public async Task GenerateResponse(HttpContext httpContext, int statusCode, string errorCode, string errorDescription)
{
var result = new UnauthorizedObjectResult(new ResponseModel()
{
Data = null,
StatusCode = statusCode.ToString(),
ErrorDetails = new List <ErrorModel>()
{
new ErrorModel()
{
Key = "",
Errors = new List <Error>()
{
new Error()
{
ErrorCode = errorCode,
ErrorDescription = errorDescription
}
}
}
}
});
httpContext.Response.ContentType = "application/json";
httpContext.Response.StatusCode = statusCode;
await httpContext.Response.WriteAsync(JsonConvert.SerializeObject(result.Value));
}
public async Task Login_ShouldReturnNotFoundResult_WhenCredentialsAreInvalid()
{
// Arrange
LoginBody credentials = new LoginBody
{
UserNameOrEmail = "myUsername",
Password = "******"
};
Mock <IMediator> mediatorMock = new Mock <IMediator>();
mediatorMock
.Setup(m => m.Send(It.IsAny <LoginCommand>(), It.IsAny <CancellationToken>()))
.ReturnsAsync((AuthenticatedUserResource)null);
MapperConfiguration mapperConfiguration = new MapperConfiguration(config =>
{
config.CreateMap <LoginBody, LoginCommand>();
});
IMapper mapperMock = mapperConfiguration.CreateMapper();
SessionController controller = new SessionController(mediatorMock.Object, mapperMock);
// Act
ActionResult <AuthenticatedUserResource> response = await controller.Login(credentials);
// Assert
UnauthorizedObjectResult result = Assert.IsType <UnauthorizedObjectResult>(response.Result);
ErrorResource error = Assert.IsType <ErrorResource>(result.Value);
Assert.Equal(StatusCodes.Status401Unauthorized, error.StatusCode);
}
public void OnException(ExceptionContext context)
{
if (context.Exception is AcmeException acmeException)
{
_logger.LogDebug($"Detected {acmeException.GetType()}. Converting to BadRequest.");
#if DEBUG
_logger.LogError(context.Exception, "AcmeException detected.");
#endif
ObjectResult result;
if (acmeException is ConflictRequestException)
{
result = new ConflictObjectResult(acmeException.GetHttpError());
}
else if (acmeException is NotAllowedException)
{
result = new UnauthorizedObjectResult(acmeException.GetHttpError());
}
else if (acmeException is NotFoundException)
{
result = new NotFoundObjectResult(acmeException.GetHttpError());
}
else
{
result = new BadRequestObjectResult(acmeException.GetHttpError());
}
result.ContentTypes.Add("application/problem+json");
context.Result = result;
}
}
public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
context.RouteData.Values.TryGetValue("battleTag", out var battleTag);
var queryString = HttpUtility.ParseQueryString(context.HttpContext.Request.QueryString.Value);
if (queryString.AllKeys.Contains("authorization"))
{
var auth = queryString["authorization"];
var res = await _authService.GetUserByToken(auth);
var btagString = battleTag?.ToString();
if (
res != null &&
!string.IsNullOrEmpty(btagString) &&
btagString.Equals(res.BattleTag))
{
context.ActionArguments["battleTag"] = res.BattleTag;
await next.Invoke();
}
}
var unauthorizedResult = new UnauthorizedObjectResult(new ErrorResult("Sorry H4ckerb0i"));
context.Result = unauthorizedResult;
}
public async Task <ActionResult <UserDto> > Login(LoginDto loginDto)
{
var user = await _context.Users.SingleOrDefaultAsync(x => x.UserName == loginDto.Username);
if (user == null)
{
var result = new UnauthorizedObjectResult("Invalid username");
return(result);
}
using var hmac = new HMACSHA512(user.PasswordSalt);
var computedHash = hmac.ComputeHash(Encoding.UTF8.GetBytes(loginDto.Password));
for (int i = 0; i < computedHash.Length; i++)
{
if (computedHash[i] != user.PasswordHash[i])
{
var result = new UnauthorizedObjectResult("Invalid password");
return(result);
}
}
return(new UserDto
{
AppUserId = user.AppUserId,
Username = user.UserName,
Token = _tokenService.CreateToken(user)
});
}
private bool reqFromSimulator(out UnauthorizedObjectResult result)
{
