Exemplo n.º 1
0
        public void canCompareScopes(string greater, string lesser)
        {
            AccessScope greaterScope = AccessScope.parse(greater);
            AccessScope lesserScope  = AccessScope.parse(lesser);

            Assert.True(greaterScope.greaterThan(lesserScope));
        }
Exemplo n.º 2
0
        public Credential?resolve(string tokenStr)
        {
            // 1. match the token string to a Token
            var token = default(Token);

            using (var db = serverContext.getDbContext()) {
                token = db.tokens.FirstOrDefault(x => x.content == tokenStr);
            }

            if (token == null)
            {
                return(null);
            }

            // 2. check token validity
            if (DateTime.Now >= token.expires)
            {
                // token is expired.
                return(null);
            }

            // 2. match the token to a user
            using (var db = serverContext.getDbContext()) {
                token = db.tokens.Find(token.id);
                db.Entry(token).Reference(x => x.user).Load();
            }

            // 3. parse token scopes/path
            return(new Credential(token, AccessScope.parse(token.scope)));
        }
Exemplo n.º 3
0
        public async Task <(RemoteIdentity, HttpStatusCode)> getAppAuthentication(HttpRequest req, HttpResponse res)
        {
            var appId = req.RouteValues.As <string>("appId");
            // check config for app layers
            var appDef = serverContext.config.apps.SingleOrDefault(x => x.name == appId);

            if (appDef == null)
            {
                return(null, HttpStatusCode.NotFound);
            }

            // load user groups, and aggregate their permissions
            var user            = serverContext.userManager.loadGroups(currentUser);
            var userPermissions = new PermissionResolver(serverContext, user)
                                  .aggregatePermissions();
            // check if any permission grants app access
            var maybeGrantedScope = default(AccessScope?);

            foreach (var permission in userPermissions)
            {
                var permissionScope = AccessScope.parse(permission.path); // permission: "/Layer" or "/Layer/App"
                foreach (var appDefLayer in appDef.layers)
                {
                    var appScope = new AccessScope(appDefLayer, appDef.name); // scope: "/Layer/App"
                    if (permissionScope.greaterThan(appScope))
                    {
                        maybeGrantedScope = appScope; // the granted scope is the one we authorize
                    }
                }
            }

            if (!maybeGrantedScope.HasValue)
            {
                return(null, HttpStatusCode.Forbidden);
            }

            var grantedScope = maybeGrantedScope.Value;

            // issue a new token for the app
            // TODO: configurable timespan
            var token = serverContext.userManager.issueTokenFor(user.id,
                                                                serverContext.tokenResolver.issue(grantedScope, TimeSpan.FromDays(7)));

            return(new RemoteIdentity(new PublicUser(user), token), HttpStatusCode.Created);
        }
Exemplo n.º 4
0
 public void canParseScopesFromPath(string path)
 {
     // ensure parsed path matches input path
     Assert.Equal(path, AccessScope.parse(path).path);
 }