Explicit declaring variables.

Adding exchange token validation.

Author: renemadsen

eFormAPI/eFormAPI/Controllers/EntitySearchController.cs

@@ -24,8 +24,8 @@ public OperationDataResult<EntityGroupList> GetEntityGroupList(
         {
             try
             {
-                var core = _coreHelper.GetCore();
-                var model = core.Advanced_EntityGroupAll(requestModel.Sort, requestModel.NameFilter,
+                eFormCore.Core core = _coreHelper.GetCore();
+                EntityGroupList model = core.Advanced_EntityGroupAll(requestModel.Sort, requestModel.NameFilter,
                     requestModel.PageIndex, requestModel.PageSize, Constants.FieldTypes.EntitySearch,
                     requestModel.IsSortDsc,
                     Constants.WorkflowStates.NotRemoved);
@@ -44,13 +44,13 @@ public OperationResult CreateEntityGroup(AdvEntitySearchableGroupEditModel editM
         {
             try
             {
-                var core = _coreHelper.GetCore();
-                var groupCreate = core.EntityGroupCreate(Constants.FieldTypes.EntitySearch, editModel.Name);
+                eFormCore.Core core = _coreHelper.GetCore();
+                EntityGroup groupCreate = core.EntityGroupCreate(Constants.FieldTypes.EntitySearch, editModel.Name);
                 if (editModel.AdvEntitySearchableItemModels.Any())
                 {
-                    var entityGroup = core.EntityGroupRead(groupCreate.MicrotingUUID);
-                    var nextItemUid = entityGroup.EntityGroupItemLst.Count;
-                    foreach (var entityItem in editModel.AdvEntitySearchableItemModels)
+                    EntityGroup entityGroup = core.EntityGroupRead(groupCreate.MicrotingUUID);
+                    int nextItemUid = entityGroup.EntityGroupItemLst.Count;
+                    foreach (EntityItem entityItem in editModel.AdvEntitySearchableItemModels)
                     {
                         core.EntitySearchItemCreate(entityGroup.Id, entityItem.Name, entityItem.Description,
                             nextItemUid.ToString());
@@ -78,10 +78,10 @@ public OperationResult UpdateEntityGroup(AdvEntitySearchableGroupEditModel editM
         {
             try
             {
-                var core = _coreHelper.GetCore();
-                var entityGroup = core.EntityGroupRead(editModel.GroupUid);
+                eFormCore.Core core = _coreHelper.GetCore();
+                EntityGroup entityGroup = core.EntityGroupRead(editModel.GroupUid);
 
-                var nextItemUid = entityGroup.EntityGroupItemLst.Count;
+                int nextItemUid = entityGroup.EntityGroupItemLst.Count;
                 List<int> currentIds = new List<int>();
 
                 foreach (var entityItem in editModel.AdvEntitySearchableItemModels)
@@ -125,9 +125,9 @@ public OperationDataResult<EntityGroup> GetEntityGroup(string entityGroupUid)
         {
             try
             {
-                var core = _coreHelper.GetCore();
+                eFormCore.Core core = _coreHelper.GetCore();
 
-                var entityGroup = core.EntityGroupRead(entityGroupUid);
+                EntityGroup entityGroup = core.EntityGroupRead(entityGroupUid);
 
                 return new OperationDataResult<EntityGroup>(true, entityGroup);
             }
@@ -145,13 +145,13 @@ public OperationDataResult<List<CommonDictionaryTextModel>> GetEntityGroupDictio
         {
             try
             {
-                var core = _coreHelper.GetCore();
+                eFormCore.Core core = _coreHelper.GetCore();
 
-                var entityGroup = core.EntityGroupRead(entityGroupUid, null, searchString);
+                EntityGroup entityGroup = core.EntityGroupRead(entityGroupUid, null, searchString);
 
-                var mappedEntityGroupDict = new List<CommonDictionaryTextModel>();
+                List<CommonDictionaryTextModel> mappedEntityGroupDict = new List<CommonDictionaryTextModel>();
 
