public Task <ResourceSet> Execute(string id)
{
if (string.IsNullOrWhiteSpace(id))
{
throw new ArgumentNullException(nameof(id));
}
return(_resourceSetRepository.Get(id));
}
public async Task <string> Execute(AddPolicyParameter addPolicyParameter)
{
var json = addPolicyParameter == null ? string.Empty : JsonConvert.SerializeObject(addPolicyParameter);
_umaServerEventSource.StartAddingAuthorizationPolicy(json);
if (addPolicyParameter == null)
{
throw new ArgumentNullException(nameof(addPolicyParameter));
}
if (addPolicyParameter.ResourceSetIds == null || !addPolicyParameter.ResourceSetIds.Any())
{
throw new BaseUmaException(ErrorCodes.InvalidRequestCode,
string.Format(ErrorDescriptions.TheParameterNeedsToBeSpecified, Constants.AddPolicyParameterNames.ResourceSetIds));
}
foreach (var resourceSetId in addPolicyParameter.ResourceSetIds)
{
var resourceSet = await _repositoryExceptionHelper.HandleException(
string.Format(ErrorDescriptions.TheResourceSetCannotBeRetrieved, resourceSetId),
() => _resourceSetRepository.Get(resourceSetId));
if (resourceSet == null)
{
throw new BaseUmaException(ErrorCodes.InvalidResourceSetId, string.Format(ErrorDescriptions.TheResourceSetDoesntExist, resourceSetId));
}
if (addPolicyParameter.Scopes.Any(r => !resourceSet.Scopes.Contains(r)))
{
throw new BaseUmaException(ErrorCodes.InvalidScope, ErrorDescriptions.OneOrMoreScopesDontBelongToAResourceSet);
}
}
// Insert policy
var policy = new Policy
{
Id = Guid.NewGuid().ToString(),
ClientIds = addPolicyParameter.ClientIdsAllowed,
ResourceSetIds = addPolicyParameter.ResourceSetIds,
IsResourceOwnerConsentNeeded = addPolicyParameter.IsResourceOwnerConsentNeeded,
Script = addPolicyParameter.Script,
Scopes = addPolicyParameter.Scopes,
Claims = addPolicyParameter.Claims == null ? new List <Claim>() : addPolicyParameter.Claims.Select(c => new Claim
{
Type = c.Type,
Value = c.Value
}).ToList()
};
await _repositoryExceptionHelper.HandleException(ErrorDescriptions.ThePolicyCannotBeInserted, () => _policyRepository.Add(policy));
_umaServerEventSource.FinishToAddAuthorizationPolicy(JsonConvert.SerializeObject(policy));
return(policy.Id);
}
public async Task <bool> Execute(UpdatePolicyParameter updatePolicyParameter)
{
if (updatePolicyParameter == null)
{
throw new ArgumentNullException(nameof(updatePolicyParameter));
}
if (string.IsNullOrWhiteSpace(updatePolicyParameter.PolicyId))
{
throw new BaseUmaException(ErrorCodes.InvalidRequestCode, string.Format(ErrorDescriptions.TheParameterNeedsToBeSpecified, "id"));
}
_umaServerEventSource.StartUpdateAuthorizationPolicy(JsonConvert.SerializeObject(updatePolicyParameter));
var policy = await _repositoryExceptionHelper.HandleException(
string.Format(ErrorDescriptions.TheAuthorizationPolicyCannotBeRetrieved, updatePolicyParameter.PolicyId),
() => _policyRepository.Get(updatePolicyParameter.PolicyId));
if (policy == null)
{
return(false);
}
foreach (var resourceSetId in policy.ResourceSetIds)
{
var resourceSet = await _resourceSetRepository.Get(resourceSetId).ConfigureAwait(false);
if (updatePolicyParameter.Scopes.Any(r => !resourceSet.Scopes.Contains(r)))
{
throw new BaseUmaException(ErrorCodes.InvalidScope, ErrorDescriptions.OneOrMoreScopesDontBelongToAResourceSet);
}
}
policy.Scopes = updatePolicyParameter.Scopes;
policy.IsResourceOwnerConsentNeeded = updatePolicyParameter.IsResourceOwnerConsentNeeded;
