public RaterModel Rate(Id entryId, float rating, User user, string ip)
{
LogService.Info("Rater.Rate entryId={0} rating={1} ip={2}", entryId, rating, ip);
if (!AuthorizeService.IsAuthorized(user, entryId.ToScope(), AuthAction.RateEntryOrMedia))
throw new UserNotAuthorizedException(user.Name, AuthAction.RateEntryOrMedia.ToString());
if (rating < 1 || rating > 5) throw new ArgumentOutOfRangeException("Rating value must be 1 thru 5.");
AtomEntry entry = AtomEntryRepository.GetEntry(entryId);
if (entry.Raters.Contains(ip)) throw new UserAlreadyRatedEntryException(ip, entry.Id.ToString());
entry.RatingCount++;
entry.RatingSum += (int)Math.Round(rating);
entry.Edited = DateTimeOffset.UtcNow;
List<string> raters = entry.Raters.ToList();
raters.Add(ip);
entry.Raters = raters;
entry = AtomEntryRepository.UpdateEntry(entry);
return new RaterModel()
{
PostHref = RouteService.RouteUrl("RaterRateEntry", entryId),
Rating = entry.Rating,
CanRate = false,
RatingCount = entry.RatingCount
};
}
/// <summary>
/// Get the scopes which the user is allowed to work with
/// based on their authorization.
/// </summary>
/// <param name="user"></param>
/// <returns></returns>
public IEnumerable<Scope> GetScopes(User user)
{
IList<Scope> scopes = new List<Scope>();
if (user == null) return scopes;
bool admin = false;
if (IsInRole(user, Scope.EntireSite, AuthRoles.Administrator))
{
scopes.Add(Scope.EntireSite);
admin = true;
}
foreach (AppWorkspace w in AppServiceRepository.GetService().Workspaces)
{
bool owner = false;
if (w.People.Intersect(user.Ids).Count() > 0 || admin)
{
scopes.Add(new Scope() { Workspace = w.Name ?? Atom.DefaultWorkspaceName });
owner = true;
}
foreach (AppCollection c in w.Collections)
{
if (c.People.Intersect(user.Ids).Count() > 0 || owner)
{
scopes.Add(new Scope() { Workspace = c.Id.Workspace, Collection = c.Id.Collection });
}
}
}
return scopes;
}
public User UpdateUser(User user)
{
User existingUser = GetUser(user.Ids.First());
if (existingUser != null)
{
users.Remove(existingUser);
}
users.Add(user);
return user;
}
public RaterModel GetRaterModel(Id entryId, User user, string ip)
{
bool auth = AuthorizeService.IsAuthorized(user, entryId.ToScope(), AuthAction.RateEntryOrMedia);
AtomEntry entry = AtomEntryRepository.GetEntry(entryId);
return new RaterModel()
{
PostHref = RouteService.RouteUrl("RaterRateEntry", entryId),
Rating = entry.Rating,
CanRate = auth && !entry.Raters.Contains(ip),
RatingCount = entry.RatingCount
};
}
public void CreateUser(User user)
{
User existingUser = GetUserOrNull(user.Ids.First());
if (existingUser == null)
{
users.Add(user);
}
else
{
throw new Exception("User already exists with name" + user.Name);
}
}
public void CreateWithIdTest()
{
User user = new User();
Assert.IsNotNull(user);
string idUri = "http://www.test.com";
user.Ids = new List<string> {idUri};
Assert.AreEqual(1, user.Ids.Count());
Assert.AreEqual(idUri, user.Ids.First());
}
/// <summary>
/// Gets all the roles for a user for the given scope. The roles for the user are collected
/// recursively by looking at the service, workspace, and collection levels.
