public AccountAuthorizationRequest RejectRequest(AccountAuthorizationRequest request, NodeVisit visit) { ValidateByRole(visit, SystemRoleType.Admin); ExceptionUtils.ThrowIfNull(request.Response, "request.Response"); if (!CollectionUtils.IsNullOrEmpty(request.RequestedFlows)) { foreach (AccountAuthorizationRequestFlow flow in request.RequestedFlows) { flow.AccessGranted = false; } } request.Response.AuthorizationAccountId = visit.Account.Id; request.Response.DidCreateInNaas = false; _accountAuthorizationRequestDao.DoRequestUpdate(request, visit.Account.NaasAccount, false); string statusDetail = string.Format("{0} rejected authorization request from user \"{1} ({2})\": {3}", visit.Account.NaasAccount, request.FullName, request.NaasAccount, request.ToString()); ActivityManager.LogAudit(NodeMethod.None, null, request.TransactionId, visit, statusDetail); return(request); }
public UserAccount Get(string username, NodeVisit visit) { try { if (visit != null) { ValidateByRole(visit, SystemRoleType.Program); } UserAccount account = _accountDao.GetByName(username); if (account == null) { throw new ArgumentException(string.Format("The user \"{0}\" was not found in the database", username)); } ActivityManager.LogAudit(NodeMethod.None, null, visit, "{0} got user account: {1}.", (visit != null) ? visit.Account.NaasAccount : null, account.ToString()); return(account); } catch (Exception e) { ActivityManager.LogError(NodeMethod.None, null, e, visit, "{0} failed to get user account: {1}.", (visit != null) ? visit.Account.NaasAccount : null, username); throw; } }
public void Delete(ConfigItem item, NodeVisit visit) { ValidateByRole(visit, SystemRoleType.Admin); if (!item.IsEditable) { throw new InvalidOperationException("The item cannot be saved since it is not editable."); } lock (_lockObject) { TransactionTemplate.Execute(delegate { _configDao.Delete(item.Id); lock (_lockObject) { if (_configItems.ContainsKey(item.Id.ToUpper())) { _configItems.Remove(item.Id.ToUpper()); } } ActivityManager.LogAudit(NodeMethod.None, null, visit, "{0} deleted configuration value: {1}.", visit.Account.NaasAccount, item.ToString()); return(null); }); } }
public byte[] ExportSettingsAsZippedBytes(ImportExportSettings settingsToExport, NodeVisit visit) { ValidateByRole(visit, SystemRoleType.Admin); NodeSettings nodeSettings = new NodeSettings(); string errorMessage = null; if (EnumUtils.IsFlagSet(settingsToExport, ImportExportSettings.GlobalArguments)) { nodeSettings.SetGlobalArguments(ConfigManager.Get(ConfigurationType.All)); } if (EnumUtils.IsFlagSet(settingsToExport, ImportExportSettings.DataSources)) { nodeSettings.SetDataSources(DataProviderManager.Get()); } if (EnumUtils.IsFlagSet(settingsToExport, ImportExportSettings.NetworkPartners)) { nodeSettings.SetNetworkPartners(PartnerManager.Get()); } bool exportExchanges = EnumUtils.IsFlagSet(settingsToExport, ImportExportSettings.Exchanges); bool exportServices = EnumUtils.IsFlagSet(settingsToExport, ImportExportSettings.Services); if (exportExchanges || exportServices) { IList <DataFlow> flows = FlowManager.GetAllDataFlows(exportServices, false); if (exportExchanges) { nodeSettings.SetExchanges(flows); } if (exportServices) { nodeSettings.SetServices(flows); } } if (EnumUtils.IsFlagSet(settingsToExport, ImportExportSettings.Schedules)) { IDictionary <string, string> flowIdToNameMap = FlowManager.GetAllFlowsIdToNameMap(); IDictionary <string, string> serviceIdToNameMap = ServiceManager.GetAllServicesIdToNameMap(); IDictionary <string, string> partnerIdToNameMap = PartnerManager.GetAllPartnersIdToNameMap(); nodeSettings.SetSchedules(ScheduleManager.GetSchedules(), flowIdToNameMap, serviceIdToNameMap, partnerIdToNameMap, out errorMessage); } string tempFilePath = SettingsProvider.NewTempFilePath(); _compressionHelper.Compress("Settings.xml", _serializationHelper.SerializeWithLineBreaks(nodeSettings), tempFilePath); if (errorMessage != null) { _compressionHelper.Compress("Errors.txt", Encoding.UTF8.GetBytes(errorMessage), tempFilePath); } byte[] zippedData = File.ReadAllBytes(tempFilePath); ActivityManager.LogAudit(NodeMethod.None, null, visit, "{0} exported the following node settings: {1}.", visit.Account.NaasAccount, settingsToExport); return(zippedData); }
public void Remove(UserAccount instance, NodeVisit visit) { try { ValidateByRole(visit, SystemRoleType.Admin); if (!CanRemoveUser(instance.NaasAccount, visit)) { throw new InvalidOperationException(string.Format("The user \"{0}\" cannot be removed from the node", instance.NaasAccount)); } TransactionTemplate.Execute(delegate { _accountDao.Delete(instance); ActivityManager.LogAudit(NodeMethod.None, null, visit, "{0} removed account: {1}.", visit.Account.NaasAccount, instance.ToString()); return(null); }); } catch (Exception e) { ActivityManager.LogError(NodeMethod.None, null, e, visit, "{0} failed to remove user account: {1}.", visit.Account.NaasAccount, instance.ToString()); throw; } }
public void Delete(DataProviderInfo instance, NodeVisit visit) { ValidateByRole(visit, SystemRoleType.Admin); TransactionTemplate.Execute(delegate { _dataProviderDao.Delete(instance); ActivityManager.LogAudit(NodeMethod.None, null, visit, "{0} deleted data source: {1}.", visit.Account.NaasAccount, instance.ToString()); return(null); }); }
public void DeleteFlow(DataFlow instance, NodeVisit visit) { ValidateCanEditFlowById(visit, instance.Id); TransactionTemplate.Execute(delegate { _flowDao.Delete(instance); ActivityManager.LogAudit(NodeMethod.None, instance.FlowName, visit, "{0} deleted data flow: {1}.", visit.Account.NaasAccount, instance.ToString()); return(null); }); }
public void Delete(ScheduledItem instance, NodeVisit visit) { ValidateCanEditFlowById(visit, instance.FlowId); string flowName = _flowManager.GetDataFlowNameById(instance.FlowId); TransactionTemplate.Execute(delegate { _scheduleDao.Delete(instance.Id); ActivityManager.LogAudit(NodeMethod.None, flowName, instance.Name, visit, "{0} deleted scheduled item: {1}.", visit.Account.NaasAccount, instance.ToString()); return(null); }); }
public void InstallPluginForFlow(byte[] zipFileContent, string flowName, NodeVisit visit) { ValidateByRole(visit, SystemRoleType.Admin); string flowId = GetDataFlowIdByName(flowName); if (flowId == null) { throw new ArgumentException(string.Format("Unrecognized flow name: \"{0}\"", flowName)); } string auditMessage = _pluginLoader.InstallPluginForFlow(zipFileContent, visit.Account.Id, flowId); ActivityManager.LogAudit(NodeMethod.None, flowName, visit, "{0} installed plugin for flow: {1}. Message: {2}", visit.Account.NaasAccount, flowName, auditMessage); }
public UserAccount GetById(string id, NodeVisit visit) { try { ValidateByRole(visit, SystemRoleType.Program); UserAccount account = _accountDao.GetById(id); ActivityManager.LogAudit(NodeMethod.None, null, visit, "{0} got user account: {1}.", visit.Account.NaasAccount, account.ToString()); return(account); } catch (Exception e) { ActivityManager.LogError(NodeMethod.None, null, e, visit, "{0} failed to get user account: {1}.", visit.Account.NaasAccount, id); throw; } }
