seb-win-refactoring/SafeExamBrowser.Browser/Handlers/ResourceHandler.cs

/*
 * Copyright (c) 2020 ETH Zürich, Educational Development and Technology (LET)
 * 
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 */

using System;
using System.Collections.Specialized;
using System.Linq;
using System.Net.Mime;
using System.Security.Cryptography;
using System.Text;
using System.Threading.Tasks;
using CefSharp;
using Newtonsoft.Json;
using Newtonsoft.Json.Linq;
using SafeExamBrowser.Browser.Contracts.Events;
using SafeExamBrowser.Browser.Contracts.Filters;
using SafeExamBrowser.Browser.Pages;
using SafeExamBrowser.Configuration.Contracts;
using SafeExamBrowser.I18n.Contracts;
using SafeExamBrowser.Logging.Contracts;
using SafeExamBrowser.Settings.Browser;
using SafeExamBrowser.Settings.Browser.Filter;
using BrowserSettings = SafeExamBrowser.Settings.Browser.BrowserSettings;
using Request = SafeExamBrowser.Browser.Contracts.Filters.Request;

namespace SafeExamBrowser.Browser.Handlers
{
	internal class ResourceHandler : CefSharp.Handler.ResourceRequestHandler
	{
		private SHA256Managed algorithm;
		private AppConfig appConfig;
		private string browserExamKey;
		private IResourceHandler contentHandler;
		private IRequestFilter filter;
		private HtmlLoader htmlLoader;
		private ILogger logger;
		private IResourceHandler pageHandler;
		private BrowserSettings settings;
		private WindowSettings windowSettings;
		private IText text;

		internal event SessionIdentifierDetectedEventHandler SessionIdentifierDetected;

		internal ResourceHandler(
			AppConfig appConfig,
			IRequestFilter filter,
			ILogger logger,
			BrowserSettings settings,
			WindowSettings windowSettings,
			IText text)
		{
			this.appConfig = appConfig;
			this.algorithm = new SHA256Managed();
			this.filter = filter;
			this.htmlLoader = new HtmlLoader(text);
			this.logger = logger;
			this.settings = settings;
			this.windowSettings = windowSettings;
			this.text = text;
		}

		protected override IResourceHandler GetResourceHandler(IWebBrowser webBrowser, IBrowser browser, IFrame frame, IRequest request)
		{
			if (Block(request))
			{
				return ResourceHandlerFor(request.ResourceType);
			}

			return base.GetResourceHandler(webBrowser, browser, frame, request);
		}

		protected override CefReturnValue OnBeforeResourceLoad(IWebBrowser webBrowser, IBrowser browser, IFrame frame, IRequest request, IRequestCallback callback)
		{
			if (IsMailtoUrl(request.Url))
			{
				return CefReturnValue.Cancel;
			}

			AppendCustomHeaders(request);
			ReplaceSebScheme(request);

			return base.OnBeforeResourceLoad(webBrowser, browser, frame, request, callback);
		}

		protected override bool OnProtocolExecution(IWebBrowser webBrowser, IBrowser browser, IFrame frame, IRequest request)
		{
			return true;
		}

		protected override void OnResourceRedirect(IWebBrowser chromiumWebBrowser, IBrowser browser, IFrame frame, IRequest request, IResponse response, ref string newUrl)
		{
			SearchSessionIdentifiers(response);

			base.OnResourceRedirect(chromiumWebBrowser, browser, frame, request, response, ref newUrl);
		}

		protected override bool OnResourceResponse(IWebBrowser webBrowser, IBrowser browser, IFrame frame, IRequest request, IResponse response)
		{
			if (RedirectToDisablePdfToolbar(request, response, out var url))
			{
				webBrowser.Load(url);

				return true;
			}

			SearchSessionIdentifiers(response);

			return base.OnResourceResponse(webBrowser, browser, frame, request, response);
		}

		private void AppendCustomHeaders(IRequest request)
		{
			var headers = new NameValueCollection(request.Headers);
			var urlWithoutFragment = request.Url.Split('#')[0];

			if (settings.SendConfigurationKey)
			{
				var hash = algorithm.ComputeHash(Encoding.UTF8.GetBytes(urlWithoutFragment + settings.ConfigurationKey));
				var key = BitConverter.ToString(hash).ToLower().Replace("-", string.Empty);

