public async Task Returns_failure_if_bad_Aurthorization_header()
{
const string AudianceForTest = "audianceForTest";
const string IssuerUrlForTest = "https://issuerUrl.for.test/";
var fakeApiAuthorizationSettingsOptions
= new FakeOptions <OidcApiAuthorizationSettings>()
{
Value = new OidcApiAuthorizationSettings()
{
Audience = AudianceForTest,
IssuerUrl = IssuerUrlForTest
}
};
var fakeAuthorizationHeaderBearerTokenExractor = new FakeAuthorizationHeaderBearerTokenExractor()
{
TokenToReturn = null // No Authorization token was found.
};
var service = new OidcApiAuthorizationService(
fakeApiAuthorizationSettingsOptions,
fakeAuthorizationHeaderBearerTokenExractor,
jwtSecurityTokenHandlerWrapper: null, // Not accessed in this test.
oidcConfigurationManager: null); // Not accessed in this test.
ApiAuthorizationResult result = await service.AuthorizeAsync(
httpRequestHeaders : null);
Assert.True(result.Failed);
Assert.Equal(
"Authorization header is missing, invalid format, or is not a Bearer token.",
result.FailureReason);
}
public async Task <ActionResult> DeleteOrders(
[HttpTrigger(AuthorizationLevel.Anonymous, "DELETE", Route = "DeleteOrders")] HttpRequest req,
ILogger log)
{
log.LogWarning("DeleteOrders function processed a request.");
ApiAuthorizationResult authorizationResult = await _apiAuthorization.AuthorizeAsync(req.Headers);
if (authorizationResult.Failed)
{
log.LogError(authorizationResult.FailureReason);
return(new UnauthorizedResult());
}
log.LogWarning($"HTTP trigger function UpdateOrder request is authorized.");
var orderIdsString = req.Query["orderIds"].ToString();
var orderIdsSplitted = orderIdsString.Split(',');
int[] orderIds = Array.ConvertAll(orderIdsSplitted, s => int.Parse(s));
var orders = OrderRepository.GetAll().Where(x => orderIds.Contains(x.Id)).ToList();
foreach (var order in orders)
{
OrderRepository.Delete(order);
}
OrderRepository.SaveChanges();
return(new OkResult());
}
public async Task <IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = null)] HttpRequest req,
ILogger log)
{
log.LogInformation($"C# HTTP trigger function {nameof(HttpHelloWorldFunction)} processed a request.");
ApiAuthorizationResult authorizationResult = await _apiAuthorization.AuthorizeAsync(req.Headers);
if (authorizationResult.Failed)
{
log.LogWarning(authorizationResult.FailureReason);
return(new UnauthorizedResult());
}
log.LogWarning($"HTTP trigger function {nameof(HttpHelloWorldFunction)} request is authorized.");
string requestBody = await new StreamReader(req.Body).ReadToEndAsync();
dynamic data = JsonConvert.DeserializeObject(requestBody);
string name = data?.name;
string responseMessage = string.IsNullOrEmpty(name)
? "This HTTP triggered function executed successfully. Pass a name in the query string or in the request body for a personalized response."
