internal static async Task <EdgeHubScopeResult> HandleDevicesAndModulesInTargetDeviceScopeAsync(string actorDeviceId, string actorModuleId, NestedScopeRequest request, IDeviceScopeIdentitiesCache identitiesCache)
{
Events.ReceivedScopeRequest(actorDeviceId, actorModuleId, request);
if (!AuthChainHelpers.TryGetTargetDeviceId(request.AuthChain, out string targetDeviceId))
{
return(new EdgeHubScopeResultError(HttpStatusCode.BadRequest, Events.InvalidRequestAuthchain(request.AuthChain)));
}
// Get the children of the target device and the target device itself;
Option <string> authChainToTarget = await identitiesCache.GetAuthChain(targetDeviceId);
(bool validationResult, string errorMsg) = ValidateAuthChainForRequestor(actorDeviceId, targetDeviceId, authChainToTarget);
if (!validationResult)
{
return(new EdgeHubScopeResultError(HttpStatusCode.Unauthorized, errorMsg));
}
IList <ServiceIdentity> identities = await identitiesCache.GetDevicesAndModulesInTargetScopeAsync(targetDeviceId);
Option <ServiceIdentity> targetDevice = await identitiesCache.GetServiceIdentity(targetDeviceId);
targetDevice.ForEach(d => identities.Add(d));
// Construct the result from the identities
Events.SendingScopeResult(targetDeviceId, identities);
return(MakeResultFromIdentities(identities));
}
public void TryGetTargetDeviceId_Success(string authChain, bool expected, string expectedTargetDeviceId)
{
bool actual = AuthChainHelpers.TryGetTargetDeviceId(authChain, out string actualTargetDeviceId);
Assert.Equal(expected, actual);
if (actual)
{
Assert.Equal(expectedTargetDeviceId, actualTargetDeviceId);
}
}
async Task <EdgeHubScopeResult> HandleDevicesAndModulesInTargetDeviceScopeAsync(string actorDeviceId, string actorModuleId, NestedScopeRequest request)
{
Events.ReceivedScopeRequest(actorDeviceId, actorModuleId, request);
if (!AuthChainHelpers.TryGetTargetDeviceId(request.AuthChain, out string targetDeviceId))
{
return(new EdgeHubScopeResultError(HttpStatusCode.BadRequest, Events.InvalidRequestAuthchain(request.AuthChain)));
}
// Get the children of the target device and the target device itself;
IEdgeHub edgeHub = await this.edgeHubGetter;
IDeviceScopeIdentitiesCache identitiesCache = edgeHub.GetDeviceScopeIdentitiesCache();
IList <ServiceIdentity> identities = await identitiesCache.GetDevicesAndModulesInTargetScopeAsync(targetDeviceId);
Option <ServiceIdentity> targetDevice = await identitiesCache.GetServiceIdentity(targetDeviceId);
targetDevice.ForEach(d => identities.Add(d));
// Construct the result from the identities
Events.SendingScopeResult(targetDeviceId, identities);
return(MakeResultFromIdentities(identities));
}
internal static async Task <Try <string> > AuthorizeOnBehalfOf(
string actorDeviceId,
string authChain,
string source,
HttpContext httpContext,
IEdgeHub edgeHub,
IHttpRequestAuthenticator authenticator)
{
if (!AuthChainHelpers.TryGetTargetDeviceId(authChain, out string targetDeviceId))
{
Events.InvalidRequestAuthChain(source, authChain);
return(Try <string> .Failure(new ValidationException(HttpStatusCode.BadRequest, FormatErrorResponseMessage($"Invalid request auth chain {authChain}."))));
}
