public async Task <string> Execute(AddPolicyParameter addPolicyParameter)
{
var json = addPolicyParameter == null ? string.Empty : JsonConvert.SerializeObject(addPolicyParameter);
_umaServerEventSource.StartAddingAuthorizationPolicy(json);
if (addPolicyParameter == null)
{
throw new ArgumentNullException(nameof(addPolicyParameter));
}
if (addPolicyParameter.ResourceSetIds == null || !addPolicyParameter.ResourceSetIds.Any())
{
throw new BaseUmaException(ErrorCodes.InvalidRequestCode,
string.Format(ErrorDescriptions.TheParameterNeedsToBeSpecified, Constants.AddPolicyParameterNames.ResourceSetIds));
}
foreach (var resourceSetId in addPolicyParameter.ResourceSetIds)
{
var resourceSet = await _repositoryExceptionHelper.HandleException(
string.Format(ErrorDescriptions.TheResourceSetCannotBeRetrieved, resourceSetId),
() => _resourceSetRepository.Get(resourceSetId));
if (resourceSet == null)
{
throw new BaseUmaException(ErrorCodes.InvalidResourceSetId, string.Format(ErrorDescriptions.TheResourceSetDoesntExist, resourceSetId));
}
if (addPolicyParameter.Scopes.Any(r => !resourceSet.Scopes.Contains(r)))
{
throw new BaseUmaException(ErrorCodes.InvalidScope, ErrorDescriptions.OneOrMoreScopesDontBelongToAResourceSet);
}
}
// Insert policy
var policy = new Policy
{
Id = Guid.NewGuid().ToString(),
ClientIds = addPolicyParameter.ClientIdsAllowed,
ResourceSetIds = addPolicyParameter.ResourceSetIds,
IsResourceOwnerConsentNeeded = addPolicyParameter.IsResourceOwnerConsentNeeded,
Script = addPolicyParameter.Script,
Scopes = addPolicyParameter.Scopes,
Claims = addPolicyParameter.Claims == null ? new List <Claim>() : addPolicyParameter.Claims.Select(c => new Claim
{
Type = c.Type,
Value = c.Value
}).ToList()
};
await _repositoryExceptionHelper.HandleException(ErrorDescriptions.ThePolicyCannotBeInserted, () => _policyRepository.Add(policy));
_umaServerEventSource.FinishToAddAuthorizationPolicy(JsonConvert.SerializeObject(policy));
return(policy.Id);
}
public async Task <bool> Execute(UpdatePolicyParameter updatePolicyParameter)
{
if (updatePolicyParameter == null)
{
throw new ArgumentNullException(nameof(updatePolicyParameter));
}
if (string.IsNullOrWhiteSpace(updatePolicyParameter.PolicyId))
{
throw new BaseUmaException(ErrorCodes.InvalidRequestCode, string.Format(ErrorDescriptions.TheParameterNeedsToBeSpecified, "id"));
}
_umaServerEventSource.StartUpdateAuthorizationPolicy(JsonConvert.SerializeObject(updatePolicyParameter));
var policy = await _repositoryExceptionHelper.HandleException(
string.Format(ErrorDescriptions.TheAuthorizationPolicyCannotBeRetrieved, updatePolicyParameter.PolicyId),
() => _policyRepository.Get(updatePolicyParameter.PolicyId));
if (policy == null)
{
return(false);
}
foreach (var resourceSetId in policy.ResourceSetIds)
{
var resourceSet = await _resourceSetRepository.Get(resourceSetId).ConfigureAwait(false);
if (updatePolicyParameter.Scopes.Any(r => !resourceSet.Scopes.Contains(r)))
{
throw new BaseUmaException(ErrorCodes.InvalidScope, ErrorDescriptions.OneOrMoreScopesDontBelongToAResourceSet);
}
}
policy.Scopes = updatePolicyParameter.Scopes;
policy.IsResourceOwnerConsentNeeded = updatePolicyParameter.IsResourceOwnerConsentNeeded;
policy.Claims = new List <Claim>();
policy.Script = updatePolicyParameter.Script;
if (updatePolicyParameter.Claims != null)
{
policy.Claims = updatePolicyParameter.Claims.Select(c => new Claim
{
Type = c.Type,
Value = c.Value
}).ToList();
}
var result = await _repositoryExceptionHelper.HandleException(
string.Format(ErrorDescriptions.TheAuthorizationPolicyCannotBeUpdated, updatePolicyParameter.PolicyId),
() => _policyRepository.Update(policy));
_umaServerEventSource.FinishUpdateAuhthorizationPolicy(JsonConvert.SerializeObject(updatePolicyParameter));
