diff options
author | Diva Canto | 2010-01-08 10:43:34 -0800 |
---|---|---|
committer | Diva Canto | 2010-01-08 10:43:34 -0800 |
commit | b63405c1a796b44b58081857d01f726372467628 (patch) | |
tree | 564d03059ed55f7b0740fd00e6dd7d1e34edea5d /OpenSim/ApplicationPlugins/Rest/Inventory | |
parent | * Finished SimulationServiceConnector (diff) | |
download | opensim-SC_OLD-b63405c1a796b44b58081857d01f726372467628.zip opensim-SC_OLD-b63405c1a796b44b58081857d01f726372467628.tar.gz opensim-SC_OLD-b63405c1a796b44b58081857d01f726372467628.tar.bz2 opensim-SC_OLD-b63405c1a796b44b58081857d01f726372467628.tar.xz |
Inching ahead... This compiles, but very likely does not run.
Diffstat (limited to 'OpenSim/ApplicationPlugins/Rest/Inventory')
4 files changed, 396 insertions, 384 deletions
diff --git a/OpenSim/ApplicationPlugins/Rest/Inventory/RequestData.cs b/OpenSim/ApplicationPlugins/Rest/Inventory/RequestData.cs index d3a7e64..10f1a6e 100644 --- a/OpenSim/ApplicationPlugins/Rest/Inventory/RequestData.cs +++ b/OpenSim/ApplicationPlugins/Rest/Inventory/RequestData.cs | |||
@@ -35,6 +35,9 @@ using System.Xml; | |||
35 | using OpenSim.Framework; | 35 | using OpenSim.Framework; |
36 | using OpenSim.Framework.Servers; | 36 | using OpenSim.Framework.Servers; |
37 | using OpenSim.Framework.Servers.HttpServer; | 37 | using OpenSim.Framework.Servers.HttpServer; |
38 | using OpenSim.Services.Interfaces; | ||
39 | |||
40 | using OpenMetaverse; | ||
38 | 41 | ||
39 | namespace OpenSim.ApplicationPlugins.Rest.Inventory | 42 | namespace OpenSim.ApplicationPlugins.Rest.Inventory |
40 | { | 43 | { |
@@ -658,7 +661,6 @@ namespace OpenSim.ApplicationPlugins.Rest.Inventory | |||
658 | { | 661 | { |
659 | 662 | ||
660 | int x; | 663 | int x; |
661 | string HA1; | ||
662 | string first; | 664 | string first; |
663 | string last; | 665 | string last; |
664 | 666 | ||
@@ -675,17 +677,13 @@ namespace OpenSim.ApplicationPlugins.Rest.Inventory | |||
675 | last = String.Empty; | 677 | last = String.Empty; |
676 | } | 678 | } |
677 | 679 | ||
678 | UserProfileData udata = Rest.UserServices.GetUserProfile(first, last); | 680 | UserAccount account = Rest.UserServices.GetUserAccount(UUID.Zero, first, last); |
679 | 681 | ||
680 | // If we don't recognize the user id, perhaps it is god? | 682 | // If we don't recognize the user id, perhaps it is god? |
681 | 683 | if (account == null) | |
682 | if (udata == null) | ||
683 | return pass == Rest.GodKey; | 684 | return pass == Rest.GodKey; |
684 | 685 | ||
685 | HA1 = HashToString(pass); | 686 | return (Rest.AuthServices.Authenticate(account.PrincipalID, pass, 1) != string.Empty); |
686 | HA1 = HashToString(String.Format("{0}:{1}",HA1,udata.PasswordSalt)); | ||
687 | |||
688 | return (0 == sc.Compare(HA1, udata.PasswordHash)); | ||
689 | 687 | ||
690 | } | 688 | } |
691 | 689 | ||
@@ -897,11 +895,10 @@ namespace OpenSim.ApplicationPlugins.Rest.Inventory | |||
897 | last = String.Empty; | 895 | last = String.Empty; |
898 | } | 896 | } |
899 | 897 | ||
900 | UserProfileData udata = Rest.UserServices.GetUserProfile(first, last); | 898 | UserAccount account = Rest.UserServices.GetUserAccount(UUID.Zero, first, last); |
901 | |||
902 | // If we don;t recognize the user id, perhaps it is god? | 899 | // If we don;t recognize the user id, perhaps it is god? |
903 | 900 | ||
904 | if (udata == null) | 901 | if (account == null) |
905 | { | 902 | { |
906 | Rest.Log.DebugFormat("{0} Administrator", MsgId); | 903 | Rest.Log.DebugFormat("{0} Administrator", MsgId); |
907 | return Rest.GodKey; | 904 | return Rest.GodKey; |
@@ -909,7 +906,12 @@ namespace OpenSim.ApplicationPlugins.Rest.Inventory | |||
909 | else | 906 | else |
910 | { | 907 | { |
911 | Rest.Log.DebugFormat("{0} Normal User {1}", MsgId, user); | 908 | Rest.Log.DebugFormat("{0} Normal User {1}", MsgId, user); |
912 | return udata.PasswordHash; | 909 | |
910 | // !!! REFACTORING PROBLEM | ||
911 | // This is what it was. It doesn't work in 0.7 | ||
912 | // Nothing retrieves the password from the authentication service, there's only authentication. | ||
913 | //return udata.PasswordHash; | ||
914 | return string.Empty; | ||
913 | } | 915 | } |
914 | 916 | ||
915 | } | 917 | } |
diff --git a/OpenSim/ApplicationPlugins/Rest/Inventory/Rest.cs b/OpenSim/ApplicationPlugins/Rest/Inventory/Rest.cs index 8d62423..791cfcd 100644 --- a/OpenSim/ApplicationPlugins/Rest/Inventory/Rest.cs +++ b/OpenSim/ApplicationPlugins/Rest/Inventory/Rest.cs | |||
