private async Task RevokeCredential(Credential credential, CredentialRevocationSource revocationSourceKey, bool commitChanges)
{
credential.Expires = _dateTimeProvider.UtcNow;
credential.RevocationSourceKey = revocationSourceKey;
if (commitChanges)
{
await Entities.SaveChangesAsync();
}
}
public async Task RevokeApiKeyCredential(Credential apiKeyCredential, CredentialRevocationSource revocationSourceKey, bool commitChanges = true)
{
if (apiKeyCredential == null)
{
throw new ArgumentNullException(nameof(apiKeyCredential));
}
if (!IsActiveApiKeyCredential(apiKeyCredential))
{
// Revoking not active API key credential is not allowed.
throw new InvalidOperationException(string.Format(
CultureInfo.CurrentCulture,
ServicesStrings.RevokeCredential_UnrevocableApiKeyCredential,
apiKeyCredential.Key));
}
await Auditing.SaveAuditRecordAsync(
new UserAuditRecord(user : apiKeyCredential.User,
action : AuditedUserAction.RevokeCredential,
affected : apiKeyCredential,
revocationSource : Enum.GetName(typeof(CredentialRevocationSource), revocationSourceKey)));
await RevokeCredential(apiKeyCredential, revocationSourceKey, commitChanges);
}
public void GivenRevocableApiKey_ItReturnsResultWithApiKeyViewModel(string apiKeyType, CredentialRevocationSource revocationSourceKey, string leakedUrl)
{
// Arrange
var revocationSource = Enum.GetName(typeof(CredentialRevocationSource), revocationSourceKey);
var verifyQuery = "{\"ApiKey\":\"apiKey1\",\"LeakedUrl\":\"" + leakedUrl + "\",\"RevocationSource\":\"" + revocationSource + "\"}";
_authenticationService.Setup(x => x.GetApiKeyCredential(It.IsAny <string>()))
.Returns(() => new Credential());
_authenticationService.Setup(x => x.DescribeCredential(It.IsAny <Credential>()))
.Returns(GetApiKeyCredentialViewModel(apiKeyType, null));
_authenticationService.Setup(x => x.IsActiveApiKeyCredential(It.IsAny <Credential>()))
.Returns(true);
var apiKeysController = GetController <ApiKeysController>();
// Act
var result = apiKeysController.Verify(verifyQuery);
// Assert
var jsonResult = Assert.IsType <JsonResult>(result);
Assert.Equal((int)HttpStatusCode.OK, apiKeysController.Response.StatusCode);
var apiKeyRevokeViewModels = Assert.IsType <List <ApiKeyRevokeViewModel> >(jsonResult.Data);
Assert.Equal(1, apiKeyRevokeViewModels.Count);
var apiKeyRevokeViewModel = Assert.IsType <ApiKeyRevokeViewModel>(apiKeyRevokeViewModels[0]);
Assert.Equal(apiKeyType, apiKeyRevokeViewModel.ApiKeyViewModel.Type);
Assert.Equal("apiKey1", apiKeyRevokeViewModel.ApiKey);
Assert.Equal(revocationSource, apiKeyRevokeViewModel.RevocationSource);
Assert.Equal(leakedUrl, apiKeyRevokeViewModel.LeakedUrl);
Assert.True(apiKeyRevokeViewModel.IsRevocable);
_authenticationService.Verify(x => x.GetApiKeyCredential(It.IsAny <string>()), Times.Once);
_authenticationService.Verify(x => x.DescribeCredential(It.IsAny <Credential>()), Times.Once);
_authenticationService.Verify(x => x.IsActiveApiKeyCredential(It.IsAny <Credential>()), Times.Once);
}
