Пример #1
0
        public ActionResult AddPermission(string groupid, string email, int accessType)
        {
            if (email == null)
            {
                return(Ok(new { Data = "User not found..." }));
            }

            string userid = "QuantAppSecure_" + email.ToLower().Replace('@', '.').Replace(':', '.');

            QuantApp.Kernel.User user = QuantApp.Kernel.User.FindUser(userid);

            if (user != null)
            {
                QuantApp.Kernel.Group group = QuantApp.Kernel.Group.FindGroup(groupid);
                if (group == null)
                {
                    group = QuantApp.Kernel.Group.FindGroup(groupid.Replace("_WorkSpace", ""));
                }

                if (group == null)
                {
                    group = QuantApp.Kernel.Group.CreateGroup(groupid, groupid);
                }


                group.Add(user, typeof(QuantApp.Kernel.User), (AccessType)accessType);

                return(Ok(new { Data = "ok" }));
            }

            return(Ok(new { Data = "User not found..." }));
        }
        public ActionResult RemovePermission(string pid, string groupid)
        {
            string userId = this.User.QID();

            if (userId == null)
            {
                return(null);
            }

            QuantApp.Kernel.IPermissible permissible = QuantApp.Kernel.User.FindUser(pid);

            if (permissible == null)
            {
                permissible = QuantApp.Kernel.User.FindUserBySecret(pid);
            }

            if (permissible == null)
            {
                permissible = FileRepository.File(pid);
            }

            QuantApp.Kernel.Group group = QuantApp.Kernel.Group.FindGroup(groupid);
            if (group == null)
            {
                group = QuantApp.Kernel.Group.FindGroup(groupid.Replace("_Workflow", ""));
            }

            if (permissible != null)
            {
                group.Remove(permissible);

                return(Ok(new { Data = "ok" }));
            }
            return(BadRequest(new { Data = "Permissible ID not found" }));
        }
        public ActionResult SubGroups(string groupid, bool aggregated)
        {
            string userId = this.User.QID();

            if (userId == null)
            {
                return(null);
            }

            QuantApp.Kernel.User  user = QuantApp.Kernel.User.FindUser(userId);
            QuantApp.Kernel.Group role = QuantApp.Kernel.Group.FindGroup(groupid);

            if (role == null)
            {
                return(BadRequest(new { Data = "Group not found" }));
            }

            List <Group>  sgroups = role.SubGroups(aggregated);
            List <object> jres    = new List <object>();

            foreach (Group group in sgroups)
            {
                jres.Add(new
                {
                    ID          = group.ID,
                    Name        = group.Name,
                    Description = group.Description,
                    ParentID    = group.Parent == null ? null : group.Parent.ID
                });
            }

            return(Ok(jres));
        }
Пример #4
0
        public ActionResult SubGroupsApp(string groupid, bool aggregated)
        {
            string userId = this.User.QID();

            if (userId == null)
            {
                return(null);
            }

            QuantApp.Kernel.User  user = QuantApp.Kernel.User.FindUser(userId);
            QuantApp.Kernel.Group role = QuantApp.Kernel.Group.FindGroup(groupid);

            List <Group> sgroups = role.SubGroups(aggregated);



            List <object> jres = new List <object>();

            foreach (Group group in sgroups)
            {
                AccessType ac = group.Permission(null, user);
                if (ac != AccessType.Denied)
                {
                    jres.Add(new
                    {
                        ID          = group.ID,
                        Name        = group.Name,
                        Description = group.Description,
                        Permission  = ac.ToString(),
                    });
                }
            }

            return(Ok(jres));
        }
        public IActionResult Group(string groupid)
        {
            string userId = this.User.QID();

            if (userId == null)
            {
                return(null);
            }

            QuantApp.Kernel.User  user  = QuantApp.Kernel.User.FindUser(userId);
            QuantApp.Kernel.Group group = QuantApp.Kernel.Group.FindGroup(groupid);

            if (group == null)
            {
                return(BadRequest(new { Data = "Group not found" }));
            }

            AccessType ac = group.Permission(null, user);

            if (ac != AccessType.Denied)
            {
                return(Ok(new {
                    ID = group.ID,
                    Name = group.Name,
                    ParentID = group.Parent == null ? null : group.Parent.ID,
                    Description = group.Description
                }));
            }

            return(BadRequest(new { Data = "Group access denied" }));
        }
        public ActionResult SetPermission(string userid, string groupid, int accessType)
        {
            string userId = this.User.QID();

            if (userId == null)
            {
                return(null);
            }

            QuantApp.Kernel.User  user  = QuantApp.Kernel.User.FindUser(userid);
            QuantApp.Kernel.Group group = QuantApp.Kernel.Group.FindGroup(groupid);
            if (group == null)
            {
                group = QuantApp.Kernel.Group.FindGroup(groupid.Replace("_Workflow", ""));
            }

            if (group == null)
            {
                group = QuantApp.Kernel.Group.CreateGroup(groupid, groupid);
            }

            group.Add(user, typeof(QuantApp.Kernel.User), (AccessType)accessType);

            return(Ok(new { Data = "ok" }));
        }
        public async Task<IActionResult> Files(string groupid)
        {
            string userId = this.User.QID();
            if (userId == null)
                return Unauthorized();

