yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge branch '6.1.4' of github.com:umbraco/Umbraco-CMS into 6.1.4

Browse Source
This commit is contained in:
Sebastiaan Janssen
2013-07-31 18:31:56 +02:00
parent 898d25f3cb 9bc3fdd555
commit 87a3c53e22
14 changed files with 300 additions and 219 deletions
Download Patch File Download Diff File Expand all files Collapse all files

160
src/Umbraco.Core/UriExtensions.cs
View File

@@ -2,6 +2,8 @@ using System;
using System.IO;
using System.Linq;
using System.Text;
using Umbraco.Core.Configuration;
using Umbraco.Core.IO;
namespace Umbraco.Core
{
@@ -10,6 +12,38 @@ namespace Umbraco.Core
/// </summary>
public static class UriExtensions
{
/// <summary>
/// Checks if the current uri is a back office request
/// </summary>
/// <param name="url"></param>
/// <returns></returns>
internal static bool IsBackOfficeRequest(this Uri url)
{
var authority = url.GetLeftPart(UriPartial.Authority);
var afterAuthority = url.GetLeftPart(UriPartial.Query)
.TrimStart(authority)
.TrimStart("/");
//check if this is in the umbraco back office
return afterAuthority.InvariantStartsWith(GlobalSettings.Path.TrimStart("/"));
}
/// <summary>
/// Checks if the current uri is an install request
/// </summary>
/// <param name="url"></param>
/// <returns></returns>
internal static bool IsInstallerRequest(this Uri url)
{
var authority = url.GetLeftPart(UriPartial.Authority);
var afterAuthority = url.GetLeftPart(UriPartial.Query)
.TrimStart(authority)
.TrimStart("/");
//check if this is in the umbraco back office
return afterAuthority.InvariantStartsWith(IOHelper.ResolveUrl("~/install").TrimStart("/"));
}
/// <summary>
/// This is a performance tweak to check if this is a .css, .js or .ico, .jpg, .jpeg, .png, .gif file request since
/// .Net will pass these requests through to the module when in integrated mode.
@@ -19,7 +53,7 @@ namespace Umbraco.Core
/// <returns></returns>
internal static bool IsClientSideRequest(this Uri url)
{
var toIgnore = new[] { ".js", ".css", ".ico", ".png", ".jpg", ".jpeg", ".gif" };
var toIgnore = new[] { ".js", ".css", ".ico", ".png", ".jpg", ".jpeg", ".gif", ".html", ".svg" };
return toIgnore.Any(x => Path.GetExtension(url.LocalPath).InvariantEquals(x));
}
@@ -31,14 +65,14 @@ namespace Umbraco.Core
/// <returns>The rewritten uri.</returns>
/// <remarks>Everything else remains unchanged, except for the fragment which is removed.</remarks>
public static Uri Rewrite(this Uri uri, string path)
{
{
if (!path.StartsWith("/"))
throw new ArgumentException("Path must start with a slash.", "path");
return uri.IsAbsoluteUri
? new Uri(uri.GetLeftPart(UriPartial.Authority) + path + uri.Query)
return uri.IsAbsoluteUri
? new Uri(uri.GetLeftPart(UriPartial.Authority) + path + uri.Query)
: new Uri(path + uri.GetSafeQuery(), UriKind.Relative);
}
}
/// <summary>
/// Rewrites the path and query of a uri.
@@ -49,18 +83,18 @@ namespace Umbraco.Core
/// <returns>The rewritten uri.</returns>
/// <remarks>Everything else remains unchanged, except for the fragment which is removed.</remarks>
public static Uri Rewrite(this Uri uri, string path, string query)
{
{
if (!path.StartsWith("/"))
throw new ArgumentException("Path must start with a slash.", "path");
if (query.Length > 0 && !query.StartsWith("?"))
throw new ArgumentException("Query must start with a question mark.", "query");
if (query == "?")
query = "";
return uri.IsAbsoluteUri
? new Uri(uri.GetLeftPart(UriPartial.Authority) + path + query)
return uri.IsAbsoluteUri
? new Uri(uri.GetLeftPart(UriPartial.Authority) + path + query)
: new Uri(path + query, UriKind.Relative);
}
}
/// <summary>
/// Gets the absolute path of the uri, even if the uri is relative.
@@ -68,10 +102,10 @@ namespace Umbraco.Core
/// <param name="uri">The uri.</param>
/// <returns>The absolute path of the uri.</returns>
/// <remarks>Default uri.AbsolutePath does not support relative uris.</remarks>
public static string GetSafeAbsolutePath(this Uri uri)
{
if (uri.IsAbsoluteUri)
return uri.AbsolutePath;