@@ -103,11 +103,16 @@ namespace OpenSim.ApplicationPlugins.Rest.Inventory | |||
103 | get { return main.SceneManager.CurrentOrFirstScene.InventoryService; } | 103 | get { return main.SceneManager.CurrentOrFirstScene.InventoryService; } |
104 | } | 104 | } |
105 | 105 | ||
106 | internal static IUserService UserServices | 106 | internal static IUserAccountService UserServices |
107 | { | 107 | { |
108 | get { return Comms.UserService; } | 108 | get { return main.SceneManager.CurrentOrFirstScene.UserAccountService; } |
109 | } | 109 | } |
110 | 110 | ||
111 | internal static IAuthenticationService AuthServices | ||
112 | { | ||
113 | get { return main.SceneManager.CurrentOrFirstScene.AuthenticationService; } | ||
114 | } | ||
115 | |||
111 | internal static IAvatarService AvatarServices | 116 | internal static IAvatarService AvatarServices |
112 | { | 117 | { |
113 | get { return Comms.AvatarService; } | 118 | get { return Comms.AvatarService; } |
diff --git a/OpenSim/ApplicationPlugins/Rest/Inventory/RestAppearanceServices.cs b/OpenSim/ApplicationPlugins/Rest/Inventory/RestAppearanceServices.cs index b2b4aa7..0a45eff 100644 --- a/OpenSim/ApplicationPlugins/Rest/Inventory/RestAppearanceServices.cs +++ b/OpenSim/ApplicationPlugins/Rest/Inventory/RestAppearanceServices.cs | |||
@@ -135,152 +135,153 @@ namespace OpenSim.ApplicationPlugins.Rest.Inventory | |||
135 | 135 | ||
136 | private void DoAppearance(RequestData hdata) | 136 | private void DoAppearance(RequestData hdata) |
137 | { | 137 | { |
138 | 138 | // !!! REFACTORIMG PROBLEM. This needs rewriting for 0.7 | |
139 | AppearanceRequestData rdata = (AppearanceRequestData) hdata; | 139 | |
140 | 140 | //AppearanceRequestData rdata = (AppearanceRequestData) hdata; | |
141 | Rest.Log.DebugFormat("{0} DoAppearance ENTRY", MsgId); | 141 | |
142 | 142 | //Rest.Log.DebugFormat("{0} DoAppearance ENTRY", MsgId); | |
143 | // If we're disabled, do nothing. | 143 | |
144 | 144 | //// If we're disabled, do nothing. | |
145 | if (!enabled) | 145 | |
146 | { | 146 | //if (!enabled) |
147 | return; | 147 | //{ |
148 | } | 148 | // return; |
149 | 149 | //} | |
150 | // Now that we know this is a serious attempt to | 150 | |
151 | // access inventory data, we should find out who | 151 | //// Now that we know this is a serious attempt to |
152 | // is asking, and make sure they are authorized | 152 | //// access inventory data, we should find out who |
153 | // to do so. We need to validate the caller's | 153 | //// is asking, and make sure they are authorized |
154 | // identity before revealing anything about the | 154 | //// to do so. We need to validate the caller's |
155 | // status quo. Authenticate throws an exception | 155 | //// identity before revealing anything about the |
156 | // via Fail if no identity information is present. | 156 | //// status quo. Authenticate throws an exception |
157 | // | 157 | //// via Fail if no identity information is present. |
158 | // With the present HTTP server we can't use the | 158 | //// |
159 | // builtin authentication mechanisms because they | 159 | //// With the present HTTP server we can't use the |
160 | // would be enforced for all in-bound requests. | 160 | //// builtin authentication mechanisms because they |
161 | // Instead we look at the headers ourselves and | 161 | //// would be enforced for all in-bound requests. |
162 | // handle authentication directly. | 162 | //// Instead we look at the headers ourselves and |
163 | 163 | //// handle authentication directly. | |
164 | try | 164 | |
165 | { | 165 | //try |
166 | if (!rdata.IsAuthenticated) | 166 | //{ |
167 | { | 167 | // if (!rdata.IsAuthenticated) |
168 | rdata.Fail(Rest.HttpStatusCodeNotAuthorized,String.Format("user \"{0}\" could not be authenticated", rdata.userName)); | 168 | // { |
169 | } | 169 | // rdata.Fail(Rest.HttpStatusCodeNotAuthorized,String.Format("user \"{0}\" could not be authenticated", rdata.userName)); |
170 | } | 170 | // } |
171 | catch (RestException e) | 171 | //} |
172 | { | 172 | //catch (RestException e) |
173 | if (e.statusCode == Rest.HttpStatusCodeNotAuthorized) | 173 | //{ |
174 | { | 174 | // if (e.statusCode == Rest.HttpStatusCodeNotAuthorized) |
175 | Rest.Log.WarnFormat("{0} User not authenticated", MsgId); | 175 | // { |
176 | Rest.Log.DebugFormat("{0} Authorization header: {1}", MsgId, rdata.request.Headers.Get("Authorization")); | 176 | // Rest.Log.WarnFormat("{0} User not authenticated", MsgId); |
