/// <summary> /// Check that result of post session is Created (201), and that the user handle returned is matches /// the one passed found in the UserPrincipal. /// </summary> /// <param name="actionResultPostUser">result of create session operation</param> public void CheckPostSessionResult201(IHttpActionResult actionResultPostUser) { // Check that create user worked Assert.IsInstanceOfType(actionResultPostUser, typeof(CreatedNegotiatedContentResult <PostSessionResponse>)); PostSessionResponse postSessionResponse = (actionResultPostUser as CreatedNegotiatedContentResult <PostSessionResponse>).Content; if (this.UserPrincipal.UserHandle != null) { Assert.AreEqual(this.UserPrincipal.UserHandle, postSessionResponse.UserHandle); } }
public async Task <IHttpActionResult> PostSession([FromBody] PostSessionRequest request) { string className = "SessionsController"; string methodName = "PostSession"; string logEntry = $"SessionUserHandle = {request?.UserHandle}"; this.LogControllerStart(this.log, className, methodName, logEntry); // Check whether user handle is null if (this.UserHandle == null) { this.log.LogError("Unauthorized because PostSession called without a user handle"); return(this.Unauthorized(ResponseStrings.GenericUnauthorizedError)); } // The auth's user principal must have the same user handle as the one in PostSession request if (this.UserHandle != request.UserHandle) { this.log.LogError(string.Format("Unauthorized because one user handle called PostSession on behalf of another user handle. Auth's UserHandle: {0}, Request's UserHandle: {1}", this.User, request.UserHandle)); return(this.Unauthorized(ResponseStrings.UserUnauthorized)); } // Is user handle registered with this app? var userProfileEntity = await this.usersManager.ReadUserProfile(this.UserHandle, this.AppHandle); if (userProfileEntity == null) { this.log.LogError(string.Format("No user profile found for this app. UserHandle: {0}, AppHandle {1}", this.UserHandle, this.AppHandle)); return(this.NotFound(ResponseStrings.UserNotFound)); } // Generate session token string sessionToken = await this.tokenManager.CreateToken(this.AppPrincipal, this.UserPrincipal, this.sessionTokenDuration); PostSessionResponse response = new PostSessionResponse() { UserHandle = this.UserHandle, SessionToken = sessionToken }; // Log user session start to app metrics this.applicationMetrics.AddActiveUser(); this.LogControllerEnd(this.log, className, methodName, logEntry); return(this.Created <PostSessionResponse>(this.UserHandle, response)); }