public override bool IsAuthorized(IAuthorizationRequest request)
{
VerifyArgument.IsNotNull("request", request);
bool authorized;
Tuple<bool, DateTime> authorizedRequest;
if(_cachedRequests.TryGetValue(request.Key, out authorizedRequest) && DateTime.Now.Subtract(authorizedRequest.Item2) < _timeOutPeriod)
{
authorized = authorizedRequest.Item1;
}
else
{
authorized = IsAuthorizedImpl(request);
}
// Only in the case when permissions change and we need to still fetch results ;)
if(!authorized && (request.RequestType == WebServerRequestType.HubConnect || request.RequestType == WebServerRequestType.EsbFetchExecutePayloadFragment))
{
// TODO : Check that the ResultsCache contains data to fetch for the user ;)
var identity = request.User.Identity;
if(ResultsCache.Instance.ContainsPendingRequestForUser(identity.Name))
{
authorized = true;
}
}
else
{
// normal execution
authorizedRequest = new Tuple<bool, DateTime>(authorized, DateTime.Now);
_cachedRequests.AddOrUpdate(request.Key, authorizedRequest, (tuple, tuple1) => authorizedRequest);
}
return authorized;
}
public IAuthorizationReply Authorize(IAuthorizationRequest authorizationRequest)
{
var authorizationReply = new AuthorizationReply();
ITgtToken tgtToken = this.DecryptTgt(authorizationRequest.TgtBytes);
this._traceManager.Trace("TGS: TGT Decrypted", tgtToken);
IEnumerable<User> users =
this.UnitOfWork.Repository<User, int>()
.Query()
.Filter(p => p.Email.Equals(tgtToken.ClientId, StringComparison.OrdinalIgnoreCase))
.Get();
User user = users.FirstOrDefault();
if (user != null)
{
IAuthenticator authenticator = this.DecryptAuthenticator(user, authorizationRequest.AutheticatorBytes, tgtToken.SessionKey);
this._traceManager.Trace("TGS: Authenticator decrypted", authenticator);
var sessionKey = new byte[SessionKeyLength];
this.GetRandomBytes(sessionKey);
IServiceTicket serviceTicket = this.CreateServiceTicket(tgtToken, sessionKey);
IServiceToken serviceToken = this.CreateServiceToken(sessionKey);
this._traceManager.Trace("TGS: Authorization reply created", serviceTicket, serviceToken);
authorizationReply.ServiceTicket = this.EncryptServiceTicket(serviceTicket);
authorizationReply.ServiceToken = this.EncryptServiceToken(serviceToken, tgtToken.SessionKey, user);
this._traceManager.Trace("TGS: Authorization reply encrypted", Tuple.Create(authorizationReply.ServiceTicket, authorizationReply.ServiceToken));
}
return authorizationReply;
}
public override bool IsAuthorized(IAuthorizationRequest request)
{
VerifyArgument.IsNotNull("request", request);
bool authorized;
authorized = _cachedRequests.TryGetValue(request.Key, out Tuple <bool, DateTime> authorizedRequest) && DateTime.Now.Subtract(authorizedRequest.Item2) < _timeOutPeriod ? authorizedRequest.Item1 : IsAuthorizedImpl(request);
if (!authorized && (request.RequestType == WebServerRequestType.HubConnect || request.RequestType == WebServerRequestType.EsbFetchExecutePayloadFragment))
{
var identity = request.User.Identity;
if (ResultsCache.Instance.ContainsPendingRequestForUser(identity.Name))
{
authorized = true;
}
}
else
{
authorizedRequest = new Tuple <bool, DateTime>(authorized, DateTime.Now);
_cachedRequests.AddOrUpdate(request.Key, authorizedRequest, (tuple, tuple1) => authorizedRequest);
}
if (!authorized)
{
_perfCounter?.Increment();
}
return(authorized);
}
public static bool Matches(this WindowsGroupPermission permission, IAuthorizationRequest request)
