public ApiUserInfo UserInfo(string userName) { if (userName != "deleted" && !Utils.User.UserExists(userName)) { throw new HttpResponseException(HttpStatusCode.NotFound); } if (userName == "deleted") { throw new HttpResponseException(HttpStatusCode.NotFound); } var resultModel = new ApiUserInfo(); var userBadgesList = Utils.User.UserBadges(userName); var resultBadgesList = userBadgesList.Select(item => new ApiUserBadge { Awarded = item.Awarded, BadgeName = item.Badge.BadgeName }).ToList(); resultModel.Name = userName; resultModel.CCP = Karma.CommentKarma(userName); resultModel.LCP = Karma.LinkKarma(userName); resultModel.RegistrationDate = Utils.User.GetUserRegistrationDateTime(userName); resultModel.Badges = resultBadgesList; return(resultModel); }
/// <summary> /// Validate user permissions. /// </summary> /// <param name="user">User info.</param> /// <param name="requiredPermissions">Required permission.</param> protected bool IsUserHasAccess(ApiUserInfo user, params string[] requiredPermissions) { // if no permissions configured, any authorized user has access if (!requiredPermissions.Any()) { return(true); } // if user is anonymous and there is required permissions, then deny access if (user.IsAnonymous) { return(false); } // admin permission to allow everything if (user.Permissions.Any(x => x.Equals(SystemAdminPermission, StringComparison.InvariantCultureIgnoreCase))) { return(true); } // try to find required permissions var result = user.Permissions.Intersect(requiredPermissions, StringComparer.InvariantCultureIgnoreCase).Any(); return(result); }
public ApiUserInfo UserInfo(string userName) { if (String.IsNullOrWhiteSpace(userName) || userName == "deleted" || (userName != "deleted" && !UserHelper.UserExists(userName))) { throw new HttpResponseException(HttpStatusCode.NotFound); } ApiUserInfo userInfo = CacheHandler.Instance.Register <ApiUserInfo>(String.Format("Legacy:Api:UserInfo.{0}", userName), new Func <ApiUserInfo>(() => { using (voatEntities db = new voatEntities(CONSTANTS.CONNECTION_READONLY)) { var resultModel = new ApiUserInfo(); var userData = new Domain.UserData(userName); var info = userData.Information; resultModel.Name = userName; resultModel.CCP = info.CommentPoints.Sum; resultModel.LCP = info.SubmissionPoints.Sum; resultModel.RegistrationDate = info.RegistrationDate; resultModel.Badges = info.Badges.Select(badge => new ApiUserBadge { Awarded = badge.CreationDate, BadgeName = badge.Name }).ToList(); return(resultModel); } }), TimeSpan.FromMinutes(90)); return(userInfo); }
/// <summary> /// Try to execute route handler. /// </summary> /// <param name="route">Route name.</param> /// <param name="requestContent">Request content.</param> /// <param name="statusCode">Result http status code.</param> /// <param name="responseContent">Response body.</param> /// <returns></returns> private bool TryToExecuteHandler(ApiUserInfo userInfo, string route, string requestContent, HttpListenerContext context, out int statusCode, out object responseContent) { responseContent = default; statusCode = 200; // let's find handler for requested route name if (!_apiRoutes.TryGetHandler(route, out var routeHandler, userInfo.IsAnonymous)) { _logger.Warning($"Route not found: {route}"); statusCode = 404; return(false); } try { // execute handler responseContent = routeHandler.Invoke(new ApiRouteRequestArgs <string>(userInfo, requestContent, context)); } catch (Exception ex) { if (ex is ApiCommandNotFoundException) { _logger.Warning(ex.Message); statusCode = 404; } else if (ex is SecurityException) { _logger.Warning($"User '{userInfo.Name}' access error"); statusCode = 403; } else if (ex is ArgumentException || ex is TargetInvocationException) { _logger.Warning($"Route handler ({route}) throw exception cause wrong arguments"); statusCode = 400; } else if (ex is JsonReaderException || ex is JsonSerializationException) { _logger.Error($"Can't deserialize request body to expected type"); _logger.Error(ex.Message); statusCode = 400; } else { _logger.Error(ex, $"Route handler ({route}) throw exception ({ex.GetType().Name})"); statusCode = 500; } return(false); } return(true); }
