public ApiUserInfo UserInfo(string userName)
{
if (userName != "deleted" && !Utils.User.UserExists(userName))
{
throw new HttpResponseException(HttpStatusCode.NotFound);
}
if (userName == "deleted")
{
throw new HttpResponseException(HttpStatusCode.NotFound);
}
var resultModel = new ApiUserInfo();
var userBadgesList = Utils.User.UserBadges(userName);
var resultBadgesList = userBadgesList.Select(item => new ApiUserBadge {
Awarded = item.Awarded, BadgeName = item.Badge.BadgeName
}).ToList();
resultModel.Name = userName;
resultModel.CCP = Karma.CommentKarma(userName);
resultModel.LCP = Karma.LinkKarma(userName);
resultModel.RegistrationDate = Utils.User.GetUserRegistrationDateTime(userName);
resultModel.Badges = resultBadgesList;
return(resultModel);
}
/// <summary>
/// Validate user permissions.
/// </summary>
/// <param name="user">User info.</param>
/// <param name="requiredPermissions">Required permission.</param>
protected bool IsUserHasAccess(ApiUserInfo user, params string[] requiredPermissions)
{
// if no permissions configured, any authorized user has access
if (!requiredPermissions.Any())
{
return(true);
}
// if user is anonymous and there is required permissions, then deny access
if (user.IsAnonymous)
{
return(false);
}
// admin permission to allow everything
if (user.Permissions.Any(x => x.Equals(SystemAdminPermission, StringComparison.InvariantCultureIgnoreCase)))
{
return(true);
}
// try to find required permissions
var result = user.Permissions.Intersect(requiredPermissions, StringComparer.InvariantCultureIgnoreCase).Any();
return(result);
}
public ApiUserInfo UserInfo(string userName)
{
if (String.IsNullOrWhiteSpace(userName) || userName == "deleted" || (userName != "deleted" && !UserHelper.UserExists(userName)))
{
throw new HttpResponseException(HttpStatusCode.NotFound);
}
ApiUserInfo userInfo = CacheHandler.Instance.Register <ApiUserInfo>(String.Format("Legacy:Api:UserInfo.{0}", userName),
new Func <ApiUserInfo>(() =>
{
using (voatEntities db = new voatEntities(CONSTANTS.CONNECTION_READONLY))
{
var resultModel = new ApiUserInfo();
var userData = new Domain.UserData(userName);
var info = userData.Information;
resultModel.Name = userName;
resultModel.CCP = info.CommentPoints.Sum;
resultModel.LCP = info.SubmissionPoints.Sum;
resultModel.RegistrationDate = info.RegistrationDate;
resultModel.Badges = info.Badges.Select(badge => new ApiUserBadge {
Awarded = badge.CreationDate, BadgeName = badge.Name
}).ToList();
return(resultModel);
}
}), TimeSpan.FromMinutes(90));
return(userInfo);
}
/// <summary>
/// Try to execute route handler.
/// </summary>
/// <param name="route">Route name.</param>
/// <param name="requestContent">Request content.</param>
/// <param name="statusCode">Result http status code.</param>
/// <param name="responseContent">Response body.</param>
/// <returns></returns>
private bool TryToExecuteHandler(ApiUserInfo userInfo, string route, string requestContent, HttpListenerContext context, out int statusCode, out object responseContent)
{
responseContent = default;
statusCode = 200;
// let's find handler for requested route name
if (!_apiRoutes.TryGetHandler(route, out var routeHandler, userInfo.IsAnonymous))
{
_logger.Warning($"Route not found: {route}");
statusCode = 404;
return(false);
}
try
{
// execute handler
responseContent = routeHandler.Invoke(new ApiRouteRequestArgs <string>(userInfo, requestContent, context));
}
catch (Exception ex)
{
if (ex is ApiCommandNotFoundException)
{
_logger.Warning(ex.Message);
statusCode = 404;
}
else if (ex is SecurityException)
{
_logger.Warning($"User '{userInfo.Name}' access error");
statusCode = 403;
}
else if (ex is ArgumentException || ex is TargetInvocationException)
{
_logger.Warning($"Route handler ({route}) throw exception cause wrong arguments");
statusCode = 400;
}
else if (ex is JsonReaderException || ex is JsonSerializationException)
{
_logger.Error($"Can't deserialize request body to expected type");
_logger.Error(ex.Message);
statusCode = 400;
}
else
{
_logger.Error(ex, $"Route handler ({route}) throw exception ({ex.GetType().Name})");
statusCode = 500;
}
return(false);
}
return(true);
}
/// <summary>
/// Looking got user by name.
