/// <summary> /// Common items that are populated as part of the blog view population /// </summary> /// <param name="helper"></param> private void PopulateBase(IHtmlHelper helper) { // Generate the base url for this view this.BaseUrl = (new Uri($"{helper.ViewContext.HttpContext.Request.Scheme}://{helper.ViewContext.HttpContext.Request.Host.Value}")).ToString(); // Do we have a current blog set? If so, do we have a current user? if (this.CurrentBlog != null) { // Instantiate a new login manager BlogLoginManager loginManager = new BlogLoginManager(this.CurrentBlog, helper.ViewContext.HttpContext); // Get the current user (if we can) and assign it to the viewmodel this.CurrentUser = loginManager.CurrentUser; } }
/// <summary> /// Reset the fixture for the next test /// </summary> public void Initialise() { // Create a data provider to test against DataProvider = new BlogMemoryProvider() { }; DataProvider.Initialise(); // Create a new blog to test against TestBlog = new Blog(new BlogParameters() { Provider = DataProvider, Id = "TestBlog" }); // Create a new login manager against the test blog LoginManager = new BlogLoginManager(TestBlog); LoginManager.context = new MockedContext(); }
/// <summary> /// When the action is executed, set up anything needed for any subsequent actions /// </summary> /// <param name="context">The execution context</param> public override void OnActionExecuting(ActionExecutingContext context) { // Is a redirect? Boolean isRedirect = false; if (context.HttpContext.Request.Query.ContainsKey("redirect")) { Boolean.TryParse(context.HttpContext.Request.Query["redirect"], out isRedirect); } // Is it a password change? if (context.HttpContext.Request.Path.Value.Contains($"auth/passwordchange")) { isRedirect = true; } try { // Get a new login manager instance to check against the current blog // with the current session context loginManager = new BlogLoginManager(Current, context.HttpContext); if (loginManager != null) { // Handle the logins (tokens etc.) loginManager.HandleTokens(); // Current user? Is there some reason to redirect? if (loginManager.CurrentUser != null) { // Password change required and not already on the auth screen? if (loginManager.CurrentUser.PasswordChange && !isRedirect) { // Redirect .. context.Result = new RedirectResult($"{BaseUrl}/auth/login/?redirect=true"); return; } } } else { throw new UserBlogException("Login Manager could not be initialised."); } // Check to see if we have any security attributes applied to the current method ControllerActionDescriptor controllerDescriptor = (ControllerActionDescriptor)context.ActionDescriptor; if (controllerDescriptor != null) // Did we get a controller descriptor? { // Get the required security level if there is one BlogSecurityAttribute[] securityAttributes = (BlogSecurityAttribute[])controllerDescriptor.MethodInfo.GetCustomAttributes(typeof(BlogSecurityAttribute), false); if (securityAttributes.Length != 0) { // Loop the items and see if any fail to meet criteria, if so then set the redirect result foreach (BlogSecurityAttribute attrib in securityAttributes) { // Check against the current user for the security level needed if (loginManager.CurrentUser == null || loginManager.CurrentUser.Permissions == null || !loginManager.CurrentUser.Permissions.Contains(attrib.Permission)) { context.Result = new RedirectResult($"{BaseUrl}"); // Redirect to the user to the home page } } } } } catch (Exception ex) { // Throw the exception wrapped (if needed) in a non-initialised exception throw BlogException.Passthrough(ex, new UserBlogException(ex)); } // Call the base method base.OnActionExecuting(context); }