From eedc726440c069ecc1432a7b3770db02d759d92a Mon Sep 17 00:00:00 2001 From: Developer 02 Date: Mon, 5 Aug 2024 14:31:59 +0200 Subject: [PATCH] =?UTF-8?q?feat:=20LdapOptions=20erstellt=20anstelle=20sta?= =?UTF-8?q?tischer=20(fest=20codierter)=20Konfigurationswerte,=20LdapOptio?= =?UTF-8?q?ns=20und=20Abh=C3=A4ngigkeitsinjektionen=20daf=C3=BCr=20hinzuge?= =?UTF-8?q?f=C3=BCgt?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../EmployeeToWebAppRepository.cs | 21 +++--- .../WebAppToDepartmentRepository.cs | 11 ++- .../WebAppToWebAppAdditionalRoleRepository.cs | 9 ++- HRD.LDAPService/DIExtensions.cs | 5 +- HRD.LDAPService/Ldap/LdapGlobals.cs | 22 ------ HRD.LDAPService/Ldap/LdapManager.cs | 73 +++++++++++-------- 6 files changed, 69 insertions(+), 72 deletions(-) delete mode 100644 HRD.LDAPService/Ldap/LdapGlobals.cs diff --git a/DAL/Repositories/EmployeeToWebAppRepository.cs b/DAL/Repositories/EmployeeToWebAppRepository.cs index ef220fa..6eb5233 100644 --- a/DAL/Repositories/EmployeeToWebAppRepository.cs +++ b/DAL/Repositories/EmployeeToWebAppRepository.cs @@ -12,8 +12,11 @@ namespace DAL.Repositories { public class EmployeeToWebAppRepository : BaseRepository { - public EmployeeToWebAppRepository(WebApiContext context) : base(context) + private readonly LdapManager _ldapManager; + + public EmployeeToWebAppRepository(WebApiContext context, LdapManager ldapManager) : base(context) { + _ldapManager = ldapManager; } public async Task DeleteEmloyeeToWebAppAsync(int webAppId) @@ -75,24 +78,24 @@ namespace DAL.Repositories if (department != default && !string.IsNullOrEmpty(department.AdGroupDepartmentName)) { groupSuffix = $"{webapp.AdWebAppName}_{department.AdGroupDepartmentName}"; - if (LdapManager.IsWindreamSuffixGroup(groupSuffix)) + if (_ldapManager.IsWindreamSuffixGroup(groupSuffix)) { - if (isAdding) result = LdapManager.AD_AddUserloginToGroup(employee.LoginName, groupSuffix); - else result = LdapManager.AD_RemoveUserFromGroup(employee.LoginName, groupSuffix); + if (isAdding) result = _ldapManager.AD_AddUserloginToGroup(employee.LoginName, groupSuffix); + else result = _ldapManager.AD_RemoveUserFromGroup(employee.LoginName, groupSuffix); } } if (webappRole != default) { groupSuffix = $"{webapp.AdWebAppName}_{webappRole.WebAppRoleName}"; - if (isAdding) result = LdapManager.AD_AddUserloginToGroup(employee.LoginName, groupSuffix); - else result = LdapManager.AD_RemoveUserFromGroup(employee.LoginName, groupSuffix); + if (isAdding) result = _ldapManager.AD_AddUserloginToGroup(employee.LoginName, groupSuffix); + else result = _ldapManager.AD_RemoveUserFromGroup(employee.LoginName, groupSuffix); - if (LdapManager.IsWindreamAdminGroup(groupSuffix)) + if (_ldapManager.IsWindreamAdminGroup(groupSuffix)) { groupSuffix = $"{webapp.AdWebAppName}_User"; - if (isAdding) result = LdapManager.AD_AddUserloginToGroup(employee.LoginName, groupSuffix); - else result = LdapManager.AD_RemoveUserFromGroup(employee.LoginName, groupSuffix); + if (isAdding) result = _ldapManager.AD_AddUserloginToGroup(employee.LoginName, groupSuffix); + else result = _ldapManager.AD_RemoveUserFromGroup(employee.LoginName, groupSuffix); } } } diff --git a/DAL/Repositories/WebAppToDepartmentRepository.cs b/DAL/Repositories/WebAppToDepartmentRepository.cs index d92ea0a..69114a6 100644 --- a/DAL/Repositories/WebAppToDepartmentRepository.cs +++ b/DAL/Repositories/WebAppToDepartmentRepository.cs @@ -12,8 +12,11 @@ namespace DAL.Repositories { public class WebAppToDepartmentRepository : BaseRepository { - public WebAppToDepartmentRepository(WebApiContext context) : base(context) + private readonly LdapManager _ldapManager; + + public WebAppToDepartmentRepository(WebApiContext context, LdapManager ldapManager) : base(context) { + _ldapManager = ldapManager; } public async Task> GetListByFilterAsync(EmployeeToWebAppFilter filter, bool asNoTracking = true) @@ -59,11 +62,11 @@ namespace DAL.Repositories var isAdding = action == "adding"; var groupSuffix = $"{webapp.AdWebAppName}_{department.AdGroupDepartmentName}"; - if (!LdapManager.IsWindreamSuffixGroup(groupSuffix)) return true; + if (!