policy.Claims = new List <Claim>();
policy.Script = updatePolicyParameter.Script;
if (updatePolicyParameter.Claims != null)
{
policy.Claims = updatePolicyParameter.Claims.Select(c => new Claim
{
Type = c.Type,
Value = c.Value
}).ToList();
}
var result = await _repositoryExceptionHelper.HandleException(
string.Format(ErrorDescriptions.TheAuthorizationPolicyCannotBeUpdated, updatePolicyParameter.PolicyId),
() => _policyRepository.Update(policy));
_umaServerEventSource.FinishUpdateAuhthorizationPolicy(JsonConvert.SerializeObject(updatePolicyParameter));
return(result);
}
public async Task <bool> Execute(AddResourceSetParameter addResourceSetParameter)
{
if (addResourceSetParameter == null)
{
throw new ArgumentNullException(nameof(addResourceSetParameter));
}
if (string.IsNullOrWhiteSpace(addResourceSetParameter.PolicyId))
{
throw new BaseUmaException(ErrorCodes.InvalidRequestCode, string.Format(ErrorDescriptions.TheParameterNeedsToBeSpecified, Constants.AddResourceSetParameterNames.PolicyId));
}
if (addResourceSetParameter.ResourceSets == null ||
!addResourceSetParameter.ResourceSets.Any())
{
throw new BaseUmaException(ErrorCodes.InvalidRequestCode, string.Format(ErrorDescriptions.TheParameterNeedsToBeSpecified, Constants.AddResourceSetParameterNames.ResourceSet));
}
_umaServerEventSource.StartAddResourceToAuthorizationPolicy(addResourceSetParameter.PolicyId, string.Join(",", addResourceSetParameter.ResourceSets));
var policy = await _repositoryExceptionHelper.HandleException(
string.Format(ErrorDescriptions.TheAuthorizationPolicyCannotBeRetrieved, addResourceSetParameter.PolicyId),
() => _policyRepository.Get(addResourceSetParameter.PolicyId));
if (policy == null)
{
return(false);
}
foreach (var resourceSetId in addResourceSetParameter.ResourceSets)
{
var resourceSet = await _repositoryExceptionHelper.HandleException(
string.Format(ErrorDescriptions.TheResourceSetCannotBeRetrieved, resourceSetId),
() => _resourceSetRepository.Get(resourceSetId));
if (resourceSet == null)
{
throw new BaseUmaException(ErrorCodes.InvalidResourceSetId, string.Format(ErrorDescriptions.TheResourceSetDoesntExist, resourceSetId));
}
}
var resourceSetIds = policy.ResourceSetIds.ToList();
resourceSetIds.AddRange(addResourceSetParameter.ResourceSets);
policy.ResourceSetIds = resourceSetIds;
var result = await _repositoryExceptionHelper.HandleException(
ErrorDescriptions.ThePolicyCannotBeUpdated,
() => _policyRepository.Update(policy));
_umaServerEventSource.FinishAddResourceToAuthorizationPolicy(addResourceSetParameter.PolicyId, string.Join(",", addResourceSetParameter.ResourceSets));
return(result);
}
public async Task <string> Execute(ShareResourceParameter shareResourceParameter)
{
if (shareResourceParameter == null)
{
throw new ArgumentNullException(nameof(shareResourceParameter));
}
if (string.IsNullOrWhiteSpace(shareResourceParameter.ResourceId))
{
throw new BaseUmaException(Errors.ErrorCodes.InvalidRequestCode, Errors.ErrorDescriptions.TheResourceIdMustBeSpecified);
}
if (shareResourceParameter.Scopes == null)
{
throw new BaseUmaException(Errors.ErrorCodes.InvalidRequestCode, Errors.ErrorDescriptions.TheScopesMustBeSpecified);
}
var resource = await _resourceSetRepository.Get(shareResourceParameter.ResourceId).ConfigureAwait(false);
if (resource == null)
