I have an issue that my FluentValidations does not work on my Clean (Onion) Architecture.
It checks in my AddVehicleCommand class, and checks some rules, but does not apply them (it goes to the repository, and work as there no validations at all)
Here is the usage of FluentValidations
public class AddVehicleCommandValidator : AbstractValidator<AddVehicleCommand>
{
private readonly IVehicleRepositoryAsync _repositoryVehicle;
public AddVehicleCommandValidator(IVehicleRepositoryAsync repositoryVehicle)
{
_repositoryVehicle = repositoryVehicle;
RuleFor(x => x.Vehicle.Model).NotNull().WithMessage("Model is required.");
RuleFor(x => x.Vehicle.Maker).NotNull().WithMessage("Maker is required.");
RuleFor(x => x.Vehicle.UniqueId).NotNull().WithMessage("UniqueId is required").Must(CheckKeyComposition).WithMessage("UniqueId needs to be in fomrat C<number>");
RuleFor(x => x.Vehicle.UniqueId).MustAsync((x, cancellation) => AlreadyInUse(x)).WithMessage("This id is already in use.");
}
private async Task<bool> AlreadyInUse(string key)
{
var entity = await _repositoryVehicle.GetById(key);
if(entity == null)
{
return true;
}
var id = entity.UniqueId;
if(key == id)
{
return true;
}
return false;
}
private bool CheckKeyComposition(string key)
{
var firstChar = key.Substring(0);
var secondChar = key.Substring(1, key.Length-1);
int number;
bool res = int.TryParse(secondChar, out number);
if (firstChar.Equals("C") && res)
{
return true;
}
else
{
return false;
}
}
}
and I implemented Behavior for this FLuentValidation:
public class ValidationBehavior<TRequest, TResponse> : IPipelineBehavior<TRequest, TResponse>
where TRequest : IRequest<TResponse>
{
private readonly IEnumerable<IValidator<TRequest>> _validators;
public ValidationBehavior(IEnumerable<IValidator<TRequest>> validators)
{
_validators = validators;
}
public async Task<TResponse> Handle(TRequest request, RequestHandlerDelegate<TResponse> next, CancellationToken cancellationToken)
{
if (_validators.Any())
{
var context = new ValidationContext<TRequest>(request);
var validationResults = await Task.WhenAll(_validators.Select(v => v.ValidateAsync(context, cancellationToken)));
var failures = validationResults.SelectMany(r => r.Errors).Where(f => f != null).ToList();
}
return await next();
}
}
Also I have registered FLuentValidation in my ServiceExtension class (DI):
public static class ServiceExtension
{
public static void AddApplicationLayer(this IServiceCollection services)
{
services.AddValidatorsFromAssembly(Assembly.GetExecutingAssembly());
services.AddMediatR(Assembly.GetExecutingAssembly());
services.AddAutoMapper(Assembly.GetExecutingAssembly());
}
}
The example of calling logic for AddVehicleCommand:
public class AddVehicleCommand : IRequest<Result<VehicleDto>>
{
public VehicleDto? Vehicle { get; set; }
}
public class AddVehicleCommandHanlder : IRequestHandler<AddVehicleCommand, Result<VehicleDto>>
{
private readonly IVehicleRepositoryAsync _vehicleRepository;
private IMapper _mapper;
public AddVehicleCommandHanlder(IVehicleRepositoryAsync vehicleRepository, IMapper mapper)
{
_vehicleRepository = vehicleRepository;
_mapper = mapper;
}
public async Task<Result<VehicleDto>> Handle(AddVehicleCommand request, CancellationToken cancellationToken)
{
Result<VehicleDto> result = new();
try
{
if (request.Vehicle != null)
{
VehicleDto vehicle = new();
vehicle.Maker = request.Vehicle.Maker;
vehicle.Model = request.Vehicle.Model;
vehicle.UniqueId = await getNewId();
Vehicle entity = _mapper.Map<Vehicle>(vehicle);
var response = await _vehicleRepository.AddAsync(entity);
result.Success = true;
result.StatusCode = System.Net.HttpStatusCode.OK;
result.Data = vehicle;
return result;
}
}
catch (Exception ex)
{
result.ErrorMessage = ex.Message;
result.StatusCode = System.Net.HttpStatusCode.InternalServerError;
result.Success = false;
return result;
}
result.ErrorMessage = "Bad request.";
result.StatusCode = System.Net.HttpStatusCode.BadRequest;
result.Success = false;
return result;
}
private async Task<string> getNewId()
{
var latestId = await getLatestFreeId();
var newId = (Convert.ToInt32(latestId.Substring(1, latestId.Length-1)) + 1).ToString();
return string.Format("C{0}", newId);
}
private async Task<string> getLatestFreeId()
{
var latestId = await _vehicleRepository.GetLatestFreeId();
if (string.IsNullOrEmpty(latestId))
{
//default Vehicle Id
return "C0";
}
return latestId;
}
}
It hit the validator, but doesnt apply it (does not return any error, but success code). Why?
