public UserEntity()
{
GoogleIDNumber = "";
BattlelogID = "";
AccountEnabled = true;
Permissions = new PermissionSetEntity();
PartitionKey = Permissions.Namespace;
RowKey = GoogleIDNumber;
}
public UserEntity(string googleIDNumber, string email, string battlelogID, bool accountEnabled,
PermissionSetEntity permissions)
{
GoogleIDNumber = googleIDNumber;
Email = email;
BattlelogID = battlelogID;
AccountEnabled = accountEnabled;
Permissions = permissions;
PartitionKey = permissions.Namespace;
RowKey = GoogleIDNumber;
}
/// <summary>
/// Loads permissions for all plugins from the global config file.
/// </summary>
public void LoadPermissionsFromConfig()
{
var config = Resources.Permissions;
var lines = config.Split(new string[] { Environment.NewLine }, StringSplitOptions.None);
var permissionSets = new List<PermissionSetEntity>();
var permissionSet = new PermissionSetEntity();
foreach (var line in lines)
{
var split = line.Split(':');
//If we don't have at least two tokens, gtfo
if (split.Length <= 1) continue;
//Isolate the label (NAMESPACE or PERMISSIONS)
var label = split[0];
//This ugly-ass line splits a string like "anonymous, admin" into a list of comma-split, trimmed entries.
var parameters = split[1].Split(',').Select(p => p.Trim()).ToList();
//Let's not discriminate - nAmEsPaCe works too
if (label.Equals("NAMESPACE", StringComparison.OrdinalIgnoreCase))
{
permissionSet.Namespace = parameters[0];
}
else if(label.Equals("PERMISSIONS", StringComparison.OrdinalIgnoreCase))
{
permissionSet.PermissionSet = parameters;
permissionSets.Add(permissionSet);
permissionSet = new PermissionSetEntity();
}
}
//Upload each permissionSet to Table Store
foreach (var pSet in permissionSets)
{
RoleUtility.SetPermissionSetEntity(pSet);
}
}
/// <summary>
/// Attemps to validate a user given his OpenID token as well as a PermissionSet
/// Every permission in the permissionSet parameter must be present in the user's permission set for the function to return true
/// In addition, the user record is updated according to the following rules:
/// 1. The token is used to retrieve the GoogleIDNumber of the user
/// 2. The GoogleIDNumber is used to retrieve the user from the database
/// 3. If the entry does not exist, return false
/// 3. If the email in the record does not match the email provided by the user parameter, the table is updated with the new email
/// </summary>
/// <param name="token">Google auth token</param>
/// <param name="email">Email of the user to be validated</param>
/// <param name="permissionSet">PermissionSet containing all permissions for which the user is to be validated</param>
/// <param name="debugID">Debug parameter if we want to use our own ID</param>
/// <returns></returns>
public bool ValidateUser(string token, string email, PermissionSetEntity permissionSet, string debugID)
{
try
{
string userid = "";
if (debugID.Equals(""))
{
var request = WebRequest.Create("https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=" + token);
request.Method = "GET";
using (var response = (HttpWebResponse) request.GetResponse())
{
using (var reader = new StreamReader(response.GetResponseStream()))
{
var js = new JavaScriptSerializer();
var obj = js.Deserialize<dynamic>(reader.ReadToEnd());
userid = obj["user_id"];
}
}
}
else
{
userid = debugID;
}
var existingUser = RoleUtility.GetUserEntity(permissionSet.Namespace, userid);
//Resharper is amazing - this returns false if any permissions are not found or the user is null, otherwise returns true
var validated = existingUser != null && permissionSet.PermissionSet.All(permission => existingUser.Permissions.PermissionSet.Contains(permission));
// If that GoogleIDNumber exists, check to make sure the emails match
// If they don't, update the record with the new email
if (existingUser != null)
{
if (!existingUser.Email.Equals(email))
{
existingUser.Email = email;
RoleUtility.SetUserEntity(existingUser);
}
}
return validated;
}
catch (Exception e)
{
if (!(e is WebException))
{
LogUtility.Log(GetType().Name, MethodBase.GetCurrentMethod().Name, e.Message);
}
return false;
}
}
public void SetPermissionSetEntity(PermissionSetEntity permissionSet)
{
var permissionSetEntity = GetPermissionSetEntity(permissionSet.Namespace);
if (permissionSetEntity == null)
{
var insertOp = TableOperation.Insert(permissionSet);
PermissionSetTable.Execute(insertOp);
}
else
{
try
{
permissionSetEntity.Namespace = permissionSet.Namespace;
permissionSetEntity.PermissionSet = permissionSet.PermissionSet;
var insertOrReplaceOperation = TableOperation.InsertOrReplace(permissionSetEntity);
PermissionSetTable.Execute(insertOrReplaceOperation);
}
catch (Exception e)
{
LogUtility.Log(GetType().Name, MethodBase.GetCurrentMethod().Name, e.Message);
}
}
}
public bool ValidateUser(string token, string email, PermissionSetEntity permissionSet, string debugID = "")
{
return PermissionsUtil.ValidateUser(token, email, permissionSet, debugID);
}