public async Task <GeneratePasswordResetResponse> Handle(GeneratePasswordResetTokenRequest request, CancellationToken cancellationToken)
{
var user = await this.Database.PrepareAndExecute(new GetUserByEmailQuery(), request.User);
if (user.Id == null)
{
// no user was found by that email, but we don't want the user to know that. The process still completes,
// so it is a success, we just stop here.
return(new GeneratePasswordResetResponse()
{
IsSuccess = true
});
}
var token = Guid.NewGuid();
var credential = CredentialGenerator.GenerateTokenCredential(token);
credential.User = user;
credential.CreatedBy = user;
await this.Database.PrepareAndExecute(new InsertNewCredentialQuery(), credential);
// send email to user
var message = EmailMessage.ResetPassword($"{context.Request.Host}/reset/{token}");
Email.SendTo(this.credentials.Value, message, user);
return(new GeneratePasswordResetResponse()
{
IsSuccess = true
});
}
public void Setup()
{
_awsCredentialProvider = A.Fake <IAWSCredentialProvider>();
A.CallTo(() => _awsCredentialProvider.GetCredentials())
.Returns(new AWSCredentials {
AccessKey = "access_key", SecretKey = "secret_key"
});
_clock = A.Fake <IClock>();
A.CallTo(() => _clock.UtcNow)
.Returns(new DateTime(2021, 03, 20, 06, 11, 53, DateTimeKind.Utc));
_generator = new CredentialGenerator(_awsCredentialProvider, _clock);
}
public static List <CredentialGenerator> getAllGenerators(bool isMultiUser)
{
string dataDir = Util.GetEnvironmentVariable("CPP_TESTOUT");
List <CredentialGenerator> generators = new List <CredentialGenerator>();
foreach (CredentialGenerator.ClassCode code in Enum.GetValues(
typeof(CredentialGenerator.ClassCode)))
{
CredentialGenerator gen = CredentialGenerator.Create(code, isMultiUser);
if (gen != null)
{
gen.Init(dataDir, dataDir);
generators.Add(gen);
}
}
return(generators);
}
private static void InitUsers(IRepository repository)
{
Console.WriteLine("------------ Initializing users ------------");
var users = Config.GetUsers();
var role = repository.Single <Role>(x => x.Name == "admin");
foreach (var user in users)
{
var password = CredentialGenerator.GeneratePassword(10);
user.RoleId = role.Id;
user.Password = BCrypt.Net.BCrypt.HashPassword(password);
repository.Add(user);
Console.WriteLine("New user added");
Console.WriteLine($"Username: {user.Username}");
Console.WriteLine($"Password: {password}");
Console.WriteLine("");
}
}
static void Main(string[] args)
{
if (args.Length > 0 && args[0] == "get")
{
var parameters = ReadParameters();
// In case the credential helper is accidentally used for a non-CodeCommit repo, not writing
// anything will cause git to fall back.
if (!parameters.Host.Contains("amazon.com", StringComparison.OrdinalIgnoreCase) &&
!parameters.Host.Contains("amazonaws.com", StringComparison.OrdinalIgnoreCase))
{
return;
}
var(username, password) = new CredentialGenerator().GenerateCredentials(parameters);
Console.Out.Write($"username={username}\npassword={password}\n");
Console.Out.Flush();
}
}
private static void InitClient(IRepository repository)
{
Console.WriteLine("------------ Initializing clients ------------");
var clients = Config.GetClients();
foreach (var client in clients)
{
var secret = CredentialGenerator.GenerateClientSecret(40);
client.ClientSecrets = new List <Secret>
{
new Secret(secret.Sha256())
};
repository.Add(client);
Console.WriteLine("New client added");
Console.WriteLine($"ClientId: {client.ClientId}");
Console.WriteLine($"ClientSecret: {secret}");
Console.WriteLine("");
}
}
void runThinClientWriterExceptionTest()
{
CacheHelper.SetupJavaServers(true, CacheXml1);
CacheHelper.StartJavaLocator(1, "GFELOC");
Util.Log("Locator started");
foreach (AuthzCredentialGenerator authzGen in GetAllGeneratorCombos(true))
{
for (int i = 1; i <= 2; ++i)
{
CredentialGenerator cGen = authzGen.GetCredentialGenerator();
//TODO: its not working for multiuser mode.. need to fix later
if (cGen.GetClassCode() == CredentialGenerator.ClassCode.PKCS)
{
continue;
}
Properties <string, string> extraAuthProps = cGen.SystemProperties;
Properties <string, string> javaProps = cGen.JavaProperties;
Properties <string, string> extraAuthzProps = authzGen.SystemProperties;
string authenticator = cGen.Authenticator;
string authInit = cGen.AuthInit;
string accessor = authzGen.AccessControl;
Util.Log("ThinClientWriterException: Using authinit: " + authInit);
Util.Log("ThinClientWriterException: Using authenticator: " + authenticator);
Util.Log("ThinClientWriterException: Using accessor: " + accessor);
// Start servers with all required properties
string serverArgs = SecurityTestUtil.GetServerArgs(authenticator,
accessor, null, SecurityTestUtil.ConcatProperties(extraAuthProps,
extraAuthzProps), javaProps);
// Start the server.
