Add GetCurrentUser method to the repository API. (#113)

tusmester · web-flow · commit d3541a8cf35d · 2023-06-13T11:59:09.000+02:00
* Add GetCurrentUser method to the repository API.

* Add more tests and fallback to visitor.
diff --git a/src/SenseNet.Client.Tests/UnitTests/RepositoryTests.cs b/src/SenseNet.Client.Tests/UnitTests/RepositoryTests.cs
@@ -1956,6 +1956,202 @@ private async Task QueryForAdminTest<T>(bool isExceptionExpected) where T : Cont
             Assert.AreEqual("Item1, Item2, Item3, Item4", typeNames);
         }
 
+        /* ============================================================================ AUTHENTICATION */
+
+        [TestMethod]
+        public async Task Repository_Auth_GetCurrentUser_ValidUser_ValidToken()
+        {
+            // ALIGN
+            var restCaller = CreateRestCallerFor(@"{ ""d"": { 
+""Name"": ""Admin"", ""Id"": 1, ""Type"": ""User"" }}");
+            var repositories = GetRepositoryCollection(services =>
+            {
+                services.AddSingleton(restCaller);
+            });
+            var repository = await repositories.GetRepositoryAsync("local", CancellationToken.None)
+                .ConfigureAwait(false);
+
+            // this is a test token containing the admin id (1) as a SUB
+            repository.Server.Authentication.AccessToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxIiwibm" +
+                                                           "FtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.ZU43TYZENiuL" +
+                                                           "dKJPpd-hnkFhRkpLPurixsKr-8m-kBc";
+
+            // ACT
+            var content = await repository.GetCurrentUserAsync(CancellationToken.None)
+                .ConfigureAwait(false);
+
+            // ASSERT
+            var requestedUri = (Uri)restCaller.ReceivedCalls().ToArray()[1].GetArguments().First()!;
+            Assert.IsNotNull(requestedUri);
+            Assert.AreEqual("/OData.svc/content(1)?metadata=no", requestedUri.PathAndQuery);
+
+            Assert.IsNotNull(content);
+            Assert.AreEqual("Admin", content.Name);
+        }
+        [TestMethod]
+        public async Task Repository_Auth_GetCurrentUser_ValidUser_ValidToken_WithParameters()
+        {
+            // ALIGN
+            var restCaller = CreateRestCallerFor(@"{ ""d"": { 
+""Name"": ""Admin"", ""Id"": 1, ""Type"": ""User"" }}");
+            var repositories = GetRepositoryCollection(services =>
+            {
+                services.AddSingleton(restCaller);
+            });
+            var repository = await repositories.GetRepositoryAsync("local", CancellationToken.None)
+                .ConfigureAwait(false);
+
+            // this is a test token containing the admin id (1) as a SUB
+            repository.Server.Authentication.AccessToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxIiwibm" +
+                                                           "FtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.ZU43TYZENiuL" +
+                                                           "dKJPpd-hnkFhRkpLPurixsKr-8m-kBc";
+
+            // ACT
+            // define select and expand parameters
+            var content = await repository.GetCurrentUserAsync(
+                new []{"Id", "Name", "Type", "Manager/Name"}, 
+                new []{"Manager"},
+                CancellationToken.None).ConfigureAwait(false);
+
+            // ASSERT
+            var requestedUri = (Uri)restCaller.ReceivedCalls().ToArray()[1].GetArguments().First()!;
+            Assert.IsNotNull(requestedUri);
+            Assert.AreEqual("/OData.svc/content(1)?metadata=no&$expand=Manager&$select=Id,Name,Type,Manager/Name",
+                requestedUri.PathAndQuery);
+
+            Assert.IsNotNull(content);
+            Assert.AreEqual("Admin", content.Name);
+        }
+        [TestMethod]
+        public async Task Repository_Auth_GetCurrentUser_ValidUser_ExpiredToken()
+        {
+            // ALIGN
+            var restCaller = Substitute.For<IRestCaller>();
+
+            // first call: expired token, inaccessible user id
+            restCaller
+                .GetResponseStringAsync(Arg.Is<Uri>(uri => uri.PathAndQuery.Contains("/OData.svc/content(123456)")),
+                    Arg.Any<HttpMethod>(), Arg.Any<string>(), 
+                    Arg.Any<Dictionary<string, IEnumerable<string>>>(),
+                    Arg.Any<CancellationToken>())
+                .Returns(Task.FromResult(string.Empty));
+
+            // second call: GetCurrentUser action, returns the Visitor user
+            restCaller.GetResponseStringAsync(Arg.Is<Uri>(uri => uri.PathAndQuery.Contains("/OData.svc/('Root')/GetCurrentUser")),
+                    Arg.Any<HttpMethod>(), Arg.Any<string>(),
+                    Arg.Any<Dictionary<string, IEnumerable<string>>>(),
+                    Arg.Any<CancellationToken>())
+                .Returns(Task.FromResult(@"{ ""Name"": ""Visitor"", ""Id"": 6, ""Type"": ""User"" }"));
+            
+            var repositories = GetRepositoryCollection(services =>
