/*
* Rotating this user's password could potentially break the current user, so ensure that the return password
* is stored someplace safely.
*/
public async Task <string> RotateAgentPassword(string agent, string newPassword = null)
{
ClientSession agentSession = _sessions[agent];
CardSavrResponse <List <User> > u = await agentSession.client.GetUsersAsync(new NameValueCollection()
{
{ "username", agent }
});
if (u == null)
{
throw new ArgumentException($"Username {agent} does not exist");
}
else if (u.Body.Count > 1)
{
throw new ArgumentException($"{u.Body.Count} users for ${agent}, there should only be one.");
}
PropertyBag bag = new PropertyBag();
bag["username"] = agent;
string password = (newPassword ?? ApiUtil.GenerateStretchedPassword(agent, 20)); //bag gets mutated
bag["password"] = password;
CardSavrResponse <PropertyBag> response = await agentSession.client.UpdateUserPasswordAsync((int)u.Body[0].id, bag);
if (response.Body != null)
{
return(password);
}
throw new ArgumentException("Couldn't update provided password.");
}
public async Task <String> RotateIntegrator(string user, string integrator_name)
{
ClientSession agentSession = _sessions[user];
CardSavrResponse <List <Integrator> > response = await agentSession.client.GetIntegratorsAsync(new NameValueCollection()
{
{ "name", integrator_name }
});
if (response.Body == null || response.Body.Count > 1)
{
throw new ArgumentException($"Can't reset unknown integrator: {integrator_name}");
}
Integrator integrator = response.Body[0];
CardSavrResponse <Integrator> updated = await agentSession.client.RotateIntegratorsAsync(integrator.id);
return(updated.Body.current_key);
}
public async Task <ClientLogin> CreateCard(string agent, Cardholder cardholder, Card card, Address address, string financialInstitution = null, string safeKey = null)
{
//don't need the login data
ClientSession agentSession = _sessions[agent];
PropertyBag u = new PropertyBag();
u["email"] = cardholder.email;
u["cuid"] = cardholder.cuid;
u["custom_data"] = cardholder.custom_data;
//set the missing settings for model
if (String.IsNullOrEmpty(cardholder.first_name))
{
u["first_name"] = address.first_name;
}
if (String.IsNullOrEmpty(cardholder.last_name))
{
u["last_name"] = address.last_name;
}
if (String.IsNullOrEmpty(card.name_on_card))
{
card.name_on_card = $"{u["first_name"]} {u["last_name"]}";
}
CardSavrResponse <Cardholder> cardholderResponse = await agentSession.client.CreateCardholderAsync(u, safeKey, financialInstitution);
if (cardholderResponse.Body == null || cardholderResponse.Body.id == null)
{
throw new RequestException($"No body returned Creating Cardholder: {u}");
}
int cardholderId = cardholderResponse.Body.id ?? -1;
address.cardholder_id = cardholderId;
CardSavrResponse <Address> addressResponse = await agentSession.client.CreateAddressAsync(ApiUtil.BuildPropertyBagFromObject(address));
card.cardholder_id = cardholderId;
card.address_id = addressResponse.Body.id ?? -1;
card.par = ApiUtil.GenerateRandomPAR(card.pan, card.expiration_month, card.expiration_year, cardholderResponse.Body.cuid);
CardSavrResponse <Card> cardResponse = await agentSession.client.CreateCardAsync(ApiUtil.BuildPropertyBagFromObject(card), safeKey);
return(new ClientLogin()
{
grant = cardholderResponse.Body.grant, card = cardResponse.Body, address = addressResponse.Body, cardholder = cardholderResponse.Body
});
}
// Could be exposed publicly to give advanced users more flexibility.
private async Task <CardSavrResponse <List <T> > > ApiMultiPutDelAsync <T>(
string path, string pathWithId, QueryDef qd, HttpMethod method, object body,
string safeKey, Paging paging = null, HttpRequestHeaders headers = null)
where T : class
{
// by default we just tack the id on the end (we assume no trailing slash).
pathWithId = pathWithId ?? path + "/{0}";
CardSavrResponse <List <T> > result;
if (qd.IsID)
{
// this is a singular operation, so just do it.
CardSavrResponse <T> singleResponse = await ApiPutDelAsync <T>(
pathWithId, qd.ID, method, body, safeKey, headers);
// then transform the result into a list.
result = new CardSavrResponse <List <T> >()
{
StatusCode = singleResponse.StatusCode,
Paging = singleResponse.Paging,
Body = new List <T>()
{
singleResponse.Body
}
};
}
else
{
// get all the things implied by the query parameters, the iterate through and perform
// the operation on each thing successively.
result = await ApiGetAsync <List <T> >(path, qd, paging, headers);
foreach (T t in result.Body)
{
// we have to use reflection on a generic type.
string id = Convert.ToString(t.GetType().GetProperty("id").GetValue(t));
// should probably have some error handling here so we can continue on failure.
await ApiPutDelAsync <T>(pathWithId, id, method, body, safeKey, headers);
}
}
return(result);
}
LoginAsync(HttpRequestHeaders headers = null)
{
object body = new Login()
{
client_public_key = _data.Ecdh.PublicKey,
username = _data.UserName,
password_proof = _data.Password != null?HashUtil.HmacSign(_data.StaticKey, MakePasswordKey(_data.UserName, _data.Password), true) : null
};
CardSavrResponse <LoginResult> result = await ApiPostAsync <LoginResult>(
"/session/login", body, null, headers);
// the shared secret will be used in future encrpyted communications.
_data.SessionToken = result.Body.session_token;
_data.Ecdh.ComputeSharedSecret(result.Body.server_public_key, true);
log.Info("received server public key; computed shared secret.");
return(result);
}
public async Task <ClientSession> LoginAndCreateSession(string username,
string password,
string trace = null)
{
if (_sessions.ContainsKey(username))
{
return(_sessions[username]);
}
CardSavrHttpClient session = new CardSavrHttpClient(_rejectUnauthorized);
session.Setup(_cardsavrServer, _appKey, _appName, username, password, trace);
CardSavrResponse <LoginResult> login = await session.Init();
_sessions[username] = new ClientSession {
client = session
};
return(_sessions[username]);
}
