From aa95ec935ec67d27b9ac280d9ffe5942c2006b62 Mon Sep 17 00:00:00 2001 From: tidusjar Date: Sat, 20 Aug 2016 11:28:26 +0100 Subject: [PATCH 1/4] Fixed an issue where you could set the base url as requests #479 --- .../Validators/PlexRequestsValidator.cs | 26 ++++++++++--------- 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/PlexRequests.UI/Validators/PlexRequestsValidator.cs b/PlexRequests.UI/Validators/PlexRequestsValidator.cs index c82817185..7d61eba2c 100644 --- a/PlexRequests.UI/Validators/PlexRequestsValidator.cs +++ b/PlexRequests.UI/Validators/PlexRequestsValidator.cs @@ -24,6 +24,8 @@ // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. // ************************************************************************/ #endregion + +using System; using FluentValidation; using PlexRequests.Core.SettingModels; @@ -34,18 +36,18 @@ namespace PlexRequests.UI.Validators { public PlexRequestsValidator() { - RuleFor(x => x.BaseUrl).NotEqual("requests").WithMessage("You cannot use 'requests' as this is reserved by the application."); - RuleFor(x => x.BaseUrl).NotEqual("admin").WithMessage("You cannot use 'admin' as this is reserved by the application."); - RuleFor(x => x.BaseUrl).NotEqual("search").WithMessage("You cannot use 'search' as this is reserved by the application."); - RuleFor(x => x.BaseUrl).NotEqual("issues").WithMessage("You cannot use 'issues' as this is reserved by the application."); - RuleFor(x => x.BaseUrl).NotEqual("userlogin").WithMessage("You cannot use 'userlogin' as this is reserved by the application."); - RuleFor(x => x.BaseUrl).NotEqual("login").WithMessage("You cannot use 'login' as this is reserved by the application."); - RuleFor(x => x.BaseUrl).NotEqual("test").WithMessage("You cannot use 'test' as this is reserved by the application."); - RuleFor(x => x.BaseUrl).NotEqual("approval").WithMessage("You cannot use 'approval' as this is reserved by the application."); - RuleFor(x => x.BaseUrl).NotEqual("updatechecker").WithMessage("You cannot use 'updatechecker' as this is reserved by the application."); - RuleFor(x => x.BaseUrl).NotEqual("usermanagement").WithMessage("You cannot use 'usermanagement' as this is reserved by the application."); - RuleFor(x => x.BaseUrl).NotEqual("api").WithMessage("You cannot use 'api' as this is reserved by the application."); - RuleFor(x => x.BaseUrl).NotEqual("landing").WithMessage("You cannot use 'landing' as this is reserved by the application."); + RuleFor(x => x.BaseUrl).NotEqual("requests",StringComparer.CurrentCultureIgnoreCase).WithMessage("You cannot use 'requests' as this is reserved by the application."); + RuleFor(x => x.BaseUrl).NotEqual("admin", StringComparer.CurrentCultureIgnoreCase).WithMessage("You cannot use 'admin' as this is reserved by the application."); + RuleFor(x => x.BaseUrl).NotEqual("search", StringComparer.CurrentCultureIgnoreCase).WithMessage("You cannot use 'search' as this is reserved by the application."); + RuleFor(x => x.BaseUrl).NotEqual("issues", StringComparer.CurrentCultureIgnoreCase).WithMessage("You cannot use 'issues' as this is reserved by the application."); + RuleFor(x => x.BaseUrl).NotEqual("userlogin", StringComparer.CurrentCultureIgnoreCase).WithMessage("You cannot use 'userlogin' as this is reserved by the application."); + RuleFor(x => x.BaseUrl).NotEqual("login", StringComparer.CurrentCultureIgnoreCase).WithMessage("You cannot use 'login' as this is reserved by the application."); + RuleFor(x => x.BaseUrl).NotEqual("test", StringComparer.CurrentCultureIgnoreCase).WithMessage("You cannot use 'test' as this is reserved by the application."); + RuleFor(x => x.BaseUrl).NotEqual("approval", StringComparer.CurrentCultureIgnoreCase).WithMessage("You cannot use 'approval' as this is reserved by the application."); + RuleFor(x => x.BaseUrl).NotEqual("updatechecker", StringComparer.CurrentCultureIgnoreCase).WithMessage("You cannot use 'updatechecker' as this is reserved by the application."); + RuleFor(x => x.BaseUrl).NotEqual("usermanagement", StringComparer.CurrentCultureIgnoreCase).WithMessage("You cannot use 'usermanagement' as this is reserved by the application."); + RuleFor(x => x.BaseUrl).NotEqual("api", StringComparer.CurrentCultureIgnoreCase).WithMessage("You cannot use 'api' as this is reserved by the application."); + RuleFor(x => x.BaseUrl).NotEqual("landing", StringComparer.CurrentCultureIgnoreCase).WithMessage("You cannot use 'landing' as this is reserved by the application."); } } } \ No newline at end of file From 265d1bdd254835721b75c8c61b830f4c2f296670 Mon Sep 17 00:00:00 2001 From: tidusjar Date: Sat, 20 Aug 2016 11:33:53 +0100 Subject: [PATCH 2/4] Fixed build --- PlexRequests.UI/Modules/UserManagementModule.