Aligned cache key generation.

AndyButland · AndyButland · commit ba8c2a4ef6df · 2023-10-13T11:29:42.000+02:00
Removed stored tokens and API keys from the cache when access is revoked.
diff --git a/src/Umbraco.AuthorizedServices/Constants.cs b/src/Umbraco.AuthorizedServices/Constants.cs
@@ -42,13 +42,6 @@ public static class Trees
         public const string AuthorizedServices = nameof(AuthorizedServices);
     }
 
-    public static class Cache
-    {
-        public const string AuthorizationPayloadKeyFormat = "Umbraco_AuthorizedServices_Payload_{0}";
-
-        public const string AuthorizationTokenFormat = "Umbraco_AuthorizedServices_Token_{0}";
-    }
-
     public static class OAuth1
     {
         public const string OAuthToken = "oauth_token";
diff --git a/src/Umbraco.AuthorizedServices/Controllers/AuthorizedServiceController.cs b/src/Umbraco.AuthorizedServices/Controllers/AuthorizedServiceController.cs
@@ -1,7 +1,4 @@
-using System.IO;
 using System.Net;
-using System.Security.AccessControl;
-using Azure;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Options;
@@ -79,7 +76,7 @@ public AuthorizedServiceController(
             {
                 AuthorizationPayload authorizationPayload = _authorizationPayloadBuilder.BuildPayload();
 
-                var cacheKey = string.Format(Constants.Cache.AuthorizationPayloadKeyFormat, alias);
+                var cacheKey = CacheHelper.GetPayloadKey(alias);
                 _appCaches.RuntimeCache.Insert(cacheKey, () => authorizationPayload);
 
                 authorizationUrl = _authorizationUrlBuilder
@@ -167,13 +164,16 @@ public IActionResult RevokeAccess(RevokeAccess model)
         {
             case AuthenticationMethod.ApiKey:
                 _keyStorage.DeleteKey(model.Alias);
+                ClearCachedApiKey(model.Alias);
                 break;
             case AuthenticationMethod.OAuth1:
                 _oauth1TokenStorage.DeleteToken(model.Alias);
+                ClearCachedToken(model.Alias);
                 break;
             case AuthenticationMethod.OAuth2AuthorizationCode:
             case AuthenticationMethod.OAuth2ClientCredentials:
                 _oauth2TokenStorage.DeleteToken(model.Alias);
+                ClearCachedToken(model.Alias);
                 break;
             default:
                 throw new ArgumentOutOfRangeException(nameof(serviceDetail.AuthenticationMethod));
@@ -182,6 +182,18 @@ public IActionResult RevokeAccess(RevokeAccess model)
         return Ok();
     }
 
+    private void ClearCachedApiKey(string serviceAlias)
+    {
+        var cacheKey = CacheHelper.GetApiKeyCacheKey(serviceAlias);
+        _appCaches.RuntimeCache.ClearByKey(cacheKey);
+    }
+
+    private void ClearCachedToken(string serviceAlias)
+    {
+        var cacheKey = CacheHelper.GetTokenCacheKey(serviceAlias);
+        _appCaches.RuntimeCache.ClearByKey(cacheKey);
+    }
+
     /// <summary>
     /// Adds a new access token for an OAuth2 authorized service.
     /// </summary>
@@ -252,7 +264,7 @@ public async Task<IActionResult> GenerateOAuth1RequestToken(GenerateToken model)
         {
             _appCaches.RuntimeCache.InsertCacheItem(oauthToken, () => serviceDetail.Alias);
 
-            _appCaches.RuntimeCache.InsertCacheItem($"{serviceDetail.Alias}-oauth-token-secret", () => oauthTokenSecret);
+            _appCaches.RuntimeCache.InsertCacheItem(CacheHelper.GetTokenSecretCacheKey(serviceDetail.Alias), () => oauthTokenSecret);
 
             return Ok(string.Format(
                 "{0}{1}?{2}",
diff --git a/src/Umbraco.AuthorizedServices/Controllers/AuthorizedServiceResponseController.cs b/src/Umbraco.AuthorizedServices/Controllers/AuthorizedServiceResponseController.cs
@@ -3,6 +3,7 @@
 using Umbraco.AuthorizedServices.Configuration;
 using Umbraco.AuthorizedServices.Exceptions;
 using Umbraco.AuthorizedServices.Extensions;
+using Umbraco.AuthorizedServices.Helpers;
 using Umbraco.AuthorizedServices.Models;
 using Umbraco.AuthorizedServices.Services;
 using Umbraco.Cms.Core.Cache;
@@ -45,7 +46,7 @@ public async Task<IActionResult> HandleOAuth2IdentityResponse(string code, strin
             throw new AuthorizedServiceException("The state provided in the identity response could not be parsed.");
         }
 
