ApiSystem: moved from feature/space-management
This commit is contained in:
parent
54387f8f98
commit
abdcedbaa8
@ -0,0 +1,84 @@
|
|||||||
|
// (c) Copyright Ascensio System SIA 2010-2022
|
||||||
|
//
|
||||||
|
// This program is a free software product.
|
||||||
|
// You can redistribute it and/or modify it under the terms
|
||||||
|
// of the GNU Affero General Public License (AGPL) version 3 as published by the Free Software
|
||||||
|
// Foundation. In accordance with Section 7(a) of the GNU AGPL its Section 15 shall be amended
|
||||||
|
// to the effect that Ascensio System SIA expressly excludes the warranty of non-infringement of
|
||||||
|
// any third-party rights.
|
||||||
|
//
|
||||||
|
// This program is distributed WITHOUT ANY WARRANTY, without even the implied warranty
|
||||||
|
// of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. For details, see
|
||||||
|
// the GNU AGPL at: http://www.gnu.org/licenses/agpl-3.0.html
|
||||||
|
//
|
||||||
|
// You can contact Ascensio System SIA at Lubanas st. 125a-25, Riga, Latvia, EU, LV-1021.
|
||||||
|
//
|
||||||
|
// The interactive user interfaces in modified source and object code versions of the Program must
|
||||||
|
// display Appropriate Legal Notices, as required under Section 5 of the GNU AGPL version 3.
|
||||||
|
//
|
||||||
|
// Pursuant to Section 7(b) of the License you must retain the original Product logo when
|
||||||
|
// distributing the program. Pursuant to Section 7(e) we decline to grant you any rights under
|
||||||
|
// trademark law for use of our trademarks.
|
||||||
|
//
|
||||||
|
// All the Product's GUI elements, including illustrations and icon sets, as well as technical writing
|
||||||
|
// content are licensed under the terms of the Creative Commons Attribution-ShareAlike 4.0
|
||||||
|
// International. See the License terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode
|
||||||
|
|
||||||
|
using System.Security.Authentication;
|
||||||
|
using System.Text.Encodings.Web;
|
||||||
|
|
||||||
|
using ASC.Web.Core;
|
||||||
|
|
||||||
|
using Microsoft.Extensions.Options;
|
||||||
|
|
||||||
|
namespace ASC.ApiSystem.Classes;
|
||||||
|
|
||||||
|
[Scope]
|
||||||
|
public class ApiSystemAuthHandler : CookieAuthHandler
|
||||||
|
{
|
||||||
|
private readonly CoreBaseSettings _coreBaseSettings;
|
||||||
|
private readonly AuthContext _authContext;
|
||||||
|
private readonly UserManager _userManager;
|
||||||
|
|
||||||
|
public ApiSystemAuthHandler(
|
||||||
|
IOptionsMonitor<AuthenticationSchemeOptions> options,
|
||||||
|
ILoggerFactory logger,
|
||||||
|
UrlEncoder encoder,
|
||||||
|
ISystemClock clock,
|
||||||
|
SecurityContext securityContext,
|
||||||
|
CookiesManager cookiesManager,
|
||||||
|
IHttpContextAccessor httpContextAccessor,
|
||||||
|
CoreBaseSettings coreBaseSettings,
|
||||||
|
AuthContext authContext,
|
||||||
|
UserManager userManager)
|
||||||
|
: base(options, logger, encoder, clock, securityContext, cookiesManager, httpContextAccessor)
|
||||||
|
{
|
||||||
|
_coreBaseSettings = coreBaseSettings;
|
||||||
|
_authContext = authContext;
|
||||||
|
_userManager = userManager;
|
||||||
|
}
|
||||||
|
|
||||||
|
protected override async Task<AuthenticateResult> HandleAuthenticateAsync()
|
||||||
|
{
|
||||||
|
var baseResult = await base.HandleAuthenticateAsync();
|
||||||
|
if (!baseResult.Succeeded)
|
||||||
|
{
|
||||||
|
return baseResult;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (_coreBaseSettings.Standalone)
|
||||||
|
{
|
||||||
|
if (!_authContext.IsAuthenticated)
|
||||||
|
{
|
||||||
|
return AuthenticateResult.Fail(new AuthenticationException(nameof(HttpStatusCode.Unauthorized)));
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!await _userManager.IsDocSpaceAdminAsync(_authContext.CurrentAccount.ID))
|
||||||
|
{
|
||||||
|
return AuthenticateResult.Fail(new AuthenticationException(nameof(HttpStatusCode.Unauthorized)));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return baseResult;
|
||||||
|
}
|
||||||
|
}
|
@ -46,6 +46,9 @@ public class PortalController : ControllerBase
|
|||||||
private readonly TimeZonesProvider _timeZonesProvider;
|
