public void AuthorizationServiceBase_IsAuthorized_HasDefaultGuestPermissions_WithGivenPermission_True()
{
//------------Setup for test--------------------------
var resource = Guid.NewGuid();
var securityPermission = WindowsGroupPermission.CreateGuests();
var securityService = new Mock <ISecurityService>();
securityService.SetupGet(p => p.Permissions).Returns(new List <WindowsGroupPermission> {
securityPermission
});
var user = new Mock <IPrincipal>();
user.Setup(u => u.IsInRole(It.IsAny <string>())).Returns(false);
var authorizationService = new TestAuthorizationServiceBase(securityService.Object)
{
User = user.Object
};
foreach (AuthorizationContext context in Enum.GetValues(typeof(AuthorizationContext)))
{
securityPermission.Permissions = context.ToPermissions();
//------------Execute Test---------------------------
var authorized = authorizationService.IsAuthorized(context, resource.ToString());
//------------Assert Results-------------------------
Assert.AreEqual(context != AuthorizationContext.None, authorized);
}
}
public void AuthorizationServiceBase_IsAuthorizedToConnect_HasPermissionGivenInDefaultGuest_True()
{
var securityPermission = WindowsGroupPermission.CreateGuests();
securityPermission.View = true;
var securityService = new Mock <ISecurityService>();
securityService.SetupGet(p => p.Permissions).Returns(new List <WindowsGroupPermission> {
securityPermission
});
var user = new Mock <IPrincipal>();
user.Setup(u => u.IsInRole(It.IsAny <string>())).Returns(false);
var authorizationService = new TestAuthorizationServiceBase(securityService.Object)
{
User = user.Object
};
//------------Execute Test---------------------------
var authorized = authorizationService.TestIsAuthorizedToConnect(user.Object);
//------------Assert Results-------------------------
Assert.IsTrue(authorized);
}
public StringBuilder Execute(Dictionary <string, StringBuilder> values, IWorkspace theWorkspace)
{
if (File.Exists(ServerSecurityService.FileName))
{
string encryptedData;
using (var inStream = new FileStream(ServerSecurityService.FileName, FileMode.Open, FileAccess.Read, FileShare.ReadWrite))
{
using (var reader = new StreamReader(inStream))
{
encryptedData = reader.ReadToEnd();
}
}
try
{
var decryptData = SecurityEncryption.Decrypt(encryptedData);
var currentSecuritySettingsTo = JsonConvert.DeserializeObject <SecuritySettingsTO>(decryptData);
var permissionGroup = currentSecuritySettingsTo.WindowsGroupPermissions;
// We need to change BuiltIn\Administrators to -> Warewolf Administrators ;)
if (permissionGroup.Count > 0)
{
var adminGrp = permissionGroup[0].WindowsGroup;
if (adminGrp == "BuiltIn\\Administrators")
{
permissionGroup[0].WindowsGroup = WindowsGroupPermission.BuiltInAdministratorsText;
decryptData = JsonConvert.SerializeObject(currentSecuritySettingsTo);
}
}
var hasGuestPermission = permissionGroup.Any(permission => permission.IsBuiltInGuests);
var hasAdminPermission = permissionGroup.Any(permission => permission.IsBuiltInAdministrators);
if (!hasAdminPermission)
{
permissionGroup.Add(WindowsGroupPermission.CreateAdministrators());
permissionGroup.Sort(QuickSortForPermissions);
decryptData = JsonConvert.SerializeObject(currentSecuritySettingsTo);
}
if (!hasGuestPermission)
{
permissionGroup.Add(WindowsGroupPermission.CreateGuests());
permissionGroup.Sort(QuickSortForPermissions);
decryptData = JsonConvert.SerializeObject(currentSecuritySettingsTo);
}
return(new StringBuilder(decryptData));
}
catch (Exception e)
{
Dev2Logger.Log.Error("SecurityRead", e);
}
}
var serializer = new Dev2JsonSerializer();
var securitySettingsTo = new SecuritySettingsTO(DefaultPermissions)
{
CacheTimeout = _cacheTimeout
};
return(serializer.SerializeToBuilder(securitySettingsTo));
}
public void WindowsGroupPermissions_CanRemove_IsPublic_False()
{
//------------Setup for test--------------------------
var guestPermissions = WindowsGroupPermission.CreateGuests();
//------------Execute Test---------------------------
var canRemove = guestPermissions.CanRemove;
//------------Assert Results-------------------------
Assert.IsFalse(canRemove);
}
StringBuilder Execute(string encryptedData)
{
var decryptData = SecurityEncryption.Decrypt(encryptedData);
Dev2Logger.Debug(decryptData, GlobalConstants.WarewolfDebug);
