From be9c9e7721610536259f1ea997c259956c894bbd Mon Sep 17 00:00:00 2001
From: Danail Dimitrov <danaildimitrov321@gmail.com>
Date: Sun, 3 Jan 2021 21:49:47 +0200
Subject: added user validation for deleting and updating comments

---
 src/DevHive.Services/Services/PostService.cs | 43 +++++++++++++++++++++++++++-
 1 file changed, 42 insertions(+), 1 deletion(-)

(limited to 'src/DevHive.Services/Services/PostService.cs')

diff --git a/src/DevHive.Services/Services/PostService.cs b/src/DevHive.Services/Services/PostService.cs
index 0c0fd5c..b2ea694 100644
--- a/src/DevHive.Services/Services/PostService.cs
+++ b/src/DevHive.Services/Services/PostService.cs
@@ -1,21 +1,26 @@
 using System;
+using System.Collections.Generic;
 using System.Threading.Tasks;
 using AutoMapper;
 using DevHive.Data.Models;
 using DevHive.Data.Repositories;
 using DevHive.Services.Models.Post.Comment;
 using DevHive.Services.Models.Post.Post;
+using System.IdentityModel.Tokens.Jwt;
+using System.Security.Claims;
 
 namespace DevHive.Services.Services
 {
 	public class PostService
 	{
 		private readonly PostRepository _postRepository;
+		private readonly UserRepository _userRepository;
 		private readonly IMapper _postMapper;
 
-		public PostService(PostRepository postRepository, IMapper postMapper)
+		public PostService(PostRepository postRepository, UserRepository userRepository , IMapper postMapper)
 		{
 			this._postRepository = postRepository;
+			this._userRepository = userRepository;
 			this._postMapper = postMapper;
 		}
 
@@ -94,5 +99,41 @@ namespace DevHive.Services.Services
 
 			return result;
 		}
+
+		//Validate	
+		public async Task<bool> ValidateJwtForComment(Guid commentId, string rawTokenData)
+		{
+			Comment comment = await this._postRepository.GetCommentByIdAsync(commentId);
+			User user = await this.GetUserForValidation(rawTokenData);
+
+			if (comment.IssuerId != user.Id)
+				return false;
+
+			return true;
+		}
+
+		private async Task<User> GetUserForValidation(string rawTokenData)
+		{
+			var jwt = new JwtSecurityTokenHandler().ReadJwtToken(rawTokenData.Remove(0, 7));
+
+			string jwtUserName = this.GetClaimTypeValues("unique_name", jwt.Claims)[0];
+			//List<string> jwtRoleNames = this.GetClaimTypeValues("role", jwt.Claims);
+			
+			User user = await this._userRepository.GetByUsername(jwtUserName)
+				?? throw new ArgumentException("User does not exist!");
+
+			return user;
+		}
+
+		private List<string> GetClaimTypeValues(string type, IEnumerable<Claim> claims)
+		{
+			List<string> toReturn = new();
+			
+			foreach(var claim in claims)
+				if (claim.Type == type)
+					toReturn.Add(claim.Value);
+
+			return toReturn;
+		}
 	}
 }
\ No newline at end of file
-- 
cgit v1.2.3