{
throw new UmaResourceNotFoundException();
}
if (!shareResourceParameter.Scopes.All(s => resource.Scopes.Contains(s)))
{
throw new BaseUmaException(Errors.ErrorCodes.InvalidRequestCode, Errors.ErrorDescriptions.TheScopeAreNotValid);
}
if (resource.Owner != shareResourceParameter.Owner)
{
throw new UmaNotAuthorizedException();
}
var sharedLink = new SharedLink
{
ConfirmationCode = Guid.NewGuid().ToString(),
ResourceId = resource.Id,
Scopes = shareResourceParameter.Scopes
};
if (!await _sharedLinkRepository.Insert(sharedLink))
{
throw new BaseUmaException(Errors.ErrorCodes.InternalError, Errors.ErrorDescriptions.TheSharedLinkCannotBeInserted);
}
return(sharedLink.ConfirmationCode);
}
public async Task <bool> Execute(string id, string resourceId)
{
if (string.IsNullOrWhiteSpace(id))
{
throw new ArgumentNullException(nameof(id));
}
if (string.IsNullOrWhiteSpace(resourceId))
{
throw new ArgumentNullException(nameof(resourceId));
}
_umaServerEventSource.StartRemoveResourceFromAuthorizationPolicy(id, resourceId);
var policy = await _repositoryExceptionHelper.HandleException(
string.Format(ErrorDescriptions.TheAuthorizationPolicyCannotBeRetrieved, id),
() => _policyRepository.Get(id));
if (policy == null)
{
return(false);
}
var resourceSet = await _repositoryExceptionHelper.HandleException(
string.Format(ErrorDescriptions.TheResourceSetCannotBeRetrieved, resourceId),
() => _resourceSetRepository.Get(resourceId));
if (resourceSet == null)
{
throw new BaseUmaException(ErrorCodes.InvalidResourceSetId,
string.Format(ErrorDescriptions.TheResourceSetDoesntExist, resourceId));
}
if (policy.ResourceSetIds == null || !policy.ResourceSetIds.Contains(resourceId))
{
throw new BaseUmaException(ErrorCodes.InvalidResourceSetId,
ErrorDescriptions.ThePolicyDoesntContainResource);
}
var resourceSetIds = policy.ResourceSetIds.ToList();
resourceSetIds.Remove(resourceId);
policy.ResourceSetIds = resourceSetIds;
var result = await _policyRepository.Update(policy).ConfigureAwait(false);
_umaServerEventSource.FinishRemoveResourceFromAuthorizationPolicy(id, resourceId);
return(result);
}
public async Task <ResourceValidationResult> IsAuthorized(string openidProvider, Ticket validTicket, ClaimTokenParameter claimTokenParameter)
{
if (string.IsNullOrWhiteSpace(openidProvider))
{
throw new ArgumentNullException(nameof(openidProvider));
}
if (validTicket == null)
{
throw new ArgumentNullException(nameof(validTicket));
}
if (validTicket.Lines == null || !validTicket.Lines.Any())
{
throw new ArgumentNullException(nameof(validTicket.Lines));
}
var resourceIds = validTicket.Lines.Select(l => l.ResourceSetId);
var resources = await _resourceSetRepository.Get(resourceIds);
if (resources == null || !resources.Any() || resources.Count() != resourceIds.Count())
{
throw new BaseUmaException(ErrorCodes.InternalError, ErrorDescriptions.SomeResourcesDontExist);
}
ResourceValidationResult validationResult = null;
foreach (var ticketLine in validTicket.Lines)
{
var ticketLineParameter = new TicketLineParameter(ticketLine.Scopes);
if (validTicket.Audiences != null && validTicket.Audiences.Any())
{
ticketLineParameter.ClientId = validTicket.Audiences.First();
}
var resource = resources.First(r => r.Id == ticketLine.ResourceSetId);
validationResult = await Validate(openidProvider, ticketLineParameter, resource, claimTokenParameter).ConfigureAwait(false);
