public void AuthorizationServiceBase_IsAuthorized_HasDefaultGuestPermissions_WithGivenPermission_True() { //------------Setup for test-------------------------- var resource = Guid.NewGuid(); var securityPermission = WindowsGroupPermission.CreateGuests(); var securityService = new Mock <ISecurityService>(); securityService.SetupGet(p => p.Permissions).Returns(new List <WindowsGroupPermission> { securityPermission }); var user = new Mock <IPrincipal>(); user.Setup(u => u.IsInRole(It.IsAny <string>())).Returns(false); var authorizationService = new TestAuthorizationServiceBase(securityService.Object) { User = user.Object }; foreach (AuthorizationContext context in Enum.GetValues(typeof(AuthorizationContext))) { securityPermission.Permissions = context.ToPermissions(); //------------Execute Test--------------------------- var authorized = authorizationService.IsAuthorized(context, resource.ToString()); //------------Assert Results------------------------- Assert.AreEqual(context != AuthorizationContext.None, authorized); } }
public void AuthorizationServiceBase_IsAuthorizedToConnect_HasPermissionGivenInDefaultGuest_True() { var securityPermission = WindowsGroupPermission.CreateGuests(); securityPermission.View = true; var securityService = new Mock <ISecurityService>(); securityService.SetupGet(p => p.Permissions).Returns(new List <WindowsGroupPermission> { securityPermission }); var user = new Mock <IPrincipal>(); user.Setup(u => u.IsInRole(It.IsAny <string>())).Returns(false); var authorizationService = new TestAuthorizationServiceBase(securityService.Object) { User = user.Object }; //------------Execute Test--------------------------- var authorized = authorizationService.TestIsAuthorizedToConnect(user.Object); //------------Assert Results------------------------- Assert.IsTrue(authorized); }
public StringBuilder Execute(Dictionary <string, StringBuilder> values, IWorkspace theWorkspace) { if (File.Exists(ServerSecurityService.FileName)) { string encryptedData; using (var inStream = new FileStream(ServerSecurityService.FileName, FileMode.Open, FileAccess.Read, FileShare.ReadWrite)) { using (var reader = new StreamReader(inStream)) { encryptedData = reader.ReadToEnd(); } } try { var decryptData = SecurityEncryption.Decrypt(encryptedData); var currentSecuritySettingsTo = JsonConvert.DeserializeObject <SecuritySettingsTO>(decryptData); var permissionGroup = currentSecuritySettingsTo.WindowsGroupPermissions; // We need to change BuiltIn\Administrators to -> Warewolf Administrators ;) if (permissionGroup.Count > 0) { var adminGrp = permissionGroup[0].WindowsGroup; if (adminGrp == "BuiltIn\\Administrators") { permissionGroup[0].WindowsGroup = WindowsGroupPermission.BuiltInAdministratorsText; decryptData = JsonConvert.SerializeObject(currentSecuritySettingsTo); } } var hasGuestPermission = permissionGroup.Any(permission => permission.IsBuiltInGuests); var hasAdminPermission = permissionGroup.Any(permission => permission.IsBuiltInAdministrators); if (!hasAdminPermission) { permissionGroup.Add(WindowsGroupPermission.CreateAdministrators()); permissionGroup.Sort(QuickSortForPermissions); decryptData = JsonConvert.SerializeObject(currentSecuritySettingsTo); } if (!hasGuestPermission) { permissionGroup.Add(WindowsGroupPermission.CreateGuests()); permissionGroup.Sort(QuickSortForPermissions); decryptData = JsonConvert.SerializeObject(currentSecuritySettingsTo); } return(new StringBuilder(decryptData)); } catch (Exception e) { Dev2Logger.Log.Error("SecurityRead", e); } } var serializer = new Dev2JsonSerializer(); var securitySettingsTo = new SecuritySettingsTO(DefaultPermissions) { CacheTimeout = _cacheTimeout }; return(serializer.SerializeToBuilder(securitySettingsTo)); }
public void WindowsGroupPermissions_CanRemove_IsPublic_False() { //------------Setup for test-------------------------- var guestPermissions = WindowsGroupPermission.CreateGuests(); //------------Execute Test--------------------------- var canRemove = guestPermissions.CanRemove; //------------Assert Results------------------------- Assert.IsFalse(canRemove); }