if (!await AuthenticateAsync(actorDeviceId, Option.Some(Constants.EdgeHubModuleId), Option.Some(authChain), httpContext, authenticator))
{
return(Try <string> .Failure(new ValidationException(HttpStatusCode.Unauthorized)));
}
IDeviceScopeIdentitiesCache identitiesCache = edgeHub.GetDeviceScopeIdentitiesCache();
Option <string> targetAuthChain = await identitiesCache.GetAuthChain(targetDeviceId);
return(targetAuthChain.Match(
ac =>
{
if (!AuthChainHelpers.ValidateAuthChain(actorDeviceId, targetDeviceId, ac))
{
Events.AuthorizationFail_InvalidAuthChain(actorDeviceId, targetDeviceId, ac);
return Try <string> .Failure(new ValidationException(HttpStatusCode.Unauthorized));
}
return ac;
},
() =>
{
Events.AuthorizationFail_NoAuthChain(targetDeviceId);
return Try <string> .Failure(new ValidationException(HttpStatusCode.Unauthorized));
}));
}
public async Task DeleteModuleOnBehalfOfAsync(
[FromRoute] string actorDeviceId,
[FromBody] DeleteModuleOnBehalfOfData requestData)
{
try
{
Events.ReceivedOnBehalfOfRequest(nameof(this.DeleteModuleOnBehalfOfAsync), actorDeviceId, Events.GetAdditionalInfo(requestData));
try
{
Preconditions.CheckNonWhiteSpace(actorDeviceId, nameof(actorDeviceId));
Preconditions.CheckNotNull(requestData, nameof(requestData));
Preconditions.CheckNonWhiteSpace(requestData.AuthChain, nameof(requestData.AuthChain));
Preconditions.CheckNonWhiteSpace(requestData.ModuleId, nameof(requestData.ModuleId));
}
catch (Exception ex)
{
Events.BadRequest(nameof(this.DeleteModuleOnBehalfOfAsync), ex.Message);
await this.SendResponseAsync(HttpStatusCode.BadRequest, FormatErrorResponseMessage(ex.ToString()));
return;
}
actorDeviceId = WebUtility.UrlDecode(actorDeviceId);
if (!AuthChainHelpers.TryGetTargetDeviceId(requestData.AuthChain, out string targetDeviceId))
{
Events.InvalidRequestAuthChain(nameof(this.DeleteModuleOnBehalfOfAsync), requestData.AuthChain);
await this.SendResponseAsync(HttpStatusCode.BadRequest, FormatErrorResponseMessage($"Invalid request auth chain {requestData.AuthChain}."));
return;
}
if (!await this.AuthenticateAsync(actorDeviceId, Option.Some(Constants.EdgeHubModuleId), Option.Some(requestData.AuthChain)))
{
await this.SendResponseAsync(HttpStatusCode.Unauthorized);
return;
}
IEdgeHub edgeHub = await this.edgeHubGetter;
IDeviceScopeIdentitiesCache identitiesCache = edgeHub.GetDeviceScopeIdentitiesCache();
Option <string> targetAuthChain = await identitiesCache.GetAuthChain(targetDeviceId);
if (!targetAuthChain.HasValue)
{
Events.AuthorizationFail_NoAuthChain(targetDeviceId);
await this.SendResponseAsync(HttpStatusCode.Unauthorized);
return;
}
string edgeDeviceId = edgeHub.GetEdgeDeviceId();
RegistryApiHttpResult result = await this.apiClient.DeleteModuleAsync(
edgeDeviceId,
new DeleteModuleOnBehalfOfData($"{targetAuthChain.OrDefault()}", requestData.ModuleId));
await this.SendResponseAsync(result.StatusCode, result.JsonContent);
Events.CompleteRequest(nameof(this.DeleteModuleOnBehalfOfAsync), edgeDeviceId, targetAuthChain.OrDefault(), result);
}
catch (Exception ex)
{
Events.InternalServerError(nameof(this.DeleteModuleOnBehalfOfAsync), ex);
await this.SendResponseAsync(HttpStatusCode.InternalServerError, FormatErrorResponseMessage(ex.ToString()));
}
}