: $"Hello, {name}. This HTTP triggered function executed successfully.";
return(new OkObjectResult(responseMessage));
}
public async Task <IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = null)] HttpRequest req,
ILogger log)
{
ApiAuthorizationResult authorizationResult = await _apiAuthorization.AuthorizeAsync(req.Headers);
if (authorizationResult.Failed)
{
log.LogWarning(authorizationResult.FailureReason);
return(new UnauthorizedResult());
}
log.LogWarning($"HTTP trigger function {nameof(BookmarkRuleFunction)} request is authorized.");
Bookmark data;
string requestBody = await new StreamReader(req.Body).ReadToEndAsync();
data = JsonConvert.DeserializeObject <Bookmark>(requestBody);
bool isNull = string.IsNullOrEmpty(data?.RuleGuid) || string.IsNullOrEmpty(data?.UserId);
if (data == null || isNull)
{
return(new JsonResult(new
{
error = true,
message = "Request body is empty",
}));
}
var results = await _dbContext.Bookmarks.Query(q => q.Where(w => w.RuleGuid == data.RuleGuid && w.UserId == data.UserId));
var model = results.FirstOrDefault();
if (model == null)
{
model = await _dbContext.Bookmarks.Add(data);
log.LogInformation("Added new bookmark on rule. Id: {0}", model.Id);
}
else
{
log.LogInformation("Bookmark already exists for user {0}", model.UserId);
return(new JsonResult(new
{
error = true,
message = "This rule has already been bookmarked"
}));
}
log.LogInformation($"User: {model.UserId}, Rule: {model.RuleGuid}, Id: {model.Id}");
return(new JsonResult(new
{
error = false,
message = "",
}));
}
public async Task <IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = null)] HttpRequest req,
ILogger log)
{
ApiAuthorizationResult authorizationResult = await _apiAuthorization.AuthorizeAsync(req.Headers);
if (authorizationResult.Failed)
{
log.LogWarning(authorizationResult.FailureReason);
return(new UnauthorizedResult());
}
log.LogWarning($"HTTP trigger function {nameof(RemoveReactionFunction)} request is authorized.");
Reaction data;
string requestBody = await new StreamReader(req.Body).ReadToEndAsync();
data = JsonConvert.DeserializeObject <Reaction>(requestBody);
bool isNull = string.IsNullOrEmpty(data?.RuleGuid) || string.IsNullOrEmpty(data?.UserId) || data?.Type == null;
if (data == null || isNull)
{
return(new JsonResult(new
{
error = true,
message = "Request body is empty",
}));
}
var results = await _dbContext.Reactions.Query(q => q.Where(w => w.RuleGuid == data.RuleGuid && w.UserId == data.UserId));
var model = results.FirstOrDefault();
if (model == null)
{
log.LogInformation("No reaction exists for User {0} and Rule {1}", data.UserId, data.RuleGuid);
return(new JsonResult(new
{
error = true,
message = "No reaction exists for this rule and user",
data.UserId,
data.RuleGuid,
}));
}
var deleteResults = await _dbContext.Reactions.Delete(model);
log.LogInformation($"User: {model.UserId}, Rule: {model.RuleGuid}, Id: {model.Id}");
return(new JsonResult(new
{
error = false,
message = ""
}));
}
public async Task Returns_failure_for_unauthorized_token(string exceptionTypeToThrow)
{
const string AudienceForTest = "AudienceForTest";
const string IssuerUrlForTest = "https://issuerUrl.for.test/";
const string ExtractedTokenForTest = "ExtractedTokenForTest";
Exception exceptionToThrow = exceptionTypeToThrow == "SecurityTokenException"
? new SecurityTokenException()
: new Exception();
var fakeApiAuthorizationSettingsOptions
= new FakeOptions <OidcApiAuthorizationSettings>()
{
Value = new OidcApiAuthorizationSettings()
{
Audience = AudienceForTest,
IssuerUrl = IssuerUrlForTest
}
};
var fakeAuthorizationHeaderBearerTokenExractor = new FakeAuthorizationHeaderBearerTokenExractor()
{
TokenToReturn = ExtractedTokenForTest
};
var fakeJwtSecurityTokenHandlerWrapper = new FakeJwtSecurityTokenHandlerWrapper()
{
// Throw for unauthrorized token.
