public object Exec(RoutingModel route, ParamContainer helper)
{
if (route.auth_users.FirstOrDefault(f => f.Trim() == "*") == null)
{
ISessionProvider sessionProvider = helper.GetKey(CommonConst.CommonValue.PARAM_SESSION_PROVIDER);
IHttpContextProxy httpProxy = helper.GetKey(CommonConst.CommonValue.PARAM_HTTPREQUESTPROXY);
if (sessionProvider == null || httpProxy == null)
{
string error = "ActionExecuter.Exec sessionProvider is null or HttpContextProxy is null on ParamContainer";
_logger.Error(error);
throw new UnauthorizedAccessException(error);
}
var authToken = httpProxy.GetHeaders().FirstOrDefault(f => f.Key.ToLower() == "");
var sessionUser = sessionProvider.GetValue <UserModel>(CommonConst.CommonValue.SESSION_USER_KEY);
// add auth here.
if (sessionUser == null)
{
throw new UnauthorizedAccessException("No session user found");
}
if (!route.auth_users.Where(i => sessionUser.groups.Contains(i)).Any())
{
throw new UnauthorizedAccessException("Unauthorized");
}
return(Exec(route.ExecultAssembly, route.ExecuteType, route.ExecuteMethod, helper));
}
else
{
return(Exec(route.ExecultAssembly, route.ExecuteType, route.ExecuteMethod, helper));
}
}
public void Error(string message, Exception ex)
{
if (LogLevels.Contains("Error"))
{
JObject logData = null;
if (_httpContextProxy != null)
{
logData = new JObject()
{
["RequestBody"] = _httpContextProxy.GetRequestBody(),
["RequestUrl"] = _httpContextProxy.GetURIAbsolutePath(),
["RequestQueryString"] = _httpContextProxy.GetQueryString()
};
logData["RequestHeader"] = string.Join(";", _httpContextProxy.GetHeaders().Select(f => string.Format("{0}:{1}", f.Key, f.Value)));
}
Error(message, ex, logData);
}
}
private async Task BuildHeaders(Dictionary <string, string> headres, HttpRequestMessage request)
{
foreach (var header in _httpContextProxy.GetHeaders())
{
if (header.Key == CommonConst.CommonField.OAUTH_CLIENT_ID || header.Key == CommonConst.CommonField.OAUTH_CLIENT_SECRET)
{
request.Headers.Add(header.Key, header.Value);
}
}
if (headres != null)
{
foreach (var header in headres)
{
request.Headers.Add(header.Key, header.Value);
}
}
if (!request.Headers.Contains("Authorization"))
{
var accessToken = await _httpContextProxy.GetAccessTokenAync();
if (!string.IsNullOrEmpty(accessToken))
{
request.Headers.Add("Authorization", $"Bearer {accessToken}");
}
}
if (!request.Headers.Contains(CommonConst.CommonField.TRANSACTION_ID))
{
request.Headers.Add(CommonConst.CommonField.TRANSACTION_ID, _logger.TransactionId);
}
if (!request.Headers.Contains(CommonConst.CommonField.API_AUTH_TOKEN))
{
request.Headers.Add(CommonConst.CommonField.API_AUTH_TOKEN, CommonUtility.GetApiAuthKey());
}
if (!request.Headers.Contains(CommonConst.CommonValue.TENANT_KEY))
{
var orgkey = _httpContextProxy.GetHeader(CommonConst.CommonValue.TENANT_KEY);
if (string.IsNullOrEmpty(orgkey))
{
orgkey = _httpContextProxy.GetQueryString(CommonConst.CommonValue.TENANT_KEY);
}
request.Headers.Add(CommonConst.CommonValue.TENANT_KEY, orgkey);
}
}
public virtual Task ValidateAsync(ResourceOwnerPasswordValidationContext context)
{
var headers = _httpContextProxy.GetHeaders();
var user = _zNxtUserStore.FindByUsername(context.UserName);
if (user != null)
{
// var validate = _zNxtUserStore.ValidateCredentials(context.UserName, context.Password, null, null);
if (_appAuthTokenHandler.Validate(context.UserName, headers["token"]))
{
//set the result
context.Result = new GrantValidationResult(
subject: user.user_id.ToString(),
authenticationMethod: "custom"
// claims: GetUserClaims(user)
);
return(Task.FromResult(0));
}
}
context.Result = new GrantValidationResult(TokenRequestErrors.InvalidGrant, "Invalid username or password");
return(Task.FromResult(0));
}