public static string GetSafeAbsolutePath(this Uri uri)
{
if (uri.IsAbsoluteUri)
return uri.AbsolutePath;
// cannot get .AbsolutePath on relative uri (InvalidOperation)
var s = uri.OriginalString;
@@ -80,7 +114,7 @@ namespace Umbraco.Core
var pos = posq > 0 ? posq : (posf > 0 ? posf : 0);
var path = pos > 0 ? s.Substring(0, pos) : s;
return path;
}
}
/// <summary>
/// Gets the decoded, absolute path of the uri.
@@ -89,9 +123,9 @@ namespace Umbraco.Core
/// <returns>The absolute path of the uri.</returns>
/// <remarks>Only for absolute uris.</remarks>
public static string GetAbsolutePathDecoded(this Uri uri)
{
return System.Web.HttpUtility.UrlDecode(uri.AbsolutePath);
}
{
return System.Web.HttpUtility.UrlDecode(uri.AbsolutePath);
}
/// <summary>
/// Gets the decoded, absolute path of the uri, even if the uri is relative.
@@ -100,32 +134,32 @@ namespace Umbraco.Core
/// <returns>The absolute path of the uri.</returns>
/// <remarks>Default uri.AbsolutePath does not support relative uris.</remarks>
public static string GetSafeAbsolutePathDecoded(this Uri uri)
{
return System.Web.HttpUtility.UrlDecode(uri.GetSafeAbsolutePath());
}
{
return System.Web.HttpUtility.UrlDecode(uri.GetSafeAbsolutePath());
}
/// <summary>
/// Rewrites the path of the uri so it ends with a slash.
/// </summary>
/// <param name="uri">The uri.</param>
/// <returns>The rewritten uri.</returns>
/// <remarks>Everything else remains unchanged.</remarks>
/// <summary>
/// Rewrites the path of the uri so it ends with a slash.
/// </summary>
/// <param name="uri">The uri.</param>
/// <returns>The rewritten uri.</returns>
/// <remarks>Everything else remains unchanged.</remarks>
public static Uri EndPathWithSlash(this Uri uri)
{
var path = uri.GetSafeAbsolutePath();
if (uri.IsAbsoluteUri)
{
if (path != "/" && !path.EndsWith("/"))
uri = new Uri(uri.GetLeftPart(UriPartial.Authority) + path + "/" + uri.Query);
return uri;
}
else
{
if (path != "/" && !path.EndsWith("/"))
uri = new Uri(path + "/" + uri.Query, UriKind.Relative);
}
return uri;
}
{
var path = uri.GetSafeAbsolutePath();
if (uri.IsAbsoluteUri)
{
if (path != "/" && !path.EndsWith("/"))
uri = new Uri(uri.GetLeftPart(UriPartial.Authority) + path + "/" + uri.Query);
return uri;
}
else
{
if (path != "/" && !path.EndsWith("/"))
uri = new Uri(path + "/" + uri.Query, UriKind.Relative);
}
return uri;
}
/// <summary>
/// Rewrites the path of the uri so it does not end with a slash.
@@ -134,20 +168,20 @@ namespace Umbraco.Core
/// <returns>The rewritten uri.</returns>
/// <remarks>Everything else remains unchanged.</remarks>
public static Uri TrimPathEndSlash(this Uri uri)
{
var path = uri.GetSafeAbsolutePath();
if (uri.IsAbsoluteUri)
{
if (path != "/")
uri = new Uri(uri.GetLeftPart(UriPartial.Authority) + path.TrimEnd('/') + uri.Query);
}
else
{
if (path != "/")
uri = new Uri(path.TrimEnd('/') + uri.Query, UriKind.Relative);
}
return uri;
}
{
var path = uri.GetSafeAbsolutePath();
if (uri.IsAbsoluteUri)
{
if (path != "/")
uri = new Uri(uri.GetLeftPart(UriPartial.Authority) + path.TrimEnd('/') + uri.Query);
}
else
{
if (path != "/")
uri = new Uri(path.TrimEnd('/') + uri.Query, UriKind.Relative);
}
return uri;
}
/// <summary>
/// Transforms a relative uri into an absolute uri.
@@ -155,13 +189,13 @@ namespace Umbraco.Core
/// <param name="uri">The relative uri.</param>
/// <param name="baseUri">The base absolute uri.</param>
/// <returns>The absolute uri.</returns>
public static Uri MakeAbsolute(this Uri uri, Uri baseUri)
{
if (uri.IsAbsoluteUri)
throw new ArgumentException("Uri is already absolute.", "uri");
public static Uri MakeAbsolute(this Uri uri, Uri baseUri)
{
if (uri.IsAbsoluteUri)
throw new ArgumentException("Uri is already absolute.", "uri");
return new Uri(baseUri.GetLeftPart(UriPartial.Authority) + uri.GetSafeAbsolutePath() + uri.GetSafeQuery());
}
return new Uri(baseUri.GetLeftPart(UriPartial.Authority) + uri.GetSafeAbsolutePath() + uri.GetSafeQuery());
}
static string GetSafeQuery(this Uri uri)
{
@@ -176,5 +210,5 @@ namespace Umbraco.Core
return query;
}
}
}
}

