new SecurityException("Access Denied."); } }
private static void License(HttpContext context) { if (!CoreContext.Configuration.Standalone) { context.Response.StatusCode = (int)HttpStatusCode.MethodNotAllowed; return; } try { var id = context.Request[FilesLinkUtility.FileId]; var auth = context.Request[FilesLinkUtility.AuthKey]; var validateResult = EmailValidationKeyProvider.ValidateEmailKey(id, auth, Global.StreamUrlExpire); if (validateResult != EmailValidationKeyProvider.ValidationResult.Ok) { var exc = new HttpException((int)HttpStatusCode.Forbidden, FilesCommonResource.ErrorMassage_SecurityException); Global.Logger.Error(string.Format("{0} {1}: {2}", FilesLinkUtility.AuthKey, validateResult, context.Request.Url), exc); throw exc; } using (var stream = LicenseReader.GetLicenseStream()) { if (stream.CanSeek) { context.Response.AddHeader("Content-Length", stream.Length.ToString(CultureInfo.InvariantCulture)); } stream.StreamCopyTo(context.Response.OutputStream); } } catch (Exception ex) { context.Response.StatusCode = (int)HttpStatusCode.BadRequest; context.Response.Write(ex.Message); Global.Logger.Error("Error for: " + context.Request.Url, ex); } try { context.Response.Flush(); context.Response.End(); } catch (HttpException) { } }
private void DownloadFile(int attachmentId, HttpContext context) { var mailBoxManager = new MailBoxManager(); var auth = context.Request[FilesLinkUtility.AuthKey]; var openTempStream = false; if (!string.IsNullOrEmpty(auth)) { var stream = context.Request.QueryString["stream"]; if (!string.IsNullOrEmpty(stream)) { int validateTimespan; int.TryParse(WebConfigurationManager.AppSettings["files.stream-url-minute"], out validateTimespan); if (validateTimespan <= 0) { validateTimespan = 5; } var validateResult = EmailValidationKeyProvider.ValidateEmailKey(attachmentId + stream, auth, TimeSpan.FromMinutes(validateTimespan)); if (validateResult != EmailValidationKeyProvider.ValidationResult.Ok) { var exc = new HttpException((int)HttpStatusCode.Forbidden, "You don't have enough permission to perform the operation"); //Global.Logger.Error(string.Format("{0} {1}: {2}", CommonLinkUtility.AuthKey, validateResult, context.Request.Url), exc); throw exc; } openTempStream = true; } } using (var file = openTempStream ? mailBoxManager.GetAttachmentStream(attachmentId, TenantId) : mailBoxManager.GetAttachmentStream(attachmentId, TenantId, Username)) { context.Response.AddHeader("Content-Disposition", ContentDispositionUtil.GetHeaderValue(file.FileName)); file.FileStream.StreamCopyTo(context.Response.OutputStream); } }
private void ProcessSmsValidation(UserTransferData uData) { var smsAuthSettings = SettingsManager.Instance.LoadSettings <StudioSmsNotificationSettings>(TenantProvider.CurrentTenantID); if (smsAuthSettings.Enable && SetupInfo.IsVisibleSettings <StudioSmsNotificationSettings>()) { var confKey = CookiesManager.GetCookies(CookiesType.ConfKey); var activated = CoreContext.UserManager.GetUsers(SecurityContext.CurrentAccount.ID).MobilePhoneActivationStatus; if (!String.IsNullOrEmpty(confKey) && EmailValidationKeyProvider.ValidateEmailKey(CoreContext.UserManager.GetUsers(SecurityContext.CurrentAccount.ID).Email, confKey, TimeSpan.FromDays(30)) == EmailValidationKeyProvider.ValidationResult.Ok) { return; } uData.MobilePhoneActivationStatus = activated; uData.ValidationKey = EmailValidationKeyProvider.GetEmailKey(GetEmailKey(uData, activated)); Session["UserTransferData"] = uData; ProcessLogout(); Response.Redirect(String.Format("~/Confirm.aspx?type={0}", activated == MobilePhoneActivationStatus.Activated ? ConfirmType.PhoneAuth : ConfirmType.PhoneActivation)); } }
private static void StreamFile(HttpContext context) { try { var id = context.Request[UrlConstant.FileId]; var ver = context.Request[UrlConstant.Version]; var auth = context.Request[UrlConstant.AuthKey]; if (EmailValidationKeyProvider.ValidateEmailKey(id + ver, auth, TimeSpan.FromMinutes(1)) != EmailValidationKeyProvider.ValidationResult.Ok) { throw new HttpException((int)HttpStatusCode.Forbidden, FilesCommonResource.ErrorMassage_SecurityException); } using (var dao = Global.DaoFactory.GetFileDao()) { var file = dao.GetFile(id, Convert.ToInt32(ver)); using (var stream = dao.GetFileStream(file)) { context.Response.AddHeader("Content-Length", stream.Length.ToString(CultureInfo.InvariantCulture)); stream.StreamCopyTo(context.Response.OutputStream); } } } catch (Exception ex) { context.Response.StatusCode = (int)HttpStatusCode.BadRequest; context.Response.Write(ex.Message); } try { context.Response.Flush(); context.Response.End(); } catch (HttpException) { } }
private bool CheckValidationKey() { var key = Request["key"] ?? ""; var emplType = Request["emplType"] ?? ""; var validInterval = SetupInfo.ValidEamilKeyInterval; var authInterval = TimeSpan.FromHours(1); EmailValidationKeyProvider.ValidationResult checkKeyResult; switch (_type) { case ConfirmType.PortalContinue: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key); break; case ConfirmType.PhoneActivation: case ConfirmType.PhoneAuth: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key, authInterval); break; case ConfirmType.Auth: { var first = Request["first"] ?? ""; var module = Request["module"]; checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + first + module, key, authInterval); if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Ok) { var user = _email.Contains("@") ? CoreContext.UserManager.GetUserByEmail(_email) : CoreContext.UserManager.GetUsers(new