				headers["X-SafeExamBrowser-ConfigKeyHash"] = key;
			}

			if (settings.SendExamKey)
			{
				var hash = algorithm.ComputeHash(Encoding.UTF8.GetBytes(urlWithoutFragment + (browserExamKey ?? ComputeBrowserExamKey())));
				var key = BitConverter.ToString(hash).ToLower().Replace("-", string.Empty);

				headers["X-SafeExamBrowser-RequestHash"] = key;
			}

			request.Headers = headers;
		}

		private bool Block(IRequest request)
		{
			var block = false;

			if (settings.Filter.ProcessContentRequests)
			{
				var result = filter.Process(new Request { Url = request.Url });

				if (result == FilterResult.Block)
				{
					block = true;
					logger.Info($"Blocked content request{(windowSettings.UrlPolicy.CanLog() ? $" for '{request.Url}'" : "")} ({request.ResourceType}, {request.TransitionType}).");
				}
			}

			return block;
		}

		private string ComputeBrowserExamKey()
		{
			var salt = settings.ExamKeySalt;

			if (salt == default(byte[]))
			{
				salt = new byte[0];
				logger.Warn("The current configuration does not contain a salt value for the browser exam key!");
			}

			using (var algorithm = new HMACSHA256(salt))
			{
				var hash = algorithm.ComputeHash(Encoding.UTF8.GetBytes(appConfig.CodeSignatureHash + appConfig.ProgramBuildVersion + settings.ConfigurationKey));
				var key = BitConverter.ToString(hash).ToLower().Replace("-", string.Empty);

				browserExamKey = key;

				return browserExamKey;
			}
		}

		private bool IsMailtoUrl(string url)
		{
			return url.StartsWith(Uri.UriSchemeMailto);
		}

		private bool RedirectToDisablePdfToolbar(IRequest request, IResponse response, out string url)
		{
			const string DISABLE_PDF_TOOLBAR = "#toolbar=0";
			var isPdf = response.Headers["Content-Type"] == MediaTypeNames.Application.Pdf;
			var isMainFrame = request.ResourceType == ResourceType.MainFrame;
			var hasFragment = request.Url.Contains(DISABLE_PDF_TOOLBAR);
			var redirect = settings.AllowPdfReader && !settings.AllowPdfReaderToolbar && isPdf && isMainFrame && !hasFragment;

			url = request.Url + DISABLE_PDF_TOOLBAR;

			if (redirect)
			{
				logger.Info($"Redirecting{(windowSettings.UrlPolicy.CanLog() ? $" to '{url}'" : "")} to disable PDF reader toolbar.");
			}

			return redirect;
		}

		private void ReplaceSebScheme(IRequest request)
		{
			if (Uri.IsWellFormedUriString(request.Url, UriKind.RelativeOrAbsolute))
			{
				var uri = new Uri(request.Url);

				if (uri.Scheme == appConfig.SebUriScheme)
				{
					request.Url = new UriBuilder(uri) { Scheme = Uri.UriSchemeHttp }.Uri.AbsoluteUri;
				}
				else if (uri.Scheme == appConfig.SebUriSchemeSecure)
				{
					request.Url = new UriBuilder(uri) { Scheme = Uri.UriSchemeHttps }.Uri.AbsoluteUri;
				}
			}
		}

		private IResourceHandler ResourceHandlerFor(ResourceType resourceType)
		{
			if (contentHandler == default(IResourceHandler))
			{
				contentHandler = CefSharp.ResourceHandler.FromString(htmlLoader.LoadBlockedContent());
			}

			if (pageHandler == default(IResourceHandler))
			{
				pageHandler = CefSharp.ResourceHandler.FromString(htmlLoader.LoadBlockedPage());
			}

			switch (resourceType)
			{
				case ResourceType.MainFrame:
				case ResourceType.SubFrame:
					return pageHandler;
				default:
					return contentHandler;
			}
		}

		private void SearchSessionIdentifiers(IResponse response)
		{
			SearchEdxIdentifier(response);
			SearchMoodleIdentifier(response);
		}

		private void SearchEdxIdentifier(IResponse response)
		{
			var cookies = response.Headers.GetValues("Set-Cookie");

			if (cookies != default(string[]))
			{
				try
				{
					var userInfo = cookies.FirstOrDefault(c => c.Contains("edx-user-info"));

					if (userInfo != default(string))
					{
						var start = userInfo.IndexOf("=") + 1;
						var end = userInfo.IndexOf("; expires");
						var cookie = userInfo.Substring(start, end - start);
						var sanitized = cookie.Replace("\\\"", "\"").Replace("\\054", ",").Trim('"');
						var json = JsonConvert.DeserializeObject(sanitized) as JObject;
						var userName = json["username"].Value<string>();

