/// <summary>
/// Validates the http challenge
/// </summary>
/// <param name="challenge"><see cref="IChallenge"/></param>
private void ValidateHttpChallenge(IChallenge challenge)
{
var authz = AuthorizationRepository.GetById(challenge.AuthorizationId) ?? throw new MalformedException("Cannot get Authorization by Id");
var url = $"http://{authz.Identifier.Value}/.well-known/acme-challenge/{challenge.Token}";
var request = (HttpWebRequest)WebRequest.Create(url);
#if !DEBUG
var response = (HttpWebResponse)request.GetResponse();
if (response.StatusCode == HttpStatusCode.OK)
{
var stream = response.GetResponseStream();
var reader = new StreamReader(stream);
var text = reader.ReadToEnd();
//Accounts.GetById(challenge.Authorization.AccountId
var account = AccountService.GetById(authz.AccountId);
var thumbprint = Base64Url.Encode(account.Key.GetThumbprint());
var controlValue = $"{challenge.Token}.{thumbprint}";
if (!controlValue.Equals(text))
{
var errMessage = "The key authorization file from the server did not match this challenge.";
throw new UnauthorizedException(errMessage);
}
}
else
{
throw new Exception("Respons status is not 200(OK)");
}
#else
Logger.Warn("HTTP challenge validation is disabled fo DEBUG mode");
#endif
}
public AuthorizationService(AuthorizationOptions authorizationOptions, TokenOptions tokenOptions, AuthorizationRepository authorizationRepository)
{
this.authorizationOptions = authorizationOptions;
this.tokenOptions = tokenOptions;
this.authorizationRepository = authorizationRepository;
}
public EmployeeProjectsController()
{
repo = new EmployeeProjectsRepository();
authRepo = new AuthorizationRepository();
accountRepo = new AccountRepository();
teamMemberRepo = new TeamMemberRepository();
}
public static void AuthorizationServer(IAppBuilder app)
{
JwtSecurityTokenHandler.InboundClaimTypeMap = new Dictionary <string, string>();
AntiForgeryConfig.UniqueClaimTypeIdentifier = IdentityModel.JwtClaimTypes.Name;
app.UseCookieAuthentication(new CookieAuthenticationOptions
{
AuthenticationType = "Cookies"
});
app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
ClientId = "personalnoteshybrid",
Authority = Constants.NotesSts,
RedirectUri = Constants.NotesMvc,
SignInAsAuthenticationType = "Cookies",
ResponseType = "code id_token token",
Scope = "openid profile email",
Notifications = new OpenIdConnectAuthenticationNotifications
{
SecurityTokenValidated = async n =>
{
var authorizationRespo = new AuthorizationRepository();
authorizationRespo.SetToken(n);
}
}
});
}
/// <inheritdoc/>
public IAuthorization RefreshStatus(IAuthorization item)
{
if (item.Status != AuthorizationStatus.Pending && item.Status != AuthorizationStatus.Valid)
{
return(item);
}
if (item.Expires != null &&
item.Expires < DateTime.UtcNow)
{
// Check Expire
item.Status = AuthorizationStatus.Expired;
AuthorizationRepository.Update(item);
}
else
{
// Check status
var challenges = ChallengeService.GetByAuthorization(item.Id);
if (challenges.Any(o => o.Status == ChallengeStatus.Valid))
{
item.Status = AuthorizationStatus.Valid;
AuthorizationRepository.Update(item);
}
else if (challenges.Any(o => o.Status == ChallengeStatus.Invalid))
{
item.Status = AuthorizationStatus.Invalid;
AuthorizationRepository.Update(item);
}
}
Logger.Info("Authorization {id} status updated to {status}", item.Id, item.Status);
return(item);
}
public IActionResult GetGroupPower(int groupId)
{
AuthorizationRepository repository = new AuthorizationRepository();
List <Models.UserGroupPowerModel> result = repository.GetPowerData(groupId);
return(Json(result));
}
public AuthorizationController(
IAuthorizationService authorizationService,
AuthorizationRepository authorizationRepository
) : base(authorizationService)
{
this.authorizationRepository = authorizationRepository;
}
public FinancialResultsRepository()
{
_db = new SqlConnection(ConfigurationManager.ConnectionStrings["DashBoard1"].ConnectionString);
empRepo = new EmployeeProjectsRepository();
teamRepo = new TeamMemberRepository();
authRepo = new AuthorizationRepository();
}
public void Can_GetAuthorizationsByLicenseId_Test()
{
var data = new List <Authorization>
{
new Authorization {
Key = "3334 6879 1616 5989", Status = Status.Authorized, Quantity = 1, DateCreated = DateTime.Now, LicenseId = 1
},
new Authorization {
