public async Task <IEnumerable <OfficeDocumentPermissionResponse> > Execute(string documentId, string subject, AuthenticateParameter authenticateParameter) { if (string.IsNullOrWhiteSpace(subject)) { throw new BaseDocumentManagementApiException(ErrorCodes.InvalidRequest, ErrorDescriptions.SubjectIsMissing); } var officeDocument = await _getOfficeDocumentAction.Execute(documentId); if (officeDocument.Subject != subject) { throw new NotAuthorizedException(ErrorCodes.Authorization, ErrorDescriptions.NotAuthorized); } var grantedToken = await _accessTokenStore.GetToken(authenticateParameter.WellKnownConfigurationUrl, authenticateParameter.ClientId, authenticateParameter.ClientSecret, new[] { "uma_protection" }); if (grantedToken == null || string.IsNullOrWhiteSpace(grantedToken.AccessToken)) { throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.CannotRetrieveAccessToken); } var policy = await _identityServerUmaClientFactory.GetPolicyClient().GetByResolution(officeDocument.UmaPolicyId, authenticateParameter.WellKnownConfigurationUrl, grantedToken.AccessToken); if (policy.ContainsError) { throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.CannotGetUmaPolicy); } var result = new List <OfficeDocumentPermissionResponse>(); if (policy.Content != null && policy.Content.Rules != null) { foreach (var rule in policy.Content.Rules) { if (rule.Claims != null) { foreach (var claim in rule.Claims.Where(c => c.Type == "sub")) { result.Add(new OfficeDocumentPermissionResponse { UserSubject = claim.Value }); } } } } return(result); }
public async Task <bool> Execute(string openidWellKnownConfiguration, AddDocumentParameter document, AuthenticateParameter authenticateParameter) { if (string.IsNullOrWhiteSpace(openidWellKnownConfiguration)) { throw new ArgumentNullException(nameof(openidWellKnownConfiguration)); } if (document == null) { throw new ArgumentNullException(nameof(document)); } if (authenticateParameter == null) { throw new ArgumentNullException(nameof(authenticateParameter)); } _addDocumentParameterValidator.Check(document); var officeDocument = await _officeDocumentRepository.Get(document.Id); if (officeDocument != null) { throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.OfficeDocumentExists); } var grantedToken = await _accessTokenStore.GetToken(authenticateParameter.WellKnownConfigurationUrl, authenticateParameter.ClientId, authenticateParameter.ClientSecret, new[] { "uma_protection" }); if (grantedToken == null || string.IsNullOrWhiteSpace(grantedToken.AccessToken)) { throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.CannotRetrieveAccessToken); } var resource = await _identityServerUmaClientFactory.GetResourceSetClient().AddByResolution(new PostResourceSet { Name = $"officedocument_{document.Id}", Scopes = Constants.DEFAULT_SCOPES.ToList() }, authenticateParameter.WellKnownConfigurationUrl, grantedToken.AccessToken); if (resource.ContainsError) { throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.CannotAddUmaResource); } var policy = await _identityServerUmaClientFactory.GetPolicyClient().AddByResolution(new PostPolicy { ResourceSetIds = new List <string> { resource.Content.Id }, Rules = new List <PostPolicyRule> { new PostPolicyRule { Claims = new List <PostClaim> { new PostClaim { Type = "sub", Value = document.Subject } }, Scopes = Constants.DEFAULT_SCOPES.ToList(), OpenIdProvider = openidWellKnownConfiguration } } }, authenticateParameter.WellKnownConfigurationUrl, grantedToken.AccessToken); if (policy.ContainsError) { throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.CannotAddUmaPolicy); } officeDocument = new OfficeDocumentAggregate { Id = document.Id, Subject = document.Subject, DisplayName = document.DisplayName, UmaResourceId = resource.Content.Id, UmaPolicyId = policy.Content.PolicyId, }; if (!await _officeDocumentRepository.Add(officeDocument)) { throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.CannotAddOfficeDocument); } return(true); }
public async Task <bool> Execute(string wellKnownConfiguration, ValidateConfirmationLinkParameter validateConfirmationLinkParameter, AuthenticateParameter authenticateParameter) { if (string.IsNullOrWhiteSpace(wellKnownConfiguration)) { throw new ArgumentNullException(nameof(wellKnownConfiguration)); } _validateConfirmationLinkParameterValidator.Check(validateConfirmationLinkParameter); var confirmationLink = await _officeDocumentConfirmationLinkStore.Get(validateConfirmationLinkParameter.ConfirmationCode); if (confirmationLink == null) { throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.TheConfirmationCodeIsNotValid); } CheckConfirmationLink(confirmationLink); var officeDocument = await _officeDocumentRepository.Get(confirmationLink.DocumentId); if (officeDocument == null) { throw new DocumentNotFoundException(); } if (string.IsNullOrWhiteSpace(officeDocument.UmaResourceId)) { throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.NoUmaResource); } if (string.IsNullOrWhiteSpace(officeDocument.UmaPolicyId)) { throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.NoUmaPolicy); } var grantedToken = await _tokenStore.GetToken(authenticateParameter.WellKnownConfigurationUrl, authenticateParameter.ClientId, authenticateParameter.ClientSecret, new[] { "uma_protection" }); if (grantedToken == null || string.IsNullOrWhiteSpace(grantedToken.AccessToken)) { throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.CannotRetrieveAccessToken); } var policy = await _identityServerUmaClientFactory.GetPolicyClient().GetByResolution(officeDocument.UmaPolicyId, authenticateParameter.WellKnownConfigurationUrl, grantedToken.AccessToken); if (policy.ContainsError) { throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.UmaPolicyDoesntExist); } var putPolicyRules = new List <PutPolicyRule>(); if (policy.Content.Rules != null) { foreach (var rule in policy.Content.Rules) { putPolicyRules.Add(new PutPolicyRule { Id = rule.Id, Claims = rule.Claims, ClientIdsAllowed = rule.ClientIdsAllowed, OpenIdProvider = rule.OpenIdProvider, Scopes = rule.Scopes }); } } if (!putPolicyRules.Any(p => p.Claims != null && p.Claims.Any(c => c.Type == "sub" && c.Value == validateConfirmationLinkParameter.Subject))) { putPolicyRules.Add(new PutPolicyRule { Claims = new List <PostClaim> { new PostClaim { Type = "sub", Value = validateConfirmationLinkParameter.Subject } }, OpenIdProvider = wellKnownConfiguration, Scopes = Constants.DEFAULT_SCOPES.ToList() }); } var updatedResult = await _identityServerUmaClientFactory.GetPolicyClient().UpdateByResolution(new PutPolicy { PolicyId = policy.Content.Id, Rules = putPolicyRules }, authenticateParameter.WellKnownConfigurationUrl, grantedToken.AccessToken); if (updatedResult.ContainsError) { throw new BaseDocumentManagementApiException(ErrorCodes.InternalError, ErrorDescriptions.UmaPolicyCannotBeUpdated); } // TODO : DECREASE THE NUMBER OF CONFIRMATION LINKS await UseConfirmationLink(confirmationLink); return(true); }