2019-05-22 00:13:23 +00:00
parent 4ef6b98658
commit b8a32edc29
2 changed files with 14 additions and 10 deletions
--- a/server/AyaNova/Controllers/AuthController.cs
+++ b/server/AyaNova/Controllers/AuthController.cs
@@ -71,7 +71,7 @@ namespace AyaNova.Api.Controllers
            {
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
            }
-            int nFailedAuthDelay = 10000;
+            int nFailedAuthDelay = 3000;//should be just long enough to make brute force a hassle but short enough to not annoy people who just mistyped their creds to login


 #if (DEBUG)
@@ -116,6 +116,7 @@ namespace AyaNova.Api.Controllers
                            { "exp", exp.ToUnixTimeSeconds().ToString() },//in payload exp must be in unix epoch time per standard
                            { "iss", Issuer },
                            { "id", "1" },
+                            { "name","Manager Account - TESTING"},
                            { "ayanova/roles", "0" }
                        };
                string TestToken = Jose.JWT.Encode(payload, secretKey, Algorithm);
@@ -197,6 +198,7 @@ namespace AyaNova.Api.Controllers
                            { "exp", exp.ToUnixTimeSeconds().ToString() },//in payload exp must be in unix epoch time per standard
                            { "iss", "ayanova.com" },
                            { "id", u.Id.ToString() },
+                            { "name", u.Name},
                            { "ayanova/roles", ((int)u.Roles).ToString() }
                        };

--- a/server/AyaNova/biz/BizRoles.cs
+++ b/server/AyaNova/biz/BizRoles.cs
@@ -36,7 +36,7 @@ namespace AyaNova.Biz
            //            
            roles.Add(AyaType.User, new BizRoleSet()
            {
-                Change = AuthorizationRoles.BizAdminFull,                
+                Change = AuthorizationRoles.BizAdminFull,
                ReadFullRecord = AuthorizationRoles.BizAdminLimited
            });

@@ -157,26 +157,28 @@ namespace AyaNova.Biz

            #region output as JSON for client side
 #if (DEBUG)
-     
-     //################## HOW TO USE ##########
-     //##############  Uncomment SerializeObject line, put a break on lastRoles, copy from the output in the LOG (good for javascript with quotes formatted that way) #######
-     // #### NEED to separately take a copy and update "lastRoles" string here by copying from the variable watch in the debugger because need the C# format escaped quotes string
+
+            //################## HOW TO USE ##########
+            //##############  Uncomment SerializeObject line, put a break on lastRoles, copy from the output in the LOG (good for javascript with quotes formatted that way) #######
+            // #### NEED to separately take a copy and update "lastRoles" string here by copying from the variable watch in the debugger because need the C# format escaped quotes string

            //GENERATE JSON FROM ROLES
-            string json = Newtonsoft.Json.JsonConvert.SerializeObject(roles, Newtonsoft.Json.Formatting.None);            
-            
+            string json = Newtonsoft.Json.JsonConvert.SerializeObject(roles, Newtonsoft.Json.Formatting.None);
+
            //Output roles JSON FRAGMENT string for CLIENT to log
            System.Diagnostics.Debugger.Log(1, "JSONFRAGMENTFORCLIENT", "BizRoles.cs -> Client roles JSON fragment:");
            System.Diagnostics.Debugger.Log(1, "JSONFRAGMENTFORCLIENT", json);

