public IEnumerable <ScopeDto> GetAll() { using (var context = RepositoriesFactory.CreateContext()) { var scopes = new List <Scope>(); var rsRepo = RepositoriesFactory.GetRessourceServerRepository(context); var scopeRepo = RepositoriesFactory.GetScopeRepository(context); var validRs = rsRepo.GetAll().Where(rs => rs.IsValid.Equals(true)).Select(rs => rs.Id).ToList(); scopes = scopeRepo.GetAll().Where(s => validRs.Contains(s.RessourceServerId)).ToList(); return(scopes.ToDto()); } }
public void Delete(DeleteRessourceServerDto toDelete) { Logger.LogInformation(String.Format("Try to delete ressource server for user {0}", toDelete != null ? toDelete.UserName : String.Empty)); Validate(toDelete); using (var context = RepositoriesFactory.CreateContext()) { var userRepo = RepositoriesFactory.GetUserRepository(context); var rsRepo = RepositoriesFactory.GetRessourceServerRepository(context); var scopeRepo = RepositoriesFactory.GetScopeRepository(context); var clientScopeRepo = RepositoriesFactory.GetClientScopeRepository(context); var myUser = userRepo.GetByUserName(toDelete.UserName); if (myUser == null || !myUser.IsValid) { throw new DaOAuthServiceException("DeleteRessourceServerInvalidUserName"); } if (myUser.UsersRoles.FirstOrDefault(r => r.RoleId.Equals((int)ERole.ADMIN)) == null) { throw new DaOAuthServiceException("DeleteRessourceServerNonAdminUserName"); } var myRs = rsRepo.GetById(toDelete.Id); if (myRs == null) { throw new DaOAuthServiceException("DeleteRessourceServerRessourceServerNotFound"); } foreach (var s in myRs.Scopes.ToList()) { foreach (var cs in clientScopeRepo.GetAllByScopeId(s.Id).ToList()) { clientScopeRepo.Delete(cs); } scopeRepo.Delete(s); } rsRepo.Delete(myRs); context.Commit(); } }
private bool CheckIfScopesAreAuthorizedForClient(string clientPublicId, string scope) { string[] scopes = null; if (!String.IsNullOrEmpty(scope)) { scopes = scope.Split(new char[] { ' ' }, StringSplitOptions.RemoveEmptyEntries); } else { return(true); } using (var context = RepositoriesFactory.CreateContext()) { var scopeRepo = RepositoriesFactory.GetScopeRepository(context); var clientScopes = scopeRepo.GetByClientPublicId(clientPublicId).Select(s => s.Wording.ToUpper(CultureInfo.CurrentCulture)); if ((scopes == null || scopes.Length == 0) && clientScopes.Count() == 0) // client sans scope défini { return(true); } if ((scopes == null || scopes.Length == 0) && clientScopes.Count() > 0) // client avec scopes définis { return(false); } foreach (var s in scopes) { if (!clientScopes.Contains <string>(s.ToUpper(CultureInfo.InvariantCulture))) { return(false); } } } return(true); }
public RessourceServerDto Update(UpdateRessourceServerDto toUpdate) { Logger.LogInformation(String.Format("Try to update ressource server for user {0}", toUpdate != null ? toUpdate.UserName : String.Empty)); Validate(toUpdate); using (var context = RepositoriesFactory.CreateContext()) { var userRepo = RepositoriesFactory.GetUserRepository(context); var rsRepo = RepositoriesFactory.GetRessourceServerRepository(context); var scopeRepo = RepositoriesFactory.GetScopeRepository(context); var clientScopeRepo = RepositoriesFactory.GetClientScopeRepository(context); var myUser = userRepo.GetByUserName(toUpdate.UserName); if (myUser == null || !myUser.IsValid) { throw new DaOAuthServiceException("UpdateRessourceServerInvalidUserName"); } if (myUser.UsersRoles.FirstOrDefault(r => r.RoleId.Equals((int)ERole.ADMIN)) == null) { throw new DaOAuthServiceException("UpdateRessourceServerNonAdminUserName"); } var myRs = rsRepo.GetById(toUpdate.Id); if (myRs == null) { throw new DaOAuthServiceException("UpdateRessourceServerRessourceServerNotFound"); } myRs.IsValid = toUpdate.IsValid; myRs.Name = toUpdate.Name; myRs.Description = toUpdate.Description; rsRepo.Update(myRs); if (toUpdate.Scopes == null) { toUpdate.Scopes = new List <UpdateRessourceServerScopesDto>(); } if (myRs.Scopes == null) { myRs.Scopes = new List <Scope>(); } IList <int> newScopesTempIds = new List <int>(); foreach (var toUpdateScope in toUpdate.Scopes) { if (toUpdateScope.IdScope.HasValue && myRs.Scopes.Select(s => s.Id).Contains(toUpdateScope.IdScope.Value)) { var myScope = myRs.Scopes.Where(s => s.Id.Equals(toUpdateScope.IdScope.Value)).First(); myScope.NiceWording = toUpdateScope.NiceWording; myScope.Wording = toUpdateScope.NiceWording.ToScopeWording(toUpdateScope.IsReadWrite); scopeRepo.Update(myScope); } else if (!toUpdateScope.IdScope.HasValue) { var toAdd = new Scope() { NiceWording = toUpdateScope.NiceWording, Wording = toUpdateScope.NiceWording.ToScopeWording(toUpdateScope.IsReadWrite), RessourceServerId = myRs.Id }; scopeRepo.Add(toAdd); newScopesTempIds.Add(toAdd.Id); } } foreach (var toDeleteScope in myRs.Scopes.Where(s => s.Id > 0 && !newScopesTempIds.Contains(s.Id))) // only existings scopes { if (!toUpdate.Scopes.Where(s => s.IdScope.HasValue).Select(s => s.IdScope.Value).Contains(toDeleteScope.Id)) { foreach (var cs in clientScopeRepo.GetAllByScopeId(toDeleteScope.Id).ToList()) { clientScopeRepo.Delete(cs); } scopeRepo.Delete(toDeleteScope); } } context.Commit(); return(myRs.ToDto()); } }
public int CreateRessourceServer(CreateRessourceServerDto toCreate) { var rsId = 0; IList <ValidationResult> ExtendValidation(CreateRessourceServerDto toValidate) { var resource = this.GetErrorStringLocalizer(); IList <ValidationResult> result = new List <ValidationResult>(); if (!String.IsNullOrEmpty(toCreate.Password) && !toCreate.Password.Equals(toCreate.RepeatPassword, StringComparison.Ordinal)) { result.Add(new ValidationResult(resource["CreateRessourceServerPasswordDontMatch"])); } if (!toValidate.Password.IsMatchPasswordPolicy()) { result.Add(new ValidationResult(resource["CreateRessourceServerPasswordPolicyFailed"])); } // check empties or multiple scopes names if (toValidate.Scopes != null) { if (toValidate.Scopes.Where(s => String.IsNullOrWhiteSpace(s.NiceWording)).Any()) { result.Add(new ValidationResult(resource["CreateRessourceServerEmptyScopeWording"])); } if (toValidate.Scopes.Where(s => !String.IsNullOrWhiteSpace(s.NiceWording)).GroupBy(s => s.NiceWording.ToUpper()).Where(x => x.Count() > 1).Any()) { result.Add(new ValidationResult(resource["CreateRessourceServerMultipleScopeWording"])); } } return(result); } Logger.LogInformation(String.Format("Try to create ressource server for user {0}", toCreate != null ? toCreate.UserName : String.Empty)); Validate(toCreate, ExtendValidation); using (var context = RepositoriesFactory.CreateContext()) { var userRepo = RepositoriesFactory.GetUserRepository(context); var rsRepo = RepositoriesFactory.GetRessourceServerRepository(context); var scopeRepo = RepositoriesFactory.GetScopeRepository(context); var myUser = userRepo.GetByUserName(toCreate.UserName); if (myUser == null || !myUser.IsValid) { throw new DaOAuthServiceException("CreateRessourceServerInvalidUserName"); } if (myUser.UsersRoles.FirstOrDefault(r => r.RoleId.Equals((int)ERole.ADMIN)) == null) { throw new DaOAuthServiceException("CreateRessourceServerNonAdminUserName"); } var existingRs = rsRepo.GetByLogin(toCreate.Login); if (existingRs != null) { throw new DaOAuthServiceException("CreateRessourceServerExistingLogin"); } // create ressource server var myRs = new RessourceServer() { CreationDate = DateTime.Now, Description = toCreate.Description, IsValid = true, Login = toCreate.Login, Name = toCreate.Name, ServerSecret = EncryptonService.Sha256Hash(string.Concat(Configuration.PasswordSalt, toCreate.Password)) }; rsId = rsRepo.Add(myRs); // check for existing scope, if ok, create if (toCreate.Scopes != null) { foreach (var s in toCreate.Scopes) { var s1 = s.NiceWording.ToScopeWording(true); var s2 = s.NiceWording.ToScopeWording(false); var scope = scopeRepo.GetByWording(s1); if (scope != null) { throw new DaOAuthServiceException("CreateRessourceServerExistingScope"); } scope = scopeRepo.GetByWording(s2); if (scope != null) { throw new DaOAuthServiceException("CreateRessourceServerExistingScope"); } scope = new Scope() { NiceWording = s.NiceWording, Wording = s.NiceWording.ToScopeWording(s.IsReadWrite), RessourceServerId = rsId }; scopeRepo.Add(scope); } } context.Commit(); rsId = myRs.Id; } return(rsId); }
