protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
var httpContext = HttpContext.Current;
var helper = new HttpRequestHelper(request);
var token = helper.GetAccessToken();
// AuthProviderFactory.GetCurrent().GetAuthProvider().GetToken(request);
try
{
if (!string.IsNullOrWhiteSpace(token))
{
HttpStatusCode status;
var principal = new ApiPrincipal(token, AuthProviderFactory.GetAuthProvider().Verify(token));//AccessTokenAuthorization.getAuthorizedAccessToken(token, out status));
//set this so other handlers can get the principal
request.SetUserPrincipal(principal);
//set these so other areas of the pipeline can get the pincipal
httpContext.User = principal;
Thread.CurrentPrincipal = principal;
return(base.SendAsync(request, cancellationToken));
}
}
catch (Exception ex)
{
request.CreateResponse(HttpStatusCode.Unauthorized);
}
return(base.SendAsync(request, cancellationToken));
}
public GetMediaTreeResponse Get(GetMediaTreeRequest request)
{
var response = new GetMediaTreeResponse
{
Data = new MediaTreeModel()
};
if (request.Data.IncludeFilesTree)
{
IEnumerable <Guid> deniedPages = null;
if (request.User != null && !string.IsNullOrWhiteSpace(request.User.Name))
{
var principal = new ApiPrincipal(request.User);
deniedPages = accessControlService.GetPrincipalDeniedObjects <MediaFile>(principal, false);
}
response.Data.FilesTree = LoadMediaTree <MediaFile>(Module.MediaManager.Models.MediaType.File, deniedPages, request.Data.IncludeArchived, request.Data.IncludeFiles, request.Data.IncludeAccessRules);
}
if (request.Data.IncludeImagesTree)
{
response.Data.ImagesTree = LoadMediaTree <MediaImage>(Module.MediaManager.Models.MediaType.Image, null, request.Data.IncludeArchived, request.Data.IncludeImages, false);
}
return(response);
}
protected async override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
Stopwatch stopwatch = new Stopwatch();
var userString = new Regex("userAuthentication");
var userStringMatch = userString.Match(request.RequestUri.AbsolutePath);
if (!userStringMatch.Success)
{
if (request.Headers.Authorization != null)
{
if (!ApiPrincipal.RequestValidation(request) || ApiPrincipal.SessionCheck(request))
{
return(new HttpResponseMessage(HttpStatusCode.NotAcceptable));
}
}
else
{
return(new HttpResponseMessage(HttpStatusCode.NotAcceptable));
}
}
stopwatch.Start();
var response = await base.SendAsync(request, cancellationToken);
stopwatch.Stop();
//return response;
return(ApiPrincipal.SetSession(response));
}
public ApplicationHttpClient(HttpClient httpClient, IConfiguration config, IApiPrincipalResolver apiPrincipalResolver)
{
_httpClient = httpClient;
_config = config;
_apiPrincipal = apiPrincipalResolver.Resolve();
_httpClient.DefaultRequestHeaders.Clear();
_httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
}
/// <summary>
/// Gets the specified request.