ExceptionToThrow = exceptionToThrow
};
var fakeOidcConfigurationManager = new FakeOidcConfigurationManager()
{
SecurityKeysForTest = new List <SecurityKey>()
};
IHeaderDictionary httpRequestHeaders = null;
var service = new OidcApiAuthorizationService(
fakeApiAuthorizationSettingsOptions,
fakeAuthorizationHeaderBearerTokenExractor,
fakeJwtSecurityTokenHandlerWrapper,
fakeOidcConfigurationManager);
ApiAuthorizationResult result = await service.AuthorizeAsync(
httpRequestHeaders);
Assert.True(result.Failed);
Assert.Equal(1, fakeJwtSecurityTokenHandlerWrapper.ValidateTokenCalledCount);
Assert.Equal(0, fakeOidcConfigurationManager.RequestRefreshCalledCount);
}
public async Task <IActionResult> GenerateSasToken(
[HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = null)]
HttpRequest req, ILogger log, ExecutionContext context)
{
log.LogWarning($"HTTP trigger function {nameof(GetSasToken)} received a request.");
ApiAuthorizationResult authorizationResult = await _apiAuthorization.AuthorizeAsync(req.Headers);
if (authorizationResult.Failed)
{
log.LogWarning(authorizationResult.FailureReason);
return(new UnauthorizedResult());
}
log.LogWarning($"HTTP trigger function {nameof(GetSasToken)} request is authorized.");
string requestBody = await new StreamReader(req.Body).ReadToEndAsync();
ImageData imageData = JsonConvert.DeserializeObject <ImageData>(requestBody);
CloudStorageAccount storageAccount = GetCloudStorageAccount(context);
var credentials = storageAccount.Credentials;
var accountName = credentials.AccountName;
var accountKey = credentials.ExportBase64EncodedKey();
var fullFileName = GetFullFileName(imageData.SasAccessType);
var blobNamePath = GetBlobNamePath(imageData.SasAccessType);
var blobName = $"{blobNamePath}/{fullFileName}";
// Create an instance of the CloudBlobClient
CloudBlobClient client = storageAccount.CreateCloudBlobClient();
// Retrieve an instance of the container using hard-code container name
CloudBlobContainer container = client.GetContainerReference("cdn");
// Create a SAS token that's valid for one hour
BlobSasBuilder sasBuilder = new BlobSasBuilder
{
ExpiresOn = DateTime.UtcNow.AddHours(1),
BlobContainerName = container.Name,
BlobName = blobName,
Resource = "b"
};
// Specify permission for the SAS
sasBuilder.SetPermissions(BlobSasPermissions.Create);
// Use the key to get the SAS token
string sasToken = sasBuilder.ToSasQueryParameters(new StorageSharedKeyCredential(accountName, accountKey))
.ToString();
var sasUri = $"{container.GetBlobReference(blobName).Uri}?{sasToken}";
return(new OkObjectResult(sasUri));
}
public async Task <IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = null)] HttpRequest req,
ILogger log)
{
ApiAuthorizationResult authorizationResult = await _apiAuthorization.AuthorizeAsync(req.Headers);
if (authorizationResult.Failed)
{
log.LogWarning(authorizationResult.FailureReason);
return(new UnauthorizedResult());
}
log.LogWarning($"HTTP trigger function {nameof(AddUserOrganisationFunction)} request is authorized.");
User data;
string requestBody = await new StreamReader(req.Body).ReadToEndAsync();
data = JsonConvert.DeserializeObject <User>(requestBody);
if (data == null || string.IsNullOrEmpty(data?.UserId))
{
return(new JsonResult(new
{
error = true,
message = "Request body is empty",
}));
}
var existingOrganisation = await _dbContext.Users.Query(q => q.Where(w => w.UserId == data.UserId && w.OrganisationId == data.OrganisationId));
var model = existingOrganisation.FirstOrDefault();
if (model != null)
{
return(new JsonResult(new
{
error = true,
message = "User is already assigned to this organisation",
}));
}
var result = await _dbContext.Users.Add(data);
return(new JsonResult(new
{
error = false,
message = "",
user = result,
}));
}
public async Task Retrys_once_if_SecurityTokenSignatureKeyNotFoundException()
{
const string AudianceForTest = "AudianceForTest";
const string IssuerUrlForTest = "https://issuerUrl.for.test/";
const string ExtractedTokenForTest = "ExtractedTokenForTest";
var fakeApiAuthorizationSettingsOptions
= new FakeOptions <OidcApiAuthorizationSettings>()
