/// <summary>
/// Find the specified object
/// </summary>
public Bundle Find <TModel>(Expression <Func <TModel, bool> > predicate, int offset, int?count, IntegrationQueryOptions options = null) where TModel : IdentifiedData
{
try
{
var amiClient = new AmiServiceClient(ApplicationContext.Current.GetRestClient("ami"));
amiClient.Client.Requesting += IntegrationQueryOptions.CreateRequestingHandler(options);
amiClient.Client.Credentials = this.GetCredentials(amiClient.Client);
if (amiClient.Client.Credentials == null)
{
return(null);
}
switch (typeof(TModel).Name)
{
case "SecurityUser":
return(new Bundle
{
Item = amiClient.GetUsers((Expression <Func <SecurityUser, bool> >)(Expression) predicate).CollectionItem.OfType <SecurityUserInfo>().Select(o => o.Entity as IdentifiedData).ToList()
});
default:
return(new Bundle
{
Item = amiClient.Query <TModel>((Expression <Func <TModel, bool> >)(Expression) predicate, offset, count, out int _).CollectionItem.OfType <IdentifiedData>().ToList()
});
}
}
catch (Exception ex)
{
this.m_tracer.TraceError("Error contacting AMI: {0}", ex);
throw;
}
}
// // [PolicyPermission(System.Security.Permissions.SecurityAction.Demand, PolicyId = PermissionPolicyIdentifiers.AlterIdentity)]
internal static void Userdel(GenericUserParms parms)
{
if (parms.UserName == null)
{
throw new InvalidOperationException("Must specify a user");
}
foreach (var un in parms.UserName)
{
var user = m_client.GetUsers(o => o.UserName == un).CollectionItem.FirstOrDefault() as SecurityUserInfo;
if (user == null)
{
throw new KeyNotFoundException($"User {un} not found");
}
m_client.DeleteUser(user.Entity.Key.Value);
}
}
/// <summary>
/// Changes the users password.
/// </summary>
/// <param name="userName">The username of the user.</param>
/// <param name="newPassword">The new password of the user.</param>
/// <param name="principal">The authentication principal (the user that is changing the password).</param>
public void ChangePassword(string userName, string newPassword, System.Security.Principal.IPrincipal principal)
{
try
{
// The principal must change their own password or must have the changepassword credential
if (!userName.Equals(principal.Identity.Name, StringComparison.InvariantCultureIgnoreCase))
{
new PolicyPermission(System.Security.Permissions.PermissionState.Unrestricted, PolicyIdentifiers.ChangePassword).Demand();
}
else if (!principal.Identity.IsAuthenticated)
{
throw new InvalidOperationException("Unauthenticated principal cannot change user password");
}
// Get the user's identity
var securityUserService = ApplicationContext.Current.GetService <ISecurityRepositoryService>();
using (AmiServiceClient client = new AmiServiceClient(ApplicationContext.Current.GetRestClient("ami")))
{
client.Client.Accept = "application/xml";
Guid userId = Guid.Empty;
if (principal is ClaimsPrincipal)
{
var subjectClaim = (principal as ClaimsPrincipal).FindClaim(ClaimTypes.Sid);
if (subjectClaim != null)
{
userId = Guid.Parse(subjectClaim.Value);
}
}
// User ID not found - lookup
if (userId == Guid.Empty)
{
// User service is null
var securityUser = securityUserService.GetUser(principal.Identity);
if (securityUser == null)
{
var tuser = client.GetUsers(o => o.UserName == principal.Identity.Name).CollectionItem.FirstOrDefault();
if (tuser == null)
{
throw new ArgumentException(string.Format("User {0} not found", userName));
}
else
{
userId = tuser.UserId.Value;
}
}
else
{
userId = securityUser.Key.Value;
}
}
// Use the current configuration's credential provider
var user = new SecurityUserInfo()
{
UserId = userId,
UserName = userName,
Password = newPassword
};
// Set the credentials
client.Client.Credentials = ApplicationContext.Current.Configuration.GetServiceDescription("ami").Binding.Security.CredentialProvider.GetCredentials(principal);
client.UpdateUser(user.UserId.Value, user);
var localIdp = new LocalIdentityService();
// Change locally
localIdp.ChangePassword(userName, newPassword);
// Audit - Local IDP has alerted this already
if (!(localIdp is ISecurityAuditEventSource))
{
this.SecurityAttributesChanged?.Invoke(this, new SecurityAuditDataEventArgs(user, "password"));
}
}
}
catch (Exception e)
{
this.m_tracer.TraceError("Error changing password for user {0} : {1}", userName, e);
throw;
}
}
/// <summary>
/// Changes the users password.
/// </summary>
/// <param name="userName">The username of the user.</param>
/// <param name="newPassword">The new password of the user.</param>
/// <param name="principal">The authentication principal (the user that is changing the password).</param>
public void ChangePassword(string userName, string newPassword, System.Security.Principal.IPrincipal principal)
{
try
{
// The principal must change their own password or must have the changepassword credential
if (!userName.Equals(principal.Identity.Name, StringComparison.InvariantCultureIgnoreCase))
{
new PolicyPermission(System.Security.Permissions.PermissionState.Unrestricted, PermissionPolicyIdentifiers.ChangePassword).Demand();
}
else if (!principal.Identity.IsAuthenticated)
{
throw new InvalidOperationException("Unauthenticated principal cannot change user password");
}
// Get the user's identity
var securityUserService = ApplicationContext.Current.GetService <ISecurityRepositoryService>();
var localIdp = ApplicationContext.Current.GetService <IOfflineIdentityProviderService>();
if (localIdp?.IsLocalUser(userName) == true) // User is a local user, so we only change password on local
{
localIdp.ChangePassword(userName, newPassword, principal);
}
else
{
using (AmiServiceClient client = new AmiServiceClient(ApplicationContext.Current.GetRestClient("ami")))
{
Guid userId = Guid.Empty;
if (principal.Identity.Name.ToLowerInvariant() == userName.ToLowerInvariant())
{
var subjectClaim = (principal as IClaimsPrincipal).FindFirst(SanteDBClaimTypes.Sid);
if (subjectClaim != null)
{
userId = Guid.Parse(subjectClaim.Value);
}
}
// User ID not found - lookup
if (userId == Guid.Empty)
{
// User service is null
var securityUser = securityUserService.GetUser(userName);
if (securityUser == null)
{
var tuser = client.GetUsers(o => o.UserName == userName).CollectionItem.OfType <SecurityUserInfo>().FirstOrDefault();
if (tuser == null)
{
throw new ArgumentException(string.Format("User {0} not found", userName));
}
else
{
userId = tuser.Entity.Key.Value;
}
}
else
{
userId = securityUser.Key.Value;
}
}
// Use the current configuration's credential provider
var user = new SecurityUserInfo(new SecurityUser()
{
Key = userId,
UserName = userName,
Password = newPassword
})
{
PasswordOnly = true
};
// Set the credentials
client.Client.Credentials = ApplicationContext.Current.Configuration.GetServiceDescription("ami").Binding.Security.CredentialProvider.GetCredentials(principal);
client.UpdateUser(userId, user);
// Change locally
var userInfo = localIdp?.GetIdentity(userName);
if (userInfo != null)
{
localIdp?.ChangePassword(userName, newPassword, principal);
}
// Audit - Local IDP has alerted this already
AuditUtil.AuditSecurityAttributeAction(new object[] { user.ToIdentifiedData() }, true, new string[] { "password" });
}
}
}
catch (Exception e)
{
this.m_tracer.TraceError("Error changing password for user {0} : {1}", userName, e);
throw;
}
}