            QuantApp.Kernel.User user = QuantApp.Kernel.User.FindUser(userId);
            QuantApp.Kernel.Group role = QuantApp.Kernel.Group.FindGroup(groupid);

            if(role == null)
                return BadRequest(new { Data = "Group not found "});

            List<object> jres = new List<object>();

            List<IPermissible> files = role.List(user, typeof(FilePermission), false);
            foreach (FilePermission file_mem in files)
            {
                FilePermission file = FileRepository.File(file_mem.ID);
                if (file != null)
                    jres.Add(new { 
                        ID = file.ID, 
                        Name = file.Name, 
                        Owner = file.Owner.FirstName + " " + file.Owner.LastName, 
                        Size = file.Size, 
                        Date = (file.Timestamp.ToString("yyyy/MM/dd")), 
                        Type = file.Type, 
                        Permission = (int)role.Permission(null, file_mem) 
                        });
                else
                    role.Remove(file_mem);
            }
            return Ok(jres);
        }
        public IActionResult Users(string groupid)
        {
            string userId = this.User.QID();

            if (userId == null)
            {
                return(null);
            }

            QuantApp.Kernel.User  user = QuantApp.Kernel.User.FindUser(userId);
            QuantApp.Kernel.Group role = QuantApp.Kernel.Group.FindGroup(groupid);

            if (role == null)
            {
                role = QuantApp.Kernel.Group.FindGroup(groupid.Replace("_Workflow", ""));
            }

            if (role == null)
            {
                role = QuantApp.Kernel.Group.CreateGroup(groupid, groupid);
            }

            List <IPermissible> users = role.Master.List(QuantApp.Kernel.User.CurrentUser, typeof(QuantApp.Kernel.User), false);

            List <object> jres = new List <object>();

            foreach (QuantApp.Kernel.User user_mem in users)
            {
                QuantApp.Kernel.User quser = QuantApp.Kernel.User.FindUser(user_mem.ID);

                if (quser != null)
                {
                    var ac  = role.Permission(null, user_mem);
                    var exp = role.Expiry(null, user_mem);

                    if (quser.ID != "System")
                    {
                        jres.Add(new
                        {
                            ID         = quser.ID,
                            FirstName  = quser.FirstName,
                            LastName   = quser.LastName,
                            Email      = quser.Email,
                            Permission = ac.ToString(),
                            Expiry     = new { year = exp.Year, month = exp.Month, day = exp.Day },
                            MetaData   = quser.MetaData,
                        });
                    }
                }
                else
                {
                    role.Remove(user_mem);
                }
            }

            return(Ok(jres));
        }
        public ActionResult UserData(string id, string groupid, bool aggregated)
        {
            string userId = this.User.QID();

            if (userId == null)
            {
                return(null);
            }

            QuantApp.Kernel.User user = QuantApp.Kernel.User.FindUser(userId);

            QuantApp.Kernel.User quser = QuantApp.Kernel.User.FindUser(id);

            QuantApp.Kernel.Group role = QuantApp.Kernel.Group.FindGroup(groupid);

            if (role == null)
            {
                return(null);
            }

            List <Group> sgroups = role.SubGroups(aggregated);


            List <object> jres = new List <object>();

            var lastLogin = UserRepository.LastUserLogin(id);

            foreach (QuantApp.Kernel.Group group in sgroups)
            {
                if (!group.Name.StartsWith("Personal: "))
                {
                    AccessType accessType = group.Permission(null, quser);

                    jres.Add(
                        new
                    {
                        ID         = group.ID,
                        Name       = group.Name,
                        Permission = accessType.ToString()
                    }
                        );
                }
            }

            return(Ok(new {
                ID = quser.ID,
                Email = quser.Email,
                Permission = role.Permission(null, quser).ToString(),
                MetaData = quser.MetaData,
                FirstName = quser.FirstName,
                LastName = quser.LastName,
                LastLogin = lastLogin,
                Groups = jres
            }));
        }
        public ActionResult SetPermission(string pid, string groupid, int accessType, int year = 9999, int month = 12, int day = 31)
        {
            string userId = this.User.QID();

            if (userId == null)
            {
                return(null);
            }

            QuantApp.Kernel.IPermissible permissible = QuantApp.Kernel.User.FindUser(pid);

            if (permissible == null)
            {
                permissible = QuantApp.Kernel.User.FindUserBySecret(pid);
            }

            if (permissible == null)
            {
                permissible = FileRepository.File(pid);
            }

            if (permissible == null)
            {
                return(BadRequest(new { Data = "Permissible ID was not found" }));
            }

            try
            {
                var testAccesss = (AccessType)accessType;
            }
            catch
            {
                return(BadRequest(new { Data = "accessType needs to be an integer between -2 and 2" }));
            }

            QuantApp.Kernel.Group group = QuantApp.Kernel.Group.FindGroup(groupid);
            if (group == null)
            {
                group = QuantApp.Kernel.Group.FindGroup(groupid.Replace("_Workflow", ""));
            }

            if (group == null)
            {
                group = QuantApp.Kernel.Group.CreateGroup(groupid, groupid);
            }

            group.Add(permissible, typeof(QuantApp.Kernel.User), (AccessType)accessType, new DateTime(year, month, day));

            return(Ok(new { Data = "ok" }));
        }
Пример #11
0
        public async Task <IActionResult> UserData(string groupid, string type)
        {
            string userId = this.User.QID();

            if (userId == null)
            {
                return(Unauthorized());
            }

