public HttpResponse Process(RequestInfo requestInfo) { var principal = requestInfo.User; string path = requestInfo.Context.Request.RawUrl; // Verificar os recursos exclusivos de utilizadores autenticados. if ((path.Contains("props") || path.Contains("edit") || path.Contains("new")) && principal.IsInRole(Roles.Anonimo)) return Forbidden(); // Verificar os recursos exclusivos de utilizadores coordenadores. if (path.Contains("accept") && principal.IsInRole(Roles.Utilizador)) return Forbidden(); // Permitir só ao criador da proposta a possibilidade de a alterar. if ((path.Contains("props") && path.Contains("edit"))) { long id; if (long.TryParse(path.Split('/')[2], out id)) { Proposal prop = RepositoryLocator.Get<long, Proposal>().GetById(id); if (!prop.Owner.Equals(principal.Identity.Name) || !prop.State.Equals(AbstractEntity<long>.Status.Pending)) return Forbidden(); } else throw new ArgumentException("Não foi possível receber o identificador da proposta, indicado no URI."); } // Se passou nas verificações anteriores significa que pode aceder ao recurso. return _nextFilter.Process(requestInfo); }
public HttpResponse Process(RequestInfo requestInfo) { var ctx = requestInfo.Context; if (ctx.Request.Url.AbsolutePath.Contains("private")) { string auth = ctx.Request.Headers["Authorization"]; if (auth == null) { var resp = new HttpResponse(401, new TextContent("Not Authorized")); resp.WithHeader("WWW-Authenticate", "Basic realm=\"Private Area\""); return resp; } auth = auth.Replace("Basic ", ""); string userPassDecoded = Encoding.UTF8.GetString(Convert.FromBase64String(auth)); string []userPasswd = userPassDecoded.Split(':'); string user = userPasswd[0]; string passwd = userPasswd[1]; requestInfo.User = new GenericPrincipal(new GenericIdentity(user), null); Console.WriteLine("Authentication: {0} - {1}", auth, userPassDecoded); } return _nextFilter.Process(requestInfo); }
public HttpResponse Process(RequestInfo requestInfo) { var ctx = requestInfo.Context; UriTemplateTable t; if (!_tables.TryGetValue(ctx.Request.HttpMethod, out t)) { return new HttpResponse(HttpStatusCode.MethodNotAllowed); } var match = t.MatchSingle(ctx.Request.Url); if (match == null) { return new HttpResponse(HttpStatusCode.NotFound, new NotFound()); } requestInfo.Match = match; var resp = (match.Data as ICommand).Execute(requestInfo); return resp; }
public HttpResponse Process(RequestInfo requestInfo) { var auth = requestInfo.Context.Request.Headers["Authorization"]; if (auth == null) { if (requestInfo.Context.Request.RawUrl.Equals("/login")) return NotAuthorized(); requestInfo.User = new GenericPrincipal(new GenericIdentity("", "Basic"), new[]{Roles.Anonimo}); } else { auth = auth.Replace("Basic ", ""); string[] userPasswd = Encoding.UTF8.GetString(Convert.FromBase64String(auth)).Split(':'); string user = userPasswd[0]; string password = userPasswd[1]; // Verificar se as credenciais fornecidas estão correctas try { if (!User.IsCorrect(user, password)) return NotAuthorized(); } catch (InvalidOperationException e) { return new HttpResponse(HttpStatusCode.Unauthorized, new TextContent(e.Message)); } requestInfo.User = new GenericPrincipal(new GenericIdentity(user, "Basic"), User.GetRoles(user)); if (requestInfo.Context.Request.RawUrl.Equals("/login")) return new HttpResponse(HttpStatusCode.Redirect).WithHeader("Location", "/"); } return _nextFilter.Process(requestInfo); }
public HttpResponse Execute(RequestInfo req) { return new HttpResponse(200, new HtmlDoc("dummy")); }