kocoded/oqtane.framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

support both 404 andf 403 status codes in API response (404 should not log)

Browse Source
This commit is contained in:
sbwalker 2023-07-11 08:14:00 -04:00
parent 59fffbd3ee
commit df0f562817
17 changed files with 179 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Oqtane.Client/Services/ServiceBase.cs
View File

@ -206,7 +206,6 @@ namespace Oqtane.Services
Console.WriteLine($"Request: {response.RequestMessage.RequestUri}"); Console.WriteLine($"Request: {response.RequestMessage.RequestUri}");
Console.WriteLine($"Response status: {response.StatusCode} {response.ReasonPhrase}"); Console.WriteLine($"Response status: {response.StatusCode} {response.ReasonPhrase}");
} }
return false; return false;
} }

11
Oqtane.Server/Controllers/FileController.cs
View File

@ -122,9 +122,16 @@ namespace Oqtane.Controllers
return file; return file;
} }
else else
{
if (file != null)
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized File Get Attempt {FileId}", id); _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized File Get Attempt {FileId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }
@ -144,6 +151,10 @@ namespace Oqtane.Controllers
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized File Get Attempt {Name} For Folder {FolderId}", name, folderId); _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized File Get Attempt {Name} For Folder {FolderId}", name, folderId);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
} }
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }

14
Oqtane.Server/Controllers/FolderController.cs
View File

@ -69,9 +69,16 @@ namespace Oqtane.Controllers
return folder; return folder;
} }
else else
{
if (folder != null)
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Folder Get Attempt {FolderId}", id); _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Folder Get Attempt {FolderId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }
@ -90,9 +97,16 @@ namespace Oqtane.Controllers
return folder; return folder;
} }
else else
{
if (folder != null)
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Folder Get Attempt {Path} For Site {SiteId}", path, siteId); _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Folder Get Attempt {Path} For Site {SiteId}", path, siteId);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }

7
Oqtane.Server/Controllers/LanguageController.cs
View File

@ -88,9 +88,16 @@ namespace Oqtane.Controllers
return language; return language;
} }
else else
{
if (language != null)
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Language Get Attempt {LanguageId}", id); _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Language Get Attempt {LanguageId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }

7
Oqtane.Server/Controllers/ModuleController.cs
View File

@ -112,9 +112,16 @@ namespace Oqtane.Controllers
return module; return module;
} }
else else
{
if (module != null)
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Module Get Attempt {ModuleId}", id); _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Module Get Attempt {ModuleId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }

11
Oqtane.Server/Controllers/ModuleDefinitionController.cs
View File

@ -89,15 +89,22 @@ namespace Oqtane.Controllers
if (int.TryParse(siteid, out SiteId) && SiteId == _alias.SiteId) if (int.TryParse(siteid, out SiteId) && SiteId == _alias.SiteId)
{ {
ModuleDefinition moduledefinition = _moduleDefinitions.GetModuleDefinition(id, SiteId); ModuleDefinition moduledefinition = _moduleDefinitions.GetModuleDefinition(id, SiteId);
if (_userPermissions.IsAuthorized(User, PermissionNames.Utilize, moduledefinition.PermissionList)) if (moduledefinition != null && _userPermissions.IsAuthorized(User, PermissionNames.Utilize, moduledefinition.PermissionList))
{ {
if (string.IsNullOrEmpty(moduledefinition.Version)) moduledefinition.Version = new Version(1, 0, 0).ToString(); moduledefinition.Version = (string.IsNullOrEmpty(moduledefinition.Version)) ? new Version(1, 0, 0).ToString() : moduledefinition.Version;
return moduledefinition; return moduledefinition;
} }
else else
{
if (moduledefinition != null)
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized ModuleDefinition Get Attempt {ModuleDefinitionId} {SiteId}", id, siteid); _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized ModuleDefinition Get Attempt {ModuleDefinitionId} {SiteId}", id, siteid);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }

7
Oqtane.Server/Controllers/NotificationController.cs
View File

@ -140,9 +140,16 @@ namespace Oqtane.Controllers
return notification; return notification;
} }
else else
{
if (notification != null)
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Notification Get Attempt {NotificationId}", id); _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Notification Get Attempt {NotificationId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }

11
Oqtane.Server/Controllers/PageController.cs
View File

@ -86,9 +86,16 @@ namespace Oqtane.Controllers
return page; return page;
} }
else else
{
if (page != null)
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Page Get Attempt {PageId}", id); _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Page Get Attempt {PageId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }
@ -112,6 +119,10 @@ namespace Oqtane.Controllers
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Page Get Attempt {SiteId} {Path}", siteid, path); _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Page Get Attempt {SiteId} {Path}", siteid, path);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
} }
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }

14
Oqtane.Server/Controllers/PageModuleController.cs
View File

@ -43,9 +43,16 @@ namespace Oqtane.Controllers
return pagemodule; return pagemodule;
} }
else else
{
if (pagemodule != null)
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized PageModule Get Attempt {PageModuleId}", id); _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized PageModule Get Attempt {PageModuleId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }
@ -60,9 +67,16 @@ namespace Oqtane.Controllers
return pagemodule; return pagemodule;
} }
else else
{
if (pagemodule != null)
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized PageModule Get Attempt {PageId} {ModuleId}", pageid, moduleid); _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized PageModule Get Attempt {PageId} {ModuleId}", pageid, moduleid);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }

7
Oqtane.Server/Controllers/ProfileController.cs
View File

@ -55,9 +55,16 @@ namespace Oqtane.Controllers
return profile; return profile;
} }
else else
{
if (profile != null)
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Profile Get Attempt {ProfileId}", id); _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Profile Get Attempt {ProfileId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }

7
Oqtane.Server/Controllers/RoleController.cs
View File

@ -59,9 +59,16 @@ namespace Oqtane.Controllers
return role; return role;
} }
else else
{
if (role != null)
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Role Get Attempt {RoleId}", id); _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Role Get Attempt {RoleId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }

6
Oqtane.Server/Controllers/SettingController.cs
View File

@ -89,11 +89,15 @@ namespace Oqtane.Controllers
} }
else else
{ {
if (entityName != EntityNames.Visitor) if (setting != null && entityName != EntityNames.Visitor)
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access Setting {EntityName} {SettingId}", entityName, id); _logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access Setting {EntityName} {SettingId}", entityName, id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
} }
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }

9
Oqtane.Server/Controllers/SiteController.cs
View File

@ -79,7 +79,7 @@ namespace Oqtane.Controllers
private Site GetSite(int siteid) private Site GetSite(int siteid)
{ {
var site = _sites.GetSite(siteid); var site = _sites.GetSite(siteid);
if (site.SiteId == _alias.SiteId) if (site != null && site.SiteId == _alias.SiteId)
{ {
// site settings // site settings
site.Settings = _settings.GetSettings(EntityNames.Site, site.SiteId) site.Settings = _settings.GetSettings(EntityNames.Site, site.SiteId)
@ -152,9 +152,16 @@ namespace Oqtane.Controllers
return site; return site;
} }
else else
{
if (site != null)
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Site Get Attempt {SiteId}", siteid); _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Site Get Attempt {SiteId}", siteid);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }

14
Oqtane.Server/Controllers/UrlMappingController.cs
View File

@ -55,9 +55,16 @@ namespace Oqtane.Controllers
return urlMapping; return urlMapping;
} }
else else
{
if (urlMapping != null)
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized UrlMapping Get Attempt {UrlMappingId}", id); _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized UrlMapping Get Attempt {UrlMappingId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }
@ -72,9 +79,16 @@ namespace Oqtane.Controllers
return urlMapping; return urlMapping;
} }
else else
{
if (urlMapping != null)
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized UrlMapping Get Attempt {SiteId} {Url}", siteid, url); _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized UrlMapping Get Attempt {SiteId} {Url}", siteid, url);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }

8
Oqtane.Server/Controllers/UserController.cs
View File

@ -65,6 +65,10 @@ namespace Oqtane.Controllers
user.SiteId = int.Parse(siteid); user.SiteId = int.Parse(siteid);
user.Roles = GetUserRoles(user.UserId, user.SiteId); user.Roles = GetUserRoles(user.UserId, user.SiteId);
} }
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return Filter(user); return Filter(user);
} }
else else
@ -88,6 +92,10 @@ namespace Oqtane.Controllers
user.SiteId = int.Parse(siteid); user.SiteId = int.Parse(siteid);
user.Roles = GetUserRoles(user.UserId, user.SiteId); user.Roles = GetUserRoles(user.UserId, user.SiteId);
} }
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return Filter(user); return Filter(user);
} }
else else

7
Oqtane.Server/Controllers/UserRoleController.cs
View File

@ -78,9 +78,16 @@ namespace Oqtane.Controllers
return Filter(userrole, _userPermissions.GetUser().UserId); return Filter(userrole, _userPermissions.GetUser().UserId);
} }
else else
{
if (userrole != null)
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized User Role Get Attempt {UserRoleId}", id); _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized User Role Get Attempt {UserRoleId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }

7
Oqtane.Server/Controllers/VisitorController.cs
View File

@ -63,9 +63,16 @@ namespace Oqtane.Controllers
return visitor; return visitor;
} }
else else
{
if (visitor != null)
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Visitor Get Attempt {VisitorId}", id); _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Visitor Get Attempt {VisitorId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null; return null;
} }
} }