chore(deps): update dependency altinn.common.pep to v4 (#369)

* chore(deps): update dependency altinn.common.pep to v4 * Update code to reflect changes in new PEP-library * Remove unused field in AuthorizationService * Fix failing tests * Fix issue * New fix for issue * Adjust test --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: tba76 <thomabak@gmail.com>
Altinn · Apr 12, 2024 · 1f85c8b · 1f85c8b
1 parent 7375a4a
commit 1f85c8b
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 15 deletions.
diff --git a/src/Storage/Altinn.Platform.Storage.csproj b/src/Storage/Altinn.Platform.Storage.csproj
@@ -17,7 +17,7 @@
     <PackageReference Include="Azure.Identity" Version="1.10.4" />
     <PackageReference Include="Azure.Security.KeyVault.Secrets" Version="4.6.0" />
     <PackageReference Include="Azure.Storage.Blobs" Version="12.19.1" />
-    <PackageReference Include="Altinn.Common.PEP" Version="3.0.0" />
+    <PackageReference Include="Altinn.Common.PEP" Version="4.0.0" />
     <PackageReference Include="Azure.Storage.Queues" Version="12.17.1" />
     <PackageReference Include="JWTCookieAuthentication" Version="3.0.1" />
     <PackageReference Include="Microsoft.ApplicationInsights.AspNetCore" Version="2.22.0" />

diff --git a/src/Storage/Authorization/AuthorizationService.cs b/src/Storage/Authorization/AuthorizationService.cs
@@ -11,7 +11,6 @@
 using Altinn.Platform.Storage.Helpers;
 using Altinn.Platform.Storage.Interface.Models;
 
-using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 
 namespace Altinn.Platform.Storage.Authorization
@@ -23,8 +22,7 @@ public class AuthorizationService : IAuthorization
     {
         private readonly IPDP _pdp;
         private readonly IClaimsPrincipalProvider _claimsPrincipalProvider;
-        private readonly IHttpContextAccessor _httpContextAccessor;
-        private readonly ILogger _logger;
+        private readonly ILogger<AuthorizationService> _logger;
 
         private const string XacmlResourceTaskId = "urn:altinn:task";
         private const string XacmlResourceEndId = "urn:altinn:end-event";
@@ -40,13 +38,11 @@ public class AuthorizationService : IAuthorization
         /// </summary>
         /// <param name="pdp">Policy decision point</param>
         /// <param name="claimsPrincipalProvider">A service providing access to the current <see cref="ClaimsPrincipal"/>.</param>
-        /// <param name="httpContextAccessor">An http context accessor service.</param>
         /// <param name="logger">The logger</param>
-        public AuthorizationService(IPDP pdp, IClaimsPrincipalProvider claimsPrincipalProvider, IHttpContextAccessor httpContextAccessor, ILogger<IAuthorization> logger)
+        public AuthorizationService(IPDP pdp, IClaimsPrincipalProvider claimsPrincipalProvider, ILogger<AuthorizationService> logger)
         {
             _pdp = pdp;
             _claimsPrincipalProvider = claimsPrincipalProvider;
-            _httpContextAccessor = httpContextAccessor;
             _logger = logger;
         }
 
@@ -143,12 +139,12 @@ public async Task<bool> AuthorizeInstanceAction(Instance instance, string action
             ClaimsPrincipal user = _claimsPrincipalProvider.GetUser();
             if (instance.Id == null)
             {
-                request = DecisionHelper.CreateDecisionRequest(org, app, user, action, instanceOwnerPartyId, null, _httpContextAccessor.HttpContext.Request.Headers);
+                request = DecisionHelper.CreateDecisionRequest(org, app, user, action, instanceOwnerPartyId, null);
             }
             else
             {
                 Guid instanceGuid = Guid.Parse(instance.Id.Split('/')[1]);
-                request = DecisionHelper.CreateDecisionRequest(org, app, user, action, instanceOwnerPartyId, instanceGuid, _httpContextAccessor.HttpContext.Request.Headers, task);
+                request = DecisionHelper.CreateDecisionRequest(org, app, user, action, instanceOwnerPartyId, instanceGuid, task);
             }
 