Request.Headers.TryGetValue("Authorization", out var authToken);
if (authToken == "Basic c2ltdWxhdG9yOnN1cGVyX3NhZmUh")
{
result = null;
return(true);
}
logger.LogWarning("SIMULATION: Non-simulator request to simulation api");
result = Unauthorized("You are not authorized to use this resource!");
return(false);
}
public void Get_NotLoggedIn_ReturnsUnauthorized()
{
var loginRepo = new MockLoginRepository();
var userRepo = new MockUserRepository();
var contactRepo = new Mock <IContactRepository>();
ContactsController controller = new ContactsController(contactRepo.Object, userRepo, loginRepo);
Guid key = Guid.NewGuid();
IActionResult result = controller.Get(Auth.Get(key));
UnauthorizedObjectResult unauth = result as UnauthorizedObjectResult;
Assert.IsNotNull(unauth, "Result is not unauthorized");
Assert.IsNotNull(unauth.Value);
Assert.IsTrue(unauth.Value is ErrorResponse);
Assert.IsTrue(!string.IsNullOrEmpty((unauth.Value as ErrorResponse).Message));
}
public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
var queryString = HttpUtility.ParseQueryString(context.HttpContext.Request.QueryString.Value);
if (queryString.AllKeys.Contains("authorization"))
{
var auth = queryString["authorization"];
var res = await _authService.GetUserByToken(auth);
var actingPlayerContent = context.ActionDescriptor.Parameters.FirstOrDefault(a => a.Name == "actingPlayer");
if (actingPlayerContent != null)
{
context.ActionArguments["actingPlayer"] = res.BattleTag;
await next.Invoke();
}
}
var unauthorizedResult = new UnauthorizedObjectResult(new ErrorResult("Sorry H4ckerb0i"));
context.Result = unauthorizedResult;
}
public async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
var queryString = HttpUtility.ParseQueryString(context.HttpContext.Request.QueryString.Value);
if (queryString.AllKeys.Contains("authorization"))
{
var auth = queryString["authorization"];
var res = await _blizzardAuthenticationService.GetUser(auth);
if (
res != null &&
!string.IsNullOrEmpty(res.battletag) &&
Constants.ApprovedAdmins.Any(x => x.ToLower() == res.battletag.ToLower()))
{
context.ActionArguments["battleTag"] = res.battletag;
await next.Invoke();
}
}
var unauthorizedResult = new UnauthorizedObjectResult(new ErrorResult("Sorry H4ckerb0i"));
context.Result = unauthorizedResult;
}
public async Task RedditCallback_WhenCalledWithError_ReturnsUnauthorizedObjectResult()
{
string code = Guid.NewGuid().ToString("D");
string state = Guid.NewGuid().ToString("D");
string error = Guid.NewGuid().ToString("D");
OSDevGrp.MyDashboard.Web.Controllers.HomeController sut = CreateSut();
IActionResult result = await sut.RedditCallback(code, state, error);
Assert.IsNotNull(result);
Assert.IsInstanceOfType(result, typeof(UnauthorizedObjectResult));
UnauthorizedObjectResult unauthorizedObjectResult = (UnauthorizedObjectResult)result;
Assert.IsNotNull(unauthorizedObjectResult);
Assert.IsInstanceOfType(unauthorizedObjectResult.Value, typeof(string));
string value = (string)unauthorizedObjectResult.Value;
Assert.IsNotNull(value);
Assert.AreEqual($"Unable to get the access token from Reddit: {error}", value);
}
public override void OnException(ExceptionContext context)
{
var exception = context.Exception;
IActionResult result = null;
switch (exception)
{
case AppException ex:
result = new BadRequestObjectResult(ex.Message);
break;
case UnauthorizedAccessException ex:
result = new UnauthorizedObjectResult(ex.Message);
break;
case NotFoundException ex:
result = new NotFoundObjectResult(ex.Message);
break;
default:
_logger.LogError(exception, exception.Message);
if (_env.IsDevelopment())
{
throw exception;
}
result = new ObjectResult("An unhandled server error has occurred.")
{
StatusCode = StatusCodes.Status500InternalServerError
};
break;
}
context.Result = result;
context.ExceptionHandled = true;
}
/// <summary>
/// Creates an <see cref="IActionResult"/> from a <see cref="HttpResponseMessage"/>.
