public BusinessContextController(IProgressConnection connection, ICacheWrapper appCache) { this.connection = connection; this._appCache = appCache; this._tokenObject = ApplicationCookieUtilities.Principal(HttpContext.Current.User, out var _); this._appCache.TokenObject = this._tokenObject; }
public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext) { // PMC 07/14/2016 - IBM AppScan - This has been manually reviewed and passed as being safe Manipulating the response that we are composing if (actionExecutedContext.Response != null) { actionExecutedContext.Response.Content.Headers.Remove(ApplicationCookieUtilities.TokenName); if (!System.Web.HttpContext.Current.User.Identity.IsAuthenticated) { return; } var myprincipal = System.Web.HttpContext.Current.User as ServiceInterfacePrincipal; if (myprincipal?.TokenObject == null || myprincipal?.TokenObject.SessionidGuid == Guid.Empty) { return; } var progressSettings = DependencyResolver.Current.GetService <IProgressConfiguration>(); if (string.IsNullOrEmpty(progressSettings.ApplicationEncryptKey) || string.IsNullOrEmpty(progressSettings.ApplicationEncryptIv)) { var nLogLogger = new NLogLogger(TokenHeaderAddExceptionText); nLogLogger.Error("Encrypt Key and/or Encrypt IV are empty, the application will not operate. Ensure they are set in the web.config"); return; } var token = ApplicationCookieUtilities.ObjectToToken(myprincipal.TokenObject, progressSettings.ApplicationEncryptKey, progressSettings.ApplicationEncryptIv); actionExecutedContext.Response.Content.Headers.Add(ApplicationCookieUtilities.TokenName, token); } }
public NLogLogger(string name, string function) { var loggingParams = ApplicationCookieUtilities.GetLoggingParams(HttpContext.Current.User, function); var callGuid = (string.IsNullOrEmpty(loggingParams.tenant) ? "" : loggingParams.tenant) + loggingParams.cono + loggingParams.oper.StripOffDomain() + loggingParams.callGuid; SetCommonMdcs(loggingParams.tenant, loggingParams.oper, loggingParams.cono, loggingParams.sessionid, loggingParams.function, loggingParams.host, callGuid); this.Logger = LogManager.GetLogger(name); }
public void SetConnectionFromToken() { var tokenObject = ApplicationCookieUtilities.Principal(HttpContext.Current.User, out var _); this.connection.SessionId = tokenObject.Sessionid; this.connection.Operator = tokenObject.Oper; this.connection.CompanyNumber = tokenObject.Cono; this.connection.CurrentUiCulture = tokenObject.CurrentUiCulture; }
public LogoutResults Logout() { var loggingParams = ApplicationCookieUtilities.GetLoggingParams(HttpContext.Current.User, CommonStrings.Login_Renew); var logoutResult = this.loginService.Logout(new LoginRequestModel { Oper = loggingParams.oper, Tenant = loggingParams.tenant, Cono = loggingParams.cono }, this.ActionContext.Request.Headers.Host, loggingParams.sessionid); return(logoutResult); }
public long Renew() { var loggingParams = ApplicationCookieUtilities.GetLoggingParams(HttpContext.Current.User, CommonStrings.Login_Renew); var numberOfMinutes = this.loginService.Renew(new LoginRequestModel { Oper = loggingParams.oper, Tenant = loggingParams.tenant, Cono = loggingParams.cono }, this.ActionContext.Request.Headers.Host, loggingParams.sessionid); _nLogLogger.Info(CommonStrings.Logging_Success + "Renew"); return(numberOfMinutes); }
