protected Browser GetBrowser(List <object> dependencies, AuthenticatedAs authenticatedAs = AuthenticatedAs.User)
{
return(new Browser(with =>
{
if (authenticatedAs == AuthenticatedAs.User)
{
with.RequestStartup((container, pipelines, context) =>
{
var claims = new[]
{
new Claim(JwtRegisteredClaimNames.Aud, authenticatedAs == AuthenticatedAs.Service ? Audiences.SynthesisMicroservice : Audiences.Synthesis),
new Claim(JwtRegisteredClaimNames.Sub, PrincipalId.ToString()),
new Claim(ClaimTypes.Tenant, TenantId.ToString()),
new Claim(ClaimTypes.Group, string.Join(",", Guid.NewGuid().ToString(), Guid.NewGuid().ToString()))
};
var identity = new ClaimsIdentity(
claims,
AuthenticationTypes.Basic);
context.CurrentUser = new ClaimsPrincipal(identity);
});
}
if (authenticatedAs == AuthenticatedAs.Service)
{
with.RequestStartup((container, pipelines, context) =>
{
var claims = new[]
{
new Claim(JwtRegisteredClaimNames.Aud, authenticatedAs == AuthenticatedAs.Service ? Audiences.SynthesisMicroservice : Audiences.Synthesis),
new Claim(JwtRegisteredClaimNames.Sub, PrincipalId.ToString()),
new Claim(ClaimTypes.Group, string.Join(",", Guid.NewGuid().ToString(), Guid.NewGuid().ToString()))
};
var identity = new ClaimsIdentity(
claims,
AuthenticationTypes.Basic);
context.CurrentUser = new ClaimsPrincipal(identity);
});
}
foreach (var dependency in dependencies)
{
with.Dependency(dependency);
}
with.Dependency(_metadataRegistryMock.Object);
with.Dependency(_tokenValidatorMock.Object);
with.Dependency(PolicyEvaluatorMock.Object);
with.Dependency(_loggerFactoryMock.Object);
with.Module <TModule>();
}));
}
protected Browser GetBrowser(List <object> dependencies, AuthenticatedAs authenticatedAs = AuthenticatedAs.User)
{
_policyEvaluatorMock
.Setup(x => x.EvaluateAsync(It.IsAny <PolicyEvaluationContext>(), It.IsAny <CancellationToken>()))
.ReturnsAsync(authenticatedAs != AuthenticatedAs.Forbidden ? PermissionScope.Allow : PermissionScope.Deny);
return(new Browser(with =>
{
if (authenticatedAs != AuthenticatedAs.None)
{
with.RequestStartup((container, pipelines, context) =>
{
var claims = new[]
{
new Claim(JwtRegisteredClaimNames.Aud, authenticatedAs == AuthenticatedAs.Service ? Audiences.SynthesisMicroservice : Audiences.Synthesis),
new Claim(JwtRegisteredClaimNames.Sub, Guid.NewGuid().ToString()),
new Claim(ClaimTypes.Tenant, TenantId.ToString()),
new Claim(ClaimTypes.Group, Guid.NewGuid().ToString()),
new Claim(ClaimTypes.Group, Guid.NewGuid().ToString())
};
var identity = new ClaimsIdentity(
claims,
AuthenticationTypes.Basic);
context.CurrentUser = new ClaimsPrincipal(identity);
});
}
foreach (var dependency in dependencies)
{
with.Dependency(dependency);
}
with.Dependency(_metadataRegistryMock.Object);
with.Dependency(_tokenValidatorMock.Object);
with.Dependency(_policyEvaluatorMock.Object);
with.Dependency(_loggerFactoryMock.Object);
with.Module <TModule>();
}));
}
protected Browser GetBrowser(AuthenticatedAs authenticatedAs = AuthenticatedAs.User)
{
return(GetBrowser(BrowserDependencies, authenticatedAs));
}
internal override void GetResponse()
{
bool getCookies = CheckCookiesAndSetVariables(); // needs to be called before below log msg, as the AuthenticatedAs is assigned in this func
if (!IsIgnoredFile(URLUntilTokens))
{
Logging.Log(Logging.LogSeverity.Info, NameOrIdentity + " requested " + URLUntilTokens + $"{(AuthenticatedAs == null ? "" : " -Auth: " + AuthenticatedAs.ToString("AN"))}" + $"{(Viewing == null ? "" : " -View: " + Viewing.ToString("AN"))}", (AuthenticatedAs == null ? "" : AuthenticatedAs.AccountName + "/") + "Web");
}
if (getCookies && CheckAuth())
{ // Ensure they are permitted to view that page
if (CheckRedirect())
{ // Check if we should redirect fire
if (URLUntilTokens == "/")
{
Title = "Y11 Awards";
string text = "<label>Your votes for each category:</label>";
text += $"<table><tr><th>Category</th><th>First</th><th>Second</th></tr>";
int catCount = 0;
foreach (var category in Program.Database.AllCategories.Values)
{ // builds information into a table, for display.
