/// <summary> /// Validates the current user /// </summary> /// <param name="httpContext"></param> /// <param name="throwExceptions">set to true if you want exceptions to be thrown if failed</param> /// <returns></returns> internal ValidateRequestAttempt ValidateCurrentUser(HttpContextBase httpContext, bool throwExceptions = false) { if (UmbracoUserContextId != "") { var uid = GetUserId(UmbracoUserContextId); var timeout = GetTimeout(UmbracoUserContextId); if (timeout > DateTime.Now.Ticks) { var user = User.GetUser(uid); // Check for console access if (user.Disabled || (user.NoConsole && GlobalSettings.RequestIsInUmbracoApplication(httpContext) && GlobalSettings.RequestIsLiveEditRedirector(httpContext) == false)) { if (throwExceptions) { throw new ArgumentException("You have no priviledges to the umbraco console. Please contact your administrator"); } return(ValidateRequestAttempt.FailedNoPrivileges); } UpdateLogin(timeout); return(ValidateRequestAttempt.Success); } if (throwExceptions) { throw new ArgumentException("User has timed out!!"); } return(ValidateRequestAttempt.FailedTimedOut); } if (throwExceptions) { throw new InvalidOperationException("The user has no umbraco contextid - try logging in"); } return(ValidateRequestAttempt.FailedNoContextId); }
/// <summary> /// Validates the current user assigned to the request and ensures the stored user data is valid /// </summary> /// <param name="throwExceptions">set to true if you want exceptions to be thrown if failed</param> /// <returns></returns> internal ValidateRequestAttempt ValidateCurrentUser(bool throwExceptions) { //This will first check if the current user is already authenticated - which should be the case in nearly all circumstances // since the authentication happens in the Module, that authentication also checks the ticket expiry. We don't // need to check it a second time because that requires another decryption phase and nothing can tamper with it during the request. if (IsAuthenticated() == false) { //There is no user if (throwExceptions) { throw new InvalidOperationException("The user has no umbraco contextid - try logging in"); } return(ValidateRequestAttempt.FailedNoContextId); } var user = CurrentUser; // Check for console access if (user == null || user.IsApproved == false || (user.IsLockedOut && GlobalSettings.RequestIsInUmbracoApplication(_httpContext))) { if (throwExceptions) { throw new ArgumentException("You have no priviledges to the umbraco console. Please contact your administrator"); } return(ValidateRequestAttempt.FailedNoPrivileges); } return(ValidateRequestAttempt.Success); }
/// <summary> /// Ensures that the request is a document request (i.e. one that the module should handle) /// </summary> /// <param name="httpContext"></param> /// <param name="uri"></param> /// <returns></returns> bool EnsureDocumentRequest(HttpContextBase httpContext, Uri uri) { var maybeDoc = true; var lpath = uri.AbsolutePath.ToLowerInvariant(); // handle directory-urls used for asmx // legacy - what's the point really? if (maybeDoc && GlobalSettings.UseDirectoryUrls) { int asmxPos = lpath.IndexOf(".asmx/"); if (asmxPos >= 0) { // use uri.AbsolutePath, not path, 'cos path has been lowercased httpContext.RewritePath(uri.AbsolutePath.Substring(0, asmxPos + 5), // filePath uri.AbsolutePath.Substring(asmxPos + 5), // pathInfo uri.Query.TrimStart('?')); maybeDoc = false; } } // a document request should be // /foo/bar/nil // /foo/bar/nil/ // /foo/bar/nil.aspx // where /foo is not a reserved path // if the path contains an extension that is not .aspx // then it cannot be a document request if (maybeDoc && lpath.Contains('.') && !lpath.EndsWith(".aspx")) { maybeDoc = false; } // at that point, either we have no extension, or it is .aspx // if the path is reserved then it cannot be a document request if (maybeDoc && GlobalSettings.IsReservedPathOrUrl(lpath)) { maybeDoc = false; } //NOTE: No need to warn, plus if we do we should log the document, as this message doesn't really tell us anything :) //if (!maybeDoc) //{ // LogHelper.Warn<UmbracoModule>("Not a document"); //} return(maybeDoc); }