public void IsTokenExpired_Test()
{
ValidateTokenRequest request = new ValidateTokenRequest {
Context = "NG", Token = "53287900d6a4850ebc395f67", Version = 1
};
ValidateTokenResponse response = SecurityManager.ValidateToken(request, "Engineer");
}
public PutDeleteMedMapResponse Put(PutDeleteMedMapRequest request)
{
PutDeleteMedMapResponse resp = new PutDeleteMedMapResponse();
ValidateTokenResponse result = null;
try
{
if (base.Request != null)
{
request.Token = base.Request.Headers["Token"] as string;
}
result = Security.IsUserValidated(request.Version, request.Token, request.ContractNumber);
if (result.UserId.Trim() != string.Empty)
{
request.UserId = result.UserId;
MedicationManager.DeleteMedicationMap(request);
}
else
{
throw new UnauthorizedAccessException();
}
}
catch (Exception ex)
{
CommonFormatter.FormatExceptionResponse(resp, base.Response, ex);
if ((ex is WebServiceException) == false)
{
MedicationManager.LogException(ex);
}
}
return(resp);
}
public ValidateTokenResponse ValidateTokenClaim(string jWTToken)
{
try
{
ClaimsPrincipal principal = GetPrincipal(jWTToken);
if (principal == null)
{
return(null);
}
var identity = (ClaimsIdentity)principal.Identity;
Claim pTokenClaimScope = identity.FindFirst("scope");
Claim pTokenCLaimUserId = identity.FindFirst("custom:CustomerId");
var validateTokenResponse = new ValidateTokenResponse()
{
scope = pTokenClaimScope.Value,
userid = pTokenCLaimUserId.Value
};
return(validateTokenResponse);
}
catch (Exception ex)
{
return(null);
}
}
///// <summary>
///// Example to return a HttpResult object with a decorated response.
///// </summary>
///// <param name="request">GetPatientUtilizationRequest</param>
///// <returns>object</returns>
//public object Get(GetPatientUtilizationRequest request)
//{
// GetPatientUtilizationResponse response = null;
// ValidateTokenResponse result = null;
// try
// {
// request.Token = base.Request.Headers["Token"] as string;
// result = Security.IsUserValidated(request.Version, request.Token, request.ContractNumber);
// if (result.UserId.Trim() != string.Empty)
// {
// request.UserId = result.UserId;
// response = UtilManager.GetPatientUtilization(request);
// }
// else
// throw new UnauthorizedAccessException();
// }
// catch (Exception ex)
// {
// CommonFormatter.FormatExceptionResponse(response, base.Response, ex);
// if ((ex is WebServiceException) == false)
// UtilManager.LogException(ex);
// }
// finally
// {
// List<string> patientIds = new List<string>();
// if (response.Utilization != null)
// patientIds.Add(response.Utilization.PatientId);
// if (result != null)
// AuditHelper.LogAuditData(request, result.SQLUserId, patientIds, HttpContext.Current.Request, request.GetType().Name);
// }
// return new HttpResult(response, HttpStatusCode.OK)
// {
// StatusDescription = "this is really cool!",
// Location = "www.google.com"
// };
//}
public GetPatientUtilizationResponse Get(GetPatientUtilizationRequest request)
{
GetPatientUtilizationResponse response = null;
ValidateTokenResponse result = null;
try
{
request.Token = base.Request.Headers["Token"] as string;
result = Security.IsUserValidated(request.Version, request.Token, request.ContractNumber);
if (result.UserId.Trim() != string.Empty)
{
request.UserId = result.UserId;
response = UtilManager.GetPatientUtilization(request);
}
else
throw new UnauthorizedAccessException();
}
catch (Exception ex)
{
CommonFormatter.FormatExceptionResponse(response, base.Response, ex);
if ((ex is WebServiceException) == false)
UtilManager.LogException(ex);
}
finally
{
List<string> patientIds = new List<string>();
if (response.Utilization != null)
patientIds.Add(response.Utilization.PatientId);
if (result != null)
AuditHelper.LogAuditData(request, result.SQLUserId, patientIds, HttpContext.Current.Request, request.GetType().Name);
}
return response;
}
