Webhooks: disable auth controller

ONLYOFFICE · Jan 17, 2024 · 124019e · 124019e
1 parent dbaf78a
commit 124019e
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 6 deletions.
diff --git a/common/ASC.Api.Core/Middleware/WebhooksGlobalFilterAttribute.cs b/common/ASC.Api.Core/Middleware/WebhooksGlobalFilterAttribute.cs
@@ -74,7 +74,7 @@ public override async Task OnResultExecutionAsync(ResultExecutingContext context
 
             try
             {
-                var (method, routePattern) = GetData(context.HttpContext);
+                var (method, routePattern, _) = GetData(context.HttpContext);
 
                 var resultContent = Encoding.UTF8.GetString(_stream.ToArray());
 
@@ -97,24 +97,29 @@ public void Dispose()
         }
     }
 
-    private (string, string) GetData(HttpContext context)
+    private (string, string, bool) GetData(HttpContext context)
     {
         var method = context.Request.Method;
         var endpoint = (RouteEndpoint)context.GetEndpoint();
         var routePattern = endpoint?.RoutePattern.RawText;
-
-        return (method, routePattern);
+        var disabled = endpoint?.Metadata.OfType<WebhookDisableAttribute>().FirstOrDefault();
+        return (method, routePattern, disabled != null);
     }
 
     private async Task<bool> SkipAsync(HttpContext context)
     {
-        var (method, routePattern) = GetData(context);
+        var (method, routePattern, disabled) = GetData(context);
 
         if (routePattern == null)
         {
             return true;
         }
-
+
+        if (disabled)
+        {
+            return true;
+        }
+
         if (!DbWorker.MethodList.Contains(method))
         {
             return true;

diff --git a/web/ASC.Web.Api/Api/AuthenticationController.cs b/web/ASC.Web.Api/Api/AuthenticationController.cs
@@ -24,6 +24,8 @@
 // content are licensed under the terms of the Creative Commons Attribution-ShareAlike 4.0
 // International. See the License terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode
 
+using ASC.Api.Core.Core;
+
 using AuthenticationException = System.Security.Authentication.AuthenticationException;
 using Constants = ASC.Core.Users.Constants;
 
@@ -37,6 +39,7 @@ namespace ASC.Web.Api.Controllers;
 [DefaultRoute]
 [ApiController]
 [AllowAnonymous]
+[WebhookDisable]
 public class AuthenticationController : ControllerBase
 {
     private readonly UserManager _userManager;