public BusinessContextController(IProgressConnection connection, ICacheWrapper appCache)
{
this.connection = connection;
this._appCache = appCache;
this._tokenObject = ApplicationCookieUtilities.Principal(HttpContext.Current.User, out var _);
this._appCache.TokenObject = this._tokenObject;
}
public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext)
{
// PMC 07/14/2016 - IBM AppScan - This has been manually reviewed and passed as being safe Manipulating the response that we are composing
if (actionExecutedContext.Response != null)
{
actionExecutedContext.Response.Content.Headers.Remove(ApplicationCookieUtilities.TokenName);
if (!System.Web.HttpContext.Current.User.Identity.IsAuthenticated)
{
return;
}
var myprincipal = System.Web.HttpContext.Current.User as ServiceInterfacePrincipal;
if (myprincipal?.TokenObject == null || myprincipal?.TokenObject.SessionidGuid == Guid.Empty)
{
return;
}
var progressSettings = DependencyResolver.Current.GetService <IProgressConfiguration>();
if (string.IsNullOrEmpty(progressSettings.ApplicationEncryptKey) ||
string.IsNullOrEmpty(progressSettings.ApplicationEncryptIv))
{
var nLogLogger = new NLogLogger(TokenHeaderAddExceptionText);
nLogLogger.Error("Encrypt Key and/or Encrypt IV are empty, the application will not operate. Ensure they are set in the web.config");
return;
}
var token = ApplicationCookieUtilities.ObjectToToken(myprincipal.TokenObject, progressSettings.ApplicationEncryptKey, progressSettings.ApplicationEncryptIv);
actionExecutedContext.Response.Content.Headers.Add(ApplicationCookieUtilities.TokenName, token);
}
}
public NLogLogger(string name, string function)
{
var loggingParams = ApplicationCookieUtilities.GetLoggingParams(HttpContext.Current.User, function);
var callGuid = (string.IsNullOrEmpty(loggingParams.tenant) ? "" : loggingParams.tenant) + loggingParams.cono + loggingParams.oper.StripOffDomain() + loggingParams.callGuid;
SetCommonMdcs(loggingParams.tenant, loggingParams.oper, loggingParams.cono, loggingParams.sessionid, loggingParams.function, loggingParams.host, callGuid);
this.Logger = LogManager.GetLogger(name);
}
public void SetConnectionFromToken()
{
var tokenObject = ApplicationCookieUtilities.Principal(HttpContext.Current.User, out var _);
this.connection.SessionId = tokenObject.Sessionid;
this.connection.Operator = tokenObject.Oper;
this.connection.CompanyNumber = tokenObject.Cono;
this.connection.CurrentUiCulture = tokenObject.CurrentUiCulture;
}
public LogoutResults Logout()
{
var loggingParams = ApplicationCookieUtilities.GetLoggingParams(HttpContext.Current.User, CommonStrings.Login_Renew);
var logoutResult = this.loginService.Logout(new LoginRequestModel {
Oper = loggingParams.oper, Tenant = loggingParams.tenant, Cono = loggingParams.cono
}, this.ActionContext.Request.Headers.Host, loggingParams.sessionid);
return(logoutResult);
}
public long Renew()
{
var loggingParams = ApplicationCookieUtilities.GetLoggingParams(HttpContext.Current.User, CommonStrings.Login_Renew);
var numberOfMinutes = this.loginService.Renew(new LoginRequestModel {
Oper = loggingParams.oper, Tenant = loggingParams.tenant, Cono = loggingParams.cono
}, this.ActionContext.Request.Headers.Host, loggingParams.sessionid);
_nLogLogger.Info(CommonStrings.Logging_Success + "Renew");
return(numberOfMinutes);
}
public JsonViewService(AssharedinquiryRepository assharedinquiryRepository, AssharedentryRepository assharedentryRepository, PvUserRepository pvUserRepository, SastaRepository sastaRepository)