177 | } | 177 | // Rest.Log.DebugFormat("{0} Authorization header: {1}", MsgId, rdata.request.Headers.Get("Authorization")); |
178 | else | 178 | // } |
179 | { | 179 | // else |
180 | Rest.Log.ErrorFormat("{0} User authentication failed", MsgId); | 180 | // { |
181 | Rest.Log.DebugFormat("{0} Authorization header: {1}", MsgId, rdata.request.Headers.Get("Authorization")); | 181 | // Rest.Log.ErrorFormat("{0} User authentication failed", MsgId); |
182 | } | 182 | // Rest.Log.DebugFormat("{0} Authorization header: {1}", MsgId, rdata.request.Headers.Get("Authorization")); |
183 | throw (e); | 183 | // } |
184 | } | 184 | // throw (e); |
185 | 185 | //} | |
186 | Rest.Log.DebugFormat("{0} Authenticated {1}", MsgId, rdata.userName); | 186 | |
187 | 187 | //Rest.Log.DebugFormat("{0} Authenticated {1}", MsgId, rdata.userName); | |
188 | // We can only get here if we are authorized | 188 | |
189 | // | 189 | //// We can only get here if we are authorized |
190 | // The requestor may have specified an UUID or | 190 | //// |
191 | // a conjoined FirstName LastName string. We'll | 191 | //// The requestor may have specified an UUID or |
192 | // try both. If we fail with the first, UUID, | 192 | //// a conjoined FirstName LastName string. We'll |
193 | // attempt, we try the other. As an example, the | 193 | //// try both. If we fail with the first, UUID, |
194 | // URI for a valid inventory request might be: | 194 | //// attempt, we try the other. As an example, the |
195 | // | 195 | //// URI for a valid inventory request might be: |
196 | // http://<host>:<port>/admin/inventory/Arthur Dent | 196 | //// |
197 | // | 197 | //// http://<host>:<port>/admin/inventory/Arthur Dent |
198 | // Indicating that this is an inventory request for | 198 | //// |
199 | // an avatar named Arthur Dent. This is ALL that is | 199 | //// Indicating that this is an inventory request for |
200 | // required to designate a GET for an entire | 200 | //// an avatar named Arthur Dent. This is ALL that is |
201 | // inventory. | 201 | //// required to designate a GET for an entire |
202 | // | 202 | //// inventory. |
203 | 203 | //// | |
204 | // Do we have at least a user agent name? | 204 | |
205 | 205 | //// Do we have at least a user agent name? | |
206 | if (rdata.Parameters.Length < 1) | 206 | |
207 | { | 207 | //if (rdata.Parameters.Length < 1) |
208 | Rest.Log.WarnFormat("{0} Appearance: No user agent identifier specified", MsgId); | 208 | //{ |
209 | rdata.Fail(Rest.HttpStatusCodeBadRequest, "no user identity specified"); | 209 | // Rest.Log.WarnFormat("{0} Appearance: No user agent identifier specified", MsgId); |
210 | } | 210 | // rdata.Fail(Rest.HttpStatusCodeBadRequest, "no user identity specified"); |
211 | 211 | //} | |
212 | // The first parameter MUST be the agent identification, either an UUID | 212 | |
213 | // or a space-separated First-name Last-Name specification. We check for | 213 | //// The first parameter MUST be the agent identification, either an UUID |
214 | // an UUID first, if anyone names their character using a valid UUID | 214 | //// or a space-separated First-name Last-Name specification. We check for |
215 | // that identifies another existing avatar will cause this a problem... | 215 | //// an UUID first, if anyone names their character using a valid UUID |
216 | 216 | //// that identifies another existing avatar will cause this a problem... | |
217 | try | 217 | |
218 | { | 218 | //try |
219 | rdata.uuid = new UUID(rdata.Parameters[PARM_USERID]); | 219 | //{ |
220 | Rest.Log.DebugFormat("{0} UUID supplied", MsgId); | 220 | // rdata.uuid = new UUID(rdata.Parameters[PARM_USERID]); |
221 | rdata.userProfile = Rest.UserServices.GetUserProfile(rdata.uuid); | 221 | // Rest.Log.DebugFormat("{0} UUID supplied", MsgId); |
222 | } | 222 | // rdata.userProfile = Rest.UserServices.GetUserProfile(rdata.uuid); |
223 | catch | 223 | //} |
224 | { | 224 | //catch |
225 | string[] names = rdata.Parameters[PARM_USERID].Split(Rest.CA_SPACE); | 225 | //{ |
226 | if (names.Length == 2) | 226 | // string[] names = rdata.Parameters[PARM_USERID].Split(Rest.CA_SPACE); |
227 | { | 227 | // if (names.Length == 2) |
228 | Rest.Log.DebugFormat("{0} Agent Name supplied [2]", MsgId); | 228 | // { |
229 | rdata.userProfile = Rest.UserServices.GetUserProfile(names[0],names[1]); | 229 | // Rest.Log.DebugFormat("{0} Agent Name supplied [2]", MsgId); |
