public async Task <IActionResult> WxLoginAsync(WxLoginParam loginParam)
{
// 使用IHttpClientFactory创建的HttpClient
OpenIdParam openIdParam = await WxUtils.GetOpenIdAsync(loginParam, clientFactory.CreateClient());
if (openIdParam == null || string.IsNullOrEmpty(openIdParam.session_key))
{
return(ValidationProblem("验证错误,Secret可能失效"));
}
WxPhoneModel wxPhoneModel = WxAppEncryptUtil.GetEncryptedDataStr(loginParam.EncryptedData, openIdParam.session_key, loginParam.Iv);
if (wxPhoneModel == null)
{
return(ValidationProblem("用户信息解析错误"));
}
string phone = wxPhoneModel.PurePhoneNumber ?? wxPhoneModel.PhoneNumber;
if (string.IsNullOrEmpty(phone))
{
return(ValidationProblem("可能未绑定手机号"));
}
TbUser user = await rep.GetEntityAsync(s => s.Phone.Equals(phone), s => new TbUser {
State = s.State
});
if (user == null)
{
return(ValidationProblem("用户未注册"));
}
string token = AuthorizationUtil.GetToken(30, user.Id, user.Name, "user", user.CarNum);
return(Ok(new { access_token = token }));
}
public async Task <IActionResult> LoginAsync(LoginModel model)
{
TbUser user = await rep.GetEntityAsync(s => s.Name.Equals(model.name));
if (user == null)
{
return(NotFound($"用户名'{model.name}'不存在"));
}
if (!WxAppEncryptUtil.MD5(model.pwd).Equals(user.Pwd))
{
return(ValidationProblem(new ValidationProblemDetails()
{
Detail = "密码错误"
}));
}
string token = AuthorizationUtil.GetToken(30, user.Id, user.Name, "user", user.CarNum);
DateTime authTime = DateTime.Now;
DateTime expiresAt = authTime.AddMinutes(30);
return(Ok(new
{
access_token = token,
token_type = Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerDefaults.AuthenticationScheme,
profile = new
{
sid = user.Id,
name = user.Name,
auth_time = new DateTimeOffset(authTime).ToUnixTimeSeconds(),
expires_at = new DateTimeOffset(expiresAt).ToUnixTimeSeconds()
}
}));
}
public void OnAuthorization(AuthorizationFilterContext context)
{
if (!(context.ActionDescriptor is ControllerActionDescriptor))
{
return;
}
if (context.Filters.Any(item => item is IAllowAnonymousFilter))
{
return;
}
#region 根据反射获取自定义验证特性,判断是否需要验证
ControllerActionDescriptor cad = context.ActionDescriptor as ControllerActionDescriptor;
bool r1 = cad.ControllerTypeInfo.CustomAttributes.Any(s => s.AttributeType.Name.Equals("AuthorizeAttribute"));
bool r2 = cad.MethodInfo.CustomAttributes.Any(s => s.AttributeType.Name.Equals("AuthorizeAttribute"));
if (!r1 && !r2)
{
return;
}
if (cad.MethodInfo.CustomAttributes.Any(s => s.AttributeType.Name.Equals("AllowAnonymousAttribute")))
{
return;
}
string actionName = cad.ActionName;
string controllerName = cad.ControllerName;
#endregion
bool rs = context.HttpContext.Request.Headers.TryGetValue("token", out Microsoft.Extensions.Primitives.StringValues strValues);
bool vaildRs = false;
if (rs)
{
vaildRs = AuthorizationUtil.VerifyToken(strValues.ToString(), out TimeSpan validTime, out ClaimsIdentity claimsIdentity);
if (vaildRs)
{
List <Claim> list = new List <Claim>(claimsIdentity.Claims);
Claim roleClaim = list.Find(s => s.Type.Contains(JwtClaimTypes.Role));
if (roleClaim != null)
{
//Todo:根据 actionName,controllerName,roleClaim判断是否有权限
bool hadPower = true;
if (!hadPower)
{
context.Result = new ForbidResult();
return;
}
}
}
}
if (!rs || !vaildRs)
{
context.Result = new UnauthorizedResult();
}
return;
}
public void SetUp()
{
var unitOfWorkFactory = Substitute.For <IUnitOfWorkFactory>();
_unitOfWork = Substitute.For <IUnitOfWork>();
unitOfWorkFactory.CreateUnitOfWork().Returns(_unitOfWork);
_userRepository = Substitute.For <IUserRepository>();
_unitOfWork.Users.Returns(_userRepository);
_authorizationUtil = new AuthorizationUtil(unitOfWorkFactory);
}
protected override Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
Model.Usuario user = null;
if (AuthorizationUtil.IsValid(request.Headers.Authorization, out user))
{
var roles = IdentityUtil.GetRoles(user);
var principal = new GenericPrincipal(new GenericIdentity(user.Nome), roles);
CurrentPrincipalUtil.SetPrincipal(principal);
}
return(base.SendAsync(request, cancellationToken));
}
public void ProcessRequest(HttpContext context)
{
// Negotiate with the request limiter (if enabled)
if (_requestLimiter != null)
{
if (!_requestLimiter.ClientLimitOK(context.Request))
{
// Deny request
// see 409 - http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html
context.Response.AppendHeader("Retry-After", _requestLimiter.LimiterTimeSpan.ToString());
throw new HttpException(429, "429 - Too many requests in too short timeframe. Please try again later.");
}
}
// Enable CORS and preflight requests for saved queries
// Preflight requests should also be allowed in the API (SSDHandler).
