public async Task GenerateResponse(HttpContext httpContext, int statusCode, string errorCode, string errorDescription) { var result = new UnauthorizedObjectResult(new ResponseModel() { Data = null, StatusCode = statusCode.ToString(), ErrorDetails = new List <ErrorModel>() { new ErrorModel() { Key = "", Errors = new List <Error>() { new Error() { ErrorCode = errorCode, ErrorDescription = errorDescription } } } } }); httpContext.Response.ContentType = "application/json"; httpContext.Response.StatusCode = statusCode; await httpContext.Response.WriteAsync(JsonConvert.SerializeObject(result.Value)); }
public async Task Login_ShouldReturnNotFoundResult_WhenCredentialsAreInvalid() { // Arrange LoginBody credentials = new LoginBody { UserNameOrEmail = "myUsername", Password = "******" }; Mock <IMediator> mediatorMock = new Mock <IMediator>(); mediatorMock .Setup(m => m.Send(It.IsAny <LoginCommand>(), It.IsAny <CancellationToken>())) .ReturnsAsync((AuthenticatedUserResource)null); MapperConfiguration mapperConfiguration = new MapperConfiguration(config => { config.CreateMap <LoginBody, LoginCommand>(); }); IMapper mapperMock = mapperConfiguration.CreateMapper(); SessionController controller = new SessionController(mediatorMock.Object, mapperMock); // Act ActionResult <AuthenticatedUserResource> response = await controller.Login(credentials); // Assert UnauthorizedObjectResult result = Assert.IsType <UnauthorizedObjectResult>(response.Result); ErrorResource error = Assert.IsType <ErrorResource>(result.Value); Assert.Equal(StatusCodes.Status401Unauthorized, error.StatusCode); }
public void OnException(ExceptionContext context) { if (context.Exception is AcmeException acmeException) { _logger.LogDebug($"Detected {acmeException.GetType()}. Converting to BadRequest."); #if DEBUG _logger.LogError(context.Exception, "AcmeException detected."); #endif ObjectResult result; if (acmeException is ConflictRequestException) { result = new ConflictObjectResult(acmeException.GetHttpError()); } else if (acmeException is NotAllowedException) { result = new UnauthorizedObjectResult(acmeException.GetHttpError()); } else if (acmeException is NotFoundException) { result = new NotFoundObjectResult(acmeException.GetHttpError()); } else { result = new BadRequestObjectResult(acmeException.GetHttpError()); } result.ContentTypes.Add("application/problem+json"); context.Result = result; } }
public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next) { context.RouteData.Values.TryGetValue("battleTag", out var battleTag); var queryString = HttpUtility.ParseQueryString(context.HttpContext.Request.QueryString.Value); if (queryString.AllKeys.Contains("authorization")) { var auth = queryString["authorization"]; var res = await _authService.GetUserByToken(auth); var btagString = battleTag?.ToString(); if ( res != null && !string.IsNullOrEmpty(btagString) && btagString.Equals(res.BattleTag)) { context.ActionArguments["battleTag"] = res.BattleTag; await next.Invoke(); } } var unauthorizedResult = new UnauthorizedObjectResult(new ErrorResult("Sorry H4ckerb0i")); context.Result = unauthorizedResult; }
public async Task <ActionResult <UserDto> > Login(LoginDto loginDto) { var user = await _context.Users.SingleOrDefaultAsync(x => x.UserName == loginDto.Username); if (user == null) { var result = new UnauthorizedObjectResult("Invalid username"); return(result); } using var hmac = new HMACSHA512(user.PasswordSalt); var computedHash = hmac.ComputeHash(Encoding.UTF8.GetBytes(loginDto.Password)); for (int i = 0; i < computedHash.Length; i++) { if (computedHash[i] != user.PasswordHash[i]) { var result = new UnauthorizedObjectResult("Invalid password"); return(result); } } return(new UserDto { AppUserId = user.AppUserId, Username = user.UserName, Token = _tokenService.CreateToken(user) }); }
