Beispiel #1
0
        public IActionResult EditAccessToken([FromBody] CanvasPersonalAccessToken canvasToken)
        {
            var encodedToken = _tokenManager.ReadAndValidateToken(Request.Headers[_config.authHeader]);
            var handler      = new JwtSecurityTokenHandler();
            JwtSecurityToken decodedToken;

            try
            {
                decodedToken = handler.ReadJwtToken(encodedToken);
            }
            catch (ArgumentException)
            {
                return(new UnauthorizedObjectResult("User Token Is Not Valid"));
            }

            var userId = _tokenManager.GetUserIdFromToken(decodedToken);

            if (userId == canvasToken.AppUserId)
            {
                if (_canvasTokenManager.UpdateCanvasPat(canvasToken))
                {
                    return(new OkObjectResult($"Successfully Updated token: {canvasToken.TokenName}"));
                }
                else
                {
                    return(new BadRequestObjectResult("An error occured while trying to save the token"));
                }
            }
            else
            {
                return(new UnauthorizedObjectResult("You do not have permission to edit this token"));
            }
        }
        /// <summary>
        /// Updates the details of a Canvas PAT
        /// </summary>
        /// <param name="personalAccessToken">The PAT to update</param>
        /// <returns>Boolean: Whether or not the update operation was successful</returns>
        public bool UpdateCanvasPat(CanvasPersonalAccessToken personalAccessToken)
        {
            var token = _dbCtx.PersonalAccessTokens.Where(x => x.Id == personalAccessToken.Id).FirstOrDefault();

            if (token == null)
            {
                return(false);
            }

            var oldToken = new CanvasPersonalAccessToken()
            {
                TokenName   = token.TokenName,
                AccessToken = token.AccessToken
            };

            token.TokenName   = personalAccessToken.TokenName;
            token.AccessToken = personalAccessToken.AccessToken;

            try
            {
                _dbCtx.SaveChanges();
                return(true);
            }
            catch (DbUpdateConcurrencyException e)
            {
                foreach (var item in e.Entries)
                {
                    if (item.Entity is CanvasPersonalAccessToken)
                    {
                        var currValues = item.CurrentValues;
                        var dbValues   = item.GetDatabaseValues();

                        foreach (var property in currValues.Properties)
                        {
                            var currentValue = currValues[property];
                            var dbValue      = dbValues[property];
                        }

                        // Refresh the original values to bypass next concurrency check
                        item.OriginalValues.SetValues(dbValues);
                    }
                    else
                    {
                        return(false);
                    }
                }
                return(true);
            }
            catch (Exception)
            {
                // Rollback changes to access token
                token.TokenName   = oldToken.TokenName;
                token.AccessToken = oldToken.AccessToken;
                return(false);
            }
        }
        public void Edit_Access_Token_Invalid_User()
        {
            var controller = new AuthController(_dbCtx);
            var creds      = new LoginCredentials()
            {
                Username = "******",
                Password = "******"
            };
            var result = controller.LoginUser(creds) as ObjectResult;

            var token = ((AuthResponse)result.Value).ResponseToken;

            var httpContext = new DefaultHttpContext();

            httpContext.Request.Headers[_config.authHeader] = $"Bearer {token}";

            var controllerContext = new ControllerContext()
            {
                HttpContext = httpContext
            };

            var canvasController = new CanvasAccessTokenController(_dbCtx);

            canvasController.ControllerContext = controllerContext;

            var tokenToUpdate = _dbCtx.PersonalAccessTokens.Where(x => x.TokenName.Equals("Nolen1")).FirstOrDefault();

            var updatedInfo = new CanvasPersonalAccessToken()
            {
                Id          = tokenToUpdate.Id,
                TokenName   = tokenToUpdate.TokenName,
                AccessToken = tokenToUpdate.AccessToken,
                AppUserId   = tokenToUpdate.AppUserId,
                RowVersion  = tokenToUpdate.RowVersion
            };

            updatedInfo.TokenName = "Nolen31";

            canvasController.EditAccessToken(updatedInfo);

            var updatedToken = _dbCtx.PersonalAccessTokens.Where(x => x.TokenName.Equals("Nolen31")).FirstOrDefault();

            var outcome = updatedToken == null;

            Assert.True(outcome);
        }
Beispiel #4
0
        public IActionResult AddCanvasToken([FromBody] CanvasToken canvasToken)
        {
            var encodedToken = _tokenManager.ReadAndValidateToken(Request.Headers[_config.authHeader]);
            var handler      = new JwtSecurityTokenHandler();
            JwtSecurityToken decodedToken;

            try
            {
                decodedToken = handler.ReadJwtToken(encodedToken);
            }
            catch (ArgumentException)
            {
                return(new UnauthorizedObjectResult("User Token Is Not Valid"));
            }

            var userId = _tokenManager.GetUserIdFromToken(decodedToken);

            if (userId == -1)
            {
                return(new NotFoundObjectResult("Failed to find User"));
            }

            var pat = new CanvasPersonalAccessToken()
            {
                TokenName   = canvasToken.TokenName,
                AccessToken = canvasToken.ApiKey,
                AppUserId   = userId,
                TokenActive = false
            };

            _dbCtx.PersonalAccessTokens.Add(pat);

            try
            {
                _dbCtx.SaveChanges();
                return(new OkObjectResult($"Canvas token: {pat.TokenName} was successfully added!"));
            }
            catch (Exception)
            {
                // Rollback token addition
                _dbCtx.PersonalAccessTokens.Remove(pat);
                return(new NotFoundObjectResult("Failed to Add Canvas Token"));
            }
        }