						Task.Run(() => SessionIdentifierDetected?.Invoke(userName));
					}
				}
				catch (Exception e)
				{
					logger.Error("Failed to parse edX session identifier!", e);
				}
			}
		}

		private void SearchMoodleIdentifier(IResponse response)
		{
			var locations = response.Headers.GetValues("Location");

			if (locations != default(string[]))
			{
				try
				{
					var location = locations.FirstOrDefault(l => l.Contains("moodle/login/index.php?testsession"));

					if (location != default(string))
					{
						var userId = location.Substring(location.IndexOf("=") + 1);

						Task.Run(() => SessionIdentifierDetected?.Invoke(userId));
					}
				}
				catch (Exception e)
				{
					logger.Error("Failed to parse Moodle session identifier!", e);
				}
			}
		}
	}
}
-												SEBWIN-314: Completed infrastructure for request filter.

											
										
										
											2019-09-10 11:01:49 +02:00
+								/*
-												Updated year in copyright and license remarks.

											
										
										
											2020-01-06 15:24:46 +01:00
+								 * Copyright (c) 2020 ETH Zürich, Educational Development and Technology (LET)
-												SEBWIN-314: Completed infrastructure for request filter.

											
										
										
											2019-09-10 11:01:49 +02:00
+								 *
 								 * This Source Code Form is subject to the terms of the Mozilla Public
 								 * License, v. 2.0. If a copy of the MPL was not distributed with this
 								 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 								 */
 								using System;
 								using System.Collections.Specialized;
-												SEBWIN-405: Fixed and improved LMS session detection.

											
										
										
											2020-08-03 14:41:25 +02:00
+								using System.Linq;
-												SEBWIN-302: Implemented configuration of internal PDF reader.

											
										
										
											2020-01-30 11:15:28 +01:00
+								using System.Net.Mime;
-												SEBWIN-309: Implemented scaffolding for Configuration Key.

											
										
										
											2020-01-10 08:54:10 +01:00
+								using System.Security.Cryptography;
 								using System.Text;
-												SEBWIN-405: Fixed and improved LMS session detection.

											
										
										
											2020-08-03 14:41:25 +02:00
+								using System.Threading.Tasks;
-												SEBWIN-314: Completed infrastructure for request filter.

											
										
										
											2019-09-10 11:01:49 +02:00
+								using CefSharp;
-												SEBWIN-405: Fixed and improved LMS session detection.

											
										
										
											2020-08-03 14:41:25 +02:00
+								using Newtonsoft.Json;
 								using Newtonsoft.Json.Linq;
 								using SafeExamBrowser.Browser.Contracts.Events;
-												SEBWIN-314: Completed infrastructure for browser request filtering.

											
										
										
											2019-09-13 09:17:14 +02:00
+								using SafeExamBrowser.Browser.Contracts.Filters;
-												SEBWIN-362: Implemented basic load error page for browser.

											
										
										
											2020-03-13 15:56:32 +01:00
+								using SafeExamBrowser.Browser.Pages;
-												SEBWIN-314: Completed infrastructure for request filter.

											
										
										
											2019-09-10 11:01:49 +02:00
+								using SafeExamBrowser.Configuration.Contracts;
 								using SafeExamBrowser.I18n.Contracts;
 								using SafeExamBrowser.Logging.Contracts;
-												SEBWIN-414: Implemented new feature to control displaying and logging of URLs in browser.

											
										
										
											2020-09-29 14:01:17 +02:00
+								using SafeExamBrowser.Settings.Browser;
-												Cleaned and restructured browser settings namespace.

											
										
										
											2019-12-18 08:24:55 +01:00
+								using SafeExamBrowser.Settings.Browser.Filter;
-												SEBWIN-309: Implemented scaffolding for Configuration Key.

											
										
										
											2020-01-10 08:54:10 +01:00
+								using BrowserSettings = SafeExamBrowser.Settings.Browser.BrowserSettings;
-												Updated browser engine to version 79.1.36 and updated dependencies for entire solution.

											
										
										
											2020-02-14 09:51:52 +01:00
+								using Request = SafeExamBrowser.Browser.Contracts.Filters.Request;
-												SEBWIN-314: Completed infrastructure for request filter.

