diff --git a/src/Altinn.Broker.API/Controllers/FileTransferController.cs b/src/Altinn.Broker.API/Controllers/FileTransferController.cs index afa3c6ae..b7305a85 100644 --- a/src/Altinn.Broker.API/Controllers/FileTransferController.cs +++ b/src/Altinn.Broker.API/Controllers/FileTransferController.cs @@ -45,7 +45,7 @@ public async Task> InitializeFileTransfer(FileTransferInitali logger.LogInformation("Initializing file transfer"); var commandRequest = InitializeFileTransferMapper.MapToRequest(initializeExt, token); - var commandResult = await handler.Process(commandRequest, cancellationToken); + var commandResult = await handler.Process(commandRequest, HttpContext.User, cancellationToken); return commandResult.Match( fileTransferId => Ok(new FileTransferInitializeResponseExt() { @@ -83,7 +83,7 @@ CancellationToken cancellationToken Token = token, UploadStream = Request.Body, ContentLength = Request.ContentLength.Value - }, cancellationToken); + }, HttpContext.User, cancellationToken); return commandResult.Match( fileTransferId => Ok(new FileTransferUploadResponseExt() { @@ -113,7 +113,7 @@ CancellationToken cancellationToken LogContextHelpers.EnrichLogsWithToken(token); logger.LogInformation("Initializing and uploading fileTransfer"); var initializeRequest = InitializeFileTransferMapper.MapToRequest(form.Metadata, token); - var initializeResult = await initializeFileTransferHandler.Process(initializeRequest, cancellationToken); + var initializeResult = await initializeFileTransferHandler.Process(initializeRequest, HttpContext.User, cancellationToken); if (initializeResult.IsT1) { Problem(initializeResult.AsT1); @@ -126,7 +126,7 @@ CancellationToken cancellationToken FileTransferId = fileTransferId, Token = token, UploadStream = Request.Body - }, cancellationToken); + }, HttpContext.User, cancellationToken); return uploadResult.Match( FileId => Ok(FileId.ToString()), Problem @@ -152,7 +152,7 @@ public async Task> GetFileTransferOverview { FileTransferId = fileTransferId, Token = token - }, cancellationToken); + }, HttpContext.User, cancellationToken); return queryResult.Match( result => Ok(FileTransferStatusOverviewExtMapper.MapToExternalModel(result.FileTransfer)), Problem @@ -178,7 +178,7 @@ public async Task> GetFileTransferDet { FileTransferId = fileTransferId, Token = token - }, cancellationToken); + }, HttpContext.User, cancellationToken); return queryResult.Match( result => Ok(FileTransferStatusDetailsExtMapper.MapToExternalModel(result.FileTransfer, result.FileTransferEvents, result.ActorEvents)), Problem @@ -212,7 +212,7 @@ public async Task>> GetFileTransfers( RecipientStatus = recipientStatus is not null ? (ActorFileTransferStatus)recipientStatus : null, From = from, To = to - }, cancellationToken); + }, HttpContext.User, cancellationToken); return queryResult.Match( Ok, Problem @@ -238,7 +238,7 @@ public async Task DownloadFile( { FileTransferId = fileTransferId, Token = token - }, cancellationToken); + }, HttpContext.User, cancellationToken); return queryResult.Match( result => File(result.DownloadStream, "application/octet-stream", result.FileName), Problem @@ -265,7 +265,7 @@ public async Task ConfirmDownload( FileTransferId = fileTransferId, Token = token }; - var proccessingFunction = new Func>>(() => handler.Process(requestData, cancellationToken)); + var proccessingFunction = new Func>>(() => handler.Process(requestData, HttpContext.User, cancellationToken)); var uniqueString = $"confirmDownload_{fileTransferId}_{token.Consumer}"; var commandResult = await IdempotencyEventHelper.ProcessEvent(uniqueString, proccessingFunction, idempotencyEventRepository, cancellationToken); return