public void DelegateAccessReturnsTokens()
{
var administrator = new PersonBuilder(this.Session).WithUserName("administrator").Build();
var administrators = new UserGroups(this.Session).Administrators;
administrators.AddMember(administrator);
var accessClass = new AccessClassBuilder(this.Session).Build();
this.Session.Derive();
this.Session.Commit();
var defaultSecurityToken = new SecurityTokens(this.Session).DefaultSecurityToken;
var dstAcs = defaultSecurityToken.AccessControls.Where(v => v.EffectiveUsers.Contains(administrator));
var dstAcs2 = defaultSecurityToken.AccessControls.Where(v => v.SubjectGroups.Contains(administrators));
var acs = new AccessControls(this.Session).Extent().Where(v => v.EffectiveUsers.Contains(administrator));
var acs2 = new AccessControls(this.Session).Extent().Where(v => v.SubjectGroups.Contains(administrators));
var acl = new AccessControlLists(administrator)[accessClass];
Assert.True(acl.CanRead(M.AccessClass.Property));
Assert.True(acl.CanWrite(M.AccessClass.Property));
Assert.True(acl.CanRead(M.AccessClass.Property));
Assert.True(acl.CanWrite(M.AccessClass.Property));
}
public void CoreOnDerive(ObjectOnDerive method)
{
var defaultSecurityToken = new SecurityTokens(this.Session()).DefaultSecurityToken;
this.SecurityTokens = new[] { defaultSecurityToken, this.User?.OwnerSecurityToken };
//this.Task?.ManageNotification(this);
}
/// <summary>
/// Performs the app launch flow for the current request
/// </summary>
/// <param name="args">An <see cref="AppLauncherFunctionArgs"/> instance specifying the location of the client configuration in Azure storage.</param>
/// <returns>If launch succeeds the response is a 302 redirect back to the SharePoint site's home page.</returns>
public HttpResponseMessage Execute(AppLauncherFunctionArgs args)
{
try
{
_clientClientConfiguration = GetConfiguration(ClientId, args.StorageAccount, args.StorageAccountKey);
var spContextToken = TokenHelper.ReadAndValidateContextToken(ContextToken, _requestAuthority, ClientId,
_clientClientConfiguration.AcsClientConfig.ClientSecret);
var spHostUri = new Uri(SPWebUrl);
var accessToken = TokenHelper.GetACSAccessTokens(spContextToken, spHostUri.Authority,
_clientClientConfiguration.ClientId,
_clientClientConfiguration.AcsClientConfig.ClientSecret);
var ctx = ConnectToSPWeb(accessToken);
var securityTokens = new SecurityTokens()
{
ClientId = ClientId,
AccessToken = accessToken.AccessToken,
AccessTokenExpires = accessToken.ExpiresOn,
AppWebUrl = SPWebUrl,
Realm = spContextToken.Realm,
RefreshToken = spContextToken.RefreshToken
};
var encodedCacheKey = TokenHelper.Base64UrlEncode(spContextToken.CacheKey);
Log($"Storing tokens for {ClientId}/{encodedCacheKey}");
StoreSecurityTokens(securityTokens, encodedCacheKey, args.StorageAccount, args.StorageAccountKey);
Log($"Ensuring web properties for {ctx.Web.Url}");
EnsureBaseConfiguration(encodedCacheKey);
Log($"Sending app launch event for {ctx.Web.Url}");
SendQueueMessage(new QueuedAppLaunchEvent()
{
ClientId = ClientId,
AppWebUrl = ctx.Web.Url,