UPDATE#1:
I partially succeeded to present errors with this Behavior:
public class ValidationBehavior<TRequest, TResponse> : IPipelineBehavior<TRequest, TResponse> where TRequest : IRequest<TResponse>
{
private readonly IEnumerable<IValidator<TRequest>> _validators;
public ValidationBehavior(IEnumerable<IValidator<TRequest>> validators)
{
_validators = validators;
}
public Task<TResponse> Handle(TRequest request, RequestHandlerDelegate<TResponse> next, CancellationToken cancellationToken)
{
var context = new ValidationContext<TRequest>(request);
var failures = _validators
.Select(v => v.Validate(context))
.SelectMany(result => result.Errors)
.Where(f => f != null)
.ToList();
if (failures.Count != 0)
{
throw new FluentValidation.ValidationException(failures);
}
return next();
}
}
Also, I changed the registration of fluentvalidation:
public static IServiceCollection AddApplicationLayer(this IServiceCollection services)
{
services.AddMediatR(Assembly.GetExecutingAssembly());
services.AddTransient(typeof(IPipelineBehavior<,>), typeof(ValidationBehavior<,>));
services.AddValidatorsFromAssembly(Assembly.GetExecutingAssembly());
services.AddAutoMapper(Assembly.GetExecutingAssembly());
return services;
}
But Status code is 500, and I would like to be 400 BadRequest, also, I would like to have better preview in some kind of list or something
Related
We are using a MediatR pipeline behavior with fluent validation but for some reason one of our validator classes is not working with the pipeline behaviour. Here is the misbehaving validator...
public class LinkProfilePhotoQueryValidator : AbstractValidator<LinkProfilePhotoQuery>
{
public LinkProfilePhotoQueryValidator(
ITableSecurityService tableSecurityService)
{
this.RuleFor(c => c)
.MustAsync(async (record, token) =>
{
var tableSecurity = (
await tableSecurityService.GetTableSecurityForEmployee(
Table.ProfilePictures,
record.EmployeeId,
token)
);
if (tableSecurity.Read.Enabled)
return true;
else
throw new PermissionDeniedException("You do not have permissions to view this profile photo");
});
}
}
I am getting an error back which says "The validator "LinkProfilePhotoQueryValidator" can't be used with ASP.NET automatic validation as it contains asynchronous rules." and MediatR documetation tells me to use the ValidateAsync when getting this error. We have ValidateAsync setup in a Pipeline behavior but for some reason, and on only this validator alone, it does not use this behavior.