Key = "6339 0924 3636 2969", Status = Status.Activated, Quantity = 1, DateCreated = DateTime.Now, LicenseId = 7
},
new Authorization {
Key = "32062 7182 9649 9435", Status = Status.Authorized, Quantity = 1, DateCreated = DateTime.Now, LicenseId = 3
}
}.AsQueryable();
var mockSet = new Mock <DbSet <Authorization> >();
mockSet.As <IQueryable <Authorization> >().Setup(m => m.Provider).Returns(data.Provider);
mockSet.As <IQueryable <Authorization> >().Setup(m => m.Expression).Returns(data.Expression);
mockSet.As <IQueryable <Authorization> >().Setup(m => m.ElementType).Returns(data.ElementType);
mockSet.As <IQueryable <Authorization> >().Setup(m => m.GetEnumerator()).Returns(data.GetEnumerator());
var mockContext = new Mock <LicensingContext>();
mockContext.Setup(c => c.Authorizations).Returns(mockSet.Object);
mockContext.Setup(m => m.Set <Authorization>()).Returns(mockSet.Object);
var authorizationRepo = new AuthorizationRepository(mockContext.Object);
var result = authorizationRepo.GetAuthorizationsByLicenseId(3);
Assert.AreEqual(1, result.Count());
}
public FinancialResultsController()
{
repo = new FinancialResultsRepository();
summaryRepo = new FinancialSummaryRepository();
teamRepo = new TeamMemberRepository();
authRepo = new AuthorizationRepository();
}
public UnitOfWork(DocumentContext context)
{
_context = context;
Documents = new DocControlRepository(context);
Users = new UserRepository(context);
AuthorizationRepo = new AuthorizationRepository(context);
SystemRepo = new SystemRepository(context);
}
static void Main(string[] args)
{
View.SendMessage("Hello, please enter your name: ");
string name = Console.ReadLine();
ManagerRepository managerRepository = new ManagerRepository(new JsonRepository());
AuthorizationRepository authorizationRepository = new AuthorizationRepository(managerRepository);
AuthorizationController authorizationController = new AuthorizationController(name, authorizationRepository);
}
public ResultsController()
{
repo = new ResultsRepository();
questionrepo = new QuestionRepository();
teamSatEmployeeSummaryRepo = new TeamSatisfactionEmployeeSummaryRepository();
summaryRepo = new SummaryRepository();
authRepo = new AuthorizationRepository();
count = 0;
}
public RoleUnitOfWork(DrcCardContext context):base(context)
{
_context = context;
SubdomainRepository = new SubdomainRepository(_context);
RoleRepository = new RoleRepository(_context);
AuthorizationRepository = new AuthorizationRepository(_context);
AuthorizationRoleRepository = new AuthorizationRoleRepository(_context);
SubdomainVersionRoleRepository=new SubdomainVersionRoleRepository(_context);
SubdomainVersionRepository=new SubdomainVersionRepository(_context);
}
public void Get()
{
// Arrange
AuthorizationRepository repository = new AuthorizationRepository();
string basicToken = "test:password";
// Act
string nessusToken = repository.GetNessusToken(basicToken);
// Assert
Assert.IsNotNull(nessusToken);
}
//Todo: обеспечить безотказность
private void Authorization(string name, AuthorizationRepository authorizationRepository)
{
Employee searchResult = authorizationRepository.Authorization(name);
if (searchResult != null)
{
StartUserController(searchResult);
}
else
{
throw new ArgumentException("Пользователя с введенным именем не найдено");
}
}
public void GetByIdentifier_Null()
{
// Init
var repo = new AuthorizationRepository();
#region Prepare records
// Record #1
repo.Add(new MemoryAuthorization
{
Identifier = new MemoryIdentifier
{
Type = "dns",
Value = "some.test.com",
},
Status = AuthorizationStatus.Invalid,
});
// Record #3
repo.Add(new MemoryAuthorization
{
Identifier = new MemoryIdentifier
{
Type = "dns",
Value = "some.test2.com",
},
Status = AuthorizationStatus.Pending,
});
// Record #3
repo.Add(new MemoryAuthorization
{
Identifier = new MemoryIdentifier
{
Type = "dns",
Value = "some.test.com",
},
Status = AuthorizationStatus.Pending,
});
#endregion
// Get authz by Id
var identifier = new Identifier
{
Type = "DNS", // check case insensitive
Value = "Some.Test.Com"
};
var res = repo.GetByIdentifier(0, identifier); // wrong id
Assert.Equal(3, res.Id);
}
protected override void OnAuthorization(AuthorizationContext filterContext)
{
var httpContext = filterContext.HttpContext;
if (httpContext.Request.RequestType == "GET" &&
!httpContext.Request.IsAjaxRequest() &&
filterContext.IsChildAction == false) // do no overwrite if we do child action.
