public async Task <SharedAccount> CreateSharedAccountAsync(SharedAccountAddModel sharedAccountModel)
{
if (sharedAccountModel == null)
{
throw new ArgumentNullException(nameof(sharedAccountModel));
}
_dataProtectionService.Validate();
var sharedAccount = new SharedAccount()
{
Name = sharedAccountModel.Name,
Urls = Validation.VerifyUrls(sharedAccountModel.Urls),
Apps = sharedAccountModel.Apps,
Login = await ValidateAccountNameAndLoginAsync(sharedAccountModel.Name, sharedAccountModel.GetLogin()),
LoginType = sharedAccountModel.LoginType,
Password = _dataProtectionService.Encrypt(sharedAccountModel.Password),
PasswordChangedAt = DateTime.UtcNow
};
if (!string.IsNullOrWhiteSpace(sharedAccountModel.OtpSecret))
{
Validation.VerifyOtpSecret(sharedAccountModel.OtpSecret);
sharedAccount.OtpSecret = _dataProtectionService.Encrypt(sharedAccountModel.OtpSecret);
sharedAccount.OtpSecretChangedAt = DateTime.UtcNow;
}
return(await _sharedAccountRepository.AddAsync(sharedAccount));
}
public async Task ExecuteRemoteTasks(string vaultId, Device remoteDevice, bool primaryAccountOnly)
{
_dataProtectionService.Validate();
var vault = await _hardwareVaultService.GetVaultByIdAsync(vaultId);
if (vault == null)
{
throw new HESException(HESCode.HardwareVaultNotFound);
}
// Tasks query
var query = _hardwareVaultTaskService
.TaskQuery()
.Include(t => t.HardwareVault)
.Include(t => t.Account)
.Where(t => t.HardwareVaultId == vaultId);
if (primaryAccountOnly)
{
query = query.Where(x => x.AccountId == vault.Employee.PrimaryAccountId || x.Operation == TaskOperation.Primary);
}
query = query.OrderBy(x => x.CreatedAt).AsNoTracking();
var tasks = await query.ToListAsync();
while (tasks.Any())
{
foreach (var task in tasks)
{
task.Password = _dataProtectionService.Decrypt(task.Password);
task.OtpSecret = _dataProtectionService.Decrypt(task.OtpSecret);
await ExecuteRemoteTask(remoteDevice, task);
await TaskCompleted(task.Id);
}
tasks = await query.ToListAsync();
}
await _hardwareVaultService.UpdateNeedSyncAsync(vault, false);
await _synchronizationService.HardwareVaultStateChanged(vault.Id);
}
public async Task AddHardwareVaultAsync(string employeeId, string vaultId)
{
if (employeeId == null)
{
throw new ArgumentNullException(nameof(employeeId));
}
if (vaultId == null)
{
throw new ArgumentNullException(nameof(vaultId));
}
_dataProtectionService.Validate();
var employee = await GetEmployeeByIdAsync(employeeId);
if (employee == null)
{
throw new Exception("Employee not found");
}
if (employee.HardwareVaults.Count > 0)
{
throw new Exception("Cannot add more than one hardware vault.");
}
var vault = await _hardwareVaultService.GetVaultByIdAsync(vaultId);
if (vault == null)
{
throw new Exception($"Vault {vault} not found");
}
if (vault.Status != VaultStatus.Ready)
{
throw new Exception($"Vault {vaultId} in a status that does not allow to reserve.");
}
vault.EmployeeId = employeeId;
vault.Status = VaultStatus.Reserved;
vault.IsStatusApplied = false;
vault.MasterPassword = _dataProtectionService.Encrypt(GenerateMasterPassword());
var accounts = await GetAccountsByEmployeeIdAsync(employeeId);
var tasks = new List <HardwareVaultTask>();
// Create a task for accounts that were created without a vault
foreach (var account in accounts.Where(x => x.Password != null))
{
tasks.Add(_hardwareVaultTaskService.GetAccountCreateTask(vault.Id, account.Id, account.Password, account.OtpSecret));
}
if (tasks.Count > 0)
{
vault.NeedSync = true;
}
using (TransactionScope transactionScope = new TransactionScope(TransactionScopeAsyncFlowOption.Enabled))
{
await _hardwareVaultService.UpdateVaultAsync(vault);
await _hardwareVaultService.CreateVaultActivationAsync(vaultId);
if (tasks.Count > 0)
{
await _hardwareVaultTaskService.AddRangeTasksAsync(tasks);
}
transactionScope.Complete();
}
}