private bool reqFromSimulator(out UnauthorizedObjectResult result) { Request.Headers.TryGetValue("Authorization", out var authToken); if (authToken == "Basic c2ltdWxhdG9yOnN1cGVyX3NhZmUh") { result = null; return(true); } logger.LogWarning("SIMULATION: Non-simulator request to simulation api"); result = Unauthorized("You are not authorized to use this resource!"); return(false); }
public void Get_NotLoggedIn_ReturnsUnauthorized() { var loginRepo = new MockLoginRepository(); var userRepo = new MockUserRepository(); var contactRepo = new Mock <IContactRepository>(); ContactsController controller = new ContactsController(contactRepo.Object, userRepo, loginRepo); Guid key = Guid.NewGuid(); IActionResult result = controller.Get(Auth.Get(key)); UnauthorizedObjectResult unauth = result as UnauthorizedObjectResult; Assert.IsNotNull(unauth, "Result is not unauthorized"); Assert.IsNotNull(unauth.Value); Assert.IsTrue(unauth.Value is ErrorResponse); Assert.IsTrue(!string.IsNullOrEmpty((unauth.Value as ErrorResponse).Message)); }
public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next) { var queryString = HttpUtility.ParseQueryString(context.HttpContext.Request.QueryString.Value); if (queryString.AllKeys.Contains("authorization")) { var auth = queryString["authorization"]; var res = await _authService.GetUserByToken(auth); var actingPlayerContent = context.ActionDescriptor.Parameters.FirstOrDefault(a => a.Name == "actingPlayer"); if (actingPlayerContent != null) { context.ActionArguments["actingPlayer"] = res.BattleTag; await next.Invoke(); } } var unauthorizedResult = new UnauthorizedObjectResult(new ErrorResult("Sorry H4ckerb0i")); context.Result = unauthorizedResult; }
public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next) { var queryString = HttpUtility.ParseQueryString(context.HttpContext.Request.QueryString.Value); if (queryString.AllKeys.Contains("authorization")) { var auth = queryString["authorization"]; var res = await _blizzardAuthenticationService.GetUser(auth); if ( res != null && !string.IsNullOrEmpty(res.battletag) && Constants.ApprovedAdmins.Any(x => x.ToLower() == res.battletag.ToLower())) { context.ActionArguments["battleTag"] = res.battletag; await next.Invoke(); } } var unauthorizedResult = new UnauthorizedObjectResult(new ErrorResult("Sorry H4ckerb0i")); context.Result = unauthorizedResult; }
public async Task RedditCallback_WhenCalledWithError_ReturnsUnauthorizedObjectResult() { string code = Guid.NewGuid().ToString("D"); string state = Guid.NewGuid().ToString("D"); string error = Guid.NewGuid().ToString("D"); OSDevGrp.MyDashboard.Web.Controllers.HomeController sut = CreateSut(); IActionResult result = await sut.RedditCallback(code, state, error); Assert.IsNotNull(result); Assert.IsInstanceOfType(result, typeof(UnauthorizedObjectResult)); UnauthorizedObjectResult unauthorizedObjectResult = (UnauthorizedObjectResult)result; Assert.IsNotNull(unauthorizedObjectResult); Assert.IsInstanceOfType(unauthorizedObjectResult.Value, typeof(string)); string value = (string)unauthorizedObjectResult.Value; Assert.IsNotNull(value); Assert.AreEqual($"Unable to get the access token from Reddit: {error}", value); }
public override void OnException(ExceptionContext context) { var exception = context.Exception; IActionResult result = null; switch (exception) { case AppException ex: result = new BadRequestObjectResult(ex.Message); break; case UnauthorizedAccessException ex: result = new UnauthorizedObjectResult(ex.Message); break; case NotFoundException ex: result = new NotFoundObjectResult(ex.Message); break; default: _logger.LogError(exception, exception.Message); if (_env.IsDevelopment()) { throw exception; } result = new ObjectResult("An unhandled server error has occurred.") { StatusCode = StatusCodes.Status500InternalServerError }; break; } context.Result = result; context.ExceptionHandled = true; }
