public static bool AddChildIdentity(string ParentLRI, string username, string ChildUserLRI, string passwordhash, string ChildPinHash, string KeyFromChild, IDRequestInfo request, bool IsGroup=false)
{
if (RequestedIDs[request.GUID].ReservationKey == request.ReservationKey)
{
LRI parentParsedLRI = new LRI(ParentLRI);
LRI childParsedLRI = new LRI(ChildUserLRI);
UserInfo info = new UserInfo();
info.Identity.DomainLRI = DomainLRI;
info.Identity.OwnerDomainLRI = DomainLRI;
info.Identity.ParentDomainLRI = parentParsedLRI.LRIDomain;
info.Identity.ParentUserID = parentParsedLRI.DocumentID;
info.Identity.UserID = childParsedLRI.DocumentID;
info.Identity.Username = username;
info.Identity.UserLRI = childParsedLRI.LRIString;
info.passwordHash = passwordhash;
info.pinHash = ChildPinHash;
info.Identity.KeyForParent = KeyFromChild;
Identities[info.Identity.UserLRI] = info;
Usernames.Add(username);
RequestedIDs.Remove(request.GUID);
SaveIdentity(childParsedLRI);
return true;
}
return false;
}
public static bool VerifySessionKey(string sessionkey, LRI UserLRI)
{
if (Sessions.ContainsKey(UserLRI.LRIString))
{
if (Sessions[UserLRI.LRIString].SessionKey == sessionkey)
return true;
}
return false;
}
//returns true on success
public bool CreateChildID(LRI ParentLRI, string ParentPIN, string username, LRI ServiceLRI, string Password, string Pin)
{
//this will hash it for you
SHA1 hasher = SHA1.Create();
return CreateChildIDWithHash(ParentLRI,
BitConverter.ToString(hasher.ComputeHash(System.Text.Encoding.UTF8.GetBytes(ParentPIN))).Replace("-", string.Empty),
username, ServiceLRI,
BitConverter.ToString(hasher.ComputeHash(System.Text.Encoding.UTF8.GetBytes(Password))).Replace("-", string.Empty),
BitConverter.ToString(hasher.ComputeHash(System.Text.Encoding.UTF8.GetBytes(Pin))).Replace("-", string.Empty));
}
//add an identity to the following account ID
public void AddIdentityToAccount(string ID, UserInfo IdentityToAdd, LRI UserLRI=null)
{
if (ClientAccountLookupByAcctID.ContainsKey(ID))
{
ClientAccountLookupByAcctID[ID].Identities.Add(IdentityToAdd);
if(UserLRI == null)
UserLRI = new LRI(IdentityToAdd.Identity.UserLRI);
ClientAccountLookupByAcctID[ID].IdentitiesByLRI[UserLRI] = IdentityToAdd;
ClientAccountLookup[UserLRI] = ClientAccountLookupByAcctID[ID];
}
}
public ServiceResponse<bool> AddTag(ServiceCredentials Credentials, LRI lri, string tag)
{
if (CheckSession(Credentials))
{
return ConnMgr.GetProvider<ILDataProviderChannel>(lri).AddTag(Credentials, lri, tag);
}
else
{
return new ServiceResponse<bool>(true);
}
}
public ServiceResponse<bool> AddTag(ServiceCredentials Credentials, LRI lri, string tag)
{
if (ValidateSession(Credentials, lri) && CanAccessDocument(Credentials, lri, LDocACLPermission.READ))
{
LIdentity ident = AuthorizationManager.GetAuthIdentityFromLRI(Credentials.UserLRIString);
DocManager.AddTag(ident, lri, tag);
ServiceResponse<bool> Rep = new ServiceResponse<bool>(true);
return Rep;
}
else return ServiceResponse<bool>.InvalidCredentails();
}
public SessionInfo CreateIdentity(string ParentLRI, string ParentUser, string ParentPINHash, string username, string passwordhash, string ChildPinHash, string SessionKey)
{
SessionInfo sessinfo = new SessionInfo();
//create temporary user w/ key (reserve userid)
string ReservationKey = Guid.NewGuid().ToString();
IDRequestInfo info = UserManager.ReserveGUID(ReservationKey);
string UserLRI = UserManager.DomainLRI + "/~users/" + info.GUID;
string UserID = info.GUID;
//generate child key
string ChildKey = Guid.NewGuid().ToString();
