/// <summary> /// Install the specified package /// </summary> public void Install(string packageId) { try { if (ApplicationContext.Current.GetService <INetworkInformationService>().IsNetworkAvailable) { var amiClient = new AmiServiceClient(ApplicationContext.Current.GetRestClient("ami")); amiClient.Client.Credentials = this.GetCredentials(amiClient.Client); amiClient.Client.ProgressChanged += (o, e) => ApplicationContext.Current.SetProgress(String.Format(Strings.locale_downloading, packageId), e.Progress); amiClient.Client.Description.Endpoint[0].Timeout = 30000; // Fetch the applet package using (var ms = amiClient.DownloadApplet(packageId)) { var package = AppletPackage.Load(ms); this.m_tracer.TraceInfo("Upgrading {0}...", package.Meta.ToString()); ApplicationContext.Current.GetService <IAppletManagerService>().Install(package, true); // ApplicationContext.Current.Exit(); // restart } } else { return; } } catch (Exception ex) { this.m_tracer.TraceError("Error contacting AMI: {0}", ex.Message); throw new InvalidOperationException(Strings.err_updateFailed); } }
/// <summary> /// Get a service client /// </summary> protected AmiServiceClient GetClient(IPrincipal principal = null) { var retVal = new AmiServiceClient(ApplicationContext.Current.GetRestClient("ami")); if (principal == null) { principal = AuthenticationContext.Current.Principal; } // Don't allow anonymous principals if (!principal.Identity.IsAuthenticated || principal == AuthenticationContext.SystemPrincipal || principal == AuthenticationContext.AnonymousPrincipal) { using (AuthenticationContextExtensions.TryEnterDeviceContext()) { retVal.Client.Credentials = retVal.Client.Description.Binding.Security.CredentialProvider.GetCredentials(AuthenticationContext.Current.Principal); } } else { retVal.Client.Credentials = retVal.Client.Description.Binding.Security.CredentialProvider.GetCredentials(principal); } return(retVal); }
/// <summary> /// Inserts the specified identified data in the back-end /// </summary> public void Insert(IdentifiedData data) { try { var amiClient = new AmiServiceClient(ApplicationContext.Current.GetRestClient("ami")); amiClient.Client.Credentials = this.GetCredentials(amiClient.Client); if (amiClient.Client.Credentials == null) { return; } switch (data.GetType().Name) { case "AuditSubmission": // Only send audits over wifi if (ApplicationContext.Current.GetService <INetworkInformationService>().IsNetworkWifi || ApplicationContext.Current.GetService <IQueueManagerService>().Admin.Count() > 10) { amiClient.SubmitAudit(data as AuditSubmission); } break; default: throw new NotSupportedException($"AMI servicing not supported for {data.GetType().Name}"); } } catch (Exception ex) { this.m_tracer.TraceError("Error contacting AMI: {0}", ex); throw; } }
/// <summary> /// Perform the GET operation /// </summary> public TModel Get <TModel>(Guid key, Guid?versionKey, IntegrationQueryOptions options = null) where TModel : IdentifiedData { try { var amiClient = new AmiServiceClient(ApplicationContext.Current.GetRestClient("ami")); amiClient.Client.Requesting += IntegrationQueryOptions.CreateRequestingHandler(options); amiClient.Client.Credentials = this.GetCredentials(amiClient.Client); if (amiClient.Client.Credentials == null) { return(null); } switch (typeof(TModel).Name) { case "SecurityUser": return(amiClient.GetUser(key) as TModel); default: throw new NotSupportedException($"AMI servicing not supported for {typeof(TModel).Name}"); } } catch (Exception ex) { this.m_tracer.TraceError("Error contacting AMI: {0}", ex); throw; } }
/// <summary> /// Returns true if the service is available /// </summary> /// <returns></returns> public bool IsAvailable() { try { //var restClient = ApplicationContext.Current.GetRestClient("hdsi"); var networkInformationService = ApplicationContext.Current.GetService <INetworkInformationService>(); if (networkInformationService.IsNetworkAvailable) { if (this.m_lastPing < DateTime.Now.AddSeconds(60)) { var amiClient = new AmiServiceClient(ApplicationContext.Current.GetRestClient("ami")); amiClient.Client.Credentials = new NullCredentials(); amiClient.Client.Description.Endpoint[0].Timeout = 5000; this.m_lastPing = DateTime.Now; return(amiClient.Ping()); } return(true); } return(false); } catch (Exception e) { this.m_tracer.TraceInfo($"Unable to determine network state: {e}"); return(false); } }
/// <summary> /// Attempt an update on the specified resource /// </summary> public void Update(IdentifiedData data, bool forceUpdate = false) { try { var amiClient = new AmiServiceClient(ApplicationContext.Current.GetRestClient("ami")); amiClient.Client.Credentials = this.GetCredentials(amiClient.Client); if (amiClient.Client.Credentials == null) { return; } switch (data.GetType().Name) { case "SecurityUser": amiClient.UpdateUser(data.Key.Value, new SecurityUserInfo(data as SecurityUser)); break; default: throw new NotSupportedException($"AMI servicing not supported for {data.GetType().Name}"); } } catch (Exception ex) { this.m_tracer.TraceError("Error contacting AMI: {0}", ex); throw; } }
