WhenAPUTRequestWithACollectionContainingOnlyConformingIncludedOrExcludedTypeValuesIsSubmittedToSchoolsWithARequestBodyContentTypeOfTheAppropriateValueForTheProfileInUse( ConformanceType conformanceType, IncludedOrExcluded includedOrExcluded, string typeOrDescriptor, string resourceCollectionName, string contentType) { if (string.IsNullOrEmpty(contentType)) { contentType = ProfilesContentTypeHelper.CreateContentType( resourceCollectionName, ScenarioContext.Current.Get <string>(ScenarioContextKeys.ProfileName), ContentTypeUsage.Writable); } var httpClient = FeatureContext.Current.Get <HttpClient>(); httpClient.DefaultRequestHeaders.Clear(); var container = FeatureContext.Current.Get <IWindsorContainer>(); HttpContent putRequestContent = null; Guid id = Guid.NewGuid(); switch (resourceCollectionName) { case "schools": putRequestContent = GetSchoolPutRequestContent(id, contentType, conformanceType, includedOrExcluded, container, httpClient); break; case "studentAssessments": putRequestContent = GetStudentAssessmentPutRequestContent( id, contentType, conformanceType, includedOrExcluded, container, httpClient); break; default: throw new NotSupportedException(); } httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue( "Bearer", Guid.NewGuid() .ToString()); // Post resource, using the Profile's content type var putResponseMessage = httpClient.PutAsync(OwinUriHelper.BuildOdsUri(resourceCollectionName + "/" + id), putRequestContent) .Sync(); ScenarioContext.Current.Set(putResponseMessage); }
private string BuildJsonMimeType(string resourceName) { if (string.IsNullOrEmpty(_configuration.Profile)) { return("application/json"); } return(ProfilesContentTypeHelper.CreateContentType( resourceName, _configuration.Profile, ContentTypeUsage.Writable )); }
// Generates a list of assigned profiles that can be used by the client for the sent resource private IEnumerable <string> GetApplicableContentTypes( IEnumerable <string> assignedProfiles, string resourceCollectionName, string resourceItemName, HttpMethod httpMethod) { ContentTypeUsage contentTypeUsage = httpMethod == HttpMethod.Get ? ContentTypeUsage.Readable : ContentTypeUsage.Writable; var assignedContentTypes = assignedProfiles .Select(x => ProfilesContentTypeHelper.CreateContentType(resourceCollectionName, x, contentTypeUsage)); return(assignedContentTypes .Intersect( _profileResourceNamesProvider.GetProfileResourceNames() .Where(x => x.ResourceName.EqualsIgnoreCase(resourceItemName)) .Select( x => ProfilesContentTypeHelper.CreateContentType( CompositeTermInflector.MakePlural(x.ResourceName), x.ProfileName, contentTypeUsage))) .ToList()); }
public Task <HttpResponseMessage> ExecuteAuthorizationFilterAsync( HttpActionContext actionContext, CancellationToken cancellationToken, Func <Task <HttpResponseMessage> > continuation) { // check if the http method sent needs to be checked by this filter if (!(actionContext.Request.Method == HttpMethod.Put || actionContext.Request.Method == HttpMethod.Post || actionContext.Request.Method == HttpMethod.Get)) { return(continuation()); } // Try to get the current API key context var assignedProfiles = new List <string>(); var apiKeyContext = _apiKeyContextProvider.GetApiKeyContext(); // check that the ApiKeyContext is available so that we can get the assigned profiles if (apiKeyContext != null && apiKeyContext != ApiKeyContext.Empty) { assignedProfiles = _apiKeyContextProvider.GetApiKeyContext() .Profiles.ToList(); } // declare profile content type variable because it can be retrieved from the // accept header or the content-type header string profileContentType = null; ProfileContentTypeDetails profileContentTypeDetails = null; // get singluar spelling of the controller name for comparison to the resource in the profiles string resourceCollectionName = actionContext.ControllerContext.ControllerDescriptor.ControllerName.TrimSuffix("Controller"); string resourceItemName = CompositeTermInflector.MakeSingular(resourceCollectionName); // try to get the Profile Content type and parse if successful if (TryGetProfileContentType(actionContext, out