public AccountAuthorizationRequest RejectRequest(AccountAuthorizationRequest request, NodeVisit visit)
{
ValidateByRole(visit, SystemRoleType.Admin);
ExceptionUtils.ThrowIfNull(request.Response, "request.Response");
if (!CollectionUtils.IsNullOrEmpty(request.RequestedFlows))
{
foreach (AccountAuthorizationRequestFlow flow in request.RequestedFlows)
{
flow.AccessGranted = false;
}
}
request.Response.AuthorizationAccountId = visit.Account.Id;
request.Response.DidCreateInNaas = false;
_accountAuthorizationRequestDao.DoRequestUpdate(request, visit.Account.NaasAccount, false);
string statusDetail = string.Format("{0} rejected authorization request from user \"{1} ({2})\": {3}",
visit.Account.NaasAccount, request.FullName, request.NaasAccount,
request.ToString());
ActivityManager.LogAudit(NodeMethod.None, null, request.TransactionId, visit, statusDetail);
return(request);
}
public UserAccount Get(string username, NodeVisit visit)
{
try
{
if (visit != null)
{
ValidateByRole(visit, SystemRoleType.Program);
}
UserAccount account = _accountDao.GetByName(username);
if (account == null)
{
throw new ArgumentException(string.Format("The user \"{0}\" was not found in the database", username));
}
ActivityManager.LogAudit(NodeMethod.None, null, visit, "{0} got user account: {1}.",
(visit != null) ? visit.Account.NaasAccount : null, account.ToString());
return(account);
}
catch (Exception e)
{
ActivityManager.LogError(NodeMethod.None, null, e, visit, "{0} failed to get user account: {1}.",
(visit != null) ? visit.Account.NaasAccount : null, username);
throw;
}
}
public void Delete(ConfigItem item, NodeVisit visit)
{
ValidateByRole(visit, SystemRoleType.Admin);
if (!item.IsEditable)
{
throw new InvalidOperationException("The item cannot be saved since it is not editable.");
}
lock (_lockObject)
{
TransactionTemplate.Execute(delegate
{
_configDao.Delete(item.Id);
lock (_lockObject)
{
if (_configItems.ContainsKey(item.Id.ToUpper()))
{
_configItems.Remove(item.Id.ToUpper());
}
}
ActivityManager.LogAudit(NodeMethod.None, null, visit, "{0} deleted configuration value: {1}.",
visit.Account.NaasAccount, item.ToString());
return(null);
});
}
}
public byte[] ExportSettingsAsZippedBytes(ImportExportSettings settingsToExport, NodeVisit visit)
{
ValidateByRole(visit, SystemRoleType.Admin);
NodeSettings nodeSettings = new NodeSettings();
string errorMessage = null;
if (EnumUtils.IsFlagSet(settingsToExport, ImportExportSettings.GlobalArguments))
{
nodeSettings.SetGlobalArguments(ConfigManager.Get(ConfigurationType.All));
}
if (EnumUtils.IsFlagSet(settingsToExport, ImportExportSettings.DataSources))
{
nodeSettings.SetDataSources(DataProviderManager.Get());
}
if (EnumUtils.IsFlagSet(settingsToExport, ImportExportSettings.NetworkPartners))
{
nodeSettings.SetNetworkPartners(PartnerManager.Get());
}
bool exportExchanges = EnumUtils.IsFlagSet(settingsToExport, ImportExportSettings.Exchanges);
bool exportServices = EnumUtils.IsFlagSet(settingsToExport, ImportExportSettings.Services);
if (exportExchanges || exportServices)
{
IList <DataFlow> flows = FlowManager.GetAllDataFlows(exportServices, false);
if (exportExchanges)
{
nodeSettings.SetExchanges(flows);
}
if (exportServices)
{
nodeSettings.SetServices(flows);
}
}
if (EnumUtils.IsFlagSet(settingsToExport, ImportExportSettings.Schedules))
{
IDictionary <string, string> flowIdToNameMap = FlowManager.GetAllFlowsIdToNameMap();
IDictionary <string, string> serviceIdToNameMap = ServiceManager.GetAllServicesIdToNameMap();
IDictionary <string, string> partnerIdToNameMap = PartnerManager.GetAllPartnersIdToNameMap();
nodeSettings.SetSchedules(ScheduleManager.GetSchedules(), flowIdToNameMap, serviceIdToNameMap,
partnerIdToNameMap, out errorMessage);
}
string tempFilePath = SettingsProvider.NewTempFilePath();