            QuantApp.Kernel.User quser = QuantApp.Kernel.User.FindUser(userId);

            QuantApp.Kernel.Group group = QuantApp.Kernel.Group.FindGroup(groupid);

            return(Ok(Newtonsoft.Json.JsonConvert.DeserializeObject(quser.GetData(group, type))));
        }
        public ActionResult AddPermission(string groupid, string email, int accessType, int year = 9999, int month = 12, int day = 31)
        {
            if (email == null)
            {
                return(BadRequest(new { Data = "User not found..." }));
            }

            try
            {
                var testAccesss = (AccessType)accessType;
            }
            catch
            {
                return(BadRequest(new { Data = "accessType needs to be an integer between -2 and 2" }));
            }

            string userid = "QuantAppSecure_" + email.ToLower().Replace('@', '.').Replace(':', '.');

            QuantApp.Kernel.User user = QuantApp.Kernel.User.FindUser(userid);

            if (user != null)
            {
                QuantApp.Kernel.Group group = QuantApp.Kernel.Group.FindGroup(groupid);
                if (group == null)
                {
                    group = QuantApp.Kernel.Group.FindGroup(groupid.Replace("_Workflow", ""));
                }

                if (group == null)
                {
                    group = QuantApp.Kernel.Group.CreateGroup(groupid, groupid);
                }


                group.Add(user, typeof(QuantApp.Kernel.User), (AccessType)accessType, new DateTime(year, month, day));

                return(Ok(new { Data = "ok" }));
            }

            return(BadRequest(new { Data = "User not found..." }));
        }
Пример #13
0
        public ActionResult RemovePermission(string userid, string groupid)
        {
            string userId = this.User.QID();

            if (userId == null)
            {
                return(null);
            }

            QuantApp.Kernel.User  user  = QuantApp.Kernel.User.FindUser(userid);
            QuantApp.Kernel.Group group = QuantApp.Kernel.Group.FindGroup(groupid);
            if (group == null)
            {
                group = QuantApp.Kernel.Group.FindGroup(groupid.Replace("_WorkSpace", ""));
            }


            group.Remove(user);

            return(Ok("done"));
        }
Пример #14
0
        public async Task <IActionResult> SaveUserData([FromBody] SaveUserDataClass data)
        {
            string userId = this.User.QID();

            if (userId == null)
            {
                return(Unauthorized());
            }

            QuantApp.Kernel.User quser = QuantApp.Kernel.User.FindUser(data.UserID);

            QuantApp.Kernel.Group group = QuantApp.Kernel.Group.FindGroup(data.GroupID);
            if (group == null)
            {
                return(BadRequest(new { Data = "Group not found" }));
            }

            quser.SaveData(group, data.Type, data.ToString());

            return(Ok(new { Result = "ok" }));
        }
Пример #15
0
        public ActionResult GetPermission(string pid, string groupid)
        {
            string userId = this.User.QID();

            if (userId == null)
            {
                return(null);
            }

            QuantApp.Kernel.IPermissible permissible = QuantApp.Kernel.User.FindUser(pid);
            if (permissible == null)
            {
                permissible = FileRepository.File(pid);
            }

            if (permissible == null)
            {
                return(BadRequest(new { Data = "Permissible ID not found" }));
            }

            QuantApp.Kernel.Group group = QuantApp.Kernel.Group.FindGroup(groupid);
            if (group == null)
            {
                group = QuantApp.Kernel.Group.FindGroup(groupid.Replace("_Workflow", ""));
            }

            if (group == null)
            {
                return(BadRequest(new { Data = "Group ID not found" }));
            }

            if (permissible != null)
            {
                return(Ok(new { Data = group.Permission(null, permissible) }));
            }

            return(Ok(new { Data = AccessType.Denied }));
        }
Пример #16
0
        public ActionResult GetExpiry(string groupid)
        {
            string userId = this.User.QID();

            if (userId == null)
            {
                return(null);
            }

            QuantApp.Kernel.IPermissible permissible = QuantApp.Kernel.User.FindUser(userId);
            QuantApp.Kernel.Group        group       = QuantApp.Kernel.Group.FindGroup(groupid);
            if (group == null)
            {
                group = QuantApp.Kernel.Group.FindGroup(groupid.Replace("_Workflow", ""));
            }

            if (permissible != null && group != null)
            {
                return(Ok(new { Data = group.Expiry(null, permissible) }));
            }

            return(Ok(new { Data = DateTime.MaxValue }));
        }
Пример #17
0
        public ActionResult GetPermission(string groupid)
        {
            string userId = this.User.QID();

            if (userId == null)
            {
                return(null);
            }

            QuantApp.Kernel.IPermissible permissible = QuantApp.Kernel.User.FindUser(userId);
            QuantApp.Kernel.Group        group       = QuantApp.Kernel.Group.FindGroup(groupid);
            if (group == null)
            {
                group = QuantApp.Kernel.Group.FindGroup(groupid.Replace("_Workflow", ""));
            }

            if (permissible != null && group != null)
            {
                return(Ok(new { Data = group.Permission(null, permissible) }));
            }

            return(Ok(new { Data = AccessType.Denied }));
        }
Пример #18
0
        public IActionResult GroupDataApp(string groupid)
        {
            string userId = this.User.QID();

            if (userId == null)
            {
                return(null);
            }

            QuantApp.Kernel.User  user  = QuantApp.Kernel.User.FindUser(userId);
            QuantApp.Kernel.Group group = QuantApp.Kernel.Group.FindGroup(groupid);

            string profile = group.GetProperty("Profile");

            string        url       = group.Master.GetProperty("URL");
            List <object> jres_apps = new List <object>();

            object jres = null;

