AppStd/DigitalData.StaffDBServer
8
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: LdapOptions erstellt anstelle statischer (fest codierter) Konfigurationswerte, LdapOptions und Abhängigkeitsinjektionen dafür hinzugefügt

Browse Source
This commit is contained in:
Developer 02 2024-08-05 14:31:59 +02:00
parent d434a5964b
commit eedc726440
6 changed files with 69 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
DAL/Repositories/EmployeeToWebAppRepository.cs
View File

@ -12,8 +12,11 @@ namespace DAL.Repositories
{
public class EmployeeToWebAppRepository : BaseRepository<EmployeeToWebApp>
{
public EmployeeToWebAppRepository(WebApiContext context) : base(context)
private readonly LdapManager _ldapManager;
public EmployeeToWebAppRepository(WebApiContext context, LdapManager ldapManager) : base(context)
{
_ldapManager = ldapManager;
}
public async Task<bool> DeleteEmloyeeToWebAppAsync(int webAppId)
@ -75,24 +78,24 @@ namespace DAL.Repositories
if (department != default && !string.IsNullOrEmpty(department.AdGroupDepartmentName))
{
groupSuffix = $"{webapp.AdWebAppName}_{department.AdGroupDepartmentName}";
if (LdapManager.IsWindreamSuffixGroup(groupSuffix))
if (_ldapManager.IsWindreamSuffixGroup(groupSuffix))
{
if (isAdding) result = LdapManager.AD_AddUserloginToGroup(employee.LoginName, groupSuffix);
else result = LdapManager.AD_RemoveUserFromGroup(employee.LoginName, groupSuffix);
if (isAdding) result = _ldapManager.AD_AddUserloginToGroup(employee.LoginName, groupSuffix);
else result = _ldapManager.AD_RemoveUserFromGroup(employee.LoginName, groupSuffix);
}
}
if (webappRole != default)
{
groupSuffix = $"{webapp.AdWebAppName}_{webappRole.WebAppRoleName}";
if (isAdding) result = LdapManager.AD_AddUserloginToGroup(employee.LoginName, groupSuffix);
else result = LdapManager.AD_RemoveUserFromGroup(employee.LoginName, groupSuffix);
if (isAdding) result = _ldapManager.AD_AddUserloginToGroup(employee.LoginName, groupSuffix);
else result = _ldapManager.AD_RemoveUserFromGroup(employee.LoginName, groupSuffix);
if (LdapManager.IsWindreamAdminGroup(groupSuffix))
if (_ldapManager.IsWindreamAdminGroup(groupSuffix))
{
groupSuffix = $"{webapp.AdWebAppName}_User";
if (isAdding) result = LdapManager.AD_AddUserloginToGroup(employee.LoginName, groupSuffix);
else result = LdapManager.AD_RemoveUserFromGroup(employee.LoginName, groupSuffix);
if (isAdding) result = _ldapManager.AD_AddUserloginToGroup(employee.LoginName, groupSuffix);
else result = _ldapManager.AD_RemoveUserFromGroup(employee.LoginName, groupSuffix);
}
}
}

11
DAL/Repositories/WebAppToDepartmentRepository.cs
View File

@ -12,8 +12,11 @@ namespace DAL.Repositories
{
public class WebAppToDepartmentRepository : BaseRepository<WebAppToDepartment>
{
public WebAppToDepartmentRepository(WebApiContext context) : base(context)
private readonly LdapManager _ldapManager;
public WebAppToDepartmentRepository(WebApiContext context, LdapManager ldapManager) : base(context)
{
_ldapManager = ldapManager;
}
public async Task<List<WebAppToDepartment>> GetListByFilterAsync(EmployeeToWebAppFilter filter, bool asNoTracking = true)
@ -59,11 +62,11 @@ namespace DAL.Repositories
var isAdding = action == "adding";
var groupSuffix = $"{webapp.AdWebAppName}_{department.AdGroupDepartmentName}";
if (!LdapManager.IsWindreamSuffixGroup(groupSuffix)) return true;
if (!_ldapManager.IsWindreamSuffixGroup(groupSuffix)) return true;
try
{
if (isAdding) result = LdapManager.AD_AddUserloginToGroup(employee.LoginName, groupSuffix);
else result = LdapManager.AD_RemoveUserFromGroup(employee.LoginName, groupSuffix);
if (isAdding) result = _ldapManager.AD_AddUserloginToGroup(employee.LoginName, groupSuffix);
else result = _ldapManager.AD_RemoveUserFromGroup(employee.LoginName, groupSuffix);
}
catch (Exception ex)
{

