public ActionResult GridUserData(GridCommand command) { var customerQuery = _webApiPluginService.GetCustomers(); var cachedUsers = WebApiCachingUserData.Data().ToDictionarySafe(x => x.CustomerId, x => x); var yes = T("Admin.Common.Yes"); var no = T("Admin.Common.No"); var apiUsers = customerQuery .Select(x => new WebApiUserModel { Id = x.Id, Username = x.Username, Email = x.Email, AdminComment = x.AdminComment }) .ForCommand(command); var pagedApiUsers = apiUsers.PagedForCommand(command).ToList(); foreach (var user in pagedApiUsers) { if (cachedUsers.ContainsKey(user.Id)) { var cachedUser = cachedUsers[user.Id]; user.PublicKey = cachedUser.PublicKey; user.SecretKey = cachedUser.SecretKey; user.Enabled = cachedUser.Enabled; user.EnabledFriendly = (cachedUser.Enabled ? yes : no); if (cachedUser.LastRequest.HasValue) { user.LastRequestDateFriendly = cachedUser.LastRequest.Value.RelativeFormat(true, "f"); } else { user.LastRequestDateFriendly = "-"; } } } var model = new GridModel <WebApiUserModel> { Data = pagedApiUsers, Total = apiUsers.Count() }; return(new JsonResult { Data = model }); }
public IPagedList <WebApiUserModel> GetUsers(int pageIndex, int pageSize) { var registeredRoleId = _customerService.GetCustomerRoleBySystemName(SystemCustomerRoleNames.Registered).Id; var query = from c in _customers.Table join a in ( from a in _genericAttributes.Table where a.KeyGroup == "Customer" && a.Key == WebApiCachingUserData.Key select a ) on c.Id equals a.EntityId into ga from a in ga.DefaultIfEmpty() where !c.Deleted && c.CustomerRoles.Select(r => r.Id).Contains(registeredRoleId) orderby a.Value descending select new WebApiUserModel { Id = c.Id, Username = c.Username, Email = c.Email, AdminComment = c.AdminComment }; var lst = new PagedList <WebApiUserModel>(query, pageIndex, pageSize); var cacheData = WebApiCachingUserData.Data(); foreach (var itm in lst) { var cacheItem = cacheData.FirstOrDefault(x => x.CustomerId == itm.Id); if (cacheItem != null) { itm.PublicKey = cacheItem.PublicKey; itm.SecretKey = cacheItem.SecretKey; itm.Enabled = cacheItem.Enabled; if (cacheItem.LastRequest.HasValue) { itm.LastRequest = cacheItem.LastRequest.ToLocalTime(); } else { itm.LastRequest = null; } } } return(lst); }
public void EnableOrDisableUser(int customerId, bool enable) { if (customerId != 0) { var cacheData = WebApiCachingUserData.Data(); var apiUser = cacheData.FirstOrDefault(x => x.CustomerId == customerId); if (apiUser != null) { apiUser.Enabled = enable; var attribute = _genericAttributeService.GetAttributeById(apiUser.GenericAttributeId); if (attribute != null) { attribute.Value = apiUser.ToString(); _genericAttributeService.UpdateAttribute(attribute); } } } }
public bool CreateKeys(int customerId) { if (customerId != 0) { var hmac = new HmacAuthentication(); var userData = WebApiCachingUserData.Data(); string key1, key2; for (int i = 0; i < 9999; ++i) { if (hmac.CreateKeys(out key1, out key2) && !userData.Exists(x => x.PublicKey.IsCaseInsensitiveEqual(key1))) { var apiUser = new WebApiUserCacheData { CustomerId = customerId, PublicKey = key1, SecretKey = key2, Enabled = true }; RemoveKeys(customerId); var attribute = new GenericAttribute { EntityId = customerId, KeyGroup = "Customer", Key = WebApiCachingUserData.Key, Value = apiUser.ToString() }; _genericAttributeService.InsertAttribute(attribute); WebApiCachingUserData.Remove(); return(true); } } } return(false); }