return(result);
}
public async Task <bool> Execute(UpdatePolicyParameter updatePolicyParameter)
{
if (updatePolicyParameter == null)
{
throw new ArgumentNullException(nameof(updatePolicyParameter));
}
if (updatePolicyParameter.Rules == null ||
!updatePolicyParameter.Rules.Any())
{
throw new BaseUmaException(ErrorCodes.InvalidRequestCode,
string.Format(ErrorDescriptions.TheParameterNeedsToBeSpecified, Constants.AddPolicyParameterNames.Rules));
}
var policy = await _repositoryExceptionHelper.HandleException(
string.Format(ErrorDescriptions.TheAuthorizationPolicyCannotBeRetrieved, updatePolicyParameter.PolicyId),
() => _policyRepository.Get(updatePolicyParameter.PolicyId));
if (policy == null)
{
return(false);
}
policy.Rules = new List <PolicyRule>();
foreach (var ruleParameter in updatePolicyParameter.Rules)
{
var claims = new List <Claim>();
if (ruleParameter.Claims != null)
{
claims = ruleParameter.Claims.Select(c => new Claim
{
Type = c.Type,
Value = c.Value
}).ToList();
}
policy.Rules.Add(new PolicyRule
{
Id = ruleParameter.Id,
ClientIdsAllowed = ruleParameter.ClientIdsAllowed,
IsResourceOwnerConsentNeeded = ruleParameter.IsResourceOwnerConsentNeeded,
Scopes = ruleParameter.Scopes,
Script = ruleParameter.Script,
Claims = claims,
OpenIdProvider = ruleParameter.OpenIdProvider
});
}
return(await _repositoryExceptionHelper.HandleException(
string.Format(ErrorDescriptions.TheAuthorizationPolicyCannotBeUpdated, updatePolicyParameter.PolicyId),
() => _policyRepository.Update(policy)));
}
public async Task <bool> Execute(AddResourceSetParameter addResourceSetParameter)
{
if (addResourceSetParameter == null)
{
throw new ArgumentNullException(nameof(addResourceSetParameter));
}
if (string.IsNullOrWhiteSpace(addResourceSetParameter.PolicyId))
{
throw new BaseUmaException(ErrorCodes.InvalidRequestCode, string.Format(ErrorDescriptions.TheParameterNeedsToBeSpecified, Constants.AddResourceSetParameterNames.PolicyId));
}
if (addResourceSetParameter.ResourceSets == null ||
!addResourceSetParameter.ResourceSets.Any())
{
throw new BaseUmaException(ErrorCodes.InvalidRequestCode, string.Format(ErrorDescriptions.TheParameterNeedsToBeSpecified, Constants.AddResourceSetParameterNames.ResourceSet));
}
_umaServerEventSource.StartAddResourceToAuthorizationPolicy(addResourceSetParameter.PolicyId, string.Join(",", addResourceSetParameter.ResourceSets));
var policy = await _repositoryExceptionHelper.HandleException(
string.Format(ErrorDescriptions.TheAuthorizationPolicyCannotBeRetrieved, addResourceSetParameter.PolicyId),
() => _policyRepository.Get(addResourceSetParameter.PolicyId));
if (policy == null)
{
return(false);
}
foreach (var resourceSetId in addResourceSetParameter.ResourceSets)
{
var resourceSet = await _repositoryExceptionHelper.HandleException(
string.Format(ErrorDescriptions.TheResourceSetCannotBeRetrieved, resourceSetId),
() => _resourceSetRepository.Get(resourceSetId));
if (resourceSet == null)
{
throw new BaseUmaException(ErrorCodes.InvalidResourceSetId, string.Format(ErrorDescriptions.TheResourceSetDoesntExist, resourceSetId));
}
}
var resourceSetIds = policy.ResourceSetIds.ToList();
resourceSetIds.AddRange(addResourceSetParameter.ResourceSets);
policy.ResourceSetIds = resourceSetIds;
var result = await _repositoryExceptionHelper.HandleException(
ErrorDescriptions.ThePolicyCannotBeUpdated,
() => _policyRepository.Update(policy));
_umaServerEventSource.FinishAddResourceToAuthorizationPolicy(addResourceSetParameter.PolicyId, string.Join(",", addResourceSetParameter.ResourceSets));
return(result);
}
private async Task CheckAddPermissionParameter(IEnumerable <AddPermissionParameter> addPermissionParameters)
{
// 1. Get resource sets.
