private static EmailValidationKeyProvider.ValidationResult CheckValidationKey(string queryString)
{
var request = BuildRequestFromQueryString(queryString);
var type = request["type"];
if (String.IsNullOrEmpty(type) || type.ToLowerInvariant() != ConfirmType.EmailChange.ToString().ToLowerInvariant())
{
return(EmailValidationKeyProvider.ValidationResult.Invalid);
}
var email = request["email"];
if (String.IsNullOrEmpty(email) || !email.TestEmailRegex())
{
return(EmailValidationKeyProvider.ValidationResult.Invalid);
}
var key = request["key"];
if (String.IsNullOrEmpty(key))
{
return(EmailValidationKeyProvider.ValidationResult.Invalid);
}
return(EmailValidationKeyProvider.ValidateEmailKey(email + type, key, SetupInfo.ValidEamilKeyInterval));
}
[Create("sendcongratulations", false)] //NOTE: this method doesn't requires auth!!!
public void SendCongratulations(Guid userid, string key)
{
var authInterval = TimeSpan.FromHours(1);
var checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(userid.ToString() + ConfirmType.Auth, key, authInterval);
switch (checkKeyResult)
{
case EmailValidationKeyProvider.ValidationResult.Ok:
var currentUser = CoreContext.UserManager.GetUsers(userid);
StudioNotifyService.Instance.SendCongratulations(currentUser);
FirstTimeTenantSettings.SendInstallInfo(currentUser);
if (!SetupInfo.IsSecretEmail(currentUser.Email))
{
if (SetupInfo.TfaRegistration == "sms")
{
StudioSmsNotificationSettings.Enable = true;
}
else if (SetupInfo.TfaRegistration == "code")
{
TfaAppAuthSettings.Enable = true;
}
}
break;
default:
throw new SecurityException("Access Denied.");
}
}
public void ValidateKeyImmediate()
{
var k1 = EmailValidationKeyProvider.GetEmailKey("*****@*****.**");
Assert.That(EmailValidationKeyProvider.ValidateEmailKey("*****@*****.**", k1) == EmailValidationKeyProvider.ValidationResult.Ok);
Assert.That(EmailValidationKeyProvider.ValidateEmailKey("[email protected]", k1) == EmailValidationKeyProvider.ValidationResult.Invalid);
}
private static UserInfo GetUser(string query)
{
if (SecurityContext.IsAuthenticated)
{
return(CoreContext.UserManager.GetUsers(SecurityContext.CurrentAccount.ID));
}
var queryString = HttpUtility.ParseQueryString(query);
var email = (queryString["email"] ?? "").Trim();
var type = typeof(ConfirmType).TryParseEnum(queryString["type"] ?? "", ConfirmType.EmpInvite);
var checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(email + type, queryString["key"], SetupInfo.ValidAuthKeyInterval);
if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Expired)
{
throw new Exception(Resource.ErrorExpiredActivationLink);
}
if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Invalid)
{
throw new Exception(Resource.ErrorConfirmURLError);
}
var user = CoreContext.UserManager.GetUserByEmail(email);
return(user);
}
private static void StreamFile(HttpContext context)
{
try
{
var fileId = context.Request[FilesLinkUtility.FileId];
var auth = context.Request[FilesLinkUtility.AuthKey];
var userId = context.Request[CommonLinkUtility.ParamName_UserUserID];
Global.Logger.Debug("BoxApp: get file stream " + fileId);
int validateTimespan;
int.TryParse(WebConfigurationManager.AppSettings["files.stream-url-minute"], out validateTimespan);
if (validateTimespan <= 0)
{
validateTimespan = 5;
}
var validateResult = EmailValidationKeyProvider.ValidateEmailKey(fileId + userId, auth, TimeSpan.FromMinutes(validateTimespan));
if (validateResult != EmailValidationKeyProvider.ValidationResult.Ok)
{
var exc = new HttpException((int)HttpStatusCode.Forbidden, FilesCommonResource.ErrorMassage_SecurityException);
Global.Logger.Error(string.Format("BoxApp: validate error {0} {1}: {2}", FilesLinkUtility.AuthKey, validateResult, context.Request.Url), exc);
throw exc;
}
var token = Token.GetToken(AppAttr, userId);
if (token == null)
{
Global.Logger.Error("BoxApp: token is null");
throw new SecurityException("Access token is null");
}
var request = WebRequest.Create(BoxUrlFile.Replace("{fileId}", fileId) + "/content");
request.Method = "GET";
request.Headers.Add("Authorization", "Bearer " + token.AccessToken);
using (var response = request.GetResponse())
using (var stream = new ResponseStream(response))
{
stream.StreamCopyTo(context.Response.OutputStream);
}
}
catch (Exception ex)
{
context.Response.StatusCode = (int)HttpStatusCode.BadRequest;
context.Response.Write(ex.Message);
Global.Logger.Error("BoxApp: Error request " + context.Request.Url, ex);
}
try
{
context.Response.Flush();
context.Response.End();
}
catch (HttpException)
{
}
}
private void StreamFile(HttpContext context)
{
try
{
var fileId = context.Request.Query[FilesLinkUtility.FileId];
var auth = context.Request.Query[FilesLinkUtility.AuthKey];
var userId = context.Request.Query[CommonLinkUtility.ParamName_UserUserID];
Logger.Debug("BoxApp: get file stream " + fileId);
var validateResult = EmailValidationKeyProvider.ValidateEmailKey(fileId + userId, auth, Global.StreamUrlExpire);
if (validateResult != EmailValidationKeyProvider.ValidationResult.Ok)
{
var exc = new HttpException((int)HttpStatusCode.Forbidden, FilesCommonResource.ErrorMassage_SecurityException);
Logger.Error(string.Format("BoxApp: validate error {0} {1}: {2}", FilesLinkUtility.AuthKey, validateResult, context.Request.Url()), exc);
throw exc;
}
Token token = null;
if (Guid.TryParse(userId, out var userIdGuid))
{
token = TokenHelper.GetToken(AppAttr, userIdGuid);
}
if (token == null)
{
Logger.Error("BoxApp: token is null");
throw new SecurityException("Access token is null");
}
var request = (HttpWebRequest)WebRequest.Create(BoxUrlFile.Replace("{fileId}", fileId) + "/content");
request.Method = "GET";
request.Headers.Add("Authorization", "Bearer " + token);
using var stream = new ResponseStream(request.GetResponse());
stream.CopyTo(context.Response.Body);
}
catch (Exception ex)
{
context.Response.StatusCode = (int)HttpStatusCode.BadRequest;
context.Response.WriteAsync(ex.Message).Wait();
Logger.Error("BoxApp: Error request " + context.Request.Url(), ex);
}
try
{
context.Response.Body.Flush();
//TODO
//context.Response.Body.SuppressContent = true;
