internal static async Task <EdgeHubScopeResult> HandleDevicesAndModulesInTargetDeviceScopeAsync(string actorDeviceId, string actorModuleId, NestedScopeRequest request, IDeviceScopeIdentitiesCache identitiesCache) { Events.ReceivedScopeRequest(actorDeviceId, actorModuleId, request); if (!AuthChainHelpers.TryGetTargetDeviceId(request.AuthChain, out string targetDeviceId)) { return(new EdgeHubScopeResultError(HttpStatusCode.BadRequest, Events.InvalidRequestAuthchain(request.AuthChain))); } // Get the children of the target device and the target device itself; Option <string> authChainToTarget = await identitiesCache.GetAuthChain(targetDeviceId); (bool validationResult, string errorMsg) = ValidateAuthChainForRequestor(actorDeviceId, targetDeviceId, authChainToTarget); if (!validationResult) { return(new EdgeHubScopeResultError(HttpStatusCode.Unauthorized, errorMsg)); } IList <ServiceIdentity> identities = await identitiesCache.GetDevicesAndModulesInTargetScopeAsync(targetDeviceId); Option <ServiceIdentity> targetDevice = await identitiesCache.GetServiceIdentity(targetDeviceId); targetDevice.ForEach(d => identities.Add(d)); // Construct the result from the identities Events.SendingScopeResult(targetDeviceId, identities); return(MakeResultFromIdentities(identities)); }
public void TryGetTargetDeviceId_Success(string authChain, bool expected, string expectedTargetDeviceId) { bool actual = AuthChainHelpers.TryGetTargetDeviceId(authChain, out string actualTargetDeviceId); Assert.Equal(expected, actual); if (actual) { Assert.Equal(expectedTargetDeviceId, actualTargetDeviceId); } }
async Task <EdgeHubScopeResult> HandleDevicesAndModulesInTargetDeviceScopeAsync(string actorDeviceId, string actorModuleId, NestedScopeRequest request) { Events.ReceivedScopeRequest(actorDeviceId, actorModuleId, request); if (!AuthChainHelpers.TryGetTargetDeviceId(request.AuthChain, out string targetDeviceId)) { return(new EdgeHubScopeResultError(HttpStatusCode.BadRequest, Events.InvalidRequestAuthchain(request.AuthChain))); } // Get the children of the target device and the target device itself; IEdgeHub edgeHub = await this.edgeHubGetter; IDeviceScopeIdentitiesCache identitiesCache = edgeHub.GetDeviceScopeIdentitiesCache(); IList <ServiceIdentity> identities = await identitiesCache.GetDevicesAndModulesInTargetScopeAsync(targetDeviceId); Option <ServiceIdentity> targetDevice = await identitiesCache.GetServiceIdentity(targetDeviceId); targetDevice.ForEach(d => identities.Add(d)); // Construct the result from the identities Events.SendingScopeResult(targetDeviceId, identities); return(MakeResultFromIdentities(identities)); }
internal static async Task <Try <string> > AuthorizeOnBehalfOf( string actorDeviceId, string authChain, string source, HttpContext httpContext, IEdgeHub edgeHub, IHttpRequestAuthenticator authenticator) { if (!AuthChainHelpers.TryGetTargetDeviceId(authChain, out string targetDeviceId)) { Events.InvalidRequestAuthChain(source, authChain); return(Try <string> .Failure(new ValidationException(HttpStatusCode.BadRequest, FormatErrorResponseMessage($"Invalid request auth chain {authChain}.")))); } if (!await AuthenticateAsync(actorDeviceId, Option.Some(Constants.EdgeHubModuleId), Option.Some(authChain), httpContext, authenticator)) { return(Try <string> .Failure(new ValidationException(HttpStatusCode.Unauthorized))); } IDeviceScopeIdentitiesCache identitiesCache = edgeHub.GetDeviceScopeIdentitiesCache(); Option <string> targetAuthChain = await identitiesCache.GetAuthChain(targetDeviceId); return(targetAuthChain.Match( ac => { if (!AuthChainHelpers.ValidateAuthChain(actorDeviceId, targetDeviceId, ac)) { Events.AuthorizationFail_InvalidAuthChain(actorDeviceId, targetDeviceId, ac); return Try <string> .Failure(new ValidationException(HttpStatusCode.Unauthorized)); } return ac; }, () => { Events.AuthorizationFail_NoAuthChain(targetDeviceId); return Try <string> .Failure(new ValidationException(HttpStatusCode.Unauthorized)); })); }
public async Task DeleteModuleOnBehalfOfAsync( [FromRoute] string actorDeviceId, [FromBody] DeleteModuleOnBehalfOfData requestData) { try { Events.ReceivedOnBehalfOfRequest(nameof(this.DeleteModuleOnBehalfOfAsync), actorDeviceId, Events.GetAdditionalInfo(requestData)); try { Preconditions.CheckNonWhiteSpace(actorDeviceId, nameof(actorDeviceId)); Preconditions.CheckNotNull(requestData, nameof(requestData)); Preconditions.CheckNonWhiteSpace(requestData.AuthChain, nameof(requestData.AuthChain)); Preconditions.CheckNonWhiteSpace(requestData.ModuleId, nameof(requestData.ModuleId)); } catch (Exception ex) { Events.BadRequest(nameof(this.DeleteModuleOnBehalfOfAsync), ex.Message); await this.SendResponseAsync(HttpStatusCode.BadRequest, FormatErrorResponseMessage(ex.ToString())); return; } actorDeviceId = WebUtility.UrlDecode(actorDeviceId); if (!AuthChainHelpers.TryGetTargetDeviceId(requestData.AuthChain, out string targetDeviceId)) { Events.InvalidRequestAuthChain(nameof(this.DeleteModuleOnBehalfOfAsync), requestData.AuthChain); await this.SendResponseAsync(HttpStatusCode.BadRequest, FormatErrorResponseMessage($"Invalid request auth chain {requestData.AuthChain}.")); return; } if (!await this.AuthenticateAsync(actorDeviceId, Option.Some(Constants.EdgeHubModuleId), Option.Some(requestData.AuthChain))) { await this.SendResponseAsync(HttpStatusCode.Unauthorized); return; } IEdgeHub edgeHub = await this.edgeHubGetter; IDeviceScopeIdentitiesCache identitiesCache = edgeHub.GetDeviceScopeIdentitiesCache(); Option <string> targetAuthChain = await identitiesCache.GetAuthChain(targetDeviceId); if (!targetAuthChain.HasValue) { Events.AuthorizationFail_NoAuthChain(targetDeviceId); await this.SendResponseAsync(HttpStatusCode.Unauthorized); return; } string edgeDeviceId = edgeHub.GetEdgeDeviceId(); RegistryApiHttpResult result = await this.apiClient.DeleteModuleAsync( edgeDeviceId, new DeleteModuleOnBehalfOfData($"{targetAuthChain.OrDefault()}", requestData.ModuleId)); await this.SendResponseAsync(result.StatusCode, result.JsonContent); Events.CompleteRequest(nameof(this.DeleteModuleOnBehalfOfAsync), edgeDeviceId, targetAuthChain.OrDefault(), result); } catch (Exception ex) { Events.InternalServerError(nameof(this.DeleteModuleOnBehalfOfAsync), ex); await this.SendResponseAsync(HttpStatusCode.InternalServerError, FormatErrorResponseMessage(ex.ToString())); } }