/// </summary>
/// <param name="request">The request.</param>
/// <returns><c>GetBlogPostsResponse</c> with a list of blog posts.</returns>
public GetBlogPostsResponse Get(GetBlogPostsRequest request)
{
request.Data.SetDefaultOrder("Title");
var query = repository
.AsQueryable <Module.Blog.Models.BlogPost>();
if (!request.Data.IncludeArchived)
{
query = query.Where(b => !b.IsArchived);
}
if (!request.Data.IncludeUnpublished)
{
query = query.Where(b => b.Status == PageStatus.Published);
}
if (request.User != null && !string.IsNullOrWhiteSpace(request.User.Name))
{
var principal = new ApiPrincipal(request.User);
IEnumerable <Guid> deniedPages = accessControlService.GetPrincipalDeniedObjects <PageProperties>(principal, false);
foreach (var deniedPageId in deniedPages)
{
var id = deniedPageId;
query = query.Where(f => f.Id != id);
}
}
query = query.ApplyPageTagsFilter(request.Data)
.ApplyCategoriesFilter(categoryService, request.Data);
var listResponse = query
.Select(blogPost => new BlogPostModel
{
Id = blogPost.Id,
Version = blogPost.Version,
CreatedBy = blogPost.CreatedByUser,
CreatedOn = blogPost.CreatedOn,
LastModifiedBy = blogPost.ModifiedByUser,
LastModifiedOn = blogPost.ModifiedOn,
BlogPostUrl = blogPost.PageUrl,
Title = blogPost.Title,
IntroText = blogPost.Description,
IsPublished = blogPost.Status == PageStatus.Published,
PublishedOn = blogPost.PublishedOn,
LayoutId = blogPost.Layout != null && !blogPost.Layout.IsDeleted ? blogPost.Layout.Id : (Guid?)null,
MasterPageId = blogPost.MasterPage != null && !blogPost.MasterPage.IsDeleted ? blogPost.MasterPage.Id : (Guid?)null,
AuthorId = blogPost.Author != null && !blogPost.Author.IsDeleted ? blogPost.Author.Id : (Guid?)null,
AuthorName = blogPost.Author != null && !blogPost.Author.IsDeleted ? blogPost.Author.Name : null,
MainImageId = blogPost.Image != null && !blogPost.Image.IsDeleted ? blogPost.Image.Id : (Guid?)null,
MainImageUrl = blogPost.Image != null && !blogPost.Image.IsDeleted ? blogPost.Image.PublicUrl : null,
MainImageThumbnauilUrl = blogPost.Image != null && !blogPost.Image.IsDeleted ? blogPost.Image.PublicThumbnailUrl : null,
MainImageThumbnailUrl = blogPost.Image != null && !blogPost.Image.IsDeleted ? blogPost.Image.PublicThumbnailUrl : null,
MainImageCaption = blogPost.Image != null && !blogPost.Image.IsDeleted ? blogPost.Image.Caption : null,
SecondaryImageId = blogPost.SecondaryImage != null && !blogPost.SecondaryImage.IsDeleted ? blogPost.SecondaryImage.Id : (Guid?)null,
SecondaryImageUrl = blogPost.SecondaryImage != null && !blogPost.SecondaryImage.IsDeleted ? blogPost.SecondaryImage.PublicUrl : null,
SecondaryImageThumbnailUrl = blogPost.SecondaryImage != null && !blogPost.SecondaryImage.IsDeleted ? blogPost.SecondaryImage.PublicThumbnailUrl : null,
SecondaryImageCaption = blogPost.SecondaryImage != null && !blogPost.SecondaryImage.IsDeleted ? blogPost.SecondaryImage.Caption : null,
FeaturedImageId = blogPost.FeaturedImage != null && !blogPost.FeaturedImage.IsDeleted ? blogPost.FeaturedImage.Id : (Guid?)null,
FeaturedImageUrl = blogPost.FeaturedImage != null && !blogPost.FeaturedImage.IsDeleted ? blogPost.FeaturedImage.PublicUrl : null,
FeaturedImageThumbnailUrl = blogPost.FeaturedImage != null && !blogPost.FeaturedImage.IsDeleted ? blogPost.FeaturedImage.PublicThumbnailUrl : null,
FeaturedImageCaption = blogPost.FeaturedImage != null && !blogPost.FeaturedImage.IsDeleted ? blogPost.FeaturedImage.Caption : null,
ActivationDate = blogPost.ActivationDate,
ExpirationDate = blogPost.ExpirationDate,
IsArchived = blogPost.IsArchived,
LanguageId = blogPost.Language != null ? blogPost.Language.Id : (Guid?)null,
LanguageCode = blogPost.Language != null ? blogPost.Language.Code : null,