UserAccessToken = securityTokens.AccessToken,
AppAccessToken = GetACSAccessTokens(ClientId, encodedCacheKey, true),
RetryCount = 5
});
_response.StatusCode = HttpStatusCode.Moved;
// TODO: add Doug worthy validation on SPHostUrl, whatever that means
_response.Headers.Location = new Uri($"{ctx.Web.Url}?cId={ClientId}&cKey={encodedCacheKey}&SPHostUrl={_queryParams["SPHostUrl"]}");
return(_response);
}
catch (Exception ex)
{
_response.StatusCode = HttpStatusCode.OK;
_response.Content = new StringContent(GetErrorPage(ex.ToString()));
_response.Content.Headers.ContentType = new MediaTypeHeaderValue("text/html");
return(_response);
}
}
private static OAuth2AccessTokenResponse GetUserAccessToken(string cacheKey, SecurityTokens tokens, Uri hostUri, ClientConfiguration clientConfig)
{
var userAccessToken = TokenHelper.GetACSAccessTokens(tokens.RefreshToken, targetPrincipal, hostUri.Authority,
tokens.Realm, tokens.ClientId, clientConfig.AcsClientConfig.ClientSecret);
tokens.AccessToken = userAccessToken.AccessToken;
tokens.AccessTokenExpires = userAccessToken.ExpiresOn;
StoreSecurityTokens(tokens, cacheKey);
return(userAccessToken);
}
public void CustomDelegateAccess(DelegatedAccessControlledObjectDelegateAccess method)
{
if (this.Block)
{
return;
}
var defaultSecurityToken = new SecurityTokens(this.Session()).DefaultSecurityToken;
var initialSecurityToken = new SecurityTokens(this.Session()).InitialSecurityToken;
method.SecurityTokens = new[] { defaultSecurityToken, initialSecurityToken };
}
public void CoreOnDerive(ObjectOnDerive method)
{
if (!this.ExistSecurityTokens)
{
if (this.ExistNotificationListWhereNotification && this.NotificationListWhereNotification.ExistUserWhereNotificationList)
{
var user = this.NotificationListWhereNotification.UserWhereNotificationList;
var defaultSecurityToken = new SecurityTokens(this.Session()).DefaultSecurityToken;
this.SecurityTokens = new[] { user.OwnerSecurityToken, defaultSecurityToken };
}
}
}
public static void Register()
{
// Initialize meta population
var metaPopulation = MetaPopulation.Instance;
if (IsProduction)
{
var accessControlPrefetch = new PrefetchPolicyBuilder()
.WithRule(M.AccessControl.EffectiveUsers)
.WithRule(M.AccessControl.EffectivePermissions)
.Build();
var securityTokenPrefetch = new PrefetchPolicyBuilder()
.WithRule(M.SecurityToken.AccessControls, accessControlPrefetch)
.Build();
using (var session = Config.Default.CreateSession())
{
var securityTokens = new SecurityTokens(session).Extent();
session.Prefetch(securityTokenPrefetch, securityTokens);
}
}
}
/// <summary>
/// Processes the received event and sends the result to the client's service bus queue.
///
/// SharePoint's remote event notification lacks the current item state for ItemDeleting and ItemUpdating events.
/// For these event types, it attempts to fetch the current (unchanged) item and populate the ItemBeforeProperties. It is possible for the attempt to fail if the item is already deleted. If the attempt fails, the event is forwarded with the available information.
