public static void RevokeRefreshToken( string token ) { string ClientId = System.Configuration.ConfigurationManager.AppSettings["RedditClientID"]; string ClientSecret = System.Configuration.ConfigurationManager.AppSettings["RedditClientSecret"]; string RediretURI = System.Configuration.ConfigurationManager.AppSettings["RedditRedirectURI"]; SNWebAgent agent = new SNWebAgent(); RedditSharp.AuthProvider ap = new RedditSharp.AuthProvider( ClientId, ClientSecret, RediretURI, agent ); ap.RevokeToken( token, true ); }
public static void GetNewToken( Models.ApplicationUser ident ) { string ClientId = System.Configuration.ConfigurationManager.AppSettings["RedditClientID"]; string ClientSecret = System.Configuration.ConfigurationManager.AppSettings["RedditClientSecret"]; string RediretURI = System.Configuration.ConfigurationManager.AppSettings["RedditRedirectURI"]; SNWebAgent agent = new SNWebAgent(); RedditSharp.AuthProvider ap = new RedditSharp.AuthProvider( ClientId, ClientSecret, RediretURI, agent ); string newaccesstoken = ap.GetOAuthToken( ident.RefreshToken, true ); ident.AccessToken = newaccesstoken; ident.TokenExpires = DateTime.UtcNow.AddMinutes( 50 ); }
public static async Task UpdateModeratedSubreddits( Models.ApplicationUser ident, UserManager<Models.ApplicationUser> manager ) { string cabalSubName = System.Configuration.ConfigurationManager.AppSettings["CabalSubreddit"].ToLower(); if ( ident.TokenExpires < DateTime.UtcNow ) { GetNewToken( ident ); } Utilities.SNWebAgent agent = new SNWebAgent( ident.AccessToken ); RedditSharp.Reddit rd = new RedditSharp.Reddit( agent, true ); var subs = rd.User.ModeratorSubreddits.ToList<RedditSharp.Things.Subreddit>(); List<string> currentRoles = ident.Claims.Where( x => x.ClaimType == roleType ).Select( r => r.ClaimValue ).ToList<string>(); List<Models.Subreddit> activeSubs = await new BLL.SubredditBLL().GetActiveSubs(); List<string> activeSubNames = activeSubs.Select( s => s.SubName.ToLower() ).ToList(); List<IdentityUserClaim> currentAdminRoles = ident.Claims.Where( c => c.ClaimType.StartsWith( "urn:snoonotes:subreddits:" ) ).ToList(); List<Claim> rolesToAdd = new List<Claim>(); List<Claim> rolesToRemove = new List<Claim>(); foreach ( string role in currentRoles ) { var sub = subs.Find( s => s.Name.ToLower() == role ); if ( activeSubNames.Contains( role ) ) { if ( sub != null ) { //if they already have the role and they still have the correct access if ( sub.ModPermissions.HasFlag( RedditSharp.ModeratorPermission.All ) || ( (int) sub.ModPermissions & activeSubs.Where( s => s.SubName.ToLower() == role ).Select( s => s.Settings.AccessMask ).First() ) > 0 ) { //Check if "full" permissions if ( sub.ModPermissions.HasFlag( RedditSharp.ModeratorPermission.All ) && !ClaimsPrincipal.Current.HasClaim( "urn:snoonotes:subreddits:" + role + ":admin", "true" ) ) { //has admin permissions but doesn't have role, so add it rolesToAdd.Add( new Claim( "urn:snoonotes:subreddits:" + role + ":admin", "true" ) ); } else if ( !sub.ModPermissions.HasFlag( RedditSharp.ModeratorPermission.All ) && ClaimsPrincipal.Current.HasClaim( "urn:snoonotes:subreddits:" + role + ":admin", "true" ) ) { //doesn't have admin permission, but does have role, so remove it rolesToRemove.Add( new Claim( "urn:snoonotes:subreddits:" + role + ":admin", "true" ) ); } } else { //lost da permissions rolesToRemove.Add( new Claim( roleType, role ) ); if ( !sub.ModPermissions.HasFlag( RedditSharp.ModeratorPermission.All ) && ClaimsPrincipal.Current.HasClaim( "urn:snoonotes:subreddits:" + role + ":admin", "true" ) ) rolesToRemove.Add( new Claim( "urn:snoonotes:subreddits:" + role + ":admin", "true" ) ); } //User already has sub as a role and is still a mod subs.Remove( sub ); } else { rolesToRemove.Add( new Claim( roleType, role ) ); } } else { //sub was deactivated, add it to remove. rolesToRemove.Add( new Claim( roleType, role ) ); if ( ClaimsPrincipal.Current.HasClaim( "urn:snoonotes:subreddits:" + role + ":admin", "true" ) ) rolesToRemove.Add( new Claim( "urn:snoonotes:subreddits:" + role + ":admin", "true" ) ); } } //subs now only contains subs that don't exist as roles foreach ( RedditSharp.Things.Subreddit sub in subs ) { string subname = sub.Name.ToLower(); if ( activeSubNames.Contains( subname ) ) { if ( sub.ModPermissions.HasFlag( RedditSharp.ModeratorPermission.All ) ) { rolesToAdd.Add( new Claim( roleType, subname ) ); rolesToAdd.Add( new Claim( "urn:snoonotes:subreddits:" + subname + ":admin", "true" ) ); } else if ( ( (int) sub.ModPermissions & activeSubs.Where( s => s.SubName.ToLower() == subname ).Select( s => s.Settings.AccessMask ).First() ) > 0 ) { rolesToAdd.Add( new Claim( roleType, subname ) ); } } } foreach ( var adminRole in currentAdminRoles ) { string