_compressionHelper.Compress("Settings.xml", _serializationHelper.SerializeWithLineBreaks(nodeSettings),
tempFilePath);
if (errorMessage != null)
{
_compressionHelper.Compress("Errors.txt", Encoding.UTF8.GetBytes(errorMessage), tempFilePath);
}
byte[] zippedData = File.ReadAllBytes(tempFilePath);
ActivityManager.LogAudit(NodeMethod.None, null, visit, "{0} exported the following node settings: {1}.",
visit.Account.NaasAccount, settingsToExport);
return(zippedData);
}
public void Remove(UserAccount instance, NodeVisit visit)
{
try
{
ValidateByRole(visit, SystemRoleType.Admin);
if (!CanRemoveUser(instance.NaasAccount, visit))
{
throw new InvalidOperationException(string.Format("The user \"{0}\" cannot be removed from the node",
instance.NaasAccount));
}
TransactionTemplate.Execute(delegate
{
_accountDao.Delete(instance);
ActivityManager.LogAudit(NodeMethod.None, null, visit, "{0} removed account: {1}.",
visit.Account.NaasAccount, instance.ToString());
return(null);
});
}
catch (Exception e)
{
ActivityManager.LogError(NodeMethod.None, null, e, visit, "{0} failed to remove user account: {1}.",
visit.Account.NaasAccount, instance.ToString());
throw;
}
}
public void Delete(DataProviderInfo instance, NodeVisit visit)
{
ValidateByRole(visit, SystemRoleType.Admin);
TransactionTemplate.Execute(delegate
{
_dataProviderDao.Delete(instance);
ActivityManager.LogAudit(NodeMethod.None, null, visit, "{0} deleted data source: {1}.",
visit.Account.NaasAccount, instance.ToString());
return(null);
});
}
public void DeleteFlow(DataFlow instance, NodeVisit visit)
{
ValidateCanEditFlowById(visit, instance.Id);
TransactionTemplate.Execute(delegate
{
_flowDao.Delete(instance);
ActivityManager.LogAudit(NodeMethod.None, instance.FlowName, visit, "{0} deleted data flow: {1}.",
visit.Account.NaasAccount, instance.ToString());
return(null);
});
}
public void Delete(ScheduledItem instance, NodeVisit visit)
{
ValidateCanEditFlowById(visit, instance.FlowId);
string flowName = _flowManager.GetDataFlowNameById(instance.FlowId);
TransactionTemplate.Execute(delegate
{
_scheduleDao.Delete(instance.Id);
ActivityManager.LogAudit(NodeMethod.None, flowName, instance.Name, visit, "{0} deleted scheduled item: {1}.",
visit.Account.NaasAccount, instance.ToString());
return(null);
});
}
public void InstallPluginForFlow(byte[] zipFileContent, string flowName, NodeVisit visit)
{
ValidateByRole(visit, SystemRoleType.Admin);
string flowId = GetDataFlowIdByName(flowName);
if (flowId == null)
{
throw new ArgumentException(string.Format("Unrecognized flow name: \"{0}\"",
flowName));
}
string auditMessage = _pluginLoader.InstallPluginForFlow(zipFileContent, visit.Account.Id, flowId);
ActivityManager.LogAudit(NodeMethod.None, flowName, visit, "{0} installed plugin for flow: {1}. Message: {2}",
visit.Account.NaasAccount, flowName, auditMessage);
}
public UserAccount GetById(string id, NodeVisit visit)
{
try
{
ValidateByRole(visit, SystemRoleType.Program);
UserAccount account = _accountDao.GetById(id);
ActivityManager.LogAudit(NodeMethod.None, null, visit, "{0} got user account: {1}.",
visit.Account.NaasAccount, account.ToString());
return(account);
}
catch (Exception e)
{
ActivityManager.LogError(NodeMethod.None, null, e, visit, "{0} failed to get user account: {1}.",
visit.Account.NaasAccount, id);
throw;
}
}
public UserAccount GetByName(string username, NodeVisit visit)
{
try
{
ValidateByRole(visit, SystemRoleType.Admin);
UserAccount account = EndpointUserDao.GetByName(username);
ActivityManager.LogAudit(NodeMethod.None, null, visit, "{0} got user account: {1}.",
visit.Account.NaasAccount, account.ToString());
return(account);
}
catch (Exception e)
{
ActivityManager.LogError(NodeMethod.None, null, e, visit, "{0} failed to get user account: {1}.",
visit.Account.NaasAccount, username);
throw;
}
}
public IList <UserAccount> Get(NodeVisit visit)
