yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch 'netcore/dev' into netcore/members-userstore

Browse Source
This commit is contained in:
Emma Garland
2021-02-09 13:22:40 +00:00
parent 8a9c3d0c2e b0b1de9972
commit 19fcbf80f4
220 changed files with 2869 additions and 6196 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
src/Umbraco.Web.Common/Security/EncryptionHelper.cs
View File

@@ -1,5 +1,6 @@
using System;
using System;
using System.Collections.Generic;
using System.Collections.Specialized;
using System.Linq;
using System.Net;
using System.Web;
@@ -12,64 +13,80 @@ namespace Umbraco.Web.Common.Security
{
public class EncryptionHelper
{
// TODO: Decide if these belong here... I don't think so since this all has to do with surface controller routes
// could also just be injected too....
private static IDataProtector CreateDataProtector(IDataProtectionProvider dataProtectionProvider)
{
return dataProtectionProvider.CreateProtector(nameof(EncryptionHelper));
}
=> dataProtectionProvider.CreateProtector(nameof(EncryptionHelper));
public static string Decrypt(string encryptedString, IDataProtectionProvider dataProtectionProvider)
{
return CreateDataProtector(dataProtectionProvider).Unprotect(encryptedString);
}
=> CreateDataProtector(dataProtectionProvider).Unprotect(encryptedString);
public static string Encrypt(string plainString, IDataProtectionProvider dataProtectionProvider)
{
return CreateDataProtector(dataProtectionProvider).Protect(plainString);
}
=> CreateDataProtector(dataProtectionProvider).Protect(plainString);
/// <summary>
/// This is used in methods like BeginUmbracoForm and SurfaceAction to generate an encrypted string which gets submitted in a request for which
/// Umbraco can decrypt during the routing process in order to delegate the request to a specific MVC Controller.
/// </summary>
/// <param name="dataProtectionProvider"></param>
/// <param name="controllerName"></param>
/// <param name="controllerAction"></param>
/// <param name="area"></param>
/// <param name="additionalRouteVals"></param>
/// <returns></returns>
public static string CreateEncryptedRouteString(IDataProtectionProvider dataProtectionProvider, string controllerName, string controllerAction, string area, object additionalRouteVals = null)
{
if (dataProtectionProvider == null) throw new ArgumentNullException(nameof(dataProtectionProvider));
if (controllerName == null) throw new ArgumentNullException(nameof(controllerName));
if (string.IsNullOrEmpty(controllerName)) throw new ArgumentException("Value can't be empty.", nameof(controllerName));
if (controllerAction == null) throw new ArgumentNullException(nameof(controllerAction));
if (string.IsNullOrEmpty(controllerAction)) throw new ArgumentException("Value can't be empty.", nameof(controllerAction));
if (area == null) throw new ArgumentNullException(nameof(area));
if (dataProtectionProvider is null)
{
throw new ArgumentNullException(nameof(dataProtectionProvider));
}
//need to create a params string as Base64 to put into our hidden field to use during the routes
if (string.IsNullOrEmpty(controllerName))
{
throw new ArgumentException($"'{nameof(controllerName)}' cannot be null or empty.", nameof(controllerName));
}
if (string.IsNullOrEmpty(controllerAction))
{
throw new ArgumentException($"'{nameof(controllerAction)}' cannot be null or empty.", nameof(controllerAction));
}
if (area is null)
{
throw new ArgumentNullException(nameof(area));
}
// need to create a params string as Base64 to put into our hidden field to use during the routes
var surfaceRouteParams = $"{ViewConstants.ReservedAdditionalKeys.Controller}={WebUtility.UrlEncode(controllerName)}&{ViewConstants.ReservedAdditionalKeys.Action}={WebUtility.UrlEncode(controllerAction)}&{ViewConstants.ReservedAdditionalKeys.Area}={area}";
//checking if the additional route values is already a dictionary and convert to querystring
// checking if the additional route values is already a dictionary and convert to querystring
string additionalRouteValsAsQuery;
if (additionalRouteVals != null)
{
if (additionalRouteVals is Dictionary<string, object> additionalRouteValsAsDictionary)
{
additionalRouteValsAsQuery = additionalRouteValsAsDictionary.ToQueryString();
}
else
{
additionalRouteValsAsQuery = additionalRouteVals.ToDictionary<object>().ToQueryString();
}
}
else
{
additionalRouteValsAsQuery = null;
}
if (additionalRouteValsAsQuery.IsNullOrWhiteSpace() == false)
{
surfaceRouteParams += "&" + additionalRouteValsAsQuery;
}
return Encrypt(surfaceRouteParams, dataProtectionProvider);
}
public static bool DecryptAndValidateEncryptedRouteString(IDataProtectionProvider dataProtectionProvider, string encryptedString, out IDictionary<string, string> parts)
{
if (dataProtectionProvider == null) throw new ArgumentNullException(nameof(dataProtectionProvider));
if (dataProtectionProvider == null)
{
throw new ArgumentNullException(nameof(dataProtectionProvider));
}
string decryptedString;
try
{
@@ -81,22 +98,32 @@ namespace Umbraco.Web.Common.Security
parts = null;
return false;
}
var parsedQueryString = HttpUtility.ParseQueryString(decryptedString);
NameValueCollection parsedQueryString = HttpUtility.ParseQueryString(decryptedString);
parts = new Dictionary<string, string>();
foreach (var key in parsedQueryString.AllKeys)
{
parts[key] = parsedQueryString[key];
}
//validate all required keys exist
//the controller
// validate all required keys exist
// the controller
if (parts.All(x => x.Key != ViewConstants.ReservedAdditionalKeys.Controller))
{
return false;
//the action
}
// the action
if (parts.All(x => x.Key != ViewConstants.ReservedAdditionalKeys.Action))
{
return false;
//the area
}
// the area
if (parts.All(x => x.Key != ViewConstants.ReservedAdditionalKeys.Area))
{
return false;
}
return true;
}