private readonly TimeZonesProvider _timeZonesProvider;
|
||||||
private readonly TimeZoneConverter _timeZoneConverter;
|
private readonly TimeZoneConverter _timeZoneConverter;
|
||||||
private readonly PasswordHasher _passwordHasher;
|
private readonly PasswordHasher _passwordHasher;
|
||||||
|
private readonly CoreBaseSettings _coreBaseSettings;
|
||||||
|
private readonly AuthContext _authContext;
|
||||||
|
private readonly UserManager _userManager;
|
||||||
private readonly ILogger<PortalController> _log;
|
private readonly ILogger<PortalController> _log;
|
||||||
|
|
||||||
public PortalController(
|
public PortalController(
|
||||||
@ -64,7 +67,10 @@ public class PortalController : ControllerBase
|
|||||||
ILogger<PortalController> option,
|
ILogger<PortalController> option,
|
||||||
TimeZonesProvider timeZonesProvider,
|
TimeZonesProvider timeZonesProvider,
|
||||||
TimeZoneConverter timeZoneConverter,
|
TimeZoneConverter timeZoneConverter,
|
||||||
PasswordHasher passwordHasher)
|
PasswordHasher passwordHasher,
|
||||||
|
CoreBaseSettings coreBaseSettings,
|
||||||
|
AuthContext authContext,
|
||||||
|
UserManager userManager)
|
||||||
{
|
{
|
||||||
_configuration = configuration;
|
_configuration = configuration;
|
||||||
_securityContext = securityContext;
|
_securityContext = securityContext;
|
||||||
@ -81,6 +87,9 @@ public class PortalController : ControllerBase
|
|||||||
_timeZonesProvider = timeZonesProvider;
|
_timeZonesProvider = timeZonesProvider;
|
||||||
_timeZoneConverter = timeZoneConverter;
|
_timeZoneConverter = timeZoneConverter;
|
||||||
_passwordHasher = passwordHasher;
|
_passwordHasher = passwordHasher;
|
||||||
|
_coreBaseSettings = coreBaseSettings;
|
||||||
|
_authContext = authContext;
|
||||||
|
_userManager = userManager;
|
||||||
_log = option;
|
_log = option;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -101,7 +110,7 @@ public class PortalController : ControllerBase
|
|||||||
|
|
||||||
[HttpPost("register")]
|
[HttpPost("register")]
|
||||||
[AllowCrossSiteJson]
|
[AllowCrossSiteJson]
|
||||||
[Authorize(AuthenticationSchemes = "auth:allowskip:registerportal")]
|
[Authorize(AuthenticationSchemes = "auth:allowskip:registerportal,auth:portal")]
|
||||||
public async ValueTask<IActionResult> RegisterAsync(TenantModel model)
|
public async ValueTask<IActionResult> RegisterAsync(TenantModel model)
|
||||||
{
|
{
|
||||||
if (model == null)
|
if (model == null)
|
||||||
@ -319,7 +328,7 @@ public class PortalController : ControllerBase
|
|||||||
|
|
||||||
[HttpDelete("remove")]
|
[HttpDelete("remove")]
|
||||||
[AllowCrossSiteJson]
|
[AllowCrossSiteJson]
|
||||||
[Authorize(AuthenticationSchemes = "auth:allowskip:default")]
|
[Authorize(AuthenticationSchemes = "auth:allowskip:default,auth:portal")]
|
||||||
public async Task<IActionResult> RemoveAsync([FromQuery] TenantModel model)
|
public async Task<IActionResult> RemoveAsync([FromQuery] TenantModel model)
|
||||||
{
|
{
|
||||||
(var succ, var tenant) = await _commonMethods.TryGetTenantAsync(model);
|
(var succ, var tenant) = await _commonMethods.TryGetTenantAsync(model);
|
||||||
@ -355,7 +364,7 @@ public class PortalController : ControllerBase
|
|||||||
|
|
||||||
[HttpPut("status")]
|
[HttpPut("status")]
|
||||||
[AllowCrossSiteJson]
|
[AllowCrossSiteJson]
|
||||||
[Authorize(AuthenticationSchemes = "auth:allowskip:default")]
|
[Authorize(AuthenticationSchemes = "auth:allowskip:default,auth:portal")]
|
||||||
public async Task<IActionResult> ChangeStatusAsync(TenantModel model)
|
public async Task<IActionResult> ChangeStatusAsync(TenantModel model)
|
||||||
{
|
{
|
||||||
(var succ, var tenant) = await _commonMethods.TryGetTenantAsync(model);
|
(var succ, var tenant) = await _commonMethods.TryGetTenantAsync(model);
|
||||||
@ -426,7 +435,7 @@ public class PortalController : ControllerBase
|
|||||||
|
|
||||||
[HttpGet("get")]
|
[HttpGet("get")]
|
||||||
[AllowCrossSiteJson]
|
[AllowCrossSiteJson]
|
||||||
[Authorize(AuthenticationSchemes = "auth:allowskip:default")]
|
[Authorize(AuthenticationSchemes = "auth:allowskip:default,auth:portal")]
|
||||||
public async Task<IActionResult> GetPortalsAsync([FromQuery] TenantModel model)
|
