From 6d7ef6ec590e7ce89ea625ef0746ec7b7369a87c Mon Sep 17 00:00:00 2001 From: Kevin Joy Date: Thu, 5 Dec 2024 13:43:02 +0000 Subject: [PATCH] Added NPQAccessToken to gettrn journey --- .../Pages/RequestTrn/Index.cshtml.cs | 16 +++++++++++++- .../appsettings.Testing.json | 3 ++- .../PageTests/RequestTrn/IndexTests.cs | 21 +++++++++++++++++-- 3 files changed, 36 insertions(+), 4 deletions(-) diff --git a/TeachingRecordSystem/src/TeachingRecordSystem.AuthorizeAccess/Pages/RequestTrn/Index.cshtml.cs b/TeachingRecordSystem/src/TeachingRecordSystem.AuthorizeAccess/Pages/RequestTrn/Index.cshtml.cs index ce54b678f..24c5aeb88 100644 --- a/TeachingRecordSystem/src/TeachingRecordSystem.AuthorizeAccess/Pages/RequestTrn/Index.cshtml.cs +++ b/TeachingRecordSystem/src/TeachingRecordSystem.AuthorizeAccess/Pages/RequestTrn/Index.cshtml.cs @@ -1,10 +1,24 @@ +using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.RazorPages; using TeachingRecordSystem.UiCommon.FormFlow; namespace TeachingRecordSystem.AuthorizeAccess.Pages.RequestTrn; [Journey(RequestTrnJourneyState.JourneyName), ActivatesJourney, RequireJourneyInstance] -public class IndexModel : PageModel +public class IndexModel(IConfiguration configuration) : PageModel { public JourneyInstance? JourneyInstance { get; set; } + + [FromQuery] + public string? AccessToken { get; set; } + + public ActionResult OnGet() + { + var whitelistedAccessToken = configuration.GetRequiredValue("RequestTrnAccessToken"); + if (!whitelistedAccessToken.Equals(AccessToken, StringComparison.Ordinal)) + { + return BadRequest(); + } + return Page(); + } } diff --git a/TeachingRecordSystem/src/TeachingRecordSystem.AuthorizeAccess/appsettings.Testing.json b/TeachingRecordSystem/src/TeachingRecordSystem.AuthorizeAccess/appsettings.Testing.json index a1507c044..03f632c95 100644 --- a/TeachingRecordSystem/src/TeachingRecordSystem.AuthorizeAccess/appsettings.Testing.json +++ b/TeachingRecordSystem/src/TeachingRecordSystem.AuthorizeAccess/appsettings.Testing.json @@ -7,5 +7,6 @@ "Microsoft.AspNetCore": "Fatal" } } - } + }, + "RequestTrnAccessToken": "n8hhN5MSrNXxCzRo" } diff --git a/TeachingRecordSystem/tests/TeachingRecordSystem.AuthorizeAccess.Tests/PageTests/RequestTrn/IndexTests.cs b/TeachingRecordSystem/tests/TeachingRecordSystem.AuthorizeAccess.Tests/PageTests/RequestTrn/IndexTests.cs index abfbd4c7c..334072051 100644 --- a/TeachingRecordSystem/tests/TeachingRecordSystem.AuthorizeAccess.Tests/PageTests/RequestTrn/IndexTests.cs +++ b/TeachingRecordSystem/tests/TeachingRecordSystem.AuthorizeAccess.Tests/PageTests/RequestTrn/IndexTests.cs @@ -1,15 +1,16 @@ namespace TeachingRecordSystem.AuthorizeAccess.Tests.PageTests.RequestTrn; -public class IndexTests(HostFixture hostFixture) : TestBase(hostFixture) +public class IndexTests(HostFixture hostFixture, IConfiguration configuration) : TestBase(hostFixture) { [Fact] public async Task Get_ValidRequest_RendersExpectedContent() { // Arrange + var accessToken = configuration.GetValue("RequestTrnAccessToken"); var state = CreateNewState(); var journeyInstance = await CreateJourneyInstance(state); - var request = new HttpRequestMessage(HttpMethod.Get, $"/request-trn?{journeyInstance.GetUniqueIdQueryParameter()}"); + var request = new HttpRequestMessage(HttpMethod.Get, $"/request-trn?{journeyInstance.GetUniqueIdQueryParameter()}&AccessToken={accessToken}"); // Act var response = await HttpClient.SendAsync(request); @@ -17,4 +18,20 @@ public async Task Get_ValidRequest_RendersExpectedContent() // Assert await AssertEx.HtmlResponseAsync(response); } + + [Fact] + public async Task Get_MissingAccessToken_ReturnsBadRequest() + { + // Arrange + var state = CreateNewState(); + var journeyInstance = await CreateJourneyInstance(state); + + var request = new HttpRequestMessage(HttpMethod.Get, $"/request-trn?{journeyInstance.GetUniqueIdQueryParameter()}&AccessToken="); + + // Act + var response = await HttpClient.SendAsync(request); + + // Assert + Assert.Equal(StatusCodes.Status400BadRequest, (int)response.StatusCode); + } }