using System;
using System.Web;
using System.Web.Mvc;
using Umbraco.Core;
using Umbraco.Core.IO;
using Umbraco.Web.Composing;
namespace Umbraco.Web.Install
{
///
/// Ensures authorization occurs for the installer if it has already completed.
/// If install has not yet occurred then the authorization is successful
///
internal class InstallAuthorizeAttribute : AuthorizeAttribute
{
// see note in HttpInstallAuthorizeAttribute
private readonly IUmbracoContextAccessor _umbracoContextAccessor;
private readonly IRuntimeState _runtimeState;
private IRuntimeState RuntimeState => _runtimeState ?? Current.RuntimeState;
private UmbracoContext UmbracoContext => _umbracoContextAccessor?.UmbracoContext ?? Current.UmbracoContext;
///
/// THIS SHOULD BE ONLY USED FOR UNIT TESTS
///
///
///
public InstallAuthorizeAttribute(IUmbracoContextAccessor umbracoContextAccessor, IRuntimeState runtimeState)
{
if (umbracoContextAccessor == null) throw new ArgumentNullException(nameof(umbracoContextAccessor));
if (runtimeState == null) throw new ArgumentNullException(nameof(runtimeState));
_umbracoContextAccessor = umbracoContextAccessor;
_runtimeState = runtimeState;
}
public InstallAuthorizeAttribute()
{ }
///
/// Ensures that the user must be logged in or that the application is not configured just yet.
///
///
///
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (httpContext == null) throw new ArgumentNullException(nameof(httpContext));
try
{
// if not configured (install or upgrade) then we can continue
// otherwise we need to ensure that a user is logged in
return RuntimeState.Level == RuntimeLevel.Install
|| RuntimeState.Level == RuntimeLevel.Upgrade
|| UmbracoContext.Security.ValidateCurrentUser();
}
catch (Exception)
{
return false;
}
}
///
/// Override to redirect instead of throwing an exception
///
///
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
filterContext.Result = new RedirectResult(SystemDirectories.Umbraco.EnsureEndsWith('/'));
}
}
}