100 return databaseContext
103 .Where(
x =>
ids.Contains(
x.Id!.Value))
126 .Where(
x =>
userIds.Contains(
x.User!.Id!.Value))
129 return list.ToLookup(
131 x =>
new GraphQL.Types.OAuth.OAuthConnection(
x.ExternalUserId!,
x.Provider));
153 .Where(
x =>
userIds.Contains(
x.User!.Id!.Value))
156 return list.ToLookup(
158 x =>
new GraphQL.Types.OAuth.OidcConnection(
x.ExternalUserId!,
x.SchemeKey!));
210 authenticationContext,
373 Logger.LogTrace(
ex,
"System identities not implemented!");
406#pragma warning disable CA1502
407#pragma warning disable CA1506
409#pragma warning restore CA1502
410#pragma warning restore CA1506
414 if (!
model.Id.HasValue ||
model.OAuthConnections?.Any(
x =>
x ==
null) ==
true)
417 if (
model.Group !=
null &&
model.PermissionSet !=
null)
431 .Include(
x =>
x.CreatedBy)
432 .Include(
x =>
x.OAuthConnections)
433 .Include(
x =>
x.OidcConnections)
434 .Include(
x =>
x.Group!)
435 .ThenInclude(
x =>
x.PermissionSet)
436 .Include(
x =>
x.PermissionSet)
448 ||
model.Enabled.HasValue
449 ||
model.Group !=
null
450 ||
model.PermissionSet !=
null
451 ||
model.Name !=
null))
461 Logger.LogDebug(
"System user ID {userId}'s PasswordHash is polluted, updating database.",
originalUser.Id);
470 if (
model.Password !=
null)
485 if (
model.OAuthConnections !=
null
487 || !
model.OAuthConnections.All(
x =>
originalUser.OAuthConnections.Any(
y =>
y.Provider ==
x.Provider &&
y.ExternalUserId ==
x.ExternalUserId))))
502 originalUser.OAuthConnections.Add(
new Models.OAuthConnection
504 Provider = updatedConnection.Provider,
505 ExternalUserId = updatedConnection.ExternalUserId,
509 if (
model.OidcConnections !=
null
511 || !
model.OidcConnections.All(
x =>
originalUser.OidcConnections.Any(
y =>
y.SchemeKey ==
x.SchemeKey &&
y.ExternalUserId ==
x.ExternalUserId))))
525 originalUser.OidcConnections.Add(
new Models.OidcConnection
527 SchemeKey = updatedConnection.SchemeKey,
528 ExternalUserId = updatedConnection.ExternalUserId,
532 if (
model.Group !=
null)
540 .Where(
x =>
x.Id ==
model.Group.Id)
541 .Include(
x =>
x.PermissionSet)
550 Logger.LogInformation(
"Deleting permission set {permissionSetId}...",
originalUser.PermissionSet.Id);
555 else if (
model.PermissionSet !=
null)
562 Logger.LogTrace(
"Creating new permission set...");
579 if (
model.Enabled.HasValue)
615 GraphQL.Subscriptions.UserSubscriptions.UserUpdatedTopics(
616 user.Require(
x =>
x.Id))
620 CancellationToken.None)));
641 .Include(
x =>
x.CreatedBy)
642 .Include(
x =>
x.OAuthConnections)
643 .Include(
x =>
x.OidcConnections)
644 .Include(
x =>
x.Group!)
645 .ThenInclude(
x =>
x.PermissionSet)
646 .Include(
x =>
x.PermissionSet);
659 Models.PermissionSet? permissionSet =
null;
661 if (
model.Group !=
null)
665 .Where(
x =>
x.Id ==
model.Group.Id)
666 .Include(
x =>
x.PermissionSet)
677 CreatedAt = DateTimeOffset.UtcNow,
683 SystemIdentifier =
model.SystemIdentifier,
686 ?.Select(
x =>
new Models.OAuthConnection
688 Provider = x.Provider,
689 ExternalUserId = x.ExternalUserId,
692 ??
new List<Models.OAuthConnection>(),
695 ?.
Select(
x =>
new Models.OidcConnection
697 SchemeKey =
x.SchemeKey,
698 ExternalUserId =
x.ExternalUserId,
701 ??
new List<Models.OidcConnection>(),
715 if (
newPassword.Length < generalConfigurationOptions.Value.MinimumPasswordLength)
719 AdditionalData = $
"Required password length: {generalConfigurationOptions.Value.MinimumPasswordLength}",
Represents initial credentials used by the server.
static readonly string AdminUserName
The name of the default admin user.
virtual ? long Id
The ID of the entity.
