Esempio n. 1
0
        public async Task LogUserEventAsync(Guid userId, EventType type, DateTime?date = null)
        {
            var events = new List <IEvent>
            {
                new EventMessage(_currentContext)
                {
                    UserId       = userId,
                    ActingUserId = userId,
                    Type         = type,
                    Date         = date.GetValueOrDefault(DateTime.UtcNow)
                }
            };

            var orgAbilities = await _applicationCacheService.GetOrganizationAbilitiesAsync();

            var orgs = await _currentContext.OrganizationMembershipAsync(_organizationUserRepository, userId);

            var orgEvents = orgs.Where(o => CanUseEvents(orgAbilities, o.Id))
                            .Select(o => new EventMessage(_currentContext)
            {
                OrganizationId = o.Id,
                UserId         = userId,
                ActingUserId   = userId,
                Type           = type,
                Date           = DateTime.UtcNow
            });

            var providerAbilities = await _applicationCacheService.GetProviderAbilitiesAsync();

            var providers = await _currentContext.ProviderMembershipAsync(_providerUserRepository, userId);

            var providerEvents = providers.Where(o => CanUseProviderEvents(providerAbilities, o.Id))
                                 .Select(p => new EventMessage(_currentContext)
            {
                ProviderId   = p.Id,
                UserId       = userId,
                ActingUserId = userId,
                Type         = type,
                Date         = DateTime.UtcNow
            });

            if (orgEvents.Any() || providerEvents.Any())
            {
                events.AddRange(orgEvents);
                events.AddRange(providerEvents);
                await _eventWriteService.CreateManyAsync(events);
            }
            else
            {
                await _eventWriteService.CreateAsync(events.First());
            }
        }
Esempio n. 2
0
        public async Task GetProfileDataAsync(ProfileDataRequestContext context)
        {
            var existingClaims = context.Subject.Claims;
            var newClaims      = new List <Claim>();

            var user = await _userService.GetUserByPrincipalAsync(context.Subject);

            if (user != null)
            {
                var isPremium = await _licensingService.ValidateUserPremiumAsync(user);

                var orgs = await _currentContext.OrganizationMembershipAsync(_organizationUserRepository, user.Id);

                var providers = await _currentContext.ProviderMembershipAsync(_providerUserRepository, user.Id);

                foreach (var claim in CoreHelpers.BuildIdentityClaims(user, orgs, providers, isPremium))
                {
                    var upperValue = claim.Value.ToUpperInvariant();
                    var isBool     = upperValue == "TRUE" || upperValue == "FALSE";
                    newClaims.Add(isBool ?
                                  new Claim(claim.Key, claim.Value, ClaimValueTypes.Boolean) :
                                  new Claim(claim.Key, claim.Value)
                                  );
                }
            }

            // filter out any of the new claims
            var existingClaimsToKeep = existingClaims
                                       .Where(c => !c.Type.StartsWith("org") &&
                                              (newClaims.Count == 0 || !newClaims.Any(nc => nc.Type == c.Type)))
                                       .ToList();

            newClaims.AddRange(existingClaimsToKeep);
            if (newClaims.Any())
            {
                context.IssuedClaims.AddRange(newClaims);
            }
        }
Esempio n. 3
0
        public async Task <Client> FindClientByIdAsync(string clientId)
        {
            if (!_globalSettings.SelfHosted && clientId.StartsWith("installation."))
            {
                var idParts = clientId.Split('.');
                if (idParts.Length > 1 && Guid.TryParse(idParts[1], out Guid id))
                {
                    var installation = await _installationRepository.GetByIdAsync(id);

