public AccessDetails ExecuteUserAuth(AuthorizerRequest authorizerRequest) { LambdaLogger.Log("Begins user auth flow"); var validTokenClaims = ValidateTokenHelper.ValidateToken(authorizerRequest.Token, Environment.GetEnvironmentVariable("hackneyUserAuthTokenJwtSecret")); if (validTokenClaims == null || validTokenClaims.Count == 0) { return(ReturnNotAuthorised(authorizerRequest)); } var user = new HackneyUser(); user.Groups = validTokenClaims.Where(x => x.Type == "groups").Select(y => y.Value).ToList(); user.Email = validTokenClaims.Find(x => x.Type == "email").Value; //get STS credentials and pass them to API gateway var credentials = _awsStsGateway.GetTemporaryCredentials(authorizerRequest.AwsAccountId).Credentials; //get API name var apiName = _awsApiGateway.GetApiName(authorizerRequest.ApiAwsId, credentials); LambdaLogger.Log($"API name retrieved - {apiName}"); //check if API is in the DynamoDB var apiDataInDb = _dynamoDbGateway.GetAPIDataByNameAndEnvironmentAsync(apiName, authorizerRequest.Environment); return(new AccessDetails { Allow = VerifyAccessHelper.ShouldHaveAccessUserFlow(user, authorizerRequest, apiDataInDb, apiName), User = validTokenClaims.Find(x => x.Type == "email").Value }); }
public void IfGroupsInDbDoMatchUserGroupsShouldReturnTrue() { var allowedGroups = new List <string> { _faker.Random.Word(), _faker.Random.Word() }; var userGroups = allowedGroups; var dbData = GenerateTokenDataUserFlow(_request, _apiName, allowedGroups); var hackneyUser = new HackneyUser() { Groups = userGroups }; var result = VerifyAccessHelper.ShouldHaveAccessUserFlow(hackneyUser, _request, dbData, _apiName); result.Should().BeTrue(); }
public void IfAWSAccounttInRequestDoesNotMatchAWSAccountInDbShouldReturnFalse() { var allowedGroups = new List <string> { _faker.Random.Word(), _faker.Random.Word() }; var userGroups = allowedGroups; var dbData = GenerateTokenDataUserFlow(_request, _apiName, allowedGroups); dbData.AwsAccount = _faker.Random.Word(); var hackneyUser = new HackneyUser() { Groups = userGroups }; var result = VerifyAccessHelper.ShouldHaveAccessUserFlow(hackneyUser, _request, dbData, _apiName); result.Should().BeFalse(); }