public AccessTokenDetail GetAccessTokenDetail(string name, Guid userId, bool isFactStaff)
{
var userManager = this.container.GetInstance <UserManager>();
var organizationManager = this.container.GetInstance <OrganizationManager>();
var inspectionScheduleDetailManager = this.container.GetInstance <InspectionScheduleDetailManager>();
AccessTokenDetail result = null;
var user = userManager.GetById(userId);
if (user == null)
{
throw new Exception("Not Authorized");
}
var organization = user.Organizations.FirstOrDefault(x => x.Organization.Name == name)?.Organization;
if (!isFactStaff)
{
if (organization == null)
{
organization = organizationManager.GetByName(name);
if (user.Role.Name == Constants.Roles.Inspector)
{
var detail = inspectionScheduleDetailManager.GetAllByUserAndOrg(name, userId);
if (detail == null || detail.Count == 0)
{
throw new Exception("Not Authorized");
}
}
else if (user.OrganizationConsutants.All(x => x.OrganizationId != organization.Id))
{
throw new Exception("Not Authorized");
}
}
}
else if (organization == null)
{
organization = organizationManager.GetByName(name);
if (organization == null)
{
throw new Exception("Not Authorized");
}
}
result = new AccessTokenDetail
{
VaultId = organization.DocumentLibraryVaultId
};
return(result);
}
public async Task ThenTheAuthorizationHeaderShouldBeOfTypeBearerUsingATokenRepresentingTheManagedServiceIdentityWithTheResourceSpecifiedByTheConditionAsync()
{
Assert.IsTrue(
this.requestInfo.Headers.TryGetValue("Authorization", out string authorizationHeader),
"Should contain authorization header");
IServiceIdentityAccessTokenSource tokenSource =
ContainerBindings.GetServiceProvider(this.featureContext).GetRequiredService <IServiceIdentityAccessTokenSource>();
AccessTokenDetail tokenDetail = await tokenSource.GetAccessTokenAsync(
new AccessTokenRequest(new[] { $"{this.condition.MsiAuthenticationResource}/.default" }))
.ConfigureAwait(false);
string expectedHeader = "Bearer " + tokenDetail.AccessToken;
Assert.AreEqual(expectedHeader, authorizationHeader);
}
public AccessTokenDetail GetAcessTokenDetail(Guid appId)
{
var documentManager = this.container.GetInstance <DocumentManager>();
var vault = documentManager.GetAccessToken(appId);
if (vault == null)
{
return(null);
}
var result = new AccessTokenDetail
{
VaultId = vault.VaultId
};
return(result);
}
private async Task PublishAsync <T>(string source, string subject, T cloudEvent, WorkflowEventSubscription destination)
{
this.logger.LogDebug(
"Initialising event publish request for subject '{subject}' and source '{source}' to external URL '{externalUrl}'",
subject,
source,
destination.ExternalUrl);
var request = new HttpRequestMessage(HttpMethod.Post, destination.ExternalUrl);
if (destination.AuthenticateWithManagedServiceIdentity)
{
AccessTokenDetail tokenDetails = await this.serviceIdentityTokenSource.GetAccessTokenAsync(
new AccessTokenRequest(new[] { $"{destination.MsiAuthenticationResource}/.default" }))
.ConfigureAwait(false);
request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", tokenDetails.AccessToken);
}
request.Content = new StringContent(
JsonConvert.SerializeObject(cloudEvent, this.serializerSettingsProvider.Instance),
Encoding.UTF8,
"application/cloudevents");
HttpResponseMessage httpResponse = await this.httpClient.SendAsync(request).ConfigureAwait(false);
if (!httpResponse.IsSuccessStatusCode)
{
throw new CloudEventPublisherException(
subject,
source,
destination.ExternalUrl,
httpResponse.StatusCode,
httpResponse.ReasonPhrase);
}
}