public ValidateTokenResponse Validate(ValidateTokenRequest request, string securityToken)
{
try
{
ValidateTokenResponse response = null;
ObjectId tokenObjectId;
if (request != null)
{
if (ObjectId.TryParse(request.Token, out tokenObjectId))
{
MEAPISession session = _objectContext.APISessions.Collection.FindOneByIdAs <MEAPISession>(tokenObjectId);
if (session != null)
{
if (session.SecurityToken.ToUpper().Equals(securityToken.ToUpper()) &&
session.ContractNumber.ToUpper().Equals(request.ContractNumber.ToUpper()) &&
session.Product.ToUpper().Equals(request.Context.ToUpper()))
{
session.SessionTimeOut = DateTime.UtcNow.AddMinutes(session.SessionLengthInMinutes);
response = new ValidateTokenResponse
{
SessionLengthInMinutes = session.SessionLengthInMinutes,
SessionTimeOut = session.SessionTimeOut,
TokenId = session.Id.ToString(),
SQLUserId = session.SQLUserId,
UserId = session.UserId.ToString(),
UserName = session.UserName
};
_objectContext.APISessions.Collection.Save(session);
}
else
{
throw new UnauthorizedAccessException("SD:APISessionRepository:Validate():Invalid Security Authorization Request");
}
return(response);
}
else
{
throw new UnauthorizedAccessException("SD:APISessionRepository:Validate():Security Token does not exist");
}
}
else
{
throw new UnauthorizedAccessException("SD:APISessionRepository:Validate():Security Token is not in correct format.");
}
}
else
{
throw new UnauthorizedAccessException("SD:APISessionRepository:Validate():Request is invalid");
}
}
catch (Exception)
{
throw;
}
}
public ActionResult <string> Post([FromBody] ValidateTokenRequest request)
{
var tokenResult = JwtUtil.IsValidToken(request.Token, request.DeviceId);
var response = new ValidateTokenResponse()
{
Result = (tokenResult == JwtUtil.ValidateTokenResult.Success) ? (int)ResultCode.Success : (int)ResultCode.InvalidToken
};
return(JsonConvert.SerializeObject(response));
}
public void HitIsUserValidated()
{
// Arrange
double version = 1.0;
string contractNumber = "InHealth001";
string token = "5329910cd6a4850ebc313228";
string securityUrl = "http://localhost:888/Security";
string PhytelSecurityHeaderKey = "x-Phytel-Security";
string additionalToken = "Engineer";
int cycles = 1500;
int[] nums = Enumerable.Range(0, cycles).ToArray();
Parallel.ForEach(nums, num =>
//for (int i = 1; i <= 20; i++)
{
Stopwatch st = new Stopwatch();
try
{
st.Start();
IRestClient client = new JsonServiceClient();
JsonServiceClient.HttpWebRequestFilter = x =>
x.Headers.Add(string.Format("{0}: {1}", PhytelSecurityHeaderKey, additionalToken));
ValidateTokenResponse response = client.Post <ValidateTokenResponse>(string.Format("{0}/{1}/{2}/{3}/token",
securityUrl,
"NG",
version,
contractNumber),
new ValidateTokenRequest {
Token = token
} as object);
st.Stop();
if (String.IsNullOrEmpty(response.UserId))
{
throw new Exception("token: " + token + " Userid is null.");
}
Debug.WriteLine("thread" + num + " :: " + System.DateTime.Now.ToLongTimeString() + " :: " + st.ElapsedMilliseconds.ToString());
}
catch (Exception ex)
{
Debug.WriteLine("thread" + num + " :: " + System.DateTime.Now.ToLongTimeString() + " :: " + st.ElapsedMilliseconds.ToString() + ": Exception:" + ex.Message);
}
}
);
}
public GetMedNamesResponse Get(GetMedNamesRequest request)
{
GetMedNamesResponse response = new GetMedNamesResponse();
ValidateTokenResponse result = null;
try
{
if (base.Request != null)
{
request.Token = base.Request.Headers["Token"] as string;
}
result = Security.IsUserValidated(request.Version, request.Token, request.ContractNumber);
if (result.UserId.Trim() != string.Empty)
{
request.UserId = result.UserId;
var res = SearchManager.GetSearchMedNameResults(request);
var count = res.Count;
if (request.Take > 0 && res.Count > request.Take)
{
res = res.Take(request.Take).ToList();
response.Message = request.Take + " out of " + count + ". Please refine your search.";
}
response.ProprietaryNames = res;
