public RESTProxy(ProxyConfiguration config)
{
_config = config;
_formDigest = RequestFormDigest();
}
public HttpResponseMessage Post(ActivityFeedAPIFormUploadModel data)
{
var cleanData = new ActivityFeedAPIFormUploadModel();
foreach (var propertyName in data.GetType().GetProperties())
{
var element = data.GetType().GetProperty(propertyName.Name).GetValue(data, null);
dynamic cleanValue = null;
// validate any strings that may come in.
// Any property value of the data object that doesn't match the property type of the APIRequestUploadModel
// will be "kicked out," meaning C# will ignore the value passed and will set it to some valid
// default value in APIRequestUploadModel. If a property like MonthlyUsers (int) is sent as a string
// when C# converts the data into the UploadModel, the MonthlyUsers will default to the value 0.
// Therefore, we really only need to check Strings, since those can be used to pass malicious values.
if (element != null && propertyName.PropertyType.Name == "String")
{
cleanValue = AntiXssEncoder.HtmlEncode(element.ToString(), true);
}
else
{
// we are only worried about Strings, so any null or non-String value we can safely pass on.
cleanValue = element;
}
// if element is null, obviously no validation needed.
cleanData
.GetType()
.GetProperty(propertyName.Name)
.SetValue(cleanData, cleanValue);
}
var result = new ActivityFeedAPIFormResultObject();
try {
var config = new ProxyConfiguration(_contentManager, _encryptionService, ProxySettingTypes.APISubmission);
var proxy = new RESTProxy(config);
var newItemId = proxy.Send(new JsonDTOApiSubmission
{
Title = string.Concat(cleanData.CompanyName, "_", DateTime.Now.ToString("yyyyMMdd")),
SubmissionFirstName = cleanData.FirstName,
SubmissionLastName = cleanData.LastName,
SubmissionEmail = cleanData.Email,
SubmissionPhone = cleanData.Phone,
SubmissionCompanyName = cleanData.CompanyName,
SubmissionCompanyAddress = cleanData.CompanyAddress,
SubmissionCountry = cleanData.Country,
SubmissionState = cleanData.State,
SubmissionCity = cleanData.City,
SubmissionPostCode = cleanData.PostCode,
ProductPageUrl = new UrlDTO { Url = cleanData.PageUrl, Description = "" },
PlatformIntegrationDescription = data.PlatformIntegrationDescription,
SubmissionScenario = data.Scenarios,
MonthlyUsers = cleanData.MonthlyUsers,
DailyUsers = cleanData.DailyUsers,
Current365Customers = cleanData.Current365Customers,
Future365Customers = cleanData.Future365Customers,
IsvPartner = cleanData.IsvPartner
});
result.Success = true;
try
{
//Nested try because an exception from sending mail could be anything
//and we don't want to tell the user we failed if sending the email fails
//NOTE Email will not be sent if no From address
new MailHelper(_contentManager, _encryptionService).SendActivityFeedApiEmail(cleanData.Email, cleanData.FirstName);
}
catch(Exception exception)
{
Logger.Error(exception, string.Format("Error sending activity feed api email to {0}", cleanData.Email));
}
}
catch (Exception exception)
{
result.Error = exception.Message;
}
var response = Request.CreateResponse(HttpStatusCode.OK, result, new System.Net.Http.Headers.MediaTypeHeaderValue("application/json"));
return response;
}