public void AddBewitValidation_WithValidConfiguration_ShouldAddBewitTokenValidatorForMyPayload()
{
//Arrange
var services = new ServiceCollection();
var configuration = new ConfigurationBuilder()
.AddInMemoryCollection(new[]
{
new KeyValuePair <string, string>("Bewit:Secret", "123")
})
.Build();
//Act
services.AddBewitValidation(configuration, b => b.AddPayload <Foo>());
//Assert
ServiceProvider serviceProvider = null;
try
{
serviceProvider = services.BuildServiceProvider();
IBewitTokenValidator <Foo> bewitTokenGenerator =
serviceProvider.GetService <IBewitTokenValidator <Foo> >();
bewitTokenGenerator.Should().NotBeNull();
bewitTokenGenerator.Should()
.BeOfType <BewitTokenValidator <Foo> >();
}
finally
{
serviceProvider?.Dispose();
}
}
public void AddBewitValidation_WithMyPayload_ShouldAddBewitTokenValidatorForMyPayload()
{
//Arrange
const string secret = "112";
var services = new ServiceCollection();
//Act
services.AddBewitValidation(new BewitOptions
{
Secret = secret
}, b => b.AddPayload <Foo>());
//Assert
ServiceProvider serviceProvider = null;
try
{
serviceProvider = services.BuildServiceProvider();
IBewitTokenValidator <Foo> bewitTokenGenerator =
serviceProvider.GetService <IBewitTokenValidator <Foo> >();
bewitTokenGenerator.Should().NotBeNull();
bewitTokenGenerator.Should()
.BeOfType <BewitTokenValidator <Foo> >();
}
finally
{
serviceProvider?.Dispose();
}
}
public void AddBewitValidation_WithPersistance_ShouldAddPersistedBewitTokenGenerator()
{
//Arrange
const string secret = "112";
var services = new ServiceCollection();
//Act
services.AddSingleton <INonceRepository>(new Mock <INonceRepository>().Object);
services.AddBewitValidation(new BewitOptions
{
Secret = secret
},
builder =>
{
builder.AddPayload <Foo>();
});
//Assert
ServiceProvider serviceProvider = null;
try
{
serviceProvider = services.BuildServiceProvider();
IBewitTokenValidator <Foo> bewitTokenGenerator =
serviceProvider.GetService <IBewitTokenValidator <Foo> >();
bewitTokenGenerator.Should().NotBeNull();
bewitTokenGenerator.Should()
.BeOfType <BewitTokenValidator <Foo> >();
}
finally
{
serviceProvider?.Dispose();
}
}
private async Task OnActionExecutingAsync(
ActionExecutingContext context,
CancellationToken cancellationToken)
{
List <ControllerParameterDescriptor> parameters =
context.ActionDescriptor.Parameters
.OfType <ControllerParameterDescriptor>()
.Where(p => p.ParameterInfo
.CustomAttributes.Any(a =>
a.AttributeType == typeof(FromBewitAttribute)))
.ToList();
IBewitTokenValidator <IDictionary <string, object> > tokenValidator =
GetBewitTokenValidator(context);
string bewitToken = GetBewitFromUrl(context);
IDictionary <string, object> bewit = await
tokenValidator.ValidateBewitTokenAsync(
new BewitToken <IDictionary <string, object> >(bewitToken),
cancellationToken);
foreach (ControllerParameterDescriptor param in parameters)
{
string bewitParameter
= bewit.Keys.LastOrDefault(b =>
string.Equals(b, param.Name,
StringComparison.CurrentCultureIgnoreCase));
if (bewitParameter != null)
{
context.ActionArguments[param.Name] = bewit[bewitParameter];
}
}
}
public BewitEndpointMiddleware(
RequestDelegate next,
IBewitTokenValidator <string> tokenValidator)
{
_next = next ?? throw new ArgumentNullException(nameof(next));
_tokenValidator = tokenValidator ??
throw new ArgumentNullException(nameof(tokenValidator));
}
public BewitAuthorizationMiddleware(
FieldDelegate next,
IHttpContextAccessor httpContextAccessor,
IBewitTokenValidator <T> tokenValidator)
{
_next = next
?? throw new ArgumentNullException(nameof(next));
_httpContextAccessor = httpContextAccessor
?? throw new ArgumentNullException(nameof(httpContextAccessor));
_tokenValidator = tokenValidator
?? throw new ArgumentNullException(nameof(tokenValidator));
}
private async Task OnAuthorizationAsync(
AuthorizationFilterContext context,
CancellationToken cancellationToken)
{
const string bewitQueryStringParameter = "bewit";
IBewitTokenValidator <string> tokenValidator =
GetBewitTokenValidator(context);
string path = GetRelativeUrl(context, bewitQueryStringParameter);
string bewitToken =
context.HttpContext.Request.Query[bewitQueryStringParameter];
if (bewitToken != null)
{
bewitToken = WebUtility.UrlDecode(bewitToken);
string payload;
try
{
payload = await tokenValidator.ValidateBewitTokenAsync(
new BewitToken <string>(bewitToken),
cancellationToken);
}
catch (BewitException)
{
Unauthorize(context);
return;
}
if (string.Equals(path, payload,
StringComparison.CurrentCultureIgnoreCase))
{
return;
}
}
Unauthorize(context);
}