StringBuilder Execute(string encryptedData) { var decryptData = SecurityEncryption.Decrypt(encryptedData); Dev2Logger.Debug(decryptData, GlobalConstants.WarewolfDebug); var currentSecuritySettingsTo = JsonConvert.DeserializeObject <SecuritySettingsTO>(decryptData); if (currentSecuritySettingsTo.WindowsGroupPermissions.Any(a => a.ResourceID != Guid.Empty)) { foreach (var perm in currentSecuritySettingsTo.WindowsGroupPermissions.Where(a => a.ResourceID != Guid.Empty)) { perm.ResourceName = Catalog.GetResourcePath(GlobalConstants.ServerWorkspaceID, perm.ResourceID); } } decryptData = JsonConvert.SerializeObject(currentSecuritySettingsTo); var permissionGroup = currentSecuritySettingsTo.WindowsGroupPermissions; // We need to change BuiltIn\Administrators to -> Warewolf Administrators ;) if (permissionGroup.Count > 0) { var adminGrp = permissionGroup[0].WindowsGroup; if (adminGrp == "BuiltIn\\Administrators") { permissionGroup[0].WindowsGroup = WindowsGroupPermission.BuiltInAdministratorsText; decryptData = JsonConvert.SerializeObject(currentSecuritySettingsTo); } } var hasGuestPermission = permissionGroup.Any(permission => permission.IsBuiltInGuests); var hasAdminPermission = permissionGroup.Any(permission => permission.IsBuiltInAdministrators); if (!hasAdminPermission) { permissionGroup.Add(WindowsGroupPermission.CreateAdministrators()); permissionGroup.Sort(QuickSortForPermissions); decryptData = JsonConvert.SerializeObject(currentSecuritySettingsTo); } if (!hasGuestPermission) { permissionGroup.Add(WindowsGroupPermission.CreateGuests()); permissionGroup.Sort(QuickSortForPermissions); decryptData = JsonConvert.SerializeObject(currentSecuritySettingsTo); } return(new StringBuilder(decryptData)); }
public void WindowsGroupPermission_CreateGuestGroup_IsNotNull_NoAccess() { //------------Setup for test-------------------------- //------------Execute Test--------------------------- var guestPermissions = WindowsGroupPermission.CreateGuests(); //------------Assert Results------------------------- Assert.IsNotNull(guestPermissions); Assert.IsTrue(guestPermissions.IsServer); Assert.IsFalse(guestPermissions.View); Assert.IsFalse(guestPermissions.Execute); Assert.IsFalse(guestPermissions.Contribute); Assert.IsFalse(guestPermissions.DeployTo); Assert.IsFalse(guestPermissions.DeployFrom); Assert.IsFalse(guestPermissions.Administrator); Assert.AreEqual(WindowsGroupPermission.BuiltInGuestsText, guestPermissions.WindowsGroup); Assert.AreEqual(Guid.Empty, guestPermissions.ResourceID); }
public void SecurityRead_Execute_WhenSecureConfigDoesExistWithGuestPermission_ShouldHaveExistingPermissions() { //------------Setup for test-------------------------- var serverSecuritySettingsFile = EnvironmentVariables.ServerSecuritySettingsFile; File.Delete(serverSecuritySettingsFile); var permission = new WindowsGroupPermission { Administrator = true, IsServer = true, WindowsGroup = Environment.UserName }; var permission2 = new WindowsGroupPermission { Administrator = false, DeployFrom = false, IsServer = true, WindowsGroup = "NETWORK SERVICE" }; var guests = WindowsGroupPermission.CreateGuests(); guests.View = true; var permission3 = guests; var windowsGroupPermissions = new List <WindowsGroupPermission> { permission, permission2, permission3 }; var securitySettings = new SecuritySettingsTO(windowsGroupPermissions) { CacheTimeout = new TimeSpan(0, 10, 0) }; var serializeObject = JsonConvert.SerializeObject(securitySettings); var securityWrite = new SecurityWrite(); var securityRead = new SecurityRead(); securityWrite.Execute(new Dictionary <string, StringBuilder> { { "SecuritySettings", new StringBuilder(serializeObject) } }, null); //------------Assert Preconditions------------------------- Assert.IsTrue(File.Exists(serverSecuritySettingsFile)); //------------Execute Test--------------------------- var jsonPermissions = securityRead.Execute(null, null); File.Delete("secure.config"); var readSecuritySettings = JsonConvert.DeserializeObject <SecuritySettingsTO>(jsonPermissions.ToString()); //------------Assert Results------------------------- Assert.AreEqual(4, readSecuritySettings.WindowsGroupPermissions.Count); var adminPermission = readSecuritySettings.WindowsGroupPermissions.FirstOrDefault(p => p.IsBuiltInAdministrators); Assert.IsNotNull(adminPermission); Assert.AreEqual(true, adminPermission.IsServer); Assert.AreEqual(true, adminPermission.View); Assert.AreEqual(true, adminPermission.Execute); Assert.AreEqual(true, adminPermission.Contribute); Assert.AreEqual(true, adminPermission.DeployTo); Assert.AreEqual(true, adminPermission.DeployFrom); Assert.AreEqual(true, adminPermission.Administrator); var