Orchard CMS reseting the Culture - orchardcms

I recently watched the very useful orchard harvest video on localization and internationalization, by Piotr Szmyd
I want to set the culture using this method, checking for a cookie
public class CultureSelector : ICultureSelector
{
public const int SelectorPriority = 5;
public const string CookieName = "Riders-Location-Cookie";
public const string CookieValueName = "location-code";
public CultureSelectorResult GetCulture(HttpContextBase context)
{
if (context == null || context.Request == null || context.Request.Cookies == null)
{
return null;
}
// check for a cookie
var cookie = context.Request.Cookies[CookieName];
if (cookie != null && !string.IsNullOrEmpty(cookie.Values[CookieValueName]))
{
return new CultureSelectorResult { Priority = SelectorPriority, CultureName = cookie.Values[CookieValueName] };
}
return null;
}
}
That works, However, I do want to user to be able to reset their own culture on the site. How do I reset the culture for the entire site when the user chooses to.
Lets say for instance if I have a select list that is output as part of a custom module.
I've looked at the ChangeCulture code form the Orchard CulturePicker Module but this dosen't seem to change to culture for the entier site as setting it with an implementation of ICultureSelector would.

If I correctly understand, you'd like a user to be able to change his current culture and/or be able to return to the default site culture, right?
In your case it should be as easy as either changing the cookie value or removing it (to set default culture) as a response to some user action.

Related

How to intercept a request to get the raw URL for site localization?

My site works this way:
All content has autoroute for {culture/slug} URLs
Users can select the site culture, so that everything is presented in the language they choose
I'm trying to achieve this functionality:
User selects site in English.
User goes to "site.com/es/content", which is a content in Spanish.
The site has to automatically change the culture to Spanish and return the requested content.
What I think I need is to intercept the request, parse the URL and get the culture to see if it's the same as the current one.
I've tried getting it in the ItemsController in Orchard.Core.Contents using the IHttpContextAccessor but it doesn't have the raw Url.
I've also tried catching the request in Orchard.Autoroute and Orchard.Alias services but they are not the ones processing the request.
Any pointers would be appreciated.
There are some ways to do this.
Implement ICultureSelector
namespace SomeModule
{
using System;
using System.Globalization;
using System.Linq;
using System.Web;
using Orchard.Localization.Services;
public class CultureSelectorByHeader : ICultureSelector
{
private readonly ICultureManager cultureManager;
public CultureSelectorByHeader(ICultureManager cultureManager)
{
this.cultureManager = cultureManager;
}
public CultureSelectorResult GetCulture(HttpContextBase context)
{
var acceptedLanguageHeader = context?.Request?.UserLanguages?.FirstOrDefault();
if ( acceptedLanguageHeader == null )
return null;
var enabledCultures = this.cultureManager.ListCultures();
var siteCulture = this.cultureManager.GetSiteCulture();
// Select the specified culture if it's enabled.
// Otherwise, or if it wasn't found, fall back to the default site culture.
var culture = enabledCultures.Contains(acceptedLanguageHeader, StringComparer.InvariantCultureIgnoreCase)
? CultureInfo.CreateSpecificCulture(acceptedLanguageHeader).Name
: CultureInfo.CreateSpecificCulture(siteCulture).Name;
return new CultureSelectorResult { CultureName = culture, Priority = 0 };
}
}
}
You can go wild in GetCulture, read headers, cookies, a query string or get some settings for the current user from DB. Whatever fits your need.
Set the culture directly
private void SetWorkContextCulture(string cultureTwoLetterIsoCode)
{
if ( !string.IsNullOrWhitespace(cultureTwoLetterIsoCode) )
{
try
{
var culture = CultureInfo.CreateSpecificCulture(cultureTwoLetterIsoCode);
this.Services.WorkContext.CurrentCulture = culture.TwoLetterISOLanguageName;
}
catch ( CultureNotFoundException )
{
Debug.WriteLine("Couldn't change thread culture.");
}
}
}
Just change the current culture of WorkContext before returning your result and you're good to go.
Fun fact: Changing the WorkContext.Culture in a controller will override everything you did in your ICultureSelector implementation.

