/// <summary> /// Function that inserts a attendee into the attendance table /// </summary> /// <param name="eventId">Event id attendee is joining</param> /// <param name="userId">User id of the attendee</param> /// <returns>A string based on what happended</returns> public string JoinEvent(int eventId, string jwt) { var eventJoinedMessage = "Joined Event"; var userID = _jWTService.GetUserIDFromToken(jwt); var hasClaims = _jWTService.CheckUserClaims(jwt, joinEventClaims); if(hasClaims.Equals("Authorized")) { var isEventandUserValid = _attendeeService.DoesEventandUserExist(eventId, userID); if (isEventandUserValid == false) { return eventJoinedMessage = "Event or User does not exist"; } var doesAttendeeExist = _attendeeService.DoesAttendeeExist(eventId, userID); if (doesAttendeeExist) { return eventJoinedMessage = "You have already joined the event"; } var attendeeJoined = _attendeeService.InsertAttendee(eventId, userID); if (attendeeJoined == false) { return eventJoinedMessage = "Uh Oh something went wrong"; } } else { eventJoinedMessage = "Sorry you are not allowed to join events"; } return eventJoinedMessage; }
public void CheckIfUserHasTheseClaims_Pass() { //Assign var jwtString = "eyJhbGciOiJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNobWFjLXNoYTI1NiIsInR5cCI6IkpXVCJ9.eyJDYW5WaWV3RXZlbnRzIjoiOTkiLCJDYW5DcmVhdGVFdmVudHMiOiI5OSIsIk92ZXIxOCI6Ijk5IiwiZXhwIjoxNTU1NjcyMDEyLCJpc3MiOiJncmVldG5ncm91cC5jb20iLCJhdWQiOiJ0ZXN0QGdtYWlsLmNvbSJ9.2qSi4OwEFrbTD9GG3hx6fqZFuYVIjUzPGIRs8ZLjWB0"; var claimsToCheck = new List <string>(); claimsToCheck.Add(ctx.Claims.FirstOrDefault(c => c.ClaimId.Equals(1)).ClaimName); claimsToCheck.Add(ctx.Claims.FirstOrDefault(c => c.ClaimId.Equals(2)).ClaimName); var expected = true; //Act var actual = jwtService.CheckUserClaims(jwtString, claimsToCheck); //Assert Assert.AreEqual(expected, actual); }
public IHttpActionResult CheckUsersClaims([FromBody] ClaimCheckRequest request) { var _jwtService = new JWTService(); var _gngLoggerService = new LoggerService(); var claimsToCheckResult = _jwtService.CheckUserClaims(request.JWT, request.ClaimsToCheck); var expirationCheckResult = _jwtService.IsTokenExpired(request.JWT); try { if (claimsToCheckResult.Equals("Authorized") && expirationCheckResult.Equals("NotExpired")) { return(Content(HttpStatusCode.OK, "Authorized to view content")); } else if (claimsToCheckResult.Equals("Authorized") && expirationCheckResult.Equals("Expired")) { return(Content(HttpStatusCode.Forbidden, "There was a problem in checking your session, please " + "try again")); } else if (claimsToCheckResult.Equals("Unauthorized")) { return(Content(HttpStatusCode.Forbidden, "You are unauthorized to view this content. If this " + "was a mistake, please contact an admin")); } else { return(Content(HttpStatusCode.Forbidden, "There was an problem in checking your session, please re-login and try again")); } } catch (Exception e) { _gngLoggerService.LogBadRequest(_jwtService.GetUserIDFromToken(request.JWT).ToString(), request.Ip, request.UrlToEnter, e.ToString()); return(Content(HttpStatusCode.BadRequest, "Service is unavailable")); } }