//context.ApplicationInstance.CompleteRequest();
}
catch (HttpException ex)
{
Logger.Error("BoxApp StreamFile", ex);
}
}
private static void StreamFile(HttpContext context)
{
try
{
var id = context.Request[FilesLinkUtility.FileId];
var auth = context.Request[FilesLinkUtility.AuthKey];
int version;
int.TryParse(context.Request[FilesLinkUtility.Version], out version);
int validateTimespan;
int.TryParse(WebConfigurationManager.AppSettings["files.stream-url-minute"], out validateTimespan);
if (validateTimespan <= 0)
{
validateTimespan = 5;
}
var validateResult = EmailValidationKeyProvider.ValidateEmailKey(id + version, auth, TimeSpan.FromMinutes(validateTimespan));
if (validateResult != EmailValidationKeyProvider.ValidationResult.Ok)
{
var exc = new HttpException((int)HttpStatusCode.Forbidden, FilesCommonResource.ErrorMassage_SecurityException);
Global.Logger.Error(string.Format("{0} {1}: {2}", FilesLinkUtility.AuthKey, validateResult, context.Request.Url), exc);
throw exc;
}
using (var fileDao = Global.DaoFactory.GetFileDao())
{
fileDao.InvalidateCache(id);
var file = version > 0
? fileDao.GetFile(id, version)
: fileDao.GetFile(id);
using (var stream = fileDao.GetFileStream(file))
{
context.Response.AddHeader("Content-Length",
stream.CanSeek
? stream.Length.ToString(CultureInfo.InvariantCulture)
: file.ContentLength.ToString(CultureInfo.InvariantCulture));
stream.StreamCopyTo(context.Response.OutputStream);
}
}
}
catch (Exception ex)
{
context.Response.StatusCode = (int)HttpStatusCode.BadRequest;
context.Response.Write(ex.Message);
Global.Logger.Error("Error for: " + context.Request.Url, ex);
}
try
{
context.Response.Flush();
context.Response.End();
}
catch (HttpException)
{
}
}
public void ValidateKey_Delayed()
{
var k1 = EmailValidationKeyProvider.GetEmailKey("*****@*****.**");
System.Threading.Thread.Sleep(100);
Assert.That(EmailValidationKeyProvider.ValidateEmailKey("*****@*****.**", k1, TimeSpan.FromMilliseconds(150)) == EmailValidationKeyProvider.ValidationResult.Ok);
System.Threading.Thread.Sleep(100);
Assert.That(EmailValidationKeyProvider.ValidateEmailKey("*****@*****.**", k1, TimeSpan.FromMilliseconds(150)) == EmailValidationKeyProvider.ValidationResult.Expired);
}
private static void DifferenceFile(HttpContext context)
{
var id = context.Request[FilesLinkUtility.FileId];
var auth = context.Request[FilesLinkUtility.AuthKey];
int version;
int.TryParse(context.Request[FilesLinkUtility.Version] ?? "", out version);
var validateResult = EmailValidationKeyProvider.ValidateEmailKey(id + version, auth ?? "", Global.StreamUrlExpire);
if (validateResult == EmailValidationKeyProvider.ValidationResult.Ok)
{
try
{
using (var fileDao = Global.DaoFactory.GetFileDao())
{
fileDao.InvalidateCache(id);
var file = version > 0
? fileDao.GetFile(id, version)
: fileDao.GetFile(id);
using (var stream = fileDao.GetDifferenceStream(file))
{
context.Response.AddHeader("Content-Length", stream.Length.ToString(CultureInfo.InvariantCulture));
stream.StreamCopyTo(context.Response.OutputStream);
}
}
}
catch (Exception ex)
{
context.Response.StatusCode = (int)HttpStatusCode.InternalServerError;
context.Response.Write(ex.Message);
Global.Logger.Error("Error for: " + context.Request.Url, ex);
}
}
else
{
var exc = new HttpException((int)HttpStatusCode.Forbidden, FilesCommonResource.ErrorMassage_SecurityException);
Global.Logger.Error(string.Format("{0} {1}: {2}", FilesLinkUtility.AuthKey, validateResult, context.Request.Url), exc);
context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
context.Response.Write(FilesCommonResource.ErrorMassage_SecurityException);
}
try
{
context.Response.Flush();
context.Response.End();
}
catch (HttpException)
{
}
}
private static void TempFile(HttpContext context)
{
var fileName = context.Request[FilesLinkUtility.FileTitle];
var auth = context.Request[FilesLinkUtility.AuthKey];
var validateResult = EmailValidationKeyProvider.ValidateEmailKey(fileName, auth ?? "", Global.StreamUrlExpire);
if (validateResult != EmailValidationKeyProvider.ValidationResult.Ok)
{
var exc = new HttpException((int)HttpStatusCode.Forbidden, FilesCommonResource.ErrorMassage_SecurityException);
Global.Logger.Error(string.Format("{0} {1}: {2}", FilesLinkUtility.AuthKey, validateResult, context.Request.Url), exc);
context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
context.Response.Write(FilesCommonResource.ErrorMassage_SecurityException);
return;
}
context.Response.Clear();
context.Response.ContentType = MimeMapping.GetMimeMapping(fileName);
context.Response.AddHeader("Content-Disposition", ContentDispositionUtil.GetHeaderValue(fileName));
var store = Global.GetStore();
var path = Path.Combine("temp_stream", fileName);
if (!store.IsFile(FileConstant.StorageDomainTmp, path))
{
context.Response.StatusCode = (int)HttpStatusCode.NotFound;
context.Response.Write(FilesCommonResource.ErrorMassage_FileNotFound);
return;
}
using (var readStream = store.GetReadStream(FileConstant.StorageDomainTmp, path))
{
context.Response.AddHeader("Content-Length", readStream.Length.ToString(CultureInfo.InvariantCulture));
readStream.StreamCopyTo(context.Response.OutputStream);
}
store.Delete(FileConstant.StorageDomainTmp, path);
try
{
context.Response.Flush();
context.Response.SuppressContent = true;
context.ApplicationInstance.CompleteRequest();
}
catch (HttpException he)
{
Global.Logger.ErrorFormat("TempFile", he);
}
}
[Create(@"login", false, false)] //NOTE: this method doesn't requires auth!!! //NOTE: this method doesn't check payment!!!
public bool AuthenticateMe(string userName, string password, string key)
{
var authInterval = TimeSpan.FromMinutes(5);
var checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(userName + password + ConfirmType.Auth, key, authInterval);
if (checkKeyResult != EmailValidationKeyProvider.ValidationResult.Ok)
{
throw new SecurityException("Access Denied.");
}
bool viaEmail;
var user = GetUser(userName, password, null, null, out viaEmail);
return(user != null);
}
[Create("sendcongratulations", false)] //NOTE: this method doesn't requires auth!!!