											
										
										
											2019-09-10 11:01:49 +02:00
 								namespace SafeExamBrowser.Browser.Handlers
 								{
 									internal class ResourceHandler : CefSharp.Handler.ResourceRequestHandler
 									{
-												SEBWIN-309: Implemented scaffolding for Configuration Key.

											
										
										
											2020-01-10 08:54:10 +01:00
+										private SHA256Managed algorithm;
-												SEBWIN-309: Corrected implementation of configuration and browser exam key.

											
										
										
											2020-02-13 11:01:07 +01:00
+										private AppConfig appConfig;
 										private string browserExamKey;
-												SEBWIN-314: Main requests are now entirely prevented (before any loading happens) and only content requests are intercepted with custom resource handling.

											
										
										
											2019-09-12 12:31:17 +02:00
+										private IResourceHandler contentHandler;
-												SEBWIN-309: Corrected implementation of configuration and browser exam key.

											
										
										
											2020-02-13 11:01:07 +01:00
+										private IRequestFilter filter;
-												SEBWIN-362: Implemented basic load error page for browser.

											
										
										
											2020-03-13 15:56:32 +01:00
+										private HtmlLoader htmlLoader;
-												SEBWIN-309: Corrected implementation of configuration and browser exam key.

											
										
										
											2020-02-13 11:01:07 +01:00
+										private ILogger logger;
-												SEBWIN-314: Main requests are now entirely prevented (before any loading happens) and only content requests are intercepted with custom resource handling.

											
										
										
											2019-09-12 12:31:17 +02:00
+										private IResourceHandler pageHandler;
-												SEBWIN-309: Corrected implementation of configuration and browser exam key.

											
										
										
											2020-02-13 11:01:07 +01:00
+										private BrowserSettings settings;
-												SEBWIN-414: Implemented new feature to control displaying and logging of URLs in browser.

											
										
										
											2020-09-29 14:01:17 +02:00
+										private WindowSettings windowSettings;
-												SEBWIN-314: Completed infrastructure for request filter.

											
										
										
											2019-09-10 11:01:49 +02:00
+										private IText text;
-												SEBWIN-405: Fixed and improved LMS session detection.

											
										
										
											2020-08-03 14:41:25 +02:00
+										internal event SessionIdentifierDetectedEventHandler SessionIdentifierDetected;
-												SEBWIN-414: Implemented new feature to control displaying and logging of URLs in browser.

											
										
										
											2020-09-29 14:01:17 +02:00
+										internal ResourceHandler(
 											AppConfig appConfig,
 											IRequestFilter filter,
 											ILogger logger,
 											BrowserSettings settings,
 											WindowSettings windowSettings,
 											IText text)
-												SEBWIN-314: Completed infrastructure for request filter.

											
										
										
											2019-09-10 11:01:49 +02:00
+										{
 											this.appConfig = appConfig;
-												SEBWIN-309: Implemented scaffolding for Configuration Key.

											
										
										
											2020-01-10 08:54:10 +01:00
+											this.algorithm = new SHA256Managed();
-												SEBWIN-314: Main requests are now entirely prevented (before any loading happens) and only content requests are intercepted with custom resource handling.

											
										
										
											2019-09-12 12:31:17 +02:00
+											this.filter = filter;
-												SEBWIN-362: Implemented basic load error page for browser.

											
										
										
											2020-03-13 15:56:32 +01:00
+											this.htmlLoader = new HtmlLoader(text);
-												SEBWIN-314: Completed infrastructure for request filter.

											
										
										
											2019-09-10 11:01:49 +02:00
+											this.logger = logger;
 											this.settings = settings;
-												SEBWIN-414: Implemented new feature to control displaying and logging of URLs in browser.

											
										
										
											2020-09-29 14:01:17 +02:00
+											this.windowSettings = windowSettings;
-												SEBWIN-314: Completed infrastructure for request filter.

											
										
										
											2019-09-10 11:01:49 +02:00
+											this.text = text;
 										}
-												SEBWIN-380: Implemented unit tests for browser resource handler.

											
										
										
											2020-04-06 14:13:13 +02:00
+										protected override IResourceHandler GetResourceHandler(IWebBrowser webBrowser, IBrowser browser, IFrame frame, IRequest request)
-												SEBWIN-314: Completed infrastructure for request filter.

											
										
										
											2019-09-10 11:01:49 +02:00
+										{
-												SEBWIN-314: Main requests are now entirely prevented (before any loading happens) and only content requests are intercepted with custom resource handling.