public async Task<IActionResult> GetPortalsAsync([FromQuery] TenantModel model)
|
||||||
{
|
{
|
||||||
try
|
try
|
||||||
@ -471,7 +480,8 @@ public class PortalController : ControllerBase
|
|||||||
.Distinct()
|
.Distinct()
|
||||||
.Where(t => t.Status == TenantStatus.Active)
|
.Where(t => t.Status == TenantStatus.Active)
|
||||||
.OrderBy(t => t.Id)
|
.OrderBy(t => t.Id)
|
||||||
.Select(_commonMethods.ToTenantWrapper);
|
.Select(_commonMethods.ToTenantWrapper)
|
||||||
|
.ToList();
|
||||||
|
|
||||||
return Ok(new
|
return Ok(new
|
||||||
{
|
{
|
||||||
|
@ -61,7 +61,7 @@ public class SettingsController : ControllerBase
|
|||||||
#region API methods
|
#region API methods
|
||||||
|
|
||||||
[HttpGet("get")]
|
[HttpGet("get")]
|
||||||
[Authorize(AuthenticationSchemes = "auth:allowskip:default")]
|
[Authorize(AuthenticationSchemes = "auth:allowskip:default,auth:portal")]
|
||||||
public async Task<IActionResult> GetSettingsAsync([FromQuery] SettingsModel model)
|
public async Task<IActionResult> GetSettingsAsync([FromQuery] SettingsModel model)
|
||||||
{
|
{
|
||||||
(var succ, var tenantId, var error) = await GetTenantAsync(model);
|
(var succ, var tenantId, var error) = await GetTenantAsync(model);
|
||||||
@ -88,7 +88,7 @@ public class SettingsController : ControllerBase
|
|||||||
}
|
}
|
||||||
|
|
||||||
[HttpPost("save")]
|
[HttpPost("save")]
|
||||||
[Authorize(AuthenticationSchemes = "auth:allowskip:default")]
|
[Authorize(AuthenticationSchemes = "auth:allowskip:default,auth:portal")]
|
||||||
public async Task<IActionResult> SaveSettingsAsync([FromBody] SettingsModel model)
|
public async Task<IActionResult> SaveSettingsAsync([FromBody] SettingsModel model)
|
||||||
{
|
{
|
||||||
(var succ, var tenantId, var error) = await GetTenantAsync(model);
|
(var succ, var tenantId, var error) = await GetTenantAsync(model);
|
||||||
|
@ -33,13 +33,15 @@ public class Startup
|
|||||||
private readonly IHostEnvironment _hostEnvironment;
|
private readonly IHostEnvironment _hostEnvironment;
|
||||||
private readonly DIHelper _diHelper;
|
private readonly DIHelper _diHelper;
|
||||||
private readonly string _corsOrigin;
|
private readonly string _corsOrigin;
|
||||||
|
private readonly bool _standalone;
|
||||||
|
|
||||||
public Startup(IConfiguration configuration, IHostEnvironment hostEnvironment)
|
public Startup(IConfiguration configuration, IHostEnvironment hostEnvironment)
|
||||||
{
|
{
|
||||||
_configuration = configuration;
|
_configuration = configuration;
|
||||||
_hostEnvironment = hostEnvironment;
|
_hostEnvironment = hostEnvironment;
|
||||||
_diHelper = new DIHelper();
|
_diHelper = new DIHelper();
|
||||||
_corsOrigin = _configuration["core:cors"];
|
_corsOrigin = _configuration["core:cors"];
|
||||||
|
_standalone = _configuration["core:base-domain"] == "localhost";
|
||||||
}
|
}
|
||||||
|
|
||||||
public void ConfigureServices(IServiceCollection services)
|
public void ConfigureServices(IServiceCollection services)
|
||||||
@ -126,9 +128,20 @@ public class Startup
|
|||||||
.TryAddSingleton(services);
|
.TryAddSingleton(services);
|
||||||
}
|
}
|
||||||
|
|
||||||
services.AddAuthentication()
|
if (_standalone)
|
||||||
.AddScheme<AuthenticationSchemeOptions, AuthHandler>("auth:allowskip:default", _ => { })
|
{
|
||||||
.AddScheme<AuthenticationSchemeOptions, AuthHandler>("auth:allowskip:registerportal", _ => { });
|
services
|
||||||
|
.AddAuthentication()
|
||||||
|
.AddScheme<AuthenticationSchemeOptions, AuthHandler>("auth:allowskip:default", _ => { })
|
||||||
|
.AddScheme<AuthenticationSchemeOptions, AuthHandler>("auth:allowskip:registerportal", _ => { })
|
||||||
|
.AddScheme<AuthenticationSchemeOptions, ApiSystemAuthHandler>("auth:portal", _ => { });
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
services.AddAuthentication()
|
||||||
|
.AddScheme<AuthenticationSchemeOptions, AuthHandler>("auth:allowskip:default", _ => { })
|
||||||
|
.AddScheme<AuthenticationSchemeOptions, AuthHandler>("auth:allowskip:registerportal", _ => { });
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
|
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
|
||||||
|
Loading…
Reference in New Issue
Block a user