if (!validationResult.IsValid)
{
_umaServerEventSource.AuthorizationPoliciesFailed(validTicket.Id);
return(validationResult);
}
}
return(validationResult);
}
public async Task <AuthorizationPolicyResult> IsAuthorized(Ticket validTicket, string clientId, List <ClaimTokenParameter> claimTokenParameters)
{
if (validTicket == null)
{
throw new ArgumentNullException(nameof(validTicket));
}
if (string.IsNullOrWhiteSpace(clientId))
{
throw new ArgumentNullException(nameof(clientId));
}
var resourceSet = await _resourceSetRepository.Get(validTicket.ResourceSetId);
if (resourceSet == null)
{
throw new BaseUmaException(ErrorCodes.InternalError,
string.Format(ErrorDescriptions.TheResourceSetDoesntExist, validTicket.ResourceSetId));
}
if (resourceSet.Policies == null ||
!resourceSet.Policies.Any())
{
return(new AuthorizationPolicyResult
{
Type = AuthorizationPolicyResultEnum.Authorized
});
}
foreach (var authorizationPolicy in resourceSet.Policies)
{
var result = await _basicAuthorizationPolicy.Execute(validTicket, authorizationPolicy, claimTokenParameters);
if (result.Type != AuthorizationPolicyResultEnum.Authorized)
{
_umaServerEventSource.AuthorizationPolicyFailed(authorizationPolicy.Id);
return(result);
}
}
return(new AuthorizationPolicyResult
{
Type = AuthorizationPolicyResultEnum.Authorized
});
}
private async Task CheckAddPermissionParameter(IEnumerable<AddPermissionParameter> addPermissionParameters)
{
// 1. Get resource sets.
var resourceSets = await _repositoryExceptionHelper.HandleException(
ErrorDescriptions.TheResourceSetsCannotBeRetrieved,
() => _resourceSetRepository.Get(addPermissionParameters.Select(p => p.ResourceSetId)));
// 2. Check parameters & scope exist.
foreach (var addPermissionParameter in addPermissionParameters)
{
if (string.IsNullOrWhiteSpace(addPermissionParameter.ResourceSetId))
{
throw new BaseUmaException(
ErrorCodes.InvalidRequestCode,
string.Format(ErrorDescriptions.TheParameterNeedsToBeSpecified, Constants.AddPermissionNames.ResourceSetId));
}
if (addPermissionParameter.Scopes == null ||
!addPermissionParameter.Scopes.Any())
{
throw new BaseUmaException(
ErrorCodes.InvalidRequestCode,
string.Format(ErrorDescriptions.TheParameterNeedsToBeSpecified, Constants.AddPermissionNames.Scopes));
}
var resourceSet = resourceSets.FirstOrDefault(r => addPermissionParameter.ResourceSetId == r.Id);
if (resourceSet == null)
{
throw new BaseUmaException(
ErrorCodes.InvalidResourceSetId,
string.Format(ErrorDescriptions.TheResourceSetDoesntExist, addPermissionParameter.ResourceSetId));
}
if (resourceSet.Scopes == null ||
addPermissionParameter.Scopes.Any(s => !resourceSet.Scopes.Contains(s)))
{
throw new BaseUmaException(
ErrorCodes.InvalidScope,
ErrorDescriptions.TheScopeAreNotValid);
}
}
}
public async Task <AuthorizationPolicyResult> IsAuthorized(Ticket validTicket, string clientId, ClaimTokenParameter claimTokenParameter)
{
if (validTicket == null)
{
throw new ArgumentNullException(nameof(validTicket));
}
if (string.IsNullOrWhiteSpace(clientId))
{
throw new ArgumentNullException(nameof(clientId));
}
if (validTicket.Lines == null || !validTicket.Lines.Any())
{
throw new ArgumentNullException(nameof(validTicket.Lines));
}
var resourceIds = validTicket.Lines.Select(l => l.ResourceSetId);