var resourceSets = await _repositoryExceptionHelper.HandleException(ErrorDescriptions.TheResourceSetsCannotBeRetrieved,
() => _resourceSetRepository.Get(addPermissionParameters.Select(p => p.ResourceSetId)));
// 2. Check parameters & scope exist.
foreach (var addPermissionParameter in addPermissionParameters)
{
if (string.IsNullOrWhiteSpace(addPermissionParameter.ResourceSetId))
{
throw new BaseUmaException(ErrorCodes.InvalidRequestCode, string.Format(ErrorDescriptions.TheParameterNeedsToBeSpecified, Constants.AddPermissionNames.ResourceSetId));
}
if (addPermissionParameter.Scopes == null ||
!addPermissionParameter.Scopes.Any())
{
throw new BaseUmaException(ErrorCodes.InvalidRequestCode, string.Format(ErrorDescriptions.TheParameterNeedsToBeSpecified, Constants.AddPermissionNames.Scopes));
}
var resourceSet = resourceSets.FirstOrDefault(r => addPermissionParameter.ResourceSetId == r.Id);
if (resourceSet == null)
{
throw new BaseUmaException(ErrorCodes.InvalidResourceSetId, string.Format(ErrorDescriptions.TheResourceSetDoesntExist, addPermissionParameter.ResourceSetId));
}
if (resourceSet.Scopes == null ||
addPermissionParameter.Scopes.Any(s => !resourceSet.Scopes.Contains(s)))
{
throw new BaseUmaException(ErrorCodes.InvalidScope, ErrorDescriptions.TheScopeAreNotValid);
}
}
}
public async Task <bool> Execute(string id, string resourceId)
{
if (string.IsNullOrWhiteSpace(id))
{
throw new ArgumentNullException(nameof(id));
}
if (string.IsNullOrWhiteSpace(resourceId))
{
throw new ArgumentNullException(nameof(resourceId));
}
_umaServerEventSource.StartRemoveResourceFromAuthorizationPolicy(id, resourceId);
var policy = await _repositoryExceptionHelper.HandleException(
string.Format(ErrorDescriptions.TheAuthorizationPolicyCannotBeRetrieved, id),
() => _policyRepository.Get(id));
if (policy == null)
{
return(false);
}
var resourceSet = await _repositoryExceptionHelper.HandleException(
string.Format(ErrorDescriptions.TheResourceSetCannotBeRetrieved, resourceId),
() => _resourceSetRepository.Get(resourceId));
if (resourceSet == null)
{
throw new BaseUmaException(ErrorCodes.InvalidResourceSetId,
string.Format(ErrorDescriptions.TheResourceSetDoesntExist, resourceId));
}
if (policy.ResourceSetIds == null || !policy.ResourceSetIds.Contains(resourceId))
{
throw new BaseUmaException(ErrorCodes.InvalidResourceSetId,
ErrorDescriptions.ThePolicyDoesntContainResource);
}
var resourceSetIds = policy.ResourceSetIds.ToList();
resourceSetIds.Remove(resourceId);
policy.ResourceSetIds = resourceSetIds;
var result = await _policyRepository.Update(policy).ConfigureAwait(false);
_umaServerEventSource.FinishRemoveResourceFromAuthorizationPolicy(id, resourceId);
return(result);
}
public async Task <Policy> Execute(string policyId)
{
if (string.IsNullOrWhiteSpace(policyId))
{
throw new ArgumentNullException(nameof(policyId));
}
var policy = await _repositoryExceptionHelper.HandleException(
string.Format(ErrorDescriptions.TheAuthorizationPolicyCannotBeRetrieved, policyId),
() => _policyRepository.Get(policyId));