/// </summary>
/// <param name="user"></param>
/// <param name="id"></param>
/// <returns></returns>
public AuthRoles GetRoles(User user, Scope scope)
{
AppService appService = AppServiceRepository.GetService();
AuthRoles roles = AuthRoles.None;
if (user != null && user.IsAuthenticated)
{
roles |= AuthRoles.User; //all authenticated are users
//if (scope.IsEntireSite)
//{
if (appService.Admins.Where(a => user.Ids.Select(i => i.ToUpperInvariant())
.Contains(a.ToUpperInvariant())).SingleOrDefault() != null) roles |= AuthRoles.Administrator;
//}
//else
if (!scope.IsEntireSite)
{
//get roles at workspace level
AppWorkspace ws = appService.GetWorkspace(scope.Workspace);
if (ws.Authors.Where(a => user.Ids.Select(i => i.ToUpperInvariant())
.Contains(a.ToUpperInvariant())).SingleOrDefault() != null) roles |= AuthRoles.Author;
if (ws.Contributors.Where(a => user.Ids.Select(i => i.ToUpperInvariant())
.Contains(a.ToUpperInvariant())).SingleOrDefault() != null) roles |= AuthRoles.Contributor;
if (scope.IsCollection) //continue at collection level getting scopes
{
AppCollection c = ws.GetCollection(scope.Collection);
if (c.Authors.Where(a => user.Ids.Select(i => i.ToUpperInvariant())
.Contains(a.ToUpperInvariant())).SingleOrDefault() != null)
roles |= AuthRoles.Author;
if (c.Contributors.Where(a => user.Ids.Select(i => i.ToUpperInvariant())
.Contains(a.ToUpperInvariant())).SingleOrDefault() != null)
roles |= AuthRoles.Contributor;
}
}
}
else
{
//all non-authenticated are anonymous
roles |= AuthRoles.Anonymous;
}
return roles;
}
//public int UsersCount { get; set; }
public string GetRoles(User u)
{
var roles = new List<string>();
var scopes = AuthorizeService.GetScopes(u);
foreach (Scope scope in scopes)
{
if (AuthorizeService.IsInRole(u, scope, AuthRoles.Administrator))
{
if (!roles.Contains("Admin")) roles.Add("Admin");
}
if (AuthorizeService.IsInRole(u, scope, AuthRoles.Author))
{
if (!roles.Contains("Author")) roles.Add("Author");
}
if (AuthorizeService.IsInRole(u, scope, AuthRoles.Contributor))
{
if (!roles.Contains("Contributor")) roles.Add("Contributor");
}
}
if (roles.Count == 0) roles.Add("User");
return string.Join(", ", roles.OrderBy(s => s).ToArray());
}
public void CreateWithDataTest()
{
User user = new User()
{
Base = new Uri("http://www.base.com"),
Email = "*****@*****.**",
Name = "fred",
FullName = "Fred Q Bloggs",
Lang = "EN",
Password = "******",
PasswordFormat = "plaintext"
};
Assert.IsNotNull(user);
Assert.AreEqual(new Uri("http://www.base.com"), user.Base);
Assert.AreEqual("*****@*****.**", user.Email);
Assert.AreEqual("fred", user.Name);
Assert.AreEqual("Fred Q Bloggs", user.FullName);
Assert.AreEqual("EN", user.Lang);
Assert.AreEqual("Secret", user.Password);
Assert.AreEqual("plaintext", user.PasswordFormat);
}
IList<User> ImportUsers(BlogMLBlog blog, AppService appSvc)
{
var users = new List<User>();
foreach (BlogMLAuthor author in blog.Authors)
{
LogProgress("Processing blog author with ID={0}", author.ID);
var user = UserRepository.GetUsersByEmail(author.Email).FirstOrDefault();
if (user == null) user = UserRepository.GetUser(author.ID);
if (user == null) user = UserRepository.GetUsersByName(author.Title).FirstOrDefault();
if (user != null)
{
LogProgress("User '{0}' already exists in system", author.Title);
var ids = user.Ids.ToList();
if (!ids.Contains(author.ID)) ids.Add(author.ID);
user.Ids = ids;
UserRepository.UpdateUser(user);
}
else
{
LogProgress("Existing user not found, creating new user '{0}'", author.Title);
user = new User();
user.Name = author.Title;
user.Email = author.Email;
user.Ids = new[] { author.ID };
UserRepository.CreateUser(user);
LogProgress("Making new user '{0}' an administrator", author.Title);
appSvc.AddAdmin(user.Ids.First());
}
users.Add(user);
}
return users;