}
else
{
throw new UnauthorizedAccessException();
}
}
catch (Exception ex)
{
CommonFormatterUtil.FormatExceptionResponse(response, base.Response, ex);
if ((ex is WebServiceException) == false)
{
SearchManager.LogException(ex);
}
}
finally
{
if (result != null)
{
string browser = (base.Request != null) ? base.Request.UserAgent : unknownBrowserType;
string hostAddress = (base.Request != null) ? base.Request.UserHostAddress : unknownUserHostAddress;
AuditUtil.LogAuditData(request, result.SQLUserId, null, browser, hostAddress, request.GetType().Name);
}
}
return(response);
}
public PostPatientAllergiesResponse Post(PostPatientAllergiesRequest request)
{
PostPatientAllergiesResponse response = new PostPatientAllergiesResponse();
ValidateTokenResponse result = null;
try
{
if (base.Request != null)
{
request.Token = base.Request.Headers["Token"] as string;
}
result = Security.IsUserValidated(request.Version, request.Token, request.ContractNumber);
if (result.UserId.Trim() != string.Empty)
{
request.UserId = result.UserId;
response.PatientAllergies = AllergyManager.UpdatePatientAllergies(request);
}
else
{
throw new UnauthorizedAccessException();
}
}
catch (Exception ex)
{
CommonFormatter.FormatExceptionResponse(response, base.Response, ex);
if ((ex is WebServiceException) == false)
{
AllergyManager.LogException(ex);
}
}
finally
{
List <string> patientIds = null;
if (request.PatientAllergies != null && request.PatientAllergies.Count > 0)
{
patientIds = new List <string>();
request.PatientAllergies.ForEach(p =>
{
patientIds.Add(p.PatientId);
});
}
if (result != null)
{
string browser = (base.Request != null) ? base.Request.UserAgent : unknownBrowserType;
string hostAddress = (base.Request != null) ? base.Request.UserHostAddress : unknownUserHostAddress;
AuditUtil.LogAuditData(request, result.SQLUserId, patientIds, browser, hostAddress, request.GetType().Name);
}
}
return(response);
}
public ValidateTokenResponse ValidateTheToken(string requestToken)
{
int reqToken = Int32.Parse(requestToken);
ValidateTokenResponse valTokenResp = _advertContext.Client.Where(c => c.IdClient == reqToken).Select(p => new ValidateTokenResponse
{
Login = p.Login,
IdClient = p.IdClient,
FirstName = p.FirstName,
TokenString = p.TokenString
}).FirstOrDefault();
return(valTokenResp);
}
public GetMedFieldsResponse Get(GetMedFieldsRequest request)
{
GetMedFieldsResponse response = new GetMedFieldsResponse();
ValidateTokenResponse result = null;
try
{
if (base.Request != null)
{
request.Token = base.Request.Headers["Token"] as string;
}
result = Security.IsUserValidated(request.Version, request.Token, request.ContractNumber);
if (result.UserId.Trim() != string.Empty)
{
request.UserId = result.UserId;
var results = SearchManager.GetSearchMedFieldsResults(request);
response.DosageForms = results.FormList;
response.Routes = results.RouteList;
response.Strengths = results.StrengthList;
response.Units = results.UnitsList;
}
else
{
throw new UnauthorizedAccessException();
}
}
catch (Exception ex)
{
CommonFormatterUtil.FormatExceptionResponse(response, base.Response, ex);
if ((ex is WebServiceException) == false)
{
SearchManager.LogException(ex);
}
}
finally
{
if (result != null)
{
string browser = (base.Request != null) ? base.Request.UserAgent : unknownBrowserType;
string hostAddress = (base.Request != null) ? base.Request.UserHostAddress : unknownUserHostAddress;
AuditUtil.LogAuditData(request, result.SQLUserId, null, browser, hostAddress, request.GetType().Name);
}
}
return(response);
}
public GetPatientSystemsResponse Get(GetPatientSystemsRequest request)
{
GetPatientSystemsResponse response = new GetPatientSystemsResponse();
ValidateTokenResponse result = null;
try
{
if (base.Request != null)
{
request.Token = base.Request.Headers["Token"] as string;
}
result = Security.IsUserValidated(request.Version, request.Token, request.ContractNumber);