{
Value = new OidcApiAuthorizationSettings()
{
Audience = AudianceForTest,
IssuerUrl = IssuerUrlForTest
}
};
var fakeAuthorizationHeaderBearerTokenExractor = new FakeAuthorizationHeaderBearerTokenExractor()
{
TokenToReturn = ExtractedTokenForTest
};
var fakeJwtSecurityTokenHandlerWrapper = new FakeJwtSecurityTokenHandlerWrapper()
{
ThrowFirstTime = true
};
var fakeOidcConfigurationManager = new FakeOidcConfigurationManager()
{
SecurityKeysForTest = new List <SecurityKey>()
};
IHeaderDictionary httpRequestHeaders = null;
var service = new OidcApiAuthorizationService(
fakeApiAuthorizationSettingsOptions,
fakeAuthorizationHeaderBearerTokenExractor,
fakeJwtSecurityTokenHandlerWrapper,
fakeOidcConfigurationManager);
ApiAuthorizationResult result = await service.AuthorizeAsync(
httpRequestHeaders);
Assert.True(result.Success);
Assert.Equal(2, fakeJwtSecurityTokenHandlerWrapper.ValidateTokenCalledCount);
Assert.Equal(1, fakeOidcConfigurationManager.RequestRefreshCalledCount);
}
public async Task <IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Anonymous, Route = null)] HttpRequest req,
ILogger log)
{
ApiAuthorizationResult authorizationResult = await _apiAuthorization.AuthorizeAsync(req.Headers);
if (authorizationResult.Failed)
{
log.LogWarning(authorizationResult.FailureReason);
return(new UnauthorizedResult());
}
log.LogWarning($"HTTP trigger function {nameof(GetUserFunction)} request is authorized.");
string UserId = req.Query["user_id"];
if (string.IsNullOrEmpty(UserId))
{
return(new BadRequestObjectResult(new
{
message = "Missing or empty user_id param",
}));
}
var result = await _dbContext.Users.Query(q => q.Where(w => w.UserId == UserId));
User user = result.FirstOrDefault();
if (user == null)
{
log.LogInformation($"Could not find results for user: {UserId}");
return(new BadRequestObjectResult(new
{
message = "User " + UserId + " was not found",
}));
}
bool commentsConnected = !string.IsNullOrEmpty(user?.CommentsUserId);
return(new OkObjectResult(new
{
user = user,
commentsConnected = commentsConnected,
}));
}
public async Task <IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = null)] HttpRequest req,
ILogger log)
{
ApiAuthorizationResult authorizationResult = await _apiAuthorization.AuthorizeAsync(req.Headers);
if (authorizationResult.Failed)
{
log.LogWarning(authorizationResult.FailureReason);
return(new UnauthorizedResult());
}
log.LogInformation($"C# HTTP trigger function {nameof(GetSecretContentFunction)} processed a request.");
string SecretContentId = req.Query["id"];
if (string.IsNullOrEmpty(SecretContentId))
{
return(new JsonResult(new
{
error = true,
message = "Missing or empty id param",
}));
}
var SecretContents = await _dbContext.SecretContents.Query(q => q.Where(w => w.Id == SecretContentId));
var model = SecretContents.FirstOrDefault();
if (model == null)
{
return(new JsonResult(new
{
error = true,
message = $"Could not find content with id: {SecretContentId}"
}));
}
return(new JsonResult(new
{
error = false,
message = "",
Content = model
}));
}
public async Task Returns_failure_if_cant_get_signing_keys_from_issuer()
{
const string AudianceForTest = "AudianceForTest";
const string IssuerUrlForTest = "https://issuerUrl.for.test/";
const string ExtractedTokenForTest = "ExtractedTokenForTest";
const string ExceptionMessageForTest = "ExceptionMessageForTest";
var fakeApiAuthorizationSettingsOptions
= new FakeOptions <OidcApiAuthorizationSettings>()
{
Value = new OidcApiAuthorizationSettings()
{
Audience = AudianceForTest,
IssuerUrl = IssuerUrlForTest
}
};
var fakeAuthorizationHeaderBearerTokenExractor = new FakeAuthorizationHeaderBearerTokenExractor()
{
TokenToReturn = ExtractedTokenForTest
};
var fakeOidcConfigurationManager = new FakeOidcConfigurationManager()
{
ExceptionMessageForTest = ExceptionMessageForTest,
};
IHeaderDictionary httpRequestHeaders = null;
var service = new OidcApiAuthorizationService(
fakeApiAuthorizationSettingsOptions,
fakeAuthorizationHeaderBearerTokenExractor,
jwtSecurityTokenHandlerWrapper: null, // Not accessed in this test.