_ldapManager.IsWindreamSuffixGroup(groupSuffix)) return true; try { - if (isAdding) result = LdapManager.AD_AddUserloginToGroup(employee.LoginName, groupSuffix); - else result = LdapManager.AD_RemoveUserFromGroup(employee.LoginName, groupSuffix); + if (isAdding) result = _ldapManager.AD_AddUserloginToGroup(employee.LoginName, groupSuffix); + else result = _ldapManager.AD_RemoveUserFromGroup(employee.LoginName, groupSuffix); } catch (Exception ex) { diff --git a/DAL/Repositories/WebAppToWebAppAdditionalRoleRepository.cs b/DAL/Repositories/WebAppToWebAppAdditionalRoleRepository.cs index 72b4d24..cf3855c 100644 --- a/DAL/Repositories/WebAppToWebAppAdditionalRoleRepository.cs +++ b/DAL/Repositories/WebAppToWebAppAdditionalRoleRepository.cs @@ -12,8 +12,11 @@ namespace DAL.Repositories { public class WebAppToWebAppAdditionalRoleRepository : BaseRepository { - public WebAppToWebAppAdditionalRoleRepository(WebApiContext context) : base(context) + private readonly LdapManager _ldapManager; + + public WebAppToWebAppAdditionalRoleRepository(WebApiContext context, LdapManager ldapManager) : base(context) { + _ldapManager = ldapManager; } public async Task> GetListByFilterAsync(EmployeeToWebAppFilter filter, bool asNoTracking = true) @@ -60,8 +63,8 @@ namespace DAL.Repositories var groupSuffix = $"{webapp.AdWebAppName}_{webappRole.AdWebAppAdditionalRoleName}"; try { - if (isAdding) result = LdapManager.AD_AddUserloginToGroup(employee.LoginName, groupSuffix); - else result = LdapManager.AD_RemoveUserFromGroup(employee.LoginName, groupSuffix); + if (isAdding) result = _ldapManager.AD_AddUserloginToGroup(employee.LoginName, groupSuffix); + else result = _ldapManager.AD_RemoveUserFromGroup(employee.LoginName, groupSuffix); } catch (Exception ex) { diff --git a/HRD.LDAPService/DIExtensions.cs b/HRD.LDAPService/DIExtensions.cs index 3988be9..aa3d712 100644 --- a/HRD.LDAPService/DIExtensions.cs +++ b/HRD.LDAPService/DIExtensions.cs @@ -12,8 +12,9 @@ namespace HRD.LDAPService { services .AddSingleton() - .AddSingleton(); - + .AddSingleton() + .AddSingleton(); + return services; } diff --git a/HRD.LDAPService/Ldap/LdapGlobals.cs b/HRD.LDAPService/Ldap/LdapGlobals.cs deleted file mode 100644 index 16a1941..0000000 --- a/HRD.LDAPService/Ldap/LdapGlobals.cs +++ /dev/null @@ -1,22 +0,0 @@ -namespace HRD.LDAPService -{ - public static class LdapGlobals - { - private static bool _isLive; - public static bool LDAP_WebAppGroup_Is_Live { get => _isLive; set => _isLive = value; } - - public const string LDAP_WINDREAM = "Windream_"; - - public const string LDAP_DOMAIN = "dhr.local"; - - public const string LDAP_PATH_EDM = "OU=DMS,OU=Gruppen,OU=DHDEAB,DC=dhr,DC=local"; - public const string LDAP_PATH_WEBAPPS = "OU=Web-Apps,OU=Gruppen,OU=DHDEAB,DC=dhr,DC=local"; - - public const string LDAP_EDMUser_Prefix = "GG_EDMUser_Group"; - public const string LDAP_EDMAdmin_Prefix = "GG_EDMAdmin_Group"; - - public const string LDAP_EDM_Prefix = "GG_EDM"; - public const string LDAP_WebAppp_Prefix = "GG_WebApp"; - public const string LDAP_Prefix_Test = "__Test"; - } -} \ No newline at end of file diff --git a/HRD.LDAPService/Ldap/LdapManager.cs b/HRD.LDAPService/Ldap/LdapManager.cs index 549f446..285a432 100644 --- a/HRD.LDAPService/Ldap/LdapManager.cs +++ b/HRD.LDAPService/Ldap/LdapManager.cs @@ -1,19 +1,28 @@ -using System; +using HRD.LDAPService.Ldap; +using Microsoft.Extensions.Options; +using System; using System.Collections.Generic; using System.DirectoryServices.AccountManagement; using System.Linq; namespace HRD.LDAPService { - public static class LdapManager + public class LdapManager { - public static bool AD_AddUserloginToGroup(string userLogin, string group4User) + private readonly LdapOptions _ldapOptions; + + public LdapManager(IOptions ldapOptions) + { + _ldapOptions = ldapOptions.Value; + } + + public bool AD_AddUserloginToGroup(string userLogin, string group4User) { string groupName = GetFullGroupName(group4User); try { - using (PrincipalContext principalContext = new PrincipalContext(ContextType.Domain, LdapGlobals.LDAP_DOMAIN)) + using (PrincipalContext principalContext = new PrincipalContext(ContextType.Domain, _ldapOptions.LDAP_DOMAIN)) { UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(principalContext, IdentityType.SamAccountName, userLogin); if (userPrincipal == default) @@ -59,13 +68,13 @@ namespace HRD.LDAPService } } - public static bool CheckAndCreateAdGroup(string adGroupName) + public bool CheckAndCreateAdGroup(string adGroupName) { try { // set up domain context and binding to the OU=Web-Apps var adPath = AD_GroupPath(adGroupName); - using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, LdapGlobals.LDAP_DOMAIN, adPath)) + using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, _ldapOptions.LDAP_DOMAIN, adPath)) { var group = GroupPrincipal.FindByIdentity(ctx, IdentityType.Name, adGroupName); if (group != null) @@ -88,7 +97,7 @@ namespace HRD.LDAPService } } - public static List GetAdUserLoginList4AdGroups(List adGroupNames) + public List GetAdUserLoginList4AdGroups(List adGroupNames) { if (adGroupNames == null) { return default; } List result = new List(); @@ -102,14 +111,14 @@ namespace HRD.LDAPService return result; } - public static List GetAdUserLoginList4AdGroup(string adGroupName) + public List GetAdUserLoginList4AdGroup(string adGroupName) { try { List result = new List(); // set up domain context and binding to the OU=Web-Apps var adPath = AD_GroupPath(adGroupName); - using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, LdapGlobals.LDAP_DOMAIN, adPath)) + using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, _ldapOptions.LDAP_DOMAIN, adPath)) { var group = GroupPrincipal.FindByIdentity(ctx, IdentityType.Name, adGroupName); if (group == null) @@ -129,7 +138,7 @@ namespace HRD.LDAPService } } - public static bool CheckAndCreateAdGroups(List adGroupNames) + public bool CheckAndCreateAdGroups(List adGroupNames) { if (adGroupNames == null) { return false; } @@ -144,13 +153,13 @@ namespace HRD.LDAPService return true; } - public static bool CreateAdGroup(string adGroupName) + public bool CreateAdGroup(string adGroupName) { try { // set up domain context and binding to the OU=TechWriters organizational unit in your company var adPath = AD_GroupPath(adGroupName); - using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, LdapGlobals.LDAP_DOMAIN, adPath)) + using (PrincipalContext ctx = new PrincipalContext(ContextType.Domain, _ldapOptions.LDAP_DOMAIN, adPath)) { // create a new group principal, give it a name using (GroupPrincipal group = new GroupPrincipal(ctx, adGroupName)) @@ -170,71 +179,71 @@ namespace HRD.LDAPService } } - public static bool IsWindreamADGroup(string adGroupName) + public bool IsWindreamADGroup(string adGroupName) { - return adGroupName.StartsWith(LdapGlobals.LDAP_EDM_Prefix, StringComparison.InvariantCultureIgnoreCase); + return adGroupName.StartsWith(_ldapOptions.LDAP_EDM_Prefix, StringComparison.InvariantCultureIgnoreCase); } - public