Skip to content

Commit

Permalink
Auth level localtest (#8023)
Browse files Browse the repository at this point in the history 
* Make Authentication level selectable in LocalTest

* Get correct authLevel from app if LocalAppMode == "http"
  • Loading branch information
@ivarne
ivarne authored Feb 10, 2022
1 parent 21d9c17 commit 8fe22d0
Show file tree
Hide file tree
Showing 3 changed files with 74 additions and 7 deletions.
65 changes: 59 additions & 6 deletions src/Controllers/HomeController.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
using System.Net.Http;
using System.Threading.Tasks;
using System.Security.Claims;
using System.Xml;

using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authorization;
Expand All @@ -15,20 +16,16 @@

using AltinnCore.Authentication.Constants;
using Altinn.Platform.Profile.Models;
using Altinn.Platform.Storage.Repository;
using Altinn.Platform.Storage.Interface.Models;

using LocalTest.Configuration;
using LocalTest.Models;
using LocalTest.Services.Authentication.Interface;
using LocalTest.Services.Profile.Interface;
using LocalTest.Services.Localtest.Interface;
using LocalTest.Services.LocalApp.Interface;

using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Authentication.Cookies;
using System.Text;
using Newtonsoft.Json;

namespace LocalTest.Controllers
{
Expand Down Expand Up @@ -71,6 +68,8 @@ public async Task<IActionResult> Index()
model.AppPath = _localPlatformSettings.AppRepositoryBasePath;
model.StaticTestDataPath = _localPlatformSettings.LocalTestingStaticTestDataPath;
model.LocalAppUrl = _localPlatformSettings.LocalAppUrl;
var defaultAuthLevel = _localPlatformSettings.LocalAppMode == "http" ? await GetAppAuthLevel(model.TestApps.First().Value) : 2;
model.AuthenticationLevels = GetAuthenticationLevels(defaultAuthLevel);

if (!model.TestApps?.Any() ?? true)
{
Expand Down Expand Up @@ -112,7 +111,7 @@ public async Task<ActionResult> LogInTestUser(StartAppModel startAppModel)
claims.Add(new Claim(AltinnCoreClaimTypes.UserId, profile.UserId.ToString(), ClaimValueTypes.String, issuer));
claims.Add(new Claim(AltinnCoreClaimTypes.UserName, profile.UserName, ClaimValueTypes.String, issuer));
claims.Add(new Claim(AltinnCoreClaimTypes.PartyID, profile.PartyId.ToString(), ClaimValueTypes.Integer32, issuer));
claims.Add(new Claim(AltinnCoreClaimTypes.AuthenticationLevel, "2", ClaimValueTypes.Integer32, issuer));
claims.Add(new Claim(AltinnCoreClaimTypes.AuthenticationLevel, startAppModel.AuthenticationLevel, ClaimValueTypes.Integer32, issuer));

ClaimsIdentity identity = new ClaimsIdentity(_generalSettings.GetClaimsIdentity);
identity.AddClaims(claims);
Expand Down Expand Up @@ -225,8 +224,62 @@ private async Task<IEnumerable<SelectListItem>> GetTestUsersForList()

return userItems;
}
private async Task<int> GetAppAuthLevel(string appId)
{
try {
var policyString = await _localApp.GetXACMLPolicy(appId);
var document = new XmlDocument();
document.LoadXml(policyString);
var nsMngr = new XmlNamespaceManager(document.NameTable);
nsMngr.AddNamespace("xacml", "urn:oasis:names:tc:xacml:3.0:core:schema:wd-17");
var authLevelNode = document.SelectSingleNode("/xacml:Policy/xacml:ObligationExpressions/xacml:ObligationExpression[@ObligationId='urn:altinn:obligation:authenticationLevel1']/xacml:AttributeAssignmentExpression[@Category='urn:altinn:minimum-authenticationlevel']/xacml:AttributeValue", nsMngr);
return int.Parse(authLevelNode.InnerText);
}
catch(Exception)
{
// Return default auth level if app auth level can't be found.
return 2;
}
}

private List<SelectListItem> GetAuthenticationLevels(int defaultAuthLevel)
{
return new()
{
new()
{
Value = "0",
Text = "Nivå 0",
Selected = defaultAuthLevel == 0
},
new()
{
Value = "1",
Text = "Nivå 1",
Selected = defaultAuthLevel == 1
},
new()
{
Value = "2",
Text = "Nivå 2",
Selected = defaultAuthLevel == 2
},
new()
{
Value = "3",
Text = "Nivå 3",
Selected = defaultAuthLevel == 3
},
new()
{
Value = "4",
Text = "Nivå 4",
Selected = defaultAuthLevel == 4
},
};
}

private async Task<IEnumerable<SelectListItem>> GetAppsList()
private async Task<List<SelectListItem>> GetAppsList()
{
var applications = await _localApp.GetApplications();
return applications.Select((kv) => GetSelectItem(kv.Value, kv.Key)).ToList();
Expand Down
10 changes: 10 additions & 0 deletions src/Models/StartAppModel.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,11 @@ public class StartAppModel
/// </summary>
public string AppPathSelection { get; set; }

/// <summary>
/// Authentication level for the test user
/// </summary>
public string AuthenticationLevel { get; set; }

/// <summary>
/// List of TestUsers for dropdown
/// </summary>
Expand All @@ -73,5 +78,10 @@ public class StartAppModel
/// List of selectable Apps for dropdown
/// </summary>
public IEnumerable<SelectListItem> TestApps { get; set; }

/// <summary>
/// List of possible authentication levels
/// </summary>
public IEnumerable<SelectListItem> AuthenticationLevels { get; set; }
}
}
6 changes: 5 additions & 1 deletion src/Views/Home/Index.cshtml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@
ViewData["Title"] = "Altinn Studio Local Testing";
}

@{
@{
if (Model.HttpException != null)
{
<div class="alert alert-dark" role="alert">
Expand Down Expand Up @@ -76,6 +76,10 @@
<label for="exampleInputEmail1">Select app to test found in @Model.AppPath</label>
@Html.DropDownListFor(model => model.AppPathSelection, Model.TestApps, new { Class = "form-control" })
</div>
<div class="form-group">
<label for="exampleInputEmail1">Select your authentication level</label>
@Html.DropDownListFor(model => model.AuthenticationLevel, Model.AuthenticationLevels, new { Class = "form-control" })
</div>
<button type="submit" class="btn btn-primary">Sign in</button>
}

Expand Down

0 comments on commit 8fe22d0

Please sign in to comment.