public void SendCongratulations(Guid userid, string key)
{
var authInterval = TimeSpan.FromHours(1);
var checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(userid.ToString() + ConfirmType.Auth, key, authInterval);
switch (checkKeyResult)
{
case EmailValidationKeyProvider.ValidationResult.Ok:
var currentUser = CoreContext.UserManager.GetUsers(userid);
StudioNotifyService.Instance.SendCongratulations(currentUser);
break;
default:
throw new SecurityException("Access Denied.");
}
}
private static void License(HttpContext context)
{
if (!CoreContext.Configuration.Standalone)
{
context.Response.StatusCode = (int)HttpStatusCode.MethodNotAllowed;
return;
}
try
{
var id = context.Request[FilesLinkUtility.FileId];
var auth = context.Request[FilesLinkUtility.AuthKey];
var validateResult = EmailValidationKeyProvider.ValidateEmailKey(id, auth, Global.StreamUrlExpire);
if (validateResult != EmailValidationKeyProvider.ValidationResult.Ok)
{
var exc = new HttpException((int)HttpStatusCode.Forbidden, FilesCommonResource.ErrorMassage_SecurityException);
Global.Logger.Error(string.Format("{0} {1}: {2}", FilesLinkUtility.AuthKey, validateResult, context.Request.Url), exc);
throw exc;
}
using (var stream = LicenseReader.GetLicenseStream())
{
if (stream.CanSeek)
{
context.Response.AddHeader("Content-Length", stream.Length.ToString(CultureInfo.InvariantCulture));
}
stream.StreamCopyTo(context.Response.OutputStream);
}
}
catch (Exception ex)
{
context.Response.StatusCode = (int)HttpStatusCode.BadRequest;
context.Response.Write(ex.Message);
Global.Logger.Error("Error for: " + context.Request.Url, ex);
}
try
{
context.Response.Flush();
context.Response.End();
}
catch (HttpException)
{
}
}
private void DownloadFile(int attachmentId, HttpContext context)
{
var mailBoxManager = new MailBoxManager();
var auth = context.Request[FilesLinkUtility.AuthKey];
var openTempStream = false;
if (!string.IsNullOrEmpty(auth))
{
var stream = context.Request.QueryString["stream"];
if (!string.IsNullOrEmpty(stream))
{
int validateTimespan;
int.TryParse(WebConfigurationManager.AppSettings["files.stream-url-minute"], out validateTimespan);
if (validateTimespan <= 0)
{
validateTimespan = 5;
}
var validateResult = EmailValidationKeyProvider.ValidateEmailKey(attachmentId + stream, auth, TimeSpan.FromMinutes(validateTimespan));
if (validateResult != EmailValidationKeyProvider.ValidationResult.Ok)
{
var exc = new HttpException((int)HttpStatusCode.Forbidden, "You don't have enough permission to perform the operation");
//Global.Logger.Error(string.Format("{0} {1}: {2}", CommonLinkUtility.AuthKey, validateResult, context.Request.Url), exc);
throw exc;
}
openTempStream = true;
}
}
using (var file = openTempStream
? mailBoxManager.GetAttachmentStream(attachmentId, TenantId)
: mailBoxManager.GetAttachmentStream(attachmentId, TenantId, Username))
{
context.Response.AddHeader("Content-Disposition", ContentDispositionUtil.GetHeaderValue(file.FileName));
file.FileStream.StreamCopyTo(context.Response.OutputStream);
}
}
private void ProcessSmsValidation(UserTransferData uData)
{
var smsAuthSettings = SettingsManager.Instance.LoadSettings <StudioSmsNotificationSettings>(TenantProvider.CurrentTenantID);
if (smsAuthSettings.Enable && SetupInfo.IsVisibleSettings <StudioSmsNotificationSettings>())
{
var confKey = CookiesManager.GetCookies(CookiesType.ConfKey);
var activated = CoreContext.UserManager.GetUsers(SecurityContext.CurrentAccount.ID).MobilePhoneActivationStatus;
if (!String.IsNullOrEmpty(confKey) && EmailValidationKeyProvider.ValidateEmailKey(CoreContext.UserManager.GetUsers(SecurityContext.CurrentAccount.ID).Email, confKey, TimeSpan.FromDays(30)) == EmailValidationKeyProvider.ValidationResult.Ok)
{
return;
}
uData.MobilePhoneActivationStatus = activated;
uData.ValidationKey = EmailValidationKeyProvider.GetEmailKey(GetEmailKey(uData, activated));
Session["UserTransferData"] = uData;
ProcessLogout();
Response.Redirect(String.Format("~/Confirm.aspx?type={0}", activated == MobilePhoneActivationStatus.Activated ? ConfirmType.PhoneAuth : ConfirmType.PhoneActivation));
}
}
private static void StreamFile(HttpContext context)
{
try
{
var id = context.Request[UrlConstant.FileId];
var ver = context.Request[UrlConstant.Version];
var auth = context.Request[UrlConstant.AuthKey];
if (EmailValidationKeyProvider.ValidateEmailKey(id + ver, auth, TimeSpan.FromMinutes(1)) != EmailValidationKeyProvider.ValidationResult.Ok)
{
throw new HttpException((int)HttpStatusCode.Forbidden, FilesCommonResource.ErrorMassage_SecurityException);
}
using (var dao = Global.DaoFactory.GetFileDao())
{
var file = dao.GetFile(id, Convert.ToInt32(ver));
using (var stream = dao.GetFileStream(file))
{
context.Response.AddHeader("Content-Length", stream.Length.ToString(CultureInfo.InvariantCulture));
stream.StreamCopyTo(context.Response.OutputStream);
}
}
}
catch (Exception ex)
{
context.Response.StatusCode = (int)HttpStatusCode.BadRequest;
context.Response.Write(ex.Message);
}
try
{
context.Response.Flush();
context.Response.End();
}
catch (HttpException)
{
}
}
private bool CheckValidationKey()
{
var key = Request["key"] ?? "";
var emplType = Request["emplType"] ?? "";
var validInterval = SetupInfo.ValidEamilKeyInterval;
var authInterval = TimeSpan.FromHours(1);
EmailValidationKeyProvider.ValidationResult checkKeyResult;
switch (_type)
{
case ConfirmType.PortalContinue:
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key);
break;
case ConfirmType.PhoneActivation:
case ConfirmType.PhoneAuth:
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key, authInterval);
break;
case ConfirmType.Auth:
{
var first = Request["first"] ?? "";
var module = Request["module"];
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + first + module, key, authInterval);
if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Ok)
{
var user = _email.Contains("@")
? CoreContext.UserManager.GetUserByEmail(_email)
: CoreContext.UserManager.GetUsers(new Guid(_email));
if (SecurityContext.IsAuthenticated && SecurityContext.CurrentAccount.ID != user.ID)
{
Auth.ProcessLogout();
}
if (!SecurityContext.IsAuthenticated)
{
if (StudioSmsNotificationSettings.IsVisibleSettings && StudioSmsNotificationSettings.Enable)
{
Response.Redirect(SmsConfirmUrl(user), true);
}
var authCookie = SecurityContext.AuthenticateMe(user.ID);
CookiesManager.SetCookies(CookiesType.AuthKey, authCookie);
MessageService.Send(HttpContext.Current.Request, MessageAction.LoginSuccess, user.DisplayUserName(false));
}
AuthRedirect(user, first.ToLower() == "true", module, Request[FilesLinkUtility.FileUri]);
}
}
break;
case ConfirmType.DnsChange:
{
var dnsChangeKey = string.Join(string.Empty, new[] { _email, _type.ToString(), Request["dns"], Request["alias"] });
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(dnsChangeKey, key, validInterval);
}
break;
case ConfirmType.PortalOwnerChange:
{
Guid uid;
try
{
uid = new Guid(Request["uid"]);
}
catch
{
uid = Guid.Empty;
}
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + uid, key, validInterval);
}
break;
case ConfirmType.EmpInvite:
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + emplType, key, validInterval);
break;
case ConfirmType.LinkInvite:
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_type + emplType, key, validInterval);
break;
case ConfirmType.PasswordChange:
var userHash = !String.IsNullOrEmpty(Request["p"]) && Request["p"] == "1";