commandResult.Match( diff --git a/src/Altinn.Broker.API/Controllers/LegacyFileController.cs b/src/Altinn.Broker.API/Controllers/LegacyFileController.cs index 96127362..49835d4d 100644 --- a/src/Altinn.Broker.API/Controllers/LegacyFileController.cs +++ b/src/Altinn.Broker.API/Controllers/LegacyFileController.cs @@ -45,7 +45,7 @@ public async Task> InitializeFile(LegacyFileInitalizeExt init LogContextHelpers.EnrichLogsWithToken(legacyToken); logger.LogInformation("Legacy - Initializing file"); var commandRequest = LegacyInitializeFileMapper.MapToRequest(initializeExt, token); - var commandResult = await handler.Process(commandRequest, cancellationToken); + var commandResult = await handler.Process(commandRequest, HttpContext.User, cancellationToken); return commandResult.Match( fileId => Ok(fileId.ToString()), Problem @@ -78,7 +78,7 @@ CancellationToken cancellationToken Token = legacyToken, UploadStream = Request.Body, IsLegacy = true - }, cancellationToken); + }, HttpContext.User, cancellationToken); return commandResult.Match( fileId => Ok(fileId.ToString()), Problem @@ -107,7 +107,7 @@ public async Task> GetFileOverview( FileTransferId = fileId, Token = legacyToken, IsLegacy = true - }, cancellationToken); + }, HttpContext.User, cancellationToken); return queryResult.Match( result => Ok(LegacyFileStatusOverviewExtMapper.MapToExternalModel(result.FileTransfer)), Problem @@ -160,7 +160,7 @@ public async Task>> GetFiles( From = from, To = to, Recipients = recipients - }, cancellationToken); + }, HttpContext.User, cancellationToken); return queryResult.Match( Ok, Problem @@ -188,7 +188,7 @@ public async Task DownloadFile( FileTransferId = fileId, Token = legacyToken, IsLegacy = true - }, cancellationToken); + }, HttpContext.User, cancellationToken); return queryResult.Match( result => File(result.DownloadStream, "application/octet-stream", result.FileName), Problem @@ -216,7 +216,7 @@ public async Task ConfirmDownload( FileTransferId = fileId, Token = legacyToken, IsLegacy = true - }, cancellationToken); + }, HttpContext.User, cancellationToken); return commandResult.Match( Ok, Problem diff --git a/src/Altinn.Broker.API/Controllers/MalwareScanResultsController.cs b/src/Altinn.Broker.API/Controllers/MalwareScanResultsController.cs index 09bbc7d4..39607659 100644 --- a/src/Altinn.Broker.API/Controllers/MalwareScanResultsController.cs +++ b/src/Altinn.Broker.API/Controllers/MalwareScanResultsController.cs @@ -48,7 +48,7 @@ public async Task ProcessMalwareScanResult([FromServices] MalwareS { throw new InvalidOperationException("Failed to deserialize malware scan result data"); } - var processFunction = new Func>>(() => handler.Process(result, cancellationToken)); + var processFunction = new Func>>(() => handler.Process(result, null, cancellationToken)); var commandResult = await IdempotencyEventHelper.ProcessEvent(result.ETag, processFunction, idempotencyEventRepository, cancellationToken); return commandResult.Match( Ok, diff --git a/src/Altinn.Broker.API/Controllers/ResourceController.cs b/src/Altinn.Broker.API/Controllers/ResourceController.cs index 5ab30a5f..23f3e297 100644 --- a/src/Altinn.Broker.API/Controllers/ResourceController.cs +++ b/src/Altinn.Broker.API/Controllers/ResourceController.cs @@ -32,7 +32,7 @@ public async Task ConfigureResource(string resourceId, [FromBody] UseManifestFileShim = resourceExt.UseManifestFileShim, ExternalServiceCodeLegacy = resourceExt.ExternalServiceCodeLegacy, ExternalServiceEditionCodeLegacy = resourceExt.ExternalServiceEditionCodeLegacy - }, cancellationToken); + }, HttpContext.User, cancellationToken); return result.Match( (_) => Ok(null), diff --git a/src/Altinn.Broker.Application/ConfigureResource/ConfigureResourceHandler.cs b/src/Altinn.Broker.Application/ConfigureResource/ConfigureResourceHandler.cs index 50c23c2a..c24e2716 100644 --- a/src/Altinn.Broker.Application/ConfigureResource/ConfigureResourceHandler.cs +++ b/src/Altinn.Broker.Application/ConfigureResource/ConfigureResourceHandler.cs @@ -1,4 +1,5 @@ -using System.Xml; +using System.Security.Claims; +using System.Xml; using Altinn.Broker.Application.Settings; using Altinn.Broker.Core.Application; @@ -14,7 +15,7 @@ namespace Altinn.Broker.Application.ConfigureResource; public class ConfigureResourceHandler(IResourceRepository resourceRepository, IHostEnvironment hostEnvironment, ILogger logger) : IHandler { - public async Task> Process(ConfigureResourceRequest request, CancellationToken cancellationToken) + public async Task> Process(ConfigureResourceRequest request, ClaimsPrincipal? user, CancellationToken cancellationToken) { logger.LogInformation("Processing request to configure resource {ResourceId}", request.ResourceId.SanitizeForLogs()); var resource = await resourceRepository.GetResource(request.ResourceId, cancellationToken); diff --git a/src/Altinn.Broker.Application/ConfirmDownload/ConfirmDownloadHandler.cs b/src/Altinn.Broker.Application/ConfirmDownload/ConfirmDownloadHandler.cs index b38a1626..3692d96f 100644 --- a/src/Altinn.Broker.Application/ConfirmDownload/ConfirmDownloadHandler.cs +++ b/src/Altinn.Broker.Application/ConfirmDownload/ConfirmDownloadHandler.cs @@ -1,3 +1,4 @@ +using System.Security.Claims; using System.Xml; using Altinn.Broker.Application; @@ -28,7 +29,7 @@ public class ConfirmDownloadHandler( IEventBus eventBus, ILogger logger) : IHandler { - public async Task> Process(ConfirmDownloadRequest request, CancellationToken cancellationToken) + public async Task> Process(ConfirmDownloadRequest request, ClaimsPrincipal? user, CancellationToken cancellationToken) { logger.LogInformation("Confirming download for file transfer {fileTransferId}", request.FileTransferId); var fileTransfer = await fileTransferRepository.GetFileTransfer(request.FileTransferId, cancellationToken); @@ -36,7 +37,7 @@ public async Task> Process(ConfirmDownloadRequest request, Ca { return Errors.FileTransferNotFound; } - var hasAccess = await resourceRightsRepository.CheckUserAccess(fileTransfer.ResourceId, new List { ResourceAccessLevel.Read }, request.IsLegacy, cancellationToken); + var hasAccess = await resourceRightsRepository.CheckUserAccess(user, fileTransfer.ResourceId, new List { ResourceAccessLevel.Read }, request.IsLegacy, cancellationToken); if (!hasAccess) { return Errors.FileTransferNotFound; @@ -79,7 +80,7 @@ public async Task> Process(ConfirmDownloadRequest request, Ca { FileTransferId = request.FileTransferId, Force = true - }, cancellationToken)); + }, null, cancellationToken)); } else { @@ -88,7 +89,7 @@ public async Task> Process(ConfirmDownloadRequest request, Ca { FileTransferId = request.FileTransferId, Force = true - }, cancellationToken), DateTime.UtcNow.Add(gracePeriod)); + }, null, cancellationToken), DateTime.UtcNow.Add(gracePeriod)); } } return Task.CompletedTask; diff --git a/src/Altinn.Broker.Application/DownloadFile/DownloadFileHandler.cs b/src/Altinn.Broker.Application/DownloadFile/DownloadFileHandler.cs index 99eb71bc..c87be177 100644 --- a/src/Altinn.Broker.Application/DownloadFile/DownloadFileHandler.cs +++ b/src/Altinn.Broker.Application/DownloadFile/DownloadFileHandler.cs @@ -1,3 +1,5 @@ +using