source: trunk/sources/HeuristicLab.Security.Core/3.2/PermissionManager.cs @ 1737

Last change on this file since 1737 was 1737, checked in by svonolfe, 12 years ago

Passwords are now stored in MD5 in the database (#532)

File size: 4.5 KB
Line 
1using System;
2using System.Collections.Generic;
3using System.Text;
4using System.Threading;
5using HeuristicLab.Security.Contracts.Interfaces;
6using HeuristicLab.Security.Contracts.BusinessObjects;
7using HeuristicLab.Security.DataAccess;
8using HeuristicLab.DataAccess.Interfaces;
9using HeuristicLab.PluginInfrastructure;
10using System.Security.Cryptography;
11
12namespace HeuristicLab.Security.Core {
13  public class PermissionManager : IPermissionManager{
14
15    private static ISessionFactory factory = ServiceLocator.GetSessionFactory();
16
17    private static ISession session;
18   
19    private static IDictionary<Guid,string> currentSessions = new Dictionary<Guid, string>();
20    Object locker = new Object();
21
22    private static string getMd5Hash(string input) {
23      // Create a new instance of the MD5CryptoServiceProvider object.
24      MD5 md5Hasher = MD5.Create();
25
26      // Convert the input string to a byte array and compute the hash.
27      byte[] data = md5Hasher.ComputeHash(Encoding.Default.GetBytes(input));
28
29      // Create a new Stringbuilder to collect the bytes
30      // and create a string.
31      StringBuilder sBuilder = new StringBuilder();
32
33      // Loop through each byte of the hashed data
34      // and format each one as a hexadecimal string.
35      for (int i = 0; i < data.Length; i++) {
36        sBuilder.Append(data[i].ToString("x2"));
37      }
38
39      // Return the hexadecimal string.
40      return sBuilder.ToString();
41    }
42
43   /// <summary>
44   /// If a session exists for this userName then it is returned, otherwise the given password
45   /// is checked and a new session is created.
46   /// </summary>
47   /// <param name="userName"></param>
48   /// <param name="password"></param>
49   /// <returns></returns>
50    public Guid Authenticate(String userName, String password) {
51      lock (locker)
52        if (currentSessions.Values.Contains(userName))
53          return GetGuid(userName);
54      try {
55        session = factory.GetSessionForCurrentThread();
56
57        password = getMd5Hash(password);
58
59        IUserAdapter userAdapter = session.GetDataAdapter<User, IUserAdapter>();
60        User user = userAdapter.GetByLogin(userName);
61
62        if (user != null &&
63            user.Password.Equals(password)) {
64          Guid newSessionId = Guid.NewGuid();
65          lock (locker)
66            currentSessions.Add(newSessionId, userName);
67          return newSessionId;
68        } else return Guid.Empty;
69      }
70      finally {
71        if (session != null)
72          session.EndSession();
73      }
74    }
75
76    /// <summary>
77    /// Checks if the owner of the given session has the given permission.
78    /// </summary>
79    /// <param name="sessionId"></param>
80    /// <param name="permissionId"></param>
81    /// <param name="entityId"></param>
82    /// <returns></returns>
83    public bool CheckPermission(Guid sessionId, Guid permissionId, Guid entityId) {
84      string userName;
85      bool existsSession;
86      lock (locker)
87        existsSession = currentSessions.TryGetValue(sessionId, out userName);
88      if (existsSession) {
89        try {
90          session = factory.GetSessionForCurrentThread();
91         
92          IPermissionOwnerAdapter permOwnerAdapter = session.GetDataAdapter<PermissionOwner, IPermissionOwnerAdapter>();
93          PermissionOwner permOwner = permOwnerAdapter.GetByName(userName);
94
95          IPermissionAdapter permissionAdapter = session.GetDataAdapter<Permission, IPermissionAdapter>();
96          Permission permission = permissionAdapter.GetById(permissionId);
97         
98          if ((permission != null) && (permOwner != null))
99            return (permissionAdapter.getPermission(permOwner.Id, permission.Id, entityId) != null);
100          else return false;
101        }
102        finally {
103          if (session != null)
104            session.EndSession();
105        }
106      } else return false;
107    }
108
109    /// <summary>
110    /// Removes the given session.
111    /// </summary>
112    /// <param name="sessionId"></param>
113    public void EndSession(Guid sessionId) {
114      lock (locker) {
115        if (currentSessions.Keys.Contains(sessionId))
116          currentSessions.Remove(sessionId);
117      }
118    }
119
120    /// <summary>
121    /// Gets the sessionId for a user.
122    /// </summary>
123    /// <param name="userName"></param>
124    /// <returns></returns>
125    public Guid GetGuid(string userName) {
126      foreach (Guid guid in currentSessions.Keys)
127        if (currentSessions[guid].CompareTo(userName) == 0)
128          return guid;
129      return Guid.Empty;
130    }
131  }
132}
Note: See TracBrowser for help on using the repository browser.