public TOutput WithImpersonation <TOutput>(string authToken, string useridToImpersonate, Func <TOutput> action)
{
ImpersonatedUserGuid.Clear();
var authUser = _userService.GetByAuthenticationToken(authToken);
if (authUser == null || !authUser.CanImpersonate)
{
throw (new ImpersonationNotAllowedException());
}
var user = _userService.GetByUserId(useridToImpersonate);
if (user == null)
{
throw (new ImpersonationUserNotFoundException(useridToImpersonate));
}
ImpersonatedUserGuid.Set(user.Guid, authToken);
try
{
return(action());
}
finally
{
ImpersonatedUserGuid.Clear();
}
}
/// <summary>
/// This method sets an impersonation cookie on the OutgoingMessageProperties.HttpRequest. MinistryPlatform looks for this to be set
/// to a GUID of a User, and if set, all requests to MP will act as though that user is executing them, rather than the actual
/// authenticated user. This looks at the <see cref="ImpersonatedUserGuid"/> ThreadLocal to see if there is a user to impersonate.
/// </summary>
private void Impersonate(string currentToken)
{
if (!ImpersonatedUserGuid.HasValue())
{
return;
}
if (ImpersonatedUserGuid.GetToken() != currentToken)
{
return;
}
var httpRequest = OperationContext.Current.OutgoingMessageProperties[HttpRequestMessageProperty.Name] as
HttpRequestMessageProperty;
if (httpRequest == null)
{
httpRequest = new HttpRequestMessageProperty();
OperationContext.Current.OutgoingMessageProperties.Add(HttpRequestMessageProperty.Name, httpRequest);
}
var cookies = new CookieContainer();
cookies.Add(_platformServiceClient.Endpoint.Address.Uri, new Cookie(_impersonateCookieName, ImpersonatedUserGuid.Get()));
httpRequest.Headers.Add(HttpRequestHeader.Cookie, cookies.GetCookieHeader(_platformServiceClient.Endpoint.Address.Uri));
}
public void TestImpersonatedUserGuid()
{
Assert.IsFalse(ImpersonatedUserGuid.HasValue());
ImpersonatedUserGuid.Set("123", "abcdef");
Assert.IsTrue(ImpersonatedUserGuid.HasValue());
Assert.AreEqual("123", ImpersonatedUserGuid.Get());
ImpersonatedUserGuid.Set(" ", " ");
Assert.IsFalse(ImpersonatedUserGuid.HasValue());
ImpersonatedUserGuid.Set("123", "abcdef");
ImpersonatedUserGuid.Clear();
Assert.IsFalse(ImpersonatedUserGuid.HasValue());
}
public void TestWithImpersonation()
{
_userService.Setup(mocked => mocked.GetByAuthenticationToken("123")).Returns(new MpUser
{
CanImpersonate = true
});
_userService.Setup(mocked => mocked.GetByUserId("*****@*****.**")).Returns(new MpUser
{
Guid = "12345"
});
var guid = _fixture.WithImpersonation("123", "*****@*****.**", () => (ImpersonatedUserGuid.Get()));
_userService.VerifyAll();
Assert.AreEqual("12345", guid);
Assert.IsFalse(ImpersonatedUserGuid.HasValue());
}
public void TestWithImpersonationNotAuthorized()
{
_userService.Setup(mocked => mocked.GetByAuthenticationToken("123")).Returns(new MpUser
{
CanImpersonate = false
});
try
{
_fixture.WithImpersonation("123", "*****@*****.**", () => (_action.Object));
Assert.Fail("Expected exception was not thrown");
}
catch (ImpersonationNotAllowedException e)
{
Assert.AreEqual("User is not authorized to impersonate other users.", e.Message);
}
_userService.VerifyAll();
_action.VerifyAll();
Assert.IsFalse(ImpersonatedUserGuid.HasValue());
}
public void TestWithImpersonationUserNotFound()
{
_userService.Setup(mocked => mocked.GetByAuthenticationToken("123")).Returns(new MpUser
{
CanImpersonate = true
});
_userService.Setup(mocked => mocked.GetByUserId("*****@*****.**")).Returns((MpUser)null);
try
{
_fixture.WithImpersonation("123", "*****@*****.**", () => (_action.Object));
Assert.Fail("Expected exception was not thrown");
}
catch (ImpersonationUserNotFoundException e)
{
Assert.AreEqual("Could not locate user '*****@*****.**' to impersonate.", e.Message);
}
_userService.VerifyAll();
_action.VerifyAll();
Assert.IsFalse(ImpersonatedUserGuid.HasValue());
}