CacheHelper.StartJavaServerWithLocators(1, "GFECS1", 1, serverArgs);
Util.Log("Cacheserver 1 started.");
// Start client1 with valid CREATE credentials
Properties <string, string> createCredentials = authzGen.GetDisallowedCredentials(
new OperationCode[] { OperationCode.Put },
new string[] { RegionName }, 1);
javaProps = cGen.JavaProperties;
Util.Log("DisallowPuts: For first client PUT credentials: " +
createCredentials);
m_client1.Call(SecurityTestUtil.CreateClientR0, RegionName,
CacheHelper.Locators, authInit, createCredentials);
Util.Log("Creating region in client1 , no-ack, no-cache, with listener and writer");
m_client1.Call(CreateRegion, CacheHelper.Locators,
true, true, true);
m_client1.Call(RegisterAllKeys, new string[] { RegionName });
try
{
Util.Log("Trying put Operation");
m_client1.Call(DoPut);
Util.Log(" Put Operation Successful");
Assert.Fail("Should have got NotAuthorizedException during put");
}
catch (NotAuthorizedException)
{
Util.Log("NotAuthorizedException Caught");
Util.Log("Success");
}
catch (Exception other)
{
Util.Log("Stack trace: {0} ", other.StackTrace);
Util.Log("Got exception : {0}",
other.Message);
}
m_client1.Call(CheckAssert);
// Do LocalPut
m_client1.Call(DoLocalPut);
m_client1.Call(Close);
CacheHelper.StopJavaServer(1);
}
}
CacheHelper.StopJavaLocator(1);
CacheHelper.ClearEndpoints();
CacheHelper.ClearLocators();
}
void runInvalidAccessor()
{
CacheHelper.SetupJavaServers(true, CacheXml1, CacheXml2);
CacheHelper.StartJavaLocator(1, "GFELOC");
Util.Log("Locator started");
foreach (AuthzCredentialGenerator authzGen in GetAllGeneratorCombos(true))
{
CredentialGenerator cGen = authzGen.GetCredentialGenerator();
Util.Log("NIl:792:Current credential is = {0}", cGen);
//if (cGen.GetClassCode() == CredentialGenerator.ClassCode.LDAP)
// continue;
Properties <string, string> extraAuthProps = cGen.SystemProperties;
Properties <string, string> javaProps = cGen.JavaProperties;
Properties <string, string> extraAuthzProps = authzGen.SystemProperties;
string authenticator = cGen.Authenticator;
string authInit = cGen.AuthInit;
string accessor = authzGen.AccessControl;
Util.Log("InvalidAccessor: Using authinit: " + authInit);
Util.Log("InvalidAccessor: Using authenticator: " + authenticator);
// Start server1 with invalid accessor
string serverArgs = SecurityTestUtil.GetServerArgs(authenticator,
"com.gemstone.none", null, SecurityTestUtil.ConcatProperties(extraAuthProps,
extraAuthzProps), javaProps);
CacheHelper.StartJavaServerWithLocators(1, "GFECS1", 1, serverArgs);
Util.Log("Cacheserver 1 started.");
// Client creation should throw exceptions
Properties <string, string> createCredentials = authzGen.GetAllowedCredentials(
new OperationCode[] { OperationCode.Put },
new string[] { RegionName }, 3);
javaProps = cGen.JavaProperties;
Util.Log("InvalidAccessor: For first client PUT credentials: " +
createCredentials);
m_client1.Call(SecurityTestUtil.CreateClientMU, RegionName,
CacheHelper.Locators, authInit, (Properties <string, string>)null, true);
// Now perform some put operations from client1
m_client1.Call(DoPutsMU, 10, createCredentials, true, ExpectedResult.OtherException);
Properties <string, string> getCredentials = authzGen.GetAllowedCredentials(
new OperationCode[] { OperationCode.Get },
