public override int Run(string[] remainingArguments) { try { var license = _uow.Settings.Get(QueryExpressionFactory.GetQueryExpression <tbl_Setting>() .Where(x => x.ConfigKey == "RebexLicense").ToLambda()).OrderBy(x => x.Created) .Last(); Rebex.Licensing.Key = license.ConfigValue; AsymmetricKeyAlgorithm.Register(Curve25519.Create); AsymmetricKeyAlgorithm.Register(Ed25519.Create); AsymmetricKeyAlgorithm.Register(EllipticCurveAlgorithm.Create); if (string.IsNullOrEmpty(_privKeyPass)) { Console.Out.Write(" *** Enter password for the private key *** : "); _privKeyPass = StandardInput.GetHiddenInput(); } if (string.IsNullOrEmpty(_pubKeyComment)) { Console.Out.Write(" *** Enter user@hostname or a comment for the public key *** : "); _pubKeyComment = StandardInput.GetInput(); } Console.Out.WriteLine(); Console.Out.WriteLine("Opened " + _path.FullName); KeyHelper.ImportPrivKey(_conf, _uow, _user, _privKeyPass, SignatureHashAlgorithm.SHA256, _pubKeyComment, new FileInfo(_path.FullName)); return(StandardOutput.FondFarewell()); } catch (Exception ex) { return(StandardOutput.AngryFarewell(ex)); } }
public void Repo_AuthActivity_CreateV1_Success() { var data = new TestDataFactory(UoW); data.Destroy(); data.CreateAudiences(); var audience = UoW.Audiences.Get(QueryExpressionFactory.GetQueryExpression <tbl_Audience>() .Where(x => x.Name == TestDefaultConstants.AudienceName).ToLambda()) .Single(); var result = UoW.AuthActivity.Create( Mapper.Map <tbl_AuthActivity>(new AuthActivityV1() { AudienceId = audience.Id, LoginType = GrantFlowType.ClientCredentialV2.ToString(), LoginOutcome = GrantFlowResultType.Success.ToString(), })); UoW.Commit(); result.Should().BeAssignableTo <tbl_AuthActivity>(); }
public void CreateLogins() { /* * create test logins */ foundLogin = _uow.Logins.Get(QueryExpressionFactory.GetQueryExpression <tbl_Login>() .Where(x => x.Name == TestDefaultConstants.LoginName).ToLambda()) .SingleOrDefault(); if (foundLogin == null) { foundLogin = _uow.Logins.Create( _map.Map <tbl_Login>(new LoginV1() { Name = TestDefaultConstants.LoginName, LoginKey = AlphaNumeric.CreateString(16), IsDeletable = true, })); _uow.Commit(); } }
public void Repo_States_UpdateV1_Success() { var data = new TestDataFactory(UoW); data.Destroy(); data.CreateUserStates(); var user = UoW.Users.Get(QueryExpressionFactory.GetQueryExpression <tbl_User>() .Where(x => x.UserName == TestDefaultConstants.UserName).ToLambda()) .Single(); var state = UoW.States.Get(QueryExpressionFactory.GetQueryExpression <tbl_State>() .Where(x => x.UserId == user.Id).ToLambda()) .First(); state.StateConsume = true; var result = UoW.States.Update(state); UoW.Commit(); result.Should().BeAssignableTo <tbl_State>(); }
public IActionResult DeleteV1([FromRoute] Guid claimID) { var claim = uow.Claims.Get(QueryExpressionFactory.GetQueryExpression <tbl_Claim>() .Where(x => x.Id == claimID).ToLambda()) .SingleOrDefault(); if (claim == null) { ModelState.AddModelError(MessageType.ClaimNotFound.ToString(), $"Claim:{claimID}"); return(NotFound(ModelState)); } if (!claim.IsDeletable) { ModelState.AddModelError(MessageType.ClaimImmutable.ToString(), $"Claim:{claimID}"); return(BadRequest(ModelState)); } uow.Claims.Delete(claim); uow.Commit(); return(NoContent()); }
public override int Run(string[] remainingArguments) { try { if (!string.IsNullOrEmpty(_privKeyPass)) { Console.Out.Write(" *** Enter password for the private key *** : "); _privKeyPass = StandardInput.GetHiddenInput(); } else { _privKeyPass = AlphaNumeric.CreateString(32); Console.Out.WriteLine($" *** The password for the private key *** : {_privKeyPass}"); } if (string.IsNullOrEmpty(_pubKeyComment)) { _pubKeyComment = Dns.GetHostName(); } var privKey = KeyHelper.CreatePrivKey(_conf, _uow, _user, _keyAlgo, _privKeySize, _privKeyPass, SignatureHashAlgorithm.SHA256, _pubKeyComment); var pubKey = _uow.PublicKeys.Get(QueryExpressionFactory.GetQueryExpression <tbl_PublicKey>() .Where(x => x.PrivateKeyId == privKey.Id).ToLambda()) .Single(); Console.Out.WriteLine(); Console.Out.WriteLine($"{privKey.KeyValue}"); Console.Out.WriteLine($"{pubKey.KeyValue}"); return(StandardOutput.FondFarewell()); } catch (Exception ex) { return(StandardOutput.AngryFarewell(ex)); } }
public LoginDeleteCommand() { _conf = (IConfiguration) new ConfigurationBuilder() .AddJsonFile("clisettings.json", optional: false, reloadOnChange: true) .Build(); _map = new MapperConfiguration(x => x.AddProfile <AutoMapperProfile_EF6>()) .CreateMapper(); var env = new ContextService(InstanceContext.DeployedOrLocal); _uow = new UnitOfWork(_conf["Databases:IdentityEntities_EF6"], env); _service = new AdminService(_conf) { Grant = new ResourceOwnerGrantV2(_conf) }; IsCommand("login-delete", "Delete login"); HasRequiredOption("l|login="******"Enter existing login", arg => { if (string.IsNullOrEmpty(arg)) { throw new ConsoleHelpAsException($" *** No login given ***"); } _login = _uow.Logins.Get(QueryExpressionFactory.GetQueryExpression <E_Login>() .Where(x => x.Name == arg).ToLambda()) .SingleOrDefault(); if (_login == null) { throw new ConsoleHelpAsException($" *** No login '{arg}' ***"); } }); }
public UserCreateCommands() { IsCommand("user-create", "Create user"); HasRequiredOption("u|user="******"Enter user that does not exist already", arg => { if (string.IsNullOrEmpty(arg)) { throw new ConsoleHelpAsException($" *** No user given ***"); } _conf = (IConfiguration) new ConfigurationBuilder() .AddJsonFile("clisettings.json", optional: false, reloadOnChange: true) .Build(); var instance = new ContextService(InstanceContext.DeployedOrLocal); _uow = new UnitOfWork(_conf["Databases:AuroraEntities"], instance); var user = _uow.Users.Get(QueryExpressionFactory.GetQueryExpression <tbl_User>() .Where(x => x.IdentityAlias == arg).ToLambda()).SingleOrDefault(); if (user != null) { throw new ConsoleHelpAsException($" *** The user '{arg}' alreay exists ***"); } _userName = arg; }); HasRequiredOption("f|filesystem=", "Enter type of filesystem for user", arg => { if (!Enum.TryParse(arg, out _fileSystem)) { throw new ConsoleHelpAsException($"*** Invalid filesystem type. Options are '{_fileSystemList}' ***"); } }); }