return(policy);
}
public async Task <ICollection <string> > Execute()
{
var policies = await _repositoryExceptionHelper.HandleException(
ErrorDescriptions.TheAuthorizationPolicyCannotBeRetrieved,
() => _policyRepository.GetAll());
if (policies == null ||
!policies.Any())
{
return(new List <string>());
}
return(policies.Select(p => p.Id).ToList());
}
public async Task<IEnumerable<string>> Execute(string clientId, IEnumerable<AddPermissionParameter> addPermissionParameters)
{
if (string.IsNullOrWhiteSpace(clientId))
{
throw new ArgumentNullException(clientId);
}
if (addPermissionParameters == null)
{
throw new ArgumentNullException(nameof(addPermissionParameters));
}
var json = addPermissionParameters == null ? string.Empty : JsonConvert.SerializeObject(addPermissionParameters);
_umaServerEventSource.StartAddPermission(json);
await CheckAddPermissionParameter(addPermissionParameters);
var ticketLifetimeInSeconds = await _configurationService.GetTicketLifeTime();
var tickets = new List<Ticket>();
foreach(var addPermissionParameter in addPermissionParameters)
{
tickets.Add(new Ticket
{
Id = Guid.NewGuid().ToString(),
ClientId = clientId,
ExpirationDateTime = DateTime.UtcNow.AddSeconds(ticketLifetimeInSeconds),
Scopes = addPermissionParameter.Scopes,
ResourceSetId = addPermissionParameter.ResourceSetId,
CreateDateTime = DateTime.UtcNow
});
}
await _repositoryExceptionHelper.HandleException(
ErrorDescriptions.AtLeastOneTicketCannotBeInserted,
() => _ticketRepository.Insert(tickets));
_umaServerEventSource.FinishAddPermission(json);
return tickets.Select(t => t.Id);
}
public async Task <bool> Execute(string policyId)
{
_umaServerEventSource.StartToRemoveAuthorizationPolicy(policyId);
if (string.IsNullOrWhiteSpace(policyId))
{
throw new ArgumentNullException(nameof(policyId));
}
var policy = await _repositoryExceptionHelper.HandleException(
string.Format(ErrorDescriptions.TheAuthorizationPolicyCannotBeRetrieved, policyId),
() => _policyRepository.Get(policyId));
if (policy == null)
{
return(false);
}
await _repositoryExceptionHelper.HandleException(
string.Format(ErrorDescriptions.TheAuthorizationPolicyCannotBeUpdated, policyId),
() => _policyRepository.Delete(policyId));
_umaServerEventSource.FinishToRemoveAuthorizationPolicy(policyId);
return(true);
}
public async Task <IEnumerable <AuthorizationResponse> > Execute(IEnumerable <GetAuthorizationActionParameter> parameters, string clientId)
{
var result = new List <AuthorizationResponse>();
var rptLifeTime = await _configurationService.GetRptLifeTime();
// 1. Check parameters.
if (parameters == null)
{
throw new ArgumentNullException(nameof(parameters));
}
if (string.IsNullOrWhiteSpace(clientId))
{
throw new ArgumentNullException(nameof(clientId));
}
// 2. Retrieve the tickets.
_umaServerEventSource.StartGettingAuthorization(JsonConvert.SerializeObject(parameters));
var tickets = await _ticketRepository.Get(parameters.Select(p => p.TicketId));
var rptLst = new List <Rpt>();
// 3. Check parameters.
