/// <summary> /// Check user authorization by calling a database stored-procedure /// </summary> /// <param name="dbCTX">Default ORM</param> /// <param name="data"></param> /// <returns></returns> public static bool IsUserAccessToAPI(Database.IDatabaseContext dbCTX, Models.Database.StoredProcedures.SP_User_AccessToAPI.Inputs data) { if (dbCTX == null) { throw new ArgumentNullException("In IsUserAccessToAPI the dbCTX could not be null."); } if (data == null) { throw new ArgumentNullException("In IsUserAccessToAPI the data could not be null."); } //Calling sp var rst = dbCTX.SP_User_AccessToAPI(data); //Check result if (rst == null || rst.StatusCode != 200 || !string.IsNullOrEmpty(rst.ErrorMessage) || rst.Data == null) { return(false); } if (!(rst.Data is Models.Database.StoredProcedures.SP_User_AccessToAPI.Outputs)) { return(false); } var result = rst.Data as Models.Database.StoredProcedures.SP_User_AccessToAPI.Outputs; return(result.Result); }
public void SP_User_AccessToAPI_WhenPassingEmptyAPIAddressOrEmptyToken_ThrowsArgumentNullException(string token, string apiAddress) { var inputs = new Models.Database.StoredProcedures.SP_User_AccessToAPI.Inputs() { Token = token, APIAddress = apiAddress }; Assert.That(() => _dbCTX.SP_User_AccessToAPI(inputs), Throws.ArgumentNullException); }
public void SP_User_AccessToAPI_WhenPassingValidData_ItRunsCallMethod() { var inputs = new Models.Database.StoredProcedures.SP_User_AccessToAPI.Inputs() { Token = "TokenValue", APIAddress = "http://Domain.com/api" }; var sp = new Mock <Models.Database.ISP <Models.Database.StoredProcedures.SP_User_AccessToAPI.Inputs> >(); _dbCTX.SP_User_AccessToAPI(inputs, sp.Object); sp.Verify(s => s.Call(inputs)); }
public void SP_User_AccessToAPI_WhenPassingValidData_ItReturnDBResult() { var inputs = new Models.Database.StoredProcedures.SP_User_AccessToAPI.Inputs() { Token = "TokenValue", APIAddress = "http://Domain.com/api" }; var sp = new Mock <Models.Database.ISP <Models.Database.StoredProcedures.SP_User_AccessToAPI.Inputs> >(); sp.Setup(s => s.Call(inputs)).Returns(new Models.Database.DBResult()); var result = _dbCTX.SP_User_AccessToAPI(inputs, sp.Object); Assert.That(result, Is.Not.Null); Assert.That(result, Is.TypeOf(typeof(Models.Database.DBResult))); }
/// <summary> /// Check user authorization for the new request /// </summary> /// <param name="context"></param> /// <returns></returns> private bool IsAccessToCurrentRequest(AuthorizationFilterContext context) { var data = new Models.Database.StoredProcedures.SP_User_AccessToAPI.Inputs() { Token = context.HttpContext.User.GetToken(), APIAddress = _apiAddress }; //Get default ORM var dbCTX = context.HttpContext.RequestServices.GetService(typeof(FTSS.Logic.Database.IDatabaseContext)) as FTSS.Logic.Database.IDatabaseContext; //Check user authorization var rst = Logic.Security.Common.IsUserAccessToAPI(dbCTX, data); return(rst); }
public void Setup() { _key = "A simple key for generating JWT and test the common class."; _issuer = "http://FTSS.com"; _expireDate = System.DateTime.Now.AddDays(1); _claims = new System.Security.Claims.Claim[] { new System.Security.Claims.Claim("Key1", "value1"), new System.Security.Claims.Claim("Key2", "value2"), }; _ctx = new Mock <Logic.Database.IDatabaseContext>(); _data = new Models.Database.StoredProcedures.SP_User_AccessToAPI.Inputs() { APIAddress = "http://FTSS.com/api", Token = "DatabaseToken" }; }
public DBResult SP_User_AccessToAPI(Models.Database.StoredProcedures.SP_User_AccessToAPI.Inputs inputs, ISP <Models.Database.StoredProcedures.SP_User_AccessToAPI.Inputs> sp = null) { if (inputs == null) { throw new ArgumentNullException("Invalid inputs data."); } if (string.IsNullOrEmpty(inputs.Token) || string.IsNullOrEmpty(inputs.APIAddress)) { throw new ArgumentNullException("Token and APIAddress could not be empty."); } if (sp == null) { sp = new FTSS.DP.DapperORM.StoredProcedure.SP_User_AccessToAPI(GetConnectionString()); } var rst = sp.Call(inputs); return(rst); }