{
HttpContext.Session["PrevUrl"] = HttpContext.Session["CurUrl"] ?? httpContext.Request.Url;
HttpContext.Session["CurUrl"] = httpContext.Request.Url;
}
if (filterContext.HttpContext.User.Identity.IsAuthenticated)
{
var controllerName = filterContext.ActionDescriptor.ControllerDescriptor.ControllerName;
var actionName = filterContext.ActionDescriptor.ActionName;
var claims = (ClaimsIdentity)filterContext.HttpContext.User.Identity;
var model = new ActionFilterModel
{
ID = claims.Claims.First(m => m.Type == ClaimTypes.Role).Value,
Action = actionName,
Controller = controllerName + "Controller"
};
var res = new AuthorizationRepository();
if (filterContext.ActionDescriptor.IsDefined(typeof(AllowAnonymousAttribute), true))
{
return;
}
if (res.CheckAuthorized(model))
{
return;
}
var result = new ViewResult {
ViewName = "NoAccess"
};
filterContext.Result = result;
}
else
{
filterContext.Result = new RedirectToRouteResult(
new System.Web.Routing.RouteValueDictionary {
{ "controller", "Anonymous" }, { "action", "Login" }
}
);
}
}
public async Task <IHttpActionResult> HttpActionResultWithErrorHandling(
List <string> authRolesNeeded,
Func <Task <IHttpActionResult> > action)
{
var authRepo = new AuthorizationRepository(PowerBiAppContext, Tenant, MyDnvGlUserId);
var authResult = authRepo.ValidRole(authRolesNeeded);
if (authResult.HttpStatusCode != HttpStatusCode.OK)
{
return(new ResponseMessageResult(Request.CreateResponse(authResult.HttpStatusCode, authResult.Message)));
}
return(await action());
}
public DrcUnitOfWork(DrcCardContext context) : base(context)
{
_context = context;
DrcCardRepository = new DrcCardRepository(_context);
FieldRepository = new FieldRepository(_context);
SubdomainRepository = new SubdomainRepository(_context);
SubdomainVersionRepository = new SubdomainVersionRepository(_context);
ResponsibilityRepository = new ResponsibilityRepository(_context);
AuthorizationRepository = new AuthorizationRepository(_context);
DrcCardResponsibilityRepository = new DrcCardResponsibilityRepository(_context);
RoleRepository = new RoleRepository(_context);
AuthorizationRoleRepository = new AuthorizationRoleRepository(_context);
DrcCardFieldRepository = new DrcCardFieldRepository(_context);
}
protected void btnAddToGroup_Click(object sender, EventArgs e)
{
IList <int> userIds = new List <int>();
foreach (RepeaterItem item in this.rptAllGroup.Items)
{
HtmlInputCheckBox chk = item.FindControl("checkbox") as HtmlInputCheckBox;
if (chk != null)
{
if (chk.Checked)
{
userIds.Add(int.Parse(chk.Value));
}
}
}
if (userIds.Count > 0)
{
int[] arrayIds = new int[userIds.Count];
userIds.CopyTo(arrayIds, 0);
using (_session = new Session())
{
UserGroup group = Magic.Sys.UserGroup.Retrieve(_session, this._groupId);
try
{
AuthorizationRepository repository = new AuthorizationRepository(_session);
repository.AddUsersToGroups(arrayIds, new UserGroup[] { group });
LoadUserInGroup();
}
catch (UnauthorizedException ex)
{
WebUtil.ShowMsg(this, ex.Message, "警告");
}
catch (ApplicationException ex)
{
WebUtil.ShowMsg(this, ex.Message, "提示");
}