{
this._assharedinquiryRepository = assharedinquiryRepository;
this._assharedentryRepository = assharedentryRepository;
this._pvUserRepository = pvUserRepository;
this._sastaRepository = sastaRepository;
string myhost;
this._tokenObject = ApplicationCookieUtilities.Principal(HttpContext.Current.User, out myhost);
}
private static IProgressConnection InitProgressConnection()
{
var connection = new ProgressConnection(DependencyResolver.Current.GetService <Connection>());
string host;
var tokenObject = ApplicationCookieUtilities.Principal(HttpContext.Current.User, out host);
connection.CompanyNumber = tokenObject.Cono;
connection.Operator = tokenObject.Oper.StripOffDomain();
connection.SessionId = tokenObject.SessionidGuid.ToString("D");
connection.CurrentUiCulture = tokenObject.CurrentUiCulture;
connection.DefaultRecordCount = tokenObject.DefaultRecordLimit;
return(connection);
}
protected void Application_AuthenticateRequest(Object sender, EventArgs e)
{
// PMC 07/16/2016 - IBM AppScan - This has been manually reviewed and passed as being safe
// Encrypted Token is validated. Any issues will cause the request to be returned as 401 Unauthorized
var tokenObject = new TokenObject();
var token = this.Context.Request.Headers[ApplicationCookieUtilities.TokenName];
if (!string.IsNullOrEmpty(token))
{
var progressSettings = DependencyResolver.Current.GetService <IProgressConfiguration>();
ApplicationCookieUtilities.TokenToObject(token, progressSettings.ApplicationEncryptKey, progressSettings.ApplicationEncryptIv, out tokenObject);
}
var callGuid = this.Context.Request.Headers[ApplicationCookieUtilities.CallGuidName];
var bearerToken = this.Context.Request.Headers[ApplicationCookieUtilities.BearerToken];
var serviceInterfacePrincipal = new ServiceInterfacePrincipal(tokenObject, this.Context.Request.Url.Host, this.Context.Request.UrlReferrer, new ProgressConfiguration().SSoEnabled ? Thread.CurrentPrincipal.Identity : new GenericIdentity(tokenObject.Oper), callGuid, bearerToken);
this.Context.User = serviceInterfacePrincipal;
}
public IntegrationService(ICacheWrapper appCache, CoudSuiteWebClient webClient, IProgressConnection connection, IProgressConfiguration progressConfiguration)
{
this._appCache = appCache;
this._connection = connection;
this._progressConfiguration = progressConfiguration;
this._tokenObject = ApplicationCookieUtilities.Principal(HttpContext.Current.User, out _);
this._appCache.TokenObject = this._tokenObject;
_supportedRepositories = new Dictionary <string, SupportedRespository>
{
{
"icsw", new SupportedRespository {
IdmEntityType = "Item_Images", IdmRepository = "icsw", Formatter = "@Product_Number = \"{0}\""
}
}
};
this._bearerToken = StringProtector.Unprotect(ApplicationCookieUtilities.BearerTokenValue(HttpContext.Current.User), new ProgressConfiguration().ApplicationEncryptKey,
new ProgressConfiguration().ApplicationEncryptIv);
}
public static string Generate(NLogLogger myLogger)
{
if (!System.Web.HttpContext.Current.User.Identity.IsAuthenticated)
{
return("");
}
var myprincipal = System.Web.HttpContext.Current.User as ServiceInterfacePrincipal;
if (myprincipal?.TokenObject == null || myprincipal?.TokenObject.SessionidGuid == Guid.Empty)
{
return("");
}
var progressSettings = new ProgressConfiguration();
if (string.IsNullOrEmpty(progressSettings.ApplicationEncryptKey) ||
string.IsNullOrEmpty(progressSettings.ApplicationEncryptIv))
