From 946f28b6fe84a381709d6891e323859c882eaadf Mon Sep 17 00:00:00 2001 From: Kevin Joy Date: Thu, 5 Dec 2024 13:43:02 +0000 Subject: [PATCH] Added NPQAccessToken to gettrn journey --- .../Pages/RequestTrn/Index.cshtml.cs | 17 +++++++++++++- .../PageTests/RequestTrn/IndexTests.cs | 23 +++++++++++++++++-- 2 files changed, 37 insertions(+), 3 deletions(-) diff --git a/TeachingRecordSystem/src/TeachingRecordSystem.AuthorizeAccess/Pages/RequestTrn/Index.cshtml.cs b/TeachingRecordSystem/src/TeachingRecordSystem.AuthorizeAccess/Pages/RequestTrn/Index.cshtml.cs index ce54b678f..abd1880e0 100644 --- a/TeachingRecordSystem/src/TeachingRecordSystem.AuthorizeAccess/Pages/RequestTrn/Index.cshtml.cs +++ b/TeachingRecordSystem/src/TeachingRecordSystem.AuthorizeAccess/Pages/RequestTrn/Index.cshtml.cs @@ -1,10 +1,25 @@ +using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.RazorPages; using TeachingRecordSystem.UiCommon.FormFlow; namespace TeachingRecordSystem.AuthorizeAccess.Pages.RequestTrn; [Journey(RequestTrnJourneyState.JourneyName), ActivatesJourney, RequireJourneyInstance] -public class IndexModel : PageModel +public class IndexModel(IConfiguration configuration) : PageModel { public JourneyInstance? JourneyInstance { get; set; } + private IConfiguration _configuration { get; init; } = configuration; + + [FromQuery] + public string? AccessToken { get; set; } + + public ActionResult OnGet() + { + var whitelistedAccessToken = _configuration.GetValue("NPQWhitelistAccessToken"); + if (!whitelistedAccessToken!.Equals(AccessToken, StringComparison.OrdinalIgnoreCase)) + { + return BadRequest(); + } + return Page(); + } } diff --git a/TeachingRecordSystem/tests/TeachingRecordSystem.AuthorizeAccess.Tests/PageTests/RequestTrn/IndexTests.cs b/TeachingRecordSystem/tests/TeachingRecordSystem.AuthorizeAccess.Tests/PageTests/RequestTrn/IndexTests.cs index abfbd4c7c..c63216ade 100644 --- a/TeachingRecordSystem/tests/TeachingRecordSystem.AuthorizeAccess.Tests/PageTests/RequestTrn/IndexTests.cs +++ b/TeachingRecordSystem/tests/TeachingRecordSystem.AuthorizeAccess.Tests/PageTests/RequestTrn/IndexTests.cs @@ -1,15 +1,18 @@ +using System.Net; + namespace TeachingRecordSystem.AuthorizeAccess.Tests.PageTests.RequestTrn; -public class IndexTests(HostFixture hostFixture) : TestBase(hostFixture) +public class IndexTests(HostFixture hostFixture, IConfiguration configuration) : TestBase(hostFixture) { [Fact] public async Task Get_ValidRequest_RendersExpectedContent() { // Arrange + var npqAccessToken = configuration.GetValue("NPQWhitelistAccessToken"); var state = CreateNewState(); var journeyInstance = await CreateJourneyInstance(state); - var request = new HttpRequestMessage(HttpMethod.Get, $"/request-trn?{journeyInstance.GetUniqueIdQueryParameter()}"); + var request = new HttpRequestMessage(HttpMethod.Get, $"/request-trn?{journeyInstance.GetUniqueIdQueryParameter()}&AccessToken={npqAccessToken}"); // Act var response = await HttpClient.SendAsync(request); @@ -17,4 +20,20 @@ public async Task Get_ValidRequest_RendersExpectedContent() // Assert await AssertEx.HtmlResponseAsync(response); } + + [Fact] + public async Task Get_MissingAccessToken_ReturnsBadRequest() + { + // Arrange + var state = CreateNewState(); + var journeyInstance = await CreateJourneyInstance(state); + + var request = new HttpRequestMessage(HttpMethod.Get, $"/request-trn?{journeyInstance.GetUniqueIdQueryParameter()}&AccessToken="); + + // Act + var response = await HttpClient.SendAsync(request); + + // Assert + Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode); + } }