32
src/Umbraco.Tests/UriExtensionsTests.cs
View File

@@ -10,6 +10,38 @@ namespace Umbraco.Tests
[TestFixture]
public class UriExtensionsTests
{
[TestCase("http://www.domain.com/umbraco", true)]
[TestCase("http://www.domain.com/Umbraco/", true)]
[TestCase("http://www.domain.com/umbraco/default.aspx", true)]
[TestCase("http://www.domain.com/umbraco/test/test", true)]
[TestCase("http://www.domain.com/Umbraco/test/test.aspx", true)]
[TestCase("http://www.domain.com/umbraco/test/test.js", true)]
[TestCase("http://www.domain.com/umbrac", false)]
[TestCase("http://www.domain.com/test", false)]
[TestCase("http://www.domain.com/test/umbraco", false)]
[TestCase("http://www.domain.com/test/umbraco.aspx", false)]
public void Is_Back_Office_Request(string input, bool expected)
{
var source = new Uri(input);
Assert.AreEqual(expected, source.IsBackOfficeRequest());
}
[TestCase("http://www.domain.com/install", true)]
[TestCase("http://www.domain.com/Install/", true)]
[TestCase("http://www.domain.com/install/default.aspx", true)]
[TestCase("http://www.domain.com/install/test/test", true)]
[TestCase("http://www.domain.com/Install/test/test.aspx", true)]
[TestCase("http://www.domain.com/install/test/test.js", true)]
[TestCase("http://www.domain.com/instal", false)]
[TestCase("http://www.domain.com/umbraco", false)]
[TestCase("http://www.domain.com/umbraco/umbraco", false)]
[TestCase("http://www.domain.com/test/umbraco.aspx", false)]
public void Is_Installer_Request(string input, bool expected)
{
var source = new Uri(input);
Assert.AreEqual(expected, source.IsInstallerRequest());
}
[TestCase("http://www.domain.com/foo/bar", "/", "http://www.domain.com/")]
[TestCase("http://www.domain.com/foo/bar#hop", "/", "http://www.domain.com/")]
[TestCase("http://www.domain.com/foo/bar?q=2#hop", "/", "http://www.domain.com/?q=2")]

