/// <summary>
/// The dispose method
/// </summary>
public void Dispose()
{
// The profile api MUST be disposed of correctly, else we nick all the connections!
if (_signInComponent != null)
{
_signInComponent.Dispose();
_signInComponent = null;
}
}
public void DebugIdentityUserID(string debugUserID)
{
#if DEBUG
_debugIdentityUserID = debugUserID;
if (_debugIdentityUserID.Length > 0)
{
_signInComponent = SignInComponentFactory.CreateSignInComponent(_debugIdentityUserID, SignInSystem.DebugIdentity);
}
#else
_debugIdentityUserID = "";
#endif
}
/// <summary>
/// <param name="signInComponent"></param>
/// <param name="ssoLoginName"></param>
/// <param name="ssoEmail"></param>
/// <param name="ssoFirstNames"></param>
/// <param name="ssoLastName"></param>
/// <param name="identityUserID"></param>
/// <param name="ssoUserID"></param>
/// <param name="ssoDisplayName"></param>
/// </summary>
private bool ReadUserSSODetails(IDnaIdentityWebServiceProxy signInComponent, out string ssoLoginName, out string ssoEmail, out string ssoFirstNames, out string ssoLastName, out string identityUserID, out int ssoUserID, out string ssoDisplayName)
{
ssoLoginName = signInComponent.LoginName;
ssoDisplayName = string.Empty;
if (signInComponent.DoesAttributeExistForService(InputContext.CurrentSite.SSOService, "displayname"))
{
ssoDisplayName = signInComponent.GetUserAttribute("displayname");
}
ssoEmail = string.Empty;
if (signInComponent.DoesAttributeExistForService(InputContext.CurrentSite.SSOService, "email"))
{
ssoEmail = signInComponent.GetUserAttribute("email");
}
ssoFirstNames = string.Empty;
if (signInComponent.DoesAttributeExistForService(InputContext.CurrentSite.SSOService, "firstname"))
{
ssoFirstNames = signInComponent.GetUserAttribute("firstname");
}
ssoLastName = string.Empty;
if (signInComponent.DoesAttributeExistForService(InputContext.CurrentSite.SSOService, "lastname"))
{
ssoLastName = signInComponent.GetUserAttribute("lastname");
}
ssoUserID = 0;
identityUserID = signInComponent.UserID;
if (signInComponent.GetUserAttribute("legacy_user_id").Length > 0)
{
ssoUserID = Convert.ToInt32(signInComponent.GetUserAttribute("legacy_user_id"));
}
return true;
}
/// <summary>
/// Tries to find the userid dna id from their sign id
/// </summary>
/// <param name="signInComponent">The current signin component</param>
/// <param name="overideSignInUserID">If this is greater than 0, then it is used instead of the signin objects userid</param>
private void GetDnaUserIDFromSignInID(IDnaIdentityWebServiceProxy signInComponent, string overideSignInUserID)
{
// Get the DnaUserID associated with the SignInUserID
string identityUserID = signInComponent.UserID;
if (overideSignInUserID.Length > 0)
{
identityUserID = overideSignInUserID;
}
string databaseProc = "GetDnaUserIDFromIdentityUserID";
string signInIDName = "IdentityUserID";
// Now get the user id
using (IDnaDataReader reader = InputContext.CreateDnaDataReader(databaseProc))
{
reader.AddParameter(signInIDName, identityUserID);
reader.Execute();
if (reader.HasRows && reader.Read())
{
_userID = reader.GetInt32("DnaUserID");
}
}
}
/// <summary>
/// Method that tries to login in the user with a cookie.
/// Requires Profile API to be initialised.
