public object GetHtml(TemplateMetadataDebug request) { var feature = HostContext.GetPlugin <TemplatePagesFeature>(); if (!HostContext.DebugMode) { RequiredRoleAttribute.AssertRequiredRoles(Request, feature.MetadataDebugAdminRole); } if (request.Template != null) { return(Any(request)); } var defaultTemplate = feature.DebugDefaultTemplate ?? DefaultTemplate; var html = HtmlTemplates.GetMetadataDebugTemplate(); html = html.Replace("{0}", defaultTemplate); var authsecret = Request.GetParam(Keywords.AuthSecret); if (HostContext.Config.AdminAuthSecret != null && HostContext.Config.AdminAuthSecret == authsecret) { html = html.Replace("{ template: template }", "{ template: template, authsecret:" + feature.DefaultFilters.jsQuotedString(authsecret).ToRawString() + " }"); } return(html); }
public object Post(UnAssignRoles request) { RequiredRoleAttribute.AssertRequiredRoles(Request, RoleNames.Admin); request.UserName.ThrowIfNullOrEmpty(); var authRepo = HostContext.AppHost.GetAuthRepository(base.Request); using (authRepo as IDisposable) { var userAuth = authRepo.GetUserAuthByUserName(request.UserName); if (userAuth == null) { throw HttpError.NotFound(request.UserName); } authRepo.UnAssignRoles(userAuth, request.Roles, request.Permissions); return(new UnAssignRolesResponse { AllRoles = authRepo.GetRoles(userAuth).ToList(), AllPermissions = authRepo.GetPermissions(userAuth).ToList(), }); } }
public static async Task AssertAccessRoleAsync(IRequest req, string accessRole = null, string authSecret = null, CancellationToken token = default) { if (HostContext.Config.AdminAuthSecret == null || HostContext.Config.AdminAuthSecret != authSecret) { await RequiredRoleAttribute.AssertRequiredRoleAsync(req, accessRole, token); } }
public object Post(UnAssignRoles request) { if (!Request.IsInProcessRequest()) { RequiredRoleAttribute.AssertRequiredRoles(Request, RoleNames.Admin); } if (string.IsNullOrEmpty(request.UserName)) { throw new ArgumentNullException(nameof(request.UserName)); } var userAuth = AuthRepository.GetUserAuthByUserName(request.UserName); if (userAuth == null) { throw HttpError.NotFound(request.UserName); } AuthRepository.UnAssignRoles(userAuth, request.Roles, request.Permissions); return(new UnAssignRolesResponse { AllRoles = AuthRepository.GetRoles(userAuth).ToList(), AllPermissions = AuthRepository.GetPermissions(userAuth).ToList(), }); }
public static void AssertAccessRole(IRequest req, string accessRole = null, string authSecret = null) { if (HostContext.Config.AdminAuthSecret == null || HostContext.Config.AdminAuthSecret != authSecret) { RequiredRoleAttribute.AssertRequiredRoles(req, accessRole); } }
public async Task <object> Post(AssignRoles request) { if (!Request.IsInProcessRequest()) { await RequiredRoleAttribute.AssertRequiredRoleAsync(Request, RoleNames.Admin); } if (string.IsNullOrEmpty(request.UserName)) { throw new ArgumentNullException(nameof(request.UserName)); } var userAuth = await AuthRepositoryAsync.GetUserAuthByUserNameAsync(request.UserName).ConfigAwait(); if (userAuth == null) { throw HttpError.NotFound(request.UserName); } await AuthRepositoryAsync.AssignRolesAsync(userAuth, request.Roles, request.Permissions).ConfigAwait(); return(new AssignRolesResponse { AllRoles = (await AuthRepositoryAsync.GetRolesAsync(userAuth).ConfigAwait()).ToList(), AllPermissions = (await AuthRepositoryAsync.GetPermissionsAsync(userAuth).ConfigAwait()).ToList(), }); }
public void Does_validate_RequiredRoles_with_UserAuthRepo_When_Role_not_in_Session() { var userWithAdminRole = new UserAuth { Id = 1, Roles = new[] { RoleNames.Admin }.ToList() }; userAuthMock.Expect(x => x.GetUserAuth(It.IsAny <IAuthSession>(), It.IsAny <IOAuthTokens>())) .Returns(userWithAdminRole); var registrationService = GetRegistrationService(); var requiredRole = new RequiredRoleAttribute(RoleNames.Admin); var requestContext = (MockRequestContext)registrationService.RequestContext; requestContext.Container.Register(userAuthMock.Object); var httpRes = requestContext.Get <IHttpResponse>(); requiredRole.Execute( requestContext.Get <IHttpRequest>(), httpRes, null); Assert.That(!httpRes.IsClosed); }