/// <summary> /// Find the specified object /// </summary> public Bundle Find <TModel>(Expression <Func <TModel, bool> > predicate, int offset, int?count, IntegrationQueryOptions options = null) where TModel : IdentifiedData { try { var amiClient = new AmiServiceClient(ApplicationContext.Current.GetRestClient("ami")); amiClient.Client.Requesting += IntegrationQueryOptions.CreateRequestingHandler(options); amiClient.Client.Credentials = this.GetCredentials(amiClient.Client); if (amiClient.Client.Credentials == null) { return(null); } switch (typeof(TModel).Name) { case "SecurityUser": return(new Bundle { Item = amiClient.GetUsers((Expression <Func <SecurityUser, bool> >)(Expression) predicate).CollectionItem.OfType <SecurityUserInfo>().Select(o => o.Entity as IdentifiedData).ToList() }); default: return(new Bundle { Item = amiClient.Query <TModel>((Expression <Func <TModel, bool> >)(Expression) predicate, offset, count, out int _).CollectionItem.OfType <IdentifiedData>().ToList() }); } } catch (Exception ex) { this.m_tracer.TraceError("Error contacting AMI: {0}", ex); throw; } }
public Object UpdateSecurityUser([RestMessage(RestMessageFormat.SimpleJson)] SecurityUserInfo user) { var localSecSrv = ApplicationContext.Current.GetService <IRepositoryService <SecurityUser> >(); var amiServ = new AmiServiceClient(ApplicationContext.Current.GetRestClient("ami")); if (user.PasswordOnly) { var idp = ApplicationContext.Current.GetService <IIdentityProviderService>(); idp.ChangePassword(user.Entity.UserName.ToLower(), user.Entity.Password, AuthenticationContext.Current.Principal); return(AuthenticationContext.Current.Session); } else { // Session amiServ.Client.Credentials = new TokenCredentials(AuthenticationContext.Current.Principal); var remoteUser = amiServ.GetUser(user.Entity.Key.Value); remoteUser.Entity.Email = user.Entity.Email; remoteUser.Entity.PhoneNumber = user.Entity.PhoneNumber; // Save the remote user in the local localSecSrv.Save(remoteUser.Entity); amiServ.UpdateUser(remoteUser.Entity.Key.Value, remoteUser); return(remoteUser.Entity); } }
/// <summary> /// Get the reset mechanisms /// </summary> public List <TfaMechanismInfo> GetResetMechanisms() { this.EnsureAuthenticated(); using (AmiServiceClient amiClient = new AmiServiceClient(ApplicationContext.Current.GetRestClient("ami"))) { var authContext = AuthenticationContext.Current; AuthenticationContext.Current = this.m_authContext; var retVal = amiClient.GetTwoFactorMechanisms().CollectionItem; AuthenticationContext.Current = authContext; return(retVal); } }
public ActionResult LeaveRealm(LeaveRealmModel model) { try { if (ModelState.IsValid) { var realm = unitOfWork.RealmRepository.FindById(model.CurrentRealm.Id); if (realm == null) { TempData["error"] = Locale.RealmNotFound; return(RedirectToAction("Index")); } MvcApplication.MemoryCache.Set(RealmConfig.RealmCacheKey, false, ObjectCache.InfiniteAbsoluteExpiration); using (var amiServiceClient = new AmiServiceClient(new RestClientService(Constants.Ami, this.HttpContext))) { var currentDevice = amiServiceClient.GetDevices(d => d.Name == realm.DeviceId).CollectionItem.FirstOrDefault(d => d.Name == realm.DeviceId); if (currentDevice != null) { currentDevice.Device.ObsoletedByKey = Guid.Parse(this.User.Identity.GetUserId()); currentDevice.Device.ObsoletionTime = DateTimeOffset.Now; amiServiceClient.UpdateDevice(currentDevice.Id.ToString(), currentDevice); } } realm.ObsoletionTime = DateTime.UtcNow; // delete all the local references to the users when leaving a realm to avoid // conflicts such as multiple accounts named "administrator" etc. unitOfWork.RealmRepository.Delete(realm); unitOfWork.Save(); this.Response.Cookies.Remove("access_token"); HttpContext.GetOwinContext().Authentication.SignOut(DefaultAuthenticationTypes.ApplicationCookie); TempData["success"] = Locale.RealmLeftSuccessfully; return(RedirectToAction("JoinRealm", "Realm")); } } catch (Exception e) { Trace.TraceError($"Unable to leave realm: { e }"); } TempData["error"] = Locale.UnableToLeaveRealm; return(View(model)); }