230 | } | 230 | // rdata.userProfile = Rest.UserServices.GetUserProfile(names[0],names[1]); |
231 | else | 231 | // } |
232 | { | 232 | // else |
233 | Rest.Log.WarnFormat("{0} A Valid UUID or both first and last names must be specified", MsgId); | 233 | // { |
234 | rdata.Fail(Rest.HttpStatusCodeBadRequest, "invalid user identity"); | 234 | // Rest.Log.WarnFormat("{0} A Valid UUID or both first and last names must be specified", MsgId); |
235 | } | 235 | // rdata.Fail(Rest.HttpStatusCodeBadRequest, "invalid user identity"); |
236 | } | 236 | // } |
237 | 237 | //} | |
238 | // If the user profile is null then either the server is broken, or the | 238 | |
239 | // user is not known. We always assume the latter case. | 239 | //// If the user profile is null then either the server is broken, or the |
240 | 240 | //// user is not known. We always assume the latter case. | |
241 | if (rdata.userProfile != null) | 241 | |
242 | { | 242 | //if (rdata.userProfile != null) |
243 | Rest.Log.DebugFormat("{0} User profile obtained for agent {1} {2}", | 243 | //{ |
244 | MsgId, rdata.userProfile.FirstName, rdata.userProfile.SurName); | 244 | // Rest.Log.DebugFormat("{0} User profile obtained for agent {1} {2}", |
245 | } | 245 | // MsgId, rdata.userProfile.FirstName, rdata.userProfile.SurName); |
246 | else | 246 | //} |
247 | { | 247 | //else |
248 | Rest.Log.WarnFormat("{0} No user profile for {1}", MsgId, rdata.path); | 248 | //{ |
249 | rdata.Fail(Rest.HttpStatusCodeNotFound, "unrecognized user identity"); | 249 | // Rest.Log.WarnFormat("{0} No user profile for {1}", MsgId, rdata.path); |
250 | } | 250 | // rdata.Fail(Rest.HttpStatusCodeNotFound, "unrecognized user identity"); |
251 | 251 | //} | |
252 | // If we get to here, then we have effectively validated the user's | 252 | |
253 | 253 | //// If we get to here, then we have effectively validated the user's | |
254 | switch (rdata.method) | 254 | |
255 | { | 255 | //switch (rdata.method) |
256 | case Rest.HEAD : // Do the processing, set the status code, suppress entity | 256 | //{ |
257 | DoGet(rdata); | 257 | // case Rest.HEAD : // Do the processing, set the status code, suppress entity |
258 | rdata.buffer = null; | 258 | // DoGet(rdata); |
259 | break; | 259 | // rdata.buffer = null; |
260 | 260 | // break; | |
261 | case Rest.GET : // Do the processing, set the status code, return entity | 261 | |
262 | DoGet(rdata); | 262 | // case Rest.GET : // Do the processing, set the status code, return entity |
263 | break; | 263 | // DoGet(rdata); |
264 | 264 | // break; | |
265 | case Rest.PUT : // Update named element | 265 | |
266 | DoUpdate(rdata); | 266 | // case Rest.PUT : // Update named element |
267 | break; | 267 | // DoUpdate(rdata); |
268 | 268 | // break; | |
269 | case Rest.POST : // Add new information to identified context. | 269 | |
270 | DoExtend(rdata); | 270 | // case Rest.POST : // Add new information to identified context. |
271 | break; | 271 | // DoExtend(rdata); |
272 | 272 | // break; | |
273 | case Rest.DELETE : // Delete information | 273 | |
274 | DoDelete(rdata); | 274 | // case Rest.DELETE : // Delete information |
275 | break; | 275 | // DoDelete(rdata); |
276 | 276 | // break; | |
277 | default : | 277 | |
278 | Rest.Log.WarnFormat("{0} Method {1} not supported for {2}", | 278 | // default : |
279 | MsgId, rdata.method, rdata.path); | 279 | // Rest.Log.WarnFormat("{0} Method {1} not supported for {2}", |
280 | rdata.Fail(Rest.HttpStatusCodeMethodNotAllowed, | 280 | // MsgId, rdata.method, rdata.path); |
281 | String.Format("{0} not supported", rdata.method)); | 281 | // rdata.Fail(Rest.HttpStatusCodeMethodNotAllowed, |
282 | break; | 282 | // String.Format("{0} not supported", rdata.method)); |
283 | } | 283 | // break; |
284 | //} | ||
284 | } | 285 | } |
285 | 286 | ||
286 | #endregion Interface | 287 | #endregion Interface |
@@ -391,37 +392,39 @@ namespace OpenSim.ApplicationPlugins.Rest.Inventory | |||
391 | private void DoUpdate(AppearanceRequestData rdata) | 392 | private void DoUpdate(AppearanceRequestData rdata) |
392 | { | 393 | { |
393 | 394 | ||
394 | bool created = false; | 395 | // REFACTORING PROBLEM This was commented out. It doesn't work for 0.7 |
395 | bool modified = false; | ||
396 | 396 | ||
397 | //bool created = false; | ||
398 | //bool modified = false; | ||
397 | 399 | ||
398 | rdata.userAppearance = Rest.AvatarServices.GetUserAppearance(rdata.userProfile.ID); | ||