if (result.UserId.Trim() != string.Empty)
{
ServiceContext.UserId = result.UserId;
response.PatientSystems = PatientSystemManager.GetPatientSystems(ServiceContext, request.PatientId);
}
else
{
throw new UnauthorizedAccessException();
}
}
catch (Exception ex)
{
CommonFormatterUtil.FormatExceptionResponse(response, base.Response, ex);
if ((ex is WebServiceException) == false)
{
PatientSystemManager.LogException(ex);
}
}
finally
{
if (result != null)
{
List <string> patientIds = null;
if (response.PatientSystems != null)
{
patientIds = response.PatientSystems.Select(x => x.PatientId).ToList();
}
string browser = (base.Request != null) ? base.Request.UserAgent : unknownBrowserType;
string hostAddress = (base.Request != null) ? base.Request.UserHostAddress : unknownUserHostAddress;
AuditUtil.LogAuditData(request, result.SQLUserId, patientIds, browser, hostAddress, request.GetType().Name);
}
}
return(response);
}
public GetInitializeGoalResponse Get(GetInitializeGoalRequest request)
{
GetInitializeGoalResponse response = new GetInitializeGoalResponse();
GoalsManager gm = new GoalsManager();
ValidateTokenResponse result = null;
try
{
request.Token = base.Request.Headers["Token"] as string;
result = Security.IsUserValidated(request.Version, request.Token, request.ContractNumber);
if (result.UserId.Trim() != string.Empty)
{
request.UserId = result.UserId;
response = gm.GetInitialGoalRequest(request);
}
else
{
throw new UnauthorizedAccessException();
}
}
catch (Exception ex)
{
CommonFormatter.FormatExceptionResponse(response, base.Response, ex);
if ((ex is WebServiceException) == false)
{
gm.LogException(ex);
}
}
finally
{
List <string> patientIds = null;
if (response.Goal != null)
{
patientIds = new List <string>();
patientIds.Add(response.Goal.PatientId);
}
if (result != null)
{
AuditHelper.LogAuditData(request, result.SQLUserId, patientIds, System.Web.HttpContext.Current.Request, request.GetType().Name);
}
}
return(response);
}
public PostSaveActionResponse Post(PostSaveActionRequest request)
{
var response = new PostSaveActionResponse();
var intm = new PlanManager();
ValidateTokenResponse result = null;
try
{
request.Token = base.Request.Headers["Token"] as string;
result = Security.IsUserValidated(request.Version, request.Token, request.ContractNumber);
if (result.UserId.Trim() != string.Empty)
{
request.UserId = result.UserId;
response = intm.SaveActionResults(request);
}
else
{
throw new UnauthorizedAccessException();
}
}
catch (Exception ex)
{
CommonFormatter.FormatExceptionResponse(response, base.Response, ex);
if ((ex is WebServiceException) == false)
{
intm.LogException(ex);
}
}
finally
{
List <string> patientIds = null;
if (!string.IsNullOrEmpty(response.PatientId))
{
patientIds = new List <string> {
response.PatientId
};
}
if (result != null)
{
AuditHelper.LogAuditData(request, result.SQLUserId, patientIds, System.Web.HttpContext.Current.Request, request.GetType().Name);
}
}
return(response);
}
public PutPatientUtilizationResponse Put(PutPatientUtilizationRequest request)
{
PutPatientUtilizationResponse response = null;
ValidateTokenResponse result = null;
try
{
request.Token = base.Request.Headers["Token"] as string;
result = Security.IsUserValidated(request.Version, request.Token, request.ContractNumber);
if (result.UserId.Trim() != string.Empty)
{
// refactor this validators to a pattern
if (string.IsNullOrEmpty(request.Utilization.Id))
throw new ArgumentException("Missing utilization id");
if (string.IsNullOrEmpty(request.Utilization.PatientId))
throw new ArgumentException("Missing patientid");
if (string.IsNullOrEmpty(request.Utilization.VisitTypeId))
throw new ArgumentException("Missing visittypeid");
request.UserId = result.UserId;
response = UtilManager.UpdatePatientUtilization(request);
}
else
throw new UnauthorizedAccessException();
}