30
src/Umbraco.Web/Install/UmbracoInstallAuthorizeAttribute.cs
View File

@@ -13,9 +13,23 @@ namespace Umbraco.Web.Install
/// </summary>
internal class UmbracoInstallAuthorizeAttribute : AuthorizeAttribute
{
private readonly ApplicationContext _applicationContext;
private readonly ApplicationContext _applicationContext;
private readonly UmbracoContext _umbracoContext;
private ApplicationContext GetApplicationContext()
{
return _applicationContext ?? ApplicationContext.Current;
}
private UmbracoContext GetUmbracoContext()
{
return _umbracoContext ?? UmbracoContext.Current;
}
/// <summary>
/// THIS SHOULD BE ONLY USED FOR UNIT TESTS
/// </summary>
/// <param name="umbracoContext"></param>
public UmbracoInstallAuthorizeAttribute(UmbracoContext umbracoContext)
{
if (umbracoContext == null) throw new ArgumentNullException("umbracoContext");
@@ -23,11 +37,9 @@ namespace Umbraco.Web.Install
_applicationContext = _umbracoContext.Application;
}
public UmbracoInstallAuthorizeAttribute()
: this(UmbracoContext.Current)
{
}
public UmbracoInstallAuthorizeAttribute()
{
}
/// <summary>
/// Ensures that the user must be logged in or that the application is not configured just yet.
@@ -41,13 +53,13 @@ namespace Umbraco.Web.Install
try
{
//if its not configured then we can continue
if (!_applicationContext.IsConfigured)
if (!GetApplicationContext().IsConfigured)
{
return true;
}
var umbCtx = GetUmbracoContext();
//otherwise we need to ensure that a user is logged in
var isLoggedIn = _umbracoContext.Security.ValidateUserContextId(_umbracoContext.Security.UmbracoUserContextId);
var isLoggedIn = umbCtx.Security.ValidateUserContextId(umbCtx.Security.UmbracoUserContextId);
if (isLoggedIn)
{
return true;

14
src/Umbraco.Web/Mvc/MemberAuthorizeAttribute.cs
View File

@@ -18,18 +18,24 @@ namespace Umbraco.Web.Mvc
public sealed class MemberAuthorizeAttribute : AuthorizeAttribute
{
private readonly ApplicationContext _applicationContext;
private readonly UmbracoContext _umbracoContext;
private UmbracoContext GetUmbracoContext()
{
return _umbracoContext ?? UmbracoContext.Current;
}
/// <summary>
/// THIS SHOULD BE ONLY USED FOR UNIT TESTS
/// </summary>
/// <param name="umbracoContext"></param>
public MemberAuthorizeAttribute(UmbracoContext umbracoContext)
{
if (umbracoContext == null) throw new ArgumentNullException("umbracoContext");
_umbracoContext = umbracoContext;
_applicationContext = _umbracoContext.Application;
}
public MemberAuthorizeAttribute()
: this(UmbracoContext.Current)
{
}
@@ -76,7 +82,7 @@ namespace Umbraco.Web.Mvc
}
}
return _umbracoContext.Security.IsMemberAuthorized(AllowAll,
return GetUmbracoContext().Security.IsMemberAuthorized(AllowAll,
AllowType.Split(','),
AllowGroup.Split(','),
members);