/// <summary> /// Looking got user by name. /// </summary> /// <param name="user">User name.</param> /// <param name="userInfo">Found user info.</param> /// <returns></returns> private static bool TryGetUser(string user, out ApiUserInfo userInfo) { userInfo = default; // let's find user options lock (UsersLocker) userInfo = Users.FirstOrDefault(x => x.Name.Equals(user, StringComparison.InvariantCultureIgnoreCase)); if (userInfo == default) { return(false); } return(true); }
/// <inheritdoc cref="IHookRoute"/> public object OnCallHook(ApiUserInfo user, ApiHookRequest apiHookInfo) { const string hooksAccessPermission = "hooks"; if (!IsUserHasAccess(user, hooksAccessPermission)) { throw new SecurityException($"User '{user}' hasn't required permission '{hooksAccessPermission}'"); } var result = RustApiExtension.OxideHelper.CallHook(apiHookInfo.HookName, apiHookInfo.Parameters); return(result); }
public void FromApiUserInfo_Null() { // ARRANGE UserInfo expected = null; ApiUserInfo param = null; // ACT UserInfo actual = UserMapper.FromApiUserInfo(param); // ASSERT Assert.Equal(expected, actual, new UserInfoComparer()); }
public ApiUserInfo Login([FromBody] ApiUserInfo ui) { var userInfor = userService.Login(ui.Username, ui.Password, ui.RemeberMe); if (userInfor != null) { Dictionary <string, object> result = new Dictionary <string, object>(); return(userInfor); } return(new ApiUserInfo()); }
/// <inheritdoc /> public IReadOnlyList <object> OnCallCommand(ApiUserInfo user, ApiCommandRequest request) { var result = new List <object>(); // let's inform client in case if there is no any commands if (!_apiPlugins.Any()) { throw new ApiCommandNotFoundException($"No methods found for the command '{request.CommandName}'"); } var found = false; foreach (var apiPlugin in _apiPlugins) { // let's try to find target methods with same command name var apiCommands = apiPlugin.Methods // looking for command by name .Where(x => x.ApiInfo.CommandName.Equals(request.CommandName, StringComparison.InvariantCultureIgnoreCase)) // filter by required and user permissions .Where(x => IsUserHasAccess(user, x.ApiInfo.RequiredPermissions)); // in case if command with requested name not found if (!apiCommands.Any()) { continue; } found = true; // execute api methods and build response foreach (var apiMethod in apiCommands) { var methodResult = ExecuteMethod(apiPlugin, apiMethod, request, user); if (methodResult != default) { result.Add(methodResult); } } } if (!found) // in case if command with requested name not found { var userName = user.IsAnonymous ? "Anonymous" : user.Name; throw new ApiCommandNotFoundException($"Command '{request.CommandName}' not found for user '{userName}'"); } return(result); }
internal static UserInfo FromApiUserInfo(ApiUserInfo apiUserInfo) { if (apiUserInfo == null) { return(null); } UserInfo userInfo = new UserInfo { Id = apiUserInfo.Id, DisplayName = apiUserInfo.DisplayName, AvatarUUID = apiUserInfo.AvatarUuid }; return(userInfo); }
[InlineData(false, "feature-1", "feature-2", "feature-3", "admin")] // user not admin no one required permission has public void IsUserHasAccess_Default_Expected(bool expectedResult, string userP1, string userP2, string reqP1, string reqP2) { // arrange var userPermissions = new[] { userP1, userP2 }.Where(x => !string.IsNullOrEmpty(x)).ToList(); var requiredPermissions = new[] { reqP1, reqP2 }.Where(x => !string.IsNullOrEmpty(x)).ToArray(); var user = new ApiUserInfo("TestUser", "SuperSecret", userPermissions); // act var method = typeof(TestRoute).GetMethod("IsUserHasAccess", BindingFlags.Instance | BindingFlags.NonPublic); var result = method?.Invoke(new TestRoute(), new object[] { user, requiredPermissions }) as bool?; // assert Assert.NotNull(result); Assert.Equal(expectedResult, result.Value); }