Guid(_email)); if (SecurityContext.IsAuthenticated && SecurityContext.CurrentAccount.ID != user.ID) { Auth.ProcessLogout(); } if (!SecurityContext.IsAuthenticated) { if (StudioSmsNotificationSettings.IsVisibleSettings && StudioSmsNotificationSettings.Enable) { Response.Redirect(SmsConfirmUrl(user), true); } var authCookie = SecurityContext.AuthenticateMe(user.ID); CookiesManager.SetCookies(CookiesType.AuthKey, authCookie); MessageService.Send(HttpContext.Current.Request, MessageAction.LoginSuccess, user.DisplayUserName(false)); } AuthRedirect(user, first.ToLower() == "true", module, Request[FilesLinkUtility.FileUri]); } } break; case ConfirmType.DnsChange: { var dnsChangeKey = string.Join(string.Empty, new[] { _email, _type.ToString(), Request["dns"], Request["alias"] }); checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(dnsChangeKey, key, validInterval); } break; case ConfirmType.PortalOwnerChange: { Guid uid; try { uid = new Guid(Request["uid"]); } catch { uid = Guid.Empty; } checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + uid, key, validInterval); } break; case ConfirmType.EmpInvite: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + emplType, key, validInterval); break; case ConfirmType.LinkInvite: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_type + emplType, key, validInterval); break; case ConfirmType.PasswordChange: var userHash = !String.IsNullOrEmpty(Request["p"]) && Request["p"] == "1"; String hash = String.Empty; if (userHash) { hash = CoreContext.Authentication.GetUserPasswordHash(CoreContext.UserManager.GetUserByEmail(_email).ID); } checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + (string.IsNullOrEmpty(hash) ? string.Empty : Hasher.Base64Hash(hash)), key, validInterval); break; default: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key, validInterval); break; } if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Expired) { ShowError(Resource.ErrorExpiredActivationLink); return(false); } if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Invalid) { ShowError(_type == ConfirmType.LinkInvite ? Resource.ErrorInvalidActivationLink : Resource.ErrorConfirmURLError); return(false); } if (!string.IsNullOrEmpty(_email) && !_email.TestEmailRegex()) { ShowError(Resource.ErrorNotCorrectEmail); return(false); } return(true); }
public void ProcessRequest(HttpContext context) { if (_checkAuth && !SecurityContext.IsAuthenticated) { context.Response.StatusCode = (int)HttpStatusCode.Forbidden; return; } var storage = StorageFactory.GetStorage(CoreContext.TenantManager.GetCurrentTenant().TenantId.ToString(CultureInfo.InvariantCulture), _module); var path = _path; var header = context.Request[Constants.QUERY_HEADER] ?? ""; var auth = context.Request[Constants.QUERY_AUTH]; var storageExpire = storage.GetExpire(_domain); if (storageExpire != TimeSpan.Zero && storageExpire != TimeSpan.MinValue && storageExpire != TimeSpan.MaxValue || !string.IsNullOrEmpty(auth)) { var expire = context.Request[Constants.QUERY_EXPIRE]; if (string.IsNullOrEmpty(expire)) { expire = storageExpire.TotalMinutes.ToString(CultureInfo.InvariantCulture); } var validateResult = EmailValidationKeyProvider.ValidateEmailKey(path + "." + header + "." + expire, auth ?? "", TimeSpan.FromMinutes(Convert.ToDouble(expire))); if (validateResult != EmailValidationKeyProvider.ValidationResult.Ok) { context.Response.StatusCode = (int)HttpStatusCode.Forbidden; return; } } if (!storage.IsFile(_domain, path)) { context.Response.StatusCode = (int)HttpStatusCode.NotFound; return; } var headers = header.Length > 0 ? header.Split('&').Select(HttpUtility.UrlDecode) : new string[] { }; const int bigSize = 5 * 1024 * 1024; if (storage.IsSupportInternalUri && bigSize < storage.GetFileSize(_domain, path)) { var uri = storage.GetInternalUri(_domain, path, TimeSpan.FromMinutes(15), headers); context.Response.Cache.SetAllowResponseInBrowserHistory(false); context.Response.Cache.SetCacheability(HttpCacheability.NoCache); context.Response.Redirect(uri.ToString()); return; } string encoding = null; if (storage is DiscDataStore && storage.IsFile(_domain, path + ".gz")) { path += ".gz"; encoding = "gzip"; } var headersToCopy = new List <string> { "Content-Disposition", "Cache-Control", "Content-Encoding", "Content-Language", "Content-Type", "Expires" }; foreach (var h in headers) { var toCopy = headersToCopy.Find(x => h.StartsWith(x)); if (string.IsNullOrEmpty(toCopy)) { continue; } context.Response.Headers[toCopy] = h.Substring(toCopy.Length + 1); } context.Response.ContentType = MimeMapping.GetMimeMapping(path); if (encoding != null) { context.Response.Headers["Content-Encoding"] = encoding; } if (!context.Response.IsClientConnected) { context.Response.End(); return; } using (var stream = storage.GetReadStream(_domain, path)) { context.Response.Buffer = false; long offset = 0; var length = stream.Length; if (stream.CanSeek) { length = ProcessRangeHeader(context, stream.Length, ref offset); stream.Seek(offset, SeekOrigin.Begin); } context.Response.AddHeader("Connection", "Keep-Alive"); context.Response.AddHeader("Content-Length", length.ToString(CultureInfo.InvariantCulture)); try { stream.CopyTo(context.Response.OutputStream); context.Response.Flush(); } catch (Exception e) { LogManager.GetLogger("ASC").Debug("StorageHandler.ProcessRequest", e); context.Response.End(); } } }
