public static bool AddChildIdentity(string ParentLRI, string username, string ChildUserLRI, string passwordhash, string ChildPinHash, string KeyFromChild, IDRequestInfo request, bool IsGroup=false) { if (RequestedIDs[request.GUID].ReservationKey == request.ReservationKey) { LRI parentParsedLRI = new LRI(ParentLRI); LRI childParsedLRI = new LRI(ChildUserLRI); UserInfo info = new UserInfo(); info.Identity.DomainLRI = DomainLRI; info.Identity.OwnerDomainLRI = DomainLRI; info.Identity.ParentDomainLRI = parentParsedLRI.LRIDomain; info.Identity.ParentUserID = parentParsedLRI.DocumentID; info.Identity.UserID = childParsedLRI.DocumentID; info.Identity.Username = username; info.Identity.UserLRI = childParsedLRI.LRIString; info.passwordHash = passwordhash; info.pinHash = ChildPinHash; info.Identity.KeyForParent = KeyFromChild; Identities[info.Identity.UserLRI] = info; Usernames.Add(username); RequestedIDs.Remove(request.GUID); SaveIdentity(childParsedLRI); return true; } return false; }
public static bool VerifySessionKey(string sessionkey, LRI UserLRI) { if (Sessions.ContainsKey(UserLRI.LRIString)) { if (Sessions[UserLRI.LRIString].SessionKey == sessionkey) return true; } return false; }
//returns true on success public bool CreateChildID(LRI ParentLRI, string ParentPIN, string username, LRI ServiceLRI, string Password, string Pin) { //this will hash it for you SHA1 hasher = SHA1.Create(); return CreateChildIDWithHash(ParentLRI, BitConverter.ToString(hasher.ComputeHash(System.Text.Encoding.UTF8.GetBytes(ParentPIN))).Replace("-", string.Empty), username, ServiceLRI, BitConverter.ToString(hasher.ComputeHash(System.Text.Encoding.UTF8.GetBytes(Password))).Replace("-", string.Empty), BitConverter.ToString(hasher.ComputeHash(System.Text.Encoding.UTF8.GetBytes(Pin))).Replace("-", string.Empty)); }
//add an identity to the following account ID public void AddIdentityToAccount(string ID, UserInfo IdentityToAdd, LRI UserLRI=null) { if (ClientAccountLookupByAcctID.ContainsKey(ID)) { ClientAccountLookupByAcctID[ID].Identities.Add(IdentityToAdd); if(UserLRI == null) UserLRI = new LRI(IdentityToAdd.Identity.UserLRI); ClientAccountLookupByAcctID[ID].IdentitiesByLRI[UserLRI] = IdentityToAdd; ClientAccountLookup[UserLRI] = ClientAccountLookupByAcctID[ID]; } }
public ServiceResponse<bool> AddTag(ServiceCredentials Credentials, LRI lri, string tag) { if (CheckSession(Credentials)) { return ConnMgr.GetProvider<ILDataProviderChannel>(lri).AddTag(Credentials, lri, tag); } else { return new ServiceResponse<bool>(true); } }
public ServiceResponse<bool> AddTag(ServiceCredentials Credentials, LRI lri, string tag) { if (ValidateSession(Credentials, lri) && CanAccessDocument(Credentials, lri, LDocACLPermission.READ)) { LIdentity ident = AuthorizationManager.GetAuthIdentityFromLRI(Credentials.UserLRIString); DocManager.AddTag(ident, lri, tag); ServiceResponse<bool> Rep = new ServiceResponse<bool>(true); return Rep; } else return ServiceResponse<bool>.InvalidCredentails(); }