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/PlexRequests.UI/Modules/UserManagementModule.cs b/PlexRequests.UI/Modules/UserManagementModule.cs index f364d9588..a589b5d98 100644 --- a/PlexRequests.UI/Modules/UserManagementModule.cs +++ b/PlexRequests.UI/Modules/UserManagementModule.cs @@ -102,7 +102,7 @@ namespace PlexRequests.UI.Modules Message = "Please enter in a valid Username and Password" }); } - var user = UserMapper.Ce(username, password); + var user = UserMapper.CreateUser(username, password, claims); if (user.HasValue) { return Response.AsJson(user); From 0fe7bba9acb9d1cc7124fc3948adbd9584954a7a Mon Sep 17 00:00:00 2001 From: tidusjar Date: Sun, 21 Aug 2016 19:17:36 +0100 Subject: [PATCH 3/4] Redirect to search if we are already logged in #488 --- PlexRequests.UI/Modules/UserLoginModule.cs | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/PlexRequests.UI/Modules/UserLoginModule.cs b/PlexRequests.UI/Modules/UserLoginModule.cs index 61481faef..97879089e 100644 --- a/PlexRequests.UI/Modules/UserLoginModule.cs +++ b/PlexRequests.UI/Modules/UserLoginModule.cs @@ -61,7 +61,17 @@ namespace PlexRequests.UI.Modules PlexSettings = plexSettings; Linker = linker; - Get["UserLoginIndex", "/", true] = async (x, ct) => await Index(); + Get["UserLoginIndex", "/", true] = async (x, ct) => + { + if (!string.IsNullOrEmpty(Username) || IsAdmin) + { + var uri = Linker.BuildAbsoluteUri(Context, "SearchIndex"); + return Response.AsRedirect(uri.ToString()); + } + var settings = await AuthService.GetSettingsAsync(); + return View["Index", settings]; + }; + Post["/", true] = async (x, ct) => await LoginUser(); Get["/logout"] = x => Logout(); } @@ -75,12 +85,6 @@ namespace PlexRequests.UI.Modules private static Logger Log = LogManager.GetCurrentClassLogger(); - public async Task Index() - { - var settings = await AuthService.GetSettingsAsync(); - return View["Index", settings]; - } - private async Task LoginUser() { var dateTimeOffset = Request.Form.DateTimeOffset; From 4b5079598dbc3625030434e7c0018cba2aac7b94 Mon Sep 17 00:00:00 2001 From: tidusjar Date: Sun, 21 Aug 2016 19:33:19 +0100 Subject: [PATCH 4/4] Change the redirection to use a relative uri redirect #473 --- PlexRequests.UI.Tests/UserLoginModuleTests.cs | 6 +++--- PlexRequests.UI/Modules/IndexModule.cs | 10 +++++----- PlexRequests.UI/Modules/LandingPageModule.cs | 2 +- PlexRequests.UI/Modules/UserLoginModule.cs | 12 ++++++------ 4 files changed, 15 insertions(+), 15 deletions(-) diff --git a/PlexRequests.UI.Tests/UserLoginModuleTests.cs b/PlexRequests.UI.Tests/UserLoginModuleTests.cs index 16b138eea..22f57750e 100644 --- a/PlexRequests.UI.Tests/UserLoginModuleTests.cs +++ b/PlexRequests.UI.Tests/UserLoginModuleTests.cs @@ -72,9 +72,9 @@ namespace PlexRequests.UI.Tests LandingPageMock.Setup(x => x.GetSettingsAsync()).ReturnsAsync(new LandingPageSettings()); IAnalytics = new Mock(); Linker = new Mock(); - Linker.Setup(x => x.BuildAbsoluteUri(It.IsAny(), "SearchIndex", null)).Returns(new Uri("http://www.searchindex.com")); - Linker.Setup(x => x.BuildAbsoluteUri(It.IsAny(), "LandingPageIndex", null)).Returns(new Uri("http://www.landingpage.com")); - Linker.Setup(x => x.BuildAbsoluteUri(It.IsAny(), "UserLoginIndex", null)).Returns(new Uri("http://www.userloginindex.com")); + Linker.Setup(x => x.BuildRelativeUri(It.IsAny(), "SearchIndex", null)).Returns(new Uri("http://www.searchindex.com")); + Linker.Setup(x => x.BuildRelativeUri(It.IsAny(), "LandingPageIndex", null)).Returns(new Uri("http://www.landingpage.com")); + Linker.Setup(x => x.BuildRelativeUri(It.IsAny(), "UserLoginIndex", null)).Returns(new Uri("http://www.userloginindex.com")); PlexSettingsMock = new Mock>(); PlexSettingsMock.Setup(x => x.GetSettingsAsync()).ReturnsAsync(new