public void FromApiUserInfo() { // ARRANGE UserInfo expected = FactoryUser.UserInfo; ApiUserInfo param = new ApiUserInfo { Id = expected.Id.Value, DisplayName = expected.DisplayName, AvatarUuid = expected.AvatarUUID }; // ACT UserInfo actual = UserMapper.FromApiUserInfo(param); // ASSERT Assert.Equal(expected, actual, new UserInfoComparer()); }
/// <inheritdoc /> public bool TryToGetUser(string name, out ApiUserInfo userInfo) { if (string.IsNullOrEmpty(name)) { userInfo = ApiUserInfo.Anonymous; return(false); } // try to find user info if (!TryGetUser(name, out userInfo)) { _logger.Warning($"User '{name}' not found."); return(false); } return(true); }
public void 인증토큰발행_서비스_실행() { User user = loginService.Login("1", "2222"); ApiUserInfo apiUserInfo = apiUserValidService.Validate("apikey1"); var tokenInfo = tokenService.GetToken(user, apiUserInfo); string oldjwtToken = tokenInfo.JwtToken; string oldRefreshToken = tokenInfo.RefreshToken; var oldPrincipal = tokenService.GetPrincipalFromExpiredToken(oldjwtToken, false); Assert.Equal("test1", oldPrincipal.FindFirst(x => x.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier").Value); Assert.Equal("1", oldPrincipal.FindFirst(x => x.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name").Value); Assert.Equal("https://apis.donga.ac.kr/auth", oldPrincipal.FindFirst(x => x.Type == "iss").Value); Assert.Equal("https://test1.donga.ac.kr", oldPrincipal.FindFirst(x => x.Type == "aud").Value); // 잘못된 RefreshToken 값을 넣으면 예외 Throw.. Assert.Throws <SecurityTokenException>(() => tokenService.RefreshToken(oldjwtToken, "WrongRefreshToken")); var newTokenInfo = tokenService.RefreshToken(oldjwtToken, oldRefreshToken); string newJwtToken = newTokenInfo.JwtToken; string newRefreshToken = newTokenInfo.RefreshToken; Assert.NotEqual(oldjwtToken, newJwtToken); Assert.NotEqual(oldRefreshToken, newRefreshToken); var newPrincipal = tokenService.GetPrincipalFromExpiredToken(newJwtToken, false); Assert.Equal("test1", newPrincipal.FindFirst(x => x.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier").Value); Assert.Equal("1", newPrincipal.FindFirst(x => x.Type == "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name").Value); Assert.Equal("https://apis.donga.ac.kr/auth", newPrincipal.FindFirst(x => x.Type == "iss").Value); Assert.Equal("https://test1.donga.ac.kr", newPrincipal.FindFirst(x => x.Type == "aud").Value); }
/// <summary> /// Notifies the user to drink /// </summary> /// <param name="progress">Current progress</param> /// <param name="info">Current user's info</param> public void NotifyEnsure(int progress, ApiUserInfo info) { // get all relevant constants from xml var notifications = context.GetSystemService <NotificationManager>(Context.NotificationService); var channelId = context.GetString(Resource.String.EnsureNotificationChannelId); var channelName = context.GetString(Resource.String.EnsureNotificationChannelName); var channelDesc = context.GetString(Resource.String.EnsureNotificationChannelDesc); string title = $"{info.UserName}, Don't forget to drink!"; string txt = $"Currently { progress } out of { info.DailyTarget }"; Notification.Builder notificationBuilder; if (BuildVersionCodes.O <= Build.VERSION.SdkInt) // Oreo+ version { // Create channel for Oreo+ notifications.CreateNotificationChannel( new NotificationChannel(channelId, channelName, NotificationImportance.High) { Description = channelDesc }); // create notification notificationBuilder = new Notification.Builder(context, channelId); } else // legacy notification - no channel! { notificationBuilder = new Notification.Builder(context); } // finish building notification var notification = notificationBuilder .SetContentTitle(title) .SetContentText(txt) .SetSmallIcon(Resource.Drawable.droplet) .SetContentIntent( PendingIntent.GetActivity( context, 0, new Intent(context, typeof(MainActivity)), PendingIntentFlags.Immutable ) ).Build(); notifications.Cancel(NotificationId); // cancel previous one notifications.Notify(NotificationId, notification); // send new one }