var resources = await _resourceSetRepository.Get(resourceIds);
if (resources == null || !resources.Any() || resources.Count() != resourceIds.Count())
{
throw new BaseUmaException(ErrorCodes.InternalError, ErrorDescriptions.SomeResourcesDontExist);
}
AuthorizationPolicyResult validationResult = null;
foreach (var ticketLine in validTicket.Lines)
{
var ticketLineParameter = new TicketLineParameter(clientId, ticketLine.Scopes, validTicket.IsAuthorizedByRo);
var resource = resources.First(r => r.Id == ticketLine.ResourceSetId);
validationResult = await Validate(ticketLineParameter, resource, claimTokenParameter);
if (validationResult.Type != AuthorizationPolicyResultEnum.Authorized)
{
_umaServerEventSource.AuthorizationPoliciesFailed(validTicket.Id);
return(validationResult);
}
}
return(validationResult);
}
public async Task <bool> Execute(UpdateResourceSetParameter udpateResourceSetParameter)
{
if (udpateResourceSetParameter == null)
{
throw new ArgumentNullException(nameof(udpateResourceSetParameter));
}
var json = JsonConvert.SerializeObject(udpateResourceSetParameter);
_umaServerEventSource.StartToUpdateResourceSet(json);
var resourceSet = new ResourceSet
{
Id = udpateResourceSetParameter.Id,
Name = udpateResourceSetParameter.Name,
Uri = udpateResourceSetParameter.Uri,
Type = udpateResourceSetParameter.Type,
Scopes = udpateResourceSetParameter.Scopes,
IconUri = udpateResourceSetParameter.IconUri,
Owner = udpateResourceSetParameter.Owner,
AcceptPendingRequest = udpateResourceSetParameter.AcceptPendingRequest
};
if (string.IsNullOrWhiteSpace(udpateResourceSetParameter.Id))
{
throw new BaseUmaException(ErrorCodes.InvalidRequestCode, string.Format(ErrorDescriptions.TheParameterNeedsToBeSpecified, "id"));
}
_resourceSetParameterValidator.CheckResourceSetParameter(resourceSet);
if (await _resourceSetRepository.Get(udpateResourceSetParameter.Id) == null)
{
return(false);
}
if (!await _resourceSetRepository.Update(resourceSet))
{
throw new BaseUmaException(ErrorCodes.InternalError, string.Format(ErrorDescriptions.TheResourceSetCannotBeUpdated, resourceSet.Id));
}
_umaServerEventSource.FinishToUpdateResourceSet(json);
return(true);
}
public async Task <bool> Execute(ConfirmSharedLinkParameter confirmSharedLinkParameter)
{
if (confirmSharedLinkParameter == null)
{
throw new ArgumentNullException(nameof(confirmSharedLinkParameter));
}
if (string.IsNullOrWhiteSpace(confirmSharedLinkParameter.ConfirmationCode))
{
throw new BaseUmaException(Errors.ErrorCodes.InvalidRequestCode, Errors.ErrorDescriptions.TheConfirmationCodeMustBeSpecified);
}
var sharedLink = await _sharedLinkRepository.Get(confirmSharedLinkParameter.ConfirmationCode).ConfigureAwait(false);
if (sharedLink == null)
{
throw new BaseUmaException(Errors.ErrorCodes.InvalidRequestCode, Errors.ErrorDescriptions.TheConfirmationCodeIsInvalid);
}
var resourceId = sharedLink.ResourceId;
var resource = await _resourceSetRepository.Get(resourceId).ConfigureAwait(false);
if (resource == null)
{
throw new BaseUmaException(Errors.ErrorCodes.InternalError, string.Format(Errors.ErrorDescriptions.TheResourceSetDoesntExist, resourceId));
}
if (resource.Owner == confirmSharedLinkParameter.Subject)
{
throw new BaseUmaException(Errors.ErrorCodes.InternalError, Errors.ErrorDescriptions.TheSharedLinkCannotBeUsedByTheOwner);
}
var policy = new Policy
{