catCount++;
string clrClass = (catCount % 2 == 0) ? " class=\"tblEven\"" : "";
string catText = "<tr" + clrClass + "><td>{0}</td><td>{1}</td><td>{2}</td></tr>";
var users = category.GetVotesBy(AuthenticatedAs);
catText = string.Format(catText, category.Prompt, users.Item1?.FullName ?? "N/A", users.Item2?.FullName ?? "N/A");
text += catText;
}
text += "</table>";
Body = text; Code = HttpStatusCode.OK;
}
else if (URLUntilTokens == "/WebStyles.css")
{ // returns web styling
Body = Properties.Resources.WebStyles;
Code = HttpStatusCode.OK;
IgnoreHTMLFormatting = true; // without any HTML formatting
Headers.Add("Content-Type", "text/css");
}
else if (URLUntilTokens == "/WebScripts.js")
{ // as with the CSS above
Body = Properties.Resources.WebScripts;
Code = HttpStatusCode.OK;
IgnoreHTMLFormatting = true;
Headers.Add("Content-Type", "text/javascript");
}
else if (URLUntilTokens == "/all")
{
if (AuthenticatedAs == null)
{
// we should redirect them to get authenticated.
AdditionalHeadText = $"<meta http-equiv=\"refresh\" content=\"5; URL = http://{Program.GetLocalIPAddress()}/\" />";
Body = $"<label class=\"error\">You need to be authenticated.<br>You will be redirected shortly.<br><br>If not, head to http://{Program.GetLocalIPAddress()}/</label>";
Code = HttpStatusCode.Unauthorized;
return;
}
bool showRunnerUp = false;
if (this.Tokens.TryGetValue("run", out string irrelevant))
{
showRunnerUp = true;
}
string cssClass = ((ClientIP == Program.GetLocalIPAddress() || ClientIP == "127.0.0.1" || Program.Options.Allow_NonLocalHost_WebConnections || AuthenticatedAs.Flags.Contains(Flags.Coundon_Staff))) ? "" : "class=\"hidden\"";
// anyone can access the info
// but, we hide some data via css
// which isnt particularly secure.. might change in future.
// however: I have set the javascript to remove any information within a [REDACTED] element
// which means that it is in no way secure - its still being sent
// BUT it is impossible to get the data using just Inspect element, which will prevent access from most/all
Code = HttpStatusCode.OK; Title = "Y11: All Data";
string htmlPage = Properties.Resources.WebAllDataPage; // this is the base template, which data will be added into
int notVoted = Program.Database.AllStudents.Count; // start with all students added
int currentlyVoting = 0;
int alreadyVoted = 0;
string width = "25%";
if (showRunnerUp)
{
width = "20%";
}
string style = $" style=\"width:{width};\"";
foreach (var student in Program.Database.AllStudents.Values)
{ // removes them as needed to increment the two above
if (Program.Database.AlreadyVotedNames.Contains(student.AccountName))
{
notVoted--;
alreadyVoted++;
}
else if (SocketHandler.CurrentClients.FirstOrDefault(x => x.User.AccountName == student.AccountName) != null)
{
notVoted--;
currentlyVoting++;
}
}
// Displays how many total votes have been made, and how many unique people have been voted, for each category.