public virtual TokenInfo GetToken(User user, ApiUserInfo apiUserInfo) { try { TokenInfo tokenInfo = new TokenInfo(); tokenInfo.JwtToken = this.CreatJwtToken(user.Id, user.UserName, apiUserInfo.ServiceUrl); tokenInfo.UserId = user.Id; tokenInfo.UserName = user.UserName; tokenInfo.RefreshToken = this.CreateRefreshToken(); // RefreshToken 업데이트 this.UpdateRefreshToken(user.Id, apiUserInfo.ServiceUrl, tokenInfo.RefreshToken); return(tokenInfo); } catch (Exception ex) { throw ex; } }
/// <summary> /// Returns the next time where a check and notification should get done. /// </summary> /// <param name="progress">The current progress of the user today</param> /// <param name="userInfo">The information of the user</param> /// <returns>When should next check get triggered</returns> private DateTime GetNextSchedule(int progress, ApiUserInfo userInfo) { DateTime toReturn = DateTime.Today.AddDays(1).AddHours(8); const int StartTime = 9; const int EndTime = 21; int drinksLeft = userInfo.DailyTarget - progress; var timeUntilEnd = DateTime.Today.AddHours(EndTime) - DateTime.Now; if (drinksLeft > 0 && // if the user should drink more today DateTime.Now.Hour >= StartTime && timeUntilEnd > TimeSpan.Zero) // and in range of notifications { var timeSpanUntilNext = timeUntilEnd / drinksLeft; var timeOfNext = DateTime.Now.Add(timeSpanUntilNext); toReturn = timeOfNext; } return(toReturn); }
public ApiUserInfo Login(string userName, string password, bool?rememberMe) { var userInfor = new ApiUserInfo(); var passEnscrypt = Ulti.Md5Hash(password); var test = db.Users.ToList(); var user = db.Users.Where(u => u.f_Username == userName && u.f_Password == passEnscrypt).FirstOrDefault(); if (user != null) { user.f_Password = ""; userInfor.Username = userName; userInfor.Permission = Ulti.PermissionMapTo(user.f_Permission); userInfor.RemeberMe = rememberMe; userInfor.FullInfo = this._mapper.Map <User, ApiUser>(user); } else { throw new Exception("Tên đăng nhập hoặc mật khẩu không đúng"); } return(userInfor); }
/// <inheritdoc /> public ApiUserInfo AddUser(string name, string secret, params string[] permissions) { if (name == null) { throw new ArgumentNullException(nameof(name)); } if (secret == null) { throw new ArgumentNullException(nameof(secret)); } var exist = Users.SingleOrDefault(x => x.Name.Equals(name, StringComparison.InvariantCultureIgnoreCase)); // remove exist player info if (exist != default) { Users.Remove(exist); } var userPermissions = exist?.Permissions ?? new List <string>(); // setup permissions foreach (var permission in permissions) { if (!userPermissions.Contains(permission, StringComparer.InvariantCultureIgnoreCase)) { userPermissions.Add(permission); } } // add user var result = new ApiUserInfo(name, secret, userPermissions); lock (UsersLocker) Users.Add(result); OptionsManager.WriteOptions(UsersFileName, Users, _container); return(result); }
