public async Task GetDeviceAndModuleOnBehalfOfAsync([FromRoute] string actorDeviceId, [FromRoute] string actorModuleId, [FromBody] IdentityOnBehalfOfRequest request)
{
actorDeviceId = WebUtility.UrlDecode(Preconditions.CheckNonWhiteSpace(actorDeviceId, nameof(actorDeviceId)));
actorModuleId = WebUtility.UrlDecode(Preconditions.CheckNonWhiteSpace(actorModuleId, nameof(actorModuleId)));
Preconditions.CheckNonWhiteSpace(request.AuthChain, nameof(request.AuthChain));
if (actorModuleId != Constants.EdgeHubModuleId)
{
// Only child EdgeHubs are allowed to act OnBehalfOf of devices/modules.
var result = new EdgeHubScopeResultError(HttpStatusCode.Unauthorized, Events.UnauthorizedActor(actorDeviceId, actorModuleId));
await this.SendResponse(result.Status, JsonConvert.SerializeObject(result));
}
IHttpRequestAuthenticator authenticator = await this.authenticatorGetter;
HttpAuthResult authResult = await authenticator.AuthenticateAsync(actorDeviceId, Option.Some(actorModuleId), Option.Some(request.AuthChain), this.HttpContext);
if (authResult.Authenticated)
{
EdgeHubScopeResult reqResult = await this.HandleGetDeviceAndModuleOnBehalfOfAsync(actorDeviceId, actorModuleId, request);
await this.SendResponse(reqResult.Status, JsonConvert.SerializeObject(reqResult));
}
else
{
var result = new EdgeHubScopeResultError(HttpStatusCode.Unauthorized, authResult.ErrorMessage);
await this.SendResponse(result.Status, JsonConvert.SerializeObject(result));
}
}
public async Task HandleGetDeviceAndModuleOnBehalfOfAsync(
string actorDeviceId,
string actorModuleId,
string targetDeviceId,
string targetModuleId,
string authChain,
string originatorDeviceId,
string authChainToTarget,
HttpStatusCode expectedStatus)
{
// Setup
var request = new IdentityOnBehalfOfRequest(targetDeviceId, targetModuleId, authChain);
var identitiesCache = new Mock <IDeviceScopeIdentitiesCache>();
string targetId = targetDeviceId + (string.IsNullOrWhiteSpace(targetModuleId) ? string.Empty : $"/{targetModuleId}");
identitiesCache.Setup(i => i.RefreshServiceIdentityOnBehalfOf(targetId, originatorDeviceId)).Returns(Task.CompletedTask);
var targetServiceIdentity = new ServiceIdentity(targetId, "dummy", Enumerable.Empty <string>(), new ServiceAuthentication(ServiceAuthenticationType.None), ServiceIdentityStatus.Enabled);
identitiesCache.Setup(i => i.GetServiceIdentity(targetId)).Returns(Task.FromResult(Option.Some(targetServiceIdentity)));
identitiesCache.Setup(i => i.GetAuthChain(targetId)).Returns(Task.FromResult(Option.Some(authChainToTarget)));
// Act
EdgeHubScopeResult edgeHubScopeResult = await DeviceScopeController.HandleGetDeviceAndModuleOnBehalfOfAsync(actorDeviceId, actorModuleId, request, identitiesCache.Object);
// Verity
Assert.Equal(expectedStatus, edgeHubScopeResult.Status);
}
public async Task GetDevicesAndModulesInTargetDeviceScopeAsync([FromRoute] string actorDeviceId, [FromRoute] string actorModuleId, [FromBody] NestedScopeRequest request)
{
actorDeviceId = WebUtility.UrlDecode(Preconditions.CheckNonWhiteSpace(actorDeviceId, nameof(actorDeviceId)));
actorModuleId = WebUtility.UrlDecode(Preconditions.CheckNonWhiteSpace(actorModuleId, nameof(actorModuleId)));
Preconditions.CheckNonWhiteSpace(request.AuthChain, nameof(request.AuthChain));
if (actorModuleId != Constants.EdgeHubModuleId)
{
// Only child EdgeHubs are allowed to act OnBehalfOf of devices/modules.
