Exemple #1
0
        /*
         * Rotating this user's password could potentially break the current user, so ensure that the return password
         * is stored someplace safely.
         */
        public async Task <string> RotateAgentPassword(string agent, string newPassword = null)
        {
            ClientSession agentSession        = _sessions[agent];
            CardSavrResponse <List <User> > u = await agentSession.client.GetUsersAsync(new NameValueCollection()
            {
                { "username", agent }
            });

            if (u == null)
            {
                throw new ArgumentException($"Username {agent} does not exist");
            }
            else if (u.Body.Count > 1)
            {
                throw new ArgumentException($"{u.Body.Count} users for ${agent}, there should only be one.");
            }
            PropertyBag bag = new PropertyBag();

            bag["username"] = agent;
            string password = (newPassword ?? ApiUtil.GenerateStretchedPassword(agent, 20)); //bag gets mutated

            bag["password"] = password;
            CardSavrResponse <PropertyBag> response = await agentSession.client.UpdateUserPasswordAsync((int)u.Body[0].id, bag);

            if (response.Body != null)
            {
                return(password);
            }
            throw new ArgumentException("Couldn't update provided password.");
        }
Exemple #2
0
        public async Task <String> RotateIntegrator(string user, string integrator_name)
        {
            ClientSession agentSession = _sessions[user];
            CardSavrResponse <List <Integrator> > response = await agentSession.client.GetIntegratorsAsync(new NameValueCollection()
            {
                { "name", integrator_name }
            });

            if (response.Body == null || response.Body.Count > 1)
            {
                throw new ArgumentException($"Can't reset unknown integrator: {integrator_name}");
            }
            Integrator integrator = response.Body[0];
            CardSavrResponse <Integrator> updated = await agentSession.client.RotateIntegratorsAsync(integrator.id);

            return(updated.Body.current_key);
        }
Exemple #3
0
        public async Task <ClientLogin> CreateCard(string agent, Cardholder cardholder, Card card, Address address, string financialInstitution = null, string safeKey = null)
        {
            //don't need the login data
            ClientSession agentSession = _sessions[agent];

            PropertyBag u = new PropertyBag();

            u["email"]       = cardholder.email;
            u["cuid"]        = cardholder.cuid;
            u["custom_data"] = cardholder.custom_data;

            //set the missing settings for model
            if (String.IsNullOrEmpty(cardholder.first_name))
            {
                u["first_name"] = address.first_name;
            }
            if (String.IsNullOrEmpty(cardholder.last_name))
            {
                u["last_name"] = address.last_name;
            }
            if (String.IsNullOrEmpty(card.name_on_card))
            {
                card.name_on_card = $"{u["first_name"]} {u["last_name"]}";
            }

            CardSavrResponse <Cardholder> cardholderResponse = await agentSession.client.CreateCardholderAsync(u, safeKey, financialInstitution);

            if (cardholderResponse.Body == null || cardholderResponse.Body.id == null)
            {
                throw new RequestException($"No body returned Creating Cardholder: {u}");
            }
            int cardholderId = cardholderResponse.Body.id ?? -1;

            address.cardholder_id = cardholderId;
            CardSavrResponse <Address> addressResponse = await agentSession.client.CreateAddressAsync(ApiUtil.BuildPropertyBagFromObject(address));

            card.cardholder_id = cardholderId;
            card.address_id    = addressResponse.Body.id ?? -1;
            card.par           = ApiUtil.GenerateRandomPAR(card.pan, card.expiration_month, card.expiration_year, cardholderResponse.Body.cuid);
            CardSavrResponse <Card> cardResponse = await agentSession.client.CreateCardAsync(ApiUtil.BuildPropertyBagFromObject(card), safeKey);

            return(new ClientLogin()
            {
                grant = cardholderResponse.Body.grant, card = cardResponse.Body, address = addressResponse.Body, cardholder = cardholderResponse.Body
            });
        }
        // Could be exposed publicly to give advanced users more flexibility.
        private async Task <CardSavrResponse <List <T> > > ApiMultiPutDelAsync <T>(
            string path, string pathWithId, QueryDef qd, HttpMethod method, object body,
            string safeKey, Paging paging = null, HttpRequestHeaders headers = null)
            where T : class
        {
            // by default we just tack the id on the end (we assume no trailing slash).
            pathWithId = pathWithId ?? path + "/{0}";

            CardSavrResponse <List <T> > result;

            if (qd.IsID)
            {
                // this is a singular operation, so just do it.
                CardSavrResponse <T> singleResponse = await ApiPutDelAsync <T>(
                    pathWithId, qd.ID, method, body, safeKey, headers);

                // then transform the result into a list.
                result = new CardSavrResponse <List <T> >()
                {
                    StatusCode = singleResponse.StatusCode,
                    Paging     = singleResponse.Paging,
                    Body       = new List <T>()
                    {
                        singleResponse.Body
                    }
                };
            }
            else
            {
                // get all the things implied by the query parameters, the iterate through and perform
                // the operation on each thing successively.
                result = await ApiGetAsync <List <T> >(path, qd, paging, headers);

                foreach (T t in result.Body)
                {
                    // we have to use reflection on a generic type.
                    string id = Convert.ToString(t.GetType().GetProperty("id").GetValue(t));

                    // should probably have some error handling here so we can continue on failure.
                    await ApiPutDelAsync <T>(pathWithId, id, method, body, safeKey, headers);
                }
            }

            return(result);
        }
        LoginAsync(HttpRequestHeaders headers = null)
        {
            object body = new Login()
            {
                client_public_key = _data.Ecdh.PublicKey,
                username          = _data.UserName,
                password_proof    = _data.Password != null?HashUtil.HmacSign(_data.StaticKey, MakePasswordKey(_data.UserName, _data.Password), true) : null
            };
            CardSavrResponse <LoginResult> result = await ApiPostAsync <LoginResult>(
                "/session/login", body, null, headers);

            // the shared secret will be used in future encrpyted communications.
            _data.SessionToken = result.Body.session_token;
            _data.Ecdh.ComputeSharedSecret(result.Body.server_public_key, true);
            log.Info("received server public key; computed shared secret.");

            return(result);
        }
Exemple #6
0
        public async Task <ClientSession> LoginAndCreateSession(string username,
                                                                string password,
                                                                string trace = null)
        {
            if (_sessions.ContainsKey(username))
            {
                return(_sessions[username]);
            }
            CardSavrHttpClient session = new CardSavrHttpClient(_rejectUnauthorized);

            session.Setup(_cardsavrServer, _appKey, _appName, username, password, trace);
            CardSavrResponse <LoginResult> login = await session.Init();

            _sessions[username] = new ClientSession {
                client = session
            };
            return(_sessions[username]);
        }