                    if (installation != null)
                    {
                        return(new Client
                        {
                            ClientId = $"installation.{installation.Id}",
                            RequireClientSecret = true,
                            ClientSecrets = { new Secret(installation.Key.Sha256()) },
                            AllowedScopes = new string[] { "api.push", "api.licensing" },
                            AllowedGrantTypes = GrantTypes.ClientCredentials,
                            AccessTokenLifetime = 3600 * 24,
                            Enabled = installation.Enabled,
                            Claims = new List <ClientClaim>
                            {
                                new ClientClaim(JwtClaimTypes.Subject, installation.Id.ToString())
                            }
                        });
                    }
                }
            }
            else if (_globalSettings.SelfHosted && clientId.StartsWith("internal.") &&
                     CoreHelpers.SettingHasValue(_globalSettings.InternalIdentityKey))
            {
                var idParts = clientId.Split('.');
                if (idParts.Length > 1)
                {
                    var id = idParts[1];
                    if (!string.IsNullOrWhiteSpace(id))
                    {
                        return(new Client
                        {
                            ClientId = $"internal.{id}",
                            RequireClientSecret = true,
                            ClientSecrets = { new Secret(_globalSettings.InternalIdentityKey.Sha256()) },
                            AllowedScopes = new string[] { "internal" },
                            AllowedGrantTypes = GrantTypes.ClientCredentials,
                            AccessTokenLifetime = 3600 * 24,
                            Enabled = true,
                            Claims = new List <ClientClaim>
                            {
                                new ClientClaim(JwtClaimTypes.Subject, id)
                            }
                        });
                    }
                }
            }
            else if (clientId.StartsWith("organization."))
            {
                var idParts = clientId.Split('.');
                if (idParts.Length > 1 && Guid.TryParse(idParts[1], out var id))
                {
                    var org = await _organizationRepository.GetByIdAsync(id);

                    if (org != null)
                    {
                        return(new Client
                        {
                            ClientId = $"organization.{org.Id}",
                            RequireClientSecret = true,
                            ClientSecrets = { new Secret(org.ApiKey.Sha256()) },
                            AllowedScopes = new string[] { "api.organization" },
                            AllowedGrantTypes = GrantTypes.ClientCredentials,
                            AccessTokenLifetime = 3600 * 1,
                            Enabled = org.Enabled && org.UseApi,
                            Claims = new List <ClientClaim>
                            {
                                new ClientClaim(JwtClaimTypes.Subject, org.Id.ToString())
                            }
                        });
                    }
                }
            }
            else if (clientId.StartsWith("user."))
            {
                var idParts = clientId.Split('.');
                if (idParts.Length > 1 && Guid.TryParse(idParts[1], out var id))
                {
                    var user = await _userRepository.GetByIdAsync(id);

                    if (user != null)
                    {
                        var claims = new Collection <ClientClaim>()
                        {
                            new ClientClaim(JwtClaimTypes.Subject, user.Id.ToString()),
                            new ClientClaim(JwtClaimTypes.AuthenticationMethod, "Application", "external")
                        };
                        var orgs = await _currentContext.OrganizationMembershipAsync(_organizationUserRepository, user.Id);

                        var providers = await _currentContext.ProviderMembershipAsync(_providerUserRepository, user.Id);

                        var isPremium = await _licensingService.ValidateUserPremiumAsync(user);

                        foreach (var claim in CoreHelpers.BuildIdentityClaims(user, orgs, providers, isPremium))
                        {
                            var upperValue = claim.Value.ToUpperInvariant();
                            var isBool     = upperValue == "TRUE" || upperValue == "FALSE";
                            claims.Add(isBool ?
                                       new ClientClaim(claim.Key, claim.Value, ClaimValueTypes.Boolean) :
                                       new ClientClaim(claim.Key, claim.Value)
                                       );
                        }

                        return(new Client
                        {
                            ClientId = clientId,
                            RequireClientSecret = true,
                            ClientSecrets = { new Secret(user.ApiKey.Sha256()) },
                            AllowedScopes = new string[] { "api" },
                            AllowedGrantTypes = GrantTypes.ClientCredentials,
                            AccessTokenLifetime = 3600 * 1,
                            ClientClaimsPrefix = null,
                            Claims = claims
                        });
                    }
                }
            }

            return(_staticClientStore.ApiClients.ContainsKey(clientId) ?
                   _staticClientStore.ApiClients[clientId] : null);
        }