public async Task SerializeToStreamAsync(IRequest req, object response, Stream outputStream)
{
var res = req.Response;
if (req.GetItem("HttpResult") is IHttpResult httpResult && httpResult.Headers.ContainsKey(HttpHeaders.Location) &&
httpResult.StatusCode != System.Net.HttpStatusCode.Created)
{
return;
}
try
{
if (res.StatusCode >= 400)
{
var responseStatus = response.GetResponseStatus();
req.Items[ErrorStatusKey] = responseStatus;
}
if (response is CompressedResult)
{
if (res.Dto != null)
{
response = res.Dto;
}
else
{
throw new ArgumentException("Cannot use Cached Result as ViewModel");
}
}
foreach (var viewEngine in AppHost.ViewEngines)
{
var handled = await viewEngine.ProcessRequestAsync(req, response, outputStream);
if (handled)
{
return;
}
}
}
catch (Exception ex)
{
if (res.StatusCode < 400)
{
throw;
}
//If there was an exception trying to render a Error with a View,
//It can't handle errors so just write it out here.
response = DtoUtils.CreateErrorResponse(req.Dto, ex);
}
//Handle Exceptions returning string
if (req.ResponseContentType == MimeTypes.PlainText)
{
req.ResponseContentType = MimeTypes.Html;
res.ContentType = MimeTypes.Html;
}
if (req.ResponseContentType != MimeTypes.Html && req.ResponseContentType != MimeTypes.JsonReport)
{
return;
}
var dto = response.GetDto();
if (!(dto is string html))
{
// Serialize then escape any potential script tags to avoid XSS when displaying as HTML
var json = JsonDataContractSerializer.Instance.SerializeToString(dto) ?? "null";
json = json.Replace("<", "<").Replace(">", ">");
var url = req.ResolveAbsoluteUrl()
.Replace("format=html", "")
.Replace("format=shtm", "")
.TrimEnd('?', '&');
url += url.Contains("?") ? "&" : "?";
var now = DateTime.UtcNow;
var requestName = req.OperationName ?? dto.GetType().GetOperationName();
html = HtmlTemplates.GetHtmlFormatTemplate()
.Replace("${Dto}", json)
.Replace("${Title}", string.Format(TitleFormat, requestName, now))
.Replace("${MvcIncludes}", MiniProfiler.Profiler.RenderIncludes().ToString())
.Replace("${Header}", string.Format(HtmlTitleFormat, requestName, now))
.Replace("${ServiceUrl}", url)
.Replace("${Humanize}", Humanize.ToString().ToLower());
}
var utf8Bytes = html.ToUtf8Bytes();
await outputStream.WriteAsync(utf8Bytes, 0, utf8Bytes.Length);
}
public override async Task <object> AuthenticateAsync(IServiceBase authService, IAuthSession session, Authenticate request, CancellationToken token = default)
{
var tokens = Init(authService, ref session, request);
//Transferring AccessToken/Secret from Mobile/Desktop App to Server
if (request?.AccessToken != null && VerifyAccessToken != null)
{
if (!VerifyAccessToken(request.AccessToken))
{
return(HttpError.Unauthorized("AccessToken is not for client_id: " + ConsumerKey));
}
var isHtml = authService.Request.IsHtml();
var failedResult = await AuthenticateWithAccessTokenAsync(authService, session, tokens, request.AccessToken, token : token).ConfigAwait();
if (failedResult != null)
{
return(ConvertToClientError(failedResult, isHtml));
}
return(isHtml
? authService.Redirect(SuccessRedirectUrlFilter(this, session.ReferrerUrl.SetParam("s", "1")))
: null); //return default AuthenticateResponse
}
var httpRequest = authService.Request;
var error = httpRequest.GetQueryStringOrForm("error_reason")
?? httpRequest.GetQueryStringOrForm("error")
?? httpRequest.GetQueryStringOrForm("error_code")
?? httpRequest.GetQueryStringOrForm("error_description");
var hasError = !error.IsNullOrEmpty();
if (hasError)
{
var httpParams = HttpUtils.HasRequestBody(httpRequest.Verb)
? httpRequest.QueryString
: httpRequest.FormData;
Log.Error($"OAuth2 Error callback. {httpParams}");
return(authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.SetParam("f", error))));
}
var code = httpRequest.GetQueryStringOrForm(Keywords.Code);
var isPreAuthCallback = !code.IsNullOrEmpty();
