Skip to content
Snippets Groups Projects

Fix: fixed internal ddos (coscine/issues#1796)

Merged Fix: fixed internal ddos (coscine/issues#1796)
Hotfix/1796-projectDdos into master
Merged
L. Ellenbeckrequested to merge
Hotfix/1796-projectDdos into master
Compare
and
1 file
+ 46
50
Compare changes
  • Side-by-side
  • Inline
src/Project/Controllers/ProjectController.cs
+ 46
50
@@ -23,7 +23,6 @@ using System.Linq;
namespace Coscine.Api.Project.Controllers
{
/// <summary>
/// /// This controller represents the actions which can be taken with a project object.
/// </summary>
@@ -72,7 +71,7 @@ namespace Coscine.Api.Project.Controllers
/// <summary>
/// Returns all available projects (including sub projects)
/// </summary>
/// <returns>Ok</returns>
/// <returns>OK</returns>
[Route("[controller]")]
public ActionResult<IEnumerable<ProjectObject>> Index()
{
@@ -87,7 +86,7 @@ namespace Coscine.Api.Project.Controllers
/// <summary>
/// Retrieves all top level projects
/// </summary>
/// <returns>Ok</returns>
/// <returns>OK</returns>
[Route("[controller]/-/topLevel")]
public ActionResult<IEnumerable<ProjectObject>> GetTopLevelProjects()
{
@@ -105,10 +104,10 @@ namespace Coscine.Api.Project.Controllers
}
/// <summary>
/// This returns the the project if the user has access to it
/// This returns the project if the user has access to it
/// </summary>
/// <param name="id">Id of the resource</param>
/// <returns>Ok or Statuscode 401</returns>
/// <param name="id">Id of the project</param>
/// <returns>OK or status code 401</returns>
[HttpGet("[controller]/{id}")]
public ActionResult<ProjectObject> Get(string id)
{
@@ -117,7 +116,7 @@ namespace Coscine.Api.Project.Controllers
if (_projectModel.HasAccess(user, project, UserRoles.Member, UserRoles.Owner))
{
SubProjectModel subProjectModel = new SubProjectModel();
var subProjectRel = subProjectModel.GetAllWhere((subProject) => subProject.SubProjectId == project.Id && project.Deleted == false);
var subProjectRel = subProjectModel.GetAllWhere((subProject) => subProject.SubProjectId == project.Id && !project.Deleted);
var parentProjectRelation = subProjectRel.FirstOrDefault();
if (parentProjectRelation != null && _projectModel.HasAccess(user, parentProjectRelation.ProjectId, UserRoles.Member, UserRoles.Owner))
@@ -136,7 +135,7 @@ namespace Coscine.Api.Project.Controllers
/// Gets the resources
/// </summary>
/// <param name="id">Id of the resource</param>
/// <returns>Json object or Statuscode 401</returns>
/// <returns>JSON object or status code 401</returns>
[HttpGet("[controller]/{id}/resources")]
public ActionResult<IEnumerable<ResourceObject>> GetResources(string id)
{
@@ -151,10 +150,7 @@ namespace Coscine.Api.Project.Controllers
(from projectResource in resource.ProjectResources
where projectResource.ProjectId == project.Id
select projectResource).Any())
.Select((resource) =>
{
return resourceModel.CreateReturnObjectFromDatabaseObject(resource);
}).OrderBy(element => element.DisplayName);
.Select((resource) => resourceModel.CreateReturnObjectFromDatabaseObject(resource)).OrderBy(element => element.DisplayName);
if (Request.Query != null && Request.Query["noanalyticslog"] != "true")
{
var projectObject = _projectModel.CreateReturnObjectFromDatabaseObject(_projectModel.GetById(project.Id));
@@ -180,7 +176,7 @@ namespace Coscine.Api.Project.Controllers
if (!Guid.TryParse(projectId, out Guid projectGuid))
{
return BadRequest($"{projectId} is not a guid.");
return BadRequest($"{projectId} is not a GUID.");
}
var project = _projectModel.GetById(projectGuid);
@@ -195,7 +191,7 @@ namespace Coscine.Api.Project.Controllers
return Unauthorized("The user is not authorized to perform a get on the selected project!");