public UserAccount GetByName(string username, NodeVisit visit) { try { ValidateByRole(visit, SystemRoleType.Admin); UserAccount account = EndpointUserDao.GetByName(username); ActivityManager.LogAudit(NodeMethod.None, null, visit, "{0} got user account: {1}.", visit.Account.NaasAccount, account.ToString()); return(account); } catch (Exception e) { ActivityManager.LogError(NodeMethod.None, null, e, visit, "{0} failed to get user account: {1}.", visit.Account.NaasAccount, username); throw; } }
public IList <UserAccount> Get(NodeVisit visit) { try { ValidateByRole(visit, SystemRoleType.Program); IList <UserAccount> accounts = _accountDao.Get(); ActivityManager.LogAudit(NodeMethod.None, null, visit, "{0} got all user accounts.", visit.Account.NaasAccount); return(accounts); } catch (Exception e) { ActivityManager.LogError(NodeMethod.None, null, e, visit, "{0} failed to get all user accounts.", visit.Account.NaasAccount); throw; } }
public void Remove(UserAccount instance, NodeVisit visit) { ValidateByRole(visit, SystemRoleType.Admin); if (instance == null) { throw new ArgumentException("Input values are null."); } instance.ModifiedById = visit.Account.Id; TransactionTemplate.Execute(delegate { EndpointUserDao.Remove(instance); ActivityManager.LogAudit(NodeMethod.None, null, visit, "{0} removed endpoint user: {1}.", visit.Account.NaasAccount, instance.NaasAccount); return(null); }); }
public DataFlow SaveFlow(DataFlow instance, NodeVisit visit) { ValidateCanEditFlowById(visit, instance.Id); if ((instance == null)) { throw new ArgumentException("Input values are null."); } instance.ModifiedById = visit.Account.Id; TransactionTemplate.Execute(delegate { _flowDao.Save(instance); ActivityManager.LogAudit(NodeMethod.None, instance.FlowName, visit, "{0} saved flow: {1}.", visit.Account.NaasAccount, instance.ToString()); return(null); }); return(instance); }
public PartnerIdentity Save(PartnerIdentity instance, NodeVisit visit) { ValidateByRole(visit, SystemRoleType.Admin); if ((instance == null) || string.IsNullOrEmpty(instance.Url) || string.IsNullOrEmpty(instance.Name)) { throw new ArgumentException("Input values are null."); } instance.ModifiedById = visit.Account.Id; TransactionTemplate.Execute(delegate { _partnerDao.Save(instance); ActivityManager.LogAudit(NodeMethod.None, null, visit, "{0} saved partner identity: {1}.", visit.Account.NaasAccount, instance.ToString()); return(null); }); return(instance); }
public UserAccount Save(UserAccount instance, string testNaasPassword, string prodNaasPassword, NodeVisit visit) { ValidateByRole(visit, SystemRoleType.Admin); if ((instance == null) || string.IsNullOrEmpty(instance.NaasAccount) || string.IsNullOrEmpty(testNaasPassword) || string.IsNullOrEmpty(prodNaasPassword)) { throw new ArgumentException("Input values are null."); } instance.ModifiedById = visit.Account.Id; TransactionTemplate.Execute(delegate { EndpointUserDao.Save(instance, testNaasPassword, prodNaasPassword); ActivityManager.LogAudit(NodeMethod.None, null, visit, "{0} saved endpoint user: {1}.", visit.Account.NaasAccount, instance.NaasAccount); return(null); }); return(instance); }
public ScheduledItem RunNow(ScheduledItem instance, NodeVisit visit) { if ((instance == null)) { throw new ArgumentException("Input values are null."); } ValidateCanViewFlowById(visit, instance.FlowId); string flowName = _flowManager.GetDataFlowNameById(instance.FlowId); TransactionTemplate.Execute(delegate { _scheduleDao.RunNow(instance); ActivityManager.LogAudit(NodeMethod.None, flowName, instance.Name, visit, "{0} ran scheduled item: {1}.", visit.Account.NaasAccount, instance.ToString()); return(null); }); return(instance); }