if (!isPreAuthCallback)
{
var oauthstate = session.Id;
var preAuthUrl = AuthorizeUrl
.AddQueryParam("response_type", "code")
.AddQueryParam("client_id", ConsumerKey)
.AddQueryParam("redirect_uri", this.CallbackUrl)
.AddQueryParam("scope", string.Join(" ", Scopes))
.AddQueryParam(Keywords.State, oauthstate);
if (ResponseMode != null)
{
preAuthUrl = preAuthUrl.AddQueryParam("response_mode", ResponseMode);
}
if (session is AuthUserSession authSession)
{
(authSession.Meta ?? (authSession.Meta = new Dictionary <string, string>()))["oauthstate"] = oauthstate;
}
await this.SaveSessionAsync(authService, session, SessionExpiry, token).ConfigAwait();
return(authService.Redirect(PreAuthUrlFilter(this, preAuthUrl)));
}
try
{
var state = httpRequest.GetQueryStringOrForm(Keywords.State);
if (state != null && session is AuthUserSession authSession)
{
if (authSession.Meta == null)
{
authSession.Meta = new Dictionary <string, string>();
}
if (authSession.Meta.TryGetValue("oauthstate", out var oauthState) && state != oauthState)
{
return(authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.SetParam("f", "InvalidState"))));
}
authSession.Meta.Remove("oauthstate");
}
var contents = await GetAccessTokenJsonAsync(code, token).ConfigAwait();
var authInfo = (Dictionary <string, object>)JSON.parse(contents);
var accessToken = (string)authInfo["access_token"];
var redirectUrl = SuccessRedirectUrlFilter(this, session.ReferrerUrl.SetParam("s", "1"));
var errorResult = await AuthenticateWithAccessTokenAsync(authService, session, tokens, accessToken, authInfo, token).ConfigAwait();
if (errorResult != null)
{
return(errorResult);
}
//Haz Access!
if (HostContext.Config?.UseSameSiteCookies == true)
{
// Workaround Set-Cookie HTTP Header not being honoured in 302 Redirects
var redirectHtml = HtmlTemplates.GetHtmlRedirectTemplate(redirectUrl);
return(new HttpResult(redirectHtml, MimeTypes.Html));
}
return(authService.Redirect(redirectUrl));
}
catch (WebException we)
{
var errorBody = await we.GetResponseBodyAsync(token).ConfigAwait();
Log.Error($"Failed to get Access Token for '{Provider}': {errorBody}");
var statusCode = ((HttpWebResponse)we.Response).StatusCode;
if (statusCode == HttpStatusCode.BadRequest)
{
return(authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.SetParam("f", "AccessTokenFailed"))));
}
}
//Shouldn't get here
return(authService.Redirect(FailedRedirectUrlFilter(this, session.ReferrerUrl.SetParam("f", "Unknown"))));
}
protected override void Render(HtmlTextWriter output)
{
var operationsPart = new TableTemplate
{
Title = "Operations",
Items = this.OperationNames,
ForEachItem = RenderRow
}.ToString();
var xsdsPart = new ListTemplate
{
Title = "XSDS:",
ListItemsIntMap = this.Xsds,
ListItemTemplate = @"<li><a href=""?xsd={0}"">{1}</a></li>"
}.ToString();
var wsdlTemplate = new StringBuilder();
var soap11Config = MetadataConfig.GetMetadataConfig("soap11") as SoapMetadataConfig;
var soap12Config = MetadataConfig.GetMetadataConfig("soap12") as SoapMetadataConfig;
if (soap11Config != null || soap12Config != null)
{
wsdlTemplate.AppendLine("<h3>WSDLS:</h3>");
wsdlTemplate.AppendLine("<ul>");
if (soap11Config != null)
{
wsdlTemplate.AppendFormat(
@"<li><a href=""{0}"">{0}</a></li>",
soap11Config.WsdlMetadataUri);
}
if (soap12Config != null)
{
wsdlTemplate.AppendFormat(
@"<li><a href=""{0}"">{0}</a></li>",
soap12Config.WsdlMetadataUri);
}
wsdlTemplate.AppendLine("</ul>");
}
var metadata = HostContext.GetPlugin <MetadataFeature>();
var pluginLinks = metadata != null && metadata.PluginLinks.Count > 0
? new ListTemplate {
Title = metadata.PluginLinksTitle,
ListItemsMap = metadata.PluginLinks,
ListItemTemplate = @"<li><a href=""{0}"">{1}</a></li>"
}.ToString()
: "";
var debugOnlyInfo = HostContext.DebugMode && metadata != null && metadata.DebugLinks.Count > 0