/// <summary> /// Install the specified package /// </summary> public void Install(string packageId) { try { if (ApplicationContext.Current.GetService <INetworkInformationService>().IsNetworkAvailable) { var amiClient = new AmiServiceClient(ApplicationContext.Current.GetRestClient("ami")); using (this.Authenticate(amiClient.Client, out Credentials credentials)) { amiClient.Client.Credentials = credentials; amiClient.Client.ProgressChanged += (o, e) => ApplicationContext.Current.SetProgress(string.Format(Strings.locale_downloading, packageId), e.Progress); amiClient.Client.Description.Endpoint[0].Timeout = 30000; // Fetch the applet package if (string.IsNullOrEmpty(this.m_configuration.AppletSolution)) { using (var ms = amiClient.DownloadApplet(packageId)) { var package = AppletPackage.Load(ms); this.m_tracer.TraceInfo("Upgrading {0}...", package.Meta.ToString()); ApplicationContext.Current.GetService <IAppletManagerService>().Install(package, true); ApplicationServiceContext.Current.GetService <ITickleService>().SendTickle(new Tickle(Guid.Empty, TickleType.Information, string.Format(Strings.locale_updateInstalled, package.Meta.Id, package.Meta.Version))); // ApplicationContext.Current.Exit(); // restart } } else { using (var ms = new MemoryStream(amiClient.Client.Get($"AppletSolution/{this.m_configuration.AppletSolution}/applet/{packageId}"))) { var package = AppletPackage.Load(ms); this.m_tracer.TraceInfo("Upgrading {0}...", package.Meta.ToString()); ApplicationContext.Current.GetService <IAppletManagerService>().Install(package, true); ApplicationServiceContext.Current.GetService <ITickleService>().SendTickle(new Tickle(Guid.Empty, TickleType.Information, string.Format(Strings.locale_updateInstalled, package.Meta.Id, package.Meta.Version))); // ApplicationContext.Current.Exit(); // restart } } } } } catch (Exception ex) { this.m_tracer.TraceError("Error contacting AMI: {0}", ex.Message); throw new InvalidOperationException(Strings.err_updateFailed); } }
/// <summary> /// Gets the security user. /// </summary> /// <param name="key">The key.</param> /// <returns>Returns the security user for the given key or null if no security user is found.</returns> public SecurityUser GetSecurityUser(Guid key) { try { var amiClient = new AmiServiceClient(ApplicationContext.Current.GetRestClient("ami")); amiClient.Client.Requesting += IntegrationQueryOptions.CreateRequestingHandler(null); amiClient.Client.Credentials = this.GetCredentials(amiClient.Client); return(amiClient.GetUser(key)?.Entity); } catch (Exception ex) { this.m_tracer.TraceError("Error contacting AMI: {0}", ex); throw; } }
public DiagnosticReport PostBugReport([RestMessage(RestMessageFormat.Json)] BugReport report) { report.ApplicationInfo = new ApplicationInfo(false); if (report.IncludeData) { var logConfig = ApplicationContext.Current.Configuration.GetSection <DiagnosticsConfigurationSection>().TraceWriter.FirstOrDefault(o => o.TraceWriter.GetType() == typeof(FileTraceWriter)); using (MemoryStream ms = new MemoryStream()) { using (GZipStream gz = new GZipStream(ms, CompressionMode.Compress)) ApplicationContext.Current.Configuration.Save(gz); report.Attachments = new List <DiagnosticAttachmentInfo>() { this.CreateGZipLogAttachment(logConfig.InitializationData + ".log"), this.CreateGZipLogAttachment(logConfig.InitializationData + ".log.001", true), new DiagnosticBinaryAttachment() { Content = ms.ToArray(), FileDescription = "SanteDB.config.gz", FileName = "SanteDB.config.gz", Id = "config" } }; } } // submit AmiServiceClient amiClient = new AmiServiceClient(ApplicationContext.Current.GetRestClient("ami")); try { return(amiClient.SubmitDiagnosticReport(new DiagnosticReport() { ApplicationInfo = (report.ApplicationInfo as ApplicationInfo)?.ToDiagnosticReport(), CreatedBy = report.CreatedBy, CreatedByKey = report.CreatedByKey, CreationTime = DateTime.Now, Attachments = report.Attachments, Note = report.Note, Submitter = AuthenticationContext.Current.Session.UserEntity })); } catch (Exception e) { this.m_tracer.TraceError("Error filing bug report: {0}", e); throw; } }
public SecurityUser UpdateSecurityUser([RestMessage(RestMessageFormat.SimpleJson)] SecurityUser user) { var localSecSrv = ApplicationContext.Current.GetService <ISecurityRepositoryService>(); var amiServ = new AmiServiceClient(ApplicationContext.Current.GetRestClient("ami")); // Session amiServ.Client.Credentials = new TokenCredentials(AuthenticationContext.Current.Principal); var remoteUser = amiServ.GetUser(user.Key.ToString()); remoteUser.User.Email = user.Email; remoteUser.User.PhoneNumber = user.PhoneNumber; // Save the remote user in the local localSecSrv.SaveUser(remoteUser.User); amiServ.UpdateUser(remoteUser.UserId.Value, remoteUser); return(remoteUser.User); }
