#2438 add model for security related information, change general settings json and add function to retrieve security settings (model <-> json)

Author: sventhiel

Components/AAA/BExIS.Security.Services/Subjects/UserManager.cs

@@ -1,6 +1,8 @@
 using BExIS.Security.Entities.Subjects;
 using BExIS.Security.Services.Authentication;
 using BExIS.Security.Services.Utilities;
+using BExIS.Utils.Config;
+using BExIS.Utils.Config.Configurations;
 using BExIS.Utils.NH.Querying;
 using Microsoft.AspNet.Identity;
 using Microsoft.AspNet.Identity.Owin;
@@ -16,23 +18,26 @@ namespace BExIS.Security.Services.Subjects
 {
     public class UserManager : UserManager<User, long>
     {
+        private SecurityConfiguration _securityConfiguration;
         public UserManager(IUserStore<User, long> store): base(store)
         {
+            _securityConfiguration = GeneralSettings.SecurityConfiguration;
+
             // Configure validation logic for usernames
             UserValidator = new UserValidator<User, long>(this)
             {
-                AllowOnlyAlphanumericUserNames = false,
-                RequireUniqueEmail = true
+                AllowOnlyAlphanumericUserNames = _securityConfiguration.UserValidatorConfiguration.AllowOnlyAlphanumericUserNames,
+                RequireUniqueEmail = _securityConfiguration.UserValidatorConfiguration.RequireUniqueEmail
             };
 
             // Configure validation logic for passwords
             PasswordValidator = new PasswordValidator
             {
-                RequiredLength = 12,
-                RequireNonLetterOrDigit = true,
-                RequireDigit = true,
-                RequireLowercase = true,
-                RequireUppercase = true
+                RequiredLength = _securityConfiguration.PasswordValidatorConfiguration.RequiredLength,
+                RequireNonLetterOrDigit = _securityConfiguration.PasswordValidatorConfiguration.RequireNonLetterOrDigit,
+                RequireDigit = _securityConfiguration.PasswordValidatorConfiguration.RequireDigit,
+                RequireLowercase = _securityConfiguration.PasswordValidatorConfiguration.RequireLowercase,
+                RequireUppercase = _securityConfiguration.PasswordValidatorConfiguration.RequireUppercase
             };
 
             // Configure user lockout defaults

Components/AAA/BExIS.Security.Services/Subjects/UserStore.cs

@@ -1,10 +1,7 @@
 using BExIS.Security.Entities.Authentication;
 using BExIS.Security.Entities.Authorization;
 using BExIS.Security.Entities.Subjects;
-using BExIS.Utils.NH.Querying;
 using Microsoft.AspNet.Identity;
-using NHibernate;
-using Owin.Security.Providers.Orcid.Message;
 using System;
 using System.Collections.Generic;
 using System.Data;

Components/Utils/BExIS.Utils.Config/BExIS.Utils.Config.csproj

@@ -71,6 +71,7 @@
     <Compile Include="Configurations\CurationConfiguration.cs" />
     <Compile Include="Configurations\JwtConfiguration.cs" />
     <Compile Include="Configurations\LdapConfiguration.cs" />
+    <Compile Include="Configurations\SecurityConfiguration.cs" />
     <Compile Include="Configurations\SmtpConfiguration.cs" />
     <Compile Include="GeneralSettings.cs" />
     <Compile Include="Properties\AssemblyInfo.cs" />