{
try
{
ValidateByRole(visit, SystemRoleType.Program);
IList <UserAccount> accounts = _accountDao.Get();
ActivityManager.LogAudit(NodeMethod.None, null, visit, "{0} got all user accounts.",
visit.Account.NaasAccount);
return(accounts);
}
catch (Exception e)
{
ActivityManager.LogError(NodeMethod.None, null, e, visit, "{0} failed to get all user accounts.",
visit.Account.NaasAccount);
throw;
}
}
public void Remove(UserAccount instance, NodeVisit visit)
{
ValidateByRole(visit, SystemRoleType.Admin);
if (instance == null)
{
throw new ArgumentException("Input values are null.");
}
instance.ModifiedById = visit.Account.Id;
TransactionTemplate.Execute(delegate
{
EndpointUserDao.Remove(instance);
ActivityManager.LogAudit(NodeMethod.None, null, visit, "{0} removed endpoint user: {1}.",
visit.Account.NaasAccount, instance.NaasAccount);
return(null);
});
}
public DataFlow SaveFlow(DataFlow instance, NodeVisit visit)
{
ValidateCanEditFlowById(visit, instance.Id);
if ((instance == null))
{
throw new ArgumentException("Input values are null.");
}
instance.ModifiedById = visit.Account.Id;
TransactionTemplate.Execute(delegate
{
_flowDao.Save(instance);
ActivityManager.LogAudit(NodeMethod.None, instance.FlowName, visit, "{0} saved flow: {1}.",
visit.Account.NaasAccount, instance.ToString());
return(null);
});
return(instance);
}
public PartnerIdentity Save(PartnerIdentity instance, NodeVisit visit)
{
ValidateByRole(visit, SystemRoleType.Admin);
if ((instance == null) || string.IsNullOrEmpty(instance.Url) ||
string.IsNullOrEmpty(instance.Name))
{
throw new ArgumentException("Input values are null.");
}
instance.ModifiedById = visit.Account.Id;
TransactionTemplate.Execute(delegate
{
_partnerDao.Save(instance);
ActivityManager.LogAudit(NodeMethod.None, null, visit, "{0} saved partner identity: {1}.",
visit.Account.NaasAccount, instance.ToString());
return(null);
});
return(instance);
}
public UserAccount Save(UserAccount instance, string testNaasPassword, string prodNaasPassword, NodeVisit visit)
{
ValidateByRole(visit, SystemRoleType.Admin);
if ((instance == null) || string.IsNullOrEmpty(instance.NaasAccount) ||
string.IsNullOrEmpty(testNaasPassword) || string.IsNullOrEmpty(prodNaasPassword))
{
throw new ArgumentException("Input values are null.");
}
instance.ModifiedById = visit.Account.Id;
TransactionTemplate.Execute(delegate
{
EndpointUserDao.Save(instance, testNaasPassword, prodNaasPassword);
ActivityManager.LogAudit(NodeMethod.None, null, visit, "{0} saved endpoint user: {1}.",
visit.Account.NaasAccount, instance.NaasAccount);
return(null);
});
return(instance);
}
public ScheduledItem RunNow(ScheduledItem instance, NodeVisit visit)
{
if ((instance == null))
{
throw new ArgumentException("Input values are null.");
}
ValidateCanViewFlowById(visit, instance.FlowId);
string flowName = _flowManager.GetDataFlowNameById(instance.FlowId);
TransactionTemplate.Execute(delegate
{
_scheduleDao.RunNow(instance);
ActivityManager.LogAudit(NodeMethod.None, flowName, instance.Name, visit, "{0} ran scheduled item: {1}.",
visit.Account.NaasAccount, instance.ToString());
return(null);
});
return(instance);
}
public UserAccount Save(UserAccount userAccount, IList <SimpleFlowNotification> notifications,
NodeVisit visit)
{
try
{
ValidateByRole(visit, SystemRoleType.Program);
_notificationDao.SaveNotifications(userAccount.Id, visit.Account.Id, notifications);
ActivityManager.LogAudit(NodeMethod.None, null, visit, "{0} saved notifications for user: {1}.",
visit.Account.NaasAccount, userAccount.NaasAccount);
return(userAccount);
}
catch (Exception e)
{
ActivityManager.LogError(NodeMethod.None, null, e, visit, "{0} failed to save notifications for user: {1}.",
visit.Account.NaasAccount, userAccount.NaasAccount);
throw;
}
}