            AccessType ac = group.Permission(null, user);

            if (ac != AccessType.Denied)
            {
                jres = new
                {
                    ID          = group.ID,
                    Name        = group.Name,
                    Master      = group == group.Master,
                    Description = group.Description,
                    Profile     = profile,
                    URL         = url
                }
            }
            ;

            return(Ok(jres));
        }
Пример #19
0
        public ActionResult RemovePermission(string userid, string groupid)
        {
            string userId = this.User.QID();

            if (userId == null)
            {
                return(null);
            }

            QuantApp.Kernel.User  user  = QuantApp.Kernel.User.FindUser(userid);
            QuantApp.Kernel.Group group = QuantApp.Kernel.Group.FindGroup(groupid);
            if (group == null)
            {
                group = QuantApp.Kernel.Group.FindGroup(groupid.Replace("_Workflow", ""));
            }

            if (user != null)
            {
                group.Remove(user);

                return(Ok(new { Data = "ok" }));
            }
            return(Ok(new { Data = "error" }));
        }
Пример #20
0
        public static List <object> GraphGroups(string access_code)
        {
            if (!(Program.config["Server"]["OAuth"] != null && Program.config["Server"]["OAuth"]["AzureAdB2C"] != null))
            {
                return(null);
            }

            var defGroupId = Program.config["Server"]["OAuth"] != null && Program.config["Server"]["OAuth"]["AzureAdB2C"] != null && Program.config["Server"]["OAuth"]["AzureAdB2C"]["DefaultGroupId"] != null ? Program.config["Server"]["OAuth"]["AzureAdB2C"]["DefaultGroupId"].ToString() : "";
            var defGroup   = QuantApp.Kernel.Group.FindGroup(defGroupId);

            string res    = "";
            var    result = new List <object>();

            Task.Run(async() => {
                using (HttpClient httpClient = new HttpClient()){
                    httpClient.Timeout = Timeout.InfiniteTimeSpan;

                    httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
                    httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", access_code);

                    var req  = new HttpRequestMessage(HttpMethod.Get, "https://graph.microsoft.com/v1.0/groups");
                    var data = await httpClient.SendAsync(req);

                    res = await data.Content.ReadAsStringAsync();

                    var groups = JObject.Parse(res);

                    foreach (var group in groups["value"])
                    {
                        var id   = group["id"].ToString();
                        var name = group["displayName"].ToString();

                        req  = new HttpRequestMessage(HttpMethod.Get, "https://graph.microsoft.com/v1.0/groups/" + id + "/members?$select=identities,surname,givenName");
                        data = await httpClient.SendAsync(req);

                        res = await data.Content.ReadAsStringAsync();

                        var members = JObject.Parse(res);

                        var sub_result = new List <object>();


                        // Create Group
                        var qgroup = QuantApp.Kernel.Group.FindGroup(id);
                        if (qgroup == null)
                        {
                            qgroup        = QuantApp.Kernel.Group.CreateGroup(name, id);
                            qgroup.Parent = defGroup;
                        }

                        foreach (var member in members["value"])
                        {
                            var email = "";
                            foreach (var identity in member["identities"])
                            {
                                if (identity["signInType"].ToString() == "emailAddress")
                                {
                                    email = identity["issuerAssignedId"].ToString();
                                }
                            }

                            var firstName = member["givenName"].ToString();
                            var lastName  = member["surname"].ToString();

                            sub_result.Add(new { Email = email, FirstName = firstName, LastName = lastName });

                            if (email != "")
                            {
                                var qid   = "QuantAppSecure_" + email.ToLower().Replace('@', '.').Replace(':', '.');
                                var quser = QuantApp.Kernel.User.FindUser(qid);

                                if (quser == null)
                                {
                                    var nuser = UserRepository.CreateUser(System.Guid.NewGuid().ToString(), "QuantAppSecure");

                                    nuser.FirstName = firstName != null ? firstName : "No first name";
                                    nuser.LastName  = lastName != null ? lastName : "No last name";
                                    nuser.Email     = email.ToLower();

                                    nuser.TenantName = qid;
                                    nuser.Hash       = QuantApp.Kernel.Adapters.SQL.Factories.SQLUserFactory.GetMd5Hash(System.Guid.NewGuid().ToString());

                                    nuser.Secret = QuantApp.Engine.Code.GetMd5Hash(qid);

                                    quser = QuantApp.Kernel.User.FindUser(qid);
                                    QuantApp.Kernel.Group publicGroup = QuantApp.Kernel.Group.FindGroup("Public");
                                    publicGroup.Add(quser, typeof(QuantApp.Kernel.User), AccessType.Invited);

                                    if (defGroup != null)
                                    {
                                        defGroup.Add(quser, typeof(QuantApp.Kernel.User), AccessType.View);
                                    }
                                }