? new ListTemplate {
Title = metadata.DebugLinksTitle,
ListItemsMap = metadata.DebugLinks,
ListItemTemplate = @"<li><a href=""{0}"">{1}</a></li>"
}.ToString()
: "";
var renderedTemplate = HtmlTemplates.Format(
HtmlTemplates.GetIndexOperationsTemplate(),
this.Title,
this.XsdServiceTypesIndex,
operationsPart,
xsdsPart,
wsdlTemplate,
pluginLinks,
debugOnlyInfo);
output.Write(renderedTemplate);
}
public static string Editor(
Context context,
SiteSettings ss,
WikiModel wikiModel,
bool editInDialog = false)
{
var invalid = WikiValidators.OnEditing(
context: context,
ss: ss,
wikiModel: wikiModel);
switch (invalid)
{
case Error.Types.None: break;
default: return(HtmlTemplates.Error(context, invalid));
}
var hb = new HtmlBuilder();
ss.SetColumnAccessControls(
context: context,
mine: wikiModel.Mine(context: context));
return(editInDialog
? hb.DialogEditorForm(
context: context,
siteId: wikiModel.SiteId,
referenceId: wikiModel.WikiId,
action: () => hb
.FieldSetGeneral(
context: context,
ss: ss,
wikiModel: wikiModel,
editInDialog: editInDialog))
.ToString()
: hb.Template(
context: context,
ss: ss,
view: null,
verType: wikiModel.VerType,
methodType: wikiModel.MethodType,
siteId: wikiModel.SiteId,
parentId: ss.ParentId,
referenceType: "Wikis",
title: wikiModel.MethodType == BaseModel.MethodTypes.New
? Displays.New(context: context)
: wikiModel.Title.DisplayValue,
useTitle: ss.TitleColumns?.Any(o => ss.EditorColumns.Contains(o)) == true,
userScript: ss.EditorScripts(
context: context, methodType: wikiModel.MethodType),
userStyle: ss.EditorStyles(
context: context, methodType: wikiModel.MethodType),
action: () => hb
.Editor(
context: context,
ss: ss,
wikiModel: wikiModel)
.Hidden(controlId: "TableName", value: "Wikis")
.Hidden(controlId: "Controller", value: context.Controller)
.Hidden(controlId: "Id", value: wikiModel.WikiId.ToString())
.Hidden(controlId: "TriggerRelatingColumns", value: Jsons.ToJson(ss.RelatingColumns))
.Hidden(controlId: "DropDownSearchPageSize", value: Parameters.General.DropDownSearchPageSize.ToString()))
.ToString());
}
private HtmlTemplate GetDefaultTemplate(HtmlTemplateType templateType)
{
return(HtmlTemplates.FindByStoreAndType(0, templateType));
}
public void SerializeToStream(IRequest request, object response, IResponse httpRes)
{
var httpResult = request.GetItem("HttpResult") as IHttpResult;
if (httpResult != null && httpResult.Headers.ContainsKey(HttpHeaders.Location))
{
return;
}
try
{
if (httpRes.StatusCode >= 400)
{
var responseStatus = response.GetResponseStatus();
request.Items[ErrorStatusKey] = responseStatus;
}
if (AppHost.ViewEngines.Any(x => x.ProcessRequest(request, httpRes, response)))
{
return;
}
}
catch (Exception ex)
{
if (httpRes.StatusCode < 400)
{
throw;
}
//If there was an exception trying to render a Error with a View,
//It can't handle errors so just write it out here.
response = DtoUtils.CreateErrorResponse(request.Dto, ex);
}
if (request.ResponseContentType != MimeTypes.Html &&
request.ResponseContentType != MimeTypes.JsonReport)
{
return;
}
var dto = response.GetDto();
var html = dto as string;
if (html == null)
{
// Serialize then escape any potential script tags to avoid XSS when displaying as HTML
var json = JsonDataContractSerializer.Instance.SerializeToString(dto) ?? "null";
json = json.Replace("<", "<").Replace(">", ">");
var url = request.AbsoluteUri
.Replace("format=html", "")
.Replace("format=shtm", "")
.TrimEnd('?', '&');
url += url.Contains("?") ? "&" : "?";
var now = DateTime.UtcNow;
var requestName = request.OperationName ?? dto.GetType().GetOperationName();
html = HtmlTemplates.GetHtmlFormatTemplate()
.Replace("${Dto}", json)
.Replace("${Title}", string.Format(TitleFormat, requestName, now))
.Replace("${MvcIncludes}", MiniProfiler.Profiler.RenderIncludes().ToString())
.Replace("${Header}", string.Format(HtmlTitleFormat, requestName, now))