public void CreateIssuers() { /* * create test issuers */ foundIssuer = _uow.Issuers.Get(QueryExpressionFactory.GetQueryExpression <E_Issuer>() .Where(x => x.Name == TestDefaultConstants.IssuerName).ToLambda()) .SingleOrDefault(); if (foundIssuer == null) { foundIssuer = _uow.Issuers.Create( _map.Map <E_Issuer>(new IssuerV1() { Name = TestDefaultConstants.IssuerName, IssuerKey = TestDefaultConstants.IssuerKey, IsEnabled = true, IsDeletable = true, })); _uow.Commit(); } }
public void Repo_EmailQueue_CreateV1_Success() { var data = new TestDataFactory(UoW); data.Destroy(); data.CreateEmails(); var user = UoW.Users.Get(QueryExpressionFactory.GetQueryExpression <tbl_User>() .Where(x => x.UserName == TestDefaultConstants.UserName).ToLambda()) .First(); var result = UoW.EmailQueue.Create( Mapper.Map <tbl_EmailQueue>(new EmailV1() { FromEmail = user.EmailAddress, ToEmail = user.EmailAddress, Subject = "Subject-" + AlphaNumeric.CreateString(4), Body = "Body" + AlphaNumeric.CreateString(4), })); UoW.Commit(); result.Should().BeAssignableTo <tbl_EmailQueue>(); }
public void Repo_States_CreateV1_Success() { var data = new TestDataFactory(UoW); data.Destroy(); data.CreateUserStates(); var issuer = UoW.Issuers.Get(QueryExpressionFactory.GetQueryExpression <tbl_Issuer>() .Where(x => x.Name == TestDefaultConstants.IssuerName).ToLambda()) .Single(); var audience = UoW.Audiences.Get(QueryExpressionFactory.GetQueryExpression <tbl_Audience>() .Where(x => x.Name == TestDefaultConstants.AudienceName).ToLambda()) .Single(); var user = UoW.Users.Get(QueryExpressionFactory.GetQueryExpression <tbl_User>() .Where(x => x.UserName == TestDefaultConstants.UserName).ToLambda()) .Single(); var result = UoW.States.Create( Mapper.Map <tbl_State>(new StateV1() { IssuerId = issuer.Id, AudienceId = audience.Id, UserId = user.Id, StateValue = AlphaNumeric.CreateString(32), StateType = ConsumerType.Device.ToString(), StateConsume = false, ValidFromUtc = DateTime.UtcNow, ValidToUtc = DateTime.UtcNow.AddSeconds(60), })); UoW.Commit(); result.Should().BeAssignableTo <tbl_State>(); }
public IActionResult GetV1([FromBody] DataStateV1 state) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } try { var result = new DataStateV1Result <UserV1> { Data = map.Map <IEnumerable <UserV1> >( uow.Users.Get( map.MapExpression <Expression <Func <IQueryable <tbl_User>, IQueryable <tbl_User> > > >( QueryExpressionFactory.GetQueryExpression <tbl_User>().ApplyState(state)), new List <Expression <Func <tbl_User, object> > >() { x => x.tbl_AuthActivities, x => x.tbl_UserClaims, x => x.tbl_UserLogins, x => x.tbl_UserRoles, })), Total = uow.Users.Count( map.MapExpression <Expression <Func <IQueryable <tbl_User>, IQueryable <tbl_User> > > >( QueryExpressionFactory.GetQueryExpression <tbl_User>().ApplyPredicate(state))) }; return(Ok(result)); } catch (QueryExpressionException ex) { ModelState.AddModelError(MessageType.ParseError.ToString(), ex.ToString()); return(BadRequest(ModelState)); } }
internal static tbl_UserFile FilePathToEntity(IUnitOfWork uow, tbl_User user, string path) { if (path.FirstOrDefault() == '/') { path = path.Substring(1); } var pathBits = path.Split("/"); var filePath = path.Split("/").Last(); var folderPath = string.Empty; for (int i = 0; i <= pathBits.Count() - 2; i++) { folderPath += "/" + pathBits.ElementAt(i); } var folder = FolderPathToEntity(uow, user, folderPath); var file = uow.UserFiles.Get(QueryExpressionFactory.GetQueryExpression <tbl_UserFile>() .Where(x => x.IdentityId == user.IdentityId && x.FolderId == folder.Id && x.VirtualName == filePath).ToLambda()) .SingleOrDefault(); return(file); }
public void Repo_Roles_CreateV1_Success() { var data = new TestDataFactory(UoW); data.Destroy(); data.CreateRoles(); var audience = UoW.Audiences.Get(QueryExpressionFactory.GetQueryExpression <tbl_Audience>() .Where(x => x.Name == TestDefaultConstants.AudienceName).ToLambda()) .Single(); var result = UoW.Roles.Create( Mapper.Map <tbl_Role>(new RoleV1() { AudienceId = audience.Id, Name = TestDefaultConstants.RoleName, IsEnabled = true, IsDeletable = true, })); UoW.Commit(); result.Should().BeAssignableTo <tbl_Role>(); }
public void Repo_Audiences_CreateV1_Success() { var data = new TestDataFactory(UoW); data.Destroy(); data.CreateAudiences(); var issuer = UoW.Issuers.Get(QueryExpressionFactory.GetQueryExpression <E_Issuer>() .Where(x => x.Name == TestDefaultConstants.IssuerName).ToLambda()) .Single(); var result = UoW.Audiences.Create( Mapper.Map <E_Audience>(new AudienceV1() { IssuerId = issuer.Id, Name = TestDefaultConstants.AudienceName, IsLockedOut = false, IsDeletable = true, })); UoW.Commit(); result.Should().BeAssignableTo <E_Audience>(); }
public void CreateLogins() { /* * create default logins */ foundLogin = _uow.Logins.Get(QueryExpressionFactory.GetQueryExpression <uvw_Login>() .Where(x => x.Name == DefaultConstants.LoginName).ToLambda()) .SingleOrDefault(); if (foundLogin == null) { foundLogin = _uow.Logins.Create( _map.Map <uvw_Login>(new LoginV1() { Name = DefaultConstants.LoginName, LoginKey = DefaultConstants.LoginKey, IsEnabled = true, IsDeletable = false, })); _uow.Commit(); } }
public void Repo_TextQueue_CreateV1_Success() { var data = new TestDataFactory(UoW); data.Destroy(); data.CreateTexts(); var user = UoW.Users.Get(QueryExpressionFactory.GetQueryExpression <tbl_User>() .Where(x => x.UserName == TestDefaultConstants.UserName).ToLambda()) .First(); var result = UoW.TextQueue.Create( Mapper.Map <tbl_TextQueue>(new TextV1() { FromPhoneNumber = TestDefaultConstants.UserPhoneNumber, ToPhoneNumber = TestDefaultConstants.UserPhoneNumber, Body = "Body-" + Base64.CreateString(32), SendAtUtc = DateTime.UtcNow, })); UoW.Commit(); result.Should().BeAssignableTo <tbl_TextQueue>(); }
