/* * * (c) Copyright Ascensio System Limited 2010-2018 * * This program is freeware. You can redistribute it and/or modify it under the terms of the GNU * General Public License (GPL) version 3 as published by the Free Software Foundation (https://www.gnu.org/copyleft/gpl.html). * In accordance with Section 7(a) of the GNU GPL its Section 15 shall be amended to the effect that * Ascensio System SIA expressly excludes the warranty of non-infringement of any third-party rights. * * THIS PROGRAM IS DISTRIBUTED WITHOUT ANY WARRANTY; WITHOUT EVEN THE IMPLIED WARRANTY OF MERCHANTABILITY OR * FITNESS FOR A PARTICULAR PURPOSE. For more details, see GNU GPL at https://www.gnu.org/copyleft/gpl.html * * You can contact Ascensio System SIA by email at sales@onlyoffice.com * * The interactive user interfaces in modified source and object code versions of ONLYOFFICE must display * Appropriate Legal Notices, as required under Section 5 of the GNU GPL version 3. * * Pursuant to Section 7 § 3(b) of the GNU GPL you must retain the original ONLYOFFICE logo which contains * relevant author attributions when distributing the software. If the display of the logo in its graphic * form is not reasonably feasible for technical reasons, you must include the words "Powered by ONLYOFFICE" * in every copy of the program you distribute. * Pursuant to Section 7 § 3(e) we decline to grant you any rights under trademark law for use of our trademarks. * */ using ASC.ApiSystem.Classes; using ASC.ApiSystem.Models; using ASC.Common.Logging; using ASC.Common.Utils; using ASC.Core; using ASC.Core.Common.Settings; using ASC.Core.Tenants; using ASC.Core.Users; using ASC.Security.Cryptography; using ASC.Web.Core.Helpers; using ASC.Web.Core.Users; using ASC.Web.Core.Utility; using ASC.Web.Core.Utility.Settings; using ASC.Web.Studio.Utility; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Caching.Memory; using Microsoft.Extensions.Configuration; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.Options; using Newtonsoft.Json.Linq; using System; using System.Collections.Generic; using System.Diagnostics; using System.Linq; using System.Net; using System.Net.Http; namespace ASC.ApiSystem.Controllers { [ApiController] public class PortalController : CommonController { public PortalController(IHttpContextAccessor httpContextAccessor, IConfiguration configuration, IOptionsMonitor option, CoreSettings coreSettings, CommonLinkUtility commonLinkUtility, EmailValidationKeyProvider emailValidationKeyProvider, TimeZoneConverter timeZoneConverter, ApiSystemHelper apiSystemHelper, TenantManager tenantManager, UserFormatter userFormatter, TenantDomainValidator tenantDomainValidator, UserManagerWrapper userManagerWrapper, CommonConstants commonConstants, TimeZonesProvider timeZonesProvider, SettingsManager settingsManager, SecurityContext securityContext, IMemoryCache memoryCache, IOptionsSnapshot hostedSolutionOptions) : base(httpContextAccessor, configuration, option, coreSettings, commonLinkUtility, emailValidationKeyProvider, timeZoneConverter, apiSystemHelper, tenantManager, userFormatter, tenantDomainValidator, userManagerWrapper, commonConstants, timeZonesProvider, settingsManager, securityContext, memoryCache, hostedSolutionOptions) { } #region For TEST api [HttpGet] [ActionName("test")] public HttpResponseMessage Check() { var request = new HttpRequestMessage(); return request.CreateResponse(HttpStatusCode.OK, new { value = "Portal api works" }); } #endregion #region API methods [HttpPost] [ActionName("register")] [AllowCrossSiteJson] [AuthSignature("auth.allowskip.registerportal")] public HttpResponseMessage Register(TenantModel model) { var request = new HttpRequestMessage(); if (model == null) { return request.CreateResponse(HttpStatusCode.BadRequest, new { error = "portalNameEmpty", message = "PortalName is required" }); } if (!ModelState.IsValid) { var message = new JArray(); foreach (var k in