public static void Register(HttpConfiguration config) { // Web API configuration and services config.Filters.Add(new AuthorizeAttribute()); // Web API routes config.MapHttpAttributeRoutes(); config.Routes.MapHttpRoute( name: "DefaultApi", routeTemplate: "api/{controller}/{id}", defaults: new { id = RouteParameter.Optional } ); var builder = new SecurityTokenBuilder(); var jwtHandler = new JwtAuthenticationMessageHandler { AllowedAudience = "http://www.rac.com.au", Issuer = "Satalyst", SigningToken = builder.CreateFromKey(ConfigurationManager.AppSettings["ApplicationKey"]) }; config.MessageHandlers.Add(jwtHandler); JsonMediaTypeFormatter jsonFormatter = config.Formatters.JsonFormatter; JsonSerializerSettings settings = jsonFormatter.SerializerSettings; settings.Formatting = Formatting.None; settings.ContractResolver = new CamelCasePropertyNamesContractResolver(); }
public static void Register(HttpConfiguration config) { config.Formatters.JsonFormatter.SupportedMediaTypes.Add(new MediaTypeHeaderValue("text/html")); config.Routes.MapHttpRoute( name: "DefaultApi", routeTemplate: "api/{controller}/{id}", defaults: new { id = RouteParameter.Optional } ); var tokenBuilder = new SecurityTokenBuilder(); var configReader = new ConfigurationReader(); var jwtHandler = new JwtAuthenticationMessageHandler { AllowedAudience = configReader.AllowedAudience, Issuer = configReader.Issuer, SigningToken = tokenBuilder.CreateFromKey(configReader.SymmetricKey), PrincipalTransformer = new PrincipalPersonalizadoTransformer() }; config.MessageHandlers.Add(jwtHandler); //WebApiConfig.Register(GlobalConfiguration.Configuration); //FilterConfig.RegisterGlobalFilters(GlobalFilters.Filters); // Uncomment the following line of code to enable query support for actions with an IQueryable or IQueryable<T> return type. // To avoid processing unexpected or malicious queries, use the validation settings on QueryableAttribute to validate incoming queries. // For more information, visit http://go.microsoft.com/fwlink/?LinkId=279712. //config.EnableQuerySupport(); // To disable tracing in your application, please comment out or remove the following line of code // For more information, refer to: http://www.asp.net/web-api config.EnableSystemDiagnosticsTracing(); }
public void Create_WithValidPrincipal_WithRole() { var principalStub = MockRepository.GenerateStub <ISecurityPrincipal>(); principalStub.Stub(stub => stub.User).Return("test.user"); var princialRoleStub = MockRepository.GenerateStub <ISecurityPrincipalRole>(); princialRoleStub.Stub(stub => stub.Group).Return("UID: testGroup"); princialRoleStub.Stub(stub => stub.Position).Return("UID: Official"); principalStub.Stub(stub => stub.Role).Return(princialRoleStub); SecurityContext context = CreateContext(); ISecurityPrincipal principal = principalStub; SecurityTokenBuilder builder = CreateSecurityTokenBuilder(); SecurityToken token = builder.CreateToken(principal, context); var principalUser = token.Principal.User.GetObject(); Assert.That(principalUser.UserName, Is.EqualTo("test.user")); Assert.That(token.Principal.Tenant, Is.EqualTo(principalUser.Tenant).Using(DomainObjectHandleComparer.Instance)); Assert.That(token.Principal.Roles.Count, Is.EqualTo(1)); Assert.That(token.Principal.Roles[0].Group.GetObject().UniqueIdentifier, Is.EqualTo("UID: testGroup")); Assert.That(token.Principal.Roles[0].Position.GetObject().UniqueIdentifier, Is.EqualTo("UID: Official")); Assert.That(token.Principal.IsNull, Is.False); }
public void Create_WithValidPrincipal_WithSubstitutedRole() { var principalStub = MockRepository.GenerateStub <ISecurityPrincipal> (); principalStub.Stub(stub => stub.User).Return("substituting.user"); principalStub.Stub(stub => stub.SubstitutedUser).Return("test.user"); var princialSubstitutedRoleStub = MockRepository.GenerateStub <ISecurityPrincipalRole> (); princialSubstitutedRoleStub.Stub(stub => stub.Group).Return("UID: testGroup"); princialSubstitutedRoleStub.Stub(stub => stub.Position).Return("UID: Official"); principalStub.Stub(stub => stub.SubstitutedRole).Return(princialSubstitutedRoleStub); SecurityContext context = CreateContext(); ISecurityPrincipal principal = principalStub; SecurityTokenBuilder builder = CreateSecurityTokenBuilder(); SecurityToken token = builder.CreateToken(principal, context); Assert.That(token.Principal.User, Is.Null); Assert.That(token.Principal.Tenant.GetObject().UniqueIdentifier, Is.EqualTo("UID: testTenant")); Assert.That(token.Principal.Roles.Count, Is.EqualTo(1)); Assert.That(token.Principal.Roles[0].Group.GetObject().UniqueIdentifier, Is.EqualTo("UID: testGroup")); Assert.That(token.Principal.Roles[0].Position.GetObject().UniqueIdentifier, Is.EqualTo("UID: Official")); Assert.That(token.Principal.IsNull, Is.False); }