public SessionInfo CreateIdentity(string ParentLRI, string ParentUser, string ParentPINHash, string username, string passwordhash, string ChildPinHash, string SessionKey) { SessionInfo sessinfo = new SessionInfo(); //create temporary user w/ key (reserve userid) string ReservationKey = Guid.NewGuid().ToString(); IDRequestInfo info = UserManager.ReserveGUID(ReservationKey); string UserLRI = UserManager.DomainLRI + "/~users/" + info.GUID; string UserID = info.GUID; //generate child key string ChildKey = Guid.NewGuid().ToString(); FDebugLog.WriteLog("CreateIdentity Requested: ParentDomain-" + ParentLRI + " ParentUser-" + ParentUser + " username-" + username ); if (ParentLRI != null && ParentLRI != "") { //construct parentLRI FDebugLog.WriteLog("Create ID From Parent: " + ParentLRI + "("+ParentUser+")"); LRI ParentLRIParsed = new LRI(ParentLRI); //get parent userid from parent domain string parentUserID = RetrieveUserParentAuth(ParentLRIParsed, ParentUser, ParentPINHash, ChildKey, SessionKey, UserLRI); if (parentUserID != "") { FDebugLog.WriteLog("Parent Located"); //CreateChildIdentity bool addSucceed = UserManager.AddChildIdentity(ParentLRIParsed.LRIString, username, UserLRI, passwordhash, ChildPinHash, ChildKey, info); //login user sessinfo = LoginID(UserLRI, passwordhash, SessionKey); } else { FDebugLog.WriteLog("Parent not found"); sessinfo.Error = true; sessinfo.ErrorType = SESSION_ERROR.INVALID_PARENT_CREDENTIALS; } } else { FDebugLog.WriteLog("No Parent: Creating CORE User."); //CreateChildIdentity bool addSucceed = UserManager.AddIdentity(username, UserLRI, passwordhash, ChildPinHash, ChildKey, info); //login user sessinfo = LoginID(UserLRI, passwordhash); } return sessinfo; }
public bool CreateChildIDWithHash(LRI ParentLRI, string ParentPINHash, string username, LRI ServiceLRI, string PasswordHash, string PinHash) { if (Sessions.ContainsKey(ParentLRI.LRIString)) { IDInfo parent = Sessions[ParentLRI.LRIString]; SessionInfo info = ConnectionManager.GetIDConnection(ServiceLRI).CreateIdentity( ParentLRI.LRIString, parent.Session.Identity.Username, ParentPINHash, username, PasswordHash, PinHash, parent.Session.SessionKey); if (!info.Error) { IDInfo idinfo = new IDInfo(info.Identity.UserLRI); idinfo.Session = info; idinfo.Status = IDInfo.ID_STATUS.OPEN; Sessions[idinfo.LRI] = idinfo; return true; } } return false; }
public void LoadAccounts() { LDBList<ClientAccount> accts = CouchDBMgr.GetClientAccounts(); foreach (LDBListRow<ClientAccount> row in accts.rows) { row.decoded = false; ClientAccount acct = row.decodedValue; acct.AccountHeader = DocManager.GetDocHeader(acct.AccountLRI); ClientAccounts.Add(row.decodedValue); AccountIDs.Add(row.value._id); ClientAccountLookupByAcctID[row.value._id] = acct; foreach (UserInfo info in row.decodedValue.Identities) { //wire-up LRI lookups LRI UserLRI = new LRI(info.Identity.UserLRI); //lri->user acct.IdentitiesByLRI[UserLRI] = info; //lri->account ClientAccountLookup[UserLRI] = acct; } //wire up LUI data headers foreach (LWorkspace ws in acct.Workspaces) { foreach (LUICollection col in ws.OpenCollections) { col.DocumentHeader = DocManager.GetDocHeader(col.DocumentLRI); } foreach (LUIDocument doc in ws.OpenDocuments) { doc.DocumentHeader = DocManager.GetDocHeader(doc.DocumentLRI); } foreach (LUIHierarchy hier in ws.OpenHierarchies) { hier.DocumentHeader = DocManager.GetDocHeader(hier.DocumentLRI); } } } }
public bool CreateCoreIDWithHash(string username, LRI ServiceLRI, string PasswordHash, string PinHash) { SessionInfo info = ConnectionManager.GetIDConnection(ServiceLRI).CreateIdentity("", "", "", username, PasswordHash, PinHash, ""); if (!info.Error) { IDInfo idinfo = new IDInfo(info.Identity.UserLRI); idinfo.Session = info; idinfo.Status = IDInfo.ID_STATUS.OPEN; Sessions[idinfo.LRI] = idinfo; return true; } return false; }