fakeOidcConfigurationManager);
ApiAuthorizationResult result = await service.AuthorizeAsync(
httpRequestHeaders);
Assert.True(result.Failed);
Assert.StartsWith(
"Problem getting signing keys from Open ID Connect provider (issuer).",
result.FailureReason);
}
public async Task <IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = null)] HttpRequest req,
ILogger log)
{
ApiAuthorizationResult authorizationResult = await _apiAuthorization.AuthorizeAsync(req.Headers);
if (authorizationResult.Failed)
{
log.LogWarning(authorizationResult.FailureReason);
return(new UnauthorizedResult());
}
log.LogWarning($"HTTP trigger function {nameof(RemoveUserCommentsAccountFunction)} request is authorized.");
string requestBody = await new StreamReader(req.Body).ReadToEndAsync();
User data = JsonConvert.DeserializeObject <User>(requestBody);
if (data == null || string.IsNullOrEmpty(data?.UserId))
{
return(new BadRequestObjectResult(new
{
message = "Request body is empty or UserId is missing",
}));
}
var user = await _dbContext.Users.Query(q => q.Where(w => w.UserId == data.UserId));
User model = user.FirstOrDefault();
if (model == null)
{
return(new BadRequestObjectResult(new
{
message = "User does not exsist"
}));
}
model.CommentsUserId = null;
await _dbContext.Users.Update(model);
return(new OkResult());
}
public async Task <ActionResult <Order[]> > GetOrdersForUser(
[HttpTrigger(AuthorizationLevel.Anonymous, "GET", Route = "GetOrdersForUser")] HttpRequest req,
ILogger log)
{
log.LogWarning("GetOrdersForUser function processed a request.");
ApiAuthorizationResult authorizationResult = await _apiAuthorization.AuthorizeAsync(req.Headers);
if (authorizationResult.Failed)
{
log.LogError(authorizationResult.FailureReason);
return(new UnauthorizedResult());
}
log.LogWarning($"HTTP trigger function GetOrdersForUser request is authorized.");
string userId = req.Query["userId"];
var results = OrderRepository.GetAll().Where(x => x.UserId == userId).ToArray();
return(results);
}
public async Task Returns_success_for_happy_path()
{
const string AudianceForTest = "AudianceForTest";
const string IssuerUrlForTest = "https://issuerUrl.for.test/";
const string ExtractedTokenForTest = "ExtractedTokenForTest";
var fakeApiAuthorizationSettingsOptions
= new FakeOptions <OidcApiAuthorizationSettings>()
{
Value = new OidcApiAuthorizationSettings()
{
Audience = AudianceForTest,
IssuerUrl = IssuerUrlForTest
}
};
var fakeAuthorizationHeaderBearerTokenExractor = new FakeAuthorizationHeaderBearerTokenExractor()
{
TokenToReturn = ExtractedTokenForTest
};
var fakeJwtSecurityTokenHandlerWrapper = new FakeJwtSecurityTokenHandlerWrapper();
var fakeOidcConfigurationManager = new FakeOidcConfigurationManager()
{
SecurityKeysForTest = new List <SecurityKey>()
};
IHeaderDictionary httpRequestHeaders = null;
var service = new OidcApiAuthorizationService(
fakeApiAuthorizationSettingsOptions,
fakeAuthorizationHeaderBearerTokenExractor,
fakeJwtSecurityTokenHandlerWrapper,
fakeOidcConfigurationManager);
ApiAuthorizationResult result = await service.AuthorizeAsync(
httpRequestHeaders);
Assert.True(result.Success);
}
public async Task <ActionResult> DeleteOrder(
[HttpTrigger(AuthorizationLevel.Anonymous, "DELETE", Route = "DeleteOrder")] HttpRequest req,
ILogger log)
{
log.LogWarning("DeleteOrder function processed a request.");
ApiAuthorizationResult authorizationResult = await _apiAuthorization.AuthorizeAsync(req.Headers);
if (authorizationResult.Failed)
{
log.LogError(authorizationResult.FailureReason);
return(new UnauthorizedResult());
}
log.LogWarning($"HTTP trigger function UpdateOrder request is authorized.");
var orderId = int.Parse(req.Query["orderId"].ToString());
var order = OrderRepository.GetAll().Where(x => x.Id == orderId).FirstOrDefault();
OrderRepository.Delete(order);
OrderRepository.SaveChanges();
return(new OkResult());
}
public async Task <ActionResult <Order> > UpdateOrder(
[HttpTrigger(AuthorizationLevel.Anonymous, "PUT", Route = "UpdateOrder")] HttpRequest req,
ILogger log)
{
log.LogWarning("UpdateOrder function processed a request.");
ApiAuthorizationResult authorizationResult = await _apiAuthorization.AuthorizeAsync(req.Headers);
if (authorizationResult.Failed)
{
log.LogError(authorizationResult.FailureReason);
return(new UnauthorizedResult());
}
log.LogWarning($"HTTP trigger function UpdateOrder request is authorized.");
string requestBody = await new StreamReader(req.Body).ReadToEndAsync();
dynamic data = JsonConvert.DeserializeObject <OrderRoot>(requestBody);
var updatedOrder = data.newOrder;
OrderRepository.Update(updatedOrder);
OrderRepository.SaveChanges();
return(updatedOrder);
}
public async Task <IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = null)] HttpRequest req,
ILogger log)
{
log.LogWarning($"HTTP trigger function {nameof(HelloFunction)} received a request.");
ApiAuthorizationResult authorizationResult = await _apiAuthorization.AuthorizeAsync(req.Headers);
if (authorizationResult.Failed)
{
log.LogWarning(authorizationResult.FailureReason);
return(new UnauthorizedResult());
}
log.LogWarning($"HTTP trigger function {nameof(HelloFunction)} request is authorized.");
// Get name from request body.
