I am assigned a task on my job to make a script that calls an API endpoint every hour or so. the API is supposed to check failed payments to see if they have succeeded.
namespace MVCProject.Areas.Admin
// this is not the real code it is a recreated dummy one meant to represent the code. I don't have //access to the original code, I only created this to recreate the API to be called in the real //code!
{
[Area("Admin")]
[Authorize]
public class PaymentController : Controller
{
[HttpGet]
public async Task<ActionResult<MessageCode>> Check()
{
int status = CustomRandomNumberGenerator.GenerateRandomNumber();
string description = status == 1 ? "Payment Settled!" : "Payment Unsettled!";
MessageCode message = new MessageCode()
{
Time = DateTime.Now,
State = status,
Description = description
};
return Ok(message);
}
}
}
I proposed to use a .NET service worker. with the following ExecuteAsync() Services and all injected.
protected override async Task ExecuteAsync(CancellationToken stoppingToken)
{
while (!stoppingToken.IsCancellationRequested)
{
await LoginAndGetCookieAsync(); // getting over here is the problem
var response = await _httpClient.GetAsync(_requestURL);
var responseJson = await response.Content.ReadAsStringAsync();
var responseObject = JsonSerializer.Deserialize<MessageCode>(responseJson);
if (responseObject != null)
{
_logger.LogInformation(@"Payment check: {0}", responseObject.ToString());
}
else
{
_logger.LogInformation("Payment service is down!");
}
await Task.Delay(5000, stoppingToken); // Wait for 5 seconds
}
}
the trouble is the aforementioned API is within an asp.NET core MVC project with the individual accounts authentication option picked when the API was created(Identity Razor pages was later scaffolded to gain access to the pages) It obviously was not programmed with automation in mind! I’m unable to change the original check API. I only have access to (https://APIdomain.com/Identity/Account/Login) which is not really meant to be called by a worker. my boss is insistent not to change the outsourced API to a token based scheme or to include the worker in the Original API calling the internal service directly to make it self-running skipping this whole mess, for the fear of it crashing. I was asked to do a demo project so the can mimic however I succeed in doing this.
Here is what I have tries so far with the LoginAndGetCookieAsync():
private async Task LoginAndGetTokensAsync()
{
// first i tried to pass user and password in the form of JSON got 400(BadRequest)
Input input = new Input()
{
Email = _email,
Password = _password
};
var jsonInput = JsonSerializer.Serialize(input);
var loginResponse = await _httpClient.PostAsync(_loginURL, new StringContent(jsonInput, Encoding.UTF8, "application/json"));
//then GPT 3.5 told me to try this resulted a 400 again! like due to my poor understanding
//of how the API is really ment to be called
var content = new FormUrlEncodedContent(new Dictionary<string, string>
{
{ "Input.Email", "[email protected]" },
{ "Input.Password", "P@rs6!" },
{ "Input.RememberMe", "false" }
});
var loginResponse = await _httpClient.PostAsync(_loginURL, content);
if (loginResponse.StatusCode == HttpStatusCode.Found)
{
var loginJson = await loginResponse.Content.ReadAsStringAsync();
try
{
var loginResult = JsonSerializer.Deserialize<CookieResponse>(loginJson);
var cookie = loginResult?._RequestVerificationToken ?? "";
_logger.LogInformation(cookie);
}
catch (JsonException ex)
{
_logger.LogError(ex, "Error deserializing JSON response in LoginAndGetTokensAsync");
}
}
else
{
_logger.LogError("Failed to login. Status code: {0}", loginResponse.StatusCode);
}
}
how do I decipher the Login endpoint to make it return a cookie enabling me to use it in my _httpclient using This question ? should I? (even a hint would be appreciated.) Or should I convince my boss to change the original API and risk crashing it because it was not written with automation in mind.
if anybody wants to take a look at my demo code they are available at : WorkerProject and MVCProject
7