private static void StreamFile(HttpContext context) { try { using (var fileDao = Global.DaoFactory.GetFileDao()) { var id = context.Request[FilesLinkUtility.FileId]; int version; if (!int.TryParse(context.Request[FilesLinkUtility.Version] ?? "", out version)) { version = 0; } var doc = context.Request[FilesLinkUtility.DocShareKey]; fileDao.InvalidateCache(id); File file; var linkRight = FileShareLink.Check(doc, fileDao, out file); if (linkRight == FileShare.Restrict && !SecurityContext.IsAuthenticated) { var auth = context.Request[FilesLinkUtility.AuthKey]; var validateResult = EmailValidationKeyProvider.ValidateEmailKey(id + version, auth ?? "", Global.StreamUrlExpire); if (validateResult != EmailValidationKeyProvider.ValidationResult.Ok) { var exc = new HttpException((int)HttpStatusCode.Forbidden, FilesCommonResource.ErrorMassage_SecurityException); Global.Logger.Error(string.Format("{0} {1}: {2}", FilesLinkUtility.AuthKey, validateResult, context.Request.Url), exc); context.Response.StatusCode = (int)HttpStatusCode.Forbidden; context.Response.Write(FilesCommonResource.ErrorMassage_SecurityException); return; } if (!string.IsNullOrEmpty(FileUtility.SignatureSecret)) { try { var header = context.Request.Headers[FileUtility.SignatureHeader]; if (string.IsNullOrEmpty(header) || !header.StartsWith("Bearer ")) { throw new Exception("Invalid header " + header); } header = header.Substring("Bearer ".Length); JsonWebToken.JsonSerializer = new DocumentService.JwtSerializer(); var stringPayload = JsonWebToken.Decode(header, FileUtility.SignatureSecret); Global.Logger.Debug("DocService StreamFile payload: " + stringPayload); //var data = JObject.Parse(stringPayload); //if (data == null) //{ // throw new ArgumentException("DocService StreamFile header is incorrect"); //} //var signedStringUrl = data["url"] ?? (data["payload"] != null ? data["payload"]["url"] : null); //if (signedStringUrl == null) //{ // throw new ArgumentException("DocService StreamFile header url is incorrect"); //} //var signedUrl = new Uri(signedStringUrl.ToString()); //var signedQuery = signedUrl.Query; //if (!context.Request.Url.Query.Equals(signedQuery)) //{ // throw new SecurityException(string.Format("DocService StreamFile header id not equals: {0} and {1}", context.Request.Url.Query, signedQuery)); //} } catch (Exception ex) { Global.Logger.Error("Download stream header " + context.Request.Url, ex); context.Response.StatusCode = (int)HttpStatusCode.Forbidden; context.Response.Write(FilesCommonResource.ErrorMassage_SecurityException); return; } } } if (file == null || version > 0 && file.Version != version) { file = version > 0 ? fileDao.GetFile(id, version) : fileDao.GetFile(id); } if (file == null) { context.Response.StatusCode = (int)HttpStatusCode.NotFound; return; } if (linkRight == FileShare.Restrict && SecurityContext.IsAuthenticated && !Global.GetFilesSecurity().CanRead(file)) { context.Response.StatusCode = (int)HttpStatusCode.Forbidden; return; } if (!string.IsNullOrEmpty(file.Error)) { context.Response.StatusDescription = file.Error; context.Response.StatusCode = (int)HttpStatusCode.BadRequest; return; } context.Response.AddHeader("Content-Disposition", ContentDispositionUtil.GetHeaderValue(file.Title)); context.Response.ContentType = MimeMapping.GetMimeMapping(file.Title); using (var stream = fileDao.GetFileStream(file)) { context.Response.AddHeader("Content-Length", stream.CanSeek ? stream.Length.ToString(CultureInfo.InvariantCulture) : file.ContentLength.ToString(CultureInfo.InvariantCulture)); stream.StreamCopyTo(context.Response.OutputStream); } } } catch (Exception ex) { Global.Logger.Error("Error for: " + context.Request.Url, ex); context.Response.StatusCode = (int)HttpStatusCode.InternalServerError; context.Response.Write(ex.Message); return; } try { context.Response.Flush(); context.Response.SuppressContent = true; context.ApplicationInstance.CompleteRequest(); } catch (HttpException he) { Global.Logger.ErrorFormat("StreamFile", he); } }
private static void DifferenceFile(HttpContext context) { try { using (var fileDao = Global.DaoFactory.GetFileDao()) { var id = context.Request[FilesLinkUtility.FileId]; int version; int.TryParse(context.Request[FilesLinkUtility.Version] ?? "", out version); var doc = context.Request[FilesLinkUtility.DocShareKey]; File file; var linkRight = FileShareLink.Check(doc, fileDao, out file); if (linkRight == FileShare.Restrict && !SecurityContext.IsAuthenticated) { var auth = context.Request[FilesLinkUtility.AuthKey]; var validateResult = EmailValidationKeyProvider.ValidateEmailKey(id + version, auth ?? "", Global.StreamUrlExpire); if (validateResult != EmailValidationKeyProvider.ValidationResult.Ok) { var exc = new HttpException((int)HttpStatusCode.Forbidden, FilesCommonResource.ErrorMassage_SecurityException); Global.Logger.Error(string.Format("{0} {1}: {2}", FilesLinkUtility.AuthKey, validateResult, context.Request.Url), exc); context.Response.StatusCode = (int)HttpStatusCode.Forbidden; context.Response.Write(FilesCommonResource.ErrorMassage_SecurityException); return; } } fileDao.InvalidateCache(id); if (file == null || version > 0 && file.Version != version) { file = version > 0 ? fileDao.GetFile(id, version) : fileDao.GetFile(id); } if (file == null) { context.Response.StatusCode = (int)HttpStatusCode.NotFound; return; } if (linkRight == FileShare.Restrict && SecurityContext.IsAuthenticated && !Global.GetFilesSecurity().CanRead(file)) { context.Response.StatusCode = (int)HttpStatusCode.Forbidden; return; } if (!string.IsNullOrEmpty(file.Error)) { context.Response.StatusDescription = file.Error; context.Response.StatusCode = (int)HttpStatusCode.BadRequest; return; } context.Response.AddHeader("Content-Disposition", ContentDispositionUtil.GetHeaderValue(".zip")); context.Response.ContentType = MimeMapping.GetMimeMapping(".zip"); using (var stream = fileDao.GetDifferenceStream(file)) { context.Response.AddHeader("Content-Length", stream.Length.ToString(CultureInfo.InvariantCulture)); stream.StreamCopyTo(context.Response.OutputStream); } } } catch (Exception ex) { context.Response.StatusCode = (int)HttpStatusCode.InternalServerError; context.Response.Write(ex.Message); Global.Logger.Error("Error for: " + context.Request.Url, ex); return; } try { context.Response.Flush(); context.Response.SuppressContent = true; context.ApplicationInstance.CompleteRequest(); } catch (HttpException he) { Global.Logger.ErrorFormat("DifferenceFile", he); } }
private static void DownloadFile(int attachmentId, HttpContext context) { var auth = context.Request[FilesLinkUtility.AuthKey]; var openTempStream = false; if (!string.IsNullOrEmpty(auth)) { var stream = context.Request.QueryString["stream"]; if (!string.IsNullOrEmpty(stream)) { int validateTimespan; int.TryParse(ConfigurationManagerExtension.AppSettings["files.stream-url-minute"], out validateTimespan); if (validateTimespan <= 0) { validateTimespan = 5; } var validateResult = EmailValidationKeyProvider.ValidateEmailKey(attachmentId + stream, auth, TimeSpan.FromMinutes(validateTimespan)); if (validateResult != EmailValidationKeyProvider.ValidationResult.Ok) { var exc = new HttpException((int)HttpStatusCode.Forbidden, "You don't have enough permission to perform the operation"); //Global.Logger.Error(string.Format("{0} {1}: {2}", CommonLinkUtility.AuthKey, validateResult, context.Request.Url), exc); throw exc; } openTempStream = true; } } else { if (!SecurityContext.IsAuthenticated) { throw new HttpException(403, "Access denied."); } } var engine = new EngineFactory(TenantId, Username); var attachment = engine.AttachmentEngine.GetAttachment( openTempStream ? (IAttachmentExp) new ConcreteTenantAttachmentExp(attachmentId, TenantId) : new ConcreteUserAttachmentExp(attachmentId, TenantId, Username)); long offset = 0; long endOffset = -1; long length = attachment.size; if (context.Request.Headers["Range"] != null) { var range = context.Request.Headers["Range"].Split('=', '-'); offset = Convert.ToInt64(range[1]); if (range.Count() > 2 && !string.IsNullOrEmpty(range[2])) { endOffset = Convert.ToInt64(range[2]); } if (endOffset < 0 || endOffset >= attachment.size) { endOffset = attachment.size - 1; } length = endOffset - offset + 1; if (length <= 0) { throw new HttpException("Wrong Range header"); } context.Response.StatusCode = 206; context.Response.AddHeader("Content-Range", String.Format(" bytes {0}-{1}/{2}", offset, endOffset, attachment.size)); } using (var file = attachment.ToAttachmentStream((int)offset)) { context.Response.AddHeader("Accept-Ranges", "bytes"); context.Response.AddHeader("Content-Length", length.ToString(CultureInfo.InvariantCulture)); context.Response.AddHeader("Content-Disposition", ContentDispositionUtil.GetHeaderValue(file.FileName)); context.Response.ContentType = MimeMapping.GetMimeMapping(file.FileName); if (endOffset != attachment.size - 1) { file.FileStream.CopyTo(context.Response.OutputStream); } else { file.FileStream.StreamCopyTo(context.Response.OutputStream, (int)length); } } }
public void DebugValidation() { EmailValidationKeyProvider.ValidateEmailKey("*****@*****.**", "123075394398.ZVJMVHKNEF67EHMKX7EHZTYEP8CSG4SSBX8E28OPNS8"); }
private bool CheckValidationKey() { var key = Request["key"] ?? ""; var emplType = Request["emplType"] ?? ""; var social = Request["social"] ?? ""; var validInterval = SetupInfo.ValidEmailKeyInterval; var authInterval = SetupInfo.ValidAuthKeyInterval; EmailValidationKeyProvider.ValidationResult checkKeyResult; switch (_type) { case ConfirmType.PortalContinue: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key); break; case ConfirmType.PhoneActivation: case ConfirmType.PhoneAuth: case ConfirmType.TfaActivation: case ConfirmType.TfaAuth: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key, authInterval); break; case ConfirmType.Auth: { var first = Request["first"] ?? ""; var module = Request["module"] ?? ""; var smsConfirm = Request["sms"] ?? ""; checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + first + module + smsConfirm, key, authInterval); if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Ok) { var user = _email.Contains("@") ? CoreContext.UserManager.GetUserByEmail(_email) : CoreContext.UserManager.GetUsers(new Guid(_email)); if (SecurityContext.IsAuthenticated && SecurityContext.CurrentAccount.ID != user.ID) { Auth.ProcessLogout(); } if (!SecurityContext.IsAuthenticated) { if (!CoreContext.UserManager.UserExists(user.ID) || user.Status != EmployeeStatus.Active) { ShowError(Auth.MessageKey.ErrorUserNotFound); return(false); } if (StudioSmsNotificationSettings.IsVisibleAndAvailableSettings && StudioSmsNotificationSettings.Enable && smsConfirm.ToLower() != "true") { //todo: think about 'first' & 'module' Response.Redirect(SmsConfirmUrl(user), true); } if (TfaAppAuthSettings.IsVisibleSettings && TfaAppAuthSettings.Enable) { //todo: think about 'first' & 'module' Response.Redirect(TfaConfirmUrl(user), true); } var messageAction = social == "true" ? MessageAction.LoginSuccessViaSocialAccount : MessageAction.LoginSuccess; CookiesManager.AuthenticateMeAndSetCookies(user.Tenant, user.ID, messageAction); } SetDefaultModule(module); AuthRedirect(first.ToLower() == "true"); } } break; case ConfirmType.DnsChange: { var dnsChangeKey = string.Join(string.Empty, new[] { _email, _type.ToString(), Request["dns"], Request["alias"] }); checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(dnsChangeKey, key, validInterval); } break; case ConfirmType.PortalOwnerChange: { Guid uid; try { uid = new Guid(Request["uid"]); } catch { uid = Guid.Empty; } checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + uid, key, validInterval); } break; case ConfirmType.EmpInvite: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + emplType, key, validInterval); break; case ConfirmType.LinkInvite: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_type + emplType, key, validInterval); break; case ConfirmType.EmailChange: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + SecurityContext.CurrentAccount.ID, key, validInterval); break; case ConfirmType.PasswordChange: var userInfo = CoreContext.UserManager.GetUserByEmail(_email); var auditEvent = AuditEventsRepository.GetByFilter(action: MessageAction.UserSentPasswordChangeInstructions, entry: EntryType.User, target: MessageTarget.Create(userInfo.ID).ToString(), limit: 1).FirstOrDefault(); var passwordStamp = CoreContext.Authentication.GetUserPasswordStamp(userInfo.ID); string hash; if (auditEvent != null) { var auditEventDate = TenantUtil.DateTimeToUtc(auditEvent.Date); hash = (auditEventDate.CompareTo(passwordStamp) > 0 ? auditEventDate : passwordStamp).ToString("s"); } else { hash = passwordStamp.ToString("s"); } checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + hash, key, validInterval); break; default: checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key, validInterval); break; } if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Expired) { ShowError(Auth.MessageKey.ErrorExpiredActivationLink); return(false); } if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Invalid) { ShowError(_type == ConfirmType.LinkInvite ? Auth.MessageKey.ErrorInvalidActivationLink : Auth.MessageKey.ErrorConfirmURLError); return(false); } if (!string.IsNullOrEmpty(_email) && !_email.TestEmailRegex()) { ShowError(Auth.MessageKey.ErrorNotCorrectEmail); return(false); } return(true); }
private static void TrackFile(HttpContext context) { var auth = context.Request[FilesLinkUtility.AuthKey]; var fileId = context.Request[FilesLinkUtility.FileId]; Global.Logger.Debug("DocService track fileid: " + fileId); var callbackSpan = TimeSpan.FromDays(128); var validateResult = EmailValidationKeyProvider.ValidateEmailKey(fileId, auth ?? "", callbackSpan); if (validateResult != EmailValidationKeyProvider.ValidationResult.Ok) { Global.Logger.ErrorFormat("DocService track auth error: {0}, {1}: {2}", validateResult.ToString(), FilesLinkUtility.AuthKey, auth); throw new HttpException((int)HttpStatusCode.Forbidden, FilesCommonResource.ErrorMassage_SecurityException); } JToken data; if (!string.IsNullOrEmpty(FileUtility.SignatureSecret)) { var header = context.Request.Headers[FileUtility.SignatureHeader]; if (string.IsNullOrEmpty(header) || !header.StartsWith("Bearer ")) { Global.Logger.Error("DocService track header is null"); throw new HttpException((int)HttpStatusCode.Forbidden, FilesCommonResource.ErrorMassage_SecurityException); } header = header.Substring("Bearer ".Length); try { JsonWebToken.JsonSerializer = new DocumentService.JwtSerializer(); var stringPayload = JsonWebToken.Decode(header, FileUtility.SignatureSecret); Global.Logger.Debug("DocService track payload: " + stringPayload); var jsonPayload = JObject.Parse(stringPayload); data = jsonPayload["payload"]; } catch (SignatureVerificationException ex) { Global.Logger.Error("DocService track header", ex); throw new HttpException((int)HttpStatusCode.Forbidden, ex.Message); } } else { try { string body; using (var receiveStream = context.Request.InputStream) using (var readStream = new StreamReader(receiveStream)) { body = readStream.ReadToEnd(); } Global.Logger.Debug("DocService track body: " + body); if (string.IsNullOrEmpty(body)) { throw new ArgumentException("DocService return null"); } data = JToken.Parse(body); } catch (Exception e) { Global.Logger.Error("DocService track error read body", e); throw new HttpException((int)HttpStatusCode.BadRequest, e.Message); } } string error; try { if (data == null) { throw new ArgumentException("DocService response is incorrect"); } var fileData = data.ToObject <DocumentServiceTracker.TrackerData>(); error = DocumentServiceTracker.ProcessData(fileId, fileData); } catch (Exception e) { Global.Logger.Error("DocService track:", e); throw new HttpException((int)HttpStatusCode.BadRequest, e.Message); } context.Response.Write(string.Format("{{\"error\":{0}}}", (error ?? "0"))); }
