Esempio n. 1
0
 public async Task<IActionResult> Get(int userId, [FromHeader] string authorization)
 {
     try
     {
         AuthorizationRequirement req = new AuthorizationRequirement
         {
             AuthResourceType = Authorization.AuthResourceType.User,
             ResourceId = userId,
             Scopes = Authorization.AuthScopes.Readable
         };
         WebAuthorizationHandler authHandler = new WebAuthorizationHandler(authorization);
         if (!await authHandler.IsValid(IdentityRepo, Request.Method, Request.Path)) { return HttpUnauthorized(); }
         if (!await authHandler.FulFill(IdentityRepo, req)) { return HttpUnauthorized(); }
         return new ObjectResult(await IdentityRepo.UserManager.FindUser(userId));
     }
     catch (TokenExtractionException) { return HttpUnauthorized(); }
     catch (SimpleIdentityDataNotFoundException) { return HttpUnauthorized(); }
 }
 public async Task<bool> FulFill(ISimpleIdentityRepository repo, AuthorizationRequirement req)
 {
     return await req.Fulfill(repo, Token);
 }
Esempio n. 3
0
 public async Task<IActionResult> Put(int userId, [FromHeader] string authorization, [FromBody]User user)
 {
     try
     {
         AuthorizationRequirement req = new AuthorizationRequirement
         {
             AuthResourceType = Authorization.AuthResourceType.User,
             ResourceId = userId,
             Scopes = Authorization.AuthScopes.Editable
         };
         WebAuthorizationHandler authHandler = new WebAuthorizationHandler(authorization);
         if (!await authHandler.IsValid(IdentityRepo, Request.Method, Request.Path, Request.Body)) { return HttpUnauthorized(); }
         if (!await authHandler.FulFill(IdentityRepo, req)) { return HttpUnauthorized(); }
         if (user.Id != userId) return HttpUnauthorized();
         await IdentityRepo.UserManager.UpdateUser(user);
         return new NoContentResult();
     }
     catch (SimpleIdentityUserException) { return HttpUnauthorized(); }
     catch (SimpleIdentityDataNotFoundException) { return HttpUnauthorized(); }
     catch (SimpleIdentityDataException e) { return HttpBadRequest(new { error = e.Message }); }
 }
Esempio n. 4
0
 public async Task<ActionResult> GetAccounts(int userId, [FromHeader] string authorization)
 {
     try
     {
         AuthorizationRequirement req = new AuthorizationRequirement
         {
             AuthResourceType = Authorization.AuthResourceType.User,
             ResourceId = userId,
             Scopes = Authorization.AuthScopes.Readable
         };
         WebAuthorizationHandler authHandler = new WebAuthorizationHandler(authorization);
         if (!await authHandler.IsValid(IdentityRepo, Request.Method, Request.Path)) { return HttpUnauthorized(); }
         if (!await authHandler.FulFill(IdentityRepo, req)) { return HttpUnauthorized(); }
         IEnumerable<Account> accounts = await Repo.AccountManager.ListAccounts(userId);
         List<Account> readableAccounts = new List<Account>();
         foreach (Account account in accounts)
         {
             List<AuthorizationRequirement> accReqs = new List<AuthorizationRequirement>();
             accReqs.Add(new AuthorizationRequirement
             {
                 AuthResourceType = Authorization.AuthResourceType.User,
                 ResourceId = userId,
                 Scopes = Authorization.AuthScopes.Full
             });
             accReqs.Add(new AuthorizationRequirement
             {
                 AuthResourceType = Authorization.AuthResourceType.Book,
                 ResourceId = account.Book.Id,
                 Scopes = Authorization.AuthScopes.Readable
             });
             accReqs.Add(new AuthorizationRequirement
             {
                 AuthResourceType = Authorization.AuthResourceType.Account,
                 ResourceId = account.Id,
                 Scopes = Authorization.AuthScopes.Readable
             });
             if (await authHandler.FulFillAny(IdentityRepo, accReqs)) { readableAccounts.Add(account); }
         }
         return new ObjectResult(readableAccounts.AsEnumerable());
     }
     catch (TokenExtractionException) { return HttpUnauthorized(); }
 }
Esempio n. 5
0
 public async Task<IActionResult> PostBook(int userId, [FromBody] Book book, [FromHeader] string authorization)
 {
     if (book.UserId != userId) { return HttpUnauthorized(); }
     try
     {
         AuthorizationRequirement req = new AuthorizationRequirement
         {
             AuthResourceType = Authorization.AuthResourceType.User,
             ResourceId = userId,
             Scopes = Authorization.AuthScopes.Editable
         };
         WebAuthorizationHandler authHandler = new WebAuthorizationHandler(authorization);
         if (!await authHandler.IsValid(IdentityRepo, Request.Method, Request.Path, Request.Body)) { return HttpUnauthorized(); }
         if (!await authHandler.FulFill(IdentityRepo, req)) { return HttpUnauthorized(); }
         Book bookCreated = await Repo.BookManager.CreateBook(book);
         return CreatedAtRoute("GetBook", new { controller = "books", bookId = bookCreated.Id }, bookCreated);
     }
     catch (TokenExtractionException) { return HttpUnauthorized(); }
     catch (PiggyBankDataNotFoundException) { return HttpUnauthorized(); }
     catch (PiggyBankDataException e) { return HttpBadRequest(new { error = e.Message }); }
 }
Esempio n. 6
0
        public async Task<IActionResult> GetBooks(int userId, [FromHeader] string authorization)
        {
            try
            {
                AuthorizationRequirement req = new AuthorizationRequirement
                {
                    AuthResourceType = Authorization.AuthResourceType.User,
                    ResourceId = userId,
                    Scopes = Authorization.AuthScopes.Readable
                };
                WebAuthorizationHandler authHandler = new WebAuthorizationHandler(authorization);
                if (!await authHandler.IsValid(IdentityRepo, Request.Method, Request.Path)) { return HttpUnauthorized(); }
                if (!await authHandler.FulFill(IdentityRepo, req)) { return HttpUnauthorized(); }

                List<Book> readableBooks = new List<Book>();
                IEnumerable<Book> books = await Repo.BookManager.ListBooks(userId);
                foreach (Book book in books)
                {
                    List<AuthorizationRequirement> bookReqs = new List<AuthorizationRequirement>();
                    bookReqs.Add(new AuthorizationRequirement
                    {
                        AuthResourceType = Authorization.AuthResourceType.User,
                        ResourceId = userId,
                        Scopes = Authorization.AuthScopes.Full
                    });
                    bookReqs.Add(new AuthorizationRequirement
                    {
                        AuthResourceType = Authorization.AuthResourceType.Book,
                        ResourceId = book.Id,
                        Scopes = Authorization.AuthScopes.Readable
                    });
                    if (await authHandler.FulFillAny(IdentityRepo, bookReqs)) { readableBooks.Add(book); }
                }
                return new ObjectResult(readableBooks.AsEnumerable());
            }
            catch (TokenExtractionException) { return HttpUnauthorized(); }
            catch (PiggyBankDataNotFoundException) { return HttpUnauthorized(); }
        }