public async Task <IHttpActionResult> Post(ApplicationSettings entity, CancellationToken ct) { if (!ModelState.IsValid) { return(Request.CreateBadRequestResult(Resources.BadRequestErrorMessage, ModelState)); } var dbEntity = await _uow.ApplicationSettings.GetByUserIdAndApplicationIdAsync( entity.UserId, entity.ApplicationId, ct); if (dbEntity != null) { //return Request.CreateConflictResponse("Duplicated"); //Esoterica host does not allow the verbs DELETE, PUT or PATCH so we update the entity here return(await Put(entity.UserId, entity.ApplicationId, entity, null, ct)); } await _uow.BeginAsync(ct); entity.Application = await _uow.Security.Applications.GetByIdAsync( entity.ApplicationId, ct); if (entity.Application == null) { return(NotFound()); } entity.CreatedOn = entity.UpdatedOn = DateTimeOffset.Now; if (entity.Values == null) { entity.Values = new Dictionary <string, object>(); } entity.Value = JsonConvert.SerializeObject(entity.Values); entity = await _uow.ApplicationSettings.AddAsync(entity, ct); await _uow.CommitAsync(ct); return(Created(entity)); }
public async Task <IHttpActionResult> Post(AuthorizationRequest entity, CancellationToken ct) { if (entity == null) { ModelState.AddModelError("entity", Resources.ModelValidation_RequiredScoped); return(Request.CreateBadRequestResult(Resources.BadRequestErrorMessage, ModelState)); } await _uow.BeginAsync(ct); var user = await GetUserAsync(entity.UserName.Trim().ToLowerInvariant(), entity.Password, ct); if (user == null) { return(Request.CreateConflictResponse(Resources.Conflict_Authorizations_InvalidCredentials)); } if (!user.EmailConfirmed) { return(Request.CreateConflictResponse(Resources.Conflict_Authorizations_MissingEmailConfirmation)); } // Try to find an existing token for the application var authenticationToken = await GetApiAuthenticationTokenAsync(user.Id, entity.ApplicationId, ct); if (authenticationToken == null) { // Searches if the application exists var application = await GetApiApplicationUserAsync(entity.ApplicationId, ct); if (application == null) { ModelState.AddModelError( "request.ApplicationId", Resources.Conflict_Authorizations_ApiApplicationNotFoundScoped); return(Request.CreateConflictResponse(Resources.Conflict_Shared_GenericMessage, ModelState)); } // Create a new global refresh token without any access tokens authenticationToken = await AddApiAuthenticationTokenAsync(user, application, ct); } // Always create a new access token with a TTL of 1h var authenticationAccessToken = new ApiAuthenticationAccessToken { AccessToken = Guid.NewGuid(), ExpirationDate = DateTime.Now.AddHours(1) }; authenticationToken.ApiAuthenticationAccessTokens.Add(authenticationAccessToken); await _uow.CommitAsync(ct); entity.Authorization = new Authorization { AccessToken = authenticationAccessToken.AccessToken.ToString() .EncodeToBase64ASCII(), RefreshToken = authenticationToken.RefreshToken.ToString().EncodeToBase64ASCII(), ExpiresIn = (int) authenticationAccessToken.ExpirationDate.Subtract(DateTime.Now) .TotalMinutes, UserName = user.UserName }; return(Created(entity)); }
public async Task <IHttpActionResult> Get( [FromODataUri] string applicationId, [FromODataUri] string refreshToken, CancellationToken ct) { var applicationIdDecoded = applicationId.DecodeFromBase64ASCII(); var refreshTokenDecoded = Guid.Parse(refreshToken.DecodeFromBase64ASCII()); await _uow.BeginAsync(ct); var apiApplication = await _uow.Security.Applications.GetByIdAsync(applicationIdDecoded, ct); if (apiApplication == null) { ModelState.AddModelError( "applicationId", Resources.Conflict_Authorizations_ApiApplicationNotFoundScoped); return(Request.CreateConflictResponse(Resources.Conflict_Shared_GenericMessage, ModelState)); } var authenticationToken = await _uow.ExecuteQueryAndGetFirstOrDefaultAsync( _uow.Security.ApiAuthenticationTokens.GetAllAndFetch(e => e.BaseApiUser) .Where(at => at.ApiApplicationId == applicationIdDecoded && at.RefreshToken == refreshTokenDecoded), ct); if (authenticationToken == null) { ModelState.AddModelError( "refreshToken", Resources.Conflict_Authorizations_RefreshTokenNotFound); return(Request.CreateConflictResponse(Resources.Conflict_Shared_GenericMessage, ModelState)); } // Always create a new access token var authenticationAccessToken = new ApiAuthenticationAccessToken { AccessToken = Guid.NewGuid(), ExpirationDate = DateTime.Now.AddHours(1) }; authenticationToken.ApiAuthenticationAccessTokens.Add(authenticationAccessToken); await _uow.CommitAsync(ct); var entity = new AuthorizationRefresh { ApplicationId = applicationId, RefreshToken = refreshToken, Authorization = new Authorization { AccessToken = authenticationAccessToken.AccessToken.ToString().EncodeToBase64ASCII(), RefreshToken = authenticationToken.RefreshToken.ToString().EncodeToBase64ASCII(), ExpiresIn = (int)authenticationAccessToken.ExpirationDate.Subtract(DateTime.Now).TotalMinutes, UserName = authenticationToken.BaseApiUser.UserName } }; return(Ok(entity)); }