public static async Task <Error> CheckContentAccessRightAsync(this CreyRestClient creyRestClient, SessionInfo sessionInfo, int contentOwnerId)
{
if (sessionInfo.AccountId == 0)
{
return(ErrorCodes.AccountNotFound.IntoError($"Login required"));
}
if (sessionInfo.AccountId == contentOwnerId)
{
return(Error.NoError);
}
// from this point only ContentDev role is required for the logged in user
if (!sessionInfo.Roles.Contains(UserRoles.ContentDev))
{
return(ErrorCodes.AccessDenied.IntoError($"Content dev role required"));
}
// both user (requesting and owner) are content dev
var res = await creyRestClient.GetRolesSetAsync(contentOwnerId);
if (!res.Contains(UserRoles.ContentDev))
{
return(ErrorCodes.AccessDenied.IntoError($"Cannot acces content of owner ({contentOwnerId}) as user has no contentdev role ({res}). (You have: {sessionInfo.AccountId})"));
}
else
{
return(Error.NoError);
}
}
public MigrationHelperController(
CreyRestClient creyRestClient,
ApplicationDbContext applicationDb)
{
_creyRestClient = creyRestClient;
_applicationDb = applicationDb;
}
public EmailSender(
MandrillApi mandrillApi,
IIDInfoAccessor idInfoAccessor,
ICreyService <AccountRepository> accountRepository,
CreyRestClient creyRestClient,
IConfiguration configuration)
{
mandrillApi_ = mandrillApi;
idInfoAccessor_ = idInfoAccessor;
accountRepository_ = accountRepository;
creyRestClient_ = creyRestClient;
var isProduction = configuration.IsProductionSlot();
internalInvoiceEmailAddress_ = configuration.GetValue <string>("internalInvoiceEmailAddress");
if (string.IsNullOrEmpty(internalInvoiceEmailAddress_))
{
internalInvoiceEmailAddress_ = isProduction
? "*****@*****.**"
: "*****@*****.**";
}
feedbackEmailAddress_ = configuration.GetValue <string>("feedbackEmailAddress");
if (string.IsNullOrEmpty(feedbackEmailAddress_))
{
feedbackEmailAddress_ = isProduction
? "*****@*****.**"
: "*****@*****.**";
}
}
public static Task SetUserAvatar(this CreyRestClient creyRestClient, int avatarId)
{
return(creyRestClient.CreateRequest(
HttpMethod.Put,
AvatarDefaults.SERVICE_NAME,
$"/avatar/api/v1/avatars/{avatarId}")
.AddUserAuthentication()
.SendAndTryAckAsync());
}
public async Task <ActionResult> SetEmailStatusAsync(PatchEmailStatus param,
[FromServices] ICreyService <AccountRepository> accounts,
[FromServices] IIDInfoAccessor idInfo,
[FromServices] CreyRestClient creyRestClient)
{
var sessionInfo = idInfo.GetSessionInfo();
await accounts.Value.SetEmailStatusAsync(sessionInfo.AccountId, param);
return(Ok());
}
public AccountIdAuthenticationHandler(
IOptionsMonitor <AccountIdAuthenticationOptions> options,
ILoggerFactory logger,
UrlEncoder encoder,
ISystemClock clock,
CreyRestClient creyRestClient)
: base(options, logger, encoder, clock)
{
creyRestClient_ = creyRestClient;
}
public async Task <EmailStatus> GetEmailStatus(
[FromServices] ICreyService <AccountRepository> accounts,
[FromServices] IIDInfoAccessor idInfo,
[FromServices] CreyRestClient creyRestClient)
{
var sessionInfo = idInfo.GetSessionInfo();
var status = await accounts.Value.GetEmailStatusAsync(sessionInfo.AccountId);
return(status);
}
public static async Task <HashSet <string> > GetRolesSetAsync(this CreyRestClient creyClient, int accountId)
{
var content = new List <KeyValuePair <string, string> >
{
new KeyValuePair <string, string>("accountId", accountId.ToString()),
};
return((await creyClient.GetAsync <List <string>, Error>(AuthenticationDefaults.SERVICE_NAME, $"api/v2/accounts/roles", null, new FormUrlEncodedContent(content)))
.UnwrapOr(err => throw new CommandErrorException <NoData>(err.Message))
.ToHashSet());
}
public static Task <UserProfileInfo> GetUserProfileAsync(this CreyRestClient creyRestClient, int accountId)
{
return(creyRestClient
.CreateRequest(HttpMethod.Get, AuthenticationDefaults.SERVICE_NAME, $"/api/v1/userprofile")
