//Edit for R184 public LogObject AuthenticationItem_ToLogObject(string RequestId, string User, string Type, string Name, AuthenticationObject Parameters, ErrorObject WebServiceResponse = null) { LogObject logObject = new LogObject(); Dictionary<string, string> response = new Dictionary<string, string>(); Dictionary<string, string> parameters = new Dictionary<string, string>(); logObject.TimeStamp = DateTime.Now; logObject.RequestId = RequestId; logObject.User = User; logObject.Type = Type; logObject.Name = Name; parameters.Add("Authentication Type", Parameters.AuthenticationType); parameters.Add("ApiUser", Parameters.ApiUser); parameters.Add("SharedSecret", Parameters.SharedSecret); logObject.Parameters = parameters; if (WebServiceResponse == null) { response.Add("REQUEST_SUCCESSFUL", "The request was successful."); } else { response.Add(WebServiceResponse.ErrorKey, WebServiceResponse.Message); } logObject.Response = response; return logObject; }
protected override Task<HttpResponseMessage> SendAsync( HttpRequestMessage request, CancellationToken cancellationToken) { LoggingUtility log = LoggerFactory.GetLogger(); ErrorUtil errorUtil = new ErrorUtil(); LogObject logObject = new LogObject(); int Error = 0; var tsc = new TaskCompletionSource<HttpResponseMessage>(); string _requestId; var QueryValues = request.GetQueryNameValuePairs().ToDictionary(x => x.Key, x => x.Value); QueryValues.TryGetValue("requestId", out _requestId); if (String.IsNullOrEmpty(_requestId)) _requestId = Guid.NewGuid().ToString(); log.ProcessingDebug(_requestId, "Full request URL:" + request.RequestUri.AbsoluteUri); request.Properties.Add("requestId", _requestId); AuthenticationResponse _responseEnvelope = new AuthenticationResponse(_requestId); if (new CommonMethods().IsArgumentFormat(request.RequestUri.OriginalString)) request = new CommonMethods().CombobulateArgumentRequest(request); if (new CommonMethods().IsLegacyFormat(request.RequestUri.OriginalString)) request = new CommonMethods().CombobulateRequest(request); AuthenticationObject authenticationObject = new CommonMethods().GetAuthenticationHeader(request); //If header does not contain the required credentials then add an error to the response envelope else if (authenticationObject == null || authenticationObject.AuthenticationType == null || authenticationObject.ApiUser == null || authenticationObject.SharedSecret == null) { Error = ErrorKey.ERR_HUB_AUTHENTICATION_FAILED; authenticationObject = new AuthenticationObject(); } //Check authentication else { Error = Authenticate(authenticationObject, _requestId); } if (Error != 0) { Dictionary<string, string> parameters = new Dictionary<string, string>(); parameters.Add("ApiUser", authenticationObject.ApiUser); _responseEnvelope.Data.Errors.Add(new ErrorObject(Error, parameters)); logObject = new CommonMethods().Authentication_ToLogObject(_requestId, authenticationObject.ApiUser, OperationType, OperationName, authenticationObject, _responseEnvelope.Data.Errors); log.InfoJson(logObject); var response = FormatErrorResponse(request, HttpStatusCode.OK, _responseEnvelope); tsc.SetResult(response); return tsc.Task; } else { logObject = new CommonMethods().Authentication_ToLogObject(_requestId, authenticationObject.ApiUser, OperationType, OperationName, authenticationObject, _responseEnvelope.Data.Errors); log.InfoJson(logObject); var Response = base.SendAsync(request, cancellationToken); return Response; } }
private int Authenticate(AuthenticationObject authenticationObject, string _requestId) { HourlyDigest hourlyDigest = new HourlyDigest(AdminUser, AdminPassword, AdminKey); string AdminSharedSecret = hourlyDigest.CalculateDigest(DateTime.UtcNow); if (authenticationObject.ApiUser == AdminUser && authenticationObject.SharedSecret == AdminSharedSecret) { HttpContext.Current.User = new GenericPrincipal(new GenericIdentity(authenticationObject.ApiUser, authenticationObject.AuthenticationType), new String[] { "Admin" }); return 0; } else return ErrorKey.ERR_HUB_AUTHENTICATION_FAILED; }
