From c0c6a0557447d14dfbdd39a3ca845311d28b60cf Mon Sep 17 00:00:00 2001 From: acn-dgopa Date: Fri, 8 Sep 2023 09:44:50 +0200 Subject: [PATCH] Added eventlog implementation for refresh and token exchange operations --- .../Controllers/AuthenticationController.cs | 8 ++++++++ .../Enum/AuthenticationEventType.cs | 4 +++- .../Helpers/AuthenticationHelper.cs | 18 ++++++++++++++++++ 3 files changed, 29 insertions(+), 1 deletion(-) diff --git a/src/Authentication/Controllers/AuthenticationController.cs b/src/Authentication/Controllers/AuthenticationController.cs index c5187357..a07d1dbb 100644 --- a/src/Authentication/Controllers/AuthenticationController.cs +++ b/src/Authentication/Controllers/AuthenticationController.cs @@ -266,6 +266,8 @@ public async Task RefreshJwtCookie() string serializedToken = await GenerateToken(principal); + UserAuthenticationModel userAuthentication = AuthenticationHelper.GetUserFromToken(serializedToken, null); + EventlogHelper.CreateAuthenticationEvent(_featureManager, _eventLog, userAuthentication, AuthenticationEventType.Refresh); _logger.LogInformation("End of refreshing token"); return Ok(serializedToken); @@ -365,6 +367,8 @@ private async Task AuthenticateAltinnStudioToken(string originalTo ClaimsPrincipal principal = new ClaimsPrincipal(identity); string serializedToken = await GenerateToken(principal); + UserAuthenticationModel userAuthentication = AuthenticationHelper.GetUserFromToken(serializedToken, null); + EventlogHelper.CreateAuthenticationEvent(_featureManager, _eventLog, userAuthentication, AuthenticationEventType.TokenExchange); return Ok(serializedToken); } catch (Exception ex) @@ -484,6 +488,8 @@ private async Task AuthenticateMaskinportenToken(string originalTo ClaimsPrincipal principal = new ClaimsPrincipal(identity); string serializedToken = await GenerateToken(principal); + UserAuthenticationModel userAuthentication = AuthenticationHelper.GetUserFromToken(serializedToken, null); + EventlogHelper.CreateAuthenticationEvent(_featureManager, _eventLog, userAuthentication, AuthenticationEventType.TokenExchange); return Ok(serializedToken); } catch (Exception ex) @@ -617,6 +623,8 @@ private async Task AuthenticateIdPortenToken(string originalToken) ClaimsPrincipal principal = new ClaimsPrincipal(identity); string serializedToken = await GenerateToken(principal, token.ValidTo); + UserAuthenticationModel userAuthentication = AuthenticationHelper.GetUserFromToken(serializedToken, null); + EventlogHelper.CreateAuthenticationEvent(_featureManager, _eventLog, userAuthentication, AuthenticationEventType.TokenExchange); return Ok(serializedToken); } catch (Exception ex) diff --git a/src/Authentication/Enum/AuthenticationEventType.cs b/src/Authentication/Enum/AuthenticationEventType.cs index 2457ede1..ba8c9b9a 100644 --- a/src/Authentication/Enum/AuthenticationEventType.cs +++ b/src/Authentication/Enum/AuthenticationEventType.cs @@ -7,6 +7,8 @@ public enum AuthenticationEventType { AuthenticationFailed, Authenticated, - Logout + Refresh, + TokenExchange, + Logout, } } diff --git a/src/Authentication/Helpers/AuthenticationHelper.cs b/src/Authentication/Helpers/AuthenticationHelper.cs index d15697fb..34580c3b 100644 --- a/src/Authentication/Helpers/AuthenticationHelper.cs +++ b/src/Authentication/Helpers/AuthenticationHelper.cs @@ -99,6 +99,24 @@ public static UserAuthenticationModel GetUserFromToken(JwtSecurityToken jwtSecur return userAuthenticationModel; } + /// + /// Get user information from the serializwd token string + /// + /// serialized jwt token string + /// token provider + /// + public static UserAuthenticationModel GetUserFromToken(string jwtToken, OidcProvider provider) + { + JwtSecurityTokenHandler tokenHandler = new JwtSecurityTokenHandler(); + if (!string.IsNullOrEmpty(jwtToken)) + { + JwtSecurityToken token = tokenHandler.ReadJwtToken(jwtToken); + return GetUserFromToken(token, provider); + } + + return null; + } + /// /// Converts IDporten acr claim �Authentication Context Class Reference� - The security level of assurance for the /// authentication. Possible values are Level3 (i.e. MinID was used) or Level4 (other eIDs).