}
var resourceTypes = _resourceTypeModel.GetAllWhere(x => x.Enabled.HasValue && x.Enabled.Value);
var resourceTypes = _resourceTypeModel.GetAllWhere(x => x.Enabled == true);
return Json(resourceTypes.Select(x => CreateProjectQuotaReturnObject(x, projectGuid)));
}
@@ -210,15 +206,15 @@ namespace Coscine.Api.Project.Controllers
Id = x.Id,
Name = x.DisplayName,
Used = CalculateUsed(x, projectGuid),
Allocated = projectQuota == null ? 0 : projectQuota.Quota,
Maximum = projectQuota == null ? 0 : projectQuota.MaxQuota
Allocated = (projectQuota?.Quota) ?? 0,
Maximum = (projectQuota?.MaxQuota) ?? 0
};
}
private int GetMaxQuota(Guid projectId, Guid resourceTypeId)
{
var projectQuota = _projectQuotaModel.GetWhere(x => x.ProjectId == projectId && x.ResourceTypeId == resourceTypeId);
return projectQuota == null ? 0 : projectQuota.MaxQuota;
return (projectQuota?.MaxQuota) ?? 0;
}
private int CalculateUsed(ResourceType resourceType, Guid projectId)
@@ -248,7 +244,7 @@ namespace Coscine.Api.Project.Controllers
if (!Guid.TryParse(projectId, out Guid projectGuid))
{
return BadRequest($"{projectId} is not a guid.");
return BadRequest($"{projectId} is not a GUID.");
}
var project = _projectModel.GetById(projectGuid);
@@ -265,12 +261,12 @@ namespace Coscine.Api.Project.Controllers
if (!Guid.TryParse(resourceTypeId, out Guid resourceTypeGuid))
{
return BadRequest($"{resourceTypeId} is not a guid.");
return BadRequest($"{resourceTypeId} is not a GUID.");
}
var resourceType = _resourceTypeModel.GetById(resourceTypeGuid);
if (resourceType == null || !resourceType.Enabled.HasValue || !resourceType.Enabled.Value)
if (resourceType?.Enabled.HasValue != true || !resourceType.Enabled.Value)
{
return NotFound($"Could not find resourceType with id: {resourceTypeId}");
}
@@ -285,8 +281,8 @@ namespace Coscine.Api.Project.Controllers
Id = resourceTypeGuid,
Name = resourceType.DisplayName,
Used = CalculateUsed(resourceType, projectGuid),
Allocated = projectQuota == null ? 0 : projectQuota.Quota,
Maximum = projectQuota == null ? 0 : projectQuota.MaxQuota
Allocated = (projectQuota?.Quota) ?? 0,
Maximum = (projectQuota?.MaxQuota) ?? 0
};
return Json(projectQuotaReturnObject);
@@ -305,7 +301,7 @@ namespace Coscine.Api.Project.Controllers
if (!Guid.TryParse(projectId, out Guid projectGuid))
{
return BadRequest($"{projectId} is not a guid.");
return BadRequest($"{projectId} is not a GUID.");
}
var project = _projectModel.GetById(projectGuid);
@@ -322,12 +318,12 @@ namespace Coscine.Api.Project.Controllers
if (!Guid.TryParse(resourceTypeId, out Guid resourceTypeGuid))
{
return BadRequest($"{resourceTypeId} is not a guid.");
return BadRequest($"{resourceTypeId} is not a GUID.");
}
var resourceType = _resourceTypeModel.GetById(resourceTypeGuid);
if (resourceType == null || !resourceType.Enabled.HasValue || !resourceType.Enabled.Value)
if (resourceType?.Enabled.HasValue != true || !resourceType.Enabled.Value)
{
return NotFound($"Could not find resourceType with id: {resourceTypeId}");
}
@@ -349,7 +345,7 @@ namespace Coscine.Api.Project.Controllers
if (!Guid.TryParse(projectId, out Guid projectGuid))
{
return BadRequest($"{projectId} is not a guid.");
return BadRequest($"{projectId} is not a GUID.");
}
var project = _projectModel.GetById(projectGuid);
@@ -366,12 +362,12 @@ namespace Coscine.Api.Project.Controllers
if (!Guid.TryParse(resourceTypeId, out Guid resourceTypeGuid))
{
return BadRequest($"{resourceTypeId} is not a guid.");
return BadRequest($"{resourceTypeId} is not a GUID.");
}
var resourceType = _resourceTypeModel.GetById(resourceTypeGuid);
if (resourceType == null || !resourceType.Enabled.HasValue || !resourceType.Enabled.Value)