{
myLogger.Error("Encrypt Key and/or Encrypt IV are empty, the application will not operate. Ensure they are set in the web.config");
return("");
}
return(ApplicationCookieUtilities.ObjectToToken(myprincipal.TokenObject, progressSettings.ApplicationEncryptKey, progressSettings.ApplicationEncryptIv));
}
private void DoBusinessRules(LoginResponseModel loginResponseModel)
{
if (loginResponseModel.Success)
{
string myhost;
var progressConfiguration = new ProgressConfiguration();
var tokenObject = ApplicationCookieUtilities.Principal(HttpContext.Current.User, out myhost);
this.rules = this.businessRules.GetConfigurationAtLogin(tokenObject.Cono);
if (this.rules.Any())
{
tokenObject.IdmConsumerKey = progressConfiguration.InforIdmConsumerKey;
tokenObject.IdmSharedSecret = progressConfiguration.InforIdmSharedSecret;
tokenObject.InforIdmCacheExpirationAbsolute = progressConfiguration.InforIdmCacheExpirationAbsolute;
tokenObject.IdmUrl = this.ReturnRuleValue <string>("Infor.Webui-IDMUrl");
tokenObject.IonApiUrl = this.ReturnRuleValue <string>("Infor.Webui-IonApiUrl");
tokenObject.DefaultRecordLimit = this.ReturnRuleValue <int>("Infor.Webui-UserSettings.DefaultRecordLimit");
tokenObject.ReportRecordLimit = this.ReturnRuleValue <int>("Infor.Webui-UserSettings.ReportRecordLimit");
tokenObject.LookupMaxResults = this.ReturnRuleValue <int>("Infor.Webui-UserSettings.LookupMaxResults");
loginResponseModel.DefaultRecordLimit = this.ReturnRuleValue <int>("Infor.Webui-UserSettings.DefaultRecordLimit");
loginResponseModel.ReportRecordLimit = this.ReturnRuleValue <int>("Infor.Webui-UserSettings.ReportRecordLimit");
loginResponseModel.LookupMaxResults = this.ReturnRuleValue <int>("Infor.Webui-UserSettings.LookupMaxResults");
loginResponseModel.SuppressBusinessContext = this.ReturnRuleValue <bool>("Infor.Webui-Messaging.SuppressinforBusinessContext");
loginResponseModel.RestAccessUrl = this.ReturnRuleValue <string>("Infor.Webui-RESTAccessURL");
loginResponseModel.PendoApiKey = this.ReturnRuleValue <string>("Infor.Webui-PendoApiKey");
loginResponseModel.TryAndBuy = this.ReturnRuleValue <string>("Infor.Webui-TryAndBuy");
loginResponseModel.ShowImages = this.ReturnRuleValue <bool>("Infor.Webui-IDMShowImages");
loginResponseModel.CallRetryDelay = this.ReturnRuleValue <int>("Infor.Webui-CallRetryDelay");
loginResponseModel.CallRetryLimit = this.ReturnRuleValue <int>("Infor.Webui-CallRetryLimit");
tokenObject.RestAccessUrl = loginResponseModel.RestAccessUrl;
}
else
{
_nLogLogger.Error("No Business Rules where returned - SASBRLoad - [category = CONFIG, nodenm = Infor.Webui]. The application will not perform correctly");
}
}
}
public CenPosModel BuildCenPosUrl(
string operation,
int mediacd,
decimal custno,
string shipTo,
string whse,
string tokenId,
string invoiceNo,
string oneTimeType,
decimal amountdecimal,
bool runArsocPrecall,
string ipaddress = "",
decimal taxAmount = 0)
{
operation = operation.ToLower(CultureInfo.InvariantCulture);
oneTimeType = oneTimeType.ToLower(CultureInfo.InvariantCulture);
if ((operation != "sale") && (operation != "auth") && (operation != "add") && (operation != "modify") &&
(operation != "delete") && (operation != "signature"))
{
ErrorReportingHelper.ReportErrors("error.credit.card.invalidoperation", 421);
}
string myhost;
var tokenObject = ApplicationCookieUtilities.Principal(HttpContext.Current.User, out myhost);
switch (operation)
{
case "add":
