public List <ApprovalDetails> Get(ApprovalRequest Request) { if (!this.Request.Items.ContainsKey("auth:user")) { return(null); } DataModels.Token token = this.Request.Items.GetValue <DataModels.Token>("auth:token"); if (!token.scope.Contains("sjrb.oauth.authorizations")) { throw new TokenRequestError(ErrorCodes.invalid_scope, "sjrb.oauth.authorizations scope is required"); } ResourceOwner user = this.Request.Items.GetValue <ResourceOwner>("auth:user"); string[] memberof = user.GetValues <string>("memberOf"); List <Approval> approvals = null; if (memberof != null && memberof.Contains("CN=NCC - Tool Support - RWS,OU=Security,OU=Mail Enabled,OU=Groups,OU=Corp,DC=SJRB,DC=AD")) { if (!string.IsNullOrWhiteSpace(Request.resource_owner_id)) { approvals = ApprovalModel.GetApprovalByResourceOwner(Request.resource_owner_id); } if (!string.IsNullOrWhiteSpace(Request.client_id)) { approvals = ApprovalModel.GetApprovalByClientID(Request.client_id); } } if (approvals == null) { approvals = ApprovalModel.GetApprovalByResourceOwner(user); } //Dictionary<string, ResourceOwner> owners = ResourceOwnerModel.GetByIDs(approvals.ConvertAll(cur => cur.resource_owner_id).Distinct()).ToDictionary(cur => cur.id); Dictionary <string, Client> clients = ClientModel.GetClients(approvals.ConvertAll(cur => cur.client_id).Distinct()).ToDictionary(cur => cur.id); return(approvals.ConvertAll(toConvert => new ApprovalDetails { client = clients[toConvert.client_id], //resource_owner = owners[toConvert.resource_owner_id], resource_owner_id = toConvert.resource_owner_id, client_id = toConvert.client_id, refresh_token = toConvert.refresh_token, scope = toConvert.scope, type = toConvert.type, }).ToList()); }
public void RequestFilter(IHttpRequest req, IHttpResponse res, object requestDto) { string auth = req.Headers.Get("Authorization"); bool validUser = false; if (!string.IsNullOrWhiteSpace(auth)) { Match rawToken = MATCH_TOKEN.Match(auth); if (rawToken.Success && rawToken.Groups["token_type"].Success && rawToken.Groups["token"].Success) { DataModels.Token token = TokenModel.GetToken <DataModels.Token>(rawToken.Groups["token"].Value); req.Items.Add("auth:rawtoken", rawToken); if (SetToken) { req.Items.Add("auth:token", token); } if (SetClient) { req.Items.Add("auth:client", ClientModel.GetClientByID(token.client_id)); } if (!string.IsNullOrWhiteSpace(token.resource_owner_id) && SetUser) { DataModels.ResourceOwner owner = ResourceOwnerModel.GetByID(token.resource_owner_id); if (owner != null) { req.Items.Add("auth:user", owner); validUser = true; } } } } if (RequireValidUser && !validUser) { res.StatusCode = (int)System.Net.HttpStatusCode.Unauthorized; res.StatusDescription = "Valid bearer token required"; res.AddHeader("WWW-Authenticate", "OAuth2 realm=\"{0}\"".Fmt(req.GetApplicationUrl())); res.Close(); } }
public void Delete(ApprovalRequest Request) { if (!this.Request.Items.ContainsKey("auth:user")) { return; } DataModels.Token token = this.Request.Items.GetValue <DataModels.Token>("auth:token"); if (!token.scope.Contains("sjrb.oauth.authorizations")) { throw new TokenRequestError(ErrorCodes.invalid_scope, "sjrb.oauth.authorizations scope is required"); } ResourceOwner user = this.Request.Items.GetValue <ResourceOwner>("auth:user"); string[] memberof = user.GetValues <string>("memberOf"); if (string.IsNullOrWhiteSpace(Request.client_id)) { throw new ArgumentException("client_id is required", "client_id"); } if (string.IsNullOrWhiteSpace(Request.resource_owner_id)) { Request.resource_owner_id = user.id; } if (memberof != null && !memberof.Contains("CN=NCC - Tool Support - RWS,OU=Security,OU=Mail Enabled,OU=Groups,OU=Corp,DC=SJRB,DC=AD") && Request.resource_owner_id != user.id) { throw new Exception("You do not have access to delete this approval"); } if (!ApprovalModel.DeleteApproval(Request.client_id, Request.resource_owner_id)) { Response.StatusCode = (int)HttpStatusCode.InternalServerError; } }
public bool DeleteToken(DataModels.Token Token) { return(DeleteToken(Token.access_token, Token.client_id, Token.resource_owner_id)); }