private void UpdateCredentialValue(CredentialValue value)
{
const string StoredProcedureName = "[LAF].[csp_UpdateCredentialValue]";
var parameters = new { value.CredentialValueId, value.Value, value.Description };
this.RunQuery <int>(StoredProcedureName, parameters);
}
public Task Update(CredentialValue value)
{
var serialized = JsonSerializer.Serialize(new CredentialValueRecord(value));
var encrypted = new EncryptedValue(dataProtector, serialized).Value();
return(Persist(key, encrypted));
}
public void AddCredentialValueAndAssociatedUserGroupToExistingDaUserGroup(CredentialValue credentialValue,
string sourceApplicationUrl,
int daUserGroupId,
out UserGroup createdUserGroup,
out CredentialValue
createdLafUserGroupCredentialValueForExistingDaUserGroup)
{
UserGroupCredentialValue createdUserGroupCredentialValue;
var lafUserGroupCredentialId = this.GetIdForLafUserGroupCredential();
InsertCredentialValueAndAssociatedUserGroup(credentialValue, out createdUserGroup, out createdUserGroupCredentialValue);
credentialValue.AssociatedUserGroup = createdUserGroup;
credentialValue.AssociatedUserGroupCredentialValue = createdUserGroupCredentialValue;
createdLafUserGroupCredentialValueForExistingDaUserGroup = new CredentialValue
{
CredentialId = lafUserGroupCredentialId,
SourceApplicationId = createdUserGroup.ApplicationId,
Value = createdUserGroup.UserGroupId.ToString(CultureInfo.InvariantCulture),
Description = string.Format("LAF {0} LafUserGroup", createdUserGroup.Name)
};
InsertCredentialValue(createdLafUserGroupCredentialValueForExistingDaUserGroup);
var userGroupCredentialValue = new UserGroupCredentialValue
{
CredentialValueId = createdLafUserGroupCredentialValueForExistingDaUserGroup.CredentialValueId,
UserGroupId = daUserGroupId
};
InsertUserGroupCredentialValue(userGroupCredentialValue);
}
private CredentialValue GetCredentialValue(string applicationUrl, string credentialUrnName, string value, string description)
{
applicationUrl = applicationUrl.GetSanitisedApplicationUrl();
var id = this.credentialRepository.GetCredentialId(applicationUrl, credentialUrnName);
if (HasNoMatchingCredentialElement(id))
{
throw new ApplicationException("No valid Credential could be found");
}
using (var operation = BeginDirtyOperation())
{
if (this.credentialRepository.DoesCredentialValueAlreadyExist(id, value))
{
return(null);
}
operation.Complete();
}
var credentialElementValue = new CredentialValue
{
CredentialId = id,
Value = value,
Description = description
};
return(credentialElementValue);
}
//TODO - move these UserGroup methods into their own UserGroup Repository, and use dependency injection to allow the Credential and UserGroup repositories to use each other's methods.
// I wish whole-heartedly and unreservedly to apologise to all who may look at this code in times to come, for the haphazard methods, with their inexplicable
// mixes of functionality (I give you AddDevolvedAdminUserGroupForGivenUserGroup and AddDevolvedAdminUserGroupForGivenUserGroup by way of example), for the bits that are
// in the wrong place, and for - well, just for the mess, really. In my defence, this has been written so bittily, so hurriedly, and with so many interruptions
// that the fact it works at all is a small miracle of which I am, dare I boast it, even a little proud, despite its manifold horrors, because it was written in
// adversity, and with project deadlines coming at me from all directions.