/// </summary>
/// <param name="user">User name.</param>
/// <param name="userInfo">Found user info.</param>
/// <returns></returns>
private static bool TryGetUser(string user, out ApiUserInfo userInfo)
{
userInfo = default;
// let's find user options
lock (UsersLocker) userInfo = Users.FirstOrDefault(x => x.Name.Equals(user, StringComparison.InvariantCultureIgnoreCase));
if (userInfo == default)
{
return(false);
}
return(true);
}
/// <inheritdoc cref="IHookRoute"/>
public object OnCallHook(ApiUserInfo user, ApiHookRequest apiHookInfo)
{
const string hooksAccessPermission = "hooks";
if (!IsUserHasAccess(user, hooksAccessPermission))
{
throw new SecurityException($"User '{user}' hasn't required permission '{hooksAccessPermission}'");
}
var result = RustApiExtension.OxideHelper.CallHook(apiHookInfo.HookName, apiHookInfo.Parameters);
return(result);
}
public void FromApiUserInfo_Null()
{
// ARRANGE
UserInfo expected = null;
ApiUserInfo param = null;
// ACT
UserInfo actual = UserMapper.FromApiUserInfo(param);
// ASSERT
Assert.Equal(expected, actual, new UserInfoComparer());
}
public ApiUserInfo Login([FromBody] ApiUserInfo ui)
{
var userInfor = userService.Login(ui.Username, ui.Password, ui.RemeberMe);
if (userInfor != null)
{
Dictionary <string, object> result = new Dictionary <string, object>();
return(userInfor);
}
return(new ApiUserInfo());
}
/// <inheritdoc />
public IReadOnlyList <object> OnCallCommand(ApiUserInfo user, ApiCommandRequest request)
{
var result = new List <object>();
// let's inform client in case if there is no any commands
if (!_apiPlugins.Any())
{
throw new ApiCommandNotFoundException($"No methods found for the command '{request.CommandName}'");
}
var found = false;
foreach (var apiPlugin in _apiPlugins)
{
// let's try to find target methods with same command name
var apiCommands = apiPlugin.Methods
// looking for command by name
.Where(x => x.ApiInfo.CommandName.Equals(request.CommandName, StringComparison.InvariantCultureIgnoreCase))
// filter by required and user permissions
.Where(x => IsUserHasAccess(user, x.ApiInfo.RequiredPermissions));
// in case if command with requested name not found
if (!apiCommands.Any())
{
continue;
}
found = true;
// execute api methods and build response
foreach (var apiMethod in apiCommands)
{
var methodResult = ExecuteMethod(apiPlugin, apiMethod, request, user);
if (methodResult != default)
{
result.Add(methodResult);
}
}
}
if (!found) // in case if command with requested name not found
{
var userName = user.IsAnonymous ? "Anonymous" : user.Name;
throw new ApiCommandNotFoundException($"Command '{request.CommandName}' not found for user '{userName}'");
}
return(result);
}
internal static UserInfo FromApiUserInfo(ApiUserInfo apiUserInfo)
{
if (apiUserInfo == null)
{
return(null);
}
UserInfo userInfo = new UserInfo {
Id = apiUserInfo.Id,
DisplayName = apiUserInfo.DisplayName,
AvatarUUID = apiUserInfo.AvatarUuid
};
return(userInfo);
}
[InlineData(false, "feature-1", "feature-2", "feature-3", "admin")] // user not admin no one required permission has
public void IsUserHasAccess_Default_Expected(bool expectedResult, string userP1, string userP2, string reqP1, string reqP2)
{
// arrange
var userPermissions = new[] { userP1, userP2 }.Where(x => !string.IsNullOrEmpty(x)).ToList();
var requiredPermissions = new[] { reqP1, reqP2 }.Where(x => !string.IsNullOrEmpty(x)).ToArray();
var user = new ApiUserInfo("TestUser", "SuperSecret", userPermissions);
// act
var method = typeof(TestRoute).GetMethod("IsUserHasAccess", BindingFlags.Instance | BindingFlags.NonPublic);
var result = method?.Invoke(new TestRoute(), new object[] { user, requiredPermissions }) as bool?;