399 | 400 | ||
400 | // If the user exists then this is considered a modification regardless | 401 | //rdata.userAppearance = Rest.AvatarServices.GetUserAppearance(rdata.userProfile.ID); |
401 | // of what may, or may not be, specified in the payload. | ||
402 | 402 | ||
403 | if (rdata.userAppearance != null) | 403 | //// If the user exists then this is considered a modification regardless |
404 | { | 404 | //// of what may, or may not be, specified in the payload. |
405 | modified = true; | ||
406 | Rest.AvatarServices.UpdateUserAppearance(rdata.userProfile.ID, rdata.userAppearance); | ||
407 | Rest.UserServices.UpdateUserProfile(rdata.userProfile); | ||
408 | } | ||
409 | 405 | ||
410 | if (created) | 406 | //if (rdata.userAppearance != null) |
411 | { | 407 | //{ |
412 | rdata.Complete(Rest.HttpStatusCodeCreated); | 408 | // modified = true; |
413 | } | 409 | // Rest.AvatarServices.UpdateUserAppearance(rdata.userProfile.ID, rdata.userAppearance); |
414 | else | 410 | // Rest.UserServices.UpdateUserProfile(rdata.userProfile); |
415 | { | 411 | //} |
416 | if (modified) | 412 | |
417 | { | 413 | //if (created) |
418 | rdata.Complete(Rest.HttpStatusCodeOK); | 414 | //{ |
419 | } | 415 | // rdata.Complete(Rest.HttpStatusCodeCreated); |
420 | else | 416 | //} |
421 | { | 417 | //else |
422 | rdata.Complete(Rest.HttpStatusCodeNoContent); | 418 | //{ |
423 | } | 419 | // if (modified) |
424 | } | 420 | // { |
421 | // rdata.Complete(Rest.HttpStatusCodeOK); | ||
422 | // } | ||
423 | // else | ||
424 | // { | ||
425 | // rdata.Complete(Rest.HttpStatusCodeNoContent); | ||
426 | // } | ||
427 | //} | ||
425 | 428 | ||
426 | rdata.Respond(String.Format("Appearance {0} : Normal completion", rdata.method)); | 429 | rdata.Respond(String.Format("Appearance {0} : Normal completion", rdata.method)); |
427 | 430 | ||
diff --git a/OpenSim/ApplicationPlugins/Rest/Inventory/RestInventoryServices.cs b/OpenSim/ApplicationPlugins/Rest/Inventory/RestInventoryServices.cs index 01bfe00..098c54d 100644 --- a/OpenSim/ApplicationPlugins/Rest/Inventory/RestInventoryServices.cs +++ b/OpenSim/ApplicationPlugins/Rest/Inventory/RestInventoryServices.cs | |||
@@ -143,203 +143,205 @@ namespace OpenSim.ApplicationPlugins.Rest.Inventory | |||
143 | 143 | ||
144 | Rest.Log.DebugFormat("{0} DoInventory ENTRY", MsgId); | 144 | Rest.Log.DebugFormat("{0} DoInventory ENTRY", MsgId); |
145 | 145 | ||
146 | // If we're disabled, do nothing. | 146 | // !!! REFACTORING PROBLEM |
147 | 147 | ||
148 | if (!enabled) | 148 | //// If we're disabled, do nothing. |
149 | { | 149 | |
150 | return; | 150 | //if (!enabled) |
151 | } | 151 | //{ |
152 | 152 | // return; | |
153 | // Now that we know this is a serious attempt to | 153 | //} |
154 | // access inventory data, we should find out who | 154 | |
155 | // is asking, and make sure they are authorized | 155 | //// Now that we know this is a serious attempt to |
156 | // to do so. We need to validate the caller's | 156 | //// access inventory data, we should find out who |
157 | // identity before revealing anything about the | 157 | //// is asking, and make sure they are authorized |
158 | // status quo. Authenticate throws an exception | 158 | //// to do so. We need to validate the caller's |
159 | // via Fail if no identity information is present. | 159 | //// identity before revealing anything about the |
160 | // | 160 | //// status quo. Authenticate throws an exception |
161 | // With the present HTTP server we can't use the | 161 | //// via Fail if no identity information is present. |
162 | // builtin authentication mechanisms because they | 162 | //// |
163 | // would be enforced for all in-bound requests. | 163 | //// With the present HTTP server we can't use the |
164 | // Instead we look at the headers ourselves and | 164 | //// builtin authentication mechanisms because they |
165 | // handle authentication directly. | 165 | //// would be enforced for all in-bound requests. |
166 | 166 | //// Instead we look at the headers ourselves and | |
167 | try | 167 | //// handle authentication directly. |
168 | { | 168 | |
169 | if (!rdata.IsAuthenticated) | 169 | //try |
170 | { | 170 | //{ |
171 | rdata.Fail(Rest.HttpStatusCodeNotAuthorized,String.Format("user \"{0}\" could not be authenticated", rdata.userName)); | 171 | // if (!rdata.IsAuthenticated) |
172 | } | 172 | // { |
173 | } | 173 | // rdata.Fail(Rest.HttpStatusCodeNotAuthorized,String.Format("user \"{0}\" could not be authenticated", rdata.userName)); |
