diff --git a/DamageAssesmentApi/DamageAssesment.Api.Answers/Controllers/AnswersController.cs b/DamageAssesmentApi/DamageAssesment.Api.Answers/Controllers/AnswersController.cs index fe225b6..8130de4 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.Answers/Controllers/AnswersController.cs +++ b/DamageAssesmentApi/DamageAssesment.Api.Answers/Controllers/AnswersController.cs @@ -1,7 +1,6 @@ using DamageAssesment.Api.Answers.Interfaces; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; -using Microsoft.EntityFrameworkCore; -using Microsoft.OpenApi.Any; namespace DamageAssesment.Api.Answers.Controllers { @@ -16,7 +15,7 @@ namespace DamageAssesment.Api.Answers.Controllers /// /// Get all answers /// - + [Authorize(Roles = "admin")] [HttpGet("answers")] public async Task GetAnswersAsync() { @@ -32,7 +31,7 @@ namespace DamageAssesment.Api.Answers.Controllers /// Get an answer based on answerId. /// - + [Authorize(Roles = "admin")] [HttpGet("answers/{id}")] public async Task GetAnswerByIdAsync(int id) { @@ -48,6 +47,7 @@ namespace DamageAssesment.Api.Answers.Controllers /// /// Get all answers based on responseId. /// + [Authorize(Roles = "admin")] [HttpGet("answers/byresponse/{responseid}")] public async Task GetAnswersByResponseId(int responseid) { @@ -61,7 +61,7 @@ namespace DamageAssesment.Api.Answers.Controllers /// /// Get all answers based on questionId. /// - + [Authorize(Roles = "admin")] [HttpGet("answers/byquestion/{questionid}")] public async Task AnswersByQuestionId(int questionid) { @@ -75,7 +75,7 @@ namespace DamageAssesment.Api.Answers.Controllers /// /// Update an existing answer. /// - + [Authorize(Roles = "admin")] [HttpPut("answers")] public async Task UpdateAnswer(Models.Answer answer) { @@ -96,7 +96,7 @@ namespace DamageAssesment.Api.Answers.Controllers /// /// Save a new answer. /// - + [Authorize(Roles = "admin")] [HttpPost("answers")] public async Task CreateAnswer(Models.Answer answer) { @@ -114,7 +114,7 @@ namespace DamageAssesment.Api.Answers.Controllers /// /// Delete an existing answer. /// - + [Authorize(Roles = "admin")] [HttpDelete("answers/{id}")] public async Task DeleteAnswer(int id) { diff --git a/DamageAssesmentApi/DamageAssesment.Api.Answers/Program.cs b/DamageAssesmentApi/DamageAssesment.Api.Answers/Program.cs index 7229cf9..95475fe 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.Answers/Program.cs +++ b/DamageAssesmentApi/DamageAssesment.Api.Answers/Program.cs @@ -1,23 +1,73 @@ using DamageAssesment.Api.Answers.Db; using DamageAssesment.Api.Answers.Interfaces; using DamageAssesment.Api.Answers.Providers; +using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.EntityFrameworkCore; +using Microsoft.IdentityModel.Tokens; +using Microsoft.OpenApi.Models; using System.Reflection; +using System.Text; var builder = WebApplication.CreateBuilder(args); - +var authkey = builder.Configuration.GetValue("JwtSettings:securitykey"); +builder.Services.AddAuthentication(item => +{ + item.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; + item.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; +}).AddJwtBearer(item => +{ + item.RequireHttpsMetadata = true; + item.SaveToken = true; + item.TokenValidationParameters = new TokenValidationParameters() + { + ValidateIssuerSigningKey = true, + IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(authkey)), + ValidateIssuer = false, + ValidateAudience = false, + ClockSkew = TimeSpan.Zero + }; +}); // Add services to the container. builder.Services.AddControllers(); // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle builder.Services.AddEndpointsApiExplorer(); //builder.Services.AddSwaggerGen(); -builder.Services.AddSwaggerGen(c => +builder.Services.AddSwaggerGen(options => { // Include XML comments from your assembly var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml"; var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile); - c.IncludeXmlComments(xmlPath); + options.IncludeXmlComments(xmlPath); + + OpenApiSecurityScheme securityDefinition = new OpenApiSecurityScheme() + { + Name = "Bearer", + BearerFormat = "JWT", + Scheme = "bearer", + Description = "Specify the authorization token.", + In = ParameterLocation.Header, + Type = SecuritySchemeType.Http, + }; + + options.AddSecurityDefinition("jwt_auth", securityDefinition); + + // Make sure swagger UI requires a Bearer token specified + OpenApiSecurityScheme securityScheme = new OpenApiSecurityScheme() + { + Reference = new OpenApiReference() + { + Id = "jwt_auth", + Type = ReferenceType.SecurityScheme + } + }; + + OpenApiSecurityRequirement securityRequirements = new OpenApiSecurityRequirement() + { + {securityScheme, new string[] { }}, + }; + + options.AddSecurityRequirement(securityRequirements); }); builder.Services.AddScoped(); builder.Services.AddAutoMapper(AppDomain.CurrentDomain.GetAssemblies()); //4/30 @@ -35,7 +85,7 @@ if (app.Environment.IsDevelopment()) app.UseSwagger(); app.UseSwaggerUI(); } - +app.UseAuthentication(); app.UseAuthorization(); app.MapControllers(); diff --git a/DamageAssesmentApi/DamageAssesment.Api.Attachments/Controllers/AttachmentsController.cs b/DamageAssesmentApi/DamageAssesment.Api.Attachments/Controllers/AttachmentsController.cs index 16c223c..5e6a4eb 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.Attachments/Controllers/AttachmentsController.cs +++ b/DamageAssesmentApi/DamageAssesment.Api.Attachments/Controllers/AttachmentsController.cs @@ -1,6 +1,7 @@ using Azure; using DamageAssesment.Api.Attachments.Interfaces; using DamageAssesment.Api.Attachments.Models; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; using System.Net.Http.Headers; @@ -21,7 +22,7 @@ namespace DamageAssesment.Api.Attachments.Controllers /// /// Get all attachments. /// - + [Authorize(Roles = "admin")] [HttpGet("attachments")] public async Task GetAttachmentsAsync() { @@ -37,6 +38,7 @@ namespace DamageAssesment.Api.Attachments.Controllers /// /// Get all attachments by attachmentId. /// + [Authorize(Roles = "admin")] [HttpGet("attachments/{id}")] public async Task GetAttachmentbyIdAsync(int id) { @@ -80,7 +82,7 @@ namespace DamageAssesment.Api.Attachments.Controllers /// /// Save new Attachment(s) /// - + [Authorize(Roles = "admin")] [HttpPost("attachments"), DisableRequestSizeLimit] public async Task UploadAttachmentAsync(AttachmentInfo attachmentInfo) { @@ -107,7 +109,7 @@ namespace DamageAssesment.Api.Attachments.Controllers /// /// Modify an new attachment. /// - + [Authorize(Roles = "admin")] [HttpPut("attachments"), DisableRequestSizeLimit] public async Task UpdateAttachmentAsync(AttachmentInfo attachmentInfo) { @@ -138,6 +140,7 @@ namespace DamageAssesment.Api.Attachments.Controllers /// /// Delete an existing attachment. /// + [Authorize(Roles = "admin")] [HttpDelete("attachments/{id}")] public async Task DeleteAttachment(int id) { diff --git a/DamageAssesmentApi/DamageAssesment.Api.Attachments/Program.cs b/DamageAssesmentApi/DamageAssesment.Api.Attachments/Program.cs index 61ce1c5..9368b21 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.Attachments/Program.cs +++ b/DamageAssesmentApi/DamageAssesment.Api.Attachments/Program.cs @@ -1,25 +1,75 @@ using DamageAssesment.Api.Attachments.Db; using DamageAssesment.Api.Attachments.Interfaces; using DamageAssesment.Api.Attachments.Providers; +using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.AspNetCore.Http.Features; using Microsoft.EntityFrameworkCore; using Microsoft.Extensions.FileProviders; +using Microsoft.IdentityModel.Tokens; +using Microsoft.OpenApi.Models; using System.Reflection; +using System.Text; var builder = WebApplication.CreateBuilder(args); - +var authkey = builder.Configuration.GetValue("JwtSettings:securitykey"); +builder.Services.AddAuthentication(item => +{ + item.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; + item.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; +}).AddJwtBearer(item => +{ + item.RequireHttpsMetadata = true; + item.SaveToken = true; + item.TokenValidationParameters = new TokenValidationParameters() + { + ValidateIssuerSigningKey = true, + IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(authkey)), + ValidateIssuer = false, + ValidateAudience = false, + ClockSkew = TimeSpan.Zero + }; +}); // Add services to the container. builder.Services.AddControllers(); // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle builder.Services.AddEndpointsApiExplorer(); //builder.Services.AddSwaggerGen(); -builder.Services.AddSwaggerGen(c => +builder.Services.AddSwaggerGen(options => { // Include XML comments from your assembly var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml"; var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile); - c.IncludeXmlComments(xmlPath); + options.IncludeXmlComments(xmlPath); + + OpenApiSecurityScheme securityDefinition = new OpenApiSecurityScheme() + { + Name = "Bearer", + BearerFormat = "JWT", + Scheme = "bearer", + Description = "Specify the authorization token.", + In = ParameterLocation.Header, + Type = SecuritySchemeType.Http, + }; + + options.AddSecurityDefinition("jwt_auth", securityDefinition); + + // Make sure swagger UI requires a Bearer token specified + OpenApiSecurityScheme securityScheme = new OpenApiSecurityScheme() + { + Reference = new OpenApiReference() + { + Id = "jwt_auth", + Type = ReferenceType.SecurityScheme + } + }; + + OpenApiSecurityRequirement securityRequirements = new OpenApiSecurityRequirement() + { + {securityScheme, new string[] { }}, + }; + + options.AddSecurityRequirement(securityRequirements); }); builder.Services.AddScoped(); builder.Services.AddScoped(); @@ -45,6 +95,7 @@ if (app.Environment.IsDevelopment()) app.UseSwaggerUI(); } +app.UseAuthentication(); app.UseAuthorization(); app.UseHttpsRedirection(); diff --git a/DamageAssesmentApi/DamageAssesment.Api.DocuLinks/Controllers/DoculinkController.cs b/DamageAssesmentApi/DamageAssesment.Api.DocuLinks/Controllers/DoculinkController.cs index 99d00a8..b6552c3 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.DocuLinks/Controllers/DoculinkController.cs +++ b/DamageAssesmentApi/DamageAssesment.Api.DocuLinks/Controllers/DoculinkController.cs @@ -2,8 +2,10 @@ using DamageAssesment.Api.DocuLinks.Interfaces; using DamageAssesment.Api.DocuLinks.Models; using DamageAssesment.Api.DocuLinks.Providers; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; +using System.Data; namespace DamageAssesment.Api.DocuLinks.Controllers { @@ -24,6 +26,7 @@ namespace DamageAssesment.Api.DocuLinks.Controllers /// Get all Doculink type. /// [HttpGet] + [Authorize(Roles = "admin")] [Route("doculinks/types")] [Route("doculinks/types/{language:alpha}")] public async Task GetLinkTypesAsync(string? language) @@ -38,9 +41,10 @@ namespace DamageAssesment.Api.DocuLinks.Controllers /// /// Get a Doculink type by id. /// - [HttpGet] + [Authorize(Roles = "admin")] [Route("doculinks/types/{id}")] [Route("doculinks/types/{id}/{language:alpha}")] + [HttpGet] public async Task GetLinkTypeAsync(int id,string? language) { var result = await this.documentsProvider.GetLinkTypeAsync(id, language); @@ -53,6 +57,7 @@ namespace DamageAssesment.Api.DocuLinks.Controllers /// /// Update a existing Doculink type. /// + [Authorize(Roles = "admin")] [HttpPut] [Route("doculinks/types/{id}")] public async Task UpdateLinkType(int id,Models.LinkType linkType) @@ -74,6 +79,7 @@ namespace DamageAssesment.Api.DocuLinks.Controllers /// /// Create a new Doculink type. /// + [Authorize(Roles = "admin")] [HttpPost] [Route("doculinks/types")] public async Task CreateLinkType(Models.LinkType linkType) @@ -92,6 +98,7 @@ namespace DamageAssesment.Api.DocuLinks.Controllers /// /// Delete a existing Doculink type by id. /// + [Authorize(Roles = "admin")] [HttpDelete] [Route("doculinks/types/{id}")] public async Task DeleteLinkType(int id) @@ -104,9 +111,10 @@ namespace DamageAssesment.Api.DocuLinks.Controllers return NotFound(); } /// - /// Get all Doculink. + /// Get all documents. /// - /// + + [Authorize(Roles = "admin")] [Route("doculinks")] [Route("doculinks/{linktype:alpha}")] [Route("doculinks/{linktype:alpha}/{language:alpha}")] @@ -123,6 +131,7 @@ namespace DamageAssesment.Api.DocuLinks.Controllers /// /// Get all active Doculink. /// + [Authorize(Roles = "admin")] [Route("doculinks/active")] [Route("doculinks/active/{linktype:alpha}")] [Route("doculinks/active/{linktype:alpha}/{language:alpha}")] @@ -139,6 +148,7 @@ namespace DamageAssesment.Api.DocuLinks.Controllers /// /// Get all active Doculink. /// + [Authorize(Roles = "admin")] [Route("doculinks/active/{linktypeid:int}")] [Route("doculinks/active/{linktypeid:int}/{language:alpha}")] [HttpGet] @@ -154,6 +164,7 @@ namespace DamageAssesment.Api.DocuLinks.Controllers /// /// Get a Doculink by id. /// + [Authorize(Roles = "admin")] [HttpGet] [Route("doculinks/{id}")] [Route("doculinks/{id}/{linktype:alpha}")] @@ -168,8 +179,9 @@ namespace DamageAssesment.Api.DocuLinks.Controllers return NotFound(); } /// - /// update existing doclink. + /// Upload new document. /// + [Authorize(Roles = "admin")] [HttpPut] [Route("doculinks/{id}")] public async Task UpdateDocument(int id,ReqDoculink documentInfo) @@ -195,6 +207,7 @@ namespace DamageAssesment.Api.DocuLinks.Controllers /// /// Create new doclink. /// + [Authorize(Roles = "admin")] [HttpPost] [Route("doculinks")] public async Task CreateDocument(ReqDoculink documentInfo) @@ -220,8 +233,9 @@ namespace DamageAssesment.Api.DocuLinks.Controllers } } /// - /// Delete Doculink by id. + /// Delete document by id. /// + [Authorize(Roles = "admin")] [HttpDelete] [Route("doculinks/{id}")] public async Task DeleteDocument(int id) diff --git a/DamageAssesmentApi/DamageAssesment.Api.DocuLinks/DamageAssesment.Api.DocuLinks.csproj b/DamageAssesmentApi/DamageAssesment.Api.DocuLinks/DamageAssesment.Api.DocuLinks.csproj index b71afa9..a1d917b 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.DocuLinks/DamageAssesment.Api.DocuLinks.csproj +++ b/DamageAssesmentApi/DamageAssesment.Api.DocuLinks/DamageAssesment.Api.DocuLinks.csproj @@ -10,6 +10,7 @@ + diff --git a/DamageAssesmentApi/DamageAssesment.Api.DocuLinks/Program.cs b/DamageAssesmentApi/DamageAssesment.Api.DocuLinks/Program.cs index f25927c..9d480b2 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.DocuLinks/Program.cs +++ b/DamageAssesmentApi/DamageAssesment.Api.DocuLinks/Program.cs @@ -2,19 +2,69 @@ using DamageAssesment.Api.DocuLinks.Db; using DamageAssesment.Api.DocuLinks.Interfaces; using DamageAssesment.Api.DocuLinks.Providers; using Microsoft.EntityFrameworkCore; +using Microsoft.AspNetCore.Authentication.JwtBearer; +using Microsoft.IdentityModel.Tokens; using System.Reflection; +using System.Text; +using Microsoft.OpenApi.Models; var builder = WebApplication.CreateBuilder(args); // Add services to the container. - +var authkey = builder.Configuration.GetValue("JwtSettings:securitykey"); +builder.Services.AddAuthentication(item => +{ + item.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; + item.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; +}).AddJwtBearer(item => +{ + item.RequireHttpsMetadata = true; + item.SaveToken = true; + item.TokenValidationParameters = new TokenValidationParameters() + { + ValidateIssuerSigningKey = true, + IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(authkey)), + ValidateIssuer = false, + ValidateAudience = false, + ClockSkew = TimeSpan.Zero + }; +}); builder.Services.AddControllers(); -builder.Services.AddSwaggerGen(c => +builder.Services.AddSwaggerGen(options => { // Include XML comments from your assembly var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml"; var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile); - c.IncludeXmlComments(xmlPath); + options.IncludeXmlComments(xmlPath); + + OpenApiSecurityScheme securityDefinition = new OpenApiSecurityScheme() + { + Name = "Bearer", + BearerFormat = "JWT", + Scheme = "bearer", + Description = "Specify the authorization token.", + In = ParameterLocation.Header, + Type = SecuritySchemeType.Http, + }; + + options.AddSecurityDefinition("jwt_auth", securityDefinition); + + // Make sure swagger UI requires a Bearer token specified + OpenApiSecurityScheme securityScheme = new OpenApiSecurityScheme() + { + Reference = new OpenApiReference() + { + Id = "jwt_auth", + Type = ReferenceType.SecurityScheme + } + }; + + OpenApiSecurityRequirement securityRequirements = new OpenApiSecurityRequirement() + { + {securityScheme, new string[] { }}, + }; + + options.AddSecurityRequirement(securityRequirements); }); // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle builder.Services.AddEndpointsApiExplorer(); @@ -36,6 +86,7 @@ if (app.Environment.IsDevelopment()) app.UseSwaggerUI(); } +app.UseAuthentication(); app.UseAuthorization(); app.MapControllers(); diff --git a/DamageAssesmentApi/DamageAssesment.Api.DocuLinks/appsettings.json b/DamageAssesmentApi/DamageAssesment.Api.DocuLinks/appsettings.json index e38d9fb..9d665b2 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.DocuLinks/appsettings.json +++ b/DamageAssesmentApi/DamageAssesment.Api.DocuLinks/appsettings.json @@ -6,8 +6,12 @@ } }, "AllowedHosts": "*", + "JwtSettings": { + "securitykey": "bWlhbWkgZGFkZSBzY2hvb2xzIHNlY3JldCBrZXk=" + }, "Fileupload": { "folderpath": "DASA_Documents/Active", "Deletepath": "DASA_Documents/Deleted" } } + diff --git a/DamageAssesmentApi/DamageAssesment.Api.Employees/Controllers/EmployeesController.cs b/DamageAssesmentApi/DamageAssesment.Api.Employees/Controllers/EmployeesController.cs index 05901c5..f247d17 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.Employees/Controllers/EmployeesController.cs +++ b/DamageAssesmentApi/DamageAssesment.Api.Employees/Controllers/EmployeesController.cs @@ -1,4 +1,5 @@ using DamageAssesment.Api.Employees.Interfaces; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; @@ -18,7 +19,7 @@ namespace DamageAssesment.Api.Employees.Controllers /// /// GET request for retrieving employees. /// - + [Authorize(Roles = "admin")] [HttpGet("employees")] public async Task GetEmployeesAsync() { @@ -35,7 +36,7 @@ namespace DamageAssesment.Api.Employees.Controllers /// /// GET request for retrieving an employee by ID. /// - + [Authorize(Roles = "admin")] [HttpGet("employees/{id}")] public async Task GetEmployeeByIdAsync(int id) { @@ -48,11 +49,12 @@ namespace DamageAssesment.Api.Employees.Controllers return NotFound(); } - + /// /// PUT request for updating an existing employee. /// /// The updated employee object. + [Authorize(Roles = "admin")] [HttpPut("employees/{id}")] public async Task UpdateEmployee(int id, Models.Employee Employee) { @@ -75,6 +77,7 @@ namespace DamageAssesment.Api.Employees.Controllers /// POST request for creating a new employee. /// /// The employee information for creating a new employee. + [Authorize(Roles = "admin")] [HttpPost("employees")] public async Task CreateEmployee(Models.Employee Employee) { @@ -93,6 +96,7 @@ namespace DamageAssesment.Api.Employees.Controllers /// DELETE request for deleting an existing employee. /// /// The ID of the employee to be deleted. + [Authorize(Roles = "admin")] [HttpDelete("employees/{id}")] public async Task DeleteEmployee(int id) { diff --git a/DamageAssesmentApi/DamageAssesment.Api.Employees/Program.cs b/DamageAssesmentApi/DamageAssesment.Api.Employees/Program.cs index 1e88127..a4cf2df 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.Employees/Program.cs +++ b/DamageAssesmentApi/DamageAssesment.Api.Employees/Program.cs @@ -1,23 +1,74 @@ using DamageAssesment.Api.Employees.Db; using DamageAssesment.Api.Employees.Interfaces; using DamageAssesment.Api.Employees.Providers; +using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.EntityFrameworkCore; +using Microsoft.IdentityModel.Tokens; +using Microsoft.OpenApi.Models; using System.Reflection; +using System.Text; var builder = WebApplication.CreateBuilder(args); // Add services to the container. +var authkey = builder.Configuration.GetValue("JwtSettings:securitykey"); +builder.Services.AddAuthentication(item => +{ + item.