private string GetAuthorizationErrorMessage(AuthorizationError error)
{
var errorMessage = new StringBuilder();
_messageBuilder.AppendFailureHeader(errorMessage, error.OperationType);
foreach (var failedRequirement in error.AuthorizationResult.Failure.FailedRequirements)
{
switch (failedRequirement)
{
case MinimumAgeRequirement minimumAgeRequirement:
errorMessage.AppendLine();
errorMessage.Append("The current user must be at least ");
errorMessage.Append(minimumAgeRequirement.MinimumAge);
errorMessage.Append(" years old.");
break;
default:
_messageBuilder.AppendFailureLine(errorMessage, failedRequirement);
break;
}
}
return(errorMessage.ToString());
}
private static OrderCheckoutDenied GenerateOrderCheckoutDenied(int orderNum)
{
var authorizationError = new AuthorizationError(
createdAt: new DateTime(2013, 12, 8, 14, 12, 12, DateTimeKind.Local), // make sure to initialize DateTime with the correct timezone
errorCode: "Card Declined",
message: "Card was Declined.");
var payments = new[] {
new CreditCardPaymentDetails(
avsResultCode: "Y",
cvvResultCode: "n",
creditCardBin: "124580",
creditCardCompany: "Visa",
creditCardNumber: "XXXX-XXXX-XXXX-4242",
creditCardToken: "2233445566778899"
)
{
AuthorizationError = authorizationError
}
};
var orderCheckoutDenied = new OrderCheckoutDenied(orderNum.ToString())
{
PaymentDetails = payments
};
return(orderCheckoutDenied);
}
public AuthorizationException(string authorizationDomain, string operationName, string operationValue, AuthorizationError authorizationError)
: this(String.Format(
"Authorization failed for operation '{0}' with value '{1}' in the authorization domain '{2}', due to authorization error '{3}'!",
operationName, operationValue, authorizationDomain, authorizationError
))
{
AuthorizationError = authorizationError;
}
private IActionResult PrepareFailureResult(ErrorBase error)
{
return(error switch
{
BadRequestError _ => BadRequest(error),
AuthorizationError _ => Unauthorized(error),
DataNotFoundError _ => NotFound(error),
_ => StatusCode(StatusCodes.Status500InternalServerError)
});
public Task DenyAuthorizationAsync(AuthorizationRequest request, AuthorizationError error, string errorDescription = null)
{
var response = new ConsentResponse
{
Error = error,
ErrorDescription = errorDescription
};
return(GrantConsentAsync(request, response));
}
public override ErrorInfo GetInfo(ExecutionError executionError)
{
var info = base.GetInfo(executionError);
info.Message = executionError switch
{
AuthorizationError authorizationError => GetAuthorizationErrorMessage(authorizationError),
_ => info.Message,
};
return(info);
}
public Task DenyAuthorizationAsync(AuthorizationRequest request, AuthorizationError error, string errorDescription = null)
{
using var activity = Tracing.ServiceActivitySource.StartActivity("DefaultIdentityServerInteractionService.DenyAuthorization");
var response = new ConsentResponse
{
Error = error,
ErrorDescription = errorDescription
};
return(GrantConsentAsync(request, response));
}
/// <summary>
/// Handle authorization error
/// </summary>
/// <param name="error"></param>
/// <param name="message"></param>
/// <param name="user"></param>
/// <returns></returns>
private void HandleAuthorizationError(AuthorizationError error, HttpResponseMessage message, User user)
{
switch (error.Code)
{
case AuthorizationErrorCode.MFA_REQUIRED:
throw new MultiFactorAuthenticationRequiredException((Guid)error.MfaToken);
case AuthorizationErrorCode.CAPTCHA_REQUIRED:
throw new BadLoginException(message, user);
default:
throw new BadResponceException(message);
}
}
protected IActionResult HandleErrors <TData>(Response <TData> response, Func <TData, IActionResult> onSuccess)
where TData : class
{
return(response.Match(
error => error switch
{
AuthenticationError ae => Unauthorized(ae),
AuthorizationError _ => Forbid(),
ObjectAlreadyExistsError oaee => Conflict(oaee),
ObjectNotFoundError onfe => NotFound(onfe),
UserError ue => UnprocessableEntity(ue),
ValidationError ve => BadRequest(ve),
DomainError de => UnprocessableEntity(new { de.ExceptionType.Name, error.Message }),
_ => StatusCode(StatusCodes.Status500InternalServerError, error)
},
public void Update(AuthorizationError error)
{
switch (error)
{
case AuthorizationError.None:
NoneCount++;
break;
case AuthorizationError.Failed:
FailedCount++;
break;
case AuthorizationError.Continue:
ContinueCount++;
break;
case AuthorizationError.Success:
SuccessCount++;
break;
}
}
public async void SendAsync_ShouldThrowExceptionWithAuthorizationErrorReturnedByTheResponseFactory_WhenResponseStatusCodeIsUnauthorized_AndResponseHasAuthozationErrorBody()
{
var expectedAuthError = new AuthorizationError();
AuthorizationError actualAuthError = null;
var handler = CreateErrorHandler(respFact: new FakeApiResponseFactory(new ApiResponse <AuthorizationError> {
BodyAsObject = expectedAuthError
}),
resp: new HttpResponseMessage {
StatusCode = HttpStatusCode.Unauthorized
});
try
{
await new HttpMessageInvoker(handler).SendAsync(new HttpRequestMessage(), CancellationToken.None);
}
catch (ApiAuthorizationException ex)
{
actualAuthError = ex.AuthorizationError;
}
Assert.AreSame(expectedAuthError, actualAuthError);
}
public static IActionResult GetResponseFromResult(this ControllerBase controllerBase, Result result)
{
if (result.Succeeded)
{
var type = result.GetType();
if (type.IsGenericType && type.GetGenericTypeDefinition() == typeof(Result <>))
{
return(controllerBase.Ok(type.GetProperty("Value").GetValue(result, null)));
}
return(controllerBase.NoContent());
}
return(result.Error switch
{
NotFoundError e => controllerBase.BadRequest(e.Message),
DataValidationError e => controllerBase.BadRequest(e.Message),
AuthorizationError e => controllerBase.Forbid(e.Message),
IdentityError e => controllerBase.BadRequest(e.Message),
BuisnessRuleViolationError e => controllerBase.BadRequest(e.Message),
_ => throw new UnhandledErrorResultException() //TODO: Error message
});
/// <summary>
/// Creates a new <see cref="AuthorizationRequiredException"/>.