protected override Task<HttpResponseMessage> SendAsync( HttpRequestMessage request, CancellationToken cancellationToken) { LoggingUtility log = LoggerFactory.GetLogger(); string _requestId = request.Properties["requestId"].ToString(); ErrorUtil errorUtil = new ErrorUtil(); RpcAuthenticationResponse _responseEnvelope = new RpcAuthenticationResponse(_requestId); LogObject logObject = new LogObject(); var errorResponse = new HttpResponseMessage(); var tsc = new TaskCompletionSource<HttpResponseMessage>(); //Initialize the error to 0 to be able to check later if there is any error in the request int Error = 0; if (new CommonMethods().IsLegacyFormat(request.RequestUri.OriginalString)) request = new CommonMethods().CombobulateRequest(request); AuthenticationObject authenticationObject = new CommonMethods().GetAuthenticationHeader(request); if (authenticationObject == null || authenticationObject.AuthenticationType == null || authenticationObject.ApiUser == null || authenticationObject.SharedSecret == null) { Error = ErrorKey.ERR_HUB_AUTHENTICATION_FAILED; authenticationObject = new AuthenticationObject(); } //Authenticate with pmp else { Error = PmpAuth(authenticationObject); } //The following logic has been added to enforce xml output by default if no or incompatible application value is specified in the request header var responseType = request.GetRequestContext().Url.Request.Headers.Accept.LastOrDefault(); if (responseType != null && responseType.ToString().ToLower().Equals("application/json")) request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); else request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/xml")); if (Error != 0) { _responseEnvelope.Data.Errors.Add(new ErrorObject(Error)); errorResponse = new MethodsApi().FormatRpcErrorResponse(request, HttpStatusCode.Unauthorized, _responseEnvelope); //R185 Modification logObject = new CommonMethods().Authentication_ToLogObject(_requestId, authenticationObject.ApiUser, OperationType, OperationName, authenticationObject, _responseEnvelope.Data.Errors); log.InfoJson(logObject); tsc.SetResult(errorResponse); return tsc.Task; } //Authentication succeeded...continue with the request else { // This piece of code has been added to unit test this handler // In case of success we are returning an empty RpcAuthenticationResponse if (xunit) { tsc.SetResult(new MethodsApi().FormatRpcErrorResponse(request, HttpStatusCode.OK, _responseEnvelope)); return tsc.Task; } logObject = new CommonMethods().Authentication_ToLogObject(_requestId, authenticationObject.ApiUser, OperationType, OperationName, authenticationObject, _responseEnvelope.Data.Errors); log.InfoJson(logObject); var rpcResponse = base.SendAsync(request, cancellationToken); //Check if request has missing parameters (e.g. does not specify the term id or the offer id in the url) if (rpcResponse.Result.StatusCode == HttpStatusCode.NotFound) { _responseEnvelope.Data.Errors.Add(new ErrorObject(ErrorKey.ERR_HUB_MISSING_DATA_ARGUMENTS)); //Log the error Dictionary<string, string> parameters = new Dictionary<string, string>(); parameters.Add("URL", rpcResponse.Result.RequestMessage.RequestUri.PathAndQuery); log.InfoJson(new Methods().Error_ToLogObject(_requestId, authenticationObject.ApiUser, OperationType, operationName.ApiCall.ToString(), parameters, _responseEnvelope.Data.Errors)); errorResponse = new MethodsApi().FormatRpcErrorResponse(request, HttpStatusCode.NotFound, _responseEnvelope); tsc.SetResult(errorResponse); return tsc.Task; } return rpcResponse; } }
private int PmpAuth(AuthenticationObject authenticationObject) { int error = 0; try { IPmp Pmp = PMP(); //If Pmp failed to authenticated the request then set the error to authentication failed if (!Pmp.Authenticate(authenticationObject.ApiUser, authenticationObject.SharedSecret)) { error = ErrorKey.ERR_HUB_AUTHENTICATION_FAILED; } } catch { //Something bad happened (E.g. connection to pmp failed) error = ErrorKey.ERR_HUB_AUTHENTICATION_FAILED; } return error; }
