From 6089bc2e3b14155c334c9fed057383b9ca6e4df6 Mon Sep 17 00:00:00 2001 From: Danail Dimitrov Date: Sat, 27 Feb 2021 21:53:14 +0200 Subject: Adding user validation for rating layer --- .../DevHive.Services/Interfaces/IRatingService.cs | 4 ++ .../DevHive.Services/Services/RatingService.cs | 67 +++++++++++++++++++++- 2 files changed, 70 insertions(+), 1 deletion(-) (limited to 'src/Services') diff --git a/src/Services/DevHive.Services/Interfaces/IRatingService.cs b/src/Services/DevHive.Services/Interfaces/IRatingService.cs index 601b07e..b9ddc2c 100644 --- a/src/Services/DevHive.Services/Interfaces/IRatingService.cs +++ b/src/Services/DevHive.Services/Interfaces/IRatingService.cs @@ -15,5 +15,9 @@ namespace DevHive.Services.Interfaces Task UpdateRating(UpdateRatingServiceModel updateRatingServiceModel); Task DeleteRating(Guid ratingId); + + Task ValidateJwtForCreating(Guid userId, string rawTokenData); + + Task ValidateJwtForRating(Guid commentId, string rawTokenData); } } diff --git a/src/Services/DevHive.Services/Services/RatingService.cs b/src/Services/DevHive.Services/Services/RatingService.cs index 20080ea..22eeb99 100644 --- a/src/Services/DevHive.Services/Services/RatingService.cs +++ b/src/Services/DevHive.Services/Services/RatingService.cs @@ -1,5 +1,8 @@ using System; +using System.Collections.Generic; +using System.IdentityModel.Tokens.Jwt; using System.Linq; +using System.Security.Claims; using System.Threading.Tasks; using AutoMapper; using DevHive.Data.Interfaces; @@ -78,7 +81,7 @@ namespace DevHive.Services.Services #region Update public async Task UpdateRating(UpdateRatingServiceModel updateRatingServiceModel) { - Rating rating = await this._ratingRepository.GetRatingByUserAndPostId(updateRatingServiceModel.UserId, updateRatingServiceModel.PostId) ?? + Rating rating = await this._ratingRepository.GetByIdAsync(updateRatingServiceModel.Id) ?? throw new ArgumentException("Rating does not exist!"); User user = await this._userRepository.GetByIdAsync(updateRatingServiceModel.UserId) ?? @@ -112,5 +115,67 @@ namespace DevHive.Services.Services return await this._ratingRepository.DeleteAsync(rating); } #endregion + + #region Validations + /// + /// Checks whether the user Id in the token and the given user Id match + /// + public async Task ValidateJwtForCreating(Guid userId, string rawTokenData) + { + User user = await this.GetUserForValidation(rawTokenData); + + return user.Id == userId; + } + + /// + /// Checks whether the comment, gotten with the commentId, + /// is made by the user in the token + /// or if the user in the token is an admin + /// + public async Task ValidateJwtForRating(Guid commentId, string rawTokenData) + { + Rating rating = await this._ratingRepository.GetByIdAsync(commentId) ?? + throw new ArgumentException("Rating does not exist!"); + User user = await this.GetUserForValidation(rawTokenData); + + //If user made the comment + if (rating.User.Id == user.Id) + return true; + //If user is admin + else if (user.Roles.Any(x => x.Name == Role.AdminRole)) + return true; + else + return false; + } + + /// + /// Returns the user, via their Id in the token + /// + private async Task GetUserForValidation(string rawTokenData) + { + JwtSecurityToken jwt = new JwtSecurityTokenHandler().ReadJwtToken(rawTokenData.Remove(0, 7)); + + Guid jwtUserId = Guid.Parse(this.GetClaimTypeValues("ID", jwt.Claims).First()); + + User user = await this._userRepository.GetByIdAsync(jwtUserId) ?? + throw new ArgumentException("User does not exist!"); + + return user; + } + + /// + /// Returns all values from a given claim type + /// + private List GetClaimTypeValues(string type, IEnumerable claims) + { + List toReturn = new(); + + foreach (var claim in claims) + if (claim.Type == type) + toReturn.Add(claim.Value); + + return toReturn; + } + #endregion } } -- cgit v1.2.3