System.Security.Claims; + using Altinn.Broker.Core.Application; using Altinn.Broker.Core.Domain.Enums; using Altinn.Broker.Core.Helpers; @@ -10,7 +12,7 @@ namespace Altinn.Broker.Application.DownloadFile; public class DownloadFileHandler(IResourceRepository resourceRepository, IServiceOwnerRepository serviceOwnerRepository, IAuthorizationService resourceRightsRepository, IFileTransferRepository fileTransferRepository, IActorFileTransferStatusRepository actorFileTransferStatusRepository, IBrokerStorageService brokerStorageService, ILogger logger) : IHandler { - public async Task> Process(DownloadFileRequest request, CancellationToken cancellationToken) + public async Task> Process(DownloadFileRequest request, ClaimsPrincipal? user, CancellationToken cancellationToken) { logger.LogInformation("Starting download of file transfer {FileTransferId}", request.FileTransferId); var fileTransfer = await fileTransferRepository.GetFileTransfer(request.FileTransferId, cancellationToken); @@ -30,7 +32,7 @@ public async Task> Process(DownloadFileReques { return Errors.NoFileUploaded; } - var hasAccess = await resourceRightsRepository.CheckUserAccess(fileTransfer.ResourceId, new List { ResourceAccessLevel.Read }, request.IsLegacy, cancellationToken); + var hasAccess = await resourceRightsRepository.CheckUserAccess(user, fileTransfer.ResourceId, new List { ResourceAccessLevel.Read }, request.IsLegacy, cancellationToken); if (!hasAccess) { return Errors.NoAccessToResource; diff --git a/src/Altinn.Broker.Application/ExpireFileTransfer/ExpireFileTransferHandler.cs b/src/Altinn.Broker.Application/ExpireFileTransfer/ExpireFileTransferHandler.cs index 60bea747..f3d63336 100644 --- a/src/Altinn.Broker.Application/ExpireFileTransfer/ExpireFileTransferHandler.cs +++ b/src/Altinn.Broker.Application/ExpireFileTransfer/ExpireFileTransferHandler.cs @@ -1,4 +1,5 @@ -using System.Transactions; +using System.Security.Claims; +using System.Transactions; using Altinn.Broker.Application.Settings; using Altinn.Broker.Core.Application; @@ -21,7 +22,7 @@ namespace Altinn.Broker.Application.ExpireFileTransfer; public class ExpireFileTransferHandler(IFileTransferRepository fileTransferRepository, IFileTransferStatusRepository fileTransferStatusRepository, IServiceOwnerRepository serviceOwnerRepository, IBrokerStorageService brokerStorageService, IResourceRepository resourceRepository, IEventBus eventBus, ILogger logger) : IHandler { [AutomaticRetry(Attempts = 0)] - public async Task> Process(ExpireFileTransferRequest request, CancellationToken cancellationToken) + public async Task> Process(ExpireFileTransferRequest request, ClaimsPrincipal? user, CancellationToken cancellationToken) { logger.LogInformation("Deleting file transfer with id {fileTransferId}", request.FileTransferId.ToString()); var fileTransfer = await GetFileTransferAsync(request.FileTransferId, cancellationToken); diff --git a/src/Altinn.Broker.Application/GetFileTransferDetails/GetFileTransferDetailsHandler.cs b/src/Altinn.Broker.Application/GetFileTransferDetails/GetFileTransferDetailsHandler.cs index fff66a29..98d55f7b 100644 --- a/src/Altinn.Broker.Application/GetFileTransferDetails/GetFileTransferDetailsHandler.cs +++ b/src/Altinn.Broker.Application/GetFileTransferDetails/GetFileTransferDetailsHandler.cs @@ -1,3 +1,5 @@ +using System.Security.Claims; + using Altinn.Broker.Core.Application; using Altinn.Broker.Core.Domain.Enums; using Altinn.Broker.Core.Repositories; @@ -10,7 +12,7 @@ namespace Altinn.Broker.Application.GetFileTransferDetails; public class GetFileTransferDetailsHandler(IFileTransferRepository