if (resourceType?.Enabled.HasValue != true || !resourceType.Enabled.Value)
{
return NotFound($"Could not find resourceType with id: {resourceTypeId}");
}
@@ -414,8 +410,8 @@ namespace Coscine.Api.Project.Controllers
{
var projectQuota = new ProjectQuota
{
MaxQuota = defaultQuota == null ? 0 : defaultQuota.DefaultMaxQuota,
Quota = defaultQuota == null ? 0 : defaultQuota.DefaultQuota,
MaxQuota = (defaultQuota?.DefaultMaxQuota) ?? 0,
Quota = (defaultQuota?.DefaultQuota) ?? 0,
ProjectId = project.Id,
ResourceTypeId = resourceType.Id
};
@@ -430,10 +426,10 @@ namespace Coscine.Api.Project.Controllers
}
/// <summary>
/// Updates the selected project
/// Updates the selected project
/// </summary>
/// <param name="id">Id of the resource</param>
/// <returns>Ok or Statuscode 401</returns>
/// <returns>OK or status code 401</returns>
[HttpPost("[controller]/{id}")]
public IActionResult Update(string id)
{
@@ -455,7 +451,7 @@ namespace Coscine.Api.Project.Controllers
/// Deletes the selected project
/// </summary>
/// <param name="id">Id of the resource</param>
/// <returns>Json object or Statuscode 401</returns>
/// <returns>JSON object or status code 401</returns>
[HttpDelete("[controller]/{id}")]
public IActionResult Delete(string id)
{
@@ -479,13 +475,13 @@ namespace Coscine.Api.Project.Controllers
/// </summary>
/// <param name="project">Project</param>
/// <param name="isHard">isHard</param>
/// <param name="propegateAction">propegate Action</param>
public void DeleteProject(Database.DataModel.Project project, bool isHard = false, bool propegateAction = true)
/// <param name="propagateAction">propagate Action</param>
public void DeleteProject(Database.DataModel.Project project, bool isHard = false, bool propagateAction = true)
{
var subProjectModel = new SubProjectModel();
foreach (var subProject in subProjectModel.GetAllWhere(
(subProject) => subProject.ProjectId == project.Id
&& (subProject.SubProjectNavigation.Deleted == false || isHard)
&& (!subProject.SubProjectNavigation.Deleted || isHard)
))
{
Database.DataModel.Project subProjectObject;
@@ -498,7 +494,7 @@ namespace Coscine.Api.Project.Controllers
{
subProjectObject = _projectModel.GetById(subProject.SubProjectId);
}
DeleteProject(subProjectObject, isHard, propegateAction);
DeleteProject(subProjectObject, isHard, propagateAction);
}
foreach (var subProject in subProjectModel.GetAllWhere((subProject) => subProject.SubProjectId == project.Id))
@@ -554,7 +550,7 @@ namespace Coscine.Api.Project.Controllers
_activatedFeaturesModel.DeactivateAllFeatures(project);
if (propegateAction)
if (propagateAction)
{
_emitter.EmitProjectDelete(new ProjectEventArgs(_configuration)
{
@@ -573,7 +569,7 @@ namespace Coscine.Api.Project.Controllers
/// <summary>
/// Creates a project
/// </summary>
/// <returns>Json object or Statuscode 401</returns>
/// <returns>JSON object or status code 401</returns>
[HttpPost("[controller]")]
public IActionResult Store()
{
@@ -639,7 +635,7 @@ namespace Coscine.Api.Project.Controllers
if (!_projectModel.HasAccess(user, project, UserRoles.Owner))
{
return Unauthorized($"You are not an owner of the project.");
return Unauthorized("You are not an owner of the project.");
}
var invitations = _invitationModel.GetAllWhere(x => x.Project == projectId)
@@ -685,7 +681,7 @@ namespace Coscine.Api.Project.Controllers
if (!_projectModel.HasAccess(user, project, UserRoles.Owner))
{
return Unauthorized($"You are not an owner of the project.");
return Unauthorized("You are not an owner of the project.");
}
var invitations = _invitationModel.GetAllWhere(
@@ -718,7 +714,7 @@ namespace Coscine.Api.Project.Controllers
