From 379eda6a42fdba0a6ed7e7ae53e0fbf2acd774b6 Mon Sep 17 00:00:00 2001 From: Danail Dimitrov Date: Fri, 26 Feb 2021 23:00:50 +0200 Subject: Adding update layer for rating_system --- src/Web/DevHive.Web.Models/Rating/UpdateRatingWebModel.cs | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 src/Web/DevHive.Web.Models/Rating/UpdateRatingWebModel.cs (limited to 'src/Web/DevHive.Web.Models/Rating/UpdateRatingWebModel.cs') diff --git a/src/Web/DevHive.Web.Models/Rating/UpdateRatingWebModel.cs b/src/Web/DevHive.Web.Models/Rating/UpdateRatingWebModel.cs new file mode 100644 index 0000000..07ba0c3 --- /dev/null +++ b/src/Web/DevHive.Web.Models/Rating/UpdateRatingWebModel.cs @@ -0,0 +1,15 @@ +using System; +using System.Collections.Generic; +using System.Linq; +using System.Text; +using System.Threading.Tasks; + +namespace DevHive.Web.Models.Rating +{ + public class UpdateRatingWebModel + { + public Guid PostId { get; set; } + + public bool IsLike { get; set; } + } +} -- cgit v1.2.3 From 6089bc2e3b14155c334c9fed057383b9ca6e4df6 Mon Sep 17 00:00:00 2001 From: Danail Dimitrov Date: Sat, 27 Feb 2021 21:53:14 +0200 Subject: Adding user validation for rating layer --- .../DevHive.Services/Interfaces/IRatingService.cs | 4 ++ .../DevHive.Services/Services/RatingService.cs | 67 +++++++++++++++++++++- .../Rating/UpdateRatingWebModel.cs | 2 + .../DevHive.Web/Controllers/RatingController.cs | 6 ++ 4 files changed, 78 insertions(+), 1 deletion(-) (limited to 'src/Web/DevHive.Web.Models/Rating/UpdateRatingWebModel.cs') diff --git a/src/Services/DevHive.Services/Interfaces/IRatingService.cs b/src/Services/DevHive.Services/Interfaces/IRatingService.cs index 601b07e..b9ddc2c 100644 --- a/src/Services/DevHive.Services/Interfaces/IRatingService.cs +++ b/src/Services/DevHive.Services/Interfaces/IRatingService.cs @@ -15,5 +15,9 @@ namespace DevHive.Services.Interfaces Task UpdateRating(UpdateRatingServiceModel updateRatingServiceModel); Task DeleteRating(Guid ratingId); + + Task ValidateJwtForCreating(Guid userId, string rawTokenData); + + Task ValidateJwtForRating(Guid commentId, string rawTokenData); } } diff --git a/src/Services/DevHive.Services/Services/RatingService.cs b/src/Services/DevHive.Services/Services/RatingService.cs index 20080ea..22eeb99 100644 --- a/src/Services/DevHive.Services/Services/RatingService.cs +++ b/src/Services/DevHive.Services/Services/RatingService.cs @@ -1,5 +1,8 @@ using System; +using System.Collections.Generic; +using System.IdentityModel.Tokens.Jwt; using System.Linq; +using System.Security.Claims; using System.Threading.Tasks; using AutoMapper; using DevHive.Data.Interfaces; @@ -78,7 +81,7 @@ namespace DevHive.Services.Services #region Update public async Task UpdateRating(UpdateRatingServiceModel updateRatingServiceModel) { - Rating rating = await this._ratingRepository.GetRatingByUserAndPostId(updateRatingServiceModel.UserId, updateRatingServiceModel.PostId) ?? + Rating rating = await this._ratingRepository.GetByIdAsync(updateRatingServiceModel.Id) ?? throw new ArgumentException("Rating does not exist!"); User user = await this._userRepository.GetByIdAsync(updateRatingServiceModel.UserId) ?? @@ -112,5 +115,67 @@ namespace DevHive.Services.Services return await this._ratingRepository.DeleteAsync(rating); } #endregion + + #region Validations + /// + /// Checks whether the user Id in the token and the given user Id match + /// + public async Task ValidateJwtForCreating(Guid userId, string rawTokenData) + { + User user = await this.GetUserForValidation(rawTokenData); + + return user.Id == userId; + } + + /// + /// Checks whether the comment, gotten with the commentId, + /// is made by the user in the token + /// or if the user in the token is an admin + /// + public