What is the XsrfKey used for and should I set the XsrfId to something else?

In my MVC 5 web app I have this (in AccountController.cs):
// Used for XSRF protection when adding external sign ins
private const string XsrfKey = "XsrfId";
and
public string SocialAccountProvider { get; set; }
public string RedirectUri { get; set; }
public string UserId { get; set; }
public override void ExecuteResult(ControllerContext context)
{
var properties = new AuthenticationProperties { RedirectUri = RedirectUri };
if (UserId != null)
{
properties.Dictionary[XsrfKey] = UserId;
}
context.HttpContext.GetOwinContext().Authentication.Challenge(properties, SocialAccountProvider);
}
How exactly is it being used for protection?
Should I set the value of XsrfKey to something more random?
Take a look at ManageController methods LinkLogin and LinkLoginCallback:
//
// POST: /Manage/LinkLogin
[HttpPost]
[ValidateAntiForgeryToken]
public ActionResult LinkLogin(string provider)
{
// Request a redirect to the external login provider to link a login for the current user
return new AccountController.ChallengeResult(provider, Url.Action("LinkLoginCallback", "Manage"), User.Identity.GetUserId());
}
//
// GET: /Manage/LinkLoginCallback
public async Task<ActionResult> LinkLoginCallback()
{
var loginInfo = await AuthenticationManager.GetExternalLoginInfoAsync(XsrfKey, User.Identity.GetUserId());
if (loginInfo == null)
{
return RedirectToAction("ManageLogins", new { Message = ManageMessageId.Error });
}
var result = await UserManager.AddLoginAsync(User.Identity.GetUserId(), loginInfo.Login);
return result.Succeeded ? RedirectToAction("ManageLogins") : RedirectToAction("ManageLogins", new { Message = ManageMessageId.Error });
}
These are the methods that handle linking of external accounts (i.e. Google, Facebook, etc.). The flow goes like this:
User clicks "Link Account" button, which calls a POST to LinkLogin method.
LinkLogin returns ChallengeResult object, with callback url set to LinkLoginCallback method.
ChallengeResult.ExecuteResult is called by MVC framework, calls IAuthenticationManager.Challenge, which causes a redirect to the specific external login provider (let's say: google).
User authenticates with google, then google redirects to callback url.
The callback is handled with LinkLoginCallback. Here, we want to prevent XSRF and verify that the call was initiated by a user, from a page served by our server (and not by some malicious site).
Normally, if it was a simple GET-POST sequence, you would add a hidden <input> field with an anti-forgery token and compare it with a corresponding cookie value (that's how Asp.Net Anti-Forgery Tokens work).
Here, the request comes from external auth provider (google in our example). So we need to give the anti-forgery token to google and google should include it in the callback request. That's exactly what state parameter in OAuth2 was designed for.
Back to our XsrfKey: everything you put in AuthenticationProperties.Dictionary will be serialized and included in the state parameter of OAuth2 request - and consequentially, OAuth2 callback. Now, GetExternalLoginInfoAsync(this IAuthenticationManager manager, string xsrfKey, string expectedValue) will look for the XsrfKey in the received state Dictionary and compare it to the expectedValue. It will return an ExternalLoginInfo only if the values are equal.
So, answering your original question: you can set XsrfKey to anything you want, as long as the same key is used when setting and reading it. It doesn't make much sense to set it to anything random - the state parameter is encrypted, so no one expect you will be able to read it anyway.
Just leave it as is:
As the name of the member states it is a key:
private const string XsrfKey = "XsrfId";
It is defined in this manner to avoid "magic numbers" and then is used a little down in the scaffold code:
public override void ExecuteResult(ControllerContext context)
{
var properties = new AuthenticationProperties { RedirectUri = RedirectUri };
if (UserId != null)
{
properties.Dictionary[XsrfKey] = UserId;
}
context.HttpContext.GetOwinContext().Authentication.Challenge(properties, LoginProvider);
}
The value of the dictionary item is then set to the UserId property in the above code by using the XsrfKey member as the key.
IOW the code is already setting the XSRF dictionary item to the value of the user ID in the snippet. If you change the XsrfKey members value to anything else you will cause problems down the line, since the expected key "XsrfId" will have no value set.
If by changing it to something more random you are implying to change the value and not they key of the dictionary, or in other words, not set it to the user id then please see the following for an explanation of the anti forgery token inner workings.
http://www.asp.net/mvc/overview/security/xsrfcsrf-prevention-in-aspnet-mvc-and-web-pages

