public async Task SerializeToStreamAsync(IRequest req, object response, Stream outputStream) { var res = req.Response; if (req.GetItem("HttpResult") is IHttpResult httpResult && httpResult.Headers.ContainsKey(HttpHeaders.Location) && httpResult.StatusCode != System.Net.HttpStatusCode.Created) { return; } try { if (res.StatusCode >= 400) { var responseStatus = response.GetResponseStatus(); req.Items[ErrorStatusKey] = responseStatus; } if (response is CompressedResult) { if (res.Dto != null) { response = res.Dto; } else { throw new ArgumentException("Cannot use Cached Result as ViewModel"); } } foreach (var viewEngine in AppHost.ViewEngines) { var handled = await viewEngine.ProcessRequestAsync(req, response, outputStream); if (handled) { return; } } } catch (Exception ex) { if (res.StatusCode < 400) { throw; } //If there was an exception trying to render a Error with a View, //It can't handle errors so just write it out here. response = DtoUtils.CreateErrorResponse(req.Dto, ex); } //Handle Exceptions returning string if (req.ResponseContentType == MimeTypes.PlainText) { req.ResponseContentType = MimeTypes.Html; res.ContentType = MimeTypes.Html; } if (req.ResponseContentType != MimeTypes.Html && req.ResponseContentType != MimeTypes.JsonReport) { return; } var dto = response.GetDto(); if (!(dto is string html)) { // Serialize then escape any potential script tags to avoid XSS when displaying as HTML var json = JsonDataContractSerializer.Instance.SerializeToString(dto) ?? "null"; json = json.Replace("<", "<").Replace(">", ">"); var url = req.ResolveAbsoluteUrl() .Replace("format=html", "") .Replace("format=shtm", "") .TrimEnd('?', '&'); url += url.Contains("?") ? "&" : "?"; var now = DateTime.UtcNow; var requestName = req.OperationName ?? dto.GetType().GetOperationName(); html = HtmlTemplates.GetHtmlFormatTemplate() .Replace("${Dto}", json) .Replace("${Title}", string.Format(TitleFormat, requestName, now)) .Replace("${MvcIncludes}", MiniProfiler.Profiler.RenderIncludes().ToString()) .Replace("${Header}", string.Format(HtmlTitleFormat, requestName, now)) .Replace("${ServiceUrl}", url) .Replace("${Humanize}", Humanize.ToString().ToLower()); } var utf8Bytes = html.ToUtf8Bytes(); await outputStream.WriteAsync(utf8Bytes, 0, utf8Bytes.Length); }
public override async Task <object> AuthenticateAsync(IServiceBase authService, IAuthSession session, Authenticate request, CancellationToken token = default) { var tokens = Init(authService, ref session, request); //Transferring AccessToken/Secret from Mobile/Desktop App to Server if (request?.AccessToken != null && VerifyAccessToken != null) { if (!VerifyAccessToken(request.AccessToken)) { return(HttpError.Unauthorized("AccessToken is not for client_id: " + ConsumerKey)); } var isHtml = authService.Request.IsHtml(); var failedResult = await AuthenticateWithAccessTokenAsync(authService, session, tokens, request.AccessToken, token : token).ConfigAwait(); if (failedResult != null) { return(ConvertToClientError(failedResult, isHtml)); } return(isHtml ? authService.Redirect(SuccessRedirectUrlFilter(this, session.ReferrerUrl.SetParam("s", "1"))) : null); //return default AuthenticateResponse } var httpRequest = authService.Request; var error = httpRequest.GetQueryStringOrForm("error_reason") ?? httpRequest.GetQueryStringOrForm("error") ?? httpRequest.GetQueryStringOrForm("error_code") ?? httpRequest.GetQueryStringOrForm("error_description"); var hasError = !error.IsNullOrEmpty(); if (hasError) { var httpParams = HttpUtils.HasRequestBody(httpRequest.Verb) ? httpRequest.QueryString : httpRequest.FormData; Log.Error($"OAuth2 Error callback. {httpParams}"); return(authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.SetParam("f", error)))); } var code = httpRequest.GetQueryStringOrForm(Keywords.Code); var isPreAuthCallback = !code.IsNullOrEmpty(); if (!isPreAuthCallback) { var oauthstate = session.Id; var preAuthUrl = AuthorizeUrl .AddQueryParam("response_type", "code") .AddQueryParam("client_id", ConsumerKey) .AddQueryParam("redirect_uri", this.CallbackUrl) .AddQueryParam("scope", string.Join(" ", Scopes)) .AddQueryParam(Keywords.State, oauthstate); if (ResponseMode != null) { preAuthUrl = preAuthUrl.AddQueryParam("response_mode", ResponseMode); } if (session is AuthUserSession authSession) { (authSession.Meta ?? (authSession.Meta = new Dictionary <string, string>()))["oauthstate"] = oauthstate; } await this.SaveSessionAsync(authService, session, SessionExpiry, token).ConfigAwait(); return(authService.Redirect(PreAuthUrlFilter(this, preAuthUrl))); } try { var state = httpRequest.GetQueryStringOrForm(Keywords.State); if (state != null && session is AuthUserSession authSession) { if (authSession.Meta == null) { authSession.Meta = new Dictionary <string, string>(); } if (authSession.Meta.TryGetValue("oauthstate", out var oauthState) && state != oauthState) { return(authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.SetParam("f", "InvalidState")))); } authSession.Meta.Remove("oauthstate"); } var contents = await GetAccessTokenJsonAsync(code, token).ConfigAwait(); var authInfo = (Dictionary <string, object>)JSON.parse(contents); var accessToken = (string)authInfo["access_token"]; var redirectUrl = SuccessRedirectUrlFilter(this, session.ReferrerUrl.SetParam("s", "1")); var errorResult = await AuthenticateWithAccessTokenAsync(authService, session, tokens, accessToken, authInfo, token).ConfigAwait(); if (errorResult != null) { return(errorResult); } //Haz Access! if (HostContext.Config?.UseSameSiteCookies == true) { // Workaround Set-Cookie HTTP Header not being honoured in 302 Redirects var redirectHtml = HtmlTemplates.GetHtmlRedirectTemplate(redirectUrl); return(new HttpResult(redirectHtml, MimeTypes.Html)); } return(authService.Redirect(redirectUrl)); } catch (WebException we) { var errorBody = await we.GetResponseBodyAsync(token).ConfigAwait(); Log.Error($"Failed to get Access Token for '{Provider}': {errorBody}"); var statusCode = ((HttpWebResponse)we.Response).StatusCode; if (statusCode == HttpStatusCode.BadRequest) { return(authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.SetParam("f", "AccessTokenFailed")))); } } //Shouldn't get here return(authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.SetParam("f", "Unknown")))); }
protected override void Render(HtmlTextWriter output) { var operationsPart = new TableTemplate { Title = "Operations", Items = this.OperationNames, ForEachItem = RenderRow }.ToString(); var xsdsPart = new ListTemplate { Title = "XSDS:", ListItemsIntMap = this.Xsds, ListItemTemplate = @"<li><a href=""?xsd={0}"">{1}</a></li>" }.ToString(); var wsdlTemplate = new StringBuilder(); var soap11Config = MetadataConfig.GetMetadataConfig("soap11") as SoapMetadataConfig; var soap12Config = MetadataConfig.GetMetadataConfig("soap12") as SoapMetadataConfig; if (soap11Config != null || soap12Config != null) { wsdlTemplate.AppendLine("<h3>WSDLS:</h3>"); wsdlTemplate.AppendLine("<ul>"); if (soap11Config != null) { wsdlTemplate.AppendFormat( @"<li><a href=""{0}"">{0}</a></li>", soap11Config.WsdlMetadataUri); } if (soap12Config != null) { wsdlTemplate.AppendFormat( @"<li><a href=""{0}"">{0}</a></li>", soap12Config.WsdlMetadataUri); } wsdlTemplate.AppendLine("</ul>"); } var metadata = HostContext.GetPlugin <MetadataFeature>(); var pluginLinks = metadata != null && metadata.PluginLinks.Count > 0 ? new ListTemplate { Title = metadata.PluginLinksTitle, ListItemsMap = metadata.PluginLinks, ListItemTemplate = @"<li><a href=""{0}"">{1}</a></li>" }.ToString() : ""; var debugOnlyInfo = HostContext.DebugMode && metadata != null && metadata.DebugLinks.Count > 0 ? new ListTemplate { Title = metadata.DebugLinksTitle, ListItemsMap = metadata.DebugLinks, ListItemTemplate = @"<li><a href=""{0}"">{1}</a></li>" }.ToString() : ""; var renderedTemplate = HtmlTemplates.Format( HtmlTemplates.GetIndexOperationsTemplate(), this.Title, this.XsdServiceTypesIndex, operationsPart, xsdsPart, wsdlTemplate, pluginLinks, debugOnlyInfo); output.Write(renderedTemplate); }