userPermission = readSecuritySettings.WindowsGroupPermissions.FirstOrDefault(p => p.WindowsGroup == Environment.UserName); Assert.IsNotNull(userPermission); Assert.AreEqual(true, userPermission.IsServer); Assert.AreEqual(false, userPermission.View); Assert.AreEqual(false, userPermission.Execute); Assert.AreEqual(false, userPermission.Contribute); Assert.AreEqual(false, userPermission.DeployTo); Assert.AreEqual(false, userPermission.DeployFrom); Assert.AreEqual(true, userPermission.Administrator); var networkServicePermission = readSecuritySettings.WindowsGroupPermissions.FirstOrDefault(p => p.WindowsGroup == "NETWORK SERVICE"); Assert.IsNotNull(networkServicePermission); Assert.AreEqual(true, networkServicePermission.IsServer); Assert.AreEqual(false, networkServicePermission.View); Assert.AreEqual(false, networkServicePermission.Execute); Assert.AreEqual(false, networkServicePermission.Contribute); Assert.AreEqual(false, networkServicePermission.DeployTo); Assert.AreEqual(false, networkServicePermission.DeployFrom); Assert.AreEqual(false, networkServicePermission.Administrator); var guestPermission = readSecuritySettings.WindowsGroupPermissions.FirstOrDefault(p => p.WindowsGroup == WindowsGroupPermission.BuiltInGuestsText); Assert.IsNotNull(guestPermission); Assert.AreEqual(true, guestPermission.IsServer); Assert.AreEqual(true, guestPermission.View); Assert.AreEqual(false, guestPermission.Execute); Assert.AreEqual(false, guestPermission.Contribute); Assert.AreEqual(false, guestPermission.DeployTo); Assert.AreEqual(false, guestPermission.DeployFrom); Assert.AreEqual(false, guestPermission.Administrator); Assert.AreEqual(new TimeSpan(0, 10, 0), readSecuritySettings.CacheTimeout); }
public StringBuilder Execute(Dictionary <string, StringBuilder> values, IWorkspace theWorkspace) { Dev2Logger.Debug("Start Security Read"); var serverSecuritySettingsFile = EnvironmentVariables.ServerSecuritySettingsFile; if (File.Exists(serverSecuritySettingsFile)) { string encryptedData; using (var inStream = new FileStream(serverSecuritySettingsFile, FileMode.Open, FileAccess.Read, FileShare.ReadWrite)) { using (var reader = new StreamReader(inStream)) { encryptedData = reader.ReadToEnd(); } } Dev2Logger.Debug("Security Data Read"); try { var decryptData = SecurityEncryption.Decrypt(encryptedData); Dev2Logger.Debug(decryptData); var currentSecuritySettingsTo = JsonConvert.DeserializeObject <SecuritySettingsTO>(decryptData); if (currentSecuritySettingsTo.WindowsGroupPermissions.Any(a => a.ResourceID != Guid.Empty)) { foreach (var perm in currentSecuritySettingsTo.WindowsGroupPermissions.Where(a => a.ResourceID != Guid.Empty)) { perm.ResourceName = Catalog.GetResourcePath(GlobalConstants.ServerWorkspaceID, perm.ResourceID); } } decryptData = JsonConvert.SerializeObject(currentSecuritySettingsTo); var permissionGroup = currentSecuritySettingsTo.WindowsGroupPermissions; // We need to change BuiltIn\Administrators to -> Warewolf Administrators ;) if (permissionGroup.Count > 0) { var adminGrp = permissionGroup[0].WindowsGroup; if (adminGrp == "BuiltIn\\Administrators") { permissionGroup[0].WindowsGroup = WindowsGroupPermission.BuiltInAdministratorsText; decryptData = JsonConvert.SerializeObject(currentSecuritySettingsTo); } } var hasGuestPermission = permissionGroup.Any(permission => permission.IsBuiltInGuests); var hasAdminPermission = permissionGroup.Any(permission => permission.IsBuiltInAdministrators); if (!hasAdminPermission) { permissionGroup.Add(WindowsGroupPermission.CreateAdministrators()); permissionGroup.Sort(QuickSortForPermissions); decryptData = JsonConvert.SerializeObject(currentSecuritySettingsTo); } if (!hasGuestPermission) { permissionGroup.Add(WindowsGroupPermission.CreateGuests()); permissionGroup.Sort(QuickSortForPermissions); decryptData = JsonConvert.SerializeObject(currentSecuritySettingsTo); } return(new StringBuilder(decryptData)); } catch (Exception e) { Dev2Logger.Error("SecurityRead", e); } } var serializer = new Dev2JsonSerializer(); var securitySettingsTo = new SecuritySettingsTO(DefaultPermissions) { CacheTimeout = _cacheTimeout }; return(serializer.SerializeToBuilder(securitySettingsTo)); }