protected override Task<HttpResponseMessage> SendAsync( HttpRequestMessage request, CancellationToken cancellationToken) { LoggingUtility log = LoggerFactory.GetLogger(); ErrorUtil errorUtil = new ErrorUtil(); LogObject logObject = new LogObject(); var tsc = new TaskCompletionSource<HttpResponseMessage>(); string _requestId = request.Properties["requestId"].ToString(); ProviderAuthenticationResponse _responseEnvelope = new ProviderAuthenticationResponse(_requestId); //Initialize the error to 0 to be able to check later if there is any error in the request int Error = 0; //Get the authentication credentials AuthenticationObject authenticationObject = new CommonMethods().GetAuthenticationHeader(request); //If header does not contain the required credentials then add an error to the response envelope else if (authenticationObject == null || authenticationObject.AuthenticationType == null || authenticationObject.ApiUser == null || authenticationObject.SharedSecret == null) { Error = ErrorKey.ERR_PROVIDER_AUTHENTICATION_FAILED; authenticationObject = new AuthenticationObject(); } //Authenticate with pmp else { Error = PmpAuth(authenticationObject, _requestId); } //Error different then 0, send back the request with an error message if (Error != 0) { Dictionary<string, string> parameters = new Dictionary<string, string>(); parameters.Add("ApiUser", authenticationObject.ApiUser); //Add the error in the response envelope //Edit for R184 _responseEnvelope.Data.Errors.Add(new ErrorObject(Error, parameters)); //R185 Modification //_responseEnvelope.Data.Errors.Add(new ErrorObject(Error, parameters)); //Log the error //Edit for R184 logObject = new CommonMethods().Authentication_ToLogObject(_requestId, authenticationObject.ApiUser, OperationType, OperationName, authenticationObject, _responseEnvelope.Data.Errors); //R185 Modification //logObject = new Methods().Authentication_ToLogObject(_requestId, authenticationObject.ApiUser, OperationType, OperationName, authenticationObject, _responseEnvelope.Data.Errors); log.InfoJson(logObject); var response = new MethodsApi().FormatProviderErrorResponse(request, HttpStatusCode.OK, _responseEnvelope); //Return back the results tsc.SetResult(response); return tsc.Task; } //Authentication succeeded...continue with the request else { //Authentication and authorization were successful, log the request and continue processing //Edit for R184 logObject = new CommonMethods().Authentication_ToLogObject(_requestId, authenticationObject.ApiUser, OperationType, OperationName, authenticationObject, _responseEnvelope.Data.Errors); //R185 Modification //logObject = new Methods().Authentication_ToLogObject(_requestId, authenticationObject.ApiUser, OperationType, OperationName, authenticationObject, _responseEnvelope.Data.Errors); log.InfoJson(logObject); // This piece of code has been added to unit test this handler // In case of success we are returning an empty ProviderAuthenticationResponse if (xunit) { tsc.SetResult(new MethodsApi().FormatProviderErrorResponse(request, HttpStatusCode.OK, _responseEnvelope)); return tsc.Task; } var providerResponse = base.SendAsync(request, cancellationToken); //Check if request has missing action name (e.g. does not specify the action for liveoffers) if (providerResponse.Result.StatusCode == HttpStatusCode.InternalServerError) { _responseEnvelope.Data.Errors.Add(new ErrorObject(ErrorKey.ERR_PROVIDER_MISSING_ACTION)); var response = new MethodsApi().FormatProviderErrorResponse(request, HttpStatusCode.OK, _responseEnvelope); //Log the error Dictionary<string, string> parameters = new Dictionary<string, string>(); parameters.Add("URL", providerResponse.Result.RequestMessage.RequestUri.AbsolutePath); log.InfoJson(new Methods().Error_ToLogObject(_requestId, authenticationObject.ApiUser, OperationType, operationName.ApiCall.ToString(), parameters, _responseEnvelope.Data.Errors)); tsc.SetResult(response); return tsc.Task; } return providerResponse; } }
/// <summary> /// Method that will contact pmp and check if the request sent is authenticated. /// If it is authenticated it will check if the provider is authorized to use the offer service /// </summary> /// <param name="message"></param> /// <param name="Error"></param> private int PmpAuth(AuthenticationObject authenticationObject, string _requestId) { bool isPmpAuthenticated = false; bool isAuthorized = false; int error = 0; try { IPmp Pmp = PMP(); //Communicate with pmp the provider apiUser and SharedSecret isPmpAuthenticated = Pmp.Authenticate(authenticationObject.ApiUser, authenticationObject.SharedSecret); if (isPmpAuthenticated) { isAuthorized = Pmp.Authorize(authenticationObject.ApiUser, offerServiceUserResource); if (isAuthorized) { //Provider