public void TestOnDerive(ObjectOnDerive method) { var derivation = method.Derivation; if (!this.ExistOwnerSecurityToken) { var mySecurityToken = new SecurityTokenBuilder(this.Strategy.Session).Build(); this.OwnerSecurityToken = mySecurityToken; } if (!Users.GuestUserName.Equals(this.UserName) && !Users.AdministratorUserName.Equals(this.UserName)) { derivation.Log.AssertExists(this, Persons.Meta.LastName); } if (this.ExistFirstName && this.ExistLastName) { this.FullName = this.FirstName + " " + this.LastName; } else if (this.ExistFirstName) { this.FullName = this.FirstName; } else { this.FullName = this.LastName; } var template = Singleton.Instance(this.Strategy.Session).PersonTemplate; this.PrintContent = template.Apply(new Dictionary<string, object> { { "this", this } }); }
private void RegisterHandlers() { var logManager = WebContainerManager.Get <ILogManager>(); var userSession = WebContainerManager.Get <IUserSession>(); GlobalConfiguration.Configuration.MessageHandlers.Add( new BasicAuthenticationMessageHandler(logManager, WebContainerManager.Get <IBasicSecurityService>())); GlobalConfiguration.Configuration.MessageHandlers.Add(new TaskDataSecurityMessageHandler(logManager, userSession)); GlobalConfiguration.Configuration.MessageHandlers.Add(new PagedTaskDataSecurityMessageHandler(logManager, userSession)); var builder = new SecurityTokenBuilder(); var reader = new ConfigurationReader(); GlobalConfiguration.Configuration.MessageHandlers.Add( new JwtAuthenticationMessageHandler { AllowedAudience = reader.AllowedAudience, Issuer = reader.Issuer, SigningToken = builder.CreateFromKey(reader.SymmetricKey) }); }
public void Create_WithNotExistingAbstractRole() { SecurityContext context = CreateContext(ProjectRoles.Developer, UndefinedAbstractRoles.Undefined, ProjectRoles.QualityManager); SecurityTokenBuilder builder = CreateSecurityTokenBuilder(); builder.CreateToken(CreateTestPrincipal(), context); }
public void Create_WithNotExistingOwningUser() { SecurityContext context = CreateContextWithNotExistingOwningUser(); ISecurityPrincipal user = CreateTestPrincipal(); SecurityTokenBuilder builder = CreateSecurityTokenBuilder(); builder.CreateToken(user, context); }
public void Create_WithValidAbstractRoles() { SecurityContext context = CreateContext(ProjectRoles.QualityManager, ProjectRoles.Developer); SecurityTokenBuilder builder = CreateSecurityTokenBuilder(); SecurityToken token = builder.CreateToken(CreateTestPrincipal(), context); Assert.That(token.AbstractRoles.Count, Is.EqualTo(2)); }
public void Create_AbstractRolesEmpty() { SecurityContext context = CreateContext(); SecurityTokenBuilder builder = CreateSecurityTokenBuilder(); SecurityToken token = builder.CreateToken(CreateTestPrincipal(), context); Assert.That(token.AbstractRoles, Is.Empty); }
public void Create_WithInvalidPrincipal_EmptyUserName() { SecurityContext context = CreateContext(); ISecurityPrincipal principal = CreatePrincipal(""); SecurityTokenBuilder builder = CreateSecurityTokenBuilder(); builder.CreateToken(principal, context); }
public void Create_WithoutOwningUser() { SecurityContext context = CreateContextWithoutOwningUser(); ISecurityPrincipal user = CreateTestPrincipal(); SecurityTokenBuilder builder = CreateSecurityTokenBuilder(); SecurityToken token = builder.CreateToken(user, context); Assert.That(token.OwningUser, Is.Null); }
public void Create_WithValidAbstractRole() { SecurityContext context = CreateContext(ProjectRoles.QualityManager); SecurityTokenBuilder builder = CreateSecurityTokenBuilder(); SecurityToken token = builder.CreateToken(CreateTestPrincipal(), context); Assert.That(token.AbstractRoles.Count, Is.EqualTo(1)); Assert.That( token.AbstractRoles[0].GetObject().Name, Is.EqualTo("QualityManager|Remotion.SecurityManager.UnitTests.TestDomain.ProjectRoles, Remotion.SecurityManager.UnitTests")); }
public void Create_WithInactiveTransaction() { SecurityContext context = CreateContext(); ISecurityPrincipal principal = CreateTestPrincipal(); using (ClientTransactionTestHelper.MakeInactive(ClientTransactionScope.CurrentTransaction)) { SecurityTokenBuilder builder = CreateSecurityTokenBuilder(); SecurityToken token = builder.CreateToken(principal, context); Assert.That(token.Principal.IsNull, Is.False); } }
public void Create_WithValidOwningGroup() { SecurityContext context = CreateContext(); ISecurityPrincipal user = CreateTestPrincipal(); SecurityTokenBuilder builder = CreateSecurityTokenBuilder(); SecurityToken token = builder.CreateToken(user, context); var group = token.OwningGroup; Assert.That(group, Is.Not.Null); Assert.That(group.GetObject().UniqueIdentifier, Is.EqualTo("UID: testOwningGroup")); }