                                if (qgroup != null)
                                {
                                    qgroup.Add(quser, typeof(QuantApp.Kernel.User), AccessType.View);
                                }
                            }
                        }

                        List <IPermissible> users = qgroup.Master.List(QuantApp.Kernel.User.CurrentUser, typeof(QuantApp.Kernel.User), false);
                        foreach (var u in users)
                        {
                            var qu     = u as QuantApp.Kernel.User;
                            var emails = sub_result.Where(x => {
                                dynamic d = x;
                                return(d.Email == qu.Email);
                            });

                            var perm = qgroup.Permission(null, qu);

                            if (emails.Count() == 0 && perm != AccessType.Write)
                            {
                                qgroup.Remove(qu);
                            }
                        }

                        result.Add(new { ID = id, Name = name, Members = sub_result });
                    }
                }
            }).Wait();

            return(result);
        }
Пример #21
0
        public async Task <ActionResult> Register([FromBody] SecureRegisterViewModel model)
        {
            if (ModelState.IsValid)
            {
                string id = "QuantAppSecure_" + model.Email.ToLower().Replace('@', '.').Replace(':', '.');
                QuantApp.Kernel.User quser = QuantApp.Kernel.User.FindUser(id);
                if (quser == null)
                {
                    var user = UserRepository.CreateUser(System.Guid.NewGuid().ToString(), "QuantAppSecure");

                    user.FirstName = model.FirstName;
                    user.LastName  = model.LastName;
                    user.Email     = model.Email.ToLower();

                    string profile = model.GroupID;

                    user.TenantName = id;
                    user.Hash       = QuantApp.Kernel.Adapters.SQL.Factories.SQLUserFactory.GetMd5Hash(model.Password);

                    if (model.Secret != null)
                    {
                        if (_secrets.ContainsKey(model.Secret))
                        {
                            user.Secret = _secrets[model.Secret];
                        }
                    }

                    var sessionKey = System.Guid.NewGuid().ToString();
                    sessionKeys.TryAdd(sessionKey, user.Secret);
                    revSessionKeys.TryAdd(user.Secret, sessionKey);
                    Response.Cookies.Append("coflows", sessionKey, new CookieOptions()
                    {
                        Expires = DateTime.Now.AddHours(24)
                    });

                    var claims = new[]
                    {
                        new Claim(ClaimTypes.Email, user.Email)
                    };

                    var key   = new SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes(Program.jwtKey));
                    var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);

                    var token = new JwtSecurityToken(
                        issuer: "coflows-ce",
                        audience: "coflows-ce",
                        claims: claims,
                        expires: DateTime.Now.AddDays(10),
                        signingCredentials: creds);



                    quser = QuantApp.Kernel.User.FindUser(id);
                    QuantApp.Kernel.Group group = QuantApp.Kernel.Group.FindGroup("Public");
                    group.Add(quser, typeof(QuantApp.Kernel.User), AccessType.Invited);

                    QuantApp.Kernel.Group gp = Group.FindGroup(profile);
                    if (gp != null)
                    {
                        gp.Add(quser, typeof(QuantApp.Kernel.User), AccessType.Invited);
                    }

                    return(Ok(new
                    {
                        User = quser.ToUserData(),
                        token = new JwtSecurityTokenHandler().WriteToken(token),
                        Secret = quser.Secret,
                        Session = sessionKey
                    }));
                }
                else
                {
                    return(BadRequest(new { Value = false, ID = "Email is already in use..." }));
                }
            }

            string messages = string.Join("<br\\> ", ModelState.Values
                                          .SelectMany(x => x.Errors)
                                          .Select(x => x.ErrorMessage));

            return(Ok(new { Value = false, ID = messages }));
        }
Пример #22
0
        public static string QID(this IPrincipal user)
        {
            if (user == null)
            {
                return(null);
            }

            var identity = user.Identity as ClaimsIdentity;

            if (identity != null)
            {
                var email = identity.Claims.SingleOrDefault(c => c.Type.Equals(ClaimTypes.Email, StringComparison.OrdinalIgnoreCase));
                if (email == null)
                {
                    email = identity.Claims.SingleOrDefault(c => c.Type.Equals("emails", StringComparison.OrdinalIgnoreCase));
                }

                if (email != null && !string.IsNullOrEmpty(email.Value))
                {
                    AzureAD.Sync();

                    var id    = "QuantAppSecure_" + email.Value.ToLower().Replace('@', '.').Replace(':', '.');
                    var quser = QuantApp.Kernel.User.FindUser(id);
                    if (quser == null)
                    {
                        var nuser = UserRepository.CreateUser(System.Guid.NewGuid().ToString(), "QuantAppSecure");

                        var firstName = identity.Claims.SingleOrDefault(c => c.Type.Equals(ClaimTypes.GivenName, StringComparison.OrdinalIgnoreCase));
                        var lastName  = identity.Claims.SingleOrDefault(c => c.Type.Equals(ClaimTypes.Surname, StringComparison.OrdinalIgnoreCase));

                        nuser.FirstName = firstName != null ? firstName.Value : "No first name";
                        nuser.LastName  = lastName != null ? lastName.Value : "No last name";
                        nuser.Email     = email.Value.ToLower();

