From d1ba1260d7990b54539370974c92b2b03dab2047 Mon Sep 17 00:00:00 2001 From: Andreas Isnes Date: Mon, 12 Aug 2024 10:30:46 +0200 Subject: [PATCH] debug --- .../Services/Interfaces/ISingleRightsService.cs | 2 +- .../Services/SingleRightsService.cs | 12 ++++++------ .../Controllers/RightsInternalController.cs | 7 ++++--- .../Controllers/RightsInternalControllerTest.cs | 2 +- .../CustomWebApplicationFactory.cs | 1 + .../Mocks/AltinnRolesClientMock.cs | 8 ++++---- .../Mocks/PepWithPDPAuthorizationMock.cs | 2 +- .../Mocks/PolicyFactoryMock.cs | 6 ++++-- .../Mocks/PolicyRepositoryMock.cs | 3 +-- .../Utils/TestDataUtil.cs | 8 +------- 10 files changed, 24 insertions(+), 27 deletions(-) diff --git a/src/Altinn.AccessManagement.Core/Services/Interfaces/ISingleRightsService.cs b/src/Altinn.AccessManagement.Core/Services/Interfaces/ISingleRightsService.cs index afba3a410..27433a00a 100644 --- a/src/Altinn.AccessManagement.Core/Services/Interfaces/ISingleRightsService.cs +++ b/src/Altinn.AccessManagement.Core/Services/Interfaces/ISingleRightsService.cs @@ -24,7 +24,7 @@ public interface ISingleRightsService /// The authentication level of the authenticated user performing the delegation /// The delegation /// The result of the delegation - public Task DelegateRights(int authenticatedUserId, int authenticatedUserAuthlevel, DelegationLookup delegation); + public Task DelegateRights(int authenticatedUserId, int authenticatedUserAuthlevel, DelegationLookup delegation, CancellationToken cancellationToken = default); /// /// Gets all offered single rights delegations for a reportee diff --git a/src/Altinn.AccessManagement.Core/Services/SingleRightsService.cs b/src/Altinn.AccessManagement.Core/Services/SingleRightsService.cs index b2083125f..f71418a9d 100644 --- a/src/Altinn.AccessManagement.Core/Services/SingleRightsService.cs +++ b/src/Altinn.AccessManagement.Core/Services/SingleRightsService.cs @@ -104,7 +104,7 @@ public async Task RightsDelegationCheck(int authenticat } /// - public async Task DelegateRights(int authenticatedUserId, int authenticatedUserAuthlevel, DelegationLookup delegation) + public async Task DelegateRights(int authenticatedUserId, int authenticatedUserAuthlevel, DelegationLookup delegation, CancellationToken cancellationToken = default) { (DelegationActionResult result, ServiceResource resource, Party fromParty, List to) = await ValidateDelegationLookupModel(DelegationActionType.Delegation, delegation, authenticatedUserId); if (!result.IsValid) @@ -125,7 +125,7 @@ public async Task DelegateRights(int authenticatedUserId // Verify authenticated users delegable rights RightsQuery rightsQuery = RightsHelper.GetRightsQuery(authenticatedUserId, fromParty.PartyId, resourceRegistryId, org, app); - List usersDelegableRights = await _pip.GetRights(rightsQuery, getDelegableRights: true); + List usersDelegableRights = await _pip.GetRights(rightsQuery, getDelegableRights: true, cancellationToken: cancellationToken); if (usersDelegableRights == null || usersDelegableRights.Count == 0) { result.Errors.Add("right[0].Resource", $"Authenticated user does not have any delegable rights for the resource: {resourceRegistryId}"); @@ -187,7 +187,7 @@ public async Task RevokeRightsDelegation(int authentic { return assertion; } - + var fromAttribute = await _resolver.Resolve(delegation.From, [AltinnXacmlConstants.MatchAttributeIdentifiers.PartyAttribute], cancellationToken); var toAttribute = await _resolver.Resolve(delegation.To, Urn.Altinn2InternalIds, cancellationToken); @@ -395,7 +395,7 @@ private ValidationProblemDetails AssertRevokeDelegationInput(DelegationLookup de else if (DelegationHelper.TryGetSingleAttributeMatchValue(delegation.To, AltinnXacmlConstants.MatchAttributeIdentifiers.SystemUserUuid, out string toSystemUserUuidAttrValue)) { toSystemUser = await _contextRetrievalService.GetSystemUserById(fromParty.PartyId, toSystemUserUuidAttrValue); - + if (toSystemUser == null) { result.Errors.Add("To", $"The provided To attribute value could not be found as a valid systemuser."); @@ -421,14 +421,14 @@ private ValidationProblemDetails AssertRevokeDelegationInput(DelegationLookup de result.Errors.Add("To", $"A distinct recipient party for the delegation, could not be identified by the supplied attributes. A recipient can be identified by either a single {AltinnXacmlConstants.MatchAttributeIdentifiers.OrganizationNumberAttribute} or {AltinnXacmlConstants.MatchAttributeIdentifiers.EnterpriseUserName} attribute, or