string categoryTable = $"<table><tr><th>Category</th><th>Total Votes (by people)</th><th>Unique Voted (num people voted)</th></tr>";
int totalVotes = 0;
int highestPeopleVoted = 0;
foreach (var category in Program.Database.AllCategories.Values)
{
int votes = 0;
foreach (var list in category.Votes)
{
votes += list.Value.Count;
}
string tempClass = (category.ID % 2 == 0) ? "class=\"tblEven\"" : "";
string format = $"<tr {tempClass}><td>{category.Prompt}</td><td>{votes}</td><td>{category.Votes.Count}</td></tr>";
categoryTable += format;
totalVotes += votes;
if (category.Votes.Count > highestPeopleVoted)
{
highestPeopleVoted = category.Votes.Count;
}
}
categoryTable += $"<tr><td><strong>Totals</strong><td>{totalVotes}</td><td>{highestPeopleVoted}</td></tr>";
categoryTable += "</table>";
string winnersTable = $"<table><tr{style}><th>Category</th><th>First Winner</th><th>Second Winner</th>";
if (showRunnerUp)
{
winnersTable += $"<th>Runner up</th>";
}
winnersTable += $"<th>Difference</th></tr>";
foreach (var category in Program.Database.AllCategories.Values)
{
var highestVote = category.HighestAtPosition(0);
var highestWinners = highestVote.Item1;
var secondHighestVote = category.HighestAtPosition(1);
var secondHighestWinners = secondHighestVote.Item1;
string first = $"{string.Join(", ", highestWinners.Select(x => x.ToString("FN LN (TT)")))}";
if (string.IsNullOrWhiteSpace(first))
{
first = "N/A";
}
string second = $"{string.Join(", ", secondHighestWinners.Select(x => x.ToString("FN LN (TT)")))}";
if (string.IsNullOrWhiteSpace(second))
{
second = "N/A";
}
string format = "<tr><td>{1}</td><td {0}>{4}: {2}</td><td {0}>{5}: {3}</td>";
format = string.Format(format,
cssClass, category.Prompt,
first, second, $"<strong>{highestVote.Item2}</strong>",
$"<strong>{secondHighestVote.Item2}</strong>");
if (showRunnerUp)
{
var runnerUp = category.HighestAtPosition(2);
var runnerUpWinners = runnerUp.Item1;
string asString = string.Join(", ", runnerUpWinners.Select(x => x.ToString("FN LN (TT)")));
if (string.IsNullOrWhiteSpace(asString))
{
asString = "N/A";
}
format += $"<td><strong>{runnerUp.Item2}</strong>: {asString}</td>";
format += $"<td>{secondHighestVote.Item2 - runnerUp.Item2}</td>"; // show difference betwene second/runner
}
else
{ // show difference between two winners
format += $"<td>{highestVote.Item2 - secondHighestVote.Item2}</td>";
}
format += "</tr>";
winnersTable += format;
}
winnersTable += "</table>";
// replaces data from the templace, see the WebAllDataPage.txt
Dictionary <string, string> ReplaceValues = new Dictionary <string, string>()
{
{ "[[NUM_NOT_VOTED]]", notVoted.ToString() },
{ "[[NUM_VOTED]]", alreadyVoted.ToString() },
{ "[[NUM_VOTING]]", currentlyVoting.ToString() },
{ "[[HIDENOT]]", cssClass },
{ "[[CATEGORY_TABLE]]", categoryTable },
{ "[[WINNER_TABLE]]", winnersTable }
};
foreach (var keypair in ReplaceValues)
{
htmlPage = htmlPage.Replace(keypair.Key, keypair.Value);
}
Body = htmlPage;
// This is commented out because it works.