                        nuser.TenantName = id;
                        nuser.Hash       = QuantApp.Kernel.Adapters.SQL.Factories.SQLUserFactory.GetMd5Hash(System.Guid.NewGuid().ToString());

                        nuser.Secret = QuantApp.Engine.Code.GetMd5Hash(id);

                        quser = QuantApp.Kernel.User.FindUser(id);
                        QuantApp.Kernel.Group group = QuantApp.Kernel.Group.FindGroup("Public");
                        group.Add(quser, typeof(QuantApp.Kernel.User), AccessType.Invited);

                        // QuantApp.Kernel.Group gp = GroupRepository.FindByProfile(profile);
                        var defGroupId           = Program.config["Server"]["OAuth"] != null && Program.config["Server"]["OAuth"]["AzureAdB2C"] != null && Program.config["Server"]["OAuth"]["AzureAdB2C"]["DefaultGroupId"] != null ? Program.config["Server"]["OAuth"]["AzureAdB2C"]["DefaultGroupId"].ToString() : "";
                        QuantApp.Kernel.Group gp = Group.FindGroup(defGroupId);
                        if (gp != null)
                        {
                            gp.Add(quser, typeof(QuantApp.Kernel.User), AccessType.View);
                        }
                    }
                    return(id);
                }


                else if (user.Identity.Name != null && user.Identity.Name.StartsWith("QuantAppSecure_"))
                {
                    return(user.Identity.Name);
                }
            }

            return(null);
        }
Пример #23
0
        public IActionResult UsersApp_contacts(string groupid, bool agreements)
        {
            string userId = this.User.QID();

            if (userId == null)
            {
                return(null);
            }

            QuantApp.Kernel.User user = QuantApp.Kernel.User.FindUser(userId);

            if (user == null)
            {
                return(null);
            }

            QuantApp.Kernel.Group role = QuantApp.Kernel.Group.FindGroup(groupid);

            if (role == null)
            {
                role = QuantApp.Kernel.Group.FindGroup(groupid.Replace("_WorkSpace", ""));
            }

            if (role == null)
            {
                return(null);
            }

            List <IPermissible> users = role.Master.List(user, typeof(QuantApp.Kernel.User), false);

            Dictionary <string, List <string> > lastLogin = UserRepository.LastUserLogins(role);

            List <object> jres = new List <object>();

            foreach (QuantApp.Kernel.User user_mem in users)
            {
                QuantApp.Kernel.User quser = QuantApp.Kernel.User.FindUser(user_mem.ID);


                if (quser != null)
                {
                    List <object> jres_tracks = new List <object>();

                    var ac = role.Permission(null, user_mem);

                    jres.Add(new
                    {
                        ID            = quser.ID,
                        first         = quser.FirstName,
                        last          = quser.LastName,
                        email         = quser.Email,
                        group         = ac.ToString(),
                        meta          = quser.MetaData,
                        LastLoginDate = !lastLogin.ContainsKey(quser.ID) ? "" : lastLogin[quser.ID][0],
                        LastLoginIP   = !lastLogin.ContainsKey(quser.ID) ? "" : lastLogin[quser.ID][1],
                    });
                }
                else
                {
                    role.Remove(user_mem);
                }
            }

            return(Ok(new { items = jres }));
        }
Пример #24
0
        public async void GitHub(string groupid, string code)
        {
            if (Program.config["Server"]["OAuth"] == null || Program.config["Server"]["OAuth"]["GitHub"] == null)
            {
                return;
            }

            string access_code = "";

            using (HttpClient httpClient = new HttpClient()){
                httpClient.Timeout = Timeout.InfiniteTimeSpan;

                httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));

                var res = httpClient.PostAsync(
                    "https://github.com/login/oauth/access_token",
                    new {
                    client_id     = Program.config["Server"]["OAuth"]["GitHub"]["ClientId"].ToString(),
                    client_secret = Program.config["Server"]["OAuth"]["GitHub"]["ClientSecret"].ToString(),
                    code          = code
                }.AsJson()).Result;

                var data = res.Content.ReadAsStringAsync().Result;

                dynamic d = JObject.Parse(data);
                access_code = d.access_token;
            }

            string email = "";
            string name  = "";


            //Name & Email
            try
            {
                using (HttpClient httpClient = new HttpClient()){
                    httpClient.Timeout = Timeout.InfiniteTimeSpan;

                    httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));

                    httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("token", access_code);
                    httpClient.DefaultRequestHeaders.Add("User-Agent", "CoFlows");

                    var res = httpClient.GetAsync("https://api.github.com/user").Result;

                    var data = res.Content.ReadAsStringAsync().Result;

                    dynamic d = JObject.Parse(data);
                    email = d.Email;
                    name  = d.Name;
                }
            }
            catch { }

            if (string.IsNullOrEmpty(email))
            {
                //If Email fails above...
                using (HttpClient httpClient = new HttpClient()){
                    httpClient.Timeout = Timeout.InfiniteTimeSpan;

                    httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));

                    httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("token", access_code);
                    httpClient.DefaultRequestHeaders.Add("User-Agent", "CoFlows");

                    var res = httpClient.GetAsync("https://api.github.com/user/emails").Result;

                    var data = res.Content.ReadAsStringAsync().Result;

                    var d = JArray.Parse(data);
                    email = d[0]["email"].ToString();
                }
            }

            string id = "QuantAppSecure_" + email.ToLower().Replace('@', '.').Replace(':', '.');

            var quser = QuantApp.Kernel.User.FindUser(id);

            if (quser == null)
            {
                var user = UserRepository.CreateUser(System.Guid.NewGuid().ToString(), "QuantAppSecure");

                user.FirstName = "";
                user.LastName  = "";
                user.Email     = email.ToLower();

                user.TenantName = id;

                quser = QuantApp.Kernel.User.FindUser(id);
                QuantApp.Kernel.Group group = QuantApp.Kernel.Group.FindGroup("Public");
                group.Add(quser, typeof(QuantApp.Kernel.User), AccessType.Invited);

