public static async Task <AuthenticationTicket> CreateTicket(HttpRequest request, ApiKeyAuthOptions options)
{
var apiKeyHeader = request.Headers["X-Api-Key"];
var signatureHeader = request.Headers["X-Api-Signature"];
if (apiKeyHeader.Count == 0 ||
signatureHeader.Count == 0)
{
return(null);
}
var apiKey = apiKeyHeader[0];
var claims = new List <Claim>()
{
new Claim(ClaimTypes.NameIdentifier, apiKey),
new Claim(ClaimTypes.Name, "ApiKey"),
new Claim(ClaimTypes.Role, CoderrRoles.System)
};
var identity = new ClaimsIdentity(claims, options.AuthenticationScheme);
var claimsPrincipal = new ClaimsPrincipal(identity);
using (var con = options.OpenDb())
{
using (var uow = new AdoNetUnitOfWork(con, false))
{
var repos = new ApiKeyRepository(uow);
ApiKey key;
try
{
key = await repos.GetByKeyAsync(apiKey);
}
catch (EntityNotFoundException)
{
return(null);
}
request.EnableRewind();
var buf = new byte[request.ContentLength ?? 0];
var bytesRead = await request.Body.ReadAsync(buf, 0, buf.Length);
request.Body.Position = 0;
if (!key.ValidateSignature(signatureHeader[0], buf))
{
return(null);
}
if (key.Claims != null)
{
identity.AddClaims(key.Claims);
}
uow.SaveChanges();
}
}
return(new AuthenticationTicket(claimsPrincipal, options.AuthenticationScheme));
}
public async Task should_be_able_to_Create_a_key_without_applications_mapped()
{
var cmd = new CreateApiKey("Mofo", Guid.NewGuid().ToString("N"), Guid.NewGuid().ToString("N"));
var sut = new CreateApiKeyHandler(_uow);
await sut.ExecuteAsync(cmd);
var repos = new ApiKeyRepository(_uow);
var generated = await repos.GetByKeyAsync(cmd.ApiKey);
generated.Should().NotBeNull();
generated.AllowedApplications.Should().BeEmpty();
}
public async Task Should_be_able_to_Create_a_key_without_applications_mapped()
{
var cmd = new CreateApiKey("Mofo", Guid.NewGuid().ToString("N"), Guid.NewGuid().ToString("N"));
var bus = Substitute.For <IEventBus>();
var sut = new CreateApiKeyHandler(_uow, bus);
await sut.ExecuteAsync(cmd);
var repos = new ApiKeyRepository(_uow);
var generated = await repos.GetByKeyAsync(cmd.ApiKey);
generated.Should().NotBeNull();
generated.Claims.Should().NotBeEmpty("because keys without appIds are universal");
}
public async Task Should_be_able_to_Create_key()
{
var cmd = new CreateApiKey("Mofo", Guid.NewGuid().ToString("N"), Guid.NewGuid().ToString("N"),
new[] { _applicationId });
var bus = Substitute.For <IEventBus>();
var sut = new CreateApiKeyHandler(_uow, bus);
await sut.ExecuteAsync(cmd);
var repos = new ApiKeyRepository(_uow);
var generated = await repos.GetByKeyAsync(cmd.ApiKey);
generated.Should().NotBeNull();
generated.Claims.First().Value.Should().BeEquivalentTo(_applicationId.ToString());
}
public async Task Should_be_able_to_Create_key()
{
var cmd = new CreateApiKey("Mofo", Guid.NewGuid().ToString("N"), Guid.NewGuid().ToString("N"),
new[] { _applicationId });
var bus = Substitute.For <IMessageBus>();
var ctx = Substitute.For <IMessageContext>();
using (var uow = CreateUnitOfWork())
{
var sut = new CreateApiKeyHandler(uow, bus);
await sut.HandleAsync(ctx, cmd);
var repos = new ApiKeyRepository(uow);
var generated = await repos.GetByKeyAsync(cmd.ApiKey);
generated.Should().NotBeNull();
generated.Claims.First().Value.Should().BeEquivalentTo(_applicationId.ToString());
uow.SaveChanges();
}
}
public async Task Should_be_able_to_Create_a_key_without_applications_mapped()
{
var cmd = new CreateApiKey("Mofo", Guid.NewGuid().ToString("N"), Guid.NewGuid().ToString("N"));
var bus = Substitute.For <IMessageBus>();
var ctx = Substitute.For <IMessageContext>();
using (var uow = CreateUnitOfWork())
{
var sut = new CreateApiKeyHandler(uow, bus);
await sut.HandleAsync(ctx, cmd);
var repos = new ApiKeyRepository(uow);
var generated = await repos.GetByKeyAsync(cmd.ApiKey);
generated.Should().NotBeNull();
generated.Claims.Should().NotBeEmpty("because keys without appIds are universal");
uow.SaveChanges();
}
}