public override void Uninstall()
{
WebApiCachingControllingData.Remove();
WebApiCachingUserData.Remove();
_settingService.DeleteSetting <WebApiSettings>();
base.Uninstall();
}
public override void Install()
{
_settingService.SaveSetting(new WebApiSettings());
_localizationService.ImportPluginResourcesFromXml(PluginDescriptor);
base.Install();
WebApiCachingControllingData.Remove();
WebApiCachingUserData.Remove();
}
public override void Uninstall()
{
WebApiCachingControllingData.Remove();
WebApiCachingUserData.Remove();
_settingService.DeleteSetting <WebApiSettings>();
_permissionService.UninstallPermissions(new WebApiPermissionProvider());
base.Uninstall();
}
public ActionResult GridUserData(GridCommand command)
{
var customerQuery = _webApiPluginService.GetCustomers();
var cachedUsers = WebApiCachingUserData.Data().ToDictionarySafe(x => x.CustomerId, x => x);
var yes = T("Admin.Common.Yes");
var no = T("Admin.Common.No");
var apiUsers = customerQuery
.Select(x => new WebApiUserModel
{
Id = x.Id,
Username = x.Username,
Email = x.Email,
AdminComment = x.AdminComment
})
.ForCommand(command);
var pagedApiUsers = apiUsers.PagedForCommand(command).ToList();
foreach (var user in pagedApiUsers)
{
if (cachedUsers.ContainsKey(user.Id))
{
var cachedUser = cachedUsers[user.Id];
user.PublicKey = cachedUser.PublicKey;
user.SecretKey = cachedUser.SecretKey;
user.Enabled = cachedUser.Enabled;
user.EnabledFriendly = (cachedUser.Enabled ? yes : no);
if (cachedUser.LastRequest.HasValue)
{
user.LastRequestDateFriendly = cachedUser.LastRequest.Value.RelativeFormat(true, "f");
}
else
{
user.LastRequestDateFriendly = "-";
}
}
}
var model = new GridModel <WebApiUserModel>
{
Data = pagedApiUsers,
Total = apiUsers.Count()
};
return(new JsonResult {
Data = model
});
}
public override void Uninstall()
{
WebApiCachingControllingData.Remove();
WebApiCachingUserData.Remove();
_settingService.DeleteSetting <WebApiSettings>();
_permissionService.UninstallPermissions(new WebApiPermissionProvider());
_localizationService.DeleteLocaleStringResources(this.PluginDescriptor.ResourceRootKey);
_localizationService.DeleteLocaleStringResources("Plugins.FriendlyName.Api.WebApi", false);
base.Uninstall();
}
public IPagedList <WebApiUserModel> GetUsers(int pageIndex, int pageSize)
{
var registeredRoleId = _customerService.GetCustomerRoleBySystemName(SystemCustomerRoleNames.Registered).Id;
var query =
from c in _customers.Table
join a in
(
from a in _genericAttributes.Table
where a.KeyGroup == "Customer" && a.Key == WebApiCachingUserData.Key
select a
)
on c.Id equals a.EntityId into ga
from a in ga.DefaultIfEmpty()
where !c.Deleted && c.CustomerRoles.Select(r => r.Id).Contains(registeredRoleId)
orderby a.Value descending
select new WebApiUserModel
{
Id = c.Id,
Username = c.Username,
Email = c.Email,
AdminComment = c.AdminComment
};
var lst = new PagedList <WebApiUserModel>(query, pageIndex, pageSize);
var cacheData = WebApiCachingUserData.Data();
foreach (var itm in lst)
{
var cacheItem = cacheData.FirstOrDefault(x => x.CustomerId == itm.Id);
if (cacheItem != null)
{
itm.PublicKey = cacheItem.PublicKey;
itm.SecretKey = cacheItem.SecretKey;
itm.Enabled = cacheItem.Enabled;
if (cacheItem.LastRequest.HasValue)
{
itm.LastRequest = cacheItem.LastRequest.ToLocalTime();
}
else
{
itm.LastRequest = null;
}
}
}
return(lst);
}
public override void Install()
{
_permissionService.InstallPermissions(new WebApiPermissionProvider());
var apiSettings = new WebApiSettings
{
LogUnauthorized = true,
ValidMinutePeriod = WebApiGlobal.DefaultTimePeriodMinutes
};
_settingService.SaveSetting <WebApiSettings>(apiSettings);
_localizationService.ImportPluginResourcesFromXml(this.PluginDescriptor);
base.Install();
WebApiCachingControllingData.Remove();
WebApiCachingUserData.Remove();
}
public void RemoveKeys(int customerId)
{
if (customerId != 0)
{
var data = (
from a in _genericAttributes.Table
where a.EntityId == customerId && a.KeyGroup == "Customer" && a.Key == WebApiCachingUserData.Key
select a).ToList();
if (data.Count > 0)
{
foreach (var itm in data)
{
_genericAttributeService.DeleteAttribute(itm);
}
WebApiCachingUserData.Remove();
}
}
}
public void EnableOrDisableUser(int customerId, bool enable)
{
if (customerId != 0)
{
var cacheData = WebApiCachingUserData.Data();
var apiUser = cacheData.FirstOrDefault(x => x.CustomerId == customerId);
