private void AssertUserTenantMatchesInput(UserTenantModel userTenant)
{
Assert.NotNull(userTenant);
userTenant = new UserTenantModel(this.someUserTenantInput);
Assert.Equal(userTenant.Name, userTenant.Name);
Assert.Equal(userTenant.RoleList, userTenant.RoleList);
Assert.Equal(userTenant.Roles, userTenant.Roles);
Assert.Equal(userTenant.TenantId, userTenant.TenantId);
Assert.Equal(userTenant.Type, userTenant.Type);
Assert.Equal(userTenant.UserId, userTenant.UserId);
}
public async Task <UserTenantModel> PutAsync(string userId, [FromBody] UserTenantModel update)
{
UserTenantInput input = new UserTenantInput
{
UserId = userId,
Tenant = this.GetTenantId(),
Roles = update.Roles,
};
return(await this.container.UpdateAsync(input));
}
public async Task <UserTenantModel> PostAsync(string userId, [FromBody] UserTenantModel model)
{
UserTenantInput input = new UserTenantInput
{
UserId = userId,
Tenant = this.GetTenantId(),
Roles = model.Roles,
Name = model.Name,
Type = model.Type,
};
return(await this.container.CreateAsync(input));
}
public async Task <UserTenantModel> PostAsync(string userId, [FromBody] UserTenantModel model)
{
UserTenantInput input = new UserTenantInput
{
UserId = userId,
Tenant = this.GetTenantId(),
Roles = model.Roles,
Name = model.Name,
Type = string.IsNullOrWhiteSpace(model.Type) ? "Member" : model.Type,
CreatedTime = DateTime.UtcNow,
CreatedBy = !string.IsNullOrWhiteSpace(model.CreatedBy) ? model.CreatedBy : this.GetCreatedBy(),
};
return(await this.container.CreateAsync(input));
}
public async Task <ActionResult> PostAsync([FromHeader(Name = "Authorization")] string authHeader, [FromRoute] string tenant)
{
if (authHeader == null || !authHeader.StartsWith("Bearer"))
{
throw new NoAuthorizationException("No Bearer Token Authorization Header was passed.");
}
// Extract Bearer token
string encodedToken = authHeader.Substring("Bearer ".Length).Trim();
var jwtHandler = new JwtSecurityTokenHandler();
if (!this.jwtHelper.TryValidateToken("IoTPlatform", encodedToken, this.HttpContext, out JwtSecurityToken jwt))
{
throw new NoAuthorizationException("The given token could not be read or validated.");
}
if (jwt?.Claims?.Count(c => c.Type == "sub") == 0)
{
throw new NoAuthorizationException("Not allowed access. No User Claims");
}
// Create a userTenantInput for the purpose of finding if the user has access to the space
UserTenantInput tenantInput = new UserTenantInput
{
UserId = jwt?.Claims?.Where(c => c.Type == "sub").First()?.Value,
Tenant = tenant,
};
UserTenantModel tenantResult = await this.userTenantContainer.GetAsync(tenantInput);
if (tenantResult != null)
{
// Everything checks out so you can mint a new token
var tokenString = jwtHandler.WriteToken(await this.jwtHelper.GetIdentityToken(jwt.Claims.Where(c => new List <string>()
{
"sub", "name", "email"
}.Contains(c.Type)).ToList(), tenant, jwt.Audiences.First(), jwt.ValidTo));
return(this.StatusCode(200, tokenString));
}
else
{
throw new NoAuthorizationException("Not allowed access to this tenant.");
}
}
private async Task CleanupUserSettingsIfUserHasNoOtherTenants(UserTenantModel userTenantModel)
{
if (userTenantModel != null)
{
bool userHasOtherTenants = await this.DoesUserHaveAnyOtherTenants(userTenantModel.UserId);
if (!userHasOtherTenants)
{
UserSettingsInput settingsInput = new UserSettingsInput();
settingsInput.UserId = userTenantModel.UserId;
UserSettingsListModel userSettings = await this.settingsContainer.GetAllAsync(settingsInput);
