public List <ApprovalDetails> Get(ApprovalRequest Request)
{
if (!this.Request.Items.ContainsKey("auth:user"))
{
return(null);
}
DataModels.Token token = this.Request.Items.GetValue <DataModels.Token>("auth:token");
if (!token.scope.Contains("sjrb.oauth.authorizations"))
{
throw new TokenRequestError(ErrorCodes.invalid_scope, "sjrb.oauth.authorizations scope is required");
}
ResourceOwner user = this.Request.Items.GetValue <ResourceOwner>("auth:user");
string[] memberof = user.GetValues <string>("memberOf");
List <Approval> approvals = null;
if (memberof != null && memberof.Contains("CN=NCC - Tool Support - RWS,OU=Security,OU=Mail Enabled,OU=Groups,OU=Corp,DC=SJRB,DC=AD"))
{
if (!string.IsNullOrWhiteSpace(Request.resource_owner_id))
{
approvals = ApprovalModel.GetApprovalByResourceOwner(Request.resource_owner_id);
}
if (!string.IsNullOrWhiteSpace(Request.client_id))
{
approvals = ApprovalModel.GetApprovalByClientID(Request.client_id);
}
}
if (approvals == null)
{
approvals = ApprovalModel.GetApprovalByResourceOwner(user);
}
//Dictionary<string, ResourceOwner> owners = ResourceOwnerModel.GetByIDs(approvals.ConvertAll(cur => cur.resource_owner_id).Distinct()).ToDictionary(cur => cur.id);
Dictionary <string, Client> clients = ClientModel.GetClients(approvals.ConvertAll(cur => cur.client_id).Distinct()).ToDictionary(cur => cur.id);
return(approvals.ConvertAll(toConvert => new ApprovalDetails
{
client = clients[toConvert.client_id],
//resource_owner = owners[toConvert.resource_owner_id],
resource_owner_id = toConvert.resource_owner_id,
client_id = toConvert.client_id,
refresh_token = toConvert.refresh_token,
scope = toConvert.scope,
type = toConvert.type,
}).ToList());
}
public void RequestFilter(IHttpRequest req, IHttpResponse res, object requestDto)
{
string auth = req.Headers.Get("Authorization");
bool validUser = false;
if (!string.IsNullOrWhiteSpace(auth))
{
Match rawToken = MATCH_TOKEN.Match(auth);
if (rawToken.Success && rawToken.Groups["token_type"].Success && rawToken.Groups["token"].Success)
{
DataModels.Token token = TokenModel.GetToken <DataModels.Token>(rawToken.Groups["token"].Value);
req.Items.Add("auth:rawtoken", rawToken);
if (SetToken)
{
req.Items.Add("auth:token", token);
}
if (SetClient)
{
req.Items.Add("auth:client", ClientModel.GetClientByID(token.client_id));
}
if (!string.IsNullOrWhiteSpace(token.resource_owner_id) && SetUser)
{
DataModels.ResourceOwner owner = ResourceOwnerModel.GetByID(token.resource_owner_id);
if (owner != null)
{
req.Items.Add("auth:user", owner);
validUser = true;
}
}
}
}
if (RequireValidUser && !validUser)
{
res.StatusCode = (int)System.Net.HttpStatusCode.Unauthorized;
res.StatusDescription = "Valid bearer token required";
res.AddHeader("WWW-Authenticate", "OAuth2 realm=\"{0}\"".Fmt(req.GetApplicationUrl()));
res.Close();
}
}
public void Delete(ApprovalRequest Request)
{
if (!this.Request.Items.ContainsKey("auth:user"))
{
return;
}
DataModels.Token token = this.Request.Items.GetValue <DataModels.Token>("auth:token");
if (!token.scope.Contains("sjrb.oauth.authorizations"))
{
throw new TokenRequestError(ErrorCodes.invalid_scope, "sjrb.oauth.authorizations scope is required");
}
ResourceOwner user = this.Request.Items.GetValue <ResourceOwner>("auth:user");
string[] memberof = user.GetValues <string>("memberOf");
if (string.IsNullOrWhiteSpace(Request.client_id))
{
throw new ArgumentException("client_id is required", "client_id");
}
if (string.IsNullOrWhiteSpace(Request.resource_owner_id))
{
Request.resource_owner_id = user.id;
}
if (memberof != null && !memberof.Contains("CN=NCC - Tool Support - RWS,OU=Security,OU=Mail Enabled,OU=Groups,OU=Corp,DC=SJRB,DC=AD") &&
Request.resource_owner_id != user.id)
{
throw new Exception("You do not have access to delete this approval");
}
if (!ApprovalModel.DeleteApproval(Request.client_id, Request.resource_owner_id))
{
Response.StatusCode = (int)HttpStatusCode.InternalServerError;
}
}
public bool DeleteToken(DataModels.Token Token)
{
return(DeleteToken(Token.access_token, Token.client_id, Token.resource_owner_id));
}