Id = Guid.NewGuid().ToString(),
ResourceSetIds = new List <string> {
resourceId
},
Claims = new List <Claim>
{
new Claim
{
Type = "sub",
Value = confirmSharedLinkParameter.Subject
}
},
Scopes = sharedLink.Scopes.ToList()
};
using (var transaction = new CommittableTransaction(new TransactionOptions {
IsolationLevel = IsolationLevel.ReadCommitted
}))
{
try
{
await _sharedLinkRepository.Delete(sharedLink.ConfirmationCode).ConfigureAwait(false);
await _policyRepository.Add(policy).ConfigureAwait(false);
transaction.Commit();
}
catch
{
transaction.Rollback();
throw;
}
}
return(true);
}
public async Task <AuthorizationPolicyResult> IsAuthorized(
Ticket validTicket,
Client client,
ClaimTokenParameter claimTokenParameter,
CancellationToken cancellationToken)
{
if (validTicket.Lines.Length == 0)
{
throw new ArgumentException(nameof(validTicket.Lines));
}
var handler = new JwtSecurityTokenHandler();
var validationParameters = await client.CreateValidationParameters(_jwksStore, cancellationToken : cancellationToken).ConfigureAwait(false);
var requester = handler.ValidateToken(claimTokenParameter.Token, validationParameters, out _);
var resourceIds = validTicket.Lines.Select(l => l.ResourceSetId).ToArray();
var resources = await _resourceSetRepository.Get(cancellationToken, resourceIds).ConfigureAwait(false);
if (resources.Length == 0 || resources.Length != resourceIds.Length)
{
return(new AuthorizationPolicyResult(AuthorizationPolicyResultKind.NotAuthorized, requester));
}
AuthorizationPolicyResult?validationResult = null;
foreach (var ticketLine in validTicket.Lines)
{
var ticketLineParameter = new TicketLineParameter(
client.ClientId,
ticketLine.Scopes,
validTicket.IsAuthorizedByRo);
var resource = resources.First(r => r.Id == ticketLine.ResourceSetId);
validationResult = await Validate(
ticketLineParameter,
resource,
claimTokenParameter.Format,
requester,
cancellationToken)
.ConfigureAwait(false);
switch (validationResult.Result)
{
case AuthorizationPolicyResultKind.RequestSubmitted:
await _eventPublisher.Publish(
new AuthorizationRequestSubmitted(
Id.Create(),
validTicket.Id,
client.ClientId,
requester.Claims.Select(claim => new ClaimData {
Type = claim.Type, Value = claim.Value
}),
DateTimeOffset.UtcNow))
.ConfigureAwait(false);
return(validationResult);
case AuthorizationPolicyResultKind.Authorized:
break;
case AuthorizationPolicyResultKind.NotAuthorized:
case AuthorizationPolicyResultKind.NeedInfo:
default:
{
await _eventPublisher.Publish(
new AuthorizationPolicyNotAuthorized(
Id.Create(),
validTicket.Id,
DateTimeOffset.UtcNow))
.ConfigureAwait(false);
return(validationResult);
}
}
}
return(validationResult !);
}
public async Task <bool> Execute(UpdateResourcePermissionsParameter updateResourcePermissionsParameter)
{
if (updateResourcePermissionsParameter == null)
{
throw new ArgumentNullException(nameof(updateResourcePermissionsParameter));
}
if (string.IsNullOrWhiteSpace(updateResourcePermissionsParameter.ResourceId))
{
throw new BaseUmaException(Errors.ErrorCodes.InvalidRequestCode, Errors.ErrorDescriptions.TheResourceIdMustBeSpecified);
}
var resource = await _resourceSetRepository.Get(updateResourcePermissionsParameter.ResourceId).ConfigureAwait(false);
if (resource == null)
{
throw new UmaResourceNotFoundException();
}
if (updateResourcePermissionsParameter.Subject != resource.Owner)