{
if (permission.IsServer)
{
return(true);
}
var resourcePath = HttpUtility.UrlDecode(request?.ResourcePath?.Replace('/', '\\') ?? "");
if (string.IsNullOrEmpty(resourcePath))
{
return(true);
}
var p1 = resourcePath;
if (p1.StartsWith(EnvironmentVariables.ResourcePath))
{
p1 = p1.Replace(EnvironmentVariables.ResourcePath, "");
}
var permissionResourcePath = permission.ResourcePath;
if (permissionResourcePath is null)
{
return(false);
}
var p2 = "\\" + permissionResourcePath;
var pathMatches = p1.StartsWith(p2, StringComparison.InvariantCultureIgnoreCase);
return(pathMatches);
}
public override bool IsAuthorized(IAuthorizationRequest request)
{
VerifyArgument.IsNotNull("request", request);
bool authorized;
Tuple <bool, DateTime> authorizedRequest;
if (_cachedRequests.TryGetValue(request.Key, out authorizedRequest) && DateTime.Now.Subtract(authorizedRequest.Item2) < _timeOutPeriod)
{
authorized = authorizedRequest.Item1;
}
else
{
authorized = IsAuthorizedImpl(request);
}
// Only in the case when permissions change and we need to still fetch results ;)
if (!authorized && (request.RequestType == WebServerRequestType.HubConnect || request.RequestType == WebServerRequestType.EsbFetchExecutePayloadFragment))
{
// TODO : Check that the ResultsCache contains data to fetch for the user ;)
var identity = request.User.Identity;
if (ResultsCache.Instance.ContainsPendingRequestForUser(identity.Name))
{
authorized = true;
}
}
else
{
// normal execution
authorizedRequest = new Tuple <bool, DateTime>(authorized, DateTime.Now);
_cachedRequests.AddOrUpdate(request.Key, authorizedRequest, (tuple, tuple1) => authorizedRequest);
}
return(authorized);
}
//Note: uses authorize request
public async Task <BaseResponse <Auth> > Authorize(IAuthorizationRequest request)
{
var serviceFeeId = Guid.NewGuid();
var baseRequest = _baseRequestFactory.CreateBaseRequest(Guid.NewGuid(), DateTime.Now, Utilities.Constants.RequestTypes.Authorization,
new AuthorizationRequestMessage(request, serviceFeeId, _configuration.GetSection("Credentials")));
return(await _requestHandlerRepository.SendRequestAsync <BaseResponse <Auth> >(baseRequest._requestMessage.GetResponseRootName(), baseRequest));
}
public async Task <string> AuthorizeAsync(IAuthorizationRequest request)
{
await ValidateRequestAsync(request);
await AuthenticateUserAsync();
VerifyScopesAreValid();
await GenerateAuthorizationCodeAsync();
return(GenerateAuthorizationUrl());
}
private async Task ValidateRequestAsync(IAuthorizationRequest request)
{
_request = request;
if (_request.ResponseType != "code")
{
throw new UnsupportedResponseTypeException("The only supported response type is 'code'.");
}
var application = await _findApplicationService.FindByClientIdAsync(_request.ClientId);
if (application == null)
{
throw new InvalidClientException("No application with that client ID could be found.", request.State);
}
// Make sure the provided scopes actually exists within this application.
if (_request.Scope != null)
{
var scopes = _request.Scope.Split(" ");
foreach (var scope in scopes)
{
var allScopes = InbuiltScopes.All.Concat(application.Scopes.Select(s => s.Name));
if (!allScopes.Contains(scope))
{
throw new InvalidScopeException("The provided scope is invalid.", request.State);
}
}
}
// Make sure the provided redirect uri is identical to the registered redirect uri.
