94 return new DateTimeOffset(
138 #pragma warning disable CA1506
140 #pragma warning restore CA1506
173 .Include(
x =>
x.CreatedBy)
174 .Include(
x =>
x.PermissionSet)
175 .Include(
x =>
x.Group)
177 .Include(
x =>
x.OAuthConnections)
186 if (user.SystemIdentifier !=
null)
190 if (user.LastPasswordUpdate.HasValue && user.LastPasswordUpdate >=
notBefore)
192 tokenValidatedContext.Fail(
$"Rejecting token for user {userId} created before last modification: {user.LastPasswordUpdate.Value}");
209 .Include(
x =>
x.Instance)
213 logger.LogDebug(
"User {userId} does not have permissions on instance {instanceId}!",
userId,
instanceId.Value);
219 jwt.EncodedSignature,
231#pragma warning disable CA1506
233#pragma warning restore CA1506
253 .ThenInclude(user => user!.Group)
311 ?
$"'{groupIdClaimName}' does not point to a valid group!"
329 CreatedAt = DateTimeOffset.UtcNow,
355 logger.LogDebug(
"User {id} attempted to login via OIDC scheme '{scheme}' but had no group ID claim ('{groupClaimName}') and will be disabled", user.
Id,
schemeKey,
groupIdClaimName);
368 logger.LogDebug(
"User {id} mapped to group {groupId} via OIDC login on scheme '{scheme}'", user.
Id,
groupId,
schemeKey);
384 Guid.NewGuid().ToString(),
virtual ? long Id
The ID of the entity.
string? Identifier
The server's identifier.
Configuration options pertaining to user security.
bool OidcStrictMode
If OIDC strict mode should be enabled. This mode enforces the existence of at least one OpenIDConnect...
Configuration for the server swarm system.
Represents a group of Users.
static string CanonicalizeName(string name)
Change a UserName.Name into a CanonicalName.
PermissionSet? PermissionSet
The PermissionSet the User has, if any.
AuthenticationContextFactory(IDatabaseContext databaseContext, IIdentityCache identityCache, IApiHeadersProvider apiHeadersProvider, IOptions< SwarmConfiguration > swarmConfigurationOptions, IOptions< SecurityConfiguration > securityConfigurationOptions, ILogger< AuthenticationContextFactory > logger)
Initializes a new instance of the AuthenticationContextFactory class.
readonly SecurityConfiguration securityConfiguration
The SecurityConfiguration for the AuthenticationContextFactory.
IAuthenticationContext CurrentAuthenticationContext
The IAuthenticationContext the AuthenticationContextFactory created.
readonly IDatabaseContext databaseContext
The IDatabaseContext for the AuthenticationContextFactory.
readonly ILogger< AuthenticationContextFactory > logger
The ILogger for the AuthenticationContextFactory.
static DateTimeOffset ParseTime(ClaimsPrincipal principal, string key)
Parse a DateTimeOffset out of a Claim in a given principal .
int initialized
1 if currentAuthenticationContext was initialized, 0 otherwise.
readonly SwarmConfiguration swarmConfiguration
The SwarmConfiguration for the AuthenticationContextFactory.
readonly IIdentityCache identityCache
The IIdentityCache for the AuthenticationContextFactory.
readonly? ApiHeaders apiHeaders
The ApiHeaders for the AuthenticationContextFactory.
const string OpenIDConnectAuthenticationSchemePrefix
Internal scheme prefix for OIDC schemes.
async Task ValidateOidcToken(RemoteAuthenticationContext< OpenIdConnectOptions > tokenValidatedContext, string schemeKey, string groupIdClaimName, CancellationToken cancellationToken)
Handles OIDC tokenValidatedContext s.A Task representing the running operation.
readonly AuthenticationContext currentAuthenticationContext
Backing field for CurrentAuthenticationContext.
async Task ValidateTgsToken(Microsoft.AspNetCore.Authentication.JwtBearer.TokenValidatedContext tokenValidatedContext, CancellationToken cancellationToken)
Handles TGS tokenValidatedContext s.A Task representing the running operation.
void Initialize(User user, DateTimeOffset sessionExpiry, string sessionId, InstancePermissionSet? instanceUser, ISystemIdentity? systemIdentity)
Initializes the AuthenticationContext.
void Add(TModel model)
Add a given model to the the working set.
void Remove(TModel model)
Remove a given model from the the working set.
IDatabaseCollection< PermissionSet > PermissionSets
The DbSet<TEntity> for PermissionSets.
IDatabaseCollection< OidcConnection > OidcConnections
The DbSet<TEntity> for OidcConnections.
Task Save(CancellationToken cancellationToken)
Saves changes made to the IDatabaseContext.
IDatabaseCollection< UserGroup > Groups
The DbSet<TEntity> for UserGroups.
IDatabaseCollection< User > Users
The Users in the IDatabaseContext.
For creating and accessing authentication contexts.
For caching ISystemIdentitys.
ISystemIdentity LoadCachedIdentity(User user)
Attempt to load a cached ISystemIdentity.
Represents a user on the current global::System.Runtime.InteropServices.OSPlatform.
Handles validating authentication tokens.
@ List
User may list files if the Models.Instance allows it.
InstanceManagerRights
Rights for managing Models.Instances.
AdministrationRights
Administration rights for the server.
@ Enabled
The OAuth Gateway is enabled.