FDebugLog.WriteLog("CreateIdentity Requested: ParentDomain-" + ParentLRI + " ParentUser-" + ParentUser + " username-" + username );
if (ParentLRI != null && ParentLRI != "")
{
//construct parentLRI
FDebugLog.WriteLog("Create ID From Parent: " + ParentLRI + "("+ParentUser+")");
LRI ParentLRIParsed = new LRI(ParentLRI);
//get parent userid from parent domain
string parentUserID = RetrieveUserParentAuth(ParentLRIParsed, ParentUser, ParentPINHash, ChildKey, SessionKey, UserLRI);
if (parentUserID != "")
{
FDebugLog.WriteLog("Parent Located");
//CreateChildIdentity
bool addSucceed = UserManager.AddChildIdentity(ParentLRIParsed.LRIString, username, UserLRI, passwordhash, ChildPinHash, ChildKey, info);
//login user
sessinfo = LoginID(UserLRI, passwordhash, SessionKey);
}
else
{
FDebugLog.WriteLog("Parent not found");
sessinfo.Error = true;
sessinfo.ErrorType = SESSION_ERROR.INVALID_PARENT_CREDENTIALS;
}
}
else
{
FDebugLog.WriteLog("No Parent: Creating CORE User.");
//CreateChildIdentity
bool addSucceed = UserManager.AddIdentity(username, UserLRI, passwordhash, ChildPinHash, ChildKey, info);
//login user
sessinfo = LoginID(UserLRI, passwordhash);
}
return sessinfo;
}
public bool CreateChildIDWithHash(LRI ParentLRI, string ParentPINHash, string username, LRI ServiceLRI, string PasswordHash, string PinHash)
{
if (Sessions.ContainsKey(ParentLRI.LRIString))
{
IDInfo parent = Sessions[ParentLRI.LRIString];
SessionInfo info = ConnectionManager.GetIDConnection(ServiceLRI).CreateIdentity(
ParentLRI.LRIString, parent.Session.Identity.Username, ParentPINHash,
username, PasswordHash, PinHash, parent.Session.SessionKey);
if (!info.Error)
{
IDInfo idinfo = new IDInfo(info.Identity.UserLRI);
idinfo.Session = info;
idinfo.Status = IDInfo.ID_STATUS.OPEN;
Sessions[idinfo.LRI] = idinfo;
return true;
}
}
return false;
}
public void LoadAccounts()
{
LDBList<ClientAccount> accts = CouchDBMgr.GetClientAccounts();
foreach (LDBListRow<ClientAccount> row in accts.rows)
{
row.decoded = false;
ClientAccount acct = row.decodedValue;
acct.AccountHeader = DocManager.GetDocHeader(acct.AccountLRI);
ClientAccounts.Add(row.decodedValue);
AccountIDs.Add(row.value._id);
ClientAccountLookupByAcctID[row.value._id] = acct;
foreach (UserInfo info in row.decodedValue.Identities)
{
//wire-up LRI lookups
LRI UserLRI = new LRI(info.Identity.UserLRI);
//lri->user
acct.IdentitiesByLRI[UserLRI] = info;
//lri->account
ClientAccountLookup[UserLRI] = acct;
}
//wire up LUI data headers
foreach (LWorkspace ws in acct.Workspaces)
{
foreach (LUICollection col in ws.OpenCollections)
{
col.DocumentHeader = DocManager.GetDocHeader(col.DocumentLRI);
}
foreach (LUIDocument doc in ws.OpenDocuments)
{
doc.DocumentHeader = DocManager.GetDocHeader(doc.DocumentLRI);
}
foreach (LUIHierarchy hier in ws.OpenHierarchies)
{
hier.DocumentHeader = DocManager.GetDocHeader(hier.DocumentLRI);
}
}
}
}
public bool CreateCoreIDWithHash(string username, LRI ServiceLRI, string PasswordHash, string PinHash)
{
SessionInfo info = ConnectionManager.GetIDConnection(ServiceLRI).CreateIdentity("", "", "", username, PasswordHash, PinHash, "");
if (!info.Error)
{
IDInfo idinfo = new IDInfo(info.Identity.UserLRI);
idinfo.Session = info;
idinfo.Status = IDInfo.ID_STATUS.OPEN;
Sessions[idinfo.LRI] = idinfo;
return true;
}
return false;
}
public ServiceResponse<List<LDocumentVersionInfo>> GetFileVersionHistory(ServiceCredentials Credentials, LRI lri)
{
throw new NotImplementedException();
}
public ServiceResponse<LDocumentHeader> SaveNewVersion(ServiceCredentials Credentials, LRI lri)
{
//only need read access to copy a file!