Attribute Routing with BaseClass implementation: Correcltly listed but still fails

I've set attribute routing on a controller class which inherits a base class where I handle I18N culture set/selection logic (as described in article ASP.NET MVC 5 Internationalization) but that process fails, although route seemed to be set correctly.
[RoutePrefix("{culture}")]
public class HomeController : BaseController
{
public ActionResult Index()
{
return View();
}
[Route("Hakkimda")]
public ActionResult About()
{
ViewBag.Message = "Your application description page.";
return View();
}
When I try to get to link I see grey screen of death on browser with this on address bar:
http://localhost:53530/tr-tr/Hakkimda?MS_DirectRouteMatches=System.Collections.Generic.List%601%5BSystem.Web.Routing.RouteData%5D
I believe the problem is the way base controller implements I18N logic which is based on BeginExecuteCore overloading.
protected override IAsyncResult BeginExecuteCore(AsyncCallback callback, object state)
{
string cultureName = RouteData.Values["culture"] as string;
// Attempt to read the culture cookie from Request
if (cultureName == null)
cultureName = Request.UserLanguages != null && Request.UserLanguages.Length > 0 ? Request.UserLanguages[0] : null; // obtain it from HTTP header AcceptLanguages
// Validate culture name
cultureName = CultureHelper.GetImplementedCulture(cultureName); // This is safe
if (RouteData.Values["culture"] as string != cultureName) {
// Force a valid culture in the URL
RouteData.Values["culture"] = cultureName.ToLowerInvariant(); // lower case too
// Redirect user
Response.RedirectToRoute(RouteData.Values);
}
// Modify current thread's cultures
Thread.CurrentThread.CurrentCulture = new System.Globalization.CultureInfo(cultureName);
Thread.CurrentThread.CurrentUICulture = Thread.CurrentThread.CurrentCulture;
return base.BeginExecuteCore(callback, state);
}
Probably execution precedence of BeginExecuteCore and routing have some mismatch but my knowledge on both don't suffice to solve it.
I've seen this article(What’s New in ASP.NET MVC 5.2 : Attribute routing improvements) but example provided there was a bit different and because it's new there aren't other examples on the net.
mr-anton's answer will stop you getting rubbish in the address bar but It'll also stop the language changing.
I had this issue after a change from MVC5 to MVC5.2
This answer says it is a Microsoft issue
The workaround is to see if the route data is in a nested route key
var routeData = RouteData;
if (routeData.Values.ContainsKey("MS_DirectRouteMatches"))
{
routeData = ((IEnumerable<System.Web.Routing.RouteData>)routeData.Values["MS_DirectRouteMatches"]).First();
}
string cultureName = routeData.Values["culture"] as string;
And then it just works.
remove this code
if (RouteData.Values["culture"] as string != cultureName) {
// Force a valid culture in the URL
RouteData.Values["culture"] = cultureName.ToLowerInvariant(); // lower case too
// Redirect user
Response.RedirectToRoute(RouteData.Values);
}

Persistent login in Sharepoint 2010 using SessionSecurityToken?

