/// <summary>
/// Gets the hash code
/// </summary>
/// <returns>Hash code</returns>
public override int GetHashCode()
{
unchecked // Overflow is fine, just wrap
{
var hashCode = 41;
// Suitable nullity checks etc, of course :)
if (AuthorisationCode != null)
{
hashCode = hashCode * 59 + AuthorisationCode.GetHashCode();
}
if (Card != null)
{
hashCode = hashCode * 59 + Card.GetHashCode();
}
if (FraudResults != null)
{
hashCode = hashCode * 59 + FraudResults.GetHashCode();
}
if (ThreeDSecureResults != null)
{
hashCode = hashCode * 59 + ThreeDSecureResults.GetHashCode();
}
if (Token != null)
{
hashCode = hashCode * 59 + Token.GetHashCode();
}
return(hashCode);
}
}
/// <summary>
/// Gets the hash code
/// </summary>
/// <returns>Hash code</returns>
public override int GetHashCode()
{
unchecked // Overflow is fine, just wrap
{
var hashCode = 41;
// Suitable nullity checks etc, of course :)
if (AuthorisationCode != null)
{
hashCode = hashCode * 59 + AuthorisationCode.GetHashCode();
}
if (FraudResults != null)
{
hashCode = hashCode * 59 + FraudResults.GetHashCode();
}
if (Network != null)
{
hashCode = hashCode * 59 + Network.GetHashCode();
}
if (PaymentData != null)
{
hashCode = hashCode * 59 + PaymentData.GetHashCode();
}
if (ThreeDSecureResults != null)
{
hashCode = hashCode * 59 + ThreeDSecureResults.GetHashCode();
}
return(hashCode);
}
}
public async Task <AuthorisationCode> CreateAsync(User user, Application application)
{
AuthorisationCode code = new AuthorisationCode
{
Code = GenerateCode(),
UserId = user.Id,
User = user,
ApplicationId = application.Id,
Application = application
};
await _context.AddAsync(code);
await _context.SaveChangesAsync();
return(code);
}
public async Task <IActionResult> TokenExchange([FromBody] TokenExchangeViewModel vm)
{
Application application = await _applicationService.FindByClientIdAsync(vm.ClientId);
if (application == null || vm.ClientSecret != application.ClientSecret)
{
return(new JsonResult(new
{
status = 400,
message = "Validation failed - double check your parameters and try again"
})
{
StatusCode = StatusCodes.Status400BadRequest
});
}
AuthorisationCode authCode = await _authorisationCodeService.FindByCodeAsync(vm.AuthorisationCode);
if (authCode == null)
{
return(new JsonResult(new
{
status = 400,
message = "Validation failed - double check your parameters and try again"
})
{
StatusCode = StatusCodes.Status400BadRequest
});
}
User user = (User)HttpContext.Items["User"];
AccessToken token = await _accessTokenService.CreateAsync(user, authCode.Application);
return(Ok(new
{
status = 200,
message = "Token exchanged successfully",
data = new
{
code = token.Code,
type = "Bearer",
expires = token.ExpiresAt.ToString(CultureInfo.InvariantCulture)
}
}));
}
/// <summary>
/// Returns true if MobilePaymentMethodSpecificOutput instances are equal
/// </summary>
/// <param name="other">Instance of MobilePaymentMethodSpecificOutput to be compared</param>
/// <returns>Boolean</returns>
public bool Equals(MobilePaymentMethodSpecificOutput other)
{
if (ReferenceEquals(null, other))
{
return(false);
}
if (ReferenceEquals(this, other))
{
return(true);
}
return
((
AuthorisationCode == other.AuthorisationCode ||
AuthorisationCode != null &&
AuthorisationCode.Equals(other.AuthorisationCode)
) &&
(
FraudResults == other.FraudResults ||
FraudResults != null &&
FraudResults.Equals(other.FraudResults)
) &&
(
Network == other.Network ||
Network != null &&
Network.Equals(other.Network)
) &&
(
PaymentData == other.PaymentData ||
PaymentData != null &&
PaymentData.Equals(other.PaymentData)
) &&
(
ThreeDSecureResults == other.ThreeDSecureResults ||
ThreeDSecureResults != null &&
ThreeDSecureResults.Equals(other.ThreeDSecureResults)
));
}
/// <summary>
/// Returns true if CardPaymentMethodSpecificOutput instances are equal
/// </summary>
/// <param name="other">Instance of CardPaymentMethodSpecificOutput to be compared</param>
/// <returns>Boolean</returns>
public bool Equals(CardPaymentMethodSpecificOutput other)
{
if (ReferenceEquals(null, other))
{
return(false);
}
if (ReferenceEquals(this, other))
{
return(true);
}
return
((
AuthorisationCode == other.AuthorisationCode ||
AuthorisationCode != null &&
AuthorisationCode.Equals(other.AuthorisationCode)
) &&
(
Card == other.Card ||
Card != null &&
Card.Equals(other.Card)
) &&
(
FraudResults == other.FraudResults ||
FraudResults != null &&
FraudResults.Equals(other.FraudResults)
) &&
(
ThreeDSecureResults == other.ThreeDSecureResults ||
ThreeDSecureResults != null &&
ThreeDSecureResults.Equals(other.ThreeDSecureResults)
) &&
(
Token == other.Token ||
Token != null &&
Token.Equals(other.Token)
));
}
public async Task <IActionResult> GenerateAuthorisationCode([FromBody] ConsentViewModel vm)
{
if (!ModelState.IsValid)
{
return(new JsonResult(new
{
status = 400,
message = "Validation failed",
data = ModelState
})
{
StatusCode = StatusCodes.Status400BadRequest
});
}
Application application = await _applicationService.FindAsync(vm.ApplicationId);
if (application == null)
{
return(new JsonResult(new
{
status = 400,
message =
"Invalid application id specified - please provide the application's GUID and not it's client id"
})
{
StatusCode = StatusCodes.Status400BadRequest
});
}
User user = (User)HttpContext.Items["User"];
/*
* At this point we've verified the application ID being sent back is legitimate and that user is logged
* in - indicating they have instructed us to generate an authorisation code for this application to
* access their account.
*
* At this point we must validate this claim - if there is no user application record found,
* the user has likely not been through the OAuth prompt and this request should be immediately
* dropped since this request is malicious.
*/
UserApplication userApplication =
await _userApplicationService.FindByUserAndApplicationAsync(user, application);
if (userApplication == null)
{
return(new JsonResult(new
{
status = 400,
message = "No user application link found - applications are not allowed to link to accounts " +
"without explicit user consent!"
})
{
StatusCode = StatusCodes.Status403Forbidden
});
}
AuthorisationCode authCode = await _authorisationCodeService.CreateAsync(user, application);
/*
* At this point in the process the user has consented to this application getting access
* to their account and an authorisation token has been created, the user will be sent
* back to the client with this authorisation token
*/
await _userApplicationService.AuthoriseApplicationAsync(user, application);
return(Ok(new
{
status = 200,
message = "Authorisation code generated successfully",
data = new
{
authorisationCode = authCode.Code
}
}));
}