public UserAccount Save(UserAccount userAccount, IList <SimpleFlowNotification> notifications, NodeVisit visit) { try { ValidateByRole(visit, SystemRoleType.Program); _notificationDao.SaveNotifications(userAccount.Id, visit.Account.Id, notifications); ActivityManager.LogAudit(NodeMethod.None, null, visit, "{0} saved notifications for user: {1}.", visit.Account.NaasAccount, userAccount.NaasAccount); return(userAccount); } catch (Exception e) { ActivityManager.LogError(NodeMethod.None, null, e, visit, "{0} failed to save notifications for user: {1}.", visit.Account.NaasAccount, userAccount.NaasAccount); throw; } }
public DataProviderInfo Save(DataProviderInfo instance, NodeVisit visit) { ValidateByRole(visit, SystemRoleType.Admin); if ((instance == null) || string.IsNullOrEmpty(instance.Name) || string.IsNullOrEmpty(instance.ConnectionString) || string.IsNullOrEmpty(instance.ProviderType)) { throw new ArgumentException("Input values are null."); } instance.ModifiedById = visit.Account.Id; TransactionTemplate.Execute(delegate { _dataProviderDao.Save(instance); ActivityManager.LogAudit(NodeMethod.None, null, visit, "{0} saved data source: {1}.", visit.Account.NaasAccount, instance.ToString()); return(null); }); return(instance); }
public ConfigItem Save(string curItemId, ConfigItem item, NodeVisit visit) { ValidateByRole(visit, SystemRoleType.Admin); ParsingHelper.ValidateKey(item.Id); if (!item.IsEditable) { throw new InvalidOperationException("The item cannot be saved since it is not editable."); } ConfigItem saveItem = new ConfigItem(item); saveItem.ModifiedById = visit.Account.Id; saveItem.Value = _cryptographyProvider.Encrypt(item.Value); lock (_lockObject) { TransactionTemplate.Execute(delegate { _configDao.Save(curItemId, saveItem); lock (_lockObject) { if (!string.IsNullOrEmpty(curItemId)) { if (_configItems.ContainsKey(curItemId.ToUpper())) { _configItems.Remove(curItemId.ToUpper()); } } _configItems[item.Id.ToUpper()] = item; } ActivityManager.LogAudit(NodeMethod.None, null, visit, "{0} updated configuration value: {1}.", visit.Account.NaasAccount, saveItem.ToString()); return(null); }); item.ModifiedById = saveItem.ModifiedById; item.ModifiedOn = saveItem.ModifiedOn; } return(item); }
public UserAccount ResetPassword(string currentPassword, string newPassword, UserAccount instance, NodeVisit visit) { try { ValidateByRole(visit, SystemRoleType.Program); _naasManager.ChangePassword(instance.NaasAccount, currentPassword, newPassword); ActivityManager.LogAudit(NodeMethod.None, null, visit, "{0} reset password for user account: {1}.", visit.Account.NaasAccount, instance.ToString()); return(instance); } catch (Exception e) { ActivityManager.LogError(NodeMethod.None, null, e, visit, "{0} failed to reset password for user account: {1}.", visit.Account.NaasAccount, instance.ToString()); throw; } }
public UserAccount ResetPassword(UserAccount instance, NodeVisit visit) { try { ValidateByRole(visit, SystemRoleType.Admin); string newPassword = GenerateRandomPassword(); _naasManager.ResetPassword(instance.NaasAccount, newPassword); ActivityManager.LogAudit(NodeMethod.None, null, visit, "{0} reset password for user account: {1}.", visit.Account.NaasAccount, instance.ToString()); _notificationManager.DoChangePasswordNotifications(instance.NaasAccount, newPassword); return(instance); } catch (Exception e) { ActivityManager.LogError(NodeMethod.None, null, e, visit, "{0} failed to reset password for user account: {1}.", visit.Account.NaasAccount, instance.ToString()); throw; } }