+            {
+                services.AddSingleton(restCaller);
+            });
+            var repository = await repositories.GetRepositoryAsync("local", CancellationToken.None)
+                .ConfigureAwait(false);
+
+            // this is a test token containing 123456 (INACCESSIBLE user) as a SUB
+            repository.Server.Authentication.AccessToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMj" +
+                                                           "M0NTYiLCJuYW1lIjoiSm9obiBEb2UiLCJpYXQiOjE1MTYyMzkwM" +
+                                                           "jJ9.MkiS50WhvOFwrwxQzd5Kp3VzkQUZhvex3kQv-CLeS3M";
+
+            // ACT
+            var content = await repository.GetCurrentUserAsync(CancellationToken.None)
+                .ConfigureAwait(false);
+
+            // ASSERT
+            var requestedUri1 = (Uri)restCaller.ReceivedCalls().ToArray()[1].GetArguments().First()!;
+            Assert.AreEqual("/OData.svc/content(123456)?metadata=no", requestedUri1.PathAndQuery);
+
+            var requestedUri2 = (Uri)restCaller.ReceivedCalls().ToArray()[2].GetArguments().First()!;
+            Assert.AreEqual("/OData.svc/('Root')/GetCurrentUser?metadata=no", requestedUri2.PathAndQuery);
+
+            Assert.IsNotNull(content);
+            Assert.AreEqual("Visitor", content.Name);
+        }
+        [TestMethod]
+        public async Task Repository_Auth_GetCurrentUser_ValidUser_UnknownToken()
+        {
+            // ALIGN
+            var restCaller = CreateRestCallerFor(@"{""Name"": ""Admin"", ""Id"": 1, ""Type"": ""User"" }");
+            var repositories = GetRepositoryCollection(services =>
+            {
+                services.AddSingleton(restCaller);
+            });
+            var repository = await repositories.GetRepositoryAsync("local", CancellationToken.None)
+                .ConfigureAwait(false);
+
+            // edge case: this is a not parseable token that is still accepted by the server
+            repository.Server.Authentication.AccessToken = "not parseable token";
+
+            // ACT
+            var content = await repository.GetCurrentUserAsync(CancellationToken.None)
+                .ConfigureAwait(false);
+
+            // ASSERT
+            var requestedUri = (Uri)restCaller.ReceivedCalls().ToArray()[1].GetArguments().First()!;
+            Assert.IsNotNull(requestedUri);
+            Assert.AreEqual("/OData.svc/('Root')/GetCurrentUser?metadata=no", requestedUri.PathAndQuery);
+
+            Assert.IsNotNull(content);
+            Assert.AreEqual("Admin", content.Name);
+        }
+        [TestMethod]
+        public async Task Repository_Auth_GetCurrentUser_ValidUser_ApiKey()
+        {
+            // ALIGN
+            var restCaller = CreateRestCallerFor(@"{""Name"": ""Admin"", ""Id"": 1, ""Type"": ""User"" }");
+            var repositories = GetRepositoryCollection(services =>
+            {
+                services.AddSingleton(restCaller);
+            });
+            var repository = await repositories.GetRepositoryAsync("local", CancellationToken.None)
+                .ConfigureAwait(false);
+
+            // we provide an api key instead of an access token
+            repository.Server.Authentication.ApiKey = "valid api key";
+
+            // ACT
+            var content = await repository.GetCurrentUserAsync(CancellationToken.None)
+                .ConfigureAwait(false);
+
+            // ASSERT
+            var requestedUri = (Uri)restCaller.ReceivedCalls().ToArray()[1].GetArguments().First()!;
+            Assert.IsNotNull(requestedUri);
+            Assert.AreEqual("/OData.svc/('Root')/GetCurrentUser?metadata=no", requestedUri.PathAndQuery);
+
+            Assert.IsNotNull(content);
+            Assert.AreEqual("Admin", content.Name);
+        }
+        [TestMethod]
+        public async Task Repository_Auth_GetCurrentUser_Visitor_NoToken()
+        {
+            // ALIGN
+            var restCaller = CreateRestCallerFor(@"{ ""d"": {
+""Name"": ""Visitor"", ""Id"": 6, ""Type"": ""User"" }}");
+            var repositories = GetRepositoryCollection(services =>
+            {
+                services.AddSingleton(restCaller);
+            });
+            var repository = await repositories.GetRepositoryAsync("local", CancellationToken.None)
+                .ConfigureAwait(false);
+
+            // no token
+            repository.Server.Authentication.AccessToken = null;
+
+            // ACT
+            var content = await repository.GetCurrentUserAsync(CancellationToken.None)
+                .ConfigureAwait(false);
+
+            // ASSERT
+            var requestedUri = (Uri)restCaller.ReceivedCalls().ToArray()[1].GetArguments().First()!;
+            Assert.IsNotNull(requestedUri);
+            Assert.AreEqual("/OData.svc/Root/IMS/BuiltIn/Portal('Visitor')?metadata=no", requestedUri.PathAndQuery);
+
+            Assert.IsNotNull(content);
+            Assert.AreEqual("Visitor", content.Name);
+        }
+
         /* ====================================================================== CUSTOM REQUESTS */
 