public DataProviderInfo Save(DataProviderInfo instance, NodeVisit visit)
{
ValidateByRole(visit, SystemRoleType.Admin);
if ((instance == null) || string.IsNullOrEmpty(instance.Name) || string.IsNullOrEmpty(instance.ConnectionString) ||
string.IsNullOrEmpty(instance.ProviderType))
{
throw new ArgumentException("Input values are null.");
}
instance.ModifiedById = visit.Account.Id;
TransactionTemplate.Execute(delegate
{
_dataProviderDao.Save(instance);
ActivityManager.LogAudit(NodeMethod.None, null, visit, "{0} saved data source: {1}.",
visit.Account.NaasAccount, instance.ToString());
return(null);
});
return(instance);
}
public ConfigItem Save(string curItemId, ConfigItem item, NodeVisit visit)
{
ValidateByRole(visit, SystemRoleType.Admin);
ParsingHelper.ValidateKey(item.Id);
if (!item.IsEditable)
{
throw new InvalidOperationException("The item cannot be saved since it is not editable.");
}
ConfigItem saveItem = new ConfigItem(item);
saveItem.ModifiedById = visit.Account.Id;
saveItem.Value = _cryptographyProvider.Encrypt(item.Value);
lock (_lockObject)
{
TransactionTemplate.Execute(delegate
{
_configDao.Save(curItemId, saveItem);
lock (_lockObject)
{
if (!string.IsNullOrEmpty(curItemId))
{
if (_configItems.ContainsKey(curItemId.ToUpper()))
{
_configItems.Remove(curItemId.ToUpper());
}
}
_configItems[item.Id.ToUpper()] = item;
}
ActivityManager.LogAudit(NodeMethod.None, null, visit, "{0} updated configuration value: {1}.",
visit.Account.NaasAccount, saveItem.ToString());
return(null);
});
item.ModifiedById = saveItem.ModifiedById;
item.ModifiedOn = saveItem.ModifiedOn;
}
return(item);
}
public UserAccount ResetPassword(string currentPassword, string newPassword,
UserAccount instance, NodeVisit visit)
{
try
{
ValidateByRole(visit, SystemRoleType.Program);
_naasManager.ChangePassword(instance.NaasAccount, currentPassword,
newPassword);
ActivityManager.LogAudit(NodeMethod.None, null, visit, "{0} reset password for user account: {1}.",
visit.Account.NaasAccount, instance.ToString());
return(instance);
}
catch (Exception e)
{
ActivityManager.LogError(NodeMethod.None, null, e, visit, "{0} failed to reset password for user account: {1}.",
visit.Account.NaasAccount, instance.ToString());
throw;
}
}
public UserAccount ResetPassword(UserAccount instance, NodeVisit visit)
{
try
{
ValidateByRole(visit, SystemRoleType.Admin);
string newPassword = GenerateRandomPassword();
_naasManager.ResetPassword(instance.NaasAccount, newPassword);
ActivityManager.LogAudit(NodeMethod.None, null, visit, "{0} reset password for user account: {1}.",
visit.Account.NaasAccount, instance.ToString());
_notificationManager.DoChangePasswordNotifications(instance.NaasAccount, newPassword);
return(instance);
}
catch (Exception e)
{
ActivityManager.LogError(NodeMethod.None, null, e, visit, "{0} failed to reset password for user account: {1}.",
visit.Account.NaasAccount, instance.ToString());
throw;
}
}
public UserAccount Save(UserAccount instance, bool allowCreateInNaasIfNecessary, string naasCreatePassword,
NodeVisit visit)
{
try
{
if ((instance == null) || string.IsNullOrEmpty(instance.NaasAccount))
{
throw new ArgumentException("Input values are null.");
}
bool createInDB = string.IsNullOrEmpty(instance.Id);
bool needToCreateInNAAS = !_naasManager.UserExists(instance.NaasAccount);
if (needToCreateInNAAS && string.IsNullOrEmpty(naasCreatePassword))
{
throw new ArgumentException("Password cannot be empty.");
}
if (needToCreateInNAAS && !allowCreateInNaasIfNecessary)
{
throw new ArgumentException(string.Format("The user \"{0}\" does not exist in NAAS and cannot be added to the node", instance.NaasAccount));
}
string activityFormatString;
if (createInDB)
{
if (needToCreateInNAAS)
{
activityFormatString = "{0} created user account on this local node and within NAAS: {1}.";
}
else
{
