Merge branch 'Sprint/2020-10' into 'master'

Sprint/2020-10 See merge request coscine/api/sts!47

Merge branch 'Sprint/2020-10' into 'master'
1cd9f4b2 · Marcel Nellesen · e9cb49ea · a75ec471 · 1cd9f4b2 · 1cd9f4b2
Commit 1cd9f4b2 authored 4 years ago by Marcel Nellesen
--- a/src/STS/Controllers/HomeController.cs
+++ b/src/STS/Controllers/HomeController.cs
@@ -8,6 +8,9 @@ using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Http.Features;
 using Microsoft.AspNetCore.Http;
 using Coscine.Api.STS.Utils;
+using Coscine.ApiCommons;
+using Coscine.Database.Models;
+using System.Linq;

 namespace Coscine.Api.STS.Controllers
 {
@@ -30,6 +33,20 @@ namespace Coscine.Api.STS.Controllers

                    if (action == SignInString)
                    {
+                        var userIdString = User.Identity.Name;
+                        var userId = new Guid(userIdString);
+
+                        TOSModel tosModel = new TOSModel();
+                        var tosAcceptedList = tosModel.GetAllWhere((entry) => entry.UserId == userId);
+                        var currentTos = Configurator.Configuration.GetStringAndWait("coscine/global/tos/version");
+                        var tosAccepted = tosAcceptedList != null
+                            && tosAcceptedList.Any((entry) => entry.Version == currentTos);
+                        if (!tosAccepted)
+                        {
+                            string tosUrl = UrlGenerator.GetTOSUrl(Request, userIdString);
+                            return Redirect(tosUrl);
+                        }
+
                        var reqFeature = HttpContext.Features.Get<IHttpRequestFeature>();
                        var rawTarget = reqFeature.RawTarget;
                        var formData = ProcessSignIn(new Uri(Program.MainUrl + rawTarget), User);

--- a/src/STS/STS.csproj
+++ b/src/STS/STS.csproj
@@ -9,8 +9,9 @@
  </PropertyGroup>

  <ItemGroup>
-    <PackageReference Include="Coscine.ApiCommons" Version="1.7.1" />
-    <PackageReference Include="Coscine.Database" Version="1.19.0" />
+    <PackageReference Include="Coscine.ActiveDirectory" Version="1.1.0" />
+    <PackageReference Include="Coscine.ApiCommons" Version="1.8.0" />
+    <PackageReference Include="Coscine.Database" Version="1.21.0" />
    <PackageReference Include="Microsoft.AspNetCore" Version="2.2.0" />
    <PackageReference Include="Microsoft.AspNetCore.Authentication" Version="2.2.0" />
    <PackageReference Include="Microsoft.AspNetCore.Authentication.Abstractions" Version="2.2.0" />
@@ -26,7 +27,7 @@
    <PackageReference Include="Microsoft.Extensions.Identity.Stores" Version="2.2.0" />
    <PackageReference Include="Microsoft.IdentityModel" Version="7.0.0" />
    <PackageReference Include="Microsoft.NET.Sdk.Razor" Version="2.2.0" />
-    <PackageReference Include="System.DirectoryServices" Version="4.6.0" />
+    <PackageReference Include="System.DirectoryServices" Version="4.7.0" />
    <PackageReference Include="System.DirectoryServices.AccountManagement" Version="4.6.0" />
    <PackageReference Include="System.DirectoryServices.Protocols" Version="4.6.0" />
    <PackageReference Include="Sustainsys.Saml2.AspNetCore2" Version="2.3.0" />

--- a/src/STS/Security/CustomSecurityTokenService.cs
+++ b/src/STS/Security/CustomSecurityTokenService.cs
 using Coscine.Database.Models;
+using Coscine.ActiveDirectory;
 using System;
 using System.Collections.Generic;
 using System.Configuration;
@@ -76,7 +77,7 @@ namespace Coscine.Api.STS.Security
            UserModel userModel = new UserModel();
            var user = userModel.GetById(Guid.Parse(principal.Identity.Name));