if (ValidateSession(Credentials, lri) && CanAccessDocument(Credentials, lri, LDocACLPermission.READ))
{
LIdentity ident = AuthorizationManager.GetAuthIdentityFromLRI(Credentials.UserLRIString);
ServiceResponse<LDocumentHeader> Rep = new ServiceResponse<LDocumentHeader>(DocManager.SaveNewVersion(ident, lri));
if (Rep.ResponseObject == null || Rep.ResponseObject.DocumentLRI == "")
{
Rep.Error = true;
Rep.Message = "FILL IN REAL ERROR HERE";
}
return Rep;
}
else return ServiceResponse<LDocumentHeader>.InvalidCredentails();
}
public bool ValidSession(string SessionKey, LRI AccountLRI)
{
if (ClientAccountLookupBySessionKey.ContainsKey(SessionKey) && ClientAccountLookupBySessionKey[SessionKey].AccountLRI == AccountLRI)
{
return true;
}
return false;
}
public bool LoginWithHash(LRI lri, string PasswordHash)
{
SessionInfo info = ConnectionManager.GetIDConnection(new LRI(lri.BaseLRI)).LoginID(lri.LRIString, PasswordHash);
if (!info.Error)
{
if (!Sessions.ContainsKey(info.Identity.UserLRI))
{
IDInfo idinfo = new IDInfo(info.Identity.UserLRI);
Sessions[idinfo.LRI] = idinfo;
}
Sessions[info.Identity.UserLRI].Session = info;
Sessions[info.Identity.UserLRI].Status = IDInfo.ID_STATUS.OPEN;
return true;
}
return false;
}
public ServiceResponse<LDocumentVersionInfo> GetDocVersionInfo(ServiceCredentials Credentials, LRI lri)
{
throw new NotImplementedException();
}
public ServiceResponse<LHierarchyNode> GetPreviousSibling(ServiceCredentials Credentials, LRI hierarchyLRI, LRI childLRI)
{
if (ValidateSession(Credentials, hierarchyLRI) && CanAccessDocument(Credentials, hierarchyLRI, LDocACLPermission.READ))
{
//todo: validate read access to parent and child lri as well
LHierarchyNode node = DocManager.GetPreviousSibling(hierarchyLRI, childLRI);
ServiceResponse<LHierarchyNode> Rep = new ServiceResponse<LHierarchyNode>(node);
return Rep;
}
else return ServiceResponse<LHierarchyNode>.InvalidCredentails();
}
public bool VerifySessionKey(string sessionkey, LRI UserLRI)
{
LoadSession(sessionkey);
if (Sessions.ContainsKey(sessionkey))
{
FDebugLog.WriteLog("Verifying Key : " + sessionkey);
if (Sessions[sessionkey].Identity.UserLRI == UserLRI.LRIString)
return true;
}
return false;
}
private bool ValidateSession(ServiceCredentials Credentials, LRI fileLRI)
{
bool Valid = true; //todo: change to default of false, uncomment below
if (fileLRI.SystemDatabase == true) //system databases are not accessible to users in this manner
{
Valid = false;
}
else
{
//validate file access
}
//Valid = IDProvider.ValidateParentSession(Credentials.UserLRIString, Credentials.SessionKey);
return Valid;
}
public ServiceResponse<List<string>> GetTags(ServiceCredentials Credentials, LRI lri)
{
//even if you have a tag applied, if you can't get to the doc, you cant see it. Too bad.
if (ValidateSession(Credentials, lri) && CanAccessDocument(Credentials, lri, LDocACLPermission.READ))
{
LIdentity ident = AuthorizationManager.GetAuthIdentityFromLRI(Credentials.UserLRIString);
ServiceResponse<List<string>> Rep = new ServiceResponse<List<string>>(DocManager.GetTags(ident, lri));
//todo: if we really want, we can check perms on each tag returned here...