if (Settings.Current.Features.SavedQuery.EnableCORS)
{
// Enable CORS (Cross-Origin-Resource-Sharing)
context.Response.AppendHeader("Access-Control-Allow-Origin", "*");
// Handle Preflight requests
if (context.Request.HttpMethod == "OPTIONS")
{
context.Response.AppendHeader("Access-Control-Allow-Methods", "GET");
return;
}
}
string queryName;
var routeData = context.Items["RouteData"] as RouteData;
if (routeData.Values["QueryName"] != null)
{
queryName = ValidationManager.GetValue(routeData.Values["QueryName"].ToString());
}
else
{
//No query supplied goto error page.
//TODO just to shut the compiler up
queryName = "";
//TODO redirect
throw new Exception("No query supplied");
}
// ----- Handle changed output format -----
_format = GetChangedOutputFormat(routeData);
// ----- Handle changed language -----
HandleChangedLanguage();
//Load saved query
PCAxis.Query.SavedQuery sq = null;
PXModel model = null;
bool safe = true;
try
{
if (PCAxis.Query.SavedQueryManager.StorageType == PCAxis.Query.SavedQueryStorageType.File)
{
string path = System.Web.Hosting.HostingEnvironment.MapPath(@"~/App_Data/queries/");
if (!queryName.ToLower().EndsWith(".pxsq"))
{
queryName = queryName + ".pxsq";
}
string[] allfiles = Directory.GetFiles(path, queryName, SearchOption.AllDirectories);
if (allfiles.Length == 0)
{
throw new HttpException(404, "HTTP/1.1 404 Not Found ");
}
queryName = allfiles[0];
}
//Check if the database is active.
//It should not be possible to run a saved query if the database is not active
sq = PCAxis.Query.SavedQueryManager.Current.Load(queryName);
IEnumerable <string> db;
TableSource src = sq.Sources[0];
if (src.Type.ToLower() == "cnmm")
{
db = PXWeb.Settings.Current.General.Databases.CnmmDatabases;
}
else
{
db = PXWeb.Settings.Current.General.Databases.PxDatabases;
}
bool activeDatabase = false;
foreach (var item in db)
{
if (item.ToLower() == src.DatabaseId.ToLower())
{
activeDatabase = true;
break;
}
}
if (!activeDatabase)
{
throw new SystemException();
}
//Validate that the user has the rights to access the table
string tableName = QueryHelper.GetTableName(src);
//if (!AuthorizationUtil.IsAuthorized(src.DatabaseId, null, src.Source))
if (!AuthorizationUtil.IsAuthorized(src.DatabaseId, null, tableName)) //TODO: Should be dbid, menu and selection. Only works for SCB right now... (2018-11-14)
{
List <LinkManager.LinkItem> linkItems = new List <LinkManager.LinkItem>();
linkItems.Add(new LinkManager.LinkItem()
{
Key = PxUrl.LANGUAGE_KEY, Value = src.Language
});
linkItems.Add(new LinkManager.LinkItem()
{
Key = PxUrl.DB_KEY, Value = src.DatabaseId
});
linkItems.Add(new LinkManager.LinkItem()
{
Key = "msg", Value = "UnauthorizedTable"
});
string url = LinkManager.CreateLink("~/Menu.aspx", linkItems.ToArray());
HttpContext.Current.Response.Redirect(url, false);
HttpContext.Current.ApplicationInstance.CompleteRequest();
return;
}
if (string.IsNullOrWhiteSpace(_format))
{
//Output format is not changed - use output format in the saved query
_format = sq.Output.Type;
}
// "Pre-flight" request from MS Office application
var userAgent = context.Request.Headers["User-Agent"];