public class RequestValidationBehavior<TRequest, TResponse>
: IPipelineBehavior<TRequest, TResponse>
where TRequest : IRequest<TResponse>
{
private readonly IEnumerable<IValidator<TRequest>> validators;
public RequestValidationBehavior(IEnumerable<IValidator<TRequest>> validators)
=> this.validators = validators;
public async Task<TResponse> Handle(
TRequest request,
CancellationToken cancellationToken,
RequestHandlerDelegate<TResponse> next)
{
var context = new ValidationContext<TRequest>(request);
var validationResults = new List<ValidationResult>();
foreach (var validator in this.validators)
{
validationResults.Add(await validator.ValidateAsync(context, cancellationToken));
}
var errors = validationResults
.SelectMany(result => result.Errors)
.Where(f => f != null)
.ToList();
if (errors.Count != 0)
{
throw new ModelValidationException(errors);
}
return await next();
}
}
And this is the request handler it should be validating
public class LinkProfilePhotoQuery : IRequest<LinkProfilePhotoOutputModel>
{
public string EmployeeId { get; set; } = default!;
public class LinkProfilePhotoQueryHandler : BaseHandler, IRequestHandler<
LinkProfilePhotoQuery,
LinkProfilePhotoOutputModel>
{
private readonly IFileService fileService;
private readonly IProfilePhotoQueryRepository photoRepository;
public LinkProfilePhotoQueryHandler(
IFileService fileService,
IProfilePhotoQueryRepository photoRepository,
ICurrentUser currentUser,
Domain.Users.Repositories.IUserDomainRepository userRepository) : base(currentUser, userRepository)
{
this.fileService = fileService;
this.photoRepository = photoRepository;
}
public async Task<LinkProfilePhotoOutputModel> Handle(
LinkProfilePhotoQuery request,
CancellationToken cancellationToken)
{
var photo = await photoRepository.GetDetails(
request.EmployeeId,
DateTime.UtcNow,
cancellationToken);
if (photo == null)
throw new NotFoundException("EmployeeId", request.EmployeeId);
var stream = await fileService.GetFile(
StorageContainer.Talent,
photo.FileNameOnDisk,
cancellationToken);
if (stream == null)
throw new NotFoundException("Photo", request.EmployeeId);
return new LinkProfilePhotoOutputModel($"data:{photo.ContentType};base64,{Convert.ToBase64String(stream.ToArray())}");
}
}
}
I have a multi tenant web API where I seed a database with initial data.
I also have a transient IUserService which has a GetCustomerId function to retrieve the current customerId. This service is used in the databaseContext to store the CustomerId foreign key on the created domain entity "under the hood".
So when I seed the database I create a new scope and use a ICurrentUserInitializer to set the CustomerId in the IUserService for that scope, so the CustomerId is valid when the database context stores the entity.
This works just fine in development, but not for testing. Since I want to mock the IUserService when I test, this means that Moq overrides the GetCustomerId. But I only want to mock that service AFTER I've finished seeding the test database.
I've also tried not mocking the IUserService, and instead use a ICurrentUserInitializer for every test that runs, i.e. for every test, create a new scope, set the CustomerId with the ICurrentUserInitializer in that scope, and run the test in that scope, and then reset for the next test. This seems to work, but isn't as flexible when you want to run tests as different users and it doesn't seem as elegant, since I have to write more code to handle the scope correctly.