PlexSettings() {PlexAuthToken = "abc"}); Bootstrapper = new ConfigurableBootstrapper(with => diff --git a/PlexRequests.UI/Modules/IndexModule.cs b/PlexRequests.UI/Modules/IndexModule.cs index 3d7023d39..fd13acb35 100644 --- a/PlexRequests.UI/Modules/IndexModule.cs +++ b/PlexRequests.UI/Modules/IndexModule.cs @@ -59,23 +59,23 @@ namespace PlexRequests.UI.Modules if (!string.IsNullOrEmpty(Username)) { // They are not logged in - return Context.GetRedirect(Linker.BuildAbsoluteUri(Context, "LandingPageIndex").ToString()); + return Context.GetRedirect(Linker.BuildRelativeUri(Context, "LandingPageIndex").ToString()); } - return Context.GetRedirect(Linker.BuildAbsoluteUri(Context, "SearchIndex").ToString()); + return Context.GetRedirect(Linker.BuildRelativeUri(Context, "SearchIndex").ToString()); } // After login if (string.IsNullOrEmpty(Username)) { // Not logged in yet - return Context.GetRedirect(Linker.BuildAbsoluteUri(Context, "UserLoginIndex").ToString()); + return Context.GetRedirect(Linker.BuildRelativeUri(Context, "UserLoginIndex").ToString()); } // Send them to landing - var landingUrl = Linker.BuildAbsoluteUri(Context, "LandingPageIndex").ToString(); + var landingUrl = Linker.BuildRelativeUri(Context, "LandingPageIndex").ToString(); return Context.GetRedirect(landingUrl); } - return Context.GetRedirect(Linker.BuildAbsoluteUri(Context, "UserLoginIndex").ToString()); + return Context.GetRedirect(Linker.BuildRelativeUri(Context, "UserLoginIndex").ToString()); } } } \ No newline at end of file diff --git a/PlexRequests.UI/Modules/LandingPageModule.cs b/PlexRequests.UI/Modules/LandingPageModule.cs index 92517f2f7..dccf69430 100644 --- a/PlexRequests.UI/Modules/LandingPageModule.cs +++ b/PlexRequests.UI/Modules/LandingPageModule.cs @@ -52,7 +52,7 @@ namespace PlexRequests.UI.Modules var s = await LandingSettings.GetSettingsAsync(); if (!s.BeforeLogin && string.IsNullOrEmpty(Username)) //We are signed in { - var url = Linker.BuildAbsoluteUri(Context, "SearchIndex").ToString(); + var url = Linker.BuildRelativeUri(Context, "SearchIndex").ToString(); return Response.AsRedirect(url); } diff --git a/PlexRequests.UI/Modules/UserLoginModule.cs b/PlexRequests.UI/Modules/UserLoginModule.cs index 97879089e..e30f4adc2 100644 --- a/PlexRequests.UI/Modules/UserLoginModule.cs +++ b/PlexRequests.UI/Modules/UserLoginModule.cs @@ -65,7 +65,7 @@ namespace PlexRequests.UI.Modules { if (!string.IsNullOrEmpty(Username) || IsAdmin) { - var uri = Linker.BuildAbsoluteUri(Context, "SearchIndex"); + var uri = Linker.BuildRelativeUri(Context, "SearchIndex"); return Response.AsRedirect(uri.ToString()); } var settings = await AuthService.GetSettingsAsync(); @@ -93,7 +93,7 @@ namespace PlexRequests.UI.Modules if (string.IsNullOrWhiteSpace(username)) { Session["TempMessage"] = Resources.UI.UserLogin_IncorrectUserPass; - var uri = Linker.BuildAbsoluteUri(Context, "UserLoginIndex"); + var uri = Linker.BuildRelativeUri(Context, "UserLoginIndex"); return Response.AsRedirect(uri.ToString()); // TODO Check this } @@ -106,7 +106,7 @@ namespace PlexRequests.UI.Modules { Log.Debug("User is in denied list, not allowing them to authenticate"); Session["TempMessage"] = Resources.UI.UserLogin_IncorrectUserPass; - var uri = Linker.BuildAbsoluteUri(Context, "UserLoginIndex"); + var uri = Linker.BuildRelativeUri(Context, "UserLoginIndex"); return Response.AsRedirect(uri.ToString()); // TODO Check this } @@ -165,7 +165,7 @@ namespace PlexRequests.UI.Modules if (!authenticated) { - var uri = Linker.BuildAbsoluteUri(Context, "UserLoginIndex"); + var uri = Linker.BuildRelativeUri(Context, "UserLoginIndex"); Session["TempMessage"] = Resources.UI.UserLogin_IncorrectUserPass; return Response.AsRedirect(uri.ToString()); // TODO Check this } @@ -176,11 +176,11 @@ namespace PlexRequests.UI.Modules { if (!landingSettings.BeforeLogin) { - var uri = Linker.BuildAbsoluteUri(Context, "LandingPageIndex"); + var uri = Linker.BuildRelativeUri(Context, "LandingPageIndex"); return Response.AsRedirect(uri.ToString()); } } - var retVal = Linker.BuildAbsoluteUri(Context, "SearchIndex"); + var retVal = Linker.BuildRelativeUri(Context, "SearchIndex"); return Response.AsRedirect(retVal.ToString()); // TODO Check this }