                QuantApp.Kernel.Group gp = QuantApp.Kernel.Group.FindGroup(groupid);
                if (gp != null)
                {
                    gp.Add(quser, typeof(QuantApp.Kernel.User), AccessType.Invited);
                }
            }


            if (String.IsNullOrEmpty(quser.Secret))
            {
                var secret_key = QuantApp.Engine.Code.GetMd5Hash(quser.ID);
                quser.Secret = secret_key;
            }

            var sessionKey = System.Guid.NewGuid().ToString();

            AccountController.sessionKeys.TryAdd(sessionKey, quser.Secret);
            Response.Cookies.Append("coflows", sessionKey, new CookieOptions()
            {
                Expires = DateTime.Now.AddHours(24)
            });

            var claims = new[]
            {
                new Claim(ClaimTypes.Email, quser.Email)
            };

            var key   = new SymmetricSecurityKey(System.Text.Encoding.UTF8.GetBytes(Program.jwtKey));
            var creds = new SigningCredentials(key, SecurityAlgorithms.HmacSha256);

            var token = new JwtSecurityToken(
                issuer: "coflows-ce",
                audience: "coflows-ce",
                claims: claims,
                expires: DateTime.Now.AddDays(10),
                signingCredentials: creds);


            Response.Redirect("/authentication/token/" + new JwtSecurityTokenHandler().WriteToken(token), true);
        }
Пример #25
0
        public async Task <ActionResult> WhoAmI()
        {
            var userId = User.QID();

            if (userId == null)
            {
                userId = "anonymous";
            }

            QuantApp.Kernel.User quser = QuantApp.Kernel.User.FindUser(userId);


            bool   loggedin               = false;
            string uid                    = "";
            string username               = "";
            string firstname              = "";
            string lastname               = "";
            string email                  = "";
            string groupID                = "";
            string groupName              = "";
            string groupDescription       = "";
            string groupPermission        = "";
            string masterGroupID          = "";
            string masterGroupName        = "";
            string masterGroupDescription = "";
            string masterGroupPermission  = "";
            string metadata               = "";

            string secret = "";

            if (quser != null && quser.ID != "anonymous")
            {
                List <object> groups_serialized = new List <object>();
                loggedin  = true;
                uid       = quser.ID;
                username  = quser.FirstName + " " + quser.LastName;
                firstname = quser.FirstName;
                lastname  = quser.LastName;
                email     = quser.Email;
                metadata  = quser.MetaData;

                secret = quser.Secret;

                Response.Cookies.Append("coflows", quser.Secret, new CookieOptions()
                {
                    Expires = DateTime.Now.AddHours(24)
                });

                var appCookie = Request.Cookies["QuantAppProfile"];

                string profile = appCookie != null ? appCookie : null;

                QuantApp.Kernel.Group group = string.IsNullOrWhiteSpace(profile) ? null : GroupRepository.FindByProfile(profile);
                if (group == null)
                {
                    var location = new Uri($"{Request.Scheme}://{Request.Host}{Request.Path}{Request.QueryString}");
                    group = GroupRepository.FindByURL(location.AbsoluteUri);
                }

                groupID = (group != null ? group.ID : "Public");

                var qgroup = QuantApp.Kernel.Group.FindGroup(groupID);

                groupName       = qgroup.Name;
                groupPermission = qgroup.Permission(null, quser).ToString();

                masterGroupID         = qgroup.Master.ID;
                masterGroupName       = qgroup.Master.Name;
                masterGroupPermission = qgroup.Master.Permission(null, quser).ToString();

                var groups = quser.MasterGroups();
                if (groups != null)
                {
                    foreach (var s_group in groups)
                    {
                        groups_serialized.Add(new
                        {
                            ID         = s_group.ID,
                            Name       = (s_group.Name.StartsWith("Personal:") ? "Personal" : s_group.Name),
                            Permission = s_group.Permission(null, quser).ToString()
                        });
                    }
                }

