public virtual void Save(SecuritySettingsTO securitySettings)
{
VerifyArgument.IsNotNull("securitySettings", securitySettings);
securitySettings.WindowsGroupPermissions.Clear();
Copy(ServerPermissions, securitySettings.WindowsGroupPermissions);
Copy(ResourcePermissions, securitySettings.WindowsGroupPermissions);
}
public void SecuritySettingsTO_Contructor_CallBasicCtor_WindowsGroupPermissionsEmpty()
{
//------------Execute Test---------------------------
var securitySettingsTO = new SecuritySettingsTO();
//------------Assert Results-------------------------
Assert.IsNotNull(securitySettingsTO.WindowsGroupPermissions);
Assert.AreEqual(0, securitySettingsTO.WindowsGroupPermissions.Count);
}
protected override List <WindowsGroupPermission> ReadPermissions()
{
var reader = new SecurityRead();
var result = reader.Execute(null, null);
var serializer = new Dev2JsonSerializer();
SecuritySettingsTO securitySettingsTO = serializer.Deserialize <SecuritySettingsTO>(result);
TimeOutPeriod = securitySettingsTO.CacheTimeout;
return(securitySettingsTO.WindowsGroupPermissions);
}
public void SecuritySettingsTO_Contructor_CallOverloadedCtor_WindowsGroupPermissionsEmpty()
{
//------------Setup for test--------------------------
List <WindowsGroupPermission> permissions = new List <WindowsGroupPermission>();
permissions.Add(new WindowsGroupPermission());
permissions.Add(new WindowsGroupPermission());
//------------Execute Test---------------------------
var securitySettingsTO = new SecuritySettingsTO(permissions);
//------------Assert Results-------------------------
Assert.IsNotNull(securitySettingsTO.WindowsGroupPermissions);
Assert.AreEqual(2, securitySettingsTO.WindowsGroupPermissions.Count);
}
public void SettingsRead_Execute_SecurityReadDoesNotThrowException_HasErrorsIsFalseAndSecurityPermissionsAreAssigned()
{
//------------Setup for test--------------------------
var serializer = new Dev2JsonSerializer();
var securityPermissions = new List <WindowsGroupPermission>
{
new WindowsGroupPermission {
IsServer = true, WindowsGroup = "TestGroup", Permissions = AuthorizationContext.DeployFrom.ToPermissions()
},
new WindowsGroupPermission {
IsServer = true, WindowsGroup = "NETWORK SERVICE", Permissions = AuthorizationContext.DeployTo.ToPermissions()
}
};
var securitySettingsTO = new SecuritySettingsTO(securityPermissions);
var securityRead = new Func <IEsbManagementEndpoint>(() =>
{
var endpoint = new Mock <IEsbManagementEndpoint>();
endpoint.Setup(e => e.Execute(It.IsAny <Dictionary <string, StringBuilder> >(), It.IsAny <IWorkspace>()))
.Returns(new Dev2JsonSerializer().SerializeToBuilder(securitySettingsTO));
return(endpoint.Object);
});
var mockPerfCounterRepo = new Mock <IPerformanceCounterRepository>();
mockPerfCounterRepo.Setup(repository => repository.Counters).Returns(new PerformanceCounterTo());
CustomContainer.Register(mockPerfCounterRepo.Object);
var settingsRead = new TestSettingsRead(securityRead);
//------------Execute Test---------------------------
var jsonPermissions = settingsRead.Execute(null, null);
var settings = serializer.Deserialize <Settings>(jsonPermissions.ToString());
//------------Assert Results-------------------------
Assert.IsNotNull(settings);
Assert.IsNotNull(settings.Security);
Assert.IsFalse(settings.HasError);
var comparer = new WindowsGroupPermissionEqualityComparer();
Assert.AreEqual(2, settings.Security.WindowsGroupPermissions.Count);
for (var i = 0; i < securityPermissions.Count; i++)
{
var result = comparer.Equals(securityPermissions[i], settings.Security.WindowsGroupPermissions[i]);
Assert.IsTrue(result);
}
}
public void SecurityWrite_Write_SecuritySettingsIsNotNull_PersistsSecuritySettings()
{
//------------Setup for test--------------------------
if (File.Exists(EnvironmentVariables.ServerSecuritySettingsFile))
{
File.Delete(EnvironmentVariables.ServerSecuritySettingsFile);
}
var securitySettings = new SecuritySettingsTO();
//------------Execute Test---------------------------