ModelState.Keys) { message.Add(ModelState[k].Errors.FirstOrDefault().ErrorMessage); } return request.CreateResponse(HttpStatusCode.BadRequest, new { error = "params", message }); } var sw = Stopwatch.StartNew(); if (!CheckPasswordPolicy(model.Password, out object error)) { sw.Stop(); return request.CreateResponse(HttpStatusCode.BadRequest, error); } model.FirstName = (model.FirstName ?? "").Trim(); model.LastName = (model.LastName ?? "").Trim(); if (!CheckValidName(model.FirstName + model.LastName, out error)) { sw.Stop(); return request.CreateResponse(HttpStatusCode.BadRequest, error); } model.PortalName = (model.PortalName ?? "").Trim(); if (!CheckExistingNamePortal(model.PortalName, out error)) { sw.Stop(); return request.CreateResponse(HttpStatusCode.BadRequest, error); } Log.DebugFormat("PortalName = {0}; Elapsed ms. CheckExistingNamePortal: {1}", model.PortalName, sw.ElapsedMilliseconds); var clientIP = GetClientIp(); if (CheckMuchRegistration(model, clientIP, sw)) { return request.CreateResponse(HttpStatusCode.BadRequest, new { error = "tooMuchAttempts", message = "Too much attempts already" }); } if (!CheckRecaptcha(model, clientIP, sw, out error)) { return request.CreateResponse(HttpStatusCode.BadRequest, error); } if (!CheckRegistrationPayment(out error)) { return request.CreateResponse(HttpStatusCode.BadRequest, error); } var language = model.Language ?? string.Empty; var tz = TimeZonesProvider.GetCurrentTimeZoneInfo(language); Log.DebugFormat("PortalName = {0}; Elapsed ms. TimeZonesProvider.GetCurrentTimeZoneInfo: {1}", model.PortalName, sw.ElapsedMilliseconds); if (!string.IsNullOrEmpty(model.TimeZoneName)) { tz = TimeZoneConverter.GetTimeZone(model.TimeZoneName.Trim(), false) ?? tz; Log.DebugFormat("PortalName = {0}; Elapsed ms. TimeZonesProvider.OlsonTimeZoneToTimeZoneInfo: {1}", model.PortalName, sw.ElapsedMilliseconds); } var lang = TimeZonesProvider.GetCurrentCulture(language); Log.DebugFormat("PortalName = {0}; model.Language = {1}, resultLang.DisplayName = {2}", model.PortalName, language, lang.DisplayName); var info = new TenantRegistrationInfo { Name = Configuration["web.portal-name"] ?? "Cloud Office Applications", Address = model.PortalName, Culture = lang, FirstName = model.FirstName, LastName = model.LastName, Password = string.IsNullOrEmpty(model.Password) ? null : model.Password, Email = (model.Email ?? "").Trim(), TimeZoneInfo = tz, MobilePhone = string.IsNullOrEmpty(model.Phone) ? null : model.Phone.Trim(), Industry = (TenantIndustry)model.Industry, Spam = model.Spam, Calls = model.Calls, Analytics = model.Analytics }; if (!string.IsNullOrEmpty(model.PartnerId)) { if (Guid.TryParse(model.PartnerId, out _)) { // valid guid info.PartnerId = model.PartnerId; } } if (!string.IsNullOrEmpty(model.AffiliateId)) { info.AffiliateId = model.AffiliateId; } if (!string.IsNullOrEmpty(model.Campaign)) { info.Campaign = model.Campaign; } Tenant t; try { /****REGISTRATION!!!*****/ if (!string.IsNullOrEmpty(ApiSystemHelper.ApiCacheUrl)) { ApiSystemHelper.AddTenantToCache(info.Address, SecurityContext.CurrentAccount.ID); Log.DebugFormat("PortalName = {0}; Elapsed ms. CacheController.AddTenantToCache: {1}", model.PortalName, sw.ElapsedMilliseconds); } HostedSolution.RegisterTenant(info, out t); /*********/ Log.DebugFormat("PortalName = {0}; Elapsed ms. HostedSolution.RegisterTenant: {1}", model.PortalName, sw.ElapsedMilliseconds); } catch (Exception e) { sw.Stop(); Log.Error(e); return request.CreateResponse(HttpStatusCode.InternalServerError, new { error = "registerNewTenantError", message = e.Message, stacktrace = e.StackTrace }); } var isFirst = true; string sendCongratulationsAddress = null; if (!string.IsNullOrEmpty(model.Password)) { isFirst = !SendCongratulations(Request.Scheme, t, model.SkipWelcome, out sendCongratulationsAddress); } else if (Configuration["core.base-domain"] == "localhost") { try { /* set wizard not completed*/ TenantManager.SetCurrentTenant(t); var settings = SettingsManager.Load(); settings.Completed = false; SettingsManager.Save(settings); } catch (Exception e) { Log.Error(e); } } var reference = CreateReference(Request.Scheme, t.GetTenantDomain(CoreSettings), info.Email, isFirst); Log.DebugFormat("PortalName = {0}; Elapsed ms. CreateReferenceByCookie...: {1}", model.PortalName, sw.ElapsedMilliseconds); sw.Stop(); return request.CreateResponse(HttpStatusCode.OK, new { reference, tenant = ToTenantWrapper(t), referenceWelcome = sendCongratulationsAddress }); } [HttpDelete] [ActionName("remove")] [AllowCrossSiteJson] [AuthSignature] public HttpResponseMessage Remove([FromQuery] TenantModel model) { var request = new HttpRequestMessage(); if (!GetTenant(model, out Tenant tenant)) { Log.Error("Model without tenant"); return request.CreateResponse(HttpStatusCode.BadRequest, new { error = "portalNameEmpty", message = "PortalName is required" }); } if (tenant == null) { Log.Error("Tenant not found"); return request.CreateResponse(HttpStatusCode.BadRequest, new { error = "portalNameNotFound", message = "Portal not found" }); } HostedSolution.RemoveTenant(tenant); return request.CreateResponse(HttpStatusCode.OK, new { tenant = ToTenantWrapper(tenant) }); } [HttpPut] [ActionName("status")] [AllowCrossSiteJson] [AuthSignature] public HttpResponseMessage ChangeStatus(TenantModel model) { var request = new HttpRequestMessage(); if (!GetTenant(model, out Tenant tenant)) { Log.Error("Model without tenant"); return request.CreateResponse(HttpStatusCode.BadRequest, new { error = "portalNameEmpty", message = "PortalName is required" }); } if (tenant == null) { Log.Error("Tenant not found"); return request.CreateResponse(HttpStatusCode.BadRequest, new { error = "portalNameNotFound", message = "Portal not found" }); } var active = model.Status; if (active != TenantStatus.Active) { active = TenantStatus.Suspended; } tenant.SetStatus(active); HostedSolution.SaveTenant(tenant); return request.CreateResponse(HttpStatusCode.OK, new { tenant = ToTenantWrapper(tenant) }); } [HttpPost] [ActionName("validateportalname")] [AllowCrossSiteJson] public HttpResponseMessage CheckExistingNamePortal(TenantModel model) { var request = new HttpRequestMessage(); if (model == null) { return request.CreateResponse(HttpStatusCode.BadRequest, new { error = "portalNameEmpty", message = "PortalName is required" }); } if (!CheckExistingNamePortal((model.PortalName ?? "").Trim(), out object error)) { return request.CreateResponse(HttpStatusCode.BadRequest, error); } return request.CreateResponse(HttpStatusCode.OK, new { message = "portalNameReadyToRegister" }); } [HttpGet] [ActionName("get")] [AllowCrossSiteJson] [AuthSignature] public HttpResponseMessage GetPortals([FromQuery] TenantModel model) { var request = new HttpRequestMessage(); try { var tenants = new List(); var empty = true; if (!string.IsNullOrEmpty((model.Email ?? "").Trim())) { empty = false; tenants.AddRange(HostedSolution.FindTenants((model.Email ?? "").Trim())); } if (!string.IsNullOrEmpty((model.PortalName ?? "").Trim())) { empty = false; var tenant = HostedSolution.GetTenant((model.PortalName ?? "").Trim()); if (tenant != null) { tenants.Add(tenant); } } if (model.TenantId.HasValue) { empty = false; var tenant = HostedSolution.GetTenant(model.TenantId.Value); if (tenant != null) { tenants.Add(tenant); } } if (empty) { tenants.AddRange(HostedSolution.GetTenants(DateTime.MinValue).OrderBy(t => t.TenantId).ToList()); } var tenantsWrapper = tenants .Distinct() .Where(t => t.Status == TenantStatus.Active) .OrderBy(t => t.TenantId) .Select(ToTenantWrapper); return request.CreateResponse(HttpStatusCode.OK, new { tenants = tenantsWrapper }); } catch (Exception ex) { Log.Error(ex); return request.CreateResponse(HttpStatusCode.InternalServerError, new { error = "error", message = ex.Message, stacktrace = ex.StackTrace }); } } #endregion #region Validate Method private void ValidateDomain(string domain) { // size