LanguageGroupIdentifier = blogPost.LanguageGroupIdentifier,
ContentId = blogPost.PageContents.Where(pc => !pc.Content.IsDeleted && pc.Content is BlogPostContent)
.Select(pc => pc.Content.Id)
.FirstOrDefault()
})
.ToDataListResponse(request);
foreach (var model in listResponse.Items)
{
model.MainImageUrl = fileUrlResolver.EnsureFullPathUrl(model.MainImageUrl);
model.MainImageThumbnauilUrl = fileUrlResolver.EnsureFullPathUrl(model.MainImageThumbnauilUrl);
model.MainImageThumbnailUrl = fileUrlResolver.EnsureFullPathUrl(model.MainImageThumbnailUrl);
model.SecondaryImageUrl = fileUrlResolver.EnsureFullPathUrl(model.SecondaryImageUrl);
model.SecondaryImageThumbnailUrl = fileUrlResolver.EnsureFullPathUrl(model.SecondaryImageThumbnailUrl);
model.FeaturedImageUrl = fileUrlResolver.EnsureFullPathUrl(model.FeaturedImageUrl);
model.FeaturedImageThumbnailUrl = fileUrlResolver.EnsureFullPathUrl(model.FeaturedImageThumbnailUrl);
}
if (listResponse.Items.Count > 0 && (request.Data.IncludeTags || request.Data.IncludeAccessRules))
{
LoadTags(listResponse, request.Data.IncludeTags, request.Data.IncludeAccessRules);
}
if (request.Data.IncludeCategories)
{
listResponse.Items.ForEach(page =>
{
page.Categories = (from pagePr in repository.AsQueryable <Module.Blog.Models.BlogPost>()
from category in pagePr.Categories
where pagePr.Id == page.Id && !category.IsDeleted
select new CategoryModel
{
Id = category.Category.Id,
Version = category.Version,
CreatedBy = category.CreatedByUser,
CreatedOn = category.CreatedOn,
LastModifiedBy = category.ModifiedByUser,
LastModifiedOn = category.ModifiedOn,
Name = category.Category.Name
}).ToList();
});
}
return(new GetBlogPostsResponse
{
Data = listResponse
});
}
/// <summary>
/// Gets files list.
/// </summary>
/// <param name="request">The request.</param>
/// <returns>
/// <c>GetFilesResponse</c> with files list.
/// </returns>
public GetFilesResponse Get(GetFilesRequest request)
{
request.Data.SetDefaultOrder("Title");
var query =
repository.AsQueryable <Media>()
.Where(m => m.Original == null && m.Type == Module.MediaManager.Models.MediaType.File)
.Where(f => !(f is MediaFile) || (!((MediaFile)f).IsTemporary && ((MediaFile)f).IsUploaded == true));
if (request.Data.FolderId == null)
{
query = query.Where(m => m.Folder == null);
}
else
{
query = query.Where(m => m.Folder.Id == request.Data.FolderId && !m.Folder.IsDeleted);
}
if (!request.Data.IncludeFolders)
{
query = query.Where(media => media.ContentType != Module.MediaManager.Models.MediaContentType.Folder);
}
if (!request.Data.IncludeFiles)
{
query = query.Where(media => media.ContentType != Module.MediaManager.Models.MediaContentType.File);
}
if (!request.Data.IncludeArchived)
{
query = query.Where(m => !m.IsArchived);
}
query = query.ApplyMediaTagsFilter(request.Data)
.ApplyCategoriesFilter(categoryService, request.Data);
if (request.User != null && !string.IsNullOrWhiteSpace(request.User.Name))
{
var principal = new ApiPrincipal(request.User);
IEnumerable <Guid> deniedPages = accessControlService.GetPrincipalDeniedObjects <MediaFile>(principal, false);
foreach (var deniedPageId in deniedPages)
{
var id = deniedPageId;
query = query.Where(f => f.Id != id);
}
}
var listResponse =
query.Select(
media =>
new MediaModel
{
Id = media.Id,
Version = media.Version,
CreatedBy = media.CreatedByUser,
CreatedOn = media.CreatedOn,
LastModifiedBy = media.ModifiedByUser,
LastModifiedOn = media.ModifiedOn,
Title = media.Title,
Description = media.Description,
MediaContentType =
media is MediaFolder ? (MediaContentType)((int)MediaContentType.Folder) : (MediaContentType)((int)MediaContentType.File),
FileExtension = media is MediaFile ? ((MediaFile)media).OriginalFileExtension : null,