new string[] { RegionName }, 7);
javaProps = cGen.JavaProperties;
Util.Log("InvalidAccessor: For second client GET credentials: " +
getCredentials);
m_client2.Call(SecurityTestUtil.CreateClientMU, RegionName,
CacheHelper.Locators, authInit, (Properties <string, string>)null, true);
// Now perform some put operations from client1
m_client2.Call(DoGetsMU, 10, getCredentials, true, ExpectedResult.OtherException);
// Now start server2 that has valid accessor
Util.Log("InvalidAccessor: Using accessor: " + accessor);
serverArgs = SecurityTestUtil.GetServerArgs(authenticator,
accessor, null, SecurityTestUtil.ConcatProperties(extraAuthProps,
extraAuthzProps), javaProps);
CacheHelper.StartJavaServerWithLocators(2, "GFECS2", 1, serverArgs);
Util.Log("Cacheserver 2 started.");
CacheHelper.StopJavaServer(1);
// Client creation should be successful now
m_client1.Call(SecurityTestUtil.CreateClientMU, RegionName,
CacheHelper.Locators, authInit, (Properties <string, string>)null, true);
m_client2.Call(SecurityTestUtil.CreateClientMU, RegionName,
CacheHelper.Locators, authInit, (Properties <string, string>)null, true);
// Now perform some put operations from client1
m_client1.Call(DoPutsMU, 10, createCredentials, true);
// Verify that the gets succeed
m_client2.Call(DoGetsMU, 10, getCredentials, true);
m_client1.Call(Close);
m_client2.Call(Close);
CacheHelper.StopJavaServer(2);
}
CacheHelper.StopJavaLocator(1);
CacheHelper.ClearEndpoints();
CacheHelper.ClearLocators();
}
void runDisallowPutsGets()
{
CacheHelper.SetupJavaServers(true, CacheXml1, CacheXml2);
CacheHelper.StartJavaLocator(1, "GFELOC");
Util.Log("Locator started");
foreach (AuthzCredentialGenerator authzGen in GetAllGeneratorCombos(true))
{
CredentialGenerator cGen = authzGen.GetCredentialGenerator();
Properties <string, string> extraAuthProps = cGen.SystemProperties;
Properties <string, string> javaProps = cGen.JavaProperties;
Properties <string, string> extraAuthzProps = authzGen.SystemProperties;
string authenticator = cGen.Authenticator;
string authInit = cGen.AuthInit;
string accessor = authzGen.AccessControl;
Util.Log("DisallowPutsGets: Using authinit: " + authInit);
Util.Log("DisallowPutsGets: Using authenticator: " + authenticator);
Util.Log("DisallowPutsGets: Using accessor: " + accessor);
// Check that we indeed can obtain valid credentials not allowed to do
// gets
Properties <string, string> createCredentials = authzGen.GetAllowedCredentials(
new OperationCode[] { OperationCode.Put },
new string[] { RegionName }, 1);
Properties <string, string> createJavaProps = cGen.JavaProperties;
Properties <string, string> getCredentials = authzGen.GetDisallowedCredentials(
new OperationCode[] { OperationCode.Get },
new string[] { RegionName }, 2);
Properties <string, string> getJavaProps = cGen.JavaProperties;
if (getCredentials == null || getCredentials.Size == 0)
{
Util.Log("DisallowPutsGets: Unable to obtain valid credentials " +
"with no GET permission; skipping this combination.");
continue;
}
// Start servers with all required properties
string serverArgs = SecurityTestUtil.GetServerArgs(authenticator,
accessor, null, SecurityTestUtil.ConcatProperties(extraAuthProps,
extraAuthzProps), javaProps);
// Start the two servers.