var redirectUri = _request.RedirectUri ?? application.RedirectUri;
if (redirectUri != application.RedirectUri)
{
throw new InvalidGrantException("The provided redirect URI does not match the one on record.", request.State);
}
}
static string GetResource(IAuthorizationRequest request)
{
var resource = request.QueryString["rid"];
if (string.IsNullOrEmpty(resource))
{
switch (request.RequestType)
{
case WebServerRequestType.WebExecuteWorkflow:
resource = GetWebExecuteName(request.Url.AbsolutePath);
break;
case WebServerRequestType.WebBookmarkWorkflow:
resource = GetWebBookmarkName(request.Url.AbsolutePath);
break;
case WebServerRequestType.WebExecuteInternalService:
resource = GetWebExecuteName(request.Url.AbsolutePath);
break;
}
}
return(string.IsNullOrEmpty(resource) ? null : resource);
}
public AuthorizationRequestMessage(IAuthorizationRequest authorizationRequest, Guid serviceFeeId = default(Guid), IConfiguration configuration = null)
{
//Missing custom fields for now
MerchantCode = authorizationRequest.MerchantCode;
MerchantAccountCode = authorizationRequest.MerchantAccountCode;
PaymentAccountNumber = authorizationRequest.PaymentAccountNumber;
ExpirationDate = authorizationRequest.ExpirationDate;
SecurityCode = authorizationRequest.SecurityCode;
Amount = (uint)authorizationRequest.Amount;
TransactionType = authorizationRequest.TransactionType;
TransIndustryType = authorizationRequest.TransIndustryType;
TransCatCode = authorizationRequest.TransCatCode;
AcctType = authorizationRequest.AcctType;
InvoiceNum = authorizationRequest.InvoiceNum;
PONum = authorizationRequest.PONum;
CustomerAccountCode = authorizationRequest.CustomerAccountCode;
AccountHolderName = authorizationRequest.AccountHolderName;
HolderType = authorizationRequest.HolderType;
AccountStreet = authorizationRequest.AccountStreet;
AccountZip = authorizationRequest.AccountZip;
Token = authorizationRequest.Token;
ContractId = authorizationRequest.ContractId;
SettlementDelay = authorizationRequest.SettlementDelay;
FeeAmount = authorizationRequest.FeeAmount;
PartialAuthorization = authorizationRequest.PartialAuthorization;
if (authorizationRequest.ServiceFeeAmount.HasValue)
{
ServiceFee = new ServiceFee()
{
Amount = authorizationRequest.ServiceFeeAmount.Value,
ServiceUser = configuration["userName"],
ServicePassword = configuration["password"],
ServiceFeeID = serviceFeeId
};
}
}
static WebName GetResource(IAuthorizationRequest request)
{
WebName resource = new WebNameResourceId(request.QueryString["rid"]);
if (resource.IsValid)
{
return(resource);
}
switch (request.RequestType)
{
case WebServerRequestType.WebExecuteService:
return(GetWebExecuteName(request.Url.AbsolutePath));
case WebServerRequestType.WebBookmarkWorkflow:
return(GetWebBookmarkName(request.Url.AbsolutePath));
case WebServerRequestType.WebExecuteInternalService:
return(GetWebExecuteName(request.Url.AbsolutePath));
case WebServerRequestType.Unknown:
return(null);
case WebServerRequestType.WebGetDecisions:
return(null);
case WebServerRequestType.WebGetDialogs:
return(null);
case WebServerRequestType.WebGetServices:
return(null);
case WebServerRequestType.WebGetSources:
return(null);
case WebServerRequestType.WebGetSwitch:
return(null);
case WebServerRequestType.WebGet:
return(null);
case WebServerRequestType.WebGetContent:
return(null);
case WebServerRequestType.WebGetImage:
return(null);
case WebServerRequestType.WebGetScript:
return(null);
case WebServerRequestType.WebGetView:
return(null);
case WebServerRequestType.WebInvokeService:
return(null);
case WebServerRequestType.WebExecuteSecureWorkflow:
return(null);
case WebServerRequestType.WebExecutePublicWorkflow:
return(null);
case WebServerRequestType.WebExecuteGetLogFile:
return(null);
case WebServerRequestType.WebExecuteGetRootLevelApisJson:
return(null);
case WebServerRequestType.WebExecuteGetApisJsonForFolder:
return(null);