											
										
										
											2019-09-12 12:31:17 +02:00
+											if (Block(request))
-												SEBWIN-314: Completed infrastructure for request filter.

											
										
										
											2019-09-10 11:01:49 +02:00
+											{
-												SEBWIN-314: Main requests are now entirely prevented (before any loading happens) and only content requests are intercepted with custom resource handling.

											
										
										
											2019-09-12 12:31:17 +02:00
+												return ResourceHandlerFor(request.ResourceType);
-												SEBWIN-314: Completed infrastructure for request filter.

											
										
										
											2019-09-10 11:01:49 +02:00
+											}
-												SEBWIN-380: Implemented unit tests for browser resource handler.

											
										
										
											2020-04-06 14:13:13 +02:00
+											return base.GetResourceHandler(webBrowser, browser, frame, request);
-												SEBWIN-314: Completed infrastructure for request filter.

											
										
										
											2019-09-10 11:01:49 +02:00
+										}
 										protected override CefReturnValue OnBeforeResourceLoad(IWebBrowser webBrowser, IBrowser browser, IFrame frame, IRequest request, IRequestCallback callback)
 										{
-												SEBWIN-309: Implemented scaffolding for Configuration Key.

											
										
										
											2020-01-10 08:54:10 +01:00
+											if (IsMailtoUrl(request.Url))
 											{
 												return CefReturnValue.Cancel;
 											}
-												SEBWIN-309: Corrected implementation of configuration and browser exam key.

											
										
										
											2020-02-13 11:01:07 +01:00
+											AppendCustomHeaders(request);
-												SEBWIN-314: Main requests are now entirely prevented (before any loading happens) and only content requests are intercepted with custom resource handling.

											
										
										
											2019-09-12 12:31:17 +02:00
+											ReplaceSebScheme(request);
-												SEBWIN-314: Completed infrastructure for request filter.

											
										
										
											2019-09-10 11:01:49 +02:00
 											return base.OnBeforeResourceLoad(webBrowser, browser, frame, request, callback);
 										}
-												SEBWIN-416: Ensured third-party applications with custom URI schemes are correctly opened.

											
										
										
											2020-08-06 14:26:40 +02:00
+										protected override bool OnProtocolExecution(IWebBrowser webBrowser, IBrowser browser, IFrame frame, IRequest request)
 										{
 											return true;
 										}
-												SEBWIN-405: Fixed and improved LMS session detection.

											
										
										
											2020-08-03 14:41:25 +02:00
+										protected override void OnResourceRedirect(IWebBrowser chromiumWebBrowser, IBrowser browser, IFrame frame, IRequest request, IResponse response, ref string newUrl)
 										{
 											SearchSessionIdentifiers(response);
 											base.OnResourceRedirect(chromiumWebBrowser, browser, frame, request, response, ref newUrl);
 										}
-												SEBWIN-380: Implemented unit tests for browser resource handler.

											
										
										
											2020-04-06 14:13:13 +02:00
+										protected override bool OnResourceResponse(IWebBrowser webBrowser, IBrowser browser, IFrame frame, IRequest request, IResponse response)
-												SEBWIN-302: Implemented configuration of internal PDF reader.

											
										
										
											2020-01-30 11:15:28 +01:00
+										{
 											if (RedirectToDisablePdfToolbar(request, response, out var url))
 											{
-												SEBWIN-380: Implemented unit tests for browser resource handler.

											
										
										
											2020-04-06 14:13:13 +02:00
+												webBrowser.Load(url);
-												SEBWIN-376: Fixed error with browser request filtering and improved logging if request is blocked. Also fixed error in configuration value mapping for content request filter.

											
										
										
											2020-03-04 10:08:34 +01:00
 												return true;
-												SEBWIN-302: Implemented configuration of internal PDF reader.

											
										
										
											2020-01-30 11:15:28 +01:00
+											}
-												SEBWIN-405: Fixed and improved LMS session detection.

											
										
										
											2020-08-03 14:41:25 +02:00
+											SearchSessionIdentifiers(response);
-												SEBWIN-380: Implemented unit tests for browser resource handler.

											
										
										
											2020-04-06 14:13:13 +02:00
+											return base.OnResourceResponse(webBrowser, browser, frame, request, response);
-												SEBWIN-302: Implemented configuration of internal PDF reader.

											
										
										
											2020-01-30 11:15:28 +01:00
+										}
-												SEBWIN-309: Corrected implementation of configuration and browser exam key.

