Save API key manually - add unit tests

Author: acoumb

src/Umbraco.AuthorizedServices/AuthorizedServicesComposer.cs

@@ -57,6 +57,7 @@ private static void RegisterServices(IUmbracoBuilder builder)
 
         builder.Services.AddUnique<ITokenFactory, TokenFactory>();
         builder.Services.AddUnique<ITokenStorage, DatabaseTokenStorage>();
+        builder.Services.AddUnique<IKeyStorage, DatabaseKeyStorage>();
 
         builder.Services.AddSingleton<JsonSerializerFactory>();
     }

src/Umbraco.AuthorizedServices/Services/Implement/AuthorizedServiceCaller.cs

@@ -81,13 +81,12 @@ public async Task<string> SendRequestRawAsync<TRequest>(string serviceAlias, str
         HttpRequestMessage requestMessage;
         if (serviceDetail.AuthenticationMethod == AuthenticationMethod.ApiKey)
         {
+            string? key = KeyStorage.GetKey(serviceAlias);
             requestMessage = _authorizedRequestBuilder.CreateRequestMessageWithApiKey(
                 serviceDetail,
                 path,
                 httpMethod,
-                string.IsNullOrEmpty(serviceDetail.ApiKey)
-                    ? KeyStorage.GetKey(serviceAlias) ?? string.Empty
-                    : serviceDetail.ApiKey,
+                key is not null ? key : (!string.IsNullOrEmpty(serviceDetail.ApiKey) ? serviceDetail.ApiKey : string.Empty),
                 requestContent);
         }
         else
@@ -119,7 +118,10 @@ public async Task<string> SendRequestRawAsync<TRequest>(string serviceAlias, str
     public string? GetApiKey(string serviceAlias)
     {
         ServiceDetail serviceDetail = GetServiceDetail(serviceAlias);
-        return serviceDetail?.ApiKey;
+        string? key = KeyStorage.GetKey(serviceAlias);
+        return key is not null
+            ? key
+            : serviceDetail?.ApiKey;
     }
 
     public string? GetToken(string serviceAlias)

src/Umbraco.AuthorizedServices/appsettings-schema.Umbraco.AuthorizedServices.json

@@ -72,7 +72,11 @@
         },
         "CanManuallyProvideToken": {
           "type": "boolean",
-          "description": "Get or sets a value indicating whether editor can manually add token."
+          "description": "Get or sets a value indicating whether an administrator can manually add token."
+        },
+        "CanManuallyProvideApiKey": {
+          "type": "boolean",
+          "description": "Get or sets a value indicating whether an administrator can manually add API key."
         },
         "AuthorizationUrlRequiresRedirectUrl": {
           "type": "boolean",

tests/Umbraco.AuthorizedServices.Tests/Services/AuthorizedServiceAuthorizerTests.cs

@@ -15,6 +15,7 @@ internal class AuthorizedServiceAuthorizerTests : AuthorizedServiceTestsBase
     public void SetUp()
     {
         TokenStorageMock = new Mock<ITokenStorage>();
+        KeyStorageMock = new Mock<IKeyStorage>();
     }
 
     [Test]

tests/Umbraco.AuthorizedServices.Tests/Services/AuthorizedServiceCallerTests.cs

@@ -18,6 +18,7 @@ internal class AuthorizedServiceCallerTests : AuthorizedServiceTestsBase
     public void SetUp()
     {
         TokenStorageMock = new Mock<ITokenStorage>();
+        KeyStorageMock = new Mock<IKeyStorage>();
     }
 
     [Test]
@@ -40,6 +41,23 @@ public async Task SendRequestAsync_WithoutData_WithValidAccessToken_WithSuccessR
             .Verify(x => x.SaveToken(It.IsAny<string>(), It.IsAny<Token>()), Times.Never);
     }
 
+    [Test]
+    public async Task SendRequestAsync_WithoutData_WithApiKeyFromStorage_WithSuccessReponse_ReturnsExpectedResponse()
+    {
+        // Arrange
+        StoreApiKey();
+
+        var path = "/api/test/";
+        AuthorizedServiceCaller sut = CreateService(HttpStatusCode.OK, authenticationMethod: AuthenticationMethod.ApiKey);
+
+        // Act
+        TestResponseData? result = await sut.SendRequestAsync<TestResponseData>(ServiceAlias, path, HttpMethod.Get);
+
+        // Assert
+        KeyStorageMock
+            .Verify(x => x.SaveKey(It.IsAny<string>(), It.IsAny<string>()), Times.Never);
+    }
+
     [Test]
     public async Task SendRequestAsync_WithoutData_WithValidAccessToken_WithFaileReponse_ThrowsExpectedException()
     {
@@ -151,7 +169,7 @@ public async Task SendRequestAsync_WithExpiredAccessToken_WithRefreshTokenSucces
     public void GetApiKey_WithExistingApiKey_ReturnsApiKey()
     {
         // Arrange
-        AuthorizedServiceCaller sut = CreateService(includeApiKey: true);
+        AuthorizedServiceCaller sut = CreateService(authenticationMethod: AuthenticationMethod.ApiKey);
 