public UserAccount Save(UserAccount instance, bool allowCreateInNaasIfNecessary, string naasCreatePassword, NodeVisit visit) { try { if ((instance == null) || string.IsNullOrEmpty(instance.NaasAccount)) { throw new ArgumentException("Input values are null."); } bool createInDB = string.IsNullOrEmpty(instance.Id); bool needToCreateInNAAS = !_naasManager.UserExists(instance.NaasAccount); if (needToCreateInNAAS && string.IsNullOrEmpty(naasCreatePassword)) { throw new ArgumentException("Password cannot be empty."); } if (needToCreateInNAAS && !allowCreateInNaasIfNecessary) { throw new ArgumentException(string.Format("The user \"{0}\" does not exist in NAAS and cannot be added to the node", instance.NaasAccount)); } string activityFormatString; if (createInDB) { if (needToCreateInNAAS) { activityFormatString = "{0} created user account on this local node and within NAAS: {1}."; } else { activityFormatString = "{0} created user account on this local node: {1}."; } } else { if (needToCreateInNAAS) { activityFormatString = "{0} saved user account on this local node and created account within NAAS: {1}."; } else { activityFormatString = "{0} saved user account on this local node: {1}."; } } instance.Policies = _accountPolicyManager.CleanseFlowPoliciesForUser(instance.Role, instance.Policies); string naasPassword = null; if (needToCreateInNAAS) { // First, attempt to create the user in NAAS naasPassword = _naasManager.CreateUser(instance.NaasAccount, naasCreatePassword, instance.Role); } instance.ModifiedById = visit.Account.Id; TransactionTemplate.Execute(delegate { _accountDao.Save(instance); ActivityManager.LogAudit(NodeMethod.None, null, visit, activityFormatString, visit.Account.NaasAccount, instance.ToString()); return(null); }); if (needToCreateInNAAS) { _notificationManager.DoNewNaasAccountNotifications(instance.NaasAccount, naasCreatePassword, (instance.Role == SystemRoleType.Authed)); } else if (createInDB) { _notificationManager.DoNewNodeAccountNotifications(instance.NaasAccount, (instance.Role == SystemRoleType.Authed)); } return(instance); } catch (Exception e) { ActivityManager.LogError(NodeMethod.None, null, e, visit, "{0} failed to save user account: {1}.", visit.Account.NaasAccount, instance.ToString()); throw; } }
public AccountAuthorizationRequest AcceptRequest(AccountAuthorizationRequest request, NodeVisit visit) { ValidateByRole(visit, SystemRoleType.Admin); ExceptionUtils.ThrowIfNull(request.Response, "request.Response"); IDictionary <string, string> upperFlowNameToIdMap = _flowManager.GetAllProtectedUpperDataFlowNamesToIdMap(); bool userExists = ValidateUserExistance(request.NaasAccount, request.AffiliatedNodeId, null, upperFlowNameToIdMap); string password = _accountManager.GenerateRandomPassword(); UserAccount userAccount = _accountDao.GetByName(request.NaasAccount); List <UserAccessPolicy> policies = null; if (userAccount == null) { userAccount = new UserAccount(); userAccount.ModifiedById = visit.Account.Id; userAccount.NaasAccount = request.NaasAccount; userAccount.Role = SystemRoleType.Authed; } else { if (!CollectionUtils.IsNullOrEmpty(userAccount.Policies)) { policies = new List <UserAccessPolicy>(userAccount.Policies); } } userAccount.IsActive = true; if (!CollectionUtils.IsNullOrEmpty(request.RequestedFlows)) { foreach (AccountAuthorizationRequestFlow requestedFlow in request.RequestedFlows) { UserAccessPolicy curPolicy = GetPolicyForFlow(requestedFlow.FlowName, policies); bool foundFlow = (curPolicy != null); if (foundFlow && !requestedFlow.AccessGranted) { policies.Remove(curPolicy); } else if (!foundFlow && requestedFlow.AccessGranted) { UserAccessPolicy policy = _accountPolicyManager.CreatePolicy(userAccount.Role, null, requestedFlow.FlowName, FlowRoleType.Endpoint); policy.ModifiedById = visit.Account.Id; CollectionUtils.Add(policy, ref policies); } } userAccount.Policies = policies; } _accountManager.Save(userAccount, true, password, visit); request.Response.AuthorizationAccountId = visit.Account.Id; request.Response.DidCreateInNaas = !userExists; _accountAuthorizationRequestDao.DoRequestUpdate(request, visit.Account.NaasAccount, true); string statusDetail = string.Format("{0} accepted authorization request from user \"{1} ({2})\": {3}", visit.Account.NaasAccount, request.FullName, request.NaasAccount, request.ToString()); ActivityManager.LogAudit(NodeMethod.None, null, request.TransactionId, visit, statusDetail); return(request); }
/// <summary> /// Check to see if the input request is already valid (user exists in NAAS and the node and already has access to /// the requested flows. If so, automatically set the request to Accepted, thereby bypassing the need for /// the node Admin to formally accept the request. /// </summary> protected void CheckForAlreadyValidAuthorizationRequest(AccountAuthorizationRequest item) { UserAccount userAccount = null; try { userAccount = _accountManager.GetByName(item.NaasAccount); } catch (Exception) { } if ((userAccount != null) && userAccount.IsActive) { IList <string> protectedFlows = _flowManager.GetProtectedFlowNames(); bool hasAccessToAllRequestedFlows = true; IList <AccountAuthorizationRequestFlow> requestedFlows = null; if (!CollectionUtils.IsNullOrEmpty(protectedFlows)) { if (CollectionUtils.IsNullOrEmpty(item.RequestedFlows)) { // If item.RequestedFlows == null, this is a request to grant access to all protected flows requestedFlows = new List <AccountAuthorizationRequestFlow>(protectedFlows.Count); foreach (string flowName in protectedFlows) { requestedFlows.Add(new AccountAuthorizationRequestFlow(flowName)); } } else { // Deep copy the list so that we can update element without affecting the "real" request // until we are sure we will accept the user requestedFlows = new List <AccountAuthorizationRequestFlow>(item.RequestedFlows.Count); foreach (AccountAuthorizationRequestFlow requestedFlow in item.RequestedFlows) { requestedFlows.Add(new AccountAuthorizationRequestFlow(requestedFlow.FlowName)); } } // Check that the user has access to all the requested flows: IDictionary <string, string> upperFlowNameToIdMap = _flowManager.GetAllProtectedUpperDataFlowNamesToIdMap(); foreach (AccountAuthorizationRequestFlow requestedFlow in requestedFlows) { if (upperFlowNameToIdMap.ContainsKey(requestedFlow.FlowName.ToUpper())) { if (!HasPolicyForFlow(requestedFlow.FlowName, userAccount.Policies)) { hasAccessToAllRequestedFlows = false; break; } else { requestedFlow.AccessGranted = true; } } } } if (hasAccessToAllRequestedFlows) { // Validate that the user is actually in NAAS if (_naasManager.UserExists(userAccount.NaasAccount)) { // Accept this user automatically item.RequestedFlows = requestedFlows; item.Response = new AccountAuthorizationResponse(); item.Response.AuthorizationAccountId = _accountManager.AdminAccount.Id; item.Response.AuthorizationComments = "The node admin automatically accepted the request since all requested policies are currently active"; item.Response.DidCreateInNaas = false; _accountAuthorizationRequestDao.DoRequestUpdate(item, _accountManager.AdminAccount.NaasAccount, true); string statusDetail = string.Format("Automatically accepted authorization request from user \"{0} ({1})\" since all requested policies are currently active: {2}", item.FullName, item.NaasAccount, item.ToString()); ActivityManager.LogAudit(NodeMethod.None, null, item.TransactionId, null, statusDetail); } } } }