public static ApiSessionToken CreateApiSessionToken(EFDbContext dbContext, User user)
{
var apiSessionToken = new ApiSessionToken(user, 20);
dbContext.ApiSessionTokens.Add(apiSessionToken);
dbContext.SaveChanges();
return(apiSessionToken);
}
public ApiSessionToken Add(User user, int timeout)
{
var apiToken = new ApiSessionToken(user, timeout);
_apiSessionTokenRepository.Add(apiToken);
_unitOfWork.Commit();
return(apiToken);
}
public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext)
{
base.OnActionExecuted(actionExecutedContext);
if (actionExecutedContext.Exception != null)
{
return;
}
ApiSessionToken sessionToken = null;
var identity = HttpContext.Current.User?.Identity;
if (identity?.AuthenticationType != null && identity.AuthenticationType == Constants.ApiSessionKeySchemeName)
{
var apiSessionTokenService = ObjectFactory.Container.GetInstance <IApiSessionTokenService>();
sessionToken = apiSessionTokenService.Details(Guid.Parse(identity.Name));
}
ApiResponse response;
if (sessionToken != null)
{
response = actionExecutedContext.Response.Content == null
? new SessionResponse
{
Success = true,
ExpirationDate = sessionToken.ExpirationDate
}
: new SessionDataResponse
{
Success = true,
Data = ((ObjectContent)actionExecutedContext.Response.Content).Value,
ExpirationDate = sessionToken.ExpirationDate
};
}
else
{
response = actionExecutedContext.Response.Content == null
? new NonSessionResponse
{
Success = true
}
: new NonSessionDataResponse
{
Success = true,
Data = ((ObjectContent)actionExecutedContext.Response.Content).Value
};
}
actionExecutedContext.Response = actionExecutedContext.Request.CreateResponse(HttpStatusCode.OK, response);
}
public new static void ClassInitialize()
{
TestsConfiguration.ClassInitialize();
var dbContext = Container.GetInstance <EFDbContext>();
User = TestsDataInitialize.CreateUser(dbContext);
Customer = dbContext.Customers.First(c => c.Id == User.CustomerId);
ApiSessionToken = TestsDataInitialize.CreateApiSessionToken(dbContext, User);
var httpContextInitialize = new TestsHttpContextInitialize(new Uri("http://john-domain.saaspro.net/"), User, Container.GetInstance <ICustomerHost>());
HttpContext.Current = httpContextInitialize.GetTestApiHttpContext(ApiSessionToken);
HttpContext.Current.Items[Constants.CurrentCustomerInstanceKey] = Customer;
}
public HttpContext GetTestApiHttpContext(ApiSessionToken apiToken)
{
var httpRequest = new HttpRequest("", _siteUri.AbsoluteUri, "");
var stringWriter = new StringWriter();
var httpResponse = new HttpResponse(stringWriter);
httpRequest.Browser = GetHttpBrowser();
var httpContext = new HttpContext(httpRequest, httpResponse);
httpContext.User = new GenericPrincipal(new GenericIdentity(apiToken.Id.ToString(), Constants.ApiSessionKeySchemeName), null);
httpContext.Items[Constants.CurrentCustomerInstanceKey] = GetCustomerInstance();
return(httpContext);
}
public void T02_ValidateSecurityAnswer()
{
// empty model checking
var answerModel = new ValidateSecurityAnswerModel();
ValidateApiModel(answerModel);
try
{
Controller.ValidateSecurityAnswer(answerModel);
Assert.Fail("Empty validate answer model passed test");
}
catch (Exception ex)
{
Assert.IsInstanceOfType(ex, typeof(ModelException), "For empty validate answer model incorrect type exception is thrown");
}
Controller.ModelState.Clear();
// incorrect answer checking
ApiSessionToken.UpdateSecurityQuestion(User.SecurityQuestions.First());
answerModel.Answer = "wrong";
ValidateApiModel(answerModel);
try
{
Controller.ValidateSecurityAnswer(answerModel);
Assert.Fail("Validation with incorrect answer passed test");
}
catch (Exception ex)
{
Assert.IsInstanceOfType(ex, typeof(ApiException), "For wrong answer incorrect type exception is thrown");
Assert.AreEqual(((ApiException)ex).Error, ApiException.Errors.Auth.IncorrectSecurityAnswer, "For wrong answer incorrect error is returned");
}
Controller.ModelState.Clear();
// correct answer checking
ApiSessionToken.UpdateSecurityQuestion(User.SecurityQuestions.First());
answerModel.Answer = "b";
ValidateApiModel(answerModel);
try
{
Controller.ValidateSecurityAnswer(answerModel);
}
catch (Exception ex)
{
Assert.Fail("Validation with correct answer not passed test");
}
Controller.ModelState.Clear();
}
