public async Task <IActionResult> GetHasConfirmedSkills()
{
if (EnableAuthBypass())
{
return(Ok());
}
if (!User.Identity.IsAuthenticated)
{
return(new UnauthorizedResult());
}
UserProfile profile = User.GetUserProfile();
ApiResponse <User> apiResponse = await _usersApiClient.GetUserByUserId(profile.Id);
if (apiResponse.StatusCode == HttpStatusCode.OK && apiResponse.Content.HasConfirmedSkills)
{
CookieOptions option = new CookieOptions
{
Expires = DateTime.Now.AddDays(1),
Secure = true,
HttpOnly = true
};
Response.Cookies.Append(UserConstants.SkillsConfirmationCookieName, "true", option);
return(Ok());
}
else
{
return(StatusCode(204, "Could not verify that user has confirmed skills"));
}
}
public async Task InvokeAsync(HttpContext context)
{
if (context.User.Identity.IsAuthenticated)
{
bool haveCookieForConfirmedSkills = context.Request.Cookies.ContainsKey(UserConstants.SkillsConfirmationCookieName);
if (!haveCookieForConfirmedSkills && DoesRequestRequireSkills(context.Request))
{
IUsersApiClient usersApiClient = context.RequestServices.GetService <IUsersApiClient>();
UserProfile profile = context.User.GetUserProfile();
ApiResponse <User> apiResponse = await usersApiClient.GetUserByUserId(profile.Id);
if (apiResponse.StatusCode != HttpStatusCode.OK)
{
context.Response.StatusCode = (int)apiResponse.StatusCode;
context.Response.WriteAsync("Could not verify that user has confirmed skills").Wait();
return;
}
if (!apiResponse.Content.HasConfirmedSkills)
{
context.Response.StatusCode = 451;
context.Response.WriteAsync("User has not confirmed skills").Wait();
return;
}
CookieOptions option = new CookieOptions
{
Expires = DateTime.Now.AddDays(1),
Secure = true,
HttpOnly = true
};
context.Response.Cookies.Append(UserConstants.SkillsConfirmationCookieName, "true", option);
}
}
await _next(context);
}
public async Task InvokeAsync(HttpContext context)
{
bool hasConfirmedSkills = context.Request.Cookies.ContainsKey(UserConstants.SkillsConfirmationCookieName);
if (context.User.Identity.IsAuthenticated)
{
if (!hasConfirmedSkills && !context.Request.Path.Value.Contains("confirmSkills", StringComparison.InvariantCultureIgnoreCase))
{
IUsersApiClient usersApiClient = context.RequestServices.GetService <IUsersApiClient>();
UserProfile profile = context.User.GetUserProfile();
ApiResponse <User> apiResponse = await usersApiClient.GetUserByUserId(profile.Id);
if (apiResponse.StatusCode != HttpStatusCode.OK || !apiResponse.Content.HasConfirmedSkills)
{
context.Response.Redirect("/users/confirmskills", true);
}
}
}
await _next(context);
}