lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2025-10-15 19:54:57 +08:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Remove machine key and validation

Browse Source 
This was mainly done as a workaround an MVC bug which has been fixed since.

Work Items: 16726

--HG--
branch : dev
This commit is contained in:
Renaud Paquay
2010-11-23 15:08:44 -08:00
parent 5cd56af2bd
commit 57e888f1a9
2 changed files with 3 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
src/Orchard.Web/Modules/Orchard.Setup/Controllers/SetupController.cs
View File

@@ -1,11 +1,5 @@
using System;
using System.Configuration;
using System.IO;
using System.Security.Cryptography;
using System.Web.Configuration;
using System.Web.Mvc;
using System.Linq;
using System.Xml;
using Orchard.FileSystems.AppData;
using Orchard.Setup.Services;
using Orchard.Setup.ViewModels;
@@ -41,58 +35,19 @@ namespace Orchard.Setup.Controllers {
return View(model);
}
[System.Diagnostics.CodeAnalysis.SuppressMessage("Microsoft.Reliability", "CA2000:Dispose objects before losing scope", Justification = "StreamReader closed by XmlTextReader.")]
private bool ValidateMachineKey() {
// Get the machineKey section.
MachineKeySection machineKeySection = null;
string webConfigFile = Path.Combine(HttpContext.Request.PhysicalApplicationPath, "web.config");
using (XmlTextReader webConfigReader = new XmlTextReader(new StreamReader(webConfigFile))) {
if (webConfigReader.ReadToFollowing("machineKey")) {
machineKeySection = new MachineKeySection {
DecryptionKey = webConfigReader.GetAttribute("decryptionKey"),
ValidationKey = webConfigReader.GetAttribute("validationKey")
};
}
}
if (machineKeySection == null
|| machineKeySection.DecryptionKey.Contains("AutoGenerate")
|| machineKeySection.ValidationKey.Contains("AutoGenerate")) {
var decryptionData = new byte[32];
var validationData = new byte[64];
using (var rng = new RNGCryptoServiceProvider()) {
rng.GetBytes(decryptionData);
rng.GetBytes(validationData);
}
string decryptionKey = BitConverter.ToString(decryptionData).Replace("-", "");
string validationKey = BitConverter.ToString(validationData).Replace("-", "");
ModelState.AddModelError("MachineKey", T("You need to define a MachineKey value in your web.config file. Here is one for you:\n <machineKey validationKey=\"{0}\" decryptionKey=\"{1}\" validation=\"SHA1\" decryption=\"AES\" />", validationKey, decryptionKey).ToString());
return false;
}
return true;
}
public ActionResult Index() {
ValidateMachineKey();
var initialSettings = _setupService.Prime();
return IndexViewResult(new SetupViewModel { AdminUsername = "admin", DatabaseIsPreconfigured = !string.IsNullOrEmpty(initialSettings.DataProvider)});
}
[HttpPost, ActionName("Index")]
public ActionResult IndexPOST(SetupViewModel model) {
//HACK: (erikpo) Couldn't get a custom ValidationAttribute to validate two properties
//TODO: Couldn't get a custom ValidationAttribute to validate two properties
if (!model.DatabaseOptions && string.IsNullOrEmpty(model.DatabaseConnectionString))
ModelState.AddModelError("DatabaseConnectionString", "A SQL connection string is required");
ModelState.AddModelError("DatabaseConnectionString", T("A SQL connection string is required").Text);
if (!String.IsNullOrWhiteSpace(model.ConfirmPassword) && model.AdminPassword != model.ConfirmPassword ) {
ModelState.AddModelError("ConfirmPassword", T("Password confirmation must match").ToString());
ModelState.AddModelError("ConfirmPassword", T("Password confirmation must match").Text);
}
if(!model.DatabaseOptions && !String.IsNullOrWhiteSpace(model.DatabaseTablePrefix)) {
@@ -102,8 +57,6 @@ namespace Orchard.Setup.Controllers {
}
}
ValidateMachineKey();
if (!ModelState.IsValid) {
return IndexViewResult(model);
}

2
src/Orchard.Web/Web.config
View File

@@ -42,8 +42,6 @@
<system.web>
<trust level="Medium" originUrl="" />
<machineKey validationKey="013B82F217ABB7EAB1F699E4E5B4D290030644D435994692354DAE82B06568B058BFE3C57BF199A41FFDBC84F3BC74D9C5BD96D1265F36A22D58347B591AC8DD" decryptionKey="04797035C490263D73ED991C84C5DFCD0D0206AD4F12BC3638A38FBEABEBB8C7" validation="SHA1" decryption="AES" />
<httpRuntime requestValidationMode="2.0" />
<!--
Set compilation debug="true" to insert debugging