protected virtual HmacResult IsAuthenticated(HttpActionContext actionContext, DateTime now, WebApiControllingCacheData cacheControllingData, out Customer customer) { customer = null; var request = HttpContext.Current.Request; DateTime headDateTime; if (request == null) { return(HmacResult.FailedForUnknownReason); } if (cacheControllingData.ApiUnavailable) { return(HmacResult.ApiUnavailable); } string headContentMd5 = request.Headers["Content-Md5"] ?? request.Headers["Content-MD5"]; string headTimestamp = request.Headers[WebApiGlobal.Header.Date]; string headPublicKey = request.Headers[WebApiGlobal.Header.PublicKey]; string scheme = actionContext.Request.Headers.Authorization.Scheme; string signatureConsumer = actionContext.Request.Headers.Authorization.Parameter; if (string.IsNullOrWhiteSpace(headPublicKey)) { return(HmacResult.UserInvalid); } if (!_hmac.IsAuthorizationHeaderValid(scheme, signatureConsumer)) { return(HmacResult.InvalidAuthorizationHeader); } if (!_hmac.ParseTimestamp(headTimestamp, out headDateTime)) { return(HmacResult.InvalidTimestamp); } int maxMinutes = (cacheControllingData.ValidMinutePeriod <= 0 ? WebApiGlobal.DefaultTimePeriodMinutes : cacheControllingData.ValidMinutePeriod); if (Math.Abs((headDateTime - now).TotalMinutes) > maxMinutes) { return(HmacResult.TimestampOutOfPeriod); } var cacheUserData = WebApiCachingUserData.Data(); var apiUser = cacheUserData.FirstOrDefault(x => x.PublicKey == headPublicKey); if (apiUser == null) { return(HmacResult.UserUnknown); } if (!apiUser.Enabled) { return(HmacResult.UserDisabled); } if (!cacheControllingData.NoRequestTimestampValidation && apiUser.LastRequest.HasValue && headDateTime <= apiUser.LastRequest.Value) { return(HmacResult.TimestampOlderThanLastRequest); } var context = new WebApiRequestContext { HttpMethod = request.HttpMethod, HttpAcceptType = request.Headers["Accept"], PublicKey = headPublicKey, SecretKey = apiUser.SecretKey, Url = HttpUtility.UrlDecode(request.Url.AbsoluteUri.ToLower()) }; string contentMd5 = CreateContentMd5Hash(actionContext.Request); if (headContentMd5.HasValue() && headContentMd5 != contentMd5) { return(HmacResult.ContentMd5NotMatching); } string messageRepresentation = _hmac.CreateMessageRepresentation(context, contentMd5, headTimestamp); if (string.IsNullOrEmpty(messageRepresentation)) { return(HmacResult.MissingMessageRepresentationParameter); } string signatureProvider = _hmac.CreateSignature(apiUser.SecretKey, messageRepresentation); if (signatureProvider != signatureConsumer) { if (cacheControllingData.AllowEmptyMd5Hash) { messageRepresentation = _hmac.CreateMessageRepresentation(context, null, headTimestamp); signatureProvider = _hmac.CreateSignature(apiUser.SecretKey, messageRepresentation); if (signatureProvider != signatureConsumer) { return(HmacResult.InvalidSignature); } } else { return(HmacResult.InvalidSignature); } } customer = GetCustomer(apiUser.CustomerId); if (customer == null) { return(HmacResult.UserUnknown); } if (!customer.Active || customer.Deleted) { return(HmacResult.UserIsInactive); } if (!HasPermission(actionContext, customer)) { return(HmacResult.UserHasNoPermission); } //var headers = HttpContext.Current.Response.Headers; //headers.Add(ApiHeaderName.LastRequest, apiUser.LastRequest.HasValue ? apiUser.LastRequest.Value.ToString("o") : ""); apiUser.LastRequest = headDateTime; return(HmacResult.Success); }