From bad7be39a67e86392e0ad63b0630befd525b6f7b Mon Sep 17 00:00:00 2001 From: vnetonline Date: Fri, 7 Jul 2023 09:21:49 +1000 Subject: [PATCH 1/4] Fixing personalized page created to be UserName if DisplayName is null --- Oqtane.Server/Controllers/PageController.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Oqtane.Server/Controllers/PageController.cs b/Oqtane.Server/Controllers/PageController.cs index f22f7467..fca672ec 100644 --- a/Oqtane.Server/Controllers/PageController.cs +++ b/Oqtane.Server/Controllers/PageController.cs @@ -183,7 +183,7 @@ namespace Oqtane.Controllers page = new Page(); page.SiteId = parent.SiteId; page.ParentId = parent.PageId; - page.Name = user.DisplayName; + page.Name = user.DisplayName != null ? user.DisplayName : user.Username; page.Path = parent.Path + "/" + Utilities.GetFriendlyUrl(page.Name); page.Title = page.Name + " - " + parent.Name; page.Order = 0; From 16d0d11e0baf1fe5088ca5bb3badcbef50b21bb1 Mon Sep 17 00:00:00 2001 From: sbwalker Date: Mon, 10 Jul 2023 11:44:05 -0400 Subject: [PATCH 2/4] refactored upload so that it is not dependent on Folder Browse permission --- .../Modules/Controls/FileManager.razor | 38 ++++++++++--------- Oqtane.Server/Controllers/FileController.cs | 10 +++-- 2 files changed, 27 insertions(+), 21 deletions(-) diff --git a/Oqtane.Client/Modules/Controls/FileManager.razor b/Oqtane.Client/Modules/Controls/FileManager.razor index 361bffbd..2146ead7 100644 --- a/Oqtane.Client/Modules/Controls/FileManager.razor +++ b/Oqtane.Client/Modules/Controls/FileManager.razor @@ -329,27 +329,29 @@ var folder = (Folder == Constants.PackagesFolder) ? Folder : FolderId.ToString(); await interop.UploadFiles(posturl, folder, _guid, SiteState.AntiForgeryToken); - // uploading is asynchronous so we need to wait for the uploads to complete - // note that this will only wait a maximum of 15 seconds which may not be long enough for very large file uploads - bool success = false; - int attempts = 0; - while (attempts < 5 && !success) + // uploading is asynchronous so we need to poll to determine if uploads are completed + var success = true; + int upload = 0; + while (upload < uploads.Length && success) { - attempts += 1; - Thread.Sleep(1000 * attempts); // progressive retry - - success = true; - List files = await FileService.GetFilesAsync(folder); - if (files.Count > 0) + success = false; + // note that progressive retry will only wait a maximum of 15 seconds which may not be long enough for very large file uploads + int attempts = 0; + while (attempts < 5 && !success) { - foreach (string upload in uploads) + attempts += 1; + Thread.Sleep(1000 * attempts); // progressive retry + + var file = await FileService.GetFileAsync(int.Parse(folder), uploads[upload]); + if (file != null) { - if (!files.Exists(item => item.Name == upload)) - { - success = false; - } + success = true; } } + if (success) + { + upload++; + } } // reset progress indicators @@ -379,14 +381,14 @@ else { // set FileId to first file in upload collection - await GetFiles(); - var file = _files.Where(item => item.Name == uploads[0]).FirstOrDefault(); + var file = await FileService.GetFileAsync(int.Parse(folder), uploads[0]); if (file != null) { FileId = file.FileId; await SetImage(); await OnUpload.InvokeAsync(FileId); } + await GetFiles(); StateHasChanged(); } } diff --git a/Oqtane.Server/Controllers/FileController.cs b/Oqtane.Server/Controllers/FileController.cs index 63f0366b..62b018e5 100644 --- a/Oqtane.Server/Controllers/FileController.cs +++ b/Oqtane.Server/Controllers/FileController.cs @@ -139,9 +139,13 @@ namespace Oqtane.Controllers } else { - _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized File Get Attempt {Name} For Folder {FolderId}", name, folderId); - HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; - return null; + if (file != null) + { + _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized File Get Attempt {Name} For Folder {FolderId}", name, folderId); + HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; + file = null; + } + return file; } } From 3aff31b826ca31d969a6be2284fac83fa9cae1cc Mon Sep 17 00:00:00 2001 From: sbwalker Date: Mon, 10 Jul 2023 14:16:17 -0400 Subject: [PATCH 3/4] make GetHttpClient() public --- Oqtane.Client/Services/ServiceBase.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Oqtane.Client/Services/ServiceBase.cs b/Oqtane.Client/Services/ServiceBase.cs index a5e7fd26..0aeca63d 100644 --- a/Oqtane.Client/Services/ServiceBase.cs +++ b/Oqtane.Client/Services/ServiceBase.cs @@ -21,7 +21,7 @@ namespace Oqtane.Services _siteState = siteState; } - private HttpClient GetHttpClient() + public HttpClient GetHttpClient() { if (!_httpClient.DefaultRequestHeaders.Contains(Constants.AntiForgeryTokenHeaderName) && _siteState != null && !string.IsNullOrEmpty(_siteState.AntiForgeryToken)) { From 62ad99d0b6ec150f06736e8ba619f7d280f6143c Mon Sep 17 00:00:00 2001 From: sbwalker Date: Mon, 10 Jul 2023 14:51:32 -0400 Subject: [PATCH 4/4] prevent logging of error for personalized pages --- Oqtane.Server/Controllers/FileController.cs | 3 +-- Oqtane.Server/Controllers/PageController.cs | 11 +++++++---- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/Oqtane.Server/Controllers/FileController.cs b/Oqtane.Server/Controllers/FileController.cs index 62b018e5..da865df8 100644 --- a/Oqtane.Server/Controllers/FileController.cs +++ b/Oqtane.Server/Controllers/FileController.cs @@ -143,9 +143,8 @@ namespace Oqtane.Controllers { _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized File Get Attempt {Name} For Folder {FolderId}", name, folderId); HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; - file = null; } - return file; + return null; } } diff --git a/Oqtane.Server/Controllers/PageController.cs b/Oqtane.Server/Controllers/PageController.cs index 0e115c58..e6adba2f 100644 --- a/Oqtane.Server/Controllers/PageController.cs +++ b/Oqtane.Server/Controllers/PageController.cs @@ -106,8 +106,11 @@ namespace Oqtane.Controllers } else { - _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Page Get Attempt {SiteId} {Path}", siteid, path); - HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; + if (page != null) + { + _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Page Get Attempt {SiteId} {Path}", siteid, path); + HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; + } return null; } } @@ -177,8 +180,8 @@ namespace Oqtane.Controllers page = new Page(); page.SiteId = parent.SiteId; page.ParentId = parent.PageId; - page.Name = user.DisplayName != null ? user.DisplayName : user.Username; - page.Path = parent.Path + "/" + Utilities.GetFriendlyUrl(page.Name); + page.Name = user.Username; + page.Path = parent.Path + "/" + page.Name; page.Title = page.Name + " - " + parent.Name; page.Order = 0; page.IsNavigation = false;