public async Task <IHttpActionResult> Post(ApplicationSettings entity, CancellationToken ct)
{
if (!ModelState.IsValid)
{
return(Request.CreateBadRequestResult(Resources.BadRequestErrorMessage, ModelState));
}
var dbEntity =
await _uow.ApplicationSettings.GetByUserIdAndApplicationIdAsync(
entity.UserId, entity.ApplicationId, ct);
if (dbEntity != null)
{
//return Request.CreateConflictResponse("Duplicated");
//Esoterica host does not allow the verbs DELETE, PUT or PATCH so we update the entity here
return(await Put(entity.UserId, entity.ApplicationId, entity, null, ct));
}
await _uow.BeginAsync(ct);
entity.Application =
await _uow.Security.Applications.GetByIdAsync(
entity.ApplicationId, ct);
if (entity.Application == null)
{
return(NotFound());
}
entity.CreatedOn = entity.UpdatedOn = DateTimeOffset.Now;
if (entity.Values == null)
{
entity.Values = new Dictionary <string, object>();
}
entity.Value = JsonConvert.SerializeObject(entity.Values);
entity = await _uow.ApplicationSettings.AddAsync(entity, ct);
await _uow.CommitAsync(ct);
return(Created(entity));
}
public async Task <IHttpActionResult> Post(AuthorizationRequest entity, CancellationToken ct)
{
if (entity == null)
{
ModelState.AddModelError("entity", Resources.ModelValidation_RequiredScoped);
return(Request.CreateBadRequestResult(Resources.BadRequestErrorMessage, ModelState));
}
await _uow.BeginAsync(ct);
var user = await GetUserAsync(entity.UserName.Trim().ToLowerInvariant(), entity.Password, ct);
if (user == null)
{
return(Request.CreateConflictResponse(Resources.Conflict_Authorizations_InvalidCredentials));
}
if (!user.EmailConfirmed)
{
return(Request.CreateConflictResponse(Resources.Conflict_Authorizations_MissingEmailConfirmation));
}
// Try to find an existing token for the application
var authenticationToken = await GetApiAuthenticationTokenAsync(user.Id, entity.ApplicationId, ct);
if (authenticationToken == null)
{
// Searches if the application exists
var application = await GetApiApplicationUserAsync(entity.ApplicationId, ct);
if (application == null)
{
ModelState.AddModelError(
"request.ApplicationId", Resources.Conflict_Authorizations_ApiApplicationNotFoundScoped);
return(Request.CreateConflictResponse(Resources.Conflict_Shared_GenericMessage, ModelState));
}
// Create a new global refresh token without any access tokens
authenticationToken =
await AddApiAuthenticationTokenAsync(user, application, ct);
}
// Always create a new access token with a TTL of 1h
var authenticationAccessToken =
new ApiAuthenticationAccessToken
{
AccessToken = Guid.NewGuid(),
ExpirationDate = DateTime.Now.AddHours(1)
};
authenticationToken.ApiAuthenticationAccessTokens.Add(authenticationAccessToken);
await _uow.CommitAsync(ct);
entity.Authorization =
new Authorization
{
AccessToken =
authenticationAccessToken.AccessToken.ToString()
.EncodeToBase64ASCII(),
RefreshToken =
authenticationToken.RefreshToken.ToString().EncodeToBase64ASCII(),
ExpiresIn =
(int)
authenticationAccessToken.ExpirationDate.Subtract(DateTime.Now)
.TotalMinutes,
UserName = user.UserName
};
return(Created(entity));
}
public async Task <IHttpActionResult> Get(
[FromODataUri] string applicationId, [FromODataUri] string refreshToken, CancellationToken ct)
{
var applicationIdDecoded = applicationId.DecodeFromBase64ASCII();
var refreshTokenDecoded = Guid.Parse(refreshToken.DecodeFromBase64ASCII());
await _uow.BeginAsync(ct);
var apiApplication = await _uow.Security.Applications.GetByIdAsync(applicationIdDecoded, ct);
if (apiApplication == null)
{
ModelState.AddModelError(
"applicationId", Resources.Conflict_Authorizations_ApiApplicationNotFoundScoped);
return(Request.CreateConflictResponse(Resources.Conflict_Shared_GenericMessage, ModelState));
}
var authenticationToken =
await _uow.ExecuteQueryAndGetFirstOrDefaultAsync(
_uow.Security.ApiAuthenticationTokens.GetAllAndFetch(e => e.BaseApiUser)
.Where(at =>
at.ApiApplicationId == applicationIdDecoded &&
at.RefreshToken == refreshTokenDecoded), ct);
if (authenticationToken == null)
{
ModelState.AddModelError(
"refreshToken", Resources.Conflict_Authorizations_RefreshTokenNotFound);
return(Request.CreateConflictResponse(Resources.Conflict_Shared_GenericMessage, ModelState));
}
// Always create a new access token
var authenticationAccessToken =
new ApiAuthenticationAccessToken
{
AccessToken = Guid.NewGuid(),
ExpirationDate = DateTime.Now.AddHours(1)
};
authenticationToken.ApiAuthenticationAccessTokens.Add(authenticationAccessToken);
await _uow.CommitAsync(ct);
var entity =
new AuthorizationRefresh
{
ApplicationId = applicationId,
RefreshToken = refreshToken,
Authorization =
new Authorization
{
AccessToken = authenticationAccessToken.AccessToken.ToString().EncodeToBase64ASCII(),
RefreshToken = authenticationToken.RefreshToken.ToString().EncodeToBase64ASCII(),
ExpiresIn =
(int)authenticationAccessToken.ExpirationDate.Subtract(DateTime.Now).TotalMinutes,
UserName = authenticationToken.BaseApiUser.UserName
}
};
return(Ok(entity));
}