/// <summary>
/// Check user authorization by calling a database stored-procedure
/// </summary>
/// <param name="dbCTX">Default ORM</param>
/// <param name="data"></param>
/// <returns></returns>
public static bool IsUserAccessToAPI(Database.IDatabaseContext dbCTX,
Models.Database.StoredProcedures.SP_User_AccessToAPI.Inputs data)
{
if (dbCTX == null)
{
throw new ArgumentNullException("In IsUserAccessToAPI the dbCTX could not be null.");
}
if (data == null)
{
throw new ArgumentNullException("In IsUserAccessToAPI the data could not be null.");
}
//Calling sp
var rst = dbCTX.SP_User_AccessToAPI(data);
//Check result
if (rst == null || rst.StatusCode != 200 || !string.IsNullOrEmpty(rst.ErrorMessage) || rst.Data == null)
{
return(false);
}
if (!(rst.Data is Models.Database.StoredProcedures.SP_User_AccessToAPI.Outputs))
{
return(false);
}
var result = rst.Data as Models.Database.StoredProcedures.SP_User_AccessToAPI.Outputs;
return(result.Result);
}
public void SP_User_AccessToAPI_WhenPassingEmptyAPIAddressOrEmptyToken_ThrowsArgumentNullException(string token, string apiAddress)
{
var inputs = new Models.Database.StoredProcedures.SP_User_AccessToAPI.Inputs()
{
Token = token,
APIAddress = apiAddress
};
Assert.That(() => _dbCTX.SP_User_AccessToAPI(inputs),
Throws.ArgumentNullException);
}
public void SP_User_AccessToAPI_WhenPassingValidData_ItRunsCallMethod()
{
var inputs = new Models.Database.StoredProcedures.SP_User_AccessToAPI.Inputs()
{
Token = "TokenValue",
APIAddress = "http://Domain.com/api"
};
var sp = new Mock <Models.Database.ISP <Models.Database.StoredProcedures.SP_User_AccessToAPI.Inputs> >();
_dbCTX.SP_User_AccessToAPI(inputs, sp.Object);
sp.Verify(s => s.Call(inputs));
}
public void SP_User_AccessToAPI_WhenPassingValidData_ItReturnDBResult()
{
var inputs = new Models.Database.StoredProcedures.SP_User_AccessToAPI.Inputs()
{
Token = "TokenValue",
APIAddress = "http://Domain.com/api"
};
var sp = new Mock <Models.Database.ISP <Models.Database.StoredProcedures.SP_User_AccessToAPI.Inputs> >();
sp.Setup(s => s.Call(inputs)).Returns(new Models.Database.DBResult());
var result = _dbCTX.SP_User_AccessToAPI(inputs, sp.Object);
Assert.That(result, Is.Not.Null);
Assert.That(result, Is.TypeOf(typeof(Models.Database.DBResult)));
}
/// <summary>
/// Check user authorization for the new request
/// </summary>
/// <param name="context"></param>
/// <returns></returns>
private bool IsAccessToCurrentRequest(AuthorizationFilterContext context)
{
var data = new Models.Database.StoredProcedures.SP_User_AccessToAPI.Inputs()
{
Token = context.HttpContext.User.GetToken(),
APIAddress = _apiAddress
};
//Get default ORM
var dbCTX = context.HttpContext.RequestServices.GetService(typeof(FTSS.Logic.Database.IDatabaseContext))
as FTSS.Logic.Database.IDatabaseContext;
//Check user authorization
var rst = Logic.Security.Common.IsUserAccessToAPI(dbCTX, data);
return(rst);
}
public void Setup()
{
_key = "A simple key for generating JWT and test the common class.";
_issuer = "http://FTSS.com";
_expireDate = System.DateTime.Now.AddDays(1);
_claims = new System.Security.Claims.Claim[]
{
new System.Security.Claims.Claim("Key1", "value1"),
new System.Security.Claims.Claim("Key2", "value2"),
};
_ctx = new Mock <Logic.Database.IDatabaseContext>();
_data = new Models.Database.StoredProcedures.SP_User_AccessToAPI.Inputs()
{
APIAddress = "http://FTSS.com/api",
Token = "DatabaseToken"
};
}
public DBResult SP_User_AccessToAPI(Models.Database.StoredProcedures.SP_User_AccessToAPI.Inputs inputs,
ISP <Models.Database.StoredProcedures.SP_User_AccessToAPI.Inputs> sp = null)
{
if (inputs == null)
{
throw new ArgumentNullException("Invalid inputs data.");
}
if (string.IsNullOrEmpty(inputs.Token) || string.IsNullOrEmpty(inputs.APIAddress))
{
throw new ArgumentNullException("Token and APIAddress could not be empty.");
}
if (sp == null)
{
sp = new FTSS.DP.DapperORM.StoredProcedure.SP_User_AccessToAPI(GetConnectionString());
}
var rst = sp.Call(inputs);
return(rst);
}
