C
C#13mo ago
h

✅ Endpoint returns 400 when I add authorization code, works correctly without

Here is the authorization code: 
    public class UpdateUserAuthorizationHandler : AuthorizationHandler<UpdateUserRequirement>
    {
        private readonly IHttpContextAccessor _httpContextAccessor;
        private readonly UserService _userService;
        private readonly IMapper _mapper;

        public UpdateUserAuthorizationHandler(IHttpContextAccessor httpContextAccessor, UserService userService, IMapper mapper)
        {
            _httpContextAccessor = httpContextAccessor;
            _userService = userService;
            _mapper = mapper;
        }

        protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, UpdateUserRequirement requirement)
        {
            if (!context.User.Identity.IsAuthenticated)
            {
                throw new InvalidTokenException("access");
            }

            var userId = int.Parse(context.User.Claims.First(c => c.Type == "id").Value);

            var httpContext = _httpContextAccessor.HttpContext;
            var bodyData = string.Empty;
            using (var reader = new StreamReader(httpContext.Request.Body, Encoding.UTF8))
            {
                bodyData = await reader.ReadToEndAsync();
            }
            var options = new JsonSerializerOptions
            {
                PropertyNameCaseInsensitive = true
            };
            var userDto = JsonSerializer.Deserialize<UserDTO>(bodyData, options);
            var targetUser = await _userService.GetUserById(userDto.Id);

            if (targetUser != null && targetUser.Id == userId)
            {
                context.Succeed(requirement);
            }
            else
            {
                throw new UnauthorizedActionException(userId);
            }
        }
    }
    public class UpdateUserAuthorizationHandler : AuthorizationHandler<UpdateUserRequirement>
    {
        private readonly IHttpContextAccessor _httpContextAccessor;
        private readonly UserService _userService;
        private readonly IMapper _mapper;

        public UpdateUserAuthorizationHandler(IHttpContextAccessor httpContextAccessor, UserService userService, IMapper mapper)
        {
            _httpContextAccessor = httpContextAccessor;
            _userService = userService;
            _mapper = mapper;
        }

        protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, UpdateUserRequirement requirement)
        {
            if (!context.User.Identity.IsAuthenticated)
            {
                throw new InvalidTokenException("access");
            }

            var userId = int.Parse(context.User.Claims.First(c => c.Type == "id").Value);

            var httpContext = _httpContextAccessor.HttpContext;
            var bodyData = string.Empty;
            using (var reader = new StreamReader(httpContext.Request.Body, Encoding.UTF8))
            {
                bodyData = await reader.ReadToEndAsync();
            }
            var options = new JsonSerializerOptions
            {
                PropertyNameCaseInsensitive = true
            };
            var userDto = JsonSerializer.Deserialize<UserDTO>(bodyData, options);
            var targetUser = await _userService.GetUserById(userDto.Id);

            if (targetUser != null && targetUser.Id == userId)
            {
                context.Succeed(requirement);
            }
            else
            {
                throw new UnauthorizedActionException(userId);
            }
        }
    }
9 Replies
h
h13mo ago
Here is the failing controller: 
        /// <summary>
        /// Update user
        /// </summary>
        [HttpPut]
        [Authorize(Policy = "UpdateUserPolicy")]
        public async Task<IActionResult> Put([FromBody] UserDTO user)
        {
            await _userService.UpdateUser(user);
            return NoContent();
        }
        /// <summary>
        /// Update user
        /// </summary>
        [HttpPut]
        [Authorize(Policy = "UpdateUserPolicy")]
        public async Task<IActionResult> Put([FromBody] UserDTO user)
        {
            await _userService.UpdateUser(user);
            return NoContent();
        }
The request I am giving to the controller: 
{
  "id": 22,
  "avatar": "https://i.gyazo.com/image.jpg",
  "email": "email@email.com",
  "userName": "abc"
}
{
  "id": 22,
  "avatar": "https://i.gyazo.com/image.jpg",
  "email": "email@email.com",
  "userName": "abc"
}
Error: 
{
  "type": "https://tools.ietf.org/html/rfc7231#section-6.5.1",
  "title": "One or more validation errors occurred.",
  "status": 400,
  "traceId": "00-8cf778e26725b04bcee8ca370880e523-c5bc015a9dbf7254-00",
  "errors": {
    "$": [
      "The input does not contain any JSON tokens. Expected the input to start with a valid JSON token, when isFinalBlock is true. Path: $ | LineNumber: 0 | BytePositionInLine: 0."
    ]
  }
}
{
  "type": "https://tools.ietf.org/html/rfc7231#section-6.5.1",
  "title": "One or more validation errors occurred.",
  "status": 400,
  "traceId": "00-8cf778e26725b04bcee8ca370880e523-c5bc015a9dbf7254-00",
  "errors": {
    "$": [
      "The input does not contain any JSON tokens. Expected the input to start with a valid JSON token, when isFinalBlock is true. Path: $ | LineNumber: 0 | BytePositionInLine: 0."
    ]
  }
}
Expected response is 204 No Content and the user getting updated
Sossenbinder
Sossenbinder13mo ago
Did you debug the authorization code ahead of the json deserializer?
h
h13mo ago
yes, it works
Wz
Wz13mo ago
You consumed the stream, so the controller has an empty body to read
Sossenbinder
Sossenbinder13mo ago
Oh, indeed!
h
h13mo ago
thanks, but how do i write the stream back? or do i have to use a different method of retrieving the body?
Sossenbinder
Sossenbinder13mo ago
You need to use requestbuffering
Sossenbinder
Sossenbinder13mo ago
https://devblogs.microsoft.com/dotnet/re-reading-asp-net-core-request-bodies-with-enablebuffering/
Jeremy Caney
.NET Blog
Re-reading ASP.Net Core request bodies with EnableBuffering() - .NE...
This post describes the EnableBuffering() extension method which enable re-reading of ASP.NET Core request body.
Accord
Accord12mo ago
Was this issue resolved? If so, run /close - otherwise I will mark this as stale and this post will be archived until there is new activity.
Want results from more Discord servers?
Add your server
More Posts
❔ How to return a generic interface whose only parameter is determined on runtime?So, I've got this code, it doesn't compile but it clarifies what I want to do: ```csharp private❔ VS 2022 Hot Reload disabledHi everyone! I study Blazor right now and I don't understand why Hot Reload is not available.✅ Detect holding mouse from in and outside the formthis here https://stackoverflow.com/questions/49068445/c-sharp-detect-mouse-clicks-anywhere-inside-a❔ entry point in dll instead of applicationhi, how can i put an entry point that runs from a linked dll instead of the application? id like for❔ [RabbitMQ][RabbitMq.Client] Low consuming rate.Have anybody worked with RabbitMQ.Client ? I have this connection factory ```cs .AddSingleton<IAs❔ Scrape with HtmlAgilityPackHi. I'm trying to get the values on line 5 and 14. I've tried to get the span by class. However th❔ C# Inheritance Topic Question Mostly about base constructorsHello! I just had some question regarding C# inheritance. So far, I have a few questions regarding o❔ Implement supabase storageCan someone help pls?❔ ErklärungFirst of all: I am new to programming. i want to only write nummers in a array that are greater the❔ Formatting braces in Visual StudioHello, for anyone coding using Visual Studio 2022, I'm having an annoying problem with the cursor pl