-        var cacheKey = string.Format(Constants.Cache.AuthorizationPayloadKeyFormat, stateParts[0]);
+        var cacheKey = CacheHelper.GetPayloadKey(stateParts[0]);
         if (_appCaches.RuntimeCache.Get(cacheKey) is not AuthorizationPayload cachedAuthorizationPayload || stateParts[1] != cachedAuthorizationPayload.State)
         {
             throw new AuthorizedServiceException("The state provided in the identity response did not match the expected value.");
diff --git a/src/Umbraco.AuthorizedServices/Helpers/CacheHelper.cs b/src/Umbraco.AuthorizedServices/Helpers/CacheHelper.cs
@@ -0,0 +1,23 @@
+namespace Umbraco.AuthorizedServices.Helpers
+{
+    internal static class CacheHelper
+    {
+        private const string AuthorizationPayloadKeyFormat = "Umbraco_AuthorizedServices_Payload_{0}";
+
+        private const string AuthorizationApiKeyFormat = "Umbraco_AuthorizedServices_ApiKey_{0}";
+
+        private const string AuthorizationTokenKeyFormat = "Umbraco_AuthorizedServices_Token_{0}";
+
+        private const string AuthorizationTokenSecretFormat = "Umbraco_AuthorizedServices_TokenSecret_{0}";
+
+        public static string GetPayloadKey(string serviceAlias) => GetCacheKey(AuthorizationPayloadKeyFormat, serviceAlias);
+
+        public static string GetApiKeyCacheKey(string serviceAlias) => GetCacheKey(AuthorizationApiKeyFormat, serviceAlias);
+
+        public static string GetTokenCacheKey(string serviceAlias) => GetCacheKey(AuthorizationTokenKeyFormat, serviceAlias);
+
+        public static string GetTokenSecretCacheKey(string serviceAlias) => GetCacheKey(AuthorizationTokenSecretFormat, serviceAlias);
+
+        private static string GetCacheKey(string format, string serviceAlias) => string.Format(format, serviceAlias);
+    }
+}
diff --git a/src/Umbraco.AuthorizedServices/Services/Implement/AuthorizedServiceAuthorizer.cs b/src/Umbraco.AuthorizedServices/Services/Implement/AuthorizedServiceAuthorizer.cs
@@ -2,6 +2,7 @@
 using Microsoft.Extensions.Options;
 using Umbraco.AuthorizedServices.Configuration;
 using Umbraco.AuthorizedServices.Exceptions;
+using Umbraco.AuthorizedServices.Helpers;
 using Umbraco.AuthorizedServices.Models;
 using Umbraco.Cms.Core.Cache;
 using Umbraco.Extensions;
@@ -63,7 +64,7 @@ public async Task<AuthorizationResult> AuthorizeOAuth1ServiceAsync(string servic
     {
         ServiceDetail serviceDetail = GetServiceDetail(serviceAlias);
 
-        var oauthTokenSecret = AppCaches.RuntimeCache.GetCacheItem($"{serviceDetail.Alias}-oauth-token-secret", () => string.Empty);
+        var oauthTokenSecret = AppCaches.RuntimeCache.GetCacheItem(CacheHelper.GetTokenSecretCacheKey(serviceDetail.Alias), () => string.Empty);
 
         Dictionary<string, string> parameters = _authorizationParametersBuilder.BuildParametersForOAuth1(serviceDetail, oauthToken, oauthVerifier, oauthTokenSecret ?? string.Empty);
 
diff --git a/src/Umbraco.AuthorizedServices/Services/Implement/AuthorizedServiceBase.cs b/src/Umbraco.AuthorizedServices/Services/Implement/AuthorizedServiceBase.cs
@@ -1,6 +1,7 @@
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using Umbraco.AuthorizedServices.Configuration;
+using Umbraco.AuthorizedServices.Helpers;
 using Umbraco.AuthorizedServices.Models;
 using Umbraco.Cms.Core.Cache;
 using Umbraco.Extensions;
@@ -63,7 +64,7 @@ protected async Task<OAuth1Token> CreateOAuth1TokenFromResponse(HttpResponseMess
     protected void StoreOAuth2Token(string serviceAlias, OAuth2Token token)
     {
         // Add the access token details to the cache.
-        var cacheKey = GetTokenCacheKey(serviceAlias);
+        var cacheKey = CacheHelper.GetTokenCacheKey(serviceAlias);
         AppCaches.RuntimeCache.InsertCacheItem(cacheKey, () => token);
 
