Esempio n. 1
0
        public async Task <IEnumerable <OfficeDocumentPermissionResponse> > Execute(string documentId, string subject, AuthenticateParameter authenticateParameter)
        {
            if (string.IsNullOrWhiteSpace(subject))
            {
                throw new BaseDocumentManagementApiException(ErrorCodes.InvalidRequest, ErrorDescriptions.SubjectIsMissing);
            }

            var officeDocument = await _getOfficeDocumentAction.Execute(documentId);

            if (officeDocument.Subject != subject)
            {
                throw new NotAuthorizedException(ErrorCodes.Authorization, ErrorDescriptions.NotAuthorized);
            }

            var grantedToken = await _accessTokenStore.GetToken(authenticateParameter.WellKnownConfigurationUrl, authenticateParameter.ClientId, authenticateParameter.ClientSecret, new[] { "uma_protection" });

            if (grantedToken == null || string.IsNullOrWhiteSpace(grantedToken.AccessToken))
            {
                throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.CannotRetrieveAccessToken);
            }

            var policy = await _identityServerUmaClientFactory.GetPolicyClient().GetByResolution(officeDocument.UmaPolicyId, authenticateParameter.WellKnownConfigurationUrl, grantedToken.AccessToken);

            if (policy.ContainsError)
            {
                throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.CannotGetUmaPolicy);
            }

            var result = new List <OfficeDocumentPermissionResponse>();

            if (policy.Content != null && policy.Content.Rules != null)
            {
                foreach (var rule in policy.Content.Rules)
                {
                    if (rule.Claims != null)
                    {
                        foreach (var claim in rule.Claims.Where(c => c.Type == "sub"))
                        {
                            result.Add(new OfficeDocumentPermissionResponse
                            {
                                UserSubject = claim.Value
                            });
                        }
                    }
                }
            }

            return(result);
        }
        public async Task <bool> Execute(string openidWellKnownConfiguration, AddDocumentParameter document, AuthenticateParameter authenticateParameter)
        {
            if (string.IsNullOrWhiteSpace(openidWellKnownConfiguration))
            {
                throw new ArgumentNullException(nameof(openidWellKnownConfiguration));
            }

            if (document == null)
            {
                throw new ArgumentNullException(nameof(document));
            }

            if (authenticateParameter == null)
            {
                throw new ArgumentNullException(nameof(authenticateParameter));
            }

            _addDocumentParameterValidator.Check(document);
            var officeDocument = await _officeDocumentRepository.Get(document.Id);

            if (officeDocument != null)
            {
                throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.OfficeDocumentExists);
            }

            var grantedToken = await _accessTokenStore.GetToken(authenticateParameter.WellKnownConfigurationUrl, authenticateParameter.ClientId, authenticateParameter.ClientSecret, new[] { "uma_protection" });

            if (grantedToken == null || string.IsNullOrWhiteSpace(grantedToken.AccessToken))
            {
                throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.CannotRetrieveAccessToken);
            }

            var resource = await _identityServerUmaClientFactory.GetResourceSetClient().AddByResolution(new PostResourceSet
            {
                Name   = $"officedocument_{document.Id}",
                Scopes = Constants.DEFAULT_SCOPES.ToList()
            }, authenticateParameter.WellKnownConfigurationUrl, grantedToken.AccessToken);

            if (resource.ContainsError)
            {
                throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.CannotAddUmaResource);
            }

            var policy = await _identityServerUmaClientFactory.GetPolicyClient().AddByResolution(new PostPolicy
            {
                ResourceSetIds = new List <string> {
                    resource.Content.Id
                },
                Rules = new List <PostPolicyRule>
                {
                    new PostPolicyRule
                    {
                        Claims = new List <PostClaim>
                        {
                            new PostClaim
                            {
                                Type  = "sub",
                                Value = document.Subject
                            }
                        },
                        Scopes         = Constants.DEFAULT_SCOPES.ToList(),
                        OpenIdProvider = openidWellKnownConfiguration
                    }
                }
            }, authenticateParameter.WellKnownConfigurationUrl, grantedToken.AccessToken);