9
DAL/Repositories/WebAppToWebAppAdditionalRoleRepository.cs
View File

@ -12,8 +12,11 @@ namespace DAL.Repositories
{
public class WebAppToWebAppAdditionalRoleRepository : BaseRepository<WebAppToWebAppAdditionalRole>
{
public WebAppToWebAppAdditionalRoleRepository(WebApiContext context) : base(context)
private readonly LdapManager _ldapManager;
public WebAppToWebAppAdditionalRoleRepository(WebApiContext context, LdapManager ldapManager) : base(context)
{
_ldapManager = ldapManager;
}
public async Task<List<WebAppToWebAppAdditionalRole>> GetListByFilterAsync(EmployeeToWebAppFilter filter, bool asNoTracking = true)
@ -60,8 +63,8 @@ namespace DAL.Repositories
var groupSuffix = $"{webapp.AdWebAppName}_{webappRole.AdWebAppAdditionalRoleName}";
try
{
if (isAdding) result = LdapManager.AD_AddUserloginToGroup(employee.LoginName, groupSuffix);
else result = LdapManager.AD_RemoveUserFromGroup(employee.LoginName, groupSuffix);
if (isAdding) result = _ldapManager.AD_AddUserloginToGroup(employee.LoginName, groupSuffix);
else result = _ldapManager.AD_RemoveUserFromGroup(employee.LoginName, groupSuffix);
}
catch (Exception ex)
{

5
HRD.LDAPService/DIExtensions.cs
View File

@ -12,8 +12,9 @@ namespace HRD.LDAPService
{
services
.AddSingleton<LdapAuthenticationService>()
.AddSingleton<JwtManager>();
.AddSingleton<JwtManager>()
.AddSingleton<LdapManager>();
return services;
}

22
HRD.LDAPService/Ldap/LdapGlobals.cs
View File

@ -1,22 +0,0 @@
namespace HRD.LDAPService
{
public static class LdapGlobals
{
private static bool _isLive;
public static bool LDAP_WebAppGroup_Is_Live { get => _isLive; set => _isLive = value; }
public const string LDAP_WINDREAM = "Windream_";
public const string LDAP_DOMAIN = "dhr.local";
public const string LDAP_PATH_EDM = "OU=DMS,OU=Gruppen,OU=DHDEAB,DC=dhr,DC=local";
public const string LDAP_PATH_WEBAPPS = "OU=Web-Apps,OU=Gruppen,OU=DHDEAB,DC=dhr,DC=local";
public const string LDAP_EDMUser_Prefix = "GG_EDMUser_Group";
public const string LDAP_EDMAdmin_Prefix = "GG_EDMAdmin_Group";
public const string LDAP_EDM_Prefix = "GG_EDM";
public const string LDAP_WebAppp_Prefix = "GG_WebApp";
public const string LDAP_Prefix_Test = "__Test";
}
}