// I've added this in because i'm aware that technically speaking
// another <DOCTYPE html> and <head> and <body> elements are being put into the preexisting <body> location
// but google chrome seems to work it out.. and it works. So there's that.
// forceIgnoreWebpage = true;
}
else if (URLUntilTokens == "/student")
{
if (!AuthenticatedAs.Flags.Contains(Flags.Coundon_Staff) && !AuthenticatedAs.Flags.Contains(Flags.System_Operator))
{
Body = "<label class=\"error\">You do not have access to view other people's votes.</label>";
Code = HttpStatusCode.Forbidden;
Title = "Forbidden";
return;
}
if (Viewing == null)
{
Body = "<label class=\"error\">You will need to enter the information of the desired student:</label><br>" + HTML_ViewPage;
Code = HttpStatusCode.BadRequest;
Title = "Invalid Info";
return;
}
else
{
string text = $"<label>{Viewing.ToString("FN LN")}'s votes for each category:</label>";
text += $"<table><tr><th>Category</th><th>First</th><th>Second</th></tr>";
int catCount = 0;
foreach (var category in Program.Database.AllCategories.Values)
{ // builds information into a table, for display.
catCount++;
string clrClass = (catCount % 2 == 0) ? " class=\"tblEven\"" : "";
string catText = "<tr" + clrClass + "><td>{0}</td><td>{1}</td><td>{2}</td></tr>";
var users = category.GetVotesBy(Viewing);
catText = string.Format(catText, category.Prompt, users.Item1?.FullName ?? "N/A", users.Item2?.FullName ?? "N/A");
text += catText;
}
text += "</table>";
text += "<button id=\"btnid\" onclick=\"resetStudent();\">Change student</button>";
Body = text; Code = HttpStatusCode.OK;
}
}
else if (URLUntilTokens == "/voted")
{
if (!AuthenticatedAs.Flags.Contains(Flags.System_Operator))
{
Body = "<label class=\"error\">You do not have access that page.</label>";
Code = HttpStatusCode.Forbidden;
Title = "Forbidden";
return;
}
if (this.Tokens.TryGetValue("user", out string accountName))
{
string filter = "";
if (Tokens.TryGetValue("filter", out string f))
{
filter = f;
}
if (Program.TryGetUser(accountName, out User user))
{
string text = $"Votes for {user.FirstName}:";
text += "<table>" +
"<tr><th>Category</th><th>Votes</th><th>People voted</th></tr>";
foreach (var category in Program.Database.AllCategories.Values)
{
string row = $"<tr><td>{category.Prompt}</td>";
var votes = category.GetVotesFor(user);
row += $"<td>{votes.Count}</td>";
row += $"<td>{string.Join(", ", votes.Select(x => x.AccountName == filter ? $"<strong>{x.FullName}</strong>" : x.FullName))}</td>";
row += "</tr>";
text += row;
}
text += "</table>";
Body = text;
}
else
{
Body = "<label class=\"error\">The user provided is unknown.</label>";
Code = HttpStatusCode.BadRequest;
}
}
else
{
Body = "<label class=\"error\">You did not pass a proper URL query paramator of name 'user'" +
", containing the account name of the student desired</label>";
Code = HttpStatusCode.BadRequest;
}
}
else if (URLUntilTokens == "/category")
{
if (!AuthenticatedAs.Flags.Contains(Flags.System_Operator))
{
Body = "<label class=\"error\">You do not have access that page.</label>";
Code = HttpStatusCode.Forbidden;
Title = "Forbidden";
return;
}
if (this.Tokens.TryGetValue("id", out string strId))
{
bool displayUsers = false;