/// </summary>
/// <param name="request">The original request.</param>
/// <param name="response">The response.</param>
/// <param name="error">The error.</param>
/// <exception cref="ArgumentNullException"><paramref name="request"/>, <paramref name="response"/> or <paramref name="error"/> is <c>null</c>.</exception>
public AuthorizationRequiredException(IWebApiRequest request, IWebApiResponse <ErrorObject> response, AuthorizationError error) :
base(request, response, response?.Content.Message ?? string.Empty)
{
this.AuthorizationError = error;
}
public Task DenyAuthorizationAsync(AuthorizationRequest request, AuthorizationError error, string errorDescription = null)
{
throw new NotImplementedException();
}
private AuthorizationCommands GetCommand(AuthorizationStatistic statistic, S scheme, AuthorizationError error)
{
switch (error)
{
case AuthorizationError.Success:
return(AuthorizationCommands.None);
case AuthorizationError.Continue:
return((statistic.SuccessCount > 0)
? AuthorizationCommands.Cancel
: AuthorizationCommands.Continue);
case AuthorizationError.Failed:
if (CanTryAgainWhenFail(scheme))
{
if (statistic.SuccessCount == 0 && statistic.ContinueCount == 0)
{
return(AuthorizationCommands.TryAgain);
}
}
return(AuthorizationCommands.Cancel);
case AuthorizationError.None:
return((statistic.SuccessCount > 0 || statistic.ContinueCount > 0 || statistic.FailedCount > 0)
? AuthorizationCommands.None
: AuthorizationCommands.TryAgain);
default:
throw new InvalidProgramException();
}
}
AuthorizationShedulerResponse <W> IAuthorizationSheduler <R, W, S> .GetCommand(AuthorizationShedulerState <R> state, S scheme, AuthorizationError error)
{
state.Statistic.Update(error);
if (state.Agent < agents.Count - 1)
{
state.Agent++;
var response = agents[state.Agent].IsAuthorized(this, state);
var command = GetCommand(response.Statistic, scheme, error);
var writer = GetWriter(command, state.Reader, response.Writer);
return(new AuthorizationShedulerResponse <W>(command, response.Statistic, writer));
}
else
{
var command = GetCommand(state.Statistic, scheme, error);
var writer = GetWriter(command, state.Reader, default(W));
return(new AuthorizationShedulerResponse <W>(command, state.Statistic, writer));
}
}
/// <summary>
/// @Deprecated - Create a checkout denied (deprecated constructor, please use PaymentDetails.AuthorizationError)
/// </summary>
/// <param name="merchantOrderId">The unique id of the order at the merchant systems</param>
/// <param name="authorizationError">
/// An object describing the failed result of an authorization attempt by a payment
/// gateway
/// </param>
public OrderCheckoutDenied(string merchantOrderId, AuthorizationError authorizationError)
: base(merchantOrderId)
{
AuthorizationError = authorizationError;
}
public VippsAuthorizationException(AuthorizationError error) : base(error.ErrorDescription)
{
Error = error;
}
public AuthorizationResponse(IRequest request, AuthorizationError authorizationError)
: base(ResponderId.FromString("Authorization"), ResponseId.New(), request)
{
AuthorizationError = authorizationError;
}
public AuthorizationExeption(AuthorizationError error, string message)
: base(message)
{
Error = error;
}
/// <summary>
/// Creates a new <see cref="AuthorizationRequiredException"/>.
/// </summary>
/// <param name="request">The original request.</param>
/// <param name="response">The response.</param>
/// <param name="error">The error.</param>
/// <exception cref="ArgumentNullException"><paramref name="request"/>, <paramref name="response"/> or <paramref name="error"/> is <c>null</c>.</exception>
public AuthorizationRequiredException(IHttpRequest request, IHttpResponse <ErrorObject> response, AuthorizationError error) :
base(request, response, response.Content.Message)
{
this.AuthorizationError = error;
}
private Task <AuthorizationResult> IsNotAuthorizedResult(AuthorizationError authorizationError)
{
return(Task.FromResult(new AuthorizationResult().AddError(authorizationError)));
}