/// </summary>
/// <param name="signInComponent">Initialised SignIn Component</param>
/// <param name="autoLogIn">Indicates whether user login was performed.</param>
/// <param name="migrated">Indicate whether the user is migrating. This happens when we can't find the identity userid, but we can the legacy sso id</param>
private void TryLoginUser(ref IDnaIdentityWebServiceProxy signInComponent, ref bool autoLogIn, ref bool migrated)
{
autoLogIn = false;
_userID = 0;
// Check to see if they are logged in
_userLoggedIn = signInComponent.IsUserLoggedIn;
if (!_userLoggedIn)
{
try
{
// Try to log them into the service
_userLoggedIn = signInComponent.LoginUser();
autoLogIn = _userLoggedIn;
}
catch (ProfileAPIException ex)
{
// Catch any Profile Exceptions, but don't throw as we can carry on without the user being logged in
InputContext.Diagnostics.WriteWarningToLog("User", "Failed to log in user");
InputContext.Diagnostics.WriteExceptionToLog(ex);
_userLoggedIn = false;
}
//catch (MySql.Data.MySqlClient.MySqlException ex)
//{
// InputContext.Diagnostics.WriteWarningToLog("User", "Failed to log in user");
// InputContext.Diagnostics.WriteExceptionToLog(ex);
// _userLoggedIn = false;
//}
}
_loginName = signInComponent.LoginName;
// Now get the userid if we logged them in ok
if (_userLoggedIn)
{
GetDnaUserIDFromSignInID(signInComponent, "");
if (_userID == 0 && signInComponent.SignInSystemType == SignInSystem.Identity)
{
if (signInComponent.DoesAttributeExistForService(InputContext.CurrentSite.SSOService, "legacy_user_id"))
{
int legacyID = 0;
if (int.TryParse(signInComponent.GetUserAttribute("legacy_user_id"), out legacyID))
{
GetDnaUserIDFromSignInID(signInComponent, legacyID.ToString());
migrated = true;
}
}
}
}
}
/// <summary>
/// Initialises profile connection.
/// </summary>
/// <param name="cookie">Dna Cookie to login with</param>
/// <param name="signInComponent">Initialised ProfileAPI</param>
private bool InitialiseProfileAPI(DnaCookie cookie, ref IDnaIdentityWebServiceProxy signInComponent)
{
InputContext.Diagnostics.WriteTimedEventToLog("SSO", "Start");
DateTime timer = DateTime.Now;
// Set the current user. If this returns false, it means the user was not signed in correctly
string decodedCookie = cookie.Value;
// Get a profile connection
if (signInComponent.SignInSystemType == SignInSystem.Identity)
{
signInComponent.SetService(InputContext.CurrentSite.IdentityPolicy);
}
else
{
signInComponent.SetService(InputContext.CurrentSite.SSOService);
}
InputContext.Diagnostics.WriteTimedEventToLog("SSO","End");
// Check to see if the service was set ok before calling any user functions
if (!signInComponent.IsServiceSet)
{
InputContext.Diagnostics.WriteToLog("---** SignIn **---", "Service not set!!!");
return false;
}
string secureCookie = "";
if (InputContext.GetCookie("IDENTITY-HTTPS") != null)
{
secureCookie = InputContext.GetCookie("IDENTITY-HTTPS").Value;
}
bool userSet = signInComponent.TrySecureSetUserViaCookies(decodedCookie, secureCookie) || signInComponent.IsUserSignedIn;
InputContext.IsSecureRequest = signInComponent.IsSecureRequest;
InputContext.Diagnostics.WriteToLog("---** InputContext.IsSecureRequest **---", InputContext.IsSecureRequest.ToString());
if (!userSet)
{
InputContext.Diagnostics.WriteToLog("---** SignIn **---", "Set user with cookie failed!!! - " + decodedCookie);
if (secureCookie.Length > 0)
{
InputContext.Diagnostics.WriteToLog("---** SignIn **---", "Set user with secure cookie failed!!! - " + secureCookie);
}
InputContext.Diagnostics.WriteToLog("---** SignIn **---", "Timing Info: "+signInComponent.GetLastTimingInfo());
return false;
}
Statistics.AddIdentityCallDuration(TimeSpan.FromTicks(DateTime.Now.Ticks - timer.Ticks).Milliseconds);
return true;
}
/// <summary>
/// Checks to see if the current users email is in the banned email list
/// </summary>
/// <param name="signInComponent">The Signin component for this request</param>
/// <returns>True if they are, false if not</returns>
