PR Update and Revoke bug fix

Author: acoumb

src/Umbraco.AuthorizedServices/Controllers/AuthorizedServiceController.cs

@@ -130,8 +130,15 @@ public async Task<IActionResult> SendSampleRequest(string alias, string path)
     [HttpPost]
     public IActionResult RevokeAccess(RevokeAccess model)
     {
-        _tokenStorage.DeleteToken(model.Alias);
-        _keyStorage.DeleteKey(model.Alias);
+        ServiceDetail serviceDetail = _serviceDetailOptions.Get(model.Alias);
+        if (serviceDetail.AuthenticationMethod != AuthenticationMethod.ApiKey)
+        {
+            _tokenStorage.DeleteToken(model.Alias);
+        }
+        else
+        {
+            _keyStorage.DeleteKey(model.Alias);
+        }
         return Ok();
     }
 

src/Umbraco.AuthorizedServices/Services/Implement/AuthorizedServiceCaller.cs

@@ -82,11 +82,19 @@ public async Task<string> SendRequestRawAsync<TRequest>(string serviceAlias, str
         if (serviceDetail.AuthenticationMethod == AuthenticationMethod.ApiKey)
         {
             string? key = KeyStorage.GetKey(serviceAlias);
+
+            if (key is null && string.IsNullOrEmpty(serviceDetail.ApiKey))
+            {
+                throw new AuthorizedServiceException($"Cannot request service '{serviceAlias}' as access has not yet been authorized.");
+            }
+
             requestMessage = _authorizedRequestBuilder.CreateRequestMessageWithApiKey(
                 serviceDetail,
                 path,
                 httpMethod,
-                key is not null ? key : (!string.IsNullOrEmpty(serviceDetail.ApiKey) ? serviceDetail.ApiKey : string.Empty),
+                !string.IsNullOrEmpty(serviceDetail.ApiKey)
+                    ? serviceDetail.ApiKey
+                    : (key ?? string.Empty),
                 requestContent);
         }
         else
@@ -119,9 +127,9 @@ public async Task<string> SendRequestRawAsync<TRequest>(string serviceAlias, str
     {
         ServiceDetail serviceDetail = GetServiceDetail(serviceAlias);
         string? key = KeyStorage.GetKey(serviceAlias);
-        return key is not null
-            ? key
-            : serviceDetail?.ApiKey;
+        return !string.IsNullOrEmpty(serviceDetail.ApiKey)
+            ? serviceDetail.ApiKey
+            : key;
     }
 
     public string? GetToken(string serviceAlias)

src/Umbraco.AuthorizedServices/Services/Implement/DatabaseAuthorizationParameterStorageBase.cs

@@ -0,0 +1,23 @@
+using Microsoft.Extensions.Logging;
+using Umbraco.Cms.Infrastructure.Scoping;
+
+namespace Umbraco.AuthorizedServices.Services.Implement;
+
+internal class DatabaseAuthorizationParameterStorageBase
+{
+    protected IScopeProvider ScopeProvider { get; }
+
+    protected ISecretEncryptor Encryptor { get; }
+
+    protected ILogger<DatabaseAuthorizationParameterStorageBase> Logger { get; }
+
+    public DatabaseAuthorizationParameterStorageBase(
+        IScopeProvider scopeProvider,
+        ISecretEncryptor encryptor,
+        ILogger<DatabaseAuthorizationParameterStorageBase> logger)
+    {
+        ScopeProvider = scopeProvider;
+        Encryptor = encryptor;
+        Logger = logger;
+    }
+}

src/Umbraco.AuthorizedServices/Services/Implement/DatabaseKeyStorage.cs

@@ -1,5 +1,4 @@
 using Microsoft.Extensions.Logging;
-using Umbraco.AuthorizedServices.Models;
 using Umbraco.AuthorizedServices.Persistence.Dtos;
 using Umbraco.Cms.Infrastructure.Scoping;
 
