From 91108e2c310cf4abbe126ebd310009ce713e1c5e Mon Sep 17 00:00:00 2001 From: Uncled1023 Date: Mon, 19 Nov 2018 21:07:56 -0800 Subject: [PATCH] Fixed 404/403 errors redirecting to error page instead of loading it within the same Request context to keep URL intact. --- .../Admin/Controllers/AdminController.cs | 9 ++++--- .../Error/Controllers/ErrorController.cs | 2 ++ .../Areas/Help/Controllers/HelpController.cs | 3 ++- .../Controllers/ShortenerController.cs | 3 ++- .../Upload/Controllers/UploadController.cs | 26 +++++++++++-------- .../Areas/User/Controllers/UserController.cs | 16 ++++++------ 6 files changed, 34 insertions(+), 25 deletions(-) diff --git a/Teknik/Areas/Admin/Controllers/AdminController.cs b/Teknik/Areas/Admin/Controllers/AdminController.cs index 6125eeb..b57719a 100644 --- a/Teknik/Areas/Admin/Controllers/AdminController.cs +++ b/Teknik/Areas/Admin/Controllers/AdminController.cs @@ -18,6 +18,7 @@ using Teknik.Utilities; using Teknik.ViewModels; using Teknik.Logging; using Microsoft.AspNetCore.Authorization; +using Microsoft.AspNetCore.Http; namespace Teknik.Areas.Admin.Controllers { @@ -58,7 +59,7 @@ namespace Teknik.Areas.Admin.Controllers model.AccountStatus = info.AccountStatus.Value; return View(model); } - return Redirect(Url.SubRouteUrl("error", "Error.Http404")); + return new StatusCodeResult(StatusCodes.Status404NotFound); } [HttpGet] @@ -137,7 +138,7 @@ namespace Teknik.Areas.Admin.Controllers await UserHelper.EditAccountType(_dbContext, _config, username, accountType); return Json(new { result = new { success = true } }); } - return Redirect(Url.SubRouteUrl("error", "Error.Http404")); + return new StatusCodeResult(StatusCodes.Status404NotFound); } [HttpPost] @@ -150,7 +151,7 @@ namespace Teknik.Areas.Admin.Controllers await UserHelper.EditAccountStatus(_dbContext, _config, username, accountStatus); return Json(new { result = new { success = true } }); } - return Redirect(Url.SubRouteUrl("error", "Error.Http404")); + return new StatusCodeResult(StatusCodes.Status404NotFound); } [HttpPost] @@ -169,7 +170,7 @@ namespace Teknik.Areas.Admin.Controllers return Json(new { result = new { code = inviteCode.Code } }); } - return Redirect(Url.SubRouteUrl("error", "Error.Http404")); + return new StatusCodeResult(StatusCodes.Status404NotFound); } [HttpPost] diff --git a/Teknik/Areas/Error/Controllers/ErrorController.cs b/Teknik/Areas/Error/Controllers/ErrorController.cs index 122f8b3..8dae0d8 100644 --- a/Teknik/Areas/Error/Controllers/ErrorController.cs +++ b/Teknik/Areas/Error/Controllers/ErrorController.cs @@ -27,6 +27,7 @@ namespace Teknik.Areas.Error.Controllers { public ErrorController(ILogger logger, Config config, TeknikEntities dbContext) : base(logger, config, dbContext) { } + [AllowAnonymous] public IActionResult HttpError(int statusCode) { switch (statusCode) @@ -42,6 +43,7 @@ namespace Teknik.Areas.Error.Controllers } } + [AllowAnonymous] public IActionResult HttpGeneral(int statusCode) { ViewBag.Title = statusCode + " - " + _config.Title; diff --git a/Teknik/Areas/Help/Controllers/HelpController.cs b/Teknik/Areas/Help/Controllers/HelpController.cs index 54eb35f..aa4ddef 100644 --- a/Teknik/Areas/Help/Controllers/HelpController.cs +++ b/Teknik/Areas/Help/Controllers/HelpController.cs @@ -1,4 +1,5 @@ using Microsoft.AspNetCore.Authorization; +using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Logging; using Teknik.Areas.Help.ViewModels; @@ -39,7 +40,7 @@ namespace Teknik.Areas.Help.Controllers ViewBag.Title = service + " API " + version + " Help - " + _config.Title; return View("~/Areas/Help/Views/Help/API/" + version + "/" + service + ".cshtml", model); } - return RedirectToRoute("Error.Http404"); + return new StatusCodeResult(StatusCodes.Status404NotFound); } [AllowAnonymous] diff --git a/Teknik/Areas/Shortener/Controllers/ShortenerController.cs b/Teknik/Areas/Shortener/Controllers/ShortenerController.cs index 8aee69d..b17f0da 100644 --- a/Teknik/Areas/Shortener/Controllers/ShortenerController.cs +++ b/Teknik/Areas/Shortener/Controllers/ShortenerController.cs @@ -1,4 +1,5 @@ using Microsoft.AspNetCore.Authorization; +using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; using Microsoft.EntityFrameworkCore; using Microsoft.Extensions.Logging; @@ -41,7 +42,7 @@ namespace Teknik.Areas.Shortener.Controllers _dbContext.SaveChanges(); return Redirect(shortUrl.OriginalUrl); } - return Redirect(Url.SubRouteUrl("error", "Error.Http404")); + return new StatusCodeResult(StatusCodes.Status404NotFound); } [HttpPost] diff --git a/Teknik/Areas/Upload/Controllers/UploadController.cs b/Teknik/Areas/Upload/Controllers/UploadController.cs index 0800018..dcc7efc 