if (runArsocPrecall)
{
var asarsetupARSOCCreditCardAddValidateRequestAPI =
new AsarsetupARSOCCreditCardAddValidateRequestAPI
{
dCustno = custno,
cShipTo = shipTo,
cMediaCd = mediacd.ToString()
};
this.asarsetupRepository.ARSOCCreditCardAddValidate(asarsetupARSOCCreditCardAddValidateRequestAPI);
}
break;
}
var merchantOveeride = false;
var merchantId = string.Empty;
var merchantUserId = string.Empty;
var merchantUserPw = string.Empty;
if (operation.Equals("auth") ||
operation.Equals("sale"))
{
var merchantResult = this.asoeheaderRepository.LoadOETenderingMerchant(whse, mediacd);
if (!string.IsNullOrEmpty(merchantResult?.cMerchantID) && !string.IsNullOrEmpty(merchantResult.cMerchantUserID) && !string.IsNullOrEmpty(merchantResult.cMerchantUserPW))
{
merchantOveeride = true;
merchantId = merchantResult.cMerchantID;
merchantUserId = merchantResult.cMerchantUserID;
merchantUserPw = merchantResult.cMerchantUserPW;
}
}
var sastn = this.sastnRepository.Get(tokenObject.Cono, "p", mediacd, 1, "processor,addtaxfl,chkauth,ccaddontype,ccaddon");
if (sastn == null)
{
ErrorReportingHelper.ReportErrors("error.credit.card.nosastn", 421);
return(null);
}
if (string.IsNullOrEmpty(sastn.processor))
{
ErrorReportingHelper.ReportErrors("error.credit.card.sastpempty", 421);
}
var sastplookupcriteria = new Sastplookupcriteria()
{
processno = Convert.ToInt32(sastn.processor)
};
var sastp = this.assainquiryRepository.SASTPlookup(sastplookupcriteria);
if (string.IsNullOrEmpty(sastp?.callingURLH5))
{
ErrorReportingHelper.ReportErrors("error.credit.card.nosastp", 421);
}
var sb = new StringBuilder();
sb.Append(sastp.callingURLH5);
var cenPosModel = new CenPosModel();
switch (operation)
{
case "signature":
cenPosModel.PopTitleType = "cenpos.popup.signature";
sb.Append("?type=signature");
break;
case "sale":
if (sastn.addtaxfl)
{
if (string.Equals(oneTimeType, "sale") || string.Equals(oneTimeType, "roa"))
{
sb.Append("?type=SALE");
cenPosModel.PopTitleType = "global.cenpos.one.time.sale";
}
else if (string.Equals(oneTimeType, "credit"))
{
sb.Append("?type=Credit");
cenPosModel.PopTitleType = "global.cenpos.one.time.credit";
}
}
if (sastn.chkauth)
{
if (string.Equals(oneTimeType, "achdebit") || string.Equals(oneTimeType, "roa"))
{
sb.Append("?type=ACHDebit");
cenPosModel.PopTitleType = "global.cenpos.one.time.ach";
}
else if (string.Equals(oneTimeType, "achcredit"))
{
sb.Append("?type=ACHCredit");
cenPosModel.PopTitleType = "global.cenpos.one.time.ach.credit";
}
}
sb.Append("&amount=" + Math.Abs(amountdecimal));
sb.Append("&taxamount=" + (taxAmount));
sb.Append("&receipts=false");
break;
case "auth":
sb.Append("?type=Auth");
sb.Append("&taxamount=" + (taxAmount));
cenPosModel.PopTitleType = "global.cenpos.one.time.auth";
if (sastn.ccaddontype)
{
var newAmount = amountdecimal + sastn.ccaddon;
sb.Append("&amount=" + newAmount);
}
else
{
var addonPercentage = sastn.ccaddon / 100;
var addonAmount = amountdecimal * addonPercentage;
var newAmount = amountdecimal + addonAmount;
sb.Append("&amount=" + newAmount);
}
sb.Append("&receipts=false");
break;
case "add":
case "delete":
case "modify":
sb.Append(sastn.chkauth ? "?type=TokenCheck" : "?type=CreateToken");
if (operation == "add")
{
var taxableFlag = false;
if (string.IsNullOrEmpty(shipTo))
{
var arss = this.arssRepository.Get(tokenObject.Cono, custno, shipTo, 1, "taxablety");
if (arss != null)
{
taxableFlag = arss.taxablety.Equals("Y", StringComparison.InvariantCultureIgnoreCase) ||
