Merge branch 'master' of git://github.com/DanielDar/ravendb

Raven.Client.Lightweight/Connection/RavenUrlExtensions.cs

@@ -39,7 +39,7 @@ public static string Stats(this string url)
 
 		public static string Databases(this string url, int pageSize, int start)
 		{
-			var databases = url + "/databases/?pageSize=" + pageSize;
+			var databases = url + "/databases?pageSize=" + pageSize;
 			return start > 0 ? databases + "&start=" + start : databases;
 		}
 

Raven.Database/Server/Responders/Databases.cs

@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.Security.Principal;
 using Raven.Abstractions.Data;
 using Raven.Database.Server.Abstractions;
 using Raven.Database.Extensions;
@@ -41,15 +42,15 @@ public override void Respond(IHttpContext context)
 
 			if (server.SystemConfiguration.AnonymousUserAccessMode == AnonymousUserAccessMode.None)
 			{
-				if(server.RequestAuthorizer.Authorize(context) == false)
+				var user = server.RequestAuthorizer.GetUser(context);
+				if(user == null)
 				{
 					return;
 				}
 
-
-				if (context.User.IsAdministrator(server.SystemConfiguration.AnonymousUserAccessMode) == false)
+				if (user.IsAdministrator(server.SystemConfiguration.AnonymousUserAccessMode) == false)
 				{
-					approvedDatabases = server.RequestAuthorizer.GetApprovedDatabases(context);
+					approvedDatabases = server.RequestAuthorizer.GetApprovedDatabases(user, context);
 				}
 			}
 

Raven.Database/Server/Security/AbstractRequestAuthorizer.cs

@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.Security.Principal;
 using Raven.Database.Config;
 using Raven.Database.Server.Abstractions;
 
@@ -40,7 +41,7 @@ public static bool IsGetRequest(string httpMethod, string requestPath)
 				   httpMethod == "POST" && (requestPath == "/multi_get/" || requestPath == "/multi_get");
 		}
 
-		public abstract List<string> GetApprovedDatabases(IHttpContext context);
+		public abstract List<string> GetApprovedDatabases(IPrincipal user, IHttpContext context = null);
 
 		public abstract void Dispose();
 	}

Raven.Database/Server/Security/MixedModeRequestAuthorizer.cs

@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.Security.Principal;
 using Raven.Database.Server.Abstractions;
 using Raven.Database.Server.Security.OAuth;
 using Raven.Database.Server.Security.Windows;
@@ -21,7 +22,7 @@ protected override void Initialize()
 		public bool Authorize(IHttpContext context)
 		{
 			var requestUrl = context.GetRequestUrl();
-			if (NeverSecret.Urls.Contains(requestUrl))
+			if ( NeverSecret.Urls.Contains(requestUrl))
 				return true;
 
 			var hasApiKey = "True".Equals(context.Request.Headers["Has-Api-Key"], StringComparison.CurrentCultureIgnoreCase);
@@ -36,15 +37,29 @@ public bool Authorize(IHttpContext context)
 			return windowsRequestAuthorizer.Authorize(context);
 		}
 
-		public override List<string> GetApprovedDatabases(IHttpContext context)
+		public IPrincipal GetUser(IHttpContext context)
+		{
+			var hasApiKey = "True".Equals(context.Request.Headers["Has-Api-Key"], StringComparison.CurrentCultureIgnoreCase);
+			var authHeader = context.Request.Headers["Authorization"];
+			var hasOAuthTokenInCookie = context.Request.HasCookie("OAuth-Token");
+			if (hasApiKey || hasOAuthTokenInCookie ||
+				string.IsNullOrEmpty(authHeader) == false && authHeader.StartsWith("Bearer "))
+			{
+				return oAuthRequestAuthorizer.GetUser(context, hasApiKey);
+			}
+
+			return windowsRequestAuthorizer.GetUser(context);
+		}
+
+		public override List<string> GetApprovedDatabases(IPrincipal user, IHttpContext context)
 		{
 			var authHeader = context.Request.Headers["Authorization"];
 			if (string.IsNullOrEmpty(authHeader) == false && authHeader.StartsWith("Bearer "))
 			{
-				return oAuthRequestAuthorizer.GetApprovedDatabases(context);
+				return oAuthRequestAuthorizer.GetApprovedDatabases(user);
 			}
 