protected void Page_Load(object sender, EventArgs e) { Page.Title = HeaderStringHelper.GetPageTitle(Resource.AccountControlPageTitle); Master.DisabledSidePanel = true; Master.TopStudioPanel.DisableProductNavigation = true; Master.TopStudioPanel.DisableUserInfo = true; Master.TopStudioPanel.DisableSearch = true; Master.TopStudioPanel.DisableSettings = true; Master.TopStudioPanel.DisableVideo = true; _tenantInfoSettings = SettingsManager.Instance.LoadSettings <TenantInfoSettings>(TenantProvider.CurrentTenantID); var email = Request["email"] ?? ""; var key = Request["key"] ?? ""; var emplType = Request["emplType"] ?? ""; var type = typeof(ConfirmType).TryParseEnum(Request["type"] ?? "", ConfirmType.EmpInvite); var validInterval = SetupInfo.ValidEamilKeyInterval; var authInterval = TimeSpan.FromHours(1); EmailValidationKeyProvider.ValidationResult checkKeyResult; UserInfo user = null; var tenant = CoreContext.TenantManager.GetCurrentTenant(); if (tenant.Status != TenantStatus.Active && type != ConfirmType.PortalContinue) { Response.Redirect(SetupInfo.NoTenantRedirectURL, true); } if (type == ConfirmType.DnsChange) { var dnsChangeKey = string.Join(string.Empty, new[] { email, type.ToString(), Request["dns"], Request["alias"] }); checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(dnsChangeKey, key, validInterval); } else if (type == ConfirmType.PortalContinue) { checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(email + type.ToString(), key); } else if ((type == ConfirmType.EmpInvite || type == ConfirmType.Activation) && !String.IsNullOrEmpty(emplType)) { checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(email + type.ToString() + emplType, key, validInterval); } else if (type == ConfirmType.PasswordChange) { //Check activation signature checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(email + type.ToString(), key, validInterval); } else if (type == ConfirmType.PortalOwnerChange && !String.IsNullOrEmpty(Request["uid"])) { var uid = Guid.Empty; try { uid = new Guid(Request["uid"]); } catch { } checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(email + type.ToString() + uid.ToString(), key, validInterval); } else if (type == ConfirmType.ProfileRemove && !(String.IsNullOrEmpty(Request["email"]) || String.IsNullOrEmpty(Request["key"]))) { user = CoreContext.UserManager.GetUserByEmail(email); if (user.ID.Equals(Constants.LostUser.ID)) { ShowError(Resource.ErrorUserNotFound); return; } checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(email + type.ToString(), key, validInterval); } else if (type == ConfirmType.EmpInvite && String.IsNullOrEmpty(email)) { checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(email + type.ToString(), key, TimeSpan.FromDays(3)); } else if (type == ConfirmType.PhoneAuth || type == ConfirmType.PhoneActivation) { checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(email + type.ToString(), key, authInterval); } else if (type == ConfirmType.Auth) { if (SecurityContext.IsAuthenticated) { Response.Redirect(CommonLinkUtility.GetDefault()); } checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(email + type.ToString(), key, authInterval); if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Ok) { user = CoreContext.UserManager.GetUserByEmail(email); var authCookie = SecurityContext.AuthenticateMe(user.ID); CookiesManager.SetCookies(CookiesType.AuthKey, authCookie); Response.Redirect(CommonLinkUtility.GetDefault()); return; } } else { checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(email + type.ToString() + emplType, key, validInterval); } if (type == ConfirmType.PhoneActivation && SecurityContext.IsAuthenticated) { Master.TopStudioPanel.DisableUserInfo = false; } if ((!email.TestEmailRegex() || checkKeyResult != EmailValidationKeyProvider.ValidationResult.Ok) && type != ConfirmType.LinkInvite) { ShowError(Resource.ErrorConfirmURLError); return; } if (!email.TestEmailRegex() && type != ConfirmType.LinkInvite) { ShowError(Resource.ErrorNotCorrectEmail); return; } if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Invalid) { //If check failed ShowError(Resource.ErrorInvalidActivationLink); return; } if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Expired) { //If link expired ShowError(Resource.ErrorExpiredActivationLink); return; } switch (type) { //Invite case ConfirmType.EmpInvite: case ConfirmType.LinkInvite: case ConfirmType.Activation: _confirmHolder2.Controls.Add(LoadControl(ConfirmInviteActivation.Location)); _contentWithControl.Visible = false; break; case ConfirmType.EmailChange: case ConfirmType.PasswordChange: _confirmHolder.Controls.Add(LoadControl(ConfirmActivation.Location)); break; case ConfirmType.EmailActivation: ProcessEmailActivation(email); break; case ConfirmType.PortalRemove: case ConfirmType.PortalSuspend: case ConfirmType.PortalContinue: case ConfirmType.DnsChange: _confirmHolder.Controls.Add(LoadControl(ConfirmPortalActivity.Location)); break; case ConfirmType.PortalOwnerChange: _confirmHolder.Controls.Add(LoadControl(ConfirmPortalOwner.Location)); break; case ConfirmType.ProfileRemove: var control = (ProfileOperation)LoadControl(ProfileOperation.Location); control.Key = key; control.Email = email; control.User = user; _confirmHolder.Controls.Add(control); break; case ConfirmType.PhoneActivation: case ConfirmType.PhoneAuth: var confirmMobileActivation = (ConfirmMobileActivation)LoadControl(ConfirmMobileActivation.Location); confirmMobileActivation.Activation = type == ConfirmType.PhoneActivation; confirmMobileActivation.User = CoreContext.UserManager.GetUserByEmail(email); _confirmHolder.Controls.Add(confirmMobileActivation); break; } }