return Rep;
}
else return ServiceResponse<List<string>>.InvalidCredentails();
}
private bool CanAccessDocument(ServiceCredentials Credentials, LRI DocumentLRI, LDocACLPermission Permission)
{
bool Valid = true;
LIdentity id = AuthorizationManager.GetAuthIdentityFromLRI(Credentials.UserLRIString);
Valid = DocManager.CheckPermission(id, DocumentLRI, Permission);
return Valid;
}
public ServiceResponse<bool> UpdateDoc(ServiceCredentials Credentials, LRI lri, List<LDocumentPart> parts)
{
if (ValidateSession(Credentials, lri) && CanAccessDocument(Credentials, lri, LDocACLPermission.WRITE))
{
DocManager.UpdateDoc(lri, parts);
ServiceResponse<bool> Rep = new ServiceResponse<bool>(true);
return Rep;
}
else return ServiceResponse<bool>.InvalidCredentails();
}
public ServiceResponse<bool> SavePart(ServiceCredentials Credentials, LRI lri, LDocumentPart part, int SequenceNumber)
{
if (ValidateSession(Credentials, lri) && CanAccessDocument(Credentials, lri, LDocACLPermission.WRITE))
{
DocManager.SavePart(lri, part, SequenceNumber);
ServiceResponse<bool> Rep = new ServiceResponse<bool>(true);
return Rep;
}
else return ServiceResponse<bool>.InvalidCredentails();
}
public LRI GetUserLRI(LRI ServiceLRI, string DomainLRI, string Username, string PasswordHash)
{
return ConnectionManager.GetIDConnection(ServiceLRI).GetUserLRI(ServiceLRI.URI.Replace("//","/"), Username, PasswordHash);
}
//login the ID and other IDs associated with the account.
public ServiceResponse<ServiceCredentials> LoginID(LRI userLRI, string passwordHash, bool LoginAll = true)
{
//get account that matches
if (ClientAccountLookup.ContainsKey(userLRI))
{
//login ID
if(IDMgr.LoginWithHash(userLRI,passwordHash))
{
//get acct
ClientAccount acct = ClientAccountLookup[userLRI];
//if this is the first login for this account, create a SessionKey
if (acct.ClientSessionKey == "")
{
acct.ClientSessionKey = Guid.NewGuid().ToString();
}
if (LoginAll)
{
//todo: if other accounts not logged in, log them in? (LoginAll)
}
//populate ServiceCredentials
ServiceCredentials creds =
new ServiceCredentials(userLRI.ToString(), IDMgr.Sessions[userLRI.ToString()].Session.SessionKey);
creds.ClientSessionKey = acct.ClientSessionKey;
creds.ClientAccountLRI = acct.AccountLRI;
ClientAccountLookupBySessionKey[acct.ClientSessionKey] = acct;
//return session key in the service response
ServiceResponse<ServiceCredentials> resp = new ServiceResponse<ServiceCredentials>();
resp.ResponseObject = creds;
resp.Message = "OK";
return resp;
} else
{
return new ServiceResponse<ServiceCredentials>(true);
}
}
else
{
return new ServiceResponse<ServiceCredentials>(true);
}
}
public bool Login(LRI lri, string Password)
{
SHA1 hasher = SHA1.Create();
return LoginWithHash(lri,BitConverter.ToString(hasher.ComputeHash(System.Text.Encoding.UTF8.GetBytes(Password))).Replace("-", string.Empty));
}
public ServiceResponse<ServiceCredentials> RegisterNewAccount(string ServiceLRI, string DomainLRI, string Username, string passwordHash)
{
//get LRI from domain / username / hash
LRI UserLRI = IDMgr.GetUserLRI(new LRI(ServiceLRI), DomainLRI, Username, passwordHash);
if (UserLRI == null)
{
return new ServiceResponse<ServiceCredentials>(true);
}
else
{
if (ClientAccountLookup.ContainsKey(UserLRI))
{
ServiceResponse<ServiceCredentials> Resp = new ServiceResponse<ServiceCredentials>();
Resp.Error = true;
Resp.ErrorCode = 2;