@@ -8,34 +7,28 @@ namespace Umbraco.AuthorizedServices.Services.Implement;
 /// <summary>
 /// Implements <see cref="IKeyStorage"/> for API key storage using a database table.
 /// </summary>
-internal sealed class DatabaseKeyStorage : IKeyStorage
+internal sealed class DatabaseKeyStorage : DatabaseAuthorizationParameterStorageBase, IKeyStorage
 {
-    private readonly IScopeProvider _scopeProvider;
-    private readonly ISecretEncryptor _encryptor;
-    private readonly ILogger<DatabaseKeyStorage> _logger;
-
     /// <summary>
     /// Initializes a new instance of the <see cref="DatabaseKeyStorage"/> class.
     /// </summary>
     public DatabaseKeyStorage(IScopeProvider scopeProvider, ISecretEncryptor encryptor, ILogger<DatabaseKeyStorage> logger)
+        : base(scopeProvider, encryptor, logger)
     {
-        _scopeProvider = scopeProvider;
-        _encryptor = encryptor;
-        _logger = logger;
     }
 
     /// <inheritdoc/>
     public string? GetKey(string serviceAlias)
     {
-        using IScope scope = _scopeProvider.CreateScope();
+        using IScope scope = ScopeProvider.CreateScope();
 
         KeyDto entity = scope.Database.FirstOrDefault<KeyDto>("where serviceAlias = @0", serviceAlias);
         if (entity == null)
         {
             return null;
         }
 
-        if (!_encryptor.TryDecrypt(entity.ApiKey, out string apiKey))
+        if (!Encryptor.TryDecrypt(entity.ApiKey, out string apiKey))
         {
             RemoveCorruptApiKey(serviceAlias);
             return null;
@@ -47,14 +40,14 @@ public DatabaseKeyStorage(IScopeProvider scopeProvider, ISecretEncryptor encrypt
     /// <inheritdoc/>
     public void SaveKey(string serviceAlias, string key)
     {
-        using IScope scope = _scopeProvider.CreateScope();
+        using IScope scope = ScopeProvider.CreateScope();
 
         KeyDto entity = scope.Database.SingleOrDefault<KeyDto>("where serviceAlias = @0", serviceAlias);
 
         bool insert = entity == null;
         entity ??= new KeyDto { ServiceAlias = serviceAlias };
 
-        entity.ApiKey = _encryptor.Encrypt(key);
+        entity.ApiKey = Encryptor.Encrypt(key);
 
         if (insert)
         {
@@ -71,7 +64,7 @@ public void SaveKey(string serviceAlias, string key)
     /// <inheritdoc/>
     public void DeleteKey(string serviceAlias)
     {
-        using IScope scope = _scopeProvider.CreateScope();
+        using IScope scope = ScopeProvider.CreateScope();
 
         KeyDto entity = scope.Database.Single<KeyDto>("where serviceAlias = @0", serviceAlias);
 
@@ -83,6 +76,6 @@ public void DeleteKey(string serviceAlias)
     private void RemoveCorruptApiKey(string serviceAlias)
     {
         DeleteKey(serviceAlias);
-        _logger.LogWarning($"Could not decrypt the stored API key for authorized service with alias '{serviceAlias}'. API key has been removed from storage.");
+        Logger.LogWarning($"Could not decrypt the stored API key for authorized service with alias '{serviceAlias}'. API key has been removed from storage.");
     }
 }

src/Umbraco.AuthorizedServices/Services/Implement/DatabaseTokenStorage.cs

@@ -8,34 +8,28 @@ namespace Umbraco.AuthorizedServices.Services.Implement;
 /// <summary>
 /// Implements <see cref="ITokenStorage"/> for token storage using a database table.
 /// </summary>
-internal sealed class DatabaseTokenStorage : ITokenStorage
+internal sealed class DatabaseTokenStorage : DatabaseAuthorizationParameterStorageBase, ITokenStorage
 {
-    private readonly IScopeProvider _scopeProvider;
-    private readonly ISecretEncryptor _encryptor;
-    private readonly ILogger<DatabaseTokenStorage> _logger;
-
     /// <summary>
     /// Initializes a new instance of the <see cref="DatabaseTokenStorage"/> class.
     /// </summary>
     public DatabaseTokenStorage(IScopeProvider scopeProvider, ISecretEncryptor encryptor, ILogger<DatabaseTokenStorage> logger)
+        : base(scopeProvider, encryptor, logger)
     {
-        _scopeProvider = scopeProvider;
-        _encryptor = encryptor;
-        _logger = logger;
     }
 