static bool IsWindreamSuffixGroup(string suffixGroupName) + public bool IsWindreamSuffixGroup(string suffixGroupName) { - return suffixGroupName.StartsWith(LdapGlobals.LDAP_WINDREAM, StringComparison.InvariantCultureIgnoreCase); + return suffixGroupName.StartsWith(_ldapOptions.LDAP_WINDREAM, StringComparison.InvariantCultureIgnoreCase); } - public static bool IsWindreamAdminGroup(string suffixGroupName) + public bool IsWindreamAdminGroup(string suffixGroupName) { - return suffixGroupName.StartsWith(LdapGlobals.LDAP_WINDREAM + "Admin", StringComparison.InvariantCultureIgnoreCase); + return suffixGroupName.StartsWith(_ldapOptions.LDAP_WINDREAM + "Admin", StringComparison.InvariantCultureIgnoreCase); } - public static bool IsWindreamUserGroup(string suffixGroupName) + public bool IsWindreamUserGroup(string suffixGroupName) { - return suffixGroupName.StartsWith(LdapGlobals.LDAP_WINDREAM + "User", StringComparison.InvariantCultureIgnoreCase); + return suffixGroupName.StartsWith(_ldapOptions.LDAP_WINDREAM + "User", StringComparison.InvariantCultureIgnoreCase); } - public static string AD_GroupPath(string adGroupName) + public string AD_GroupPath(string adGroupName) { if (IsWindreamADGroup(adGroupName)) { - return LdapGlobals.LDAP_PATH_EDM; + return _ldapOptions.LDAP_PATH_EDM; } else { - return LdapGlobals.LDAP_PATH_WEBAPPS; + return _ldapOptions.LDAP_PATH_WEBAPPS; } } - public static string GetFullGroupName(string groupNameSuffix) + public string GetFullGroupName(string groupNameSuffix) { //Mapping Windream_User => GG_EDMUser_Group_Live or GG_EDM__Test_User_Group //Mapping Windream_Admin => GG_EDMAdmin_Group or GG_EDM__Test_Admin_Group //Mapping Windream_Technik => GG_EDM_Technik or GG_EDM__Test_Technik - var testPrefix = !LdapGlobals.LDAP_WebAppGroup_Is_Live ? LdapGlobals.LDAP_Prefix_Test : ""; + var testPrefix = !_ldapOptions.LDAP_WebAppGroup_Is_Live ? _ldapOptions.LDAP_Prefix_Test : ""; if (IsWindreamAdminGroup(groupNameSuffix)) { - return LdapGlobals.LDAP_EDMAdmin_Prefix + testPrefix; + return _ldapOptions.LDAP_EDMAdmin_Prefix + testPrefix; } else if (IsWindreamUserGroup(groupNameSuffix)) { - return LdapGlobals.LDAP_EDMUser_Prefix + testPrefix; + return _ldapOptions.LDAP_EDMUser_Prefix + testPrefix; } else { - return (IsWindreamSuffixGroup(groupNameSuffix) ? LdapGlobals.LDAP_EDM_Prefix : LdapGlobals.LDAP_WebAppp_Prefix) + testPrefix + "_" + groupNameSuffix.Replace(LdapGlobals.LDAP_WINDREAM, ""); + return (IsWindreamSuffixGroup(groupNameSuffix) ? _ldapOptions.LDAP_EDM_Prefix : _ldapOptions.LDAP_WebAppp_Prefix) + testPrefix + "_" + groupNameSuffix.Replace(_ldapOptions.LDAP_WINDREAM, ""); } } - public static bool AD_RemoveUserFromGroup(string userId, string group4User) + public bool AD_RemoveUserFromGroup(string userId, string group4User) { string groupName = GetFullGroupName(group4User); // secure that no windream user or admin can be deleted - if (groupName.Equals(LdapGlobals.LDAP_EDMUser_Prefix, StringComparison.CurrentCultureIgnoreCase) - || groupName.Equals(LdapGlobals.LDAP_EDMAdmin_Prefix, StringComparison.CurrentCultureIgnoreCase)) + if (groupName.Equals(_ldapOptions.LDAP_EDMUser_Prefix, StringComparison.CurrentCultureIgnoreCase) + || groupName.Equals(_ldapOptions.LDAP_EDMAdmin_Prefix, StringComparison.CurrentCultureIgnoreCase)) { return true; } try { - using var principalContext = new PrincipalContext(ContextType.Domain, LdapGlobals.LDAP_DOMAIN); + using var principalContext = new PrincipalContext(ContextType.Domain, _ldapOptions.LDAP_DOMAIN); UserPrincipal userPrincipal = UserPrincipal.FindByIdentity(principalContext, IdentityType.SamAccountName, userId); if (userPrincipal == default) {