private void ReplacePrincipalWithRoleMappings(object sender, EventArgs e)
        {
            if (!Request.IsAuthenticated || Context.User is ApiUserPrincipal) return;

            var username = Context.User.Identity.Name;
            var apiUser = Store.FindByUsername(username);
            var isNew = false;

            if (apiUser == null)
            {
                isNew = true;
                apiUser = new ApiUser {Username = username};
            }

            var origRoles = (apiUser.Roles ?? Empty).ToArray();
            var missingRoles = RoleNames.All.Except(origRoles);
            apiUser.Roles = (origRoles).Union(GetUserRoles(Context.User, missingRoles)).Distinct().ToArray();

            if (isNew || !apiUser.Roles.SequenceEqual(origRoles))
            {
                Store.Add(apiUser, UserUpdateMode.Overwrite);
            }

            var identity = new GenericIdentity(apiUser.Username, typeof(RoleMappingAuthenticationModule).Name);
            Context.User = new GenericPrincipal(identity, apiUser.Roles.ToArray());
        }
            protected override Task AuthenticateCoreAsync()
            {
                if (!IsAuthenticated)
                {
                    return completedTask;
                }

                var apiUser = store.FindByUsername(CurrentUsername);
                var isNew = false;

                if (apiUser == null)
                {
                    isNew = true;
                    apiUser = new ApiUser { Username = CurrentUsername };
                }

                var origRoles = (apiUser.Roles ?? Empty).ToArray();
                var missingRoles = RoleNames.All.Except(origRoles);
                var implicitGrants = GetMappedUserRoles(Request.User, missingRoles).ToArray();
                apiUser.Roles = origRoles.Union(implicitGrants).Distinct().ToArray();

                if (isNew || !apiUser.Roles.SequenceEqual(origRoles))
                {
                    store.Add(apiUser, UserUpdateMode.Overwrite);
                }

                if (apiUser.Roles.Any())
                {
                    Request.User = new SupplementalRolePrincipalWrapper(Request.User, apiUser.Roles);
                }

                return completedTask;
            }
Exemple #3
0
        private void AddInternal(ApiUser user, UserUpdateMode mode, bool disableProtectedAccountChecks=false)
        {
            user.Username = ScrubUsername(user.Username);

            if (string.IsNullOrWhiteSpace(user.Key))
            {
                user.Key = Guid.NewGuid().ToString();
            }

            using (var session = OpenSession())
            {
                var userExists = session.Query().Any(u => u.Username == user.Username);

                if (mode == UserUpdateMode.NoClobber && userExists)
                {
                    throw new UserOverwriteException();
                }

                if (userExists && !disableProtectedAccountChecks && IsProtectedAccount(user.Username))
                {
                    throw new UserPermissionException(user.Username + " account cannot be overwritten.");
                }

                session.Add(user);
            }
        }
        private dynamic DescribeUser(ApiUser user)
        {
            dynamic d = new ExpandoObject();
            d.Username = user.Username;

            // if current user is admin
            // d.ApiKey = user.ApiKey

            return d;
        }
        public HttpResponseMessage Put(string username, [FromBody]UserAttributes attributes)
        {
            var user = new ApiUser {Username = username, Key = attributes.Key, Roles = attributes.Roles};

            try
            {
                Store.Add(user, GetUserUpdateMode(attributes));
            }
            catch (UserOverwriteException)
            {
                return Request.CreateErrorResponse(HttpStatusCode.Conflict,
                    "User " + username + " already exists.");
            }
            catch (UserPermissionException ex)
            {
                return Request.CreateErrorResponse(HttpStatusCode.Forbidden, ex.Message);
            }

            return Request.CreateResponse(HttpStatusCode.Created);
        }
Exemple #6
0
 public void Add(ApiUser user, UserUpdateMode mode)
 {
     AddInternal(user, mode);
 }
Exemple #7
0
 public void Add(ApiUser user)
 {
     Add(user, UserUpdateMode.Overwrite);
 }
 private bool IsSelf(ApiUser user)
 {
     if (!IsUserAuthenticated) return false;
     return string.Equals(CurrentUserName, user.Username, StringComparison.InvariantCultureIgnoreCase);
 }
        private ApiUser DescribeUser(ApiUser user)
        {
            if (IsUserAuthenticated && User.IsInRole(RoleNames.AccountAdministrator) || IsSelf(user))
            {
                return user;
            }

            // Hide details that non-admins should not see.
            return new ApiUser {Username = user.Username};
        }
        public ApiUser GetRequiredAuthenticationInfo()
        {
            var apiUser = Store.FindByUsername(CurrentUserName);

            if (apiUser != null) return apiUser;

            apiUser = new ApiUser { Username = CurrentUserName, Roles = GetUserRoles(User) };

            Store.Add(apiUser, UserUpdateMode.Overwrite);

            return apiUser;
        }
 private bool IsSelf(ApiUser user)
 {
     return string.Equals(User.Identity.Name, user.Username, StringComparison.InvariantCultureIgnoreCase);
 }
        public ApiUser GetRequiredAuthenticationInfo()
        {
            var name = ScrubUsername(User.Identity.Name);

            var apiUser = Store.Users.SingleOrDefault(u => u.Username == name);

            if (apiUser != null) return apiUser;

            using (var session = Store.OpenSession())
            {
                apiUser = new ApiUser { Username = name, Key = Guid.NewGuid().ToString(), Roles = GetUserRoles(User) };
                session.Add(apiUser);
            }

            return apiUser;
        }