-            AddToAD(user);
+            ADHandler.AddUser(user, Program.Configuration);

            var claims = new List<Claim>()
                {
@@ -96,59 +97,6 @@ namespace Coscine.Api.STS.Security
            return identity;
        }

-        private static void AddToAD(Database.DataModel.User user)
-        {
-            // If keys exist
-            if (Program.Configuration.KeysAndWait("coscine/local/profilesync") != null)
-            {
-                var adDomain = Program.Configuration.GetStringAndWait("coscine/local/profilesync/domain");
-                var adUsername = adDomain + @"\" + Program.Configuration.GetStringAndWait("coscine/local/profilesync/username");
-                var adPassword = Program.Configuration.GetStringAndWait("coscine/local/profilesync/password");
-
-                using (DirectoryEntry directoryEntry = new DirectoryEntry("LDAP://" + Program.Configuration.GetStringAndWait("coscine/local/profilesync/forestname"), adUsername, adPassword))
-                {
-                    var ou = Program.Configuration.GetStringAndWait("coscine/local/profilesync/ou");
-                    if (ou.Contains(",DC"))
-                    {
-                        ou = ou.Substring(0, ou.IndexOf(",DC"));
-                    }
-                    using (var coscineEntry = directoryEntry.Children.Find(ou))
-                    {
-                        try
-                        {
-                            // Check if user already exists in AD
-                            coscineEntry.Children.Find("CN=" + user.Id);
-                        }
-                        catch (DirectoryServicesCOMException)
-                        {
-                            using (var newUser = coscineEntry.Children.Add("CN=" + user.Id, "User"))
-                            {
-                                if (!string.IsNullOrWhiteSpace(user.Givenname))
-                                {
-                                    newUser.Properties["givenName"].Value = user.Givenname;
-                                }
-                                if (!string.IsNullOrWhiteSpace(user.Surname))
-                                {
-                                    newUser.Properties["sn"].Value = user.Surname;
-                                }
-                                if (!string.IsNullOrWhiteSpace(user.EmailAddress))
-                                {
-                                    newUser.Properties["mail"].Value = user.EmailAddress;
-                                }
-
-                                newUser.Properties["sAMAccountName"].Value = user.Id.ToString().Substring(0, 20);
-                                newUser.Properties["displayName"].Value = user.DisplayName;
-                                newUser.Properties["uid"].Value = user.Id.ToString();
-                                newUser.Properties["userPrincipalName"].Value = user.Id.ToString() + "@" + Program.Configuration.GetStringAndWait("coscine/local/profilesync/forestname");
-
-                                newUser.CommitChanges();
-                            }
-                        }
-                    }
-                }
-            }
-        }
-
        public static X509Certificate2 GetCertificate()
        {
            var pfx = Program.Configuration.GetAndWait("coscine/global/sts/pfx");
@@ -157,6 +105,5 @@ namespace Coscine.Api.STS.Security
            X509Certificate2 x509Certificate2 = new X509Certificate2(pfx, passwordString);
            return x509Certificate2;
        }
-
    }
 }
--- a/src/STS/Utils/UrlGenerator.cs
+++ b/src/STS/Utils/UrlGenerator.cs
-using Microsoft.AspNetCore.Http;
+using Coscine.ApiCommons.Utils;
+using Microsoft.AspNetCore.Http;
+using System.Collections.Generic;
 using System.Net;

 namespace Coscine.Api.STS.Utils
@@ -17,6 +19,18 @@ namespace Coscine.Api.STS.Utils
            return loginUrl;
        }

+        public static string GetTOSUrl(HttpRequest request, string userId)
+        {
+            var queryString = GetLoginUrl(request);
+            var jwtHandler = new JWTHandler(Program.Configuration);
+            var dictionary = new Dictionary<string, string>
+                {
+                    { "UserId", userId }
+                };
+            var token = jwtHandler.GenerateJwtToken(dictionary);
+            return queryString + "&tos=true&jwt=" + token;
+        }
+
        public static string ExtendReturnUrl(string returnUrl, HttpRequest request)
        {
            string retString = returnUrl;