.Replace("${ServiceUrl}", url);
}
var utf8Bytes = html.ToUtf8Bytes();
httpRes.OutputStream.Write(utf8Bytes, 0, utf8Bytes.Length);
}
protected override void Render(HtmlTextWriter output)
{
var operationsPart = new TableTemplate
{
Title = "Operations",
Items = this.OperationNames,
ForEachItem = RenderRow
}.ToString();
#if !NETSTANDARD2_0
var xsdsPart = new ListTemplate
{
Title = "XSDS:",
ListItemsIntMap = this.Xsds,
ListItemTemplate = @"<li><a href=""?xsd={0}"">{1}</a></li>"
}.ToString();
#else
var xsdsPart = "";
#endif
var wsdlTemplate = StringBuilderCache.Allocate();
var soap11Config = MetadataConfig.GetMetadataConfig("soap11") as SoapMetadataConfig;
var soap12Config = MetadataConfig.GetMetadataConfig("soap12") as SoapMetadataConfig;
if (soap11Config != null || soap12Config != null)
{
wsdlTemplate.AppendLine("<h3>WSDLS:</h3>");
wsdlTemplate.AppendLine("<ul>");
if (soap11Config != null)
{
wsdlTemplate.AppendFormat(
@"<li><a href=""{0}"">{0}</a></li>",
soap11Config.WsdlMetadataUri);
}
if (soap12Config != null)
{
wsdlTemplate.AppendFormat(
@"<li><a href=""{0}"">{0}</a></li>",
soap12Config.WsdlMetadataUri);
}
wsdlTemplate.AppendLine("</ul>");
}
var metadata = HostContext.GetPlugin <MetadataFeature>();
var pluginLinks = metadata != null && metadata.PluginLinks.Count > 0
? new ListTemplate
{
Title = metadata.PluginLinksTitle,
ListItemsMap = ToAbsoluteUrls(metadata.PluginLinks),
ListItemTemplate = @"<li><a href=""{0}"">{1}</a></li>"
}.ToString()
: "";
var debugOnlyInfo = HostContext.DebugMode && metadata != null && metadata.DebugLinks.Count > 0
? new ListTemplate
{
Title = metadata.DebugLinksTitle,
ListItemsMap = ToAbsoluteUrls(metadata.DebugLinks),
ListItemTemplate = @"<li><a href=""{0}"">{1}</a></li>"
}.ToString()
: "";
var errorCount = HostContext.AppHost.StartUpErrors.Count;
var plural = errorCount > 1 ? "s" : "";
var startupErrors = HostContext.DebugMode && errorCount > 0
? $"<div class='error-popup'><a href='?debug=requestinfo'>Review {errorCount} Error{plural} on Startup</a></div>"
: "";
var renderedTemplate = HtmlTemplates.Format(
HtmlTemplates.GetIndexOperationsTemplate(),
this.Title,
this.XsdServiceTypesIndex,
operationsPart,
xsdsPart,
StringBuilderCache.ReturnAndFree(wsdlTemplate),
pluginLinks,
debugOnlyInfo,
Env.VersionString,
startupErrors);
output.Write(renderedTemplate);
}
protected override void Render(HtmlTextWriter output)
{
var operationsPart = new TableTemplate
{
Title = "Operations:",
Items = this.OperationNames,
ForEachItem = RenderRow
}.ToString();
var xsdsPart = new ListTemplate
{
Title = "XSDS:",
ListItemsIntMap = this.Xsds,
ListItemTemplate = @"<li><a href=""?xsd={0}"">{1}</a></li>"
}.ToString();
var wsdlTemplate = new StringBuilder();
var soap11Config = MetadataConfig.GetMetadataConfig("soap11") as SoapMetadataConfig;
var soap12Config = MetadataConfig.GetMetadataConfig("soap12") as SoapMetadataConfig;
if (soap11Config != null || soap12Config != null)
{
wsdlTemplate.AppendLine("<h3>WSDLS:</h3>");
wsdlTemplate.AppendLine("<ul>");
if (soap11Config != null)
{
wsdlTemplate.AppendFormat(
@"<li><a href=""{0}"">{0}</a></li>",
soap11Config.WsdlMetadataUri);
}
if (soap12Config != null)
{
wsdlTemplate.AppendFormat(
@"<li><a href=""{0}"">{0}</a></li>",
soap12Config.WsdlMetadataUri);
}
wsdlTemplate.AppendLine("</ul>");
}
var debugOnlyInfo = new StringBuilder();
if (EndpointHost.DebugMode)
{
debugOnlyInfo.Append("<h3>Debug Info:</h3>");
debugOnlyInfo.AppendLine("<ul>");
debugOnlyInfo.AppendLine("<li><a href=\"operations/metadata\">Operations Metadata</a></li>");
debugOnlyInfo.AppendLine("</ul>");
}
var renderedTemplate = HtmlTemplates.Format(
HtmlTemplates.IndexOperationsTemplate,
this.Title,
this.MetadataPageBodyHtml,
this.XsdServiceTypesIndex,
operationsPart,
xsdsPart,
wsdlTemplate,
debugOnlyInfo);
output.Write(renderedTemplate);
}