											
										
										
											2020-02-13 11:01:07 +01:00
+										private void AppendCustomHeaders(IRequest request)
-												SEBWIN-314: Completed infrastructure for request filter.

											
										
										
											2019-09-10 11:01:49 +02:00
+										{
 											var headers = new NameValueCollection(request.Headers);
-												SEBWIN-309: Corrected implementation of configuration and browser exam key.

											
										
										
											2020-02-13 11:01:07 +01:00
+											var urlWithoutFragment = request.Url.Split('#')[0];
-												SEBWIN-314: Completed infrastructure for request filter.

											
										
										
											2019-09-10 11:01:49 +02:00
-												SEBWIN-309: Corrected implementation of configuration and browser exam key.

											
										
										
											2020-02-13 11:01:07 +01:00
+											if (settings.SendConfigurationKey)
 											{
 												var hash = algorithm.ComputeHash(Encoding.UTF8.GetBytes(urlWithoutFragment + settings.ConfigurationKey));
 												var key = BitConverter.ToString(hash).ToLower().Replace("-", string.Empty);
 												headers["X-SafeExamBrowser-ConfigKeyHash"] = key;
 											}
-												SEBWIN-309: Implemented scaffolding for Configuration Key.

											
										
										
											2020-01-10 08:54:10 +01:00
-												SEBWIN-309: Corrected implementation of configuration and browser exam key.

											
										
										
											2020-02-13 11:01:07 +01:00
+											if (settings.SendExamKey)
 											{
 												var hash = algorithm.ComputeHash(Encoding.UTF8.GetBytes(urlWithoutFragment + (browserExamKey ?? ComputeBrowserExamKey())));
 												var key = BitConverter.ToString(hash).ToLower().Replace("-", string.Empty);
 												headers["X-SafeExamBrowser-RequestHash"] = key;
 											}
-												SEBWIN-309: Implemented draft of browser exam key.

											
										
										
											2020-02-10 12:19:25 +01:00
-												SEBWIN-309: Implemented scaffolding for Configuration Key.

											
										
										
											2020-01-10 08:54:10 +01:00
+											request.Headers = headers;
 										}
-												SEBWIN-314: Main requests are now entirely prevented (before any loading happens) and only content requests are intercepted with custom resource handling.

											
										
										
											2019-09-12 12:31:17 +02:00
+										private bool Block(IRequest request)
-												SEBWIN-314: Completed infrastructure for request filter.

											
										
										
											2019-09-10 11:01:49 +02:00
+										{
-												SEBWIN-302: Implemented configuration of internal PDF reader.

											
										
										
											2020-01-30 11:15:28 +01:00
+											var block = false;
-												SEBWIN-309: Implemented scaffolding for Configuration Key.

											
										
										
											2020-01-10 08:54:10 +01:00
+											if (settings.Filter.ProcessContentRequests)
-												SEBWIN-314: Completed infrastructure for request filter.

											
										
										
											2019-09-10 11:01:49 +02:00
+											{
-												SEBWIN-314: Completed infrastructure for browser request filtering.

											
										
										
											2019-09-13 09:17:14 +02:00
+												var result = filter.Process(new Request { Url = request.Url });
-												SEBWIN-314: Completed infrastructure for request filter.

											
										
										
											2019-09-10 11:01:49 +02:00
-												SEBWIN-302: Implemented configuration of internal PDF reader.

											
										
										
											2020-01-30 11:15:28 +01:00
+												if (result == FilterResult.Block)
-												SEBWIN-314: Completed infrastructure for request filter.

											
										
										
											2019-09-10 11:01:49 +02:00
+												{
-												SEBWIN-302: Implemented configuration of internal PDF reader.

											
										
										
											2020-01-30 11:15:28 +01:00
+													block = true;
-												SEBWIN-414: Implemented new feature to control displaying and logging of URLs in browser.

											
										
										
											2020-09-29 14:01:17 +02:00
+													logger.Info($"Blocked content request{(windowSettings.UrlPolicy.CanLog() ? $" for '{request.Url}'" : "")} ({request.ResourceType}, {request.TransitionType}).");
-												SEBWIN-314: Completed infrastructure for request filter.

											
										
										
											2019-09-10 11:01:49 +02:00
+												}
 											}
-												SEBWIN-302: Implemented configuration of internal PDF reader.

											
										
										
											2020-01-30 11:15:28 +01:00
+											return block;
-												SEBWIN-314: Completed infrastructure for request filter.