/// <remarks>If there are any problems encounted within the method, then it defaults by returning true for safety reasons.</remarks>
private bool IsEmailInBannedList(IDnaIdentityWebServiceProxy signInComponent)
{
// User should be logged in before calling this method
if (!signInComponent.IsUserLoggedIn)
{
return true;
}
// Get the current users cookie
DnaCookie cookie;
if (signInComponent.SignInSystemType == SignInSystem.Identity)
{
cookie = InputContext.GetCookie("IDENTITY");
}
else
{
cookie = InputContext.GetCookie("SSO2-UID");
}
bool validCookie = (cookie != null && cookie.Value != null && cookie.Value.Length >= 64);
// Check to see if the users cookie is in the banned cookie list
if (validCookie)
{
// Lock the banned list while we check
Monitor.Enter(_lock);
try
{
foreach (string bannedCookie in AppContext.BannedCookies)
{
// If we find a match, then return true as they are banned
if (cookie.Value.CompareTo(bannedCookie) == 0)
{
return true;
}
}
}
finally
{
Monitor.Exit(_lock);
}
}
// Now check to see if their email is in the banned list in the database
string ssoEmail = string.Empty;
if (signInComponent.DoesAttributeExistForService(InputContext.CurrentSite.SSOService, "email"))
{
// Get the email for this current user
ssoEmail = signInComponent.GetUserAttribute("email");
}
else
{
// The service does not support emails, nothing to check. Return not banned
return false;
}
// Make sure we have an email from SSO
if (ssoEmail.Length == 0)
{
return true;
}
// Check it against the database
using (IDnaDataReader reader = InputContext.CreateDnaDataReader("IsEmailInBannedList"))
{
// Add the email param, execute and then check the return value
reader.AddParameter("Email", ssoEmail);
reader.Execute();
// Check to make sure we got something back!
if (!reader.HasRows || !reader.Read())
{
return true;
}
// If they are banned and they have a valid cookie, add them to the banned list and return true
if (reader.GetInt32("IsBanned") > 0)
{
// Add the users cookie to the banned cookie list, and then return
if (validCookie)
{
// Lock the banned list while we add the cookie
Monitor.Enter(_lock);
try
{
AppContext.BannedCookies.Add(cookie.Value);
}
finally
{
Monitor.Exit(_lock);
}
}
return true;
}
}
// If we get here, then we're not banned
return false;
}
private void InitialiseFromConfig(string rootPath)
{
if (rootPath == null)
{
//Use the config frm the dnapages directory.
rootPath = TestConfig.GetConfig().GetRipleyServerPath();
}
if (_signInComponent == null)
{
if (_useIdentity)
{
string identityWebServiceConnetionDetails = GetConnectionDetails["IdentityURL"].ConnectionString;
if (_debugUserDetails.Length == 0)
{
_signInComponent = new DnaIdentityWebServiceProxy.IdentityRestSignIn(identityWebServiceConnetionDetails, "");
Console.WriteLine("Using REAL Identity signin system");
}
else
{
_signInComponent = new DnaIdentityWebServiceProxy.IdentityDebugSigninComponent(_debugUserDetails);
Console.WriteLine("Using DEBUG Identity signin system");
}
}
else
{
throw new Exception("SSO Sign in is nologer supported! Please rewrite your test to use identity.");
}
}
if (_dnaConfig == null)
{
_dnaConfig = new DnaConfig(rootPath);
//_dnaConfig.Initialise();
string dir = System.Environment.CurrentDirectory + @"\logs\";
Directory.CreateDirectory(dir);
DnaDiagnostics.Initialise(dir, "DNATestUtils");
DnaDiagnostics.WriteHeader("TEST-FullInputContext");
}
ReaderCreator = new DnaDataReaderCreator(_dnaConfig.ConnectionString, _dnaDiagnostics);
_siteList = new SiteList(ReaderCreator, dnaDiagnostics, CacheFactory.GetCacheManager(), null, null);
Statistics.InitialiseIfEmpty();
ProfanityFilterTests.InitialiseProfanities();
}
private void SetupDebugUserSignin()
{
#if DEBUG
Diagnostics.WriteTimedEventToLog("IDENTITY", "Started using debugging user cookie mode");
_signInComponent = new DnaIdentityWebServiceProxy.IdentityDebugSigninComponent(_debugUserID);
HttpCookie idcookie = new HttpCookie("IDENTITY", _signInComponent.GetCookieValue);