-                foreach (var entityGroupItem in entityGroup.EntityGroupItemLst)
+                foreach (EntityItem entityGroupItem in entityGroup.EntityGroupItemLst)
                 {
                     mappedEntityGroupDict.Add(new CommonDictionaryTextModel()
                     {
@@ -175,8 +175,7 @@ public OperationResult DeleteEntityGroup(string entityGroupUid)
         {
             try
             {
-                var core = _coreHelper.GetCore();
-
+                eFormCore.Core core = _coreHelper.GetCore();
 
                 return core.EntityGroupDelete(entityGroupUid)
                     ? new OperationResult(true, LocaleHelper.GetString("ParamDeletedSuccessfully", entityGroupUid))
@@ -195,8 +194,7 @@ public OperationResult SendSearchableGroup(string entityGroupUid)
         {
             try
             {
-                var core = _coreHelper.GetCore();
-
+                eFormCore.Core core = _coreHelper.GetCore();
 
                 return new OperationResult(true, LocaleHelper.GetString("ParamDeletedSuccessfully", entityGroupUid));
             }

eFormAPI/eFormAPI/Controllers/EntitySelectController.cs

@@ -9,6 +9,7 @@
 using eFormApi.BasePn.Infrastructure;
 using eFormApi.BasePn.Infrastructure.Helpers;
 using eFormApi.BasePn.Infrastructure.Models.API;
+using eFormAPI.Web.Infrastructure.Helpers.ExchangeTokenValidation;
 
 namespace eFormAPI.Web.Controllers
 {
@@ -24,8 +25,8 @@ public OperationDataResult<EntityGroupList> GetEntityGroupList(
         {
             try
             {
-                var core = _coreHelper.GetCore();
-                var model = core.Advanced_EntityGroupAll(requestModel.Sort, requestModel.NameFilter,
+                eFormCore.Core core = _coreHelper.GetCore();
+                EntityGroupList model = core.Advanced_EntityGroupAll(requestModel.Sort, requestModel.NameFilter,
                     requestModel.PageIndex, requestModel.PageSize, Constants.FieldTypes.EntitySelect,
                     requestModel.IsSortDsc,
                     Constants.WorkflowStates.NotRemoved);
@@ -43,8 +44,8 @@ public OperationResult CreateEntityGroup(AdvEntitySelectableGroupEditModel editM
         {
             try
             {
-                var core = _coreHelper.GetCore();
-                var groupCreate = core.EntityGroupCreate(Constants.FieldTypes.EntitySelect, editModel.Name);
+                eFormCore.Core core = _coreHelper.GetCore();
+                EntityGroup groupCreate = core.EntityGroupCreate(Constants.FieldTypes.EntitySelect, editModel.Name);
                 if (editModel.AdvEntitySelectableItemModels.Any())
                 {
                     var entityGroup = core.EntityGroupRead(groupCreate.MicrotingUUID);
@@ -72,8 +73,8 @@ public OperationResult UpdateEntityGroup(AdvEntitySelectableGroupEditModel editM
         {
             try
             {
-                var core = _coreHelper.GetCore();
-                var entityGroup = core.EntityGroupRead(editModel.GroupUid);
+                eFormCore.Core core = _coreHelper.GetCore();
+                EntityGroup entityGroup = core.EntityGroupRead(editModel.GroupUid);
 
                 if (editModel.AdvEntitySelectableItemModels.Any())
                 {
@@ -115,9 +116,9 @@ public OperationDataResult<EntityGroup> GetEntityGroup(string entityGroupUid)
         {
             try
             {
-                var core = _coreHelper.GetCore();
+                eFormCore.Core core = _coreHelper.GetCore();
 
-                var entityGroup = core.EntityGroupRead(entityGroupUid);
+                EntityGroup entityGroup = core.EntityGroupRead(entityGroupUid);
 
                 return new OperationDataResult<EntityGroup>(true, entityGroup);
             }
@@ -129,18 +130,20 @@ public OperationDataResult<EntityGroup> GetEntityGroup(string entityGroupUid)
 
         [HttpGet]
         [AllowAnonymous]
-        [Route("api/selectable-groups/get/{entityGroupUid}/token={token}")]
-        public OperationDataResult<EntityGroup> GetEntityGroupExternally(string entityGroupUid, string token)
+        [Route("api/selectable-groups/get/{entityGroupUid}/exchange")]
+        public OperationDataResult<EntityGroup> GetEntityGroupExternally(string entityGroupUid, string token, string callerURL)
         {
             // Do some validation of the token. For now token is not valid
-            bool tokenIsValid = false;
-            if (tokenIsValid)
+            //bool tokenIsValid = false;
+            ExchangeIdToken idToken = new ExchangeIdToken(token);
+            IdTokenValidationResult result = idToken.Validate(callerURL);
+            if (result.IsValid)
             {
                 try
                 {
-                    var core = _coreHelper.GetCore();
+                    eFormCore.Core core = _coreHelper.GetCore();
 