/// </summary>
/// <param name="args">An <see cref="EventDispatchFunctionArgs"/> instance specifying the location of the client configuration in Azure storage.</param>
/// <remarks>The event is ignored if it is the result of an action taken by an app only identity</remarks>
/// <returns>HttpStatusCode.OK if all is well or 500.</returns>
public HttpResponseMessage Execute(EventDispatchFunctionArgs args)
{
try
{
_response.StatusCode = HttpStatusCode.OK;
//Ignore the event if it is the result of an action taken by an app only identity
if (_eventInfo.EventProperties.ContainsKey("UserLoginName") && _eventInfo.EventProperties["UserLoginName"].Contains(AppOnlyPrincipalId))
{
Log("Event source is an app not a user. Ignoring");
return(_response);
}
var clientId = GetClientId();
if (clientId == null)
{
Log("Request has no client ID. Ignoring");
return(_response);
}
//Connect to the SharePoint site and get access tokens
try
{
_clientConfiguration = GetConfiguration(clientId, args.StorageAccount, args.StorageAccountKey);
}
catch
{
Log("Failed to get client configuration");
Log($"Client Id is {clientId}");
Log(args.StorageAccount);
Log(args.StorageAccountKey);
throw;
}
var spContextToken = TokenHelper.ReadAndValidateContextToken(ContextToken, _requestAuthority, clientId,
_clientConfiguration.AcsClientConfig.ClientSecret);
var encodedCacheKey = TokenHelper.Base64UrlEncode(spContextToken.CacheKey);
var spHostUri = new Uri(SPWebUrl);
var accessToken = TokenHelper.GetACSAccessTokens(spContextToken, spHostUri.Authority,
_clientConfiguration.ClientId,
_clientConfiguration.AcsClientConfig.ClientSecret);
var ctx = ConnectToSPWeb(accessToken);
var securityTokens = new SecurityTokens()
{
ClientId = clientId,
AccessToken = accessToken.AccessToken,
AccessTokenExpires = accessToken.ExpiresOn,
AppWebUrl = SPWebUrl,
Realm = spContextToken.Realm,
RefreshToken = spContextToken.RefreshToken
};
Log($"Storing tokens for {clientId}/{encodedCacheKey}");
StoreSecurityTokens(securityTokens, encodedCacheKey, args.StorageAccount, args.StorageAccountKey);
//Create the event message to send to the client's service bus queue
var eventMessage = new QueuedSharePointProcessEvent()
{
SharePointRemoteEventAdapter = _eventInfo,
ClientId = _clientConfiguration.ClientId,
AppWebUrl = SPWebUrl,
UserAccessToken = accessToken.AccessToken,
AppAccessToken = GetACSAccessTokens(clientId, encodedCacheKey, true),
};
//SharePoint's remote event notification lacks the current item state for ItemDeleting and ItemUpdating events
//For these event types, attempt to fetch the current (unchanged) item and populate the ItemBeforeProperties
if (_eventInfo.EventType == "ItemDeleting" || _eventInfo.EventType == "ItemUpdating")
{
//SharePoint feature provisioning sometimes raises this event
//and deletes some things in the process with no ListId given
var listId = Guid.Parse(_eventInfo.EventProperties["ListId"]);
if (listId != default(Guid))
{
var item =
ctx.Web.Lists.GetById(Guid.Parse(_eventInfo.EventProperties["ListId"]))
.GetItemById(_eventInfo.EventProperties["ListItemId"]);