SecurityWrite.Write(securitySettings);
//------------Assert Results-------------------------
Assert.IsTrue(File.Exists(EnvironmentVariables.ServerSecuritySettingsFile));
File.Delete(EnvironmentVariables.ServerSecuritySettingsFile);
}
public void Settings_ShouldAddSecurity()
{
var serializer = new Dev2JsonSerializer();
var securityPermissions = new List <WindowsGroupPermission>
{
new WindowsGroupPermission {
IsServer = true, WindowsGroup = "TestGroup", Permissions = AuthorizationContext.DeployFrom.ToPermissions()
},
new WindowsGroupPermission {
IsServer = true, WindowsGroup = "NETWORK SERVICE", Permissions = AuthorizationContext.DeployTo.ToPermissions()
}
};
var securitySettingsTo = new SecuritySettingsTO(securityPermissions);
var securityRead = new Func <IEsbManagementEndpoint>(() =>
{
var endpoint = new Mock <IEsbManagementEndpoint>();
endpoint.Setup(e => e.Execute(It.IsAny <Dictionary <string, StringBuilder> >(), It.IsAny <IWorkspace>()))
.Returns(new Dev2JsonSerializer().SerializeToBuilder(securitySettingsTo));
return(endpoint.Object);
});
var mockPerfCounterRepo = new Mock <IPerformanceCounterRepository>();
mockPerfCounterRepo.Setup(repository => repository.Counters).Returns(new PerformanceCounterTo());
var settingsRead = new TestSettingsRead(securityRead);
var jsonPermissions = settingsRead.Execute(null, null);
var settings = serializer.Deserialize <Settings.Settings>(jsonPermissions.ToString());
var serialized = settings.ToString();
Assert.IsNotNull(settings);
Assert.IsNotNull(settings.Security);
Assert.AreEqual(2, settings.Security.WindowsGroupPermissions.Count);
}
public virtual async Task ReadAsync()
{
var communicationController = new CommunicationController
{
ServiceName = "SecurityReadService"
};
Dev2Logger.Log.Debug("Getting Permissions from Server");
SecuritySettingsTO securitySettingsTo = await communicationController.ExecuteCommandAsync <SecuritySettingsTO>(EnvironmentConnection, EnvironmentConnection.WorkspaceID);
List <WindowsGroupPermission> newPermissions = null;
if (securitySettingsTo != null)
{
Permissions = securitySettingsTo.WindowsGroupPermissions;
newPermissions = securitySettingsTo.WindowsGroupPermissions;
Dev2Logger.Log.Debug("Permissions from Server:" + Permissions);
}
if (newPermissions != null)
{
RaisePermissionsModified(new PermissionsModifiedEventArgs(newPermissions));
}
RaisePermissionsChanged();
}
public TestSecurityViewModel(SecuritySettingsTO securitySettings, IResourcePickerDialog resourcePicker, DirectoryObjectPickerDialog directoryObjectPicker, IWin32Window parentWindow, IEnvironmentModel environment)
: base(securitySettings, resourcePicker, directoryObjectPicker, parentWindow, environment)
{
}
public override void Save(SecuritySettingsTO securitySettings)
{
SaveHitCount++;
base.Save(securitySettings);
}
public TestSecurityViewModel(SecuritySettingsTO securitySettings, DirectoryObjectPickerDialog directoryObjectPicker, IWin32Window parentWindow, IServer environment)
: base(securitySettings, directoryObjectPicker, parentWindow, environment, () => new Mock <IResourcePickerDialog>().Object)
{
}
public SecurityViewModel(SecuritySettingsTO securitySettings, DirectoryObjectPickerDialog directoryObjectPicker, IWin32Window parentWindow, IServer environment)
: this(securitySettings, directoryObjectPicker, parentWindow, environment, null)
{
}
internal SecurityViewModel(SecuritySettingsTO securitySettings, IWin32Window parentWindow, IServer environment)
: this(securitySettings, new DirectoryObjectPickerDialog(), parentWindow, environment)
{
}
public StringBuilder Execute(Dictionary <string, StringBuilder> values, IWorkspace theWorkspace)
{
Dev2Logger.Log.Debug("Start Security Read");
if (File.Exists(ServerSecurityService.FileName))
{
string encryptedData;
using (var inStream = new FileStream(ServerSecurityService.FileName, FileMode.Open, FileAccess.Read, FileShare.ReadWrite))
{
using (var reader = new StreamReader(inStream))
{
encryptedData = reader.ReadToEnd();
}
}