public List <ApiUserInfo> GetUserList() { var result = new List <ApiUserInfo>(); using var provider = (new CognitoUserManager()).GetCognitoIdentityProvider(); var request = new ListUsersRequest { UserPoolId = CognitoSettings.Values.UserPoolId, Filter = "" }; ListUsersResponse response = null; do { request.PaginationToken = response?.PaginationToken; try { response = provider.ListUsersAsync(request, System.Threading.CancellationToken.None).ConfigureAwait(false) .GetAwaiter().GetResult(); } catch (AmazonCognitoIdentityProviderException e) { throw new CognitoServiceException("Failed to retrieve the list of users from Cognito.", e); } foreach (var user in response.Users) { var info = new ApiUserInfo(); info.Name = user.Username; info.Status = user.UserStatus.Value; info.Attributes = user.Attributes.ToDictionary(attribute => attribute.Name, attribute => attribute.Value); result.Add(info); } } while (!string.IsNullOrEmpty(response.PaginationToken)); return(result); }
public ApiUserInfo UserInfo(string userName) { if (userName != "deleted" && !UserHelper.UserExists(userName)) { throw new HttpResponseException(HttpStatusCode.NotFound); } if (userName == "deleted") { throw new HttpResponseException(HttpStatusCode.NotFound); } ApiUserInfo userInfo = CacheHandler.Register <ApiUserInfo>(String.Format("LegacyApi.UserInfo.{0}", userName), new Func <ApiUserInfo>(() => { using (voatEntities db = new voatEntities(CONSTANTS.CONNECTION_READONLY)) { var resultModel = new ApiUserInfo(); var userBadgesList = UserHelper.UserBadges(userName); var resultBadgesList = userBadgesList.Select(item => new ApiUserBadge { Awarded = item.CreationDate, BadgeName = item.Badge.Name }).ToList(); resultModel.Name = userName; resultModel.CCP = Karma.CommentKarma(userName); resultModel.LCP = Karma.LinkKarma(userName); resultModel.RegistrationDate = UserHelper.GetUserRegistrationDateTime(userName); resultModel.Badges = resultBadgesList; return(resultModel); } }), TimeSpan.FromMinutes(90)); return(userInfo); }
/// <inheritdoc /> public bool TryToGetUser(HttpListenerContext context, out ApiUserInfo userInfo) { var user = context.Request.Headers[UserHeaderName]; var secret = context.Request.Headers[SecretHeaderName]; // if user name wasn't sent if (string.IsNullOrEmpty(user)) { userInfo = ApiUserInfo.Anonymous; return(true); } // try to find user info if (!TryGetUser(user, out userInfo)) { _logger.Warning($"User '{user}' not found."); return(false); } // validate args if (string.IsNullOrEmpty(secret)) { _logger.Warning($"Current 'secret' value can't be empty for user '{user}'"); return(false); } // compare secrets var result = secret.Equals(userInfo.Secret, StringComparison.InvariantCultureIgnoreCase); if (!result) { _logger.Warning($"Incorrect 'secret' for user '{user}'"); } return(result); }
/// <inheritdoc /> public object OnUserInfo(ApiUserInfo user) => new { user.Name, user.Permissions };
/// <summary> /// Execute method. /// </summary> /// <param name="commandsPluginInfo">Api plugin information.</param> /// <param name="commandMethodInfo">Api method information.</param> /// <param name="request">Current request.</param> /// <param name="user">Current user info.</param> /// <returns></returns> private object ExecuteMethod(CommandPluginInfo commandsPluginInfo, CommandMethodInfo commandMethodInfo, ApiCommandRequest request, ApiUserInfo user) { try { // build required parameters (in case of unknown type will set as default) var parameters = commandMethodInfo .Method .GetParameters() .Select(x => { if (x.ParameterType == typeof(ApiCommandRequest)) { return(request); } if (x.ParameterType == typeof(ApiUserInfo)) { return(user); } if (x.ParameterType == typeof(ApiCommandAttribute)) { return(commandMethodInfo.ApiInfo); } return(default(object)); }) .ToArray(); // invoke target method var result = commandMethodInfo.Method.Invoke(commandsPluginInfo.Instance, parameters); return(result); } catch (Exception ex) { _logger.Error(ex, "Api command execution error"); return(default);
public ApiRouteRequestArgs(ApiUserInfo user, TData data, HttpListenerContext context) { User = user ?? throw new ArgumentNullException(nameof(user)); Data = data; Context = context ?? throw new ArgumentNullException(nameof(context)); }