public JsonViewService(AssharedinquiryRepository assharedinquiryRepository, AssharedentryRepository assharedentryRepository, PvUserRepository pvUserRepository, SastaRepository sastaRepository) { this._assharedinquiryRepository = assharedinquiryRepository; this._assharedentryRepository = assharedentryRepository; this._pvUserRepository = pvUserRepository; this._sastaRepository = sastaRepository; string myhost; this._tokenObject = ApplicationCookieUtilities.Principal(HttpContext.Current.User, out myhost); }
private static IProgressConnection InitProgressConnection() { var connection = new ProgressConnection(DependencyResolver.Current.GetService <Connection>()); string host; var tokenObject = ApplicationCookieUtilities.Principal(HttpContext.Current.User, out host); connection.CompanyNumber = tokenObject.Cono; connection.Operator = tokenObject.Oper.StripOffDomain(); connection.SessionId = tokenObject.SessionidGuid.ToString("D"); connection.CurrentUiCulture = tokenObject.CurrentUiCulture; connection.DefaultRecordCount = tokenObject.DefaultRecordLimit; return(connection); }
protected void Application_AuthenticateRequest(Object sender, EventArgs e) { // PMC 07/16/2016 - IBM AppScan - This has been manually reviewed and passed as being safe // Encrypted Token is validated. Any issues will cause the request to be returned as 401 Unauthorized var tokenObject = new TokenObject(); var token = this.Context.Request.Headers[ApplicationCookieUtilities.TokenName]; if (!string.IsNullOrEmpty(token)) { var progressSettings = DependencyResolver.Current.GetService <IProgressConfiguration>(); ApplicationCookieUtilities.TokenToObject(token, progressSettings.ApplicationEncryptKey, progressSettings.ApplicationEncryptIv, out tokenObject); } var callGuid = this.Context.Request.Headers[ApplicationCookieUtilities.CallGuidName]; var bearerToken = this.Context.Request.Headers[ApplicationCookieUtilities.BearerToken]; var serviceInterfacePrincipal = new ServiceInterfacePrincipal(tokenObject, this.Context.Request.Url.Host, this.Context.Request.UrlReferrer, new ProgressConfiguration().SSoEnabled ? Thread.CurrentPrincipal.Identity : new GenericIdentity(tokenObject.Oper), callGuid, bearerToken); this.Context.User = serviceInterfacePrincipal; }
public IntegrationService(ICacheWrapper appCache, CoudSuiteWebClient webClient, IProgressConnection connection, IProgressConfiguration progressConfiguration) { this._appCache = appCache; this._connection = connection; this._progressConfiguration = progressConfiguration; this._tokenObject = ApplicationCookieUtilities.Principal(HttpContext.Current.User, out _); this._appCache.TokenObject = this._tokenObject; _supportedRepositories = new Dictionary <string, SupportedRespository> { { "icsw", new SupportedRespository { IdmEntityType = "Item_Images", IdmRepository = "icsw", Formatter = "@Product_Number = \"{0}\"" } } }; this._bearerToken = StringProtector.Unprotect(ApplicationCookieUtilities.BearerTokenValue(HttpContext.Current.User), new ProgressConfiguration().ApplicationEncryptKey, new ProgressConfiguration().ApplicationEncryptIv); }
public static string Generate(NLogLogger myLogger) { if (!System.Web.HttpContext.Current.User.Identity.IsAuthenticated) { return(""); } var myprincipal = System.Web.HttpContext.Current.User as ServiceInterfacePrincipal; if (myprincipal?.TokenObject == null || myprincipal?.TokenObject.SessionidGuid == Guid.Empty) { return(""); } var progressSettings = new ProgressConfiguration(); if (string.IsNullOrEmpty(progressSettings.ApplicationEncryptKey) || string.IsNullOrEmpty(progressSettings.ApplicationEncryptIv)) { myLogger.Error("Encrypt Key and/or Encrypt IV are empty, the application will not operate. Ensure they are set in the web.config"); return(""); } return(ApplicationCookieUtilities.ObjectToToken(myprincipal.TokenObject, progressSettings.ApplicationEncryptKey, progressSettings.ApplicationEncryptIv)); }