// assert
Assert.NotNull(result);
Assert.Equal(expectedResult, result.Value);
}
public void FromApiUserInfo()
{
// ARRANGE
UserInfo expected = FactoryUser.UserInfo;
ApiUserInfo param = new ApiUserInfo {
Id = expected.Id.Value,
DisplayName = expected.DisplayName,
AvatarUuid = expected.AvatarUUID
};
// ACT
UserInfo actual = UserMapper.FromApiUserInfo(param);
// ASSERT
Assert.Equal(expected, actual, new UserInfoComparer());
}
/// <inheritdoc />
public bool TryToGetUser(string name, out ApiUserInfo userInfo)
{
if (string.IsNullOrEmpty(name))
{
userInfo = ApiUserInfo.Anonymous;
return(false);
}
// try to find user info
if (!TryGetUser(name, out userInfo))
{
_logger.Warning($"User '{name}' not found.");
return(false);
}
return(true);
}
public void 인증토큰발행_서비스_실행()
{
User user = loginService.Login("1", "2222");
ApiUserInfo apiUserInfo = apiUserValidService.Validate("apikey1");
var tokenInfo = tokenService.GetToken(user, apiUserInfo);
string oldjwtToken = tokenInfo.JwtToken;
string oldRefreshToken = tokenInfo.RefreshToken;
var oldPrincipal = tokenService.GetPrincipalFromExpiredToken(oldjwtToken, false);
Assert.Equal("test1", oldPrincipal.FindFirst(x => x.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier").Value);
Assert.Equal("1", oldPrincipal.FindFirst(x => x.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name").Value);
Assert.Equal("https://apis.donga.ac.kr/auth", oldPrincipal.FindFirst(x => x.Type == "iss").Value);
Assert.Equal("https://test1.donga.ac.kr", oldPrincipal.FindFirst(x => x.Type == "aud").Value);
// 잘못된 RefreshToken 값을 넣으면 예외 Throw..
Assert.Throws <SecurityTokenException>(() => tokenService.RefreshToken(oldjwtToken, "WrongRefreshToken"));
var newTokenInfo = tokenService.RefreshToken(oldjwtToken, oldRefreshToken);
string newJwtToken = newTokenInfo.JwtToken;
string newRefreshToken = newTokenInfo.RefreshToken;
Assert.NotEqual(oldjwtToken, newJwtToken);
Assert.NotEqual(oldRefreshToken, newRefreshToken);
var newPrincipal = tokenService.GetPrincipalFromExpiredToken(newJwtToken, false);
Assert.Equal("test1", newPrincipal.FindFirst(x => x.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier").Value);
Assert.Equal("1", newPrincipal.FindFirst(x => x.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name").Value);
Assert.Equal("https://apis.donga.ac.kr/auth", newPrincipal.FindFirst(x => x.Type == "iss").Value);
Assert.Equal("https://test1.donga.ac.kr", newPrincipal.FindFirst(x => x.Type == "aud").Value);
}
/// <summary>
/// Notifies the user to drink
/// </summary>
/// <param name="progress">Current progress</param>
/// <param name="info">Current user's info</param>
public void NotifyEnsure(int progress, ApiUserInfo info)
{
// get all relevant constants from xml
var notifications = context.GetSystemService <NotificationManager>(Context.NotificationService);
var channelId = context.GetString(Resource.String.EnsureNotificationChannelId);
var channelName = context.GetString(Resource.String.EnsureNotificationChannelName);
var channelDesc = context.GetString(Resource.String.EnsureNotificationChannelDesc);
string title = $"{info.UserName}, Don't forget to drink!";
string txt = $"Currently { progress } out of { info.DailyTarget }";
Notification.Builder notificationBuilder;
if (BuildVersionCodes.O <= Build.VERSION.SdkInt) // Oreo+ version
{
// Create channel for Oreo+
notifications.CreateNotificationChannel(
new NotificationChannel(channelId, channelName, NotificationImportance.High)
{
Description = channelDesc
});
// create notification
notificationBuilder = new Notification.Builder(context, channelId);
}
else // legacy notification - no channel!