// Nonetheless, it is what it is, and I throw myself on the mercy of the court. Please try to be understanding. PM 18/09/2013
public void AddDevolvedAdminUserGroupForGivenUserGroup(string name, string description,
UserGroup userGroupForWhichADevolvedAdminUserGroupIsToBeCreated,
out UserGroup createdDaUserGroup,
out CredentialValue createdLafUserGroupCredentialValueForCreatedDaUserGroup)
{
var lafUserGroupCredentialId = GetIdForLafUserGroupCredential();
createdDaUserGroup = new UserGroup {
Description = description, Name = name
};
InsertDevolvedAdminUserGroup(createdDaUserGroup);
InsertDevolvedAdminRoleUserGroupCredentialValue(createdDaUserGroup.UserGroupId);
createdLafUserGroupCredentialValueForCreatedDaUserGroup = new CredentialValue
{
CredentialId = lafUserGroupCredentialId,
SourceApplicationId = userGroupForWhichADevolvedAdminUserGroupIsToBeCreated.ApplicationId,
Value = userGroupForWhichADevolvedAdminUserGroupIsToBeCreated.UserGroupId.ToString(CultureInfo.InvariantCulture),
Description = string.Format("LAF {0} LafUserGroup", userGroupForWhichADevolvedAdminUserGroupIsToBeCreated.Name)
};
InsertCredentialValue(createdLafUserGroupCredentialValueForCreatedDaUserGroup);
var userGroupCredentialValue = new UserGroupCredentialValue
{
CredentialValueId = createdLafUserGroupCredentialValueForCreatedDaUserGroup.CredentialValueId,
UserGroupId = createdDaUserGroup.UserGroupId
};
InsertUserGroupCredentialValue(userGroupCredentialValue);
}
public void AddCredentialValueAndAssociatedUserGroupToExistingDaUserGroup(string applicationUrl,
string credentialUrnName,
string credentialValueValue,
string credentialValueDescription,
int daUserGroupId,
out CredentialValue
createdCredentialValue,
out UserGroup createdUserGroup)
{
createdCredentialValue = this.GetCredentialValue(applicationUrl, credentialUrnName, credentialValueValue,
credentialValueDescription);
if (createdCredentialValue == null)
{
throw new ApplicationException("An attempt was made to create a CredentialValue that already exists.");
}
CredentialValue createdLafUserGroupCredentialValueForExistingDaUserGroup;
using (var operation = BeginOperation())
{
this.credentialRepository.AddCredentialValueAndAssociatedUserGroupToExistingDaUserGroup(
createdCredentialValue,
applicationUrl,
daUserGroupId,
out createdUserGroup,
out createdLafUserGroupCredentialValueForExistingDaUserGroup);
operation.Complete();
}
this.auditTasks.WriteEntry(CredentialValueAction.Created,
AuditInformation.Create().WithCredentialValues(createdCredentialValue));
this.auditTasks.WriteEntry(UserGroupAction.Created,
AuditInformation.Create()
.WithUserGroup(createdCredentialValue.AssociatedUserGroup));
this.auditTasks.WriteEntry(UserGroupAction.CredentialAdded,
AuditInformation.Create()
.WithUserGroupCredentialValues(
createdCredentialValue.AssociatedUserGroupCredentialValue));
this.auditTasks.WriteEntry(CredentialValueAction.Created,
AuditInformation.Create()
.WithCredentialValues(
createdLafUserGroupCredentialValueForExistingDaUserGroup));
var daUserGroupCredentialValues =
this.credentialRepository.GetUserGroupCredentialValuesByUserGroupId(daUserGroupId);
var createdUgcv =
daUserGroupCredentialValues.FindAll(
x =>
x.CredentialValueId == createdLafUserGroupCredentialValueForExistingDaUserGroup.CredentialValueId)
.ToArray();
this.auditTasks.WriteEntry(UserGroupAction.CredentialAdded,
AuditInformation.Create()
.WithUserGroupCredentialValues(createdUgcv));
}
protected override ActivityExecutionStatus Execute(ActivityExecutionContext executionContext)
{
//Check if activity is allowed to run
ActivityActivationReference.IsAllowed(this, __Context.Web);
//Resolve tags in string (variables, etc)
NWWorkflowContext ctx = NWWorkflowContext.GetContext(__Context, new Guid(__ListId), __ListItem.Id, WorkflowInstanceId, this);
//Activity has begun executing
base.LogProgressStart(ctx);
LogHelper.LogInfo(Cat, "NTX PowerShell running at: " + this.__Context.CurrentItemUrl);
//Determine if a Workflow Constant is being used for authentication
string runtimeUsername = null;
string runtimePassword = null;
if (LoginUserName.Contains("WFConstant") & LoginPassword == "")
{
CredentialValue.DetermineRuntimeCredentials(LoginUserName, LoginPassword, out runtimeUsername,
out runtimePassword, ctx.Context.Web.ID, ctx.Context.Site.ID);
}
else
{
runtimeUsername = LoginUserName;
runtimePassword = LoginPassword;
}
String script = ctx.AddContextDataToString(PSScript);
try
{
var ps = new PSHelper();