catch (Exception ex)
{
logger.Info("向用户组添加用户", ex);
WebUtil.ShowError(this, ex);
}
}
}
}
public override async Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
string id;
long? userId;
var error = string.Empty;
context.OwinContext.Response.Headers.Add("Access-Control-Allow-Origin", new[] { "*" }); //tells browsers whether to expose the response to frontend JavaScript code
var username = context.UserName;
//EnforceEncodingInteroperability(ref username);
//byte[] userPassword = Convert.FromBase64String(context.Password);
using (AuthorizationRepository _repo = new AuthorizationRepository())
{
var userAuthInfo = _repo.ValidateSession(username);
id = userAuthInfo.Id;
userId = userAuthInfo.UserId;
if (userId < 0)
{
error = "Invalid username";
goto ErrorHandling;
}
var incoming = AuthorizationUtils.Hash(context.Password, userAuthInfo.Salt);
if (!(AuthorizationUtils.SlowEquals(incoming, userAuthInfo.Password)))
{
error = "Invalid username and or password";
goto ErrorHandling;
}
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
identity.AddClaim(new Claim(ClaimTypes.NameIdentifier, string.Format("{0}:{1}:{2}", id, username, userId)));
identity.AddClaim(new Claim(ClaimTypes.Role, "user"));
context.Validated(identity);
LogManager.WriteLog(string.Format("{0}/{1}", username, context.Password), JsonConvert.SerializeObject(context.OwinContext.Request.Headers.Values), null, null, "OK", string.Format("{0}:{1}", id, context.UserName)).Forget();
return;
ErrorHandling:
context.SetError("invalid_grant", error);
LogManager.WriteLog(string.Format("{0}/{1}", username, context.Password), JsonConvert.SerializeObject(context.OwinContext.Request.Headers.Values), null, null, "BadRequest", error).Forget();
return;
}
void LoadUserInGroup()
{
UserGroup group = Magic.Sys.UserGroup.Retrieve(_session, _groupId);
if (group != null)
{
this.txtGroupName.Text = group.Name;
AuthorizationRepository repository = new AuthorizationRepository(_session);
IList <UserBase> users = repository.FindUsersInGroup(group, "");
this.rptUserInGroup.DataSource = users;
this.rptUserInGroup.DataBind();
DataTable dt = repository.GetAssigningUserForGroup(group.GroupId, "");
this.rptAllGroup.DataSource = dt;
this.rptAllGroup.DataBind();
}
}
public void GetById_Null()
{
// Init
var repo = new AuthorizationRepository();
// Create authz
var authz = repo.Create();
authz.Identifier.Type = "dns";
authz.Identifier.Value = "some.test.com";
authz.Status = AuthorizationStatus.Pending;
repo.Add(authz);
// Get authz by Id
var authz2 = repo.GetById(9); // wrong id
Assert.Null(authz2);
}
public void Release()
{
// Arrange
AuthorizationRepository repository = new AuthorizationRepository();
string basicToken = "test:password";
// Act
string nessusToken = repository.GetNessusToken(basicToken);
// Assert
Assert.IsNotNull(nessusToken);
Assert.IsTrue(repository.IsValidNessusToken(nessusToken));
Assert.IsTrue(repository.ReleaseNessusToken(nessusToken));
Assert.IsFalse(repository.IsValidNessusToken(nessusToken));
}
/// <summary>
/// Assign values from <see cref="IOrder"/> to JSON <see cref="Order"/>.