I Use xUnit, Moq, Respawn, and Microsoft.AspNetCore.Mvc.Testing
DbContext :
public override async Task<int> SaveChangesAsync(CancellationToken cancellationToken = new CancellationToken())
{
int? customerId = CurrentUser.GetCustomerId();
HandleAuditingBeforeSaveChanges(customerId);
int result = await base.SaveChangesAsync(cancellationToken);
return result;
}
private void HandleAuditingBeforeSaveChanges(int? customerId)
{
foreach (var entry in ChangeTracker.Entries<IMustHaveTenant>().ToList())
{
entry.Entity.CustomerId = entry.State switch
{
EntityState.Added => customerId.Value,
_ => entry.Entity.CustomerId
};
}
}
DatabaseInitializer :
public async Task InitializeApplicationDbForCustomerAsync(Customer Customer, CancellationToken cancellationToken)
{
// First create a new scope
using var scope = _serviceProvider.CreateScope();
// This service injects a CustomerId, so that ICurrentUser retrieves this value, but
// doesn't work, since Moq overrides the value
scope.ServiceProvider.GetRequiredService<ICurrentUserInitializer>()
.SetCurrentCustomerId(customer.Id);
// Then run the initialization in the new scope
await scope.ServiceProvider.GetRequiredService<ApplicationDbSeeder>()
.SeedDatabaseAsync(_dbContext, cancellationToken);
}
CustomWebApplicationFactory:
public class CustomWebApplicationFactory : WebApplicationFactory<Program>
{
protected override void ConfigureWebHost(IWebHostBuilder builder)
{
builder.ConfigureAppConfiguration(configurationBuilder =>
{
var integrationConfig = new ConfigurationBuilder()
.AddJsonFile("appsettings.json")
.AddEnvironmentVariables()
.Build();
configurationBuilder.AddConfiguration(integrationConfig);
});
builder.ConfigureServices((context, services) =>
{
services
.Remove<DbContextOptions<ApplicationDbContext>>()
.AddDbContext<ApplicationDbContext>((sp, options) =>
{
options.UseSqlServer(context.Configuration.GetConnectionString("DefaultConnection"),
builder => builder.MigrationsAssembly(typeof(ApplicationDbContext).Assembly.FullName));
});
});
builder.ConfigureTestServices(services =>
{
services
.Remove<ICurrentUser>()
.AddTransient(_ => Mock.Of<ICurrentUser>(s =>
s.GetCustomerId() == GetCurrentCustomerId()));
});
}
}
Testing / CollectionFixture :
public class DatabaseCollection : ICollectionFixture<Testing>
{
}
public partial class Testing : IAsyncLifetime
{
private static WebApplicationFactory<Program> _factory = null!;
private static IConfiguration _configuration = null!;
private static IServiceScopeFactory _scopeFactory = null!;
private static Checkpoint _checkpoint = null!;
private static int? _currentCustomerId = null;
public Task InitializeAsync()
{
_factory = new CustomWebApplicationFactory();
_scopeFactory = _factory.Services.GetRequiredService<IServiceScopeFactory>();
_configuration = _factory.Services.GetRequiredService<IConfiguration>();
_checkpoint = new Checkpoint
{
TablesToIgnore = new[] { new Table("__EFMigrationsHistory") },
};
return Task.CompletedTask;
}
public static int? GetCurrentCustomerId()
{
return _currentCustomerId;
}
public static void RunAsDefaultUserAsync()
{
_currentCustomerId = DefaultValues.Customer.Id;
}
public static async Task<TResponse> SendAsync<TResponse>(IRequest<TResponse> request)
{
using var scope = _scopeFactory.CreateScope();
var mediator = scope.ServiceProvider.GetRequiredService<ISender>();
return await mediator.Send(request);
}
public static async Task<TEntity?> FindAsync<TEntity>(params object[] keyValues)
where TEntity : class
{
using var scope = _scopeFactory.CreateScope();
var context = scope.ServiceProvider.GetRequiredService<ApplicationDbContext>();
return await context.FindAsync<TEntity>(keyValues);
}
public static async Task AddAsync<TEntity>(TEntity entity)
where TEntity : class
{
using var scope = _scopeFactory.CreateScope();
var context = scope.ServiceProvider.GetRequiredService<ApplicationDbContext>();
context.Add(entity);
await context.SaveChangesAsync();
}
public static async Task ResetState()
{
await _checkpoint.Reset(_configuration.GetConnectionString("DefaultConnection"));