LogHelper.LogInfo(Cat, "Executing script as " + runtimeUsername + " on " + ComputerName + AppName + ":" + PortNumber + " SSL Enabled: " + SSLEnabled);
ps.CreatePowerShellRunspace(SSLEnabled, ComputerName, PortNumber, AppName, ShellUri, runtimeUsername, runtimePassword);
ps.SetRunSpaceVariable("NTXWorkflowContext", __Context);
ps.SetRunSpaceVariable("NTXListID", new Guid(__ListId));
ps.SetRunSpaceVariable("NTXWorkflowInstanceID", new Guid(__ListId));
LogHelper.LogInfo(Cat, "NTX PowerShell RunSpaceVariables loaded");
ps.AddScriptToPipeLine(script);
LogHelper.LogInfo(Cat, "NTX PowerShell Script loaded: " + script);
ps.ConvertPipeContentsToString();
ResultOutput = ps.ProcessResultsToString(ps.InvokePipeline());
//Added to ensure runspaces are closed after execution completes. https://msdn.microsoft.com/en-us/library/system.management.automation.runspaces.runspacefactory(v=vs.85).aspx
ps.DisposePowerShellRunspace();
}
catch (Exception e)
{
ResultOutput = e.ToString();
LogHelper.LogException(Cat, e);
}
//activity has stopped executing
base.LogProgressEnd(ctx, executionContext);
LogHelper.LogInfo(Cat, "NTX PowerShell completed at: " + __Context.CurrentItemUrl);
return(ActivityExecutionStatus.Closed);
}
private async Task storeCredentials(string envName, CredentialValue storedCredentials)
{
var sp = setup(envName);
var factory = getSecretCredentialsFactory(sp);
var secretCredentials = factory.Create("Test");
secretCredentials.Delete();
await secretCredentials.Update(storedCredentials);
}
public void AddCredentialValueAndAssociatedUserGroup(CredentialValue credentialValue,
out UserGroup createdUserGroup)
{
UserGroupCredentialValue createdUserGroupCredentialValue;
InsertCredentialValueAndAssociatedUserGroup(credentialValue, out createdUserGroup, out createdUserGroupCredentialValue);
credentialValue.AssociatedUserGroup = createdUserGroup;
credentialValue.AssociatedUserGroupCredentialValue = createdUserGroupCredentialValue;
}
public void Save(CredentialValue value)
{
if (value.IsNewEntity())
{
this.InsertCredentialValue(value);
}
else
{
UpdateCredentialValue(value);
}
}
public void AddCredentialValue(CredentialValue credentialValue)
{
using (var operation = BeginOperation())
{
this.credentialRepository.Save(credentialValue);
operation.Complete();
}
this.auditTasks.WriteEntry(CredentialValueAction.Created,
AuditInformation.Create().WithCredentialValues(credentialValue));
}
public async Task ShouldStoreAndRetrieveCredentials()
{
var sp = setup();
var factory = getSecretCredentialsFactory(sp);
var secretCredentials = factory.Create("Test");
var storedCredentials = new CredentialValue("Someone", "Password");
await secretCredentials.Update(storedCredentials);
var retrievedCredentials = await secretCredentials.Value();
Assert.That(retrievedCredentials, Is.EqualTo(storedCredentials), "Should store and retrieve credentials");
}
public async Task ShouldEncryptCredentials()
{
var sp = setup();
var factory = getSecretCredentailsFactory(sp);
var secretCredentials = factory.Create("Test");
var storedCredentials = new CredentialValue("Someone", "Password");
await secretCredentials.Update(storedCredentials);
Assert.That
(
secretCredentials.StoredText,
Is.Not.EqualTo(JsonSerializer.Serialize(storedCredentials)),
"Should encrypt credentials"
);
}
public void AddCredentialValueAndAssociatedUserGroupAndDaUserGroup(CredentialValue credentialValue,
out UserGroup createdUserGroup,
out UserGroup createdDaUserGroup,
out CredentialValue
createdLafUserGroupCredentialValueForCreatedDaUserGroup)
{
AddCredentialValueAndAssociatedUserGroup(credentialValue, out createdUserGroup);
var daUserGroupText = string.Format("LAF DA_{0} {1}", credentialValue.AssociatedUserGroup.Name, credentialValue.AssociatedUserGroup.Description);
this.AddDevolvedAdminUserGroupForGivenUserGroup(daUserGroupText,
daUserGroupText,
createdUserGroup,
out createdDaUserGroup,
out createdLafUserGroupCredentialValueForCreatedDaUserGroup);
}
private void InsertCredentialValueAndAssociatedUserGroup(CredentialValue credentialValue, out UserGroup createdUserGroup,
out UserGroupCredentialValue createdUserGroupCredentialValue)
{
InsertCredentialValue(credentialValue);
createdUserGroup = new UserGroup {
Description = credentialValue.Description, Name = credentialValue.Value
};
InsertUserGroupWithGeneratedApplicationDetails(createdUserGroup, credentialValue.CredentialId);
createdUserGroupCredentialValue = new UserGroupCredentialValue
{
CredentialValueId = credentialValue.CredentialValueId,