public static string Editor( Context context, SiteSettings ss, WikiModel wikiModel, bool editInDialog = false) { var invalid = WikiValidators.OnEditing( context: context, ss: ss, wikiModel: wikiModel); switch (invalid) { case Error.Types.None: break; default: return(HtmlTemplates.Error(context, invalid)); } var hb = new HtmlBuilder(); ss.SetColumnAccessControls( context: context, mine: wikiModel.Mine(context: context)); return(editInDialog ? hb.DialogEditorForm( context: context, siteId: wikiModel.SiteId, referenceId: wikiModel.WikiId, action: () => hb .FieldSetGeneral( context: context, ss: ss, wikiModel: wikiModel, editInDialog: editInDialog)) .ToString() : hb.Template( context: context, ss: ss, view: null, verType: wikiModel.VerType, methodType: wikiModel.MethodType, siteId: wikiModel.SiteId, parentId: ss.ParentId, referenceType: "Wikis", title: wikiModel.MethodType == BaseModel.MethodTypes.New ? Displays.New(context: context) : wikiModel.Title.DisplayValue, useTitle: ss.TitleColumns?.Any(o => ss.EditorColumns.Contains(o)) == true, userScript: ss.EditorScripts( context: context, methodType: wikiModel.MethodType), userStyle: ss.EditorStyles( context: context, methodType: wikiModel.MethodType), action: () => hb .Editor( context: context, ss: ss, wikiModel: wikiModel) .Hidden(controlId: "TableName", value: "Wikis") .Hidden(controlId: "Controller", value: context.Controller) .Hidden(controlId: "Id", value: wikiModel.WikiId.ToString()) .Hidden(controlId: "TriggerRelatingColumns", value: Jsons.ToJson(ss.RelatingColumns)) .Hidden(controlId: "DropDownSearchPageSize", value: Parameters.General.DropDownSearchPageSize.ToString())) .ToString()); }
private HtmlTemplate GetDefaultTemplate(HtmlTemplateType templateType) { return(HtmlTemplates.FindByStoreAndType(0, templateType)); }
public void SerializeToStream(IRequest request, object response, IResponse httpRes) { var httpResult = request.GetItem("HttpResult") as IHttpResult; if (httpResult != null && httpResult.Headers.ContainsKey(HttpHeaders.Location)) { return; } try { if (httpRes.StatusCode >= 400) { var responseStatus = response.GetResponseStatus(); request.Items[ErrorStatusKey] = responseStatus; } if (AppHost.ViewEngines.Any(x => x.ProcessRequest(request, httpRes, response))) { return; } } catch (Exception ex) { if (httpRes.StatusCode < 400) { throw; } //If there was an exception trying to render a Error with a View, //It can't handle errors so just write it out here. response = DtoUtils.CreateErrorResponse(request.Dto, ex); } if (request.ResponseContentType != MimeTypes.Html && request.ResponseContentType != MimeTypes.JsonReport) { return; } var dto = response.GetDto(); var html = dto as string; if (html == null) { // Serialize then escape any potential script tags to avoid XSS when displaying as HTML var json = JsonDataContractSerializer.Instance.SerializeToString(dto) ?? "null"; json = json.Replace("<", "<").Replace(">", ">"); var url = request.AbsoluteUri .Replace("format=html", "") .Replace("format=shtm", "") .TrimEnd('?', '&'); url += url.Contains("?") ? "&" : "?"; var now = DateTime.UtcNow; var requestName = request.OperationName ?? dto.GetType().GetOperationName(); html = HtmlTemplates.GetHtmlFormatTemplate() .Replace("${Dto}", json) .Replace("${Title}", string.Format(TitleFormat, requestName, now)) .Replace("${MvcIncludes}", MiniProfiler.Profiler.RenderIncludes().ToString()) .Replace("${Header}", string.Format(HtmlTitleFormat, requestName, now)) .Replace("${ServiceUrl}", url); } var utf8Bytes = html.ToUtf8Bytes(); httpRes.OutputStream.Write(utf8Bytes, 0, utf8Bytes.Length); }