Represents a set of server permissions.
AdministrationRights? AdministrationRights
The Rights.AdministrationRights for the user.
For editing a given user.
Represents an error message returned by the server.
Extension methods for the ValueTask and ValueTask<TResult> classes.
static async ValueTask WhenAll(IEnumerable< ValueTask > tasks)
Fully await a given list of tasks .
Base implementation of IAuthority.
ILogger< AuthorityBase > Logger
Gets the ILogger for the AuthorityBase.
Represents a response from an authority.
readonly ISessionInvalidationTracker sessionInvalidationTracker
The ISessionInvalidationTracker for the UserAuthority.
readonly ITopicEventSender topicEventSender
The ITopicEventSender for the UserAuthority.
AuthorityResponse< User >? TrySetPassword(User dbUser, string newPassword, bool newUser)
Attempt to change the password of a given dbUser .
readonly IPermissionsUpdateNotifyee permissionsUpdateNotifyee
The IPermissionsUpdateNotifyee for the UserAuthority.
async ValueTask< AuthorityResponse< User > > GetId(long id, bool includeJoins, bool allowSystemUser, CancellationToken cancellationToken)
Gets the User with a given id .A ValueTask<TResult> resulting in a User AuthorityResponse<TResult>.
static Task< Dictionary< long, User > > GetUsers(IReadOnlyList< long > ids, IDatabaseContext databaseContext, CancellationToken cancellationToken)
Implements the usersDataLoader.
async ValueTask< AuthorityResponse< GraphQL.Types.OAuth.OidcConnection[]> > OidcConnections(long userId, CancellationToken cancellationToken)
Gets the GraphQL.Types.OAuth.OidcConnections for the User with a given userId .A ValueTask<TResult> r...
async ValueTask< AuthorityResponse< GraphQL.Types.OAuth.OAuthConnection[]> > OAuthConnections(long userId, CancellationToken cancellationToken)
Gets the GraphQL.Types.OAuth.OAuthConnections for the User with a given userId .A ValueTask<TResult> ...
UserAuthority(IAuthenticationContext authenticationContext, IDatabaseContext databaseContext, ILogger< UserAuthority > logger, IUsersDataLoader usersDataLoader, IOAuthConnectionsDataLoader oAuthConnectionsDataLoader, IOidcConnectionsDataLoader oidcConnectionsDataLoader, ISystemIdentityFactory systemIdentityFactory, IPermissionsUpdateNotifyee permissionsUpdateNotifyee, ICryptographySuite cryptographySuite, ISessionInvalidationTracker sessionInvalidationTracker, ITopicEventSender topicEventSender, IOptionsSnapshot< GeneralConfiguration > generalConfigurationOptions, IOptions< SecurityConfiguration > securityConfigurationOptions)
Initializes a new instance of the UserAuthority class.
static ? AuthorityResponse< User > CheckValidName(UserUpdateRequest model, bool newUser)
Check if a given model has a valid UserName.Name specified.
readonly ISystemIdentityFactory systemIdentityFactory
The ISystemIdentityFactory for the UserAuthority.
readonly IOptions< SecurityConfiguration > securityConfigurationOptions
The IOptions<TOptions> of SecurityConfiguration for the UserAuthority.
readonly IOptionsSnapshot< GeneralConfiguration > generalConfigurationOptions
The IOptionsSnapshot<TOptions> of GeneralConfiguration for the UserAuthority.
IQueryable< User > Queryable(bool includeJoins)
Gets all registered Users.A IQueryable<T> of Users.
IQueryable< User > Queryable(bool includeJoins, bool allowSystemUser)
Gets all registered Users.
async ValueTask< User > CreateNewUserFromModel(Api.Models.Internal.UserApiBase model, CancellationToken cancellationToken)
Creates a new User from a given model .