/// <summary> /// Send the verification code /// </summary> public void SendVerificationCode(Guid mechanism, string challengeResponse, string userName, string scope) { this.EnsureAuthenticated(); using (AmiServiceClient amiClient = new AmiServiceClient(ApplicationContext.Current.GetRestClient("ami"))) { var authContext = AuthenticationContext.Current; AuthenticationContext.Current = this.m_authContext; // Next I have to request a TFA secret!! amiClient.SendTfaSecret(new TfaRequestInfo() { ResetMechanism = mechanism, Verification = challengeResponse, UserName = userName, Purpose = scope }); AuthenticationContext.Current = authContext; } }
/// <summary> /// Get the server version of a package /// </summary> public AppletInfo GetServerVersion(string packageId) { try { if (ApplicationContext.Current.GetService <INetworkInformationService>().IsNetworkAvailable) { var amiClient = new AmiServiceClient(ApplicationContext.Current.GetRestClient("ami")); amiClient.Client.Credentials = this.GetCredentials(amiClient.Client); return(amiClient.StatUpdate(packageId)); } else { return(null); } } catch (Exception ex) { this.m_tracer.TraceError("Error contacting AMI: {0}", ex.Message); throw; } }
/// <summary> /// Check for updates /// </summary> public void AutoUpdate() { // Check for updates if (ApplicationContext.Current.GetService <INetworkInformationService>().IsNetworkAvailable) { try { ApplicationContext.Current.SetProgress(Strings.locale_updateCheck, 0.5f); // Check for new applications var amiClient = new AmiServiceClient(ApplicationContext.Current.GetRestClient("ami")); amiClient.Client.Credentials = this.GetCredentials(amiClient.Client); amiClient.Client.Description.Endpoint[0].Timeout = 10000; if (amiClient.Ping()) { amiClient.Client.Description.Endpoint[0].Timeout = 30000; foreach (var i in amiClient.GetApplets().CollectionItem) { var installed = ApplicationContext.Current.GetService <IAppletManagerService>().GetApplet(i.AppletInfo.Id); if (installed == null || new Version(installed.Info.Version) < new Version(i.AppletInfo.Version) && ApplicationContext.Current.Configuration.GetSection <AppletConfigurationSection>().AutoUpdateApplets&& ApplicationContext.Current.Confirm(String.Format(Strings.locale_upgradeConfirm, i.AppletInfo.Names[0].Value, i.AppletInfo.Version, installed.Info.Version))) { this.Install(i.AppletInfo.Id); } } } } catch (Exception ex) { this.m_tracer.TraceError("Error checking for updates: {0}", ex.Message); } } ; this.m_checkedForUpdates = true; }
/// <summary> /// Get the server version of a package /// </summary> public AppletInfo GetServerVersion(string packageId) { try { if (ApplicationContext.Current.GetService <INetworkInformationService>().IsNetworkAvailable) { var amiClient = new AmiServiceClient(ApplicationContext.Current.GetRestClient("ami")); using (this.Authenticate(amiClient.Client, out Credentials credentials)) { amiClient.Client.Credentials = credentials; if (string.IsNullOrEmpty(this.m_configuration.AppletSolution)) { return(amiClient.StatUpdate(packageId)); } var headers = amiClient.Client.Head($"AppletSolution/{this.m_configuration.AppletSolution}/applet/{packageId}"); headers.TryGetValue("X-SanteDB-PakID", out string packId); headers.TryGetValue("ETag", out string versionKey); return(new AppletInfo { Id = packageId, Version = versionKey }); } } return(null); } catch (Exception ex) { this.m_tracer.TraceError("Error contacting AMI: {0}", ex.Message); throw; } }
/// <summary> /// Returns true if the service is available /// </summary> /// <returns></returns> public bool IsAvailable() { try { //var restClient = ApplicationContext.Current.GetRestClient("imsi"); var networkInformationService = ApplicationContext.Current.GetService <INetworkInformationService>(); if (networkInformationService.IsNetworkAvailable) { var amiClient = new AmiServiceClient(ApplicationContext.Current.GetRestClient("ami")); amiClient.Client.Credentials = new NullCredentials(); amiClient.Client.Description.Endpoint[0].Timeout = 10000; return(amiClient.Ping()); } else { return(false); } } catch (Exception e) { this.m_tracer.TraceError($"Unable to determine network state: {e}"); return(false); } }
/// <summary> /// Initializes a new instance of the <see cref="SecurityUserService"/> class. /// </summary> /// <param name="client">The client.</param> public SecurityUserService(AmiServiceClient client) : base(client) { }