public override int Run(string[] remainingArguments) { try { var dir = $"{Directory.GetCurrentDirectory()}{Path.DirectorySeparatorChar}.system"; if (!Directory.Exists(dir)) { Directory.CreateDirectory(dir); } var keys = _uow.PublicKeys.Get(QueryExpressionFactory.GetQueryExpression <tbl_PublicKey>() .Where(x => x.IdentityId == null && x.Deletable == false).ToLambda(), new List <Expression <Func <tbl_PublicKey, object> > >() { x => x.PrivateKey, }); ConsoleHelper.StdOutKeyPairs(keys); Console.Out.Write(" *** Enter GUID of public key to export *** : "); var input = Guid.Parse(StandardInput.GetInput()); var pubKey = keys.Where(x => x.Id == input).SingleOrDefault(); if (pubKey != null) { //public pkcs8 key format var pubPkcs8File = new FileInfo(dir + Path.DirectorySeparatorChar + "pub." + SshPublicKeyFormat.Pkcs8.ToString().ToLower() + ".txt"); var pubPkcs8Bytes = KeyHelper.ExportPubKey(pubKey, SshPublicKeyFormat.Pkcs8); File.WriteAllBytes(pubPkcs8File.FullName, pubPkcs8Bytes); Console.Out.WriteLine("Created " + pubPkcs8File); //public ssh2base64 key format var pubSsh2Base64File = new FileInfo(dir + Path.DirectorySeparatorChar + "pub." + SshPublicKeyFormat.Ssh2Base64.ToString().ToLower() + ".txt"); var pubSsh2Base64Bytes = KeyHelper.ExportPubKey(pubKey, SshPublicKeyFormat.Ssh2Base64); File.WriteAllBytes(pubSsh2Base64File.FullName, pubSsh2Base64Bytes); Console.Out.WriteLine("Created " + pubSsh2Base64File); //public ssh2raw key format var pubSsh2RawFile = new FileInfo(dir + Path.DirectorySeparatorChar + "pub." + SshPublicKeyFormat.Ssh2Raw.ToString().ToLower()); var pubSsh2RawBytes = KeyHelper.ExportPubKey(pubKey, SshPublicKeyFormat.Ssh2Raw); File.WriteAllBytes(pubSsh2RawFile.FullName, pubSsh2RawBytes); Console.Out.WriteLine("Created " + pubSsh2Base64File); if (pubKey.PrivateKey != null) { var privKey = pubKey.PrivateKey; //private key password in cleartext var privKeyPassFile = new FileInfo(dir + Path.DirectorySeparatorChar + "cleartext_passowrd.txt"); File.WriteAllText(privKeyPassFile.FullName, AES.DecryptString(privKey.KeyPass, _conf["Databases:AuroraSecret"])); Console.Out.WriteLine("Created " + privKeyPassFile); //private newopenssh key format var privNewOpenSshFile = new FileInfo(dir + Path.DirectorySeparatorChar + "priv." + SshPrivateKeyFormat.NewOpenSsh.ToString().ToLower() + ".txt"); var privNewOpenSshBytes = KeyHelper.ExportPrivKey(_conf, privKey, SshPrivateKeyFormat.NewOpenSsh, privKey.KeyPass); File.WriteAllBytes(privNewOpenSshFile.FullName, privNewOpenSshBytes); Console.Out.WriteLine("Created " + privNewOpenSshFile); //private openssh key format var privOpenSshFile = new FileInfo(dir + Path.DirectorySeparatorChar + "priv." + SshPrivateKeyFormat.OpenSsh.ToString().ToLower() + ".txt"); var privOpenSshBytes = KeyHelper.ExportPrivKey(_conf, privKey, SshPrivateKeyFormat.OpenSsh, privKey.KeyPass); File.WriteAllBytes(privOpenSshFile.FullName, privOpenSshBytes); Console.Out.WriteLine("Created " + privOpenSshFile); //private pkcs8 key format var privPcks8File = new FileInfo(dir + Path.DirectorySeparatorChar + "priv." + SshPrivateKeyFormat.Pkcs8.ToString().ToLower() + ".txt"); var privPcks8Bytes = KeyHelper.ExportPrivKey(_conf, privKey, SshPrivateKeyFormat.Pkcs8, privKey.KeyPass); File.WriteAllBytes(privPcks8File.FullName, privPcks8Bytes); Console.Out.WriteLine("Created " + privPcks8File); //private putty key format var privPuttyFile = new FileInfo(dir + Path.DirectorySeparatorChar + "priv." + SshPrivateKeyFormat.Putty.ToString().ToLower() + ".txt"); var privPuttyBytes = KeyHelper.ExportPrivKey(_conf, privKey, SshPrivateKeyFormat.Putty, privKey.KeyPass); File.WriteAllBytes(privPuttyFile.FullName, privPuttyBytes); Console.Out.WriteLine("Created " + privPuttyFile); } } else { throw new ConsoleHelpAsException($" *** Public key with GUID {input} not found ***"); } return(StandardOutput.FondFarewell()); } catch (Exception ex) { return(StandardOutput.AngryFarewell(ex)); } }
public void CreateAudiences() { if (foundIssuer == null) { CreateIssuers(); } /* * create default audiences */ foundAudience_Alert = _uow.Audiences.Get(QueryExpressionFactory.GetQueryExpression <uvw_Audience>() .Where(x => x.Name == DefaultConstants.Audience_Alert).ToLambda()) .SingleOrDefault(); if (foundAudience_Alert == null) { foundAudience_Alert = _uow.Audiences.Create( _map.Map <uvw_Audience>(new AudienceV1() { IssuerId = foundIssuer.Id, Name = DefaultConstants.Audience_Alert, IsLockedOut = false, IsDeletable = false, })); _uow.Commit(); } foundAudience_Identity = _uow.Audiences.Get(QueryExpressionFactory.GetQueryExpression <uvw_Audience>() .Where(x => x.Name == DefaultConstants.Audience_Identity).ToLambda()) .SingleOrDefault(); if (foundAudience_Identity == null) { foundAudience_Identity = _uow.Audiences.Create( _map.Map <uvw_Audience>(new AudienceV1() { IssuerId = foundIssuer.Id, Name = DefaultConstants.Audience_Identity, IsLockedOut = false, IsDeletable = false, })); _uow.Commit(); } /* * set password to audiences */ if (!_uow.Audiences.IsPasswordSet(foundAudience_Alert)) { _uow.Audiences.SetPassword(foundAudience_Alert, DefaultConstants.AudiencePassword_Alert); _uow.Commit(); } if (!_uow.Audiences.IsPasswordSet(foundAudience_Identity)) { _uow.Audiences.SetPassword(foundAudience_Identity, DefaultConstants.AudiencePassword_Identity); _uow.Commit(); } }
public void CreateRoles() { if (foundAudience_Alert == null || foundAudience_Identity == null) { CreateAudiences(); } /* * create default roles */ foundRoleForAdmin_Alert = _uow.Roles.Get(QueryExpressionFactory.GetQueryExpression <uvw_Role>() .Where(x => x.Name == DefaultConstants.RoleForAdmins_Alert).ToLambda()) .SingleOrDefault(); if (foundRoleForAdmin_Alert == null) { foundRoleForAdmin_Alert = _uow.Roles.Create( _map.Map <uvw_Role>(new RoleV1() { AudienceId = foundAudience_Alert.Id, Name = DefaultConstants.RoleForAdmins_Alert, IsEnabled = true, IsDeletable = false, })); _uow.Commit(); } foundRoleForUser_Alert = _uow.Roles.Get(QueryExpressionFactory.GetQueryExpression <uvw_Role>() .Where(x => x.Name == DefaultConstants.RoleForUsers_Alert).ToLambda()) .SingleOrDefault(); if (foundRoleForUser_Alert == null) { foundRoleForUser_Alert = _uow.Roles.Create( _map.Map <uvw_Role>(new RoleV1() { AudienceId = foundAudience_Alert.Id, Name = DefaultConstants.RoleForUsers_Alert, IsEnabled = true, IsDeletable = false, })); _uow.Commit(); } foundRoleForAdmin_Identity = _uow.Roles.Get(QueryExpressionFactory.GetQueryExpression <uvw_Role>() .Where(x => x.Name == DefaultConstants.RoleForAdmins_Identity).ToLambda()) .SingleOrDefault(); if (foundRoleForAdmin_Identity == null) { foundRoleForAdmin_Identity = _uow.Roles.Create( _map.Map <uvw_Role>(new RoleV1() { AudienceId = foundAudience_Identity.Id, Name = DefaultConstants.RoleForAdmins_Identity, IsEnabled = true, IsDeletable = false, })); _uow.Commit(); } foundRoleForUser_Identity = _uow.Roles.Get(QueryExpressionFactory.GetQueryExpression <uvw_Role>() .Where(x => x.Name == DefaultConstants.RoleForUsers_Identity).ToLambda()) .SingleOrDefault(); if (foundRoleForUser_Identity == null) { foundRoleForUser_Identity = _uow.Roles.Create( _map.Map <uvw_Role>(new RoleV1() { AudienceId = foundAudience_Identity.Id, Name = DefaultConstants.RoleForUsers_Identity, IsEnabled = true, IsDeletable = false, })); _uow.Commit(); } }