activityFormatString = "{0} created user account on this local node: {1}.";
}
}
else
{
if (needToCreateInNAAS)
{
activityFormatString = "{0} saved user account on this local node and created account within NAAS: {1}.";
}
else
{
activityFormatString = "{0} saved user account on this local node: {1}.";
}
}
instance.Policies =
_accountPolicyManager.CleanseFlowPoliciesForUser(instance.Role, instance.Policies);
string naasPassword = null;
if (needToCreateInNAAS)
{
// First, attempt to create the user in NAAS
naasPassword = _naasManager.CreateUser(instance.NaasAccount, naasCreatePassword,
instance.Role);
}
instance.ModifiedById = visit.Account.Id;
TransactionTemplate.Execute(delegate
{
_accountDao.Save(instance);
ActivityManager.LogAudit(NodeMethod.None, null, visit, activityFormatString,
visit.Account.NaasAccount, instance.ToString());
return(null);
});
if (needToCreateInNAAS)
{
_notificationManager.DoNewNaasAccountNotifications(instance.NaasAccount,
naasCreatePassword,
(instance.Role == SystemRoleType.Authed));
}
else if (createInDB)
{
_notificationManager.DoNewNodeAccountNotifications(instance.NaasAccount,
(instance.Role == SystemRoleType.Authed));
}
return(instance);
}
catch (Exception e)
{
ActivityManager.LogError(NodeMethod.None, null, e, visit, "{0} failed to save user account: {1}.",
visit.Account.NaasAccount, instance.ToString());
throw;
}
}
public AccountAuthorizationRequest AcceptRequest(AccountAuthorizationRequest request, NodeVisit visit)
{
ValidateByRole(visit, SystemRoleType.Admin);
ExceptionUtils.ThrowIfNull(request.Response, "request.Response");
IDictionary <string, string> upperFlowNameToIdMap = _flowManager.GetAllProtectedUpperDataFlowNamesToIdMap();
bool userExists = ValidateUserExistance(request.NaasAccount, request.AffiliatedNodeId,
null, upperFlowNameToIdMap);
string password = _accountManager.GenerateRandomPassword();
UserAccount userAccount = _accountDao.GetByName(request.NaasAccount);
List <UserAccessPolicy> policies = null;
if (userAccount == null)
{
userAccount = new UserAccount();
userAccount.ModifiedById = visit.Account.Id;
userAccount.NaasAccount = request.NaasAccount;
userAccount.Role = SystemRoleType.Authed;
}
else
{
if (!CollectionUtils.IsNullOrEmpty(userAccount.Policies))
{
policies = new List <UserAccessPolicy>(userAccount.Policies);
}
}
userAccount.IsActive = true;
if (!CollectionUtils.IsNullOrEmpty(request.RequestedFlows))
{
foreach (AccountAuthorizationRequestFlow requestedFlow in request.RequestedFlows)
{
UserAccessPolicy curPolicy = GetPolicyForFlow(requestedFlow.FlowName, policies);
bool foundFlow = (curPolicy != null);
if (foundFlow && !requestedFlow.AccessGranted)
{
policies.Remove(curPolicy);
}
else if (!foundFlow && requestedFlow.AccessGranted)
{
UserAccessPolicy policy =
_accountPolicyManager.CreatePolicy(userAccount.Role, null, requestedFlow.FlowName,
FlowRoleType.Endpoint);
policy.ModifiedById = visit.Account.Id;
CollectionUtils.Add(policy, ref policies);
}
}
userAccount.Policies = policies;
}
_accountManager.Save(userAccount, true, password, visit);
request.Response.AuthorizationAccountId = visit.Account.Id;
request.Response.DidCreateInNaas = !userExists;
_accountAuthorizationRequestDao.DoRequestUpdate(request, visit.Account.NaasAccount, true);
string statusDetail = string.Format("{0} accepted authorization request from user \"{1} ({2})\": {3}",
visit.Account.NaasAccount, request.FullName, request.NaasAccount,
request.ToString());
ActivityManager.LogAudit(NodeMethod.None, null, request.TransactionId, visit, statusDetail);
return(request);
}
/// <summary>
/// Check to see if the input request is already valid (user exists in NAAS and the node and already has access to
/// the requested flows. If so, automatically set the request to Accepted, thereby bypassing the need for
/// the node Admin to formally accept the request.
