From ce5f840910fa31311dbb3d0fff3b741d713ae491 Mon Sep 17 00:00:00 2001
From: Mirko Sekulic <misha.sekulic@gmail.com>
Date: Tue, 19 Nov 2024 11:20:49 +0100
Subject: [PATCH] AnsattPorten controller

---
 .../Controllers/AnsattPortenController.cs     | 47 +++++++++++++++++++
 .../Controllers/AppScopesController.cs        |  9 ++--
 .../AnsattPorten/AnsattPortenExtensions.cs    |  3 +-
 backend/src/Designer/Models/Dto/AuthStatus.cs |  6 +++
 4 files changed, 57 insertions(+), 8 deletions(-)
 create mode 100644 backend/src/Designer/Controllers/AnsattPortenController.cs
 create mode 100644 backend/src/Designer/Models/Dto/AuthStatus.cs

diff --git a/backend/src/Designer/Controllers/AnsattPortenController.cs b/backend/src/Designer/Controllers/AnsattPortenController.cs
new file mode 100644
index 00000000000..a92945661fb
--- /dev/null
+++ b/backend/src/Designer/Controllers/AnsattPortenController.cs
@@ -0,0 +1,47 @@
+using System.Threading.Tasks;
+using Altinn.Studio.Designer.Constants;
+using Altinn.Studio.Designer.Models.Dto;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.FeatureManagement.Mvc;
+
+namespace Altinn.Studio.Designer.Controllers;
+
+[FeatureGate(StudioFeatureFlags.AnsattPorten)]
+[Route("designer/api/[controller]")]
+[ApiController]
+public class AnsattPortenController(IAuthenticationService authService) : ControllerBase
+{
+    [Authorize(AnsattPortenConstants.AnsattportenAuthorizationPolicy)]
+    [HttpGet("login")]
+    public async Task<IActionResult> Login([FromQuery] string redirectTo)
+    {
+        await Task.CompletedTask;
+        if (!Url.IsLocalUrl(redirectTo))
+        {
+            return Forbid();
+        }
+
+        return LocalRedirect(redirectTo);
+    }
+
+    [AllowAnonymous]
+    [HttpGet("auth-status")]
+    public async Task<IActionResult> AuthStatus()
+    {
+        await Task.CompletedTask;
+        var authenticateResult =
+            await authService.AuthenticateAsync(HttpContext,
+                AnsattPortenConstants.AnsattportenAuthenticationScheme);
+
+        var authStatus = new AuthStatus
+        {
+            IsLoggedIn = authenticateResult.Succeeded
+        };
+
+        return Ok(authStatus);
+    }
+
+
+}
diff --git a/backend/src/Designer/Controllers/AppScopesController.cs b/backend/src/Designer/Controllers/AppScopesController.cs
index 17baf9a3d4a..4e8d88e0f87 100644
--- a/backend/src/Designer/Controllers/AppScopesController.cs
+++ b/backend/src/Designer/Controllers/AppScopesController.cs
@@ -14,7 +14,7 @@
 
 
 namespace Altinn.Studio.Designer.Controllers;
-// TODO split the endppoint
+
 [FeatureGate(StudioFeatureFlags.AnsattPorten)]
 [Route("designer/api/{org}/{app:regex(^(?!datamodels$)[[a-z]][[a-z0-9-]]{{1,28}}[[a-z0-9]]$)}/app-scopes")]
 
@@ -27,7 +27,7 @@ public async Task<IActionResult> GetScopesFromMaskinPorten(string org, string ap
     {
         var scopes = await maskinPortenHttpClient.GetAvailableScopes(cancellationToken);
 
-        var reponse = new AppScopesResponse()
+        var response = new AppScopesResponse()
         {
             Scopes = scopes.Select(x => new MaskinPortenScopeDto()
             {
@@ -36,10 +36,9 @@ public async Task<IActionResult> GetScopesFromMaskinPorten(string org, string ap
             }).ToHashSet()
         };
 
-        return Ok(reponse);
+        return Ok(response);
     }
 
-
     [Authorize]
     [HttpPut]
     public async Task UpsertAppScopes(string org, string app, [FromBody] AppScopesUpsertRequest appScopesUpsertRequest,
@@ -55,7 +54,6 @@ public async Task UpsertAppScopes(string org, string app, [FromBody] AppScopesUp
         await appScopesService.UpsertScopesAsync(AltinnRepoEditingContext.FromOrgRepoDeveloper(org, app, developer), scopes, cancellationToken);
     }
 
-
     [Authorize]
     [HttpGet]
     public async Task<IActionResult> GetAppScopes(string org, string app, CancellationToken cancellationToken)
@@ -73,5 +71,4 @@ public async Task<IActionResult> GetAppScopes(string org, string app, Cancellati
 
         return Ok(reponse);
     }
-
 }
diff --git a/backend/src/Designer/Infrastructure/AnsattPorten/AnsattPortenExtensions.cs b/backend/src/Designer/Infrastructure/AnsattPorten/AnsattPortenExtensions.cs
index 8cfdfcc3881..073da38601c 100644
--- a/backend/src/Designer/Infrastructure/AnsattPorten/AnsattPortenExtensions.cs
+++ b/backend/src/Designer/Infrastructure/AnsattPorten/AnsattPortenExtensions.cs
@@ -75,8 +75,7 @@ private static IServiceCollection AddAnsattPortenAuthentication(this IServiceCol
                     options.Events.OnRedirectToIdentityProvider = context =>
                     {
 
-                        if (!context.Request.Path.StartsWithSegments("/designer/api") ||
-                            !context.Request.Path.Value!.Contains("/maskinporten"))
+                        if (!context.Request.Path.StartsWithSegments("/designer/api/ansattporten/login"))
                         {
                             context.Response.StatusCode = StatusCodes.Status401Unauthorized;
                             context.HandleResponse();
diff --git a/backend/src/Designer/Models/Dto/AuthStatus.cs b/backend/src/Designer/Models/Dto/AuthStatus.cs
new file mode 100644
index 00000000000..3ff49e8f39b
--- /dev/null
+++ b/backend/src/Designer/Models/Dto/AuthStatus.cs
@@ -0,0 +1,6 @@
+namespace Altinn.Studio.Designer.Models.Dto;
+
+public class AuthStatus
+{
+    public bool IsLoggedIn { get; set; }
+}