if (apiUser != null)
{
apiUser.Enabled = enable;
var attribute = _genericAttributeService.GetAttributeById(apiUser.GenericAttributeId);
if (attribute != null)
{
attribute.Value = apiUser.ToString();
_genericAttributeService.UpdateAttribute(attribute);
}
}
}
}
public bool CreateKeys(int customerId)
{
if (customerId != 0)
{
var hmac = new HmacAuthentication();
var userData = WebApiCachingUserData.Data();
string key1, key2;
for (int i = 0; i < 9999; ++i)
{
if (hmac.CreateKeys(out key1, out key2) && !userData.Exists(x => x.PublicKey.IsCaseInsensitiveEqual(key1)))
{
var apiUser = new WebApiUserCacheData
{
CustomerId = customerId,
PublicKey = key1,
SecretKey = key2,
Enabled = true
};
RemoveKeys(customerId);
var attribute = new GenericAttribute
{
EntityId = customerId,
KeyGroup = "Customer",
Key = WebApiCachingUserData.Key,
Value = apiUser.ToString()
};
_genericAttributeService.InsertAttribute(attribute);
WebApiCachingUserData.Remove();
return(true);
}
}
}
return(false);
}
protected virtual HmacResult IsAuthenticated(HttpActionContext actionContext, DateTime now, WebApiControllingCacheData cacheControllingData, out Customer customer)
{
customer = null;
var request = HttpContext.Current.Request;
DateTime headDateTime;
if (request == null)
{
return(HmacResult.FailedForUnknownReason);
}
if (cacheControllingData.ApiUnavailable)
{
return(HmacResult.ApiUnavailable);
}
string headContentMd5 = request.Headers["Content-Md5"] ?? request.Headers["Content-MD5"];
string headTimestamp = request.Headers[WebApiGlobal.Header.Date];
string headPublicKey = request.Headers[WebApiGlobal.Header.PublicKey];
string scheme = actionContext.Request.Headers.Authorization.Scheme;
string signatureConsumer = actionContext.Request.Headers.Authorization.Parameter;
if (string.IsNullOrWhiteSpace(headPublicKey))
{
return(HmacResult.UserInvalid);
}
if (!_hmac.IsAuthorizationHeaderValid(scheme, signatureConsumer))
{
return(HmacResult.InvalidAuthorizationHeader);
}
if (!_hmac.ParseTimestamp(headTimestamp, out headDateTime))
{
return(HmacResult.InvalidTimestamp);
}
int maxMinutes = (cacheControllingData.ValidMinutePeriod <= 0 ? WebApiGlobal.DefaultTimePeriodMinutes : cacheControllingData.ValidMinutePeriod);
if (Math.Abs((headDateTime - now).TotalMinutes) > maxMinutes)
{
return(HmacResult.TimestampOutOfPeriod);
}
var cacheUserData = WebApiCachingUserData.Data();
var apiUser = cacheUserData.FirstOrDefault(x => x.PublicKey == headPublicKey);
if (apiUser == null)
{
return(HmacResult.UserUnknown);
}
if (!apiUser.Enabled)
{
return(HmacResult.UserDisabled);
}
if (!cacheControllingData.NoRequestTimestampValidation && apiUser.LastRequest.HasValue && headDateTime <= apiUser.LastRequest.Value)
{
return(HmacResult.TimestampOlderThanLastRequest);
}
var context = new WebApiRequestContext
{
HttpMethod = request.HttpMethod,
HttpAcceptType = request.Headers["Accept"],
PublicKey = headPublicKey,
SecretKey = apiUser.SecretKey,
Url = HttpUtility.UrlDecode(request.Url.AbsoluteUri.ToLower())
};
string contentMd5 = CreateContentMd5Hash(actionContext.Request);
if (headContentMd5.HasValue() && headContentMd5 != contentMd5)
{
return(HmacResult.ContentMd5NotMatching);
}
string messageRepresentation = _hmac.CreateMessageRepresentation(context, contentMd5, headTimestamp);
if (string.IsNullOrEmpty(messageRepresentation))
{
return(HmacResult.MissingMessageRepresentationParameter);
}
string signatureProvider = _hmac.CreateSignature(apiUser.SecretKey, messageRepresentation);
if (signatureProvider != signatureConsumer)
{
if (cacheControllingData.AllowEmptyMd5Hash)
{
messageRepresentation = _hmac.CreateMessageRepresentation(context, null, headTimestamp);
signatureProvider = _hmac.CreateSignature(apiUser.SecretKey, messageRepresentation);
if (signatureProvider != signatureConsumer)
{
return(HmacResult.InvalidSignature);
}
}
else
{
return(HmacResult.InvalidSignature);
}
}
customer = GetCustomer(apiUser.CustomerId);
if (customer == null)
{
return(HmacResult.UserUnknown);
}
if (!customer.Active || customer.Deleted)
{
return(HmacResult.UserIsInactive);
}
if (!HasPermission(actionContext, customer))
{
return(HmacResult.UserHasNoPermission);
}
//var headers = HttpContext.Current.Response.Headers;
//headers.Add(ApiHeaderName.LastRequest, apiUser.LastRequest.HasValue ? apiUser.LastRequest.Value.ToString("o") : "");
apiUser.LastRequest = headDateTime;
return(HmacResult.Success);
}