{
["placeholder"] = new JObject()
{
["confirmation_link"] = $@"{_configuration.GetString("coscine/local/api/additional/url")}/SitePages/Home.aspx?token={token}"
["confirmation_link"] = $"{_configuration.GetString("coscine/local/api/additional/url")}/SitePages/Home.aspx?token={token}"
}
}
};
@@ -747,7 +743,7 @@ namespace Coscine.Api.Project.Controllers
if (!_projectModel.HasAccess(user, _projectModel.GetById(invitation.Project), UserRoles.Owner))
{
return Unauthorized($"You are not an owner of this project.");
return Unauthorized("You are not an owner of this project.");
}
_invitationModel.Delete(invitation);
@@ -781,12 +777,12 @@ namespace Coscine.Api.Project.Controllers
if (!_projectModel.HasAccess(_userModel.GetById(invitation.Issuer), project, UserRoles.Owner))
{
return Unauthorized($"The issuer is not an owner of the project.");
return Unauthorized("The issuer is not an owner of the project.");
}
if (_projectRoleModel.GetAllWhere(x => x.ProjectId == invitation.Project && x.UserId == user.Id).Any())
{
return BadRequest($"The invitee is already part of the project.");
return BadRequest("The invitee is already part of the project.");
}
var role = _roleModel.GetById(invitation.Role);
@@ -838,7 +834,7 @@ namespace Coscine.Api.Project.Controllers
private void LogAnalyticsViewProject(Database.DataModel.Project project, List<ResourceObject> resources, IEnumerable<DisciplineObject> disciplines, IEnumerable<OrganizationObject> organizations, User user)
{
var resourceTypes = _resourceTypeModel.GetAllWhere(x => x.Enabled.HasValue && x.Enabled.Value);
var resourceTypes = _resourceTypeModel.GetAllWhere(x => x.Enabled == true);
var objects = resourceTypes.Select(x => CreateProjectQuotaReturnObject(x, project.Id));
@@ -853,13 +849,13 @@ namespace Coscine.Api.Project.Controllers
Disciplines = disciplines.Select(x => x.DisplayNameEn).ToList(),
Organizations = organizations.Select(x => x.DisplayName).ToList(),
Visibility = project.VisibilityId.HasValue ? _visibilityModel.GetById(project.VisibilityId.Value)?.DisplayName : null,
ResourceList = resources.Select(x => x.Id.ToString()).ToList(),
ResourceList = resources.ConvertAll(x => x.Id.ToString()),
});
}
private void LogAnalyticsEditProject(Database.DataModel.Project project, string metadataCompletness, IEnumerable<DisciplineObject> disciplines, IEnumerable<OrganizationObject> organizations, User user)
{
var resourceTypes = _resourceTypeModel.GetAllWhere(x => x.Enabled.HasValue && x.Enabled.Value);
var resourceTypes = _resourceTypeModel.GetAllWhere(x => x.Enabled == true);
var objects = resourceTypes.Select(x => CreateProjectQuotaReturnObject(x, project.Id));
@@ -880,7 +876,7 @@ namespace Coscine.Api.Project.Controllers
private void LogAnalyticsAddProject(Database.DataModel.Project project, string metadataCompletness, IEnumerable<DisciplineObject> disciplines, IEnumerable<OrganizationObject> organizations, User user)
{
var resourceTypes = _resourceTypeModel.GetAllWhere(x => x.Enabled.HasValue && x.Enabled.Value);
var resourceTypes = _resourceTypeModel.GetAllWhere(x => x.Enabled == true);
var objects = resourceTypes.Select(x => CreateProjectQuotaReturnObject(x, project.Id));
@@ -901,7 +897,7 @@ namespace Coscine.Api.Project.Controllers
private void LogAnalyticsDeleteProject(Database.DataModel.Project project, IEnumerable<DisciplineObject> disciplines, IEnumerable<OrganizationObject> organizations, User user)
{
var resourceTypes = _resourceTypeModel.GetAllWhere(x => x.Enabled.HasValue && x.Enabled.Value);
var resourceTypes = _resourceTypeModel.GetAllWhere(x => x.Enabled == true);
var objects = resourceTypes.Select(x => CreateProjectQuotaReturnObject(x, project.Id));