subName = adminRole.ClaimType.Replace( "urn:snoonotes:subreddits:", "" ).Replace( ":admin", "" ).ToLower(); if ( subs.Exists( s => s.Name.ToLower() == subName && !s.ModPermissions.HasFlag( RedditSharp.ModeratorPermission.All ) ) ) { ident.Claims.Remove( adminRole ); } } string cabalUserName = System.Configuration.ConfigurationManager.AppSettings["CabalUsername"]; var cabalUser = HttpContext.Current.GetOwinContext().GetUserManager<ApplicationUserManager>().FindByName( cabalUserName ); if(cabalUser.TokenExpires < DateTime.UtcNow ) { GetNewToken( cabalUser ); } agent = new SNWebAgent( cabalUser.AccessToken ); RedditSharp.Reddit reddit = new RedditSharp.Reddit( agent, false ); var redditSub = reddit.GetSubreddit( cabalSubName ); var contribs = redditSub.Contributors; if(contribs.Any(c=>c.Name.ToLower() == ident.UserName.ToLower() ) ) { var cabalClaim = new Claim( roleType, cabalSubName ); rolesToRemove.RemoveAll( r => r.Type == cabalClaim.Type && r.Value == cabalClaim.Value ); if ( !currentRoles.Contains( cabalSubName ) && !rolesToAdd.Any(ar => ar.Value == cabalClaim.Value && ar.Type == cabalClaim.Type)) { rolesToAdd.Add( cabalClaim ); } } foreach ( Claim c in rolesToRemove ) { manager.RemoveClaim( ident.Id, c ); //ident.Claims.Remove( ident.Claims.First( uc => uc.UserId == ident.Id && uc.ClaimType == c.Type && uc.ClaimValue == c.Value ) ); } foreach ( Claim c in rolesToAdd ) { //manager.AddClaim( ident.Id, c ); ident.Claims.Add( new IdentityUserClaim() { ClaimType = c.Type, ClaimValue = c.Value, UserId = ident.Id } ); } }
public async static Task<bool> UpdateModsForSub( Models.Subreddit sub ) { if ( !ClaimsPrincipal.Current.HasClaim( "urn:snoonotes:subreddits:" + sub.SubName.ToLower() + ":admin", "true" ) ) { throw new UnauthorizedAccessException( "You don't have 'Full' permissions to this subreddit!" ); } if ( sub.SubName.ToLower() == System.Configuration.ConfigurationManager.AppSettings["CabalSubreddit"].ToLower() ) return false; sub = (await new BLL.SubredditBLL().GetSubreddits( new string[] { sub.SubName } )).First(); if ( sub == null ) { throw new Exception( "Unrecognized subreddit" ); } string subName = sub.SubName.ToLower(); var userManager = HttpContext.Current.GetOwinContext().GetUserManager<ApplicationUserManager>(); //var usersWithAccess = userManager.Users.Where(u => // u.Claims.Where(c => // c.ClaimType == ClaimTypes.Role && c.ClaimValue == sub.SubName.ToLower()).Count() > 0).ToList(); var usersWithAccess = userManager.Users.Where( u => u.Claims.Select( c => c.ClaimValue ).Contains( subName ) ).ToList(); //var x = userManager.Users.Where(u=>u.Claims.Select(c => c.ClaimValue).Contains("videos")).ToList(); //var y = userManager.Users.Select(u => u.Claims); var ident = userManager.FindByName( ClaimsPrincipal.Current.Identity.Name ); if ( ident.TokenExpires < DateTime.UtcNow ) { GetNewToken( ident ); userManager.Update( ident ); } ClaimsIdentity curuser = ClaimsPrincipal.Current.Identity as ClaimsIdentity; SNWebAgent agent; if ( curuser.HasClaim( "urn:snoonotes:scope", "read" ) ) { agent = new SNWebAgent( ident.AccessToken ); } else { agent = new SNWebAgent(); } RedditSharp.Reddit rd = new RedditSharp.Reddit( agent ); RedditSharp.Things.Subreddit subinfo; try { subinfo = rd.GetSubreddit( sub.SubName ); } catch { return false; } var modsWithAccess = subinfo.Moderators.Where( m => ( (int) m.Permissions & sub.Settings.AccessMask ) > 0 ); // get list of users to remove perms from var usersToRemove = usersWithAccess.Where( u => !modsWithAccess.Select( m => m.Name.ToLower() ).Contains( u.UserName.ToLower() ) ).ToList(); foreach ( var user in usersToRemove ) { userManager.RemoveClaim( user.Id, new Claim( ClaimTypes.Role, subName ) ); if ( user.Claims.Where( c => c.ClaimType == "urn:snoonotes:subreddits:" + subName + ":admin" ).Count() > 0 ) { userManager.RemoveClaim( user.Id, new Claim( "urn:snoonotes:subreddits:" + subName + ":admin", "true" ) ); } } var usersToAdd = modsWithAccess.Where( m => ( (int) m.Permissions & sub.Settings.AccessMask ) > 0 && !usersWithAccess.Select( u => u.UserName.ToLower() ).Contains( m.Name.ToLower() ) ); foreach ( var user in usersToAdd ) { try { var u = userManager.FindByName( user.Name ); if ( u != null ) { //assume it won't be adding a duplicate *holds breath* if ( user.Permissions.HasFlag( RedditSharp.ModeratorPermission.All ) ) { userManager.AddClaim( u.Id, new Claim( ClaimTypes.Role, subName ) ); userManager.AddClaim( u.Id, new Claim( "urn:snoonotes:subreddits:" + subName + ":admin", "true" ) ); } else if ( ( (int) user.Permissions & sub.Settings.AccessMask ) > 0 ) { userManager.AddClaim( u.Id, new Claim( ClaimTypes.Role, subName ) ); } } } catch { //TODO something, mighta caught a non registered user? } } return true; }