public ClientDto Update(UpdateClientDto toUpdate) { IList <ValidationResult> ExtendValidation(UpdateClientDto toValidate) { var resource = this.GetErrorStringLocalizer(); IList <ValidationResult> result = new List <ValidationResult>(); if (toValidate.ReturnUrls == null || toValidate.ReturnUrls.Count() == 0) { result.Add(new ValidationResult(resource["UpdateClientDtoDefaultReturnUrlRequired"])); } if (toValidate.ReturnUrls != null) { foreach (var ur in toValidate.ReturnUrls) { if (!Uri.TryCreate(ur, UriKind.Absolute, out var u)) { result.Add(new ValidationResult(resource["UpdateClientDtoReturnUrlIncorrect"])); } } } if (toValidate.ClientType != ClientTypeName.Confidential && toValidate.ClientType != ClientTypeName.Public) { result.Add(new ValidationResult(resource["UpdateClientDtoTypeIncorrect"])); } if (!toValidate.ClientSecret.IsMatchClientSecretPolicy()) { result.Add(new ValidationResult(resource["UpdateClientDtoClientSecretDontMatchPolicy"])); } return(result); } Logger.LogInformation(String.Format("Try to update client for user {0}", toUpdate != null ? toUpdate.UserName : String.Empty)); Validate(toUpdate, ExtendValidation); using (var context = RepositoriesFactory.CreateContext()) { var resource = this.GetErrorStringLocalizer(); var clientRepo = RepositoriesFactory.GetClientRepository(context); var userClientRepo = RepositoriesFactory.GetUserClientRepository(context); var scopeRepo = RepositoriesFactory.GetScopeRepository(context); var userRepo = RepositoriesFactory.GetUserRepository(context); var clientReturnUrlRepo = RepositoriesFactory.GetClientReturnUrlRepository(context); var clientScopeRepo = RepositoriesFactory.GetClientScopeRepository(context); var myClient = clientRepo.GetById(toUpdate.Id); if (myClient == null || !myClient.IsValid) { throw new DaOAuthServiceException(resource["UpdateClientInvalidClient"]); } var ucs = userClientRepo.GetAllByCriterias(toUpdate.UserName, toUpdate.Name, null, null, 0, 50); if (ucs != null && ucs.Count() > 0) { var myUc = ucs.First(); if (myUc.ClientId != myClient.Id) { throw new DaOAuthServiceException(resource["UpdateClientNameAlreadyUsed"]); } } var cl = clientRepo.GetByPublicId(toUpdate.PublicId); if (cl != null && cl.Id != myClient.Id) { throw new DaOAuthServiceException(resource["UpdateClientpublicIdAlreadyUsed"]); } var scopes = scopeRepo.GetAll(); if (toUpdate.ScopesIds != null) { IList <int> ids = scopes.Select(s => s.Id).ToList(); foreach (var scopeId in toUpdate.ScopesIds) { if (!ids.Contains(scopeId)) { throw new DaOAuthServiceException(resource["UpdateClientScopeDontExists"]); } } } var myUser = userRepo.GetByUserName(toUpdate.UserName); if (myUser == null || !myUser.IsValid) { throw new DaOAuthServiceException(resource["UpdateClientInvalidUser"]); } var myUserClient = userClientRepo. GetUserClientByClientPublicIdAndUserName(myClient.PublicId, toUpdate.UserName); if (myUserClient == null || !myUserClient.Client.UserCreator.UserName.Equals(toUpdate.UserName, StringComparison.OrdinalIgnoreCase)) { throw new DaOAuthServiceException(resource["UpdateClientInvalidUser"]); } // update returns urls foreach (var ru in clientReturnUrlRepo.GetAllByClientPublicId(myClient.PublicId).ToList()) { clientReturnUrlRepo.Delete(ru); } foreach (var ru in toUpdate.ReturnUrls) { clientReturnUrlRepo.Add(new ClientReturnUrl() { ClientId = myClient.Id, ReturnUrl = ru }); } // updates clients scopes foreach (var s in clientScopeRepo.GetAllByClientId(myClient.Id).ToList()) { clientScopeRepo.Delete(s); } if (toUpdate.ScopesIds != null) { foreach (var s in toUpdate.ScopesIds) { clientScopeRepo.Add(new ClientScope() { ClientId = myClient.Id, ScopeId = s }); } } // update client myClient.ClientSecret = toUpdate.ClientSecret; myClient.ClientTypeId = toUpdate.ClientType.Equals( ClientTypeName.Confidential, StringComparison.OrdinalIgnoreCase) ? (int)EClientType.CONFIDENTIAL : (int)EClientType.PUBLIC; myClient.Description = toUpdate.Description; myClient.Name = toUpdate.Name; myClient.PublicId = toUpdate.PublicId; clientRepo.Update(myClient); context.Commit(); return(myClient.ToDto(true)); } }