public void GetComplianceUrlTest()
{
string destination = "test.htm";
string username = "******";
string description = "this & is a test description";
int timestamp = HL7AuthHelper.GetTimestamp();
string requestHash = string.Format("{0}|{1}|{2}|{3}",
username,
destination,
timestamp,
Trifolia.Config.AppSettings.HL7ApiKey);
string expected = string.Format(
"{0}?userid={1}&returnURL={2}&signingURL={2}&signingDescription={3}&requestHash={4}×tampUTCEpoch={5}&apiKey={6}",
"http://hl7.amg-hq.net/temp/mike/webservices/compliance_redirect.cfm",
username,
destination,
"this+%26+is+a+test+description",
HL7AuthHelper.GetEncrypted(requestHash, Trifolia.Config.AppSettings.HL7SharedKey),
timestamp,
Trifolia.Config.AppSettings.HL7ApiKey);
string actual = HL7AuthHelper.GetComplianceUrl(destination, username, description, timestamp);
Assert.AreEqual(expected, actual);
}
public void GetTimestampTest()
{
TimeSpan t = (DateTime.UtcNow - new DateTime(1970, 1, 1));
int expected = (int)t.TotalSeconds;
int actual = HL7AuthHelper.GetTimestamp();
Assert.AreEqual(expected, actual);
}
public void GetEncryptedTest()
{
string input = "test123";
string key = "abcdef";
string expected = "117666142a70ffe6b12aeed234dc61c216bb7ffd".ToUpper();
string actual = HL7AuthHelper.GetEncrypted(input, key);
Assert.AreEqual(expected, actual);
}
public ActionResult DoHL7Login(HL7LoginModel model)
{
string validateRequestHashFormat = string.Format("{0}|{1}|{2}", model.userid, model.timestampUTCEpoch, AppSettings.HL7ApiKey);
string validateRequestHash = HL7AuthHelper.GetEncrypted(validateRequestHashFormat, AppSettings.HL7SharedKey);
// The hash does not match what we expect, this is an invalid request
if (validateRequestHash != model.requestHash)
{
Log.For(this).Error("Invalid attempt to login as HL7 user with user ID {0} and request hash '{1}'", model.userid, model.requestHash);
return(Redirect("/?Message=" + App_GlobalResources.TrifoliaLang.HL7AttemptInvalid));
}
try
{
// Verify that the request sent from HL7 took less than 5 minutes
if (!HL7AuthHelper.ValidateTimestamp(model.timestampUTCEpoch))
{
Log.For(this).Warn("Request to login took longer than 5 minutes to reach the server.");
return(Redirect("/?Message=" + App_GlobalResources.TrifoliaLang.HL7AuthTimeout));
}
}
catch
{
Log.For(this).Error("Timestamp passed in request to HL7 login is not a valid timestamp: {0}", model.timestampUTCEpoch);
return(Redirect("/?Message=An error occurred while logging in."));
}
string userData = string.Format("{0}=HL7;{1}={2};{3}={4}", CheckPoint.AUTH_DATA_ORGANIZATION, CheckPoint.AUTH_DATA_USERID, model.userid, CheckPoint.AUTH_DATA_ROLES, model.roles);
FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, model.userid, DateTime.Now, DateTime.Now.AddDays(20), true, userData);
string encAuthTicket = FormsAuthentication.Encrypt(authTicket);
HttpCookie faCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encAuthTicket);
faCookie.Expires = DateTime.Now.AddDays(20);
if (Response.Cookies[FormsAuthentication.FormsCookieName] != null)
{
Response.Cookies.Set(faCookie);
}
else
{
Response.Cookies.Add(faCookie);
}
CheckPoint.Instance.CheckHL7Roles(model.userid, model.roles);
// Audit the login
AuditEntryExtension.SaveAuditEntry("Login", "Success", model.userid, "HL7");
// Either return the user to the specified url, or to the default homepage if none is specified
return(Redirect(!string.IsNullOrEmpty(model.ReturnUrl) ? model.ReturnUrl : "/"));
}
/// <summary>
/// Checks if the authenticated user is from the HL7 organization.
/// If yes, a redirect ActionResult is returned that forwards the user to the HL7 disclaimer page.
/// The action result includes a redirectUrl parameter that tells HL7 to redirect the user back to trifolia.
/// The redirectUrl parameter of the returned ActionResult includes the retAction passed to this method
/// and an implementationGuideId param for the ig.
/// </summary>
private ActionResult BeforeExport(ImplementationGuide ig, string retAction)
{
bool dy = false;
bool.TryParse(Request.Params["dy"], out dy);
// If the user is HL7 authenticated, they must sign a disclaimer before generating the IG
if (CheckPoint.Instance.OrganizationName == "HL7" && !dy)
{
Dictionary <string, string> authData = CheckPoint.Instance.GetAuthenticatedData();
string userId = authData["UserId"];
string url = HL7AuthHelper.GetComplianceUrl(
Url.Action(retAction, "Export", new { implementationGuideId = ig.Id, dy = true }, Request.Url.Scheme),
userId,
ig.Name);
return(Redirect(url));
}
return(null);
}
