public int GenerateToken(TokenRequestObject tokenRequestObject)
{
var tokenToInsert = new AuthTokens
{
ApiEndpointNameLookupId = tokenRequestObject.ApiEndpoint,
ApiLookupId = tokenRequestObject.ApiName,
HttpMethodType = tokenRequestObject.HttpMethodType.ToUpper(CultureInfo.InvariantCulture),
ConsumerName = tokenRequestObject.Consumer,
ConsumerTypeLookupId = tokenRequestObject.ConsumerType,
Environment = tokenRequestObject.Environment,
AuthorizedBy = tokenRequestObject.AuthorizedBy,
RequestedBy = tokenRequestObject.RequestedBy,
DateCreated = DateTime.Now,
ExpirationDate = tokenRequestObject.ExpiresAt,
Enabled = true
};
try
{
_databaseContext.Tokens.Add(tokenToInsert);
_databaseContext.SaveChanges();
}
catch (DbUpdateException ex)
{
//23503 error code = foreign_key_violation
if (ex.InnerException.GetType() == typeof(Npgsql.PostgresException) && (((Npgsql.PostgresException)ex.InnerException).SqlState == "23503"))
{
throw new LookupValueDoesNotExistException(ex.InnerException.Message);
}
}
return(tokenToInsert.Id);
}
public static GenerateJwtRequest ToJwtRequest(TokenRequestObject tokenRequestObject, int id)
{
return(new GenerateJwtRequest
{
ConsumerName = tokenRequestObject.Consumer,
ConsumerType = tokenRequestObject.ConsumerType,
ExpiresAt = tokenRequestObject.ExpiresAt,
Id = id
});
}
public async Task Return400IfRequestParametersAreMissing()
{
var request = new TokenRequestObject()
{
ApiEndpoint = 1,
ApiName = 2,
Consumer = "test"
};
var url = new Uri($"/api/v1/tokens", UriKind.Relative);
var content = new StringContent(JsonConvert.SerializeObject(request), Encoding.UTF8, "application/json");
var response = await Client.PostAsync(url, content).ConfigureAwait(true);
content.Dispose();
response.StatusCode.Should().Be(400);
}
public void CanMapInputToJwtRequestObject()
{
var tokenRequest = new TokenRequestObject
{
Consumer = _faker.Random.String(),
ConsumerType = _faker.Random.Int(5),
ExpiresAt = _faker.Date.Future()
};
var id = _faker.Random.Number(0, 20);
var factoryResponse = GenerateJwtFactory.ToJwtRequest(tokenRequest, id);
factoryResponse.Id.Should().Be(id);
factoryResponse.ConsumerName.Should().Be(tokenRequest.Consumer);
factoryResponse.ConsumerType.Should().Be(tokenRequest.ConsumerType);
factoryResponse.ExpiresAt.Should().Be(tokenRequest.ExpiresAt);
}
public IActionResult GenerateToken([FromBody] TokenRequestObject tokenRequest)
{
try
{
var response = _postTokenUseCase.Execute(tokenRequest);
return(CreatedAtAction("GetToken", new { id = response.Id }, response));
}
catch (TokenNotInsertedException)
{
return(StatusCode(500, "There was a problem inserting the token data into the database."));
}
catch (JwtTokenNotGeneratedException)
{
return(StatusCode(500, "There was a problem generating a JWT token"));
}
catch (LookupValueDoesNotExistException ex)
{
return(StatusCode(400, $"One or more of the lookup ids provided is incorrect - {ex.Message}"));
}
}
public async Task CanGenerateAnAuthTokenAsync()
{
var(apiLookup, apiEndpointLookup, consumerTypeLookup) = AddLookupsToDatabase();
var tokenRequest = new TokenRequestObject
{
Consumer = _faker.Random.AlphaNumeric(10),
ConsumerType = consumerTypeLookup.Id,
ExpiresAt = _faker.Date.Future(),
ApiEndpoint = apiEndpointLookup.Id,
ApiName = apiLookup.Id,
HttpMethodType = "GET",
AuthorizedBy = _faker.Person.Email,
Environment = _faker.Random.AlphaNumeric(5),
RequestedBy = _faker.Person.Email
};