if (userSettings != null && userSettings.Models != null)
{
foreach (UserSettingsModel settingsModel in userSettings.Models)
{
settingsInput.UserId = settingsModel.UserId;
settingsInput.SettingKey = settingsModel.SettingKey;
await this.settingsContainer.DeleteAsync(settingsInput);
}
}
}
}
}
public async Task <UserTenantModel> UserClaimsPostAsync([FromBody] UserTenantModel model)
{
return(await this.PostAsync(this.GetClaimsUserId(), model));
}
public async Task <UserTenantModel> UserClaimsPutAsync([FromBody] UserTenantModel update)
{
return(await this.PutAsync(this.GetClaimsUserId(), update));
}
public async Task <JwtSecurityToken> GetIdentityToken(List <Claim> claims, string tenant, string audience, DateTime?expiration)
{
// add iat claim
var timeSinceEpoch = DateTime.UtcNow.ToEpochTime();
claims.Add(new Claim("iat", timeSinceEpoch.ToString(), ClaimValueTypes.Integer));
var userId = claims.First(t => t.Type == "sub").Value;
// Create a userTenantInput for the purpose of finding the full tenant list associated with this user
UserTenantInput tenantInput = new UserTenantInput
{
UserId = userId,
};
UserTenantListModel tenantsModel = await this.userTenantContainer.GetAllAsync(tenantInput);
List <UserTenantModel> tenantList = tenantsModel.Models;
// User did not specify the tenant to log into so get the default or last used
if (string.IsNullOrEmpty(tenant))
{
// authState has no tenant, so we should use either the User's last used tenant, or the first tenant available to them
// Create a UserSettingsInput for the purpose of finding the LastUsedTenant setting for this user
this.logger.LogInformation("User did not specify Tenant so default/last used tenant is set.");
UserSettingsInput settingsInput = new UserSettingsInput
{
UserId = userId,
SettingKey = "LastUsedTenant",
};
UserSettingsModel lastUsedSetting = await this.userSettingsContainer.GetAsync(settingsInput);
// Has last used tenant and it is in the list
if (lastUsedSetting != null && tenantList.Count(t => t.TenantId == lastUsedSetting.Value) > 0)
{
tenant = lastUsedSetting.Value;
}
if (string.IsNullOrEmpty(tenant) && tenantList.Count > 0)
{
tenant =
tenantList.First()
.TenantId; // Set the tenant to the first tenant in the list of tenants for this user
}
}
// If User not associated with Tenant then dont add claims return token without
if (tenant != null)
{
UserTenantInput input = new UserTenantInput
{
UserId = userId,
Tenant = tenant,
};
UserTenantModel tenantModel = await this.userTenantContainer.GetAsync(input);
// Add Tenant
claims.Add(new Claim("tenant", tenantModel.TenantId));
// Add Roles
tenantModel.RoleList.ForEach(role => claims.Add(new Claim("role", role)));
// Settings Update LastUsedTenant
UserSettingsInput settingsInput = new UserSettingsInput
{
UserId = claims.Where(c => c.Type == "sub").First().Value,
SettingKey = "LastUsedTenant",
Value = tenant,
};
// Update if name is not the same
await this.userSettingsContainer.UpdateAsync(settingsInput);
if (tenantModel.Name != claims.Where(c => c.Type == "name").First().Value)
{
input.Name = claims.Where(c => c.Type == "name").First().Value;
await this.userTenantContainer.UpdateAsync(input);
}
}
DateTime expirationDateTime = expiration ?? DateTime.Now.AddDays(30);
// add all tenants they have access to
claims.AddRange(tenantList.Select(t => new Claim("available_tenants", t.TenantId)));
// Token to String so you can use it in your client
var token = this.MintToken(claims, audience, expirationDateTime);
return(token);
}