string requestBody = await new StreamReader(req.Body).ReadToEndAsync();
dynamic data = JsonConvert.DeserializeObject(requestBody);
string name = data?.name;
return(!string.IsNullOrWhiteSpace(name)
? (ActionResult) new OkObjectResult($"Hello, {name}")
: new BadRequestObjectResult("Please pass a name the request body."));
}
/// <summary>
/// Checks the given HTTP request headers for a valid OpenID Connect (OIDC) Authorization token.
/// </summary>
/// <param name="httpRequestHeaders">
/// The HTTP request headers to check.
/// </param>
/// <returns>
/// Informatoin about the success or failure of the authorization.
/// </returns>
public async Task <ApiAuthorizationResult> AuthorizeAsync(
IHeaderDictionary httpRequestHeaders)
{
ApiAuthorizationResult apiAuthorizationResult = null;
string authorizationBearerToken = _authorizationHeaderBearerTokenExractor.GetToken(
httpRequestHeaders);
if (authorizationBearerToken == null)
{
apiAuthorizationResult = new ApiAuthorizationResult(
"Authorization header is missing, invalid format, or is not a Bearer token.");
}
int validationRetryCount = 0;
while (apiAuthorizationResult == null)
{
IEnumerable <SecurityKey> isserSigningKeys = null;
try
{
// Get the cached signing keys if they were retrieved previously.
// If they haven't been retrieved, or the cached keys are stale,
// then a fresh set of signing keys are retrieved from the OpenID Connect provider
// (issuer) cached and returned.
// This method will throw if the configuration cannot be retrieved, instead of returning null.
isserSigningKeys = await _oidcConfigurationManager.GetIssuerSigningKeysAsync();
}
catch (Exception ex)
{
apiAuthorizationResult = new ApiAuthorizationResult(
"Problem getting signing keys from Open ID Connect provider (issuer)."
+ $" ConfigurationManager threw {ex.GetType()} Message: {ex.Message}");
}
if (apiAuthorizationResult == null)
{
// Try to validate the token.
var tokenValidationParameters = new TokenValidationParameters
{
RequireSignedTokens = true,
ValidAudience = _audience,
ValidateAudience = true,
ValidIssuer = _issuerUrl,
ValidateIssuer = true,
ValidateIssuerSigningKey = true,
ValidateLifetime = true,
IssuerSigningKeys = isserSigningKeys
};
try
{
// Throws if the the token cannot be validated.
_jwtSecurityTokenHandlerWrapper.ValidateToken(
authorizationBearerToken,
tokenValidationParameters);
// Successfully authorized.
apiAuthorizationResult = new ApiAuthorizationResult();
}
catch (SecurityTokenSignatureKeyNotFoundException ex)
{
// A SecurityTokenSignatureKeyNotFoundException is thrown if the signing keys for
// validating the JWT could not be found. This could happen if the issuer has
// changed the signing keys since the last time they were retrieved by the
// ConfigurationManager.
if (validationRetryCount == 0)
{
// To handle the SecurityTokenSignatureKeyNotFoundException we ask the
// ConfigurationManger to refresh which will cause it to retrieve the keys again
// the next time we ask for them.
// Then we retry by asking for the signing keys and validating the token again.
// We only retry once.
_oidcConfigurationManager.RequestRefresh();
validationRetryCount++;
// Retry.
}
else
{
// Authorization failed, after retry.