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; + item.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; +}).AddJwtBearer(item => +{ + item.RequireHttpsMetadata = true; + item.SaveToken = true; + item.TokenValidationParameters = new TokenValidationParameters() + { + ValidateIssuerSigningKey = true, + IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(authkey)), + ValidateIssuer = false, + ValidateAudience = false, + ClockSkew = TimeSpan.Zero + }; +}); builder.Services.AddControllers(); // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle builder.Services.AddEndpointsApiExplorer(); //builder.Services.AddSwaggerGen(); -builder.Services.AddSwaggerGen(c => +builder.Services.AddSwaggerGen(options => { // Include XML comments from your assembly var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml"; var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile); - c.IncludeXmlComments(xmlPath); + options.IncludeXmlComments(xmlPath); + + OpenApiSecurityScheme securityDefinition = new OpenApiSecurityScheme() + { + Name = "Bearer", + BearerFormat = "JWT", + Scheme = "bearer", + Description = "Specify the authorization token.", + In = ParameterLocation.Header, + Type = SecuritySchemeType.Http, + }; + + options.AddSecurityDefinition("jwt_auth", securityDefinition); + + // Make sure swagger UI requires a Bearer token specified + OpenApiSecurityScheme securityScheme = new OpenApiSecurityScheme() + { + Reference = new OpenApiReference() + { + Id = "jwt_auth", + Type = ReferenceType.SecurityScheme + } + }; + + OpenApiSecurityRequirement securityRequirements = new OpenApiSecurityRequirement() + { + {securityScheme, new string[] { }}, + }; + + options.AddSecurityRequirement(securityRequirements); }); builder.Services.AddScoped(); @@ -43,6 +94,7 @@ if (app.Environment.IsDevelopment()) } } +app.UseAuthentication(); app.UseAuthorization(); app.MapControllers(); diff --git a/DamageAssesmentApi/DamageAssesment.Api.Employees/appsettings.json b/DamageAssesmentApi/DamageAssesment.Api.Employees/appsettings.json index 1a1f3fe..ff5949d 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.Employees/appsettings.json +++ b/DamageAssesmentApi/DamageAssesment.Api.Employees/appsettings.json @@ -8,10 +8,5 @@ "Microsoft.AspNetCore": "Warning" } }, - "AllowedHosts": "*", - "settings": { - "endpoint1": "xxx", - "endpoint2": "xxx", - "endpoint3": "xxx" - } + "AllowedHosts": "*" } diff --git a/DamageAssesmentApi/DamageAssesment.Api.Locations/Controllers/LocationsController.cs b/DamageAssesmentApi/DamageAssesment.Api.Locations/Controllers/LocationsController.cs index cea800d..8de7678 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.Locations/Controllers/LocationsController.cs +++ b/DamageAssesmentApi/DamageAssesment.Api.Locations/Controllers/LocationsController.cs @@ -1,4 +1,5 @@ using DamageAssesment.Api.Locations.Interfaces; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; @@ -15,7 +16,7 @@ namespace DamageAssesment.Api.Locations.Controllers /// /// Get all locations. /// - + [Authorize(Roles = "admin")] [HttpGet("locations")] public async Task GetLocationsAsync() { @@ -31,7 +32,7 @@ namespace DamageAssesment.Api.Locations.Controllers /// /// Get all locations based on locationdId. /// - + [Authorize(Roles = "admin")] [HttpGet("locations/{id}")] public async Task GetLocationByIdAsync(int id) { @@ -47,7 +48,7 @@ namespace DamageAssesment.Api.Locations.Controllers /// /// Update a Location. /// - + [Authorize(Roles = "admin")] [HttpPut("locations/{id}")] public async Task UpdateLocation(int id, Models.Location Location) { @@ -65,7 +66,7 @@ namespace DamageAssesment.Api.Locations.Controllers /// /// Save a new location. /// - + [Authorize(Roles = "admin")] [HttpPost("locations")] public async Task CreateLocation(Models.Location Location) { @@ -83,7 +84,7 @@ namespace DamageAssesment.Api.Locations.Controllers /// /// Delete an existing location. /// - + [Authorize(Roles = "admin")] [HttpDelete("locations/{id}")] public async Task DeleteLocation(int id) { diff --git a/DamageAssesmentApi/DamageAssesment.Api.Locations/Controllers/RegionsController.cs b/DamageAssesmentApi/DamageAssesment.Api.Locations/Controllers/RegionsController.cs index 172043c..d7fe03c 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.Locations/Controllers/RegionsController.cs +++ b/DamageAssesmentApi/DamageAssesment.Api.Locations/Controllers/RegionsController.cs @@ -1,4 +1,5 @@ using DamageAssesment.Api.Locations.Interfaces; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; namespace DamageAssesment.Api.Locations.Controllers @@ -15,7 +16,7 @@ namespace DamageAssesment.Api.Locations.Controllers /// /// Get all regions.2 /// - + [Authorize(Roles = "admin")] [HttpGet("regions")] public async Task GetRegionsAsync() { @@ -29,7 +30,7 @@ namespace DamageAssesment.Api.Locations.Controllers /// /// GET request for retrieving a region by its ID. /// - + [Authorize(Roles = "admin")] [HttpGet("regions/{id}")] public async Task GetRegionAsync(int id) { @@ -43,7 +44,7 @@ namespace DamageAssesment.Api.Locations.Controllers /// /// POST request for creating a new region. /// - + [Authorize(Roles = "admin")] [HttpPost("regions")] public async Task PostRegionAsync(Models.Region region) { @@ -57,7 +58,7 @@ namespace DamageAssesment.Api.Locations.Controllers /// /// PUT request for updating an existing region. /// - + [Authorize(Roles = "admin")] [HttpPut("regions/{id}")] public async Task PutRegionAsync(int id, Models.Region region) { @@ -75,7 +76,7 @@ namespace DamageAssesment.Api.Locations.Controllers /// DELETE request for deleting a region based on ID. /// - + [Authorize(Roles = "admin")] [HttpDelete("regions/{id}")] public async Task DeleteRegionAsync(int id) { diff --git a/DamageAssesmentApi/DamageAssesment.Api.Locations/Program.cs b/DamageAssesmentApi/DamageAssesment.Api.Locations/Program.cs index 200e39b..6563a8b 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.Locations/Program.cs +++ b/DamageAssesmentApi/DamageAssesment.Api.Locations/Program.cs @@ -1,23 +1,73 @@ using DamageAssesment.Api.Locations.Db; using DamageAssesment.Api.Locations.Interfaces; using DamageAssesment.Api.Locations.Providers; +using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.EntityFrameworkCore; +using Microsoft.IdentityModel.Tokens; +using Microsoft.OpenApi.Models; using System.Reflection; +using System.Text; var builder = WebApplication.CreateBuilder(args); // Add services to the container. - +var authkey = builder.Configuration.GetValue("JwtSettings:securitykey"); +builder.Services.AddAuthentication(item => +{ + item.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; + item.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; +}).AddJwtBearer(item => +{ + item.RequireHttpsMetadata = true; + item.SaveToken = true; + item.TokenValidationParameters = new TokenValidationParameters() + { + ValidateIssuerSigningKey = true, + IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(authkey)), + ValidateIssuer = false, + ValidateAudience = false, + ClockSkew = TimeSpan.Zero + }; +}); builder.Services.AddControllers(); // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle builder.Services.AddEndpointsApiExplorer(); //builder.Services.AddSwaggerGen(); -builder.Services.AddSwaggerGen(c => +builder.Services.AddSwaggerGen(options => { // Include XML comments from your assembly var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml"; var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile); - c.IncludeXmlComments(xmlPath); + options.IncludeXmlComments(xmlPath); + + OpenApiSecurityScheme securityDefinition = new OpenApiSecurityScheme() + { + Name = "Bearer", + BearerFormat = "JWT", + Scheme = "bearer", + Description = "Specify the authorization token.", + In = ParameterLocation.Header, + Type = SecuritySchemeType.Http, + }; + + options.AddSecurityDefinition("jwt_auth", securityDefinition); + + // Make sure swagger UI requires a Bearer token specified + OpenApiSecurityScheme securityScheme = new OpenApiSecurityScheme() + { + Reference = new OpenApiReference() + { + Id = "jwt_auth", + Type = ReferenceType.SecurityScheme + } + }; + + OpenApiSecurityRequirement securityRequirements = new OpenApiSecurityRequirement() + { + {securityScheme, new string[] { }}, + }; + + options.AddSecurityRequirement(securityRequirements); }); builder.Services.AddScoped(); builder.Services.AddScoped(); @@ -26,7 +76,10 @@ builder.Services.AddDbContext(option => { option.UseInMemoryDatabase("Locations"); }); + + var app = builder.Build(); +// Add services to the container. // Configure the HTTP request pipeline. if (app.Environment.IsDevelopment()) @@ -44,6 +97,7 @@ if (app.Environment.IsDevelopment()) } } +app.UseAuthentication(); app.UseAuthorization(); app.MapControllers(); diff --git a/DamageAssesmentApi/DamageAssesment.Api.Questions/Controllers/QuestionsController.cs b/DamageAssesmentApi/DamageAssesment.Api.Questions/Controllers/QuestionsController.cs index 7dec941..1171b0d 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.Questions/Controllers/QuestionsController.cs +++ b/DamageAssesmentApi/DamageAssesment.Api.Questions/Controllers/QuestionsController.cs @@ -1,4 +1,5 @@ using DamageAssesment.Api.Questions.Interfaces; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; namespace DamageAssesment.Api.Questions.Controllers @@ -10,16 +11,13 @@ namespace DamageAssesment.Api.Questions.Controllers public QuestionsController(IQuestionsProvider questionsProvider) { - this.questionsProvider = questionsProvider; - } - /// /// GET request for retrieving questions. /// - - // get all questions + //get all questions + [Authorize(Roles = "admin,survey,user,report")] [Route("questions")] [Route("questions/{language:alpha}")] [HttpGet] @@ -37,6 +35,7 @@ namespace DamageAssesment.Api.Questions.Controllers /// /// GET request for retrieving a question by ID. /// + [Authorize(Roles = "admin,survey,user,report")] [Route("questions/{id}/{language:alpha}")] [Route("questions/{id:int}")] [HttpGet] @@ -55,6 +54,7 @@ namespace DamageAssesment.Api.Questions.Controllers /// GET request for retrieving survey questions based on a survey ID. /// Uri: {Optional language}/GetSurveyQuestions/{surveyId} :Default returns question in all languages /// + [Authorize(Roles = "admin,survey,user,report")] [Route("questions/bysurvey/{surveyId:int}")] [Route("questions/bysurvey/{surveyId:int}/{language:alpha}")] [HttpGet] @@ -71,6 +71,7 @@ namespace DamageAssesment.Api.Questions.Controllers /// PUT request for updating a question (multilingual). /// + [Authorize(Roles = "admin")] [HttpPut("questions")] public async Task UpdateQuestion(Models.Question question) { @@ -92,6 +93,7 @@ namespace DamageAssesment.Api.Questions.Controllers /// POST request for creating a new question (multilingual). /// + [Authorize(Roles = "admin")] [HttpPost("questions")] public async Task CreateQuestion(Models.Question question) { @@ -110,6 +112,7 @@ namespace DamageAssesment.Api.Questions.Controllers /// DELETE request for deleting a question based on ID. /// + [Authorize(Roles = "admin")] [HttpDelete("questions/{id}")] public async Task DeleteQuestion(int id) { @@ -125,6 +128,7 @@ namespace DamageAssesment.Api.Questions.Controllers /// GET request for retrieving question categories. /// + [Authorize(Roles = "admin,user,report")] [HttpGet("questions/categories")] [HttpGet("questions/categories/{language:alpha}")] public async Task GetQuestionCategoriesAsync(string? language) @@ -139,7 +143,7 @@ namespace DamageAssesment.Api.Questions.Controllers /// /// GET request for retrieving a question category by ID. /// - + [Authorize(Roles = "admin,report")] [HttpGet("questions/categories/{id:int}")] [HttpGet("questions/categories/{id:int}/{language:alpha}")] public async Task GetQuestionCategoryAsync(int id,string? language) @@ -156,7 +160,7 @@ namespace DamageAssesment.Api.Questions.Controllers /// /// PUT request for updating a question category. /// - + [Authorize(Roles = "admin,survey,report")] [HttpPut("questions/categories")] public async Task UpdateQuestionCategory(Models.QuestionCategory questionCategory) { @@ -178,6 +182,7 @@ namespace DamageAssesment.Api.Questions.Controllers /// POST request for creating a new question category. /// + [Authorize(Roles = "admin")] [HttpPost("questions/categories")] public async Task CreateQuestionCategory(Models.QuestionCategory questionCategory) { @@ -196,6 +201,7 @@ namespace DamageAssesment.Api.Questions.Controllers /// DELETE request for deleting a question category based on ID. /// + [Authorize(Roles = "admin")] [HttpDelete("questions/categories/{id}")] public async Task DeleteQuestionCategory(int id) { diff --git a/DamageAssesmentApi/DamageAssesment.Api.Questions/Models/Question.cs b/DamageAssesmentApi/DamageAssesment.Api.Questions/Models/Question.cs index b6c1668..f7fe7fb 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.Questions/Models/Question.cs +++ b/DamageAssesmentApi/DamageAssesment.Api.Questions/Models/Question.cs @@ -12,7 +12,7 @@ public bool IsRequired { get; set; } public bool Comment { get; set; } public bool Key { get; set; } - public int? SurveyId { get; set; } + public int SurveyId { get; set; } public int CategoryId { get; set; } } } diff --git a/DamageAssesmentApi/DamageAssesment.Api.Questions/Program.cs b/DamageAssesmentApi/DamageAssesment.Api.Questions/Program.cs index 073cb10..ac0eed7 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.Questions/Program.cs +++ b/DamageAssesmentApi/DamageAssesment.Api.Questions/Program.cs @@ -1,11 +1,33 @@ using DamageAssesment.Api.Questions.Db; using DamageAssesment.Api.Questions.Interfaces; using DamageAssesment.Api.Questions.Providers; +using Microsoft.AspNetCore.Authentication.JwtBearer; using Microsoft.EntityFrameworkCore; +using Microsoft.IdentityModel.Tokens; +using Microsoft.OpenApi.Models; using System.Reflection; +using System.Text; var builder = WebApplication.CreateBuilder(args); - +// Add services to the container. +var authkey = builder.Configuration.GetValue("JwtSettings:securitykey"); +builder.Services.AddAuthentication(item => +{ + item.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; + item.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; +}).AddJwtBearer(item => +{ + item.RequireHttpsMetadata = true; + item.SaveToken = true; + item.TokenValidationParameters = new TokenValidationParameters() + { + ValidateIssuerSigningKey = true, + IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(authkey)), + ValidateIssuer = false, + ValidateAudience = false, + ClockSkew = TimeSpan.Zero + }; +}); // Add services to the container. builder.Services.AddControllers(); @@ -17,13 +39,41 @@ builder.Services.AddAutoMapper(AppDomain.CurrentDomain.GetAssemblies()); builder.Services.AddEndpointsApiExplorer(); //builder.Services.AddSwaggerGen(); -builder.Services.AddSwaggerGen(c => +builder.Services.AddSwaggerGen(options => { // Include XML comments from your assembly var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml"; var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile); - c.IncludeXmlComments(xmlPath); + options.IncludeXmlComments(xmlPath); + + OpenApiSecurityScheme securityDefinition = new OpenApiSecurityScheme() + { + Name = "Bearer", + BearerFormat = "JWT", + Scheme = "bearer", + Description = "Specify the authorization token.", + In = ParameterLocation.Header, + Type = SecuritySchemeType.Http, + }; + + options.AddSecurityDefinition("jwt_auth", securityDefinition); + + // Make sure swagger UI requires a Bearer token specified + OpenApiSecurityScheme securityScheme = new OpenApiSecurityScheme() + { + Reference = new OpenApiReference() + { + Id = "jwt_auth", + Type = ReferenceType.SecurityScheme + } + }; + OpenApiSecurityRequirement securityRequirements = new OpenApiSecurityRequirement() + { + {securityScheme, new string[] { }}, + }; + options.AddSecurityRequirement(securityRequirements); }); + builder.Services.AddDbContext(option => { option.UseInMemoryDatabase("Questions"); @@ -43,7 +93,7 @@ if (app.Environment.IsDevelopment()) questionProvider.SeedData(); } } - +app.UseAuthentication(); app.UseAuthorization(); app.MapControllers(); diff --git a/DamageAssesmentApi/DamageAssesment.Api.Questions/Providers/QuestionsProvider.cs b/DamageAssesmentApi/DamageAssesment.Api.Questions/Providers/QuestionsProvider.cs index 45f6ecf..4e94143 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.Questions/Providers/QuestionsProvider.cs +++ b/DamageAssesmentApi/DamageAssesment.Api.Questions/Providers/QuestionsProvider.cs @@ -19,7 +19,7 @@ namespace DamageAssesment.Api.Questions.Providers this.questionDbContext = questionDbContext; this.logger = logger; this.mapper = mapper; - // SeedData(); + // SeedData(); } public void SeedData() @@ -31,8 +31,7 @@ namespace DamageAssesment.Api.Questions.Providers questionDbContext.QuestionTypes.Add(new Db.QuestionType() { TypeText = "TextBox" }); questionDbContext.SaveChanges(); } - - if (!questionDbContext.QuestionCategories.Any()) + if (!questionDbContext.QuestionsTranslations.Any()) { questionDbContext.QuestionCategories.Add(new Db.QuestionCategory() { IconName = "Flooding", IconLibrary = "https://example.com/images/img1.png" }); questionDbContext.QuestionCategories.Add(new Db.QuestionCategory() { IconName = "Electrical", IconLibrary = "https://example.com/images/img2.png" }); @@ -70,7 +69,7 @@ namespace DamageAssesment.Api.Questions.Providers var question4 = new Db.Question() { QuestionTypeId = 1, SurveyId = 2, QuestionNumber = 2, IsRequired = false, Comment = true, Key = false, CategoryId = 2 }; var question5 = new Db.Question() { QuestionTypeId = 1, SurveyId = 3, QuestionNumber = 1, IsRequired = true, Comment = false, Key = true, CategoryId = 1 }; var question6 = new Db.Question() { QuestionTypeId = 1, SurveyId = 3, QuestionNumber = 2, IsRequired = false, Comment = true, Key = false, CategoryId = 2 }; - var question7 = new Db.Question() { QuestionTypeId = 1, SurveyId = 3, QuestionNumber = 1, IsRequired = true, Comment = false, Key = true, CategoryId = 3}; + var question7 = new Db.Question() { QuestionTypeId = 1, SurveyId = 3, QuestionNumber = 1, IsRequired = true, Comment = false, Key = true, CategoryId = 3 }; var question8 = new Db.Question() { QuestionTypeId = 1, SurveyId = 3, QuestionNumber = 2, IsRequired = false, Comment = true, Key = false, CategoryId = 4 }; var question9 = new Db.Question() { QuestionTypeId = 1, SurveyId = 3, QuestionNumber = 1, IsRequired = true, Comment = true, Key = true, CategoryId = 5 }; var question10 = new Db.Question() { QuestionTypeId = 1, SurveyId = 3, QuestionNumber = 2, IsRequired = false, Comment = false, Key = true, CategoryId = 1 }; @@ -275,7 +274,7 @@ namespace DamageAssesment.Api.Questions.Providers if (question != null) { logger?.LogInformation($"{question} customer(s) found"); - var result = mapper.Map(question); + var result = mapper.Map(question); result.Text = CreateMultiLanguageObject(GetQuestionsTranslations(id, language)); return (true, result, null); } @@ -314,7 +313,7 @@ namespace DamageAssesment.Api.Questions.Providers CategoryId = item.Id, IconLibrary = item.IconLibrary, IconName = item.IconName, - CategoryNames= CreateCategoryMultiLanguageObject(GetCategoryTranslations(item.Id, language)), + CategoryNames = CreateCategoryMultiLanguageObject(GetCategoryTranslations(item.Id, language)), QuestionsText = GetSurveyQuestion(mapper.Map, List>(questions.Where(a => a.CategoryId == item.Id).ToList()), language) }); } @@ -344,7 +343,7 @@ namespace DamageAssesment.Api.Questions.Providers questionDbContext.SaveChanges(); Question.Id = dbquestion.Id; var result = mapper.Map(dbquestion); - result.Text = CreateMultiLanguageObject(GetQuestionsTranslations(result.Id,"")); + result.Text = CreateMultiLanguageObject(GetQuestionsTranslations(result.Id, "")); return (true, result, null); } catch (Exception ex) diff --git a/DamageAssesmentApi/DamageAssesment.Api.Responses.Test/SurveyResponsesServiceTest.cs b/DamageAssesmentApi/DamageAssesment.Api.Responses.Test/SurveyResponsesServiceTest.cs index 05b3e02..90a9a73 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.Responses.Test/SurveyResponsesServiceTest.cs +++ b/DamageAssesmentApi/DamageAssesment.Api.Responses.Test/SurveyResponsesServiceTest.cs @@ -25,17 +25,16 @@ namespace DamageAssesment.SurveyResponses.Test SurveyResponse mockRequestObject = await MockData.getSurveyResponseObject(); var mockResponse = await MockData.getOkResponse(mockRequestObject); mockSurveyResponseService.Setup(service => service.GetSurveyResponsesAsync(1)).ReturnsAsync(mockResponse); - var surveyResponseProvider = new SurveyResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); + var surveyResponseProvider = new ResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); var result = (OkObjectResult)await surveyResponseProvider.GetSurveyResponsesAsync(1); Assert.Equal(200, result.StatusCode); } - [Fact(DisplayName = "Get Responses - BadRequest case")] public async Task GetSurveyResponsesAsync_ShouldReturnStatusCode204() { var mockResponse = await MockData.getResponse(); mockSurveyResponseService.Setup(service => service.GetSurveyResponsesAsync(1)).ReturnsAsync(mockResponse); - var surveyResponseProvider = new SurveyResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); + var surveyResponseProvider = new ResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); var result = (BadRequestObjectResult)await surveyResponseProvider.GetSurveyResponsesAsync(1); Assert.Equal(400, result.StatusCode); } @@ -46,7 +45,7 @@ namespace DamageAssesment.SurveyResponses.Test SurveyResponse mockRequestObject = await MockData.getSurveyResponseObject(); var mockResponse = await MockData.getOkResponse(); mockSurveyResponseService.Setup(service => service.GetSurveyResponsesBySurveyAsync(1, 1)).ReturnsAsync(mockResponse); - var surveyResponseProvider = new SurveyResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); + var surveyResponseProvider = new ResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); var result = (OkObjectResult)await surveyResponseProvider.GetSurveyResponsesAsync(1, 1); Assert.Equal(200, result.StatusCode); } @@ -56,7 +55,7 @@ namespace DamageAssesment.SurveyResponses.Test { var mockResponse = await MockData.getResponse(); mockSurveyResponseService.Setup(service => service.GetSurveyResponsesBySurveyAsync(1, 1)).ReturnsAsync(mockResponse); - var surveyResponseProvider = new SurveyResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); + var surveyResponseProvider = new ResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); var result = (NoContentResult)await surveyResponseProvider.GetSurveyResponsesAsync(1, 1); Assert.Equal(204, result.StatusCode); } @@ -70,7 +69,7 @@ namespace DamageAssesment.SurveyResponses.Test SurveyResponse mockRequestObject = await MockData.getSurveyResponseObject(); var mockResponse = await MockData.getOkResponse(); mockSurveyResponseService.Setup(service => service.GetSurveyResponsesBySurveyAndLocationAsync(1, 1, 1)).ReturnsAsync(mockResponse); - var surveyResponseProvider = new SurveyResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); + var surveyResponseProvider = new ResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); var result = (OkObjectResult)await surveyResponseProvider.GetSurveyResponsesBySurveyAndLocationAsync(1, 1, 1); Assert.Equal(200, result.StatusCode); } @@ -80,7 +79,7 @@ namespace DamageAssesment.SurveyResponses.Test { var mockResponse = await MockData.getResponse(); mockSurveyResponseService.Setup(service => service.GetSurveyResponsesBySurveyAndLocationAsync(1, 1, 1)).ReturnsAsync(mockResponse); - var surveyResponseProvider = new SurveyResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); + var surveyResponseProvider = new ResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); var result = (NoContentResult)await surveyResponseProvider.GetSurveyResponsesBySurveyAndLocationAsync(1, 1, 1); Assert.Equal(204, result.StatusCode); } @@ -91,7 +90,7 @@ namespace DamageAssesment.SurveyResponses.Test SurveyResponse mockRequestObject = await MockData.getSurveyResponseObject(); var mockResponse = await MockData.getOkResponse(); mockSurveyResponseService.Setup(service => service.GetResponsesByAnswerAsync(1, 1, "Yes", 1)).ReturnsAsync(mockResponse); - var surveyResponseProvider = new SurveyResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); + var surveyResponseProvider = new ResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); var result = (OkObjectResult)await surveyResponseProvider.GetSurveyResponsesByAnswerAsyncAsync(1, 1, "Yes", 1); Assert.Equal(200, result.StatusCode); } @@ -101,7 +100,7 @@ namespace DamageAssesment.SurveyResponses.Test { var mockResponse = await MockData.getResponse(); mockSurveyResponseService.Setup(service => service.GetResponsesByAnswerAsync(1, 1, "Yes", 1)).ReturnsAsync(mockResponse); - var surveyResponseProvider = new SurveyResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); + var surveyResponseProvider = new ResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); var result = (NoContentResult)await surveyResponseProvider.GetSurveyResponsesByAnswerAsyncAsync(1, 1, "Yes", 1); Assert.Equal(204, result.StatusCode); } @@ -113,7 +112,7 @@ namespace DamageAssesment.SurveyResponses.Test SurveyResponse mockRequestObject = await MockData.getSurveyResponseObject(); var mockResponse = await MockData.getOkResponse(); mockSurveyResponseService.Setup(service => service.GetAnswersByRegionAsync(1, 1)).ReturnsAsync(mockResponse); - var surveyResponseProvider = new SurveyResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); + var surveyResponseProvider = new ResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); var result = (OkObjectResult)await surveyResponseProvider.GetAnswersByRegionAsync(1, 1); Assert.Equal(200, result.StatusCode); } @@ -123,7 +122,7 @@ namespace DamageAssesment.SurveyResponses.Test { var mockResponse = await MockData.getResponse(); mockSurveyResponseService.Setup(service => service.GetAnswersByRegionAsync(1, 1)).ReturnsAsync(mockResponse); - var surveyResponseProvider = new SurveyResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); + var surveyResponseProvider = new ResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); var result = (NoContentResult)await surveyResponseProvider.GetAnswersByRegionAsync(1, 1); Assert.Equal(204, result.StatusCode); } @@ -134,7 +133,7 @@ namespace DamageAssesment.SurveyResponses.Test SurveyResponse mockRequestObject = await MockData.getSurveyResponseObject(); var mockResponse = await MockData.getOkResponse(); mockSurveyResponseService.Setup(service => service.GetSurveyResponsesByMaintenanceCenterAsync(1, 1)).ReturnsAsync(mockResponse); - var surveyResponseProvider = new SurveyResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); + var surveyResponseProvider = new ResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); var result = (OkObjectResult)await surveyResponseProvider.GetAnswersByMaintenaceCentersync(1, 1); Assert.Equal(200, result.StatusCode); } @@ -144,7 +143,7 @@ namespace DamageAssesment.SurveyResponses.Test { var mockResponse = await MockData.getResponse(); mockSurveyResponseService.Setup(service => service.GetSurveyResponsesByMaintenanceCenterAsync(1, 1)).ReturnsAsync(mockResponse); - var surveyResponseProvider = new SurveyResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); + var surveyResponseProvider = new ResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); var result = (NoContentResult)await surveyResponseProvider.GetAnswersByMaintenaceCentersync(1, 1); Assert.Equal(204, result.StatusCode); } @@ -155,7 +154,7 @@ namespace DamageAssesment.SurveyResponses.Test SurveyResponse mockRequestObject = await MockData.getSurveyResponseObject(); var mockResponse = await MockData.getOkResponse(); mockSurveyResponseService.Setup(service => service.GetSurveyResponseByIdAsync(1)).ReturnsAsync(mockResponse); - var surveyResponseProvider = new SurveyResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); + var surveyResponseProvider = new ResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); var result = (OkObjectResult)await surveyResponseProvider.GetSurveyResponseByIdAsync(1); Assert.Equal(200, result.StatusCode); } @@ -165,7 +164,7 @@ namespace DamageAssesment.SurveyResponses.Test { var mockResponse = await MockData.getResponse(); mockSurveyResponseService.Setup(service => service.GetSurveyResponseByIdAsync(1)).ReturnsAsync(mockResponse); - var surveyResponseProvider = new SurveyResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); + var surveyResponseProvider = new ResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); var result = (NoContentResult)await surveyResponseProvider.GetSurveyResponseByIdAsync(1); Assert.Equal(204, result.StatusCode); } @@ -177,7 +176,7 @@ namespace DamageAssesment.SurveyResponses.Test SurveyResponse mockRequestObject = await MockData.getSurveyResponseObject(); var mockResponse = await MockData.getOkResponse(mockRequestObject); mockSurveyResponseService.Setup(service => service.PostSurveyResponseAsync(mockRequestObject)).ReturnsAsync(mockResponse); - var surveyResponseController = new SurveyResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); + var surveyResponseController = new ResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); var result = (OkObjectResult)await surveyResponseController.PostSurveysAsync(mockRequestObject); Assert.Equal(200, result.StatusCode); } @@ -188,7 +187,7 @@ namespace DamageAssesment.SurveyResponses.Test SurveyResponse mockRequestObject = await MockData.getSurveyResponseObject(); var mockResponse = await MockData.getResponse(); mockSurveyResponseService.Setup(service => service.PostSurveyResponseAsync(mockRequestObject)).ReturnsAsync(mockResponse); - var surveyResponseController = new SurveyResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); + var surveyResponseController = new ResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); var result = (BadRequestObjectResult)await surveyResponseController.PostSurveysAsync(mockRequestObject); Assert.Equal(400, result.StatusCode); } @@ -199,7 +198,7 @@ namespace DamageAssesment.SurveyResponses.Test SurveyResponse mockRequestObject = await MockData.getSurveyResponseObject(); var mockResponse = await MockData.getOkResponse(mockRequestObject); mockSurveyResponseService.Setup(service => service.PutSurveyResponseAsync(1, mockRequestObject)).ReturnsAsync(mockResponse); - var surveyResponseController = new SurveyResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); + var surveyResponseController = new ResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); var result = (OkObjectResult)await surveyResponseController.PutSurveyResponseAsync(1, mockRequestObject); Assert.Equal(200, result.StatusCode); } @@ -210,7 +209,7 @@ namespace DamageAssesment.SurveyResponses.Test SurveyResponse mockRequestObject = await MockData.getSurveyResponseObject(); var mockResponse = await MockData.getResponse(); mockSurveyResponseService.Setup(service => service.PutSurveyResponseAsync(1, mockRequestObject)).ReturnsAsync(mockResponse); ; - var surveyResponseController = new SurveyResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); + var surveyResponseController = new ResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); var result = (BadRequestObjectResult)await surveyResponseController.PutSurveyResponseAsync(1, mockRequestObject); Assert.Equal(400, result.StatusCode); } @@ -221,7 +220,7 @@ namespace DamageAssesment.SurveyResponses.Test SurveyResponse mockRequestObject = await MockData.getSurveyResponseObject(); var mockResponse = await MockData.getOkResponse(mockRequestObject); mockSurveyResponseService.Setup(service => service.DeleteSurveyResponseAsync(1)).ReturnsAsync(mockResponse); - var surveyResponseController = new SurveyResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); + var surveyResponseController = new ResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); var result = (OkObjectResult)await surveyResponseController.DeleteSurveyResponseAsync(1); Assert.Equal(200, result.StatusCode); } @@ -231,7 +230,7 @@ namespace DamageAssesment.SurveyResponses.Test { var mockResponse = await MockData.getResponse(); mockSurveyResponseService.Setup(service => service.DeleteSurveyResponseAsync(1)).ReturnsAsync(mockResponse); ; - var surveyResponseController = new SurveyResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); + var surveyResponseController = new ResponsesController(mockSurveyResponseService.Object, mockExcelExportService.Object); var result = (NotFoundResult)await surveyResponseController.DeleteSurveyResponseAsync(1); Assert.Equal(404, result.StatusCode); } diff --git a/DamageAssesmentApi/DamageAssesment.Api.Responses/Controllers/SurveyResponsesController.cs b/DamageAssesmentApi/DamageAssesment.Api.Responses/Controllers/ResponsesController.cs similarity index 91% rename from DamageAssesmentApi/DamageAssesment.Api.Responses/Controllers/SurveyResponsesController.cs rename to DamageAssesmentApi/DamageAssesment.Api.Responses/Controllers/ResponsesController.cs index 871106c..85c38ea 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.Responses/Controllers/SurveyResponsesController.cs +++ b/DamageAssesmentApi/DamageAssesment.Api.Responses/Controllers/ResponsesController.cs @@ -1,16 +1,17 @@ using DamageAssesment.Api.Responses.Interfaces; using DamageAssesment.Api.Responses.Models; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; namespace DamageAssesment.Api.Responses.Controllers { [ApiController] - public class SurveyResponsesController : ControllerBase + public class ResponsesController : ControllerBase { private readonly ISurveysResponse surveyResponseProvider; private readonly IExcelExportService excelExportService; - public SurveyResponsesController(ISurveysResponse surveyResponseProvider, IExcelExportService excelExportService) + public ResponsesController(ISurveysResponse surveyResponseProvider, IExcelExportService excelExportService) { this.surveyResponseProvider = surveyResponseProvider; this.excelExportService = excelExportService; @@ -19,6 +20,7 @@ namespace DamageAssesment.Api.Responses.Controllers /// GET request for retrieving survey responses. /// + [Authorize(Roles = "admin,survey,user,report")] [Route("responses/{employeeid:int}")] [Route("responses")] [HttpGet] @@ -38,6 +40,7 @@ namespace DamageAssesment.Api.Responses.Controllers /// /// GET request for retrieving survey responses by survey ID. /// + [Authorize(Roles = "admin,survey,user,report")] [Route("responses/bysurvey/{surveyid:int}/{employeeid:int}")] [Route("responses/bysurvey/{surveyid:int}")] [HttpGet] @@ -56,6 +59,7 @@ namespace DamageAssesment.Api.Responses.Controllers /// The ID of the survey for which responses are to be retrieved. /// The ID of the location for which responses are to be retrieved. + [Authorize(Roles = "admin,survey,user,report")] [Route("responses/{surveyid:int}/{locationid:int}/{employeeid:int}")] [Route("responses/{surveyid:int}/{locationid:int}")] [HttpGet] @@ -75,6 +79,7 @@ namespace DamageAssesment.Api.Responses.Controllers /// The ID of the question for which responses are to be retrieved. /// The answer for which responses are to be retrieved. + [Authorize(Roles = "admin,survey,user,report")] [Route("responses/byanswer/{surveyid:int}/{questionid:int}/{answer:alpha}/{employeeid:int}")] [Route("responses/byanswer/{surveyid:int}/{questionid:int}/{answer:alpha}")] [HttpGet] @@ -93,6 +98,7 @@ namespace DamageAssesment.Api.Responses.Controllers /// /// The ID of the survey for which answers are to be retrieved. + [Authorize(Roles = "admin,survey,user,report")] [Route("responses/byregion/{surveyid:int}")] [Route("responses/byregion/{surveyid:int}/{employeeid}")] [HttpGet] @@ -109,6 +115,7 @@ namespace DamageAssesment.Api.Responses.Controllers /// GET request for retrieving survey responses by survey ID and maintenance center. /// /// The ID of the survey for which responses are to be retrieved. + [Authorize(Roles = "admin,survey,user,report")] [Route("responses/bymaintenancecenter/{surveyid:int}/{employeeid:int}")] [Route("responses/bymaintenancecenter/{surveyid:int}")] [HttpGet] @@ -126,6 +133,7 @@ namespace DamageAssesment.Api.Responses.Controllers /// /// The ID of the survey response to be retrieved. + [Authorize(Roles = "admin,survey,user,report")] [HttpGet("responses/{id}")] public async Task GetSurveyResponseByIdAsync(int id) { @@ -142,6 +150,7 @@ namespace DamageAssesment.Api.Responses.Controllers /// /// The survey response object to be created. + [Authorize(Roles = "admin,survey,user,report")] [HttpPost("responses")] public async Task PostSurveysAsync(Models.SurveyResponse surveyResponse) { @@ -158,6 +167,7 @@ namespace DamageAssesment.Api.Responses.Controllers /// The ID of the survey response to be updated. /// The updated survey response object. + [Authorize(Roles = "admin,survey,user,report")] [HttpPut("responses/{id}")] public async Task PutSurveyResponseAsync(int id, Models.SurveyResponse surveyResponse) { @@ -175,6 +185,7 @@ namespace DamageAssesment.Api.Responses.Controllers /// DELETE request for deleting an existing survey response. /// + [Authorize(Roles = "admin,survey,user,report")] [HttpDelete("responses/{id}")] public async Task DeleteSurveyResponseAsync(int id) { @@ -190,6 +201,7 @@ namespace DamageAssesment.Api.Responses.Controllers /// /// The answers to be submitted for the survey. + [Authorize(Roles = "admin,survey,user,report")] [HttpPost("responses/answers")] public async Task PostSurveyAnswersAsync(Request request) { @@ -203,6 +215,8 @@ namespace DamageAssesment.Api.Responses.Controllers /// /// Get All active surveys . /// + + [Authorize(Roles = "admin,survey,user,report")] [Route("responses/surveys/active")] [Route("responses/surveys/active/{language:alpha}")] [Route("responses/surveys/active/{employeeid:int}")] @@ -220,6 +234,7 @@ namespace DamageAssesment.Api.Responses.Controllers /// /// Export all survey response data based on survey id. /// + [Authorize(Roles = "admin,survey,user,report")] [HttpGet] [Route("responses/surveys/export/{surveyid}")] public async Task GetExcelSurveysAsync(int surveyid, string language, bool IsAdmin = false) @@ -250,6 +265,7 @@ namespace DamageAssesment.Api.Responses.Controllers /// /// Get all historical surveys . /// + [Authorize(Roles = "admin,survey,user,report")] [Route("responses/surveys/historic")] [Route("responses/surveys/historic/{language:alpha}")] [Route("responses/surveys/historic/{employeeid:int}")] diff --git a/DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/IAnswerServiceProvider.cs b/DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/IAnswerServiceProvider.cs index 43ba9a1..7c23f55 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/IAnswerServiceProvider.cs +++ b/DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/IAnswerServiceProvider.cs @@ -4,9 +4,9 @@ namespace DamageAssesment.Api.Responses.Interfaces { public interface IAnswerServiceProvider { - Task> getAnswersAsync(); - Task> GetAnswersByResponseIdAsync(int responseId); + Task> getAnswersAsync(string token); + Task> GetAnswersByResponseIdAsync(int responseId, string token); - Task PostAnswersAsync(Models.Answer answer); + Task PostAnswersAsync(Models.Answer answer, string token); } } diff --git a/DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/IAttachmentServiceProvider.cs b/DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/IAttachmentServiceProvider.cs index 7350071..15f76a5 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/IAttachmentServiceProvider.cs +++ b/DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/IAttachmentServiceProvider.cs @@ -4,7 +4,7 @@ namespace DamageAssesment.Api.Responses.Interfaces { public interface IAttachmentServiceProvider { - Task> getAttachmentsAsync(); - Task> PostAttachmentsAsync(Models.AttachmentInfo attachmentInfo); + Task> getAttachmentsAsync(string token); + Task> PostAttachmentsAsync(Models.AttachmentInfo attachmentInfo, string token); } } diff --git a/DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/IEmployeeServiceProvider.cs b/DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/IEmployeeServiceProvider.cs index ef9eb00..de943d0 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/IEmployeeServiceProvider.cs +++ b/DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/IEmployeeServiceProvider.cs @@ -1,10 +1,10 @@ -using DamageAssesment.Api.Responses.Models; +using DamageAssesment.Api.Responses.Models; namespace DamageAssesment.Api.Responses.Interfaces { public interface IEmployeeServiceProvider { - Task> getEmployeesAsync(); - Task getEmployeeAsync(int employeeId); + Task> getEmployeesAsync(string token); + Task getEmployeeAsync(int employeeId, string token); } } diff --git a/DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/IHttpUtil.cs b/DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/IHttpUtil.cs index a8578e0..ae5620f 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/IHttpUtil.cs +++ b/DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/IHttpUtil.cs @@ -1,9 +1,9 @@ -using DamageAssesment.Api.Responses.Models; +using DamageAssesment.Api.Responses.Models; namespace DamageAssesment.Api.Responses.Interfaces { public interface IHttpUtil { - Task SendAsync(HttpMethod method, string url, string JsonInput); + Task SendAsync(HttpMethod method, string url, string JsonInput, string token); } } diff --git a/DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/ILocationServiceProvider.cs b/DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/ILocationServiceProvider.cs index 75945cd..75ab80e 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/ILocationServiceProvider.cs +++ b/DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/ILocationServiceProvider.cs @@ -4,6 +4,6 @@ namespace DamageAssesment.Api.Responses.Interfaces { public interface ILocationServiceProvider { - Task> getLocationsAsync(); + Task> getLocationsAsync(string token); } } diff --git a/DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/IQuestionServiceProvider.cs b/DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/IQuestionServiceProvider.cs index bbcec8b..eec0256 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/IQuestionServiceProvider.cs +++ b/DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/IQuestionServiceProvider.cs @@ -4,9 +4,9 @@ namespace DamageAssesment.Api.Responses.Interfaces { public interface IQuestionServiceProvider { - Task> getQuestionsAsync(string language); - Task> getSurveyQuestionsAsync(int surveyId); - Task getQuestionsAsync(int questionId); - Task> GetQuestionCategoriesAsync(string? language); + Task> getQuestionsAsync(string language,string token); + Task> getSurveyQuestionsAsync(int surveyId, string token); + Task getQuestionsAsync(int questionId, string token); + Task> GetQuestionCategoriesAsync(string? language, string token); } } diff --git a/DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/IRegionServiceProvider.cs b/DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/IRegionServiceProvider.cs index be3b1c3..a97193e 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/IRegionServiceProvider.cs +++ b/DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/IRegionServiceProvider.cs @@ -4,6 +4,6 @@ namespace DamageAssesment.Api.Responses.Interfaces { public interface IRegionServiceProvider { - Task> getRegionsAsync(); + Task> getRegionsAsync(string token); } } diff --git a/DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/ISurveyServiceProvider.cs b/DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/ISurveyServiceProvider.cs index 64252c9..8c66bda 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/ISurveyServiceProvider.cs +++ b/DamageAssesmentApi/DamageAssesment.Api.Responses/Interfaces/ISurveyServiceProvider.cs @@ -4,7 +4,7 @@ namespace DamageAssesment.Api.Responses.Interfaces { public interface ISurveyServiceProvider { - Task> getSurveysAsync(string language); - Task getSurveyAsync(int surveyId); + Task> getSurveysAsync(string language,string token); + Task getSurveyAsync(int surveyId,string token); } } diff --git a/DamageAssesmentApi/DamageAssesment.Api.Responses/Models/Employee.cs b/DamageAssesmentApi/DamageAssesment.Api.Responses/Models/Employee.cs index 72ceffc..3a84d81 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.Responses/Models/Employee.cs +++ b/DamageAssesmentApi/DamageAssesment.Api.Responses/Models/Employee.cs @@ -11,6 +11,6 @@ namespace DamageAssesment.Api.Responses.Models public string OfficePhoneNumber { get; set; } public string Email { get; set; } public bool IsActive { get; set; } - public string? PreferredLanguage { get; set; } + public string PreferredLanguage { get; set; } } } diff --git a/DamageAssesmentApi/DamageAssesment.Api.Responses/Program.cs b/DamageAssesmentApi/DamageAssesment.Api.Responses/Program.cs index 91adc1c..ce0b901 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.Responses/Program.cs +++ b/DamageAssesmentApi/DamageAssesment.Api.Responses/Program.cs @@ -5,6 +5,10 @@ using DamageAssesment.Api.Responses.Providers; using Microsoft.EntityFrameworkCore; using Polly; using System.Reflection; +using Microsoft.OpenApi.Models; +using Microsoft.AspNetCore.Authentication.JwtBearer; +using Microsoft.IdentityModel.Tokens; +using System.Text; var builder = WebApplication.CreateBuilder(args); const int maxApiCallRetries = 3; @@ -14,6 +18,24 @@ const int intervalForCircuitBraker = 5; //5 seconds // Add services to the container. +var authkey = builder.Configuration.GetValue("JwtSettings:securitykey"); +builder.Services.AddAuthentication(item => +{ + item.DefaultAuthenticateScheme = JwtBearerDefaults.AuthenticationScheme; + item.DefaultChallengeScheme = JwtBearerDefaults.AuthenticationScheme; +}).AddJwtBearer(item => +{ + item.RequireHttpsMetadata = true; + item.SaveToken = true; + item.TokenValidationParameters = new TokenValidationParameters() + { + ValidateIssuerSigningKey = true, + IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(authkey)), + ValidateIssuer = false, + ValidateAudience = false, + ClockSkew = TimeSpan.Zero + }; +}); builder.Services.AddControllers(); // Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle @@ -26,6 +48,7 @@ builder.Services.AddScoped(); builder.Services.AddScoped(); builder.Services.AddScoped(); builder.Services.AddScoped(); +builder.Services.AddHttpContextAccessor(); builder.Services.AddScoped(); builder.Services.AddHttpClient(). @@ -36,12 +59,40 @@ builder.Services.AddHttpClient(). builder.Services.AddAutoMapper(AppDomain.CurrentDomain.GetAssemblies()); builder.Services.AddEndpointsApiExplorer(); //builder.Services.AddSwaggerGen(); -builder.Services.AddSwaggerGen(c => + +builder.Services.AddSwaggerGen(options => { // Include XML comments from your assembly var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml"; var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile); - c.IncludeXmlComments(xmlPath); + options.IncludeXmlComments(xmlPath); + + OpenApiSecurityScheme securityDefinition = new OpenApiSecurityScheme() + { + Name = "Bearer", + BearerFormat = "JWT", + Scheme = "bearer", + Description = "Specify the authorization token.", + In = ParameterLocation.Header, + Type = SecuritySchemeType.Http, + }; + + options.AddSecurityDefinition("jwt_auth", securityDefinition); + + // Make sure swagger UI requires a Bearer token specified + OpenApiSecurityScheme securityScheme = new OpenApiSecurityScheme() + { + Reference = new OpenApiReference() + { + Id = "jwt_auth", + Type = ReferenceType.SecurityScheme + } + }; + OpenApiSecurityRequirement securityRequirements = new OpenApiSecurityRequirement() + { + {securityScheme, new string[] { }}, + }; + options.AddSecurityRequirement(securityRequirements); }); builder.Services.AddDbContext(option => { @@ -56,6 +107,7 @@ if (app.Environment.IsDevelopment()) app.UseSwaggerUI(); } +app.UseAuthentication(); app.UseAuthorization(); app.MapControllers(); diff --git a/DamageAssesmentApi/DamageAssesment.Api.Responses/Properties/launchSettings.json b/DamageAssesmentApi/DamageAssesment.Api.Responses/Properties/launchSettings.json index 0d51b15..f43ced8 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.Responses/Properties/launchSettings.json +++ b/DamageAssesmentApi/DamageAssesment.Api.Responses/Properties/launchSettings.json @@ -9,7 +9,7 @@ } }, "profiles": { - "DamageAssesment.Api.SurveyResponses": { + "DamageAssesment.Api.Responses": { "commandName": "Project", "dotnetRunMessages": true, "launchBrowser": true, diff --git a/DamageAssesmentApi/DamageAssesment.Api.Responses/Providers/SurveyResponsesProvider.cs b/DamageAssesmentApi/DamageAssesment.Api.Responses/Providers/SurveyResponsesProvider.cs index d52d153..816bc7a 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.Responses/Providers/SurveyResponsesProvider.cs +++ b/DamageAssesmentApi/DamageAssesment.Api.Responses/Providers/SurveyResponsesProvider.cs @@ -2,6 +2,7 @@ using DamageAssesment.Api.Responses.Db; using DamageAssesment.Api.Responses.Interfaces; using DamageAssesment.Api.Responses.Models; +using DamageAssesment.Api.Responses.Services; using Microsoft.EntityFrameworkCore; using Microsoft.EntityFrameworkCore.Metadata.Internal; using System.Reflection; @@ -21,8 +22,10 @@ namespace DamageAssesment.Api.Responses.Providers private readonly IQuestionServiceProvider questionServiceProvider; private readonly ISurveyServiceProvider surveyServiceProvider; private readonly IMapper mapper; + private readonly IHttpContextAccessor httpContextAccessor; + private string token; - public SurveyResponsesProvider(SurveyResponseDbContext surveyResponseDbContext, ILogger logger, IAnswerServiceProvider answerServiceProvider, IRegionServiceProvider regionServiceProvider, ILocationServiceProvider locationServiceProvider, IEmployeeServiceProvider employeeServiceProvider, IAttachmentServiceProvider attachmentServiceProvider, IQuestionServiceProvider questionServiceProvider, ISurveyServiceProvider surveyServiceProvider, IMapper mapper) + public SurveyResponsesProvider(SurveyResponseDbContext surveyResponseDbContext, ILogger logger, IAnswerServiceProvider answerServiceProvider, IRegionServiceProvider regionServiceProvider, ILocationServiceProvider locationServiceProvider, IEmployeeServiceProvider employeeServiceProvider, IAttachmentServiceProvider attachmentServiceProvider, IQuestionServiceProvider questionServiceProvider, ISurveyServiceProvider surveyServiceProvider, IMapper mapper, IHttpContextAccessor httpContextAccessor) { this.surveyResponseDbContext = surveyResponseDbContext; this.logger = logger; @@ -33,8 +36,20 @@ namespace DamageAssesment.Api.Responses.Providers this.attachmentServiceProvider = attachmentServiceProvider; this.questionServiceProvider = questionServiceProvider; this.surveyServiceProvider = surveyServiceProvider; + this.httpContextAccessor = httpContextAccessor; this.mapper = mapper; SeedData(); + + token = httpContextAccessor.HttpContext.Request.Headers.Authorization; + if (token != null) + { + token = token.Replace("Bearer ", string.Empty); + } + else + { + token = ""; + } + // seedData(); } public void SeedData() @@ -120,7 +135,7 @@ namespace DamageAssesment.Api.Responses.Providers { logger?.LogInformation("Querying to get SurveyResponse object from DB"); //get all the survey that already taken by the employee - var surveys = await surveyServiceProvider.getSurveysAsync(language); + var surveys = await surveyServiceProvider.getSurveysAsync(language,token); surveys = surveys.Where(s => s.IsEnabled == true && s.Status == SurveyStatus.ACTIVE.ToString()).ToList(); if (employeeid == null || employeeid == 0) return (true, surveys, null); @@ -141,7 +156,7 @@ namespace DamageAssesment.Api.Responses.Providers { logger?.LogInformation("Querying to get SurveyResponse object from DB"); - var surveys = await surveyServiceProvider.getSurveysAsync(language); + var surveys = await surveyServiceProvider.getSurveysAsync(language, token); // returning only historic data: end date is less than current date. surveys = surveys.Where(s => s.Status == SurveyStatus.INACTIVE.ToString()).ToList(); if (employeeid == null || employeeid == 0) @@ -166,7 +181,7 @@ namespace DamageAssesment.Api.Responses.Providers try { logger?.LogInformation("Querying to get Survey object from microservice"); - var survey = await surveyServiceProvider.getSurveyAsync(surveyId); + var survey = await surveyServiceProvider.getSurveyAsync(surveyId, token); if (survey != null) { @@ -197,7 +212,7 @@ namespace DamageAssesment.Api.Responses.Providers try { logger?.LogInformation("Querying to get Survey object from microservice"); - var survey = await surveyServiceProvider.getSurveyAsync(surveyId); + var survey = await surveyServiceProvider.getSurveyAsync(surveyId, token); if (survey != null) { @@ -228,7 +243,7 @@ namespace DamageAssesment.Api.Responses.Providers try { logger?.LogInformation("Querying to get Survey object from microservice"); - var survey = await surveyServiceProvider.getSurveyAsync(surveyId); + var survey = await surveyServiceProvider.getSurveyAsync(surveyId, token); if (survey != null) { @@ -259,8 +274,8 @@ namespace DamageAssesment.Api.Responses.Providers try { logger?.LogInformation("Querying to get Survey object from microservice"); - var survey = await surveyServiceProvider.getSurveyAsync(surveyId); - var question = await questionServiceProvider.getQuestionsAsync(questionId); + var survey = await surveyServiceProvider.getSurveyAsync(surveyId, token); + var question = await questionServiceProvider.getQuestionsAsync(questionId, token); bool IsCorrectAnswer = answer.ToLower().Equals("yes") || answer.ToLower().Equals("no") ? true : false; @@ -421,7 +436,7 @@ namespace DamageAssesment.Api.Responses.Providers { try { - var answersList = await answerServiceProvider.getAnswersAsync(); + var answersList = await answerServiceProvider.getAnswersAsync(token); if (answersList == null || !answersList.Any()) return null; @@ -444,8 +459,8 @@ namespace DamageAssesment.Api.Responses.Providers if (surveyAnswers == null || !surveyAnswers.Any()) return null; - var regions = await regionServiceProvider.getRegionsAsync(); - var locations = await locationServiceProvider.getLocationsAsync(); + var regions = await regionServiceProvider.getRegionsAsync(token); + var locations = await locationServiceProvider.getLocationsAsync(token); if (regions == null || !regions.Any() || locations == null || !locations.Any()) return null; @@ -507,11 +522,11 @@ namespace DamageAssesment.Api.Responses.Providers { try { - var employee = await employeeServiceProvider.getEmployeeAsync(surveyResponse.EmployeeId); - var answers = await answerServiceProvider.GetAnswersByResponseIdAsync(surveyResponse.Id); - var allQuestions = await questionServiceProvider.getQuestionsAsync(null); + var employee = await employeeServiceProvider.getEmployeeAsync(surveyResponse.EmployeeId, token); + var answers = await answerServiceProvider.GetAnswersByResponseIdAsync(surveyResponse.Id, token); + var allQuestions = await questionServiceProvider.getQuestionsAsync(null,token); var questions = allQuestions.Where(s => s.SurveyId == surveyResponse.SurveyId); - var attachments = await attachmentServiceProvider.getAttachmentsAsync(); + var attachments = await attachmentServiceProvider.getAttachmentsAsync(token); var result = new { @@ -556,85 +571,47 @@ namespace DamageAssesment.Api.Responses.Providers if (employeeid == 0) { surveyResonses = await surveyResponseDbContext.SurveyResponses.Where(x => x.SurveyId == surveyId).ToListAsync(); - employees = await employeeServiceProvider.getEmployeesAsync(); + employees = await employeeServiceProvider.getEmployeesAsync(token); } else { surveyResonses = await surveyResponseDbContext.SurveyResponses.Where(x => x.SurveyId == surveyId && x.EmployeeId == employeeid).ToListAsync(); - employee = await employeeServiceProvider.getEmployeeAsync(employeeid); + employee = await employeeServiceProvider.getEmployeeAsync(employeeid, token); } - var answers = await answerServiceProvider.getAnswersAsync(); - var questions = await questionServiceProvider.getQuestionsAsync(null); + var answers = await answerServiceProvider.getAnswersAsync(token); + var questions = await questionServiceProvider.getQuestionsAsync(null, token); var surveyQuestions = from q in questions where q.SurveyId == surveyId select q; //var surveyQuestions = await questionServiceProvider.getSurveyQuestionsAsync(surveyId); - var attachments = await attachmentServiceProvider.getAttachmentsAsync(); + var attachments = await attachmentServiceProvider.getAttachmentsAsync(token); + var result = from r in surveyResonses + select new + { + r.Id, + r.SurveyId, + r.LocationId, + r.EmployeeId, + r.ClientDevice, + r.KeyAnswerResult, + r.Longitute, + r.Latitude, + Employee = (from e in employees where e.Id == r.EmployeeId select new { e.Id, e.Name, e.BirthDate, e.Email, e.OfficePhoneNumber }).SingleOrDefault(), + answers = from ans in answers + where ans.SurveyResponseId == r.Id + select new + { + ans.Id, + ans.QuestionId, + ans.AnswerText, + ans.Comment, + Questions = (from q in surveyQuestions where q.Id == ans.QuestionId select new { q.Id, q.QuestionNumber, q.CategoryId, q.Text }).SingleOrDefault(), + Attachments = from att in attachments where att.AnswerId == ans.Id select new { att.Id, att.URI } - if (employeeid == 0) - { - var result = from r in surveyResonses - select new - { - r.Id, - r.SurveyId, - r.LocationId, - r.EmployeeId, - r.ClientDevice, - r.KeyAnswerResult, - r.Longitute, - r.Latitude, - Employee = (from e in employees where e.Id == r.EmployeeId select new { e.Id, e.Name, e.BirthDate, e.Email, e.OfficePhoneNumber }).SingleOrDefault(), - answers = from ans in answers - where ans.SurveyResponseId == r.Id - select new - { - ans.Id, - ans.QuestionId, - ans.AnswerText, - ans.Comment, - Questions = (from q in surveyQuestions where q.Id == ans.QuestionId select new { q.Id, q.QuestionNumber, q.CategoryId, q.Text }).SingleOrDefault(), - Attachments = from att in attachments where att.AnswerId == ans.Id select new { att.Id, att.URI } - - } - }; - return result; - } - else - { - object _employee = new { }; - if (employee != null) - { - _employee = new { employee.Id, employee.Name, employee.BirthDate, employee.Email, employee.OfficePhoneNumber }; - } - var result = from r in surveyResonses - select new - { - r.Id, - r.SurveyId, - r.LocationId, - r.EmployeeId, - r.ClientDevice, - r.KeyAnswerResult, - r.Longitute, - r.Latitude, - Employee = _employee, - answers = from ans in answers - where ans.SurveyResponseId == r.Id - select new - { - ans.Id, - ans.QuestionId, - ans.AnswerText, - ans.Comment, - Questions = (from q in questions where q.Id == ans.QuestionId select new { q.Id, q.QuestionNumber, q.CategoryId, q.Text }).SingleOrDefault(), - Attachments = from att in attachments where att.AnswerId == ans.Id select new { att.Id, att.URI } - } - }; - - return result; - } + } + }; + return result; } catch (Exception ex) { @@ -656,12 +633,12 @@ namespace DamageAssesment.Api.Responses.Providers if (employeeid == 0) { surveyResonses = await surveyResponseDbContext.SurveyResponses.ToListAsync(); - employees = await employeeServiceProvider.getEmployeesAsync(); + employees = await employeeServiceProvider.getEmployeesAsync(token); } else { surveyResonses = await surveyResponseDbContext.SurveyResponses.Where(x => x.EmployeeId == employeeid).ToListAsync(); - employee = await employeeServiceProvider.getEmployeeAsync(employeeid); + employee = await employeeServiceProvider.getEmployeeAsync(employeeid, token); if (employee != null) { @@ -670,9 +647,9 @@ namespace DamageAssesment.Api.Responses.Providers } - var answers = await answerServiceProvider.getAnswersAsync(); - var questions = await questionServiceProvider.getQuestionsAsync(null); - var attachments = await attachmentServiceProvider.getAttachmentsAsync(); + var answers = await answerServiceProvider.getAnswersAsync(token); + var questions = await questionServiceProvider.getQuestionsAsync(null,token); + var attachments = await attachmentServiceProvider.getAttachmentsAsync(token); var result = from r in surveyResonses select new @@ -699,8 +676,6 @@ namespace DamageAssesment.Api.Responses.Providers } }; return result; - - } catch (Exception ex) { @@ -716,12 +691,12 @@ namespace DamageAssesment.Api.Responses.Providers if (string.IsNullOrEmpty(language)) language = "en"; List surveyResonses; surveyResonses = await surveyResponseDbContext.SurveyResponses.Where(a => a.SurveyId == surveyId).ToListAsync(); - var answers = await answerServiceProvider.getAnswersAsync(); - var Locations = await locationServiceProvider.getLocationsAsync(); - var regions = await regionServiceProvider.getRegionsAsync(); - var questions = await questionServiceProvider.getQuestionsAsync(language); - var categories = await questionServiceProvider.GetQuestionCategoriesAsync(language); - var attachments = await attachmentServiceProvider.getAttachmentsAsync(); + var answers = await answerServiceProvider.getAnswersAsync(token); + var Locations = await locationServiceProvider.getLocationsAsync(token); + var regions = await regionServiceProvider.getRegionsAsync(token); + var questions = await questionServiceProvider.getQuestionsAsync(language, token); + var categories = await questionServiceProvider.GetQuestionCategoriesAsync(language, token); + var attachments = await attachmentServiceProvider.getAttachmentsAsync(token); List questionLists = new List(); var allques = from res in surveyResonses join loc in Locations on res.LocationId equals loc.Id @@ -853,8 +828,8 @@ namespace DamageAssesment.Api.Responses.Providers { surveyResponses = await surveyResponseDbContext.SurveyResponses.Where(x => x.SurveyId == surveyId && x.EmployeeId == employeeid).ToListAsync(); } - var answers = await answerServiceProvider.getAnswersAsync(); - var locations = await locationServiceProvider.getLocationsAsync(); + var answers = await answerServiceProvider.getAnswersAsync(token); + var locations = await locationServiceProvider.getLocationsAsync(token); var maintenanceCenters = locations.DistinctBy(m => m.MaintenanceCenter); //get all the answers for the particular survey @@ -920,12 +895,12 @@ namespace DamageAssesment.Api.Responses.Providers if (employeeid == 0) { surveyResonses = await surveyResponseDbContext.SurveyResponses.Where(x => x.SurveyId == surveyId && x.LocationId == locationId).ToListAsync(); - employees = await employeeServiceProvider.getEmployeesAsync(); + employees = await employeeServiceProvider.getEmployeesAsync(token); } else { surveyResonses = await surveyResponseDbContext.SurveyResponses.Where(x => x.SurveyId == surveyId && x.EmployeeId == employeeid && x.LocationId == locationId).ToListAsync(); - employee = await employeeServiceProvider.getEmployeeAsync(employeeid); + employee = await employeeServiceProvider.getEmployeeAsync(employeeid, token); if (employee != null) { @@ -933,10 +908,10 @@ namespace DamageAssesment.Api.Responses.Providers } } - var answers = await answerServiceProvider.getAnswersAsync(); - var questions = await questionServiceProvider.getQuestionsAsync(null); + var answers = await answerServiceProvider.getAnswersAsync(token); + var questions = await questionServiceProvider.getQuestionsAsync(null,token); var surveyQuestions = from q in questions where q.SurveyId == surveyId select q; - var attachments = await attachmentServiceProvider.getAttachmentsAsync(); + var attachments = await attachmentServiceProvider.getAttachmentsAsync(token); var result = from r in surveyResonses select new @@ -949,7 +924,7 @@ namespace DamageAssesment.Api.Responses.Providers r.KeyAnswerResult, r.Longitute, r.Latitude, - Employee = employeeid != 0 ? _employee : (from e in employees where r.EmployeeId == e.Id select new { e.Id, e.Name, e.BirthDate, e.Email, e.OfficePhoneNumber }).SingleOrDefault(), + Employee = (from e in employees where r.EmployeeId == e.Id select new { e.Id, e.Name, e.BirthDate, e.Email, e.OfficePhoneNumber }).SingleOrDefault(), answers = from ans in answers where ans.SurveyResponseId == r.Id @@ -964,7 +939,6 @@ namespace DamageAssesment.Api.Responses.Providers } }; return result; - } catch (Exception ex) { @@ -987,12 +961,12 @@ namespace DamageAssesment.Api.Responses.Providers if (employeeid == 0) { surveyResponses = await surveyResponseDbContext.SurveyResponses.Where(x => x.SurveyId == survey.Id).ToListAsync(); - employees = await employeeServiceProvider.getEmployeesAsync(); + employees = await employeeServiceProvider.getEmployeesAsync(token); } else { surveyResponses = await surveyResponseDbContext.SurveyResponses.Where(x => x.SurveyId == survey.Id && x.EmployeeId == employeeid).ToListAsync(); - employee = await employeeServiceProvider.getEmployeeAsync(employeeid); + employee = await employeeServiceProvider.getEmployeeAsync(employeeid, token); if (employee != null) { @@ -1002,8 +976,8 @@ namespace DamageAssesment.Api.Responses.Providers //var surveyResponses = await surveyResponseDbContext.Responses.Where(x => x.SurveyId == survey.Id).ToListAsync(); // var employees = await employeeServiceProvider.getEmployeesAsync(); - var answers = await answerServiceProvider.getAnswersAsync(); - var attachments = await attachmentServiceProvider.getAttachmentsAsync(); + var answers = await answerServiceProvider.getAnswersAsync(token); + var attachments = await attachmentServiceProvider.getAttachmentsAsync(token); var result = from r in surveyResponses select new @@ -1016,7 +990,7 @@ namespace DamageAssesment.Api.Responses.Providers r.KeyAnswerResult, r.Longitute, r.Latitude, - Employee = employeeid != 0 ? _employee : (from e in employees where r.EmployeeId == e.Id select new { e.Id, e.Name, e.BirthDate, e.Email, e.OfficePhoneNumber }).SingleOrDefault(), + Employee = (from e in employees where r.EmployeeId == e.Id select new { e.Id, e.Name, e.BirthDate, e.Email, e.OfficePhoneNumber }).SingleOrDefault(), answers = from ans in answers where ans.SurveyResponseId == r.Id && ans.QuestionId == question.Id @@ -1046,12 +1020,12 @@ namespace DamageAssesment.Api.Responses.Providers { if (answerRequest != null) { - var answer = await answerServiceProvider.PostAnswersAsync(new Models.Answer { QuestionId = answerRequest.QuestionId, AnswerText = answerRequest.AnswerText, Comment = answerRequest.Comment, SurveyResponseId = surveyResponseId }); + var answer = await answerServiceProvider.PostAnswersAsync(new Models.Answer { QuestionId = answerRequest.QuestionId, AnswerText = answerRequest.AnswerText, Comment = answerRequest.Comment, SurveyResponseId = surveyResponseId }, token); if (answer != null) { List listAnswerInfo = new List(); listAnswerInfo.Add(new AnswerInfo { AnswerId = answer.Id, postedFiles = answerRequest.PostedFiles }); - var attachments = attachmentServiceProvider.PostAttachmentsAsync(new AttachmentInfo { ResponseId = surveyResponseId, Answers = listAnswerInfo }); + var attachments = attachmentServiceProvider.PostAttachmentsAsync(new AttachmentInfo { ResponseId = surveyResponseId, Answers = listAnswerInfo }, token); string message = $"Answer for question {answerRequest.QuestionId} saved to the database"; logger?.LogInformation(message); @@ -1072,7 +1046,6 @@ namespace DamageAssesment.Api.Responses.Providers } } - public async Task<(bool IsSuccess, Models.SurveyResponse SurveyResponse, string ErrorMessage)> PostSurveyAnswersAsync(Models.Request request) { try diff --git a/DamageAssesmentApi/DamageAssesment.Api.Responses/Services/AnswerServiceProvider.cs b/DamageAssesmentApi/DamageAssesment.Api.Responses/Services/AnswerServiceProvider.cs index 5b8eeeb..b550ff1 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.Responses/Services/AnswerServiceProvider.cs +++ b/DamageAssesmentApi/DamageAssesment.Api.Responses/Services/AnswerServiceProvider.cs @@ -1,5 +1,6 @@ using DamageAssesment.Api.Responses.Interfaces; using DamageAssesment.Api.Responses.Models; +using Microsoft.Extensions.Primitives; using Newtonsoft.Json; @@ -10,11 +11,11 @@ namespace DamageAssesment.Api.Responses.Services public AnswerServiceProvider(IConfiguration configuration, IHttpUtil httpUtil, ILogger logger) : base(configuration, httpUtil, logger, configuration.GetValue("RessourceSettings:Answer"), configuration.GetValue("EndPointSettings:AnswerUrlBase")) { } - public async Task> getAnswersAsync() + public async Task> getAnswersAsync(string token) { try { - var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null); + var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null, token); var answers = JsonConvert.DeserializeObject>(responseJsonString); if (answers == null || !answers.Any()) @@ -28,12 +29,12 @@ namespace DamageAssesment.Api.Responses.Services } } - public async Task> GetAnswersByResponseIdAsync(int responseId) + public async Task> GetAnswersByResponseIdAsync(int responseId, string token) { try { url = urlBase + string.Format(configuration.GetValue("RessourceSettings:AnswerByResponse"), responseId); - var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null); + var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null,token); var answers = JsonConvert.DeserializeObject>(responseJsonString); if (answers == null || !answers.Any()) @@ -47,12 +48,12 @@ namespace DamageAssesment.Api.Responses.Services } } - public async Task PostAnswersAsync(Answer answer) + public async Task PostAnswersAsync(Answer answer, string token ) { try { var requestJsonString = JsonConvert.SerializeObject(answer); - var responseJsonString = await httpUtil.SendAsync(HttpMethod.Post, url, requestJsonString); + var responseJsonString = await httpUtil.SendAsync(HttpMethod.Post, url, requestJsonString, token); var answers = JsonConvert.DeserializeObject(responseJsonString); if (answers == null) diff --git a/DamageAssesmentApi/DamageAssesment.Api.Responses/Services/AttachmentServiceProvider.cs b/DamageAssesmentApi/DamageAssesment.Api.Responses/Services/AttachmentServiceProvider.cs index bfbce94..9ace258 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.Responses/Services/AttachmentServiceProvider.cs +++ b/DamageAssesmentApi/DamageAssesment.Api.Responses/Services/AttachmentServiceProvider.cs @@ -10,11 +10,11 @@ namespace DamageAssesment.Api.Responses.Services { } - public async Task> getAttachmentsAsync() + public async Task> getAttachmentsAsync(string token) { try { - var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null); + var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null,token); var attachments = JsonConvert.DeserializeObject>(responseJsonString); if (attachments == null || !attachments.Any()) @@ -28,12 +28,12 @@ namespace DamageAssesment.Api.Responses.Services } } - public async Task> PostAttachmentsAsync(AttachmentInfo attachmentInfo) + public async Task> PostAttachmentsAsync(AttachmentInfo attachmentInfo, string token) { try { var requestJsonString = JsonConvert.SerializeObject(attachmentInfo); - var responseJsonString = await httpUtil.SendAsync(HttpMethod.Post, url, requestJsonString); + var responseJsonString = await httpUtil.SendAsync(HttpMethod.Post, url, requestJsonString, token); var attachments = JsonConvert.DeserializeObject>(responseJsonString); if (attachments == null) diff --git a/DamageAssesmentApi/DamageAssesment.Api.Responses/Services/EmployeeServiceProvider.cs b/DamageAssesmentApi/DamageAssesment.Api.Responses/Services/EmployeeServiceProvider.cs index 22f63de..cd04c47 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.Responses/Services/EmployeeServiceProvider.cs +++ b/DamageAssesmentApi/DamageAssesment.Api.Responses/Services/EmployeeServiceProvider.cs @@ -1,4 +1,4 @@ -using DamageAssesment.Api.Responses.Interfaces; +using DamageAssesment.Api.Responses.Interfaces; using DamageAssesment.Api.Responses.Models; using Microsoft.AspNetCore.Mvc.Routing; using Newtonsoft.Json; @@ -11,11 +11,11 @@ namespace DamageAssesment.Api.Responses.Services { } - public async Task> getEmployeesAsync() + public async Task> getEmployeesAsync(string token) { try { - var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null); + var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null, token); var employees = JsonConvert.DeserializeObject>(responseJsonString); if (employees == null || !employees.Any()) @@ -29,12 +29,12 @@ namespace DamageAssesment.Api.Responses.Services } } - public async Task getEmployeeAsync(int employeeId) + public async Task getEmployeeAsync(int employeeId, string token) { try { - url = urlBase + string.Format(configuration.GetValue("RessourceSettings:EmployeeById"), employeeId); - var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null); + url = urlBase + string.Format(configuration.GetValue("RessourceSettings:EmployeeById"), employeeId); + var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null, token); var employee = JsonConvert.DeserializeObject(responseJsonString); if (employee == null) diff --git a/DamageAssesmentApi/DamageAssesment.Api.Responses/Services/HttpUtil.cs b/DamageAssesmentApi/DamageAssesment.Api.Responses/Services/HttpUtil.cs index 053ffad..830c6c1 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.Responses/Services/HttpUtil.cs +++ b/DamageAssesmentApi/DamageAssesment.Api.Responses/Services/HttpUtil.cs @@ -1,4 +1,5 @@ -using DamageAssesment.Api.Responses.Interfaces; +using DamageAssesment.Api.Responses.Interfaces; +using DamageAssesment.Api.Responses.Models; using System.Net.Http.Headers; using System.Text; @@ -14,20 +15,18 @@ namespace DamageAssesment.Api.Responses.Services this.httpClient = httpClient; this.logger = logger; } - public async Task SendAsync(HttpMethod method, string url, string JsonInput) + public async Task SendAsync(HttpMethod method, string url, string JsonInput, string token) { try { var request = new HttpRequestMessage(method, url); request.Headers.Accept.Clear(); request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); - - //request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token); + request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token); if (method == HttpMethod.Post) { request.Content = new StringContent(JsonInput, Encoding.UTF8, "application/json"); } - var response = await httpClient.SendAsync(request, CancellationToken.None); response.EnsureSuccessStatusCode(); var responseString = await response.Content.ReadAsStringAsync(); diff --git a/DamageAssesmentApi/DamageAssesment.Api.Responses/Services/LocationServiceProvider.cs b/DamageAssesmentApi/DamageAssesment.Api.Responses/Services/LocationServiceProvider.cs index e6b36f6..2d38ca3 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.Responses/Services/LocationServiceProvider.cs +++ b/DamageAssesmentApi/DamageAssesment.Api.Responses/Services/LocationServiceProvider.cs @@ -10,11 +10,11 @@ namespace DamageAssesment.Api.Responses.Services { } - public async Task> getLocationsAsync() + public async Task> getLocationsAsync(string token) { try { - var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null); + var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null, token); var locations = JsonConvert.DeserializeObject>(responseJsonString); if (locations == null || !locations.Any()) diff --git a/DamageAssesmentApi/DamageAssesment.Api.Responses/Services/QuestionServiceProvider.cs b/DamageAssesmentApi/DamageAssesment.Api.Responses/Services/QuestionServiceProvider.cs index bc9c912..9b85688 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.Responses/Services/QuestionServiceProvider.cs +++ b/DamageAssesmentApi/DamageAssesment.Api.Responses/Services/QuestionServiceProvider.cs @@ -1,6 +1,7 @@ using DamageAssesment.Api.Responses.Interfaces; using DamageAssesment.Api.Responses.Models; using Newtonsoft.Json; +using OfficeOpenXml.FormulaParsing.LexicalAnalysis; namespace DamageAssesment.Api.Responses.Services { @@ -10,13 +11,13 @@ namespace DamageAssesment.Api.Responses.Services { } - public async Task> getQuestionsAsync(string language) + public async Task> getQuestionsAsync(string language,string token) { try { if (!string.IsNullOrEmpty(language)) url = url + "/" + language; - var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null); + var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null,token); var questions = JsonConvert.DeserializeObject>(responseJsonString); if (questions == null || !questions.Any()) @@ -29,7 +30,7 @@ namespace DamageAssesment.Api.Responses.Services return new List(); } } - public async Task> GetQuestionCategoriesAsync(string? language) + public async Task> GetQuestionCategoriesAsync(string? language,string token) { try { @@ -37,7 +38,7 @@ namespace DamageAssesment.Api.Responses.Services if (!string.IsNullOrEmpty(language)) url = url + "/" + language; - var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null); + var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null, token); var questions = JsonConvert.DeserializeObject>(responseJsonString); if (questions == null || !questions.Any()) @@ -50,13 +51,12 @@ namespace DamageAssesment.Api.Responses.Services return new List(); } } - - public async Task> getSurveyQuestionsAsync(int surveyId) + public async Task> getSurveyQuestionsAsync(int surveyId, string token) { try { url = urlBase + string.Format(configuration.GetValue("RessourceSettings:SurveyQuestion"), surveyId); - var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null); + var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null, token); var questions = JsonConvert.DeserializeObject>(responseJsonString); if (questions == null || !questions.Any()) @@ -71,12 +71,12 @@ namespace DamageAssesment.Api.Responses.Services } - public async Task getQuestionsAsync(int questionId) + public async Task getQuestionsAsync(int questionId, string token) { try { url = urlBase + string.Format(configuration.GetValue("RessourceSettings:QuestionById"), questionId); - var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null); + var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null, token); var question = JsonConvert.DeserializeObject(responseJsonString); if (question == null) diff --git a/DamageAssesmentApi/DamageAssesment.Api.Responses/Services/RegionServiceProvider.cs b/DamageAssesmentApi/DamageAssesment.Api.Responses/Services/RegionServiceProvider.cs index 49d3e28..13de3d6 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.Responses/Services/RegionServiceProvider.cs +++ b/DamageAssesmentApi/DamageAssesment.Api.Responses/Services/RegionServiceProvider.cs @@ -9,11 +9,11 @@ namespace DamageAssesment.Api.Responses.Services public RegionServiceProvider(IConfiguration configuration, IHttpUtil httpUtil, ILogger logger) : base(configuration, httpUtil, logger, configuration.GetValue("RessourceSettings:Region"), configuration.GetValue("EndPointSettings:LocationUrlBase")) { } - public async Task> getRegionsAsync() + public async Task> getRegionsAsync(string token) { try { - var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null); + var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null, token); var regions = JsonConvert.DeserializeObject>(responseJsonString); if (regions == null || !regions.Any()) diff --git a/DamageAssesmentApi/DamageAssesment.Api.Responses/Services/SurveyServiceProvider.cs b/DamageAssesmentApi/DamageAssesment.Api.Responses/Services/SurveyServiceProvider.cs index a77e1a7..70ed77f 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.Responses/Services/SurveyServiceProvider.cs +++ b/DamageAssesmentApi/DamageAssesment.Api.Responses/Services/SurveyServiceProvider.cs @@ -10,13 +10,13 @@ namespace DamageAssesment.Api.Responses.Services { } - public async