await _factory.Services.InitializeDatabasesAsync();
_currentCustomerId = null;
}
public Task DisposeAsync()
{
return Task.CompletedTask;
}
}
DepartmentTest:
[Collection("Database collection")]
public class GetDepartmentsTest : BaseTestFixture
{
[Fact]
public async Task ShouldReturnDepartments()
{
RunAsDefaultUserAsync();
var query = new ListDepartmentRequest();
var result = await SendAsync(query);
result.ShouldNotBeNull();
}
[Fact]
public async Task ShouldReturnAllDepartments()
{
RunAsDefaultUserAsync();
await AddAsync(new Department
{
Description = "Department 1",
});
await AddAsync(new Department
{
Description = "Department 2",
});
var query = new ListDepartmentRequest();
var result = await SendAsync(query);
result.ShouldNotBeNull();
result.Count.ShouldBe(2);
}
}
BaseTestFixture:
public class BaseTestFixture : IAsyncLifetime
{
public async Task InitializeAsync()
{
await ResetState();
}
public async Task DisposeAsync()
{
await ResetState();
//return Task.CompletedTask;
}
}
I'm stuck and the docks for the lib are unhelpful. Given the below saga definition:
public class GetOrdersStateMachine : MassTransitStateMachine<GetOrdersState>
{
public State? FetchingOrdersAndItems { get; private set; }
public Event<GetOrders>? GetOrdersIntegrationEventReceived { get; private set; }
public GetOrdersStateMachine()
{
Initially(
When(GetOrdersIntegrationEventReceived)
.Activity(AddAccountIdToState)
.TransitionTo(FetchingOrdersAndItems));
}
private EventActivityBinder<GetOrdersState, GetOrders> AddAccountIdToState(
IStateMachineActivitySelector<GetOrdersState, GetOrders> sel) =>
sel.OfType<AddAccountIdToStateActivity>();
}
And the below activity definition:
public class AddAccountIdToStateActivity : Activity<GetOrdersState, GetOrders>
{
private readonly IPartnerService _partnerService;
public AddAccountIdToStateActivity(IPartnerService partnerService) => _partnerService = partnerService;
public void Probe(ProbeContext context) =>
context.CreateScope($"GetOrders{nameof(AddAccountIdToStateActivity)}");
public void Accept(StateMachineVisitor visitor) => visitor.Visit(this);
public async Task Execute(
BehaviorContext<GetOrdersState, GetOrders> context,
Behavior<GetOrdersState, GetOrders> next)
{
context.Instance.AccountId = await _partnerService.GetAccountId(context.Data.PartnerId);
await next.Execute(context);
}
public Task Faulted<TException>(
BehaviorExceptionContext<GetOrdersState, GetOrders, TException> context,
Behavior<GetOrdersState, GetOrders> next) where TException : Exception =>
next.Faulted(context);
}
And the below test definition:
var machine = new GetOrdersStateMachine();
var harness = new InMemoryTestHarness();
var sagaHarness = harness.StateMachineSaga<GetOrdersState, GetOrdersStateMachine>(machine);
var #event = new GetOrders("1", new[] {MarketplaceCode.De}, DateTime.UtcNow);
await harness.Start();
try
{
await harness.Bus.Publish(#event);
await harness.Bus.Publish<ListOrdersErrorResponseReceived>(new
{
#event.CorrelationId,
AmazonError = "test"
});
var errorMessages = sagaHarness.Consumed.Select<ListOrdersErrorResponseReceived>().ToList();
var sagaResult = harness.Published.Select<AmazonOrdersReceived>().ToList();
var state = sagaHarness.Sagas.Contains(#event.CorrelationId);
harness.Consumed.Select<GetOrders>().Any().Should().BeTrue();
sagaHarness.Consumed.Select<GetOrders>().Any().Should().BeTrue();
harness.Consumed.Select<ListOrdersErrorResponseReceived>().Any().Should().BeTrue();
errorMessages.Any().Should().BeTrue();
sagaResult.First().Context.Message.IsFaulted.Should().BeTrue();
errorMessages.First().Context.Message.CorrelationId.Should().Be(#event.CorrelationId);
errorMessages.First().Context.Message.AmazonError.Should().Be("test");
state.IsFaulted.Should().BeTrue();
}
finally
{
await harness.Stop();
}
As you can see, the AddAccountToStateActivity has a dependency on the IPartnerService. I can't figure a way to configure that dependency.There's nothing in the docs and neither can I find anything on the github. How do I do it?