Components/Utils/BExIS.Utils.Config/Configurations/SecurityConfiguration.cs

@@ -0,0 +1,45 @@
+using Newtonsoft.Json;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace BExIS.Utils.Config.Configurations
+{
+    public class SecurityConfiguration
+    {
+        [JsonProperty("userValidatorConfiguration")]
+        public UserValidatorConfiguration UserValidatorConfiguration { get; set; }
+
+        [JsonProperty("passwordValidatorConfiguration")]
+        public PasswordValidatorConfiguration PasswordValidatorConfiguration { get; set; }
+    }
+
+    public class UserValidatorConfiguration
+    {
+        [JsonProperty("allowOnlyAlphanumericUserNames")]
+        public bool AllowOnlyAlphanumericUserNames { get; set; }
+
+        [JsonProperty("requireUniqueEmail")]
+        public bool RequireUniqueEmail { get; set; }
+    }
+
+    public class PasswordValidatorConfiguration
+    {
+        [JsonProperty("requiredLength")]
+        public int RequiredLength { get; set; }
+
+        [JsonProperty("requireNonLetterOrDigit")]
+        public bool RequireNonLetterOrDigit { get; set; }
+
+        [JsonProperty("requireDigit")]
+        public bool RequireDigit { get; set; }
+
+        [JsonProperty("requireLowercase")]
+        public bool RequireLowercase { get; set; }
+
+        [JsonProperty("requireUppercase")]
+        public bool RequireUppercase { get; set; }
+    }
+}

Components/Utils/BExIS.Utils.Config/GeneralSettings.cs

@@ -124,6 +124,14 @@ public static string FAQ
             }
         }
 
+        public static SecurityConfiguration SecurityConfiguration
+        {
+            get
+            {
+                return JsonConvert.DeserializeObject<SecurityConfiguration>(GetValueByKey("security").ToString());
+            }
+        }
+
         public static JwtConfiguration JwtConfiguration
         {
             get

