90 return databaseContext
93 .Where(
x =>
ids.Contains(
x.Id!.Value))
116 .Where(
x =>
userIds.Contains(
x.User!.Id!.Value))
119 return list.ToLookup(
121 x =>
new GraphQL.Types.OAuth.OAuthConnection(
x.ExternalUserId!,
x.Provider));
169 authenticationContext,
325 Logger.LogTrace(
ex,
"System identities not implemented!");
358#pragma warning disable CA1502
359#pragma warning disable CA1506
361#pragma warning restore CA1502
362#pragma warning restore CA1506
366 if (!
model.Id.HasValue ||
model.OAuthConnections?.Any(
x =>
x ==
null) ==
true)
369 if (
model.Group !=
null &&
model.PermissionSet !=
null)
383 .Include(
x =>
x.CreatedBy)
384 .Include(
x =>
x.OAuthConnections)
385 .Include(
x =>
x.Group!)
386 .ThenInclude(
x =>
x.PermissionSet)
387 .Include(
x =>
x.PermissionSet)
399 ||
model.Enabled.HasValue
400 ||
model.Group !=
null
401 ||
model.PermissionSet !=
null
402 ||
model.Name !=
null))
412 Logger.LogDebug(
"System user ID {userId}'s PasswordHash is polluted, updating database.",
originalUser.Id);
421 if (
model.Password !=
null)
436 if (
model.OAuthConnections !=
null
438 || !
model.OAuthConnections.All(
x =>
originalUser.OAuthConnections.Any(
y =>
y.Provider ==
x.Provider &&
y.ExternalUserId ==
x.ExternalUserId))))
448 originalUser.OAuthConnections.Add(
new Models.OAuthConnection
450 Provider = updatedConnection.Provider,
451 ExternalUserId = updatedConnection.ExternalUserId,
455 if (
model.Group !=
null)
460 .Where(
x =>
x.Id ==
model.Group.Id)
461 .Include(
x =>
x.PermissionSet)
470 Logger.LogInformation(
"Deleting permission set {permissionSetId}...",
originalUser.PermissionSet.Id);
475 else if (
model.PermissionSet !=
null)
479 Logger.LogTrace(
"Creating new permission set...");
496 if (
model.Enabled.HasValue)
529 GraphQL.Subscriptions.UserSubscriptions.UserUpdatedTopics(
530 user.Require(
x =>
x.Id))
534 CancellationToken.None)));
555 .Include(
x =>
x.CreatedBy)
556 .Include(
x =>
x.OAuthConnections)
557 .Include(
x =>
x.Group!)
558 .ThenInclude(
x =>
x.PermissionSet)
559 .Include(
x =>
x.PermissionSet);
572 Models.PermissionSet? permissionSet =
null;
574 if (
model.Group !=
null)
578 .Where(
x =>
x.Id ==
model.Group.Id)
579 .Include(
x =>
x.PermissionSet)
596 SystemIdentifier =
model.SystemIdentifier,
599 ?.Select(
x =>
new Models.OAuthConnection
601 Provider = x.Provider,
602 ExternalUserId = x.ExternalUserId,
605 ??
new List<Models.OAuthConnection>(),
623 AdditionalData = $
"Required password length: {generalConfigurationOptions.Value.MinimumPasswordLength}",
Represents initial credentials used by the server.
static readonly string AdminUserName
The name of the default admin user.
virtual ? long Id
The ID of the entity.
Represents a set of server permissions.
AdministrationRights? AdministrationRights
The Rights.AdministrationRights for the user.
For editing a given user.
Represents an error message returned by the server.
Extension methods for the ValueTask and ValueTask<TResult> classes.
static async ValueTask WhenAll(IEnumerable< ValueTask > tasks)
Fully await a given list of tasks .
Base implementation of IAuthority.
ILogger< AuthorityBase > Logger
Gets the ILogger for the AuthorityBase.
Represents a response from an authority.
readonly ISessionInvalidationTracker sessionInvalidationTracker
The ISessionInvalidationTracker for the UserAuthority.
readonly ITopicEventSender topicEventSender
The ITopicEventSender for the UserAuthority.
AuthorityResponse< User >? TrySetPassword(User dbUser, string newPassword, bool newUser)
Attempt to change the password of a given dbUser .
readonly IPermissionsUpdateNotifyee permissionsUpdateNotifyee
The IPermissionsUpdateNotifyee for the UserAuthority.
async ValueTask< AuthorityResponse< User > > GetId(long id, bool includeJoins, bool allowSystemUser, CancellationToken cancellationToken)
Gets the User with a given id .A ValueTask<TResult> resulting in a User AuthorityResponse<TResult>.
static Task< Dictionary< long, User > > GetUsers(IReadOnlyList< long > ids, IDatabaseContext databaseContext, CancellationToken cancellationToken)
Implements the usersDataLoader.
async ValueTask< AuthorityResponse< GraphQL.Types.OAuth.OAuthConnection[]> > OAuthConnections(long userId, CancellationToken cancellationToken)
Gets the GraphQL.Types.OAuth.OAuthConnections for the User with a given userId .A ValueTask<TResult> ...
static ? AuthorityResponse< User > CheckValidName(UserUpdateRequest model, bool newUser)
Check if a given model has a valid UserName.Name specified.
readonly ISystemIdentityFactory systemIdentityFactory
The ISystemIdentityFactory for the UserAuthority.
readonly IOptionsSnapshot< GeneralConfiguration > generalConfigurationOptions
The IOptionsSnapshot<TOptions> of GeneralConfiguration for the UserAuthority.