var currentSecuritySettingsTo = JsonConvert.DeserializeObject <SecuritySettingsTO>(decryptData);
if (currentSecuritySettingsTo.WindowsGroupPermissions.Any(a => a.ResourceID != Guid.Empty))
{
foreach (var perm in currentSecuritySettingsTo.WindowsGroupPermissions.Where(a => a.ResourceID != Guid.Empty))
{
perm.ResourceName = Catalog.GetResourcePath(GlobalConstants.ServerWorkspaceID, perm.ResourceID);
}
}
decryptData = JsonConvert.SerializeObject(currentSecuritySettingsTo);
var permissionGroup = currentSecuritySettingsTo.WindowsGroupPermissions;
// We need to change BuiltIn\Administrators to -> Warewolf Administrators ;)
if (permissionGroup.Count > 0)
{
var adminGrp = permissionGroup[0].WindowsGroup;
if (adminGrp == "BuiltIn\\Administrators")
{
permissionGroup[0].WindowsGroup = WindowsGroupPermission.BuiltInAdministratorsText;
decryptData = JsonConvert.SerializeObject(currentSecuritySettingsTo);
}
}
var hasGuestPermission = permissionGroup.Any(permission => permission.IsBuiltInGuests);
var hasAdminPermission = permissionGroup.Any(permission => permission.IsBuiltInAdministrators);
if (!hasAdminPermission)
{
permissionGroup.Add(WindowsGroupPermission.CreateAdministrators());
permissionGroup.Sort(QuickSortForPermissions);
decryptData = JsonConvert.SerializeObject(currentSecuritySettingsTo);
}
if (!hasGuestPermission)
{
permissionGroup.Add(WindowsGroupPermission.CreateGuests());
permissionGroup.Sort(QuickSortForPermissions);
decryptData = JsonConvert.SerializeObject(currentSecuritySettingsTo);
}
return(new StringBuilder(decryptData));
}
public void WindowsGroupPermission_CreateGuestGroup_IsNotNull_NoAccess()
{
//------------Setup for test--------------------------
//------------Execute Test---------------------------
var guestPermissions = WindowsGroupPermission.CreateGuests();
//------------Assert Results-------------------------
Assert.IsNotNull(guestPermissions);
Assert.IsTrue(guestPermissions.IsServer);
Assert.IsFalse(guestPermissions.View);
Assert.IsFalse(guestPermissions.Execute);
Assert.IsFalse(guestPermissions.Contribute);
Assert.IsFalse(guestPermissions.DeployTo);
Assert.IsFalse(guestPermissions.DeployFrom);
Assert.IsFalse(guestPermissions.Administrator);
Assert.AreEqual(WindowsGroupPermission.BuiltInGuestsText, guestPermissions.WindowsGroup);
Assert.AreEqual(Guid.Empty, guestPermissions.ResourceID);
}
public void SecurityRead_Execute_WhenSecureConfigDoesExistWithGuestPermission_ShouldHaveExistingPermissions()
{
//------------Setup for test--------------------------
var serverSecuritySettingsFile = EnvironmentVariables.ServerSecuritySettingsFile;
File.Delete(serverSecuritySettingsFile);
var permission = new WindowsGroupPermission {
Administrator = true, IsServer = true, WindowsGroup = Environment.UserName
};
var permission2 = new WindowsGroupPermission {
Administrator = false, DeployFrom = false, IsServer = true, WindowsGroup = "NETWORK SERVICE"
};
var guests = WindowsGroupPermission.CreateGuests();
guests.View = true;
var permission3 = guests;
var windowsGroupPermissions = new List <WindowsGroupPermission> {
permission, permission2, permission3
};
var securitySettings = new SecuritySettingsTO(windowsGroupPermissions)
{
CacheTimeout = new TimeSpan(0, 10, 0)
};
var serializeObject = JsonConvert.SerializeObject(securitySettings);
var securityWrite = new SecurityWrite();
var securityRead = new SecurityRead();
securityWrite.Execute(new Dictionary <string, StringBuilder> {
{ "SecuritySettings", new StringBuilder(serializeObject) }
}, null);
//------------Assert Preconditions-------------------------
Assert.IsTrue(File.Exists(serverSecuritySettingsFile));
//------------Execute Test---------------------------
var jsonPermissions = securityRead.Execute(null, null);
File.Delete("secure.config");
var readSecuritySettings = JsonConvert.DeserializeObject <SecuritySettingsTO>(jsonPermissions.ToString());
//------------Assert Results-------------------------
Assert.AreEqual(4, readSecuritySettings.WindowsGroupPermissions.Count);
var adminPermission = readSecuritySettings.WindowsGroupPermissions.FirstOrDefault(p => p.IsBuiltInAdministrators);
Assert.IsNotNull(adminPermission);
Assert.AreEqual(true, adminPermission.IsServer);
Assert.AreEqual(true, adminPermission.View);
Assert.AreEqual(true, adminPermission.Execute);
Assert.AreEqual(true, adminPermission.Contribute);