String hash = String.Empty;
if (userHash)
{
hash = CoreContext.Authentication.GetUserPasswordHash(CoreContext.UserManager.GetUserByEmail(_email).ID);
}
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + (string.IsNullOrEmpty(hash) ? string.Empty : Hasher.Base64Hash(hash)), key, validInterval);
break;
default:
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key, validInterval);
break;
}
if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Expired)
{
ShowError(Resource.ErrorExpiredActivationLink);
return(false);
}
if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Invalid)
{
ShowError(_type == ConfirmType.LinkInvite
? Resource.ErrorInvalidActivationLink
: Resource.ErrorConfirmURLError);
return(false);
}
if (!string.IsNullOrEmpty(_email) && !_email.TestEmailRegex())
{
ShowError(Resource.ErrorNotCorrectEmail);
return(false);
}
return(true);
}
public void ProcessRequest(HttpContext context)
{
if (_checkAuth && !SecurityContext.IsAuthenticated)
{
context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
return;
}
var storage = StorageFactory.GetStorage(CoreContext.TenantManager.GetCurrentTenant().TenantId.ToString(CultureInfo.InvariantCulture), _module);
var path = _path;
var header = context.Request[Constants.QUERY_HEADER] ?? "";
var auth = context.Request[Constants.QUERY_AUTH];
var storageExpire = storage.GetExpire(_domain);
if (storageExpire != TimeSpan.Zero && storageExpire != TimeSpan.MinValue && storageExpire != TimeSpan.MaxValue || !string.IsNullOrEmpty(auth))
{
var expire = context.Request[Constants.QUERY_EXPIRE];
if (string.IsNullOrEmpty(expire))
{
expire = storageExpire.TotalMinutes.ToString(CultureInfo.InvariantCulture);
}
var validateResult = EmailValidationKeyProvider.ValidateEmailKey(path + "." + header + "." + expire, auth ?? "", TimeSpan.FromMinutes(Convert.ToDouble(expire)));
if (validateResult != EmailValidationKeyProvider.ValidationResult.Ok)
{
context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
return;
}
}
if (!storage.IsFile(_domain, path))
{
context.Response.StatusCode = (int)HttpStatusCode.NotFound;
return;
}
var headers = header.Length > 0 ? header.Split('&').Select(HttpUtility.UrlDecode) : new string[] { };
const int bigSize = 5 * 1024 * 1024;
if (storage.IsSupportInternalUri && bigSize < storage.GetFileSize(_domain, path))
{
var uri = storage.GetInternalUri(_domain, path, TimeSpan.FromMinutes(15), headers);
context.Response.Cache.SetAllowResponseInBrowserHistory(false);
context.Response.Cache.SetCacheability(HttpCacheability.NoCache);
context.Response.Redirect(uri.ToString());
return;
}
string encoding = null;
if (storage is DiscDataStore && storage.IsFile(_domain, path + ".gz"))
{
path += ".gz";
encoding = "gzip";
}
var headersToCopy = new List <string> {
"Content-Disposition", "Cache-Control", "Content-Encoding", "Content-Language", "Content-Type", "Expires"
};
foreach (var h in headers)
{
var toCopy = headersToCopy.Find(x => h.StartsWith(x));
if (string.IsNullOrEmpty(toCopy))
{
continue;
}
context.Response.Headers[toCopy] = h.Substring(toCopy.Length + 1);
}
context.Response.ContentType = MimeMapping.GetMimeMapping(path);
if (encoding != null)
{
context.Response.Headers["Content-Encoding"] = encoding;
}
if (!context.Response.IsClientConnected)
{
context.Response.End();
return;
}
using (var stream = storage.GetReadStream(_domain, path))
{
context.Response.Buffer = false;
long offset = 0;
var length = stream.Length;
if (stream.CanSeek)
{
length = ProcessRangeHeader(context, stream.Length, ref offset);
stream.Seek(offset, SeekOrigin.Begin);
}
context.Response.AddHeader("Connection", "Keep-Alive");
context.Response.AddHeader("Content-Length", length.ToString(CultureInfo.InvariantCulture));
try
{
stream.CopyTo(context.Response.OutputStream);
context.Response.Flush();
}
catch (Exception e)
{
LogManager.GetLogger("ASC").Debug("StorageHandler.ProcessRequest", e);
context.Response.End();
}
}
}
private static void StreamFile(HttpContext context)
{
try
{
using (var fileDao = Global.DaoFactory.GetFileDao())
{
var id = context.Request[FilesLinkUtility.FileId];
int version;
if (!int.TryParse(context.Request[FilesLinkUtility.Version] ?? "", out version))
{
version = 0;
}
var doc = context.Request[FilesLinkUtility.DocShareKey];
fileDao.InvalidateCache(id);
File file;
var linkRight = FileShareLink.Check(doc, fileDao, out file);
if (linkRight == FileShare.Restrict && !SecurityContext.IsAuthenticated)
{
var auth = context.Request[FilesLinkUtility.AuthKey];
var validateResult = EmailValidationKeyProvider.ValidateEmailKey(id + version, auth ?? "", Global.StreamUrlExpire);
if (validateResult != EmailValidationKeyProvider.ValidationResult.Ok)
{
var exc = new HttpException((int)HttpStatusCode.Forbidden, FilesCommonResource.ErrorMassage_SecurityException);
Global.Logger.Error(string.Format("{0} {1}: {2}", FilesLinkUtility.AuthKey, validateResult, context.Request.Url), exc);
context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
context.Response.Write(FilesCommonResource.ErrorMassage_SecurityException);
return;
}
if (!string.IsNullOrEmpty(FileUtility.SignatureSecret))
{
try
{
var header = context.Request.Headers[FileUtility.SignatureHeader];
if (string.IsNullOrEmpty(header) || !header.StartsWith("Bearer "))
{
throw new Exception("Invalid header " + header);
}
header = header.Substring("Bearer ".Length);
JsonWebToken.JsonSerializer = new DocumentService.JwtSerializer();
var stringPayload = JsonWebToken.Decode(header, FileUtility.SignatureSecret);
Global.Logger.Debug("DocService StreamFile payload: " + stringPayload);
//var data = JObject.Parse(stringPayload);
//if (data == null)
//{
// throw new ArgumentException("DocService StreamFile header is incorrect");
//}
//var signedStringUrl = data["url"] ?? (data["payload"] != null ? data["payload"]["url"] : null);
//if (signedStringUrl == null)
//{
// throw new ArgumentException("DocService StreamFile header url is incorrect");
//}
//var signedUrl = new Uri(signedStringUrl.ToString());
//var signedQuery = signedUrl.Query;
//if (!context.Request.Url.Query.Equals(signedQuery))
//{
// throw new SecurityException(string.Format("DocService StreamFile header id not equals: {0} and {1}", context.Request.Url.Query, signedQuery));
//}
}
catch (Exception ex)
{
Global.Logger.Error("Download stream header " + context.Request.Url, ex);
context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
context.Response.Write(FilesCommonResource.ErrorMassage_SecurityException);
return;
}
}
}
if (file == null ||
version > 0 && file.Version != version)
{
file = version > 0
? fileDao.GetFile(id, version)
: fileDao.GetFile(id);
}
if (file == null)
{
context.Response.StatusCode = (int)HttpStatusCode.NotFound;
return;
}
if (linkRight == FileShare.Restrict && SecurityContext.IsAuthenticated && !Global.GetFilesSecurity().CanRead(file))
{
context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
return;
}
if (!string.IsNullOrEmpty(file.Error))
{
context.Response.StatusDescription = file.Error;
context.Response.StatusCode = (int)HttpStatusCode.BadRequest;
return;
}
context.Response.AddHeader("Content-Disposition", ContentDispositionUtil.GetHeaderValue(file.Title));
context.Response.ContentType = MimeMapping.GetMimeMapping(file.Title);
using (var stream = fileDao.GetFileStream(file))
{
context.Response.AddHeader("Content-Length",
stream.CanSeek
? stream.Length.ToString(CultureInfo.InvariantCulture)
