yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Updates authorized web services/http handlers to use WebSecurity and implements the new base class

Browse Source 
properties available in 6.1. Updates WebSecurity with a few more helpful methods.
This commit is contained in:
Shannon Deminick
2013-04-09 22:11:12 +06:00
parent 63cae70ec3
commit 16746c8548
10 changed files with 180 additions and 175 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
src/Umbraco.Web/WebServices/UmbracoAuthorizedHttpHandler.cs
View File

@@ -3,6 +3,7 @@ using System.Linq;
using System.Web;
using System.Web.Security;
using Umbraco.Core;
using Umbraco.Web.Security;
using umbraco;
using umbraco.BasePages;
using umbraco.BusinessLogic;
@@ -22,11 +23,7 @@ namespace Umbraco.Web.WebServices
{
}
//IMPORTANT NOTE: !! All of these security bits and pieces have been moved in to one centralized class
// in 6.1 called WebSecurity. All this logic is all here temporarily!
private User _user;
private readonly InnerPage _page = new InnerPage();
private bool _hasValidated = false;
/// <summary>
/// Checks if the umbraco context id is valid
@@ -35,7 +32,7 @@ namespace Umbraco.Web.WebServices
/// <returns></returns>
protected bool ValidateUserContextId(string currentUmbracoUserContextId)
{
return BasePage.ValidateUserContextID(currentUmbracoUserContextId);
return UmbracoContext.Security.ValidateUserContextId(currentUmbracoUserContextId);
}
/// <summary>
@@ -46,7 +43,7 @@ namespace Umbraco.Web.WebServices
/// <returns></returns>
protected bool ValidateCredentials(string username, string password)
{
return Membership.Providers[UmbracoSettings.DefaultBackofficeProvider].ValidateUser(username, password);
return UmbracoContext.Security.ValidateBackOfficeCredentials(username, password);
}
/// <summary>
@@ -79,7 +76,7 @@ namespace Umbraco.Web.WebServices
/// <returns></returns>
protected bool UserHasAppAccess(string app, User user)
{
return user.Applications.Any(uApp => uApp.alias == app);
return Security.UserHasAppAccess(app, user);
}
/// <summary>
@@ -90,11 +87,7 @@ namespace Umbraco.Web.WebServices
/// <returns></returns>
protected bool UserHasAppAccess(string app, string username)
{
var uid = global::umbraco.BusinessLogic.User.getUserId(username);
if (uid < 0) return false;
var usr = global::umbraco.BusinessLogic.User.GetUser(uid);
if (usr == null) return false;
return UserHasAppAccess(app, usr);
return Security.UserHasAppAccess(app, username);
}
/// <summary>
@@ -104,30 +97,8 @@ namespace Umbraco.Web.WebServices
/// <returns></returns>
protected bool AuthorizeRequest(bool throwExceptions = false)
{
// check for secure connection
if (GlobalSettings.UseSSL && !HttpContext.Current.Request.IsSecureConnection)
{
if (throwExceptions)
throw new UserAuthorizationException("This installation requires a secure connection (via SSL). Please update the URL to include https://");
return false;
}
try
{
return UmbracoUser != null;
}
catch (ArgumentException)
{
if (throwExceptions) throw;
//an exception will occur if the user is not valid inside of _page.getUser();
return false;
}
catch (InvalidOperationException)
{
if (throwExceptions) throw;
//an exception will occur if the user is not valid inside of _page.getUser();
return false;
}
var result = Security.AuthorizeRequest(new HttpContextWrapper(HttpContext.Current), throwExceptions);
return result == ValidateRequestAttempt.Success;
}
/// <summary>
@@ -137,17 +108,14 @@ namespace Umbraco.Web.WebServices
{
get
{
return _user ?? (_user = _page.getUser());
if (!_hasValidated)
{
Security.ValidateCurrentUser(new HttpContextWrapper(HttpContext.Current));
_hasValidated = true;
}
return Security.CurrentUser;
}
}
/// <summary>
/// Used to validate, thie is temporary, in 6.1 we have the WebSecurity class which does all
/// authorization stuff for us.
/// </summary>
private class InnerPage : BasePage
{
}
}
}