Dev2Logger.Log.Debug("Security Data Read");
try
{
var decryptData = SecurityEncryption.Decrypt(encryptedData);
Dev2Logger.Log.Debug(decryptData);
var currentSecuritySettingsTo = JsonConvert.DeserializeObject <SecuritySettingsTO>(decryptData);
var permissionGroup = currentSecuritySettingsTo.WindowsGroupPermissions;
// We need to change BuiltIn\Administrators to -> Warewolf Administrators ;)
if (permissionGroup.Count > 0)
{
var adminGrp = permissionGroup[0].WindowsGroup;
if (adminGrp == "BuiltIn\\Administrators")
{
permissionGroup[0].WindowsGroup = WindowsGroupPermission.BuiltInAdministratorsText;
decryptData = JsonConvert.SerializeObject(currentSecuritySettingsTo);
}
}
var hasGuestPermission = permissionGroup.Any(permission => permission.IsBuiltInGuests);
var hasAdminPermission = permissionGroup.Any(permission => permission.IsBuiltInAdministrators);
if (!hasAdminPermission)
{
permissionGroup.Add(WindowsGroupPermission.CreateAdministrators());
permissionGroup.Sort(QuickSortForPermissions);
decryptData = JsonConvert.SerializeObject(currentSecuritySettingsTo);
}
if (!hasGuestPermission)
{
permissionGroup.Add(WindowsGroupPermission.CreateGuests());
permissionGroup.Sort(QuickSortForPermissions);
decryptData = JsonConvert.SerializeObject(currentSecuritySettingsTo);
}
return(new StringBuilder(decryptData));
}
catch (Exception e)
{
Dev2Logger.Log.Error("SecurityRead", e);
}
}
var serializer = new Dev2JsonSerializer();
var securitySettingsTo = new SecuritySettingsTO(DefaultPermissions)
{
CacheTimeout = _cacheTimeout
};
return(serializer.SerializeToBuilder(securitySettingsTo));
}
public void SecurityRead_Execute_WhenSecureConfigDoesExistWithGuestPermission_ShouldHaveExistingPermissions()
{
//------------Setup for test--------------------------
var serverSecuritySettingsFile = EnvironmentVariables.ServerSecuritySettingsFile;
File.Delete(serverSecuritySettingsFile);
var permission = new WindowsGroupPermission {
Administrator = true, IsServer = true, WindowsGroup = Environment.UserName
};
var permission2 = new WindowsGroupPermission {
Administrator = false, DeployFrom = false, IsServer = true, WindowsGroup = "NETWORK SERVICE"
};
var guests = WindowsGroupPermission.CreateGuests();
guests.View = true;
var permission3 = guests;
var windowsGroupPermissions = new List <WindowsGroupPermission> {
permission, permission2, permission3
};
var securitySettings = new SecuritySettingsTO(windowsGroupPermissions)
{
CacheTimeout = new TimeSpan(0, 10, 0)
};
var serializeObject = JsonConvert.SerializeObject(securitySettings);
var securityWrite = new SecurityWrite();
var securityRead = new SecurityRead();
securityWrite.Execute(new Dictionary <string, StringBuilder> {
{ "SecuritySettings", new StringBuilder(serializeObject) }
}, null);
//------------Assert Preconditions-------------------------
Assert.IsTrue(File.Exists(serverSecuritySettingsFile));
//------------Execute Test---------------------------
var jsonPermissions = securityRead.Execute(null, null);
File.Delete("secure.config");
var readSecuritySettings = JsonConvert.DeserializeObject <SecuritySettingsTO>(jsonPermissions.ToString());
//------------Assert Results-------------------------
Assert.AreEqual(4, readSecuritySettings.WindowsGroupPermissions.Count);
var adminPermission = readSecuritySettings.WindowsGroupPermissions.FirstOrDefault(p => p.IsBuiltInAdministrators);
Assert.IsNotNull(adminPermission);
Assert.AreEqual(true, adminPermission.IsServer);
Assert.AreEqual(true, adminPermission.View);
Assert.AreEqual(true, adminPermission.Execute);
Assert.AreEqual(true, adminPermission.Contribute);
Assert.AreEqual(true, adminPermission.DeployTo);
Assert.AreEqual(true, adminPermission.DeployFrom);
Assert.AreEqual(true, adminPermission.Administrator);
var userPermission = readSecuritySettings.WindowsGroupPermissions.FirstOrDefault(p => p.WindowsGroup == Environment.UserName);
Assert.IsNotNull(userPermission);
Assert.AreEqual(true, userPermission.IsServer);
Assert.AreEqual(false, userPermission.View);