public void Create_WithValidOwningUser() { SecurityContext context = CreateContext(); ISecurityPrincipal user = CreateTestPrincipal(); SecurityTokenBuilder builder = CreateSecurityTokenBuilder(); SecurityToken token = builder.CreateToken(user, context); var owningUser = token.OwningUser; Assert.That(owningUser, Is.Not.Null); Assert.That(owningUser.GetObject().UserName, Is.EqualTo("group0/user1")); }
public void Create_WithNullPrincipal() { SecurityContext context = CreateContext(); var principalStub = MockRepository.GenerateStub <ISecurityPrincipal> (); principalStub.Stub(stub => stub.IsNull).Return(true); SecurityTokenBuilder builder = CreateSecurityTokenBuilder(); SecurityToken token = builder.CreateToken(principalStub, context); Assert.That(token.Principal.User, Is.Null); Assert.That(token.Principal.Tenant, Is.Null); Assert.That(token.Principal.Roles, Is.Empty); Assert.That(token.Principal.IsNull, Is.True); }
public void Create_WithValidPrincipal() { SecurityContext context = CreateContext(); ISecurityPrincipal principal = CreateTestPrincipal(); SecurityTokenBuilder builder = CreateSecurityTokenBuilder(); SecurityToken token = builder.CreateToken(principal, context); var user = token.Principal.User.GetObject(); Assert.That(user.UserName, Is.EqualTo("test.user")); Assert.That(token.Principal.Tenant, Is.EqualTo(user.Tenant).Using(DomainObjectHandleComparer.Instance)); Assert.That(token.Principal.Roles, Is.Not.Empty); Assert.That(token.Principal.Roles, Is.EquivalentTo(user.Roles).Using(PrincipalRoleComparer.Instance)); Assert.That(token.Principal.IsNull, Is.False); }
public static void Register(HttpConfiguration config) { //Register CacheCow var cacheCow = new CacheCow.Server.CachingHandler(config, ""); config.MessageHandlers.Add(cacheCow); //Enable CORS //http://www.asp.net/web-api/overview/security/enabling-cross-origin-requests-in-web-api //var cors = new EnableCorsAttribute(ConfigurationManager.AppSettings["CORSSites"].ToString(), "*", "*"); //cors.SupportsCredentials = true; //the HTTP response will include an 'Access-Control-Allow-Credentials' header //config.EnableCors(cors); // Web API routes config.MapHttpAttributeRoutes(); config.Routes.MapHttpRoute( name: "DefaultApi", routeTemplate: "{controller}/{id}", defaults: new { id = RouteParameter.Optional } ); var tokenBuilder = new SecurityTokenBuilder(); var configReader = new ConfigurationReader(); //var jwtHandlerCert = new JwtAuthenticationMessageHandler //{ // AllowedAudience = configReader.AllowedAudience, // AllowedAudiences = configReader.AllowedAudiences, // Issuer = configReader.Issuer, // SigningToken = tokenBuilder.CreateFromCertificate(configReader.SubjectCertificateName), // PrincipalTransformer = new SamplePrincipalTransformer() //}; var jwtHandlerSharedKey = new JwtAuthenticationMessageHandler { AllowedAudience = configReader.AllowedAudience, Issuer = configReader.Issuer, SigningToken = tokenBuilder.CreateFromKey(configReader.SymmetricKey), PrincipalTransformer = new SamplePrincipalTransformer(), CookieNameToCheckForToken = configReader.CookieNameToCheckForToken }; //config.MessageHandlers.Add(jwtHandlerCert); config.MessageHandlers.Add(jwtHandlerSharedKey); }
public void BuildOwnerSecurityToken() { if (!this.ExistOwnerSecurityToken) { var mySecurityToken = new SecurityTokenBuilder(this.Strategy.Session).Build(); this.OwnerSecurityToken = mySecurityToken; if (!this.ExistAccessControlsWhereSubject) { new AccessControlBuilder(this.Strategy.Session) .WithRole(new Roles(this.Strategy.Session).Owner) .WithSubject(this) .WithObject(this.OwnerSecurityToken) .Build(); } } }
public void Create_WithValidPrincipal_WithInvalidSubstitutedUser() { var principalStub = MockRepository.GenerateStub <ISecurityPrincipal> (); principalStub.Stub(stub => stub.User).Return("substituting.user"); principalStub.Stub(stub => stub.SubstitutedUser).Return("notexisting.user"); SecurityContext context = CreateContext(); ISecurityPrincipal principal = principalStub; SecurityTokenBuilder builder = CreateSecurityTokenBuilder(); SecurityToken token = builder.CreateToken(principal, context); Assert.That(token.Principal.User, Is.Null); Assert.That(token.Principal.Tenant.GetObject().UniqueIdentifier, Is.EqualTo("UID: testTenant")); Assert.That(token.Principal.Roles, Is.Empty); Assert.That(token.Principal.IsNull, Is.False); }