var result = new EdgeHubScopeResultError(HttpStatusCode.Unauthorized, Events.UnauthorizedActor(actorDeviceId, actorModuleId));
await this.SendResponse(result.Status, JsonConvert.SerializeObject(result));
}
string authChain = request.AuthChain;
string[] ids = AuthChainHelpers.GetAuthChainIds(authChain);
if (ids.Length == 1)
{
// A child EdgeHub can use its module credentials to calls upstream
// OnBehalfOf its device identity, so the auth-chain would just have
// one element denoting the target device scope but no actor.
// However, the auth stack requires an actor to be specified for OnBehalfOf
// connections, so we manually add the actor to the auth-chain for this
// special case.
authChain = $"{ids[0]}/{Constants.EdgeHubModuleId};{ids[0]}";
}
IHttpRequestAuthenticator authenticator = await this.authenticatorGetter;
HttpAuthResult authResult = await authenticator.AuthenticateAsync(actorDeviceId, Option.Some(actorModuleId), Option.Some(authChain), this.HttpContext);
if (authResult.Authenticated)
{
EdgeHubScopeResult reqResult = await this.HandleDevicesAndModulesInTargetDeviceScopeAsync(actorDeviceId, actorModuleId, request);
await this.SendResponse(reqResult.Status, JsonConvert.SerializeObject(reqResult));
}
else
{
var result = new EdgeHubScopeResultError(HttpStatusCode.Unauthorized, authResult.ErrorMessage);
await this.SendResponse(result.Status, JsonConvert.SerializeObject(result));
}
}
public async Task GetDevicesAndModulesInTargetDeviceScopeAsync([FromRoute] string actorDeviceId, [FromRoute] string actorModuleId, [FromBody] NestedScopeRequest request)
{
actorDeviceId = WebUtility.UrlDecode(Preconditions.CheckNonWhiteSpace(actorDeviceId, nameof(actorDeviceId)));
actorModuleId = WebUtility.UrlDecode(Preconditions.CheckNonWhiteSpace(actorModuleId, nameof(actorModuleId)));
IHttpRequestAuthenticator authenticator = await this.authenticatorGetter;
HttpAuthResult authResult = await authenticator.AuthenticateAsync(actorDeviceId, Option.Some(actorModuleId), this.HttpContext);
if (authResult.Authenticated)
{
EdgeHubScopeResult reqResult = await this.HandleDevicesAndModulesInTargetDeviceScopeAsync(actorDeviceId, actorModuleId, request);
await this.SendResponse(reqResult.Status, JsonConvert.SerializeObject(reqResult));
}
else
{
var result = new EdgeHubScopeResultError(HttpStatusCode.Unauthorized, authResult.ErrorMessage);
await this.SendResponse(result.Status, JsonConvert.SerializeObject(result));
}
}
public async Task HandleDevicesAndModulesInTargetDeviceScopeAsyncTest(
string actorDeviceId,
string actorModuleId,
string authChain,
string targetDeviceId,
string authChainToTarget,
HttpStatusCode expectedStatus)
{
// Setup
var request = new NestedScopeRequest(1, string.Empty, authChain);
var identitiesCache = new Mock <IDeviceScopeIdentitiesCache>();
identitiesCache.Setup(i => i.GetAuthChain(targetDeviceId)).Returns(Task.FromResult(Option.Some(authChainToTarget)));
identitiesCache.Setup(i => i.GetServiceIdentity(targetDeviceId)).Returns(Task.FromResult(Option.None <ServiceIdentity>()));
identitiesCache.Setup(i => i.GetDevicesAndModulesInTargetScopeAsync(targetDeviceId)).Returns(Task.FromResult(new List <ServiceIdentity>() as IList <ServiceIdentity>));
// Act
EdgeHubScopeResult result = await DeviceScopeController.HandleDevicesAndModulesInTargetDeviceScopeAsync(actorDeviceId, actorModuleId, request, identitiesCache.Object);
// Verify
Assert.Equal(expectedStatus, result.Status);
}