/// <summary> /// Checks if user is authorized as an administrator. /// </summary> /// <param name="request">HttpRequest being performed.</param> private async Task authorizeAdministrator(HttpRequest request) { StringValues userAgentHeaderValue; bool hasUserAgentHeader = request.Headers.TryGetValue(USER_AGENT_HEADER, out userAgentHeaderValue); StringValues secretHeaderValue; bool hasSecretHeader = request.Headers.TryGetValue(SECRET_HEADER, out secretHeaderValue); string sessionCookieValue; bool hasSessionCookie = request.Cookies.TryGetValue(SESSION_COOKIE_NAME, out sessionCookieValue); if (!hasUserAgentHeader) { throw new ArgumentException(USER_AGENT_HEADER_NOT_FOUND); } if (!hasSecretHeader) { throw new ArgumentException(SECRET_HEADER_NOT_FOUND); } if (!hasSessionCookie) { throw new ArgumentException(SESSION_COOKIE_NOT_FOUND); } HttpClient client = this.clientFactory.CreateClient(MYCA_CLIENT_NAME); Uri uri = new Uri(client.BaseAddress + "/autho?administrator=true"); HttpRequestMessage requestMessage = new HttpRequestMessage(HttpMethod.Get, uri); requestMessage.Headers.TryAddWithoutValidation(SECRET_HEADER, secretHeaderValue.ToString()); requestMessage.Headers.TryAddWithoutValidation(USER_AGENT_HEADER, userAgentHeaderValue.ToString()); requestMessage.Headers.TryAddWithoutValidation(COOKIE_HEADER, "MYCASESSION=" + sessionCookieValue); var response = await client.SendAsync(requestMessage); if (response.StatusCode != HttpStatusCode.NoContent) { if (response.StatusCode == HttpStatusCode.Unauthorized) { SimpleJSONMessageService message = await response.Content.ReadAsAsync <SimpleJSONMessageService>(); throw new NotAuthorizedException(message.message); } else if (response.StatusCode == HttpStatusCode.InternalServerError) { throw new Exception(AUTHORIZATION_SERVICE_UNEXPECTED_ERROR); } } }
/// <summary> /// Capture a user's API token and adds it as a header to the request made to the CustomizedProductController. /// </summary> /// <param name="request">HttpRequest being performed.</param> private async Task captureUserApiToken(HttpRequest request) { string sessionCookieValue; bool hasSessionCookie = request.Cookies.TryGetValue(SESSION_COOKIE_NAME, out sessionCookieValue); StringValues userAgentHeaderValue; bool hasUserAgentHeader = request.Headers.TryGetValue(USER_AGENT_HEADER, out userAgentHeaderValue); StringValues secretHeaderValue; bool hasSecretHeader = request.Headers.TryGetValue(SECRET_HEADER, out secretHeaderValue); HttpClient httpClient = this.clientFactory.CreateClient(MYCA_CLIENT_NAME); Uri userUri = new Uri(httpClient.BaseAddress + "/users"); HttpRequestMessage userRequestMessage = new HttpRequestMessage(HttpMethod.Get, userUri); userRequestMessage.Headers.TryAddWithoutValidation(SECRET_HEADER, secretHeaderValue.ToString()); userRequestMessage.Headers.TryAddWithoutValidation(USER_AGENT_HEADER, userAgentHeaderValue.ToString()); userRequestMessage.Headers.TryAddWithoutValidation(COOKIE_HEADER, "MYCASESSION=" + sessionCookieValue); var userResponse = await httpClient.SendAsync(userRequestMessage); if (userResponse.StatusCode == HttpStatusCode.OK) { UserDetailsModelView userDetailsModelView = await userResponse.Content.ReadAsAsync <UserDetailsModelView>(); request.Headers.TryAdd(USER_TOKEN_HEADER, userDetailsModelView.apiToken); } else { SimpleJSONMessageService message = await userResponse.Content.ReadAsAsync <SimpleJSONMessageService>(); if (userResponse.StatusCode == HttpStatusCode.BadRequest) { throw new ArgumentException(message.message); } else if (userResponse.StatusCode == HttpStatusCode.Unauthorized) { throw new NotAuthorizedException(message.message); } else if (userResponse.StatusCode == HttpStatusCode.InternalServerError) { throw new Exception(AUTHORIZATION_SERVICE_UNEXPECTED_ERROR); } } }
/// <summary> /// Checks if user is authorized as a client. /// </summary> /// <param name="request">HttpRequest being performed.</param> private async Task authorizeClient(HttpRequest request) { string sessionCookieValue; bool hasSessionCookie = request.Cookies.TryGetValue(SESSION_COOKIE_NAME, out sessionCookieValue); //if the session cookie has a value, check if the user is authorized as a client if (hasSessionCookie && sessionCookieValue.Length > 0) { StringValues userAgentHeaderValue; bool hasUserAgentHeader = request.Headers.TryGetValue(USER_AGENT_HEADER, out userAgentHeaderValue); StringValues secretHeaderValue; bool hasSecretHeader = request.Headers.TryGetValue(SECRET_HEADER, out secretHeaderValue); HttpClient authorizationClient = this.clientFactory.CreateClient(MYCA_CLIENT_NAME); Uri authorizationUri = new Uri(authorizationClient.BaseAddress + "/autho"); HttpRequestMessage requestMessage = new HttpRequestMessage(HttpMethod.Get, authorizationUri); requestMessage.Headers.TryAddWithoutValidation(SECRET_HEADER, secretHeaderValue.ToString()); requestMessage.Headers.TryAddWithoutValidation(USER_AGENT_HEADER, userAgentHeaderValue.ToString()); requestMessage.Headers.TryAddWithoutValidation(COOKIE_HEADER, "MYCASESSION=" + sessionCookieValue); var response = await authorizationClient.SendAsync(requestMessage); if (response.StatusCode != HttpStatusCode.NoContent) { if (response.StatusCode == HttpStatusCode.Unauthorized) { SimpleJSONMessageService message = await response.Content.ReadAsAsync <SimpleJSONMessageService>(); throw new NotAuthorizedException(message.message); } else if (response.StatusCode == HttpStatusCode.InternalServerError) { throw new Exception(AUTHORIZATION_SERVICE_UNEXPECTED_ERROR); } } //if the user is authorized, capture the api token await this.captureUserApiToken(request); } }