Task> getSurveysAsync(string language) + public async Task> getSurveysAsync(string language, string token) { try { if (!string.IsNullOrEmpty(language)) url = url + "/" + language; - var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null); + var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null,token); var surveys = JsonConvert.DeserializeObject>(responseJsonString); if (surveys == null || !surveys.Any()) @@ -30,12 +30,12 @@ namespace DamageAssesment.Api.Responses.Services } } - public async Task getSurveyAsync(int surveyId) + public async Task getSurveyAsync(int surveyId, string token) { try { url = urlBase + string.Format(configuration.GetValue("RessourceSettings:SurveyById"), surveyId); - var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null); + var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null, token); var survey = JsonConvert.DeserializeObject(responseJsonString); if (survey == null) diff --git a/DamageAssesmentApi/DamageAssesment.Api.Surveys/Controllers/SurveysController.cs b/DamageAssesmentApi/DamageAssesment.Api.Surveys/Controllers/SurveysController.cs index b93120b..2a4415c 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.Surveys/Controllers/SurveysController.cs +++ b/DamageAssesmentApi/DamageAssesment.Api.Surveys/Controllers/SurveysController.cs @@ -1,4 +1,5 @@ using DamageAssesment.Api.Surveys.Interfaces; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; namespace DamageAssesment.Api.Surveys.Controllers @@ -15,6 +16,7 @@ namespace DamageAssesment.Api.Surveys.Controllers /// /// GET request for retrieving surveys. /// + [Authorize(Roles ="admin,survey,user,report")] [Route("surveys")] [Route("surveys/{language:alpha}")] [HttpGet] @@ -31,6 +33,7 @@ namespace DamageAssesment.Api.Surveys.Controllers /// /// GET request for retrieving surveys by ID. /// + [Authorize(Roles = "admin,survey,user,report")] [Route("surveys/{id:int}")] [Route("surveys/{id:int}/{language:alpha}")] [HttpGet] @@ -46,6 +49,7 @@ namespace DamageAssesment.Api.Surveys.Controllers /// /// POST request for creating a new survey. /// + [Authorize(Roles = "admin,survey,user,report")] [HttpPost("surveys")] public async Task PostSurveysAsync(Models.Survey survey) { @@ -59,6 +63,8 @@ namespace DamageAssesment.Api.Surveys.Controllers /// /// PUT request for updating an existing survey (surveyId,Updated Survey data). /// + + [Authorize(Roles = "admin,survey")] [HttpPut("surveys/{id}")] public async Task PutSurveysAsync(int id, Models.Survey survey) { @@ -76,6 +82,7 @@ namespace DamageAssesment.Api.Surveys.Controllers /// /// DELETE request for deleting a survey by ID. /// + [Authorize(Roles = "admin,survey")] [HttpDelete("surveys/{id}")] public async Task DeleteSurveysAsync(int id) { diff --git a/DamageAssesmentApi/DamageAssesment.Api.Surveys/Program.cs b/DamageAssesmentApi/DamageAssesment.Api.Surveys/Program.cs index fadf4de..433cc8b 100644 --- a/DamageAssesmentApi/DamageAssesment.Api.Surveys/Program.cs +++ b/DamageAssesmentApi/DamageAssesment.Api.Surveys/Program.cs @@ -6,6 +6,7 @@ using Microsoft.EntityFrameworkCore; using Microsoft.IdentityModel.Tokens; using System.Text; using System.Reflection; +using Microsoft.OpenApi.Models; var builder = WebApplication.CreateBuilder(args); @@ -34,14 +35,44 @@ builder.Services.AddControllers(); builder.Services.AddScoped(); builder.Services.AddAutoMapper(AppDomain.CurrentDomain.GetAssemblies()); builder.Services.AddEndpointsApiExplorer(); -//builder.Services.AddSwaggerGen(); -builder.Services.AddSwaggerGen(c => + +builder.Services.AddSwaggerGen(options => { // Include XML comments from your assembly var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml"; var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile); - c.IncludeXmlComments(xmlPath); + options.IncludeXmlComments(xmlPath); + + OpenApiSecurityScheme securityDefinition = new OpenApiSecurityScheme() + { + Name = "Bearer", + BearerFormat = "JWT", + Scheme = "bearer", + Description = "Specify the authorization token.", + In = ParameterLocation.Header, + Type = SecuritySchemeType.Http, + }; + + options.AddSecurityDefinition("jwt_auth", securityDefinition); + + // Make sure swagger UI requires a Bearer token specified + OpenApiSecurityScheme securityScheme = new OpenApiSecurityScheme() + { + Reference = new OpenApiReference() + { + Id = "jwt_auth", + Type = ReferenceType.SecurityScheme + } + }; + + OpenApiSecurityRequirement securityRequirements = new OpenApiSecurityRequirement() + { + {securityScheme, new string[] { }}, + }; + + options.AddSecurityRequirement(securityRequirements); }); + builder.Services.AddDbContext(option => { option.UseInMemoryDatabase("Surveys"); diff --git a/DamageAssesmentApi/DamageAssesment.Api.UsersAccess.Test/DamageAssesment.Api.UsersAccess.Test.csproj b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess.Test/DamageAssesment.Api.UsersAccess.Test.csproj new file mode 100644 index 0000000..e655693 --- /dev/null +++ b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess.Test/DamageAssesment.Api.UsersAccess.Test.csproj @@ -0,0 +1,30 @@ + + + + net6.0 + enable + enable + + false + true + + + + + + + + runtime; build; native; contentfiles; analyzers; buildtransitive + all + + + runtime; build; native; contentfiles; analyzers; buildtransitive + all + + + + + + + + diff --git a/DamageAssesmentApi/DamageAssesment.Api.UsersAccess.Test/MockData.cs b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess.Test/MockData.cs new file mode 100644 index 0000000..b25ec9a --- /dev/null +++ b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess.Test/MockData.cs @@ -0,0 +1,44 @@ +using DamageAssesment.Api.UsersAccess.Models; +using System; +using System.Collections.Generic; +using System.Linq; +using System.Text; +using System.Threading.Tasks; +using Xunit.Sdk; + +namespace DamageAssesment.Api.UsersAccess.Test +{ + public class MockData + { + public static async Task<(bool, Models.TokenResponse, string)> getTokenResponse(bool status, string message) + { + return (status, new Models.TokenResponse { jwttoken = "1234", refreshtoken = "12345" }, message); + } + + public static async Task<(bool, List, string)> getUsers(bool status, string message) + { + List users = new List(); + users.Add(new User { Id = 1, EmployeeCode = "Emp1", EmployeeId = 1, RoleId = 1, IsActive = true, CreateDate = DateTime.Now }); + users.Add(new User { Id = 2, EmployeeCode = "Emp2", EmployeeId = 2, RoleId = 1, IsActive = true, CreateDate = DateTime.Now }); + users.Add(new User { Id = 3, EmployeeCode = "Emp3", EmployeeId = 3, RoleId = 1, IsActive = true, CreateDate = DateTime.Now }); + return (status, users, message); + } + + public static async Task<(bool, User, string)> getUser(bool status, string message) + { + User user = getUsers(status, message).Result.Item2.FirstOrDefault(); + return (status, user, message); + } + + public static async Task<(bool, List, string)> getRoles(bool status, string message) + { + List roles = new List(); + roles.Add(new Role { Id = 1, Name = "Role 1" }); + roles.Add(new Role { Id = 2, Name = "Role 2" }); + roles.Add(new Role { Id = 3, Name = "Role 3" }); + + return (status, roles, message); + } + + } +} diff --git a/DamageAssesmentApi/DamageAssesment.Api.UsersAccess.Test/UsersAccessTest.cs b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess.Test/UsersAccessTest.cs new file mode 100644 index 0000000..46165f3 --- /dev/null +++ b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess.Test/UsersAccessTest.cs @@ -0,0 +1,194 @@ +using DamageAssesment.Api.UsersAccess.Controllers; +using DamageAssesment.Api.UsersAccess.Interfaces; +using Microsoft.AspNetCore.Mvc; +using Moq; +using Xunit; + +namespace DamageAssesment.Api.UsersAccess.Test +{ + public class UsersAccessTest + { + private Mock mockService; + + public UsersAccessTest() + { + mockService = new Mock(); + } + [Fact(DisplayName = "Get Token - Ok case")] + public async Task GetTokenAsync_ShouldReturnStatusCode200() + { + var response = await MockData.getTokenResponse(true,null); + mockService.Setup(service => service.AuthenticateAsync("Emp1")).ReturnsAsync(response); + var controller = new UsersAccessController(mockService.Object); + var result = (OkObjectResult)await controller.AuthenticateAsync("Emp1"); + Assert.Equal(200, result.StatusCode); + } + + [Fact(DisplayName = "Get Token - Unauthorized case")] + public async Task GetTokenAsync_ShouldReturnStatusCode401() + { + var response = await MockData.getTokenResponse(false, null); + mockService.Setup(service => service.AuthenticateAsync("Emp1")).ReturnsAsync(response); + var controller = new UsersAccessController(mockService.Object); + var result = (UnauthorizedObjectResult)await controller.AuthenticateAsync("Emp1"); + Assert.Equal(401, result.StatusCode); + } + + + [Fact(DisplayName = "RefreshToken - Ok case")] + public async Task RefreshTokenAsync_ShouldReturnStatusCode200() + { + var response = await MockData.getTokenResponse(true, null); + mockService.Setup(service => service.RefreshTokenAsync(null)).ReturnsAsync(response); + var controller = new UsersAccessController(mockService.Object); + var result = (OkObjectResult)await controller.RefreshTokenAsync(null); + Assert.Equal(200, result.StatusCode); + } + + [Fact(DisplayName = "RefreshToken - Unauthorized case")] + public async Task RefreshTokenAsync_ShouldReturnStatusCode401() + { + var response = await MockData.getTokenResponse(false, null); + mockService.Setup(service => service.RefreshTokenAsync(null)).ReturnsAsync(response); + var controller = new UsersAccessController(mockService.Object); + var result = (UnauthorizedObjectResult)await controller.RefreshTokenAsync(null); + Assert.Equal(401, result.StatusCode); + } + + [Fact(DisplayName = "GetUsers - Ok case")] + public async Task GetUsersAsync_ShouldReturnStatusCode200() + { + var response = await MockData.getUsers(true, null); + mockService.Setup(service => service.GetUsersAsync()).ReturnsAsync(response); + var controller = new UsersAccessController(mockService.Object); + var result = (OkObjectResult)await controller.GetUsersAsync(); + Assert.Equal(200, result.StatusCode); + } + + [Fact(DisplayName = "GetUsers - NoContent case")] + public async Task GetUsersAsync_ShouldReturnStatusCode204() + { + var response = await MockData.getUsers(false, null); + mockService.Setup(service => service.GetUsersAsync()).ReturnsAsync(response); + var controller = new UsersAccessController(mockService.Object); + var result = (NoContentResult)await controller.GetUsersAsync(); + Assert.Equal(204, result.StatusCode); + } + + [Fact(DisplayName = "GetUser - Ok case")] + public async Task GetUserAsync_ShouldReturnStatusCode200() + { + var response = await MockData.getUser(true, null); + mockService.Setup(service => service.GetUsersAsync(1)).ReturnsAsync(response); + var controller = new UsersAccessController(mockService.Object); + var result = (OkObjectResult)await controller.GetUsersAsync(1); + Assert.Equal(200, result.StatusCode); + } + + [Fact(DisplayName = "GetUser - NotFound case")] + public async Task GetUserAsync_ShouldReturnStatusCode204() + { + var response = await MockData.getUser(false, null); + mockService.Setup(service => service.GetUsersAsync(1)).ReturnsAsync(response); + var controller = new UsersAccessController(mockService.Object); + var result = (NotFoundResult)await controller.GetUsersAsync(1); + Assert.Equal(404, result.StatusCode); + } + + [Fact(DisplayName = "GetRoles - Ok case")] + public async Task GetRolesAsync_ShouldReturnStatusCode200() + { + var response = await MockData.getRoles(true, null); + mockService.Setup(service => service.GetRolesAsync()).ReturnsAsync(response); + var controller = new UsersAccessController(mockService.Object); + var result = (OkObjectResult)await controller.GetRolesAsync(); + Assert.Equal(200, result.StatusCode); + } + + [Fact(DisplayName = "GetRoles - NoContent case")] + public async Task GetRolesAsync_ShouldReturnStatusCode204() + { + var response = await MockData.getRoles(false, null); + mockService.Setup(service => service.GetRolesAsync()).ReturnsAsync(response); + var controller = new UsersAccessController(mockService.Object); + var result = (NoContentResult)await controller.GetRolesAsync(); + Assert.Equal(204, result.StatusCode); + } + + [Fact(DisplayName = "PostUser - Ok case")] + public async Task PostUserAsync_ShouldReturnStatusCode200() + { + var response = await MockData.getUser(true, null); + var user = new Models.User { Id = 1, EmployeeCode = "Emp1", EmployeeId = 1, RoleId = 1, IsActive = true, CreateDate = DateTime.Now }; + mockService.Setup(service => service.PostUserAsync(user)).ReturnsAsync(response); + var controller = new UsersAccessController(mockService.Object); + var result = (OkObjectResult)await controller.PostUserAsync(user); + Assert.Equal(200, result.StatusCode); + } + + [Fact(DisplayName = "PostUser - Bad Request case")] + public async Task PostUserAsync_ShouldReturnStatusCode400() + { + var response = await MockData.getUser(false, null); + var user = new Models.User { Id = 1, EmployeeCode = "Emp1", EmployeeId = 1, RoleId = 1, IsActive = true, CreateDate = DateTime.Now }; + mockService.Setup(service => service.PostUserAsync(user)).ReturnsAsync(response); + var controller = new UsersAccessController(mockService.Object); + var result = (BadRequestObjectResult)await controller.PostUserAsync(user); + Assert.Equal(400, result.StatusCode); + } + + [Fact(DisplayName = "PutUser - Ok case")] + public async Task PutUserAsync_ShouldReturnStatusCode200() + { + var response = await MockData.getUser(true, null); + var user = new Models.User { Id = 1, EmployeeCode = "Emp1", EmployeeId = 1, RoleId = 1, IsActive = true, CreateDate = DateTime.Now }; + mockService.Setup(service => service.PutUserAsync(1,user)).ReturnsAsync(response); + var controller = new UsersAccessController(mockService.Object); + var result = (OkObjectResult)await controller.PutUserAsync(1,user); + Assert.Equal(200, result.StatusCode); + } + + [Fact(DisplayName = "PutUser - BadRequest case")] + public async Task PutUserAsync_ShouldReturnStatusCode400() + { + var response = await MockData.getUser(false, null); + var user = new Models.User { Id = 1, EmployeeCode = "Emp1", EmployeeId = 1, RoleId = 1, IsActive = true, CreateDate = DateTime.Now }; + mockService.Setup(service => service.PutUserAsync(1,user)).ReturnsAsync(response); + var controller = new UsersAccessController(mockService.Object); + var result = (BadRequestObjectResult)await controller.PutUserAsync(1,user); + Assert.Equal(400, result.StatusCode); + } + + [Fact(DisplayName = "PutUser - Not Found case")] + public async Task PutUserAsync_ShouldReturnStatusCode404() + { + var response = await MockData.getUser(false, "Not Found"); + var user = new Models.User { Id = 1, EmployeeCode = "Emp1", EmployeeId = 1, RoleId = 1, IsActive = true, CreateDate = DateTime.Now }; + mockService.Setup(service => service.PutUserAsync(1, user)).ReturnsAsync(response); + var controller = new UsersAccessController(mockService.Object); + var result = (NotFoundObjectResult)await controller.PutUserAsync(1,user); + Assert.Equal(404, result.StatusCode); + } + + + [Fact(DisplayName = "DeleteUser - Ok case")] + public async Task DeleteUserAsync_ShouldReturnStatusCode200() + { + var response = await MockData.getUser(true, null); + mockService.Setup(service => service.DeleteUserAsync(1)).ReturnsAsync(response); + var controller = new UsersAccessController(mockService.Object); + var result = (OkObjectResult)await controller.DeleteUserAsync(1); + Assert.Equal(200, result.StatusCode); + } + + [Fact(DisplayName = "DeleteUser - Not Found case")] + public async Task DeleteUserAsync_ShouldReturnStatusCode404() + { + var response = await MockData.getUser(false, "Not Found"); + mockService.Setup(service => service.DeleteUserAsync(1)).ReturnsAsync(response); + var controller = new UsersAccessController(mockService.Object); + var result = (NotFoundResult)await controller.DeleteUserAsync(1); + Assert.Equal(404, result.StatusCode); + } + } +} \ No newline at end of file diff --git a/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Controllers/UsersAccessController.cs b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Controllers/UsersAccessController.cs new file mode 100644 index 0000000..e0aae67 --- /dev/null +++ b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Controllers/UsersAccessController.cs @@ -0,0 +1,117 @@ +using DamageAssesment.Api.UsersAccess.Interfaces; +using DamageAssesment.Api.UsersAccess.Models; +using Microsoft.AspNetCore.Authorization; +using Microsoft.AspNetCore.Mvc; + +namespace DamageAssesment.Api.UsersAccess.Controllers +{ + [ApiController] + public class UsersAccessController : ControllerBase + { + private IUsersAccessProvider userAccessProvider; + + public UsersAccessController(IUsersAccessProvider userAccessProvider) + { + this.userAccessProvider = userAccessProvider; + } + [Authorize(Policy = "Dadeschools")] + [HttpPost("token/{employecode}")] + public async Task AuthenticateAsync(string employecode) + { + var result = await userAccessProvider.AuthenticateAsync(employecode); + if (result.IsSuccess) + { + return Ok(result.TokenResponse); + } + return Unauthorized(result.ErrorMessage); + } + + [Authorize(Policy = "Dadeschools")] + [HttpPost("refreshtoken")] + public async Task RefreshTokenAsync(TokenResponse tokenResponse) + { + var result = await userAccessProvider.RefreshTokenAsync(tokenResponse); + if (result.IsSuccess) + { + return Ok(result.TokenResponse); + } + return Unauthorized(result.ErrorMessage); + } + + [Authorize(Policy = "DamageApp", Roles ="admin")] + [HttpGet("users")] + public async Task GetUsersAsync() + { + var result = await userAccessProvider.GetUsersAsync(); + if (result.IsSuccess) + { + return Ok(result.Users); + } + return NoContent(); + } + + [Authorize(Policy = "DamageApp", Roles = "admin")] + [HttpGet("users/{Id}")] + public async Task GetUsersAsync(int Id) + { + var result = await userAccessProvider.GetUsersAsync(Id); + if (result.IsSuccess) + { + return Ok(result.User); + } + return NotFound(); + } + + [Authorize(Policy = "DamageApp", Roles = "admin")] + [HttpGet("roles")] + public async Task GetRolesAsync() + { + var result = await userAccessProvider.GetRolesAsync(); + if (result.IsSuccess) + { + return Ok(result.Roles); + } + return NoContent(); + } + [Authorize(Policy = "DamageApp", Roles = "admin")] + [HttpPost("users")] + public async Task PostUserAsync(User user) + { + var result = await userAccessProvider.PostUserAsync(user); + if (result.IsSuccess) + { + return Ok(result.User); + } + return BadRequest(result.ErrorMessage); + } + + [Authorize(Policy = "DamageApp", Roles = "admin")] + [HttpPut("users/{Id}")] + public async Task PutUserAsync(int Id, User user) + { + var result = await userAccessProvider.PutUserAsync(Id, user); + if (result.IsSuccess) + { + return Ok(result.User); + } + if (result.ErrorMessage == "Not Found") + return NotFound(result.ErrorMessage); + + return BadRequest(result.ErrorMessage); + } + + [Authorize(Policy = "DamageApp", Roles = "admin")] + [HttpDelete("users/{Id}")] + public async Task DeleteUserAsync(int Id) + { + var result = await userAccessProvider.DeleteUserAsync(Id); + if (result.IsSuccess) + { + return Ok(result.User); + } + return NotFound(); + } + + + } +} diff --git a/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/DamageAssesment.Api.UsersAccess.csproj b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/DamageAssesment.Api.UsersAccess.csproj new file mode 100644 index 0000000..b34a5f4 --- /dev/null +++ b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/DamageAssesment.Api.UsersAccess.csproj @@ -0,0 +1,23 @@ + + + + net6.0 + enable + enable + Linux + ..