IQueryable< User > Queryable(bool includeJoins)
Gets all registered Users.A IQueryable<T> of Users.
IQueryable< User > Queryable(bool includeJoins, bool allowSystemUser)
Gets all registered Users.
async ValueTask< User > CreateNewUserFromModel(Api.Models.Internal.UserApiBase model, CancellationToken cancellationToken)
Creates a new User from a given model .
UserAuthority(IAuthenticationContext authenticationContext, IDatabaseContext databaseContext, ILogger< UserAuthority > logger, IUsersDataLoader usersDataLoader, IOAuthConnectionsDataLoader oAuthConnectionsDataLoader, ISystemIdentityFactory systemIdentityFactory, IPermissionsUpdateNotifyee permissionsUpdateNotifyee, ICryptographySuite cryptographySuite, ISessionInvalidationTracker sessionInvalidationTracker, ITopicEventSender topicEventSender, IOptionsSnapshot< GeneralConfiguration > generalConfigurationOptions)
Initializes a new instance of the UserAuthority class.
ValueTask< AuthorityResponse< User > > Read(CancellationToken cancellationToken)
Gets the currently authenticated user.A ValueTask<TResult> resulting in a User AuthorityResponse<TRes...
static bool BadCreateRequestChecks(UserCreateRequest createRequest, bool? needZeroLengthPasswordWithOAuthConnections, [NotNullWhen(true)] out AuthorityResponse< User >? failResponse)
Checks if a createRequest should return a bad request AuthorityResponse<TResult>.
static async ValueTask< ILookup< long, GraphQL.Types.OAuth.OAuthConnection > > GetOAuthConnections(IReadOnlyList< long > userIds, IDatabaseContext databaseContext, CancellationToken cancellationToken)
Implements the usersDataLoader.
async ValueTask< AuthorityResponse< User > > Create(UserCreateRequest createRequest, bool? needZeroLengthPasswordWithOAuthConnections, CancellationToken cancellationToken)
Creates a User.A ValueTask<TResult> resulting in am AuthorityResponse<TResult> for the created User.
readonly ICryptographySuite cryptographySuite
The ICryptographySuite for the UserAuthority.
ValueTask SendUserUpdatedTopics(User user)
Send topics through the topicEventSender indicating a given user was created or updated.
readonly IUsersDataLoader usersDataLoader
The IUsersDataLoader for the UserAuthority.
async ValueTask< AuthorityResponse< User > > Update(UserUpdateRequest model, CancellationToken cancellationToken)
Updates a User.A ValueTask<TResult> resulting in am AuthorityResponse<TResult> for the created User.
readonly IOAuthConnectionsDataLoader oAuthConnectionsDataLoader
The IOAuthConnectionsDataLoader for the UserAuthority.
Backend abstract implementation of IDatabaseContext.
DbSet< PermissionSet > PermissionSets
The PermissionSets in the DatabaseContext.
Task Save(CancellationToken cancellationToken)
Saves changes made to the IDatabaseContext.A Task representing the running operation.
DbSet< User > Users
The Users in the DatabaseContext.
DbSet< UserGroup > Groups
The UserGroups in the DatabaseContext.
Represents a group of Users.
const string TgsSystemUserName
Username used when creating jobs automatically.
static string CanonicalizeName(string name)
Change a UserName.Name into a CanonicalName.
string? CanonicalName
The uppercase invariant of UserName.Name.
User User
The authenticated user.
ulong GetRight(RightsType rightsType)
Get the value of a given rightsType .The value of rightsType . Note that if InstancePermissionSet is ...
IAuthority for managing Users.
IDatabaseCollection< User > Users
The Users in the IDatabaseContext.
IDatabaseCollection< OAuthConnection > OAuthConnections
The DbSet<TEntity> for OAuthConnections.
For creating and accessing authentication contexts.
Contains various cryptographic functions.
void SetUserPassword(User user, string newPassword, bool newUser)
Sets a User.PasswordHash for a given user .
Receives notifications about permissions updates.
ValueTask UserDisabled(User user, CancellationToken cancellationToken)
Called when a given User is successfully disabled.
Handles invalidating user sessions.
void UserModifiedInvalidateSessions(User user)
Invalidate all sessions for a given user .
Factory for ISystemIdentitys.
Task< ISystemIdentity?> CreateSystemIdentity(User user, CancellationToken cancellationToken)
Create a ISystemIdentity for a given user .
ErrorCode
Types of Response.ErrorMessageResponses that the API may return.
@ List
User may list files if the Models.Instance allows it.
RightsType
The type of rights a model uses.
InstanceManagerRights
Rights for managing Models.Instances.
AdministrationRights
Administration rights for the server.
@ Api
The ApiHeaders.ApiVersionHeader header is missing or invalid.
HttpFailureResponse
Indicates the type of HTTP status code an failing AuthorityResponse should generate.
HttpSuccessResponse
Indicates the type of HTTP status code a successful AuthorityResponse<TResult> should generate.
@ Enabled
The OAuth Gateway is enabled.