private static void StreamFile(HttpContext context) { var id = context.Request[FilesLinkUtility.FileId]; var auth = context.Request[FilesLinkUtility.AuthKey]; int version; int.TryParse(context.Request[FilesLinkUtility.Version] ?? "", out version); var validateResult = EmailValidationKeyProvider.ValidateEmailKey(id + version, auth ?? "", Global.StreamUrlExpire); if (validateResult != EmailValidationKeyProvider.ValidationResult.Ok) { var exc = new HttpException((int)HttpStatusCode.Forbidden, FilesCommonResource.ErrorMassage_SecurityException); Global.Logger.Error(string.Format("{0} {1}: {2}", FilesLinkUtility.AuthKey, validateResult, context.Request.Url), exc); context.Response.StatusCode = (int)HttpStatusCode.Forbidden; context.Response.Write(FilesCommonResource.ErrorMassage_SecurityException); return; } if (!string.IsNullOrEmpty(FileUtility.SignatureSecret)) { try { var header = context.Request.Headers[FileUtility.SignatureHeader]; if (string.IsNullOrEmpty(header) || !header.StartsWith("Bearer ")) { throw new Exception("header is null"); } header = header.Substring("Bearer ".Length); JsonWebToken.JsonSerializer = new DocumentService.JwtSerializer(); JsonWebToken.Decode(header, FileUtility.SignatureSecret); } catch (Exception ex) { Global.Logger.Error("Download stream header", ex); context.Response.StatusCode = (int)HttpStatusCode.Forbidden; context.Response.Write(FilesCommonResource.ErrorMassage_SecurityException); return; } } try { using (var fileDao = Global.DaoFactory.GetFileDao()) { fileDao.InvalidateCache(id); var file = version > 0 ? fileDao.GetFile(id, version) : fileDao.GetFile(id); if (!string.IsNullOrEmpty(file.Error)) { throw new Exception(file.Error); } using (var stream = fileDao.GetFileStream(file)) { context.Response.AddHeader("Content-Length", stream.CanSeek ? stream.Length.ToString(CultureInfo.InvariantCulture) : file.ContentLength.ToString(CultureInfo.InvariantCulture)); stream.StreamCopyTo(context.Response.OutputStream); } } } catch (Exception ex) { Global.Logger.Error("Error for: " + context.Request.Url, ex); context.Response.StatusCode = (int)HttpStatusCode.InternalServerError; context.Response.Write(ex.Message); return; } try { context.Response.Flush(); context.Response.End(); } catch (HttpException) { } }
private void StreamFile(HttpContext context) { try { var fileId = context.Request.Query[FilesLinkUtility.FileId]; var auth = context.Request.Query[FilesLinkUtility.AuthKey]; var userId = context.Request.Query[CommonLinkUtility.ParamName_UserUserID]; Logger.Debug("GoogleDriveApp: get file stream " + fileId); var validateResult = EmailValidationKeyProvider.ValidateEmailKey(fileId + userId, auth, Global.StreamUrlExpire); if (validateResult != EmailValidationKeyProvider.ValidationResult.Ok) { var exc = new HttpException((int)HttpStatusCode.Forbidden, FilesCommonResource.ErrorMassage_SecurityException); Logger.Error(string.Format("GoogleDriveApp: validate error {0} {1}: {2}", FilesLinkUtility.AuthKey, validateResult, context.Request.Url()), exc); throw exc; } Token token = null; if (Guid.TryParse(userId, out var userIdGuid)) { token = TokenHelper.GetToken(AppAttr, userIdGuid); } if (token == null) { Logger.Error("BoxApp: token is null"); throw new SecurityException("Access token is null"); } var driveFile = GetDriveFile(fileId, token); var jsonFile = JObject.Parse(driveFile); var downloadUrl = GoogleLoginProvider.GoogleUrlFile + fileId + "?alt=media"; if (string.IsNullOrEmpty(downloadUrl)) { Logger.Error("GoogleDriveApp: downloadUrl is null"); throw new Exception("downloadUrl is null"); } Logger.Debug("GoogleDriveApp: get file stream downloadUrl - " + downloadUrl); var request = (HttpWebRequest)WebRequest.Create(downloadUrl); request.Method = "GET"; request.Headers.Add("Authorization", "Bearer " + token); using (var response = request.GetResponse()) using (var stream = new ResponseStream(response)) { stream.CopyTo(context.Response.Body); var contentLength = jsonFile.Value <string>("size"); Logger.Debug("GoogleDriveApp: get file stream contentLength - " + contentLength); context.Response.Headers.Add("Content-Length", contentLength); } } catch (Exception ex) { context.Response.StatusCode = (int)HttpStatusCode.BadRequest; context.Response.WriteAsync(ex.Message).Wait(); Logger.Error("GoogleDriveApp: Error request " + context.Request.Url(), ex); } try { context.Response.Body.Flush(); //TODO //context.Response.SuppressContent = true; //context.ApplicationInstance.CompleteRequest(); } catch (HttpException ex) { Logger.Error("GoogleDriveApp StreamFile", ex); } }
public string PortalRemove(string email, string key) { email = (email ?? "").Trim(); if (!string.IsNullOrEmpty(email) && !email.TestEmailRegex()) { throw new ArgumentException(Resource.ErrorNotCorrectEmail); } var checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(email + ConfirmType.PortalRemove, key, SetupInfo.ValidEmailKeyInterval); if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Expired) { throw new ExpiredTokenException(Resource.ErrorExpiredActivationLink); } if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Invalid) { throw new SecurityAccessDeniedException(Resource.ErrorConfirmURLError); } var curTenant = CoreContext.TenantManager.GetCurrentTenant(); var tariff = CoreContext.TenantManager.GetTenantQuota(curTenant.TenantId); CoreContext.TenantManager.RemoveTenant(curTenant.TenantId); if (!String.IsNullOrEmpty(ApiSystemHelper.ApiCacheUrl)) { ApiSystemHelper.RemoveTenantFromCache(curTenant.TenantAlias); } var currentUser = CoreContext.UserManager.GetUsers(curTenant.OwnerId); var redirectLink = SetupInfo.TeamlabSiteRedirect + "/remove-portal-feedback-form.aspx#" + Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes("{\"firstname\":\"" + currentUser.FirstName + "\",\"lastname\":\"" + currentUser.LastName + "\",\"alias\":\"" + curTenant.TenantAlias + "\",\"email\":\"" + currentUser.Email + "\"}")); var authed = false; try { if (!SecurityContext.IsAuthenticated) { SecurityContext.AuthenticateMe(ASC.Core.Configuration.Constants.CoreSystem); authed = true; } MessageService.Send(HttpContext.Current.Request, MessageAction.PortalDeleted); } finally { if (authed) { SecurityContext.Logout(); } } _successMessage = string.Format(Resource.DeletePortalSuccessMessage, "<br/>", "<a href=\"{0}\">", "</a>"); _successMessage = string.Format(_successMessage, redirectLink); StudioNotifyService.Instance.SendMsgPortalDeletionSuccess(curTenant, tariff, redirectLink); return(JsonConvert.SerializeObject( new { successMessage = _successMessage, redirectLink = redirectLink } )); }