Resp.Message = "A user with that LRI is already registered with this system.";
Resp.ResponseObject = null;
return Resp;
}
else
{
//we need this info
UserInfo info = new UserInfo();//UserManager.Identities[UserLRI.LRIString];
info.passwordHash = passwordHash;
info.Identity = IDMgr.GetUserLIdentity(new LRI(ServiceLRI), DomainLRI, Username, passwordHash);
//create new account and add this LRI info
ClientAccount Acct = new ClientAccount();
Acct._id = LDocumentManager.RequestGUID();
Acct.AccountLRI = new LRI(LCHARMSConfig.GetSection().LRI + "/" + Acct._id);
ClientAccountLookupByAcctID[Acct._id] = Acct;
AddIdentityToAccount(Acct._id, info, UserLRI);
//ServiceCredentials sc = new ServiceCredentials();
//Acct.ServiceCredentialsByLRI[userlri] =
//create a header for the account
string ID = LDocumentManager.RequestGUID();
LDocumentHeader NewFileHeader = new LDocumentHeader();
LRI hlri = new LRI(LCHARMSConfig.GetSection().LRI + "/" + ID);
NewFileHeader.DocType = DocumentType.DOC_HEADER;
NewFileHeader.DocumentID = ID;
NewFileHeader.FQDT = "lcharms.client.account";
NewFileHeader.FileName = Username.ToLower() + ".client.account";
NewFileHeader.DocumentLRI = hlri.ToString();
NewFileHeader.IsCopy = false;
NewFileHeader.LastAccessDate = DateTime.Now;
NewFileHeader.DataLength = 0;
//create an ACL for this new file
// assign it to the creation user
DocManager.AuthManager.CreateACE(ID, info.Identity, LDocACLPermission.GRANT |
LDocACLPermission.WRITE |
LDocACLPermission.READ |
LDocACLPermission.ACCESS_NEXT_VERSION |
LDocACLPermission.ACCESS_PREV_VERSION);
DocManager.AuthManager.CreateACE(ID, DocManager.AuthManager.PublicIdentity, LDocACLPermission.DENY);
Acct.AccountHeader = NewFileHeader;
SaveAccount(Acct);
return LoginID(UserLRI, passwordHash,false);
}
}
}
public void Logout(LRI lri)
{
ConnectionManager.GetIDConnection(new LRI(lri.BaseLRI)).Logout(lri.LRIString, Sessions[lri.LRIString].Session.SessionKey);
Sessions[lri.LRIString].Status = IDInfo.ID_STATUS.CLOSED;
Sessions[lri.LRIString].Session = null;
}
//save a single account to the DB
public void SaveAccount(LRI lri)
{
if (ClientAccountLookup.ContainsKey(lri))
{
SaveAccount(ClientAccountLookup[lri]);
}
}
public ServiceResponse<bool> AppendChild(ServiceCredentials Credentials, LRI hierarchyLRI, LRI parentLRI, LRI childLRI)
{
if (ValidateSession(Credentials, hierarchyLRI) && CanAccessDocument(Credentials, hierarchyLRI, LDocACLPermission.WRITE))
{
//todo: validate read access to parent and child lri as well
DocManager.AppendChild(hierarchyLRI, parentLRI, childLRI);
ServiceResponse<bool> Rep = new ServiceResponse<bool>(true);
return Rep;
}
else return ServiceResponse<bool>.InvalidCredentails();
}
public ServiceResponse<bool> RemoveTag(ServiceCredentials Credentials, LRI lri, string tag)
{
if (ValidateSession(Credentials, lri))
{
LIdentity ident = AuthorizationManager.GetAuthIdentityFromLRI(Credentials.UserLRIString);
LRI tagLRI = DocManager.GetTagDocumentLRI(ident, tag);
if (tagLRI != null)
{
if (CanAccessDocument(Credentials, tagLRI, LDocACLPermission.WRITE))
{
DocManager.RemoveTag(ident, lri, tag);
ServiceResponse<bool> Rep = new ServiceResponse<bool>(true);
return Rep;
}
else
{
return ServiceResponse<bool>.InvalidCredentails();
}
}
else
{
ServiceResponse<bool> Rep = new ServiceResponse<bool>(false);
Rep.Message = "Tag does not exist";
return Rep;
}
}
else return ServiceResponse<bool>.InvalidCredentails();
}
