From f229d88bd744bc5253b5d3db69ae5ef22d014230 Mon Sep 17 00:00:00 2001
From: Jamie <tidusjar@gmail.com>
Date: Fri, 13 Jan 2023 20:47:07 +0000
Subject: [PATCH] fix(#4847): Invalid Discord request fixed, also fixed an
 issue where App Only users would not show as logged in on the user management
 page (#4848)

---
 .../Agents/DiscordNotification.cs             |   2 +-
 .../Middlewear/ApiKeyMiddlewearTests.cs       | 101 ++++++++++++++++++
 src/Ombi.Tests/Ombi.Tests.csproj              |   2 +
 src/Ombi/Middleware/ApiKeyMiddlewear.cs       |   6 +-
 4 files changed, 108 insertions(+), 3 deletions(-)
 create mode 100644 src/Ombi.Tests/Middlewear/ApiKeyMiddlewearTests.cs

diff --git a/src/Ombi.Notifications/Agents/DiscordNotification.cs b/src/Ombi.Notifications/Agents/DiscordNotification.cs
index ae344116f..a1619de69 100644
--- a/src/Ombi.Notifications/Agents/DiscordNotification.cs
+++ b/src/Ombi.Notifications/Agents/DiscordNotification.cs
@@ -107,7 +107,7 @@ namespace Ombi.Notifications.Agents
                 var discordBody = new DiscordWebhookBody
                 {
                     content = model.Message,
-                    username = settings.Username,
+                    username = settings.Username ?? "Ombi",
                 };
 