27
src/Umbraco.Web/Mvc/UmbracoAuthorizeAttribute.cs
View File

@@ -15,6 +15,20 @@ namespace Umbraco.Web.Mvc
private readonly ApplicationContext _applicationContext;
private readonly UmbracoContext _umbracoContext;
private ApplicationContext GetApplicationContext()
{
return _applicationContext ?? ApplicationContext.Current;
}
private UmbracoContext GetUmbracoContext()
{
return _umbracoContext ?? UmbracoContext.Current;
}
/// <summary>
/// THIS SHOULD BE ONLY USED FOR UNIT TESTS
/// </summary>
/// <param name="umbracoContext"></param>
public UmbracoAuthorizeAttribute(UmbracoContext umbracoContext)
{
if (umbracoContext == null) throw new ArgumentNullException("umbracoContext");
@@ -22,11 +36,9 @@ namespace Umbraco.Web.Mvc
_applicationContext = _umbracoContext.Application;
}
public UmbracoAuthorizeAttribute()
: this(UmbracoContext.Current)
{
}
public UmbracoAuthorizeAttribute()
{
}
/// <summary>
/// Ensures that the user must be in the Administrator or the Install role
@@ -40,9 +52,10 @@ namespace Umbraco.Web.Mvc
try
{
//we need to that the app is configured and that a user is logged in
if (!_applicationContext.IsConfigured)
if (!GetApplicationContext().IsConfigured)
return false;
var isLoggedIn = _umbracoContext.Security.ValidateUserContextId(_umbracoContext.Security.UmbracoUserContextId);
var umbCtx = GetUmbracoContext();
var isLoggedIn = umbCtx.Security.ValidateUserContextId(umbCtx.Security.UmbracoUserContextId);
return isLoggedIn;
}
catch (Exception)

47
src/Umbraco.Web/Mvc/UmbracoAuthorizedController.cs
View File

@@ -20,20 +20,8 @@ namespace Umbraco.Web.Mvc
[UmbracoAuthorize]
public abstract class UmbracoAuthorizedController : UmbracoController
{
private User _user;
private bool _userisValidated = false;
/// <summary>
/// The current user ID
/// </summary>
private int _uid = 0;
/// <summary>
/// The page timeout in seconds.
/// </summary>
private long _timeout = 0;
/// <summary>
/// Returns the currently logged in Umbraco User
/// </summary>
@@ -41,40 +29,15 @@ namespace Umbraco.Web.Mvc
{
get
{
if (!_userisValidated) ValidateUser();
return _user;
}
}
private void ValidateUser()
{
if ((UmbracoContext.Security.UmbracoUserContextId != ""))
{
_uid = UmbracoContext.Security.GetUserId(UmbracoContext.Security.UmbracoUserContextId);
_timeout = UmbracoContext.Security.GetTimeout(UmbracoContext.Security.UmbracoUserContextId);
if (_timeout > DateTime.Now.Ticks)
//throw exceptions if not valid (true)
if (!_userisValidated)
{
_user = global::umbraco.BusinessLogic.User.GetUser(_uid);
// Check for console access
if (_user.Disabled || (_user.NoConsole && GlobalSettings.RequestIsInUmbracoApplication(HttpContext) && !GlobalSettings.RequestIsLiveEditRedirector(HttpContext)))
{
throw new ArgumentException("You have no priviledges to the umbraco console. Please contact your administrator");
}
Security.ValidateCurrentUser(HttpContext, true);
_userisValidated = true;
UmbracoContext.Security.UpdateLogin(_timeout);
}
else
{
throw new ArgumentException("User has timed out!!");
}
}
else
{
throw new InvalidOperationException("The user has no umbraco contextid - try logging in");
}
return Security.CurrentUser;
}
}
}