}
public ActionResult EditUser(AdminUserModel m)
{
if (string.IsNullOrEmpty(m.Name) || m.Name.Trim().Length == 0)
{
this.ModelState.AddModelError("name", "The username is required.");
}
if (string.IsNullOrEmpty(m.Email) || m.Email.Trim().Length == 0)
{
this.ModelState.AddModelError("email", "The email is required.");
} //TODO: check valid email format
if (string.IsNullOrEmpty(m.Ids) || m.Ids.Trim().Length == 0)
{
this.ModelState.AddModelError("ids", "You must supply at least one Id.");
}
if (!string.IsNullOrEmpty(m.Password) && m.Password != m.ConfirmPassword)
{
this.ModelState.AddModelError("confirmPassword", "The passwords don't match. Please reconfirm.");
}
if (!string.IsNullOrEmpty(m.Uri) && !Uri.IsWellFormedUriString(m.Uri, UriKind.Absolute))
{
this.ModelState.AddModelError("uri", "The website address you've entered is not correct.");
}
if (this.ModelState.IsValid)
{
//TODO: support both ajax and full page
try
{
bool isNew = true;
User u = new User();
if (!string.IsNullOrEmpty(m.UserId))
{
u = UserRepository.GetUser(m.UserId);
if (u == null) throw new Exception("Can't find user to modify.");
else isNew = false;
}
u.Ids = m.Ids.Split(new string[] { Environment.NewLine }, StringSplitOptions.RemoveEmptyEntries).Select(id => id.Trim());
u.Name = m.Name;
u.FullName = m.FullName;
u.Email = m.Email;
if (!string.IsNullOrEmpty(m.Uri)) u.Uri = new Uri(m.Uri);
if (!string.IsNullOrEmpty(m.Password)) u.Password = m.Password;
m.UserId = u.Ids.First();
if (isNew) UserRepository.CreateUser(u);
else UserRepository.UpdateUser(u);
TempData["success"] = true;
return RedirectToAction("EditUser", new { userId = m.UserId });
}
catch (Exception ex)
{
m.Errors.Add(ex.Message);
}
}
else
{
m.Errors.Add("");
}
return View("AdminUser", "Admin", m);
}
public User UpdateUser(User user)
{
throw new NotImplementedException();
}
/// <summary>
/// Gets whether the user is authorized to perform the action within
/// the given context based on the role matrix. The role matrix
/// is first checked at the collection level and then it bubbles up
/// to the workspace level and onto the service level and then
/// finally the default built-in role matrix.
/// </summary>
/// <param name="user">The user.</param>
/// <param name="id">The entry Id or the collection Id.</param>
/// <param name="action">The action.</param>
/// <returns></returns>
public bool IsAuthorized(User user, Scope scope, AuthAction action)
{
return IsAuthorized(GetRoles(user, scope), scope, action);
}
public bool IsInRole(User user, Scope scope, AuthRoles role)
{
return (GetRoles(user, scope) & role) == role;
}
public void CreateUser(User user)
{
throw new NotImplementedException();
}
public static void AssertUsersEqual(User user, User testUser)
{
Assert.AreEqual(user.Name, testUser.Name);
Assert.AreEqual(user.FullName, testUser.FullName);
Assert.AreEqual(user.Email, testUser.Email);
Assert.AreEqual(user.Password, testUser.Password);
Assert.AreEqual(user.PasswordFormat, testUser.PasswordFormat);
}
private void UpdateBasicSettingsAndAllExistingData(WizardBasicSettingsModel m)
{
AppService appSvc = this.AppService;
//update service config, user config, and pages
appSvc.Base = new Uri(Request.Url.GetLeftPart(UriPartial.Authority) + Request.ApplicationPath);
if (!appSvc.Base.ToString().EndsWith("/")) appSvc.Base = new Uri(appSvc.Base.ToString() + "/");
appSvc.Admins = new[] { m.Name };
appSvc.Workspaces.First().Title = new AtomText() { Text = m.Owner };
appSvc.Workspaces.First().Subtitle = new AtomText() { Text = m.WorkspaceSubtitle };
LogService.Info("Removing old user 'Admin'");
UserRepository.DeleteUser("Admin");
LogService.Info("Removing old user '{0}'", m.Name);
UserRepository.DeleteUser(m.Name);
User user = new User()
{
Name = m.Name,
Email = m.Email,
Ids = new[] { m.Name },
