public AccessTokenDetail GetAccessTokenDetail(string name, Guid userId, bool isFactStaff) { var userManager = this.container.GetInstance <UserManager>(); var organizationManager = this.container.GetInstance <OrganizationManager>(); var inspectionScheduleDetailManager = this.container.GetInstance <InspectionScheduleDetailManager>(); AccessTokenDetail result = null; var user = userManager.GetById(userId); if (user == null) { throw new Exception("Not Authorized"); } var organization = user.Organizations.FirstOrDefault(x => x.Organization.Name == name)?.Organization; if (!isFactStaff) { if (organization == null) { organization = organizationManager.GetByName(name); if (user.Role.Name == Constants.Roles.Inspector) { var detail = inspectionScheduleDetailManager.GetAllByUserAndOrg(name, userId); if (detail == null || detail.Count == 0) { throw new Exception("Not Authorized"); } } else if (user.OrganizationConsutants.All(x => x.OrganizationId != organization.Id)) { throw new Exception("Not Authorized"); } } } else if (organization == null) { organization = organizationManager.GetByName(name); if (organization == null) { throw new Exception("Not Authorized"); } } result = new AccessTokenDetail { VaultId = organization.DocumentLibraryVaultId }; return(result); }
public async Task ThenTheAuthorizationHeaderShouldBeOfTypeBearerUsingATokenRepresentingTheManagedServiceIdentityWithTheResourceSpecifiedByTheConditionAsync() { Assert.IsTrue( this.requestInfo.Headers.TryGetValue("Authorization", out string authorizationHeader), "Should contain authorization header"); IServiceIdentityAccessTokenSource tokenSource = ContainerBindings.GetServiceProvider(this.featureContext).GetRequiredService <IServiceIdentityAccessTokenSource>(); AccessTokenDetail tokenDetail = await tokenSource.GetAccessTokenAsync( new AccessTokenRequest(new[] { $"{this.condition.MsiAuthenticationResource}/.default" })) .ConfigureAwait(false); string expectedHeader = "Bearer " + tokenDetail.AccessToken; Assert.AreEqual(expectedHeader, authorizationHeader); }
public AccessTokenDetail GetAcessTokenDetail(Guid appId) { var documentManager = this.container.GetInstance <DocumentManager>(); var vault = documentManager.GetAccessToken(appId); if (vault == null) { return(null); } var result = new AccessTokenDetail { VaultId = vault.VaultId }; return(result); }
private async Task PublishAsync <T>(string source, string subject, T cloudEvent, WorkflowEventSubscription destination) { this.logger.LogDebug( "Initialising event publish request for subject '{subject}' and source '{source}' to external URL '{externalUrl}'", subject, source, destination.ExternalUrl); var request = new HttpRequestMessage(HttpMethod.Post, destination.ExternalUrl); if (destination.AuthenticateWithManagedServiceIdentity) { AccessTokenDetail tokenDetails = await this.serviceIdentityTokenSource.GetAccessTokenAsync( new AccessTokenRequest(new[] { $"{destination.MsiAuthenticationResource}/.default" })) .ConfigureAwait(false); request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", tokenDetails.AccessToken); } request.Content = new StringContent( JsonConvert.SerializeObject(cloudEvent, this.serializerSettingsProvider.Instance), Encoding.UTF8, "application/cloudevents"); HttpResponseMessage httpResponse = await this.httpClient.SendAsync(request).ConfigureAwait(false); if (!httpResponse.IsSuccessStatusCode) { throw new CloudEventPublisherException( subject, source, destination.ExternalUrl, httpResponse.StatusCode, httpResponse.ReasonPhrase); } }