            if (policy.ContainsError)
            {
                throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.CannotAddUmaPolicy);
            }

            officeDocument = new OfficeDocumentAggregate
            {
                Id            = document.Id,
                Subject       = document.Subject,
                DisplayName   = document.DisplayName,
                UmaResourceId = resource.Content.Id,
                UmaPolicyId   = policy.Content.PolicyId,
            };
            if (!await _officeDocumentRepository.Add(officeDocument))
            {
                throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.CannotAddOfficeDocument);
            }

            return(true);
        }
        public async Task <bool> Execute(string wellKnownConfiguration, ValidateConfirmationLinkParameter validateConfirmationLinkParameter, AuthenticateParameter authenticateParameter)
        {
            if (string.IsNullOrWhiteSpace(wellKnownConfiguration))
            {
                throw new ArgumentNullException(nameof(wellKnownConfiguration));
            }

            _validateConfirmationLinkParameterValidator.Check(validateConfirmationLinkParameter);
            var confirmationLink = await _officeDocumentConfirmationLinkStore.Get(validateConfirmationLinkParameter.ConfirmationCode);

            if (confirmationLink == null)
            {
                throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.TheConfirmationCodeIsNotValid);
            }

            CheckConfirmationLink(confirmationLink);
            var officeDocument = await _officeDocumentRepository.Get(confirmationLink.DocumentId);

            if (officeDocument == null)
            {
                throw new DocumentNotFoundException();
            }

            if (string.IsNullOrWhiteSpace(officeDocument.UmaResourceId))
            {
                throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.NoUmaResource);
            }

            if (string.IsNullOrWhiteSpace(officeDocument.UmaPolicyId))
            {
                throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.NoUmaPolicy);
            }

            var grantedToken = await _tokenStore.GetToken(authenticateParameter.WellKnownConfigurationUrl, authenticateParameter.ClientId, authenticateParameter.ClientSecret, new[] { "uma_protection" });

            if (grantedToken == null || string.IsNullOrWhiteSpace(grantedToken.AccessToken))
            {
                throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.CannotRetrieveAccessToken);
            }

            var policy = await _identityServerUmaClientFactory.GetPolicyClient().GetByResolution(officeDocument.UmaPolicyId, authenticateParameter.WellKnownConfigurationUrl, grantedToken.AccessToken);

            if (policy.ContainsError)
            {
                throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.UmaPolicyDoesntExist);
            }

            var putPolicyRules = new List <PutPolicyRule>();

            if (policy.Content.Rules != null)
            {
                foreach (var rule in policy.Content.Rules)
                {
                    putPolicyRules.Add(new PutPolicyRule
                    {
                        Id               = rule.Id,
                        Claims           = rule.Claims,
                        ClientIdsAllowed = rule.ClientIdsAllowed,
                        OpenIdProvider   = rule.OpenIdProvider,
                        Scopes           = rule.Scopes
                    });
                }
            }

            if (!putPolicyRules.Any(p => p.Claims != null && p.Claims.Any(c => c.Type == "sub" && c.Value == validateConfirmationLinkParameter.Subject)))
            {
                putPolicyRules.Add(new PutPolicyRule
                {
                    Claims = new List <PostClaim>
                    {
                        new PostClaim
                        {
                            Type  = "sub",
                            Value = validateConfirmationLinkParameter.Subject
                        }
                    },
                    OpenIdProvider = wellKnownConfiguration,
                    Scopes         = Constants.DEFAULT_SCOPES.ToList()
                });
            }

            var updatedResult = await _identityServerUmaClientFactory.GetPolicyClient().UpdateByResolution(new PutPolicy
            {
                PolicyId = policy.Content.Id,
                Rules    = putPolicyRules
            }, authenticateParameter.WellKnownConfigurationUrl, grantedToken.AccessToken);

            if (updatedResult.ContainsError)
            {
                throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.UmaPolicyCannotBeUpdated);
            }

            // TODO : DECREASE THE NUMBER OF CONFIRMATION LINKS
            await UseConfirmationLink(confirmationLink);

            return(true);
        }