catch (Exception ex)
{
CommonFormatter.FormatExceptionResponse(response, base.Response, ex);
if ((ex is WebServiceException) == false)
UtilManager.LogException(ex);
}
finally
{
List<string> patientIds = new List<string>();
if (response.Result)
{
patientIds.Add(request.PatientId);
AuditHelper.LogAuditData(request, result.SQLUserId, patientIds, HttpContext.Current.Request, request.GetType().Name);
}
}
return response;
}
public GetContactByContactIdResponse Get(GetContactByContactIdRequest request)
{
GetContactByContactIdResponse response = new GetContactByContactIdResponse();
try
{
if (base.Request != null)
{
request.Token = base.Request.Headers["Token"] as string;
}
ValidateTokenResponse result = null;
result = Security.IsUserValidated(request.Version, request.Token, request.ContractNumber);
if (result.UserId.Trim() != string.Empty)
{
request.UserId = result.UserId;
response.Contact = ContactManager.GetContactByContactId(request);
}
else
{
throw new UnauthorizedAccessException();
}
}
catch (Exception ex)
{
CommonFormatter.FormatExceptionResponse(response, base.Response, ex);
if ((ex is WebServiceException) == false)
{
ContactManager.LogException(ex);
}
}
finally
{
//List<string> patientIds = new List<string>();
//patientIds.Add(request.PatientId);
//if (result != null)
//{
// string browser = (base.Request != null) ? base.Request.UserAgent : unknownBrowserType;
// string hostAddress = (base.Request != null) ? base.Request.UserHostAddress : unknownUserHostAddress;
// AuditUtil.LogAuditData(request, result.SQLUserId, patientIds, browser, hostAddress, request.GetType().Name);
//}
}
return(response);
}
public AddCareTeamMemberResponse Post(AddCareTeamMemberRequest request)
{
if (request == null)
{
throw new ArgumentNullException("request");
}
var response = new AddCareTeamMemberResponse();
ValidateTokenResponse result = null;
try
{
request.Token = base.Request.Headers["Token"] as string;
result = Security.IsUserValidated(request.Version, request.Token, request.ContractNumber);
if (result.UserId.Trim() != string.Empty)
{
request.UserId = result.UserId;
var dataResponse = ContactManager.AddCareTeamMember(request);
response.Id = dataResponse.Id;
}
else
{
throw new UnauthorizedAccessException();
}
}
catch (Exception ex)
{
CommonFormatter.FormatExceptionResponse(response, base.Response, ex);
if ((ex is WebServiceException) == false)
{
ContactManager.LogException(ex);
}
}
finally
{
if (result != null)
{
AuditHelper.LogAuditData(request, result.SQLUserId, null, System.Web.HttpContext.Current.Request, request.GetType().Name);
}
}
return(response);
}
public ValidateTokenResponse IsUserValidated(double version, string token, string contractNumber)
{
try
{
ValidateTokenResponse response = new ValidateTokenResponse();
response.UserId = "000000000000000000000000";
if (String.IsNullOrEmpty(response.UserId))
{
throw new Exception("token: " + token + " Userid is null.");
}
return(response);
}
catch (Exception ex)
{
throw new Exception("AD:IsUserValidated()::" + ex.Message, ex.InnerException);
}
}
public async Task <IActionResult> ValidateToken([FromRoute] Guid cardId, [FromBody] ValidateTokenRequest request, CancellationToken cancellationToken)
{
if (request == null)
{
return(BadRequest());
}
var commandInput = new ValidateCardTokenCommandInput(request.CustomerId, cardId, request.Token, request.CVV);
var commandResult = await _mediator.Send(commandInput, cancellationToken);
if (!commandResult.IsValid())
{
return(BadRequest());
}
var response = new ValidateTokenResponse(commandResult.Validated);
return(Ok(response));
}
public PostInitializeMedicationMapResponse Post(PostInitializeMedicationMapRequest request)
{
PostInitializeMedicationMapResponse response = new PostInitializeMedicationMapResponse();
ValidateTokenResponse result = null;
try
{
if (base.Request != null)
{
request.Token = base.Request.Headers["Token"] as string;