ctx.Load(item, i => i.FieldValuesAsText);
try
{
ctx.ExecuteQueryRetry();
_eventInfo.ItemBeforeProperties = item.FieldValuesAsText.FieldValues;
}
catch
{
//The query depends on timing and there are a number of things that can go wrong.
//If the BeforeProperties can't be read, forward the event anyway with the info that is available
}
}
}
//Send the event to the client's service bus queue
SendQueueMessage(eventMessage);
}
catch (Exception ex)
{
Log(ex.ToString());
throw;
}
return(_response);
}
public JwtAuthenticationOptions WithKey(string key)
{
SecurityTokens.Add(new BinarySecretSecurityToken(Convert.FromBase64String(key)));
return(this);
}
private void Full()
{
new PersonBuilder(this.session).WithUserName("noacl").WithFirstName("no").WithLastName("acl").Build();
var noperm = new PersonBuilder(this.session).WithUserName("noperm").WithFirstName("no").WithLastName("perm").Build();
var emptyRole = new RoleBuilder(this.session).WithName("Empty").Build();
var defaultSecurityToken = new SecurityTokens(this.session).DefaultSecurityToken;
var acl = new AccessControlBuilder(this.session).WithRole(emptyRole).WithSubject(noperm).WithSecurityToken(defaultSecurityToken).Build();
var c1A = new C1Builder(this.session).WithName("c1A").Build();
var c1B = new C1Builder(this.session).WithName("c1B").Build();
var c1C = new C1Builder(this.session).WithName("c1C").Build();
var c1D = new C1Builder(this.session).WithName("c1D").Build();
var c2A = new C2Builder(this.session).WithName("c2A").Build();
var c2B = new C2Builder(this.session).WithName("c2B").Build();
var c2C = new C2Builder(this.session).WithName("c2C").Build();
var c2D = new C2Builder(this.session).WithName("c2D").Build();
// class
c1B.C1AllorsString = "ᴀbra";
c1C.C1AllorsString = "ᴀbracadabra";
c1D.C1AllorsString = "ᴀbracadabra";
c2B.C2AllorsString = "ᴀbra";
c2C.C2AllorsString = "ᴀbracadabra";
c2D.C2AllorsString = "ᴀbracadabra";
// exclusive interface
c1B.I1AllorsString = "ᴀbra";
c1C.I1AllorsString = "ᴀbracadabra";
c1D.I1AllorsString = "ᴀbracadabra";
// shared interface
c1B.I12AllorsString = "ᴀbra";
c1C.I12AllorsString = "ᴀbracadabra";
c1D.I12AllorsString = "ᴀbracadabra";
c2B.I12AllorsString = "ᴀbra";
c2C.I12AllorsString = "ᴀbracadabra";
c2D.I12AllorsString = "ᴀbracadabra";
c1B.C1AllorsInteger = 1;
c1C.C1AllorsInteger = 2;
c1D.C1AllorsInteger = 2;
c1B.I1AllorsInteger = 1;
c1C.I1AllorsInteger = 2;
c1D.I1AllorsInteger = 2;
c1B.I12AllorsInteger = 1;
c1C.I12AllorsInteger = 2;
c1D.I12AllorsInteger = 2;
c2B.I12AllorsInteger = 1;
c2C.I12AllorsInteger = 2;
c2D.I12AllorsInteger = 2;
// DateTime
c1B.C1AllorsDateTime = new DateTime(2000, 1, 1, 0, 0, 4, DateTimeKind.Utc);
c1C.C1AllorsDateTime = new DateTime(2000, 1, 1, 0, 0, 5, DateTimeKind.Utc);
c1D.C1AllorsDateTime = new DateTime(2000, 1, 1, 0, 0, 5, DateTimeKind.Utc);
c1B.I1AllorsDateTime = new DateTime(2000, 1, 1, 0, 0, 4, DateTimeKind.Utc);
c1C.I1AllorsDateTime = new DateTime(2000, 1, 1, 0, 0, 5, DateTimeKind.Utc);
c1D.I1AllorsDateTime = new DateTime(2000, 1, 1, 0, 0, 5, DateTimeKind.Utc);