fileTransferRepository, IAuthorizationService resourceRightsRepository, IFileTransferStatusRepository fileTransferStatusRepository, IActorFileTransferStatusRepository actorFileTransferStatusRepository, ILogger logger) : IHandler { - public async Task> Process(GetFileTransferDetailsRequest request, CancellationToken cancellationToken) + public async Task> Process(GetFileTransferDetailsRequest request, ClaimsPrincipal? user, CancellationToken cancellationToken) { logger.LogInformation("Getting file transfer details for {fileTransferId}.", request.FileTransferId); var fileTransfer = await fileTransferRepository.GetFileTransfer(request.FileTransferId, cancellationToken); @@ -23,7 +25,7 @@ public async Task> Process(GetFileT { return Errors.FileTransferNotFound; } - var hasAccess = await resourceRightsRepository.CheckUserAccess(fileTransfer.ResourceId, new List { ResourceAccessLevel.Write, ResourceAccessLevel.Read }, cancellationToken: cancellationToken); + var hasAccess = await resourceRightsRepository.CheckUserAccess(user, fileTransfer.ResourceId, new List { ResourceAccessLevel.Write, ResourceAccessLevel.Read }, cancellationToken: cancellationToken); if (!hasAccess) { return Errors.NoAccessToResource; diff --git a/src/Altinn.Broker.Application/GetFileTransferOverview/GetFileTransferOverviewHandler.cs b/src/Altinn.Broker.Application/GetFileTransferOverview/GetFileTransferOverviewHandler.cs index 4557d645..bce2134b 100644 --- a/src/Altinn.Broker.Application/GetFileTransferOverview/GetFileTransferOverviewHandler.cs +++ b/src/Altinn.Broker.Application/GetFileTransferOverview/GetFileTransferOverviewHandler.cs @@ -1,3 +1,5 @@ +using System.Security.Claims; + using Altinn.Broker.Core.Application; using Altinn.Broker.Core.Domain.Enums; using Altinn.Broker.Core.Repositories; @@ -11,7 +13,7 @@ namespace Altinn.Broker.Application.GetFileTransferOverview; public class GetFileTransferOverviewHandler(IAuthorizationService resourceRightsRepository, IFileTransferRepository fileTransferRepository, ILogger logger) : IHandler { - public async Task> Process(GetFileTransferOverviewRequest request, CancellationToken cancellationToken) + public async Task> Process(GetFileTransferOverviewRequest request, ClaimsPrincipal? user, CancellationToken cancellationToken) { logger.LogInformation("Retrieving file overview for file transfer {fileTransferId}. Legacy: {legacy}", request.FileTransferId, request.IsLegacy); var fileTransfer = await fileTransferRepository.GetFileTransfer(request.FileTransferId, cancellationToken); @@ -24,7 +26,7 @@ public async Task> Process(GetFile { return Errors.FileTransferNotFound; } - var hasAccess = await resourceRightsRepository.CheckUserAccess(fileTransfer.ResourceId, new List { ResourceAccessLevel.Write, ResourceAccessLevel.Read }, request.IsLegacy, cancellationToken); + var hasAccess = await resourceRightsRepository.CheckUserAccess(user, fileTransfer.ResourceId, new List { ResourceAccessLevel.Write, ResourceAccessLevel.Read }, request.IsLegacy, cancellationToken); if (!hasAccess) { return Errors.NoAccessToResource; diff --git a/src/Altinn.Broker.Application/GetFileTransfers/GetFileTransfersHandler.cs b/src/Altinn.Broker.Application/GetFileTransfers/GetFileTransfersHandler.cs index e7fdf00f..b4f81484 100644 --- a/src/Altinn.Broker.Application/GetFileTransfers/GetFileTransfersHandler.cs +++ b/src/Altinn.Broker.Application/GetFileTransfers/GetFileTransfersHandler.cs @@ -1,3 +1,5 @@ +using System.Security.Claims; + using Altinn.Broker.Core.Application; using Altinn.Broker.Core.Domain; using Altinn.Broker.Core.Domain.Enums; @@ -12,10 +14,10 @@ namespace