public async Task <CustomerAuthenticationDTO> CreateAsync(CustomerAuthenticationDTO authMethod)
{
var sqlParams = new
{
Id = Guid.NewGuid(),
CustomerId = authMethod.CustomerId.RawValue,
CredentialType = (int)authMethod.CredentialType,
authMethod.Secret,
authMethod.DisplayName,
CreationTime = DateTime.UtcNow,
CreatedBy = authMethod.CreatedBy.RawValue
};
string sql = @";
INSERT INTO dbo.CustomerAuthenticationMethods(Id, CustomerId, CredentialType, Secret, DisplayName, CreationTime, CreatedBy, IsRevoked)
VALUES(@Id, @CustomerId, @CredentialType, @Secret, @DisplayName, @CreationTime, @CreatedBy, 0);
SELECT Id,
CustomerId,
CredentialType,
Secret,
DisplayName,
CreationTime,
CreatedBy,
IsRevoked,
RevokeTime
FROM dbo.CustomerAuthenticationMethods
WHERE Id = @Id;
";
return(await _db.QuerySingle(async (db) =>
{
return await db.FetchAsync <CustomerAuthenticationDTO>(sql, sqlParams);
}));
}
public async Task <CustomerAuthenticationDTO> UpdateAsync(CustomerAuthenticationDTO authMethod)
{
var sqlParams = new
{
Id = authMethod.Id.RawValue,
CustomerId = authMethod.CustomerId.RawValue,
authMethod.IsRevoked,
authMethod.RevokeTime
};
string sql = @";
UPDATE dbo.CustomerAuthenticationMethods
SET IsRevoked = @IsRevoked,
RevokeTime = @RevokeTime
WHERE CustomerId = @CustomerId
And Id = @Id;
SELECT Id,
CustomerId,
CredentialType,
Secret,
DisplayName,
CreationTime,
CreatedBy,
IsRevoked,
RevokeTime
FROM dbo.CustomerAuthenticationMethods
WHERE CustomerId = @CustomerId
And Id = @Id;
";
return(await _db.QuerySingle(async (db) =>
{
return await db.FetchAsync <CustomerAuthenticationDTO>(sql, sqlParams);
}));
}
public APIKeyModel(CustomerAuthenticationDTO method)
{
Id = method.Id;
Secret = method.Secret;
DisplayName = method.DisplayName;
CreationTime = method.CreationTime;
IsRevoked = method.IsRevoked;
RevokeTime = method.RevokeTime;
CredentialType = method.CredentialType;
CreatedBy = method.CreatedBy;
}
public async Task <IActionResult> CreateAPIKeyAsync([FromBody] CreateAPIKeyModel model)
{
if (!ModelState.IsValid)
{
return(BadRequest(ModelState));
}
// TODO - improve on this, we already load these details during auth validation
var session = await _membership.GetSessionDetailsAsync(User);
var user = await _persistence.Users.GetAsync(session.User.Id);
var secret = GenerateAPIKey();
var newKey = new CustomerAuthenticationDTO(null, user.CustomerId, CredentialType.CustomerAPIKey, secret, model.DisplayName, DateTime.UtcNow, user.Id);
newKey = await _persistence.CustomerAuthentications.CreateAsync(newKey);
// TODO - log creation to the audit log
return(Ok(newKey));
}