profileContentType)) { profileContentTypeDetails = profileContentType.GetContentTypeDetails(); } // If the caller has not specified a profile specific content type and there are no assigned // profiles then allow the request to be processed (there is nothing left to check) if (string.IsNullOrEmpty(profileContentType) && !assignedProfiles.Any()) { return(continuation()); } // If the caller has not specified a profile specific content type but the targeted // resource is covered by an assigned profile then we must refuse the request if (string.IsNullOrEmpty(profileContentType) && IsResourceCoveredByAssignedProfile(assignedProfiles, resourceItemName)) { if (actionContext.Request.Method == HttpMethod.Get) { return (Task.FromResult( ForbiddenHttpResponseMessage( actionContext, string.Format( "One of the following profile-specific content types is required when requesting this resource: '{0}'.", string.Join( "', '", assignedProfiles.Select( p => ProfilesContentTypeHelper.CreateContentType( resourceCollectionName, p, ContentTypeUsage.Readable))))))); } // PUT or POST return (Task.FromResult( ForbiddenHttpResponseMessage( actionContext, string.Format( "Based on the assigned profiles, one of the following profile-specific content types is required when updating this resource: '{0}'.", string.Join( "', '", assignedProfiles.Select( p => ProfilesContentTypeHelper.CreateContentType(resourceCollectionName, p, ContentTypeUsage.Writable))))))); } // if there is no profile specific content at this point there are no more checks to make so proceed with request processing if (string.IsNullOrEmpty(profileContentType)) { return(continuation()); } // If the caller is "opting in" to a profile, and the targeted resource exists in the specified profile, proceed with request processing if (!assignedProfiles.Any() && IsTheResourceInTheProfile(resourceItemName, profileContentTypeDetails.Profile)) { return(continuation()); } // If the caller is not assigned any profiles that cover the targeted resource, then proceed with request processing. if (!AnyAssignedProfilesCoverTheResource(assignedProfiles, resourceItemName)) { return(continuation()); } // Check if the resource is covered under an assigned profile that is not the profile content type sent if (!IsResourceCoveredByAnotherAssignedProfile(assignedProfiles, resourceItemName, profileContentTypeDetails.Profile)) { // create the response based on the method if (actionContext.Request.Method == HttpMethod.Get) { return(Task.FromResult( ForbiddenHttpResponseMessage( actionContext, string.Format( "One of the following profile-specific content types is required when requesting this resource: '{0}'.", string.Join( "', '", GetApplicableContentTypes( assignedProfiles, resourceCollectionName, resourceItemName, actionContext.Request.Method)))))); } if (actionContext.Request.Method == HttpMethod.Put || actionContext.Request.Method == HttpMethod.Post) { return(Task.FromResult( ForbiddenHttpResponseMessage( actionContext, string.Format( "Based on the assigned profiles, one of the following profile-specific content types is required when updating this resource: '{0}'.", string.Join( "', '", GetApplicableContentTypes( assignedProfiles, resourceCollectionName, resourceItemName, actionContext.Request.Method)))))); } } return(continuation()); }
private static string BuildJsonMimeType(string elementName, string profile = null) { return(string.IsNullOrEmpty(profile) ? "application/json" : ProfilesContentTypeHelper.CreateContentType(elementName, profile, ContentTypeUsage.Writable)); }
public string GetOperationContentType(OpenApiMetadataResource openApiMetadataResource, ContentTypeUsage contentTypeUsage) => ProfilesContentTypeHelper.CreateContentType( openApiMetadataResource.Resource.Name, _documentContext.ProfileContext.ProfileName, contentTypeUsage);
public string GetOperationContentType(SwaggerResource swaggerResource, ContentTypeUsage contentTypeUsage) => ProfilesContentTypeHelper.CreateContentType( swaggerResource.Resource.Name, _documentContext.ProfileContext.ProfileName, contentTypeUsage);