a combination of {AltinnXacmlConstants.MatchAttributeIdentifiers.PersonId} and {AltinnXacmlConstants.MatchAttributeIdentifiers.PersonLastName} attributes, {AltinnXacmlConstants.MatchAttributeIdentifiers.PersonUserName} and {AltinnXacmlConstants.MatchAttributeIdentifiers.PersonLastName} attributes or {AltinnXacmlConstants.MatchAttributeIdentifiers.SystemUserUuid} attribute."); return (result, resource, null, null); } - + // Verify delegation From and To is not the same party (with exception for Altinn 2 Enterprise users) if (fromParty.PartyId == toParty?.PartyId || (toUser != null && fromParty.PartyId == toUser.PartyId && toUser.Party.PartyTypeName != PartyType.Organisation)) { result.Errors.Add("To", $"The From party and the To recipient are the same. Self-delegation is not supported as it serves no purpose."); return (result, resource, null, null); } - + // Build To AttributeMatch to be used for the delegation rules List to = new List(); if (toParty != null) diff --git a/src/Altinn.AccessManagement/Controllers/RightsInternalController.cs b/src/Altinn.AccessManagement/Controllers/RightsInternalController.cs index 673e9dfb3..a94d19684 100644 --- a/src/Altinn.AccessManagement/Controllers/RightsInternalController.cs +++ b/src/Altinn.AccessManagement/Controllers/RightsInternalController.cs @@ -178,6 +178,7 @@ public async Task>> Delega /// /// The reportee party /// Request model for rights delegation + /// CancellationToken /// Ok /// Bad Request /// Unauthorized @@ -194,7 +195,7 @@ public async Task>> Delega [ProducesResponseType(403)] [ProducesResponseType(500)] [FeatureGate(FeatureFlags.RightsDelegationApi)] - public async Task> Delegation([FromRoute] string party, [FromBody] RightsDelegationRequestExternal rightsDelegationRequest) + public async Task> Delegation([FromRoute] string party, [FromBody] RightsDelegationRequestExternal rightsDelegationRequest, CancellationToken cancellationToken) { int authenticatedUserId = AuthenticationHelper.GetUserId(HttpContext); int authenticationLevel = AuthenticationHelper.GetUserAuthenticationLevel(HttpContext); @@ -206,7 +207,7 @@ public async Task> Delegation([Fr DelegationLookup rightsDelegationRequestInternal = _mapper.Map(rightsDelegationRequest); rightsDelegationRequestInternal.From = reportee.SingleToList(); - DelegationActionResult delegationResultInternal = await _rights.DelegateRights(authenticatedUserId, authenticationLevel, rightsDelegationRequestInternal); + DelegationActionResult delegationResultInternal = await _rights.DelegateRights(authenticatedUserId, authenticationLevel, rightsDelegationRequestInternal, cancellationToken); if (!delegationResultInternal.IsValid) { foreach (var error in delegationResultInternal.Errors) @@ -418,4 +419,4 @@ public async Task ClearAccessCache([FromRoute] int party, [FromBo return Ok(); } } -} +} \ No newline at end of file diff --git a/test/Altinn.AccessManagement.Tests/Controllers/RightsInternalControllerTest.cs b/test/Altinn.AccessManagement.Tests/Controllers/RightsInternalControllerTest.cs index 997fdb683..c5f2a5608 100644 --- a/test/Altinn.AccessManagement.Tests/Controllers/RightsInternalControllerTest.cs +++ b/test/Altinn.AccessManagement.Tests/Controllers/RightsInternalControllerTest.cs @@ -1632,4 +1632,4 @@ private static StreamContent GetRightsDelegationContent(string resourceId, strin return content; } } -} +} \ No newline at end of file diff --git a/test/Altinn.AccessManagement.Tests/CustomWebApplicationFactory.cs b/test/Altinn.AccessManagement.Tests/CustomWebApplicationFactory.cs index 611885a92..0281f8d97 100644 --- a/test/Altinn.AccessManagement.Tests/CustomWebApplicationFactory.cs +++ b/test/Altinn.AccessManagement.Tests/CustomWebApplicationFactory.cs @@ -28,6 +28,7 @@ protected override void ConfigureWebHost(IWebHostBuilder builder) builder.ConfigureLogging((ctx, logging) => { logging.ClearProviders(); + logging.AddConsole(); }); } } diff --git a/test/Altinn.AccessManagement.Tests/Mocks/AltinnRolesClientMock.cs b/test/Altinn.AccessManagement.Tests/Mocks/AltinnRolesClientMock.cs index 8fbcc85cc..e23401c72 100644 --- a/test/Altinn.AccessManagement.Tests/Mocks/AltinnRolesClientMock.cs +++ b/test/Altinn.AccessManagement.Tests/Mocks/AltinnRolesClientMock.cs @@ -26,7 +26,7 @@ public AltinnRolesClientMock() } /// - public async Task> GetDecisionPointRolesForUser(int coveredByUserId, int offeredByPartyId, CancellationToken