Permalink
Browse files

Issue #39 - add error handling and verbosity around claims matching

  • Loading branch information...
Tristan Lymbery Tristan Lymbery
Tristan Lymbery authored and Tristan Lymbery committed Aug 3, 2018
1 parent 1fbde7c commit c1d77ab5caad2a68afde932d3300b8f2db41f15c
Showing with 29 additions and 5 deletions.
  1. +28 −4 TaskService/Controllers/TasksController.cs
  2. +1 −1 TaskWebApp/Controllers/TasksController.cs
@@ -1,4 +1,5 @@
using System;
using System.Collections;
using System.Collections.Generic;
using System.Configuration;
using System.Linq;
@@ -17,7 +18,7 @@ public class TasksController : ApiController
private static List<Models.Task> db = new List<Models.Task>();
private static int taskId;
// OWIN auth middleware constants
// OWIN auth middleware constants -> These claims must match what's in your JWT, like for like. Click the 'claims' tab to check.
public const string scopeElement = "http://schemas.microsoft.com/identity/claims/scope";
public const string objectIdElement = "http://schemas.microsoft.com/identity/claims/objectidentifier";
@@ -31,7 +32,9 @@ public class TasksController : ApiController
public IEnumerable<Models.Task> Get()
{
HasRequiredScopes(ReadPermission);
string owner = ClaimsPrincipal.Current.FindFirst(objectIdElement).Value;
var owner = CheckClaimMatch(objectIdElement);
IEnumerable<Models.Task> userTasks = db.Where(t => t.Owner == owner);
return userTasks;
}
@@ -46,7 +49,8 @@ public void Post(Models.Task task)
if (String.IsNullOrEmpty(task.Text))
throw new WebException("Please provide a task description");
string owner = ClaimsPrincipal.Current.FindFirst(objectIdElement).Value;
var owner = CheckClaimMatch(objectIdElement);
task.Id = taskId++;
task.Owner = owner;
task.Completed = false;
@@ -61,11 +65,31 @@ public void Delete(int id)
{
HasRequiredScopes(WritePermission);
string owner = ClaimsPrincipal.Current.FindFirst(objectIdElement).Value;
var owner = CheckClaimMatch(objectIdElement);
Models.Task task = db.Where(t => t.Owner.Equals(owner) && t.Id.Equals(id)).FirstOrDefault();
db.Remove(task);
}
/*
* Check user claims match task details
*/
private string CheckClaimMatch(string claim)
{
try
{
return ClaimsPrincipal.Current.FindFirst(claim).Value;
}
catch (Exception e)
{
throw new HttpResponseException(new HttpResponseMessage
{
StatusCode = HttpStatusCode.BadRequest,
ReasonPhrase = $"Unable to match claim '{claim}' against user claims; click the 'claims' tab to double-check."
});
}
}
// Validate to ensure the necessary scopes are present.
private void HasRequiredScopes(String permission)
{
@@ -56,7 +56,7 @@ public async Task<ActionResult> Index()
case HttpStatusCode.Unauthorized:
return ErrorAction("Please sign in again. " + response.ReasonPhrase);
default:
return ErrorAction("Error. Status code = " + response.StatusCode);
return ErrorAction("Error. Status code = " + response.StatusCode + ": " + response.ReasonPhrase);
}
}
catch (Exception ex)

0 comments on commit c1d77ab

Please sign in to comment.