case WebServerRequestType.HubConnect:
return(null);
case WebServerRequestType.EsbOnConnected:
return(null);
case WebServerRequestType.EsbOnDisconnected:
return(null);
case WebServerRequestType.EsbOnReconnected:
return(null);
case WebServerRequestType.EsbAddDebugWriter:
return(null);
case WebServerRequestType.EsbFetchExecutePayloadFragment:
return(null);
case WebServerRequestType.EsbExecuteCommand:
return(null);
case WebServerRequestType.EsbAddItemMessage:
return(null);
case WebServerRequestType.EsbSendMemo:
return(null);
case WebServerRequestType.EsbFetchResourcesAffectedMemo:
return(null);
case WebServerRequestType.EsbSendDebugState:
return(null);
case WebServerRequestType.EsbWrite:
return(null);
case WebServerRequestType.ResourcesSendMemo:
return(null);
default:
return(null);
}
}
public abstract bool IsAuthorized(IAuthorizationRequest request);
public override bool IsAuthorized(IAuthorizationRequest request)
{
return false;
}
bool IsAuthorizedImpl(IAuthorizationRequest request)
{
var result = false;
switch (request.RequestType)
{
case WebServerRequestType.WebGetDecisions:
case WebServerRequestType.WebGetDialogs:
case WebServerRequestType.WebGetServices:
case WebServerRequestType.WebGetSources:
case WebServerRequestType.WebGetSwitch:
result = IsAuthorized(request.User, AuthorizationContext.View, GetResource(request));
break;
case WebServerRequestType.WebGet:
case WebServerRequestType.WebGetContent:
case WebServerRequestType.WebGetImage:
case WebServerRequestType.WebGetScript:
case WebServerRequestType.WebGetView:
result = IsAuthorized(request.User, AuthorizationContext.Any, GetResource(request));
break;
case WebServerRequestType.WebInvokeService:
var authorizationContext = IsWebInvokeServiceSave(request.Url.AbsolutePath) ? AuthorizationContext.Contribute : AuthorizationContext.View;
result = IsAuthorized(request.User, authorizationContext, GetResource(request));
break;
case WebServerRequestType.WebExecuteService:
case WebServerRequestType.WebExecuteSecureWorkflow:
case WebServerRequestType.WebExecutePublicWorkflow:
case WebServerRequestType.WebBookmarkWorkflow:
result = IsAuthorized(request.User, AuthorizationContext.Execute, GetResource(request));
break;
case WebServerRequestType.WebExecuteInternalService:
result = IsAuthorized(request.User, AuthorizationContext.Any, GetResource(request));
break;
case WebServerRequestType.HubConnect:
result = IsAuthorizedToConnect(request.User);
break;
case WebServerRequestType.WebExecuteGetLogFile:
case WebServerRequestType.EsbSendMemo:
case WebServerRequestType.EsbFetchResourcesAffectedMemo:
case WebServerRequestType.EsbAddDebugWriter:
case WebServerRequestType.EsbExecuteCommand:
case WebServerRequestType.EsbSendDebugState:
case WebServerRequestType.EsbWrite:
case WebServerRequestType.EsbOnConnected:
case WebServerRequestType.EsbFetchExecutePayloadFragment:
case WebServerRequestType.ResourcesSendMemo:
case WebServerRequestType.WebExecuteGetRootLevelApisJson:
case WebServerRequestType.WebExecuteGetApisJsonForFolder:
result = IsAuthorizedToConnect(request.User);
break;
case WebServerRequestType.Unknown:
break;
case WebServerRequestType.EsbOnDisconnected:
break;
case WebServerRequestType.EsbOnReconnected:
break;
case WebServerRequestType.EsbAddItemMessage:
break;
default:
break;
}
if (!result)
{
var user = "******";
if (request.User.Identity != null)
{
user = request.User.Identity.Name;
DumpPermissionsOnError(request.User);
}
Dev2Logger.Error("AUTH ERROR FOR USER : " + user, GlobalConstants.WarewolfError);
}
return(result);
}
public override bool IsAuthorized(IAuthorizationRequest request) => false;
bool IsAuthorizedImpl(IAuthorizationRequest request)
{
var result = false;
switch (request.RequestType)
{
case WebServerRequestType.WebGetDecisions:
case WebServerRequestType.WebGetDialogs:
case WebServerRequestType.WebGetServices:
case WebServerRequestType.WebGetSources:
case WebServerRequestType.WebGetSwitch:
result = IsAuthorized(request.User, AuthorizationContext.View, GetResource(request));
break;
case WebServerRequestType.WebGet:
case WebServerRequestType.WebGetContent:
case WebServerRequestType.WebGetImage:
case WebServerRequestType.WebGetScript:
case WebServerRequestType.WebGetView:
result = IsAuthorized(request.User, AuthorizationContext.Any, GetResource(request));
break;
case WebServerRequestType.WebInvokeService:
var authorizationContext = IsWebInvokeServiceSave(request.Url.AbsolutePath) ? AuthorizationContext.Contribute : AuthorizationContext.View;
result = IsAuthorized(request.User, authorizationContext, GetResource(request));
break;
case WebServerRequestType.WebExecuteWorkflow:
case WebServerRequestType.WebExecuteSecureWorkflow:
case WebServerRequestType.WebExecutePublicWorkflow:
case WebServerRequestType.WebBookmarkWorkflow:
result = IsAuthorized(request.User, AuthorizationContext.Execute, GetResource(request));
break;
case WebServerRequestType.WebExecuteInternalService:
result = IsAuthorized(request.User, AuthorizationContext.Any, GetResource(request));
break;
case WebServerRequestType.HubConnect:
result = IsAuthorizedToConnect(request.User);
break;
case WebServerRequestType.WebExecuteGetLogFile:
case WebServerRequestType.EsbSendMemo:
case WebServerRequestType.EsbAddDebugWriter:
case WebServerRequestType.EsbExecuteCommand:
case WebServerRequestType.EsbSendDebugState:
case WebServerRequestType.EsbWrite:
case WebServerRequestType.EsbOnConnected:
case WebServerRequestType.EsbFetchExecutePayloadFragment:
case WebServerRequestType.ResourcesSendMemo:
result = IsAuthorizedToConnect(request.User);
break;
}
if (!result)
{
var user = "******";
// ReSharper disable ConditionIsAlwaysTrueOrFalse
if (request.User.Identity != null)
// ReSharper restore ConditionIsAlwaysTrueOrFalse
{
user = request.User.Identity.Name;
DumpPermissionsOnError(request.User);
}
// ReSharper disable InvokeAsExtensionMethod
Dev2Logger.Log.Error("AUTH ERROR FOR USER : " + user);
// ReSharper restore InvokeAsExtensionMethod
}
return(result);
}
public override bool IsAuthorized(IAuthorizationRequest request)
{
return(IsAuthorized(request.User, AuthorizationContext.Any, request.QueryString["rid"]));
}
public abstract bool IsAuthorized(IAuthorizationRequest request);
static string GetResource(IAuthorizationRequest request)
{
var resource = request.QueryString["rid"];
if(string.IsNullOrEmpty(resource))
{
switch(request.RequestType)
{
case WebServerRequestType.WebExecuteService:
resource = GetWebExecuteName(request.Url.AbsolutePath);
break;
case WebServerRequestType.WebBookmarkWorkflow:
resource = GetWebBookmarkName(request.Url.AbsolutePath);
break;
case WebServerRequestType.WebExecuteInternalService:
resource = GetWebExecuteName(request.Url.AbsolutePath);
break;
}
}
return string.IsNullOrEmpty(resource) ? null : resource;
}
static string GetResource(IAuthorizationRequest request)
{
var resource = request.QueryString["rid"];
if (string.IsNullOrEmpty(resource))
{
switch (request.RequestType)
{
case WebServerRequestType.WebExecuteService:
resource = GetWebExecuteName(request.Url.AbsolutePath);
break;
case WebServerRequestType.WebBookmarkWorkflow:
resource = GetWebBookmarkName(request.Url.AbsolutePath);
break;
case WebServerRequestType.WebExecuteInternalService:
resource = GetWebExecuteName(request.Url.AbsolutePath);
break;
case WebServerRequestType.Unknown:
break;
case WebServerRequestType.WebGetDecisions:
break;
case WebServerRequestType.WebGetDialogs:
break;
case WebServerRequestType.WebGetServices:
break;
case WebServerRequestType.WebGetSources:
break;
case WebServerRequestType.WebGetSwitch:
break;
case WebServerRequestType.WebGet:
break;
case WebServerRequestType.WebGetContent:
break;
case WebServerRequestType.WebGetImage:
break;
case WebServerRequestType.WebGetScript:
break;