c1B.I12AllorsDateTime = new DateTime(2000, 1, 1, 0, 0, 4, DateTimeKind.Utc);
c1C.I12AllorsDateTime = new DateTime(2000, 1, 1, 0, 0, 5, DateTimeKind.Utc);
c1D.I12AllorsDateTime = new DateTime(2000, 1, 1, 0, 0, 5, DateTimeKind.Utc);
c2B.I12AllorsDateTime = new DateTime(2000, 1, 1, 0, 0, 4, DateTimeKind.Utc);
c2C.I12AllorsDateTime = new DateTime(2000, 1, 1, 0, 0, 5, DateTimeKind.Utc);
c2D.I12AllorsDateTime = new DateTime(2000, 1, 1, 0, 0, 5, DateTimeKind.Utc);
c1B.C1AllorsDouble = 1;
c1C.C1AllorsDouble = 2;
c1D.C1AllorsDouble = 2;
c1B.I1AllorsDouble = 1;
c1C.I1AllorsDouble = 2;
c1D.I1AllorsDouble = 2;
c1B.I12AllorsDouble = 1;
c1C.I12AllorsDouble = 2;
c1D.I12AllorsDouble = 2;
c2B.I12AllorsDouble = 1;
c2C.I12AllorsDouble = 2;
c2D.I12AllorsDouble = 2;
c1B.C1AllorsDecimal = 1;
c1C.C1AllorsDecimal = 2;
c1D.C1AllorsDecimal = 2;
c1B.I1AllorsDecimal = 1;
c1C.I1AllorsDecimal = 2;
c1D.I1AllorsDecimal = 2;
c1B.I12AllorsDecimal = 1;
c1C.I12AllorsDecimal = 2;
c1D.I12AllorsDecimal = 2;
c2B.I12AllorsDecimal = 1;
c2C.I12AllorsDecimal = 2;
c2D.I12AllorsDecimal = 2;
c1B.C1C1One2One = c1B;
c1C.C1C1One2One = c1C;
c1D.C1C1One2One = c1D;
c1B.C1C2One2One = c2B;
c1C.C1C2One2One = c2C;
c1D.C1C2One2One = c2D;
c1B.I1I2One2One = c2B;
c1C.I1I2One2One = c2C;
c1D.I1I2One2One = c2D;
c1B.I12C2One2One = c2B;
c1C.I12C2One2One = c2C;
c1D.I12C2One2One = c2D;
c2A.I12C2One2One = c2A;
c1B.C1I12One2One = c1B;
c1C.C1I12One2One = c2B;
c1D.C1I12One2One = c2C;
c1B.AddC1C1One2Many(c1B);
c1C.AddC1C1One2Many(c1C);
c1C.AddC1C1One2Many(c1D);
c1B.AddC1C2One2Many(c2B);
c1C.AddC1C2One2Many(c2C);
c1C.AddC1C2One2Many(c2D);
c1B.AddI1I2One2Many(c2B);
c1C.AddI1I2One2Many(c2C);
c1C.AddI1I2One2Many(c2D);
c1B.AddC1I12One2Many(c1B);
c1C.AddC1I12One2Many(c2C);
c1C.AddC1I12One2Many(c2D);
c1B.C1C1Many2One = c1B;
c1C.C1C1Many2One = c1C;
c1D.C1C1Many2One = c1C;
c1B.C1C2Many2One = c2B;
c1C.C1C2Many2One = c2C;
c1D.C1C2Many2One = c2C;
c1B.I1I2Many2One = c2B;
c1C.I1I2Many2One = c2C;
c1D.I1I2Many2One = c2C;
c1B.I12C2Many2One = c2B;
c2C.I12C2Many2One = c2C;
c2D.I12C2Many2One = c2C;
c1B.C1I12Many2One = c1B;
c1C.C1I12Many2One = c2C;
c1D.C1I12Many2One = c2C;
c1B.AddC1C1Many2Many(c1B);
c1C.AddC1C1Many2Many(c1B);
c1D.AddC1C1Many2Many(c1B);
c1C.AddC1C1Many2Many(c1C);
c1D.AddC1C1Many2Many(c1C);
c1D.AddC1C1Many2Many(c1D);
c1B.AddC1C2Many2Many(c2B);
c1C.AddC1C2Many2Many(c2B);
c1D.AddC1C2Many2Many(c2B);
c1C.AddC1C2Many2Many(c2C);
c1D.AddC1C2Many2Many(c2C);
c1D.AddC1C2Many2Many(c2D);
c1B.AddI1I2Many2Many(c2B);
c1C.AddI1I2Many2Many(c2B);
c1C.AddI1I2Many2Many(c2C);
c1D.AddI1I2Many2Many(c2B);
c1D.AddI1I2Many2Many(c2C);
c1D.AddI1I2Many2Many(c2D);
c1B.AddI12C2Many2Many(c2B);
c1C.AddI12C2Many2Many(c2B);
c1C.AddI12C2Many2Many(c2C);
c1D.AddI12C2Many2Many(c2B);
c1D.AddI12C2Many2Many(c2C);
c1D.AddI12C2Many2Many(c2D);
c2A.AddI12C2Many2Many(c2A);
c2A.AddI12C2Many2Many(c2B);
c2A.AddI12C2Many2Many(c2C);
c2A.AddI12C2Many2Many(c2D);
c1B.AddC1I12Many2Many(c1B);
c1B.AddC1I12Many2Many(c2B);
c1C.AddC1I12Many2Many(c2B);
c1C.AddC1I12Many2Many(c2C);
c1D.AddC1I12Many2Many(c2B);
c1D.AddC1I12Many2Many(c2C);
c1D.AddC1I12Many2Many(c2D);
}