: file.ContentLength.ToString(CultureInfo.InvariantCulture));
stream.StreamCopyTo(context.Response.OutputStream);
}
}
}
catch (Exception ex)
{
Global.Logger.Error("Error for: " + context.Request.Url, ex);
context.Response.StatusCode = (int)HttpStatusCode.InternalServerError;
context.Response.Write(ex.Message);
return;
}
try
{
context.Response.Flush();
context.Response.SuppressContent = true;
context.ApplicationInstance.CompleteRequest();
}
catch (HttpException he)
{
Global.Logger.ErrorFormat("StreamFile", he);
}
}
private static void DifferenceFile(HttpContext context)
{
try
{
using (var fileDao = Global.DaoFactory.GetFileDao())
{
var id = context.Request[FilesLinkUtility.FileId];
int version;
int.TryParse(context.Request[FilesLinkUtility.Version] ?? "", out version);
var doc = context.Request[FilesLinkUtility.DocShareKey];
File file;
var linkRight = FileShareLink.Check(doc, fileDao, out file);
if (linkRight == FileShare.Restrict && !SecurityContext.IsAuthenticated)
{
var auth = context.Request[FilesLinkUtility.AuthKey];
var validateResult = EmailValidationKeyProvider.ValidateEmailKey(id + version, auth ?? "", Global.StreamUrlExpire);
if (validateResult != EmailValidationKeyProvider.ValidationResult.Ok)
{
var exc = new HttpException((int)HttpStatusCode.Forbidden, FilesCommonResource.ErrorMassage_SecurityException);
Global.Logger.Error(string.Format("{0} {1}: {2}", FilesLinkUtility.AuthKey, validateResult, context.Request.Url), exc);
context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
context.Response.Write(FilesCommonResource.ErrorMassage_SecurityException);
return;
}
}
fileDao.InvalidateCache(id);
if (file == null ||
version > 0 && file.Version != version)
{
file = version > 0
? fileDao.GetFile(id, version)
: fileDao.GetFile(id);
}
if (file == null)
{
context.Response.StatusCode = (int)HttpStatusCode.NotFound;
return;
}
if (linkRight == FileShare.Restrict && SecurityContext.IsAuthenticated && !Global.GetFilesSecurity().CanRead(file))
{
context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
return;
}
if (!string.IsNullOrEmpty(file.Error))
{
context.Response.StatusDescription = file.Error;
context.Response.StatusCode = (int)HttpStatusCode.BadRequest;
return;
}
context.Response.AddHeader("Content-Disposition", ContentDispositionUtil.GetHeaderValue(".zip"));
context.Response.ContentType = MimeMapping.GetMimeMapping(".zip");
using (var stream = fileDao.GetDifferenceStream(file))
{
context.Response.AddHeader("Content-Length", stream.Length.ToString(CultureInfo.InvariantCulture));
stream.StreamCopyTo(context.Response.OutputStream);
}
}
}
catch (Exception ex)
{
context.Response.StatusCode = (int)HttpStatusCode.InternalServerError;
context.Response.Write(ex.Message);
Global.Logger.Error("Error for: " + context.Request.Url, ex);
return;
}
try
{
context.Response.Flush();
context.Response.SuppressContent = true;
context.ApplicationInstance.CompleteRequest();
}
catch (HttpException he)
{
Global.Logger.ErrorFormat("DifferenceFile", he);
}
}
private static void DownloadFile(int attachmentId, HttpContext context)
{
var auth = context.Request[FilesLinkUtility.AuthKey];
var openTempStream = false;
if (!string.IsNullOrEmpty(auth))
{
var stream = context.Request.QueryString["stream"];
if (!string.IsNullOrEmpty(stream))
{
int validateTimespan;
int.TryParse(ConfigurationManagerExtension.AppSettings["files.stream-url-minute"], out validateTimespan);
if (validateTimespan <= 0)
{
validateTimespan = 5;
}
var validateResult = EmailValidationKeyProvider.ValidateEmailKey(attachmentId + stream, auth, TimeSpan.FromMinutes(validateTimespan));
if (validateResult != EmailValidationKeyProvider.ValidationResult.Ok)
{
var exc = new HttpException((int)HttpStatusCode.Forbidden, "You don't have enough permission to perform the operation");
//Global.Logger.Error(string.Format("{0} {1}: {2}", CommonLinkUtility.AuthKey, validateResult, context.Request.Url), exc);
throw exc;
}
openTempStream = true;
}
}
else
{
if (!SecurityContext.IsAuthenticated)
{
throw new HttpException(403, "Access denied.");
}
}
var engine = new EngineFactory(TenantId, Username);
var attachment = engine.AttachmentEngine.GetAttachment(
openTempStream
? (IAttachmentExp) new ConcreteTenantAttachmentExp(attachmentId, TenantId)
: new ConcreteUserAttachmentExp(attachmentId, TenantId, Username));
long offset = 0;
long endOffset = -1;
long length = attachment.size;
if (context.Request.Headers["Range"] != null)
{
var range = context.Request.Headers["Range"].Split('=', '-');
offset = Convert.ToInt64(range[1]);
if (range.Count() > 2 && !string.IsNullOrEmpty(range[2]))
{
endOffset = Convert.ToInt64(range[2]);
}
if (endOffset < 0 || endOffset >= attachment.size)
{
endOffset = attachment.size - 1;
}
length = endOffset - offset + 1;
if (length <= 0)
{
throw new HttpException("Wrong Range header");
}
context.Response.StatusCode = 206;
context.Response.AddHeader("Content-Range", String.Format(" bytes {0}-{1}/{2}", offset, endOffset, attachment.size));
}
using (var file = attachment.ToAttachmentStream((int)offset))
{
context.Response.AddHeader("Accept-Ranges", "bytes");
context.Response.AddHeader("Content-Length", length.ToString(CultureInfo.InvariantCulture));
context.Response.AddHeader("Content-Disposition", ContentDispositionUtil.GetHeaderValue(file.FileName));
context.Response.ContentType = MimeMapping.GetMimeMapping(file.FileName);
if (endOffset != attachment.size - 1)
{
file.FileStream.CopyTo(context.Response.OutputStream);
}
else
{
file.FileStream.StreamCopyTo(context.Response.OutputStream, (int)length);
}
}
}
public void DebugValidation()
{
EmailValidationKeyProvider.ValidateEmailKey("*****@*****.**", "123075394398.ZVJMVHKNEF67EHMKX7EHZTYEP8CSG4SSBX8E28OPNS8");
}
private bool CheckValidationKey()
{
var key = Request["key"] ?? "";
var emplType = Request["emplType"] ?? "";
var social = Request["social"] ?? "";
var validInterval = SetupInfo.ValidEmailKeyInterval;
var authInterval = SetupInfo.ValidAuthKeyInterval;
EmailValidationKeyProvider.ValidationResult checkKeyResult;
switch (_type)
{
case ConfirmType.PortalContinue:
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key);
break;
case ConfirmType.PhoneActivation:
case ConfirmType.PhoneAuth:
case ConfirmType.TfaActivation:
case ConfirmType.TfaAuth:
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key, authInterval);
break;
case ConfirmType.Auth:
{
var first = Request["first"] ?? "";
var module = Request["module"] ?? "";
var smsConfirm = Request["sms"] ?? "";
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + first + module + smsConfirm, key, authInterval);
if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Ok)
{
var user = _email.Contains("@")
? CoreContext.UserManager.GetUserByEmail(_email)
: CoreContext.UserManager.GetUsers(new Guid(_email));
if (SecurityContext.IsAuthenticated && SecurityContext.CurrentAccount.ID != user.ID)
{
Auth.ProcessLogout();
}
if (!SecurityContext.IsAuthenticated)
{
if (!CoreContext.UserManager.UserExists(user.ID) || user.Status != EmployeeStatus.Active)
{
ShowError(Auth.MessageKey.ErrorUserNotFound);
return(false);
}
if (StudioSmsNotificationSettings.IsVisibleAndAvailableSettings && StudioSmsNotificationSettings.Enable && smsConfirm.ToLower() != "true")
{
//todo: think about 'first' & 'module'
Response.Redirect(SmsConfirmUrl(user), true);
}
if (TfaAppAuthSettings.IsVisibleSettings && TfaAppAuthSettings.Enable)
{
