public bool TryAuthorize(RavenBaseApiController controller, out HttpResponseMessage msg) { var requestUrl = controller.GetRequestUrl(); if (NeverSecret.IsNeverSecretUrl(requestUrl)) { msg = controller.GetEmptyMessage(); return(true); } //CORS pre-flight (ignore creds if using cors). if (Settings.AccessControlAllowOrigin.Count > 0 && controller.InnerRequest.Method.Method == "OPTIONS") { msg = controller.GetEmptyMessage(); return(true); } var oneTimeToken = controller.GetHeader("Single-Use-Auth-Token"); if (string.IsNullOrEmpty(oneTimeToken) == false) { return(TryAuthorizeSingleUseAuthToken(controller, oneTimeToken, out msg)); } var authHeader = controller.GetHeader("Authorization"); var hasApiKey = "True".Equals(controller.GetHeader("Has-Api-Key"), StringComparison.CurrentCultureIgnoreCase); var hasOAuthTokenInCookie = controller.HasCookie("OAuth-Token"); if (hasApiKey || hasOAuthTokenInCookie || string.IsNullOrEmpty(authHeader) == false && authHeader.StartsWith("Bearer ")) { return(oAuthRequestAuthorizer.TryAuthorize(controller, hasApiKey, IgnoreDb.Urls.Contains(requestUrl), out msg)); } return(windowsRequestAuthorizer.TryAuthorize(controller, IgnoreDb.Urls.Contains(requestUrl), out msg)); }
public IPrincipal GetUser(RavenBaseApiController controller) { if (controller.WasAlreadyAuthorizedUsingSingleAuthToken) { return(controller.User); } var hasApiKey = "True".Equals(controller.GetQueryStringValue("Has-Api-Key"), StringComparison.CurrentCultureIgnoreCase); var authHeader = controller.GetHeader("Authorization"); var hasOAuthTokenInCookie = controller.HasCookie("OAuth-Token"); if (hasApiKey || hasOAuthTokenInCookie || string.IsNullOrEmpty(authHeader) == false && authHeader.StartsWith("Bearer ")) { return(oAuthRequestAuthorizer.GetUser(controller, hasApiKey)); } return(windowsRequestAuthorizer.GetUser(controller)); }
public bool TryAuthorize(RavenBaseApiController controller, out HttpResponseMessage msg) { var requestUrl = controller.GetRequestUrl(); if (NeverSecret.IsNeverSecretUrl(requestUrl)) { msg = controller.GetEmptyMessage(); return true; } //CORS pre-flight (ignore creds if using cors). if (Settings.AccessControlAllowOrigin.Count > 0 && controller.InnerRequest.Method.Method == "OPTIONS") { msg = controller.GetEmptyMessage(); return true; } var oneTimeToken = controller.GetHeader("Single-Use-Auth-Token"); if (string.IsNullOrEmpty(oneTimeToken)) { oneTimeToken = controller.GetQueryStringValue("singleUseAuthToken"); } if (string.IsNullOrEmpty(oneTimeToken) == false) { return TryAuthorizeSingleUseAuthToken(controller, oneTimeToken, out msg); } var authHeader = controller.GetHeader("Authorization"); var hasApiKey = "True".Equals(controller.GetHeader("Has-Api-Key"), StringComparison.CurrentCultureIgnoreCase); var hasOAuthTokenInCookie = controller.HasCookie("OAuth-Token"); if (hasApiKey || hasOAuthTokenInCookie || string.IsNullOrEmpty(authHeader) == false && authHeader.StartsWith("Bearer ")) { return oAuthRequestAuthorizer.TryAuthorize(controller, hasApiKey, IgnoreDb.Urls.Contains(requestUrl), out msg); } return windowsRequestAuthorizer.TryAuthorize(controller, IgnoreDb.Urls.Contains(requestUrl), out msg); }