private void DoBusinessRules(LoginResponseModel loginResponseModel) { if (loginResponseModel.Success) { string myhost; var progressConfiguration = new ProgressConfiguration(); var tokenObject = ApplicationCookieUtilities.Principal(HttpContext.Current.User, out myhost); this.rules = this.businessRules.GetConfigurationAtLogin(tokenObject.Cono); if (this.rules.Any()) { tokenObject.IdmConsumerKey = progressConfiguration.InforIdmConsumerKey; tokenObject.IdmSharedSecret = progressConfiguration.InforIdmSharedSecret; tokenObject.InforIdmCacheExpirationAbsolute = progressConfiguration.InforIdmCacheExpirationAbsolute; tokenObject.IdmUrl = this.ReturnRuleValue <string>("Infor.Webui-IDMUrl"); tokenObject.IonApiUrl = this.ReturnRuleValue <string>("Infor.Webui-IonApiUrl"); tokenObject.DefaultRecordLimit = this.ReturnRuleValue <int>("Infor.Webui-UserSettings.DefaultRecordLimit"); tokenObject.ReportRecordLimit = this.ReturnRuleValue <int>("Infor.Webui-UserSettings.ReportRecordLimit"); tokenObject.LookupMaxResults = this.ReturnRuleValue <int>("Infor.Webui-UserSettings.LookupMaxResults"); loginResponseModel.DefaultRecordLimit = this.ReturnRuleValue <int>("Infor.Webui-UserSettings.DefaultRecordLimit"); loginResponseModel.ReportRecordLimit = this.ReturnRuleValue <int>("Infor.Webui-UserSettings.ReportRecordLimit"); loginResponseModel.LookupMaxResults = this.ReturnRuleValue <int>("Infor.Webui-UserSettings.LookupMaxResults"); loginResponseModel.SuppressBusinessContext = this.ReturnRuleValue <bool>("Infor.Webui-Messaging.SuppressinforBusinessContext"); loginResponseModel.RestAccessUrl = this.ReturnRuleValue <string>("Infor.Webui-RESTAccessURL"); loginResponseModel.PendoApiKey = this.ReturnRuleValue <string>("Infor.Webui-PendoApiKey"); loginResponseModel.TryAndBuy = this.ReturnRuleValue <string>("Infor.Webui-TryAndBuy"); loginResponseModel.ShowImages = this.ReturnRuleValue <bool>("Infor.Webui-IDMShowImages"); loginResponseModel.CallRetryDelay = this.ReturnRuleValue <int>("Infor.Webui-CallRetryDelay"); loginResponseModel.CallRetryLimit = this.ReturnRuleValue <int>("Infor.Webui-CallRetryLimit"); tokenObject.RestAccessUrl = loginResponseModel.RestAccessUrl; } else { _nLogLogger.Error("No Business Rules where returned - SASBRLoad - [category = CONFIG, nodenm = Infor.Webui]. The application will not perform correctly"); } } }
public CenPosModel BuildCenPosUrl( string operation, int mediacd, decimal custno, string shipTo, string whse, string tokenId, string invoiceNo, string oneTimeType, decimal amountdecimal, bool runArsocPrecall, string ipaddress = "", decimal taxAmount = 0) { operation = operation.ToLower(CultureInfo.InvariantCulture); oneTimeType = oneTimeType.ToLower(CultureInfo.InvariantCulture); if ((operation != "sale") && (operation != "auth") && (operation != "add") && (operation != "modify") && (operation != "delete") && (operation != "signature")) { ErrorReportingHelper.ReportErrors("error.credit.card.invalidoperation", 421); } string myhost; var tokenObject = ApplicationCookieUtilities.Principal(HttpContext.Current.User, out myhost); switch (operation) { case "add": if (runArsocPrecall) { var asarsetupARSOCCreditCardAddValidateRequestAPI = new AsarsetupARSOCCreditCardAddValidateRequestAPI { dCustno = custno, cShipTo = shipTo, cMediaCd = mediacd.ToString() }; this.asarsetupRepository.ARSOCCreditCardAddValidate(asarsetupARSOCCreditCardAddValidateRequestAPI); } break; } var merchantOveeride = false; var merchantId = string.Empty; var merchantUserId = string.Empty; var merchantUserPw = string.Empty; if (operation.Equals("auth") || operation.Equals("sale")) { var merchantResult = this.asoeheaderRepository.LoadOETenderingMerchant(whse, mediacd); if (!string.IsNullOrEmpty(merchantResult?.cMerchantID) && !string.IsNullOrEmpty(merchantResult.cMerchantUserID) && !string.IsNullOrEmpty(merchantResult.cMerchantUserPW)) { merchantOveeride = true; merchantId = merchantResult.cMerchantID; merchantUserId = merchantResult.cMerchantUserID; merchantUserPw = merchantResult.cMerchantUserPW; } } var sastn = this.sastnRepository.Get(tokenObject.Cono, "p", mediacd, 1, "processor,addtaxfl,chkauth,ccaddontype,ccaddon"); if (sastn == null) { ErrorReportingHelper.ReportErrors("error.credit.card.nosastn", 421); return(null); } if (string.IsNullOrEmpty(sastn.processor)) { ErrorReportingHelper.ReportErrors("error.credit.card.sastpempty", 421); } var sastplookupcriteria = new Sastplookupcriteria() { processno = Convert.ToInt32(sastn.processor) }; var sastp = this.assainquiryRepository.SASTPlookup(sastplookupcriteria); if (string.IsNullOrEmpty(sastp?.callingURLH5)) { ErrorReportingHelper.ReportErrors("error.credit.card.nosastp", 421); } var sb = new StringBuilder(); sb.Append(sastp.callingURLH5); var cenPosModel = new CenPosModel(); switch (operation) { case "signature": cenPosModel.PopTitleType = "cenpos.popup.signature"; sb.Append("?type=signature"); break; case "sale": if (sastn.addtaxfl) { if (string.Equals(oneTimeType, "sale") || string.Equals(oneTimeType, "roa")) { sb.Append("?type=SALE"); cenPosModel.PopTitleType = "global.cenpos.one.time.sale"; } else if (string.Equals(oneTimeType, "credit")) { sb.Append("?type=Credit"); cenPosModel.PopTitleType = "global.cenpos.one.time.credit"; } } if (sastn.chkauth) { if (string.Equals(oneTimeType, "achdebit") || string.Equals(oneTimeType, "roa")) { sb.Append("?type=ACHDebit"); cenPosModel.PopTitleType = "global.cenpos.one.time.ach"; } else if (string.Equals(oneTimeType, "achcredit")) { sb.Append("?type=ACHCredit"); cenPosModel.PopTitleType = "global.cenpos.one.time.ach.credit"; } } sb.Append("&amount=" + Math.Abs(amountdecimal)); sb.Append("&taxamount=" + (taxAmount)); sb.Append("&receipts=false"); break; case "auth": sb.Append("?type=Auth"); sb.Append("&taxamount=" + (taxAmount)); cenPosModel.PopTitleType = "global.cenpos.one.time.auth"; if (sastn.ccaddontype) { var newAmount = amountdecimal + sastn.ccaddon; sb.Append("&amount=" + newAmount); } else { var addonPercentage = sastn.ccaddon / 100; var addonAmount = amountdecimal * addonPercentage; var newAmount = amountdecimal + addonAmount; sb.Append("&amount=" + newAmount); } sb.Append("&receipts=false"); break; case "add": case "delete": case "modify": sb.Append(sastn.chkauth ? "?type=TokenCheck" : "?type=CreateToken"); if (operation == "add") { var taxableFlag = false; if (string.IsNullOrEmpty(shipTo)) { var arss = this.arssRepository.Get(tokenObject.Cono, custno, shipTo, 1, "taxablety"); if (arss != null) { taxableFlag = arss.taxablety.Equals("Y", StringComparison.InvariantCultureIgnoreCase) || arss.taxablety.Equals("V", StringComparison.InvariantCultureIgnoreCase); } } else { var arsc = this.arscRepository.Get(tokenObject.Cono, custno, false, 1, "taxablety"); if (arsc != null) { taxableFlag = arsc.taxablety.Equals("Y", StringComparison.InvariantCultureIgnoreCase) || arsc.taxablety.Equals("V", StringComparison.InvariantCultureIgnoreCase); } } sb.Append("&taxamount=" + (taxableFlag ? "1" : "0")); } if (sastn.chkauth && operation == "modify") { ErrorReportingHelper.ReportErrors("message.ach.tokens.cannot.be.modified", 421); } switch (operation) { case "add": cenPosModel.PopTitleType = "cenpos.popup.onetimecardadd"; break; case "modify": cenPosModel.PopTitleType = "cenpos.popup.onetimecardmodify"; sb.Append("&operation=modify"); sb.Append("&token=" + tokenId); sb.Append("&modifyavs=true"); break; case "delete": cenPosModel.PopTitleType = "cenpos.popup.onetimecarddelete"; sb.Append("&operation=delete"); sb.Append("&token=" + tokenId); sb.Append("&modifyavs=true"); break; } break; } sb.Append("&merchantid=" + (merchantOveeride ? merchantId : sastp.processorvendorid)); sb.Append("&customercode=" + custno + (string.IsNullOrEmpty(shipTo) ? string.Empty : "|" + HttpUtility.UrlEncode(shipTo))); sb.Append("&invoice=" + invoiceNo); sb.Append("&userid=" + (merchantOveeride ? merchantUserId : sastp.processoruserid)); var encodedPassword = Encoding.UTF8.GetBytes(merchantOveeride ? merchantUserPw : sastp.processoruserpw); var basePassword = Convert.ToBase64String(encodedPassword); var httpPassword = HttpUtility.UrlEncode(basePassword); sb.Append("&password="******"&sessionID=" + tokenObject.Cono.ToString("D4") + tokenObject.Oper.StripOffDomain()); // For the signature operation we tell cenpos to respond via a window message instead of a url redirect because of url size constraints string responseType; if (operation == "signature") { responseType = "message"; } else { responseType = sastp.responseURLH5.StartsWith("https", StringComparison.CurrentCultureIgnoreCase) ? "Restful" : "get"; } sb.Append("&ResponseType=" + responseType); sb.Append("&RedirectType=self"); if (!string.IsNullOrEmpty(ipaddress)) { sb.Append("&ip=" + ipaddress); } // PMC 02/09/2018 - IBM AppScan - Reviewed, this code is coded as it should be. The date time manipulation is to design. var externalToken = DateTime.UtcNow.ToString("yyyy-MM-ddHH:mm:ss.fff", CultureInfo.InvariantCulture); var addToResponse = $"?cono={tokenObject.Cono}&oper={tokenObject.Oper.StripOffDomain()}&sessionidprogress={tokenObject.Sessionid}&tokenpostgres={externalToken}"; var request = AwsElbUtils.ReturnUrlRequired(HttpContext.Current.Request);; // SAS 07/26/2016 - harcoding the repsonse URL for CenPOS var responseUrl = request + "ui/app/modules/shared/cen-pos/cen-pos-response.html"; var encodedUrlResponse = Encoding.UTF8.GetBytes(responseUrl + addToResponse); var baseUrlResponse = Convert.ToBase64String(encodedUrlResponse); var httpUrlResponse = HttpUtility.UrlEncode(baseUrlResponse); sb.Append("&urlresponse=" + httpUrlResponse); cenPosModel.CenPosUri = sb.ToString(); this.assharedinquiryRepository.CenPOSLogURL(cenPosModel.CenPosUri); return(cenPosModel); }
public LoginApiController(ILoginService loginService, IBusinessRules businessRules) { this.loginService = loginService; this.businessRules = businessRules; _nLogLogger = new NLogLogger(ApplicationCookieUtilities.ReturnFunctionFromActionContext(this.ActionContext)); }