//todo: think about 'first' & 'module'
Response.Redirect(TfaConfirmUrl(user), true);
}
var messageAction = social == "true" ? MessageAction.LoginSuccessViaSocialAccount : MessageAction.LoginSuccess;
CookiesManager.AuthenticateMeAndSetCookies(user.Tenant, user.ID, messageAction);
}
SetDefaultModule(module);
AuthRedirect(first.ToLower() == "true");
}
}
break;
case ConfirmType.DnsChange:
{
var dnsChangeKey = string.Join(string.Empty, new[] { _email, _type.ToString(), Request["dns"], Request["alias"] });
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(dnsChangeKey, key, validInterval);
}
break;
case ConfirmType.PortalOwnerChange:
{
Guid uid;
try
{
uid = new Guid(Request["uid"]);
}
catch
{
uid = Guid.Empty;
}
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + uid, key, validInterval);
}
break;
case ConfirmType.EmpInvite:
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + emplType, key, validInterval);
break;
case ConfirmType.LinkInvite:
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_type + emplType, key, validInterval);
break;
case ConfirmType.EmailChange:
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + SecurityContext.CurrentAccount.ID, key, validInterval);
break;
case ConfirmType.PasswordChange:
var userInfo = CoreContext.UserManager.GetUserByEmail(_email);
var auditEvent = AuditEventsRepository.GetByFilter(action: MessageAction.UserSentPasswordChangeInstructions, entry: EntryType.User, target: MessageTarget.Create(userInfo.ID).ToString(), limit: 1).FirstOrDefault();
var passwordStamp = CoreContext.Authentication.GetUserPasswordStamp(userInfo.ID);
string hash;
if (auditEvent != null)
{
var auditEventDate = TenantUtil.DateTimeToUtc(auditEvent.Date);
hash = (auditEventDate.CompareTo(passwordStamp) > 0 ? auditEventDate : passwordStamp).ToString("s");
}
else
{
hash = passwordStamp.ToString("s");
}
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type + hash, key, validInterval);
break;
default:
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(_email + _type, key, validInterval);
break;
}
if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Expired)
{
ShowError(Auth.MessageKey.ErrorExpiredActivationLink);
return(false);
}
if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Invalid)
{
ShowError(_type == ConfirmType.LinkInvite
? Auth.MessageKey.ErrorInvalidActivationLink
: Auth.MessageKey.ErrorConfirmURLError);
return(false);
}
if (!string.IsNullOrEmpty(_email) && !_email.TestEmailRegex())
{
ShowError(Auth.MessageKey.ErrorNotCorrectEmail);
return(false);
}
return(true);
}
private static void TrackFile(HttpContext context)
{
var auth = context.Request[FilesLinkUtility.AuthKey];
var fileId = context.Request[FilesLinkUtility.FileId];
Global.Logger.Debug("DocService track fileid: " + fileId);
var callbackSpan = TimeSpan.FromDays(128);
var validateResult = EmailValidationKeyProvider.ValidateEmailKey(fileId, auth ?? "", callbackSpan);
if (validateResult != EmailValidationKeyProvider.ValidationResult.Ok)
{
Global.Logger.ErrorFormat("DocService track auth error: {0}, {1}: {2}", validateResult.ToString(), FilesLinkUtility.AuthKey, auth);
throw new HttpException((int)HttpStatusCode.Forbidden, FilesCommonResource.ErrorMassage_SecurityException);
}
JToken data;
if (!string.IsNullOrEmpty(FileUtility.SignatureSecret))
{
var header = context.Request.Headers[FileUtility.SignatureHeader];
if (string.IsNullOrEmpty(header) || !header.StartsWith("Bearer "))
{
Global.Logger.Error("DocService track header is null");
throw new HttpException((int)HttpStatusCode.Forbidden, FilesCommonResource.ErrorMassage_SecurityException);
}
header = header.Substring("Bearer ".Length);
try
{
JsonWebToken.JsonSerializer = new DocumentService.JwtSerializer();
var stringPayload = JsonWebToken.Decode(header, FileUtility.SignatureSecret);
Global.Logger.Debug("DocService track payload: " + stringPayload);
var jsonPayload = JObject.Parse(stringPayload);
data = jsonPayload["payload"];
}
catch (SignatureVerificationException ex)
{
Global.Logger.Error("DocService track header", ex);
throw new HttpException((int)HttpStatusCode.Forbidden, ex.Message);
}
}
else
{
try
{
string body;
using (var receiveStream = context.Request.InputStream)
using (var readStream = new StreamReader(receiveStream))
{
body = readStream.ReadToEnd();
}
Global.Logger.Debug("DocService track body: " + body);
if (string.IsNullOrEmpty(body))
{
throw new ArgumentException("DocService return null");
}
data = JToken.Parse(body);
}
catch (Exception e)
{
Global.Logger.Error("DocService track error read body", e);
throw new HttpException((int)HttpStatusCode.BadRequest, e.Message);
}
}
string error;
try
{
if (data == null)
{
throw new ArgumentException("DocService response is incorrect");
}
var fileData = data.ToObject <DocumentServiceTracker.TrackerData>();
error = DocumentServiceTracker.ProcessData(fileId, fileData);
}
catch (Exception e)
{
Global.Logger.Error("DocService track:", e);
throw new HttpException((int)HttpStatusCode.BadRequest, e.Message);
}
context.Response.Write(string.Format("{{\"error\":{0}}}", (error ?? "0")));
}
protected void Page_Load(object sender, EventArgs e)
{
Page.Title = HeaderStringHelper.GetPageTitle(Resource.AccountControlPageTitle);
Master.DisabledSidePanel = true;
Master.TopStudioPanel.DisableProductNavigation = true;
Master.TopStudioPanel.DisableUserInfo = true;
Master.TopStudioPanel.DisableSearch = true;
Master.TopStudioPanel.DisableSettings = true;
Master.TopStudioPanel.DisableVideo = true;
_tenantInfoSettings = SettingsManager.Instance.LoadSettings <TenantInfoSettings>(TenantProvider.CurrentTenantID);
var email = Request["email"] ?? "";
var key = Request["key"] ?? "";
var emplType = Request["emplType"] ?? "";
var type = typeof(ConfirmType).TryParseEnum(Request["type"] ?? "", ConfirmType.EmpInvite);
var validInterval = SetupInfo.ValidEamilKeyInterval;
var authInterval = TimeSpan.FromHours(1);
EmailValidationKeyProvider.ValidationResult checkKeyResult;
UserInfo user = null;
var tenant = CoreContext.TenantManager.GetCurrentTenant();
if (tenant.Status != TenantStatus.Active && type != ConfirmType.PortalContinue)
{
Response.Redirect(SetupInfo.NoTenantRedirectURL, true);
}
if (type == ConfirmType.DnsChange)
{
var dnsChangeKey = string.Join(string.Empty, new[] { email, type.ToString(), Request["dns"], Request["alias"] });
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(dnsChangeKey, key, validInterval);
}
else if (type == ConfirmType.PortalContinue)
{
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(email + type.ToString(), key);
}
else if ((type == ConfirmType.EmpInvite || type == ConfirmType.Activation) && !String.IsNullOrEmpty(emplType))
{
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(email + type.ToString() + emplType, key, validInterval);
}
else if (type == ConfirmType.PasswordChange)
{
//Check activation signature
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(email + type.ToString(), key, validInterval);
}
else if (type == ConfirmType.PortalOwnerChange && !String.IsNullOrEmpty(Request["uid"]))
{
var uid = Guid.Empty;
try
{
uid = new Guid(Request["uid"]);
}
catch
{
}
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(email + type.ToString() + uid.ToString(), key, validInterval);
}
else if (type == ConfirmType.ProfileRemove && !(String.IsNullOrEmpty(Request["email"]) || String.IsNullOrEmpty(Request["key"])))
{
user = CoreContext.UserManager.GetUserByEmail(email);