is authorized, mark the request as authorized and continue processing if (HttpContext.Current != null) { HttpContext.Current.User = new GenericPrincipal(new GenericIdentity(authenticationObject.ApiUser, authenticationObject.AuthenticationType), new String[] { "Provider" }); } var localProvider = ProviderRepository().SelectByProviderId(authenticationObject.ApiUser); //Checking local database for provider URL Code if (localProvider == null || (DateTime.Now - localProvider.Update_Date).TotalMinutes > Convert.ToInt32(ConfigurationManager.AppSettings["PROVIDER_MANAGEMENT_CHECK_INTERVAL"])) { LoggerFactory.GetLogger().Debug("The provider is either not up to date or does not exist in Offer Service database. Calling the showMainstreamProviders service to get the updated information."); var providerExist = true; var providerEnabled = true;//Enabled status in this context means that he is enabled + has at least 1 welcomeUrlCode //Call the netmr web service var showMainstreamProviderResponse = CSSProviders().GetMainstreamProviderInfo(authenticationObject.ApiUser); if (showMainstreamProviderResponse.Errors != null && showMainstreamProviderResponse.MainstreamProviderObject == null) { providerExist = false; LoggerFactory.GetLogger().ErrorJson(new CommonMethods().Authentication_ToLogObject(_requestId, authenticationObject.ApiUser, OperationType, OperationName, authenticationObject, new List<ErrorObject>() { new ErrorObject() { ErrorKey = "ERR_GTM_PROVIDER_NOT_FOUND", Message = "Provider was not found in GTM database." } })); if (localProvider != null) { ProviderRepository().Delete(localProvider.Id); } } else { if (!showMainstreamProviderResponse.MainstreamProviderObject.Exists(msp => msp.Enabled == true)) { providerEnabled = false; } } if (providerExist) { var providerFromServiceResponse = showMainstreamProviderResponse.MainstreamProviderObject.Find(msp => msp.ProviderId == authenticationObject.ApiUser); //Initializing the new provider information ProviderObject provider = new ProviderObject(); if (providerFromServiceResponse != null) { provider.ProviderId = providerFromServiceResponse.ProviderId; provider.WelcomeURLCode = providerFromServiceResponse.WelcomeUrlCode; provider.Enabled = providerFromServiceResponse.Enabled; } if (localProvider != null) { //The provider exists in the database. Updating the database row. provider.Id = localProvider.Id; ProviderRepository().Update(provider); } else { //The provider does not exist in the database. Inserting the provider to the database. ProviderRepository().Insert(provider); } if (!providerEnabled) { error = ErrorKey.ERR_PROVIDER_DEACTIVATED; LoggerFactory.GetLogger().ErrorJson(new CommonMethods().Authentication_ToLogObject(_requestId, authenticationObject.ApiUser, OperationType, OperationName, authenticationObject, new List<ErrorObject>() { new ErrorObject() { ErrorKey = "ERR_GTM_PROVIDER_NOTENABLED", Message = "Provider was not found as enabled in the GTM database. Please make sure that he has the status enabled and has at least one enabled welcome URL." } })); } } else { //return error not exist in hummingbird error = ErrorKey.ERR_PROVIDER_NOT_FOUND; } } //Exists in database AND updated in the last 30 minutes else { LoggerFactory.GetLogger().Debug("Provider is found in the database and is up to date."); //If provider is enabled if (!localProvider.Enabled) { error = ErrorKey.ERR_PROVIDER_DEACTIVATED; LoggerFactory.GetLogger().ErrorJson(new CommonMethods().Authentication_ToLogObject(_requestId, authenticationObject.ApiUser, OperationType, OperationName, authenticationObject, new List<ErrorObject>() { new ErrorObject() { ErrorKey = "ERR_OS_PROVIDER_NOTENABLED", Message = "Provider was not found as enabled in the Offer Service database." } })); } } } else { //Provider authorization failed on pmp error = ErrorKey.ERR_PROVIDER_AUTHORIZATION_FAILED; } } else { //Provider authentication failed on pmp error = ErrorKey.ERR_PROVIDER_AUTHENTICATION_FAILED; } } catch (Exception e) { //Something bad happened (E.g. connection to pmp failed) error = ErrorKey.ERR_PROVIDER_AUTHENTICATION_FAILED; LoggerFactory.GetLogger().ErrorJson(new Methods().Exception_ToLogObject(_requestId, authenticationObject.ApiUser, OperationType, OperationName, e)); } return error; }