         // Save the refresh token into the storage.
@@ -75,6 +76,4 @@ protected void StoreOAuth1Token(string serviceAlias, OAuth1Token token)
         // Save the token information into the storage.
         OAuth1TokenStorage.SaveToken(serviceAlias, token);
     }
-
-    private static string GetTokenCacheKey(string serviceAlias) => $"Umbraco_AuthorizedServiceToken_{serviceAlias}";
 }
diff --git a/src/Umbraco.AuthorizedServices/Services/Implement/AuthorizedServiceCaller.cs b/src/Umbraco.AuthorizedServices/Services/Implement/AuthorizedServiceCaller.cs
@@ -145,7 +145,7 @@ public AuthorizedServiceCaller(
     {
         var apiKey = !string.IsNullOrEmpty(serviceDetail.ApiKey)
             ? serviceDetail.ApiKey
-            : KeyStorage.GetKey(serviceAlias);
+            : GetApiKeyFromCacheOrStorage(serviceAlias);
 
         if (string.IsNullOrWhiteSpace(apiKey))
         {
@@ -314,10 +314,31 @@ private async Task<OAuth2Token> EnsureExchangeAccessToken(string serviceAlias, O
         }
     }
 
+    private string? GetApiKeyFromCacheOrStorage(string serviceAlias)
+    {
+        // First look in cache.
+        var cacheKey = CacheHelper.GetApiKeyCacheKey(serviceAlias);
+        string? apiKey = AppCaches.RuntimeCache.GetCacheItem<string>(cacheKey);
+        if (!string.IsNullOrWhiteSpace(apiKey))
+        {
+            return apiKey;
+        }
+
+        // Second, look in storage, and if found, save to cache.
+        apiKey = KeyStorage.GetKey(serviceAlias);
+        if (!string.IsNullOrWhiteSpace(apiKey))
+        {
+            AppCaches.RuntimeCache.InsertCacheItem(cacheKey, () => apiKey);
+            return apiKey;
+        }
+
+        return null;
+    }
+
     private OAuth2Token? GetOAuth2TokenFromCacheOrStorage(string serviceAlias)
     {
         // First look in cache.
-        var cacheKey = GetTokenCacheKey(serviceAlias);
+        var cacheKey = CacheHelper.GetTokenCacheKey(serviceAlias);
         OAuth2Token? token = AppCaches.RuntimeCache.GetCacheItem<OAuth2Token>(cacheKey);
         if (token != null)
         {
@@ -338,7 +359,7 @@ private async Task<OAuth2Token> EnsureExchangeAccessToken(string serviceAlias, O
     private OAuth1Token? GetOAuth1TokenFromCacheOrStorage(string serviceAlias)
     {
         // First look in cache.
-        var cacheKey = GetTokenCacheKey(serviceAlias);
+        var cacheKey = CacheHelper.GetTokenCacheKey(serviceAlias);
         OAuth1Token? token = AppCaches.RuntimeCache.GetCacheItem<OAuth1Token>(cacheKey);
         if (token != null)
         {
@@ -358,9 +379,8 @@ private async Task<OAuth2Token> EnsureExchangeAccessToken(string serviceAlias, O
 
     private void ClearOAuth2AccessToken(string serviceAlias)
     {
-        AppCaches.RuntimeCache.ClearByKey(GetTokenCacheKey(serviceAlias));
+        var cacheKey = CacheHelper.GetTokenCacheKey(serviceAlias);
+        AppCaches.RuntimeCache.ClearByKey(cacheKey);
         OAuth2TokenStorage.DeleteToken(serviceAlias);
     }
-
-    private static string GetTokenCacheKey(string serviceAlias) => string.Format(Constants.Cache.AuthorizationTokenFormat, serviceAlias);
 }