Uri = appSvc.Base,
Password = m.Password,
PasswordFormat = "clear"
};
LogService.Info("Creating new user '{0}'", m.Name);
UserRepository.CreateUser(user);
foreach (string c in new[] { "blog", "pages", "media" })
{
LogService.Info("Updating collection '{0}' with new id and author information.", c);
AppCollection coll = appSvc.GetWorkspace().GetCollection(c);
//update blog title
if (c == "blog") coll.Title = new AtomText() { Text = m.BlogTitle };
//update include ids
foreach (XElement xid in appSvc.Xml.Descendants(Atom.SvcNs + "id"))
{
Id id = new Uri(((string)xid));
Id newId = new Id(m.Owner, m.Year.ToString(), c, id.EntryPath);
if (id.Collection == c) xid.SetValue(newId);
LogService.Info("Updating include id from {0} to {1}", id, newId);
}
//get entries to update later
int total;
IList<AtomEntry> entries = AtomEntryRepository.GetEntries(new EntryCriteria()
{
WorkspaceName = coll.Id.Workspace,
CollectionName = coll.Id.Collection,
Authorized = true
}, 0, int.MaxValue, out total).ToList();
//get annotations to update later
IList<AtomEntry> annotations = AtomEntryRepository.GetEntries(new EntryCriteria()
{
WorkspaceName = coll.Id.Workspace,
CollectionName = coll.Id.Collection,
Annotations = true,
Deep = false,
Authorized = true
}, 0, int.MaxValue, out total).ToList();
//must process annotations before entries
entries = annotations.Concat(entries).ToList();
//update collection id
Id newCollId = new Id(m.Owner, m.Year.ToString(), c);
LogService.Info("Updating collection id from {0} to {1}", coll.Id, newCollId);
coll.Id = newCollId;
bool newWorkspace = coll.Id.Workspace != Atom.DefaultWorkspaceName;
//save all with new id
foreach (AtomEntry entry in entries)
{
try
{
//update author based on email
if (entry.Authors.First().Email != null &&
(entry.Authors.First().Email.ToLower() == user.Email.ToLower() || entry.Authors.First().Email == "*****@*****.**"))
{
entry.Authors = new[] { user.ToAtomAuthor() };
}
//entry.Published = DateTimeOffset.Now;
//entry.Updated = DateTimeOffset.Now;
entry.Edited = DateTimeOffset.Now;
if (entry.Id.EntryPath == "About")
{
LogService.Info("Updating name on About page from Admin to {0}", m.Name);
entry.Content.Text = entry.Content.Text.Replace(" Admin ", string.Format(" {0} ", m.Name));
}
if (entry.Id.EntryPath == "Contact")
{
LogService.Info("Updating email on Contact page from [email protected] to {0}", m.Name);
entry.Content.Text = entry.Content.Text.Replace("*****@*****.**", m.Name);
}
//fix links http://localhost:1333 to new address
string xmlstr = entry.Xml.ToString();
xmlstr = xmlstr.Replace("http://localhost:1333/", appSvc.Base.ToString());
entry.Xml = XElement.Parse(xmlstr);
//entry.Content.Xml.DescendantNodesAndSelf().Where(n => n.NodeType == System.Xml.XmlNodeType.Attribute)
// .Cast<XAttribute>()
// .Where(a => a.Value.Contains("http://localhost:1333/")).ToList()
// .ForEach(a => a.Value = a.Value.Replace("http://localhost:1333/", appSvc.Base.ToString()));
Id oldId = entry.Id;
if (newWorkspace)
{
LogService.Info("Workspace name is changed to {0}", appSvc.Workspaces.First().Name);
appSvc.Workspaces.First().Name = coll.Id.Workspace;
if (!entry.Media)
{
if (coll.Dated)
entry.Id = new Id(m.Owner, entry.Id.Date, c, entry.Id.EntryPath);
else
entry.Id = new Id(m.Owner, m.Year.ToString(), c, entry.Id.EntryPath);
LogService.Info("Creating entry with id from {0} to {1}", oldId, entry.Id);
AtomEntryRepository.CreateEntry(entry);
//delte old entry
AtomEntryRepository.DeleteEntry(oldId);
}
else
{
using (Stream s = MediaRepository.GetMedia(entry))
{
if (coll.Dated)
entry.Id = new Id(m.Owner, entry.Id.Date, c, entry.Id.EntryPath);
else
entry.Id = new Id(m.Owner, m.Year.ToString(), c, entry.Id.EntryPath);
LogService.Info("Creating media with id from {0} to {1}", oldId, entry.Id);