Altinn.Broker.Application.GetFileTransfers; public class GetFileTransfersHandler(IAuthorizationService resourceRightsRepository, IResourceRepository resourceRepository, IFileTransferRepository fileTransferRepository, IActorRepository actorRepository, ILogger logger) : IHandler> { - public async Task, Error>> Process(GetFileTransfersRequest request, CancellationToken cancellationToken) + public async Task, Error>> Process(GetFileTransfersRequest request, ClaimsPrincipal? user, CancellationToken cancellationToken) { logger.LogInformation("Getting file transfers for {resourceId}", request.ResourceId.SanitizeForLogs()); - var hasAccess = await resourceRightsRepository.CheckUserAccess(request.ResourceId, new List { ResourceAccessLevel.Write, ResourceAccessLevel.Read }, cancellationToken: cancellationToken); + var hasAccess = await resourceRightsRepository.CheckUserAccess(user, request.ResourceId, new List { ResourceAccessLevel.Write, ResourceAccessLevel.Read }, cancellationToken: cancellationToken); if (!hasAccess) { return Errors.NoAccessToResource; diff --git a/src/Altinn.Broker.Application/GetFileTransfers/LegacyGetFilesHandler.cs b/src/Altinn.Broker.Application/GetFileTransfers/LegacyGetFilesHandler.cs index 9419649a..247d8388 100644 --- a/src/Altinn.Broker.Application/GetFileTransfers/LegacyGetFilesHandler.cs +++ b/src/Altinn.Broker.Application/GetFileTransfers/LegacyGetFilesHandler.cs @@ -1,3 +1,5 @@ +using System.Security.Claims; + using Altinn.Broker.Core.Application; using Altinn.Broker.Core.Domain; using Altinn.Broker.Core.Helpers; @@ -26,7 +28,7 @@ private async Task> GetActors(string[] recipients, Cancellatio return actors; } - public async Task, Error>> Process(LegacyGetFilesRequest request, CancellationToken cancellationToken) + public async Task, Error>> Process(LegacyGetFilesRequest request, ClaimsPrincipal? user, CancellationToken cancellationToken) { logger.LogInformation("Legacy get files for {resourceId}", request.ResourceId is null ? "all resources" : request.ResourceId.SanitizeForLogs()); LegacyFileSearchEntity fileSearch = new() diff --git a/src/Altinn.Broker.Application/IHandler.cs b/src/Altinn.Broker.Application/IHandler.cs index cfba2efb..60b1c812 100644 --- a/src/Altinn.Broker.Application/IHandler.cs +++ b/src/Altinn.Broker.Application/IHandler.cs @@ -1,10 +1,12 @@ -using Altinn.Broker.Application; +using System.Security.Claims; + +using Altinn.Broker.Application; using OneOf; namespace Altinn.Broker.Core.Application; internal interface IHandler { - Task> Process(TRequest request, CancellationToken cancellationToken); + Task> Process(TRequest request, ClaimsPrincipal? user, CancellationToken cancellationToken); } diff --git a/src/Altinn.Broker.Application/InitializeFileTransfer/InitializeFileTransferHandler.cs b/src/Altinn.Broker.Application/InitializeFileTransfer/InitializeFileTransferHandler.cs index 9d1c2ca0..4d2a507e 100644 --- a/src/Altinn.Broker.Application/InitializeFileTransfer/InitializeFileTransferHandler.cs +++ b/src/Altinn.Broker.Application/InitializeFileTransfer/InitializeFileTransferHandler.cs @@ -1,4 +1,6 @@ -using Altinn.Broker.Application.ExpireFileTransfer; +using System.Security.Claims; + +using Altinn.Broker.Application.ExpireFileTransfer; using Altinn.Broker.Core.Application; using Altinn.Broker.Core.Domain.Enums; using Altinn.Broker.Core.Helpers; @@ -28,10 +30,10 @@ public class InitializeFileTransferHandler( IHostEnvironment hostEnvironment, ILogger logger) : IHandler { - public async Task> Process(InitializeFileTransferRequest request, CancellationToken cancellationToken) + public async Task> Process(InitializeFileTransferRequest