/// </summary>
/// <param name="message">The <see cref="HttpResponseMessage"/> to convert.</param>
/// <param name="location">The location of the created resource. This location is used only when a <see cref="HttpStatusCode.Created"/> is handled.</param>
/// <param name="authenticationSchemes">The authentication schemes to challenge. This location is used only when a <see cref="HttpStatusCode.Forbidden"/> is handled.</param>
/// <param name="authenticationProperties"><see cref="AuthenticationProperties"/> used to perform the authentication challenge. This location is used only when a <see cref="HttpStatusCode.Forbidden"/> is handled.</param>
/// <param name="objectResultTypeIfNotSupported">The type of the <see cref="ObjectResult"/> to convert to if the <see cref="HttpResponseMessage.StatusCode"/> of the specified <paramref name="message"/> if not managed.</param>
/// <returns>
/// An <see cref="IActionResult"/>:
/// - containing the stringified <see cref="HttpResponseMessage.Content"/> of the specified <paramref name="message"/>.<para/>
/// - having its <see cref="IActionResult.StatusCode"/> property set to the <see cref="HttpResponseMessage.StatusCode"/> of the specified <paramref name="message"/>.
/// </returns>
/// <remarks>
/// Only the following status codes are managed:<para/>
/// - HttpStatusCode.BadGateway<para/>
/// - HttpStatusCode.BadRequest<para/>
/// - HttpStatusCode.Conflict<para/>
/// - HttpStatusCode.OK<para/>
/// - HttpStatusCode.NotFound<para/>
/// - HttpStatusCode.Unauthorized<para/>
/// - HttpStatusCode.Created<para/>
/// - HttpStatusCode.NoContent<para/>
/// - HttpStatusCode.Forbidden<para/>
/// - UnprocessableEntity (422)
/// </remarks>
public static async Task <IActionResult> ToActionResultAsync(this HttpResponseMessage message,
List <string>?authenticationSchemes = null,
Microsoft.AspNetCore.Authentication.AuthenticationProperties?authenticationProperties = null,
Uri?location = null,
Type?objectResultTypeIfNotSupported = null)
{
if (message == null)
{
throw new ArgumentNullException(nameof(message));
}
var messageContent = await message.Content.ReadAsStringAsync();
ObjectResult?resultingObjectResult;
switch (message.StatusCode)
{
case HttpStatusCode.OK:
resultingObjectResult = new OkObjectResult(messageContent);
break;
case HttpStatusCode.Created:
resultingObjectResult = new CreatedResult(location, messageContent);
break;
case HttpStatusCode.NotFound:
resultingObjectResult = new NotFoundObjectResult(messageContent);
break;
case HttpStatusCode.BadRequest:
resultingObjectResult = new BadRequestObjectResult(messageContent);
break;
case HttpStatusCode.Unauthorized:
resultingObjectResult = new UnauthorizedObjectResult(messageContent);
break;
case HttpStatusCode.BadGateway:
resultingObjectResult = new BadRequestObjectResult(messageContent);
break;
case HttpStatusCode.Conflict:
resultingObjectResult = new ConflictObjectResult(messageContent);
break;
case HttpStatusCode.NoContent:
return(new NoContentResult());
case HttpStatusCode.Forbidden:
return(new ForbidResult(authenticationSchemes, authenticationProperties));
case HttpStatusCode.InternalServerError:
return(new StatusCodeResult((int)HttpStatusCode.InternalServerError));
default:
if ((int)message.StatusCode == 422)
{
resultingObjectResult = new UnprocessableEntityObjectResult(messageContent);
}
else
{
objectResultTypeIfNotSupported ??= typeof(OkObjectResult);
resultingObjectResult = Activator.CreateInstance(objectResultTypeIfNotSupported) as ObjectResult;
if (resultingObjectResult == null)
{
throw new InvalidOperationException($"Can not create an instance of the given type {objectResultTypeIfNotSupported}. Should be an {nameof(ObjectResult)}");
}
resultingObjectResult.Value = messageContent;
}
break;
}
resultingObjectResult.StatusCode = (int)message.StatusCode;
return(resultingObjectResult);
}
