public async Task <IActionResult> Authorize(AuthorizationRequest request)
{
AuthorizationInput input = new AuthorizationInput
{
Card = new CreditCard
{
CardNumber = request.CardNumber,
CVV = request.CVV,
ExpiryMonth = request.ExpiryMonth,
ExpiryYear = request.ExpiryYear
},
Amount = request.Amount,
Currency = request.Currency
};
AuthorizationOutput serviceResponse = await _service.AuthorizeTransaction(input);
AuthorizeResponse response = new AuthorizeResponse
{
AmountAvailable = serviceResponse.TransactionOutput.AmountAvailable,
Currency = serviceResponse.TransactionOutput.Currency,
Error = serviceResponse.TransactionOutput.Error,
Id = serviceResponse.AuthorizationId,
Success = serviceResponse.TransactionOutput.Success
};
return(Ok(response));
}
public override async Task OnExecutingAsync(FunctionExecutingContext executingContext, CancellationToken cancellationToken)
{
executingContext.Logger.LogInformation("JWT-Token validator executing...");
HttpRequest httpRequest = (HttpRequest)executingContext.Arguments.First().Value;
var authHeader = AuthenticationHeaderValue.Parse(httpRequest.Headers[HeaderNames.Authorization]);
AuthorizationOutput authorizationOutput = await this._authService.ValidateAsync(authHeader);
executingContext.Logger.LogInformation($"JWT-Token successful validated. Email: {authorizationOutput.Email}, User Roles: {authorizationOutput.ResourceAccess}");
httpRequest.HttpContext.Items.Add(HttpContextItems.AuthorizationOutput, authorizationOutput);
await base.OnExecutingAsync(executingContext, cancellationToken);
}
public void AuthorizeTransaction_ServiceAuthorizes_ReturnsAuthorizationId()
{
Mock <IPaymentRepository> mockRepository = GetMockRepository();
Mock <HttpMessageHandler> mockHttpHandler = GetHttpHandlerMock("{success: true}");
AuthorizationInput input = new AuthorizationInput
{
Card = new CreditCard
{
CardNumber = "124142112411241"
},
Amount = 5.00M,
Currency = "GBP"
};
PaymentService service = GetService(mockRepository, mockHttpHandler);
AuthorizationOutput output = service.AuthorizeTransaction(input).Result;
Assert.IsNotNull(output.AuthorizationId);
}
public async Task Invoke(HttpContext context, IOptions <EndPointOptions> endpointOptions)
{
if (context.User.Identity.IsAuthenticated)
{
try
{
if (!AuthenticationHeaderValue.TryParse(context.Request.Headers[HeaderNames.Authorization], out AuthenticationHeaderValue authHeader))
{
var accessToken = context.User.FindFirst("access_token")?.Value;
if (!string.IsNullOrEmpty(accessToken))
{
authHeader = AuthenticationHeaderValue.Parse($"Bearer {accessToken}");
}
}
AuthorizationOutput authorizationOutput =
await this._authorizationService.ValidateAsync(authHeader);
}
catch (Exception e)
{
var refreshToken = context.User.FindFirst("refresh_token")?.Value;
using (var client = new HttpClient())
{
var response = await client.RequestRefreshTokenAsync(new RefreshTokenRequest
{
Address = endpointOptions.Value.TokenEndpoint,
ClientId = endpointOptions.Value.ClientId,
ClientSecret = endpointOptions.Value.ClientSecret,
RefreshToken = refreshToken
});
var claim = (ClaimsIdentity)context.User.Identity;
claim.UpdateClaim(new Claim("access_token", response.AccessToken));
claim.UpdateClaim(new Claim("refresh_token", response.RefreshToken));
claim.UpdateClaim(new Claim("expires_in", response.ExpiresIn.ToString()));
}
}
}
await this._next.Invoke(context);
}
public async Task <AuthorizationOutput> AuthorizeTransaction(AuthorizationInput authorizationInput)
{
//Check card number is valid
bool validCreditCardNumber = CardNumberIsValid(authorizationInput, out string cardNumber);
if (!validCreditCardNumber)
{
AuthorizationOutput authorizationOutput = GetFailedAuthorizationOuput("Invalid credit card");
return(authorizationOutput);
}
authorizationInput.Card.CardNumber = cardNumber;
//Authorize transaction with bank
BankAuthorizationResponse bankAuthorization = await GetAuthorizationFromBank(authorizationInput);
if (bankAuthorization.authorizedAmount == 0)
{
string error = "Failed to authorize";
AuthorizationOutput failedAuthorizationOutput = GetFailedAuthorizationOuput(error);
return(failedAuthorizationOutput);
}
//Add authorization to the database
Transaction transaction = await _paymentRepository.GetAuthorization(authorizationInput.Amount,
authorizationInput.Currency, bankAuthorization.id);
AuthorizationOutput output = new AuthorizationOutput
{
AuthorizationId = transaction.Id,
TransactionOutput = new TransactionOutput
{
AmountAvailable = bankAuthorization.authorizedAmount,
Currency = authorizationInput.Currency,
Error = null,
Success = true
}
};
return(output);
}
public void AuthorizeTransaction_ServiceReturnsInvalid_ReturnsErrorMessage()
{
Mock <IPaymentRepository> mockRepository = GetMockRepository();
Mock <HttpMessageHandler> mockHttpHandler = GetHttpHandlerMock("{success: false}");
AuthorizationInput input = new AuthorizationInput
{
Card = new CreditCard
{
CardNumber = "1412411114124111",
ExpiryYear = 2000
},
Amount = 5.00M,
Currency = "GBP"
};
PaymentService service = GetService(mockRepository, mockHttpHandler);
AuthorizationOutput output = service.AuthorizeTransaction(input).Result;
Assert.IsNotNull(output.TransactionOutput.Error);
Assert.IsTrue(output.TransactionOutput.Error.Length > 0);
}