CacheHelper.StartJavaServerWithLocators(1, "GFECS1", 1, serverArgs);
Util.Log("Cacheserver 1 started.");
CacheHelper.StartJavaServerWithLocators(2, "GFECS2", 1, serverArgs);
Util.Log("Cacheserver 2 started.");
// Start client1 with valid CREATE credentials
createCredentials = authzGen.GetAllowedCredentials(
new OperationCode[] { OperationCode.Put },
new string[] { RegionName }, 1);
javaProps = cGen.JavaProperties;
Util.Log("DisallowPutsGets: For first client PUT credentials: " +
createCredentials);
m_client1.Call(SecurityTestUtil.CreateClientMU, RegionName,
CacheHelper.Locators, authInit, (Properties <string, string>)null, true);
// Start client2 with invalid GET credentials
getCredentials = authzGen.GetDisallowedCredentials(
new OperationCode[] { OperationCode.Get },
new string[] { RegionName }, 2);
javaProps = cGen.JavaProperties;
Util.Log("DisallowPutsGets: For second client invalid GET " +
"credentials: " + getCredentials);
m_client2.Call(SecurityTestUtil.CreateClientMU, RegionName,
CacheHelper.Locators, authInit, (Properties <string, string>)null, true);
// Perform some put operations from client1
m_client1.Call(DoPutsMU, 10, createCredentials, true);
// Verify that the gets throw exception
m_client2.Call(DoGetsMU, 10, getCredentials, true, ExpectedResult.NotAuthorizedException);
// Try to connect client2 with reader credentials
getCredentials = authzGen.GetAllowedCredentials(
new OperationCode[] { OperationCode.Get },
new string[] { RegionName }, 5);
javaProps = cGen.JavaProperties;
Util.Log("DisallowPutsGets: For second client valid GET " +
"credentials: " + getCredentials);
m_client2.Call(SecurityTestUtil.CreateClientMU, RegionName,
CacheHelper.Locators, authInit, (Properties <string, string>)null, true);
// Verify that the gets succeed
m_client2.Call(DoGetsMU, 10, getCredentials, true);
// Verify that the puts throw exception
m_client2.Call(DoPutsMU, 10, getCredentials, true, ExpectedResult.NotAuthorizedException);
m_client1.Call(Close);
m_client2.Call(Close);
CacheHelper.StopJavaServer(1);
CacheHelper.StopJavaServer(2);
}
CacheHelper.StopJavaLocator(1);
CacheHelper.ClearEndpoints();
CacheHelper.ClearLocators();
}
void runAllowPutsGets()
{
CacheHelper.SetupJavaServers(true, CacheXml1, CacheXml2);
CacheHelper.StartJavaLocator(1, "GFELOC");
Util.Log("Locator started");
foreach (AuthzCredentialGenerator authzGen in GetAllGeneratorCombos(true))
{
CredentialGenerator cGen = authzGen.GetCredentialGenerator();
Properties <string, string> extraAuthProps = cGen.SystemProperties;
Properties <string, string> javaProps = cGen.JavaProperties;
Properties <string, string> extraAuthzProps = authzGen.SystemProperties;
string authenticator = cGen.Authenticator;
string authInit = cGen.AuthInit;
string accessor = authzGen.AccessControl;
Util.Log("testAllowPutsGets: Using authinit: " + authInit);
Util.Log("testAllowPutsGets: Using authenticator: " + authenticator);
Util.Log("testAllowPutsGets: Using accessor: " + accessor);
// Start servers with all required properties
string serverArgs = SecurityTestUtil.GetServerArgs(authenticator,
accessor, null, SecurityTestUtil.ConcatProperties(extraAuthProps,
extraAuthzProps), javaProps);
// Start the two servers.