MediaRepository.CreateMedia(entry, s);
}
//delete old media
entry.Id = oldId;
MediaRepository.DeleteMedia(entry);
}
}
else
{
//just update
if (coll.Dated)
entry.Id = new Id(m.Owner, entry.Id.Date, c, entry.Id.EntryPath);
else
entry.Id = new Id(m.Owner, m.Year.ToString(), c, entry.Id.EntryPath);
LogService.Info("Updating entry id from {0} to {1}", oldId, entry.Id);
AtomEntryRepository.UpdateEntry(entry);
}
}
catch (Exception ex)
{
LogService.Error(ex);
}
}
}
appSvc = AppServiceRepository.UpdateService(appSvc);
}
public static User MakeTestUser()
{
string userGuid = Guid.NewGuid().ToString();
User newUser = new User
{
Email = userGuid + "@test.com",
Name = userGuid,
FullName = "Mr " + userGuid + " Bloggs",
Lang = "EN",
Password = "******",
PasswordFormat = "plaintext",
};
return newUser;
}
public virtual void Authenticate(ServerApp app)
{
HttpContext ctx = app.Context;
//only authenticate when not already authenticated since this works side by side with forms auth
if (ctx.User == null || ctx.User.Identity == null || !ctx.User.Identity.IsAuthenticated)
{
//detect authenticated response for open id
var openid = new OpenIdRelyingParty();
var response = openid.GetResponse();
if (response != null && response.Status == AuthenticationStatus.Authenticated)
{
User user = UserRepository.GetUser(response.ClaimedIdentifier);
bool newUser = (user == null);
if (newUser) user = new User()
{
Ids = new string[] { response.ClaimedIdentifier },
Name = response.FriendlyIdentifierForDisplay
};
//Update user information
ClaimsResponse fetch = response.GetExtension<ClaimsResponse>();
if (fetch != null)
{
if (!string.IsNullOrEmpty(fetch.Nickname)) user.Name = fetch.Nickname;
if (!string.IsNullOrEmpty(fetch.Email)) user.Email = fetch.Email;
}
if (newUser) UserRepository.CreateUser(user);
else UserRepository.UpdateUser(user);
FormsAuthentication.SetAuthCookie(response.ClaimedIdentifier, false);
//FormsAuthentication.RedirectFromLoginPage(openid.Response.ClaimedIdentifier, false);
//send back to the right page
string returnUrl = ctx.Request.QueryString["ReturnUrl"];
if (!string.IsNullOrEmpty(returnUrl))
{
returnUrl = HttpUtility.UrlDecode(returnUrl);
ctx.Response.Redirect(returnUrl);
}
}
else if (response != null && response.Status != AuthenticationStatus.Authenticated)
{
LogService.Error("Open ID authentication for {0} was unsuccessful with status of {1}.",
response.FriendlyIdentifierForDisplay, response.Status.ToString());
//FormsAuthentication.RedirectToLoginPage("error=" + HttpUtility.UrlEncode("Open ID authentication was unsuccessful."));
string returnUrl = ctx.Request.QueryString["ReturnUrl"];
ctx.Response.Redirect(FormsAuthentication.LoginUrl + "?ReturnUrl="
+ HttpUtility.UrlEncode(returnUrl) + "&error=" + HttpUtility.UrlEncode("Open ID authentication was unsuccessful."));
}
else if (ctx.User == null || ctx.User.Identity == null)
{
//set to anon
ctx.User = new GenericPrincipal(
new User() { Name = string.Empty }, new string[0]);
}
//detect login request for open id
string identifier = ctx.Request.Form["openid_identifier"];
if (!string.IsNullOrEmpty(identifier))
{
try
{
var req = openid.CreateRequest(Identifier.Parse(identifier));
var fields = new ClaimsRequest();
fields.Email = DemandLevel.Require;
fields.Nickname = DemandLevel.Require;
req.AddExtension(fields);
req.RedirectToProvider();
}
catch (ProtocolException pe)
{
LogService.Error(pe);
//FormsAuthentication.RedirectToLoginPage("error=" + HttpUtility.UrlEncode(oie.Message));
string returnUrl = ctx.Request.QueryString["ReturnUrl"];
ctx.Response.Redirect(FormsAuthentication.LoginUrl + "?ReturnUrl="
+ HttpUtility.UrlEncode(returnUrl) + "&error=" + HttpUtility.UrlEncode(pe.Message));
}
}
}
}
public void CreateTest()
{
User user = new User();
Assert.IsNotNull(user);
}
