private async Task ValidationByCompany(int?companyId, string token) { if (!companyId.HasValue) { throw new ApplicationException($"{nameof(companyId)} is required for this role"); } var company = await _httpService.GetCompanyById(companyId.Value, token); if (company == null) { throw new ApplicationException($"Company with id: {companyId.Value.ToString()} is not exist"); } }
public async Task <TokenResponse> AuthorizeAsync(UserAuthorizeOptions options) { options.Username = options.Username.ToLower(); var user = await _userService.GetUserBy(u => u.SignInNames.Any(n => n.Value.ToLower() == options.Username)); if (user == null) { throw new ArgumentException(ErrorReponses.UserDoesNotExits); } var userStatus = (await _requestStatusesRepository.GetByAsync(x => x.Id == user.StatusId))?.Name; if (userStatus == null || !userStatus.ToLower().Contains("approved")) { throw new AccessException("Check your status"); } var result = await RequestAzureEndpoint(new FormUrlEncodedContent(GetKeyValuePairOptions(options))); var jwtToken = new JwtSecurityToken(result.Access_token); var companyId = jwtToken.Claims.FirstOrDefault(claim => claim.Type == CompanyIdClaimType)?.Value; var roleName = jwtToken.Claims.FirstOrDefault(claim => claim.Type == RoleClaimType)?.Value ?? throw new ArgumentNullException("Can't get role"); _logger.LogError("Checking permissions"); await _permissionService.CheckPermissionExpiration(); var hasPermissions = _permissionService.CheckPermission(roleName, new string[] { options.Scope }); if (int.TryParse(companyId, out int parsedCompanyId)) { _logger.LogError("Checking company"); var company = await _relationService.GetCompanyById(parsedCompanyId, result.Access_token); if (!(company?.RequestStatus?.Name?.ToLower().Contains("onboarded") ?? false)) { throw new AccessException("There is some problems with your company"); } if (company.Tenant == null) { throw new AccessException("Tenant is not specified for your Company. Please, contact support"); } } if (hasPermissions) { return(result); } throw new AccessException("You have not access for this scope"); }