public bool TryAuthorize(RavenBaseApiController controller, out HttpResponseMessage msg)
        {
            var requestUrl = controller.GetRequestUrl();

            if (NeverSecret.IsNeverSecretUrl(requestUrl))
            {
                msg = controller.GetEmptyMessage();
                return(true);
            }

            //CORS pre-flight (ignore creds if using cors).
            if (Settings.AccessControlAllowOrigin.Count > 0 && controller.InnerRequest.Method.Method == "OPTIONS")
            {
                msg = controller.GetEmptyMessage();
                return(true);
            }

            var oneTimeToken = controller.GetHeader("Single-Use-Auth-Token");

            if (string.IsNullOrEmpty(oneTimeToken) == false)
            {
                return(TryAuthorizeSingleUseAuthToken(controller, oneTimeToken, out msg));
            }

            var authHeader            = controller.GetHeader("Authorization");
            var hasApiKey             = "True".Equals(controller.GetHeader("Has-Api-Key"), StringComparison.CurrentCultureIgnoreCase);
            var hasOAuthTokenInCookie = controller.HasCookie("OAuth-Token");

            if (hasApiKey || hasOAuthTokenInCookie ||
                string.IsNullOrEmpty(authHeader) == false && authHeader.StartsWith("Bearer "))
            {
                return(oAuthRequestAuthorizer.TryAuthorize(controller, hasApiKey, IgnoreDb.Urls.Contains(requestUrl), out msg));
            }
            return(windowsRequestAuthorizer.TryAuthorize(controller, IgnoreDb.Urls.Contains(requestUrl), out msg));
        }
예제 #2
0
        public IPrincipal GetUser(RavenBaseApiController controller)
        {
            if (controller.WasAlreadyAuthorizedUsingSingleAuthToken)
            {
                return(controller.User);
            }

            var hasApiKey             = "True".Equals(controller.GetQueryStringValue("Has-Api-Key"), StringComparison.CurrentCultureIgnoreCase);
            var authHeader            = controller.GetHeader("Authorization");
            var hasOAuthTokenInCookie = controller.HasCookie("OAuth-Token");

            if (hasApiKey || hasOAuthTokenInCookie ||
                string.IsNullOrEmpty(authHeader) == false && authHeader.StartsWith("Bearer "))
            {
                return(oAuthRequestAuthorizer.GetUser(controller, hasApiKey));
            }
            return(windowsRequestAuthorizer.GetUser(controller));
        }
예제 #3
0
        public bool TryAuthorize(RavenBaseApiController controller, out HttpResponseMessage msg)
		{
			var requestUrl = controller.GetRequestUrl();
			if (NeverSecret.IsNeverSecretUrl(requestUrl))
			{
				msg = controller.GetEmptyMessage();
				return true;
			}

			//CORS pre-flight (ignore creds if using cors).
			if (Settings.AccessControlAllowOrigin.Count > 0 && controller.InnerRequest.Method.Method == "OPTIONS")
			{
				msg = controller.GetEmptyMessage();
				return true;
			}

			var oneTimeToken = controller.GetHeader("Single-Use-Auth-Token");
            if (string.IsNullOrEmpty(oneTimeToken))
			{
			    oneTimeToken = controller.GetQueryStringValue("singleUseAuthToken");
			}

			if (string.IsNullOrEmpty(oneTimeToken) == false)
			{
                return TryAuthorizeSingleUseAuthToken(controller, oneTimeToken, out msg);
			}

			var authHeader = controller.GetHeader("Authorization");
			var hasApiKey = "True".Equals(controller.GetHeader("Has-Api-Key"), StringComparison.CurrentCultureIgnoreCase);
			var hasOAuthTokenInCookie = controller.HasCookie("OAuth-Token");
			if (hasApiKey || hasOAuthTokenInCookie ||
				string.IsNullOrEmpty(authHeader) == false && authHeader.StartsWith("Bearer "))
			{
				return oAuthRequestAuthorizer.TryAuthorize(controller, hasApiKey, IgnoreDb.Urls.Contains(requestUrl), out msg);
			}
			return windowsRequestAuthorizer.TryAuthorize(controller, IgnoreDb.Urls.Contains(requestUrl), out msg);
		}