-                    var entityGroup = core.EntityGroupRead(entityGroupUid);
+                    EntityGroup entityGroup = core.EntityGroupRead(entityGroupUid);
 
                     return new OperationDataResult<EntityGroup>(true, entityGroup);
                 }
@@ -162,13 +165,13 @@ public OperationDataResult<List<CommonDictionaryTextModel>> GetEntityGroupDictio
         {
             try
             {
-                var core = _coreHelper.GetCore();
+                eFormCore.Core core = _coreHelper.GetCore();
 
-                var entityGroup = core.EntityGroupRead(entityGroupUid);
+                EntityGroup entityGroup = core.EntityGroupRead(entityGroupUid);
 
-                var mappedEntityGroupDict = new List<CommonDictionaryTextModel>();
+                List<CommonDictionaryTextModel> mappedEntityGroupDict = new List<CommonDictionaryTextModel>();
 
-                foreach (var entityGroupItem in entityGroup.EntityGroupItemLst)
+                foreach (EntityItem entityGroupItem in entityGroup.EntityGroupItemLst)
                 {
                     mappedEntityGroupDict.Add(new CommonDictionaryTextModel()
                     {
@@ -192,8 +195,7 @@ public OperationResult DeleteEntityGroup(string entityGroupUid)
         {
             try
             {
-                var core = _coreHelper.GetCore();
-
+                eFormCore.Core core = _coreHelper.GetCore();
 
                 return core.EntityGroupDelete(entityGroupUid)
                     ? new OperationResult(true, LocaleHelper.GetString("ParamDeletedSuccessfully", entityGroupUid))
@@ -212,8 +214,7 @@ public OperationResult SendSearchableGroup(string entityGroupUid)
         {
             try
             {
-                var core = _coreHelper.GetCore();
-
+                eFormCore.Core core = _coreHelper.GetCore();
 
                 return new OperationResult(true, LocaleHelper.GetString("ParamDeletedSuccessfully", entityGroupUid));
             }

eFormAPI/eFormAPI/Infrastructure/Helpers/ExchangeTokenValidation/ExchangeAppContext.cs

@@ -0,0 +1,27 @@
+using Newtonsoft.Json;
+
+namespace eFormAPI.Web.Infrastructure.Helpers.ExchangeTokenValidation
+{
+    /// <summary>
+    /// Representation of the appctx claim in an Exchange user identity token.
+    /// </summary>
+    public class ExchangeAppContext
+    {
+        /// <summary>
+        /// The Exchange identifier for the user
+        /// </summary>
+        [JsonProperty("msexchuid")]
+        public string ExchangeUid { get; set; }
+
+        /// <summary>
+        /// The token version
+        /// </summary>
+        public string Version { get; set; }
+
+        /// <summary>
+        /// The URL to download authentication metadata
+        /// </summary>
+        [JsonProperty("amurl")]
+        public string MetadataUrl { get; set; }
+    }
+}

eFormAPI/eFormAPI/Infrastructure/Helpers/ExchangeTokenValidation/ExchangeAuthMetadata.cs

@@ -0,0 +1,49 @@
+namespace eFormAPI.Web.Infrastructure.Helpers.ExchangeTokenValidation
+{
+    /// <summary>
+    /// Represents the Exchange authentication metadata retrieved from the server
+    /// </summary>
+    public class ExchangeAuthMetadata
+    {
+        /// <summary>
+        /// The ID of the metadata
+        /// </summary>
+        public string Id { get; set; }
+
+        /// <summary>
+        /// Metadata version
+        /// </summary>
+        public string Version { get; set; }
+
+        /// <summary>
+        /// Metadata name
+        /// </summary>
+        public string Name { get; set; }
+
+        /// <summary>
+        /// Metadata realm
+        /// </summary>
+        public string Realm { get; set; }
+
+        /// <summary>
+        /// Metadata service name
+        /// </summary>
+        public string ServiceName { get; set; }
+
+        /// <summary>
+        /// Metadata issuer
+        /// </summary>
+        public string Issuer { get; set; }
+
+        /// <summary>
+        /// Metadata allowed audiences
+        /// </summary>
+        public string[] AllowedAudiences { get; set; }
+
+        /// <summary>
+        /// Available signing keys
+        /// </summary>
+        public ExchangeKey[] Keys { get; set; }
+
+    }
+}