public ChangesPushContent(RavenDbApiController controller) { Connected = true; Id = controller.GetQueryStringValue("id"); if (string.IsNullOrEmpty(Id)) throw new ArgumentException("Id is mandatory"); }
public void InitializeFrom(RavenDbApiController other) { DatabaseName = other.DatabaseName; queryFromPostRequest = other.queryFromPostRequest; Configuration = other.Configuration; ControllerContext = other.ControllerContext; ActionContext = other.ActionContext; }
public IPrincipal GetUser(RavenDbApiController controller, bool hasApiKey) { var token = GetToken(controller); if (token == null) { WriteAuthorizationChallenge(controller, hasApiKey ? 412 : 401, "invalid_request", "The access token is required"); return null; } AccessTokenBody tokenBody; if (!AccessToken.TryParseBody(controller.DatabasesLandlord.SystemConfiguration.OAuthTokenKey, token, out tokenBody)) { WriteAuthorizationChallenge(controller, 401, "invalid_token", "The access token is invalid"); return null; } return new OAuthPrincipal(tokenBody, null); }
public IPrincipal GetUser(RavenDbApiController controller) { Func<HttpResponseMessage> onRejectingRequest; var databaseName = controller.DatabaseName ?? Constants.SystemDatabase; var userCreated = TryCreateUser(controller, databaseName, out onRejectingRequest); if (userCreated == false) onRejectingRequest(); return userCreated ? controller.User : null; }
public List<string> GetApprovedResources(IPrincipal user, RavenDbApiController controller, string[] databases) { var authHeader = controller.GetHeader("Authorization"); List<string> approved; if (string.IsNullOrEmpty(authHeader) == false && authHeader.StartsWith("Bearer ")) approved = oAuthRequestAuthorizer.GetApprovedResources(user); else approved = windowsRequestAuthorizer.GetApprovedResources(user); if (approved.Contains("*")) return databases.ToList(); return approved; }
public IPrincipal GetUser(RavenDbApiController controller) { if (controller.WasAlreadyAuthorizedUsingSingleAuthToken) { return controller.User; } var hasApiKey = "True".Equals(controller.GetQueryStringValue("Has-Api-Key"), StringComparison.CurrentCultureIgnoreCase); var authHeader = controller.GetHeader("Authorization"); var hasOAuthTokenInCookie = controller.HasCookie("OAuth-Token"); if (hasApiKey || hasOAuthTokenInCookie || string.IsNullOrEmpty(authHeader) == false && authHeader.StartsWith("Bearer ")) { return oAuthRequestAuthorizer.GetUser(controller, hasApiKey); } return windowsRequestAuthorizer.GetUser(controller); }
public ConnectionState For(string id, RavenDbApiController controller = null) { return connections.GetOrAdd(id, _ => { IEventsTransport eventsTransport = null; if (controller != null) eventsTransport = new ChangesPushContent(controller); var connectionState = new ConnectionState(eventsTransport); TimeSensitiveStore.Missing(id); return connectionState; }); }
public string GenerateSingleUseAuthToken(DocumentDatabase db, IPrincipal user, RavenDbApiController controller) { var token = new OneTimeToken { DatabaseName = controller.DatabaseName, GeneratedAt = SystemTime.UtcNow, User = user }; var tokenString = Guid.NewGuid().ToString(); singleUseAuthTokens.TryAdd(tokenString, token); if (singleUseAuthTokens.Count > 25) { foreach (var oneTimeToken in singleUseAuthTokens.Where(x => (x.Value.GeneratedAt - SystemTime.UtcNow).TotalMinutes > 5)) { OneTimeToken value; singleUseAuthTokens.TryRemove(oneTimeToken.Key, out value); } } return tokenString; }