/// <summary> /// Creates an <see cref="IActionResult"/> from a <see cref="HttpResponseMessage"/>. /// </summary> /// <param name="message">The <see cref="HttpResponseMessage"/> to convert.</param> /// <param name="location">The location of the created resource. This location is used only when a <see cref="HttpStatusCode.Created"/> is handled.</param> /// <param name="authenticationSchemes">The authentication schemes to challenge. This location is used only when a <see cref="HttpStatusCode.Forbidden"/> is handled.</param> /// <param name="authenticationProperties"><see cref="AuthenticationProperties"/> used to perform the authentication challenge. This location is used only when a <see cref="HttpStatusCode.Forbidden"/> is handled.</param> /// <param name="objectResultTypeIfNotSupported">The type of the <see cref="ObjectResult"/> to convert to if the <see cref="HttpResponseMessage.StatusCode"/> of the specified <paramref name="message"/> if not managed.</param> /// <returns> /// An <see cref="IActionResult"/>: /// - containing the stringified <see cref="HttpResponseMessage.Content"/> of the specified <paramref name="message"/>.<para/> /// - having its <see cref="IActionResult.StatusCode"/> property set to the <see cref="HttpResponseMessage.StatusCode"/> of the specified <paramref name="message"/>. /// </returns> /// <remarks> /// Only the following status codes are managed:<para/> /// - HttpStatusCode.BadGateway<para/> /// - HttpStatusCode.BadRequest<para/> /// - HttpStatusCode.Conflict<para/> /// - HttpStatusCode.OK<para/> /// - HttpStatusCode.NotFound<para/> /// - HttpStatusCode.Unauthorized<para/> /// - HttpStatusCode.Created<para/> /// - HttpStatusCode.NoContent<para/> /// - HttpStatusCode.Forbidden<para/> /// - UnprocessableEntity (422) /// </remarks> public static async Task <IActionResult> ToActionResultAsync(this HttpResponseMessage message, List <string>?authenticationSchemes = null, Microsoft.AspNetCore.Authentication.AuthenticationProperties?authenticationProperties = null, Uri?location = null, Type?objectResultTypeIfNotSupported = null) { if (message == null) { throw new ArgumentNullException(nameof(message)); } var messageContent = await message.Content.ReadAsStringAsync(); ObjectResult?resultingObjectResult; switch (message.StatusCode) { case HttpStatusCode.OK: resultingObjectResult = new OkObjectResult(messageContent); break; case HttpStatusCode.Created: resultingObjectResult = new CreatedResult(location, messageContent); break; case HttpStatusCode.NotFound: resultingObjectResult = new NotFoundObjectResult(messageContent); break; case HttpStatusCode.BadRequest: resultingObjectResult = new BadRequestObjectResult(messageContent); break; case HttpStatusCode.Unauthorized: resultingObjectResult = new UnauthorizedObjectResult(messageContent); break; case HttpStatusCode.BadGateway: resultingObjectResult = new BadRequestObjectResult(messageContent); break; case HttpStatusCode.Conflict: resultingObjectResult = new ConflictObjectResult(messageContent); break; case HttpStatusCode.NoContent: return(new NoContentResult()); case HttpStatusCode.Forbidden: return(new ForbidResult(authenticationSchemes, authenticationProperties)); case HttpStatusCode.InternalServerError: return(new StatusCodeResult((int)HttpStatusCode.InternalServerError)); default: if ((int)message.StatusCode == 422) { resultingObjectResult = new UnprocessableEntityObjectResult(messageContent); } else { objectResultTypeIfNotSupported ??= typeof(OkObjectResult); resultingObjectResult = Activator.CreateInstance(objectResultTypeIfNotSupported) as ObjectResult; if (resultingObjectResult == null) { throw new InvalidOperationException($"Can not create an instance of the given type {objectResultTypeIfNotSupported}. Should be an {nameof(ObjectResult)}"); } resultingObjectResult.Value = messageContent; } break; } resultingObjectResult.StatusCode = (int)message.StatusCode; return(resultingObjectResult); }