/// For expended objects need add assign values
/// </summary>
/// <param name="order">JSON <see cref="Order"/></param>
/// <param name="data"><see cref="IOrder"/></param>
protected virtual Order OnToOrderConvert(Order order, IOrder data)
{
var authzs = OrderAuthorizationRepository.GetByOrder(data.Id)
.Select(o => AuthorizationRepository.GetById(o.AuthorizationId))
.ToArray();
order.Identifiers = authzs.Select(o =>
new Identifier(o.Identifier.Type, o.Identifier.Value)).ToArray();
order.Authorizations = authzs.Select(o => $"{Options.BaseAddress}authz/{o.Id}").ToArray();
order.Status = data.Status;
order.NotBefore = data.NotBefore;
order.NotAfter = data.NotAfter;
order.Expires = data.Expires;
order.Error = data.Error == null ? null : ToError(data.Error);
order.Finalize = $"{Options.BaseAddress}finalize/{data.Id}";
order.Certificate = data.Certificate?.RawData == null ? null : $"{Options.BaseAddress}cert/{data.Certificate.Thumbprint}";
return(order);
}
/// <inheritdoc/>
public IAuthorization GetById(int accountId, int authzId)
{
var authz = AuthorizationRepository.GetById(authzId);
if (authz == null)
{
throw new MalformedException("Authorization doesn't exist");
}
var updatedAuthz = RefreshStatus(authz);
AccountSecurityService.CheckAccess(new AccountAccess
{
Account = AccountService.GetById(accountId),
Target = updatedAuthz,
});
return(updatedAuthz);
}
protected void btnRemoveFromUser_Click(object sender, EventArgs e)
{
IList <int> groupIds = new List <int>();
foreach (RepeaterItem item in this.rptUserToGroup.Items)
{
HtmlInputCheckBox chk = item.FindControl("checkbox") as HtmlInputCheckBox;
if (chk != null && chk.Checked)
{
groupIds.Add(Magic.Framework.Utils.Cast.Int(chk.Value, 0));
}
}
if (groupIds.Count > 0)
{
int[] arrayIds = new int[groupIds.Count];
groupIds.CopyTo(arrayIds, 0);
using (_session = new Session())
{
UserBase user = Magic.Sys.User.Retrieve(_session, this._userId);
try
{
AuthorizationRepository repository = new AuthorizationRepository(_session);
repository.RemoveUsersFromGroups(new UserBase[] { user }, arrayIds);
LoadUserToGroup();
}
catch (UnauthorizedException ex)
{
WebUtil.ShowMsg(this, ex.Message, "警告");
}
catch (ApplicationException ex)
{
WebUtil.ShowMsg(this, ex.Message, "提示");
}
catch (Exception ex)
{
logger.Info("AddUsersToGroups", ex);
WebUtil.ShowError(this, ex);
}
}
}
}
/// <inheritdoc/>
public virtual IAuthorization Create(int accountId, Identifier identifier)
{
// Create Authorization
var authz = AuthorizationRepository.Create();
// Fill params
OnCreateParams(authz, accountId, identifier);
// Save authorization
var addedAuthz = AuthorizationRepository.Add(authz);
// Add challenges
var http = ChallengeService.Create(addedAuthz.Id, "http-01");
//var tls = ChallengeService.Create(addedAuthz.Id, "tls-01");
//var dns = ChallengeService.Create(addedAuthz.Id, "dns-01");
Logger.Info("Authorization {id} created", authz.Id);
return(addedAuthz);
}
public async Task CanEvaluateAsync_NormalCase()
{
var expectedResult = new List <PolicyResult>()
{
new PolicyResult()
{
Name = "None",
Description = "The default deny policy",
Result = PolicyEvaluation.Deny,
}
};
var microsoftGraphRepository = serviceProvider.GetRequiredService <IMicrosoftGraphRepository>();
var thingRepository = serviceProvider.GetRequiredService <IDataRepository <Thing> >();
var authorizationRepository = new AuthorizationRepository(microsoftGraphRepository, thingRepository);
var mockClaimsPrincipal = new Mock <ClaimsPrincipal>();
var mockClaimsIdentity = new Mock <ClaimsIdentity>();
mockClaimsIdentity.Setup(ci => ci.Name).Returns("*****@*****.**");
mockClaimsPrincipal.Setup(cp => cp.Identity).Returns(mockClaimsIdentity.Object);
var authenticationHeaderValue = new AuthenticationHeaderValue("test");
var initialState = new InitialState <Group>()
{
ClaimsPrincipal = mockClaimsPrincipal.Object,
Identifier = "/api/Customer/1",
Groups = new List <Group>()
{
new Group()
{
DisplayName = "Finance"
},
}
};
var actualResult = await authorizationRepository.EvaluateAsync(authenticationHeaderValue, initialState);
actualResult.Should().BeEquivalentTo(expectedResult);
}