cancellationToken) + public async Task> GetDecisionPointRolesForUser(int coveredByUserId, int offeredByPartyId, CancellationToken cancellationToken = default) { List roles = new List(); string rolesPath = GetRolesPath(coveredByUserId, offeredByPartyId); @@ -40,7 +40,7 @@ public async Task> GetDecisionPointRolesForUser(int coveredByUserId, } /// - public async Task> GetRolesForDelegation(int coveredByUserId, int offeredByPartyId, CancellationToken cancellationToken) + public async Task> GetRolesForDelegation(int coveredByUserId, int offeredByPartyId, CancellationToken cancellationToken = default) { List roles = new List(); string rolesPath = GetRolesForDelegationPath(coveredByUserId, offeredByPartyId); @@ -54,12 +54,12 @@ public async Task> GetRolesForDelegation(int coveredByUserId, int off } /// - public async Task> GetAuthorizedPartiesWithRoles(int userId, CancellationToken cancellationToken) + public async Task> GetAuthorizedPartiesWithRoles(int userId, CancellationToken cancellationToken = default) { string authorizedPartiesPath = GetAltinn2AuthorizedPartiesWithRolesPath(userId); if (File.Exists(authorizedPartiesPath)) { - string content = await File.ReadAllTextAsync(authorizedPartiesPath, cancellationToken); + string content = await File.ReadAllTextAsync(authorizedPartiesPath); List bridgeAuthParties = (List)JsonSerializer.Deserialize(content, typeof(List), jsonOptions); return bridgeAuthParties.Select(sblAuthorizedParty => new AuthorizedParty(sblAuthorizedParty)).ToList(); } diff --git a/test/Altinn.AccessManagement.Tests/Mocks/PepWithPDPAuthorizationMock.cs b/test/Altinn.AccessManagement.Tests/Mocks/PepWithPDPAuthorizationMock.cs index 1b44cf972..82529bbf3 100644 --- a/test/Altinn.AccessManagement.Tests/Mocks/PepWithPDPAuthorizationMock.cs +++ b/test/Altinn.AccessManagement.Tests/Mocks/PepWithPDPAuthorizationMock.cs @@ -445,4 +445,4 @@ private Instance GetTestInstance(string instanceId) } #pragma warning restore SA1600 // ElementsMustBeDocumented -} +} \ No newline at end of file diff --git a/test/Altinn.AccessManagement.Tests/Mocks/PolicyFactoryMock.cs b/test/Altinn.AccessManagement.Tests/Mocks/PolicyFactoryMock.cs index af20c0d2a..a2d52aaa7 100644 --- a/test/Altinn.AccessManagement.Tests/Mocks/PolicyFactoryMock.cs +++ b/test/Altinn.AccessManagement.Tests/Mocks/PolicyFactoryMock.cs @@ -7,15 +7,17 @@ namespace Altinn.AccessManagement.Tests.Mocks; /// public class PolicyFactoryMock(ILogger logger) : IPolicyFactory { + private ILogger Logger { get; } = logger; + /// public IPolicyRepository Create(PolicyAccountType account, string filepath) { - return new PolicyRepositoryMock(filepath, logger); + return new PolicyRepositoryMock(filepath, Logger); } /// public IPolicyRepository Create(string filepath) { - return new PolicyRepositoryMock(filepath, logger); + return new PolicyRepositoryMock(filepath, Logger); } } \ No newline at end of file diff --git a/test/Altinn.AccessManagement.Tests/Mocks/PolicyRepositoryMock.cs b/test/Altinn.AccessManagement.Tests/Mocks/PolicyRepositoryMock.cs index 322d75049..862048273 100644 --- a/test/Altinn.AccessManagement.Tests/Mocks/PolicyRepositoryMock.cs +++ b/test/Altinn.AccessManagement.Tests/Mocks/PolicyRepositoryMock.cs @@ -90,7 +90,6 @@ public Task PolicyExistsAsync(CancellationToken cancellationToken = defaul private static string GetDataOutputBlobPath() { return Path.Join(Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location), "Data", "blobs", "output"); - } private static string GetDataInputBlobPath() @@ -140,4 +139,4 @@ private static async Task> WriteStreamToTestDataFolder return mockResponse.Object; } } -} +} \ No newline at end of file diff --git a/test/Altinn.AccessManagement.Tests/Utils/TestDataUtil.cs b/test/Altinn.AccessManagement.Tests/Utils/TestDataUtil.cs index 0f3b9338e..7731c5ae2 100644 --- a/test/Altinn.AccessManagement.Tests/Utils/TestDataUtil.cs +++ b/test/Altinn.AccessManagement.Tests/Utils/TestDataUtil.cs @@ -540,11 +540,5 @@ private static string GetPartiesPath() string unitTestFolder = Path.GetDirectoryName(new Uri(typeof(PartiesClientMock).Assembly.Location).LocalPath); return Path.Combine(unitTestFolder, "Data", "Parties"); } - - private static string GetResourcesPath() - { - string unitTestFolder = Path.GetDirectoryName(new Uri(typeof(DelegationsControllerTest).Assembly.Location).LocalPath); - return Path.Combine(unitTestFolder, "..", "..", "..", "Data", "Resources"); - } } -} +} \ No newline at end of file