\docker-compose.dcproj + + + + + + + + + + + + + + + diff --git a/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Db/Role.cs b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Db/Role.cs new file mode 100644 index 0000000..93e522a --- /dev/null +++ b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Db/Role.cs @@ -0,0 +1,21 @@ +using System.ComponentModel.DataAnnotations; +using System.ComponentModel.DataAnnotations.Schema; +using System.Text.Json.Serialization; + +namespace DamageAssesment.Api.UsersAccess.Db +{ + public class Role + { + [Key] + public int Id { get; set; } + + [StringLength(100)] + [Required] + public string Name { get; set; } + + // add a status field + + [StringLength(100)] + public string? Description { get; set; } + } +} diff --git a/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Db/Token.cs b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Db/Token.cs new file mode 100644 index 0000000..bdfe576 --- /dev/null +++ b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Db/Token.cs @@ -0,0 +1,17 @@ +using Microsoft.EntityFrameworkCore.Metadata.Internal; +using System.ComponentModel.DataAnnotations; +using System.ComponentModel.DataAnnotations.Schema; + +namespace DamageAssesment.Api.UsersAccess.Db +{ + public class Token + { + [Key] + public int Id { get; set; } + [Required] + [ForeignKey("User")] + public int UserId { get; set; } + public string? RefreshToken { get; set; } + public bool? IsActive { get; set; } + } +} diff --git a/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Db/User.cs b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Db/User.cs new file mode 100644 index 0000000..f99deb8 --- /dev/null +++ b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Db/User.cs @@ -0,0 +1,31 @@ +using System.ComponentModel.DataAnnotations; +using System.ComponentModel.DataAnnotations.Schema; +using System.Text.Json.Serialization; + +namespace DamageAssesment.Api.UsersAccess.Db +{ + public class User + { + [Key] + public int Id { get; set; } + + [ForeignKey("Employee")] + public int EmployeeId { get; set; } + + [Required] + [StringLength(50)] + public string EmployeeCode { get; set; } + + [ForeignKey("Role")] + [Required] + public int RoleId { get; set; } + [Required] + public bool IsActive { get; set; } = true; + + [Required] + public DateTime CreateDate { get; set; } = DateTime.Now; + + public DateTime? UpdateDate { get; set; } + + } +} diff --git a/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Db/UsersAccessDbContext.cs b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Db/UsersAccessDbContext.cs new file mode 100644 index 0000000..2c9a2e1 --- /dev/null +++ b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Db/UsersAccessDbContext.cs @@ -0,0 +1,32 @@ +using Microsoft.EntityFrameworkCore; + +namespace DamageAssesment.Api.UsersAccess.Db +{ + public class UsersAccessDbContext : DbContext + { + public DbSet Users { get; set; } + public DbSet Roles { get; set; } + public DbSet Tokens { get; set; } + public UsersAccessDbContext(DbContextOptions options) : base(options) + { + + } + + protected override void OnModelCreating(ModelBuilder modelBuilder) + { + base.OnModelCreating(modelBuilder); + + modelBuilder.Entity() + .Property(item => item.Id) + .ValueGeneratedOnAdd(); + + modelBuilder.Entity() + .Property(item => item.Id) + .ValueGeneratedOnAdd(); + + modelBuilder.Entity() + .Property(item => item.Id) + .ValueGeneratedOnAdd(); + } + } +} diff --git a/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Dockerfile b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Dockerfile new file mode 100644 index 0000000..35ca369 --- /dev/null +++ b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Dockerfile @@ -0,0 +1,21 @@ +#See https://aka.ms/customizecontainer to learn how to customize your debug container and how Visual Studio uses this Dockerfile to build your images for faster debugging. + +FROM mcr.microsoft.com/dotnet/aspnet:6.0 AS base +WORKDIR /app +EXPOSE 80 + +FROM mcr.microsoft.com/dotnet/sdk:6.0 AS build +WORKDIR /src +COPY ["DamageAssesment.Api.UsersAccess/DamageAssesment.Api.UsersAccess.csproj", "DamageAssesment.Api.UsersAccess/"] +RUN dotnet restore "DamageAssesment.Api.UsersAccess/DamageAssesment.Api.UsersAccess.csproj" +COPY . . +WORKDIR "/src/DamageAssesment.Api.UsersAccess" +RUN dotnet build "DamageAssesment.Api.UsersAccess.csproj" -c Release -o /app/build + +FROM build AS publish +RUN dotnet publish "DamageAssesment.Api.UsersAccess.csproj" -c Release -o /app/publish /p:UseAppHost=false + +FROM base AS final +WORKDIR /app +COPY --from=publish /app/publish . +ENTRYPOINT ["dotnet", "DamageAssesment.Api.UsersAccess.dll"] \ No newline at end of file diff --git a/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Interfaces/IEmployeeServiceProvider.cs b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Interfaces/IEmployeeServiceProvider.cs new file mode 100644 index 0000000..0675a74 --- /dev/null +++ b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Interfaces/IEmployeeServiceProvider.cs @@ -0,0 +1,10 @@ +using DamageAssesment.Api.UsersAccess.Models; + +namespace DamageAssesment.Api.UsersAccess.Interfaces +{ + public interface IEmployeeServiceProvider + { + Task> getEmployeesAsync(); + Task getEmployeeAsync(int employeeId); + } +} diff --git a/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Interfaces/IHttpUtil.cs b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Interfaces/IHttpUtil.cs new file mode 100644 index 0000000..6fc4710 --- /dev/null +++ b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Interfaces/IHttpUtil.cs @@ -0,0 +1,9 @@ +using DamageAssesment.Api.UsersAccess.Models; + +namespace DamageAssesment.Api.UsersAccess.Interfaces +{ + public interface IHttpUtil + { + Task SendAsync(HttpMethod method, string url, string JsonInput); + } +} diff --git a/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Interfaces/IRoleProvider.cs b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Interfaces/IRoleProvider.cs new file mode 100644 index 0000000..6ca0209 --- /dev/null +++ b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Interfaces/IRoleProvider.cs @@ -0,0 +1,12 @@ +namespace DamageAssesment.Api.UsersAccess.Interfaces +{ + public interface IRoleProvider + { + Task<(bool IsSuccess, IEnumerable< Models.Role> Roles, string ErrorMessage)> GetRolesAsync(); + Task<(bool IsSuccess, Models.Role Roles, string ErrorMessage)> GetRolesAsync(int Id); + Task<(bool IsSuccess, Models.Role Role, string ErrorMessage)> PostRoleAsync(Models.Role Role); + Task<(bool IsSuccess, Models.Role Role, string ErrorMessage)> PutRoleAsync(int Id,Models.Role Role); + Task<(bool IsSuccess, Models.Role Role, string ErrorMessage)> DeleteRoleAsync(int Id); + + } +} diff --git a/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Interfaces/ITokenServiceProvider.cs b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Interfaces/ITokenServiceProvider.cs new file mode 100644 index 0000000..6115e7c --- /dev/null +++ b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Interfaces/ITokenServiceProvider.cs @@ -0,0 +1,11 @@ +using DamageAssesment.Api.UsersAccess.Models; +using System.Security.Claims; + +namespace DamageAssesment.Api.UsersAccess.Interfaces +{ + public interface ITokenServiceProvider + { + Task GenerateToken(Models.User user); + Task TokenAuthenticate(Models.User user, Claim[] claims); + } +} \ No newline at end of file diff --git a/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Interfaces/IUsersAccessProvider.cs b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Interfaces/IUsersAccessProvider.cs new file mode 100644 index 0000000..ea64376 --- /dev/null +++ b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Interfaces/IUsersAccessProvider.cs @@ -0,0 +1,17 @@ +using DamageAssesment.Api.UsersAccess.Models; + +namespace DamageAssesment.Api.UsersAccess.Interfaces +{ + public interface IUsersAccessProvider + { + public Task<(bool IsSuccess, IEnumerable< Models.User> Users, string ErrorMessage)> GetUsersAsync(); + public Task<(bool IsSuccess, Models.User User, string ErrorMessage)> GetUsersAsync(int Id); + public Task<(bool IsSuccess, Models.User User, string ErrorMessage)> PostUserAsync(Models.User User); + public Task<(bool IsSuccess, Models.User User, string ErrorMessage)> PutUserAsync(int Id,Models.User User); + public Task<(bool IsSuccess, Models.User User, string ErrorMessage)> DeleteUserAsync(int Id); + public Task<(bool IsSuccess, IEnumerable Roles, string ErrorMessage)> GetRolesAsync(); + public Task<(bool IsSuccess, Models.TokenResponse TokenResponse, string ErrorMessage)> AuthenticateAsync(string employeCode); + public Task<(bool IsSuccess, Models.TokenResponse TokenResponse, string ErrorMessage)>RefreshTokenAsync(TokenResponse tokenResponse); + public void seedData(); + } +} diff --git a/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Models/Employee.cs b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Models/Employee.cs new file mode 100644 index 0000000..b08d156 --- /dev/null +++ b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Models/Employee.cs @@ -0,0 +1,14 @@ +namespace DamageAssesment.Api.UsersAccess.Models +{ + public class Employee + { + public int Id { get; set; } + public string EmployeeCode { get; set; } + public string Name { get; set; } + public DateTime BirthDate { get; set; } + public string OfficePhoneNumber { get; set; } + public string Email { get; set; } + public bool IsActive { get; set; } + public string PreferredLanguage { get; set; } + } +} diff --git a/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Models/JwtSettings.cs b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Models/JwtSettings.cs new file mode 100644 index 0000000..3f9dadf --- /dev/null +++ b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Models/JwtSettings.cs @@ -0,0 +1,9 @@ +using System.ComponentModel.DataAnnotations; +namespace DamageAssesment.Api.UsersAccess.Models +{ + + public class JwtSettings + { + public string securitykey { get; set; } + } +} \ No newline at end of file diff --git a/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Models/Role.cs b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Models/Role.cs new file mode 100644 index 0000000..a275c60 --- /dev/null +++ b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Models/Role.cs @@ -0,0 +1,8 @@ +namespace DamageAssesment.Api.UsersAccess.Models +{ + public class Role { + public int Id { get; set; } + public string Name { get; set; } + public string Description { get; set; } + } +} diff --git a/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Models/Token.cs b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Models/Token.cs new file mode 100644 index 0000000..87f1ae3 --- /dev/null +++ b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Models/Token.cs @@ -0,0 +1,10 @@ +namespace DamageAssesment.Api.UsersAccess.Models +{ + public class Token + { + public string Id { get; set; } + public int UserId { get; set; } + public string RefreshToken { get; set; } + public bool IsActive { get; set; } + } +} diff --git a/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Models/TokenResponse.cs b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Models/TokenResponse.cs new file mode 100644 index 0000000..4d0b6da --- /dev/null +++ b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Models/TokenResponse.cs @@ -0,0 +1,8 @@ +namespace DamageAssesment.Api.UsersAccess.Models +{ + public class TokenResponse + { + public string? jwttoken { get; set; } + public string? refreshtoken { get; set; } + } +} \ No newline at end of file diff --git a/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Models/User.cs b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Models/User.cs new file mode 100644 index 0000000..e43bc20 --- /dev/null +++ b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Models/User.cs @@ -0,0 +1,13 @@ +namespace DamageAssesment.Api.UsersAccess.Models +{ + public class User + { + public int Id { get; set; } + public int EmployeeId { get; set; } + public string EmployeeCode { get; set; } + public int RoleId { get; set; } + public bool IsActive { get; set; } + public DateTime CreateDate { get; set; } + public DateTime UpdateDate { get; set; } + } +} diff --git a/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Models/UserCredentials.cs b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Models/UserCredentials.cs new file mode 100644 index 0000000..cf01fa3 --- /dev/null +++ b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Models/UserCredentials.cs @@ -0,0 +1,5 @@ +public class UserCredentials +{ + public string username { get; set; } + // public string? password { get; set; } +} \ No newline at end of file diff --git a/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Profiles/UsersAccessProfile.cs b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Profiles/UsersAccessProfile.cs new file mode 100644 index 0000000..bf744eb --- /dev/null +++ b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Profiles/UsersAccessProfile.cs @@ -0,0 +1,14 @@ +namespace DamageAssesment.Api.UsersAccess.Profiles +{ + public class UsersAccessProfile : AutoMapper.Profile + { + public UsersAccessProfile() + { + CreateMap(); + CreateMap(); + + CreateMap(); + CreateMap(); + } + } +} diff --git a/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Program.cs b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Program.cs new file mode 100644 index 0000000..a7d12a5 --- /dev/null +++ b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Program.cs @@ -0,0 +1,146 @@ +using DamageAssesment.Api.UsersAccess.Db; +using DamageAssesment.Api.UsersAccess.Interfaces; +using DamageAssesment.Api.UsersAccess.Providers; +using DamageAssesment.Api.UsersAccess.Models; +using Microsoft.EntityFrameworkCore; +using Microsoft.IdentityModel.Tokens; +using System.Text; +using Polly; +using DamageAssesment.Api.UsersAccess.Services; +using Microsoft.OpenApi.Models; +using System.Reflection; +using Microsoft.AspNetCore.Authorization; + +const int maxApiCallRetries = 3; +const int intervalToRetry = 2; //2 seconds +const int maxRetryForCircuitBraker = 5; +const int intervalForCircuitBraker = 5; //5 seconds + +var builder = WebApplication.CreateBuilder(args); + +// Add services to the container. +var authkey = builder.Configuration.GetValue("JwtSettings:securitykey"); + + +builder.Services.AddAuthentication(). + AddJwtBearer("DamageApp", item => +{ + + item.RequireHttpsMetadata = true; + item.SaveToken = true; + item.TokenValidationParameters = new TokenValidationParameters() + { + ValidateIssuerSigningKey = true, + IssuerSigningKey = new SymmetricSecurityKey(Encoding.UTF8.GetBytes(authkey)), + ValidateIssuer = false, + ValidateAudience = false, + ClockSkew = TimeSpan.Zero + }; +}).AddJwtBearer("Dadeschools", options => +{ + options.Authority = builder.Configuration["Dadeschools:Authority"]; + options.TokenValidationParameters.ValidTypes = new[] { "at+jwt" }; + options.TokenValidationParameters.ValidateAudience = false; +}); + + +builder.Services.AddAuthorization(options => +{ + var DamageAppPolicy = new AuthorizationPolicyBuilder() + .RequireAuthenticatedUser() + .AddAuthenticationSchemes("DamageApp") + .Build(); + var DadeschoolsPolicy = new AuthorizationPolicyBuilder() + .RequireAuthenticatedUser() + .AddAuthenticationSchemes("Dadeschools") + .Build(); + var allPolicy = new AuthorizationPolicyBuilder() + .RequireAuthenticatedUser() + .AddAuthenticationSchemes("DamageApp", "Dadeschools") + .Build(); + options.AddPolicy("DamageApp", DamageAppPolicy); + options.AddPolicy("Dadeschools", DadeschoolsPolicy); + options.AddPolicy("AllPolicies", allPolicy); + options.DefaultPolicy = options.GetPolicy("DamageApp")!; +}); + +var _jwtsettings = builder.Configuration.GetSection("JwtSettings"); +builder.Services.Configure(_jwtsettings); + +builder.Services.AddControllers(); +// Learn more about configuring Swagger/OpenAPI at https://aka.ms/aspnetcore/swashbuckle +builder.Services.AddScoped(); +builder.Services.AddScoped(); +builder.Services.AddScoped(); + +builder.Services.AddHttpClient(). + AddTransientHttpErrorPolicy(policy => policy.WaitAndRetryAsync(maxApiCallRetries, _ => TimeSpan.FromSeconds(intervalToRetry))). + AddTransientHttpErrorPolicy(policy => policy.CircuitBreakerAsync(maxRetryForCircuitBraker, TimeSpan.FromSeconds(intervalForCircuitBraker))); + +builder.Services.AddAutoMapper(AppDomain.CurrentDomain.GetAssemblies()); +builder.Services.AddEndpointsApiExplorer(); +//builder.Services.AddSwaggerGen(); + +builder.Services.AddSwaggerGen(options => +{ + + // Include XML comments from your assembly + var xmlFile = $"{Assembly.GetExecutingAssembly().GetName().Name}.xml"; + var xmlPath = Path.Combine(AppContext.BaseDirectory, xmlFile); + //options.IncludeXmlComments(xmlPath); + + OpenApiSecurityScheme securityDefinition = new OpenApiSecurityScheme() + { + Name = "Bearer", + BearerFormat = "JWT", + Scheme = "bearer", + Description = "Specify the authorization token.", + In = ParameterLocation.Header, + Type = SecuritySchemeType.Http, + }; + + options.AddSecurityDefinition("jwt_auth", securityDefinition); + + // Make sure swagger UI requires a Bearer token specified + OpenApiSecurityScheme securityScheme = new OpenApiSecurityScheme() + { + Reference = new OpenApiReference() + { + Id = "jwt_auth", + Type = ReferenceType.SecurityScheme + } + }; + + OpenApiSecurityRequirement securityRequirements = new OpenApiSecurityRequirement() + { + {securityScheme, new string[] { }}, + }; + + options.AddSecurityRequirement(securityRequirements); +}); + +builder.Services.AddDbContext(option => +{ + option.UseInMemoryDatabase("UsersAccess"); +}); +var app = builder.Build(); + +// Configure the HTTP request pipeline. +if (app.Environment.IsDevelopment()) +{ + app.UseSwagger(); + app.UseSwaggerUI(); + + using (var serviceScope = app.Services.CreateScope()) + { + var services = serviceScope.ServiceProvider; + var usersAccessProvider = services.GetRequiredService(); + usersAccessProvider.seedData(); + } +} + +app.UseAuthentication(); +app.UseAuthorization(); + +app.MapControllers(); +app.Run(); diff --git a/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Properties/launchSettings.json b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Properties/launchSettings.json new file mode 100644 index 0000000..718fd30 --- /dev/null +++ b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Properties/launchSettings.json @@ -0,0 +1,37 @@ +{ + "profiles": { + "DamageAssesment.Api.Users": { + "commandName": "Project", + "launchBrowser": true, + "launchUrl": "swagger", + "environmentVariables": { + "ASPNETCORE_ENVIRONMENT": "Development" + }, + "dotnetRunMessages": true, + "applicationUrl": "http://localhost:5027" + }, + "IIS Express": { + "commandName": "IISExpress", + "launchBrowser": true, + "launchUrl": "swagger", + "environmentVariables": { + "ASPNETCORE_ENVIRONMENT": "Development" + } + }, + "Docker": { + "commandName": "Docker", + "launchBrowser": true, + "launchUrl": "{Scheme}://{ServiceHost}:{ServicePort}/swagger", + "publishAllPorts": true + } + }, + "$schema": "https://json.schemastore.org/launchsettings.json", + "iisSettings": { + "windowsAuthentication": false, + "anonymousAuthentication": true, + "iisExpress": { + "applicationUrl": "http://localhost:28382", + "sslPort": 0 + } + } +} \ No newline at end of file diff --git a/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Providers/UserAccessProvider.cs b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Providers/UserAccessProvider.cs new file mode 100644 index 0000000..63a9772 --- /dev/null +++ b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Providers/UserAccessProvider.cs @@ -0,0 +1,305 @@ +using AutoMapper; +using DamageAssesment.Api.UsersAccess.Db; +using DamageAssesment.Api.UsersAccess.Interfaces; +using DamageAssesment.Api.UsersAccess.Models; +using Microsoft.EntityFrameworkCore; +using Microsoft.Extensions.Options; +using Microsoft.IdentityModel.Tokens; +using System.Data; +using System.IdentityModel.Tokens.Jwt; +using System.Security.Claims; +using