if (user.ID.Equals(Constants.LostUser.ID))
{
ShowError(Resource.ErrorUserNotFound);
return;
}
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(email + type.ToString(), key, validInterval);
}
else if (type == ConfirmType.EmpInvite && String.IsNullOrEmpty(email))
{
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(email + type.ToString(), key, TimeSpan.FromDays(3));
}
else if (type == ConfirmType.PhoneAuth || type == ConfirmType.PhoneActivation)
{
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(email + type.ToString(), key, authInterval);
}
else if (type == ConfirmType.Auth)
{
if (SecurityContext.IsAuthenticated)
{
Response.Redirect(CommonLinkUtility.GetDefault());
}
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(email + type.ToString(), key, authInterval);
if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Ok)
{
user = CoreContext.UserManager.GetUserByEmail(email);
var authCookie = SecurityContext.AuthenticateMe(user.ID);
CookiesManager.SetCookies(CookiesType.AuthKey, authCookie);
Response.Redirect(CommonLinkUtility.GetDefault());
return;
}
}
else
{
checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(email + type.ToString() + emplType, key, validInterval);
}
if (type == ConfirmType.PhoneActivation && SecurityContext.IsAuthenticated)
{
Master.TopStudioPanel.DisableUserInfo = false;
}
if ((!email.TestEmailRegex() || checkKeyResult != EmailValidationKeyProvider.ValidationResult.Ok) && type != ConfirmType.LinkInvite)
{
ShowError(Resource.ErrorConfirmURLError);
return;
}
if (!email.TestEmailRegex() && type != ConfirmType.LinkInvite)
{
ShowError(Resource.ErrorNotCorrectEmail);
return;
}
if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Invalid)
{
//If check failed
ShowError(Resource.ErrorInvalidActivationLink);
return;
}
if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Expired)
{
//If link expired
ShowError(Resource.ErrorExpiredActivationLink);
return;
}
switch (type)
{
//Invite
case ConfirmType.EmpInvite:
case ConfirmType.LinkInvite:
case ConfirmType.Activation:
_confirmHolder2.Controls.Add(LoadControl(ConfirmInviteActivation.Location));
_contentWithControl.Visible = false;
break;
case ConfirmType.EmailChange:
case ConfirmType.PasswordChange:
_confirmHolder.Controls.Add(LoadControl(ConfirmActivation.Location));
break;
case ConfirmType.EmailActivation:
ProcessEmailActivation(email);
break;
case ConfirmType.PortalRemove:
case ConfirmType.PortalSuspend:
case ConfirmType.PortalContinue:
case ConfirmType.DnsChange:
_confirmHolder.Controls.Add(LoadControl(ConfirmPortalActivity.Location));
break;
case ConfirmType.PortalOwnerChange:
_confirmHolder.Controls.Add(LoadControl(ConfirmPortalOwner.Location));
break;
case ConfirmType.ProfileRemove:
var control = (ProfileOperation)LoadControl(ProfileOperation.Location);
control.Key = key;
control.Email = email;
control.User = user;
_confirmHolder.Controls.Add(control);
break;
case ConfirmType.PhoneActivation:
case ConfirmType.PhoneAuth:
var confirmMobileActivation = (ConfirmMobileActivation)LoadControl(ConfirmMobileActivation.Location);
confirmMobileActivation.Activation = type == ConfirmType.PhoneActivation;
confirmMobileActivation.User = CoreContext.UserManager.GetUserByEmail(email);
_confirmHolder.Controls.Add(confirmMobileActivation);
break;
}
}
private static void StreamFile(HttpContext context)
{
var id = context.Request[FilesLinkUtility.FileId];
var auth = context.Request[FilesLinkUtility.AuthKey];
int version;
int.TryParse(context.Request[FilesLinkUtility.Version] ?? "", out version);
var validateResult = EmailValidationKeyProvider.ValidateEmailKey(id + version, auth ?? "", Global.StreamUrlExpire);
if (validateResult != EmailValidationKeyProvider.ValidationResult.Ok)
{
var exc = new HttpException((int)HttpStatusCode.Forbidden, FilesCommonResource.ErrorMassage_SecurityException);
Global.Logger.Error(string.Format("{0} {1}: {2}", FilesLinkUtility.AuthKey, validateResult, context.Request.Url), exc);
context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
context.Response.Write(FilesCommonResource.ErrorMassage_SecurityException);
return;
}
if (!string.IsNullOrEmpty(FileUtility.SignatureSecret))
{
try
{
var header = context.Request.Headers[FileUtility.SignatureHeader];
if (string.IsNullOrEmpty(header) || !header.StartsWith("Bearer "))
{
throw new Exception("header is null");
}
header = header.Substring("Bearer ".Length);
JsonWebToken.JsonSerializer = new DocumentService.JwtSerializer();
JsonWebToken.Decode(header, FileUtility.SignatureSecret);
}
catch (Exception ex)
{
Global.Logger.Error("Download stream header", ex);
context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
context.Response.Write(FilesCommonResource.ErrorMassage_SecurityException);
return;
}
}
try
{
using (var fileDao = Global.DaoFactory.GetFileDao())
{
fileDao.InvalidateCache(id);
var file = version > 0
? fileDao.GetFile(id, version)
: fileDao.GetFile(id);
if (!string.IsNullOrEmpty(file.Error))
{
throw new Exception(file.Error);
}
using (var stream = fileDao.GetFileStream(file))
{
context.Response.AddHeader("Content-Length",
stream.CanSeek
? stream.Length.ToString(CultureInfo.InvariantCulture)
: file.ContentLength.ToString(CultureInfo.InvariantCulture));
stream.StreamCopyTo(context.Response.OutputStream);
}
}
}
catch (Exception ex)
{
Global.Logger.Error("Error for: " + context.Request.Url, ex);
context.Response.StatusCode = (int)HttpStatusCode.InternalServerError;
context.Response.Write(ex.Message);
return;
}
try
{
context.Response.Flush();
context.Response.End();
}
catch (HttpException)
{
}
}
private void StreamFile(HttpContext context)
{
try
{
var fileId = context.Request.Query[FilesLinkUtility.FileId];
var auth = context.Request.Query[FilesLinkUtility.AuthKey];
var userId = context.Request.Query[CommonLinkUtility.ParamName_UserUserID];
Logger.Debug("GoogleDriveApp: get file stream " + fileId);
var validateResult = EmailValidationKeyProvider.ValidateEmailKey(fileId + userId, auth, Global.StreamUrlExpire);
if (validateResult != EmailValidationKeyProvider.ValidationResult.Ok)
{
var exc = new HttpException((int)HttpStatusCode.Forbidden, FilesCommonResource.ErrorMassage_SecurityException);
Logger.Error(string.Format("GoogleDriveApp: validate error {0} {1}: {2}", FilesLinkUtility.AuthKey, validateResult, context.Request.Url()), exc);
throw exc;
}
Token token = null;
if (Guid.TryParse(userId, out var userIdGuid))
{
token = TokenHelper.GetToken(AppAttr, userIdGuid);
}
if (token == null)
{
Logger.Error("BoxApp: token is null");
throw new SecurityException("Access token is null");
}
var driveFile = GetDriveFile(fileId, token);
var jsonFile = JObject.Parse(driveFile);
var downloadUrl = GoogleLoginProvider.GoogleUrlFile + fileId + "?alt=media";
if (string.IsNullOrEmpty(downloadUrl))
{
Logger.Error("GoogleDriveApp: downloadUrl is null");
throw new Exception("downloadUrl is null");
}
Logger.Debug("GoogleDriveApp: get file stream downloadUrl - " + downloadUrl);
var request = (HttpWebRequest)WebRequest.Create(downloadUrl);
request.Method = "GET";
request.Headers.Add("Authorization", "Bearer " + token);
using (var response = request.GetResponse())
using (var stream = new ResponseStream(response))
{
stream.CopyTo(context.Response.Body);
var contentLength = jsonFile.Value <string>("size");
Logger.Debug("GoogleDriveApp: get file stream contentLength - " + contentLength);