174 | catch (RestException e) | 174 | // } |
175 | { | 175 | //} |
176 | if (e.statusCode == Rest.HttpStatusCodeNotAuthorized) | 176 | //catch (RestException e) |
177 | { | 177 | //{ |
178 | Rest.Log.WarnFormat("{0} User not authenticated", MsgId); | 178 | // if (e.statusCode == Rest.HttpStatusCodeNotAuthorized) |
179 | Rest.Log.DebugFormat("{0} Authorization header: {1}", MsgId, rdata.request.Headers.Get("Authorization")); | 179 | // { |
180 | } | 180 | // Rest.Log.WarnFormat("{0} User not authenticated", MsgId); |
181 | else | 181 | // Rest.Log.DebugFormat("{0} Authorization header: {1}", MsgId, rdata.request.Headers.Get("Authorization")); |
182 | { | 182 | // } |
183 | Rest.Log.ErrorFormat("{0} User authentication failed", MsgId); | 183 | // else |
184 | Rest.Log.DebugFormat("{0} Authorization header: {1}", MsgId, rdata.request.Headers.Get("Authorization")); | 184 | // { |
185 | } | 185 | // Rest.Log.ErrorFormat("{0} User authentication failed", MsgId); |
186 | throw (e); | 186 | // Rest.Log.DebugFormat("{0} Authorization header: {1}", MsgId, rdata.request.Headers.Get("Authorization")); |
187 | } | 187 | // } |
188 | 188 | // throw (e); | |
189 | Rest.Log.DebugFormat("{0} Authenticated {1}", MsgId, rdata.userName); | 189 | //} |
190 | 190 | ||
191 | // We can only get here if we are authorized | 191 | //Rest.Log.DebugFormat("{0} Authenticated {1}", MsgId, rdata.userName); |
192 | // | 192 | |
193 | // The requestor may have specified an UUID or | 193 | //// We can only get here if we are authorized |
194 | // a conjoined FirstName LastName string. We'll | 194 | //// |
195 | // try both. If we fail with the first, UUID, | 195 | //// The requestor may have specified an UUID or |
196 | // attempt, we try the other. As an example, the | 196 | //// a conjoined FirstName LastName string. We'll |
197 | // URI for a valid inventory request might be: | 197 | //// try both. If we fail with the first, UUID, |
198 | // | 198 | //// attempt, we try the other. As an example, the |
199 | // http://<host>:<port>/admin/inventory/Arthur Dent | 199 | //// URI for a valid inventory request might be: |
200 | // | 200 | //// |
201 | // Indicating that this is an inventory request for | 201 | //// http://<host>:<port>/admin/inventory/Arthur Dent |
202 | // an avatar named Arthur Dent. This is ALL that is | 202 | //// |
203 | // required to designate a GET for an entire | 203 | //// Indicating that this is an inventory request for |
204 | // inventory. | 204 | //// an avatar named Arthur Dent. This is ALL that is |
205 | // | 205 | //// required to designate a GET for an entire |
206 | 206 | //// inventory. | |
207 | 207 | //// | |
208 | // Do we have at least a user agent name? | 208 | |
209 | 209 | ||
210 | if (rdata.Parameters.Length < 1) | 210 | //// Do we have at least a user agent name? |
211 | { | 211 | |
212 | Rest.Log.WarnFormat("{0} Inventory: No user agent identifier specified", MsgId); | 212 | //if (rdata.Parameters.Length < 1) |
213 | rdata.Fail(Rest.HttpStatusCodeBadRequest, "no user identity specified"); | 213 | //{ |
214 | } | 214 | // Rest.Log.WarnFormat("{0} Inventory: No user agent identifier specified", MsgId); |
215 | 215 | // rdata.Fail(Rest.HttpStatusCodeBadRequest, "no user identity specified"); | |
216 | // The first parameter MUST be the agent identification, either an UUID | 216 | //} |
217 | // or a space-separated First-name Last-Name specification. We check for | 217 | |
218 | // an UUID first, if anyone names their character using a valid UUID | 218 | //// The first parameter MUST be the agent identification, either an UUID |
219 | // that identifies another existing avatar will cause this a problem... | 219 | //// or a space-separated First-name Last-Name specification. We check for |
220 | 220 | //// an UUID first, if anyone names their character using a valid UUID | |
221 | try | 221 | //// that identifies another existing avatar will cause this a problem... |
222 | { | 222 | |
223 | rdata.uuid = new UUID(rdata.Parameters[PARM_USERID]); | 223 | //try |
224 | Rest.Log.DebugFormat("{0} UUID supplied", MsgId); | 224 | //{ |
225 | rdata.userProfile = Rest.UserServices.GetUserProfile(rdata.uuid); | 225 | // rdata.uuid = new UUID(rdata.Parameters[PARM_USERID]); |
226 | } | 226 | // Rest.Log.DebugFormat("{0} UUID supplied", MsgId); |
227 | catch | 227 | // rdata.userProfile = Rest.UserServices.GetUserProfile(rdata.uuid); |