foreach (var parameter in parameters)
{
var json = JsonConvert.SerializeObject(parameter);
if (string.IsNullOrWhiteSpace(parameter.TicketId))
{
throw new BaseUmaException(ErrorCodes.InvalidRequestCode,
string.Format(ErrorDescriptions.TheParameterNeedsToBeSpecified, PostAuthorizationNames.TicketId));
}
var ticket = tickets.FirstOrDefault(t => t.Id == parameter.TicketId);
if (ticket == null)
{
throw new BaseUmaException(ErrorCodes.InvalidTicket,
string.Format(ErrorDescriptions.TheTicketDoesntExist, parameter.TicketId));
}
if (ticket.ClientId != clientId)
{
throw new BaseUmaException(ErrorCodes.InvalidTicket, ErrorDescriptions.TheTicketIssuerIsDifferentFromTheClient);
}
if (ticket.ExpirationDateTime < DateTime.UtcNow)
{
throw new BaseUmaException(ErrorCodes.ExpiredTicket, ErrorDescriptions.TheTicketIsExpired);
}
_umaServerEventSource.CheckAuthorizationPolicy(json);
var authorizationResult = await _authorizationPolicyValidator.IsAuthorized(ticket, clientId, parameter.ClaimTokenParameters);
if (authorizationResult.Type != AuthorizationPolicyResultEnum.Authorized)
{
_umaServerEventSource.RequestIsNotAuthorized(json);
result.Add(new AuthorizationResponse
{
AuthorizationPolicyResult = authorizationResult.Type,
ErrorDetails = authorizationResult.ErrorDetails
});
continue;
}
var rpt = new Rpt
{
Value = Guid.NewGuid().ToString(),
TicketId = ticket.Id,
ResourceSetId = ticket.ResourceSetId,
CreateDateTime = DateTime.UtcNow,
ExpirationDateTime = DateTime.UtcNow.AddSeconds(rptLifeTime)
};
rptLst.Add(rpt);
result.Add(new AuthorizationResponse
{
AuthorizationPolicyResult = AuthorizationPolicyResultEnum.Authorized,
Rpt = rpt.Value
});
_umaServerEventSource.RequestIsAuthorized(json);
}
// 4. Persist the RPTs.
if (rptLst.Any())
{
await _repositoryExceptionHelper.HandleException(
ErrorDescriptions.TheRptCannotBeInserted,
() => _rptRepository.Insert(rptLst));
}
return(result);
}
public async Task <bool> Execute(UpdatePolicyParameter updatePolicyParameter)
{
// Check the parameters
if (updatePolicyParameter == null)
{
throw new ArgumentNullException(nameof(updatePolicyParameter));
}
if (string.IsNullOrWhiteSpace(updatePolicyParameter.PolicyId))
{
throw new BaseUmaException(ErrorCodes.InvalidRequestCode, string.Format(ErrorDescriptions.TheParameterNeedsToBeSpecified, "id"));
}
if (updatePolicyParameter.Rules == null || !updatePolicyParameter.Rules.Any())
{
throw new BaseUmaException(ErrorCodes.InvalidRequestCode, string.Format(ErrorDescriptions.TheParameterNeedsToBeSpecified, Constants.AddPolicyParameterNames.Rules));
}
_umaServerEventSource.StartUpdateAuthorizationPolicy(JsonConvert.SerializeObject(updatePolicyParameter));
// Check the authorization policy exists.
var policy = await _repositoryExceptionHelper.HandleException(
string.Format(ErrorDescriptions.TheAuthorizationPolicyCannotBeRetrieved, updatePolicyParameter.PolicyId),
() => _policyRepository.Get(updatePolicyParameter.PolicyId));
if (policy == null)
{
return(false);
}
policy.Rules = new List <PolicyRule>();
// Check all the scopes are valid.
foreach (var resourceSetId in policy.ResourceSetIds)
{
var resourceSet = await _resourceSetRepository.Get(resourceSetId);
if (updatePolicyParameter.Rules.Any(r => r.Scopes != null && !r.Scopes.All(s => resourceSet.Scopes.Contains(s))))
{
throw new BaseUmaException(ErrorCodes.InvalidScope, ErrorDescriptions.OneOrMoreScopesDontBelongToAResourceSet);
}
}
// Update the authorization policy.
foreach (var ruleParameter in updatePolicyParameter.Rules)
{
var claims = new List <Claim>();
if (ruleParameter.Claims != null)
{
claims = ruleParameter.Claims.Select(c => new Claim
{
Type = c.Type,
Value = c.Value
}).ToList();
}
policy.Rules.Add(new PolicyRule
{
Id = ruleParameter.Id,
ClientIdsAllowed = ruleParameter.ClientIdsAllowed,
IsResourceOwnerConsentNeeded = ruleParameter.IsResourceOwnerConsentNeeded,
Scopes = ruleParameter.Scopes,
Script = ruleParameter.Script,
Claims = claims,
OpenIdProvider = ruleParameter.OpenIdProvider
});
}
var result = await _repositoryExceptionHelper.HandleException(
string.Format(ErrorDescriptions.TheAuthorizationPolicyCannotBeUpdated, updatePolicyParameter.PolicyId),
() => _policyRepository.Update(policy));
_umaServerEventSource.FinishUpdateAuhthorizationPolicy(JsonConvert.SerializeObject(updatePolicyParameter));
return(result);
}