Thanks to the help of one of the library's authors I ended up writing this code:
private static (InMemoryTestHarness harness, IStateMachineSagaTestHarness<GetOrdersState, GetOrdersStateMachine> sagaHarness) ConfigureAndGetHarnesses()
{
var provider = new ServiceCollection()
.AddMassTransitInMemoryTestHarness(cfg =>
{
cfg.AddSagaStateMachine<GetOrdersStateMachine, GetOrdersState>().InMemoryRepository();
cfg.AddSagaStateMachineTestHarness<GetOrdersStateMachine, GetOrdersState>();
})
.AddLogging()
.AddSingleton(Mock.Of<IPartnerService>())
.AddSingleton(Mock.Of<IStorage>())
.BuildServiceProvider(true);
var harness = provider.GetRequiredService<InMemoryTestHarness>();
var sagaHarness = provider
.GetRequiredService<IStateMachineSagaTestHarness<GetOrdersState, GetOrdersStateMachine>>();
return (harness, sagaHarness);
}
As you can see I'm registering my mocks with the ServiceProvider.
I'm using ASP.NET Boilerplate with .NET Core 3.1.
I'm trying to save SignalR chat history to the database. The problem is when I want to create a subclass of AsyncCrudAppService and Hub, an error occurred with below text:
Class MessageAppService cannot have multiple base classes 'Hub' and 'AsyncCrudAppService'
Here is my code:
namespace MyProject.ChatAppService
{
public class MessageAppService : Hub, AsyncCrudAppService<Message, MessageDto, int, PagedAndSortedResultRequestDto, CreateMessageDto, UpdateMessageDto, ReadMessageDto>
{
private readonly IRepository<Message> _repository;
private readonly IDbContextProvider<MyProjectDbContext> _dbContextProvider;
private MyProjectPanelDbContext db => _dbContextProvider.GetDbContext();
public MessageAppService(
IDbContextProvider<MyProjectDbContext> dbContextProvider,
IRepository<Message> repository)
: base(repository)
{
_repository = repository;
_dbContextProvider = dbContextProvider;
}
public List<Dictionary<long, Tuple<string, string>>> InboxChat()
{
// The result will be List<userid, Tuple<username, latest message>>();
List<Dictionary<long, Tuple<string, string>>> result = new List<Dictionary<long, Tuple<string, string>>>();
List<User> listOfAllUsers = db.Set<User>().ToList();
listOfAllUsers.ForEach((user) =>
{
try
{
var dict = new Dictionary<long, Tuple<string, string>>();
var latestMessage = (from msg in db.Set<Message>() select msg)
.Where(msg => msg.CreatorUserId == user.Id && msg.receiverID == AbpSession.UserId)
.OrderByDescending(x => x.CreationTime)
.FirstOrDefault()
.Text.ToString();
dict.Add(user.Id, Tuple.Create(user.UserName, latestMessage));
result.Add(dict);
}
catch (Exception ex)
{
new UserFriendlyException(ex.Message.ToString());
}
});
return result;
}
public List<Message> getMessageHistory(int senderId)
{
return _repository.GetAll()
.Where(x => x.CreatorUserId == senderId && x.receiverID == AbpSession.UserId )
.ToList();
}
}
}
How could I avoid this error?
Update
Here is MyChatHub code that I wanted to combine with the AsyncCrudAppService subclass to become one class (I don't know if this way is correct but this was what came to my mind!).