CacheHelper.StartJavaServerWithLocators(1, "GFECS1", 1, serverArgs);
Util.Log("Cacheserver 1 started.");
CacheHelper.StartJavaServerWithLocators(2, "GFECS2", 1, serverArgs);
Util.Log("Cacheserver 2 started.");
// Start client1 with valid CREATE credentials
Properties <string, string> createCredentials = authzGen.GetAllowedCredentials(
new OperationCode[] { OperationCode.Put },
new string[] { RegionName }, 1);
javaProps = cGen.JavaProperties;
Util.Log("AllowPutsGets: For first client PUT credentials: " +
createCredentials);
m_client1.Call(SecurityTestUtil.CreateClientMU, RegionName,
CacheHelper.Locators, authInit, (Properties <string, string>)null, true);
// Start client2 with valid GET credentials
Properties <string, string> getCredentials = authzGen.GetAllowedCredentials(
new OperationCode[] { OperationCode.Get },
new string[] { RegionName }, 2);
javaProps = cGen.JavaProperties;
Util.Log("AllowPutsGets: For second client GET credentials: " +
getCredentials);
m_client2.Call(SecurityTestUtil.CreateClientMU, RegionName,
CacheHelper.Locators, authInit, (Properties <string, string>)null, true);
// Perform some put operations from client1
m_client1.Call(DoPutsMU, 10, createCredentials, true);
// Verify that the gets succeed
m_client2.Call(DoGetsMU, 10, getCredentials, true);
m_client1.Call(DoPutsTx, 10, true, ExpectedResult.Success, getCredentials, true);
m_client2.Call(DoGets, 10, true, ExpectedResult.Success, getCredentials, true);
m_client1.Call(Close);
m_client2.Call(Close);
CacheHelper.StopJavaServer(1);
CacheHelper.StopJavaServer(2);
}
CacheHelper.StopJavaLocator(1);
CacheHelper.ClearEndpoints();
CacheHelper.ClearLocators();
}
protected void RunOpsWithFailover(OperationWithAction[] opCodes,
string testName, bool isMultiUser, bool ssl, bool withPassword)
{
CacheHelper.SetupJavaServers(true, CacheXml1, CacheXml2);
CacheHelper.StartJavaLocator(1, "GFELOC", null, ssl);
Util.Log("Locator started");
foreach (AuthzCredentialGenerator authzGen in GetAllGeneratorCombos(isMultiUser))
{
CredentialGenerator cGen = authzGen.GetCredentialGenerator();
Properties <string, string> extraAuthProps = cGen.SystemProperties;
Properties <string, string> javaProps = cGen.JavaProperties;
Properties <string, string> extraAuthzProps = authzGen.SystemProperties;
string authenticator = cGen.Authenticator;
string authInit = cGen.AuthInit;
string accessor = authzGen.AccessControl;
TestAuthzCredentialGenerator tgen = new TestAuthzCredentialGenerator(authzGen);
Util.Log(testName + ": Using authinit: " + authInit);
Util.Log(testName + ": Using authenticator: " + authenticator);
Util.Log(testName + ": Using accessor: " + accessor);
// Start servers with all required properties
string serverArgs = SecurityTestUtil.GetServerArgs(authenticator,
accessor, null, SecurityTestUtil.ConcatProperties(extraAuthProps,
extraAuthzProps), javaProps);
// Perform all the ops on the clients
List <OperationWithAction> opBlock = new List <OperationWithAction>();
Random rnd = new Random();
for (int opNum = 0; opNum < opCodes.Length; ++opNum)
{
// Start client with valid credentials as specified in
// OperationWithAction
OperationWithAction currentOp = opCodes[opNum];
if (currentOp == OperationWithAction.OpBlockEnd ||
currentOp == OperationWithAction.OpBlockNoFailover)
{
// End of current operation block; execute all the operations
// on the servers with/without failover
if (opBlock.Count > 0)
{
// Start the first server and execute the operation block
CacheHelper.StartJavaServerWithLocators(1, "GFECS1", 1, serverArgs, ssl);
Util.Log("Cacheserver 1 started.");
CacheHelper.StopJavaServer(2, false);
ExecuteOpBlock(opBlock, authInit, extraAuthProps,
extraAuthzProps, tgen, rnd, isMultiUser, ssl, withPassword);