public void CreateIssuers() { /* * create default issuers */ foundIssuer = _uow.Issuers.Get(QueryExpressionFactory.GetQueryExpression <uvw_Issuer>() .Where(x => x.Name == DefaultConstants.IssuerName).ToLambda()) .SingleOrDefault(); if (foundIssuer == null) { foundIssuer = _uow.Issuers.Create( _map.Map <uvw_Issuer>(new IssuerV1() { Name = DefaultConstants.IssuerName, IssuerKey = DefaultConstants.IssuerKey, IsEnabled = true, IsDeletable = false, })); _uow.Commit(); } var foundAccessExpire = _uow.Settings.Get(QueryExpressionFactory.GetQueryExpression <uvw_Setting>() .Where(x => x.IssuerId == foundIssuer.Id && x.ConfigKey == SettingsConstants.AccessExpire).ToLambda()) .SingleOrDefault(); if (foundAccessExpire == null) { _uow.Settings.Create( _map.Map <uvw_Setting>(new SettingV1() { IssuerId = foundIssuer.Id, ConfigKey = SettingsConstants.AccessExpire, ConfigValue = 600.ToString(), IsDeletable = false, })); _uow.Commit(); } var foundRefreshExpire = _uow.Settings.Get(QueryExpressionFactory.GetQueryExpression <uvw_Setting>() .Where(x => x.IssuerId == foundIssuer.Id && x.ConfigKey == SettingsConstants.RefreshExpire).ToLambda()) .SingleOrDefault(); if (foundRefreshExpire == null) { _uow.Settings.Create( _map.Map <uvw_Setting>(new SettingV1() { IssuerId = foundIssuer.Id, ConfigKey = SettingsConstants.RefreshExpire, ConfigValue = 86400.ToString(), IsDeletable = false, })); _uow.Commit(); } var foundTotpExpire = _uow.Settings.Get(QueryExpressionFactory.GetQueryExpression <uvw_Setting>() .Where(x => x.IssuerId == foundIssuer.Id && x.ConfigKey == SettingsConstants.TotpExpire).ToLambda()) .SingleOrDefault(); if (foundTotpExpire == null) { _uow.Settings.Create( _map.Map <uvw_Setting>(new SettingV1() { IssuerId = foundIssuer.Id, ConfigKey = SettingsConstants.TotpExpire, ConfigValue = 600.ToString(), IsDeletable = false, })); _uow.Commit(); } var foundPollingMax = _uow.Settings.Get(QueryExpressionFactory.GetQueryExpression <uvw_Setting>() .Where(x => x.IssuerId == foundIssuer.Id && x.ConfigKey == SettingsConstants.PollingMax).ToLambda()) .SingleOrDefault(); if (foundPollingMax == null) { _uow.Settings.Create( _map.Map <uvw_Setting>(new SettingV1() { IssuerId = foundIssuer.Id, ConfigKey = SettingsConstants.PollingMax, ConfigValue = 10.ToString(), IsDeletable = false, })); _uow.Commit(); } }
public IActionResult AuthCodeV2_Grant([FromQuery] AuthCodeV2 input) { if (!ModelState.IsValid) { return(BadRequest(ModelState)); } //clean out cruft from encoding... input.issuer = HttpUtility.UrlDecode(input.issuer); input.client = HttpUtility.UrlDecode(input.client); input.user = HttpUtility.UrlDecode(input.user); input.redirect_uri = HttpUtility.UrlDecode(input.redirect_uri); input.code = HttpUtility.UrlDecode(input.code); input.state = HttpUtility.UrlDecode(input.state); if (!Uri.IsWellFormedUriString(input.redirect_uri, UriKind.Absolute)) { ModelState.AddModelError(MessageType.UriInvalid.ToString(), $"Uri:{input.redirect_uri}"); return(BadRequest(ModelState)); } Guid issuerID; tbl_Issuer issuer; //check if identifier is guid. resolve to guid if not. if (Guid.TryParse(input.issuer, out issuerID)) { issuer = uow.Issuers.Get(x => x.Id == issuerID).SingleOrDefault(); } else { issuer = uow.Issuers.Get(x => x.Name == input.issuer).SingleOrDefault(); } if (issuer == null) { ModelState.AddModelError(MessageType.IssuerNotFound.ToString(), $"Issuer:{input.issuer}"); return(NotFound(ModelState)); } else if (!issuer.IsEnabled) { ModelState.AddModelError(MessageType.IssuerInvalid.ToString(), $"Issuer:{issuer.Id}"); return(BadRequest(ModelState)); } Guid userID; tbl_User user; //check if identifier is guid. resolve to guid if not. if (Guid.TryParse(input.user, out userID)) { user = uow.Users.Get(x => x.Id == userID).SingleOrDefault(); } else { user = uow.Users.Get(x => x.UserName == input.user).SingleOrDefault(); } if (user == null) { ModelState.AddModelError(MessageType.UserNotFound.ToString(), $"User:{input.user}"); return(NotFound(ModelState)); } //check that user is confirmed... //check that user is not locked... else if (uow.Users.IsLockedOut(user) || !user.EmailConfirmed || !user.PasswordConfirmed) { ModelState.AddModelError(MessageType.UserInvalid.ToString(), $"User:{user.Id}"); return(BadRequest(ModelState)); } var audienceList = uow.Audiences.Get(QueryExpressionFactory.GetQueryExpression <tbl_Audience>() .Where(x => x.tbl_Roles.Any(y => y.tbl_UserRoles.Any(z => z.UserId == user.Id))).ToLambda()); var audiences = new List <tbl_Audience>(); //check if client is single, multiple or undefined... if (string.IsNullOrEmpty(input.client)) { audiences = uow.Audiences.Get(x => audienceList.Contains(x) && x.IsLockedOut == false).ToList(); } else { foreach (string entry in input.client.Split(",")) { Guid audienceID; tbl_Audience audience; //check if identifier is guid. resolve to guid if not. if (Guid.TryParse(entry.Trim(), out audienceID)) { audience = uow.Audiences.Get(x => x.Id == audienceID, y => y.Include(z => z.tbl_Urls)).SingleOrDefault(); } else { audience = uow.Audiences.Get(x => x.Name == entry.Trim(), y => y.Include(z => z.tbl_Urls)).SingleOrDefault(); } if (audience == null) { ModelState.AddModelError(MessageType.AudienceNotFound.ToString(), $"Audience:{input.client}"); return(NotFound(ModelState)); } else if (audience.IsLockedOut || !audienceList.Contains(audience)) { ModelState.AddModelError(MessageType.AudienceInvalid.ToString(), $"Audience:{audience.Id}"); return(BadRequest(ModelState)); } audiences.Add(audience); } } if (audiences.Count == 0) { ModelState.AddModelError(MessageType.AudienceNotFound.ToString(), $"Audience:None"); return(BadRequest(ModelState)); } //check if client uri is valid... var redirect = new Uri(input.redirect_uri); foreach (var entry in audiences) { if (!entry.tbl_Urls.Where(x => x.UrlHost == null && x.UrlPath == redirect.AbsolutePath).Any() && !entry.tbl_Urls.Where(x => new Uri(x.UrlHost + x.UrlPath).AbsoluteUri == redirect.AbsoluteUri).Any()) { ModelState.AddModelError(MessageType.UriInvalid.ToString(), $"Uri:{input.redirect_uri}"); return(BadRequest(ModelState)); } } //check if state is valid... var state = uow.States.Get(x => x.StateValue == input.state && x.ValidFromUtc <DateTime.UtcNow && x.ValidToUtc> DateTime.UtcNow && x.StateType == ConsumerType.User.ToString()).SingleOrDefault(); if (state == null) { ModelState.AddModelError(MessageType.StateNotFound.ToString(), $"User code:{input.state}"); return(BadRequest(ModelState)); } //check that payload can be decrypted and validated... if (!new PasswordTokenFactory(uow.InstanceType.ToString()).Validate(user.SecurityStamp, input.code, user.Id.ToString(), user.SecurityStamp)) { uow.AuthActivity.Create( map.Map <tbl_AuthActivity>(new AuthActivityV1() { UserId = user.Id, LoginType = GrantFlowType.AuthorizationCodeV2.ToString(), LoginOutcome = GrantFlowResultType.Failure.ToString(), })); uow.Commit(); ModelState.AddModelError(MessageType.TokenInvalid.ToString(), $"Token:{input.code}"); return(BadRequest(ModelState)); } var ac_claims = uow.Users.GenerateAccessClaims(issuer, user); var ac = auth.ResourceOwnerPassword(issuer.Name, issuer.IssuerKey, conf["IdentityTenant:Salt"], audiences.Select(x => x.Name).ToList(), ac_claims); uow.AuthActivity.Create( map.Map <tbl_AuthActivity>(new AuthActivityV1() { UserId = user.Id, LoginType = GrantFlowType.AuthorizationCodeV2.ToString(), LoginOutcome = GrantFlowResultType.Success.ToString(), })); var rt_claims = uow.Users.GenerateRefreshClaims(issuer, user); var rt = auth.ResourceOwnerPassword(issuer.Name, issuer.IssuerKey, conf["IdentityTenant:Salt"], audiences.Select(x => x.Name).ToList(), rt_claims); uow.Refreshes.Create( map.Map <tbl_Refresh>(new RefreshV1() { IssuerId = issuer.Id, UserId = user.Id, RefreshType = ConsumerType.User.ToString(), RefreshValue = rt.RawData, ValidFromUtc = rt.ValidFrom, ValidToUtc = rt.ValidTo, })); uow.AuthActivity.Create( map.Map <tbl_AuthActivity>(new AuthActivityV1() { UserId = user.Id, LoginType = GrantFlowType.RefreshTokenV2.ToString(), LoginOutcome = GrantFlowResultType.Success.ToString(), })); uow.Commit(); var result = new UserJwtV2() { token_type = "bearer", access_token = ac.RawData, refresh_token = rt.RawData, user = user.UserName, client = audiences.Select(x => x.Name).ToList(), issuer = issuer.Name + ":" + conf["IdentityTenant:Salt"], expires_in = (int)(new DateTimeOffset(ac.ValidTo).Subtract(DateTime.UtcNow)).TotalSeconds, }; return(Ok(result)); }
public RoleEditCommand() { _conf = (IConfiguration) new ConfigurationBuilder() .AddJsonFile("clisettings.json", optional: false, reloadOnChange: true) .Build(); _map = new MapperConfiguration(x => x.AddProfile <AutoMapperProfile_EF6>()) .CreateMapper(); var env = new ContextService(InstanceContext.DeployedOrLocal); _uow = new UnitOfWork(_conf["Databases:IdentityEntities_EF6"], env); _service = new AdminService(_conf) { Grant = new ResourceOwnerGrantV2(_conf) }; IsCommand("role-edit", "Edit role"); HasRequiredOption("r|role=", "Enter existing role", arg => { if (string.IsNullOrEmpty(arg)) { throw new ConsoleHelpAsException($" *** No role given ***"); } _role = _uow.Roles.Get(QueryExpressionFactory.GetQueryExpression <E_Role>() .Where(x => x.Name == arg).ToLambda(), new List <Expression <Func <E_Role, object> > >() { x => x.AudienceRoles, x => x.RoleClaims, x => x.UserRoles, }) .SingleOrDefault(); if (_role == null) { throw new ConsoleHelpAsException($" *** No role '{arg}' ***"); } }); HasOption("n|name=", "Enter name", arg => { if (string.IsNullOrEmpty(arg)) { throw new ConsoleHelpAsException($" *** No name given ***"); } _role.Name = arg; }); HasOption("d|description=", "Enter description", arg => { if (string.IsNullOrEmpty(arg)) { throw new ConsoleHelpAsException($" *** No description given ***"); } _role.Description = arg; }); HasOption("E|enabled=", "Is user enabled", arg => { _isEnabled = bool.Parse(arg); }); HasOption("D|deletable=", "Is user deletable", arg => { _isDeletable = bool.Parse(arg); }); }
public static tbl_PrivateKey ImportPrivKey(IConfiguration conf, IUnitOfWork uow, tbl_User user, string privKeyPass, SignatureHashAlgorithm sigAlgo, string comment, FileInfo inputFile) { var callPath = $"{MethodBase.GetCurrentMethod().DeclaringType.Name}.{MethodBase.GetCurrentMethod().Name}"; tbl_PrivateKey pubKey = null; var keyPair = new SshPrivateKey(inputFile.FullName, privKeyPass); var privId = Guid.NewGuid(); var pubId = Guid.NewGuid(); var privStream = new MemoryStream(); var pubStream = new MemoryStream(); keyPair.Save(privStream, privKeyPass, SshPrivateKeyFormat.Pkcs8); keyPair.SavePublicKey(pubStream, SshPublicKeyFormat.Pkcs8); var privKeyValue = Encoding.ASCII.GetString(privStream.ToArray()); var pubKeyValue = Encoding.ASCII.GetString(pubStream.ToArray()); var privKeyFound = uow.PrivateKeys.Get(QueryExpressionFactory.GetQueryExpression <tbl_PrivateKey>() .Where(x => x.Id == user.IdentityId && x.KeyValue == privKeyValue).ToLambda()) .SingleOrDefault(); var pubKeyFound = uow.PublicKeys.Get(QueryExpressionFactory.GetQueryExpression <tbl_PublicKey>() .Where(x => x.Id == user.IdentityId && x.KeyValue == pubKeyValue).ToLambda()) .SingleOrDefault(); if (privKeyFound == null && pubKeyFound == null) { uow.PrivateKeys.Create( new tbl_PrivateKey { Id = privId, PublicKeyId = pubId, IdentityId = user.IdentityId, KeyValue = privKeyValue, KeyAlgo = keyPair.KeyAlgorithm.ToString(), KeyPass = AES.EncryptString(privKeyPass, conf["Databases:AuroraSecret"]), KeyFormat = SshPrivateKeyFormat.Pkcs8.ToString(), Enabled = true, Deletable = true, Created = DateTime.Now, LastUpdated = null, }); Log.Information($"'{callPath}' '{user.IdentityAlias}' private key algo {keyPair.KeyAlgorithm} sig {keyPair.Fingerprint.ToString(sigAlgo, false)}" + $"{Environment.NewLine}{privKeyValue}"); uow.PublicKeys.Create( new tbl_PublicKey { Id = pubId, PrivateKeyId = privId, IdentityId = user.IdentityId, KeyValue = pubKeyValue, KeyAlgo = keyPair.KeyAlgorithm.ToString(), KeyFormat = SshPublicKeyFormat.Pkcs8.ToString(), SigValue = keyPair.Fingerprint.ToString(sigAlgo, false), SigAlgo = sigAlgo.ToString(), Comment = comment, Enabled = true, Deletable = true, Created = DateTime.Now, LastUpdated = null, }); Log.Information($"'{callPath}' '{user.IdentityAlias}' public