7
src/Umbraco.Web/Security/WebSecurity.cs
View File

@@ -128,7 +128,7 @@ namespace Umbraco.Web.Security
SqlHelper.CreateParameter("@contextId", retVal));
UmbracoUserContextId = retVal.ToString();
LogHelper.Info(typeof(WebSecurity), "User Id: {0} logged in", () => userId);
LogHelper.Info<WebSecurity>("User Id: {0} logged in", () => userId);
}
@@ -147,8 +147,11 @@ namespace Umbraco.Web.Security
}
catch (Exception ex)
{
LogHelper.Error(typeof(WebSecurity), string.Format("Login with contextId {0} didn't exist in the database", UmbracoUserContextId), ex);
LogHelper.Error<WebSecurity>(string.Format("Login with contextId {0} didn't exist in the database", UmbracoUserContextId), ex);
}
//this clears the cookie
UmbracoUserContextId = "";
}
public void RenewLoginTimeout()

7
src/Umbraco.Web/Strategies/ServerRegistrationEventHandler.cs
View File

@@ -77,13 +77,8 @@ namespace Umbraco.Web.Strategies
//if it is not a document request, we'll check if it is a back end request
if (e.Outcome == EnsureRoutableOutcome.NotDocumentRequest)
{
var authority = e.HttpContext.Request.Url.GetLeftPart(UriPartial.Authority);
var afterAuthority = e.HttpContext.Request.Url.GetLeftPart(UriPartial.Query)
.TrimStart(authority)
.TrimStart("/");
//check if this is in the umbraco back office
if (afterAuthority.InvariantStartsWith(GlobalSettings.Path.TrimStart("/")))
if (e.HttpContext.Request.Url.IsBackOfficeRequest())
{
//yup it's a back office request!
using (var lck = new UpgradeableReadLock(Locker))

16
src/Umbraco.Web/UmbracoContext.cs
View File

@@ -24,7 +24,7 @@ namespace Umbraco.Web
/// <summary>
/// Class that encapsulates Umbraco information of a specific HTTP request
/// </summary>
public class UmbracoContext
public class UmbracoContext : DisposableObject
{
private const string HttpContextItemName = "Umbraco.Web.UmbracoContext";
private static readonly object Locker = new object();
@@ -361,7 +361,17 @@ namespace Umbraco.Web
return null;
}
}
protected override void DisposeResources()
{
Security.DisposeIfDisposable();
Security = null;
_previewContent = null;
_umbracoContext = null;
//ensure not to dispose this!
Application = null;
ContentCache = null;
MediaCache = null;
}
}
}

62
src/Umbraco.Web/UmbracoModule.cs
View File

@@ -1,4 +1,5 @@
using System;
using System.Collections;
using System.IO;
using System.Linq;
using System.Web;
@@ -166,23 +167,6 @@ namespace Umbraco.Web
return end;
}
/// <summary>
/// Checks if the xml cache file needs to be updated/persisted
/// </summary>
/// <param name="httpContext"></param>
/// <remarks>
/// TODO: This needs an overhaul, see the error report created here:
/// https://docs.google.com/document/d/1neGE3q3grB4lVJfgID1keWY2v9JYqf-pw75sxUUJiyo/edit
/// </remarks>
void PersistXmlCache(HttpContextBase httpContext)
{
if (content.Instance.IsXmlQueuedForPersistenceToFile)
{
content.Instance.RemoveXmlFilePersistenceQueue();
content.Instance.PersistXmlToFile();
}
}
#endregion
#region Route helper methods
@@ -350,7 +334,7 @@ namespace Umbraco.Web
/// </summary>
/// <param name="context"></param>
/// <param name="pcr"> </param>
private void RewriteToUmbracoHandler(HttpContextBase context, PublishedContentRequest pcr)
private static void RewriteToUmbracoHandler(HttpContextBase context, PublishedContentRequest pcr)
{
// NOTE: we do not want to use TransferRequest even though many docs say it is better with IIS7, turns out this is
// not what we need. The purpose of TransferRequest is to ensure that .net processes all of the rules for the newly
@@ -402,6 +386,36 @@ namespace Umbraco.Web
}
}
/// <summary>
/// Checks if the xml cache file needs to be updated/persisted
/// </summary>
/// <param name="httpContext"></param>
/// <remarks>
/// TODO: This needs an overhaul, see the error report created here:
/// https://docs.google.com/document/d/1neGE3q3grB4lVJfgID1keWY2v9JYqf-pw75sxUUJiyo/edit
/// </remarks>
static void PersistXmlCache(HttpContextBase httpContext)
{
if (content.Instance.IsXmlQueuedForPersistenceToFile)
{
content.Instance.RemoveXmlFilePersistenceQueue();
content.Instance.PersistXmlToFile();
}
}
/// <summary>
/// Any object that is in the HttpContext.Items collection that is IDisposable will get disposed on the end of the request
/// </summary>
/// <param name="http"></param>
private static void DisposeHttpContextItems(HttpContext http)
{
foreach (DictionaryEntry i in http.Items)
{
i.Value.DisposeIfDisposable();
i.Key.DisposeIfDisposable();
}
}
#region IHttpModule
/// <summary>
@@ -469,18 +483,6 @@ namespace Umbraco.Web
#endregion
/// <summary>
/// Any object that is in the HttpContext.Items collection that is IDisposable will get disposed on the end of the request
/// </summary>
/// <param name="http"></param>
private static void DisposeHttpContextItems(HttpContext http)
{
foreach(var i in http.Items)
{
i.DisposeIfDisposable();
}
}
#region Events
internal static event EventHandler<RoutableAttemptEventArgs> RouteAttempt;
private void OnRouteAttempt(RoutableAttemptEventArgs args)