											
										
										
											2019-09-10 11:01:49 +02:00
+										}
-												SEBWIN-309: Corrected implementation of configuration and browser exam key.

											
										
										
											2020-02-13 11:01:07 +01:00
+										private string ComputeBrowserExamKey()
 										{
-												SEBWIN-309, SEBWIN-358: Fixed crash happening when a configuration does not contain a salt value for the browser exam key.

											
										
										
											2020-02-21 11:58:08 +01:00
+											var salt = settings.ExamKeySalt;
 											if (salt == default(byte[]))
 											{
 												salt = new byte[0];
 												logger.Warn("The current configuration does not contain a salt value for the browser exam key!");
 											}
 											using (var algorithm = new HMACSHA256(salt))
-												SEBWIN-309, SEBWIN-358: Corrected usage of salt value for browser exam key.

											
										
										
											2020-02-19 15:21:34 +01:00
+											{
 												var hash = algorithm.ComputeHash(Encoding.UTF8.GetBytes(appConfig.CodeSignatureHash + appConfig.ProgramBuildVersion + settings.ConfigurationKey));
 												var key = BitConverter.ToString(hash).ToLower().Replace("-", string.Empty);
-												SEBWIN-309: Corrected implementation of configuration and browser exam key.

											
										
										
											2020-02-13 11:01:07 +01:00
-												SEBWIN-309, SEBWIN-358: Corrected usage of salt value for browser exam key.

											
										
										
											2020-02-19 15:21:34 +01:00
+												browserExamKey = key;
-												SEBWIN-309: Corrected implementation of configuration and browser exam key.

											
										
										
											2020-02-13 11:01:07 +01:00
-												SEBWIN-309, SEBWIN-358: Corrected usage of salt value for browser exam key.

											
										
										
											2020-02-19 15:21:34 +01:00
+												return browserExamKey;
 											}
-												SEBWIN-309: Corrected implementation of configuration and browser exam key.

											
										
										
											2020-02-13 11:01:07 +01:00
+										}
-												SEBWIN-314: Completed infrastructure for request filter.

											
										
										
											2019-09-10 11:01:49 +02:00
+										private bool IsMailtoUrl(string url)
 										{
 											return url.StartsWith(Uri.UriSchemeMailto);
 										}
-												SEBWIN-302: Implemented configuration of internal PDF reader.

											
										
										
											2020-01-30 11:15:28 +01:00
+										private bool RedirectToDisablePdfToolbar(IRequest request, IResponse response, out string url)
 										{
 											const string DISABLE_PDF_TOOLBAR = "#toolbar=0";
 											var isPdf = response.Headers["Content-Type"] == MediaTypeNames.Application.Pdf;
-												SEBWIN-383: Corrected redirect mechanism for PDF toolbar to only redirect main frame requests and added missing new option to configuration tool.

											
										
										
											2020-03-27 13:18:24 +01:00
+											var isMainFrame = request.ResourceType == ResourceType.MainFrame;
-												SEBWIN-302: Implemented configuration of internal PDF reader.

											
										
										
											2020-01-30 11:15:28 +01:00
+											var hasFragment = request.Url.Contains(DISABLE_PDF_TOOLBAR);
-												SEBWIN-383: Corrected redirect mechanism for PDF toolbar to only redirect main frame requests and added missing new option to configuration tool.

											
										
										
											2020-03-27 13:18:24 +01:00
+											var redirect = settings.AllowPdfReader && !settings.AllowPdfReaderToolbar && isPdf && isMainFrame && !hasFragment;
-												SEBWIN-302: Implemented configuration of internal PDF reader.

											
										
										
											2020-01-30 11:15:28 +01:00
 											url = request.Url + DISABLE_PDF_TOOLBAR;
 											if (redirect)
 											{
-												SEBWIN-414: Implemented new feature to control displaying and logging of URLs in browser.

											
										
										
											2020-09-29 14:01:17 +02:00
+												logger.Info($"Redirecting{(windowSettings.UrlPolicy.CanLog() ? $" to '{url}'" : "")} to disable PDF reader toolbar.");
-												SEBWIN-302: Implemented configuration of internal PDF reader.

											
										
										
											2020-01-30 11:15:28 +01:00
+											}
 											return redirect;
 										}
-												SEBWIN-314: Main requests are now entirely prevented (before any loading happens) and only content requests are intercepted with custom resource handling.

