public void IfAllParametersMatchShouldReturnTrue() { var tokenData = GenerateTokenData(_request, _apiName); var result = VerifyAccessHelper.ShouldHaveAccessServiceFlow(_request, tokenData, _apiName); result.Should().BeTrue(); }
public void IfTokenExpirationDateIsNullShouldReturnTrue() { var tokenData = GenerateTokenData(_request, _apiName); var result = VerifyAccessHelper.ShouldHaveAccessServiceFlow(_request, tokenData, _apiName); result.Should().BeTrue(); }
public AccessDetails ExecuteUserAuth(AuthorizerRequest authorizerRequest) { LambdaLogger.Log("Begins user auth flow"); var validTokenClaims = ValidateTokenHelper.ValidateToken(authorizerRequest.Token, Environment.GetEnvironmentVariable("hackneyUserAuthTokenJwtSecret")); if (validTokenClaims == null || validTokenClaims.Count == 0) { return(ReturnNotAuthorised(authorizerRequest)); } var user = new HackneyUser(); user.Groups = validTokenClaims.Where(x => x.Type == "groups").Select(y => y.Value).ToList(); user.Email = validTokenClaims.Find(x => x.Type == "email").Value; //get STS credentials and pass them to API gateway var credentials = _awsStsGateway.GetTemporaryCredentials(authorizerRequest.AwsAccountId).Credentials; //get API name var apiName = _awsApiGateway.GetApiName(authorizerRequest.ApiAwsId, credentials); LambdaLogger.Log($"API name retrieved - {apiName}"); //check if API is in the DynamoDB var apiDataInDb = _dynamoDbGateway.GetAPIDataByNameAndEnvironmentAsync(apiName, authorizerRequest.Environment); return(new AccessDetails { Allow = VerifyAccessHelper.ShouldHaveAccessUserFlow(user, authorizerRequest, apiDataInDb, apiName), User = validTokenClaims.Find(x => x.Type == "email").Value }); }
public AccessDetails ExecuteServiceAuth(AuthorizerRequest authorizerRequest) { LambdaLogger.Log("Begins service auth flow"); var validTokenClaims = ValidateTokenHelper.ValidateToken(authorizerRequest.Token, Environment.GetEnvironmentVariable("jwtSecret")); if (validTokenClaims == null || validTokenClaims.Count == 0) { return(ReturnNotAuthorised(authorizerRequest)); } var tokenId = validTokenClaims.Find(x => x.Type == "id").Value; if (!int.TryParse(tokenId, out int id)) { return(ReturnNotAuthorised(authorizerRequest)); } var tokenData = _databaseGateway.GetTokenData(id); var credentials = _awsStsGateway.GetTemporaryCredentials(authorizerRequest.AwsAccountId).Credentials; var apiName = _awsApiGateway.GetApiName(authorizerRequest.ApiAwsId, credentials); LambdaLogger.Log($"API name retrieved - {apiName}"); return(new AccessDetails { Allow = VerifyAccessHelper.ShouldHaveAccessServiceFlow(authorizerRequest, tokenData, apiName), User = $"{tokenData.ConsumerName}{tokenData.Id}" }); }
public void IfApiNametInRequestDoesNotMatchDatabaseRecordShouldReturnFalse() { var apiName = _faker.Random.Word(); var tokenData = GenerateTokenData(_request, _faker.Random.Word()); var result = VerifyAccessHelper.ShouldHaveAccessServiceFlow(_request, tokenData, apiName); result.Should().BeFalse(); }
public void IfHttpMethodTypetInRequestDoesNotMatchDatabaseRecordShouldReturnFalse() { var tokenData = GenerateTokenData(_request, _apiName); tokenData.HttpMethodType = _faker.Random.AlphaNumeric(6); var result = VerifyAccessHelper.ShouldHaveAccessServiceFlow(_request, tokenData, _apiName); result.Should().BeFalse(); }
public void IfTokenExpirationDateHasPassedShouldReturnFalse() { var tokenData = GenerateTokenData(_request, _apiName); tokenData.ExpirationDate = _faker.Date.Past(); var result = VerifyAccessHelper.ShouldHaveAccessServiceFlow(_request, tokenData, _apiName); result.Should().BeFalse(); }
public void IfTokenIsNotValidShouldHaveAccessIsFalse() { var tokenData = GenerateTokenData(_request, _apiName); tokenData.Enabled = false; var result = VerifyAccessHelper.ShouldHaveAccessServiceFlow(_request, tokenData, _apiName); result.Should().BeFalse(); }
public void IfGroupsInDbDoMatchUserGroupsShouldReturnTrue() { var allowedGroups = new List <string> { _faker.Random.Word(), _faker.Random.Word() }; var userGroups = allowedGroups; var dbData = GenerateTokenDataUserFlow(_request, _apiName, allowedGroups); var hackneyUser = new HackneyUser() { Groups = userGroups }; var result = VerifyAccessHelper.ShouldHaveAccessUserFlow(hackneyUser, _request, dbData, _apiName); result.Should().BeTrue(); }
public void IfAWSAccounttInRequestDoesNotMatchAWSAccountInDbShouldReturnFalse() { var allowedGroups = new List <string> { _faker.Random.Word(), _faker.Random.Word() }; var userGroups = allowedGroups; var dbData = GenerateTokenDataUserFlow(_request, _apiName, allowedGroups); dbData.AwsAccount = _faker.Random.Word(); var hackneyUser = new HackneyUser() { Groups = userGroups }; var result = VerifyAccessHelper.ShouldHaveAccessUserFlow(hackneyUser, _request, dbData, _apiName); result.Should().BeFalse(); }