FileSize = media is MediaFile ? ((MediaFile)media).Size : (long?)null,
FileUrl = media is MediaFile ? ((MediaFile)media).PublicUrl : null,
IsArchived = media.IsArchived,
ThumbnailId = media.Image != null && !media.Image.IsDeleted ? media.Image.Id : (Guid?)null,
ThumbnailCaption = media.Image != null && !media.Image.IsDeleted ? media.Image.Caption : null,
ThumbnailUrl = media.Image != null && !media.Image.IsDeleted ? media.Image.PublicThumbnailUrl : null
}).ToDataListResponse(request);
var ids = new List <Guid>();
listResponse.Items.ToList().ForEach(
media =>
{
if (media.MediaContentType == MediaContentType.File)
{
media.FileUrl = this.mediaFileService.GetDownloadFileUrl(Module.MediaManager.Models.MediaType.File, media.Id, media.FileUrl);
ids.Add(media.Id);
}
media.FileUrl = fileUrlResolver.EnsureFullPathUrl(media.FileUrl);
media.ThumbnailUrl = fileUrlResolver.EnsureFullPathUrl(media.ThumbnailUrl);
});
if (request.Data.IncludeAccessRules)
{
(from file in repository.AsQueryable <MediaFile>()
from accessRule in file.AccessRules
where ids.Contains(file.Id)
orderby accessRule.IsForRole, accessRule.Identity
select
new AccessRuleModelEx
{
AccessRule =
new AccessRuleModel
{
AccessLevel = (AccessLevel)(int)accessRule.AccessLevel,
Identity = accessRule.Identity,
IsForRole = accessRule.IsForRole
},
FileId = file.Id
}).ToList()
.ForEach(
rule => listResponse.Items.Where(file => file.Id == rule.FileId).ToList().ForEach(
file =>
{
if (file.AccessRules == null)
{
file.AccessRules = new List <AccessRuleModel>();
}
file.AccessRules.Add(rule.AccessRule);
}));
}
if (request.Data.IncludeCategories)
{
listResponse.Items.ForEach(
item =>
{
item.Categories = (from media in repository.AsQueryable <MediaFile>()
from category in media.Categories
where media.Id == item.Id && !category.IsDeleted
select new CategoryNodeModel
{
Id = category.Category.Id,
Version = category.Version,
CreatedBy = category.CreatedByUser,
CreatedOn = category.CreatedOn,
LastModifiedBy = category.ModifiedByUser,
LastModifiedOn = category.ModifiedOn,
Name = category.Category.Name,
CategoryTreeId = category.Category.CategoryTree.Id
}).ToList();
});
}
return(new GetFilesResponse {
Data = listResponse
});
}
public GetPagesResponse Get(GetPagesRequest request)
{
request.Data.SetDefaultOrder("Title");
var query = repository
.AsQueryable <PageProperties>();
if (!request.Data.IncludeArchived)
{
query = query.Where(b => !b.IsArchived);
}
if (!request.Data.IncludeUnpublished)
{
query = query.Where(b => b.Status == PageStatus.Published);
}
if (!request.Data.IncludeMasterPages)
{
query = query.Where(b => !b.IsMasterPage);
}
query = query.ApplyPageTagsFilter(request.Data);
if (request.User != null && !string.IsNullOrWhiteSpace(request.User.Name))
{
var principal = new ApiPrincipal(request.User);
IEnumerable <Guid> deniedPages = accessControlService.GetPrincipalDeniedObjects <PageProperties>(principal, false);
foreach (var deniedPageId in deniedPages)
{
var id = deniedPageId;
query = query.Where(f => f.Id != id);
}
}
var includeMetadata = request.Data.IncludeMetadata;
var listResponse = query
.Select(page => new PageModel
{
Id = page.Id,
Version = page.Version,
CreatedBy = page.CreatedByUser,
CreatedOn = page.CreatedOn,
LastModifiedBy = page.ModifiedByUser,
LastModifiedOn = page.ModifiedOn,
PageUrl = page.PageUrl,
Title = page.Title,
Description = page.Description,
IsPublished = page.Status == PageStatus.Published,
PublishedOn = page.PublishedOn,
LayoutId = page.Layout != null && !page.Layout.IsDeleted ? page.Layout.Id : (Guid?)null,
MasterPageId = page.MasterPage != null && !page.MasterPage.IsDeleted ? page.MasterPage.Id : (Guid?)null,
