U4-9444 SessionState is not available when rendering macro contents in the Rich Text Editor

2017-01-30 13:22:47 +11:00
parent 8152e7cb92
commit 9d06ce53a4
4 changed files with 53 additions and 7 deletions
--- a/src/Umbraco.Web/Editors/MacroController.cs
+++ b/src/Umbraco.Web/Editors/MacroController.cs
@@ -4,21 +4,26 @@ using System.Net;
 using System.Net.Http;
 using System.Text;
 using System.Web.Http;
+using System.Web.SessionState;
 using AutoMapper;
 using Umbraco.Web.Models.ContentEditing;
 using Umbraco.Web.Mvc;
 using umbraco;
+using Umbraco.Core;

 namespace Umbraco.Web.Editors
 {
    /// <summary>
    /// API controller to deal with Macro data
    /// </summary>
+    /// <remarks>
+    /// Note that this implements IRequiresSessionState which will enable HttpContext.Session - generally speaking we don't normally
+    /// enable this for webapi controllers, however since this controller is used to render macro content and macros can access
+    /// Session, we don't want it to throw null reference exceptions.
+    /// </remarks>
    [PluginController("UmbracoApi")]
-    public class MacroController : UmbracoAuthorizedJsonController
+    public class MacroController : UmbracoAuthorizedJsonController, IRequiresSessionState
    {
-        
-
        /// <summary>
        /// Gets the macro parameters to be filled in for a particular macro
        /// </summary>
@@ -124,6 +129,6 @@ namespace Umbraco.Web.Editors
                "text/html");
            return result;
        }
-
+        
    }
 }
--- a/src/Umbraco.Web/Mvc/AreaRegistrationExtensions.cs
+++ b/src/Umbraco.Web/Mvc/AreaRegistrationExtensions.cs
@@ -3,8 +3,10 @@ using System.Collections.Generic;
 using System.Web.Http;
 using System.Web.Mvc;
 using System.Web.Routing;
+using System.Web.SessionState;
 using Umbraco.Core;
 using Umbraco.Core.Configuration;
+using Umbraco.Web.WebApi;

 namespace Umbraco.Web.Mvc
 {
@@ -93,6 +95,13 @@ namespace Umbraco.Web.Mvc
                }
                //look in this namespace to create the controller
                controllerPluginRoute.DataTokens.Add("Namespaces", new[] {controllerType.Namespace});
+
+                //Special case! Check if the controller type implements IRequiresSessionState and if so use our
+                //custom webapi session handler
+                if (typeof(IRequiresSessionState).IsAssignableFrom(controllerType))
+                {
+                    controllerPluginRoute.RouteHandler = new SessionHttpControllerRouteHandler();
+                }
            }

            //Don't look anywhere else except this namespace!
@@ -100,9 +109,9 @@ namespace Umbraco.Web.Mvc

            //constraints: only match controllers ending with 'controllerSuffixName' and only match this controller's ID for this route            
            if (controllerSuffixName.IsNullOrWhiteSpace() == false)
-            {                
-            controllerPluginRoute.Constraints = new RouteValueDictionary(
-                new Dictionary<string, object>
+            {
+                controllerPluginRoute.Constraints = new RouteValueDictionary(
+                    new Dictionary<string, object>
                    {
                        {"controller", @"(\w+)" + controllerSuffixName}
                    });
--- a/src/Umbraco.Web/Umbraco.Web.csproj
+++ b/src/Umbraco.Web/Umbraco.Web.csproj
@@ -956,6 +956,7 @@
    <Compile Include="WebApi\NamespaceHttpControllerSelector.cs" />
    <Compile Include="WebApi\PrefixlessBodyModelValidator.cs" />
    <Compile Include="WebApi\PrefixlessBodyModelValidatorAttribute.cs" />
+    <Compile Include="WebApi\SessionHttpControllerRouteHandler.cs" />
    <Compile Include="WebApi\UmbracoApiController.cs" />
    <Compile Include="WebApi\UmbracoApiControllerBase.cs" />
    <Compile Include="WebApi\UmbracoApiControllerResolver.cs" />
--- a/src/Umbraco.Web/WebApi/SessionHttpControllerRouteHandler.cs
+++ b/src/Umbraco.Web/WebApi/SessionHttpControllerRouteHandler.cs
@@ -0,0 +1,31 @@
+using System.Web;
+using System.Web.Http.WebHost;
+using System.Web.Routing;
+using System.Web.SessionState;
+
+namespace Umbraco.Web.WebApi
+{
+    /// <summary>
+    /// A custom WebApi route handler that enables session on the HttpContext - use with caution! 
+    /// </summary>
+    /// <remarks>
+    /// WebApi controllers (and REST in general) shouldn't have session state enabled since it's stateless,
+    /// enabling session state puts additional locks on requests so only use this when absolutley needed 
+    /// </remarks>
+    internal class SessionHttpControllerRouteHandler : HttpControllerRouteHandler
+    {
+        protected override IHttpHandler GetHttpHandler(RequestContext requestContext)
+        {
+            return new SessionHttpControllerHandler(requestContext.RouteData);
+        }
+
+        /// <summary>
+        /// A custom WebApi handler that enables session on the HttpContext
+        /// </summary>        
+        private class SessionHttpControllerHandler : HttpControllerHandler, IRequiresSessionState
+        {
+            public SessionHttpControllerHandler(RouteData routeData) : base(routeData)
+            { }
+        }
+    }
+}