System.Text; + +namespace DamageAssesment.Api.UsersAccess.Providers +{ + public class UsersAccessProvider : IUsersAccessProvider + { + private readonly UsersAccessDbContext userAccessDbContext; + private readonly ILogger logger; + private readonly IMapper mapper; + //private readonly IEmployeeServiceProvider employeeServiceProvider; + private readonly JwtSettings jwtSettings; + private readonly ITokenServiceProvider tokenServiceProvider; + + public UsersAccessProvider(IOptions options, ITokenServiceProvider tokenServiceProvider, UsersAccessDbContext userAccessDbContext, IEmployeeServiceProvider employeeServiceProvider, ILogger logger, IMapper mapper) + { + this.userAccessDbContext = userAccessDbContext; + //this.employeeServiceProvider = employeeServiceProvider; + this.logger = logger; + this.mapper = mapper; + jwtSettings = options.Value; + this.tokenServiceProvider = tokenServiceProvider; + // seedData(); + } + + public void seedData() + { + if (!userAccessDbContext.Users.Any()) + { + userAccessDbContext.Users.Add(new Db.User { Id = 1, EmployeeId = 1, EmployeeCode = "Emp1", RoleId = 1, IsActive = true, CreateDate = DateTime.Now }); + userAccessDbContext.Users.Add(new Db.User { Id = 2, EmployeeId = 2, EmployeeCode = "Emp2", RoleId = 2, IsActive = true, CreateDate = DateTime.Now }); + userAccessDbContext.Users.Add(new Db.User { Id = 3, EmployeeId = 3, EmployeeCode = "Emp3", RoleId = 3, IsActive = true, CreateDate = DateTime.Now }); + userAccessDbContext.SaveChanges(); + } + + if (!userAccessDbContext.Roles.Any()) + { + userAccessDbContext.Roles.Add(new Db.Role { Id = 1, Name = "admin", Description ="Administrator role have full access" }); + userAccessDbContext.Roles.Add(new Db.Role { Id = 2, Name = "user", Description =" User role"}); + userAccessDbContext.Roles.Add(new Db.Role { Id = 3, Name = "survey", Description ="Survey role" }); + userAccessDbContext.Roles.Add(new Db.Role { Id = 4, Name = "report", Description ="Report role"}); + userAccessDbContext.Roles.Add(new Db.Role { Id = 5, Name = "document", Description ="Document role" }); + userAccessDbContext.SaveChanges(); + } + } + + public async Task<(bool IsSuccess, IEnumerable Users, string ErrorMessage)> GetUsersAsync() + { + try + { + logger?.LogInformation("Gell all Users from DB"); + var users = await userAccessDbContext.Users.ToListAsync(); + if (users != null) + { + logger?.LogInformation($"{users.Count} Items(s) found"); + var result = mapper.Map, IEnumerable>(users); + return (true, result, null); + } + return (false, null, "Not found"); + } + catch (Exception ex) + { + logger?.LogError(ex.ToString()); + return (false, null, ex.Message); + } + } + + public async Task<(bool IsSuccess, Models.User User, string ErrorMessage)> GetUsersAsync(int Id) + { + try + { + logger?.LogInformation("Querying Users table"); + var user = await userAccessDbContext.Users.SingleOrDefaultAsync(s => s.Id == Id); + if (user != null) + { + logger?.LogInformation($"User Id: {Id} found"); + var result = mapper.Map(user); + return (true, result, null); + } + return (false, null, "Not found"); + } + catch (Exception ex) + { + logger?.LogError(ex.ToString()); + return (false, null, ex.Message); + } + } + + public async Task<(bool IsSuccess, Models.User User, string ErrorMessage)> PostUserAsync(Models.User user) + { + try + { + if (user != null) + { + var _user = mapper.Map(user); + userAccessDbContext.Users.Add(_user); + user.Id = _user.Id; + await userAccessDbContext.SaveChangesAsync(); + return (true, user, "Successful"); + } + else + { + logger?.LogInformation($"null object cannot be added"); + return (false, null, $"null object cannot be added"); + } + } + catch (Exception ex) + { + logger?.LogError(ex.ToString()); + return (false, null, ex.Message); + } + } + + public async Task<(bool IsSuccess, Models.User User, string ErrorMessage)> PutUserAsync(int Id, Models.User user) + { + try + { + if (user != null) + { + var _user = await userAccessDbContext.Users.AsNoTracking().Where(s => s.Id == Id).SingleOrDefaultAsync(); + + if (_user != null) + { + int count = userAccessDbContext.Users.Where(u => u.Id != user.Id).Count(); + if (count == 0) + { + await userAccessDbContext.SaveChangesAsync(); + logger?.LogInformation($"Employee Id: {user.EmployeeId} updated successfuly"); + return (true, mapper.Map(_user), $"Employee Id: {_user.EmployeeId} updated successfuly"); + } + else + { + logger?.LogInformation($"Employee Id: {user.EmployeeId} is already exist"); + return (false, null, $"Employee Id: {user.EmployeeId} is already exist"); + } + } + else + { + logger?.LogInformation($"User Id : {Id} Not found"); + return (false, null, "Not Found"); + } + } + else + { + logger?.LogInformation($"User Id: {Id} Bad Request"); + return (false, null, "Bad request"); + } + } + catch (Exception ex) + { + logger?.LogError(ex.ToString()); + return (false, null, ex.Message); + } + } + + public async Task<(bool IsSuccess, Models.User User, string ErrorMessage)> DeleteUserAsync(int Id) + { + try + { + var user = await userAccessDbContext.Users.Where(x => x.Id == Id).SingleOrDefaultAsync(); + + if (user != null) + { + userAccessDbContext.Users.Remove(user); + await userAccessDbContext.SaveChangesAsync(); + logger?.LogInformation($"User Id: {Id} deleted Successfuly"); + return (true, mapper.Map(user), $"User Id: {Id} deleted Successfuly"); + } + else + { + logger?.LogInformation($"User Id : {Id} Not found"); + return (false, null, "Not Found"); + } + } + catch (Exception ex) + { + logger?.LogError(ex.ToString()); + return (false, null, ex.Message); + } + } + + public async Task<(bool IsSuccess, TokenResponse TokenResponse, string ErrorMessage)> AuthenticateAsync(string employecode) + { + + if (employecode != null) + { + //implementation for dadeschools authentication + // var employees = await employeeServiceProvider.getEmployeesAsync(); + // var employee = employees.Where(e=> e.EmployeeCode.ToLower() == employecode.ToLower()).SingleOrDefault(); + var user = userAccessDbContext.Users.Where(x => x.IsActive == true && x.EmployeeCode.ToLower() == employecode.ToLower()).SingleOrDefault(); + + if (user != null) + { + + var r = await GetRolesAsync(); + var role = r.Roles.Where(x => x.Id == user.RoleId).SingleOrDefault(); + + var authClaims = new List { + new Claim(ClaimTypes.Name, user.EmployeeCode), + new Claim(ClaimTypes.Role, role.Name), + new Claim(JwtRegisteredClaimNames.Jti,Guid.NewGuid().ToString()) + + }; + + /// Generate Token + var tokenhandler = new JwtSecurityTokenHandler(); + var tokenkey = Encoding.UTF8.GetBytes(jwtSettings.securitykey); + var tokendesc = new SecurityTokenDescriptor + { + Audience = "", + NotBefore = DateTime.Now, + Subject = new ClaimsIdentity(authClaims), + Expires = DateTime.Now.AddMinutes(30), + SigningCredentials = new SigningCredentials(new SymmetricSecurityKey(tokenkey), SecurityAlgorithms.HmacSha256) + }; + var token = tokenhandler.CreateToken(tokendesc); + string finaltoken = tokenhandler.WriteToken(token); + + var response = new TokenResponse() { jwttoken = finaltoken, refreshtoken = await tokenServiceProvider.GenerateToken(mapper.Map(user)) }; + return (true, response, "Authentication success and token issued."); + } + else + { + return (false, null, "user inactive or not exist."); + } + } + + else + { + return (false, null, "Credentials are required to authenticate."); + } + } + public async Task<(bool IsSuccess, IEnumerable Roles, string ErrorMessage)> GetRolesAsync() + { + try + { + logger?.LogInformation("Gell all Roles from DB"); + var roles = await userAccessDbContext.Roles.ToListAsync(); + if (roles != null) + { + logger?.LogInformation($"{roles.Count} Items(s) found"); + var result = mapper.Map, IEnumerable>(roles); + return (true, result, null); + } + return (false, null, "Not found"); + } + catch (Exception ex) + { + logger?.LogError(ex.ToString()); + return (false, null, ex.Message); + } + } + + public async Task<(bool IsSuccess, Models.TokenResponse TokenResponse, string ErrorMessage)> RefreshTokenAsync(TokenResponse tokenResponse) + { + //Generate token + var tokenhandler = new JwtSecurityTokenHandler(); + var tokenkey = Encoding.UTF8.GetBytes(this.jwtSettings.securitykey); + SecurityToken securityToken; + var principal = tokenhandler.ValidateToken(tokenResponse.jwttoken, new TokenValidationParameters + { + ValidateIssuerSigningKey = true, + IssuerSigningKey = new SymmetricSecurityKey(tokenkey), + ValidateIssuer = false, + ValidateAudience = false, + + }, out securityToken); + + var token = securityToken as JwtSecurityToken; + if (token != null && !token.Header.Alg.Equals(SecurityAlgorithms.HmacSha256)) + { + return (false, null, "Unauthorized"); + } + var username = principal.Identity?.Name; + + var tokens = await userAccessDbContext.Tokens.ToListAsync(); + var users = await userAccessDbContext.Users.ToListAsync(); + + var user = (from u in users + join t in tokens + on u.Id equals t.UserId + where u.EmployeeId == 1 + && t.RefreshToken == tokenResponse.refreshtoken + select u).FirstOrDefault(); + + if (user == null) + return (false, null, "Invalid Token Response object provided"); + + var _user = mapper.Map(user); + var response = tokenServiceProvider.TokenAuthenticate(_user, principal.Claims.ToArray()).Result; + return (true, response, "Token authenticated and refreshed."); + } + + + } +} diff --git a/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Services/EmployeeServiceProvider.cs b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Services/EmployeeServiceProvider.cs new file mode 100644 index 0000000..ba97947 --- /dev/null +++ b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Services/EmployeeServiceProvider.cs @@ -0,0 +1,50 @@ +using DamageAssesment.Api.UsersAccess.Interfaces; +using DamageAssesment.Api.UsersAccess.Models; +using Newtonsoft.Json; + +namespace DamageAssesment.Api.UsersAccess.Services +{ + public class EmployeeServiceProvider : ServiceProviderBase, IEmployeeServiceProvider + { + public EmployeeServiceProvider(IConfiguration configuration, IHttpUtil httpUtil, ILogger logger) : base(configuration, httpUtil, logger, configuration.GetValue("RessourceSettings:Employee"), configuration.GetValue("EndPointSettings:EmployeeUrlBase")) + { + } + + public async Task> getEmployeesAsync() + { + try + { + var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null); + var employees = JsonConvert.DeserializeObject>(responseJsonString); + + if (employees == null || !employees.Any()) + return new List(); + else return employees; + } + catch (Exception ex) + { + logger?.LogError($"Exception Found : {ex.Message} - Ref: EmployeeServiceProvider.getEmployeesAsync()"); + return new List(); + } + } + + public async Task getEmployeeAsync(int employeeId) + { + try + { + url = urlBase + string.Format(configuration.GetValue("RessourceSettings:EmployeeById"), employeeId); + var responseJsonString = await httpUtil.SendAsync(HttpMethod.Get, url, null); + var employee = JsonConvert.DeserializeObject(responseJsonString); + + if (employee == null) + return null; + else return employee; + } + catch (Exception ex) + { + logger?.LogError($"Exception Found : {ex.Message} - Ref: EmployeeServiceProvider.getEmployeeAsync()"); + return null; + } + } + } +} diff --git a/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Services/HttpUtil.cs b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Services/HttpUtil.cs new file mode 100644 index 0000000..a8b5c9f --- /dev/null +++ b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Services/HttpUtil.cs @@ -0,0 +1,42 @@ +using DamageAssesment.Api.UsersAccess.Interfaces; +using System.Net.Http.Headers; +using System.Text; + +namespace DamageAssesment.Api.UsersAccess.Services +{ + public class HttpUtil : IHttpUtil + { + private readonly HttpClient httpClient; + private readonly ILogger logger; + + public HttpUtil(HttpClient httpClient, ILogger logger) + { + this.httpClient = httpClient; + this.logger = logger; + } + public async Task SendAsync(HttpMethod method, string url, string JsonInput) + { + try + { + var request = new HttpRequestMessage(method, url); + request.Headers.Accept.Clear(); + request.Headers.Accept.Add(new MediaTypeWithQualityHeaderValue("application/json")); + + //request.Headers.Authorization = new AuthenticationHeaderValue("Bearer", token); + if (method == HttpMethod.Post) + { + request.Content = new StringContent(JsonInput, Encoding.UTF8, "application/json"); + } + var response = await httpClient.SendAsync(request, CancellationToken.None); + response.EnsureSuccessStatusCode(); + var responseString = await response.Content.ReadAsStringAsync(); + return responseString; + } + catch (Exception ex) + { + logger?.LogError($"Exception Message : {ex.Message} - Ref: HttpUtil.SendAsync()"); + return null; + } + } + } +} diff --git a/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Services/ServiceProviderBase.cs b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Services/ServiceProviderBase.cs new file mode 100644 index 0000000..c5512c7 --- /dev/null +++ b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Services/ServiceProviderBase.cs @@ -0,0 +1,25 @@ +using DamageAssesment.Api.UsersAccess.Interfaces; + +namespace DamageAssesment.Api.UsersAccess.Services +{ + public class ServiceProviderBase + { + protected readonly IConfiguration configuration; + protected readonly IHttpUtil httpUtil; + protected readonly ILogger logger; + protected string ressource; + protected string urlBase; + protected string url; + + + public ServiceProviderBase(IConfiguration configuration, IHttpUtil httpUtil, ILogger logger, string ressource, string urlBase) + { + this.configuration = configuration; + this.httpUtil = httpUtil; + this.logger = logger; + this.ressource = ressource; + this.urlBase = urlBase; + url = urlBase + ressource; + } + } +} diff --git a/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Services/TokenServiceProvider.cs b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Services/TokenServiceProvider.cs new file mode 100644 index 0000000..91645b9 --- /dev/null +++ b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/Services/TokenServiceProvider.cs @@ -0,0 +1,59 @@ +using System.IdentityModel.Tokens.Jwt; +using System.Security.Claims; +using System.Security.Cryptography; +using System.Text; +using DamageAssesment.Api.UsersAccess.Db; +using DamageAssesment.Api.UsersAccess.Interfaces; +using DamageAssesment.Api.UsersAccess.Models; +using Microsoft.EntityFrameworkCore; +using Microsoft.Extensions.Options; +using Microsoft.IdentityModel.Tokens; + +namespace DamageAssesment.Api.UsersAccess.Services +{ + public class TokenServiceProvider : ITokenServiceProvider + { + private readonly UsersAccessDbContext usersAccessDbContext; + private readonly JwtSettings jwtSettings; + public TokenServiceProvider(IOptions options, UsersAccessDbContext usersAccessDbContext) + { + this.usersAccessDbContext = usersAccessDbContext; + this.jwtSettings = options.Value; + } + public async Task GenerateToken(Models.User user) + { + var randomnumber = new byte[32]; + using (var ramdomnumbergenerator = RandomNumberGenerator.Create()) + { + ramdomnumbergenerator.GetBytes(randomnumber); + string refreshtoken = Convert.ToBase64String(randomnumber); + var token = await usersAccessDbContext.Tokens.FirstOrDefaultAsync(item => item.UserId == user.Id); + if (token != null) + { + token.RefreshToken = refreshtoken; + } + else + { + usersAccessDbContext.Tokens.Add(new Db.Token() + { + UserId = user.Id, + RefreshToken = refreshtoken, + IsActive = true + }); + } + await usersAccessDbContext.SaveChangesAsync(); + + return refreshtoken; + } + } + + public async Task TokenAuthenticate(Models.User user, Claim[] claims) + { + var token = new JwtSecurityToken(claims: claims, expires: DateTime.Now.AddSeconds(20), + signingCredentials: new SigningCredentials(new SymmetricSecurityKey(Encoding.UTF8.GetBytes(jwtSettings.securitykey)), SecurityAlgorithms.HmacSha256) + ); + var jwttoken = new JwtSecurityTokenHandler().WriteToken(token); + return new TokenResponse() { jwttoken = jwttoken, refreshtoken = await GenerateToken(user) }; + } + } +} \ No newline at end of file diff --git a/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/appsettings.Development.json b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/appsettings.Development.json new file mode 100644 index 0000000..0c208ae --- /dev/null +++ b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/appsettings.Development.json @@ -0,0 +1,8 @@ +{ + "Logging": { + "LogLevel": { + "Default": "Information", + "Microsoft.AspNetCore": "Warning" + } + } +} diff --git a/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/appsettings.json b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/appsettings.json new file mode 100644 index 0000000..38fe47e --- /dev/null +++ b/DamageAssesmentApi/DamageAssesment.Api.UsersAccess/appsettings.json @@ -0,0 +1,36 @@ +{ + "JwtSettings": { + "securitykey": "bWlhbWkgZGFkZSBzY2hvb2xzIHNlY3JldCBrZXk=" + }, + "Logging": { + "LogLevel": { + "Default": "Information", + "Microsoft.AspNetCore": "Warning" + } + }, + "EndPointSettings": { + "EmployeeUrlBase": "http://localhost:5135" + }, + "RessourceSettings": { + "Employee": "/Employees", + "EmployeeById": "/Employees/{0}" + }, + "AllowedHosts": "*", + "Dadeschools": { + "Authority": "https://dev-graph.dadeschools.net", + "TokenUrl": "https://dev-graph.dadeschools.net/connect/token", + "ClientId": "dmapi", + "ClientSecret": "bfce2c8d-2064-4a02-b19d-7f1d42b16eae", + "Name": "Dadeschools Identity Server" + }, + "Scopes": [ + { + "Name": "openid", + "Description": "Request an authentication token on your behalf" + }, + { + "Name": "profile", + "Description": "Read basic information about you such as your date of brith and full name" + } + ] +} diff --git a/DamageAssesmentApi/DamageAssesment.sln b/DamageAssesmentApi/DamageAssesment.sln index af5023f..89f8cb7 100644 --- a/DamageAssesmentApi/DamageAssesment.sln +++ b/DamageAssesmentApi/DamageAssesment.sln @@ -41,6 +41,10 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "DamageAssesment.Api.Respons EndProject Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "DamageAssesment.Api.Responses.Test", "DamageAssesment.Api.Responses.Test\DamageAssesment.Api.Responses.Test.csproj", "{26BFCF59-0D24-41C1-9202-D4FFCC52389B}" EndProject +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "DamageAssesment.Api.UsersAccess", "DamageAssesment.Api.UsersAccess\DamageAssesment.Api.UsersAccess.csproj", "{40240AD6-90D2-4128-BCDF-12C77D1B1B55}" +EndProject +Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "DamageAssesment.Api.UsersAccess.Test", "DamageAssesment.Api.UsersAccess.Test\DamageAssesment.Api.UsersAccess.Test.csproj", "{ADAF9385-262C-4A37-A603-A53B77EA515D}" +EndProject Global GlobalSection(SolutionConfigurationPlatforms) = preSolution Debug|Any CPU = Debug|Any CPU @@ -111,6 +115,14 @@ Global {26BFCF59-0D24-41C1-9202-D4FFCC52389B}.Debug|Any CPU.Build.0 = Debug|Any CPU {26BFCF59-0D24-41C1-9202-D4FFCC52389B}.Release|Any CPU.ActiveCfg = Release|Any CPU {26BFCF59-0D24-41C1-9202-D4FFCC52389B}.Release|Any CPU.Build.0 = Release|Any CPU + {40240AD6-90D2-4128-BCDF-12C77D1B1B55}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {40240AD6-90D2-4128-BCDF-12C77D1B1B55}.Debug|Any CPU.Build.0 = Debug|Any CPU + {40240AD6-90D2-4128-BCDF-12C77D1B1B55}.Release|Any CPU.ActiveCfg = Release|Any CPU + {40240AD6-90D2-4128-BCDF-12C77D1B1B55}.Release|Any CPU.Build.0 = Release|Any CPU + {ADAF9385-262C-4A37-A603-A53B77EA515D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU + {ADAF9385-262C-4A37-A603-A53B77EA515D}.Debug|Any CPU.Build.0 = Debug|Any CPU + {ADAF9385-262C-4A37-A603-A53B77EA515D}.Release|Any CPU.ActiveCfg = Release|Any CPU + {ADAF9385-262C-4A37-A603-A53B77EA515D}.Release|Any CPU.Build.0 = Release|Any CPU EndGlobalSection GlobalSection(SolutionProperties) = preSolution HideSolutionNode = FALSE