protected override void Render(HtmlTextWriter output) { var operationsPart = new TableTemplate { Title = "Operations", Items = this.OperationNames, ForEachItem = RenderRow }.ToString(); #if !NETSTANDARD2_0 var xsdsPart = new ListTemplate { Title = "XSDS:", ListItemsIntMap = this.Xsds, ListItemTemplate = @"<li><a href=""?xsd={0}"">{1}</a></li>" }.ToString(); #else var xsdsPart = ""; #endif var wsdlTemplate = StringBuilderCache.Allocate(); var soap11Config = MetadataConfig.GetMetadataConfig("soap11") as SoapMetadataConfig; var soap12Config = MetadataConfig.GetMetadataConfig("soap12") as SoapMetadataConfig; if (soap11Config != null || soap12Config != null) { wsdlTemplate.AppendLine("<h3>WSDLS:</h3>"); wsdlTemplate.AppendLine("<ul>"); if (soap11Config != null) { wsdlTemplate.AppendFormat( @"<li><a href=""{0}"">{0}</a></li>", soap11Config.WsdlMetadataUri); } if (soap12Config != null) { wsdlTemplate.AppendFormat( @"<li><a href=""{0}"">{0}</a></li>", soap12Config.WsdlMetadataUri); } wsdlTemplate.AppendLine("</ul>"); } var metadata = HostContext.GetPlugin <MetadataFeature>(); var pluginLinks = metadata != null && metadata.PluginLinks.Count > 0 ? new ListTemplate { Title = metadata.PluginLinksTitle, ListItemsMap = ToAbsoluteUrls(metadata.PluginLinks), ListItemTemplate = @"<li><a href=""{0}"">{1}</a></li>" }.ToString() : ""; var debugOnlyInfo = HostContext.DebugMode && metadata != null && metadata.DebugLinks.Count > 0 ? new ListTemplate { Title = metadata.DebugLinksTitle, ListItemsMap = ToAbsoluteUrls(metadata.DebugLinks), ListItemTemplate = @"<li><a href=""{0}"">{1}</a></li>" }.ToString() : ""; var errorCount = HostContext.AppHost.StartUpErrors.Count; var plural = errorCount > 1 ? "s" : ""; var startupErrors = HostContext.DebugMode && errorCount > 0 ? $"<div class='error-popup'><a href='?debug=requestinfo'>Review {errorCount} Error{plural} on Startup</a></div>" : ""; var renderedTemplate = HtmlTemplates.Format( HtmlTemplates.GetIndexOperationsTemplate(), this.Title, this.XsdServiceTypesIndex, operationsPart, xsdsPart, StringBuilderCache.ReturnAndFree(wsdlTemplate), pluginLinks, debugOnlyInfo, Env.VersionString, startupErrors); output.Write(renderedTemplate); }
protected override void Render(HtmlTextWriter output) { var operationsPart = new TableTemplate { Title = "Operations:", Items = this.OperationNames, ForEachItem = RenderRow }.ToString(); var xsdsPart = new ListTemplate { Title = "XSDS:", ListItemsIntMap = this.Xsds, ListItemTemplate = @"<li><a href=""?xsd={0}"">{1}</a></li>" }.ToString(); var wsdlTemplate = new StringBuilder(); var soap11Config = MetadataConfig.GetMetadataConfig("soap11") as SoapMetadataConfig; var soap12Config = MetadataConfig.GetMetadataConfig("soap12") as SoapMetadataConfig; if (soap11Config != null || soap12Config != null) { wsdlTemplate.AppendLine("<h3>WSDLS:</h3>"); wsdlTemplate.AppendLine("<ul>"); if (soap11Config != null) { wsdlTemplate.AppendFormat( @"<li><a href=""{0}"">{0}</a></li>", soap11Config.WsdlMetadataUri); } if (soap12Config != null) { wsdlTemplate.AppendFormat( @"<li><a href=""{0}"">{0}</a></li>", soap12Config.WsdlMetadataUri); } wsdlTemplate.AppendLine("</ul>"); } var debugOnlyInfo = new StringBuilder(); if (EndpointHost.DebugMode) { debugOnlyInfo.Append("<h3>Debug Info:</h3>"); debugOnlyInfo.AppendLine("<ul>"); debugOnlyInfo.AppendLine("<li><a href=\"operations/metadata\">Operations Metadata</a></li>"); debugOnlyInfo.AppendLine("</ul>"); } var renderedTemplate = HtmlTemplates.Format( HtmlTemplates.IndexOperationsTemplate, this.Title, this.MetadataPageBodyHtml, this.XsdServiceTypesIndex, operationsPart, xsdsPart, wsdlTemplate, debugOnlyInfo); output.Write(renderedTemplate); }