protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { var httpContext = HttpContext.Current; var helper = new HttpRequestHelper(request); var token = helper.GetAccessToken(); // AuthProviderFactory.GetCurrent().GetAuthProvider().GetToken(request); try { if (!string.IsNullOrWhiteSpace(token)) { HttpStatusCode status; var principal = new ApiPrincipal(token, AuthProviderFactory.GetAuthProvider().Verify(token));//AccessTokenAuthorization.getAuthorizedAccessToken(token, out status)); //set this so other handlers can get the principal request.SetUserPrincipal(principal); //set these so other areas of the pipeline can get the pincipal httpContext.User = principal; Thread.CurrentPrincipal = principal; return(base.SendAsync(request, cancellationToken)); } } catch (Exception ex) { request.CreateResponse(HttpStatusCode.Unauthorized); } return(base.SendAsync(request, cancellationToken)); }
public GetMediaTreeResponse Get(GetMediaTreeRequest request) { var response = new GetMediaTreeResponse { Data = new MediaTreeModel() }; if (request.Data.IncludeFilesTree) { IEnumerable <Guid> deniedPages = null; if (request.User != null && !string.IsNullOrWhiteSpace(request.User.Name)) { var principal = new ApiPrincipal(request.User); deniedPages = accessControlService.GetPrincipalDeniedObjects <MediaFile>(principal, false); } response.Data.FilesTree = LoadMediaTree <MediaFile>(Module.MediaManager.Models.MediaType.File, deniedPages, request.Data.IncludeArchived, request.Data.IncludeFiles, request.Data.IncludeAccessRules); } if (request.Data.IncludeImagesTree) { response.Data.ImagesTree = LoadMediaTree <MediaImage>(Module.MediaManager.Models.MediaType.Image, null, request.Data.IncludeArchived, request.Data.IncludeImages, false); } return(response); }
protected async override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken) { Stopwatch stopwatch = new Stopwatch(); var userString = new Regex("userAuthentication"); var userStringMatch = userString.Match(request.RequestUri.AbsolutePath); if (!userStringMatch.Success) { if (request.Headers.Authorization != null) { if (!ApiPrincipal.RequestValidation(request) || ApiPrincipal.SessionCheck(request)) { return(new HttpResponseMessage(HttpStatusCode.NotAcceptable)); } } else { return(new HttpResponseMessage(HttpStatusCode.NotAcceptable)); } } stopwatch.Start(); var response = await base.SendAsync(request, cancellationToken); stopwatch.Stop(); //return response; return(ApiPrincipal.SetSession(response)); }
public ApplicationHttpClient(HttpClient httpClient, IConfiguration config, IApiPrincipalResolver apiPrincipalResolver) { _httpClient = httpClient; _config = config; _apiPrincipal = apiPrincipalResolver.Resolve(); _httpClient.DefaultRequestHeaders.Clear(); _httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); }
/// <summary> /// Gets the specified request. /// </summary> /// <param name="request">The request.</param> /// <returns><c>GetBlogPostsResponse</c> with a list of blog posts.</returns> public GetBlogPostsResponse Get(GetBlogPostsRequest request) { request.Data.SetDefaultOrder("Title"); var query = repository .AsQueryable <Module.Blog.Models.BlogPost>(); if (!request.Data.IncludeArchived) { query = query.Where(b => !b.IsArchived); } if (!request.Data.IncludeUnpublished) { query = query.Where(b => b.Status == PageStatus.Published); } if (request.User != null && !string.IsNullOrWhiteSpace(request.User.Name)) { var principal = new ApiPrincipal(request.User); IEnumerable <Guid> deniedPages = accessControlService.GetPrincipalDeniedObjects <PageProperties>(principal, false); foreach (var deniedPageId in deniedPages) { var id = deniedPageId; query = query.Where(f => f.Id != id); } } query = query.ApplyPageTagsFilter(request.Data) .ApplyCategoriesFilter(categoryService, request.Data); var listResponse = query .Select(blogPost => new BlogPostModel { Id = blogPost.Id, Version = blogPost.Version, CreatedBy = blogPost.CreatedByUser, CreatedOn = blogPost.CreatedOn, LastModifiedBy = blogPost.ModifiedByUser, LastModifiedOn = blogPost.ModifiedOn, BlogPostUrl = blogPost.PageUrl, Title = blogPost.Title, IntroText = blogPost.Description, IsPublished = blogPost.Status == PageStatus.Published, PublishedOn = blogPost.PublishedOn, LayoutId = blogPost.Layout != null && !blogPost.Layout.IsDeleted ? blogPost.Layout.Id : (Guid?)null, MasterPageId = blogPost.MasterPage != null && !blogPost.MasterPage.IsDeleted ? blogPost.MasterPage.Id : (Guid?)null, AuthorId = blogPost.Author != null && !blogPost.Author.IsDeleted ? blogPost.Author.Id : (Guid?)null, AuthorName = blogPost.Author != null && !blogPost.Author.IsDeleted ? blogPost.Author.Name : null, MainImageId = blogPost.Image != null && !blogPost.Image.IsDeleted ? blogPost.Image.Id : (Guid?)null, MainImageUrl = blogPost.Image != null && !blogPost.Image.IsDeleted ? blogPost.Image.PublicUrl : null, MainImageThumbnauilUrl = blogPost.Image != null && !blogPost.Image.IsDeleted ? blogPost.Image.PublicThumbnailUrl : null, MainImageThumbnailUrl = blogPost.Image != null && !blogPost.Image.IsDeleted ? blogPost.Image.PublicThumbnailUrl : null, MainImageCaption = blogPost.Image != null && !blogPost.Image.IsDeleted ? blogPost.Image.Caption : null, SecondaryImageId = blogPost.SecondaryImage != null && !blogPost.SecondaryImage.IsDeleted ? blogPost.SecondaryImage.Id : (Guid?)null, SecondaryImageUrl = blogPost.SecondaryImage != null && !blogPost.SecondaryImage.IsDeleted ? blogPost.SecondaryImage.PublicUrl : null, SecondaryImageThumbnailUrl = blogPost.SecondaryImage != null && !blogPost.SecondaryImage.IsDeleted ? blogPost.SecondaryImage.PublicThumbnailUrl : null, SecondaryImageCaption = blogPost.SecondaryImage != null && !blogPost.SecondaryImage.IsDeleted ? blogPost.SecondaryImage.Caption : null, FeaturedImageId = blogPost.FeaturedImage != null && !blogPost.FeaturedImage.IsDeleted ? blogPost.FeaturedImage.Id : (Guid?)null, FeaturedImageUrl = blogPost.FeaturedImage != null && !blogPost.FeaturedImage.IsDeleted ? blogPost.FeaturedImage.PublicUrl : null, FeaturedImageThumbnailUrl = blogPost.FeaturedImage != null && !blogPost.FeaturedImage.IsDeleted ? blogPost.FeaturedImage.PublicThumbnailUrl : null, FeaturedImageCaption = blogPost.FeaturedImage != null && !blogPost.FeaturedImage.IsDeleted ? blogPost.FeaturedImage.Caption : null, ActivationDate = blogPost.ActivationDate, ExpirationDate = blogPost.ExpirationDate, IsArchived = blogPost.IsArchived, LanguageId = blogPost.Language != null ? blogPost.Language.Id : (Guid?)null, LanguageCode = blogPost.Language != null ? blogPost.Language.Code : null, LanguageGroupIdentifier = blogPost.LanguageGroupIdentifier, ContentId = blogPost.PageContents.Where(pc => !pc.Content.IsDeleted && pc.Content is BlogPostContent) .Select(pc => pc.Content.Id) .FirstOrDefault() }) .ToDataListResponse(request); foreach (var model in listResponse.Items) { model.MainImageUrl = fileUrlResolver.EnsureFullPathUrl(model.MainImageUrl); model.MainImageThumbnauilUrl = fileUrlResolver.EnsureFullPathUrl(model.MainImageThumbnauilUrl); model.MainImageThumbnailUrl = fileUrlResolver.EnsureFullPathUrl(model.MainImageThumbnailUrl); model.SecondaryImageUrl = fileUrlResolver.EnsureFullPathUrl(model.SecondaryImageUrl); model.SecondaryImageThumbnailUrl = fileUrlResolver.EnsureFullPathUrl(model.SecondaryImageThumbnailUrl); model.FeaturedImageUrl = fileUrlResolver.EnsureFullPathUrl(model.FeaturedImageUrl); model.FeaturedImageThumbnailUrl = fileUrlResolver.EnsureFullPathUrl(model.FeaturedImageThumbnailUrl); } if (listResponse.Items.Count > 0 && (request.Data.IncludeTags || request.Data.IncludeAccessRules)) { LoadTags(listResponse, request.Data.IncludeTags, request.Data.IncludeAccessRules); } if (request.Data.IncludeCategories) { listResponse.Items.ForEach(page => { page.Categories = (from pagePr in repository.AsQueryable <Module.Blog.Models.BlogPost>() from category in pagePr.Categories where pagePr.Id == page.Id && !category.IsDeleted select new CategoryModel { Id = category.Category.Id, Version = category.Version, CreatedBy = category.CreatedByUser, CreatedOn = category.CreatedOn, LastModifiedBy = category.ModifiedByUser, LastModifiedOn = category.ModifiedOn, Name = category.Category.Name }).ToList(); }); } return(new GetBlogPostsResponse { Data = listResponse }); }
/// <summary> /// Gets files list. /// </summary> /// <param name="request">The request.</param> /// <returns> /// <c>GetFilesResponse</c> with files list. /// </returns> public GetFilesResponse Get(GetFilesRequest request) { request.Data.SetDefaultOrder("Title"); var query = repository.AsQueryable <Media>() .Where(m => m.Original == null && m.Type == Module.MediaManager.Models.MediaType.File) .Where(f => !(f is MediaFile) || (!((MediaFile)f).IsTemporary && ((MediaFile)f).IsUploaded == true)); if (request.Data.FolderId == null) { query = query.Where(m => m.Folder == null); } else { query = query.Where(m => m.Folder.Id == request.Data.FolderId && !m.Folder.IsDeleted); } if (!request.Data.IncludeFolders) { query = query.Where(media => media.ContentType != Module.MediaManager.Models.MediaContentType.Folder); } if (!request.Data.IncludeFiles) { query = query.Where(media => media.ContentType != Module.MediaManager.Models.MediaContentType.File); } if (!request.Data.IncludeArchived) { query = query.Where(m => !m.IsArchived); } query = query.ApplyMediaTagsFilter(request.Data) .ApplyCategoriesFilter(categoryService, request.Data); if (request.User != null && !string.IsNullOrWhiteSpace(request.User.Name)) { var principal = new ApiPrincipal(request.User); IEnumerable <Guid> deniedPages = accessControlService.GetPrincipalDeniedObjects <MediaFile>(principal, false); foreach (var deniedPageId in deniedPages) { var id = deniedPageId; query = query.Where(f => f.Id != id); } } var listResponse = query.Select( media => new MediaModel { Id = media.Id, Version = media.Version, CreatedBy = media.CreatedByUser, CreatedOn = media.CreatedOn, LastModifiedBy = media.ModifiedByUser, LastModifiedOn = media.ModifiedOn, Title = media.Title, Description = media.Description, MediaContentType = media is MediaFolder ? (MediaContentType)((int)MediaContentType.Folder) : (MediaContentType)((int)MediaContentType.File), FileExtension = media is MediaFile ? ((MediaFile)media).OriginalFileExtension : null, FileSize = media is MediaFile ? ((MediaFile)media).Size : (long?)null, FileUrl = media is MediaFile ? ((MediaFile)media).PublicUrl : null, IsArchived = media.IsArchived, ThumbnailId = media.Image != null && !media.Image.IsDeleted ? media.Image.Id : (Guid?)null, ThumbnailCaption = media.Image != null && !media.Image.IsDeleted ? media.Image.Caption : null, ThumbnailUrl = media.Image != null && !media.Image.IsDeleted ? media.Image.PublicThumbnailUrl : null }).ToDataListResponse(request); var ids = new List <Guid>(); listResponse.Items.ToList().ForEach( media => { if (media.MediaContentType == MediaContentType.File) { media.FileUrl = this.mediaFileService.GetDownloadFileUrl(Module.MediaManager.Models.MediaType.File, media.Id, media.FileUrl); ids.Add(media.Id); } media.FileUrl = fileUrlResolver.EnsureFullPathUrl(media.FileUrl); media.ThumbnailUrl = fileUrlResolver.EnsureFullPathUrl(media.ThumbnailUrl); }); if (request.Data.IncludeAccessRules) { (from file in repository.AsQueryable <MediaFile>() from accessRule in file.AccessRules where ids.Contains(file.Id) orderby accessRule.IsForRole, accessRule.Identity select new AccessRuleModelEx { AccessRule = new AccessRuleModel { AccessLevel = (AccessLevel)(int)accessRule.AccessLevel, Identity = accessRule.Identity, IsForRole = accessRule.IsForRole }, FileId = file.Id }).ToList() .ForEach( rule => listResponse.Items.Where(file => file.Id == rule.FileId).ToList().ForEach( file => { if (file.AccessRules == null) { file.AccessRules = new List <AccessRuleModel>(); } file.AccessRules.Add(rule.AccessRule); })); } if (request.Data.IncludeCategories) { listResponse.Items.ForEach( item => { item.Categories = (from media in repository.AsQueryable <MediaFile>() from category in media.Categories where media.Id == item.Id && !category.IsDeleted select new CategoryNodeModel { Id = category.Category.Id, Version = category.Version, CreatedBy = category.CreatedByUser, CreatedOn = category.CreatedOn, LastModifiedBy = category.ModifiedByUser, LastModifiedOn = category.ModifiedOn, Name = category.Category.Name, CategoryTreeId = category.Category.CategoryTree.Id }).ToList(); }); } return(new GetFilesResponse { Data = listResponse }); }
public GetPagesResponse Get(GetPagesRequest request) { request.Data.SetDefaultOrder("Title"); var query = repository .AsQueryable <PageProperties>(); if (!request.Data.IncludeArchived) { query = query.Where(b => !b.IsArchived); } if (!request.Data.IncludeUnpublished) { query = query.Where(b => b.Status == PageStatus.Published); } if (!request.Data.IncludeMasterPages) { query = query.Where(b => !b.IsMasterPage); } query = query.ApplyPageTagsFilter(request.Data); if (request.User != null && !string.IsNullOrWhiteSpace(request.User.Name)) { var principal = new ApiPrincipal(request.User); IEnumerable <Guid> deniedPages = accessControlService.GetPrincipalDeniedObjects <PageProperties>(principal, false); foreach (var deniedPageId in deniedPages) { var id = deniedPageId; query = query.Where(f => f.Id != id); } } var includeMetadata = request.Data.IncludeMetadata; var listResponse = query .Select(page => new PageModel { Id = page.Id, Version = page.Version, CreatedBy = page.CreatedByUser, CreatedOn = page.CreatedOn, LastModifiedBy = page.ModifiedByUser, LastModifiedOn = page.ModifiedOn, PageUrl = page.PageUrl, Title = page.Title, Description = page.Description, IsPublished = page.Status == PageStatus.Published, PublishedOn = page.PublishedOn, LayoutId = page.Layout != null && !page.Layout.IsDeleted ? page.Layout.Id : (Guid?)null, MasterPageId = page.MasterPage != null && !page.MasterPage.IsDeleted ? page.MasterPage.Id : (Guid?)null, CategoryId = page.Category != null && !page.Category.IsDeleted ? page.Category.Id : (Guid?)null, CategoryName = page.Category != null && !page.Category.IsDeleted ? page.Category.Name : null, MainImageId = page.Image != null && !page.Image.IsDeleted ? page.Image.Id : (Guid?)null, MainImageUrl = page.Image != null && !page.Image.IsDeleted ? page.Image.PublicUrl : null, MainImageThumbnauilUrl = page.Image != null && !page.Image.IsDeleted ? page.Image.PublicThumbnailUrl : null, MainImageCaption = page.Image != null && !page.Image.IsDeleted ? page.Image.Caption : null, IsArchived = page.IsArchived, IsMasterPage = page.IsMasterPage, LanguageId = page.Language != null ? page.Language.Id : (Guid?)null, LanguageCode = page.Language != null ? page.Language.Code : null, LanguageGroupIdentifier = page.LanguageGroupIdentifier, Metadata = includeMetadata ? new MetadataModel { MetaDescription = page.MetaDescription, MetaTitle = page.MetaTitle, MetaKeywords = page.MetaKeywords, UseNoFollow = page.UseNoFollow, UseNoIndex = page.UseNoIndex, UseCanonicalUrl = page.UseCanonicalUrl } : null }).ToDataListResponse(request); foreach (var model in listResponse.Items) { model.MainImageUrl = fileUrlResolver.EnsureFullPathUrl(model.MainImageUrl); model.MainImageThumbnauilUrl = fileUrlResolver.EnsureFullPathUrl(model.MainImageThumbnauilUrl); } if (listResponse.Items.Count > 0 && (request.Data.IncludePageOptions || request.Data.IncludeTags || request.Data.IncludeAccessRules)) { LoadInnerCollections(listResponse, request.Data.IncludePageOptions, request.Data.IncludeTags, request.Data.IncludeAccessRules); } return(new GetPagesResponse { Data = listResponse }); }
public override void OnAuthorization(HttpActionContext actionContext) { try { if (ShouldSkipAuthorization(actionContext)) return; this.Users = String.IsNullOrEmpty(this.Users) ? this.GetDefaultUsers() : this.Users; this.Roles = String.IsNullOrEmpty(this.Roles) ? this.GetDefaultRoles() : this.Roles; AuthorizationInput authInput = null; // try to get Input from Headres var authHeader = actionContext.Request.Headers.Authorization; if (authHeader != null && !String.IsNullOrWhiteSpace(authHeader.Parameter)) authInput = new AuthorizationInput(authHeader.Scheme, authHeader.Parameter); if (authInput == null) { // try to get Input from Query var authQueryParam = actionContext.Request.GetQueryNameValuePairs().FirstOrDefault(p => p.Key.Equals(TokenAuthLabel)).Value; if (!String.IsNullOrWhiteSpace(authQueryParam)) authInput = new AuthorizationInput(TokenAuthLabel, authQueryParam); } // input should be provided anyway... if (authInput == null) { this.Unauthorized(actionContext); return; } // try to get existing token (token, that was already setted up for current context) Token token = this.GetExistingTokenFromTokenProvider(authInput); // try to make Authorization with AuthProvider and create new Token if (token == null) token = this.MakeNewAuthorizationToken(authInput); if (token == null) { this.Unauthorized(actionContext); return; } var principal = new ApiPrincipal(token); // setup thread's principal in .NET Thread.CurrentPrincipal = principal; // setup asp.net user if (HttpContext.Current != null) HttpContext.Current.User = principal; #region Check Attribute Roles if (!String.IsNullOrEmpty(this.Roles)) { bool inRole = this.Roles.Split(new char[] { ',', ';' }).Any(role => principal.IsInRole(role)); if (!inRole) { this.Forbidden(actionContext); return; } } #endregion #region Check Attributes Users if (!String.IsNullOrEmpty(this.Users)) { if (!this.Users.Split(new char[] { ',', ';' }).Contains(principal.Identity.Name.ToString())) { this.Forbidden(actionContext); return; } } #endregion } catch (Exception ex) { this.Exception(actionContext, ex); } }