112 #pragma warning disable CA1506
114 #pragma warning restore CA1506
133 .Include(
x =>
x.CreatedBy)
134 .Include(
x =>
x.PermissionSet)
135 .Include(
x =>
x.Group)
137 .Include(
x =>
x.OAuthConnections)
138 .FirstOrDefaultAsync(cancellationToken);
146 if (user.SystemIdentifier !=
null)
150 if (user.LastPasswordUpdate.HasValue && user.LastPasswordUpdate >=
notBefore)
152 tokenValidatedContext.Fail(
$"Rejecting token for user {userId} created before last modification: {user.LastPasswordUpdate.Value}");
169 .Include(
x =>
x.Instance)
170 .FirstOrDefaultAsync(cancellationToken);
173 logger.LogDebug(
"User {userId} does not have permissions on instance {instanceId}!",
userId,
instanceId.Value);
179 jwt.EncodedSignature,
191#pragma warning disable CA1506
193#pragma warning restore CA1506
212 .ThenInclude(user => user!.Group)
214 .FirstOrDefaultAsync(cancellationToken);
246 .FirstOrDefaultAsync(cancellationToken)
269 ?
$"'{groupIdClaimName}' does not point to a valid group!"
287 CreatedAt = DateTimeOffset.UtcNow,
313 logger.LogDebug(
"User {id} attempted to login via OIDC scheme '{scheme}' but had no group ID claim ('{groupClaimName}') and will be disabled", user.
Id,
schemeKey,
groupIdClaimName);
326 logger.LogDebug(
"User {id} mapped to group {groupId} via OIDC login on scheme '{scheme}'", user.
Id,
groupId,
schemeKey);
342 Guid.NewGuid().ToString(),
virtual ? long Id
The ID of the entity.
Represents a group of Users.
static string CanonicalizeName(string name)
Change a UserName.Name into a CanonicalName.
PermissionSet? PermissionSet
The PermissionSet the User has, if any.
readonly IOptionsSnapshot< SecurityConfiguration > securityConfigurationOptions
The IOptionsSnapshot<TOptions> of SecurityConfiguration for the AuthenticationContextFactory.
IAuthenticationContext CurrentAuthenticationContext
The IAuthenticationContext the AuthenticationContextFactory created.
readonly IDatabaseContext databaseContext
The IDatabaseContext for the AuthenticationContextFactory.
readonly ILogger< AuthenticationContextFactory > logger
The ILogger for the AuthenticationContextFactory.
int initialized
1 if currentAuthenticationContext was initialized, 0 otherwise.
readonly IIdentityCache identityCache
The IIdentityCache for the AuthenticationContextFactory.
readonly? ApiHeaders apiHeaders
The ApiHeaders for the AuthenticationContextFactory.
const string OpenIDConnectAuthenticationSchemePrefix
Internal scheme prefix for OIDC schemes.
async Task ValidateOidcToken(RemoteAuthenticationContext< OpenIdConnectOptions > tokenValidatedContext, string schemeKey, string groupIdClaimName, CancellationToken cancellationToken)
Handles OIDC tokenValidatedContext s.A Task representing the running operation.
readonly AuthenticationContext currentAuthenticationContext
Backing field for CurrentAuthenticationContext.
AuthenticationContextFactory(IDatabaseContext databaseContext, IIdentityCache identityCache, IApiHeadersProvider apiHeadersProvider, IOptions< SwarmConfiguration > swarmConfigurationOptions, IOptionsSnapshot< SecurityConfiguration > securityConfigurationOptions, ILogger< AuthenticationContextFactory > logger)
Initializes a new instance of the AuthenticationContextFactory class.
readonly IOptions< SwarmConfiguration > swarmConfigurationOptions
The IOptions<TOptions> of SwarmConfiguration for the AuthenticationContextFactory.
async Task ValidateTgsToken(Microsoft.AspNetCore.Authentication.JwtBearer.TokenValidatedContext tokenValidatedContext, CancellationToken cancellationToken)
Handles TGS tokenValidatedContext s.A Task representing the running operation.
void Initialize(User user, DateTimeOffset sessionExpiry, string sessionId, InstancePermissionSet? instanceUser, ISystemIdentity? systemIdentity)
Initializes the AuthenticationContext.
void Add(TModel model)
Add a given model to the the working set.
void Remove(TModel model)
Remove a given model from the the working set.
IDatabaseCollection< InstancePermissionSet > InstancePermissionSets
The InstancePermissionSets in the IDatabaseContext.
IDatabaseCollection< PermissionSet > PermissionSets
The DbSet<TEntity> for PermissionSets.
IDatabaseCollection< OidcConnection > OidcConnections
The DbSet<TEntity> for OidcConnections.
Task Save(CancellationToken cancellationToken)
Saves changes made to the IDatabaseContext.
IDatabaseCollection< UserGroup > Groups
The DbSet<TEntity> for UserGroups.
IDatabaseCollection< User > Users
The Users in the IDatabaseContext.
For creating and accessing authentication contexts.
For caching ISystemIdentitys.
ISystemIdentity LoadCachedIdentity(User user)
Attempt to load a cached ISystemIdentity.
Represents a user on the current global::System.Runtime.InteropServices.OSPlatform.
Handles validating authentication tokens.
@ List
User may list files if the Models.Instance allows it.
InstanceManagerRights
Rights for managing Models.Instances.
AdministrationRights
Administration rights for the server.
@ Enabled
The OAuth Gateway is enabled.