Console/BExIS.Web.Shell/General.Settings.json

@@ -10,6 +10,25 @@
       "type": "String",
       "description": "(Short) name of the BEXIS2 instance. The name is e.g., used in the breadcrumb or as prefix in emails sent via the system. Avoid special characters or to long names."
     },
+    {
+      "key": "security",
+      "title": "Security",
+      "value": {
+        "userValidatorConfiguration": {
+          "allowOnlyAlphanumericUserNames": true,
+          "requireUniqueEmail": true
+        },
+        "passwordValidatorConfiguration": {
+          "requiredLength": 8,
+          "requireDigit": true,
+          "requireLowercase": true,
+          "requireUppercase": true,
+          "requireNonAlphanumeric": false
+        }
+      },
+      "type": "JSON",
+      "description": "Security Settings."
+    },
     {
       "key": "jwt",
       "title": "JWT",
@@ -19,7 +38,7 @@
         "validateIssuer": true,
         "validAudience": "http://localhost:3000",
         "validIssuer": "https://localhost:7041",
-        "issuerSigningKey": "",
+        "issuerSigningKey": "abcdefghijklmnopqrstuvwxyz",
         "validateLifetime": true,
         "validLifetime": 1
       },
@@ -117,84 +136,84 @@
           "value": "https://github.com/BEXIS2/Core/wiki/FAQ"
         }
       ]
-    },    
-      {
-        "key": "landingPage",
-        "title": "Landing Page (without login)",
-        "value": "ddm, publicsearch, index",
-        "type": "String",
-        "description": "User is not logging in -> app goes to e.g. (ddm, publicsearch, index). If no destination is entered, the landingpage.htm is loaded from the tenant/content/landingpage.htm"
-      },
-      {
-        "key": "showMenuOnLandingPage",
-        "title": "Show menu on landing page",
-        "value": "true",
-        "type": "Boolean",
-        "description": "Show or hide menu on your own created landing page"
-      },
-      {
-        "key": "showHeaderOnLandingPage",
-        "title": "Show header on landing page",
-        "value": "true",
-        "type": "Boolean",
-        "description": "Show or hide header on your own created landing page"
-      },
-      {
-        "key": "showFooterOnLandingPage",
-        "title": "Show footer on landing page",
-        "value": "true",
-        "type": "Boolean",
-        "description": "Show or hide footer on your own created landing page"
-      },
-      {
-        "key": "landingPageForUsers",
-        "title": "Landing Page after login for users with permission",
-        "value": "ddm, search, index",
-        "type": "String",
-        "description": "User logged in, but does not have permission to view the page; shell, home, nopermission is by default; Alternatives must be in a module NOT shell"
-      },
-      {
-        "key": "landingPageForUsersNoPermission",
-        "title": "Landing Page after login for users with no permission",
-        "value": "shell, home, nopermission",
-        "type": "String",
-        "description": "Landing page for users, after logging in successfully without permission."
-      },
-      {
-        "key": "systemEmail",
-        "title": "System E-Mail Address",
-        "value": "david.schoene@uni-jena.de",
-        "type": "String",
-        "description": "All administrative information will be sent to this email."
-      },
-      {
-        "key": "usePersonEmailAttributeName",
-        "title": "Use Person E-Mail Attribute Name",
-        "value": false,
-        "type": "Boolean",
-        "description": "To activate the linkage between between user email and a party email set Use Person E-Mail Attribute Name to true and define the party party attribute. If one of the email addresses is changed the other is changed as well."
-      },
-      {
-        "key": "personEmailAttributeName",
-        "title": "Person E-Mail Attribute Name",
-        "value": "Email",
-        "type": "String",
-        "description": "To activate the linkage between between user email and a party email set Use Person E-Mail Attribute Name to true and define the party party attribute. If one of the email addresses is changed the other is changed as well."
-      },
-      {
-        "key": "useMultimediaModule",
-        "title": "Use Multimedia Module?",
-        "value": true,
-        "type": "Boolean",
-        "description": "This flag turns on/off the Multimedia Module."
-      },
-      {
-        "key": "faq",
-        "title": "FAQ",
-        "value": "https://github.com/BEXIS2/Core/wiki/FAQ",
-        "type": "String",
-        "description": "FAQ URL. Can link to an external page."
-      }
+    },
+    {
+      "key": "landingPage",
+      "title": "Landing Page (without login)",
+      "value": "ddm, publicsearch, index",
+      "type": "String",
+      "description": "User is not logging in -> app goes to e.g. (ddm, publicsearch, index). If no destination is entered, the landingpage.htm is loaded from the tenant/content/landingpage.htm"
+    },
+    {
+      "key": "showMenuOnLandingPage",
+      "title": "Show menu on landing page",
+      "value": "true",
+      "type": "Boolean",
+      "description": "Show or hide menu on your own created landing page"
+    },
+    {
+      "key": "showHeaderOnLandingPage",
+      "title": "Show header on landing page",
+      "value": "true",
+      "type": "Boolean",
+      "description": "Show or hide header on your own created landing page"
+    },
+    {
+      "key": "showFooterOnLandingPage",
+      "title": "Show footer on landing page",
+      "value": "true",
+      "type": "Boolean",
+      "description": "Show or hide footer on your own created landing page"
+    },
+    {
+      "key": "landingPageForUsers",
+      "title": "Landing Page after login for users with permission",
+      "value": "ddm, search, index",
+      "type": "String",
+      "description": "User logged in, but does not have permission to view the page; shell, home, nopermission is by default; Alternatives must be in a module NOT shell"
+    },
+    {
+      "key": "landingPageForUsersNoPermission",
+      "title": "Landing Page after login for users with no permission",
+      "value": "shell, home, nopermission",
+      "type": "String",
+      "description": "Landing page for users, after logging in successfully without permission."
+    },
+    {
+      "key": "systemEmail",
+      "title": "System E-Mail Address",
+      "value": "david.schoene@uni-jena.de",
+      "type": "String",
+      "description": "All administrative information will be sent to this email."
+    },
+    {
+      "key": "usePersonEmailAttributeName",
+      "title": "Use Person E-Mail Attribute Name",
+      "value": false,
+      "type": "Boolean",
+      "description": "To activate the linkage between between user email and a party email set Use Person E-Mail Attribute Name to true and define the party party attribute. If one of the email addresses is changed the other is changed as well."
+    },
+    {
+      "key": "personEmailAttributeName",
+      "title": "Person E-Mail Attribute Name",
+      "value": "Email",
+      "type": "String",
+      "description": "To activate the linkage between between user email and a party email set Use Person E-Mail Attribute Name to true and define the party party attribute. If one of the email addresses is changed the other is changed as well."
+    },
+    {
+      "key": "useMultimediaModule",
+      "title": "Use Multimedia Module?",
+      "value": true,
+      "type": "Boolean",
+      "description": "This flag turns on/off the Multimedia Module."
+    },
+    {
+      "key": "faq",
+      "title": "FAQ",
+      "value": "https://github.com/BEXIS2/Core/wiki/FAQ",
+      "type": "String",
+      "description": "FAQ URL. Can link to an external page."
+    }
 
   ]
 }