228 | { | 228 | //} |
229 | string[] names = rdata.Parameters[PARM_USERID].Split(Rest.CA_SPACE); | 229 | //catch |
230 | if (names.Length == 2) | 230 | //{ |
231 | { | 231 | // string[] names = rdata.Parameters[PARM_USERID].Split(Rest.CA_SPACE); |
232 | Rest.Log.DebugFormat("{0} Agent Name supplied [2]", MsgId); | 232 | // if (names.Length == 2) |
233 | rdata.userProfile = Rest.UserServices.GetUserProfile(names[0],names[1]); | 233 | // { |
234 | } | 234 | // Rest.Log.DebugFormat("{0} Agent Name supplied [2]", MsgId); |
235 | else | 235 | // rdata.userProfile = Rest.UserServices.GetUserProfile(names[0],names[1]); |
236 | { | 236 | // } |
237 | Rest.Log.WarnFormat("{0} A Valid UUID or both first and last names must be specified", MsgId); | 237 | // else |
238 | rdata.Fail(Rest.HttpStatusCodeBadRequest, "invalid user identity"); | 238 | // { |
239 | } | 239 | // Rest.Log.WarnFormat("{0} A Valid UUID or both first and last names must be specified", MsgId); |
240 | } | 240 | // rdata.Fail(Rest.HttpStatusCodeBadRequest, "invalid user identity"); |
241 | 241 | // } | |
242 | // If the user profile is null then either the server is broken, or the | 242 | //} |
243 | // user is not known. We always assume the latter case. | 243 | |
244 | 244 | //// If the user profile is null then either the server is broken, or the | |
245 | if (rdata.userProfile != null) | 245 | //// user is not known. We always assume the latter case. |
246 | { | 246 | |
247 | Rest.Log.DebugFormat("{0} Profile obtained for agent {1} {2}", | 247 | //if (rdata.userProfile != null) |
248 | MsgId, rdata.userProfile.FirstName, rdata.userProfile.SurName); | 248 | //{ |
249 | } | 249 | // Rest.Log.DebugFormat("{0} Profile obtained for agent {1} {2}", |
250 | else | 250 | // MsgId, rdata.userProfile.FirstName, rdata.userProfile.SurName); |
251 | { | 251 | //} |
252 | Rest.Log.WarnFormat("{0} No profile for {1}", MsgId, rdata.path); | 252 | //else |
253 | rdata.Fail(Rest.HttpStatusCodeNotFound, "unrecognized user identity"); | 253 | //{ |
254 | } | 254 | // Rest.Log.WarnFormat("{0} No profile for {1}", MsgId, rdata.path); |
255 | 255 | // rdata.Fail(Rest.HttpStatusCodeNotFound, "unrecognized user identity"); | |
256 | // If we get to here, then we have effectively validated the user's | 256 | //} |
257 | // identity. Now we need to get the inventory. If the server does not | 257 | |
258 | // have the inventory, we reject the request with an appropriate explanation. | 258 | //// If we get to here, then we have effectively validated the user's |
259 | // | 259 | //// identity. Now we need to get the inventory. If the server does not |
260 | // Note that inventory retrieval is an asynchronous event, we use the rdata | 260 | //// have the inventory, we reject the request with an appropriate explanation. |
261 | // class instance as the basis for our synchronization. | 261 | //// |
262 | // | 262 | //// Note that inventory retrieval is an asynchronous event, we use the rdata |
263 | 263 | //// class instance as the basis for our synchronization. | |
264 | rdata.uuid = rdata.userProfile.ID; | 264 | //// |
265 | 265 | ||
266 | if (Rest.InventoryServices.HasInventoryForUser(rdata.uuid)) | 266 | //rdata.uuid = rdata.userProfile.ID; |
267 | { | 267 | |
268 | rdata.root = Rest.InventoryServices.GetRootFolder(rdata.uuid); | 268 | //if (Rest.InventoryServices.HasInventoryForUser(rdata.uuid)) |
269 | 269 | //{ | |
270 | Rest.Log.DebugFormat("{0} Inventory Root retrieved for {1} {2}", | 270 | // rdata.root = Rest.InventoryServices.GetRootFolder(rdata.uuid); |
271 | MsgId, rdata.userProfile.FirstName, rdata.userProfile.SurName); | 271 | |
272 | 272 | // Rest.Log.DebugFormat("{0} Inventory Root retrieved for {1} {2}", | |
273 | Rest.InventoryServices.GetUserInventory(rdata.uuid, rdata.GetUserInventory); | 273 | // MsgId, rdata.userProfile.FirstName, rdata.userProfile.SurName); |
274 | 274 | ||
275 | Rest.Log.DebugFormat("{0} Inventory catalog requested for {1} {2}", | 275 | // Rest.InventoryServices.GetUserInventory(rdata.uuid, rdata.GetUserInventory); |
276 | MsgId, rdata.userProfile.FirstName, rdata.userProfile.SurName); | 276 | |
277 | 277 | // Rest.Log.DebugFormat("{0} Inventory catalog requested for {1} {2}", | |
278 | lock (rdata) | 278 | // MsgId, rdata.userProfile.FirstName, rdata.userProfile.SurName); |
279 | { | 279 | |
280 | if (!rdata.HaveInventory) | 280 | // lock (rdata) |
281 | { | 281 | // { |
