private async Task <IUser> GetCurrentUserAsync(WopiRequest wopiRequest, CancellationToken cancellationToken)
{
var tokenValue = wopiRequest.AccessTokenValue;
var contentId = wopiRequest is FilesRequest fileRequest?int.Parse(fileRequest.FileId) : 0;
var token = await AccessTokenVault.GetTokenAsync(tokenValue, contentId, AccessTokenFeatureName, cancellationToken)
.ConfigureAwait(false);
if (token == null)
{
throw new UnauthorizedAccessException(); // 404
}
using (new SystemAccount())
{
if (await Node.LoadNodeAsync(token.UserId, cancellationToken).ConfigureAwait(false) is IUser user)
{
// TODO: This method only sets the User.Current property in sensenet, not the
// main context User in Asp.Net. Check if it would be better if we changed
// or modified the context user earlier in the pipeline.
return(user);
}
}
return(null);
}
public async Task AccessToken_Get_ForUser()
{
await NoRepoIntegrationTestAsync(async() =>
{
await AccessTokenVault.DeleteAllAccessTokensAsync(CancellationToken.None);
var userId = 42;
var timeout = TimeSpan.FromMinutes(10);
var savedToken = await AccessTokenVault.CreateTokenAsync(userId, timeout, CancellationToken.None);
// ACTION
var token = await AccessTokenVault.GetTokenAsync(savedToken.Value, CancellationToken.None);
// ASSERT
AssertTokensAreEqual(savedToken, token);
});
}
public async Task AccessToken_Get_Expired()
{
await NoRepoIntegrationTestAsync(async() =>
{
await AccessTokenVault.DeleteAllAccessTokensAsync(CancellationToken.None);
var userId = 42;
var timeout = TimeSpan.FromMilliseconds(1);
var savedToken = await AccessTokenVault.CreateTokenAsync(userId, timeout, CancellationToken.None);
// ACTION
Thread.Sleep(10);
var token = await AccessTokenVault.GetTokenAsync(savedToken.Value, CancellationToken.None);
// ASSERT
Assert.IsNull(token);
});
}
public async Task AccessToken_Update()
{
await NoRepoIntegrationTestAsync(async() =>
{
await AccessTokenVault.DeleteAllAccessTokensAsync(CancellationToken.None);
var userId = 42;
var timeout = TimeSpan.FromMinutes(10.0d);
var savedToken = await AccessTokenVault.CreateTokenAsync(userId, timeout, CancellationToken.None);
Assert.IsTrue(savedToken.ExpirationDate < DateTime.UtcNow.AddMinutes(20.0d));
// ACTION
await AccessTokenVault.UpdateTokenAsync(savedToken.Value, DateTime.UtcNow.AddMinutes(30.0d), CancellationToken.None);
// ASSERT
var loadedToken = await AccessTokenVault.GetTokenAsync(savedToken.Value, CancellationToken.None);
Assert.IsNotNull(loadedToken);
Assert.IsTrue(loadedToken.ExpirationDate > DateTime.UtcNow.AddMinutes(20.0d));
});
}
public async Task AccessToken_Get_ForUserContentAndFeature()
{
await NoRepoIntegrationTestAsync(async() =>
{
await AccessTokenVault.DeleteAllAccessTokensAsync(CancellationToken.None);
var userId = 42;
var contentId = 142;
var feature = "Feature1";
var timeout = TimeSpan.FromMinutes(10);
var savedToken = await AccessTokenVault.CreateTokenAsync(userId, timeout, contentId, feature, CancellationToken.None);
// ACTION
var token = await AccessTokenVault.GetTokenAsync(savedToken.Value, contentId, feature, CancellationToken.None);
// ASSERT
AssertTokensAreEqual(savedToken, token);
Assert.IsNull(await AccessTokenVault.GetTokenAsync(savedToken.Value, CancellationToken.None));
Assert.IsNull(await AccessTokenVault.GetTokenAsync(savedToken.Value, 0, feature, CancellationToken.None));
Assert.IsNull(await AccessTokenVault.GetTokenAsync(savedToken.Value, contentId, CancellationToken.None));
});
}