kocoded/oqtane.framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

support both 404 andf 403 status codes in API response (404 should not log)

Browse Source
This commit is contained in:
sbwalker 2023-07-11 08:14:00 -04:00
parent 59fffbd3ee
commit df0f562817
17 changed files with 179 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Oqtane.Client/Services/ServiceBase.cs
View File

@ -206,7 +206,6 @@ namespace Oqtane.Services
Console.WriteLine($"Request: {response.RequestMessage.RequestUri}");
Console.WriteLine($"Response status: {response.StatusCode} {response.ReasonPhrase}");
}
return false;
}

11
Oqtane.Server/Controllers/FileController.cs
View File

@ -122,9 +122,16 @@ namespace Oqtane.Controllers
return file;
}
else
{
if (file != null)
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized File Get Attempt {FileId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null;
}
}
@ -144,6 +151,10 @@ namespace Oqtane.Controllers
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized File Get Attempt {Name} For Folder {FolderId}", name, folderId);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null;
}
}

14
Oqtane.Server/Controllers/FolderController.cs
View File

@ -69,9 +69,16 @@ namespace Oqtane.Controllers
return folder;
}
else
{
if (folder != null)
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Folder Get Attempt {FolderId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null;
}
}
@ -90,9 +97,16 @@ namespace Oqtane.Controllers
return folder;
}
else
{
if (folder != null)
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Folder Get Attempt {Path} For Site {SiteId}", path, siteId);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null;
}
}

7
Oqtane.Server/Controllers/LanguageController.cs
View File

@ -88,9 +88,16 @@ namespace Oqtane.Controllers
return language;
}
else
{
if (language != null)
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Language Get Attempt {LanguageId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null;
}
}

7
Oqtane.Server/Controllers/ModuleController.cs
View File

@ -112,9 +112,16 @@ namespace Oqtane.Controllers
return module;
}
else
{
if (module != null)
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Module Get Attempt {ModuleId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null;
}
}

11
Oqtane.Server/Controllers/ModuleDefinitionController.cs
View File

@ -89,15 +89,22 @@ namespace Oqtane.Controllers
if (int.TryParse(siteid, out SiteId) && SiteId == _alias.SiteId)
{
ModuleDefinition moduledefinition = _moduleDefinitions.GetModuleDefinition(id, SiteId);
if (_userPermissions.IsAuthorized(User, PermissionNames.Utilize, moduledefinition.PermissionList))
if (moduledefinition != null && _userPermissions.IsAuthorized(User, PermissionNames.Utilize, moduledefinition.PermissionList))
{
if (string.IsNullOrEmpty(moduledefinition.Version)) moduledefinition.Version = new Version(1, 0, 0).ToString();
moduledefinition.Version = (string.IsNullOrEmpty(moduledefinition.Version)) ? new Version(1, 0, 0).ToString() : moduledefinition.Version;
return moduledefinition;
}
else
{
if (moduledefinition != null)
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized ModuleDefinition Get Attempt {ModuleDefinitionId} {SiteId}", id, siteid);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null;
}
}

7
Oqtane.Server/Controllers/NotificationController.cs
View File

@ -140,9 +140,16 @@ namespace Oqtane.Controllers
return notification;
}
else
{
if (notification != null)
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Notification Get Attempt {NotificationId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null;
}
}

11
Oqtane.Server/Controllers/PageController.cs
View File

@ -86,9 +86,16 @@ namespace Oqtane.Controllers
return page;
}
else
{
if (page != null)
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Page Get Attempt {PageId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null;
}
}
@ -112,6 +119,10 @@ namespace Oqtane.Controllers
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Page Get Attempt {SiteId} {Path}", siteid, path);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null;
}
}

14
Oqtane.Server/Controllers/PageModuleController.cs
View File

@ -43,9 +43,16 @@ namespace Oqtane.Controllers
return pagemodule;
}
else
{
if (pagemodule != null)
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized PageModule Get Attempt {PageModuleId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null;
}
}
@ -60,9 +67,16 @@ namespace Oqtane.Controllers
return pagemodule;
}
else
{
if (pagemodule != null)
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized PageModule Get Attempt {PageId} {ModuleId}", pageid, moduleid);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null;
}
}

7
Oqtane.Server/Controllers/ProfileController.cs
View File

@ -55,9 +55,16 @@ namespace Oqtane.Controllers
return profile;
}
else
{
if (profile != null)
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Profile Get Attempt {ProfileId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null;
}
}

7
Oqtane.Server/Controllers/RoleController.cs
View File

@ -59,9 +59,16 @@ namespace Oqtane.Controllers
return role;
}
else
{
if (role != null)
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Role Get Attempt {RoleId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null;
}
}

6
Oqtane.Server/Controllers/SettingController.cs
View File

@ -89,11 +89,15 @@ namespace Oqtane.Controllers
}
else
{
if (entityName != EntityNames.Visitor)
if (setting != null && entityName != EntityNames.Visitor)
{
_logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access Setting {EntityName} {SettingId}", entityName, id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null;
}
}

9
Oqtane.Server/Controllers/SiteController.cs
View File

@ -79,7 +79,7 @@ namespace Oqtane.Controllers
private Site GetSite(int siteid)
{
var site = _sites.GetSite(siteid);
if (site.SiteId == _alias.SiteId)
if (site != null && site.SiteId == _alias.SiteId)
{
// site settings
site.Settings = _settings.GetSettings(EntityNames.Site, site.SiteId)
@ -152,9 +152,16 @@ namespace Oqtane.Controllers
return site;
}
else
{
if (site != null)
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Site Get Attempt {SiteId}", siteid);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null;
}
}

14
Oqtane.Server/Controllers/UrlMappingController.cs
View File

@ -55,9 +55,16 @@ namespace Oqtane.Controllers
return urlMapping;
}
else
{
if (urlMapping != null)
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized UrlMapping Get Attempt {UrlMappingId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null;
}
}
@ -72,9 +79,16 @@ namespace Oqtane.Controllers
return urlMapping;
}
else
{
if (urlMapping != null)
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized UrlMapping Get Attempt {SiteId} {Url}", siteid, url);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null;
}
}

8
Oqtane.Server/Controllers/UserController.cs
View File

@ -65,6 +65,10 @@ namespace Oqtane.Controllers
user.SiteId = int.Parse(siteid);
user.Roles = GetUserRoles(user.UserId, user.SiteId);
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return Filter(user);
}
else
@ -88,6 +92,10 @@ namespace Oqtane.Controllers
user.SiteId = int.Parse(siteid);
user.Roles = GetUserRoles(user.UserId, user.SiteId);
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return Filter(user);
}
else

7
Oqtane.Server/Controllers/UserRoleController.cs
View File

@ -78,9 +78,16 @@ namespace Oqtane.Controllers
return Filter(userrole, _userPermissions.GetUser().UserId);
}
else
{
if (userrole != null)
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized User Role Get Attempt {UserRoleId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null;
}
}

7
Oqtane.Server/Controllers/VisitorController.cs
View File

@ -63,9 +63,16 @@ namespace Oqtane.Controllers
return visitor;
}
else
{
if (visitor != null)
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Visitor Get Attempt {VisitorId}", id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
else
{
HttpContext.Response.StatusCode = (int)HttpStatusCode.NotFound;
}
return null;
}
}