case WebServerRequestType.WebGetView:
break;
case WebServerRequestType.WebInvokeService:
break;
case WebServerRequestType.WebExecuteSecureWorkflow:
break;
case WebServerRequestType.WebExecutePublicWorkflow:
break;
case WebServerRequestType.WebExecuteGetLogFile:
break;
case WebServerRequestType.WebExecuteGetRootLevelApisJson:
break;
case WebServerRequestType.WebExecuteGetApisJsonForFolder:
break;
case WebServerRequestType.HubConnect:
break;
case WebServerRequestType.EsbOnConnected:
break;
case WebServerRequestType.EsbOnDisconnected:
break;
case WebServerRequestType.EsbOnReconnected:
break;
case WebServerRequestType.EsbAddDebugWriter:
break;
case WebServerRequestType.EsbFetchExecutePayloadFragment:
break;
case WebServerRequestType.EsbExecuteCommand:
break;
case WebServerRequestType.EsbAddItemMessage:
break;
case WebServerRequestType.EsbSendMemo:
break;
case WebServerRequestType.EsbFetchResourcesAffectedMemo:
break;
case WebServerRequestType.EsbSendDebugState:
break;
case WebServerRequestType.EsbWrite:
break;
case WebServerRequestType.ResourcesSendMemo:
break;
default:
break;
}
}
return(string.IsNullOrEmpty(resource) ? null : resource);
}
bool IsAuthorizedImpl(IAuthorizationRequest request)
{
var result = false;
switch(request.RequestType)
{
case WebServerRequestType.WebGetDecisions:
case WebServerRequestType.WebGetDialogs:
case WebServerRequestType.WebGetServices:
case WebServerRequestType.WebGetSources:
case WebServerRequestType.WebGetSwitch:
result = IsAuthorized(request.User, AuthorizationContext.View, GetResource(request));
break;
case WebServerRequestType.WebGet:
case WebServerRequestType.WebGetContent:
case WebServerRequestType.WebGetImage:
case WebServerRequestType.WebGetScript:
case WebServerRequestType.WebGetView:
result = IsAuthorized(request.User, AuthorizationContext.Any, GetResource(request));
break;
case WebServerRequestType.WebInvokeService:
var authorizationContext = IsWebInvokeServiceSave(request.Url.AbsolutePath) ? AuthorizationContext.Contribute : AuthorizationContext.View;
result = IsAuthorized(request.User, authorizationContext, GetResource(request));
break;
case WebServerRequestType.WebExecuteService:
case WebServerRequestType.WebExecuteSecureWorkflow:
case WebServerRequestType.WebExecutePublicWorkflow:
case WebServerRequestType.WebBookmarkWorkflow:
result = IsAuthorized(request.User, AuthorizationContext.Execute, GetResource(request));
break;
case WebServerRequestType.WebExecuteInternalService:
result = IsAuthorized(request.User, AuthorizationContext.Any, GetResource(request));
break;
case WebServerRequestType.HubConnect:
result = IsAuthorizedToConnect(request.User);
break;
case WebServerRequestType.WebExecuteGetLogFile:
case WebServerRequestType.EsbSendMemo:
case WebServerRequestType.EsbAddDebugWriter:
case WebServerRequestType.EsbExecuteCommand:
case WebServerRequestType.EsbSendDebugState:
case WebServerRequestType.EsbWrite:
case WebServerRequestType.EsbOnConnected:
case WebServerRequestType.EsbFetchExecutePayloadFragment:
case WebServerRequestType.ResourcesSendMemo:
case WebServerRequestType.WebExecuteGetRootLevelApisJson:
case WebServerRequestType.WebExecuteGetApisJsonForFolder:
result = IsAuthorizedToConnect(request.User);
break;
}
if(!result)
{
var user = "******";
// ReSharper disable ConditionIsAlwaysTrueOrFalse
if(request.User.Identity != null)
// ReSharper restore ConditionIsAlwaysTrueOrFalse
{
user = request.User.Identity.Name;
DumpPermissionsOnError(request.User);
}
// ReSharper disable InvokeAsExtensionMethod
Dev2Logger.Log.Error( "AUTH ERROR FOR USER : " + user);
// ReSharper restore InvokeAsExtensionMethod
}
return result;
}
public override bool IsAuthorized(IAuthorizationRequest request)
{
return(false);
}
public override bool IsAuthorized(IAuthorizationRequest request)
{
return IsAuthorized(request.User, AuthorizationContext.Any, request.QueryString["rid"]);
}