public object Any(TemplatesAdmin request) { var feature = HostContext.AssertPlugin<TemplatePagesFeature>(); RequiredRoleAttribute.AssertRequiredRoles(Request, feature.TemplatesAdminRole); if (string.IsNullOrEmpty(request.Actions)) return new TemplatesAdminResponse { Results = new[]{ "Available actions: " + string.Join(",", Actions) } }; var actions = request.Actions.Split(','); var results = new List<string>(); using (var ms = MemoryStreamFactory.GetStream()) { var scope = new TemplateScopeContext(new PageResult(feature.EmptyPage), ms, new Dictionary<string, object>()); if (actions.Any(x => x.EqualsIgnoreCase(nameof(TemplateProtectedFilters.invalidateAllCaches)))) results.Add(nameof(TemplateProtectedFilters.invalidateAllCaches) + ": " + feature.ProtectedFilters.invalidateAllCaches(scope).ToJsv()); if (actions.Any(x => x.EqualsIgnoreCase(nameof(TemplatePagesFeature.RunInitPage)))) results.Add(nameof(TemplatePagesFeature.RunInitPage) + ": " + feature.RunInitPage()); if (results.Count > 0) return new TemplatesAdminResponse { Results = results.ToArray() }; } throw new NotSupportedException("Unknown Action. Available actions: " + string.Join(",", Actions)); }
public object Any(TemplateMetadataDebug request) { if (string.IsNullOrEmpty(request.Template)) return null; var feature = HostContext.GetPlugin<TemplatePagesFeature>(); if (!HostContext.DebugMode) { if (HostContext.Config.AdminAuthSecret == null || HostContext.Config.AdminAuthSecret != request.AuthSecret) { RequiredRoleAttribute.AssertRequiredRoles(Request, feature.MetadataDebugAdminRole); } } var context = new TemplateContext { TemplateFilters = { new TemplateInfoFilters() }, Args = { {TemplateConstants.Request, base.Request}, {"request", base.Request}, {"appHost", HostContext.AppHost}, {"appConfig", HostContext.Config}, {"appVirtualFilesPath", HostContext.VirtualFiles.RootDirectory.RealPath}, {"appVirtualFileSourcesPath", HostContext.VirtualFileSources.RootDirectory.RealPath}, {"meta", HostContext.Metadata}, } }.Init(); feature.Args.Each(x => context.Args[x.Key] = x.Value); var result = context.EvaluateTemplate(request.Template); return new HttpResult(result) { ContentType = MimeTypes.PlainText }; }
public static void AssertIsAdminOrDebugMode(IRequest req, string adminRole = null, string authSecret = null) { if (!HostContext.DebugMode) { if (HostContext.Config.AdminAuthSecret == null || HostContext.Config.AdminAuthSecret != authSecret) { RequiredRoleAttribute.AssertRequiredRoles(req, adminRole); } } }
public void Does_validate_AssertRequiredRoles_with_UserAuthRepo_When_Role_not_in_Session() { var registrationService = GetRegistrationService(); var request = registrationService.Request; HostContext.Container.Register(userAuth); RequiredRoleAttribute.AssertRequiredRoles(request, RoleNames.Admin); Assert.That(!request.Response.IsClosed); }
public void Does_validate_RequiredRoles_with_UserAuthRepo_When_Role_not_in_Session() { var registrationService = GetRegistrationService(); var requiredRole = new RequiredRoleAttribute(RoleNames.Admin); var request = registrationService.Request; HostContext.Container.Register(userAuth); var httpRes = request.Response; requiredRole.Execute(request, request.Response, request.OperationName); Assert.That(!httpRes.IsClosed); }
public void Does_validate_RequiredRoles_with_UserAuthRepo_When_Role_not_in_Session() { var registrationService = GetRegistrationService(); var requiredRole = new RequiredRoleAttribute(RoleNames.Admin); var request = registrationService.Request; HostContext.Container.Register(userAuth); var httpRes = request.Response; requiredRole.ExecuteAsync(request, request.Response, request.OperationName).Wait(); Assert.That(!httpRes.IsClosed); }
public void Does_validate_RequiredRoles_with_UserAuthRepo_When_Role_not_in_Session() { var registrationService = GetRegistrationService(); var requiredRole = new RequiredRoleAttribute(RoleNames.Admin); var requestContext = (MockRequestContext)registrationService.RequestContext; requestContext.Container.Register(userAuth); var httpRes = requestContext.Get<IHttpResponse>(); requiredRole.Execute( requestContext.Get<IHttpRequest>(), httpRes, null); Assert.That(!httpRes.IsClosed); }