Assert.AreEqual(true, adminPermission.DeployTo);
Assert.AreEqual(true, adminPermission.DeployFrom);
Assert.AreEqual(true, adminPermission.Administrator);
var userPermission = readSecuritySettings.WindowsGroupPermissions.FirstOrDefault(p => p.WindowsGroup == Environment.UserName);
Assert.IsNotNull(userPermission);
Assert.AreEqual(true, userPermission.IsServer);
Assert.AreEqual(false, userPermission.View);
Assert.AreEqual(false, userPermission.Execute);
Assert.AreEqual(false, userPermission.Contribute);
Assert.AreEqual(false, userPermission.DeployTo);
Assert.AreEqual(false, userPermission.DeployFrom);
Assert.AreEqual(true, userPermission.Administrator);
var networkServicePermission = readSecuritySettings.WindowsGroupPermissions.FirstOrDefault(p => p.WindowsGroup == "NETWORK SERVICE");
Assert.IsNotNull(networkServicePermission);
Assert.AreEqual(true, networkServicePermission.IsServer);
Assert.AreEqual(false, networkServicePermission.View);
Assert.AreEqual(false, networkServicePermission.Execute);
Assert.AreEqual(false, networkServicePermission.Contribute);
Assert.AreEqual(false, networkServicePermission.DeployTo);
Assert.AreEqual(false, networkServicePermission.DeployFrom);
Assert.AreEqual(false, networkServicePermission.Administrator);
var guestPermission = readSecuritySettings.WindowsGroupPermissions.FirstOrDefault(p => p.WindowsGroup == WindowsGroupPermission.BuiltInGuestsText);
Assert.IsNotNull(guestPermission);
Assert.AreEqual(true, guestPermission.IsServer);
Assert.AreEqual(true, guestPermission.View);
Assert.AreEqual(false, guestPermission.Execute);
Assert.AreEqual(false, guestPermission.Contribute);
Assert.AreEqual(false, guestPermission.DeployTo);
Assert.AreEqual(false, guestPermission.DeployFrom);
Assert.AreEqual(false, guestPermission.Administrator);
Assert.AreEqual(new TimeSpan(0, 10, 0), readSecuritySettings.CacheTimeout);
}
public StringBuilder Execute(Dictionary <string, StringBuilder> values, IWorkspace theWorkspace)
{
Dev2Logger.Debug("Start Security Read");
var serverSecuritySettingsFile = EnvironmentVariables.ServerSecuritySettingsFile;
if (File.Exists(serverSecuritySettingsFile))
{
string encryptedData;
using (var inStream = new FileStream(serverSecuritySettingsFile, FileMode.Open, FileAccess.Read, FileShare.ReadWrite))
{
using (var reader = new StreamReader(inStream))
{
encryptedData = reader.ReadToEnd();
}
}
Dev2Logger.Debug("Security Data Read");
try
{
var decryptData = SecurityEncryption.Decrypt(encryptedData);
Dev2Logger.Debug(decryptData);
var currentSecuritySettingsTo = JsonConvert.DeserializeObject <SecuritySettingsTO>(decryptData);
if (currentSecuritySettingsTo.WindowsGroupPermissions.Any(a => a.ResourceID != Guid.Empty))
{
foreach (var perm in currentSecuritySettingsTo.WindowsGroupPermissions.Where(a => a.ResourceID != Guid.Empty))
{
perm.ResourceName = Catalog.GetResourcePath(GlobalConstants.ServerWorkspaceID, perm.ResourceID);
}
}
decryptData = JsonConvert.SerializeObject(currentSecuritySettingsTo);
var permissionGroup = currentSecuritySettingsTo.WindowsGroupPermissions;
// We need to change BuiltIn\Administrators to -> Warewolf Administrators ;)
if (permissionGroup.Count > 0)
{
var adminGrp = permissionGroup[0].WindowsGroup;
if (adminGrp == "BuiltIn\\Administrators")
{
permissionGroup[0].WindowsGroup = WindowsGroupPermission.BuiltInAdministratorsText;
decryptData = JsonConvert.SerializeObject(currentSecuritySettingsTo);
}
}
var hasGuestPermission = permissionGroup.Any(permission => permission.IsBuiltInGuests);
var hasAdminPermission = permissionGroup.Any(permission => permission.IsBuiltInAdministrators);
if (!hasAdminPermission)
{
permissionGroup.Add(WindowsGroupPermission.CreateAdministrators());
permissionGroup.Sort(QuickSortForPermissions);
decryptData = JsonConvert.SerializeObject(currentSecuritySettingsTo);
}
if (!hasGuestPermission)
{
permissionGroup.Add(WindowsGroupPermission.CreateGuests());
permissionGroup.Sort(QuickSortForPermissions);
decryptData = JsonConvert.SerializeObject(currentSecuritySettingsTo);
}
return(new StringBuilder(decryptData));
}
catch (Exception e)
{
Dev2Logger.Error("SecurityRead", e);
}
}
var serializer = new Dev2JsonSerializer();
var securitySettingsTo = new SecuritySettingsTO(DefaultPermissions)
{
CacheTimeout = _cacheTimeout
};
return(serializer.SerializeToBuilder(securitySettingsTo));
}