arss.taxablety.Equals("V", StringComparison.InvariantCultureIgnoreCase);
}
}
else
{
var arsc = this.arscRepository.Get(tokenObject.Cono, custno, false, 1, "taxablety");
if (arsc != null)
{
taxableFlag = arsc.taxablety.Equals("Y", StringComparison.InvariantCultureIgnoreCase) ||
arsc.taxablety.Equals("V", StringComparison.InvariantCultureIgnoreCase);
}
}
sb.Append("&taxamount=" + (taxableFlag ? "1" : "0"));
}
if (sastn.chkauth && operation == "modify")
{
ErrorReportingHelper.ReportErrors("message.ach.tokens.cannot.be.modified", 421);
}
switch (operation)
{
case "add":
cenPosModel.PopTitleType = "cenpos.popup.onetimecardadd";
break;
case "modify":
cenPosModel.PopTitleType = "cenpos.popup.onetimecardmodify";
sb.Append("&operation=modify");
sb.Append("&token=" + tokenId);
sb.Append("&modifyavs=true");
break;
case "delete":
cenPosModel.PopTitleType = "cenpos.popup.onetimecarddelete";
sb.Append("&operation=delete");
sb.Append("&token=" + tokenId);
sb.Append("&modifyavs=true");
break;
}
break;
}
sb.Append("&merchantid=" + (merchantOveeride ? merchantId : sastp.processorvendorid));
sb.Append("&customercode=" + custno + (string.IsNullOrEmpty(shipTo) ? string.Empty : "|" + HttpUtility.UrlEncode(shipTo)));
sb.Append("&invoice=" + invoiceNo);
sb.Append("&userid=" + (merchantOveeride ? merchantUserId : sastp.processoruserid));
var encodedPassword = Encoding.UTF8.GetBytes(merchantOveeride ? merchantUserPw : sastp.processoruserpw);
var basePassword = Convert.ToBase64String(encodedPassword);
var httpPassword = HttpUtility.UrlEncode(basePassword);
sb.Append("&password="******"&sessionID=" + tokenObject.Cono.ToString("D4") + tokenObject.Oper.StripOffDomain());
// For the signature operation we tell cenpos to respond via a window message instead of a url redirect because of url size constraints
string responseType;
if (operation == "signature")
{
responseType = "message";
}
else
{
responseType = sastp.responseURLH5.StartsWith("https", StringComparison.CurrentCultureIgnoreCase) ? "Restful" : "get";
}
sb.Append("&ResponseType=" + responseType);
sb.Append("&RedirectType=self");
if (!string.IsNullOrEmpty(ipaddress))
{
sb.Append("&ip=" + ipaddress);
}
// PMC 02/09/2018 - IBM AppScan - Reviewed, this code is coded as it should be. The date time manipulation is to design.
var externalToken = DateTime.UtcNow.ToString("yyyy-MM-ddHH:mm:ss.fff", CultureInfo.InvariantCulture);
var addToResponse =
$"?cono={tokenObject.Cono}&oper={tokenObject.Oper.StripOffDomain()}&sessionidprogress={tokenObject.Sessionid}&tokenpostgres={externalToken}";
var request = AwsElbUtils.ReturnUrlRequired(HttpContext.Current.Request);;
// SAS 07/26/2016 - harcoding the repsonse URL for CenPOS
var responseUrl = request + "ui/app/modules/shared/cen-pos/cen-pos-response.html";
var encodedUrlResponse = Encoding.UTF8.GetBytes(responseUrl + addToResponse);
var baseUrlResponse = Convert.ToBase64String(encodedUrlResponse);
var httpUrlResponse = HttpUtility.UrlEncode(baseUrlResponse);
sb.Append("&urlresponse=" + httpUrlResponse);
cenPosModel.CenPosUri = sb.ToString();
this.assharedinquiryRepository.CenPOSLogURL(cenPosModel.CenPosUri);
return(cenPosModel);
}
public LoginApiController(ILoginService loginService, IBusinessRules businessRules)
{
this.loginService = loginService;
this.businessRules = businessRules;
_nLogLogger = new NLogLogger(ApplicationCookieUtilities.ReturnFunctionFromActionContext(this.ActionContext));
}
