public async Task <bool> Execute(string subject, string id)
{
if (string.IsNullOrWhiteSpace(subject))
{
throw new ArgumentNullException(nameof(subject));
}
if (string.IsNullOrWhiteSpace(id))
{
throw new ArgumentNullException(nameof(id));
}
var result = await _pendingRequestRepository.Get(id).ConfigureAwait(false);
if (result == null)
{
throw new UmaPolicyNotFoundException();
}
if (result.Resource.Owner != subject)
{
throw new UmaNotAuthorizedException();
}
using (var transaction = new CommittableTransaction(new TransactionOptions {
IsolationLevel = IsolationLevel.ReadCommitted
}))
{
try
{
result.IsConfirmed = true;
await _pendingRequestRepository.Delete(result.Id).ConfigureAwait(false);
await _policyRepository.Add(new Models.Policy
{
Id = Guid.NewGuid().ToString(),
Claims = new List <Models.Claim>
{
new Models.Claim
{
Type = SimpleIdServer.Core.Jwt.Constants.StandardResourceOwnerClaimNames.Subject,
Value = result.RequesterSubject
}
},
ResourceSetIds = new List <string>
{
result.ResourceId
},
Scopes = result.Scopes == null ? new List <string>() : result.Scopes.ToList()
}).ConfigureAwait(false);
}
catch
{
transaction.Rollback();
throw;
}
}
return(true);
}
public async Task <bool> Execute(string subject, string id)
{
if (string.IsNullOrWhiteSpace(subject))
{
throw new ArgumentNullException(nameof(subject));
}
if (string.IsNullOrWhiteSpace(id))
{
throw new ArgumentNullException(nameof(id));
}
var result = await _pendingRequestRepository.Get(id).ConfigureAwait(false);
if (result == null)
{
throw new UmaPolicyNotFoundException();
}
if (result.Resource.Owner != subject)
{
throw new UmaNotAuthorizedException();
}
await _pendingRequestRepository.Delete(id).ConfigureAwait(false);
return(true);
}
public async Task <ResourceValidationResult> Execute(string openidProvider, ResourceSet resource, TicketLineParameter ticketLineParameter, ClaimTokenParameter claimTokenParameter)
{
if (string.IsNullOrWhiteSpace(openidProvider))
{
throw new ArgumentNullException(nameof(openidProvider));
}
if (resource == null)
{
throw new ArgumentNullException(nameof(resource));
}
if (ticketLineParameter == null)
{
throw new ArgumentNullException(nameof(ticketLineParameter));
}
JwsPayload jwsPayload = null;
string subject = null;
if (claimTokenParameter != null && claimTokenParameter.Format == Constants.IdTokenType)
{
var idToken = claimTokenParameter.Token;
jwsPayload = await _jwtTokenParser.UnSign(idToken, openidProvider).ConfigureAwait(false);
var subjectClaim = jwsPayload.FirstOrDefault(c => c.Key == SimpleIdServer.Core.Jwt.Constants.StandardResourceOwnerClaimNames.Subject);
if (!subjectClaim.Equals(default(KeyValuePair <string, object>)) && subjectClaim.Value != null)
{
subject = subjectClaim.Value.ToString();
}
}
var validationsResult = new List <AuthorizationPolicyResult>();
var policies = resource.AuthPolicies;
if (policies != null && policies.Any())
{
foreach (var policy in policies)
{
if (ticketLineParameter.Scopes.Any(s => !policy.Scopes.Contains(s)))
{
validationsResult.Add(new AuthorizationPolicyResult
{
Type = AuthorizationPolicyResultEnum.NotAuthorized,
Policy = policy,
ErrorDetails = "the scope is not valid"
});
continue;
}
var clientAuthorizationResult = CheckClients(policy, ticketLineParameter);
if (clientAuthorizationResult != null && clientAuthorizationResult.Type != AuthorizationPolicyResultEnum.Authorized)
{
validationsResult.Add(clientAuthorizationResult);
continue;
}
var validationResult = CheckClaims(openidProvider, policy, jwsPayload);
validationsResult.Add(validationResult);
}
}
var vr = validationsResult.FirstOrDefault(v => v.Type == AuthorizationPolicyResultEnum.Authorized);
if (vr != null)
{
return(new ResourceValidationResult
{
IsValid = true
});
}
if (!resource.AcceptPendingRequest)
{
return(new ResourceValidationResult
{
IsValid = false,
AuthorizationPoliciesResult = validationsResult
});
}
if (!string.IsNullOrWhiteSpace(subject))
{
var pendingRequestLst = await _pendingRequestRepository.Get(resource.Id, subject).ConfigureAwait(false);
var pendingRequest = pendingRequestLst.FirstOrDefault(p => ticketLineParameter.Scopes.Count() == p.Scopes.Count() && ticketLineParameter.Scopes.All(s => p.Scopes.Contains(s)));
if (pendingRequest == null)
{
await _pendingRequestRepository.Add(new PendingRequest
{
Id = Guid.NewGuid().ToString(),
CreateDateTime = DateTime.UtcNow,
ResourceId = resource.Id,
IsConfirmed = false,
RequesterSubject = subject,
Scopes = ticketLineParameter.Scopes
}).ConfigureAwait(false);
return(new ResourceValidationResult
{
IsValid = false,
AuthorizationPoliciesResult = new[]
{
new AuthorizationPolicyResult
{
Type = AuthorizationPolicyResultEnum.RequestSubmitted,
ErrorDetails = "a request has been submitted"
}
}
});
}
}
return(new ResourceValidationResult
{
IsValid = false,
AuthorizationPoliciesResult = new[]
{
new AuthorizationPolicyResult
{
Type = AuthorizationPolicyResultEnum.RequestNotConfirmed,
ErrorDetails = "the request is not confirmed by the resource owner"
}
}
});
}