key algo {keyPair.KeyAlgorithm} sig {keyPair.Fingerprint.ToString(sigAlgo, false)}" + $"{Environment.NewLine}{pubKeyValue}"); } else if (privKeyFound != null && pubKeyFound == null) { uow.PublicKeys.Create( new tbl_PublicKey { Id = pubId, PrivateKeyId = privKeyFound.Id, IdentityId = user.IdentityId, KeyValue = pubKeyValue, KeyAlgo = keyPair.KeyAlgorithm.ToString(), KeyFormat = SshPublicKeyFormat.Pkcs8.ToString(), SigValue = keyPair.Fingerprint.ToString(sigAlgo, false), SigAlgo = sigAlgo.ToString(), Comment = comment, Enabled = true, Deletable = true, Created = DateTime.Now, LastUpdated = null, }); Log.Information($"'{callPath}' '{user.IdentityAlias}' public key algo {keyPair.KeyAlgorithm} sig {keyPair.Fingerprint.ToString(sigAlgo, false)}" + $"{Environment.NewLine}{pubKeyValue}"); } else if (privKeyFound == null && pubKeyFound != null) { uow.PrivateKeys.Create( new tbl_PrivateKey { Id = privId, PublicKeyId = pubKeyFound.Id, IdentityId = user.IdentityId, KeyValue = privKeyValue, KeyAlgo = keyPair.Fingerprint.ToString(sigAlgo, false).ToString(), KeyPass = AES.EncryptString(privKeyPass, conf["Databases:AuroraSecret"]), Enabled = true, Deletable = true, Created = DateTime.Now, LastUpdated = null, }); Log.Information($"'{callPath}' '{user.IdentityAlias}' private key algo {keyPair.KeyAlgorithm} sig {keyPair.Fingerprint.ToString(sigAlgo, false)}" + $"{Environment.NewLine}{privKeyValue}"); } uow.Commit(); return(pubKey); }
public async Task StartAsync(CancellationToken cancellationToken) { await Task.Run(() => { try { AsymmetricKeyAlgorithm.Register(Curve25519.Create); AsymmetricKeyAlgorithm.Register(Ed25519.Create); AsymmetricKeyAlgorithm.Register(EllipticCurveAlgorithm.Create); using (var scope = _factory.CreateScope()) { var conf = scope.ServiceProvider.GetRequiredService <IConfiguration>(); var uow = scope.ServiceProvider.GetRequiredService <IUnitOfWork>(); if (!Enum.TryParse <LogLevel>(conf["Rebex:LogLevel"], true, out _level)) { throw new InvalidCastException(); } var license = uow.Settings.Get(QueryExpressionFactory.GetQueryExpression <tbl_Setting>() .Where(x => x.ConfigKey == "RebexLicense").ToLambda()).OrderBy(x => x.Created) .Last(); Rebex.Licensing.Key = license.ConfigValue; KeyHelper.CheckPrivKey(conf, uow, SshHostKeyAlgorithm.DSS, 1024, AlphaNumeric.CreateString(32), SignatureHashAlgorithm.SHA256); KeyHelper.CheckPrivKey(conf, uow, SshHostKeyAlgorithm.RSA, 4096, AlphaNumeric.CreateString(32), SignatureHashAlgorithm.SHA256); KeyHelper.CheckPrivKey(conf, uow, SshHostKeyAlgorithm.ECDsaNistP256, 256, AlphaNumeric.CreateString(32), SignatureHashAlgorithm.SHA256); KeyHelper.CheckPrivKey(conf, uow, SshHostKeyAlgorithm.ECDsaNistP384, 384, AlphaNumeric.CreateString(32), SignatureHashAlgorithm.SHA256); KeyHelper.CheckPrivKey(conf, uow, SshHostKeyAlgorithm.ECDsaNistP521, 521, AlphaNumeric.CreateString(32), SignatureHashAlgorithm.SHA256); KeyHelper.CheckPrivKey(conf, uow, SshHostKeyAlgorithm.ED25519, 256, AlphaNumeric.CreateString(32), SignatureHashAlgorithm.SHA256); var secret = conf["Databases:AuroraSecret"]; var dsaStr = SshHostKeyAlgorithm.DSS.ToString(); var dsaPrivKey = uow.PrivateKeys.Get(QueryExpressionFactory.GetQueryExpression <tbl_PrivateKey>() .Where(x => x.KeyAlgo == dsaStr && x.IdentityId == null).ToLambda()).OrderBy(x => x.Created) .Single(); var dsaBytes = Encoding.ASCII.GetBytes(dsaPrivKey.KeyValue); _server.Keys.Add(new SshPrivateKey(dsaBytes, AES.DecryptString(dsaPrivKey.KeyPass, secret))); var rsaStr = SshHostKeyAlgorithm.RSA.ToString(); var rsaPrivKey = uow.PrivateKeys.Get(QueryExpressionFactory.GetQueryExpression <tbl_PrivateKey>() .Where(x => x.KeyAlgo == rsaStr && x.IdentityId == null).ToLambda()).OrderBy(x => x.Created) .Single(); var rsaBytes = Encoding.ASCII.GetBytes(rsaPrivKey.KeyValue); _server.Keys.Add(new SshPrivateKey(rsaBytes, AES.DecryptString(rsaPrivKey.KeyPass, secret))); var ecdsa256Str = SshHostKeyAlgorithm.ECDsaNistP256.ToString(); var ecdsa256PrivKey = uow.PrivateKeys.Get(QueryExpressionFactory.GetQueryExpression <tbl_PrivateKey>() .Where(x => x.KeyAlgo == ecdsa256Str && x.IdentityId == null).ToLambda()).OrderBy(x => x.Created) .Single(); var ecdsa256Bytes = Encoding.ASCII.GetBytes(ecdsa256PrivKey.KeyValue); _server.Keys.Add(new SshPrivateKey(ecdsa256Bytes, AES.DecryptString(ecdsa256PrivKey.KeyPass, secret))); var ecdsa384Str = SshHostKeyAlgorithm.ECDsaNistP384.ToString(); var ecdsa384PrivKey = uow.PrivateKeys.Get(QueryExpressionFactory.GetQueryExpression <tbl_PrivateKey>() .Where(x => x.KeyAlgo == ecdsa384Str && x.IdentityId == null).ToLambda()).OrderBy(x => x.Created) .Single(); var ecdsa384Bytes = Encoding.ASCII.GetBytes(ecdsa384PrivKey.KeyValue); _server.Keys.Add(new SshPrivateKey(ecdsa384Bytes, AES.DecryptString(ecdsa384PrivKey.KeyPass, secret))); var ecdsa521Str = SshHostKeyAlgorithm.ECDsaNistP521.ToString(); var ecdsa521PrivKey = uow.PrivateKeys.Get(QueryExpressionFactory.GetQueryExpression <tbl_PrivateKey>() .Where(x => x.KeyAlgo == ecdsa521Str && x.IdentityId == null).ToLambda()).OrderBy(x => x.Created) .Single(); var ecdsa521Bytes = Encoding.ASCII.GetBytes(ecdsa521PrivKey.KeyValue); _server.Keys.Add(new SshPrivateKey(ecdsa521Bytes, AES.DecryptString(ecdsa521PrivKey.KeyPass, secret))); var ed25519Str = SshHostKeyAlgorithm.ED25519.ToString(); var ed25519PrivKey = uow.PrivateKeys.Get(QueryExpressionFactory.GetQueryExpression <tbl_PrivateKey>() .Where(x => x.KeyAlgo == ed25519Str && x.IdentityId == null).ToLambda()).OrderBy(x => x.Created) .Single(); var ed25519Bytes = Encoding.ASCII.GetBytes(ed25519PrivKey.KeyValue); _server.Keys.Add(new SshPrivateKey(ed25519Bytes, AES.DecryptString(ed25519PrivKey.KeyPass, secret))); _binding = conf.GetSection("Daemons:SftpService:Bindings").GetChildren().Select(x => x.Value); } foreach (var binding in _binding) { var pair = binding.Split("|"); _server.Bind(new IPEndPoint(IPAddress.Parse(pair[0]), int.Parse(pair[1])), FileServerProtocol.Sftp); #if DEBUG _server.Bind(new IPEndPoint(IPAddress.Parse(pair[0]), int.Parse(pair[1])), FileServerProtocol.Shell); #endif } _server.LogWriter = new ConsoleLogWriter(_level); _server.Settings.AllowedAuthenticationMethods = AuthenticationMethods.PublicKey | AuthenticationMethods.Password; _server.Settings.SshParameters.EncryptionAlgorithms = SshEncryptionAlgorithm.Any; _server.Settings.SshParameters.EncryptionModes = SshEncryptionMode.Any; _server.Settings.SshParameters.KeyExchangeAlgorithms = SshKeyExchangeAlgorithm.Any; _server.Settings.SshParameters.HostKeyAlgorithms = SshHostKeyAlgorithm.Any; _server.Settings.SshParameters.MacAlgorithms = SshMacAlgorithm.Any; _server.Authentication += FsUser_Authentication; _server.Connecting += FsUser_Connecting; _server.Disconnected += FsUser_Disconnected; _server.FileDownloaded += FsUser_FileDownloaded; _server.FileUploaded += FsUser_FileUploaded; _server.PreAuthentication += FsUser_PreAuthentication; _server.Start(); } catch (Exception ex) { Log.Error(ex.ToString()); } }, cancellationToken); }