                 var fields = new List<DiscordField>();
diff --git a/src/Ombi.Tests/Middlewear/ApiKeyMiddlewearTests.cs b/src/Ombi.Tests/Middlewear/ApiKeyMiddlewearTests.cs
new file mode 100644
index 000000000..576899476
--- /dev/null
+++ b/src/Ombi.Tests/Middlewear/ApiKeyMiddlewearTests.cs
@@ -0,0 +1,101 @@
+using Microsoft.AspNetCore.Http;
+using Moq;
+using Moq.AutoMock;
+using NUnit.Framework;
+using NUnit.Framework.Constraints;
+using Ombi.Core.Authentication;
+using Ombi.Test.Common;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Text;
+using System.Threading.Tasks;
+
+namespace Ombi.Tests.Middlewear
+{
+    [TestFixture]
+    public class ApiKeyMiddlewearTests
+    {
+        private AutoMocker _mocker;
+        private ApiKeyMiddlewear _subject;
+        private Mock<IServiceProvider> _serviceProviderMock;
+
+        [SetUp]
+        public void Setup()
+        {
+            _mocker = new AutoMocker();
+            _serviceProviderMock = new Mock<IServiceProvider>();
+            _mocker.Use(_serviceProviderMock);
+            _subject = _mocker.CreateInstance<ApiKeyMiddlewear>();
+        }
+
+        [Test]
+        public async Task NonApiAccess()
+        {
+            var context = GetContext();
+            context.Request.Path = "/notanapi";
+            await _subject.Invoke(context);
+
+            _mocker.Verify<IServiceProvider>(x => x.GetService(It.IsAny<Type>()), Times.Never);
+        }
+
+        [Test]
+        public async Task ValidateUserAccessToken()
+        {
+            var context = GetContext();
+            context.Request.Path = "/api";
+            context.Request.Headers.Add("UserAccessToken", new Microsoft.Extensions.Primitives.StringValues("test"));
+            var user = new Store.Entities.OmbiUser
+            {
+                UserAccessToken = "test",
+                UserName = "unit test"
+            };
+            var umMock = MockHelper.MockUserManager(new List<Store.Entities.OmbiUser>
+            {
+               user
+            });
+            umMock.Setup(x => x.GetRolesAsync(user)).ReturnsAsync(new List<string> { "Admin" });
+            _mocker.Setup<IServiceProvider, object?>(x => x.GetService(typeof(OmbiUserManager)))
+                .Returns(umMock.Object);
+
+
+            await _subject.Invoke(context);
+
+            _mocker.Verify<IServiceProvider>(x => x.GetService(It.IsAny<Type>()), Times.Once);
+            umMock.Verify(x => x.UpdateAsync(user), Times.Once);
+        }
+
+        [Test]
+        public async Task ValidateUserAccessToken_Token_Invalid()
+        {
+            var context = GetContext();
+            context.Request.Path = "/api";
+            context.Request.Headers.Add("UserAccessToken", new Microsoft.Extensions.Primitives.StringValues("invalid"));
+            var user = new Store.Entities.OmbiUser
+            {
+                UserAccessToken = "test",
+                UserName = "unit test"
+            };
+            var umMock = MockHelper.MockUserManager(new List<Store.Entities.OmbiUser>
+            {
+               user
+            });
+            umMock.Setup(x => x.GetRolesAsync(user)).ReturnsAsync(new List<string> { "Admin" });
+            _mocker.Setup<IServiceProvider, object?>(x => x.GetService(typeof(OmbiUserManager)))
+                .Returns(umMock.Object);
+
+
+            await _subject.Invoke(context);
+
+            Assert.That(context.Response.StatusCode, Is.EqualTo(401));
+            umMock.Verify(x => x.UpdateAsync(user), Times.Never);
+        }
+
+        private HttpContext GetContext()
+        {
+            var context = new DefaultHttpContext();
+            context.RequestServices = _serviceProviderMock.Object;
+            return context;
+        }
+    }
+}
diff --git a/src/Ombi.Tests/Ombi.Tests.csproj b/src/Ombi.Tests/Ombi.Tests.csproj
index ce3b45533..77e1769f9 100644
--- a/src/Ombi.Tests/Ombi.Tests.csproj
+++ b/src/Ombi.Tests/Ombi.Tests.csproj
@@ -9,6 +9,7 @@
   <ItemGroup>
     <PackageReference Include="Microsoft.AspNetCore.TestHost" Version="6.0.9" />
     <PackageReference Include="Moq" Version="4.18.2" />
+    <PackageReference Include="Moq.AutoMock" Version="3.4.0" />
     <PackageReference Include="Nunit" Version="3.13.3" />
     <PackageReference Include="Hangfire" Version="1.7.31" />
     <PackageReference Include="NUnit.ConsoleRunner" Version="3.15.2" />
@@ -18,6 +19,7 @@
   </ItemGroup>
 
   <ItemGroup>
+    <ProjectReference Include="..\Ombi.Test.Common\Ombi.Test.Common.csproj" />
     <ProjectReference Include="..\Ombi\Ombi.csproj" />
   </ItemGroup>
 
diff --git a/src/Ombi/Middleware/ApiKeyMiddlewear.cs b/src/Ombi/Middleware/ApiKeyMiddlewear.cs
index 0efe5b860..d5e011509 100644
--- a/src/Ombi/Middleware/ApiKeyMiddlewear.cs
+++ b/src/Ombi/Middleware/ApiKeyMiddlewear.cs
@@ -57,7 +57,7 @@ namespace Ombi
             }
         }
 
-        private async Task ValidateUserAccessToken(HttpContext context, RequestDelegate next, string key)
+        private static async Task ValidateUserAccessToken(HttpContext context, RequestDelegate next, string key)
         {
             if (string.IsNullOrEmpty(key))
             {
@@ -74,11 +74,13 @@ namespace Ombi
             }
             else
             {
-
                 var identity = new GenericIdentity(user.UserName);
                 var roles = await um.GetRolesAsync(user);
                 var principal = new GenericPrincipal(identity, roles.ToArray());
                 context.User = principal;
+                user.LastLoggedIn = DateTime.UtcNow;
+                await um.UpdateAsync(user);
+
                 await next.Invoke(context);
             }
         }