private static void StreamFile(HttpContext context) { try { var fileId = context.Request[FilesLinkUtility.FileId]; var auth = context.Request[FilesLinkUtility.AuthKey]; var userId = context.Request[CommonLinkUtility.ParamName_UserUserID]; Global.Logger.Debug("GoogleDriveApp: get file stream " + fileId); var validateResult = EmailValidationKeyProvider.ValidateEmailKey(fileId + userId, auth, Global.StreamUrlExpire); if (validateResult != EmailValidationKeyProvider.ValidationResult.Ok) { var exc = new HttpException((int)HttpStatusCode.Forbidden, FilesCommonResource.ErrorMassage_SecurityException); Global.Logger.Error(string.Format("GoogleDriveApp: validate error {0} {1}: {2}", FilesLinkUtility.AuthKey, validateResult, context.Request.Url), exc); throw exc; } var token = Token.GetToken(AppAttr, userId); var driveFile = GetDriveFile(fileId, token); var jsonFile = JObject.Parse(driveFile); var downloadUrl = GoogleLoginProvider.GoogleUrlFile + fileId + "?alt=media"; if (string.IsNullOrEmpty(downloadUrl)) { Global.Logger.Error("GoogleDriveApp: downloadUrl is null"); throw new Exception("downloadUrl is null"); } Global.Logger.Debug("GoogleDriveApp: get file stream downloadUrl - " + downloadUrl); var request = (HttpWebRequest)WebRequest.Create(downloadUrl); request.Method = "GET"; request.Headers.Add("Authorization", "Bearer " + token); using (var response = request.GetResponse()) using (var stream = new ResponseStream(response)) { stream.StreamCopyTo(context.Response.OutputStream); var contentLength = jsonFile.Value <string>("size"); Global.Logger.Debug("GoogleDriveApp: get file stream contentLength - " + contentLength); context.Response.AddHeader("Content-Length", contentLength); } } catch (Exception ex) { context.Response.StatusCode = (int)HttpStatusCode.BadRequest; context.Response.Write(ex.Message); Global.Logger.Error("GoogleDriveApp: Error request " + context.Request.Url, ex); } try { context.Response.Flush(); context.Response.End(); } catch (HttpException) { } }
public void ProcessRequest(HttpContext context) { if (_checkAuth && !SecurityContext.IsAuthenticated) { context.Response.StatusCode = (int)HttpStatusCode.Forbidden; return; } var storage = StorageFactory.GetStorage(CoreContext.TenantManager.GetCurrentTenant().TenantId.ToString(CultureInfo.InvariantCulture), _module); var path = _path; var header = context.Request[Constants.QUERY_HEADER] ?? ""; var auth = context.Request[Constants.QUERY_AUTH]; var storageExpire = storage.GetExpire(_domain); if (storageExpire != TimeSpan.Zero && storageExpire != TimeSpan.MinValue && storageExpire != TimeSpan.MaxValue || !string.IsNullOrEmpty(auth)) { var expire = context.Request[Constants.QUERY_EXPIRE]; if (string.IsNullOrEmpty(expire)) { expire = storageExpire.TotalMinutes.ToString(CultureInfo.InvariantCulture); } var validateResult = EmailValidationKeyProvider.ValidateEmailKey(path + "." + header + "." + expire, auth ?? "", TimeSpan.FromMinutes(Convert.ToDouble(expire))); if (validateResult != EmailValidationKeyProvider.ValidationResult.Ok) { context.Response.StatusCode = (int)HttpStatusCode.Forbidden; return; } } if (!storage.IsFile(_domain, path)) { context.Response.StatusCode = (int)HttpStatusCode.NotFound; return; } var headers = header.Length > 0 ? header.Split('&') : new string[] { }; const int bigSize = 5 * 1024 * 1024; if (storage.IsSupportInternalUri && bigSize < storage.GetFileSize(_domain, path)) { var uri = storage.GetInternalUri(_domain, path, TimeSpan.FromMinutes(15), headers); context.Response.Cache.SetAllowResponseInBrowserHistory(false); context.Response.Cache.SetCacheability(HttpCacheability.NoCache); context.Response.Redirect(uri.ToString()); return; } string encoding = null; if (storage is DiscDataStore && storage.IsFile(_domain, path + ".gz")) { path += ".gz"; encoding = "gzip"; } using (var stream = storage.GetReadStream(_domain, path)) { stream.StreamCopyTo(context.Response.OutputStream); } foreach (var h in headers) { if (h.StartsWith("Content-Disposition")) { context.Response.Headers["Content-Disposition"] = h.Substring("Content-Disposition".Length + 1); } else if (h.StartsWith("Cache-Control")) { context.Response.Headers["Cache-Control"] = h.Substring("Cache-Control".Length + 1); } else if (h.StartsWith("Content-Encoding")) { context.Response.Headers["Content-Encoding"] = h.Substring("Content-Encoding".Length + 1); } else if (h.StartsWith("Content-Language")) { context.Response.Headers["Content-Language"] = h.Substring("Content-Language".Length + 1); } else if (h.StartsWith("Content-Type")) { context.Response.Headers["Content-Type"] = h.Substring("Content-Type".Length + 1); } else if (h.StartsWith("Expires")) { context.Response.Headers["Expires"] = h.Substring("Expires".Length + 1); } } context.Response.ContentType = MimeMapping.GetMimeMapping(path); if (encoding != null) { context.Response.Headers["Content-Encoding"] = encoding; } }