public static void Register(HttpConfiguration config) { config.Routes.MapHttpRoute( name: "DefaultApi", routeTemplate: "api/{controller}/{id}", defaults: new { id = RouteParameter.Optional } ); var tokenBuilder = new SecurityTokenBuilder(); var configReader = new ConfigurationReader(); var jwtHandlerCert = new JwtAuthenticationMessageHandler(Logger.Instance) { AllowedAudience = configReader.AllowedAudience, AllowedAudiences = configReader.AllowedAudiences, Issuer = configReader.Issuer, SigningToken = tokenBuilder.CreateFromCertificate(configReader.SubjectCertificateName), PrincipalTransformer = new SamplePrincipalTransformer() }; var jwtHandlerSharedKey = new JwtAuthenticationMessageHandler(Logger.Instance) { AllowedAudience = configReader.AllowedAudience, Issuer = configReader.Issuer, SigningToken = tokenBuilder.CreateFromKey(configReader.SymmetricKey), PrincipalTransformer = new SamplePrincipalTransformer(), CookieNameToCheckForToken = configReader.CookieNameToCheckForToken }; config.MessageHandlers.Add(jwtHandlerCert); config.MessageHandlers.Add(jwtHandlerSharedKey); // Uncomment the following line of code to enable query support for actions with an IQueryable or IQueryable<T> return type. // To avoid processing unexpected or malicious queries, use the validation settings on QueryableAttribute to validate incoming queries. // For more information, visit http://go.microsoft.com/fwlink/?LinkId=279712. //config.EnableQuerySupport(); // To disable tracing in your application, please comment out or remove the following line of code // For more information, refer to: http://www.asp.net/web-api config.EnableSystemDiagnosticsTracing(); }
public void Create_WithInvalidPrincipal_WithSubstitutedRoleButNoSubstitutedUser() { var principalStub = MockRepository.GenerateStub <ISecurityPrincipal> (); principalStub.Stub(stub => stub.User).Return("substituting.user"); principalStub.Stub(stub => stub.SubstitutedUser).Return(null); var princialSubstitutedRoleStub = MockRepository.GenerateStub <ISecurityPrincipalRole> (); princialSubstitutedRoleStub.Stub(stub => stub.Group).Return("UID: testGroup"); princialSubstitutedRoleStub.Stub(stub => stub.Position).Return("UID: Official"); principalStub.Stub(stub => stub.SubstitutedRole).Return(princialSubstitutedRoleStub); SecurityContext context = CreateContext(); ISecurityPrincipal principal = principalStub; SecurityTokenBuilder builder = CreateSecurityTokenBuilder(); builder.CreateToken(principal, context); }
public void GivenAnAccessListWhenRemovingUserFromACLThenUserHasNoAccessToThePermissionsInTheRole() { var permission = this.FindPermission(M.Organisation.Name, Operations.Read); var role = new RoleBuilder(this.Session).WithName("Role").WithPermission(permission).Build(); var person = new PersonBuilder(this.Session).WithFirstName("John").WithLastName("Doe").Build(); var person2 = new PersonBuilder(this.Session).WithFirstName("Jane").WithLastName("Doe").Build(); new AccessControlBuilder(this.Session).WithSubject(person).WithRole(role).Build(); this.Session.Derive(); this.Session.Commit(); var sessions = new ISession[] { this.Session }; foreach (var session in sessions) { session.Commit(); var organisation = new OrganisationBuilder(session).WithName("Organisation").Build(); var token = new SecurityTokenBuilder(session).Build(); organisation.AddSecurityToken(token); var accessControl = (AccessControl)session.Instantiate(role.AccessControlsWhereRole.First); token.AddAccessControl(accessControl); this.Session.Derive(); var acl = new AccessControlLists(person)[organisation]; accessControl.RemoveSubject(person); accessControl.AddSubject(person2); this.Session.Derive(); acl = new AccessControlLists(person)[organisation]; Assert.False(acl.CanRead(M.Organisation.Name)); session.Rollback(); } }
public void GivenNoAccessControlWhenCreatingAnAccessControlWithoutARoleThenAccessControlIsInvalid() { var userGroup = new UserGroupBuilder(this.Session).WithName("UserGroup").Build(); var securityToken = new SecurityTokenBuilder(this.Session).Build(); securityToken.AddAccessControl(new AccessControlBuilder(this.Session) .WithSubjectGroup(userGroup) .Build()); var validation = this.Session.Derive(false); Assert.True(validation.HasErrors); Assert.Equal(1, validation.Errors.Length); var derivationError = validation.Errors[0]; Assert.Equal(1, derivationError.Relations.Length); Assert.Equal(typeof(DerivationErrorRequired), derivationError.GetType()); Assert.Equal(M.AccessControl.Role, derivationError.Relations[0].RoleType); }
public static void Register(HttpConfiguration config) { config.Routes.MapHttpRoute( name: "DefaultApi", routeTemplate: "api/{controller}/{id}", defaults: new {id = RouteParameter.Optional} ); var tokenBuilder = new SecurityTokenBuilder(); var configReader = new ConfigurationReader(); var jwtHandlerCert = new JwtAuthenticationMessageHandler { AllowedAudience = configReader.AllowedAudience, AllowedAudiences = configReader.AllowedAudiences, Issuer = configReader.Issuer, SigningToken = tokenBuilder.CreateFromCertificate(configReader.SubjectCertificateName), PrincipalTransformer = new SamplePrincipalTransformer() }; var jwtHandlerSharedKey = new JwtAuthenticationMessageHandler { AllowedAudience = configReader.AllowedAudience, Issuer = configReader.Issuer, SigningToken = tokenBuilder.CreateFromKey(configReader.SymmetricKey), PrincipalTransformer = new