282 | rdata.startWD(1000); | 282 | // if (!rdata.HaveInventory) |
283 | rdata.timeout = false; | 283 | // { |
284 | Monitor.Wait(rdata); | 284 | // rdata.startWD(1000); |
285 | } | 285 | // rdata.timeout = false; |
286 | } | 286 | // Monitor.Wait(rdata); |
287 | 287 | // } | |
288 | if (rdata.timeout) | 288 | // } |
289 | { | 289 | |
290 | Rest.Log.WarnFormat("{0} Inventory not available for {1} {2}. No response from service.", | 290 | // if (rdata.timeout) |
291 | MsgId, rdata.userProfile.FirstName, rdata.userProfile.SurName); | 291 | // { |
292 | rdata.Fail(Rest.HttpStatusCodeServerError, "inventory server not responding"); | 292 | // Rest.Log.WarnFormat("{0} Inventory not available for {1} {2}. No response from service.", |
293 | } | 293 | // MsgId, rdata.userProfile.FirstName, rdata.userProfile.SurName); |
294 | 294 | // rdata.Fail(Rest.HttpStatusCodeServerError, "inventory server not responding"); | |
295 | if (rdata.root == null) | 295 | // } |
296 | { | 296 | |
297 | Rest.Log.WarnFormat("{0} Inventory is not available [1] for agent {1} {2}", | 297 | // if (rdata.root == null) |
298 | MsgId, rdata.userProfile.FirstName, rdata.userProfile.SurName); | 298 | // { |
299 | rdata.Fail(Rest.HttpStatusCodeServerError, "inventory retrieval failed"); | 299 | // Rest.Log.WarnFormat("{0} Inventory is not available [1] for agent {1} {2}", |
300 | } | 300 | // MsgId, rdata.userProfile.FirstName, rdata.userProfile.SurName); |
301 | 301 | // rdata.Fail(Rest.HttpStatusCodeServerError, "inventory retrieval failed"); | |
302 | } | 302 | // } |
303 | else | 303 | |
304 | { | 304 | //} |
305 | Rest.Log.WarnFormat("{0} Inventory is not locally available for agent {1} {2}", | 305 | //else |
306 | MsgId, rdata.userProfile.FirstName, rdata.userProfile.SurName); | 306 | //{ |
307 | rdata.Fail(Rest.HttpStatusCodeNotFound, "no local inventory for user"); | 307 | // Rest.Log.WarnFormat("{0} Inventory is not locally available for agent {1} {2}", |
308 | } | 308 | // MsgId, rdata.userProfile.FirstName, rdata.userProfile.SurName); |
309 | 309 | // rdata.Fail(Rest.HttpStatusCodeNotFound, "no local inventory for user"); | |
310 | // If we get here, then we have successfully retrieved the user's information | 310 | //} |
311 | // and inventory information is now available locally. | 311 | |
312 | 312 | //// If we get here, then we have successfully retrieved the user's information | |
313 | switch (rdata.method) | 313 | //// and inventory information is now available locally. |
314 | { | 314 | |
315 | case Rest.HEAD : // Do the processing, set the status code, suppress entity | 315 | //switch (rdata.method) |
316 | DoGet(rdata); | 316 | //{ |
317 | rdata.buffer = null; | 317 | // case Rest.HEAD : // Do the processing, set the status code, suppress entity |
318 | break; | 318 | // DoGet(rdata); |
319 | 319 | // rdata.buffer = null; | |
320 | case Rest.GET : // Do the processing, set the status code, return entity | 320 | // break; |
321 | DoGet(rdata); | 321 | |
322 | break; | 322 | // case Rest.GET : // Do the processing, set the status code, return entity |
323 | 323 | // DoGet(rdata); | |
324 | case Rest.PUT : // Update named element | 324 | // break; |
325 | DoUpdate(rdata); | 325 | |
326 | break; | 326 | // case Rest.PUT : // Update named element |
327 | 327 | // DoUpdate(rdata); | |
328 | case Rest.POST : // Add new information to identified context. | 328 | // break; |
329 | DoExtend(rdata); | 329 | |
330 | break; | 330 | // case Rest.POST : // Add new information to identified context. |
331 | 331 | // DoExtend(rdata); | |
332 | case Rest.DELETE : // Delete information | 332 | // break; |
333 | DoDelete(rdata); | 333 | |
334 | break; | 334 | // case Rest.DELETE : // Delete information |
335 | 335 | // DoDelete(rdata); | |
336 | default : | 336 | // break; |
337 | Rest.Log.WarnFormat("{0} Method {1} not supported for {2}", | 337 | |
338 | MsgId, rdata.method, rdata.path); | 338 | // default : |
339 | rdata.Fail(Rest.HttpStatusCodeMethodNotAllowed, | 339 | // Rest.Log.WarnFormat("{0} Method {1} not supported for {2}", |
340 | String.Format("{0} not supported", rdata.method)); | 340 | // MsgId, rdata.method, rdata.path); |
341 | break; | 341 | // rdata.Fail(Rest.HttpStatusCodeMethodNotAllowed, |
342 | } | 342 | // String.Format("{0} not supported", rdata.method)); |
343 | // break; | ||
344 | //} | ||
343 | } | 345 | } |
344 | 346 | ||
345 | #endregion Interface | 347 | #endregion Interface |