async Task ValidateJwtForRating(Guid commentId, string rawTokenData) + { + Rating rating = await this._ratingRepository.GetByIdAsync(commentId) ?? + throw new ArgumentException("Rating does not exist!"); + User user = await this.GetUserForValidation(rawTokenData); + + //If user made the comment + if (rating.User.Id == user.Id) + return true; + //If user is admin + else if (user.Roles.Any(x => x.Name == Role.AdminRole)) + return true; + else + return false; + } + + /// + /// Returns the user, via their Id in the token + /// + private async Task GetUserForValidation(string rawTokenData) + { + JwtSecurityToken jwt = new JwtSecurityTokenHandler().ReadJwtToken(rawTokenData.Remove(0, 7)); + + Guid jwtUserId = Guid.Parse(this.GetClaimTypeValues("ID", jwt.Claims).First()); + + User user = await this._userRepository.GetByIdAsync(jwtUserId) ?? + throw new ArgumentException("User does not exist!"); + + return user; + } + + /// + /// Returns all values from a given claim type + /// + private List GetClaimTypeValues(string type, IEnumerable claims) + { + List toReturn = new(); + + foreach (var claim in claims) + if (claim.Type == type) + toReturn.Add(claim.Value); + + return toReturn; + } + #endregion } } diff --git a/src/Web/DevHive.Web.Models/Rating/UpdateRatingWebModel.cs b/src/Web/DevHive.Web.Models/Rating/UpdateRatingWebModel.cs index 07ba0c3..425c3e1 100644 --- a/src/Web/DevHive.Web.Models/Rating/UpdateRatingWebModel.cs +++ b/src/Web/DevHive.Web.Models/Rating/UpdateRatingWebModel.cs @@ -8,6 +8,8 @@ namespace DevHive.Web.Models.Rating { public class UpdateRatingWebModel { + public Guid Id { get; set; } + public Guid PostId { get; set; } public bool IsLike { get; set; } diff --git a/src/Web/DevHive.Web/Controllers/RatingController.cs b/src/Web/DevHive.Web/Controllers/RatingController.cs index 216dc27..33e6992 100644 --- a/src/Web/DevHive.Web/Controllers/RatingController.cs +++ b/src/Web/DevHive.Web/Controllers/RatingController.cs @@ -28,6 +28,9 @@ namespace DevHive.Web.Controllers [HttpPost] public async Task RatePost(Guid userId, [FromBody] CreateRatingWebModel createRatingWebModel, [FromHeader] string authorization) { + if (!await this._rateService.ValidateJwtForCreating(userId, authorization)) + return new UnauthorizedResult(); + CreateRatingServiceModel ratePostServiceModel = this._mapper.Map(createRatingWebModel); ratePostServiceModel.UserId = userId; @@ -51,6 +54,9 @@ namespace DevHive.Web.Controllers [HttpPut] public async Task UpdateRating(Guid userId, [FromBody] UpdateRatingWebModel updateRatingWebModel, [FromHeader] string authorization) { + if (!await this._rateService.ValidateJwtForRating(updateRatingWebModel.Id, authorization)) + return new UnauthorizedResult(); + UpdateRatingServiceModel updateRatingServiceModel = this._mapper.Map(updateRatingWebModel); updateRatingServiceModel.UserId = userId; -- cgit v1.2.3 From f986ca67edd425c32eaec5a20fecdc5786f9d8e3 Mon Sep 17 00:00:00 2001 From: Danail Dimitrov Date: Wed, 3 Mar 2021 10:27:26 +0200 Subject: Fixing bugs in rating layer --- src/Data/DevHive.Data/Repositories/RatingRepository.cs | 4 ++++ src/Services/DevHive.Services/Interfaces/IRatingService.cs | 2 -- src/Services/DevHive.Services/Services/RatingService.cs | 8 +------- src/Web/DevHive.Web.Models/Rating/UpdateRatingWebModel.cs | 4 ---- src/Web/DevHive.Web/Controllers/RatingController.cs | 3 ++- 5 files changed, 7 insertions(+), 14 deletions(-) (limited to 'src/Web/DevHive.Web.Models/Rating/UpdateRatingWebModel.cs') diff --git a/src/Data/DevHive.Data/Repositories/RatingRepository.cs b/src/Data/DevHive.Data/Repositories/RatingRepository.cs index 9bb2368..1784144 100644 --- a/src/Data/DevHive.Data/Repositories/RatingRepository.cs +++ b/src/Data/DevHive.Data/Repositories/RatingRepository.cs @@ -30,6 +30,8 @@ namespace DevHive.Data.Repositories public async Task> GetRatingsByPostId(Guid postId) { return await this._context.Rating + .Include(x => x.User) + .Include(x => x.Post) .Where(x => x.Post.Id == postId).ToListAsync(); } public async Task UserRatedPost(Guid userId, Guid postId) @@ -41,6 +43,8 @@ namespace DevHive.Data.Repositories public async Task GetRatingByUserAndPostId(Guid userId, Guid postId) { return await this._context.Rating + .Include(x => x.User) + .Include(x => x.Post) .FirstOrDefaultAsync(x => x.Post.Id == postId && x.User.Id == userId); } diff --git a/src/Services/DevHive.Services/Interfaces/IRatingService.cs b/src/Services/DevHive.Services/Interfaces/IRatingService.cs index beea821..b262f45 100644 --- a/src/Services/DevHive.Services/Interfaces/IRatingService.cs +++ b/src/Services/DevHive.Services/Interfaces/IRatingService.cs @@ -16,7 +16,5 @@ namespace DevHive.Services.Interfaces Task UpdateRating(UpdateRatingServiceModel updateRatingServiceModel); Task DeleteRating(Guid ratingId); - - Task HasUserRatedThisPost(Guid userId, Guid postId); } } diff --git a/src/Services/DevHive.Services/Services/RatingService.cs b/src/Services/DevHive.Services/Services/RatingService.cs index 6ddba1c..6d0d0b9 100644 --- a/src/Services/DevHive.Services/Services/RatingService.cs +++ b/src/Services/DevHive.Services/Services/RatingService.cs @@ -81,7 +81,7 @@ namespace DevHive.Services.Services #region Update public async Task UpdateRating(UpdateRatingServiceModel updateRatingServiceModel) { - Rating rating = await this._ratingRepository.GetByIdAsync(updateRatingServiceModel.Id) ?? + Rating rating = await this._ratingRepository.GetRatingByUserAndPostId(updateRatingServiceModel.UserId, updateRatingServiceModel.PostId) ?? throw new ArgumentException("Rating does not exist!"); User user = await this._userRepository.GetByIdAsync(updateRatingServiceModel.UserId) ?? @@ -115,11 +115,5 @@ namespace DevHive.Services.Services return await this._ratingRepository.DeleteAsync(rating); } #endregion - - public async Task HasUserRatedThisPost(Guid userId, Guid postId) - { - return await this._ratingRepository - .UserRatedPost(userId, postId); - } } } diff --git a/src/Web/DevHive.Web.Models/Rating/UpdateRatingWebModel.cs b/src/Web/DevHive.Web.Models/Rating/UpdateRatingWebModel.cs index 425c3e1..176c099 100644 --- a/src/Web/DevHive.Web.Models/Rating/UpdateRatingWebModel.cs +++ b/src/Web/DevHive.Web.Models/Rating/UpdateRatingWebModel.cs @@ -8,10 +8,6 @@ namespace DevHive.Web.Models.Rating { public class UpdateRatingWebModel { - public Guid Id { get; set; } - - public Guid PostId { get; set; } - public bool IsLike { get; set; } } } diff --git a/src/Web/DevHive.Web/Controllers/RatingController.cs b/src/Web/DevHive.Web/Controllers/RatingController.cs index 5716b85..8d3ac92 100644 --- a/src/Web/DevHive.Web/Controllers/RatingController.cs +++ b/src/Web/DevHive.Web/Controllers/RatingController.cs @@ -65,7 +65,7 @@ namespace DevHive.Web.Controllers } [HttpPut] - public async Task UpdateRating(Guid userId, [FromBody] UpdateRatingWebModel updateRatingWebModel, [FromHeader] string authorization) + public async Task UpdateRating(Guid userId, Guid postId, [FromBody] UpdateRatingWebModel updateRatingWebModel, [FromHeader] string authorization) { if (!this._jwtService.ValidateToken(userId, authorization)) return new UnauthorizedResult(); @@ -73,6 +73,7 @@ namespace DevHive.Web.Controllers UpdateRatingServiceModel updateRatingServiceModel = this._mapper.Map(updateRatingWebModel); updateRatingServiceModel.UserId = userId; + updateRatingServiceModel.PostId = postId; ReadRatingServiceModel readRatingServiceModel = await this._rateService.UpdateRating(updateRatingServiceModel); -- cgit v1.2.3