CategoryId = page.Category != null && !page.Category.IsDeleted ? page.Category.Id : (Guid?)null,
CategoryName = page.Category != null && !page.Category.IsDeleted ? page.Category.Name : null,
MainImageId = page.Image != null && !page.Image.IsDeleted ? page.Image.Id : (Guid?)null,
MainImageUrl = page.Image != null && !page.Image.IsDeleted ? page.Image.PublicUrl : null,
MainImageThumbnauilUrl = page.Image != null && !page.Image.IsDeleted ? page.Image.PublicThumbnailUrl : null,
MainImageCaption = page.Image != null && !page.Image.IsDeleted ? page.Image.Caption : null,
IsArchived = page.IsArchived,
IsMasterPage = page.IsMasterPage,
LanguageId = page.Language != null ? page.Language.Id : (Guid?)null,
LanguageCode = page.Language != null ? page.Language.Code : null,
LanguageGroupIdentifier = page.LanguageGroupIdentifier,
Metadata = includeMetadata
? new MetadataModel
{
MetaDescription = page.MetaDescription,
MetaTitle = page.MetaTitle,
MetaKeywords = page.MetaKeywords,
UseNoFollow = page.UseNoFollow,
UseNoIndex = page.UseNoIndex,
UseCanonicalUrl = page.UseCanonicalUrl
} : null
}).ToDataListResponse(request);
foreach (var model in listResponse.Items)
{
model.MainImageUrl = fileUrlResolver.EnsureFullPathUrl(model.MainImageUrl);
model.MainImageThumbnauilUrl = fileUrlResolver.EnsureFullPathUrl(model.MainImageThumbnauilUrl);
}
if (listResponse.Items.Count > 0 &&
(request.Data.IncludePageOptions || request.Data.IncludeTags || request.Data.IncludeAccessRules))
{
LoadInnerCollections(listResponse, request.Data.IncludePageOptions, request.Data.IncludeTags, request.Data.IncludeAccessRules);
}
return(new GetPagesResponse
{
Data = listResponse
});
}
public override void OnAuthorization(HttpActionContext actionContext)
{
try
{
if (ShouldSkipAuthorization(actionContext))
return;
this.Users = String.IsNullOrEmpty(this.Users) ? this.GetDefaultUsers() : this.Users;
this.Roles = String.IsNullOrEmpty(this.Roles) ? this.GetDefaultRoles() : this.Roles;
AuthorizationInput authInput = null;
// try to get Input from Headres
var authHeader = actionContext.Request.Headers.Authorization;
if (authHeader != null && !String.IsNullOrWhiteSpace(authHeader.Parameter))
authInput = new AuthorizationInput(authHeader.Scheme, authHeader.Parameter);
if (authInput == null)
{
// try to get Input from Query
var authQueryParam = actionContext.Request.GetQueryNameValuePairs().FirstOrDefault(p => p.Key.Equals(TokenAuthLabel)).Value;
if (!String.IsNullOrWhiteSpace(authQueryParam))
authInput = new AuthorizationInput(TokenAuthLabel, authQueryParam);
}
// input should be provided anyway...
if (authInput == null)
{
this.Unauthorized(actionContext);
return;
}
// try to get existing token (token, that was already setted up for current context)
Token token = this.GetExistingTokenFromTokenProvider(authInput);
// try to make Authorization with AuthProvider and create new Token
if (token == null)
token = this.MakeNewAuthorizationToken(authInput);
if (token == null)
{
this.Unauthorized(actionContext);
return;
}
var principal = new ApiPrincipal(token);
// setup thread's principal in .NET
Thread.CurrentPrincipal = principal;
// setup asp.net user
if (HttpContext.Current != null)
HttpContext.Current.User = principal;
#region Check Attribute Roles
if (!String.IsNullOrEmpty(this.Roles))
{
bool inRole = this.Roles.Split(new char[] { ',', ';' }).Any(role => principal.IsInRole(role));
if (!inRole)
{
this.Forbidden(actionContext);
return;
}
}
#endregion
#region Check Attributes Users
if (!String.IsNullOrEmpty(this.Users))
{
if (!this.Users.Split(new char[] { ',', ';' }).Contains(principal.Identity.Name.ToString()))
{
this.Forbidden(actionContext);
return;
}
}
#endregion
}
catch (Exception ex)
{
this.Exception(actionContext, ex);
}
}