//if (userAgent.ToLower().Contains("ms-office") && sq.Output.Type == PxUrl.VIEW_TABLE_IDENTIFIER)
if (userAgent != null && userAgent.ToLower().Contains("ms-office"))
{
context.Response.Write("<html><body>ms office return</body></html>");
HttpContext.Current.ApplicationInstance.CompleteRequest();
//context.Response.End();
return;
}
//We need to store to be able to run workflow due to variables are referenced with name and not ids
_originaleSavedQuerylanguage = sq.Sources[0].Language;
// Check from saved query output type is on screen. If so createCopy shall be true, else false
bool createCopy = CreateCopyOfCachedPaxiom(_format);
// Create cache key
string cacheKey = "";
if (_language != null)
{
cacheKey = string.Format("{0}_{1}", queryName, _language);
}
else
{
cacheKey = string.Format("{0}_{1}", queryName, _originaleSavedQuerylanguage);
}
// Handle redirects to the selection page in a special way. The model object will only contain metadata and no data
if (_format.Equals(PxUrl.PAGE_SELECT))
{
cacheKey = string.Format("{0}_{1}", cacheKey, PxUrl.PAGE_SELECT);
}
// Try to get model from cache
model = PXWeb.Management.SavedQueryPaxiomCache.Current.Fetch(cacheKey, createCopy);
PaxiomManager.QueryModel = PXWeb.Management.SavedQueryPaxiomCache.Current.FetchQueryModel(cacheKey, createCopy);
if (model == null || PaxiomManager.QueryModel == null)
{
DateTime timeStamp = DateTime.Now;
// Model not found in cache - load it manually
model = LoadData(sq);
//Check if we need to change langauge to be able to run workflow due to variables are referenced with name and not ids
if (!string.IsNullOrEmpty(_language) && _language != _originaleSavedQuerylanguage)
{
model.Meta.SetLanguage(_originaleSavedQuerylanguage);
}
// No need to run workflow if we are redirecting to the selection page
if (!_format.Equals(PxUrl.PAGE_SELECT))
{
model = QueryHelper.RunWorkflow(sq, model);
}
//Set back to requested langauge after workflow operations
if (!string.IsNullOrEmpty(_language) && _language != _originaleSavedQuerylanguage)
{
if (model.Meta.HasLanguage(_language))
{
model.Meta.SetLanguage(_language);
}
}
// Store model in cache
PXWeb.Management.SavedQueryPaxiomCache.Current.Store(cacheKey, model, timeStamp);
PXWeb.Management.SavedQueryPaxiomCache.Current.StoreQueryModel(cacheKey, PaxiomManager.QueryModel, timeStamp);
}
if (!sq.Safe)
{
safe = !CheckForUnsafeOperations(sq.Workflow);
}
}
catch (Exception ex)
{
if ((PCAxis.Query.SavedQueryManager.StorageType == PCAxis.Query.SavedQueryStorageType.File && System.IO.File.Exists(queryName)) ||
(PCAxis.Query.SavedQueryManager.StorageType == PCAxis.Query.SavedQueryStorageType.Database))
{
PCAxis.Query.SavedQueryManager.Current.MarkAsFailed(queryName);
}
throw new HttpException(404, "HTTP/1.1 404 Not Found");
//throw ex;
}
sq.LoadedQueryName = queryName;
PCAxis.Query.SavedQueryManager.Current.MarkAsRunned(queryName);
// Tell the selection page that it sholud clear the PxModel
if (_format.Equals(PxUrl.PAGE_SELECT))
{
HttpContext.Current.Session.Add("SelectionClearPxModel", true);
}
ViewSerializerCreator.GetSerializer(_format).Render(_format, sq, model, safe);
}