context.Response.Headers.Add("Content-Length", contentLength);
}
}
catch (Exception ex)
{
context.Response.StatusCode = (int)HttpStatusCode.BadRequest;
context.Response.WriteAsync(ex.Message).Wait();
Logger.Error("GoogleDriveApp: Error request " + context.Request.Url(), ex);
}
try
{
context.Response.Body.Flush();
//TODO
//context.Response.SuppressContent = true;
//context.ApplicationInstance.CompleteRequest();
}
catch (HttpException ex)
{
Logger.Error("GoogleDriveApp StreamFile", ex);
}
}
public string PortalRemove(string email, string key)
{
email = (email ?? "").Trim();
if (!string.IsNullOrEmpty(email) && !email.TestEmailRegex())
{
throw new ArgumentException(Resource.ErrorNotCorrectEmail);
}
var checkKeyResult = EmailValidationKeyProvider.ValidateEmailKey(email + ConfirmType.PortalRemove, key, SetupInfo.ValidEmailKeyInterval);
if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Expired)
{
throw new ExpiredTokenException(Resource.ErrorExpiredActivationLink);
}
if (checkKeyResult == EmailValidationKeyProvider.ValidationResult.Invalid)
{
throw new SecurityAccessDeniedException(Resource.ErrorConfirmURLError);
}
var curTenant = CoreContext.TenantManager.GetCurrentTenant();
var tariff = CoreContext.TenantManager.GetTenantQuota(curTenant.TenantId);
CoreContext.TenantManager.RemoveTenant(curTenant.TenantId);
if (!String.IsNullOrEmpty(ApiSystemHelper.ApiCacheUrl))
{
ApiSystemHelper.RemoveTenantFromCache(curTenant.TenantAlias);
}
var currentUser = CoreContext.UserManager.GetUsers(curTenant.OwnerId);
var redirectLink = SetupInfo.TeamlabSiteRedirect + "/remove-portal-feedback-form.aspx#" +
Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes("{\"firstname\":\"" + currentUser.FirstName +
"\",\"lastname\":\"" + currentUser.LastName +
"\",\"alias\":\"" + curTenant.TenantAlias +
"\",\"email\":\"" + currentUser.Email + "\"}"));
var authed = false;
try
{
if (!SecurityContext.IsAuthenticated)
{
SecurityContext.AuthenticateMe(ASC.Core.Configuration.Constants.CoreSystem);
authed = true;
}
MessageService.Send(HttpContext.Current.Request, MessageAction.PortalDeleted);
}
finally
{
if (authed)
{
SecurityContext.Logout();
}
}
_successMessage = string.Format(Resource.DeletePortalSuccessMessage, "<br/>", "<a href=\"{0}\">", "</a>");
_successMessage = string.Format(_successMessage, redirectLink);
StudioNotifyService.Instance.SendMsgPortalDeletionSuccess(curTenant, tariff, redirectLink);
return(JsonConvert.SerializeObject(
new {
successMessage = _successMessage,
redirectLink = redirectLink
}
));
}
private static void StreamFile(HttpContext context)
{
try
{
var fileId = context.Request[FilesLinkUtility.FileId];
var auth = context.Request[FilesLinkUtility.AuthKey];
var userId = context.Request[CommonLinkUtility.ParamName_UserUserID];
Global.Logger.Debug("GoogleDriveApp: get file stream " + fileId);
var validateResult = EmailValidationKeyProvider.ValidateEmailKey(fileId + userId, auth, Global.StreamUrlExpire);
if (validateResult != EmailValidationKeyProvider.ValidationResult.Ok)
{
var exc = new HttpException((int)HttpStatusCode.Forbidden, FilesCommonResource.ErrorMassage_SecurityException);
Global.Logger.Error(string.Format("GoogleDriveApp: validate error {0} {1}: {2}", FilesLinkUtility.AuthKey, validateResult, context.Request.Url), exc);
throw exc;
}
var token = Token.GetToken(AppAttr, userId);
var driveFile = GetDriveFile(fileId, token);
var jsonFile = JObject.Parse(driveFile);
var downloadUrl = GoogleLoginProvider.GoogleUrlFile + fileId + "?alt=media";
if (string.IsNullOrEmpty(downloadUrl))
{
Global.Logger.Error("GoogleDriveApp: downloadUrl is null");
throw new Exception("downloadUrl is null");
}
Global.Logger.Debug("GoogleDriveApp: get file stream downloadUrl - " + downloadUrl);
var request = (HttpWebRequest)WebRequest.Create(downloadUrl);
request.Method = "GET";
request.Headers.Add("Authorization", "Bearer " + token);
using (var response = request.GetResponse())
using (var stream = new ResponseStream(response))
{
stream.StreamCopyTo(context.Response.OutputStream);
var contentLength = jsonFile.Value <string>("size");
Global.Logger.Debug("GoogleDriveApp: get file stream contentLength - " + contentLength);
context.Response.AddHeader("Content-Length", contentLength);
}
}
catch (Exception ex)
{
context.Response.StatusCode = (int)HttpStatusCode.BadRequest;
context.Response.Write(ex.Message);
Global.Logger.Error("GoogleDriveApp: Error request " + context.Request.Url, ex);
}
try
{
context.Response.Flush();
context.Response.End();
}
catch (HttpException)
{
}
}
public void ProcessRequest(HttpContext context)
{
if (_checkAuth && !SecurityContext.IsAuthenticated)
{
context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
return;
}
var storage = StorageFactory.GetStorage(CoreContext.TenantManager.GetCurrentTenant().TenantId.ToString(CultureInfo.InvariantCulture), _module);
var path = _path;
var header = context.Request[Constants.QUERY_HEADER] ?? "";
var auth = context.Request[Constants.QUERY_AUTH];
var storageExpire = storage.GetExpire(_domain);
if (storageExpire != TimeSpan.Zero && storageExpire != TimeSpan.MinValue && storageExpire != TimeSpan.MaxValue || !string.IsNullOrEmpty(auth))
{
var expire = context.Request[Constants.QUERY_EXPIRE];
if (string.IsNullOrEmpty(expire))
{
expire = storageExpire.TotalMinutes.ToString(CultureInfo.InvariantCulture);
}
var validateResult = EmailValidationKeyProvider.ValidateEmailKey(path + "." + header + "." + expire, auth ?? "", TimeSpan.FromMinutes(Convert.ToDouble(expire)));
if (validateResult != EmailValidationKeyProvider.ValidationResult.Ok)
{
context.Response.StatusCode = (int)HttpStatusCode.Forbidden;
return;
}
}
if (!storage.IsFile(_domain, path))
{
context.Response.StatusCode = (int)HttpStatusCode.NotFound;
return;
}
var headers = header.Length > 0 ? header.Split('&') : new string[] { };
const int bigSize = 5 * 1024 * 1024;
if (storage.IsSupportInternalUri && bigSize < storage.GetFileSize(_domain, path))
{
var uri = storage.GetInternalUri(_domain, path, TimeSpan.FromMinutes(15), headers);
context.Response.Cache.SetAllowResponseInBrowserHistory(false);
context.Response.Cache.SetCacheability(HttpCacheability.NoCache);
context.Response.Redirect(uri.ToString());
return;
}
string encoding = null;
if (storage is DiscDataStore && storage.IsFile(_domain, path + ".gz"))
{
path += ".gz";
encoding = "gzip";
}
using (var stream = storage.GetReadStream(_domain, path))
{
stream.StreamCopyTo(context.Response.OutputStream);
}
foreach (var h in headers)
{
if (h.StartsWith("Content-Disposition"))
{
context.Response.Headers["Content-Disposition"] = h.Substring("Content-Disposition".Length + 1);
}
else if (h.StartsWith("Cache-Control"))
{
context.Response.Headers["Cache-Control"] = h.Substring("Cache-Control".Length + 1);
}
else if (h.StartsWith("Content-Encoding"))
{
context.Response.Headers["Content-Encoding"] = h.Substring("Content-Encoding".Length + 1);
}
else if (h.StartsWith("Content-Language"))
{
context.Response.Headers["Content-Language"] = h.Substring("Content-Language".Length + 1);
}
else if (h.StartsWith("Content-Type"))
{
context.Response.Headers["Content-Type"] = h.Substring("Content-Type".Length + 1);
}
else if (h.StartsWith("Expires"))
{
context.Response.Headers["Expires"] = h.Substring("Expires".Length + 1);
}
}
context.Response.ContentType = MimeMapping.GetMimeMapping(path);
if (encoding != null)
{
context.Response.Headers["Content-Encoding"] = encoding;
}
}
