Access token implement delete

Author: webprofusion-chrisc

src/Certify.Core/Management/Access/AccessControl.cs

@@ -610,6 +610,17 @@ public async Task<bool> AddAssignedAccessToken(string contextUserId, AssignedAcc
             return true;
         }
 
+        public async Task<bool> DeleteAssignedAccessToken(string contextUserId, string id)
+        {
+            if (!await IsPrincipleInRole(contextUserId, contextUserId, StandardRoles.Administrator.Id))
+            {
+                await AuditWarning("User {contextUserId} attempted to delete an assigned access token without being in required role.", contextUserId);
+                return false;
+            }
+
+            return await _store.Delete<AssignedAccessToken>(nameof(AssignedAccessToken), id);
+        }
+
         public string GetSHA256Hash(string val)
         {
             using (var sha256Hash = SHA256.Create())

src/Certify.Core/Management/Access/IAccessControl.cs

@@ -33,6 +33,8 @@ public interface IAccessControl
 
         Task<List<AssignedAccessToken>> GetAssignedAccessTokens(string contextUserId);
         Task<bool> AddAssignedAccessToken(string contextUserId, AssignedAccessToken token);
+
+        Task<bool> DeleteAssignedAccessToken(string contextUserId, string id);
         Task<bool> IsInitialized();
     }
 }

src/Certify.Server/Certify.Server.Core/Certify.Server.Core/Controllers/AccessController.cs

@@ -121,6 +121,9 @@ public async Task<ICollection<AssignedAccessToken>> GetAssignedAccessTokens()
         public async Task<Models.Config.ActionResult> AddAssignedccessToken([FromBody] AssignedAccessToken token)
         {
             var accessControl = await _certifyManager.GetCurrentAccessControl();
+
+            token.AccessTokens?.ForEach(a => a.DateCreated = DateTime.UtcNow);
+
             var addResultOk = await accessControl.AddAssignedAccessToken(GetContextUserId(), token);
 
             return new Models.Config.ActionResult
@@ -130,6 +133,19 @@ public async Task<ICollection<AssignedAccessToken>> GetAssignedAccessTokens()
             };
         }
 
+        [HttpDelete, Route("assignedtoken/{id}")]
+        public async Task<Models.Config.ActionResult> RemoveAssignedAccessToken(string id)
+        {
+            var accessControl = await _certifyManager.GetCurrentAccessControl();
+            var addResultOk = await accessControl.DeleteAssignedAccessToken(GetContextUserId(), id);
+
+            return new Models.Config.ActionResult
+            {
+                IsSuccess = addResultOk,
+                Message = addResultOk ? "Added" : "Failed to add"
+            };
+        }
+
         [HttpGet, Route("securityprinciple/{id}/assignedroles")]
         public async Task<ICollection<AssignedRole>> GetSecurityPrincipleAssignedRoles(string id)
         {

src/Certify.Server/Certify.Server.Hub.Api.Client/Certify.Server.Hub.Api.Client.cs

@@ -600,6 +600,96 @@ public virtual async System.Threading.Tasks.Task<ActionResult> AddAssignedAccess
             }
         }
 
+        /// <summary>
+        /// Remove assigned access token [Generated]
+        /// </summary>
+        /// <returns>OK</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual System.Threading.Tasks.Task<ActionResult> RemoveAssignedAccessTokenAsync(string id)
+        {
+            return RemoveAssignedAccessTokenAsync(id, System.Threading.CancellationToken.None);
+        }
+
+        /// <param name="cancellationToken">A cancellation token that can be used by other objects or threads to receive notice of cancellation.</param>
+        /// <summary>
+        /// Remove assigned access token [Generated]
+        /// </summary>
+        /// <returns>OK</returns>
+        /// <exception cref="ApiException">A server side error occurred.</exception>
+        public virtual async System.Threading.Tasks.Task<ActionResult> RemoveAssignedAccessTokenAsync(string id, System.Threading.CancellationToken cancellationToken)
+        {
+            var client_ = _httpClient;
+            var disposeClient_ = false;
+            try
+            {
+                using (var request_ = new System.Net.Http.HttpRequestMessage())
+                {
+                    request_.Method = new System.Net.Http.HttpMethod("DELETE");
+                    request_.Headers.Accept.Add(System.Net.Http.Headers.MediaTypeWithQualityHeaderValue.Parse("text/plain"));
+
+                    var urlBuilder_ = new System.Text.StringBuilder();
+                    if (!string.IsNullOrEmpty(_baseUrl)) urlBuilder_.Append(_baseUrl);
+                    // Operation Path: "internal/v1/access/assignedtoken"
+                    urlBuilder_.Append("internal/v1/access/assignedtoken");
+                    urlBuilder_.Append('?');
+                    if (id != null)
+                    {
+                        urlBuilder_.Append(System.Uri.EscapeDataString("id")).Append('=').Append(System.Uri.EscapeDataString(ConvertToString(id, System.Globalization.CultureInfo.InvariantCulture))).Append('&');
+                    }
+                    urlBuilder_.Length--;
+
+                    PrepareRequest(client_, request_, urlBuilder_);
+
+                    var url_ = urlBuilder_.ToString();
+                    request_.RequestUri = new System.Uri(url_, System.UriKind.RelativeOrAbsolute);
+
+                    PrepareRequest(client_, request_, url_);
+
+                    var response_ = await client_.SendAsync(request_, System.Net.Http.HttpCompletionOption.ResponseHeadersRead, cancellationToken).ConfigureAwait(false);
+                    var disposeResponse_ = true;
+                    try
+                    {
+                        var headers_ = new System.Collections.Generic.Dictionary<string, System.Collections.Generic.IEnumerable<string>>();
+                        foreach (var item_ in response_.Headers)
+                            headers_[item_.Key] = item_.Value;
+                        if (response_.Content != null && response_.Content.Headers != null)
+                        {
+                            foreach (var item_ in response_.Content.Headers)
+                                headers_[item_.Key] = item_.Value;
+                        }
+
+                        ProcessResponse(client_, response_);
+
+                        var status_ = (int)response_.StatusCode;
+                        if (status_ == 200)
+                        {
+                            var objectResponse_ = await ReadObjectResponseAsync<ActionResult>(response_, headers_, cancellationToken).ConfigureAwait(false);
+                            if (objectResponse_.Object == null)
+                            {
+                                throw new ApiException("Response was null which was not expected.", status_, objectResponse_.Text, headers_, null);
+                            }
+                            return objectResponse_.Object;
+                        }
+                        else
+                        {
+                            var responseData_ = response_.Content == null ? null : await response_.Content.ReadAsStringAsync().ConfigureAwait(false);
+                            throw new ApiException("The HTTP status code of the response was not expected (" + status_ + ").", status_, responseData_, headers_, null);
+                        }
+                    }
+                    finally
+                    {
+                        if (disposeResponse_)
+                            response_.Dispose();
+                    }
+                }
+            }
+            finally
+            {
+                if (disposeClient_)
+                    client_.Dispose();
+            }
+        }
+
         /// <summary>
         /// Get list of available security principles [Generated]
         /// </summary>

