public void RedirectsHtmlNotAuth()
{
var id = new Identity { IsAuthenticated = false };
var req = new HttpRequestDescriptor { User = new GenericPrincipal(id, null), Uri = new Uri("http://host/test.html") };
var auth = a.Authorize(req);
Assert.True(!string.IsNullOrWhiteSpace(auth.Redirect));
}
public void CustomRoleDeny() {
var id = new Identity { IsAuthenticated = true, User = new User()};
var req = new HttpRequestDescriptor { User = new GenericPrincipal(id, null), Uri = new Uri("http://host/roled.html") };
var auth = a.Authorize(req);
Assert.False(auth.Process);
Assert.NotNull(auth.Error);
}
public void DenyUnknownNotAuth()
{
var id = new Identity { IsAuthenticated = false };
var req = new HttpRequestDescriptor { User = new GenericPrincipal(id, null), Uri = new Uri("http://host/operation") };
var auth = a.Authorize(req);
Assert.NotNull(auth.Error);
}
public void Run(IHostServer server, WebContext context, string callbackEndPoint, CancellationToken cancel) {
var id = context.User.Identity as Identity;
if(null==id)throw new Exception("invalid identity type");
if (null == id.ImpersonationSource) {
if(!id.IsAdmin)throw new Exception("not admin");
}
var src = id.ImpersonationSource ?? id;
var p = RequestParameters.Create(context);
var to = p.Get("login");
Identity newid = null;
if (string.IsNullOrWhiteSpace(to)) {
newid = (Identity)src;
}
else {
var user = Users.GetUser(to);
if (null != user) {
newid = new Identity(user);
}
else {
newid =new Identity{Name = to, IsAuthenticated = true};
}
newid.ImpersonationSource = src;
}
context.User = new GenericPrincipal(newid,null);
var token = TokenService.Create(context.Request);
newid.Token = token;
TokenService.Store(context.Response,context.Request.Uri,token);
context.Finish(newid.stringify());
}
public IIdentity Logon(string username, SecureLogonInfo info, IScope context = null) {
if (null == UserService) {
return null;
}
var user = UserService.GetUser(username);
if (!StateChecker.IsSecureLogable(user)) {
return null;
}
var result = new Identity {
Name = username,
AuthenticationType = "secure"
};
var state = StateChecker.GetActivityState(user);
if (state != UserActivityState.Ok) {
result.IsError = true;
result.Error = new SecurityException(state.ToStr());
}
else {
try {
SecureLogonService.CheckSecureInfo(info, user, context);
result.IsAuthenticated = true;
result.User = user;
result.IsAdmin = user.IsAdmin;
}
catch (Exception e) {
result.IsError = true;
result.Error = e;
}
}
return result;
}
public bool IsInRole(IIdentity identity, string role, bool exact) {
var id = identity as Identity;
if (null == id) {
id =new Identity(identity);
}
var user = id.User ?? (id.User = Users.GetUser(id.Name));
if (HasRole(user, role)) {
return true;
}
if (exact) {
return false;
}
if (null == user) {
return false;
}
if (!string.IsNullOrWhiteSpace(user.Domain)) {
var master = Users.GetUser(user.Domain + "@groups");
if (HasRole(master, role)) {
return true;
}
}
foreach (var grp in user.Groups) {
var g = Users.GetUser(grp + "@groups");
if (HasRole(g, role)) {
return true;
}
}
return false;
}
/// <summary>
/// Произведение авторизации и всех сопутствующих процедур
/// </summary>
/// <param name="user">Пользователь</param>
/// <param name="server">Сервер</param>
/// <param name="context">Контекст</param>
/// <returns>HandlerResult</returns>
private HandlerResult ProcessUserLogin(IUser user, IHostServer server, WebContext context) {
var identity = new Identity(user) {AuthenticationType = "secure"};
context.User = new GenericPrincipal(identity, null);
var logondata = new LogonInfo {
Identity = identity,
RemoteEndPoint = context.Request.RemoteEndPoint,
LocalEndPoint = context.Request.LocalEndPoint,
UserAgent = context.Request.UserAgent
};
var token = TokenService.Create(context.Request);
TokenService.Store(context.Response, context.Request.Uri, token);
return new HandlerResult { Result = true, Data = logondata };
}
public static bool IsInRole(this IRoleResolverService service, string login, string role,
bool exact = false) {
var srv = service as RoleResolverService;
var us = srv.Users.GetUser(login);
if (null == us) {
return false;
}
var id = new Identity {
Name = us.Name,
IsAuthenticated = true,
IsAdmin = us.IsAdmin,
User = us
};
return service.IsInRole(id, role, exact);
}
private Identity BuildIdentity(Token token) {
var result = new Identity {
Token = token,
Name = token.User,
IsAuthenticated = true,
AuthenticationType = "form",
IsAdmin = token.IsAdmin
};
var errormessage = "";
var user = UserService.GetUser(token.User);
if (null != user) {
result.User = user;
result.IsAdmin = user.IsAdmin;
var userstate = UserStateChecker.GetActivityState(user);
if (userstate != UserActivityState.Ok) {
result.IsError = true;
errormessage += userstate.ToStr() + "; ";
}
}
if (!string.IsNullOrWhiteSpace(token.ImUser)) {
var imtoken = new Token {User = token.ImUser};
var imidentity = BuildIdentity(imtoken);
result.ImpersonationSource = imidentity;
if (!imidentity.IsAuthenticated) {
result.IsError = true;
errormessage += "not-auth impersonation; ";
}
else if (!imidentity.IsAdmin) {
result.IsError = true;
errormessage += "non-admin impersonation;";
}
}
if (result.IsError) {
result.IsAuthenticated = false;
result.Error = new SecurityException(errormessage);
}
return result;
}
public void AllowPathedRole()
{
var id = new Identity { IsAuthenticated = true, IsAdmin = true};
var req = new HttpRequestDescriptor { User = new GenericPrincipal(id, null), Uri = new Uri("http://host/admin-data.html") };
var auth = a.Authorize(req);
Assert.True(auth.Process);
}
public void AllowAllAuthToAnyHtml() {
var id = new Identity { IsAuthenticated = true };
var req = new HttpRequestDescriptor { User = new GenericPrincipal(id, null), Uri = new Uri("http://host/some.html") };
var auth = a.Authorize(req);
Assert.True(auth.Process);
}
public void CustomRedirection() {
var id = new Identity { IsAuthenticated = false };
var req = new HttpRequestDescriptor { User = new GenericPrincipal(id, null), Uri = new Uri("http://host/spredir.html") };
var auth = a.Authorize(req);
Assert.AreEqual(@"/public.html?referer=/spredir.html", auth.Redirect);
}
public void CustomPublicResource() {
var id = new Identity { IsAuthenticated = false };
var req = new HttpRequestDescriptor { User = new GenericPrincipal(id, null), Uri = new Uri("http://host/public.html") };
var auth = a.Authorize(req);
Assert.True(auth.Process);
}
public void AllowAnyCss() {
var id = new Identity {IsAuthenticated = false};
var req = new HttpRequestDescriptor {User =new GenericPrincipal(id,null), Uri = new Uri("http://host/test.css")};
var auth = a.Authorize(req);
Assert.True(auth.Process);
}