Environment.SetEnvironmentVariable("jwtSecret", _faker.Random.String());
var jwtSecret = Environment.GetEnvironmentVariable("jwtSecret");
var url = new Uri($"/api/v1/tokens", UriKind.Relative);
var content = new StringContent(JsonConvert.SerializeObject(tokenRequest), Encoding.UTF8, "application/json");
var response = await Client.PostAsync(url, content).ConfigureAwait(true);
content.Dispose();
var data = await response.Content.ReadAsStringAsync().ConfigureAwait(true);
var apiResponse = JsonConvert.DeserializeObject <GenerateTokenResponse>(data);
var claimsDecrypted = ValidateJwtTokenHelper.GetJwtClaims(apiResponse.Token, jwtSecret);
response.StatusCode.Should().Be(201);
claimsDecrypted.Find(x => x.Type == "id").Value.Should().Be(apiResponse.Id.ToString(CultureInfo.InvariantCulture));
claimsDecrypted.Find(x => x.Type == "consumerName").Value.Should().Be(tokenRequest.Consumer);
claimsDecrypted.Find(x => x.Type == "consumerType").Value.Should()
.Be(tokenRequest.ConsumerType.ToString(CultureInfo.InvariantCulture));
apiResponse.Should().BeOfType <GenerateTokenResponse>();
apiResponse.GeneratedAt.Date.Should().Be(DateTime.Now.Date);
apiResponse.ExpiresAt.Value.Should().BeSameDateAs(tokenRequest.ExpiresAt.Value);
}
public async Task Return400IfHttpMethodTypeSuppliedIsInvalid()
{
var tokenRequest = new TokenRequestObject
{
Consumer = _faker.Random.AlphaNumeric(10),
ConsumerType = _faker.Random.Int(5),
ApiEndpoint = _faker.Random.Int(0, 10),
ApiName = _faker.Random.Int(0, 10),
HttpMethodType = "TEST",
AuthorizedBy = _faker.Person.Email,
Environment = _faker.Random.AlphaNumeric(5),
RequestedBy = _faker.Person.Email
};
var url = new Uri($"/api/v1/tokens", UriKind.Relative);
var content = new StringContent(JsonConvert.SerializeObject(tokenRequest), Encoding.UTF8, "application/json");
var response = await Client.PostAsync(url, content).ConfigureAwait(true);
content.Dispose();
response.StatusCode.Should().Be(400);
}
public GenerateTokenResponse Execute(TokenRequestObject tokenRequest)
{
var tokenId = _gateway.GenerateToken(tokenRequest);
if (tokenId != 0)
{
var jwtToken = _generateJwtUseCase.GenerateJwtToken(GenerateJwtFactory.ToJwtRequest(tokenRequest, tokenId));
if (!string.IsNullOrEmpty(jwtToken))
{
return(new GenerateTokenResponse
{
Id = tokenId,
Token = jwtToken,
ExpiresAt = tokenRequest.ExpiresAt,
GeneratedAt = DateTime.Now
});
}
//TODO add logic to revert inserted record or update inserted record to reflect that JWT has not been generated
throw new JwtTokenNotGeneratedException();
}
throw new TokenNotInsertedException();
}
public async Task Returns201IfAllRequestParametersButExpiresAtAreSupplied()
{
var(apiLookup, apiEndpointLookup, consumerTypeLookup) = AddLookupsToDatabase();
var tokenRequest = new TokenRequestObject
{
Consumer = _faker.Random.AlphaNumeric(10),
ConsumerType = consumerTypeLookup.Id,
ApiEndpoint = apiEndpointLookup.Id,
ApiName = apiLookup.Id,
HttpMethodType = "GET",
AuthorizedBy = _faker.Person.Email,
Environment = _faker.Random.AlphaNumeric(5),
RequestedBy = _faker.Person.Email
};
Environment.SetEnvironmentVariable("jwtSecret", _faker.Random.String());
var url = new Uri($"/api/v1/tokens", UriKind.Relative);
var content = new StringContent(JsonConvert.SerializeObject(tokenRequest), Encoding.UTF8, "application/json");
var response = await Client.PostAsync(url, content).ConfigureAwait(true);
content.Dispose();
response.StatusCode.Should().Be(201);
}