Assert.AreEqual(false, userPermission.Execute);
Assert.AreEqual(false, userPermission.Contribute);
Assert.AreEqual(false, userPermission.DeployTo);
Assert.AreEqual(false, userPermission.DeployFrom);
Assert.AreEqual(true, userPermission.Administrator);
var networkServicePermission = readSecuritySettings.WindowsGroupPermissions.FirstOrDefault(p => p.WindowsGroup == "NETWORK SERVICE");
Assert.IsNotNull(networkServicePermission);
Assert.AreEqual(true, networkServicePermission.IsServer);
Assert.AreEqual(false, networkServicePermission.View);
Assert.AreEqual(false, networkServicePermission.Execute);
Assert.AreEqual(false, networkServicePermission.Contribute);
Assert.AreEqual(false, networkServicePermission.DeployTo);
Assert.AreEqual(false, networkServicePermission.DeployFrom);
Assert.AreEqual(false, networkServicePermission.Administrator);
var guestPermission = readSecuritySettings.WindowsGroupPermissions.FirstOrDefault(p => p.WindowsGroup == WindowsGroupPermission.BuiltInGuestsText);
Assert.IsNotNull(guestPermission);
Assert.AreEqual(true, guestPermission.IsServer);
Assert.AreEqual(true, guestPermission.View);
Assert.AreEqual(false, guestPermission.Execute);
Assert.AreEqual(false, guestPermission.Contribute);
Assert.AreEqual(false, guestPermission.DeployTo);
Assert.AreEqual(false, guestPermission.DeployFrom);
Assert.AreEqual(false, guestPermission.Administrator);
Assert.AreEqual(new TimeSpan(0, 10, 0), readSecuritySettings.CacheTimeout);
}
public void JwtManager_GenerateToken_ValidateToken()
{
//------------Setup for test-------------------------
if (File.Exists(EnvironmentVariables.ServerSecuritySettingsFile))
{
File.Delete(EnvironmentVariables.ServerSecuritySettingsFile);
}
var resourceId = Guid.NewGuid();
var resourceName = @"Hello World";
var overrideResource = new NamedGuid
{
Name = "appAuth",
Value = Guid.NewGuid()
};
var permissions = new[]
{
new WindowsGroupPermission
{
IsServer = true, WindowsGroup = "Deploy Admins",
View = false, Execute = false, Contribute = false, DeployTo = true, DeployFrom = true, Administrator = false
},
new WindowsGroupPermission
{
ResourceID = resourceId,
ResourceName = "Category1\\Workflow1",
WindowsGroup = "Public",
View = true,
Execute = true,
Contribute = false
}
};
var hmac = new HMACSHA256();
var secretKey = Convert.ToBase64String(hmac.Key);
var securitySettingsTO = new SecuritySettingsTO(permissions, overrideResource, secretKey);
SecurityWrite.Write(securitySettingsTO);
var payload = "<DataList><UserGroups Description='' IsEditable='True' ColumnIODirection='Output'><Name Description='' IsEditable='True' ColumnIODirection='Output'>public</Name></UserGroups></DataList>";
var res = new Mock <IResource>();
res.Setup(a => a.ResourceName).Returns(resourceName);
res.Setup(resource => resource.ResourceID).Returns(resourceId);
var mockCatalog = new Mock <IResourceCatalog>();
mockCatalog.Setup(a => a.GetResource(It.IsAny <Guid>(), resourceId)).Returns(res.Object);
mockCatalog.Setup(a => a.GetResourcePath(It.IsAny <Guid>(), It.IsAny <Guid>())).Returns("bob\\dave");
CustomContainer.Register(mockCatalog.Object);
var mockResourceNameProvider = new Mock <IResourceNameProvider>();
mockResourceNameProvider.Setup(a => a.GetResourceNameById(It.IsAny <Guid>())).Returns(resourceName);
CustomContainer.Register(mockResourceNameProvider.Object);
//------------Execute Test---------------------------
var securitySettings = new SecuritySettings();
var jwtManager = new JwtManager(securitySettings);
var encryptedPayload = jwtManager.GenerateToken(payload);
var response = jwtManager.ValidateToken(encryptedPayload);
//------------Assert Results-------------------------
Assert.IsNotNull(encryptedPayload);
Assert.AreEqual(payload, response);
}
internal SecurityViewModel(SecuritySettingsTO securitySettings, IWin32Window parentWindow, IEnvironmentModel environment)
: this(securitySettings, new ResourcePickerDialog(enDsfActivityType.All, environment), new DirectoryObjectPickerDialog(), parentWindow, environment)
{
}