100644 --- a/Teknik/Areas/Upload/Controllers/UploadController.cs +++ b/Teknik/Areas/Upload/Controllers/UploadController.cs @@ -143,7 +143,7 @@ namespace Teknik.Areas.Upload.Controllers [HttpGet] [AllowAnonymous] [ResponseCache(Duration = 31536000, Location = ResponseCacheLocation.Any)] - public IActionResult Download(string file) + public async Task Download(string file) { if (_config.UploadConfig.DownloadEnabled) { @@ -171,16 +171,20 @@ namespace Teknik.Areas.Upload.Controllers contentType = uploads.ContentType; contentLength = uploads.ContentLength; dateUploaded = uploads.DateUploaded; - //if (User.Identity.IsAuthenticated) - //{ - // User user = UserHelper.GetUser(_dbContext, User.Identity.Name); - // premiumAccount = user.AccountType == AccountType.Premium; - //} - //premiumAccount |= (uploads.User != null && uploads.User.AccountType == AccountType.Premium); + if (User.Identity.IsAuthenticated) + { + IdentityUserInfo userInfo = await IdentityHelper.GetIdentityUserInfo(_config, User.Identity.Name); + premiumAccount = userInfo.AccountType == AccountType.Premium; + } + if (!premiumAccount && uploads.User != null) + { + IdentityUserInfo userInfo = await IdentityHelper.GetIdentityUserInfo(_config, uploads.User.Username); + premiumAccount = userInfo.AccountType == AccountType.Premium; + } } else { - return Redirect(Url.SubRouteUrl("error", "Error.Http404")); + return new StatusCodeResult(StatusCodes.Status404NotFound); } // We don't have the key, so we need to decrypt it client side @@ -353,10 +357,10 @@ namespace Teknik.Areas.Upload.Controllers } } } - return Redirect(Url.SubRouteUrl("error", "Error.Http404")); + return new StatusCodeResult(StatusCodes.Status404NotFound); } } - return Redirect(Url.SubRouteUrl("error", "Error.Http403")); + return new StatusCodeResult(StatusCodes.Status403Forbidden); } [HttpPost] @@ -440,7 +444,7 @@ namespace Teknik.Areas.Upload.Controllers } return View(model); } - return RedirectToRoute("Error.Http404"); + return new StatusCodeResult(StatusCodes.Status404NotFound); } [HttpPost] diff --git a/Teknik/Areas/User/Controllers/UserController.cs b/Teknik/Areas/User/Controllers/UserController.cs index f68b8b2..115383b 100644 --- a/Teknik/Areas/User/Controllers/UserController.cs +++ b/Teknik/Areas/User/Controllers/UserController.cs @@ -340,7 +340,7 @@ namespace Teknik.Areas.Users.Controllers return View("/Areas/User/Views/User/Settings/ProfileSettings.cshtml", model); } - return Redirect(Url.SubRouteUrl("error", "Error.Http403")); + return new StatusCodeResult(StatusCodes.Status403Forbidden); } public IActionResult AccountSettings() @@ -361,7 +361,7 @@ namespace Teknik.Areas.Users.Controllers return View("/Areas/User/Views/User/Settings/AccountSettings.cshtml", model); } - return Redirect(Url.SubRouteUrl("error", "Error.Http403")); + return new StatusCodeResult(StatusCodes.Status403Forbidden); } public async Task SecuritySettings() @@ -403,7 +403,7 @@ namespace Teknik.Areas.Users.Controllers return View("/Areas/User/Views/User/Settings/SecuritySettings.cshtml", model); } - return Redirect(Url.SubRouteUrl("error", "Error.Http403")); + return new StatusCodeResult(StatusCodes.Status403Forbidden); } public IActionResult AccessTokenSettings() @@ -435,7 +435,7 @@ namespace Teknik.Areas.Users.Controllers return View("/Areas/User/Views/User/Settings/AccessTokenSettings.cshtml", model); } - return Redirect(Url.SubRouteUrl("error", "Error.Http403")); + return new StatusCodeResult(StatusCodes.Status403Forbidden); } public IActionResult InviteSettings() @@ -480,7 +480,7 @@ namespace Teknik.Areas.Users.Controllers return View("/Areas/User/Views/User/Settings/InviteSettings.cshtml", model); } - return Redirect(Url.SubRouteUrl("error", "Error.Http403")); + return new StatusCodeResult(StatusCodes.Status403Forbidden); } public IActionResult BlogSettings() @@ -503,7 +503,7 @@ namespace Teknik.Areas.Users.Controllers return View("/Areas/User/Views/User/Settings/BlogSettings.cshtml", model); } - return Redirect(Url.SubRouteUrl("error", "Error.Http403")); + return new StatusCodeResult(StatusCodes.Status403Forbidden); } public IActionResult UploadSettings() @@ -525,7 +525,7 @@ namespace Teknik.Areas.Users.Controllers return View("/Areas/User/Views/User/Settings/UploadSettings.cshtml", model); } - return Redirect(Url.SubRouteUrl("error", "Error.Http403")); + return new StatusCodeResult(StatusCodes.Status403Forbidden); } [HttpGet] @@ -540,7 +540,7 @@ namespace Teknik.Areas.Users.Controllers { return Content(userClaims.PGPPublicKey, "text/plain"); } - return Redirect(Url.SubRouteUrl("error", "Error.Http404")); + return new StatusCodeResult(StatusCodes.Status404NotFound); } [HttpPost]