SamplePrincipalTransformer(), CookieNameToCheckForToken = configReader.CookieNameToCheckForToken }; config.MessageHandlers.Add(jwtHandlerCert); config.MessageHandlers.Add(jwtHandlerSharedKey); // Uncomment the following line of code to enable query support for actions with an IQueryable or IQueryable<T> return type. // To avoid processing unexpected or malicious queries, use the validation settings on QueryableAttribute to validate incoming queries. // For more information, visit http://go.microsoft.com/fwlink/?LinkId=279712. //config.EnableQuerySupport(); // To disable tracing in your application, please comment out or remove the following line of code // For more information, refer to: http://www.asp.net/web-api config.EnableSystemDiagnosticsTracing(); }
public void DeniedPermissions() { var readOrganisationName = this.FindPermission(Organisations.Meta.Name, Operation.Read); var databaseRole = new RoleBuilder(this.DatabaseSession).WithName("Role").WithPermission(readOrganisationName).Build(); var person = new PersonBuilder(this.DatabaseSession).WithFirstName("John").WithLastName("Doe").Build(); this.DatabaseSession.Derive(true); this.DatabaseSession.Commit(); new AccessControlBuilder(this.DatabaseSession).WithRole(databaseRole).WithSubject(person).Build(); this.DatabaseSession.Commit(); var sessions = new ISession[] { this.DatabaseSession, this.CreateWorkspaceSession() }; foreach (var session in sessions) { session.Commit(); var organisation = new OrganisationBuilder(session).WithName("Organisation").Build(); var token = new SecurityTokenBuilder(session).Build(); organisation.AddSecurityToken(token); var role = (Role)session.Instantiate(new Roles(this.DatabaseSession).FindBy(Roles.Meta.Name, "Role")); var accessControl = (AccessControl)session.Instantiate(role.AccessControlsWhereRole.First); accessControl.AddObject(token); Assert.IsFalse(this.DatabaseSession.Derive().HasErrors); var accessList = new AccessControlList(organisation, person); Assert.IsTrue(accessList.CanRead(Organisations.Meta.Name)); organisation.AddDeniedPermission(readOrganisationName); accessList = new AccessControlList(organisation, person); Assert.IsFalse(accessList.CanRead(Organisations.Meta.Name)); session.Rollback(); } }
public void GivenAnotherUserGroupAndAnAccessControlledObjectWhenGettingTheAccessListThenUserHasAccessToThePermissionsInTheRole() { var readOrganisationName = this.FindPermission(M.Organisation.Name, Operations.Read); var databaseRole = new RoleBuilder(this.Session).WithName("Role").WithPermission(readOrganisationName).Build(); var person = new PersonBuilder(this.Session).WithFirstName("John").WithLastName("Doe").Build(); new UserGroupBuilder(this.Session).WithName("Group").WithMember(person).Build(); var anotherUserGroup = new UserGroupBuilder(this.Session).WithName("AnotherGroup").Build(); this.Session.Derive(true); this.Session.Commit(); new AccessControlBuilder(this.Session).WithSubjectGroup(anotherUserGroup).WithRole(databaseRole).Build(); this.Session.Commit(); var sessions = new ISession[] { this.Session }; foreach (var session in sessions) { session.Commit(); var organisation = new OrganisationBuilder(session).WithName("Organisation").Build(); var token = new SecurityTokenBuilder(session).Build(); organisation.AddSecurityToken(token); var role = (Role)session.Instantiate(new Roles(this.Session).FindBy(M.Role.Name, "Role")); var accessControl = (AccessControl)session.Instantiate(role.AccessControlsWhereRole.First); token.AddAccessControl(accessControl); Assert.IsFalse(this.Session.Derive().HasErrors); var accessList = new AccessControlList(organisation, person); Assert.IsFalse(accessList.CanRead(M.Organisation.Name)); session.Rollback(); } }
public void DeniedPermissions() { var readOrganisationName = this.FindPermission(M.Organisation.Name, Operations.Read); var databaseRole = new RoleBuilder(this.Session).WithName("Role").WithPermission(readOrganisationName).Build(); var person = new PersonBuilder(this.Session).WithFirstName("John").WithLastName("Doe").Build(); new AccessControlBuilder(this.Session).WithRole(databaseRole).WithSubject(person).Build(); this.Session.Derive(true); this.Session.Commit(); var sessions = new ISession[] { this.Session }; foreach (var session in sessions) { session.Commit(); var organisation = new OrganisationBuilder(session).WithName("Organisation").Build(); var token = new SecurityTokenBuilder(session).Build(); organisation.AddSecurityToken(token); var role = (Role)session.Instantiate(new Roles(this.Session).FindBy(M.Role.Name, "Role")); var accessControl = (AccessControl)session.Instantiate(role.AccessControlsWhereRole.First); token.AddAccessControl(accessControl); Assert.IsFalse(this.Session.Derive().HasErrors); var accessList = new AccessControlList(organisation, person); Assert.IsTrue(accessList.CanRead(M.Organisation.Name)); organisation.AddDeniedPermission(readOrganisationName); accessList = new AccessControlList(organisation, person); Assert.IsFalse(accessList.CanRead(M.Organisation.Name)); session.Rollback(); } }