/// <summary> /// Start the application context /// </summary> public bool Start() { this.m_tracer.TraceInfo("Starting mini-context"); String scheme = this.m_configuration.UseTls ? "https" : "http", host = $"{scheme}://{this.m_configuration.RealmId}:{this.m_configuration.Port}/"; this.m_tracer.TraceInfo("Contacting {0}", host); try { // Options on AMI var optionDescription = new AdminClientDescription() { Binding = new ServiceClientBindingDescription() { Security = new SecurityConfigurationDescription() } }; if (!String.IsNullOrEmpty(this.m_configuration.Proxy)) { this.m_tracer.TraceVerbose("Setting proxy to : {0}", this.m_configuration.Proxy); WebRequest.DefaultWebProxy = new WebProxy(this.m_configuration.Proxy); } this.m_tracer.TraceVerbose("Setting up endpoint : {0}/ami", host); optionDescription.Endpoint.Add(new AdminClientEndpointDescription($"{host}/ami")); var amiServiceClient = new AmiServiceClient(new RestClient(optionDescription)); // get options var amiOptions = amiServiceClient.Options(); // Server version if (new Version(amiOptions.InterfaceVersion.Substring(0, amiOptions.InterfaceVersion.LastIndexOf(".")) + ".0") > typeof(AmiServiceClient).Assembly.GetName().Version) { throw new InvalidOperationException($"Server version of AMI is too new for this version of console. Expected {typeof(AmiServiceClient).Assembly.GetName().Version} got {amiOptions.InterfaceVersion}"); } foreach (var itm in amiOptions.Endpoints) { this.m_tracer.TraceInfo("Server supports {0} at {1}", itm.ServiceType, String.Join(",", itm.BaseUrl).Replace("0.0.0.0", this.m_configuration.RealmId)); var config = new AdminClientDescription() { Binding = new ServiceClientBindingDescription() }; if (itm.Capabilities.HasFlag(ServiceEndpointCapabilities.Compression)) { config.Binding.Optimize = true; } if (itm.Capabilities.HasFlag(ServiceEndpointCapabilities.BearerAuth)) { config.Binding.Security = new SecurityConfigurationDescription() { CredentialProvider = new TokenCredentialProvider(), Mode = Core.Http.Description.SecurityScheme.Bearer, PreemptiveAuthentication = true } } ; else if (itm.Capabilities.HasFlag(ServiceEndpointCapabilities.BasicAuth)) { if (itm.ServiceType == ServiceEndpointType.AuthenticationService) { config.Binding.Security = new SecurityConfigurationDescription() { CredentialProvider = new OAuth2CredentialProvider(), Mode = Core.Http.Description.SecurityScheme.Basic, PreemptiveAuthentication = true } } ; else { config.Binding.Security = new SecurityConfigurationDescription() { CredentialProvider = new HttpBasicTokenCredentialProvider(), Mode = Core.Http.Description.SecurityScheme.Basic, PreemptiveAuthentication = true } }; } config.Endpoint.AddRange(itm.BaseUrl.Select(o => new AdminClientEndpointDescription(o.Replace("0.0.0.0", this.m_configuration.RealmId)))); // Add client this.m_restClients.Add(itm.ServiceType, new RestClient( config )); } // Attempt to get server time from clinical interface which should challenge this.GetRestClient(ServiceEndpointType.ImmunizationIntegrationService)?.Get("/time"); return(true); } catch (Exception ex) { #if DEBUG this.m_tracer.TraceError("Cannot start services: {0}", ex); #else this.m_tracer.TraceError("Cannot start services: {0}", ex); #endif return(false); } }
/// <summary> /// Initializes a new instance of the <see cref="AuditService"/> class. /// </summary> /// <param name="client">The client.</param> public AuditService(AmiServiceClient client) : base(client) { }
/// <summary> /// Initializes a new instance of the <see cref="SecurityDeviceService"/> class. /// </summary> /// <param name="client">The client.</param> public SecurityDeviceService(AmiServiceClient client) : base(client) { }
/// <summary> /// Changes the users password. /// </summary> /// <param name="userName">The username of the user.</param> /// <param name="newPassword">The new password of the user.</param> /// <param name="principal">The authentication principal (the user that is changing the password).</param> public void ChangePassword(string userName, string newPassword, System.Security.Principal.IPrincipal principal) { try { // The principal must change their own password or must have the changepassword credential if (!userName.Equals(principal.Identity.Name, StringComparison.InvariantCultureIgnoreCase)) { new PolicyPermission(System.Security.Permissions.PermissionState.Unrestricted, PolicyIdentifiers.ChangePassword).Demand(); } else if (!principal.Identity.IsAuthenticated) { throw new InvalidOperationException("Unauthenticated principal cannot change user password"); } // Get the user's identity var securityUserService = ApplicationContext.Current.GetService <ISecurityRepositoryService>(); using (AmiServiceClient client = new AmiServiceClient(ApplicationContext.Current.GetRestClient("ami"))) { client.Client.Accept = "application/xml"; Guid userId = Guid.Empty; if (principal is ClaimsPrincipal) { var subjectClaim = (principal as ClaimsPrincipal).FindClaim(ClaimTypes.Sid); if (subjectClaim != null) { userId = Guid.Parse(subjectClaim.Value); } } // User ID not found - lookup if (userId == Guid.Empty) { // User service is null var securityUser = securityUserService.GetUser(principal.Identity); if (securityUser == null) { var tuser = client.GetUsers(o => o.UserName == principal.Identity.Name).CollectionItem.FirstOrDefault(); if (tuser == null) { throw new ArgumentException(string.Format("User {0} not found", userName)); } else { userId = tuser.UserId.Value; } } else { userId = securityUser.Key.Value; } } // Use the current configuration's credential provider var user = new SecurityUserInfo() { UserId = userId, UserName = userName, Password = newPassword }; // Set the credentials client.Client.Credentials = ApplicationContext.Current.Configuration.GetServiceDescription("ami").Binding.Security.CredentialProvider.GetCredentials(principal); client.UpdateUser(user.UserId.Value, user); var localIdp = new LocalIdentityService(); // Change locally localIdp.ChangePassword(userName, newPassword); // Audit - Local IDP has alerted this already if (!