.AddUserAuthentication()
.SetContentUrlEncoded(new List <KeyValuePair <string, string> >
{
new KeyValuePair <string, string>("accountId", accountId.ToString()),
})
.SendAndParseAsync <UserProfileInfo>());
}
public static async Task <SignInResult> SignInWithAccountIdAsync(this CreyRestClient creyClient, int accountId)
{
var content = new List <KeyValuePair <string, string> >
{
new KeyValuePair <string, string>("accountId", accountId.ToString()),
};
var result = (await creyClient.PostAsync <SignInResult, Error>(AuthenticationDefaults.SERVICE_NAME, "api/v1/accounts/signin/accountId", null, new FormUrlEncodedContent(content)))
.UnwrapOr(err =>
{
throw new CommunicationErrorException($"sigin in ba account id failed: {err}");
});
return(result);
}
public static async Task <Result <SignInResult, Error> > SignInWithKeyAsync(this CreyRestClient creyClient, string key)
{
var content = new List <KeyValuePair <string, string> >
{
new KeyValuePair <string, string>("key", key),
};
var result = await creyClient.PostAsync <SignInResult, Error>(AuthenticationDefaults.SERVICE_NAME, "api/v1/accounts/signin/key", null, new FormUrlEncodedContent(content));
if (!result.IsOk)
{
return(result);
}
return(result);
}
public static async Task <Result <SignInResult, Error> > CheckKeyAsync(this CreyRestClient creyClient, string key, string userAgent)
{
var request = creyClient.CreateRequest(HttpMethod.Post, AuthenticationDefaults.SERVICE_NAME, "/api/v1/accounts/signin/test");
if (!userAgent.IsNullOrEmpty())
{
// C++ client and asset uploader user "siteId" parameter instead of User-Agent header, to be fixed when they migrate to IAM login
request.AddUserAgentHeader(userAgent);
}
return(await request
.SetContentUrlEncoded(new List <KeyValuePair <string, string> > {
new KeyValuePair <string, string>("key", key)
})
.SendAndParseAsync <SignInResult>());
}
public SessionRepository(
ILogger <SessionRepository> logger,
IConfiguration configuration,
ApplicationDbContext appDBContext,
UserManager <ApplicationUser> userManager,
ICreyService <SessionTokenRepository> sessionTokenRepository,
ICreyService <AccountRepository> accountRepository,
CreyRestClient creyRestClient)
{
logger_ = logger;
configuration_ = configuration;
appDBContext_ = appDBContext;
userManager_ = userManager;
sessionTokenRepository_ = sessionTokenRepository;
creyRestClient_ = creyRestClient;
accountRepository_ = accountRepository;
}
public RegistrationHandler(
UserManager <ApplicationUser> userManager,
ICreyService <AccountRepository> accountRepo,
ICreyService <IFeatureGate> featureGate,
AnalyticsClient analyticsClient,
CreyModeratorClient moderation,
CreyRestClient creyRestClient,
ICreyService <EmailSender> emailSender)
{
userManager_ = userManager;
accountRepo_ = accountRepo;
featureGate_ = featureGate;
analyticsClient_ = analyticsClient;
moderation_ = moderation;
creyRestClient_ = creyRestClient;
emailSender_ = emailSender;
}
public static Task CreateUserProfileAsync(
this CreyRestClient creyRestClient,
int accountId,
string displayName,
bool newsletterSubscribed,
DateTime?dateOfBirth)
{
return(creyRestClient
.CreateRequest(HttpMethod.Put, AuthenticationDefaults.SERVICE_NAME, $"/userprofiles/s2s/v1/users/{accountId}")
.AddS2SHeader()
.SetContentJsonBody(new CreateUserProfileData
{
DisplayName = displayName,
NewsletterSubscribed = newsletterSubscribed,
DateOfBirth = dateOfBirth
})
.SendAndAckAsync());
}
public static async Task <SignInResult> SignInWithEmailAsync(this CreyRestClient creyClient, string siteId, string emailOrNick, string password)
{
var content = new List <KeyValuePair <string, string> >
{
new KeyValuePair <string, string>("siteId", siteId),
new KeyValuePair <string, string>("emailOrUsername", emailOrNick),
new KeyValuePair <string, string>("password", password),
};