// We've already re-tried after the first SecurityTokenSignatureKeyNotFoundException,
// and we caught the exception again.
apiAuthorizationResult = new ApiAuthorizationResult(
$"Authorization Failed. {ex.GetType()} caught while validating JWT token, after retry."
+ $"Message: {ex.Message}");
}
}
catch (Exception ex)
{
// The authorization fails if any Exception is thrown,
// not just SecurityTokenException.
apiAuthorizationResult = new ApiAuthorizationResult(
$"Authorization Failed. {ex.GetType()} caught while validating JWT token."
+ $"Message: {ex.Message}");
}
}
}
return(apiAuthorizationResult);
}
public async Task <IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = null)] HttpRequest req,
ILogger log)
{
ApiAuthorizationResult authorizationResult = await _apiAuthorization.AuthorizeAsync(req.Headers);
if (authorizationResult.Failed)
{
log.LogWarning(authorizationResult.FailureReason);
return(new UnauthorizedResult());
}
log.LogWarning($"HTTP trigger function {nameof(ReactFunction)} request is authorized.");
Reaction data;
string requestBody = await new StreamReader(req.Body).ReadToEndAsync();
data = JsonConvert.DeserializeObject <Reaction>(requestBody);
bool isNull = string.IsNullOrEmpty(data?.RuleGuid) || string.IsNullOrEmpty(data?.UserId) || data?.Type == null;
if (data == null || isNull)
{
return(new JsonResult(new
{
error = true,
message = "Request body is empty",
}));
}
var results = await _dbContext.Reactions.Query(q => q.Where(w => w.RuleGuid == data.RuleGuid && w.UserId == data.UserId));
var model = results.FirstOrDefault();
log.LogInformation($"reactions on same rule by same user: {results.Count()}");
if (model == null)
{
model = await _dbContext.Reactions.Add(data);
log.LogInformation("Added new reaction. Id: {0}", model.Id);
}
else
{
log.LogInformation("Reaction already exists for user {0}", model.UserId);
if (model.Type != data.Type)
{
model.Type = data.Type;
model = await _dbContext.Reactions.Update(model);
log.LogInformation("Updated reaction to " + model.Type);
}
else
{
log.LogInformation("Reaction is the same. No change");
}
}
log.LogInformation($"User: {model.UserId}, Type: {model.Type}, Rule: {model.RuleGuid}, Id: {model.Id}");
return(new JsonResult(new
{
error = false,
message = "",
reaction = model.Type
}));
}
public async Task <IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Anonymous, "post", Route = null)] HttpRequest req,
ILogger log)
{
ApiAuthorizationResult authorizationResult = await _apiAuthorization.AuthorizeAsync(req.Headers);
if (authorizationResult.Failed)
{
log.LogWarning(authorizationResult.FailureReason);
return(new UnauthorizedResult());
}
log.LogWarning($"HTTP trigger function {nameof(ConnectUserToCommentsFunction)} request is authorized.");
string requestBody = await new StreamReader(req.Body).ReadToEndAsync();
User data = JsonConvert.DeserializeObject <User>(requestBody);
if (data == null || string.IsNullOrEmpty(data?.CommentsUserId) || string.IsNullOrEmpty(data?.UserId))
{
return(new BadRequestObjectResult(new
{
message = "Request body is empty or is missing CommentsUserId or UserId fields",
}));
}
var existingUser = await _dbContext.Users.Query(q => q.Where(w => w.UserId == data.UserId));
User user = existingUser.FirstOrDefault();
if (user == null)
{
await _dbContext.Users.Add(data);
return(new OkResult());
}
if (user?.CommentsUserId == data.CommentsUserId)
{
return(new OkObjectResult(new
{
message = "User already has the same comments account associated",
}));
}
if (!string.IsNullOrEmpty(user?.CommentsUserId))
{
return(new ConflictObjectResult(new {
message = "Different comments account already connected"
}));
}
var exisitingCommentsId = await _dbContext.Users.Query(q => q.Where(w => w.CommentsUserId == data.CommentsUserId));
if (exisitingCommentsId.FirstOrDefault() != null)
{
return(new ConflictObjectResult(new
{
message = "This comments account is already being used by another user",
}));
}
user.CommentsUserId = data.CommentsUserId;
await _dbContext.Users.Update(user);
return(new OkResult());
}