73
HRD.LDAPService/Ldap/LdapManager.cs
View File

@ -1,19 +1,28 @@
using System;
using HRD.LDAPService.Ldap;
using Microsoft.Extensions.Options;
using System;
using System.Collections.Generic;
using System.DirectoryServices.AccountManagement;
using System.Linq;
namespace HRD.LDAPService
{
public static class LdapManager
public class LdapManager
{
public static bool AD_AddUserloginToGroup(string userLogin, string group4User)
private readonly LdapOptions _ldapOptions;
public LdapManager(IOptions<LdapOptions> ldapOptions)
{
_ldapOptions = ldapOptions.Value;
}
public bool AD_AddUserloginToGroup(string userLogin, string group4User)
{
string groupName = GetFullGroupName(group4User);
try
{
using (PrincipalContext principalContext = new PrincipalContext(ContextType.Domain, LdapGlobals.LDAP_DOMAIN))
using (PrincipalContext principalContext = new PrincipalContext(ContextType.Domain, _ldapOptions.LDAP_DOMAIN))
{
UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(principalContext, IdentityType.SamAccountName, userLogin);
if (userPrincipal == default)
@ -59,13 +68,13 @@ namespace HRD.LDAPService
}
}
public static bool CheckAndCreateAdGroup(string adGroupName)
public bool CheckAndCreateAdGroup(string adGroupName)
{
try
{
// set up domain context and binding to the OU=Web-Apps
var adPath = AD_GroupPath(adGroupName);
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, LdapGlobals.LDAP_DOMAIN, adPath))
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, _ldapOptions.LDAP_DOMAIN, adPath))
{
var group = GroupPrincipal.FindByIdentity(ctx, IdentityType.Name, adGroupName);
if (group != null)
@ -88,7 +97,7 @@ namespace HRD.LDAPService
}
}
public static List<string> GetAdUserLoginList4AdGroups(List<string> adGroupNames)
public List<string> GetAdUserLoginList4AdGroups(List<string> adGroupNames)
{
if (adGroupNames == null) { return default; }
List<string> result = new List<string>();
@ -102,14 +111,14 @@ namespace HRD.LDAPService
return result;
}
public static List<string> GetAdUserLoginList4AdGroup(string adGroupName)
public List<string> GetAdUserLoginList4AdGroup(string adGroupName)
{
try
{
List<string> result = new List<string>();
// set up domain context and binding to the OU=Web-Apps
var adPath = AD_GroupPath(adGroupName);
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, LdapGlobals.LDAP_DOMAIN, adPath))
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, _ldapOptions.LDAP_DOMAIN, adPath))
{
var group = GroupPrincipal.FindByIdentity(ctx, IdentityType.Name, adGroupName);
if (group == null)
@ -129,7 +138,7 @@ namespace HRD.LDAPService
}
}
public static bool CheckAndCreateAdGroups(List<string> adGroupNames)
public bool CheckAndCreateAdGroups(List<string> adGroupNames)
{
if (adGroupNames == null) { return false; }
@ -144,13 +153,13 @@ namespace HRD.LDAPService
return true;
}
public static bool CreateAdGroup(string adGroupName)
public bool CreateAdGroup(string adGroupName)
{
try
{
// set up domain context and binding to the OU=TechWriters organizational unit in your company
var adPath = AD_GroupPath(adGroupName);
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, LdapGlobals.LDAP_DOMAIN, adPath))
using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, _ldapOptions.LDAP_DOMAIN, adPath))
{
// create a new group principal, give it a name
using (GroupPrincipal group = new GroupPrincipal(ctx, adGroupName))
@ -170,71 +179,71 @@ namespace HRD.LDAPService
}
}
public static bool IsWindreamADGroup(string adGroupName)
public bool IsWindreamADGroup(string adGroupName)
{
return adGroupName.StartsWith(LdapGlobals.LDAP_EDM_Prefix, StringComparison.InvariantCultureIgnoreCase);