{
throw new UmaNotAuthorizedException();
}
var policiesToBeUpdated = resource.AuthPolicies.ToList();
var policiesToBeRemoved = new List <string>();
var length = policiesToBeUpdated.Count();
for (int i = length - 1; i >= 0; i--)
{
var policy = policiesToBeUpdated.ElementAt(i);
var policyParameter = updateResourcePermissionsParameter.PolicyIds.FirstOrDefault(p => p == policy.Id);
if (policyParameter == null)
{
policiesToBeUpdated.Remove(policy);
policiesToBeRemoved.Add(policy.Id);
}
}
using (var transaction = new CommittableTransaction(new TransactionOptions {
IsolationLevel = IsolationLevel.ReadCommitted
}))
{
try
{
var operations = new List <Task <bool> >();
foreach (var policyId in policiesToBeRemoved)
{
operations.Add(_policyRepository.Delete(policyId));
}
await Task.WhenAll(operations).ConfigureAwait(false);
transaction.Commit();
return(true);
}
catch
{
transaction.Rollback();
throw;
}
}
}
public async Task <bool> Execute(UpdatePolicyParameter updatePolicyParameter)
{
// Check the parameters
if (updatePolicyParameter == null)
{
throw new ArgumentNullException(nameof(updatePolicyParameter));
}
if (string.IsNullOrWhiteSpace(updatePolicyParameter.PolicyId))
{
throw new BaseUmaException(ErrorCodes.InvalidRequestCode, string.Format(ErrorDescriptions.TheParameterNeedsToBeSpecified, "id"));
}
if (updatePolicyParameter.Rules == null || !updatePolicyParameter.Rules.Any())
{
throw new BaseUmaException(ErrorCodes.InvalidRequestCode, string.Format(ErrorDescriptions.TheParameterNeedsToBeSpecified, Constants.AddPolicyParameterNames.Rules));
}
_umaServerEventSource.StartUpdateAuthorizationPolicy(JsonConvert.SerializeObject(updatePolicyParameter));
// Check the authorization policy exists.
var policy = await _repositoryExceptionHelper.HandleException(
string.Format(ErrorDescriptions.TheAuthorizationPolicyCannotBeRetrieved, updatePolicyParameter.PolicyId),
() => _policyRepository.Get(updatePolicyParameter.PolicyId));
if (policy == null)
{
return(false);
}
policy.Rules = new List <PolicyRule>();
// Check all the scopes are valid.
foreach (var resourceSetId in policy.ResourceSetIds)
{
var resourceSet = await _resourceSetRepository.Get(resourceSetId);
if (updatePolicyParameter.Rules.Any(r => r.Scopes != null && !r.Scopes.All(s => resourceSet.Scopes.Contains(s))))
{
throw new BaseUmaException(ErrorCodes.InvalidScope, ErrorDescriptions.OneOrMoreScopesDontBelongToAResourceSet);
}
}
// Update the authorization policy.
foreach (var ruleParameter in updatePolicyParameter.Rules)
{
var claims = new List <Claim>();
if (ruleParameter.Claims != null)
{
claims = ruleParameter.Claims.Select(c => new Claim
{
Type = c.Type,
Value = c.Value
}).ToList();
}
policy.Rules.Add(new PolicyRule
{
Id = ruleParameter.Id,
ClientIdsAllowed = ruleParameter.ClientIdsAllowed,
IsResourceOwnerConsentNeeded = ruleParameter.IsResourceOwnerConsentNeeded,
Scopes = ruleParameter.Scopes,
Script = ruleParameter.Script,
Claims = claims,
OpenIdProvider = ruleParameter.OpenIdProvider
});
}
var result = await _repositoryExceptionHelper.HandleException(
string.Format(ErrorDescriptions.TheAuthorizationPolicyCannotBeUpdated, updatePolicyParameter.PolicyId),
() => _policyRepository.Update(policy));
_umaServerEventSource.FinishUpdateAuhthorizationPolicy(JsonConvert.SerializeObject(updatePolicyParameter));
return(result);
}