											
										
										
											2019-09-12 12:31:17 +02:00
+										private void ReplaceSebScheme(IRequest request)
-												SEBWIN-314: Completed infrastructure for request filter.

											
										
										
											2019-09-10 11:01:49 +02:00
+										{
 											if (Uri.IsWellFormedUriString(request.Url, UriKind.RelativeOrAbsolute))
 											{
 												var uri = new Uri(request.Url);
 												if (uri.Scheme == appConfig.SebUriScheme)
 												{
 													request.Url = new UriBuilder(uri) { Scheme = Uri.UriSchemeHttp }.Uri.AbsoluteUri;
 												}
 												else if (uri.Scheme == appConfig.SebUriSchemeSecure)
 												{
 													request.Url = new UriBuilder(uri) { Scheme = Uri.UriSchemeHttps }.Uri.AbsoluteUri;
 												}
 											}
 										}
-												SEBWIN-314: Main requests are now entirely prevented (before any loading happens) and only content requests are intercepted with custom resource handling.

											
										
										
											2019-09-12 12:31:17 +02:00
 										private IResourceHandler ResourceHandlerFor(ResourceType resourceType)
 										{
-												SEBWIN-362: Implemented basic load error page for browser.

											
										
										
											2020-03-13 15:56:32 +01:00
+											if (contentHandler == default(IResourceHandler))
-												SEBWIN-314: Completed infrastructure for browser request filtering.

											
										
										
											2019-09-13 09:17:14 +02:00
+											{
-												SEBWIN-362: Implemented basic load error page for browser.

											
										
										
											2020-03-13 15:56:32 +01:00
+												contentHandler = CefSharp.ResourceHandler.FromString(htmlLoader.LoadBlockedContent());
 											}
 											if (pageHandler == default(IResourceHandler))
 											{
 												pageHandler = CefSharp.ResourceHandler.FromString(htmlLoader.LoadBlockedPage());
-												SEBWIN-314: Completed infrastructure for browser request filtering.

											
										
										
											2019-09-13 09:17:14 +02:00
+											}
-												SEBWIN-314: Main requests are now entirely prevented (before any loading happens) and only content requests are intercepted with custom resource handling.

											
										
										
											2019-09-12 12:31:17 +02:00
+											switch (resourceType)
 											{
 												case ResourceType.MainFrame:
 												case ResourceType.SubFrame:
 													return pageHandler;
 												default:
 													return contentHandler;
 											}
 										}
-												SEBWIN-405: Fixed and improved LMS session detection.

											
										
										
											2020-08-03 14:41:25 +02:00
 										private void SearchSessionIdentifiers(IResponse response)
 										{
 											SearchEdxIdentifier(response);
 											SearchMoodleIdentifier(response);
 										}
 										private void SearchEdxIdentifier(IResponse response)
 										{
 											var cookies = response.Headers.GetValues("Set-Cookie");
 											if (cookies != default(string[]))
 											{
 												try
 												{
 													var userInfo = cookies.FirstOrDefault(c => c.Contains("edx-user-info"));
 													if (userInfo != default(string))
 													{
 														var start = userInfo.IndexOf("=") + 1;
 														var end = userInfo.IndexOf("; expires");
 														var cookie = userInfo.Substring(start, end - start);
 														var sanitized = cookie.Replace("\\\"", "\"").Replace("\\054", ",").Trim('"');
 														var json = JsonConvert.DeserializeObject(sanitized) as JObject;
 														var userName = json["username"].Value<string>();
 														Task.Run(() => SessionIdentifierDetected?.Invoke(userName));
 													}
 												}
 												catch (Exception e)
 												{
 													logger.Error("Failed to parse edX session identifier!", e);
 												}
 											}
 										}
 										private void SearchMoodleIdentifier(IResponse response)
 										{
 											var locations = response.Headers.GetValues("Location");
 											if (locations != default(string[]))
 											{
 												try
 												{
 													var location = locations.FirstOrDefault(l => l.Contains("moodle/login/index.php?testsession"));
 													if (location != default(string))
 													{
 														var userId = location.Substring(location.IndexOf("=") + 1);
 														Task.Run(() => SessionIdentifierDetected?.Invoke(userId));
 													}
 												}
 												catch (Exception e)
 												{
 													logger.Error("Failed to parse Moodle session identifier!", e);
 												}
 											}
 										}
-												SEBWIN-314: Completed infrastructure for request filter.

											
										
										
											2019-09-10 11:01:49 +02:00
+									}
 								}