         private class CustomNestedObject
diff --git a/src/SenseNet.Client/Repository/IRepository.cs b/src/SenseNet.Client/Repository/IRepository.cs
@@ -393,6 +393,11 @@ public interface IRepository
     /// <returns>A task that represents an asynchronous operation.</returns>
     public Task DeleteContentAsync(object[] idsOrPaths, bool permanent, CancellationToken cancel);
 
+    /* ============================================================================ AUTHENTICATION */
+
+    public Task<Content> GetCurrentUserAsync(CancellationToken cancel);
+    public Task<Content> GetCurrentUserAsync(string[] select, string[] expand, CancellationToken cancel);
+
     /* ============================================================================ MIDDLE LEVEL API */
 
     /// <summary>
diff --git a/src/SenseNet.Client/Repository/Repository.cs b/src/SenseNet.Client/Repository/Repository.cs
@@ -13,6 +13,7 @@
 using System.Net.Http.Headers;
 using System.Net;
 using System.Text;
+using System.IdentityModel.Tokens.Jwt;
 
 // ReSharper disable once CheckNamespace
 namespace SenseNet.Client;
@@ -565,6 +566,72 @@ await GetResponseStringAsync(oDataRequest, HttpMethod.Post, cancel)
             : $"{idsOrPaths.Length} contents were deleted.");
     }
 
+    /* ============================================================================ AUTHENTICATION */
+
+    public Task<Content> GetCurrentUserAsync(CancellationToken cancel)
+    {
+        return GetCurrentUserAsync(null, null, cancel);
+    }
+    public async Task<Content> GetCurrentUserAsync(string[] select, string[] expand, CancellationToken cancel)
+    {
+        var accessToken = Server?.Authentication?.AccessToken;
+
+        if (!string.IsNullOrEmpty(accessToken))
+        {
+            // The token contains the user id in the SUB claim.
+            try
+            {
+                var handler = new JwtSecurityTokenHandler();
+                var jwtSecurityToken = handler.ReadJwtToken(accessToken);
+
+                if (int.TryParse(jwtSecurityToken.Subject, out var contentId))
+                {
+                    // Userid found: simply load the user. This will make this method work
+                    // even with older portals where the action below does not exist yet.
+                    var user = await LoadContentAsync(new LoadContentRequest
+                    {
+                        ContentId = contentId,
+                        Select = select,
+                        Expand = expand
+                    }, cancel).ConfigureAwait(false);
+                    
+                    if (user != null)
+                        return user;
+
+                    // the user is not found, we will load the visitor later
+                }
+            }
+            catch (Exception ex)
+            {
+                _logger.LogTrace(ex, "Error during JWT access token conversion.");
+            }
+        }
+        
+        // if there is a chance that the user is authenticated (token or key is present)
+        if (!string.IsNullOrEmpty(accessToken) || !string.IsNullOrEmpty(Server?.Authentication?.ApiKey))
+        {
+            // we could not extract the user from the token: use the new action as a fallback
+            var request = new ODataRequest(Server)
+            {
+                Path = "/Root",
+                ActionName = "GetCurrentUser",
+                Select = select,
+                Expand = expand
+            };
+
+            var response = await GetResponseJsonAsync(request, HttpMethod.Get, cancel).ConfigureAwait(false);
+            return CreateContentFromJson(response);
+        }
+
+        // no token: load Visitor
+        return await LoadContentAsync(new LoadContentRequest
+        {
+            Path = Constants.User.VisitorPath,
+            Select = select,
+            Expand = expand
+        }, cancel).ConfigureAwait(false);
+    }
+
     /* ============================================================================ MIDDLE LEVEL API */
 
     public async Task<T> GetResponseAsync<T>(ODataRequest requestData, HttpMethod method, CancellationToken cancel)