TenantDomainValidator.ValidateDomainLength(domain); // characters TenantDomainValidator.ValidateDomainCharacters(domain); var sameAliasTenants = ApiSystemHelper.FindTenantsInCache(domain, SecurityContext.CurrentAccount.ID); if (sameAliasTenants != null) { throw new TenantAlreadyExistsException("Address busy.", sameAliasTenants); } } private bool CheckExistingNamePortal(string portalName, out object error) { error = null; if (string.IsNullOrEmpty(portalName)) { error = new {error = "portalNameEmpty", message = "PortalName is required"}; return false; } try { if (!string.IsNullOrEmpty(ApiSystemHelper.ApiCacheUrl)) { ValidateDomain(portalName.Trim()); } else { HostedSolution.CheckTenantAddress(portalName.Trim()); } } catch (TenantAlreadyExistsException ex) { error = new {error = "portalNameExist", message = "Portal already exists", variants = ex.ExistsTenants.ToArray()}; return false; } catch (TenantTooShortException) { error = new {error = "tooShortError", message = "Portal name is too short"}; return false; } catch (TenantIncorrectCharsException) { error = new {error = "portalNameIncorrect", message = "Unallowable symbols in portalName"}; return false; } catch (Exception ex) { Log.Error(ex); error = new {error = "error", message = ex.Message, stacktrace = ex.StackTrace}; return false; } return true; } private bool CheckValidName(string name, out object error) { error = null; if (string.IsNullOrEmpty(name = (name ?? "").Trim())) { error = new { error = "error", message = "name is required" }; return false; } if (!UserFormatter.IsValidUserName(name, string.Empty)) { error = new { error = "error", message = "name is incorrect" }; return false; } return true; } private bool CheckPasswordPolicy(string pwd, out object error) { error = null; //Validate Password match if (string.IsNullOrEmpty(pwd)) { return true; } if (!UserManagerWrapper.CheckPasswordRegex((PasswordSettings)new PasswordSettings().GetDefault(Configuration), pwd)) { error = new {error = "passPolicyError", message = "Password is incorrect"}; return false; } return true; } private bool CheckRegistrationPayment(out object error) { error = null; if (Configuration["core.base-domain"] == "localhost") { var tenants = HostedSolution.GetTenants(DateTime.MinValue); var firstTenant = tenants.FirstOrDefault(); if (firstTenant != null) { var activePortals = tenants.Count(r => r.Status != TenantStatus.Suspended && r.Status != TenantStatus.RemovePending); var quota = HostedSolution.GetTenantQuota(firstTenant.TenantId); if (quota.CountPortals > 0 && quota.CountPortals <= activePortals) { error = new {error = "portalsCountTooMuch", message = "Too much portals registered already",}; return false; } } } return true; } #region Recaptcha private bool CheckRecaptcha(TenantModel model, string clientIP, Stopwatch sw, out object error) { error = null; if (CommonConstants.RecaptchaRequired && !IsTestEmail(model.Email)) { if (!string.IsNullOrEmpty(model.AppKey) && CommonConstants.AppSecretKeys.Contains(model.AppKey)) { Log.DebugFormat("PortalName = {0}; Elapsed ms. ValidateRecaptcha via app key: {1}. {2}", model.PortalName, model.AppKey, sw.ElapsedMilliseconds); return true; } var data = string.Format("{0} {1} {2} {3} {4}", model.PortalName, model.FirstName, model.LastName, model.Email, model.Phone); /*** validate recaptcha ***/ if (!ValidateRecaptcha(model.RecaptchaResponse, clientIP)) { Log.DebugFormat("PortalName = {0}; Elapsed ms. ValidateRecaptcha error: {1} {2}", model.PortalName, sw.ElapsedMilliseconds, data); sw.Stop(); error = new { error = "recaptchaInvalid", message = "Recaptcha is invalid" }; return false; } Log.DebugFormat("PortalName = {0}; Elapsed ms. ValidateRecaptcha: {1} {2}", model.PortalName, sw.ElapsedMilliseconds, data); } return true; } #endregion #endregion } public static class PortalControllerExtention { public static IServiceCollection AddPortalController(this IServiceCollection services) { return services.AddCommonController(); } } }