Exemplo n.º 1
0
        public async Task <IEnumerable <AuthorizationResponse> > Execute(IEnumerable <GetAuthorizationActionParameter> parameters, string clientId)
        {
            var result      = new List <AuthorizationResponse>();
            var rptLifeTime = await _configurationService.GetRptLifeTime();

            // 1. Check parameters.
            if (parameters == null)
            {
                throw new ArgumentNullException(nameof(parameters));
            }

            if (string.IsNullOrWhiteSpace(clientId))
            {
                throw new ArgumentNullException(nameof(clientId));
            }

            // 2. Retrieve the tickets.
            _umaServerEventSource.StartGettingAuthorization(JsonConvert.SerializeObject(parameters));
            var tickets = await _ticketRepository.Get(parameters.Select(p => p.TicketId));

            var rptLst = new List <Rpt>();

            // 3. Check parameters.
            foreach (var parameter in parameters)
            {
                var json = JsonConvert.SerializeObject(parameter);
                if (string.IsNullOrWhiteSpace(parameter.TicketId))
                {
                    throw new BaseUmaException(ErrorCodes.InvalidRequestCode,
                                               string.Format(ErrorDescriptions.TheParameterNeedsToBeSpecified, PostAuthorizationNames.TicketId));
                }

                var ticket = tickets.FirstOrDefault(t => t.Id == parameter.TicketId);
                if (ticket == null)
                {
                    throw new BaseUmaException(ErrorCodes.InvalidTicket,
                                               string.Format(ErrorDescriptions.TheTicketDoesntExist, parameter.TicketId));
                }

                if (ticket.ClientId != clientId)
                {
                    throw new BaseUmaException(ErrorCodes.InvalidTicket, ErrorDescriptions.TheTicketIssuerIsDifferentFromTheClient);
                }

                if (ticket.ExpirationDateTime < DateTime.UtcNow)
                {
                    throw new BaseUmaException(ErrorCodes.ExpiredTicket, ErrorDescriptions.TheTicketIsExpired);
                }

                _umaServerEventSource.CheckAuthorizationPolicy(json);
                var authorizationResult = await _authorizationPolicyValidator.IsAuthorized(ticket, clientId, parameter.ClaimTokenParameters);

                if (authorizationResult.Type != AuthorizationPolicyResultEnum.Authorized)
                {
                    _umaServerEventSource.RequestIsNotAuthorized(json);
                    result.Add(new AuthorizationResponse
                    {
                        AuthorizationPolicyResult = authorizationResult.Type,
                        ErrorDetails = authorizationResult.ErrorDetails
                    });
                    continue;
                }

                var rpt = new Rpt
                {
                    Value              = Guid.NewGuid().ToString(),
                    TicketId           = ticket.Id,
                    ResourceSetId      = ticket.ResourceSetId,
                    CreateDateTime     = DateTime.UtcNow,
                    ExpirationDateTime = DateTime.UtcNow.AddSeconds(rptLifeTime)
                };
                rptLst.Add(rpt);
                result.Add(new AuthorizationResponse
                {
                    AuthorizationPolicyResult = AuthorizationPolicyResultEnum.Authorized,
                    Rpt = rpt.Value
                });
                _umaServerEventSource.RequestIsAuthorized(json);
            }

            // 4. Persist the RPTs.
            if (rptLst.Any())
            {
                await _repositoryExceptionHelper.HandleException(
                    ErrorDescriptions.TheRptCannotBeInserted,
                    () => _rptRepository.Insert(rptLst));
            }

            return(result);
        }