public ServiceResponse<List<LDocumentVersionInfo>> GetFileVersionHistory(ServiceCredentials Credentials, LRI lri) { throw new NotImplementedException(); }
public ServiceResponse<LDocumentHeader> SaveNewVersion(ServiceCredentials Credentials, LRI lri) { //only need read access to copy a file! if (ValidateSession(Credentials, lri) && CanAccessDocument(Credentials, lri, LDocACLPermission.READ)) { LIdentity ident = AuthorizationManager.GetAuthIdentityFromLRI(Credentials.UserLRIString); ServiceResponse<LDocumentHeader> Rep = new ServiceResponse<LDocumentHeader>(DocManager.SaveNewVersion(ident, lri)); if (Rep.ResponseObject == null || Rep.ResponseObject.DocumentLRI == "") { Rep.Error = true; Rep.Message = "FILL IN REAL ERROR HERE"; } return Rep; } else return ServiceResponse<LDocumentHeader>.InvalidCredentails(); }
public bool ValidSession(string SessionKey, LRI AccountLRI) { if (ClientAccountLookupBySessionKey.ContainsKey(SessionKey) && ClientAccountLookupBySessionKey[SessionKey].AccountLRI == AccountLRI) { return true; } return false; }
public bool LoginWithHash(LRI lri, string PasswordHash) { SessionInfo info = ConnectionManager.GetIDConnection(new LRI(lri.BaseLRI)).LoginID(lri.LRIString, PasswordHash); if (!info.Error) { if (!Sessions.ContainsKey(info.Identity.UserLRI)) { IDInfo idinfo = new IDInfo(info.Identity.UserLRI); Sessions[idinfo.LRI] = idinfo; } Sessions[info.Identity.UserLRI].Session = info; Sessions[info.Identity.UserLRI].Status = IDInfo.ID_STATUS.OPEN; return true; } return false; }
public ServiceResponse<LDocumentVersionInfo> GetDocVersionInfo(ServiceCredentials Credentials, LRI lri) { throw new NotImplementedException(); }
public ServiceResponse<LHierarchyNode> GetPreviousSibling(ServiceCredentials Credentials, LRI hierarchyLRI, LRI childLRI) { if (ValidateSession(Credentials, hierarchyLRI) && CanAccessDocument(Credentials, hierarchyLRI, LDocACLPermission.READ)) { //todo: validate read access to parent and child lri as well LHierarchyNode node = DocManager.GetPreviousSibling(hierarchyLRI, childLRI); ServiceResponse<LHierarchyNode> Rep = new ServiceResponse<LHierarchyNode>(node); return Rep; } else return ServiceResponse<LHierarchyNode>.InvalidCredentails(); }
public bool VerifySessionKey(string sessionkey, LRI UserLRI) { LoadSession(sessionkey); if (Sessions.ContainsKey(sessionkey)) { FDebugLog.WriteLog("Verifying Key : " + sessionkey); if (Sessions[sessionkey].Identity.UserLRI == UserLRI.LRIString) return true; } return false; }
private bool ValidateSession(ServiceCredentials Credentials, LRI fileLRI) { bool Valid = true; //todo: change to default of false, uncomment below if (fileLRI.SystemDatabase == true) //system databases are not accessible to users in this manner { Valid = false; } else { //validate file access } //Valid = IDProvider.ValidateParentSession(Credentials.UserLRIString, Credentials.SessionKey); return Valid; }
public ServiceResponse<List<string>> GetTags(ServiceCredentials Credentials, LRI lri) { //even if you have a tag applied, if you can't get to the doc, you cant see it. Too bad. if (ValidateSession(Credentials, lri) && CanAccessDocument(Credentials, lri, LDocACLPermission.READ)) { LIdentity ident = AuthorizationManager.GetAuthIdentityFromLRI(Credentials.UserLRIString); ServiceResponse<List<string>> Rep = new ServiceResponse<List<string>>(DocManager.GetTags(ident, lri)); //todo: if we really want, we can check perms on each tag returned here... return Rep; } else return ServiceResponse<List<string>>.InvalidCredentails(); }