private void FsUser_Authentication(object sender, AuthenticationEventArgs e) { /* * https://www.rebex.net/file-server/features/events.aspx#authentication */ try { var callPath = $"{MethodBase.GetCurrentMethod().DeclaringType.Name}.{MethodBase.GetCurrentMethod().Name}"; using (var scope = _factory.CreateScope()) { var conf = scope.ServiceProvider.GetRequiredService <IConfiguration>(); var log = scope.ServiceProvider.GetRequiredService <ILogger>(); var uow = scope.ServiceProvider.GetRequiredService <IUnitOfWork>(); var user = uow.Users.Get(QueryExpressionFactory.GetQueryExpression <tbl_User>() .Where(x => x.IdentityAlias == e.UserName).ToLambda(), new List <Expression <Func <tbl_User, object> > >() { x => x.tbl_PublicKey, x => x.tbl_UserMount, }).SingleOrDefault(); var admin = scope.ServiceProvider.GetRequiredService <IAdminService>(); var sts = scope.ServiceProvider.GetRequiredService <IStsService>(); if (e.Key != null) { Log.Information($"'{callPath}' '{e.UserName}' in-progress with public key"); if (UserHelper.ValidatePubKey(user.tbl_PublicKey.Where(x => x.Enabled).ToList(), e.Key) && admin.User_VerifyV1(user.IdentityId).Result) { Log.Information($"'{callPath}' '{e.UserName}' success with public key"); if (e.PartiallyAccepted || !user.RequirePassword) { /* * an smb mount will not succeed without a user password or ambassador credential. */ if (user.FileSystemType == FileSystemTypes.SMB.ToString() && !user.tbl_UserMount.CredentialId.HasValue) { Log.Warning($"'{callPath}' '{e.UserName}' failure no credential to create {FileSystemTypes.SMB} filesystem"); e.Reject(); return; } var fs = FileSystemFactory.CreateFileSystem(_factory, log, user, e.UserName, e.Password); var fsUser = new FileServerUser(e.UserName, e.Password); fsUser.SetFileSystem(fs); var fsNotify = fs.GetFileSystemNotifier(); fsNotify.CreatePreview += FsNotify_CreatePreview; fsNotify.CreateCompleted += FsNotify_CreateCompleted; fsNotify.DeletePreview += FsNotify_DeletePreview; fsNotify.DeleteCompleted += FsNotify_DeleteCompleted; e.Accept(fsUser); return; } else { /* * authenticate partially if another kind of credential has not been provided yet. */ e.AcceptPartially(); return; } } else { Log.Warning($"'{callPath}' '{e.UserName}' failure with public key"); e.Reject(); return; } } if (e.Password != null) { Log.Information($"'{callPath}' '{e.UserName}' in-progress with password"); try { var identity = admin.User_GetV1(user.IdentityId.ToString()).Result; var auth = sts.ResourceOwner_GrantV2( new ResourceOwnerV2() { issuer = conf["IdentityCredentials:IssuerName"], client = conf["IdentityCredentials:AudienceName"], grant_type = "password", user = identity.UserName, password = e.Password, }).Result; Log.Information($"'{callPath}' '{e.UserName}' success with password"); if (e.PartiallyAccepted || !user.RequirePublicKey) { var fs = FileSystemFactory.CreateFileSystem(_factory, log, user, e.UserName, e.Password); var fsUser = new FileServerUser(e.UserName, e.Password); fsUser.SetFileSystem(fs); var fsNotify = fs.GetFileSystemNotifier(); fsNotify.CreatePreview += FsNotify_CreatePreview; fsNotify.CreateCompleted += FsNotify_CreateCompleted; fsNotify.DeletePreview += FsNotify_DeletePreview; fsNotify.DeleteCompleted += FsNotify_DeleteCompleted; e.Accept(fsUser); return; } else { /* * authenticate partially if another kind of credential has not been provided yet. */ e.AcceptPartially(); return; } } catch (HttpRequestException) { Log.Warning($"'{callPath}' '{e.UserName}' failure with password"); e.Reject(); return; } } Log.Warning($"'{callPath}' '{e.UserName}' denied"); e.Reject(); return; } } catch (Exception ex) { Log.Error(ex.ToString()); } }
private void FsUser_PreAuthentication(object sender, PreAuthenticationEventArgs e) { /* * https://www.rebex.net/file-server/features/events.aspx#pre-authentication */ try { var callPath = $"{MethodBase.GetCurrentMethod().DeclaringType.Name}.{MethodBase.GetCurrentMethod().Name}"; using (var scope = _factory.CreateScope()) { var uow = scope.ServiceProvider.GetRequiredService <IUnitOfWork>(); var user = uow.Users.Get(QueryExpressionFactory.GetQueryExpression <tbl_User>() .Where(x => x.IdentityAlias == e.UserName && x.Enabled).ToLambda(), new List <Expression <Func <tbl_User, object> > >() { x => x.tbl_Network, x => x.tbl_PublicKey, }).SingleOrDefault(); if (user == null || user.Enabled == false) { Log.Warning($"'{callPath}' '{e.UserName}' not found or not enabled"); e.Reject(); return; } var action = NetworkAction.Deny.ToString(); if (NetworkHelper.ValidateAddress(user.tbl_Network.Where(x => x.Action == action && x.Enabled), e.ClientAddress)) { Log.Warning($"'{callPath}' '{e.UserName}' is denied from '{e.ClientEndPoint}' running '{e.ClientSoftwareIdentifier}'"); e.Reject(); return; } action = NetworkAction.Allow.ToString(); if (!NetworkHelper.ValidateAddress(user.tbl_Network.Where(x => x.Action == action && x.Enabled), e.ClientAddress)) { Log.Warning($"'{callPath}' '{e.UserName}' is not allowed from '{e.ClientEndPoint}' running '{e.ClientSoftwareIdentifier}'"); e.Reject(); return; } Log.Information($"'{callPath}' '{e.UserName}' allowed from '{e.ClientEndPoint}' running '{e.ClientSoftwareIdentifier}'"); if (user.RequirePublicKey && user.RequirePassword) { Log.Information($"'{callPath}' '{e.UserName}' allowed with public key and password"); e.Accept(AuthenticationMethods.PublicKey | AuthenticationMethods.Password); return; } if (user.RequirePublicKey && !user.RequirePassword) { Log.Information($"'{callPath}' '{e.UserName}' allowed with public key"); e.Accept(AuthenticationMethods.PublicKey); return; } if (!user.RequirePublicKey && user.RequirePassword) { Log.Information($"'{callPath}' '{e.UserName}' allowed with password"); e.Accept(AuthenticationMethods.Password); return; } Log.Warning($"'{callPath}' '{e.UserName}' denied"); e.Reject(); return; } } catch (Exception ex) { Log.Error(ex.ToString()); } }
