private static Response CreateNegotiatedResponse(NancyContext context, IResponseNegotiator responseNegotiator, Exception exception, HttpServiceError defaultError)
{
HttpServiceError httpServiceError = ExtractFromException(exception, defaultError);
Negotiator negotiator = new Negotiator(context)
.WithServiceError(httpServiceError);
return(responseNegotiator.NegotiateResponse(negotiator, context));
}
private static Response CreateNegotiatedResponse(NancyContext context, IResponseNegotiator responseNegotiator, Exception exception)
{
HttpServiceError httpServiceError = HttpServiceErrorUtilities.ExtractFromException(exception, HttpServiceErrorDefinition.GeneralError);
Negotiator negotiator = new Negotiator(context)
.WithHttpServiceError(httpServiceError);
return(responseNegotiator.NegotiateResponse(negotiator, context));
}
public static HttpServiceError ExtractFromException(Exception exception, HttpServiceError defaultValue)
{
var result = defaultValue;
if (exception != null)
{
var exceptionWithServiceError = exception as IHasHttpServiceError;
if (exceptionWithServiceError != null)
{
result = exceptionWithServiceError.HttpServiceError;
}
}
return(result);
}
private static HttpServiceError ExtractFromException(Exception exception, HttpServiceError defaultValue) => (exception as HttpServiceErrorException)?.HttpServiceError ?? defaultValue;
private static Response HandleException(NancyContext context, Exception exception, IResponseNegotiator responseNegotiator, HttpServiceError defaultError)
{
LogException(context, exception);
return(CreateNegotiatedResponse(context, responseNegotiator, exception, defaultError));
}
public static void Enable(IPipelines pipelines, IResponseNegotiator responseNegotiator, HttpServiceError defaultError)
{
if (pipelines == null)
{
throw new ArgumentNullException(nameof(pipelines));
}
if (responseNegotiator == null)
{
throw new ArgumentNullException(nameof(responseNegotiator));
}
if (defaultError == null)
{
throw new ArgumentNullException(nameof(defaultError));
}
pipelines.OnError += (context, exception) => HandleException(context, exception, responseNegotiator, defaultError);
}
public static Negotiator WithHttpServiceError(this Negotiator neogiator, HttpServiceError error)
{
return(neogiator
.WithStatusCode(error.HttpStatusCode)
.WithModel(error.ServiceErrorModel));
}
public static HttpResponse WithError(this HttpResponse response, HttpServiceError error)
{
response.WithStatusCode(error.HttpStatusCode);
response.WithModel(error.ServiceErrorModel);
return(response);
}
public HttpServiceErrorException(HttpServiceError serviceError)
: base()
{
this.HttpServiceError = serviceError;
}
public HttpServiceErrorException(HttpServiceError serviceError, string message, Exception innerException)
: base(message, innerException)
{
this.HttpServiceError = serviceError;
}
public override Task GrantResourceOwnerCredentials(OAuthGrantResourceOwnerCredentialsContext context)
{
//Validate user name and password here
var container = context.OwinContext.GetAutofacLifetimeScope();
var transactionFactory = container.Resolve <ITransactionFactory>();
var membershipService = container.Resolve <IAuthorizationService>();
var options = new JsonSerializerSettings()
{
ContractResolver = new CamelCasePropertyNamesContractResolver()
};
options.Converters.Insert(0, new HttpServiceErrorConverter());
var client = context.OwinContext.Get <ApplicationClientModel>("vabank:client");
if (client != null)
{
var appClientIdentity = new ClaimsIdentity(context.Options.AuthenticationType);
appClientIdentity.AddClaim(new Claim(ClaimModel.Types.ClientId, client.Id));
Thread.CurrentPrincipal = new ClaimsPrincipal(appClientIdentity);
}
var loginCommand = new LoginCommand {
Login = context.UserName, Password = context.Password
};
UserIdentityModel user = null;
var transaction = transactionFactory.BeginTransaction(IsolationLevel.ReadCommitted);
try
{
user = membershipService.Login(loginCommand);
transaction.Commit();
}
catch (ValidationException ex)
{
var error = new HttpServiceError(ex);
context.SetError("LoginValidationError", JsonConvert.SerializeObject(error, options));
transaction.Rollback();
return(Task.FromResult <object>(null));
}
catch (SecurityException ex)
{
transaction.Commit();
var errorJson = JsonConvert.SerializeObject(new HttpServiceError(ex), options);
context.SetError("LoginFailure", errorJson);
return(Task.FromResult <object>(null));
}
finally
{
transaction.Dispose();
}
if (user == null)
{
throw new InvalidOperationException("Service returned null for login command");
}
var identity = new ClaimsIdentity(context.Options.AuthenticationType);
foreach (var claimModel in user.Claims)
{
identity.AddClaim(new Claim(claimModel.Type, claimModel.Value));
}
identity.AddClaim(new Claim(ClaimModel.Types.ClientId, client.Id));
context.OwinContext.Set("vabank:user", user);
// Set CORS header
context.Response.Headers.Set("Access-Control-Allow-Origin", client.AllowedOrigin);
// Set state as validated and set cookie
context.Validated(identity);
var cookieIdentity = new ClaimsIdentity(identity.Claims, CookieAuthenticationDefaults.AuthenticationType);
context.Request.Context.Authentication.SignIn(cookieIdentity);
return(base.GrantResourceOwnerCredentials(context));
}
public static Negotiator WithServiceError(this Negotiator negotiator, HttpServiceError httpServiceError)
{
return(negotiator
.WithStatusCode(httpServiceError.HttpStatusCode)
.WithModel(httpServiceError.ServiceError));
}
private void Handle(ServiceException exception, HttpActionExecutedContext context)
{
var error = new HttpServiceError(exception, context.Request.IsLocal());
context.Response = context.Request.CreateErrorResponse(error.StatusCode, error.HttpError);
}
