public IActionResult EditAccessToken([FromBody] CanvasPersonalAccessToken canvasToken)
{
var encodedToken = _tokenManager.ReadAndValidateToken(Request.Headers[_config.authHeader]);
var handler = new JwtSecurityTokenHandler();
JwtSecurityToken decodedToken;
try
{
decodedToken = handler.ReadJwtToken(encodedToken);
}
catch (ArgumentException)
{
return(new UnauthorizedObjectResult("User Token Is Not Valid"));
}
var userId = _tokenManager.GetUserIdFromToken(decodedToken);
if (userId == canvasToken.AppUserId)
{
if (_canvasTokenManager.UpdateCanvasPat(canvasToken))
{
return(new OkObjectResult($"Successfully Updated token: {canvasToken.TokenName}"));
}
else
{
return(new BadRequestObjectResult("An error occured while trying to save the token"));
}
}
else
{
return(new UnauthorizedObjectResult("You do not have permission to edit this token"));
}
}
/// <summary>
/// Updates the details of a Canvas PAT
/// </summary>
/// <param name="personalAccessToken">The PAT to update</param>
/// <returns>Boolean: Whether or not the update operation was successful</returns>
public bool UpdateCanvasPat(CanvasPersonalAccessToken personalAccessToken)
{
var token = _dbCtx.PersonalAccessTokens.Where(x => x.Id == personalAccessToken.Id).FirstOrDefault();
if (token == null)
{
return(false);
}
var oldToken = new CanvasPersonalAccessToken()
{
TokenName = token.TokenName,
AccessToken = token.AccessToken
};
token.TokenName = personalAccessToken.TokenName;
token.AccessToken = personalAccessToken.AccessToken;
try
{
_dbCtx.SaveChanges();
return(true);
}
catch (DbUpdateConcurrencyException e)
{
foreach (var item in e.Entries)
{
if (item.Entity is CanvasPersonalAccessToken)
{
var currValues = item.CurrentValues;
var dbValues = item.GetDatabaseValues();
foreach (var property in currValues.Properties)
{
var currentValue = currValues[property];
var dbValue = dbValues[property];
}
// Refresh the original values to bypass next concurrency check
item.OriginalValues.SetValues(dbValues);
}
else
{
return(false);
}
}
return(true);
}
catch (Exception)
{
// Rollback changes to access token
token.TokenName = oldToken.TokenName;
token.AccessToken = oldToken.AccessToken;
return(false);
}
}
public void Edit_Access_Token_Invalid_User()
{
var controller = new AuthController(_dbCtx);
var creds = new LoginCredentials()
{
Username = "******",
Password = "******"
};
var result = controller.LoginUser(creds) as ObjectResult;
var token = ((AuthResponse)result.Value).ResponseToken;
var httpContext = new DefaultHttpContext();
httpContext.Request.Headers[_config.authHeader] = $"Bearer {token}";
var controllerContext = new ControllerContext()
{
HttpContext = httpContext
};
var canvasController = new CanvasAccessTokenController(_dbCtx);
canvasController.ControllerContext = controllerContext;
var tokenToUpdate = _dbCtx.PersonalAccessTokens.Where(x => x.TokenName.Equals("Nolen1")).FirstOrDefault();
var updatedInfo = new CanvasPersonalAccessToken()
{
Id = tokenToUpdate.Id,
TokenName = tokenToUpdate.TokenName,
AccessToken = tokenToUpdate.AccessToken,
AppUserId = tokenToUpdate.AppUserId,
RowVersion = tokenToUpdate.RowVersion
};
updatedInfo.TokenName = "Nolen31";
canvasController.EditAccessToken(updatedInfo);
var updatedToken = _dbCtx.PersonalAccessTokens.Where(x => x.TokenName.Equals("Nolen31")).FirstOrDefault();
var outcome = updatedToken == null;
Assert.True(outcome);
}
public IActionResult AddCanvasToken([FromBody] CanvasToken canvasToken)
{
var encodedToken = _tokenManager.ReadAndValidateToken(Request.Headers[_config.authHeader]);
var handler = new JwtSecurityTokenHandler();
JwtSecurityToken decodedToken;
try
{
decodedToken = handler.ReadJwtToken(encodedToken);
}
catch (ArgumentException)
{
return(new UnauthorizedObjectResult("User Token Is Not Valid"));
}
var userId = _tokenManager.GetUserIdFromToken(decodedToken);
if (userId == -1)
{
return(new NotFoundObjectResult("Failed to find User"));
}
var pat = new CanvasPersonalAccessToken()
{
TokenName = canvasToken.TokenName,
AccessToken = canvasToken.ApiKey,
AppUserId = userId,
TokenActive = false
};
_dbCtx.PersonalAccessTokens.Add(pat);
try
{
_dbCtx.SaveChanges();
return(new OkObjectResult($"Canvas token: {pat.TokenName} was successfully added!"));
}
catch (Exception)
{
// Rollback token addition
_dbCtx.PersonalAccessTokens.Remove(pat);
return(new NotFoundObjectResult("Failed to Add Canvas Token"));
}
}