(localIdp is ISecurityAuditEventSource)) { this.SecurityAttributesChanged?.Invoke(this, new SecurityAuditDataEventArgs(user, "password")); } } } catch (Exception e) { this.m_tracer.TraceError("Error changing password for user {0} : {1}", userName, e); throw; } }
/// <summary> /// Initializes a new instance of the <see cref="AmiServerInformationService"/> class. /// </summary> /// <param name="client">The client.</param> public AmiServerInformationService(AmiServiceClient client) : base(client) { }
/// <summary> /// Run the mail synchronization service /// </summary> public void Run(object sender, EventArgs e, object[] parameters) { try { this.m_jobStateManager.SetState(this, JobStateType.Running); // We are to poll for alerts always (never push supported) var amiClient = new AmiServiceClient(ApplicationContext.Current.GetRestClient("ami")); using (this.GetCredentials(amiClient.Client, out Credentials credentials)) { amiClient.Client.Credentials = credentials; // When was the last time we polled an alert? var lastSync = this.m_synchronizationLogService.GetLastTime(typeof(MailMessage)); var syncTime = new DateTimeOffset(lastSync.GetValueOrDefault()); // Poll action for all alerts to "everyone" AmiCollection serverAlerts = amiClient.GetMailMessages(a => a.CreationTime >= syncTime && a.RcptTo.Any(o => o.UserName == "SYSTEM")); // SYSTEM WIDE ALERTS // TODO: We need to filter by users in which this tablet will be interested in ParameterExpression userParameter = Expression.Parameter(typeof(SecurityUser), "u"); // User name filter Expression userNameFilter = Expression.Equal(Expression.MakeMemberAccess(userParameter, userParameter.Type.GetRuntimeProperty("UserName")), Expression.Constant(this.m_securityConfiguration.DeviceName)); // Or eith other users which have logged into this tablet foreach (var user in ApplicationContext.Current.GetService <IDataPersistenceService <SecurityUser> >().Query(u => u.LastLoginTime != null && u.UserName != this.m_securityConfiguration.DeviceName, AuthenticationContext.SystemPrincipal)) { userNameFilter = Expression.OrElse(userNameFilter, Expression.Equal(Expression.MakeMemberAccess(userParameter, userParameter.Type.GetRuntimeProperty("UserName")), Expression.Constant(user.UserName)) ); } ParameterExpression parmExpr = Expression.Parameter(typeof(MailMessage), "a"); Expression timeExpression = Expression.GreaterThanOrEqual( Expression.Convert(Expression.MakeMemberAccess(parmExpr, parmExpr.Type.GetRuntimeProperty("CreationTime")), typeof(DateTimeOffset)), Expression.Constant(syncTime) ), // this tablet expression userExpression = Expression.Call( (MethodInfo)typeof(Enumerable).GetGenericMethod("Any", new Type[] { typeof(SecurityUser) }, new Type[] { typeof(IEnumerable <SecurityUser>), typeof(Func <SecurityUser, bool>) }), Expression.MakeMemberAccess(parmExpr, parmExpr.Type.GetRuntimeProperty("RcptTo")), Expression.Lambda <Func <SecurityUser, bool> >(userNameFilter, userParameter)); serverAlerts.CollectionItem = serverAlerts.CollectionItem.Union(amiClient.GetMailMessages(Expression.Lambda <Func <MailMessage, bool> >(Expression.AndAlso(timeExpression, userExpression), parmExpr)).CollectionItem).ToList(); // Import the alerts foreach (var itm in serverAlerts.CollectionItem.OfType <MailMessage>()) { this.m_tracer.TraceVerbose("Importing ALERT: [{0}]: {1}", itm.TimeStamp, itm.Subject); itm.Body = String.Format("<pre>{0}</pre>", itm.Body); this.m_mailRepository.Broadcast(itm); } this.m_synchronizationLogService.Save(typeof(MailMessage), String.Empty, String.Empty, "Mail", DateTime.Now); // Push alerts which I have created or updated //int tc = 0; //foreach(var itm in this.m_alertRepository.Find(a=> (a.TimeStamp >= lastTime ) && a.Flags != AlertMessageFlags.System, 0, null, out tc)) //{ // if (!String.IsNullOrEmpty(itm.To)) // { // this.m_tracer.TraceVerbose("Sending ALERT: [{0}]: {1}", itm.TimeStamp, itm.Subject); // if (itm.UpdatedTime != null) // amiClient.UpdateAlert(itm.Key.ToString(), new AlertMessageInfo(itm)); // else // amiClient.CreateAlert(new AlertMessageInfo(itm)); // } //} this.m_jobStateManager.SetState(this, JobStateType.Completed); } } catch (Exception ex) { this.m_tracer.TraceError("Could not pull alerts: {0}", ex.Message); this.m_jobStateManager.SetState(this, JobStateType.Aborted); this.m_jobStateManager.SetProgress(this, ex.Message, 0.0f); } }