if (this.Tokens.TryGetValue("full", out string irrelevant))
{
displayUsers = true;
}
if (int.TryParse(strId, out int id) && id >= 1 && id <= Program.Database.AllCategories.Count)
{
var category = Program.Database.AllCategories[id];
string startText = "";
User filterUser = null;
int numVotesFilter = 0;
string usersVoteFilter = "";
if (this.Tokens.TryGetValue("filter", out string accn))
{
if (Program.TryGetUser(accn, out filterUser))
{ // success
}
else
{
startText = "<label class=\"error\">Filter user was unkown</label>";
}
}
string text = $"<p>{category.Prompt}</p><br><table>" +
$"<tr><th>Nominee</th><th>Number of votes</th>";
if (displayUsers)
{
text += $"<th>Voters</th>";
}
text += "</tr>"; // close row
foreach (var vote in category.Votes.OrderByDescending(x => x.Value.Count))
{
if (Program.TryGetUser(vote.Key, out User user))
{
string row = $"<tr><td>{user.ToString("FN LN TT")}<td>{vote.Value.Count}</td>";
string users = string.Join(", ", vote.Value.Select(x => x == filterUser ? $"<strong>{x.ToString("FN LN")}</strong>" : x.ToString("FN LN")));
if (displayUsers)
{
row += $"<td>{users}</td>";
}
row += "</tr>";
text += row;
if (user == filterUser)
{
numVotesFilter = vote.Value.Count;
usersVoteFilter = users;
}
}
}
text += "</table>";
if (filterUser != null)
{
string filterRow = $"<tr class=\"error\"><td>{filterUser.ToString("AN FN LN")}</td><td>{numVotesFilter}</td>";
if (displayUsers)
{
filterRow += $"<td>{usersVoteFilter}</td>";
}
text = text.Replace("</th></tr>", "</th></tr>" + filterRow); // put this in first after headers.
}
Body = startText + text;
Code = HttpStatusCode.OK;
Title = "Y11 - Category";
}
else
{
Body = $"<label class=\"error\">Your provided ID must be an Integer, and between 1 and {Program.Database.AllCategories.Count}</label>";
Code = HttpStatusCode.BadRequest;
return;
}
}
else
{
Body = "<label class=\"error\">You did not include a ?id= URL query paramater</label>";
Code = HttpStatusCode.BadRequest;
return;
}
}
else if (URLUntilTokens == "/novote")
{
string text = $"<table>" +
$"<tr><th>Tutor</th><th>Account Name</th><th>Full Name</th><tr>";
string emailList = "<p>";
foreach (var student in Program.Database.AllStudents.Values)
{
if (!student.HasVoted)
{
text += $"<tr><td>{student.Tutor}</td><td>{student.AccountName}</td><td>{student.FullName}</td></tr>";
emailList += $"{student.AccountName}@coundoncourt.org; ";
}
}
text += "</table><br>" + emailList + "</p>";
Body = text;
Code = HttpStatusCode.OK;
Title = "Non voters.";
}
else if (URLUntilTokens == "/percentage")
{
string text = "<p>";
if (Tokens.TryGetValue("value", out string strValue))
{
if (int.TryParse(strValue, out int value))
{
if (value > 100 || value < 0)
{
text = "<label class=\"error\">Value must be an integer between 0-100, inclusive</label>";
}
else
{
var random = new Random(DateTime.Now.Millisecond * DateTime.Now.Day);
foreach (var student in Program.Database.AllStudents.Values)
{
int thisStudent = random.Next(0, 101);
if (thisStudent < value)
{
text += $"{student.AccountName}@coundoncourt.org; ";
}
}
text += "</p>";
}
}
}
Body = text;
Title = "Voters";
}
else
{ // unknown/not set up request
Body = "<label class=\"error\">404 - Unkown request.</label>"; Code = HttpStatusCode.NotFound; Title = "404 - Not Found";
}
}
}
}