             XacmlJsonResponse response = await _pdp.GetDecisionForRequest(request);

diff --git a/src/Storage/Authorization/StorageAccessHandler.cs b/src/Storage/Authorization/StorageAccessHandler.cs
@@ -69,7 +69,7 @@ public StorageAccessHandler(
         /// <returns>A Task</returns>
         protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, AppAccessRequirement requirement)
         {
-            XacmlJsonRequestRoot request = DecisionHelper.CreateDecisionRequest(context, requirement, _httpContextAccessor.HttpContext.GetRouteData(), _httpContextAccessor.HttpContext.Request.Headers);
+            XacmlJsonRequestRoot request = DecisionHelper.CreateDecisionRequest(context, requirement, _httpContextAccessor.HttpContext.GetRouteData());
 
             _logger.LogInformation("// Storage PEP // AppAccessHandler // Request sent: {request}", JsonConvert.SerializeObject(request));
 

diff --git a/src/Storage/Controllers/InstancesController.cs b/src/Storage/Controllers/InstancesController.cs
@@ -351,7 +351,7 @@ public async Task<ActionResult<Instance>> Post(string appId, [FromBody] Instance
             XacmlJsonRequestRoot request;
             try
             {
-                request = DecisionHelper.CreateDecisionRequest(appInfo.Org, appInfo.Id.Split('/')[1], HttpContext.User, "instantiate", instanceOwnerPartyId, null, Request.Headers);
+                request = DecisionHelper.CreateDecisionRequest(appInfo.Org, appInfo.Id.Split('/')[1], HttpContext.User, "instantiate", instanceOwnerPartyId, null);
             }
             catch (Exception ex)
             {

diff --git a/test/UnitTest/TestingServices/AuthorizationServiceTest.cs b/test/UnitTest/TestingServices/AuthorizationServiceTest.cs
@@ -14,7 +14,6 @@
 
 using AltinnCore.Authentication.Constants;
 
-using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 
 using Moq;
@@ -36,14 +35,13 @@ public class AuthorizationServiceTest
         private readonly Mock<IPDP> _pdpSimpleMock;
         private readonly Mock<IInstanceRepository> _instanceRepository = new();
         private readonly Mock<IClaimsPrincipalProvider> _claimsPrincipalProviderMock = new();
-        private readonly Mock<IHttpContextAccessor> _contextAccessorMock = new();
 
         public AuthorizationServiceTest()
         {
             _pdpSimpleMock = new Mock<IPDP>();
             _pdpMockSI = new PepWithPDPAuthorizationMockSI(_instanceRepository.Object);
             _authzService = new AuthorizationService(
-                _pdpMockSI, _claimsPrincipalProviderMock.Object, _contextAccessorMock.Object, Mock.Of<ILogger<IAuthorization>>());
+                _pdpMockSI, _claimsPrincipalProviderMock.Object, Mock.Of<ILogger<AuthorizationService>>());
         }
 
         [Fact]
@@ -64,7 +62,7 @@ public async Task GetDecisionForRequest_ConfirmPDPCalled()
                 .ReturnsAsync(res);
 
             var sut = new AuthorizationService(
-                _pdpSimpleMock.Object, _claimsPrincipalProviderMock.Object, _contextAccessorMock.Object,  Mock.Of<ILogger<IAuthorization>>());
+                _pdpSimpleMock.Object, _claimsPrincipalProviderMock.Object, Mock.Of<ILogger<AuthorizationService>>());
             await sut.GetDecisionForRequest(new XacmlJsonRequestRoot());
 
             _pdpSimpleMock.Verify(m => m.GetDecisionForRequest(It.IsAny<XacmlJsonRequestRoot>()), Times.Once());