src/Certify.Server/Certify.Server.Hub.Api.Client/nswag.json

@@ -114,4 +114,4 @@
       "newLineBehavior": "Auto"
     }
   }
-}
+}

src/Certify.Server/Certify.Server.HubService/Services/CertifyHubService.cs

@@ -49,6 +49,7 @@ private ServiceControllers.ManagedChallengeController _managedChallengeControlle
         public Task<RoleStatus> GetSecurityPrincipleRoleStatus(string id, AuthContext authContext) => _accessController(authContext).GetSecurityPrincipleRoleStatus(id);
         public Task<ICollection<SecurityPrinciple>> GetSecurityPrinciples(AuthContext authContext) => _accessController(authContext).GetSecurityPrinciples();
         public Task<ActionResult> AddAssignedAccessToken(AssignedAccessToken token, AuthContext authContext) => _accessController(authContext).AddAssignedccessToken(token);
+        public Task<ActionResult> RemoveAssignedAccessToken(string id, AuthContext authContext) => _accessController(authContext).RemoveAssignedAccessToken(id);
         public Task<ActionResult> CheckApiTokenHasAccess(AccessToken token, AccessCheck check, AuthContext authContext = null) => _accessController(authContext).CheckApiTokenHasAccess(new AccessTokenCheck { Check = check, Token = token });
         public Task<ICollection<AssignedAccessToken>> GetAssignedAccessTokens(AuthContext authContext) => _accessController(authContext).GetAssignedAccessTokens();
         public Task<ActionResult> RemoveSecurityPrinciple(string id, AuthContext authContext) => _accessController(authContext).DeleteSecurityPrinciple(id);
@@ -90,8 +91,6 @@ private ServiceControllers.ManagedChallengeController _managedChallengeControlle
         public Task<List<ManagedCertificate>> GetManagedCertificates(ManagedCertificateFilter filter, AuthContext authContext = null) => throw new NotImplementedException();
         public Task<ManagedCertificateSearchResult> GetManagedCertificateSearchResult(ManagedCertificateFilter filter, AuthContext authContext = null) => throw new NotImplementedException();
         public Task<StatusSummary> GetManagedCertificateSummary(ManagedCertificateFilter filter, AuthContext authContext = null) => throw new NotImplementedException();
-
-
         public Task<List<DomainOption>> GetServerSiteDomains(StandardServerTypes serverType, string serverSiteId, AuthContext authContext = null) => throw new NotImplementedException();
         public Task<List<SiteInfo>> GetServerSiteList(StandardServerTypes serverType, string itemId = null, AuthContext authContext = null) => throw new NotImplementedException();
         public Task<Version> GetServerVersion(StandardServerTypes serverType, AuthContext authContext = null) => throw new NotImplementedException();

src/Certify.SourceGenerators/ApiMethods.cs

@@ -90,6 +90,16 @@ public static List<GeneratedAPI> GetApiDefinitions()
                            ServiceAPIRoute = "access/assignedtoken",
                            ReturnType = "Models.Config.ActionResult",
                            Params = new Dictionary<string, string>{{"token", "Certify.Models.Hub.AssignedAccessToken" } }
+                    },
+                     new() {
+                           OperationName = "RemoveAssignedAccessToken",
+                           OperationMethod = HttpDelete,
+                           Comment = "Remove assigned access token",
+                           PublicAPIController = "Access",
+                           PublicAPIRoute = "assignedtoken",
+                           ServiceAPIRoute = "access/assignedtoken/{id}",
+                           ReturnType = "Models.Config.ActionResult",
+                           Params = new Dictionary<string, string>{{"id", "string" } }
                     },
                     new() {
 

src/Certify.Tests/Certify.Core.Tests.Unit/Tests/AccessControlTests.cs

@@ -1,4 +1,4 @@
-using System;
+using System;
 using System.Collections.Concurrent;
 using System.Collections.Generic;
 using System.Linq;