public void Does_validate_RequiredRoles_with_UserAuthRepo_When_Role_not_in_Session() { var registrationService = GetRegistrationService(); var requiredRole = new RequiredRoleAttribute(RoleNames.Admin); var requestContext = (MockRequestContext)registrationService.RequestContext; requestContext.Container.Register(userAuth); var httpRes = requestContext.Get <IHttpResponse>(); requiredRole.Execute( requestContext.Get <IHttpRequest>(), httpRes, null); Assert.That(!httpRes.IsClosed); }
public object Post(UnAssignRoles request) { RequiredRoleAttribute.AssertRequiredRoles(Request, RoleNames.Admin); request.UserName.ThrowIfNullOrEmpty(); var userAuth = UserAuthRepo.GetUserAuthByUserName(request.UserName); if (userAuth == null) { throw HttpError.NotFound(request.UserName); } UserAuthRepo.UnAssignRoles(userAuth, request.Roles, request.Permissions); return(new UnAssignRolesResponse { AllRoles = UserAuthRepo.GetRoles(userAuth).ToList(), AllPermissions = UserAuthRepo.GetPermissions(userAuth).ToList(), }); }
private bool ZeroUsersOrIsAdmin() { // can only make changes while there are no users in the system // OR user is authenticated and is an admin var userCount = Db.Count <UserAuth>(); if (userCount > 0) { if (!base.IsAuthenticated) { new AuthenticateAttribute().ExecuteAsync(base.Request, base.Response, null).Wait(); return(false); } else if (!base.GetSession().HasRole(RoleNames.Admin, base.AuthRepository)) { RequiredRoleAttribute.AssertRequiredRoles(Request, RoleNames.Admin); return(false); } } return(true); }
/// <summary>Anies the given request.</summary> /// /// <exception cref="Exception">Thrown when an exception error condition occurs.</exception> /// /// <param name="request">The request.</param> /// /// <returns>An object.</returns> public object Any(RequestLogs request) { if (RequestLogger == null) { throw new Exception("No IRequestLogger is registered"); } RequiredRoleAttribute.AssertRequiredRoles(RequestContext, RequestLogger.RequiredRoles); if (request.EnableSessionTracking.HasValue) { RequestLogger.EnableSessionTracking = request.EnableSessionTracking.Value; } var now = DateTime.UtcNow; var logs = RequestLogger.GetLatestLogs(request.Take).AsQueryable(); if (request.BeforeSecs.HasValue) { logs = logs.Where(x => (now - x.DateTime) <= TimeSpan.FromSeconds(request.BeforeSecs.Value)); } if (request.AfterSecs.HasValue) { logs = logs.Where(x => (now - x.DateTime) > TimeSpan.FromSeconds(request.AfterSecs.Value)); } if (!request.IpAddress.IsNullOrEmpty()) { logs = logs.Where(x => x.IpAddress == request.IpAddress); } if (!request.UserAuthId.IsNullOrEmpty()) { logs = logs.Where(x => x.UserAuthId == request.UserAuthId); } if (!request.SessionId.IsNullOrEmpty()) { logs = logs.Where(x => x.SessionId == request.SessionId); } if (!request.Referer.IsNullOrEmpty()) { logs = logs.Where(x => x.Referer == request.Referer); } if (!request.PathInfo.IsNullOrEmpty()) { logs = logs.Where(x => x.PathInfo == request.PathInfo); } if (!request.Ids.IsEmpty()) { logs = logs.Where(x => request.Ids.Contains(x.Id)); } if (request.BeforeId.HasValue) { logs = logs.Where(x => x.Id <= request.BeforeId); } if (request.AfterId.HasValue) { logs = logs.Where(x => x.Id > request.AfterId); } if (request.WithErrors.HasValue) { logs = request.WithErrors.Value ? logs.Where(x => x.ErrorResponse != null) : logs.Where(x => x.ErrorResponse == null); } if (request.DurationLongerThan.HasValue) { logs = logs.Where(x => x.RequestDuration > request.DurationLongerThan.Value); } if (request.DurationLessThan.HasValue) { logs = logs.Where(x => x.RequestDuration < request.DurationLessThan.Value); } var results = logs.Skip(request.Skip).OrderByDescending(x => x.Id).ToList(); return(new RequestLogsResponse { Results = results, Usage = Usage, }); }
public object Any(RequiresRole request) { RequiredRoleAttribute.AssertRequiredRoles(Request, request.Role ?? RoleNames.Admin); return(request); }