idcookie.Domain = ".bbc.co.uk";
idcookie.Path = "/";
Cookies.Add(idcookie);
HttpCookie idsecurecookie = new HttpCookie("IDENTITY-HTTPS", _signInComponent.GetSecureCookieValue);
idsecurecookie.Domain = ".bbc.co.uk";
idsecurecookie.Path = "/";
Cookies.Add(idsecurecookie);
Diagnostics.WriteTimedEventToLog("IDENTITY", "Finished");
#endif
}
/// <summary>
/// This is the place where all the actual work is done
/// Please add all new code here, and not in the main Page_Load method
/// </summary>
private void DoPageLoad()
{
Stopwatch requesttimer = new Stopwatch();
requesttimer.Start();
InitialiseRequest();
// Check to see which sign in method we need to create
if (_debugUserID.Length > 0)
{
SetupDebugUserSignin();
}
else if (CurrentSite.UseIdentitySignInSystem)
{
// Create a new Identity web service object
string identityWebServiceConnetionDetails = GetConnectionDetails["IdentityURL"].ConnectionString;
Diagnostics.WriteTimedEventToLog("IDENTITY", "Started with " + identityWebServiceConnetionDetails);
string clientIPAddress = GetParamStringOrEmpty("__ip__", "Client IP Address");
_signInComponent = new DnaIdentityWebServiceProxy.IdentityRestSignIn(identityWebServiceConnetionDetails, clientIPAddress);
_signInComponent.SetService(CurrentSite.IdentityPolicy);
Diagnostics.WriteTimedEventToLog("IDENTITY", "Finished");
}
else
{
// Create a new profileAPI signin object
throw new NotSupportedException("The ProfileAPI is nolonger supported. Please set the site to use Identity as the Signin System.");
}
// If we have cached output available for this request, don't do any more work
if (IsCachedOutputAvailable())
{
return;
}
CheckForForbiddenUserAgents(UserAgent, BannedUserAgents);
int curRequests = Interlocked.Increment(ref _currentRequestCount);
try
{
if (curRequests > MaximumRequestCount && _dnapage.PageType.Equals("SERVERTOOBUSY") == false )
{
AddServerBusy();
Server.Transfer("ServerTooBusyPage.aspx");
//_viewingUser = new User(this);
//_page = new WholePage(this);
//_page.InitialisePage("SERVERTOOBUSY");
//_page.AddTextTag(_page.RootElement.FirstChild, "REQUESTTYPE", PageType);
//_skinSelector.Initialise(this, this);
}
InitialisePage();
// Intialise the page
Statistics.AddRawRequest();
if (!IsDnaUserAllowed() && !_useDotNetRendering )
{//not logged in
if (!_skinSelector.IsPureXml(this))
{
_skinSelector.SkinName = "admin";
_skinSelector.SkinSet = "vanilla";
}
_page = new WholePage(this);
_page.InitialisePage("ERROR");
_page.AddErrorXml("Authorization", "You are not authorised to view this page.", _page.RootElement.FirstChild);
}
else if (!IsSecureAccessAllowed())
{//logged in but not secure
if (!_skinSelector.IsPureXml(this))
{
_skinSelector.SkinName = "admin";
_skinSelector.SkinSet = "vanilla";
}
_page = new WholePage(this);
_page.InitialisePage("ERROR");
_page.AddErrorXml("NotSecure", "You must access this page be secure methods.", _page.RootElement.FirstChild);
}
else
{
// Now call the add components
_dnapage.OnPageLoad();
AddComponent(new SkinParams(this));
_page.ProcessRequest();
// Update any data source controls on the page
_dnapage.UpdateDataSourceControls();
// Allow the page to do any post process request actions.
_dnapage.OnPostProcessRequest();
}
//Finish off other related BasePage stuff
FinalisePage();
Statistics.AddRequestDuration((int)requesttimer.ElapsedMilliseconds);
_page.AddTimeForPage(Diagnostics.ElapsedMilliseconds);
_page.AddInside(_tracker, "H2G2");
}
finally
{
Interlocked.Decrement(ref _currentRequestCount);
}
}
/// <summary>
/// Default constructor for UserSecurity
/// </summary>
/// <param name="signInSystem">The signin component to use</param>
public AuthenticateUser(SignInSystem signInSystem)
{
_signInSystem = signInSystem;
string signinConnectionDetails = ConfigurationManager.ConnectionStrings["IdentityURL"].ConnectionString;
_signInComponent = SignInComponentFactory.CreateSignInComponent(signinConnectionDetails, _signInSystem);
}