            //ONGOING VALIDATION TO CATCH MISMATCH WHEN NEW ROLES ADDED (wont' catch changes to existing unfortunately)
-            var lastRoles = "{\r\n  \"User\": {\r\n    \"Change\": 2,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 1\r\n  },\r\n  \"UserOptions\": {\r\n    \"Change\": 2,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 1\r\n  },\r\n  \"Widget\": {\r\n    \"Change\": 34,\r\n    \"EditOwn\": 256,\r\n    \"ReadFullRecord\": 17\r\n  },\r\n  \"ServerState\": {\r\n    \"Change\": 16384,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 32767\r\n  },\r\n  \"License\": {\r\n    \"Change\": 16386,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 8193\r\n  },\r\n  \"LogFile\": {\r\n    \"Change\": 0,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 24576\r\n  },\r\n  \"JobOperations\": {\r\n    \"Change\": 16384,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 8195\r\n  },\r\n  \"AyaNova7Import\": {\r\n    \"Change\": 16384,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 0\r\n  },\r\n  \"Metrics\": {\r\n    \"Change\": 0,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 24576\r\n  },\r\n  \"Locale\": {\r\n    \"Change\": 16386,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 32767\r\n  },\r\n  \"DataFilter\": {\r\n    \"Change\": 2,\r\n    \"EditOwn\": 32767,\r\n    \"ReadFullRecord\": 32767\r\n  },\r\n  \"FormCustom\": {\r\n    \"Change\": 2,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 32767\r\n  }\r\n}";
+            // var lastRoles = "{\r\n  \"User\": {\r\n    \"Change\": 2,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 1\r\n  },\r\n  \"UserOptions\": {\r\n    \"Change\": 2,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 1\r\n  },\r\n  \"Widget\": {\r\n    \"Change\": 34,\r\n    \"EditOwn\": 256,\r\n    \"ReadFullRecord\": 17\r\n  },\r\n  \"ServerState\": {\r\n    \"Change\": 16384,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 32767\r\n  },\r\n  \"License\": {\r\n    \"Change\": 16386,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 8193\r\n  },\r\n  \"LogFile\": {\r\n    \"Change\": 0,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 24576\r\n  },\r\n  \"JobOperations\": {\r\n    \"Change\": 16384,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 8195\r\n  },\r\n  \"AyaNova7Import\": {\r\n    \"Change\": 16384,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 0\r\n  },\r\n  \"Metrics\": {\r\n    \"Change\": 0,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 24576\r\n  },\r\n  \"Locale\": {\r\n    \"Change\": 16386,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 32767\r\n  },\r\n  \"DataFilter\": {\r\n    \"Change\": 2,\r\n    \"EditOwn\": 32767,\r\n    \"ReadFullRecord\": 32767\r\n  },\r\n  \"FormCustom\": {\r\n    \"Change\": 2,\r\n    \"EditOwn\": 0,\r\n    \"ReadFullRecord\": 32767\r\n  }\r\n}";
+            var lastRoles = "{\"User\":{\"Change\":2,\"ReadFullRecord\":1},\"UserOptions\":{\"Change\":2,\"ReadFullRecord\":1},\"Widget\":{\"Change\":34,\"ReadFullRecord\":17},\"ServerState\":{\"Change\":16384,\"ReadFullRecord\":32767},\"License\":{\"Change\":16386,\"ReadFullRecord\":8193},\"LogFile\":{\"Change\":0,\"ReadFullRecord\":24576},\"JobOperations\":{\"Change\":16384,\"ReadFullRecord\":8195},\"AyaNova7Import\":{\"Change\":16384,\"ReadFullRecord\":0},\"Metrics\":{\"Change\":0,\"ReadFullRecord\":24576},\"Locale\":{\"Change\":16386,\"ReadFullRecord\":32767},\"DataFilter\":{\"Change\":2,\"ReadFullRecord\":32767},\"FormCustom\":{\"Change\":2,\"ReadFullRecord\":32767}}";
+
            Dictionary<AyaType, BizRoleSet> lastRolesDeserialized = Newtonsoft.Json.JsonConvert.DeserializeObject<Dictionary<AyaType, BizRoleSet>>(lastRoles);
            if (lastRolesDeserialized.Count != roles.Count)
            {
                throw new System.ArgumentException("BizRoles::Constructor - roles were modified from last snapshot for client!!!");
            }
-            
+

 #endif
            #endregion