{
notificationBuilder = new Notification.Builder(context);
}
// finish building notification
var notification = notificationBuilder
.SetContentTitle(title)
.SetContentText(txt)
.SetSmallIcon(Resource.Drawable.droplet)
.SetContentIntent(
PendingIntent.GetActivity(
context, 0, new Intent(context, typeof(MainActivity)),
PendingIntentFlags.Immutable
)
).Build();
notifications.Cancel(NotificationId); // cancel previous one
notifications.Notify(NotificationId, notification); // send new one
}
public virtual TokenInfo GetToken(User user, ApiUserInfo apiUserInfo)
{
try
{
TokenInfo tokenInfo = new TokenInfo();
tokenInfo.JwtToken = this.CreatJwtToken(user.Id, user.UserName, apiUserInfo.ServiceUrl);
tokenInfo.UserId = user.Id;
tokenInfo.UserName = user.UserName;
tokenInfo.RefreshToken = this.CreateRefreshToken();
// RefreshToken 업데이트
this.UpdateRefreshToken(user.Id, apiUserInfo.ServiceUrl, tokenInfo.RefreshToken);
return(tokenInfo);
}
catch (Exception ex)
{
throw ex;
}
}
/// <summary>
/// Returns the next time where a check and notification should get done.
/// </summary>
/// <param name="progress">The current progress of the user today</param>
/// <param name="userInfo">The information of the user</param>
/// <returns>When should next check get triggered</returns>
private DateTime GetNextSchedule(int progress, ApiUserInfo userInfo)
{
DateTime toReturn = DateTime.Today.AddDays(1).AddHours(8);
const int StartTime = 9;
const int EndTime = 21;
int drinksLeft = userInfo.DailyTarget - progress;
var timeUntilEnd = DateTime.Today.AddHours(EndTime) - DateTime.Now;
if (drinksLeft > 0 && // if the user should drink more today
DateTime.Now.Hour >= StartTime &&
timeUntilEnd > TimeSpan.Zero) // and in range of notifications
{
var timeSpanUntilNext = timeUntilEnd / drinksLeft;
var timeOfNext = DateTime.Now.Add(timeSpanUntilNext);
toReturn = timeOfNext;
}
return(toReturn);
}
public ApiUserInfo Login(string userName, string password, bool?rememberMe)
{
var userInfor = new ApiUserInfo();
var passEnscrypt = Ulti.Md5Hash(password);
var test = db.Users.ToList();
var user = db.Users.Where(u => u.f_Username == userName && u.f_Password == passEnscrypt).FirstOrDefault();
if (user != null)
{
user.f_Password = "";
userInfor.Username = userName;
userInfor.Permission = Ulti.PermissionMapTo(user.f_Permission);
userInfor.RemeberMe = rememberMe;
userInfor.FullInfo = this._mapper.Map <User, ApiUser>(user);
}
else
{
throw new Exception("Tên đăng nhập hoặc mật khẩu không đúng");
}
return(userInfor);
}
/// <inheritdoc />
public ApiUserInfo AddUser(string name, string secret, params string[] permissions)
{
if (name == null)
{
throw new ArgumentNullException(nameof(name));
}
if (secret == null)
{
throw new ArgumentNullException(nameof(secret));
}
var exist = Users.SingleOrDefault(x => x.Name.Equals(name, StringComparison.InvariantCultureIgnoreCase));
// remove exist player info
if (exist != default)
{
Users.Remove(exist);
}
var userPermissions = exist?.Permissions ?? new List <string>();
// setup permissions
foreach (var permission in permissions)
{
if (!userPermissions.Contains(permission, StringComparer.InvariantCultureIgnoreCase))
{
userPermissions.Add(permission);
}
}
// add user
var result = new ApiUserInfo(name, secret, userPermissions);
lock (UsersLocker) Users.Add(result);
OptionsManager.WriteOptions(UsersFileName, Users, _container);
return(result);
}
public List <ApiUserInfo> GetUserList()
{
var result = new List <ApiUserInfo>();
using var provider = (new CognitoUserManager()).GetCognitoIdentityProvider();
var request = new ListUsersRequest
{
UserPoolId = CognitoSettings.Values.UserPoolId,
Filter = ""
};
ListUsersResponse response = null;
do
{
request.PaginationToken = response?.PaginationToken;
try
{
response = provider.ListUsersAsync(request, System.Threading.CancellationToken.None).ConfigureAwait(false)