UserGroupId = createdUserGroup.UserGroupId
};
InsertUserGroupCredentialValue(createdUserGroupCredentialValue);
}
public async Task ShouldStoreAndRetrieveCredentialsFromAllEnvironments()
{
var storedCredentials = new CredentialValue("Someone", "Password");
await storeCredentials("Test", storedCredentials);
var retrievedCredentials = await retrieveCredentials("Development");
Assert.That(retrievedCredentials, Is.EqualTo(storedCredentials), "Should retrieve shared credentials");
retrievedCredentials = await retrieveCredentials("Staging");
Assert.That(retrievedCredentials, Is.EqualTo(storedCredentials), "Should retrieve shared credentials");
retrievedCredentials = await retrieveCredentials("Production");
Assert.That(retrievedCredentials, Is.EqualTo(storedCredentials), "Should retrieve shared credentials");
}
public void Save(CredentialValue value)
{
var isNew = value.IsNewEntity();
var action = CredentialValueAction.Created;
if (!isNew)
{
action = CredentialValueAction.Edited;
}
using (var operation = BeginOperation())
{
this.credentialRepository.Save(value);
operation.Complete();
}
this.auditTasks.WriteEntry(action, AuditInformation.Create().WithCredentialValues(value));
}
private static async Task <CredentialValue> retrieveCredentials(IServiceProvider sp, string credentialKey)
{
var path = getSecretsToolPath();
var hostEnv = sp.GetService <IHostEnvironment>();
var options = new SecretsToolOptions
{
Command = "Get",
CredentialKey = credentialKey
};
var process = new XtiProcess(path)
.UseEnvironment(hostEnv.EnvironmentName)
.AddConfigOptions(options);
var result = await process.Run();
result.EnsureExitCodeIsZero();
var output = result.Data <SecretsToolOutput>();
var secretCredentialsValue = new CredentialValue(output.UserName, output.Password);
return(secretCredentialsValue);
}
private void InsertCredentialValue(CredentialValue credentialValue)
{
const string CredentialValueStoredProcedureName = "[LAF].[csp_InsertCredentialValueWithSourceApplicationId]";
var sourceApplicationId = credentialValue.SourceApplicationId == 0
? null
: credentialValue.SourceApplicationId;
var parameters = new DynamicParameters(new
{
credentialValue.CredentialId,
sourceApplicationId,
credentialValue.Value,
credentialValue.Description,
});
var foundId = this.RunQuery <int>(CredentialValueStoredProcedureName, parameters).FirstOrDefault();
credentialValue.CredentialValueId = Convert.ToInt32(foundId);
}
private static async Task <CredentialValue> addSystemUser(IServiceProvider sp, AppKey appKey)
{
Console.WriteLine("Adding system user");
var machineName = getMachineName(sp);
var dashIndex = machineName.IndexOf(".");
if (dashIndex > -1)
{
machineName = machineName.Substring(0, dashIndex);
}
var hubApi = sp.GetService <HubAppApi>();
var password = $"{Guid.NewGuid():N}?!";
var systemUser = await hubApi.AppRegistration.AddSystemUser.Invoke(new AddSystemUserRequest
{
AppKey = appKey,
MachineName = machineName,
Password = password
});
var credentials = new CredentialValue(systemUser.UserName, password);
Console.WriteLine($"Added system user '{systemUser.UserName}'");
return(credentials);
}
public CredentialValueRecord(CredentialValue credentialValue)
{
UserName = credentialValue.UserName;
Password = credentialValue.Password;
}
public SimpleCredentials(CredentialValue value)
{
this.value = value;
}
public static bool IsNewEntity(this CredentialValue value)
{
var newEntity = value.CredentialValueId == 0;
return(newEntity);
}
private static async Task runLocalInstall(IServiceProvider sp, string versionKey, CredentialValue credential)
{
var hostEnv = sp.GetService <IHostEnvironment>();
var options = sp.GetService <IOptions <InstallOptions> >().Value;
var installProcessPath = Path.Combine
(
Environment.GetEnvironmentVariable("XTI_Dir"),
"Tools",
"LocalInstallApp",
"LocalInstallApp.exe"
);
var installProcess = new XtiProcess(installProcessPath)
.UseEnvironment(hostEnv.EnvironmentName)
.AddConfigOptions
(
new
{
AppName = options.AppName,
AppType = options.AppType,
VersionKey = versionKey,
SystemUserName = credential.UserName,
SystemPassword = credential.Password
}
);
Console.WriteLine("Running Local Install");
var result = await installProcess
.WriteOutputToConsole()
.Run();
result.EnsureExitCodeIsZero();
}
public void AddLafCredentialValue(CredentialValue credentialValue, int sourceApplicationId)
{
credentialValue.SourceApplicationId = sourceApplicationId;
InsertCredentialValue(credentialValue);
}