                List <string> lastLogin = UserRepository.LastUserHistory(quser.ID);

                return(Ok(new
                {
                    User = new
                    {
                        Loggedin = loggedin,
                        ID = uid,
                        Name = username,
                        FirstName = firstname,
                        LastName = lastname,
                        Email = email,
                        Administrator = QuantApp.Kernel.Group.FindGroup("Administrator").Permission(null, quser).ToString(),
                        MetaData = metadata,
                        LastLoginDate = lastLogin == null ? null : lastLogin[0],
                        LastLoginIP = lastLogin == null ? null : lastLogin[1],
                        Secret = secret
                    },
                    Group = new
                    {
                        ID = groupID,
                        Name = groupName,
                        Description = groupDescription,
                        Permission = groupPermission
                    },
                    MasterGroup = new
                    {
                        ID = masterGroupID,
                        Name = masterGroupName,
                        Description = masterGroupDescription,
                        Permission = masterGroupPermission
                    },
                    Groups = groups_serialized,
                }));
            }
            else
            {
                return(Ok());
            }
        }
Пример #26
0
        public IActionResult Users(string groupid)
        {
            string userId = this.User.QID();

            if (userId == null)
            {
                return(null);
            }

            QuantApp.Kernel.User user = QuantApp.Kernel.User.FindUser(userId);

            if (user == null)
            {
                return(null);
            }

            QuantApp.Kernel.Group role = QuantApp.Kernel.Group.FindGroup(groupid);

            if (role == null)
            {
                role = QuantApp.Kernel.Group.FindGroup(groupid.Replace("_Workflow", ""));
            }

            if (role == null)
            {
                role = QuantApp.Kernel.Group.CreateGroup(groupid, groupid);
                // return null;
            }

            List <IPermissible> users = role.Master.List(QuantApp.Kernel.User.CurrentUser, typeof(QuantApp.Kernel.User), false);

            // Dictionary<string, List<string>> lastLogin = UserRepository.LastUserLogins(role);

            List <object> jres = new List <object>();

            foreach (QuantApp.Kernel.User user_mem in users)
            {
                QuantApp.Kernel.User quser = QuantApp.Kernel.User.FindUser(user_mem.ID);

                if (quser != null)
                {
                    List <object> jres_tracks = new List <object>();

                    var ac = role.Permission(null, user_mem);

                    jres.Add(new
                    {
                        ID         = quser.ID,
                        FirstName  = quser.FirstName,
                        LastName   = quser.LastName,
                        Email      = quser.Email,
                        Permission = ac.ToString(),
                        MetaData   = quser.MetaData,
                        // LastLoginDate = !lastLogin.ContainsKey(quser.ID) ? "" : lastLogin[quser.ID][0],
                        // LastLoginIP = !lastLogin.ContainsKey(quser.ID) ? "" : lastLogin[quser.ID][1],
                    });
                }
                else
                {
                    role.Remove(user_mem);
                }
            }

            return(Ok(jres));
        }
Пример #27
0
        public static List <object> GraphUsers(string access_code)
        {
            if (!(Program.config["Server"]["OAuth"] != null && Program.config["Server"]["OAuth"]["AzureAdB2C"] != null))
            {
                return(null);
            }

            var defGroupId = Program.config["Server"]["OAuth"] != null && Program.config["Server"]["OAuth"]["AzureAdB2C"] != null && Program.config["Server"]["OAuth"]["AzureAdB2C"]["DefaultGroupId"] != null ? Program.config["Server"]["OAuth"]["AzureAdB2C"]["DefaultGroupId"].ToString() : "";


            string res = "";

            Task.Run(async() => {
                using (HttpClient httpClient = new HttpClient()){
                    httpClient.Timeout = Timeout.InfiniteTimeSpan;
                    // string access_code = getToken();

                    httpClient.DefaultRequestHeaders.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json"));
                    httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", access_code);

                    var req  = new HttpRequestMessage(HttpMethod.Get, "https://graph.microsoft.com/v1.0/users?$select=identities,surname,givenName");
                    var data = await httpClient.SendAsync(req);
                    res      = await data.Content.ReadAsStringAsync();
                }
            }).Wait();

            var users = JObject.Parse(res);

            var result = new List <object>();

            foreach (var user in users["value"])
            {
                var email = "";
                foreach (var identity in user["identities"])
                {
                    if (identity["signInType"].ToString() == "emailAddress")
                    {
                        email = identity["issuerAssignedId"].ToString();
                    }
                }

                var firstName = user["givenName"].ToString();
                var lastName  = user["surname"].ToString();

                result.Add(new { Email = email, FirstName = firstName, LastName = lastName });

                //Sync to CoFlows users.
                if (email != "")
                {
                    var qid   = "QuantAppSecure_" + email.ToLower().Replace('@', '.').Replace(':', '.');
                    var quser = QuantApp.Kernel.User.FindUser(qid);

                    if (quser == null)
                    {
                        Console.WriteLine("--- CREATE NEW USER: "******"QuantAppSecure");

                        nuser.FirstName = firstName != null ? firstName : "No first name";
                        nuser.LastName  = lastName != null ? lastName : "No last name";
                        nuser.Email     = email.ToLower();

                        nuser.TenantName = qid;
                        nuser.Hash       = QuantApp.Kernel.Adapters.SQL.Factories.SQLUserFactory.GetMd5Hash(System.Guid.NewGuid().ToString());

                        nuser.Secret = QuantApp.Engine.Code.GetMd5Hash(qid);

                        quser = QuantApp.Kernel.User.FindUser(qid);
                        QuantApp.Kernel.Group group = QuantApp.Kernel.Group.FindGroup("Public");
                        group.Add(quser, typeof(QuantApp.Kernel.User), AccessType.Invited);

                        QuantApp.Kernel.Group gp = Group.FindGroup(defGroupId);
                        if (gp != null)
                        {
                            gp.Add(quser, typeof(QuantApp.Kernel.User), AccessType.View);
                        }
                    }
                }
            }

            return(result);
        }