Skip to content

Commit

Permalink
Merge pull request #175 from vtex-apps/fix/mutation-authtentication
Browse files Browse the repository at this point in the history 
Fix: authetications in mutations
  • Loading branch information
@cdcs0128
cdcs0128 authored May 8, 2024
2 parents 210362f + 6ffaa84 commit 4a7242e
Showing 1 changed file with 24 additions and 10 deletions.
34 changes: 24 additions & 10 deletions dotnet/Services/WishListService.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -103,33 +103,39 @@ public async Task<bool> SaveList(IList<ListItem> listItems, string shopperId, st
public async Task<int?> SaveItem(ListItem listItem, string shopperId, string listName, bool? isPublic)
{

if (string.IsNullOrEmpty(_context.Vtex.StoreUserAuthToken))
string VtexIdclientAutCookieKey = this._httpContextAccessor.HttpContext.Request.Headers["VtexIdclientAutCookie"];

if (string.IsNullOrEmpty(_context.Vtex.StoreUserAuthToken) && string.IsNullOrEmpty(_context.Vtex.AdminUserAuthToken) && string.IsNullOrEmpty(VtexIdclientAutCookieKey))
{
return null;
}

ValidatedUser validatedUser = null;
ValidatedUser validatedAdminUser = null;
ValidatedUser validatedKeyApp = null;

try {
validatedUser = await ValidateUserToken(_context.Vtex.StoreUserAuthToken);
validatedAdminUser = await ValidateUserToken(_context.Vtex.AdminUserAuthToken);
validatedKeyApp = await ValidateUserToken(VtexIdclientAutCookieKey);
}
catch (Exception ex)
{
_context.Vtex.Logger.Error("IsValidAuthUser", null, "Error fetching user", ex);

return null;
}

bool hasPermission = validatedUser != null && validatedUser.AuthStatus.Equals("Success");
bool hasAdminPermission = validatedAdminUser != null && validatedAdminUser.AuthStatus.Equals("Success");
bool hasPermissionToken = validatedKeyApp != null && validatedKeyApp.AuthStatus.Equals("Success");

if (!hasPermission)
if (!hasPermission && !hasAdminPermission && !hasPermissionToken)
{
_context.Vtex.Logger.Warn("IsValidAuthUser", null, "User Does Not Have Permission");

return null;
}

if(hasPermission) {
if (hasPermission || hasAdminPermission || hasPermissionToken) {

IList<ListItem> listItemsToSave = null;

Expand Down Expand Up @@ -189,6 +195,7 @@ public async Task<bool> SaveList(IList<ListItem> listItems, string shopperId, st
return listItem.Id;

} else {

return null;
}

Expand All @@ -198,33 +205,40 @@ public async Task<bool> SaveList(IList<ListItem> listItems, string shopperId, st
public async Task<bool> RemoveItem(int itemId, string shopperId, string listName)
{

if (string.IsNullOrEmpty(_context.Vtex.StoreUserAuthToken))
string VtexIdclientAutCookieKey = this._httpContextAccessor.HttpContext.Request.Headers["VtexIdclientAutCookie"];

if (string.IsNullOrEmpty(_context.Vtex.StoreUserAuthToken) && string.IsNullOrEmpty(_context.Vtex.AdminUserAuthToken) && string.IsNullOrEmpty(VtexIdclientAutCookieKey))
{
return false;
}

ValidatedUser validatedUser = null;
ValidatedUser validatedAdminUser = null;
ValidatedUser validatedKeyApp = null;

try {
validatedUser = await ValidateUserToken(_context.Vtex.StoreUserAuthToken);
validatedAdminUser = await ValidateUserToken(_context.Vtex.AdminUserAuthToken);
validatedKeyApp = await ValidateUserToken(VtexIdclientAutCookieKey);
}
catch (Exception ex)
{
_context.Vtex.Logger.Error("IsValidAuthUser", null, "Error fetching user", ex);

return false;
}

bool hasPermission = validatedUser != null && validatedUser.AuthStatus.Equals("Success");
bool hasAdminPermission = validatedAdminUser != null && validatedAdminUser.AuthStatus.Equals("Success");
bool hasPermissionToken = validatedKeyApp != null && validatedKeyApp.AuthStatus.Equals("Success");

if (!hasPermission)

if (!hasPermission && !hasAdminPermission && !hasPermissionToken)
{
_context.Vtex.Logger.Warn("IsValidAuthUser", null, "User Does Not Have Permission");

return false;
}

if(hasPermission) {
if (hasPermission || hasAdminPermission || hasPermissionToken) {

bool wasRemoved = false;
IList<ListItem> listItemsToSave = null;
Expand Down

0 comments on commit 4a7242e

Please sign in to comment.