private bool CanAccessDocument(ServiceCredentials Credentials, LRI DocumentLRI, LDocACLPermission Permission) { bool Valid = true; LIdentity id = AuthorizationManager.GetAuthIdentityFromLRI(Credentials.UserLRIString); Valid = DocManager.CheckPermission(id, DocumentLRI, Permission); return Valid; }
public ServiceResponse<bool> UpdateDoc(ServiceCredentials Credentials, LRI lri, List<LDocumentPart> parts) { if (ValidateSession(Credentials, lri) && CanAccessDocument(Credentials, lri, LDocACLPermission.WRITE)) { DocManager.UpdateDoc(lri, parts); ServiceResponse<bool> Rep = new ServiceResponse<bool>(true); return Rep; } else return ServiceResponse<bool>.InvalidCredentails(); }
public ServiceResponse<bool> SavePart(ServiceCredentials Credentials, LRI lri, LDocumentPart part, int SequenceNumber) { if (ValidateSession(Credentials, lri) && CanAccessDocument(Credentials, lri, LDocACLPermission.WRITE)) { DocManager.SavePart(lri, part, SequenceNumber); ServiceResponse<bool> Rep = new ServiceResponse<bool>(true); return Rep; } else return ServiceResponse<bool>.InvalidCredentails(); }
public LRI GetUserLRI(LRI ServiceLRI, string DomainLRI, string Username, string PasswordHash) { return ConnectionManager.GetIDConnection(ServiceLRI).GetUserLRI(ServiceLRI.URI.Replace("//","/"), Username, PasswordHash); }
//login the ID and other IDs associated with the account. public ServiceResponse<ServiceCredentials> LoginID(LRI userLRI, string passwordHash, bool LoginAll = true) { //get account that matches if (ClientAccountLookup.ContainsKey(userLRI)) { //login ID if(IDMgr.LoginWithHash(userLRI,passwordHash)) { //get acct ClientAccount acct = ClientAccountLookup[userLRI]; //if this is the first login for this account, create a SessionKey if (acct.ClientSessionKey == "") { acct.ClientSessionKey = Guid.NewGuid().ToString(); } if (LoginAll) { //todo: if other accounts not logged in, log them in? (LoginAll) } //populate ServiceCredentials ServiceCredentials creds = new ServiceCredentials(userLRI.ToString(), IDMgr.Sessions[userLRI.ToString()].Session.SessionKey); creds.ClientSessionKey = acct.ClientSessionKey; creds.ClientAccountLRI = acct.AccountLRI; ClientAccountLookupBySessionKey[acct.ClientSessionKey] = acct; //return session key in the service response ServiceResponse<ServiceCredentials> resp = new ServiceResponse<ServiceCredentials>(); resp.ResponseObject = creds; resp.Message = "OK"; return resp; } else { return new ServiceResponse<ServiceCredentials>(true); } } else { return new ServiceResponse<ServiceCredentials>(true); } }
public bool Login(LRI lri, string Password) { SHA1 hasher = SHA1.Create(); return LoginWithHash(lri,BitConverter.ToString(hasher.ComputeHash(System.Text.Encoding.UTF8.GetBytes(Password))).Replace("-", string.Empty)); }
public ServiceResponse<ServiceCredentials> RegisterNewAccount(string ServiceLRI, string DomainLRI, string Username, string passwordHash) { //get LRI from domain / username / hash LRI UserLRI = IDMgr.GetUserLRI(new LRI(ServiceLRI), DomainLRI, Username, passwordHash); if (UserLRI == null) { return new ServiceResponse<ServiceCredentials>(true); } else { if (ClientAccountLookup.ContainsKey(UserLRI)) { ServiceResponse<ServiceCredentials> Resp = new ServiceResponse<ServiceCredentials>(); Resp.Error = true; Resp.ErrorCode = 2; Resp.Message = "A user with that LRI is already registered with this system."; Resp.ResponseObject = null; return Resp; } else { //we need this info UserInfo info = new UserInfo();//UserManager.Identities[UserLRI.LRIString]; info.passwordHash = passwordHash; info.Identity = IDMgr.GetUserLIdentity(new LRI(ServiceLRI), DomainLRI, Username, passwordHash); //create new account and add this LRI info ClientAccount Acct = new ClientAccount(); Acct._id = LDocumentManager.RequestGUID(); Acct.AccountLRI = new LRI(LCHARMSConfig.GetSection().LRI + "/" + Acct._id); ClientAccountLookupByAcctID[Acct._id] = Acct; AddIdentityToAccount(Acct._id, info, UserLRI); //ServiceCredentials sc = new ServiceCredentials(); //Acct.ServiceCredentialsByLRI[userlri] = //create a header for the account string ID = LDocumentManager.RequestGUID(); LDocumentHeader NewFileHeader = new LDocumentHeader(); LRI hlri = new LRI(LCHARMSConfig.GetSection().LRI + "/" + ID); NewFileHeader.DocType = DocumentType.DOC_HEADER; NewFileHeader.DocumentID = ID; NewFileHeader.FQDT = "lcharms.client.account"; NewFileHeader.FileName = Username.ToLower() + ".client.account"; NewFileHeader.DocumentLRI = hlri.ToString(); NewFileHeader.IsCopy = false; NewFileHeader.LastAccessDate = DateTime.Now; NewFileHeader.DataLength = 0; //create an ACL for this new file // assign it to the creation user DocManager.AuthManager.CreateACE(ID, info.Identity, LDocACLPermission.GRANT | LDocACLPermission.WRITE | LDocACLPermission.READ | LDocACLPermission.ACCESS_NEXT_VERSION | LDocACLPermission.ACCESS_PREV_VERSION); DocManager.AuthManager.CreateACE(ID, DocManager.AuthManager.PublicIdentity, LDocACLPermission.DENY); Acct.AccountHeader = NewFileHeader; SaveAccount(Acct); return LoginID(UserLRI, passwordHash,false); } } }
public void Logout(LRI lri) { ConnectionManager.GetIDConnection(new LRI(lri.BaseLRI)).Logout(lri.LRIString, Sessions[lri.LRIString].Session.SessionKey); Sessions[lri.LRIString].Status = IDInfo.ID_STATUS.CLOSED; Sessions[lri.LRIString].Session = null; }
//save a single account to the DB public void SaveAccount(LRI lri) { if (ClientAccountLookup.ContainsKey(lri)) { SaveAccount(ClientAccountLookup[lri]); } }
public ServiceResponse<bool> AppendChild(ServiceCredentials Credentials, LRI hierarchyLRI, LRI parentLRI, LRI childLRI) { if (ValidateSession(Credentials, hierarchyLRI) && CanAccessDocument(Credentials, hierarchyLRI, LDocACLPermission.WRITE)) { //todo: validate read access to parent and child lri as well DocManager.AppendChild(hierarchyLRI, parentLRI, childLRI); ServiceResponse<bool> Rep = new ServiceResponse<bool>(true); return Rep; } else return ServiceResponse<bool>.InvalidCredentails(); }
public ServiceResponse<bool> RemoveTag(ServiceCredentials Credentials, LRI lri, string tag) { if (ValidateSession(Credentials, lri)) { LIdentity ident = AuthorizationManager.GetAuthIdentityFromLRI(Credentials.UserLRIString); LRI tagLRI = DocManager.GetTagDocumentLRI(ident, tag); if (tagLRI != null) { if (CanAccessDocument(Credentials, tagLRI, LDocACLPermission.WRITE)) { DocManager.RemoveTag(ident, lri, tag); ServiceResponse<bool> Rep = new ServiceResponse<bool>(true); return Rep; } else { return ServiceResponse<bool>.InvalidCredentails(); } } else { ServiceResponse<bool> Rep = new ServiceResponse<bool>(false); Rep.Message = "Tag does not exist"; return Rep; } } else return ServiceResponse<bool>.InvalidCredentails(); }