public class MyChatHub : Hub, ITransientDependency
{
public IAbpSession AbpSession { get; set; }
public ILogger Logger { get; set; }
public MyChatHub()
{
AbpSession = NullAbpSession.Instance;
Logger = NullLogger.Instance;
}
public async Task SendMessage(string message)
{
await Clients.All.SendAsync("getMessage", string.Format("User {0}: {1}", AbpSession.UserId, "the message that has been sent from client is "+message));
}
public async Task ReceiveMessage(string msg, long userId)
{
if (this.Clients != null)
{
await Clients.User(userId.ToString())
.SendAsync("ReceiveMessage", msg, "From Server by userID ", Context.ConnectionId, Clock.Now);
}
else
{
throw new UserFriendlyException("something wrong");
}
}
public override async Task OnConnectedAsync()
{
await base.OnConnectedAsync();
Logger.Debug("A client connected to MyChatHub: " + Context.ConnectionId);
}
public override async Task OnDisconnectedAsync(Exception exception)
{
await base.OnDisconnectedAsync(exception);
Logger.Debug("A client disconnected from MyChatHub: " + Context.ConnectionId);
}
}
Your AsyncCrudAppService subclass can't and shouldn't inherit Hub.
Instead, inject and use IHubContext<MyChatHub> similar to ABP's SignalRRealTimeNotifier.
public MessageAppService(
IHubContext<MyChatHub> hubContext,
IDbContextProvider<MyProjectDbContext> dbContextProvider,
IRepository<Message> repository)
: base(repository)
{
_dbContextProvider = dbContextProvider;
_hubContext = hubContext;
_repository = repository;
}
To send a message to all clients, call _hubContext.Clients.All.SendAsync(...).
References:
https://learn.microsoft.com/en-us/aspnet/core/signalr/hubcontext?view=aspnetcore-3.1
https://aspnetboilerplate.com/Pages/Documents/SignalR-AspNetCore-Integration
I have an application in ASP.NET Core MVC (dnx46) RC1 with an AuthorizationHandler:
public class AppSumAuthAuthorizationHandler : AuthorizationHandler<AppSumAuthRequirement>
{
private readonly IUserRepository _userRepository;
private readonly IUserRoleRepository _userRoleRepository;
public AppSumAuthAuthorizationHandler(IUserRepository userRepository, IUserRoleRepository userRoleRepository)
{
_userRepository = userRepository;
_userRoleRepository = userRoleRepository;
}
protected override async void Handle(AuthorizationContext context, AppSumAuthRequirement requirement)
{
await HandleAsync(context,requirement);
}
protected override async Task HandleAsync(AuthorizationContext context, AppSumAuthRequirement requirement)
{
var currentUserName = context.User.Identity.Name;
var currentUser = await _userRepository.GetAsync(u => u.UserName == context.User.Identity.Name);
// Create user that does not yet exist
if(currentUser == null)
{
var user = new User(currentUserName);
/* Temporary add SysAdmin role */
using(new CreatedBySystemProvider(_userRepository))
{
_userRepository.Add(user);
await _userRepository.SaveChangesAsync();
if (string.Equals(currentUserName, #"BIJTJES\NilsG", StringComparison.CurrentCultureIgnoreCase))
{
user.AddRole(1);
}
currentUser = await _userRepository.GetAsync(u => u.Id == user.Id);
}
}
var resource = (Microsoft.AspNet.Mvc.Filters.AuthorizationContext) context.Resource;
var controllerActionDescriptor = resource.ActionDescriptor as ControllerActionDescriptor;
var controllerName = controllerActionDescriptor.ControllerName;
var actionName = controllerActionDescriptor.Name;
string moduleName;
try
{
// Get the name of the module
moduleName = ((ModuleAttribute)controllerActionDescriptor.ControllerTypeInfo.GetCustomAttributes(false).First(a => a.GetType().Name == "ModuleAttribute")).ModuleName;
}
catch(InvalidOperationException ex)
{
context.Fail();
throw new InvalidOperationException($"The Module Attribute is required on basecontroller {controllerName}.", ex);
}
var access = new Access(moduleName, controllerName, actionName);
if (await currentUser.HasPermissionTo(UrlAccessLevel.Access).OnAsync(access))
{
context.Succeed(requirement);
}
else
{
context.Fail();
}
}
}
The requirement class is empty:
public interface IAppSumAuthRequirement : IAuthorizationRequirement
{
}
public class AppSumAuthRequirement : IAppSumAuthRequirement
{
}
The Module attribute is also nothing special:
public class ModuleAttribute : Attribute
{
public string ModuleName { get; private set; }
public ModuleAttribute(string moduleName)
{
ModuleName = moduleName;
}
public override string ToString()
{
return ModuleName;
}
}
The exception filter:
public class JsonExceptionFilterAttribute : ExceptionFilterAttribute
{
public override void OnException(ExceptionContext context)
{
var exception = context.Exception;
context.HttpContext.Response.StatusCode = 500;
context.Result = new JsonResult(new Error
{
Message = exception.Message,
InnerException = exception.InnerException?.InnerException?.Message,
Data = exception.Data,
ErrorCode = exception.HResult,
Source = exception.Source,
Stacktrace = exception.StackTrace,
ErrorType = exception.GetType().ToString()
});
}
}
and policy are configured in my Startup.cs:
public IServiceProvider ConfigureServices(IServiceCollection services)
{
services.AddMvc(options =>
{
options.Filters.Add(new JsonExceptionFilterAttribute());
options.ModelBinders.Insert(0, new NullableIntModelBinder());
}).AddJsonOptions(options => {
options.SerializerSettings.ReferenceLoopHandling = Newtonsoft.Json.ReferenceLoopHandling.Ignore;
options.SerializerSettings.ContractResolver = new Newtonsoft.Json.Serialization.CamelCasePropertyNamesContractResolver();
});
// Security
services.AddAuthorization(options =>
{
options.AddPolicy("AppSumAuth",
policy => policy.Requirements.Add(new AppSumAuthRequirement()));
});
}
and the policy is set on all controllers, by inheriting BaseController:
[Authorize(Policy = "AppSumAuth")]
public class BaseController : Controller
{
public BaseController()
{
}
}
So, in my handler, I get the controllername, actionname and modulename (from the attribute set on the controllers):
[Module("Main")]
When this attribute is not set on a controller, I would like to catch the exception and report this back to the developer calling the controller and deny access. To do this, I've added:
catch(InvalidOperationException ex)
{
context.Fail();
throw new InvalidOperationException($"The Module Attribute is required on basecontroller {controllerName}.", ex);
}
The JsonExceptionFilter is called perfectly when there is an exception in the controllers. It is however not called when there is an error in the AuthorizationHandler.
So the question:
How can I get the Exceptions to be caught by the JsonExceptionFilter?
What am I doing wrong?
Solution:
Startup.cs:
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
// For Windows Auth!
app.UseIISPlatformHandler();
app.UseStaticFiles();
app.UseExceptionHandler(AppSumExceptionMiddleware.JsonHandler());
app.UseMvc();
}
And my middleware:
public class AppSumExceptionMiddleware
{
public static Action<IApplicationBuilder> JsonHandler()
{
return errorApp =>
{
errorApp.Run(async context =>
{
var exception = context.Features.Get<IExceptionHandlerFeature>();
if (exception != null)
{
var exceptionJson = Encoding.UTF8.GetBytes(
JsonConvert.SerializeObject(new AppSumException(exception.Error),
new JsonSerializerSettings
{
ContractResolver = new CamelCasePropertyNamesContractResolver()
})
);
context.Response.ContentType = "application/json";
await context.Response.Body.WriteAsync(exceptionJson, 0, exceptionJson.Length);
}
});
};
}
}
Action filter can be used as a method filter, controller filter, or global filter only for MVC HTTP requests. In your case you need to use a middleware, as
Middleware is component that "sit" on the HTTP pipeline and examine
all requests and responses.
As you want to works with exception, you may use ready-to-use ExceptionHandler middleware:
app.UseExceptionHandler(errorApp =>
{
errorApp.Run(async context =>
{
context.Response.StatusCode = 500; // for example
var error = context.Features.Get<IExceptionHandlerFeature>();
if (error != null)
{
var ex = error.Error;
// custom logic
}
});
});