var result = await creyClient.PostAsync <SignInResult, Error>(AuthenticationDefaults.SERVICE_NAME, "api/v1/accounts/signin/user", null, new FormUrlEncodedContent(content));
if (!result.IsOk)
{
throw new ServerErrorException($"Sign in with email failed with {result.Error.ErrorCode} - {result.Error.Message}");
}
return(result.Ok);
}
public AccountRepository(
ILogger <AccountRepository> logger,
IConfiguration configuration,
ApplicationDbContext appDBContext,
UserManager <ApplicationUser> userManager,
RoleManager <IdentityRole> roleManager,
ICreyService <SessionTokenRepository> sessionTokenRepository,
CreyRestClient creyRestClient,
IIDInfoAccessor idInfo,
CreyMessageBroker <IAccountServiceBusMessage> accountMessageBroker)
{
logger_ = logger;
configuration_ = configuration;
appDBContext_ = appDBContext;
userManager_ = userManager;
roleManager_ = roleManager;
sessionTokenRepository_ = sessionTokenRepository;
creyRestClient_ = creyRestClient;
idInfo_ = idInfo;
accountMessageBroker_ = accountMessageBroker;
}
public static async Task ValidateContentAccessRightAsync(this CreyRestClient creyRestClient, UserInfo userInfo, int contentOwnerId)
{
if (userInfo.AccountId != contentOwnerId)
{
if (userInfo.AccountId == 0)
{
throw new AccountNotFoundException("Login required");
}
// from this point only ContentDev role is required for the logged in user
if (!userInfo.Roles.Contains(UserRoles.ContentDev))
{
throw new AccessDeniedException("Content dev role required");
}
// both user (requesting and owner) are content dev
var contentOwner = await creyRestClient.GetUserInfoAsync(contentOwnerId);
if (!contentOwner.Roles.Contains(UserRoles.ContentDev))
{
throw new AccessDeniedException($"Cannot acces content of owner ({contentOwnerId}) as user has no ContentDev role ({contentOwner}). (You have: {userInfo.AccountId})");
}
}
}
public RestThumbnailVoteRepository(CreyRestClient creyClient)
{
creyClient_ = creyClient;
}
public SignatureFlowService(IConfiguration configuration, ICreyService <AccountRepository> users, CreyRestClient http)
{
secret_ = configuration.GetValue <string>("COOKIE-SESSIONINFO-SECRET");
users_ = users;
http_ = http;
}
public RestPrefabsRepository(CreyRestClient creyClient)
{
creyClient_ = creyClient;
}
public static Task <Result <Crey.Contracts.NoData, HttpResponseMessage> > PseudonymizeUserProfileAsync(this CreyRestClient creyRestClient, int accountId)
{
return(creyRestClient
.CreateRequest(HttpMethod.Put, AuthenticationDefaults.SERVICE_NAME, $"/userprofile/s2s/v1/userprofile/{accountId}/delete")
.AddUserAuthentication()
.AddS2SHeader()
.SendAndTryAckAsync());
}
public static Task <UserInfo> GetUserInfoAsync(this CreyRestClient creyClient, int accountId)
{
var request = creyClient.CreateRequest(HttpMethod.Get, IAMDefaults.SERVICE_NAME, $"/iam/s2s/accounts/{accountId}/roles").AddS2SHeader();
return(request.SendAndParseAsync <UserInfo>());
}
public static Task <SessionInfo> ImpersonateAccount(this CreyRestClient creyClient, int accountId)
{
var request = creyClient.CreateRequest(HttpMethod.Post, IAMDefaults.SERVICE_NAME, $"/iam/s2s/accounts/{accountId}/signin").AddS2SHeader();
return(request.SendAndParseAsync <SessionInfo>());
}
public static async Task <Result <NoData, Error> > SignOutAsync(this CreyRestClient creyClient)
{
var result = await creyClient.PostAsync <NoData, Error>(AuthenticationDefaults.SERVICE_NAME, "api/v1/accounts/signout", null, null);
return(result);
}
public static Task <Result <SessionInfo, HttpResponseMessage> > ValidateKeyAsync(this CreyRestClient creyClient, string key, string userAgent)
{
var request = creyClient.CreateRequest(HttpMethod.Post, IAMDefaults.SERVICE_NAME, "/iam/s2s/accounts/validate/key").AddS2SHeader();
if (!userAgent.IsNullOrEmpty())
{
request.AddUserAgentHeader(userAgent);
}
request.SetContentJsonBody(new CheckKeyParams {
Key = key
});
return(request.SendAndTryParseAsync <SessionInfo>());
}