public override void OnActionExecuting(ActionExecutingContext filterContext) { // Get authorization header var request = filterContext.HttpContext.Request; var authHeader = request.Headers["Authorization"]; // Validate token var secret = Core.Setting.Configuration.GetValue <string>("JWT:Secret"); IJsonSerializer serializer = new JsonNetSerializer(); IDateTimeProvider provider = new UtcDateTimeProvider(); IJwtValidator validator = new JwtValidator(serializer, provider); IBase64UrlEncoder urlEncoder = new JwtBase64UrlEncoder(); IJwtDecoder decoder = new JwtDecoder(serializer, validator, urlEncoder); try { string token; if (((ClaimsIdentity)filterContext.HttpContext.User.Identity).Claims.Count() > 0) { token = ((ClaimsIdentity)filterContext.HttpContext.User.Identity).FindFirst(ClaimTypes.UserData).Value; } else { token = authHeader; } var payload = decoder.DecodeToObject <Dictionary <string, object> >(token, secret, verify: true); var userId = Convert.ToInt32(payload["id"]); // Verifiy user var unitOfWork = new UnitOfWork(new EF.AARSContext()); var bll_u = new BLL.EndUser(unitOfWork); var user = bll_u.GetById(userId).Result; // Allowed Roles if (AllowedRoles != null) { var roles = AllowedRoles.Split(','); if (roles.Count() > 0 && !roles.Contains(user.Role.Name)) { logger.Error("Unauthorized."); filterContext.Result = new UnauthorizedResult(); } } if (user.DateInactive != null) { logger.Error("Unauthorized."); filterContext.Result = new UnauthorizedResult(); } else { if (filterContext.HttpContext.Items["EndUser"] == null) { filterContext.HttpContext.Items.Add("EndUser", user); } } } catch (TokenExpiredException ex) { logger.Error(ex); filterContext.Result = new StatusCodeResult(412); } catch (SignatureVerificationException ex) { logger.Error(ex); filterContext.Result = new StatusCodeResult(417); } catch (Exception ex) { // BadRequest logger.Error(ex); filterContext.Result = new BadRequestResult(); } }
public MemberControllerTests() { mockUnitOfWork = new Mock <BLL.IUnitOfWork>(); mockMemberRepo = new Mock <Repository.IRepository <EF.Member> >(); var mockIQueryableMember = new TestRepo().Members.AsQueryable().BuildMock(); mockMemberRepo.Setup(x => x.Entities).Returns(mockIQueryableMember.Object); mockEndUserRepo = new Mock <Repository.IRepository <EF.EndUser> >(); var mockIQueryableEndUser = new TestRepo().EndUsers.AsQueryable().BuildMock(); mockEndUserRepo.Setup(x => x.Entities).Returns(mockIQueryableEndUser.Object); mockGroupRepo = new Mock <Repository.IRepository <EF.Group> >(); var mockIQueryableGroup = new TestRepo().Groups.AsQueryable().BuildMock(); mockGroupRepo.Setup(x => x.Entities).Returns(mockIQueryableGroup.Object); mockGroupMemberRepo = new Mock <Repository.IRepository <EF.GroupMember> >(); var mockIQueryableGroupMember = new TestRepo().GroupMembers.AsQueryable().BuildMock(); mockGroupMemberRepo.Setup(x => x.Entities).Returns(mockIQueryableGroupMember.Object); mockAttendanceRepo = new Mock <Repository.IRepository <EF.Attendance> >(); var mockIQueryableAttendance = new TestRepo().Attendances.AsQueryable().BuildMock(); mockAttendanceRepo.Setup(x => x.Entities).Returns(mockIQueryableAttendance.Object); mockEventRepo = new Mock <Repository.IRepository <EF.Event> >(); var mockIQueryableEvent = new TestRepo().Events.AsQueryable().BuildMock(); mockEventRepo.Setup(x => x.Entities).Returns(mockIQueryableEvent.Object); mockEventCategoryRepo = new Mock <Repository.IRepository <EF.EventCategory> >(); var mockIQueryableEventCategory = new TestRepo().EventCategories.AsQueryable().BuildMock(); mockEventCategoryRepo.Setup(x => x.Entities).Returns(mockIQueryableEventCategory.Object); mockUnitOfWork.Setup(x => x.MemberRepository).Returns(mockMemberRepo.Object); mockUnitOfWork.Setup(x => x.EndUserRepository).Returns(mockEndUserRepo.Object); mockUnitOfWork.Setup(x => x.GroupRepository).Returns(mockGroupRepo.Object); mockUnitOfWork.Setup(x => x.GroupMemberRepository).Returns(mockGroupMemberRepo.Object); mockUnitOfWork.Setup(x => x.AttendanceRepository).Returns(mockAttendanceRepo.Object); mockUnitOfWork.Setup(x => x.EventRepository).Returns(mockEventRepo.Object); mockUnitOfWork.Setup(x => x.EventCategoryRepository).Returns(mockEventCategoryRepo.Object); memberBusiness = new BLL.Member(mockUnitOfWork.Object); endUserBusiness = new BLL.EndUser(mockUnitOfWork.Object); var mockOptions = new Mock <IOptions <Core.Emailer> >(); var mockLookUpBusiness = new Mock <BLL.ILookUp>(); var mockDBContext = new Mock <EF.AARSContext>(); var profile = new AutoMapperProfileConfiguration(); var mapperConfig = new MapperConfiguration(config => config.AddProfile(profile)); var mapper = new Mapper(mapperConfig); controller = new MemberController(mockOptions.Object, memberBusiness, endUserBusiness, mockLookUpBusiness.Object, null, mapper) { ControllerContext = new ControllerContext() }; controller.ControllerContext.HttpContext = new DefaultHttpContext(); controller.ControllerContext.HttpContext.Items.Add("EndUser", new EF.EndUser { MemberId = 1, Member = new EF.Member { CommunityId = 1 }, RoleId = 1 }); }