     /// <inheritdoc/>
     public Token? GetToken(string serviceAlias)
     {
-        using IScope scope = _scopeProvider.CreateScope();
+        using IScope scope = ScopeProvider.CreateScope();
 
         TokenDto entity = scope.Database.FirstOrDefault<TokenDto>("where serviceAlias = @0", serviceAlias);
         if (entity == null)
         {
             return null;
         }
 
-        if (!_encryptor.TryDecrypt(entity.AccessToken, out string accessToken))
+        if (!Encryptor.TryDecrypt(entity.AccessToken, out string accessToken))
         {
             RemoveCorruptToken(serviceAlias, "access");
             return null;
@@ -44,7 +38,7 @@ public DatabaseTokenStorage(IScopeProvider scopeProvider, ISecretEncryptor encry
         var refreshToken = string.Empty;
         if (!string.IsNullOrEmpty(entity.RefreshToken))
         {
-            if (!_encryptor.TryDecrypt(entity.RefreshToken, out refreshToken))
+            if (!Encryptor.TryDecrypt(entity.RefreshToken, out refreshToken))
             {
                 RemoveCorruptToken(serviceAlias, "refresh");
                 return null;
@@ -57,22 +51,22 @@ public DatabaseTokenStorage(IScopeProvider scopeProvider, ISecretEncryptor encry
     private void RemoveCorruptToken(string serviceAlias, string tokenType)
     {
         DeleteToken(serviceAlias);
-        _logger.LogWarning($"Could not decrypt the stored {tokenType} token for authorized service with alias '{serviceAlias}'. Token has been removed from storage.");
+        Logger.LogWarning($"Could not decrypt the stored {tokenType} token for authorized service with alias '{serviceAlias}'. Token has been removed from storage.");
     }
 
     /// <inheritdoc/>
     public void SaveToken(string serviceAlias, Token token)
     {
-        using IScope scope = _scopeProvider.CreateScope();
+        using IScope scope = ScopeProvider.CreateScope();
 
         TokenDto entity = scope.Database.SingleOrDefault<TokenDto>("where serviceAlias = @0", serviceAlias);
 
         bool insert = entity == null;
         entity ??= new TokenDto { ServiceAlias = serviceAlias };
 
-        entity.AccessToken = _encryptor.Encrypt(token.AccessToken);
+        entity.AccessToken = Encryptor.Encrypt(token.AccessToken);
         entity.RefreshToken = !string.IsNullOrEmpty(token.RefreshToken)
-            ? _encryptor.Encrypt(token.RefreshToken)
+            ? Encryptor.Encrypt(token.RefreshToken)
             : string.Empty;
         entity.ExpiresOn = token.ExpiresOn;
 
@@ -91,7 +85,7 @@ public void SaveToken(string serviceAlias, Token token)
     /// <inheritdoc/>
     public void DeleteToken(string serviceAlias)
     {
-        using IScope scope = _scopeProvider.CreateScope();
+        using IScope scope = ScopeProvider.CreateScope();
 
         TokenDto entity = scope.Database.Single<TokenDto>("where serviceAlias = @0", serviceAlias);
 

tests/Umbraco.AuthorizedServices.Tests/Services/AuthorizedServiceTestsBase.cs

@@ -8,9 +8,9 @@ internal abstract class AuthorizedServiceTestsBase
 {
     protected const string ServiceAlias = "testService";
 
-    protected static Mock<ITokenStorage> TokenStorageMock { get; set; } = null!;
+    protected Mock<ITokenStorage> TokenStorageMock { get; set; } = null!;
 
-    protected static Mock<IKeyStorage> KeyStorageMock { get; set; } = null!;
+    protected Mock<IKeyStorage> KeyStorageMock { get; set; } = null!;
 
     protected static Mock<IOptionsMonitor<ServiceDetail>> CreateOptionsMonitorServiceDetail(
         AuthenticationMethod authenticationMethod = AuthenticationMethod.OAuth2AuthorizationCode)