I have a public website which runs on Sharepoint. Now when the users login, we want them to be able to pick "Remember login" so they have a persistent login.
As far as I've understood, Sharepoint supports this. The only thing you have to do, is to run:
spFederationAuthenticationModule.SetPrincipalAndWriteSessionToken(someSessionSecurityToken, true);
Now, I don't know how to get the SessionSecurityToken that overload requires. Currently we use the one without true.
Our code:
MembershipProvider membershipProvider = Membership.Providers["CustomProvider"];
VerifyCredentialsResult verifyCredentialsDto = null;
using (WindowsIdentity.Impersonate(IntPtr.Zero))
{
var customerService = Kernel.Resolve<ICustomerServiceAgent>();
verifyCredentialsDto = customerService.VerifyCredentials(userName, passwordOrSsoToken);
Kernel.ReleaseComponent(customerService);
}
if (!verifyCredentialsDto.Succes)
return false;
SecurityToken securityToken =
SPSecurityContext.SecurityTokenForFormsAuthentication(new Uri(SPContext.Current.Web.Url),
"CustomProvider",
"CustomRoleProvider",
verifyCredentialsDto.CustomerId,
passwordOrSsoToken);
if (securityToken != null)
{
SPFederationAuthenticationModule spFederationAuthenticationModule =
SPFederationAuthenticationModule.Current;
spFederationAuthenticationModule.SetPrincipalAndWriteSessionToken(securityToken);
return true;
}
return false;
Implementing the parameter which is persistent true/false is easy, but how do we change our code to support persistent cookies when logging in?

Finding control on SharePoint page

Im trying to locate an SPDataSource control located on my SharePoint page. I found the following code which probably works fine, I just don't know what to pass into it.
public static Control FindControlRecursive(Control Root, string Id)
{
if (Root.ID == Id)
return Root;
foreach (Control Ctl in Root.Controls)
{
Control FoundCtl = FindControlRecursive(Ctl, Id);
if (FoundCtl != null)
return FoundCtl;
}
return null;
}
I don't know how to have it search the whole page or at the very least the ContentPlaceHolder that the control is in.
edit
Looks like I have a more rudimentary issue here. Not sure how to explain but I'm not opening up the page before running my code. I'm opening the site via the following:
using (SPWeb web = thisSite.Site.OpenWeb("/siteurl/,true))
So when I try to find the page below I'm getting Object reference not set to instance of object.
var page = HttpContext.Current.Handler as Page;
Perhaps I'm going about this the wrong way, I'm in my infancy here so I'm just kind of stumbling along figuring stuff out!
What you got is actually not SharePoint specific, it's c# asp.net.
Anyway, you could call it like this
var page = HttpContext.Current.Handler as Page;
var control = page; // or put the element you know exist that omit (is a parent) of the element you want to find
var myElement = FindControlRecursive(control, "yourelement");
Most likely you'll need to cast the return as well
var myElement = (TextBox)FindControlRecursive(control, "yourelement");
// or
var myElement = FindControlRecursive(control, "yourelement") as TextBox;
There are however more efficient ways to write such a method, here is one simple example
public static Control FindControlRecursive(string id)
{
var page = HttpContext.Current.Handler as Page;
return FindControlRecursive(page, id);
}
public static Control FindControlRecursive(Control root, string id)
{
return root.ID == id ? root : (from Control c in root.Controls select FindControlRecursive(c, id)).FirstOrDefault(t => t != null);
}
Call it the same way as I suggested earlier.
If you are handling larger pages the methods above might be a bit slow, what you should do is aim for a method using generics instead. They are way faster than traditional methods.
Try this one
public static T FindControlRecursive<T>(Control control, string controlID) where T : Control
{
// Find the control.
if (control != null)
{
Control foundControl = control.FindControl(controlID);
if (foundControl != null)
{
// Return the Control
return foundControl as T;
}
// Continue the search
foreach (Control c in control.Controls)
{
foundControl = FindControlRecursive<T>(c, controlID);
if (foundControl != null)
{
// Return the Control
return foundControl as T;
}
}
}
return null;
}
You call it like this
var mytextBox = FindControlRecursive<TextBox>(Page, "mytextBox");

Resources