public IActionResult Put(string id, [FromBody] ApiResource apiResource) { var is4ApiResource = apiResource.ToIs4ApiResource(); return(ValidateAndExecute(is4ApiResource, () => { if (!string.Equals(id, apiResource.Name)) { return CreateFailureResponse( "The ApiResource Name in the request URL path must match the ApiResource Name in the request body.", HttpStatusCode.BadRequest); } var storedApiResource = _apiResourceStore.GetResource(id); if (string.IsNullOrEmpty(storedApiResource?.Name)) { return CreateFailureResponse($"The specified api resource with id:{id} was not found", HttpStatusCode.NotFound); } // Prevent from changing secrets. is4ApiResource.ApiSecrets = storedApiResource.ApiSecrets; // Prevent from changing payload Name. is4ApiResource.Name = id; _apiResourceStore.UpdateResource(id, is4ApiResource); return NoContent(); })); }
public IActionResult Post([FromBody] ApiResource apiResource) { var is4ApiResource = apiResource.ToIs4ApiResource(); return(ValidateAndExecute(is4ApiResource, () => { var existingResource = _apiResourceStore.GetResource(apiResource.Name); if (existingResource != null) { return CreateFailureResponse( $"Api resource {apiResource.Name} already exists. Please provide a new name", HttpStatusCode.Conflict); } // override any secret in the request. // TODO: we need to implement a salt strategy, either at the controller level or store level. var resourceSecret = GeneratePassword(); is4ApiResource.ApiSecrets = new List <IS4.Secret> { GetNewSecret(resourceSecret) }; _apiResourceStore.AddResource(is4ApiResource); var viewResource = is4ApiResource.ToApiResourceViewModel(); viewResource.ApiSecret = resourceSecret; return CreatedAtAction("Get", new { id = apiResource.Name }, viewResource); }, $"{FabricIdentityConstants.ValidationRuleSets.ApiResourcePost},{FabricIdentityConstants.ValidationRuleSets.Default}")); }