Skip to content

Commit

Permalink
fix(#4847): Invalid Discord request fixed, also fixed an issue where …
Browse files Browse the repository at this point in the history 
…App Only users would not show as logged in on the user management page (#4848)
  • Loading branch information
@tidusjar
tidusjar authored Jan 13, 2023
1 parent fed035a commit f229d88
Show file tree
Hide file tree
Showing 4 changed files with 108 additions and 3 deletions.
2 changes: 1 addition & 1 deletion src/Ombi.Notifications/Agents/DiscordNotification.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,7 @@ protected override async Task Send(NotificationMessage model, DiscordNotificatio
var discordBody = new DiscordWebhookBody
{
content = model.Message,
username = settings.Username,
username = settings.Username ?? "Ombi",
};

var fields = new List<DiscordField>();
Expand Down
101 changes: 101 additions & 0 deletions src/Ombi.Tests/Middlewear/ApiKeyMiddlewearTests.cs
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
using Microsoft.AspNetCore.Http;
using Moq;
using Moq.AutoMock;
using NUnit.Framework;
using NUnit.Framework.Constraints;
using Ombi.Core.Authentication;
using Ombi.Test.Common;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;

namespace Ombi.Tests.Middlewear
{
[TestFixture]
public class ApiKeyMiddlewearTests
{
private AutoMocker _mocker;
private ApiKeyMiddlewear _subject;
private Mock<IServiceProvider> _serviceProviderMock;

[SetUp]
public void Setup()
{
_mocker = new AutoMocker();
_serviceProviderMock = new Mock<IServiceProvider>();
_mocker.Use(_serviceProviderMock);
_subject = _mocker.CreateInstance<ApiKeyMiddlewear>();
}

[Test]
public async Task NonApiAccess()
{
var context = GetContext();
context.Request.Path = "/notanapi";
await _subject.Invoke(context);

_mocker.Verify<IServiceProvider>(x => x.GetService(It.IsAny<Type>()), Times.Never);
}

[Test]
public async Task ValidateUserAccessToken()
{
var context = GetContext();
context.Request.Path = "/api";
context.Request.Headers.Add("UserAccessToken", new Microsoft.Extensions.Primitives.StringValues("test"));
var user = new Store.Entities.OmbiUser
{
UserAccessToken = "test",
UserName = "unit test"
};
var umMock = MockHelper.MockUserManager(new List<Store.Entities.OmbiUser>
{
user
});
umMock.Setup(x => x.GetRolesAsync(user)).ReturnsAsync(new List<string> { "Admin" });
_mocker.Setup<IServiceProvider, object?>(x => x.GetService(typeof(OmbiUserManager)))
.Returns(umMock.Object);


await _subject.Invoke(context);

_mocker.Verify<IServiceProvider>(x => x.GetService(It.IsAny<Type>()), Times.Once);
umMock.Verify(x => x.UpdateAsync(user), Times.Once);
}

[Test]
public async Task ValidateUserAccessToken_Token_Invalid()
{
var context = GetContext();
context.Request.Path = "/api";
context.Request.Headers.Add("UserAccessToken", new Microsoft.Extensions.Primitives.StringValues("invalid"));
var user = new Store.Entities.OmbiUser
{
UserAccessToken = "test",
UserName = "unit test"
};
var umMock = MockHelper.MockUserManager(new List<Store.Entities.OmbiUser>
{
user
});
umMock.Setup(x => x.GetRolesAsync(user)).ReturnsAsync(new List<string> { "Admin" });
_mocker.Setup<IServiceProvider, object?>(x => x.GetService(typeof(OmbiUserManager)))
.Returns(umMock.Object);


await _subject.Invoke(context);

Assert.That(context.Response.StatusCode, Is.EqualTo(401));
umMock.Verify(x => x.UpdateAsync(user), Times.Never);
}

private HttpContext GetContext()
{
var context = new DefaultHttpContext();
context.RequestServices = _serviceProviderMock.Object;
return context;
}
}
}
2 changes: 2 additions & 0 deletions src/Ombi.Tests/Ombi.Tests.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
<ItemGroup>
<PackageReference Include="Microsoft.AspNetCore.TestHost" Version="6.0.9" />
<PackageReference Include="Moq" Version="4.18.2" />
<PackageReference Include="Moq.AutoMock" Version="3.4.0" />
<PackageReference Include="Nunit" Version="3.13.3" />
<PackageReference Include="Hangfire" Version="1.7.31" />
<PackageReference Include="NUnit.ConsoleRunner" Version="3.15.2" />
Expand All @@ -18,6 +19,7 @@
</ItemGroup>

<ItemGroup>
<ProjectReference Include="..\Ombi.Test.Common\Ombi.Test.Common.csproj" />
<ProjectReference Include="..\Ombi\Ombi.csproj" />
</ItemGroup>

Expand Down
6 changes: 4 additions & 2 deletions src/Ombi/Middleware/ApiKeyMiddlewear.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ public async Task Invoke(HttpContext context)
}
}

private async Task ValidateUserAccessToken(HttpContext context, RequestDelegate next, string key)
private static async Task ValidateUserAccessToken(HttpContext context, RequestDelegate next, string key)
{
if (string.IsNullOrEmpty(key))
{
Expand All @@ -74,11 +74,13 @@ private async Task ValidateUserAccessToken(HttpContext context, RequestDelegate
}
else
{

var identity = new GenericIdentity(user.UserName);
var roles = await um.GetRolesAsync(user);
var principal = new GenericPrincipal(identity, roles.ToArray());
context.User = principal;
user.LastLoggedIn = DateTime.UtcNow;
await um.UpdateAsync(user);

await next.Invoke(context);
}
}
Expand Down

0 comments on commit f229d88

Please sign in to comment.