request, ClaimsPrincipal? user, CancellationToken cancellationToken) { logger.LogInformation("Initializing file transfer on {resourceId}", request.ResourceId.SanitizeForLogs()); - var hasAccess = await resourceRightsRepository.CheckUserAccess(request.ResourceId, new List { ResourceAccessLevel.Write }, request.IsLegacy, cancellationToken); + var hasAccess = await resourceRightsRepository.CheckUserAccess(user, request.ResourceId, new List { ResourceAccessLevel.Write }, request.IsLegacy, cancellationToken); if (!hasAccess) { return Errors.NoAccessToResource; @@ -74,7 +76,7 @@ public async Task> Process(InitializeFileTransferRequest requ { FileTransferId = fileTransferId, Force = false - }, cancellationToken), fileExpirationTime); + }, null, cancellationToken), fileExpirationTime); await fileTransferRepository.SetFileTransferHangfireJobId(fileTransferId, jobId, cancellationToken); return await TransactionWithRetriesPolicy.Execute(async (cancellationToken) => { diff --git a/src/Altinn.Broker.Application/MalwareScanResults/MalwareScanResultHandler.cs b/src/Altinn.Broker.Application/MalwareScanResults/MalwareScanResultHandler.cs index 22bfd470..f96144cc 100644 --- a/src/Altinn.Broker.Application/MalwareScanResults/MalwareScanResultHandler.cs +++ b/src/Altinn.Broker.Application/MalwareScanResults/MalwareScanResultHandler.cs @@ -1,4 +1,5 @@ +using System.Security.Claims; using System.Text.Json; using Altinn.Broker.Application.ExpireFileTransfer; @@ -23,7 +24,7 @@ public class MalwareScanningResultHandler( ILogger logger, IBackgroundJobClient backgroundJobClient) : IHandler { - public async Task> Process(ScanResultData data, CancellationToken cancellationToken) + public async Task> Process(ScanResultData data, ClaimsPrincipal? user, CancellationToken cancellationToken) { string fileTransferIdFromUri = data.BlobUri.Split("/").Last() ?? Guid.Empty.ToString(); Guid fileTransferId; @@ -60,7 +61,7 @@ public async Task> Process(ScanResultData data, CancellationT FileTransferId = fileTransfer.FileTransferId, Force = true, DoNotUpdateStatus = true - }, CancellationToken.None)); + }, null, CancellationToken.None)); } return Task.CompletedTask; }, logger, cancellationToken); diff --git a/src/Altinn.Broker.Application/UploadFile/UploadFileHandler.cs b/src/Altinn.Broker.Application/UploadFile/UploadFileHandler.cs index af42a442..af48aa7a 100644 --- a/src/Altinn.Broker.Application/UploadFile/UploadFileHandler.cs +++ b/src/Altinn.Broker.Application/UploadFile/UploadFileHandler.cs @@ -1,3 +1,5 @@ +using System.Security.Claims; + using Altinn.Broker.Application.Settings; using Altinn.Broker.Core.Application; using Altinn.Broker.Core.Domain.Enums; @@ -27,7 +29,7 @@ public class UploadFileHandler( IHostEnvironment hostEnvironment, ILogger logger) : IHandler { - public async Task> Process(UploadFileRequest request, CancellationToken cancellationToken) + public async Task> Process(UploadFileRequest request, ClaimsPrincipal? user, CancellationToken cancellationToken) { logger.LogInformation("Uploading file for file transfer {fileTransferId}", request.FileTransferId); var fileTransfer = await fileTransferRepository.GetFileTransfer(request.FileTransferId, cancellationToken); @@ -35,7 +37,7 @@ public async Task> Process(UploadFileRequest request, Cancell { return Errors.FileTransferNotFound; } - var hasAccess = await resourceRightsRepository.CheckUserAccess(fileTransfer.ResourceId, new List { ResourceAccessLevel.Write }, request.IsLegacy, cancellationToken); + var hasAccess = await resourceRightsRepository.CheckUserAccess(user, fileTransfer.ResourceId, new List { ResourceAccessLevel.Write }, request.IsLegacy, cancellationToken); if (!hasAccess) { return Errors.FileTransferNotFound; diff --git a/src/Altinn.Broker.Core/Repositories/IAuthorizationService.cs b/src/Altinn.Broker.Core/Repositories/IAuthorizationService.cs index 0004fbda..0724c169 100644 --- a/src/Altinn.Broker.Core/Repositories/IAuthorizationService.cs +++ b/src/Altinn.Broker.Core/Repositories/IAuthorizationService.cs @@ -1,7 +1,9 @@ -using Altinn.Broker.Core.Domain.Enums; +using System.Security.Claims; + +using Altinn.Broker.Core.Domain.Enums; namespace Altinn.Broker.Core.Repositories; public interface IAuthorizationService { - Task CheckUserAccess(string resourceId, List rights, bool IsLegacyUser = false, CancellationToken cancellationToken = default); + Task CheckUserAccess(ClaimsPrincipal? user, string resourceId, List rights, bool IsLegacyUser = false, CancellationToken cancellationToken = default); } diff --git a/src/Altinn.Broker.Integrations/Altinn/Authorization/AltinnAuthorizationService.cs b/src/Altinn.Broker.Integrations/Altinn/Authorization/AltinnAuthorizationService.cs index 5fe1cbd0..f4415a5d 100644 --- a/src/Altinn.Broker.Integrations/Altinn/Authorization/AltinnAuthorizationService.cs +++ b/src/Altinn.Broker.Integrations/Altinn/Authorization/AltinnAuthorizationService.cs @@ -18,23 +18,25 @@ namespace Altinn.Broker.Integrations.Altinn.Authorization; public class AltinnAuthorizationService : IAuthorizationService { private readonly HttpClient _httpClient; - private readonly IHttpContextAccessor _httpContextAccessor; private readonly IResourceRepository _resourceRepository; private readonly IHostEnvironment _hostEnvironment; private readonly ILogger _logger; - public AltinnAuthorizationService(HttpClient httpClient, IOptions altinnOptions, IHttpContextAccessor httpContextAccessor, IResourceRepository resourceRepository, IHostEnvironment hostEnvironment, ILogger logger) + public AltinnAuthorizationService(HttpClient httpClient, IOptions altinnOptions, IResourceRepository resourceRepository, IHostEnvironment hostEnvironment, ILogger logger) { httpClient.DefaultRequestHeaders.Add("Ocp-Apim-Subscription-Key", altinnOptions.Value.PlatformSubscriptionKey); _httpClient = httpClient; - _httpContextAccessor = httpContextAccessor; _resourceRepository = resourceRepository; _hostEnvironment = hostEnvironment; _logger = logger; } - public async Task CheckUserAccess(string resourceId, List rights, bool IsLegacyUser = false, CancellationToken cancellationToken = default) + public async Task CheckUserAccess(ClaimsPrincipal? user, string resourceId, List rights, bool IsLegacyUser = false, CancellationToken cancellationToken = default) { + if (user is null) + { + throw new InvalidOperationException("This operation cannot be called outside an authenticated HttpContext"); + } if (IsLegacyUser || _hostEnvironment.IsDevelopment()) { return true; @@ -44,7 +46,6 @@ public async Task CheckUserAccess(string resourceId, List(); - authorizationService.Setup(x => x.CheckUserAccess(It.IsAny(), It.IsAny>(), It.IsAny(), It.IsAny())).ReturnsAsync(true); - authorizationService.Setup(x => x.CheckUserAccess(TestConstants.RESOURCE_WITH_NO_ACCESS, It.IsAny>(), It.IsAny(), It.IsAny())).ReturnsAsync(false); + authorizationService.Setup(x => x.CheckUserAccess(It.IsAny(), It.IsAny(), It.IsAny>(), It.IsAny(), It.IsAny())).ReturnsAsync(true); + authorizationService.Setup(x => x.CheckUserAccess(It.IsAny(), TestConstants.RESOURCE_WITH_NO_ACCESS, It.IsAny>(), It.IsAny(), It.IsAny())).ReturnsAsync(false); services.AddSingleton(authorizationService.Object); var eventBus = new Mock();