}
result = Security.IsUserValidated(request.Version, request.Token, request.ContractNumber);
if (result.UserId.Trim() != string.Empty)
{
request.UserId = result.UserId;
response.MedicationMap = MedicationManager.InitializeMedicationMap(request);
}
else
{
throw new UnauthorizedAccessException();
}
}
catch (Exception ex)
{
CommonFormatter.FormatExceptionResponse(response, base.Response, ex);
if ((ex is WebServiceException) == false)
{
MedicationManager.LogException(ex);
}
}
finally
{
if (result != null)
{
string browser = (base.Request != null) ? base.Request.UserAgent : unknownBrowserType;
string hostAddress = (base.Request != null) ? base.Request.UserHostAddress : unknownUserHostAddress;
AuditUtil.LogAuditData(request, result.SQLUserId, null, browser, hostAddress, request.GetType().Name);
}
}
return(response);
}
public void ValidateToken_Test()
{
string PhytelSecurityHeaderKey = "x-Phytel-Security";
string additionalToken = "Engineer";
IRestClient client = new JsonServiceClient();
JsonServiceClient.HttpWebRequestFilter = x =>
x.Headers.Add(string.Format("{0}: {1}", PhytelSecurityHeaderKey, additionalToken));
ValidateTokenResponse response = client.Post <ValidateTokenResponse>(string.Format("{0}/{1}/{2}/{3}/token",
"http://localhost:888/Security",
"NG",
1,
"InHealth001"),
new ValidateTokenRequest {
Token = "53162017072ef71b5c3d8e4f"
} as object);
Assert.IsNotNull(response);
}
public ValidateTokenResponse Post(ValidateTokenRequest request)
{
ValidateTokenResponse response = new ValidateTokenResponse();
try
{
//pull token from request coming in to validate token
string securityToken = HttpContext.Current.Request.Headers.Get(_phytelSecurityToken);
// validate user against apiuser datastore
response = SecurityManager.ValidateToken(request, securityToken);
}
catch (Exception ex)
{
CommonFormatter.FormatExceptionResponse(response, base.Response, ex);
if ((ex is WebServiceException) == false)
{
LogException(ex);
}
}
return(response);
}
public ValidateTokenResponse IsUserValidated(double version, string token, string contractNumber)
{
try
{
if (string.IsNullOrEmpty(token))
{
throw new UnauthorizedAccessException("Token is null or empty.");
}
string additionalToken = BuildSecurityToken();
IRestClient client = new JsonServiceClient(); //we don't use the ngutils createjson service because we are not calling a data domain here
JsonServiceClient.HttpWebRequestFilter = x =>
x.Headers.Add(string.Format("{0}: {1}", PhytelSecurityHeaderKey, additionalToken));
//[Route("/{Context}/{Version}/{ContractNumber}/token", "POST")]
ValidateTokenResponse response = client.Post <ValidateTokenResponse>(string.Format("{0}/{1}/{2}/{3}/token",
ADSecurityServiceURL,
"NG",
version,
contractNumber),
new ValidateTokenRequest {
Token = token
} as object);
if (String.IsNullOrEmpty(response.UserId))
{
throw new Exception("token: " + token + " Userid is null.");
}
return(response);
}
catch (Exception ex)
{
throw;
}
}
public GetAllCareManagersResponse Get(GetAllCareManagersRequest request)
{
GetAllCareManagersResponse response = new GetAllCareManagersResponse();
ValidateTokenResponse result = null;
try
{
request.Token = base.Request.Headers["Token"] as string;
result = Security.IsUserValidated(request.Version, request.Token, request.ContractNumber);
if (result.UserId.Trim() != string.Empty)
{
request.UserId = result.UserId;
response.Contacts = ContactManager.GetCareManagers(request);
response.Version = request.Version;
}
else
{
throw new UnauthorizedAccessException();
}
}
catch (Exception ex)
{
CommonFormatter.FormatExceptionResponse(response, base.Response, ex);
if ((ex is WebServiceException) == false)
{
ContactManager.LogException(ex);
}
}
finally
{
if (result != null)
{
AuditHelper.LogAuditData(request, result.SQLUserId, null, System.Web.HttpContext.Current.Request, request.GetType().Name);
}
}
return(response);
}
