private async Task <Gatekeeper.SCIM.Client.Client> GetScimClient(Guid scimAppSettingsId) { SCIMAppSettings scimAppSettings = await _authDbContext .SCIMAppSettings .AsNoTracking() .SingleAsync(s => s.Id == scimAppSettingsId); Gatekeeper.SCIM.Client.Client client = new Gatekeeper.SCIM.Client.Client( new Uri(scimAppSettings.Endpoint) ); client.SetAuthToken(scimAppSettings.Credentials); return(client); }
public async Task UnsyncGroupAsync(Guid groupId, Guid scimAppSettingsId) { ScimGroupSyncState syncState = await _authDbContext .ScimGroupSyncStates .SingleAsync(s => s.SCIMAppSettings.Id == scimAppSettingsId && s.UserGroup.Id == groupId); Gatekeeper.SCIM.Client.Client scimClient = await GetScimClient(scimAppSettingsId); DeleteGroupAction deleteGroup = new DeleteGroupAction(syncState.ServiceId); DeleteGroupResult deleteGroupResult = await scimClient.PerformAction <DeleteGroupResult>(deleteGroup); _authDbContext.Remove(syncState); await _authDbContext.SaveChangesAsync(); }
public async Task SyncUserAsync(Guid userId, Guid scimAppSettingsId) { ScimUserSyncState?syncState = await _authDbContext .ScimUserSyncStates .SingleOrDefaultAsync(s => s.SCIMAppSettings.Id == scimAppSettingsId && s.User.Id == userId); AppUser user = await _authDbContext .Users .SingleAsync(u => u.Id == userId); Gatekeeper.SCIM.Client.Schema.Core20.User scimUser = new Gatekeeper.SCIM.Client.Schema.Core20.User { ExternalId = user.Id.ToString(), UserName = user.UserName, Emails = new List <Gatekeeper.SCIM.Client.Schema.Core20.User.EmailAttribute>() { new Gatekeeper.SCIM.Client.Schema.Core20.User.EmailAttribute { Value = user.Email, Primary = true }, }, DisplayName = user.UserName, Active = true, }; Gatekeeper.SCIM.Client.Client scimClient = await GetScimClient(scimAppSettingsId); if (syncState == null) { CreateAction <Gatekeeper.SCIM.Client.Schema.Core20.User> createUserAction = new CreateAction <Gatekeeper.SCIM.Client.Schema.Core20.User>(scimUser); CreateResult <Gatekeeper.SCIM.Client.Schema.Core20.User> createUserResult = await scimClient.PerformAction <CreateResult <Gatekeeper.SCIM.Client.Schema.Core20.User> >(createUserAction); if (createUserResult.ResultStatus == StateEnum.Success && createUserResult.Resource != null && createUserResult.Resource.Id != null ) { syncState = new ScimUserSyncState { User = user, SCIMAppSettingsId = scimAppSettingsId, ServiceId = createUserResult.Resource.Id, }; _authDbContext.Add(syncState); await _authDbContext.SaveChangesAsync(); } else { throw new Exception("SCIM initial sync failed"); } } else { scimUser.Id = syncState.ServiceId; UpdateUserAction updateUserAction = new UpdateUserAction(scimUser); UpdateUserResult updateUserResult = await scimClient.PerformAction <UpdateUserResult>(updateUserAction); if (updateUserResult.ResultStatus != StateEnum.Success) { throw new Exception("SCIM update failed"); } } }
public async Task FullSyncAsync(Guid scimAppSettingsId) { SCIMAppSettings scimAppSettings = await _authDbContext .SCIMAppSettings .Include(u => u.AuthApp) .ThenInclude(a => a.UserGroups) .ThenInclude(g => g.Members) .SingleAsync(s => s.Id == scimAppSettingsId); Gatekeeper.SCIM.Client.Client client = new Gatekeeper.SCIM.Client.Client(new Uri(scimAppSettings.Endpoint)); client.SetAuthToken(scimAppSettings.Credentials); // Create a dictionary of all permitted users HashSet <Guid> allAppUsers = new HashSet <Guid>(); foreach (UserGroup group in scimAppSettings.AuthApp.UserGroups) { foreach (AppUser member in group.Members) { allAppUsers.Add(member.Id); } } // Read SCIM states List <ScimUserSyncState> userSyncStates = await _authDbContext .ScimUserSyncStates .Include(s => s.User) .Where(s => s.SCIMAppSettings == scimAppSettings) .ToListAsync(); // Update users foreach (Guid userId in allAppUsers) { BackgroundJob.Enqueue((ISyncHandler syncHandler) => syncHandler.SyncUserAsync(userId, scimAppSettingsId)); } // Remove users List <ScimUserSyncState> usersToRemove = userSyncStates .Where(s => !allAppUsers.Contains(s.User.Id)) .ToList(); foreach (ScimUserSyncState syncState in usersToRemove) { BackgroundJob.Enqueue((ISyncHandler syncHandler) => syncHandler.UnsyncUserAsync(syncState.User.Id, scimAppSettingsId)); } // Read scim states List <ScimGroupSyncState> groupSyncStates = await _authDbContext .ScimGroupSyncStates .Include(s => s.UserGroup) .Where(s => s.SCIMAppSettings == scimAppSettings) .ToListAsync(); // Update groups foreach (UserGroup group in scimAppSettings.AuthApp.UserGroups) { BackgroundJob.Enqueue((ISyncHandler syncHandler) => syncHandler.SyncGroupAsync(group.Id, scimAppSettingsId)); } // Remove groups List <ScimGroupSyncState> groupsToRemove = groupSyncStates .Where(s => !scimAppSettings.AuthApp.UserGroups.Contains(s.UserGroup)) .ToList(); foreach (ScimGroupSyncState syncState in groupsToRemove) { BackgroundJob.Enqueue((ISyncHandler syncHandler) => syncHandler.UnsyncGroupAsync(syncState.UserGroup.Id, scimAppSettingsId)); } }
public async Task SyncGroupAsync(Guid groupId, Guid scimAppSettingsId) { ScimGroupSyncState?syncState = await _authDbContext .ScimGroupSyncStates .SingleOrDefaultAsync(s => s.SCIMAppSettings.Id == scimAppSettingsId && s.UserGroup.Id == groupId); List <ScimUserSyncState> userSyncStates = await _authDbContext .ScimUserSyncStates .Where(s => s.SCIMAppSettings.Id == scimAppSettingsId && s.User.Groups.Any(g => g.Id == groupId)) .ToListAsync(); List <Gatekeeper.SCIM.Client.Schema.Core20.Group.GroupMembership> groupMemberships = new List <Gatekeeper.SCIM.Client.Schema.Core20.Group.GroupMembership>(); foreach (ScimUserSyncState userSyncState in userSyncStates) { groupMemberships.Add(new Gatekeeper.SCIM.Client.Schema.Core20.Group.GroupMembership { Value = userSyncState.ServiceId, }); } UserGroup group = await _authDbContext .UserGroup .SingleAsync(u => u.Id == groupId); Gatekeeper.SCIM.Client.Schema.Core20.Group scimGroup = new Gatekeeper.SCIM.Client.Schema.Core20.Group { ExternalId = group.Id.ToString(), DisplayName = group.Name, Members = groupMemberships, }; Gatekeeper.SCIM.Client.Client scimClient = await GetScimClient(scimAppSettingsId); if (syncState == null) { CreateAction <Gatekeeper.SCIM.Client.Schema.Core20.Group> createGroupAction = new CreateAction <Gatekeeper.SCIM.Client.Schema.Core20.Group>(scimGroup); CreateResult <Gatekeeper.SCIM.Client.Schema.Core20.Group> createUserResult = await scimClient.PerformAction <CreateResult <Gatekeeper.SCIM.Client.Schema.Core20.Group> >(createGroupAction); if (createUserResult.ResultStatus == StateEnum.Success && createUserResult.Resource != null && createUserResult.Resource.Id != null ) { syncState = new ScimGroupSyncState { UserGroup = group, SCIMAppSettingsId = scimAppSettingsId, ServiceId = createUserResult.Resource.Id, }; _authDbContext.Add(syncState); await _authDbContext.SaveChangesAsync(); } else { throw new Exception("SCIM initial sync failed"); } } else { scimGroup.Id = syncState.ServiceId; UpdateGroupAction updateGroup = new UpdateGroupAction(scimGroup); UpdateGroupResult updateGroupResult = await scimClient.PerformAction <UpdateGroupResult>(updateGroup); if (updateGroupResult.ResultStatus != StateEnum.Success) { throw new Exception("SCIM update failed"); } } }