/// <summary>
/// Checks if user is authorized as an administrator.
/// </summary>
/// <param name="request">HttpRequest being performed.</param>
private async Task authorizeAdministrator(HttpRequest request)
{
StringValues userAgentHeaderValue;
bool hasUserAgentHeader = request.Headers.TryGetValue(USER_AGENT_HEADER, out userAgentHeaderValue);
StringValues secretHeaderValue;
bool hasSecretHeader = request.Headers.TryGetValue(SECRET_HEADER, out secretHeaderValue);
string sessionCookieValue;
bool hasSessionCookie = request.Cookies.TryGetValue(SESSION_COOKIE_NAME, out sessionCookieValue);
if (!hasUserAgentHeader)
{
throw new ArgumentException(USER_AGENT_HEADER_NOT_FOUND);
}
if (!hasSecretHeader)
{
throw new ArgumentException(SECRET_HEADER_NOT_FOUND);
}
if (!hasSessionCookie)
{
throw new ArgumentException(SESSION_COOKIE_NOT_FOUND);
}
HttpClient client = this.clientFactory.CreateClient(MYCA_CLIENT_NAME);
Uri uri = new Uri(client.BaseAddress + "/autho?administrator=true");
HttpRequestMessage requestMessage = new HttpRequestMessage(HttpMethod.Get, uri);
requestMessage.Headers.TryAddWithoutValidation(SECRET_HEADER, secretHeaderValue.ToString());
requestMessage.Headers.TryAddWithoutValidation(USER_AGENT_HEADER, userAgentHeaderValue.ToString());
requestMessage.Headers.TryAddWithoutValidation(COOKIE_HEADER, "MYCASESSION=" + sessionCookieValue);
var response = await client.SendAsync(requestMessage);
if (response.StatusCode != HttpStatusCode.NoContent)
{
if (response.StatusCode == HttpStatusCode.Unauthorized)
{
SimpleJSONMessageService message = await response.Content.ReadAsAsync <SimpleJSONMessageService>();
throw new NotAuthorizedException(message.message);
}
else if (response.StatusCode == HttpStatusCode.InternalServerError)
{
throw new Exception(AUTHORIZATION_SERVICE_UNEXPECTED_ERROR);
}
}
}
/// <summary>
/// Capture a user's API token and adds it as a header to the request made to the CustomizedProductController.
/// </summary>
/// <param name="request">HttpRequest being performed.</param>
private async Task captureUserApiToken(HttpRequest request)
{
string sessionCookieValue;
bool hasSessionCookie = request.Cookies.TryGetValue(SESSION_COOKIE_NAME, out sessionCookieValue);
StringValues userAgentHeaderValue;
bool hasUserAgentHeader = request.Headers.TryGetValue(USER_AGENT_HEADER, out userAgentHeaderValue);
StringValues secretHeaderValue;
bool hasSecretHeader = request.Headers.TryGetValue(SECRET_HEADER, out secretHeaderValue);
HttpClient httpClient = this.clientFactory.CreateClient(MYCA_CLIENT_NAME);
Uri userUri = new Uri(httpClient.BaseAddress + "/users");
HttpRequestMessage userRequestMessage = new HttpRequestMessage(HttpMethod.Get, userUri);
userRequestMessage.Headers.TryAddWithoutValidation(SECRET_HEADER, secretHeaderValue.ToString());
userRequestMessage.Headers.TryAddWithoutValidation(USER_AGENT_HEADER, userAgentHeaderValue.ToString());
userRequestMessage.Headers.TryAddWithoutValidation(COOKIE_HEADER, "MYCASESSION=" + sessionCookieValue);
var userResponse = await httpClient.SendAsync(userRequestMessage);
if (userResponse.StatusCode == HttpStatusCode.OK)
{
UserDetailsModelView userDetailsModelView = await userResponse.Content.ReadAsAsync <UserDetailsModelView>();
request.Headers.TryAdd(USER_TOKEN_HEADER, userDetailsModelView.apiToken);
}
else
{
SimpleJSONMessageService message = await userResponse.Content.ReadAsAsync <SimpleJSONMessageService>();
if (userResponse.StatusCode == HttpStatusCode.BadRequest)
{
throw new ArgumentException(message.message);
}
else if (userResponse.StatusCode == HttpStatusCode.Unauthorized)
{
throw new NotAuthorizedException(message.message);
}
else if (userResponse.StatusCode == HttpStatusCode.InternalServerError)
{
throw new Exception(AUTHORIZATION_SERVICE_UNEXPECTED_ERROR);
}
}
}
/// <summary>
/// Checks if user is authorized as a client.
/// </summary>
/// <param name="request">HttpRequest being performed.</param>
private async Task authorizeClient(HttpRequest request)
{
string sessionCookieValue;
bool hasSessionCookie = request.Cookies.TryGetValue(SESSION_COOKIE_NAME, out sessionCookieValue);
//if the session cookie has a value, check if the user is authorized as a client
if (hasSessionCookie && sessionCookieValue.Length > 0)
{
StringValues userAgentHeaderValue;
bool hasUserAgentHeader = request.Headers.TryGetValue(USER_AGENT_HEADER, out userAgentHeaderValue);
StringValues secretHeaderValue;
bool hasSecretHeader = request.Headers.TryGetValue(SECRET_HEADER, out secretHeaderValue);
HttpClient authorizationClient = this.clientFactory.CreateClient(MYCA_CLIENT_NAME);
Uri authorizationUri = new Uri(authorizationClient.BaseAddress + "/autho");
HttpRequestMessage requestMessage = new HttpRequestMessage(HttpMethod.Get, authorizationUri);
requestMessage.Headers.TryAddWithoutValidation(SECRET_HEADER, secretHeaderValue.ToString());
requestMessage.Headers.TryAddWithoutValidation(USER_AGENT_HEADER, userAgentHeaderValue.ToString());
requestMessage.Headers.TryAddWithoutValidation(COOKIE_HEADER, "MYCASESSION=" + sessionCookieValue);
var response = await authorizationClient.SendAsync(requestMessage);
if (response.StatusCode != HttpStatusCode.NoContent)
{
if (response.StatusCode == HttpStatusCode.Unauthorized)
{
SimpleJSONMessageService message = await response.Content.ReadAsAsync <SimpleJSONMessageService>();
throw new NotAuthorizedException(message.message);
}
else if (response.StatusCode == HttpStatusCode.InternalServerError)
{
throw new Exception(AUTHORIZATION_SERVICE_UNEXPECTED_ERROR);
}
}
//if the user is authorized, capture the api token
await this.captureUserApiToken(request);
}
}