public void GivenNoAccessControlWhenCreatingAAccessControlWithoutARoleThenAccessControlIsInvalid() { var userGroup = new UserGroupBuilder(this.DatabaseSession).WithName("UserGroup").Build(); var securityToken = new SecurityTokenBuilder(this.DatabaseSession).Build(); new AccessControlBuilder(this.DatabaseSession) .WithSubjectGroup(userGroup) .WithObject(securityToken) .Build(); var derivationLog = this.DatabaseSession.Derive(); Assert.IsTrue(derivationLog.HasErrors); Assert.AreEqual(1, derivationLog.Errors.Length); var derivationError = derivationLog.Errors[0]; Assert.AreEqual(1, derivationError.Relations.Length); Assert.AreEqual(typeof(DerivationErrorRequired), derivationError.GetType()); Assert.AreEqual((RoleType)AccessControls.Meta.Role, derivationError.Relations[0].RoleType); }
public void Create_WithValidPrincipal_WithInvalidSubstitutedRoleFromPosition_ThrowsAccessControlException() { var principalStub = MockRepository.GenerateStub <ISecurityPrincipal>(); principalStub.Stub(stub => stub.User).Return("substituting.user"); principalStub.Stub(stub => stub.SubstitutedUser).Return("test.user"); var princialSubstitutedRoleStub = MockRepository.GenerateStub <ISecurityPrincipalRole>(); princialSubstitutedRoleStub.Stub(stub => stub.Group).Return("UID: testGroup"); princialSubstitutedRoleStub.Stub(stub => stub.Position).Return("UID: notexisting.position"); principalStub.Stub(stub => stub.SubstitutedRole).Return(princialSubstitutedRoleStub); SecurityContext context = CreateContext(); ISecurityPrincipal principal = principalStub; SecurityTokenBuilder builder = CreateSecurityTokenBuilder(); Assert.That( () => builder.CreateToken(principal, context), Throws.TypeOf <AccessControlException>().With.Message.EqualTo("The position 'UID: notexisting.position' could not be found.")); }
public void GivenNoAccessControlWhenCreatingAAccessControlWithoutAUserOrUserGroupThenAccessControlIsInvalid() { var securityToken = new SecurityTokenBuilder(this.DatabaseSession).Build(); var role = new RoleBuilder(this.DatabaseSession).WithName("Role").Build(); new AccessControlBuilder(this.DatabaseSession) .WithObject(securityToken) .WithRole(role) .Build(); var derivationLog = this.DatabaseSession.Derive(); Assert.IsTrue(derivationLog.HasErrors); Assert.AreEqual(1, derivationLog.Errors.Length); var derivationError = derivationLog.Errors[0]; Assert.AreEqual(2, derivationError.Relations.Length); Assert.AreEqual(typeof(DerivationErrorAtLeastOne), derivationError.GetType()); Assert.IsTrue(new ArrayList(derivationError.RoleTypes).Contains((RoleType)AccessControls.Meta.Subjects)); Assert.IsTrue(new ArrayList(derivationError.RoleTypes).Contains((RoleType)AccessControls.Meta.SubjectGroups)); }
public void GivenNoAccessControlWhenCreatingAAccessControlWithoutAUserOrUserGroupThenAccessControlIsInvalid() { var securityToken = new SecurityTokenBuilder(this.Session).Build(); var role = new RoleBuilder(this.Session).WithName("Role").Build(); securityToken.AddAccessControl( new AccessControlBuilder(this.Session) .WithRole(role) .Build()); var validation = this.Session.Derive(false); Assert.True(validation.HasErrors); Assert.Equal(1, validation.Errors.Length); var derivationError = validation.Errors[0]; Assert.Equal(2, derivationError.Relations.Length); Assert.Equal(typeof(DerivationErrorAtLeastOne), derivationError.GetType()); Assert.True(new ArrayList(derivationError.RoleTypes).Contains((RoleType)M.AccessControl.Subjects)); Assert.True(new ArrayList(derivationError.RoleTypes).Contains((RoleType)M.AccessControl.SubjectGroups)); }
public void AppsOnDerive(ObjectOnDerive method) { var derivation = method.Derivation; this.PartyName = this.Name; if (this.ExistPreviousCurrency) { derivation.Validation.AssertAreEqual(this, InternalOrganisations.Meta.PreferredCurrency, InternalOrganisations.Meta.PreviousCurrency); } else { this.PreviousCurrency = this.PreferredCurrency; } this.BillingAddress = null; this.BillingInquiriesFax = null; this.BillingInquiriesPhone = null; this.CellPhoneNumber = null; this.GeneralFaxNumber = null; this.GeneralPhoneNumber = null; this.HeadQuarter = null; this.HomeAddress = null; this.InternetAddress = null; this.OrderAddress = null; this.OrderInquiriesFax = null; this.OrderInquiriesPhone = null; this.PersonalEmailAddress = null; this.SalesOffice = null; this.ShippingAddress = null; this.ShippingInquiriesFax = null; this.ShippingAddress = null; foreach (PartyContactMechanism partyContactMechanism in this.PartyContactMechanisms) { if (partyContactMechanism.UseAsDefault) { if (partyContactMechanism.ContactPurpose.IsBillingAddress) { this.BillingAddress = partyContactMechanism.ContactMechanism; continue; } if (partyContactMechanism.ContactPurpose.IsBillingInquiriesFax) { this.BillingInquiriesFax = partyContactMechanism.ContactMechanism as TelecommunicationsNumber; continue; } if (partyContactMechanism.ContactPurpose.IsBillingInquiriesPhone) { this.BillingInquiriesPhone = partyContactMechanism.ContactMechanism as TelecommunicationsNumber; continue; } if (partyContactMechanism.ContactPurpose.IsCellPhoneNumber) { this.CellPhoneNumber = partyContactMechanism.ContactMechanism as TelecommunicationsNumber; continue; } if (partyContactMechanism.ContactPurpose.IsGeneralFaxNumber) { this.GeneralFaxNumber = partyContactMechanism.ContactMechanism as TelecommunicationsNumber; continue; } if (partyContactMechanism.ContactPurpose.IsGeneralPhoneNumber) { this.GeneralPhoneNumber = partyContactMechanism.ContactMechanism as TelecommunicationsNumber; continue; } if (partyContactMechanism.ContactPurpose.IsHeadQuarters) { this.HeadQuarter = partyContactMechanism.ContactMechanism; continue; } if (partyContactMechanism.ContactPurpose.IsHomeAddress) { this.HomeAddress = partyContactMechanism.ContactMechanism; continue; } if (partyContactMechanism.ContactPurpose.IsInternetAddress) { this.InternetAddress = partyContactMechanism.ContactMechanism as ElectronicAddress; continue; } if (partyContactMechanism.ContactPurpose.IsOrderAddress) { this.OrderAddress = partyContactMechanism.ContactMechanism; continue; } if (partyContactMechanism.ContactPurpose.IsOrderInquiriesFax) { this.OrderInquiriesFax = partyContactMechanism.ContactMechanism as TelecommunicationsNumber; continue; } if (partyContactMechanism.ContactPurpose.IsOrderInquiriesPhone) { this.OrderInquiriesPhone = partyContactMechanism.ContactMechanism as TelecommunicationsNumber; continue; } if (partyContactMechanism.ContactPurpose.IsPersonalEmailAddress) { this.PersonalEmailAddress = partyContactMechanism.ContactMechanism as ElectronicAddress; continue; } if (partyContactMechanism.ContactPurpose.IsSalesOffice) { this.SalesOffice = partyContactMechanism.ContactMechanism; continue; } if (partyContactMechanism.ContactPurpose.IsShippingAddress) { this.ShippingAddress = partyContactMechanism.ContactMechanism as PostalAddress; continue; } if (partyContactMechanism.ContactPurpose.IsShippingInquiriesFax) { this.ShippingInquiriesFax = partyContactMechanism.ContactMechanism as TelecommunicationsNumber; continue; } if (partyContactMechanism.ContactPurpose.IsShippingInquiriesPhone) { this.ShippingInquiriesPhone = partyContactMechanism.ContactMechanism as TelecommunicationsNumber; } } } if (this.ExistDefaultPaymentMethod && !this.PaymentMethods.Contains(this.DefaultPaymentMethod)) { this.AddPaymentMethod(this.DefaultPaymentMethod); } if (!this.ExistDefaultPaymentMethod && this.PaymentMethods.Count == 1) { this.DefaultPaymentMethod = this.PaymentMethods.First; } if (!this.ExistOwnerSecurityToken) { var securityToken = new SecurityTokenBuilder(this.Strategy.Session).Build(); this.OwnerSecurityToken = securityToken; this.AddSecurityToken(this.OwnerSecurityToken); this.AddSecurityToken(Singleton.Instance(this.Strategy.Session).DefaultSecurityToken); } this.AppsOnDeriveEmployeeUserGroups(derivation); }
public async Task <IActionResult> LoginUser(LoginUserModel model) { if (model.Mode.ToLowerInvariant().Equals(LoginModeType.Password.ToString().ToLowerInvariant()) && (string.IsNullOrEmpty(model.Login) || string.IsNullOrEmpty(model.Password))) { return(ReturnBadRequest("login or password is empty")); } var refreshTokenBuilder = new SecurityTokenBuilder() .AddConfiguration(_configuration) .AddEncriptionKey(Constants.JwtRefreshEncriptionKey) .AddIssuerKey(Constants.JwtIssuer) .AddAudienceKey(Constants.JwtAudience) .AddExpiryKey(Constants.JwtRefreshTokenExpiration); var tokenBuilder = new SecurityTokenBuilder() .AddConfiguration(_configuration) .AddEncriptionKey(Constants.JwtEncryptionKey) .AddIssuerKey(Constants.JwtIssuer) .AddAudienceKey(Constants.JwtAudience) .AddExpiryKey(Constants.JwtExpiryTime); switch (model.Mode.ToLowerInvariant()) { case "password": var result = await _usersRepository.LoginUserAsync(model.Login, CryptoHelper.GetSha256String(model.Password)); if (result.User != null) { string refreshToken = string.Empty; if (result.LoginResult) { tokenBuilder.AddClaims(CryptoHelper.GetUserClaims(result.User)); refreshTokenBuilder.AddClaims(CryptoHelper.GetRefreshUserClaims(result.User)); HttpContext.Response.Cookies.Append(_configuration.GetValue <string>(Constants.JwtCookieToken), tokenBuilder.BuildAccessToken(), new CookieOptions { MaxAge = TimeSpan.FromMinutes(_configuration.GetValue <int>(Constants.JwtExpiryTime)), HttpOnly = true }); refreshToken = refreshTokenBuilder.BuildAccessToken(); var