return adGroupName.StartsWith(_ldapOptions.LDAP_EDM_Prefix, StringComparison.InvariantCultureIgnoreCase);
}
public static bool IsWindreamSuffixGroup(string suffixGroupName)
public bool IsWindreamSuffixGroup(string suffixGroupName)
{
return suffixGroupName.StartsWith(LdapGlobals.LDAP_WINDREAM, StringComparison.InvariantCultureIgnoreCase);
return suffixGroupName.StartsWith(_ldapOptions.LDAP_WINDREAM, StringComparison.InvariantCultureIgnoreCase);
}
public static bool IsWindreamAdminGroup(string suffixGroupName)
public bool IsWindreamAdminGroup(string suffixGroupName)
{
return suffixGroupName.StartsWith(LdapGlobals.LDAP_WINDREAM + "Admin", StringComparison.InvariantCultureIgnoreCase);
return suffixGroupName.StartsWith(_ldapOptions.LDAP_WINDREAM + "Admin", StringComparison.InvariantCultureIgnoreCase);
}
public static bool IsWindreamUserGroup(string suffixGroupName)
public bool IsWindreamUserGroup(string suffixGroupName)
{
return suffixGroupName.StartsWith(LdapGlobals.LDAP_WINDREAM + "User", StringComparison.InvariantCultureIgnoreCase);
return suffixGroupName.StartsWith(_ldapOptions.LDAP_WINDREAM + "User", StringComparison.InvariantCultureIgnoreCase);
}
public static string AD_GroupPath(string adGroupName)
public string AD_GroupPath(string adGroupName)
{
if (IsWindreamADGroup(adGroupName))
{
return LdapGlobals.LDAP_PATH_EDM;
return _ldapOptions.LDAP_PATH_EDM;
}
else
{
return LdapGlobals.LDAP_PATH_WEBAPPS;
return _ldapOptions.LDAP_PATH_WEBAPPS;
}
}
public static string GetFullGroupName(string groupNameSuffix)
public string GetFullGroupName(string groupNameSuffix)
{
//Mapping Windream_User => GG_EDMUser_Group_Live or GG_EDM__Test_User_Group
//Mapping Windream_Admin => GG_EDMAdmin_Group or GG_EDM__Test_Admin_Group
//Mapping Windream_Technik => GG_EDM_Technik or GG_EDM__Test_Technik
var testPrefix = !LdapGlobals.LDAP_WebAppGroup_Is_Live ? LdapGlobals.LDAP_Prefix_Test : "";
var testPrefix = !_ldapOptions.LDAP_WebAppGroup_Is_Live ? _ldapOptions.LDAP_Prefix_Test : "";
if (IsWindreamAdminGroup(groupNameSuffix))
{
return LdapGlobals.LDAP_EDMAdmin_Prefix + testPrefix;
return _ldapOptions.LDAP_EDMAdmin_Prefix + testPrefix;
}
else if (IsWindreamUserGroup(groupNameSuffix))
{
return LdapGlobals.LDAP_EDMUser_Prefix + testPrefix;
return _ldapOptions.LDAP_EDMUser_Prefix + testPrefix;
}
else
{
return (IsWindreamSuffixGroup(groupNameSuffix) ? LdapGlobals.LDAP_EDM_Prefix : LdapGlobals.LDAP_WebAppp_Prefix) + testPrefix + "_" + groupNameSuffix.Replace(LdapGlobals.LDAP_WINDREAM, "");
return (IsWindreamSuffixGroup(groupNameSuffix) ? _ldapOptions.LDAP_EDM_Prefix : _ldapOptions.LDAP_WebAppp_Prefix) + testPrefix + "_" + groupNameSuffix.Replace(_ldapOptions.LDAP_WINDREAM, "");
}
}
public static bool AD_RemoveUserFromGroup(string userId, string group4User)
public bool AD_RemoveUserFromGroup(string userId, string group4User)
{
string groupName = GetFullGroupName(group4User);
// secure that no windream user or admin can be deleted
if (groupName.Equals(LdapGlobals.LDAP_EDMUser_Prefix, StringComparison.CurrentCultureIgnoreCase)
|| groupName.Equals(LdapGlobals.LDAP_EDMAdmin_Prefix, StringComparison.CurrentCultureIgnoreCase))
if (groupName.Equals(_ldapOptions.LDAP_EDMUser_Prefix, StringComparison.CurrentCultureIgnoreCase)
|| groupName.Equals(_ldapOptions.LDAP_EDMAdmin_Prefix, StringComparison.CurrentCultureIgnoreCase))
{
return true;
}
try
{
using var principalContext = new PrincipalContext(ContextType.Domain, LdapGlobals.LDAP_DOMAIN);
using var principalContext = new PrincipalContext(ContextType.Domain, _ldapOptions.LDAP_DOMAIN);
UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(principalContext, IdentityType.SamAccountName, userId);
if (userPrincipal == default)
{