if (currentOp == OperationWithAction.OpBlockNoFailover)
{
CacheHelper.StopJavaServer(1);
}
else
{
// Failover to the second server and run the block again
CacheHelper.StartJavaServerWithLocators(2, "GFECS2", 1, serverArgs, ssl);
Util.Log("Cacheserver 2 started.");
CacheHelper.StopJavaServer(1);
ExecuteOpBlock(opBlock, authInit, extraAuthProps,
extraAuthzProps, tgen, rnd, isMultiUser, ssl, withPassword);
}
opBlock.Clear();
}
}
else
{
currentOp.OpNum = opNum;
opBlock.Add(currentOp);
}
}
// Close all clients here since we run multiple iterations for pool and non pool configs
foreach (ClientBase client in m_clients)
{
client.Call(Close);
}
}
CacheHelper.StopJavaLocator(1, true, ssl);
CacheHelper.ClearEndpoints();
CacheHelper.ClearLocators();
}
protected void ExecuteOpBlock(List <OperationWithAction> opBlock,
string authInit, Properties <string, string> extraAuthProps, Properties <string, string> extraAuthzProps,
TestCredentialGenerator gen, Random rnd, bool isMultiuser, bool ssl, bool withPassword)
{
foreach (OperationWithAction currentOp in opBlock)
{
// Start client with valid credentials as specified in
// OperationWithAction
OperationCode opCode = currentOp.OpCode;
OpFlags opFlags = currentOp.Flags;
int clientNum = currentOp.ClientNum;
if (clientNum > m_clients.Length)
{
Assert.Fail("ExecuteOpBlock: Unknown client number " + clientNum);
}
ClientBase client = m_clients[clientNum - 1];
Util.Log("ExecuteOpBlock: performing operation number [" +
currentOp.OpNum + "]: " + currentOp);
Properties <string, string> clientProps = null;
if (!CheckFlags(opFlags, OpFlags.UseOldConn))
{
Properties <string, string> opCredentials;
int newRnd = rnd.Next(100) + 1;
string currentRegionName = '/' + RegionName;
if (CheckFlags(opFlags, OpFlags.UseSubRegion))
{
currentRegionName += ('/' + SubregionName);
}
string credentialsTypeStr;
OperationCode authOpCode = currentOp.AuthzOperationCode;
int[] indices = currentOp.Indices;
CredentialGenerator cGen = gen.GetCredentialGenerator();
Properties <string, string> javaProps = null;
if (CheckFlags(opFlags, OpFlags.CheckNotAuthz) ||
CheckFlags(opFlags, OpFlags.UseNotAuthz))
{
opCredentials = gen.GetDisallowedCredentials(
new OperationCode[] { authOpCode },
new string[] { currentRegionName }, indices, newRnd);
credentialsTypeStr = " unauthorized " + authOpCode;
}
else
{
opCredentials = gen.GetAllowedCredentials(new OperationCode[] {
opCode, authOpCode
}, new string[] { currentRegionName },
indices, newRnd);
credentialsTypeStr = " authorized " + authOpCode;
}
if (cGen != null)
{
javaProps = cGen.JavaProperties;
}
clientProps = SecurityTestUtil.ConcatProperties(
opCredentials, extraAuthProps, extraAuthzProps);
// Start the client with valid credentials but allowed or disallowed to
// perform an operation
Util.Log("ExecuteOpBlock: For client" + clientNum +
credentialsTypeStr + " credentials: " + opCredentials);
if (!isMultiuser)
{
client.Call(SecurityTestUtil.CreateClientSSL, RegionName,
CacheHelper.Locators, authInit, clientProps, ssl, withPassword);
}
else
{
client.Call(SecurityTestUtil.CreateClientMU, RegionName,
CacheHelper.Locators, authInit, (Properties <string, string>)null, true);
}
}
ExpectedResult expectedResult;
if (CheckFlags(opFlags, OpFlags.CheckNotAuthz))
{
expectedResult = ExpectedResult.NotAuthorizedException;
}
else if (CheckFlags(opFlags, OpFlags.CheckException))
{
expectedResult = ExpectedResult.OtherException;
}
else
{
expectedResult = ExpectedResult.Success;
}
// Perform the operation from selected client
if (!isMultiuser)
{
client.Call(DoOp, opCode, currentOp.Indices, opFlags, expectedResult);
}
else
{
client.Call(DoOp, opCode, currentOp.Indices, opFlags, expectedResult, clientProps, true);
}
}
}