refreshTokenModel = new RefreshToken { UserId = result.User.Id, Token = refreshToken, ValidTo = DateTime.UtcNow.AddMinutes(_configuration.GetValue <double>(Constants.JwtRefreshTokenExpiration)) }; var _ = await _usersRepository.RefreshToken(model.Login, refreshTokenModel); } return(result.LoginResult ? Ok(CryptoHelper.GetUserToken(result.User, tokenBuilder, refreshToken)) : ReturnBadRequest("login failed")); } else { return(ReturnBadRequest("user not found")); } case "refresh": refreshTokenBuilder.AddAccessToken(model.RefreshToken); var userId = refreshTokenBuilder.GetUserId(); var userResult = await _usersRepository.CheckUserRefreshTokenAsync(userId, model.RefreshToken); if (userResult.LoginResult) { var user = userResult.User; refreshTokenBuilder.AddClaims(CryptoHelper.GetRefreshUserClaims(user)); refreshTokenBuilder.SetCreateNew(); var refreshToken = refreshTokenBuilder.BuildAccessToken(); var refreshTokenModel = new RefreshToken { UserId = user.Id, Token = refreshToken, ValidTo = DateTime.UtcNow.AddMinutes(_configuration.GetValue <double>(Constants.JwtRefreshTokenExpiration)) }; var _ = await _usersRepository.RefreshToken(userId, refreshTokenModel); tokenBuilder.AddClaims(CryptoHelper.GetUserClaims(user)); return(Ok(CryptoHelper.GetUserToken(user, tokenBuilder, refreshToken))); } else { return(Unauthorized("refreshToken not valid")); } default: return(Unauthorized("mode is not found")); } }
public void GivenAWorkspaceNewAccessControlledObjectWhenGettingTheAccessControlListThenUserHasAccessToThePermissionsInTheRole() { var readOrganisationName = this.FindPermission(Organisations.Meta.Name, Operation.Read); var databaseRole = new RoleBuilder(this.DatabaseSession).WithName("Role").WithPermission(readOrganisationName).Build(); var person = new PersonBuilder(this.DatabaseSession).WithFirstName("John").WithLastName("Doe").Build(); this.DatabaseSession.Derive(true); this.DatabaseSession.Commit(); new AccessControlBuilder(this.DatabaseSession).WithSubject(person).WithRole(databaseRole).Build(); this.DatabaseSession.Commit(); var workspaceSession = this.CreateWorkspaceSession(); var organisation = new OrganisationBuilder(workspaceSession).WithName("Organisation").Build(); var token = new SecurityTokenBuilder(workspaceSession).Build(); organisation.AddSecurityToken(token); var role = (Role)workspaceSession.Instantiate(new Roles(this.DatabaseSession).FindBy(Roles.Meta.Name, "Role")); var accessControl = (AccessControl)workspaceSession.Instantiate(role.AccessControlsWhereRole.First); accessControl.AddObject(token); Assert.IsFalse(this.DatabaseSession.Derive().HasErrors); var accessList = new AccessControlList(organisation, person); accessList.CanRead(Organisations.Meta.Name); }
public void AppsOnDerive(ObjectOnDerive method) { var derivation = method.Derivation; this.PartyName = this.Name; if (!this.ExistOwnerSecurityToken) { var securityToken = new SecurityTokenBuilder(this.Strategy.Session).Build(); this.OwnerSecurityToken = securityToken; this.AddSecurityToken(this.OwnerSecurityToken); } this.AppsOnDeriveUserGroups(derivation); this.AppsOnDeriveCurrentContacts(derivation); this.AppsOnDeriveInactiveContacts(derivation); this.AppsOnDeriveCurrentOrganisationContactRelationships(derivation); this.AppsOnDeriveInactiveOrganisationContactRelationships(derivation); this.AppsOnDeriveCurrentPartyContactMechanisms(derivation); this.AppsOnDeriveInactivePartyContactMechanisms(derivation); }
public void GivenAUserGroupAndAnAccessControlledObjectWhenGettingTheAccessListThenUserHasAccessToThePermissionsInTheRole() { var readOrganisationName = this.FindPermission(Organisations.Meta.Name, Operation.Read); var databaseRole = new RoleBuilder(this.Session).WithName("Role").WithPermission(readOrganisationName).Build(); var person = new PersonBuilder(this.Session).WithFirstName("John").WithLastName("Doe").Build(); new UserGroupBuilder(this.Session).WithName("Group").WithMember(person).Build(); this.Session.Derive(true); this.Session.Commit(); new AccessControlBuilder(this.Session).WithSubject(person).WithRole(databaseRole).Build(); this.Session.Commit(); var sessions = new ISession[] { this.Session }; foreach (var session in sessions) { session.Commit(); var organisation = new OrganisationBuilder(session).WithName("Organisation").Build(); var token = new SecurityTokenBuilder(session).Build(); organisation.AddSecurityToken(token); var role = (Role)session.Instantiate(new Roles(this.Session).FindBy(Roles.Meta.Name, "Role")); var accessControl = (AccessControl)session.Instantiate(role.AccessControlsWhereRole.First); accessControl.AddObject(token); Assert.IsFalse(this.Session.Derive().HasErrors); var accessList = new AccessControlList(organisation, person); Assert.IsTrue(accessList.CanRead(Organisations.Meta.Name)); session.Rollback(); } }