.GetAwaiter().GetResult();
}
catch (AmazonCognitoIdentityProviderException e)
{
throw new CognitoServiceException("Failed to retrieve the list of users from Cognito.", e);
}
foreach (var user in response.Users)
{
var info = new ApiUserInfo();
info.Name = user.Username;
info.Status = user.UserStatus.Value;
info.Attributes = user.Attributes.ToDictionary(attribute => attribute.Name, attribute => attribute.Value);
result.Add(info);
}
} while (!string.IsNullOrEmpty(response.PaginationToken));
return(result);
}
public ApiUserInfo UserInfo(string userName)
{
if (userName != "deleted" && !UserHelper.UserExists(userName))
{
throw new HttpResponseException(HttpStatusCode.NotFound);
}
if (userName == "deleted")
{
throw new HttpResponseException(HttpStatusCode.NotFound);
}
ApiUserInfo userInfo = CacheHandler.Register <ApiUserInfo>(String.Format("LegacyApi.UserInfo.{0}", userName),
new Func <ApiUserInfo>(() =>
{
using (voatEntities db = new voatEntities(CONSTANTS.CONNECTION_READONLY))
{
var resultModel = new ApiUserInfo();
var userBadgesList = UserHelper.UserBadges(userName);
var resultBadgesList = userBadgesList.Select(item => new ApiUserBadge {
Awarded = item.CreationDate, BadgeName = item.Badge.Name
}).ToList();
resultModel.Name = userName;
resultModel.CCP = Karma.CommentKarma(userName);
resultModel.LCP = Karma.LinkKarma(userName);
resultModel.RegistrationDate = UserHelper.GetUserRegistrationDateTime(userName);
resultModel.Badges = resultBadgesList;
return(resultModel);
}
}), TimeSpan.FromMinutes(90));
return(userInfo);
}
/// <inheritdoc />
public bool TryToGetUser(HttpListenerContext context, out ApiUserInfo userInfo)
{
var user = context.Request.Headers[UserHeaderName];
var secret = context.Request.Headers[SecretHeaderName];
// if user name wasn't sent
if (string.IsNullOrEmpty(user))
{
userInfo = ApiUserInfo.Anonymous;
return(true);
}
// try to find user info
if (!TryGetUser(user, out userInfo))
{
_logger.Warning($"User '{user}' not found.");
return(false);
}
// validate args
if (string.IsNullOrEmpty(secret))
{
_logger.Warning($"Current 'secret' value can't be empty for user '{user}'");
return(false);
}
// compare secrets
var result = secret.Equals(userInfo.Secret, StringComparison.InvariantCultureIgnoreCase);
if (!result)
{
_logger.Warning($"Incorrect 'secret' for user '{user}'");
}
return(result);
}
/// <inheritdoc />
public object OnUserInfo(ApiUserInfo user) => new
{
user.Name,
user.Permissions
};
/// <summary>
/// Execute method.
/// </summary>
/// <param name="commandsPluginInfo">Api plugin information.</param>
/// <param name="commandMethodInfo">Api method information.</param>
/// <param name="request">Current request.</param>
/// <param name="user">Current user info.</param>
/// <returns></returns>
private object ExecuteMethod(CommandPluginInfo commandsPluginInfo, CommandMethodInfo commandMethodInfo, ApiCommandRequest request, ApiUserInfo user)
{
try
{
// build required parameters (in case of unknown type will set as default)
var parameters = commandMethodInfo
.Method
.GetParameters()
.Select(x =>
{
if (x.ParameterType == typeof(ApiCommandRequest))
{
return(request);
}
if (x.ParameterType == typeof(ApiUserInfo))
{
return(user);
}
if (x.ParameterType == typeof(ApiCommandAttribute))
{
return(commandMethodInfo.ApiInfo);
}
return(default(object));
})
.ToArray();
// invoke target method
var result = commandMethodInfo.Method.Invoke(commandsPluginInfo.Instance, parameters);
return(result);
}
catch (Exception ex)
{
_logger.Error(ex, "Api command execution error");
return(default);
public ApiRouteRequestArgs(ApiUserInfo user, TData data, HttpListenerContext context)
{
User = user ?? throw new ArgumentNullException(nameof(user));
Data = data;
Context = context ?? throw new ArgumentNullException(nameof(context));
}