18
src/Umbraco.Web/WebApi/MemberAuthorizeAttribute.cs
View File

@@ -16,21 +16,27 @@ namespace Umbraco.Web.WebApi
public sealed class MemberAuthorizeAttribute : AuthorizeAttribute
{
private readonly ApplicationContext _applicationContext;
private readonly UmbracoContext _umbracoContext;
private UmbracoContext GetUmbracoContext()
{
return _umbracoContext ?? UmbracoContext.Current;
}
/// <summary>
/// THIS SHOULD BE ONLY USED FOR UNIT TESTS
/// </summary>
/// <param name="umbracoContext"></param>
public MemberAuthorizeAttribute(UmbracoContext umbracoContext)
{
if (umbracoContext == null) throw new ArgumentNullException("umbracoContext");
_umbracoContext = umbracoContext;
_applicationContext = _umbracoContext.Application;
}
public MemberAuthorizeAttribute()
: this(UmbracoContext.Current)
{
{
}
}
/// <summary>
/// Flag for whether to allow all site visitors or just authenticated members
@@ -74,7 +80,7 @@ namespace Umbraco.Web.WebApi
}
}
return _umbracoContext.Security.IsMemberAuthorized(AllowAll,
return GetUmbracoContext().Security.IsMemberAuthorized(AllowAll,
AllowType.Split(','),
AllowGroup.Split(','),
members);

24
src/Umbraco.Web/WebApi/UmbracoApiController.cs
View File

@@ -1,4 +1,5 @@
using System;
using System.Web;
using System.Web.Http;
using Umbraco.Core;
using Umbraco.Core.Services;
@@ -22,6 +23,29 @@ namespace Umbraco.Web.WebApi
Umbraco = new UmbracoHelper(umbracoContext);
}
/// <summary>
/// Tries to retreive the current HttpContext if one exists.
/// </summary>
/// <returns></returns>
protected Attempt<HttpContextBase> TryGetHttpContext()
{
object context;
if (Request.Properties.TryGetValue("MS_HttpContext", out context))
{
var httpContext = context as HttpContextBase;
if (httpContext != null)
{
return new Attempt<HttpContextBase>(true, httpContext);
}
}
if (HttpContext.Current != null)
{
return new Attempt<HttpContextBase>(true, new HttpContextWrapper(HttpContext.Current));
}
return Attempt<HttpContextBase>.False;
}
/// <summary>
/// Returns the current ApplicationContext
/// </summary>

