From 058db04d89c04a079283d95848029c6e66f98a64 Mon Sep 17 00:00:00 2001
From: Omid Marfavi <21163286+marfavi@users.noreply.github.com>
Date: Tue, 12 Dec 2023 08:35:59 +0100
Subject: [PATCH] Removed public product listing endpoint (#240)

Refactored product retrieval by removing the public listing feature and enforcing authentication. Any unauthenticated access will now result in a 401 Unauthorized response.

Resolves #239
---
 .../Services/v2/IProductService.cs            |  1 -
 .../Services/v2/ProductService.cs             |  5 -----
 .../Controllers/v2/ProductsController.cs      | 21 +++++--------------
 3 files changed, 5 insertions(+), 22 deletions(-)

diff --git a/coffeecard/CoffeeCard.Library/Services/v2/IProductService.cs b/coffeecard/CoffeeCard.Library/Services/v2/IProductService.cs
index e9382074..4249bdbb 100644
--- a/coffeecard/CoffeeCard.Library/Services/v2/IProductService.cs
+++ b/coffeecard/CoffeeCard.Library/Services/v2/IProductService.cs
@@ -8,7 +8,6 @@ namespace CoffeeCard.Library.Services.v2
 {
     public interface IProductService : IDisposable
     {
-        Task<IEnumerable<Product>> GetPublicProductsAsync();
         Task<IEnumerable<Product>> GetProductsForUserAsync(User user);
         Task<Product> GetProductAsync(int productId);
         Task<ChangedProductResponse> AddProduct(AddProductRequest product);
diff --git a/coffeecard/CoffeeCard.Library/Services/v2/ProductService.cs b/coffeecard/CoffeeCard.Library/Services/v2/ProductService.cs
index e1e471ce..f03e88ad 100644
--- a/coffeecard/CoffeeCard.Library/Services/v2/ProductService.cs
+++ b/coffeecard/CoffeeCard.Library/Services/v2/ProductService.cs
@@ -21,11 +21,6 @@ public ProductService(CoffeeCardContext context)
             _context = context;
         }
 
-        public async Task<IEnumerable<Product>> GetPublicProductsAsync()
-        {
-            return await GetProductsAsync(UserGroup.Customer);
-        }
-
         public async Task<IEnumerable<Product>> GetProductsForUserAsync(User user)
         {
             return await GetProductsAsync(user.UserGroup);
diff --git a/coffeecard/CoffeeCard.WebApi/Controllers/v2/ProductsController.cs b/coffeecard/CoffeeCard.WebApi/Controllers/v2/ProductsController.cs
index 1e1fbe7e..c8c8f7c5 100644
--- a/coffeecard/CoffeeCard.WebApi/Controllers/v2/ProductsController.cs
+++ b/coffeecard/CoffeeCard.WebApi/Controllers/v2/ProductsController.cs
@@ -66,29 +66,18 @@ public async Task<IActionResult> UpdateProduct(UpdateProductRequest product)
         }
 
         /// <summary>
-        /// Returns a list of available products based on a account's user group
+        /// Returns a list of available products based on a account's user group.
         /// </summary>
         /// <returns>List of available products</returns>
         /// <response code="200">Successful request</response>
+        /// <response code="401">Invalid credentials</response>
         [HttpGet]
-        [AllowAnonymous]
         [ProducesResponseType(typeof(IEnumerable<ProductResponse>), StatusCodes.Status200OK)]
+        [ProducesResponseType(typeof(void), StatusCodes.Status401Unauthorized)]
         public async Task<ActionResult<IEnumerable<ProductResponse>>> GetProducts()
         {
-            IEnumerable<Product> products;
-            try
-            {
-                // Try find user from potential login token
-                var user = await _claimsUtilities.ValidateAndReturnUserFromClaimAsync(User.Claims);
-                products = await _productService.GetProductsForUserAsync(user);
-            }
-            catch (ApiException)
-            {
-                // No token found, retrieve customer products
-                products = await _productService.GetPublicProductsAsync();
-            }
-
-
+            var user = await _claimsUtilities.ValidateAndReturnUserFromClaimAsync(User.Claims);
+            var products = await _productService.GetProductsForUserAsync(user);
             return Ok(products.Select(MapProductToDto).ToList());
         }