ValueTask< AuthorityResponse< User > > Read(CancellationToken cancellationToken)
Gets the currently authenticated user.A ValueTask<TResult> resulting in a User AuthorityResponse<TRes...
static bool BadCreateRequestChecks(UserCreateRequest createRequest, bool? needZeroLengthPasswordWithOAuthConnections, [NotNullWhen(true)] out AuthorityResponse< User >? failResponse)
Checks if a createRequest should return a bad request AuthorityResponse<TResult>.
static async ValueTask< ILookup< long, GraphQL.Types.OAuth.OAuthConnection > > GetOAuthConnections(IReadOnlyList< long > userIds, IDatabaseContext databaseContext, CancellationToken cancellationToken)
Implements the oAuthConnectionsDataLoader.
static async ValueTask< ILookup< long, GraphQL.Types.OAuth.OidcConnection > > GetOidcConnections(IReadOnlyList< long > userIds, IDatabaseContext databaseContext, CancellationToken cancellationToken)
Implements the oidcConnectionsDataLoader.
readonly IOidcConnectionsDataLoader oidcConnectionsDataLoader
The IOidcConnectionsDataLoader for the UserAuthority.
async ValueTask< AuthorityResponse< User > > Create(UserCreateRequest createRequest, bool? needZeroLengthPasswordWithOAuthConnections, CancellationToken cancellationToken)
Creates a User.A ValueTask<TResult> resulting in am AuthorityResponse<TResult> for the created User.
readonly ICryptographySuite cryptographySuite
The ICryptographySuite for the UserAuthority.
ValueTask SendUserUpdatedTopics(User user)
Send topics through the topicEventSender indicating a given user was created or updated.
readonly IUsersDataLoader usersDataLoader
The IUsersDataLoader for the UserAuthority.
async ValueTask< AuthorityResponse< User > > Update(UserUpdateRequest model, CancellationToken cancellationToken)
Updates a User.A ValueTask<TResult> resulting in am AuthorityResponse<TResult> for the created User.
readonly IOAuthConnectionsDataLoader oAuthConnectionsDataLoader
The IOAuthConnectionsDataLoader for the UserAuthority.
Backend abstract implementation of IDatabaseContext.
DbSet< OAuthConnection > OAuthConnections
The OAuthConnections in the DatabaseContext.
DbSet< PermissionSet > PermissionSets
The PermissionSets in the DatabaseContext.
Task Save(CancellationToken cancellationToken)
Saves changes made to the IDatabaseContext.A Task representing the running operation.
DbSet< User > Users
The Users in the DatabaseContext.
DbSet< OidcConnection > OidcConnections
The OidcConnections in the DatabaseContext.
DbSet< UserGroup > Groups
The UserGroups in the DatabaseContext.
Represents a group of Users.
const string TgsSystemUserName
Username used when creating jobs automatically.
static string CanonicalizeName(string name)
Change a UserName.Name into a CanonicalName.
string? CanonicalName
The uppercase invariant of UserName.Name.
User User
The authenticated user.
ulong GetRight(RightsType rightsType)
Get the value of a given rightsType .The value of rightsType . Note that if InstancePermissionSet is ...
IAuthority for managing Users.
IDatabaseCollection< OidcConnection > OidcConnections
The DbSet<TEntity> for OidcConnections.
IDatabaseCollection< User > Users
The Users in the IDatabaseContext.
IDatabaseCollection< OAuthConnection > OAuthConnections
The DbSet<TEntity> for OAuthConnections.
For creating and accessing authentication contexts.
Contains various cryptographic functions.
Receives notifications about permissions updates.
ValueTask UserDisabled(User user, CancellationToken cancellationToken)
Called when a given User is successfully disabled.
Handles invalidating user sessions.
void UserModifiedInvalidateSessions(User user)
Invalidate all sessions for a given user .
Factory for ISystemIdentitys.
Task< ISystemIdentity?> CreateSystemIdentity(User user, CancellationToken cancellationToken)
Create a ISystemIdentity for a given user .
ErrorCode
Types of Response.ErrorMessageResponses that the API may return.
@ List
User may list files if the Models.Instance allows it.
RightsType
The type of rights a model uses.
InstanceManagerRights
Rights for managing Models.Instances.
AdministrationRights
Administration rights for the server.
@ Api
The ApiHeaders.ApiVersionHeader header is missing or invalid.
HttpFailureResponse
Indicates the type of HTTP status code an failing AuthorityResponse should generate.
HttpSuccessResponse
Indicates the type of HTTP status code a successful AuthorityResponse<TResult> should generate.
@ Enabled
The OAuth Gateway is enabled.