21
src/Umbraco.Web/WebApi/UmbracoAuthorizeAttribute.cs
View File

@@ -13,6 +13,20 @@ namespace Umbraco.Web.WebApi
private readonly ApplicationContext _applicationContext;
private readonly UmbracoContext _umbracoContext;
private ApplicationContext GetApplicationContext()
{
return _applicationContext ?? ApplicationContext.Current;
}
private UmbracoContext GetUmbracoContext()
{
return _umbracoContext ?? UmbracoContext.Current;
}
/// <summary>
/// THIS SHOULD BE ONLY USED FOR UNIT TESTS
/// </summary>
/// <param name="umbracoContext"></param>
public UmbracoAuthorizeAttribute(UmbracoContext umbracoContext)
{
if (umbracoContext == null) throw new ArgumentNullException("umbracoContext");
@@ -21,9 +35,7 @@ namespace Umbraco.Web.WebApi
}
public UmbracoAuthorizeAttribute()
: this(UmbracoContext.Current)
{
}
protected override bool IsAuthorized(System.Web.Http.Controllers.HttpActionContext actionContext)
@@ -31,9 +43,10 @@ namespace Umbraco.Web.WebApi
try
{
//we need to that the app is configured and that a user is logged in
if (!_applicationContext.IsConfigured)
if (!GetApplicationContext().IsConfigured)
return false;
var isLoggedIn = _umbracoContext.Security.ValidateUserContextId(_umbracoContext.Security.UmbracoUserContextId);
var umbCtx = GetUmbracoContext();
var isLoggedIn = umbCtx.Security.ValidateUserContextId(umbCtx.Security.UmbracoUserContextId);
return isLoggedIn;
}
catch (Exception)

54
src/Umbraco.Web/WebApi/UmbracoAuthorizedApiController.cs
View File

@@ -19,20 +19,9 @@ namespace Umbraco.Web.WebApi
: base(umbracoContext)
{
}
private User _user;
private bool _userisValidated = false;
/// <summary>
/// The current user ID
/// </summary>
private int _uid = 0;
/// <summary>
/// The page timeout in seconds.
/// </summary>
private long _timeout = 0;
/// <summary>
/// Returns the currently logged in Umbraco User
/// </summary>
@@ -40,40 +29,19 @@ namespace Umbraco.Web.WebApi
{
get
{
if (!_userisValidated) ValidateUser();
return _user;
}
}
private void ValidateUser()
{
if ((UmbracoContext.Security.UmbracoUserContextId != ""))
{
_uid = UmbracoContext.Security.GetUserId(UmbracoContext.Security.UmbracoUserContextId);
_timeout = UmbracoContext.Security.GetTimeout(UmbracoContext.Security.UmbracoUserContextId);
if (_timeout > DateTime.Now.Ticks)
//throw exceptions if not valid (true)
if (!_userisValidated)
{
_user = global::umbraco.BusinessLogic.User.GetUser(_uid);
// Check for console access
if (_user.Disabled || (_user.NoConsole && GlobalSettings.RequestIsInUmbracoApplication(HttpContext.Current) && !GlobalSettings.RequestIsLiveEditRedirector(HttpContext.Current)))
{
throw new ArgumentException("You have no priviledges to the umbraco console. Please contact your administrator");
}
var ctx = TryGetHttpContext();
if (ctx.Success == false)
throw new InvalidOperationException("To get a current user, this method must occur in a web request");
Security.ValidateCurrentUser(ctx.Result, true);
_userisValidated = true;
UmbracoContext.Security.UpdateLogin(_timeout);
}
else
{
throw new ArgumentException("User has timed out!!");
}
}
else
{
throw new InvalidOperationException("The user has no umbraco contextid - try logging in");
}
return Security.CurrentUser;
}
}
}
}