public void GetComplianceUrlTest() { string destination = "test.htm"; string username = "******"; string description = "this & is a test description"; int timestamp = HL7AuthHelper.GetTimestamp(); string requestHash = string.Format("{0}|{1}|{2}|{3}", username, destination, timestamp, Trifolia.Config.AppSettings.HL7ApiKey); string expected = string.Format( "{0}?userid={1}&returnURL={2}&signingURL={2}&signingDescription={3}&requestHash={4}×tampUTCEpoch={5}&apiKey={6}", "http://hl7.amg-hq.net/temp/mike/webservices/compliance_redirect.cfm", username, destination, "this+%26+is+a+test+description", HL7AuthHelper.GetEncrypted(requestHash, Trifolia.Config.AppSettings.HL7SharedKey), timestamp, Trifolia.Config.AppSettings.HL7ApiKey); string actual = HL7AuthHelper.GetComplianceUrl(destination, username, description, timestamp); Assert.AreEqual(expected, actual); }
public void GetTimestampTest() { TimeSpan t = (DateTime.UtcNow - new DateTime(1970, 1, 1)); int expected = (int)t.TotalSeconds; int actual = HL7AuthHelper.GetTimestamp(); Assert.AreEqual(expected, actual); }
public void GetEncryptedTest() { string input = "test123"; string key = "abcdef"; string expected = "117666142a70ffe6b12aeed234dc61c216bb7ffd".ToUpper(); string actual = HL7AuthHelper.GetEncrypted(input, key); Assert.AreEqual(expected, actual); }
public ActionResult DoHL7Login(HL7LoginModel model) { string validateRequestHashFormat = string.Format("{0}|{1}|{2}", model.userid, model.timestampUTCEpoch, AppSettings.HL7ApiKey); string validateRequestHash = HL7AuthHelper.GetEncrypted(validateRequestHashFormat, AppSettings.HL7SharedKey); // The hash does not match what we expect, this is an invalid request if (validateRequestHash != model.requestHash) { Log.For(this).Error("Invalid attempt to login as HL7 user with user ID {0} and request hash '{1}'", model.userid, model.requestHash); return(Redirect("/?Message=" + App_GlobalResources.TrifoliaLang.HL7AttemptInvalid)); } try { // Verify that the request sent from HL7 took less than 5 minutes if (!HL7AuthHelper.ValidateTimestamp(model.timestampUTCEpoch)) { Log.For(this).Warn("Request to login took longer than 5 minutes to reach the server."); return(Redirect("/?Message=" + App_GlobalResources.TrifoliaLang.HL7AuthTimeout)); } } catch { Log.For(this).Error("Timestamp passed in request to HL7 login is not a valid timestamp: {0}", model.timestampUTCEpoch); return(Redirect("/?Message=An error occurred while logging in.")); } string userData = string.Format("{0}=HL7;{1}={2};{3}={4}", CheckPoint.AUTH_DATA_ORGANIZATION, CheckPoint.AUTH_DATA_USERID, model.userid, CheckPoint.AUTH_DATA_ROLES, model.roles); FormsAuthenticationTicket authTicket = new FormsAuthenticationTicket(1, model.userid, DateTime.Now, DateTime.Now.AddDays(20), true, userData); string encAuthTicket = FormsAuthentication.Encrypt(authTicket); HttpCookie faCookie = new HttpCookie(FormsAuthentication.FormsCookieName, encAuthTicket); faCookie.Expires = DateTime.Now.AddDays(20); if (Response.Cookies[FormsAuthentication.FormsCookieName] != null) { Response.Cookies.Set(faCookie); } else { Response.Cookies.Add(faCookie); } CheckPoint.Instance.CheckHL7Roles(model.userid, model.roles); // Audit the login AuditEntryExtension.SaveAuditEntry("Login", "Success", model.userid, "HL7"); // Either return the user to the specified url, or to the default homepage if none is specified return(Redirect(!string.IsNullOrEmpty(model.ReturnUrl) ? model.ReturnUrl : "/")); }
/// <summary> /// Checks if the authenticated user is from the HL7 organization. /// If yes, a redirect ActionResult is returned that forwards the user to the HL7 disclaimer page. /// The action result includes a redirectUrl parameter that tells HL7 to redirect the user back to trifolia. /// The redirectUrl parameter of the returned ActionResult includes the retAction passed to this method /// and an implementationGuideId param for the ig. /// </summary> private ActionResult BeforeExport(ImplementationGuide ig, string retAction) { bool dy = false; bool.TryParse(Request.Params["dy"], out dy); // If the user is HL7 authenticated, they must sign a disclaimer before generating the IG if (CheckPoint.Instance.OrganizationName == "HL7" && !dy) { Dictionary <string, string> authData = CheckPoint.Instance.GetAuthenticatedData(); string userId = authData["UserId"]; string url = HL7AuthHelper.GetComplianceUrl( Url.Action(retAction, "Export", new { implementationGuideId = ig.Id, dy = true }, Request.Url.Scheme), userId, ig.Name); return(Redirect(url)); } return(null); }