Original file line number	Diff line number	Diff line change
`@@ -42,13 +42,6 @@ public static class Trees`
`42`	`42`	`public const string AuthorizedServices = nameof(AuthorizedServices);`
`43`	`43`	`}`
`44`	`44`
`45`		`- public static class Cache`
`46`		`- {`
`47`		`- public const string AuthorizationPayloadKeyFormat = "Umbraco_AuthorizedServices_Payload_{0}";`
`48`		`-`
`49`		`- public const string AuthorizationTokenFormat = "Umbraco_AuthorizedServices_Token_{0}";`
`50`		`- }`
`51`		`-`
`52`	`45`	`public static class OAuth1`
`53`	`46`	`{`
`54`	`47`	`public const string OAuthToken = "oauth_token";`
Original file line number	Diff line number	Diff line change
`@@ -145,7 +145,7 @@ public AuthorizedServiceCaller(`
`145`	`145`	`{`
`146`	`146`	`var apiKey = !string.IsNullOrEmpty(serviceDetail.ApiKey)`
`147`	`147`	`? serviceDetail.ApiKey`
`148`		`- : KeyStorage.GetKey(serviceAlias);`
	`148`	`+ : GetApiKeyFromCacheOrStorage(serviceAlias);`
`149`	`149`
`150`	`150`	`if (string.IsNullOrWhiteSpace(apiKey))`
`151`	`151`	`{`
`@@ -314,10 +314,31 @@ private async Task<OAuth2Token> EnsureExchangeAccessToken(string serviceAlias, O`
`314`	`314`	`}`
`315`	`315`	`}`
`316`	`316`
	`317`	`+ private string? GetApiKeyFromCacheOrStorage(string serviceAlias)`
	`318`	`+ {`
	`319`	`+ // First look in cache.`
	`320`	`+ var cacheKey = CacheHelper.GetApiKeyCacheKey(serviceAlias);`
	`321`	`+ string? apiKey = AppCaches.RuntimeCache.GetCacheItem<string>(cacheKey);`
	`322`	`+ if (!string.IsNullOrWhiteSpace(apiKey))`
	`323`	`+ {`
	`324`	`+ return apiKey;`
	`325`	`+ }`
	`326`	`+`
	`327`	`+ // Second, look in storage, and if found, save to cache.`
	`328`	`+ apiKey = KeyStorage.GetKey(serviceAlias);`
	`329`	`+ if (!string.IsNullOrWhiteSpace(apiKey))`
	`330`	`+ {`
	`331`	`+ AppCaches.RuntimeCache.InsertCacheItem(cacheKey, () => apiKey);`
	`332`	`+ return apiKey;`
	`333`	`+ }`
	`334`	`+`
	`335`	`+ return null;`
	`336`	`+ }`
	`337`	`+`
`317`	`338`	`private OAuth2Token? GetOAuth2TokenFromCacheOrStorage(string serviceAlias)`
`318`	`339`	`{`
`319`	`340`	`// First look in cache.`
`320`		`- var cacheKey = GetTokenCacheKey(serviceAlias);`
	`341`	`+ var cacheKey = CacheHelper.GetTokenCacheKey(serviceAlias);`
`321`	`342`	`OAuth2Token? token = AppCaches.RuntimeCache.GetCacheItem<OAuth2Token>(cacheKey);`
`322`	`343`	`if (token != null)`
`323`	`344`	`{`
`@@ -338,7 +359,7 @@ private async Task<OAuth2Token> EnsureExchangeAccessToken(string serviceAlias, O`
`338`	`359`	`private OAuth1Token? GetOAuth1TokenFromCacheOrStorage(string serviceAlias)`
`339`	`360`	`{`
`340`	`361`	`// First look in cache.`
`341`		`- var cacheKey = GetTokenCacheKey(serviceAlias);`
	`362`	`+ var cacheKey = CacheHelper.GetTokenCacheKey(serviceAlias);`
`342`	`363`	`OAuth1Token? token = AppCaches.RuntimeCache.GetCacheItem<OAuth1Token>(cacheKey);`
`343`	`364`	`if (token != null)`
`344`	`365`	`{`
`@@ -358,9 +379,8 @@ private async Task<OAuth2Token> EnsureExchangeAccessToken(string serviceAlias, O`
`358`	`379`
`359`	`380`	`private void ClearOAuth2AccessToken(string serviceAlias)`
`360`	`381`	`{`
`361`		`- AppCaches.RuntimeCache.ClearByKey(GetTokenCacheKey(serviceAlias));`
	`382`	`+ var cacheKey = CacheHelper.GetTokenCacheKey(serviceAlias);`
	`383`	`+ AppCaches.RuntimeCache.ClearByKey(cacheKey);`
`362`	`384`	`OAuth2TokenStorage.DeleteToken(serviceAlias);`
`363`	`385`	`}`
`364`		`-`
`365`		`- private static string GetTokenCacheKey(string serviceAlias) => string.Format(Constants.Cache.AuthorizationTokenFormat, serviceAlias);`
`366`	`386`	`}`