/// </summary>
protected void CheckForAlreadyValidAuthorizationRequest(AccountAuthorizationRequest item)
{
UserAccount userAccount = null;
try
{
userAccount = _accountManager.GetByName(item.NaasAccount);
}
catch (Exception)
{
}
if ((userAccount != null) && userAccount.IsActive)
{
IList <string> protectedFlows = _flowManager.GetProtectedFlowNames();
bool hasAccessToAllRequestedFlows = true;
IList <AccountAuthorizationRequestFlow> requestedFlows = null;
if (!CollectionUtils.IsNullOrEmpty(protectedFlows))
{
if (CollectionUtils.IsNullOrEmpty(item.RequestedFlows))
{
// If item.RequestedFlows == null, this is a request to grant access to all protected flows
requestedFlows = new List <AccountAuthorizationRequestFlow>(protectedFlows.Count);
foreach (string flowName in protectedFlows)
{
requestedFlows.Add(new AccountAuthorizationRequestFlow(flowName));
}
}
else
{
// Deep copy the list so that we can update element without affecting the "real" request
// until we are sure we will accept the user
requestedFlows = new List <AccountAuthorizationRequestFlow>(item.RequestedFlows.Count);
foreach (AccountAuthorizationRequestFlow requestedFlow in item.RequestedFlows)
{
requestedFlows.Add(new AccountAuthorizationRequestFlow(requestedFlow.FlowName));
}
}
// Check that the user has access to all the requested flows:
IDictionary <string, string> upperFlowNameToIdMap = _flowManager.GetAllProtectedUpperDataFlowNamesToIdMap();
foreach (AccountAuthorizationRequestFlow requestedFlow in requestedFlows)
{
if (upperFlowNameToIdMap.ContainsKey(requestedFlow.FlowName.ToUpper()))
{
if (!HasPolicyForFlow(requestedFlow.FlowName, userAccount.Policies))
{
hasAccessToAllRequestedFlows = false;
break;
}
else
{
requestedFlow.AccessGranted = true;
}
}
}
}
if (hasAccessToAllRequestedFlows)
{
// Validate that the user is actually in NAAS
if (_naasManager.UserExists(userAccount.NaasAccount))
{
// Accept this user automatically
item.RequestedFlows = requestedFlows;
item.Response = new AccountAuthorizationResponse();
item.Response.AuthorizationAccountId = _accountManager.AdminAccount.Id;
item.Response.AuthorizationComments = "The node admin automatically accepted the request since all requested policies are currently active";
item.Response.DidCreateInNaas = false;
_accountAuthorizationRequestDao.DoRequestUpdate(item, _accountManager.AdminAccount.NaasAccount, true);
string statusDetail = string.Format("Automatically accepted authorization request from user \"{0} ({1})\" since all requested policies are currently active: {2}",
item.FullName, item.NaasAccount, item.ToString());
ActivityManager.LogAudit(NodeMethod.None, null, item.TransactionId, null, statusDetail);
}
}
}
}