/// <summary> /// Initializes a new instance of the <see cref="AmiServiceBase"/> class. /// </summary> /// <param name="client">The client.</param> protected AmiServiceBase(AmiServiceClient client) { this.Client = client; }
public async Task <ActionResult> JoinRealmAsync(JoinRealmModel model) { HttpContext.GetOwinContext().Authentication.SignOut(DefaultAuthenticationTypes.ApplicationCookie); this.Response.Cookies.Remove("access_token"); if (ModelState.IsValid) { model.Address = model.Address.HasTrailingBackSlash() ? model.Address.RemoveTrailingBackSlash() : model.Address; model.Address = model.Address.HasTrailingForwardSlash() ? model.Address.RemoveTrailingForwardSlash() : model.Address; Realm realm = unitOfWork.RealmRepository.Get(r => r.Address == model.Address && r.ObsoletionTime != null).AsEnumerable().SingleOrDefault(); // remove any leading or trailing spaces model.Address = model.Address.Trim(); // HACK: the UrlAttribute class thinks that http://localhost is not a valid url... if (model.Address.StartsWith("http://localhost")) { model.Address = model.Address.Replace("http://localhost", "http://127.0.0.1"); } else if (model.Address.StartsWith("https://localhost")) { model.Address = model.Address.Replace("https://localhost", "https://127.0.0.1"); } // is the user attempting to join a realm which they have already left? if (realm != null) { realm.Map(model); realm.ObsoletionTime = null; unitOfWork.RealmRepository.Update(realm); unitOfWork.Save(); } else { realm = unitOfWork.RealmRepository.Create(); realm.Map(model); realm.DeviceId = Environment.MachineName + "-" + Guid.NewGuid().ToString().ToUpper(); realm.DeviceSecret = Guid.NewGuid().ToString().ToUpper(); var activeRealms = unitOfWork.RealmRepository.AsQueryable().Where(r => r.ObsoletionTime == null).AsEnumerable(); foreach (var activeRealm in activeRealms) { activeRealm.ObsoletionTime = DateTime.UtcNow; unitOfWork.RealmRepository.Update(activeRealm); } unitOfWork.RealmRepository.Add(realm); unitOfWork.Save(); } try { var result = await this.SignInManager.PasswordSignInAsync(model.Username, model.Password, false, false); switch (result) { case SignInStatus.Success: using (var amiServiceClient = new AmiServiceClient(new RestClientService(Constants.Ami, this.HttpContext, this.SignInManager.AccessToken))) { var synchronizers = amiServiceClient.GetRoles(r => r.Name == "SYNCHRONIZERS").CollectionItem.FirstOrDefault(); var device = amiServiceClient.GetRoles(r => r.Name == "DEVICE").CollectionItem.FirstOrDefault(); var securityUserInfo = new SecurityUserInfo { Password = realm.DeviceSecret, Roles = new List <SecurityRoleInfo> { device, synchronizers }, UserName = realm.DeviceId, User = new SecurityUser { Key = Guid.NewGuid(), UserClass = UserClassKeys.ApplicationUser, UserName = realm.DeviceId, SecurityHash = Guid.NewGuid().ToString() }, }; amiServiceClient.CreateUser(securityUserInfo); var securityDeviceInfo = new SecurityDeviceInfo { Device = new SecurityDevice { DeviceSecret = realm.DeviceSecret, Name = realm.DeviceId } }; amiServiceClient.CreateDevice(securityDeviceInfo); } MvcApplication.MemoryCache.Set(RealmConfig.RealmCacheKey, true, ObjectCache.InfiniteAbsoluteExpiration); break; default: // always sign out the user when joining the realm SignInManager.AuthenticationManager.SignOut(); var addedRealm = unitOfWork.RealmRepository.Get(r => r.Address == model.Address).FirstOrDefault(); if (addedRealm != null) { unitOfWork.RealmRepository.Delete(addedRealm.Id); unitOfWork.Save(); } ModelState.AddModelError("", Locale.IncorrectUsernameOrPassword); return(View(model)); } this.TempData["success"] = Locale.RealmJoinedSuccessfully; return(RedirectToAction("Login", "Account")); } catch (Exception e) { Trace.TraceError($"Unable to join realm: {e}"); var addedRealm = unitOfWork.RealmRepository.Get(r => r.Address == model.Address).Single(); unitOfWork.RealmRepository.Delete(addedRealm.Id); unitOfWork.Save(); } finally { // always sign out the user when joining the realm HttpContext.GetOwinContext().Authentication.SignOut(DefaultAuthenticationTypes.ApplicationCookie); } } TempData["error"] = Locale.UnableToJoinRealm; return(View(model)); }
