/// <summary>
/// Check that result of post session is Created (201), and that the user handle returned is matches
/// the one passed found in the UserPrincipal.
/// </summary>
/// <param name="actionResultPostUser">result of create session operation</param>
public void CheckPostSessionResult201(IHttpActionResult actionResultPostUser)
{
// Check that create user worked
Assert.IsInstanceOfType(actionResultPostUser, typeof(CreatedNegotiatedContentResult <PostSessionResponse>));
PostSessionResponse postSessionResponse = (actionResultPostUser as CreatedNegotiatedContentResult <PostSessionResponse>).Content;
if (this.UserPrincipal.UserHandle != null)
{
Assert.AreEqual(this.UserPrincipal.UserHandle, postSessionResponse.UserHandle);
}
}
public async Task <IHttpActionResult> PostSession([FromBody] PostSessionRequest request)
{
string className = "SessionsController";
string methodName = "PostSession";
string logEntry = $"SessionUserHandle = {request?.UserHandle}";
this.LogControllerStart(this.log, className, methodName, logEntry);
// Check whether user handle is null
if (this.UserHandle == null)
{
this.log.LogError("Unauthorized because PostSession called without a user handle");
return(this.Unauthorized(ResponseStrings.GenericUnauthorizedError));
}
// The auth's user principal must have the same user handle as the one in PostSession request
if (this.UserHandle != request.UserHandle)
{
this.log.LogError(string.Format("Unauthorized because one user handle called PostSession on behalf of another user handle. Auth's UserHandle: {0}, Request's UserHandle: {1}", this.User, request.UserHandle));
return(this.Unauthorized(ResponseStrings.UserUnauthorized));
}
// Is user handle registered with this app?
var userProfileEntity = await this.usersManager.ReadUserProfile(this.UserHandle, this.AppHandle);
if (userProfileEntity == null)
{
this.log.LogError(string.Format("No user profile found for this app. UserHandle: {0}, AppHandle {1}", this.UserHandle, this.AppHandle));
return(this.NotFound(ResponseStrings.UserNotFound));
}
// Generate session token
string sessionToken = await this.tokenManager.CreateToken(this.AppPrincipal, this.UserPrincipal, this.sessionTokenDuration);
PostSessionResponse response = new PostSessionResponse()
{
UserHandle = this.UserHandle,
SessionToken = sessionToken
};
// Log user session start to app metrics
this.applicationMetrics.AddActiveUser();
this.LogControllerEnd(this.log, className, methodName, logEntry);
return(this.Created <PostSessionResponse>(this.UserHandle, response));
}