-			return windowsRequestAuthorizer.GetApprovedDatabases(context);
+			return windowsRequestAuthorizer.GetApprovedDatabases(user);
 		}
 
 		public override void Dispose()

Raven.Database/Server/Security/OAuth/OAuthRequestAuthorizer.cs

@@ -72,12 +72,12 @@ public bool Authorize(IHttpContext ctx, bool hasApiKey)
 			return true;
 		}
 
-		public override List<string> GetApprovedDatabases(IHttpContext context)
+		public override List<string> GetApprovedDatabases(IPrincipal user, IHttpContext context = null)
 		{
-			var user = context.User as OAuthPrincipal;
-			if(user == null)
+			var oAuthUser = user as OAuthPrincipal;
+			if (oAuthUser == null)
 				return new List<string>();
-			return user.GetApprovedDatabases();
+			return oAuthUser.GetApprovedDatabases();
 		}
 
 		public override void Dispose()
@@ -114,6 +114,28 @@ void WriteAuthorizationChallenge(IHttpContext ctx, int statusCode, string error,
 			ctx.Response.StatusCode = statusCode;
 			ctx.Response.AddHeader("WWW-Authenticate", string.Format("Bearer realm=\"Raven\", error=\"{0}\",error_description=\"{1}\"", error, errorDescription));
 		}
+
+		public IPrincipal GetUser(IHttpContext ctx, bool hasApiKey)
+		{
+			var token = GetToken(ctx);
+
+			if (token == null)
+			{
+				WriteAuthorizationChallenge(ctx, hasApiKey ? 412 : 401, "invalid_request", "The access token is required");
+
+				return null;
+			}
+
+			AccessTokenBody tokenBody;
+			if (!AccessToken.TryParseBody(Settings.OAuthTokenKey, token, out tokenBody))
+			{
+				WriteAuthorizationChallenge(ctx, 401, "invalid_token", "The access token is invalid");
+
+				return null;
+			}
+
+			return new OAuthPrincipal(tokenBody, null);
+		}
 	}
 
 	public class OAuthPrincipal : IPrincipal, IIdentity
@@ -170,4 +192,4 @@ public AccessTokenBody TokenBody
 			get { return tokenBody; }
 		}
 	}
-}
+}

Raven.Database/Server/Security/Windows/WindowsRequestAuthorizer.cs

@@ -187,16 +187,16 @@ private PrincipalWithDatabaseAccess UpdateUserPrincipal(IHttpContext ctx, List<D
 		}
 
 
-		public override List<string> GetApprovedDatabases(IHttpContext context)
+		public override List<string> GetApprovedDatabases(IPrincipal user, IHttpContext context = null)
 		{
-			var user = context.User as PrincipalWithDatabaseAccess;
-			if (user == null)
+			var winUser = user as PrincipalWithDatabaseAccess;
+			if (winUser == null)
 				return new List<string>();
 
 			var list = new List<string>();
-			list.AddRange(user.AdminDatabases);
-			list.AddRange(user.ReadOnlyDatabases);
-			list.AddRange(user.ReadWriteDatabases);
+			list.AddRange(winUser.AdminDatabases);
+			list.AddRange(winUser.ReadOnlyDatabases);
+			list.AddRange(winUser.ReadWriteDatabases);
 
 			return list;
 		}
@@ -205,5 +205,13 @@ public override void Dispose()
 		{
 			WindowsSettingsChanged -= UpdateSettings;
 		}
+
+		public IPrincipal GetUser(IHttpContext ctx)
+		{
+			Action onRejectingRequest;
+			var databaseName = database().Name ?? Constants.SystemDatabase;
+			var userCreated = TryCreateUser(ctx, databaseName, out onRejectingRequest);
+			return userCreated ? ctx.User : null;
+		}
 	}
-}
+}