/// <summary> /// Start the daemon service /// </summary> public bool Start() { this.Starting?.Invoke(this, EventArgs.Empty); this.m_configuration = ApplicationContext.Current.Configuration.GetSection <SynchronizationConfigurationSection>(); this.m_securityConfiguration = ApplicationContext.Current.Configuration.GetSection <SecurityConfigurationSection>(); // Application context has started ApplicationContext.Current.Started += (o, e) => { try { // We are to poll for alerts always (never push supported) TimeSpan pollInterval = this.m_configuration.PollInterval == TimeSpan.MinValue ? new TimeSpan(0, 10, 0) : this.m_configuration.PollInterval; this.m_alertRepository = ApplicationContext.Current.GetService <IAlertRepositoryService>(); Action <Object> pollAction = null; pollAction = x => { try { var amiClient = new AmiServiceClient(ApplicationContext.Current.GetRestClient("ami")); amiClient.Client.Credentials = this.GetCredentials(amiClient.Client); // Pull from alerts if (!this.m_isRunning) { return; } // When was the last time we polled an alert? var lastTime = SynchronizationLog.Current.GetLastTime(typeof(AlertMessage)); var syncTime = lastTime.HasValue ? new DateTimeOffset(lastTime.Value) : DateTimeOffset.Now.AddHours(-1); // Poll action for all alerts to "everyone" AmiCollection <AlertMessageInfo> serverAlerts = amiClient.GetAlerts(a => a.CreationTime >= lastTime && a.To.Contains("everyone")); // TODO: We need to filter by users in which this tablet will be interested in ParameterExpression userParameter = Expression.Parameter(typeof(SecurityUser), "u"); // User name filter Expression userNameFilter = Expression.Equal(Expression.MakeMemberAccess(userParameter, userParameter.Type.GetRuntimeProperty("UserName")), Expression.Constant(this.m_securityConfiguration.DeviceName)); // Or eith other users which have logged into this tablet foreach (var user in ApplicationContext.Current.GetService <IDataPersistenceService <SecurityUser> >().Query(u => u.LastLoginTime != null && u.UserName != this.m_securityConfiguration.DeviceName)) { userNameFilter = Expression.OrElse(userNameFilter, Expression.Equal(Expression.MakeMemberAccess(userParameter, userParameter.Type.GetRuntimeProperty("UserName")), Expression.Constant(user.UserName)) ); } ParameterExpression parmExpr = Expression.Parameter(typeof(AlertMessage), "a"); Expression timeExpression = Expression.GreaterThanOrEqual( Expression.Convert(Expression.MakeMemberAccess(parmExpr, parmExpr.Type.GetRuntimeProperty("CreationTime")), typeof(DateTimeOffset)), Expression.Constant(syncTime) ), // this tablet expression userExpression = Expression.Call( (MethodInfo)typeof(Enumerable).GetGenericMethod("Any", new Type[] { typeof(SecurityUser) }, new Type[] { typeof(IEnumerable <SecurityUser>), typeof(Func <SecurityUser, bool>) }), Expression.MakeMemberAccess(parmExpr, parmExpr.Type.GetRuntimeProperty("RcptTo")), Expression.Lambda <Func <SecurityUser, bool> >(userNameFilter, userParameter)); serverAlerts.CollectionItem = serverAlerts.CollectionItem.Union(amiClient.GetAlerts(Expression.Lambda <Func <AlertMessage, bool> >(Expression.AndAlso(timeExpression, userExpression), parmExpr)).CollectionItem).ToList(); // Import the alerts foreach (var itm in serverAlerts.CollectionItem) { this.m_tracer.TraceVerbose("Importing ALERT: [{0}]: {1}", itm.AlertMessage.TimeStamp, itm.AlertMessage.Subject); itm.AlertMessage.Body = String.Format("<pre>{0}</pre>", itm.AlertMessage.Body); this.m_alertRepository.BroadcastAlert(itm.AlertMessage); } // Push alerts which I have created or updated //int tc = 0; //foreach(var itm in this.m_alertRepository.Find(a=> (a.TimeStamp >= lastTime ) && a.Flags != AlertMessageFlags.System, 0, null, out tc)) //{ // if (!String.IsNullOrEmpty(itm.To)) // { // this.m_tracer.TraceVerbose("Sending ALERT: [{0}]: {1}", itm.TimeStamp, itm.Subject); // if (itm.UpdatedTime != null) // amiClient.UpdateAlert(itm.Key.ToString(), new AlertMessageInfo(itm)); // else // amiClient.CreateAlert(new AlertMessageInfo(itm)); // } //} SynchronizationLog.Current.Save(typeof(AlertMessage), null, null, null); } catch (Exception ex) { this.m_tracer.TraceError("Could not pull alerts: {0}", ex.Message); } finally { // Re-schedule myself in the poll interval time ApplicationContext.Current.GetService <IThreadPoolService>().QueueUserWorkItem(pollInterval, pollAction, null); } }; //ApplicationContext.Current.GetService<IThreadPoolService>().QueueUserWorkItem(pollInterval, pollAction, null); this.m_isRunning = true; pollAction(null); } catch (Exception ex) { this.m_tracer.TraceError("Error starting Alert Sync: {0}", ex.Message); } //this.m_alertRepository.Committed += }; this.Started?.Invoke(this, EventArgs.Empty); return(true); }
public List <AppletSolutionInfo> GetAppletSolutions() { var amiClient = new AmiServiceClient(ApplicationContext.Current.GetRestClient("ami")); return(amiClient.GetAppletSolutions().CollectionItem.OfType <AppletSolutionInfo>().ToList()); }