kocoded/oqtane.framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #3006 from sbwalker/dev

Browse Source 
support both 404 and 403 status codes in GET API response (404 should not log)
This commit is contained in:
Shaun Walker 2023-07-11 08:14:52 -04:00 committed by GitHub
commit d6a7e32ca9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
17 changed files with 179 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Oqtane.Client/Services/ServiceBase.cs
View File

@ -206,7 +206,6 @@ namespace Oqtane.Services
Console.WriteLine($"Request: {response.RequestMessage.RequestUri}"); Console.WriteLine($"Request: {response.RequestMessage.RequestUri}");
Console.WriteLine($"Response status: {response.StatusCode} {response.ReasonPhrase}"); Console.WriteLine($"Response status: {response.StatusCode} {response.ReasonPhrase}");
} }
return false; return false;
} }

15
Oqtane.Server/Controllers/FileController.cs
View File

@ -123,8 +123,15 @@ namespace Oqtane.Controllers
} }
else else
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized File Get Attempt {FileId}", id); if (file != null)
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized File Get Attempt {FileId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }
@ -144,6 +151,10 @@ namespace Oqtane.Controllers
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized File Get Attempt {Name} For Folder {FolderId}", name, folderId); _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized File Get Attempt {Name} For Folder {FolderId}", name, folderId);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
} }
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }

22
Oqtane.Server/Controllers/FolderController.cs
View File

@ -70,8 +70,15 @@ namespace Oqtane.Controllers
} }
else else
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Folder Get Attempt {FolderId}", id); if (folder != null)
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Folder Get Attempt {FolderId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }
@ -91,8 +98,15 @@ namespace Oqtane.Controllers
} }
else else
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Folder Get Attempt {Path} For Site {SiteId}", path, siteId); if (folder != null)
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Folder Get Attempt {Path} For Site {SiteId}", path, siteId);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }

11
Oqtane.Server/Controllers/LanguageController.cs
View File

@ -89,8 +89,15 @@ namespace Oqtane.Controllers
} }
else else
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Language Get Attempt {LanguageId}", id); if (language != null)
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Language Get Attempt {LanguageId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }

11
Oqtane.Server/Controllers/ModuleController.cs
View File

@ -113,8 +113,15 @@ namespace Oqtane.Controllers
} }
else else
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Module Get Attempt {ModuleId}", id); if (module != null)
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Module Get Attempt {ModuleId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }

15
Oqtane.Server/Controllers/ModuleDefinitionController.cs
View File

@ -89,15 +89,22 @@ namespace Oqtane.Controllers
if (int.TryParse(siteid, out SiteId) && SiteId == _alias.SiteId) if (int.TryParse(siteid, out SiteId) && SiteId == _alias.SiteId)
{ {
ModuleDefinition moduledefinition = _moduleDefinitions.GetModuleDefinition(id, SiteId); ModuleDefinition moduledefinition = _moduleDefinitions.GetModuleDefinition(id, SiteId);
if (_userPermissions.IsAuthorized(User, PermissionNames.Utilize, moduledefinition.PermissionList)) if (moduledefinition != null && _userPermissions.IsAuthorized(User, PermissionNames.Utilize, moduledefinition.PermissionList))
{ {
if (string.IsNullOrEmpty(moduledefinition.Version)) moduledefinition.Version = new Version(1, 0, 0).ToString(); moduledefinition.Version = (string.IsNullOrEmpty(moduledefinition.Version)) ? new Version(1, 0, 0).ToString() : moduledefinition.Version;
return moduledefinition; return moduledefinition;
} }
else else
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized ModuleDefinition Get Attempt {ModuleDefinitionId} {SiteId}", id, siteid); if (moduledefinition != null)
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized ModuleDefinition Get Attempt {ModuleDefinitionId} {SiteId}", id, siteid);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }

11
Oqtane.Server/Controllers/NotificationController.cs
View File

@ -141,8 +141,15 @@ namespace Oqtane.Controllers
} }
else else
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Notification Get Attempt {NotificationId}", id); if (notification != null)
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Notification Get Attempt {NotificationId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }

15
Oqtane.Server/Controllers/PageController.cs
View File

@ -87,8 +87,15 @@ namespace Oqtane.Controllers
} }
else else
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Page Get Attempt {PageId}", id); if (page != null)
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Page Get Attempt {PageId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }
@ -112,6 +119,10 @@ namespace Oqtane.Controllers
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Page Get Attempt {SiteId} {Path}", siteid, path); _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Page Get Attempt {SiteId} {Path}", siteid, path);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
} }
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }

22
Oqtane.Server/Controllers/PageModuleController.cs
View File

@ -44,8 +44,15 @@ namespace Oqtane.Controllers
} }
else else
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized PageModule Get Attempt {PageModuleId}", id); if (pagemodule != null)
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized PageModule Get Attempt {PageModuleId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }
@ -61,8 +68,15 @@ namespace Oqtane.Controllers
} }
else else
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized PageModule Get Attempt {PageId} {ModuleId}", pageid, moduleid); if (pagemodule != null)
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized PageModule Get Attempt {PageId} {ModuleId}", pageid, moduleid);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }

11
Oqtane.Server/Controllers/ProfileController.cs
View File

@ -56,8 +56,15 @@ namespace Oqtane.Controllers
} }
else else
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Profile Get Attempt {ProfileId}", id); if (profile != null)
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Profile Get Attempt {ProfileId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }

11
Oqtane.Server/Controllers/RoleController.cs
View File

@ -60,8 +60,15 @@ namespace Oqtane.Controllers
} }
else else
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Role Get Attempt {RoleId}", id); if (role != null)
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Role Get Attempt {RoleId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }

6
Oqtane.Server/Controllers/SettingController.cs
View File

@ -89,11 +89,15 @@ namespace Oqtane.Controllers
} }
else else
{ {
if (entityName != EntityNames.Visitor) if (setting != null && entityName != EntityNames.Visitor)
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access Setting {EntityName} {SettingId}", entityName, id); _logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access Setting {EntityName} {SettingId}", entityName, id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
} }
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }

13
Oqtane.Server/Controllers/SiteController.cs
View File

@ -79,7 +79,7 @@ namespace Oqtane.Controllers
private Site GetSite(int siteid) private Site GetSite(int siteid)
{ {
var site = _sites.GetSite(siteid); var site = _sites.GetSite(siteid);
if (site.SiteId == _alias.SiteId) if (site != null && site.SiteId == _alias.SiteId)
{ {
// site settings // site settings
site.Settings = _settings.GetSettings(EntityNames.Site, site.SiteId) site.Settings = _settings.GetSettings(EntityNames.Site, site.SiteId)
@ -153,8 +153,15 @@ namespace Oqtane.Controllers
} }
else else
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Site Get Attempt {SiteId}", siteid); if (site != null)
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Site Get Attempt {SiteId}", siteid);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }

22
Oqtane.Server/Controllers/UrlMappingController.cs
View File

@ -56,8 +56,15 @@ namespace Oqtane.Controllers
} }
else else
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized UrlMapping Get Attempt {UrlMappingId}", id); if (urlMapping != null)
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized UrlMapping Get Attempt {UrlMappingId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }
@ -73,8 +80,15 @@ namespace Oqtane.Controllers
} }
else else
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized UrlMapping Get Attempt {SiteId} {Url}", siteid, url); if (urlMapping != null)
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized UrlMapping Get Attempt {SiteId} {Url}", siteid, url);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }

8
Oqtane.Server/Controllers/UserController.cs
View File

@ -65,6 +65,10 @@ namespace Oqtane.Controllers
user.SiteId = int.Parse(siteid); user.SiteId = int.Parse(siteid);
user.Roles = GetUserRoles(user.UserId, user.SiteId); user.Roles = GetUserRoles(user.UserId, user.SiteId);
} }
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return Filter(user); return Filter(user);
} }
else else
@ -88,6 +92,10 @@ namespace Oqtane.Controllers
user.SiteId = int.Parse(siteid); user.SiteId = int.Parse(siteid);
user.Roles = GetUserRoles(user.UserId, user.SiteId); user.Roles = GetUserRoles(user.UserId, user.SiteId);
} }
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return Filter(user); return Filter(user);
} }
else else

11
Oqtane.Server/Controllers/UserRoleController.cs
View File

@ -79,8 +79,15 @@ namespace Oqtane.Controllers
} }
else else
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized User Role Get Attempt {UserRoleId}", id); if (userrole != null)
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized User Role Get Attempt {UserRoleId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }

11
Oqtane.Server/Controllers/VisitorController.cs
View File

@ -64,8 +64,15 @@ namespace Oqtane.Controllers
} }
else else
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Visitor Get Attempt {VisitorId}", id); if (visitor != null)
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Visitor Get Attempt {VisitorId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }