From 414935dc58c5badc68c9a8d283658c163a518be8 Mon Sep 17 00:00:00 2001 From: Shaun Walker Date: Wed, 23 Oct 2019 18:26:39 -0400 Subject: [PATCH] added security attribute to TenantController Get methods and resolved TenantId on server during Installation --- Oqtane.Client/Shared/Installer.razor | 4 +--- Oqtane.Server/Controllers/SiteController.cs | 5 ++++- Oqtane.Server/Controllers/TenantController.cs | 2 ++ Oqtane.Server/Infrastructure/LogManager.cs | 20 ++++++++++--------- 4 files changed, 18 insertions(+), 13 deletions(-) diff --git a/Oqtane.Client/Shared/Installer.razor b/Oqtane.Client/Shared/Installer.razor index e252a76ef..1579151d2 100644 --- a/Oqtane.Client/Shared/Installer.razor +++ b/Oqtane.Client/Shared/Installer.razor @@ -2,7 +2,6 @@ @inject NavigationManager NavigationManager @inject IInstallationService InstallationService @inject ISiteService SiteService -@inject ITenantService TenantService @inject IUserService UserService
@@ -172,9 +171,8 @@ GenericResponse response = await InstallationService.Install(connectionstring); if (response.Success) { - List tenants = await TenantService.GetTenantsAsync(); Site site = new Site(); - site.TenantId = tenants.FirstOrDefault().TenantId; + site.TenantId = -1; // will be populated on server site.Name = "Default Site"; site.Logo = "oqtane.png"; site.DefaultThemeType = Constants.DefaultTheme; diff --git a/Oqtane.Server/Controllers/SiteController.cs b/Oqtane.Server/Controllers/SiteController.cs index 74e668a08..8eff16aa8 100644 --- a/Oqtane.Server/Controllers/SiteController.cs +++ b/Oqtane.Server/Controllers/SiteController.cs @@ -50,7 +50,10 @@ public Site Post([FromBody] Site Site) bool authorized; if (!Sites.GetSites().Any()) { - authorized = true; // provision initial site during installation + // provision initial site during installation + authorized = true; + Tenant tenant = Tenants.GetTenant(); + Site.TenantId = tenant.TenantId; } else { diff --git a/Oqtane.Server/Controllers/TenantController.cs b/Oqtane.Server/Controllers/TenantController.cs index 224007229..ff7843f49 100644 --- a/Oqtane.Server/Controllers/TenantController.cs +++ b/Oqtane.Server/Controllers/TenantController.cs @@ -22,6 +22,7 @@ public TenantController(ITenantRepository Tenants, ILogManager logger) // GET: api/ [HttpGet] + [Authorize(Roles = Constants.HostRole)] public IEnumerable Get() { return Tenants.GetTenants(); @@ -29,6 +30,7 @@ public IEnumerable Get() // GET api//5 [HttpGet("{id}")] + [Authorize(Roles = Constants.HostRole)] public Tenant Get(int id) { return Tenants.GetTenant(id); diff --git a/Oqtane.Server/Infrastructure/LogManager.cs b/Oqtane.Server/Infrastructure/LogManager.cs index 8622abec3..52a54e006 100644 --- a/Oqtane.Server/Infrastructure/LogManager.cs +++ b/Oqtane.Server/Infrastructure/LogManager.cs @@ -95,27 +95,29 @@ private Log ProcessStructuredLog(Log Log) names.Add(message.Substring(index + 1, message.IndexOf("}", index) - index - 1)); if (values.Length > (names.Count - 1)) { - message = message.Replace("{" + names[names.Count - 1] + "}", values[names.Count - 1]?.ToString() ?? "null"); + if (values[names.Count - 1] == null) + { + message = message.Replace("{" + names[names.Count - 1] + "}", "null"); + } + else + { + message = message.Replace("{" + names[names.Count - 1] + "}", values[names.Count - 1].ToString()); + } } } index = message.IndexOf("{", index + 1); } // rebuild properties into dictionary - Dictionary propertydictionary = new Dictionary(); + Dictionary propertydictionary = new Dictionary(); for (int i = 0; i < values.Length; i++) { - string value = ""; - if (values[i] != null) - { - value = values[i].ToString(); - } if (i < names.Count) { - propertydictionary.Add(names[i], value); + propertydictionary.Add(names[i], values[i]); } else { - propertydictionary.Add("Property" + i.ToString(), value); + propertydictionary.Add("Property" + i.ToString(), values[i]); } } properties = JsonSerializer.Serialize(propertydictionary);