public void Given_token_is_invalid_then_return_default_object()
{
A.CallTo(() => _accessTokenClientRepo.GetClientForTokenAsync(Guid.Parse(TokenGuid)))
.Returns(new OAuthTokenClient[0]);
Act(TokenGuid);
ApiClientDetailsTests.AssertIsDefaultObject(_response);
A.CallTo(() => _accessTokenClientRepo.GetClientForTokenAsync(Guid.Parse(TokenGuid)))
.MustHaveHappened();
}
public async Task <IHttpActionResult> PostAsync([FromBody] TokenInfoRequest tokenInfoRequest)
{
// see https://tools.ietf.org/html/rfc7662#section-2.2 for oauth token_info spec
if (tokenInfoRequest == null || tokenInfoRequest.Token == null ||
!Guid.TryParse(tokenInfoRequest.Token, out Guid accessToken))
{
return(BadRequest("Invalid token"));
}
var oAuthTokenClient = (await _tokenClientRepo.GetClientForTokenAsync(accessToken)).FirstOrDefault();
if (oAuthTokenClient == null)
{
return(NotFound());
}
ApiKeyContext apiContext = _apiKeyContextProvider.GetApiKeyContext();
// must be able to see my specific items ie vendor a cannot look at vendor b
if (oAuthTokenClient.Key != apiContext.ApiKey)
{
return(Unauthorized());
}
TokenInfo tokenInfo = await _tokenInfoProvider.GetTokenInfoAsync(apiContext);
HttpContext.Current.Response.Headers.Add("Cache-Control", "no-cache");
return(Ok(tokenInfo));
}
/// <summary>
/// Gets the API client details for the supplied token from the Admin database.
/// </summary>
/// <param name="token">The OAuth security token for which API client details should be retrieved.</param>
/// <returns>A populated <see cref="ApiClientDetails"/> instance if the token exists; otherwise an unpopulated instance.</returns>
public async Task <ApiClientDetails> GetClientDetailsForTokenAsync(string token)
{
if (!Guid.TryParse(token, out Guid tokenAsGuid))
{
return(new ApiClientDetails());
}
var tokenClientRecords = await _accessTokenClientRepo.GetClientForTokenAsync(tokenAsGuid);
return(ApiClientDetails.Create(tokenClientRecords));
}
/// <summary>
/// Loads the API client details for the supplied token from the Admin database.
/// </summary>
/// <param name="token">The OAuth security token for which API client details should be retrieved.</param>
/// <returns>A populated <see cref="ApiClientDetails"/> instance.</returns>
public async Task <ApiClientDetails> GetClientDetailsForTokenAsync(string token)
{
if (!Guid.TryParse(token, out Guid tokenAsGuid))
{
return(new ApiClientDetails());
}
// TODO SF ODS-3459: this ought to be running as an independent task, scheduled multiple times a day.
await _accessTokenClientRepo.DeleteExpiredTokensAsync();
var clientForToken = await _accessTokenClientRepo.GetClientForTokenAsync(tokenAsGuid);
return(ApiClientDetails.Create(clientForToken));
}
private async Task <IActionResult> GetTokenInformation(TokenInfoRequest tokenInfoRequest)
{
if (!_isEnabled)
{
return(NotFound());
}
// see https://tools.ietf.org/html/rfc7662#section-2.2 for oauth token_info spec
if (tokenInfoRequest == null || tokenInfoRequest.Token == null ||
!Guid.TryParse(tokenInfoRequest.Token, out Guid accessToken))
{
return(BadRequest(ErrorTranslator.GetErrorMessage("Invalid token")));
}
var oAuthTokenClient = (await _tokenClientRepo.GetClientForTokenAsync(accessToken)).FirstOrDefault();
if (oAuthTokenClient == null)
{
return(NotFound());
}
ApiKeyContext apiContext = _apiKeyContextProvider.GetApiKeyContext();
// must be able to see my specific items ie vendor a cannot look at vendor b
if (oAuthTokenClient.Key != apiContext.ApiKey)
{
return(Unauthorized());
}
var tokenInfo = await _tokenInfoProvider.GetTokenInfoAsync(apiContext);
Response.GetTypedHeaders().CacheControl = new CacheControlHeaderValue {
NoCache = true
};
return(Ok(tokenInfo));
}