public void Destroy() { /* * delete test motds */ var motds = _uow.MOTDs.Get(QueryExpressionFactory.GetQueryExpression <tbl_MOTD>() .Where(x => x.Author.Contains(TestDefaultConstants.MOTDAuthor)).ToLambda()); if (motds.Count() > 0) { _uow.MOTDs.Delete(motds); _uow.Commit(); } /* * delete test emails */ var emails = _uow.EmailQueue.Get(QueryExpressionFactory.GetQueryExpression <tbl_EmailQueue>().ToLambda()); if (emails.Count() > 0) { _uow.EmailQueue.Delete(emails); _uow.Commit(); } /* * delete test texts */ var texts = _uow.TextQueue.Get(QueryExpressionFactory.GetQueryExpression <tbl_TextQueue>().ToLambda()); if (texts.Count() > 0) { _uow.TextQueue.Delete(texts); _uow.Commit(); } /* * delete test users */ var users = _uow.Users.Get(QueryExpressionFactory.GetQueryExpression <tbl_User>() .Where(x => x.UserName.Contains(TestDefaultConstants.UserName)).ToLambda()); if (users.Count() > 0) { _uow.Users.Delete(users); _uow.Commit(); } /* * delete test roles */ var roles = _uow.Roles.Get(QueryExpressionFactory.GetQueryExpression <tbl_Role>() .Where(x => x.Name.Contains(TestDefaultConstants.RoleName)).ToLambda()); if (roles.Count() > 0) { _uow.Roles.Delete(roles); _uow.Commit(); } /* * delete test logins */ var logins = _uow.Logins.Get(QueryExpressionFactory.GetQueryExpression <tbl_Login>() .Where(x => x.Name.Contains(TestDefaultConstants.LoginName)).ToLambda()); if (logins.Count() > 0) { _uow.Logins.Delete(logins); _uow.Commit(); } /* * delete test claims */ var claims = _uow.Claims.Get(QueryExpressionFactory.GetQueryExpression <tbl_Claim>() .Where(x => x.Type.Contains(TestDefaultConstants.ClaimName)).ToLambda()); if (claims.Count() > 0) { _uow.Claims.Delete(claims); _uow.Commit(); } /* * delete test audiences */ var audiences = _uow.Audiences.Get(QueryExpressionFactory.GetQueryExpression <tbl_Audience>() .Where(x => x.Name.Contains(TestDefaultConstants.AudienceName)).ToLambda()); if (audiences.Count() > 0) { _uow.Audiences.Delete(audiences); _uow.Commit(); } /* * delete test issuers */ var issuers = _uow.Issuers.Get(QueryExpressionFactory.GetQueryExpression <tbl_Issuer>() .Where(x => x.Name.Contains(TestDefaultConstants.IssuerName)).ToLambda()); if (issuers.Count() > 0) { _uow.Issuers.Delete(issuers); _uow.Commit(); } }
/* * openssh uses base64 and special formatting for public keys like with "authorized_keys" * https://man.openbsd.org/ssh-keygen */ public static ICollection <tbl_PublicKey> ImportPubKeyBase64(IUnitOfWork uow, tbl_User user, SignatureHashAlgorithm sigAlgo, FileInfo inputFile) { var callPath = $"{MethodBase.GetCurrentMethod().DeclaringType.Name}.{MethodBase.GetCurrentMethod().Name}"; var pubKeyLines = File.ReadAllLines(inputFile.FullName); var pubKeys = new List <tbl_PublicKey>(); foreach (var line in pubKeyLines) { var base64 = line.Split(' '); switch (base64[0]) { case "ssh-dsa": break; case "ssh-rsa": break; //case "ecdsa-sha2-nistp256": // break; //case "ecdsa-sha2-nistp384": // break; //case "ecdsa-sha2-nistp521": // break; //case "ssh-ed25519": // break; default: { Log.Warning($"'{callPath}' '{user.IdentityAlias}' algorithm {base64[0]} not supported"); continue; } } var pubKey = new SshPublicKey(Convert.FromBase64String(base64[1])); var pubKeyStream = new MemoryStream(); pubKey.SavePublicKey(pubKeyStream, SshPublicKeyFormat.Pkcs8); var pubKeyValue = Encoding.ASCII.GetString(pubKeyStream.ToArray()); if (!uow.PublicKeys.Get(QueryExpressionFactory.GetQueryExpression <tbl_PublicKey>() .Where(x => x.Id == user.IdentityId && x.KeyValue == pubKeyValue).ToLambda()).Any()) { var newPubKey = uow.PublicKeys.Create( new tbl_PublicKey { Id = Guid.NewGuid(), IdentityId = user.IdentityId, KeyValue = pubKeyValue, KeyAlgo = pubKey.KeyAlgorithm.ToString(), KeyFormat = SshPublicKeyFormat.Pkcs8.ToString(), SigValue = pubKey.Fingerprint.ToString(sigAlgo, false), SigAlgo = sigAlgo.ToString(), Comment = base64[2], Enabled = true, Deletable = true, Created = DateTime.Now, LastUpdated = null, }); pubKeys.Add(newPubKey); Log.Information($"'{callPath}' '{user.IdentityAlias}' public key algo {pubKey.KeyAlgorithm} sig {pubKey.Fingerprint.ToString(sigAlgo, false)}" + $"{Environment.NewLine}{pubKeyValue}"); } else { Log.Warning($"'{callPath}' '{user.IdentityAlias}' skip public key algo {pubKey.KeyAlgorithm} sig {pubKey.Fingerprint.ToString(sigAlgo, false)}" + $"{Environment.NewLine}{pubKeyValue}"); } } uow.Commit(); return(pubKeys); }
public void Destroy() { /* * delete test users */ var users = _uow.Users.Get(QueryExpressionFactory.GetQueryExpression <E_User>() .Where(x => x.UserName.Contains(TestDefaultConstants.UserName)).ToLambda()); if (users.Count() > 0) { _uow.Users.Delete(users); _uow.Commit(); } /* * delete test roles */ var roles = _uow.Roles.Get(QueryExpressionFactory.GetQueryExpression <E_Role>() .Where(x => x.Name.Contains(TestDefaultConstants.RoleName)).ToLambda()); if (roles.Count() > 0) { _uow.Roles.Delete(roles); _uow.Commit(); } /* * delete test logins */ var logins = _uow.Logins.Get(QueryExpressionFactory.GetQueryExpression <E_Login>() .Where(x => x.Name.Contains(TestDefaultConstants.LoginName)).ToLambda()); if (logins.Count() > 0) { _uow.Logins.Delete(logins); _uow.Commit(); } /* * delete test claims */ var claims = _uow.Claims.Get(QueryExpressionFactory.GetQueryExpression <E_Claim>() .Where(x => x.Type.Contains(TestDefaultConstants.ClaimName)).ToLambda()); if (claims.Count() > 0) { _uow.Claims.Delete(claims); _uow.Commit(); } /* * delete test audiences */ var audiences = _uow.Audiences.Get(QueryExpressionFactory.GetQueryExpression <E_Audience>() .Where(x => x.Name.Contains(TestDefaultConstants.AudienceName)).ToLambda()); if (audiences.Count() > 0) { _uow.Audiences.Delete(audiences); _uow.Commit(); } /* * delete test issuers */ var issuers = _uow.Issuers.Get(QueryExpressionFactory.GetQueryExpression <E_Issuer>() .Where(x => x.Name.Contains(TestDefaultConstants.IssuerName)).ToLambda()); if (issuers.Count() > 0) { _uow.Issuers.Delete(issuers); _uow.Commit(); } }