kocoded/oqtane.framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #3552 from sbwalker/dev

Browse Source 
ignore Blazor framework requests
This commit is contained in:
Shaun Walker 2023-12-13 18:25:34 -05:00 committed by GitHub
commit 9d646b2eed
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 7 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Oqtane.Server/Infrastructure/Middleware/TenantMiddleware.cs
View File

@ -23,8 +23,7 @@ namespace Oqtane.Infrastructure
var config = context.RequestServices.GetService(typeof(IConfigManager)) as IConfigManager; var config = context.RequestServices.GetService(typeof(IConfigManager)) as IConfigManager;
string path = context.Request.Path.ToString(); string path = context.Request.Path.ToString();
if (config.IsInstalled() && !path.StartsWith("/_")) // ignore Blazor framework requests
if (config.IsInstalled() && !path.StartsWith("/_blazor"))
{ {
// get alias (note that this also sets SiteState.Alias) // get alias (note that this also sets SiteState.Alias)
var tenantManager = context.RequestServices.GetService(typeof(ITenantManager)) as ITenantManager; var tenantManager = context.RequestServices.GetService(typeof(ITenantManager)) as ITenantManager;

10
Oqtane.Server/Security/PrincipalValidator.cs
View File

@ -8,6 +8,7 @@ using Oqtane.Models;
using System.Collections.Generic; using System.Collections.Generic;
using Oqtane.Extensions; using Oqtane.Extensions;
using Oqtane.Shared; using Oqtane.Shared;
using System.IO;
namespace Oqtane.Security namespace Oqtane.Security
{ {
@ -17,9 +18,11 @@ namespace Oqtane.Security
{ {
if (context != null && context.Principal.Identity.IsAuthenticated && context.Principal.Identity.Name != null) if (context != null && context.Principal.Identity.IsAuthenticated && context.Principal.Identity.Name != null)
{ {
// check if framework is installed
var config = context.HttpContext.RequestServices.GetService(typeof(IConfigManager)) as IConfigManager; var config = context.HttpContext.RequestServices.GetService(typeof(IConfigManager)) as IConfigManager;
if (config.IsInstalled()) string path = context.Request.Path.ToString().ToLower();
// check if framework is installed
if (config.IsInstalled() && !path.StartsWith("/_")) // ignore Blazor framework requests
{ {
// get current site // get current site
var alias = context.HttpContext.GetAlias(); var alias = context.HttpContext.GetAlias();
@ -28,12 +31,11 @@ namespace Oqtane.Security
var claims = context.Principal.Claims; var claims = context.Principal.Claims;
// check if principal has roles and matches current site // check if principal has roles and matches current site
if (!claims.Any(item => item.Type == ClaimTypes.Role) || claims.Any(item => item.Type == "sitekey" && item.Value != alias.SiteKey)) if (!claims.Any(item => item.Type == ClaimTypes.Role) || !claims.Any(item => item.Type == "sitekey" && item.Value == alias.SiteKey))
{ {
var userRepository = context.HttpContext.RequestServices.GetService(typeof(IUserRepository)) as IUserRepository; var userRepository = context.HttpContext.RequestServices.GetService(typeof(IUserRepository)) as IUserRepository;
var userRoleRepository = context.HttpContext.RequestServices.GetService(typeof(IUserRoleRepository)) as IUserRoleRepository; var userRoleRepository = context.HttpContext.RequestServices.GetService(typeof(IUserRoleRepository)) as IUserRoleRepository;
var _logger = context.HttpContext.RequestServices.GetService(typeof(ILogManager)) as ILogManager; var _logger = context.HttpContext.RequestServices.GetService(typeof(ILogManager)) as ILogManager;
string path = context.Request.Path.ToString().ToLower();
User user = userRepository.GetUser(context.Principal.Identity.Name); User user = userRepository.GetUser(context.Principal.Identity.Name);
if (user != null) if (user != null)