         // Act
         var result = sut.GetApiKey(ServiceAlias);
@@ -161,6 +179,21 @@ public void GetApiKey_WithExistingApiKey_ReturnsApiKey()
         result!.Should().Be("test-api-key");
     }
 
+    [Test]
+    public void GetApiKey_WithStoredApiKey_ReturnsStoredApiKey()
+    {
+        // Arrange
+        StoreApiKey();
+        AuthorizedServiceCaller sut = CreateService(authenticationMethod: AuthenticationMethod.ApiKey);
+
+        // Act
+        var result = sut.GetApiKey(ServiceAlias);
+
+        // Assert
+        result.Should().NotBeNull();
+        result!.Should().Be("stored-test-api-key");
+    }
+
     [Test]
     public void GetApiKey_WithoutExistingApiKey_ReturnsEmptyString()
     {
@@ -207,11 +240,17 @@ private void StoreToken(int daysUntilExpiry = 7) =>
             .Setup(x => x.GetToken(It.Is<string>(y => y == ServiceAlias)))
             .Returns(new Token("abc", "def", DateTime.Now.AddDays(daysUntilExpiry)));
 
+    private void StoreApiKey() =>
+        KeyStorageMock
+            .Setup(x => x.GetKey(It.Is<string>(y => y == ServiceAlias)))
+            .Returns("stored-test-api-key");
+
+
     private AuthorizedServiceCaller CreateService(
         HttpStatusCode statusCode = HttpStatusCode.OK,
         string? responseContent = null,
         HttpStatusCode refreshTokenStatusCode = HttpStatusCode.OK,
-        bool includeApiKey = false)
+        AuthenticationMethod authenticationMethod = AuthenticationMethod.OAuth2AuthorizationCode)
     {
         var authorizationRequestSenderMock = new Mock<IAuthorizationRequestSender>();
 
@@ -225,7 +264,7 @@ private AuthorizedServiceCaller CreateService(
             .Setup(x => x.SendRequest(It.Is<ServiceDetail>(y => y.Alias == ServiceAlias), It.Is<Dictionary<string, string>>(y => y["grant_type"] == "refresh_token")))
             .ReturnsAsync(httpResponseMessage);
 
-        Mock<IOptionsMonitor<ServiceDetail>> optionsMonitorServiceDetailMock = CreateOptionsMonitorServiceDetail(includeApiKey);
+        Mock<IOptionsMonitor<ServiceDetail>> optionsMonitorServiceDetailMock = CreateOptionsMonitorServiceDetail(authenticationMethod);
         var factory = new JsonSerializerFactory(optionsMonitorServiceDetailMock.Object, new JsonNetSerializer());
 
         return new AuthorizedServiceCaller(

tests/Umbraco.AuthorizedServices.Tests/Services/AuthorizedServiceTestsBase.cs

@@ -8,19 +8,23 @@ internal abstract class AuthorizedServiceTestsBase
 {
     protected const string ServiceAlias = "testService";
 
-    protected Mock<ITokenStorage> TokenStorageMock { get; set; } = null!;
+    protected static Mock<ITokenStorage> TokenStorageMock { get; set; } = null!;
 
-    protected Mock<IKeyStorage> KeyStorageMock { get; set; } = null!;
+    protected static Mock<IKeyStorage> KeyStorageMock { get; set; } = null!;
 
-    protected static Mock<IOptionsMonitor<ServiceDetail>> CreateOptionsMonitorServiceDetail(bool includeApiKey = false)
+    protected static Mock<IOptionsMonitor<ServiceDetail>> CreateOptionsMonitorServiceDetail(
+        AuthenticationMethod authenticationMethod = AuthenticationMethod.OAuth2AuthorizationCode)
     {
         var optionsMonitorServiceDetailMock = new Mock<IOptionsMonitor<ServiceDetail>>();
         optionsMonitorServiceDetailMock.Setup(o => o.Get(ServiceAlias)).Returns(new ServiceDetail()
         {
             Alias = ServiceAlias,
             ApiHost = "https://service.url",
+            AuthenticationMethod = authenticationMethod,
             JsonSerializer = JsonSerializerOption.JsonNet,
-            ApiKey = includeApiKey ? "test-api-key" : string.Empty
+            ApiKey = authenticationMethod == AuthenticationMethod.ApiKey ? "test-api-key" : string.Empty,
+            ApiKeyProvision = authenticationMethod == AuthenticationMethod.ApiKey
+                ? new ApiKeyProvision { Method = ApiKeyProvisionMethod.QueryString, Key = "key"} : null
         });
 
         return optionsMonitorServiceDetailMock;