private void ReplacePrincipalWithRoleMappings(object sender, EventArgs e) { if (!Request.IsAuthenticated || Context.User is ApiUserPrincipal) return; var username = Context.User.Identity.Name; var apiUser = Store.FindByUsername(username); var isNew = false; if (apiUser == null) { isNew = true; apiUser = new ApiUser {Username = username}; } var origRoles = (apiUser.Roles ?? Empty).ToArray(); var missingRoles = RoleNames.All.Except(origRoles); apiUser.Roles = (origRoles).Union(GetUserRoles(Context.User, missingRoles)).Distinct().ToArray(); if (isNew || !apiUser.Roles.SequenceEqual(origRoles)) { Store.Add(apiUser, UserUpdateMode.Overwrite); } var identity = new GenericIdentity(apiUser.Username, typeof(RoleMappingAuthenticationModule).Name); Context.User = new GenericPrincipal(identity, apiUser.Roles.ToArray()); }
protected override Task AuthenticateCoreAsync() { if (!IsAuthenticated) { return completedTask; } var apiUser = store.FindByUsername(CurrentUsername); var isNew = false; if (apiUser == null) { isNew = true; apiUser = new ApiUser { Username = CurrentUsername }; } var origRoles = (apiUser.Roles ?? Empty).ToArray(); var missingRoles = RoleNames.All.Except(origRoles); var implicitGrants = GetMappedUserRoles(Request.User, missingRoles).ToArray(); apiUser.Roles = origRoles.Union(implicitGrants).Distinct().ToArray(); if (isNew || !apiUser.Roles.SequenceEqual(origRoles)) { store.Add(apiUser, UserUpdateMode.Overwrite); } if (apiUser.Roles.Any()) { Request.User = new SupplementalRolePrincipalWrapper(Request.User, apiUser.Roles); } return completedTask; }
private void AddInternal(ApiUser user, UserUpdateMode mode, bool disableProtectedAccountChecks=false) { user.Username = ScrubUsername(user.Username); if (string.IsNullOrWhiteSpace(user.Key)) { user.Key = Guid.NewGuid().ToString(); } using (var session = OpenSession()) { var userExists = session.Query().Any(u => u.Username == user.Username); if (mode == UserUpdateMode.NoClobber && userExists) { throw new UserOverwriteException(); } if (userExists && !disableProtectedAccountChecks && IsProtectedAccount(user.Username)) { throw new UserPermissionException(user.Username + " account cannot be overwritten."); } session.Add(user); } }
private dynamic DescribeUser(ApiUser user) { dynamic d = new ExpandoObject(); d.Username = user.Username; // if current user is admin // d.ApiKey = user.ApiKey return d; }
public HttpResponseMessage Put(string username, [FromBody]UserAttributes attributes) { var user = new ApiUser {Username = username, Key = attributes.Key, Roles = attributes.Roles}; try { Store.Add(user, GetUserUpdateMode(attributes)); } catch (UserOverwriteException) { return Request.CreateErrorResponse(HttpStatusCode.Conflict, "User " + username + " already exists."); } catch (UserPermissionException ex) { return Request.CreateErrorResponse(HttpStatusCode.Forbidden, ex.Message); } return Request.CreateResponse(HttpStatusCode.Created); }
public void Add(ApiUser user, UserUpdateMode mode) { AddInternal(user, mode); }
public void Add(ApiUser user) { Add(user, UserUpdateMode.Overwrite); }
private bool IsSelf(ApiUser user) { if (!IsUserAuthenticated) return false; return string.Equals(CurrentUserName, user.Username, StringComparison.InvariantCultureIgnoreCase); }
private ApiUser DescribeUser(ApiUser user) { if (IsUserAuthenticated && User.IsInRole(RoleNames.AccountAdministrator) || IsSelf(user)) { return user; } // Hide details that non-admins should not see. return new ApiUser {Username = user.Username}; }
public ApiUser GetRequiredAuthenticationInfo() { var apiUser = Store.FindByUsername(CurrentUserName); if (apiUser != null) return apiUser; apiUser = new ApiUser { Username = CurrentUserName, Roles = GetUserRoles(User) }; Store.Add(apiUser, UserUpdateMode.Overwrite); return apiUser; }
private bool IsSelf(ApiUser user) { return string.Equals(User.Identity.Name, user.Username, StringComparison.InvariantCultureIgnoreCase); }
public ApiUser GetRequiredAuthenticationInfo() { var name = ScrubUsername(User.Identity.Name); var apiUser = Store.Users.SingleOrDefault(u => u.Username == name); if (apiUser != null) return apiUser; using (var session = Store.OpenSession()) { apiUser = new ApiUser { Username = name, Key = Guid.NewGuid().ToString(), Roles = GetUserRoles(User) }; session.Add(apiUser); } return apiUser; }