From 8fe22d0c50b3dbf563a71c9e14fc9183a367949b Mon Sep 17 00:00:00 2001 From: Ivar Nesje Date: Thu, 10 Feb 2022 08:55:57 +0100 Subject: [PATCH] Auth level localtest (#8023) * Make Authentication level selectable in LocalTest * Get correct authLevel from app if LocalAppMode == "http" --- src/Controllers/HomeController.cs | 65 ++++++++++++++++++++++++++++--- src/Models/StartAppModel.cs | 10 +++++ src/Views/Home/Index.cshtml | 6 ++- 3 files changed, 74 insertions(+), 7 deletions(-) diff --git a/src/Controllers/HomeController.cs b/src/Controllers/HomeController.cs index 557ef2c3..736d34ab 100644 --- a/src/Controllers/HomeController.cs +++ b/src/Controllers/HomeController.cs @@ -6,6 +6,7 @@ using System.Net.Http; using System.Threading.Tasks; using System.Security.Claims; +using System.Xml; using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Authorization; @@ -15,20 +16,16 @@ using AltinnCore.Authentication.Constants; using Altinn.Platform.Profile.Models; -using Altinn.Platform.Storage.Repository; using Altinn.Platform.Storage.Interface.Models; using LocalTest.Configuration; using LocalTest.Models; using LocalTest.Services.Authentication.Interface; using LocalTest.Services.Profile.Interface; -using LocalTest.Services.Localtest.Interface; using LocalTest.Services.LocalApp.Interface; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Authentication.Cookies; -using System.Text; -using Newtonsoft.Json; namespace LocalTest.Controllers { @@ -71,6 +68,8 @@ public async Task Index() model.AppPath = _localPlatformSettings.AppRepositoryBasePath; model.StaticTestDataPath = _localPlatformSettings.LocalTestingStaticTestDataPath; model.LocalAppUrl = _localPlatformSettings.LocalAppUrl; + var defaultAuthLevel = _localPlatformSettings.LocalAppMode == "http" ? await GetAppAuthLevel(model.TestApps.First().Value) : 2; + model.AuthenticationLevels = GetAuthenticationLevels(defaultAuthLevel); if (!model.TestApps?.Any() ?? true) { @@ -112,7 +111,7 @@ public async Task LogInTestUser(StartAppModel startAppModel) claims.Add(new Claim(AltinnCoreClaimTypes.UserId, profile.UserId.ToString(), ClaimValueTypes.String, issuer)); claims.Add(new Claim(AltinnCoreClaimTypes.UserName, profile.UserName, ClaimValueTypes.String, issuer)); claims.Add(new Claim(AltinnCoreClaimTypes.PartyID, profile.PartyId.ToString(), ClaimValueTypes.Integer32, issuer)); - claims.Add(new Claim(AltinnCoreClaimTypes.AuthenticationLevel, "2", ClaimValueTypes.Integer32, issuer)); + claims.Add(new Claim(AltinnCoreClaimTypes.AuthenticationLevel, startAppModel.AuthenticationLevel, ClaimValueTypes.Integer32, issuer)); ClaimsIdentity identity = new ClaimsIdentity(_generalSettings.GetClaimsIdentity); identity.AddClaims(claims); @@ -225,8 +224,62 @@ private async Task> GetTestUsersForList() return userItems; } + private async Task GetAppAuthLevel(string appId) + { + try { + var policyString = await _localApp.GetXACMLPolicy(appId); + var document = new XmlDocument(); + document.LoadXml(policyString); + var nsMngr = new XmlNamespaceManager(document.NameTable); + nsMngr.AddNamespace("xacml", "urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"); + var authLevelNode = document.SelectSingleNode("/xacml:Policy/xacml:ObligationExpressions/xacml:ObligationExpression[@ObligationId='urn:altinn:obligation:authenticationLevel1']/xacml:AttributeAssignmentExpression[@Category='urn:altinn:minimum-authenticationlevel']/xacml:AttributeValue", nsMngr); + return int.Parse(authLevelNode.InnerText); + } + catch(Exception) + { + // Return default auth level if app auth level can't be found. + return 2; + } + } + + private List GetAuthenticationLevels(int defaultAuthLevel) + { + return new() + { + new() + { + Value = "0", + Text = "Nivå 0", + Selected = defaultAuthLevel == 0 + }, + new() + { + Value = "1", + Text = "Nivå 1", + Selected = defaultAuthLevel == 1 + }, + new() + { + Value = "2", + Text = "Nivå 2", + Selected = defaultAuthLevel == 2 + }, + new() + { + Value = "3", + Text = "Nivå 3", + Selected = defaultAuthLevel == 3 + }, + new() + { + Value = "4", + Text = "Nivå 4", + Selected = defaultAuthLevel == 4 + }, + }; + } - private async Task> GetAppsList() + private async Task> GetAppsList() { var applications = await _localApp.GetApplications(); return applications.Select((kv) => GetSelectItem(kv.Value, kv.Key)).ToList(); diff --git a/src/Models/StartAppModel.cs b/src/Models/StartAppModel.cs index 8904e7b9..e7b67fd8 100644 --- a/src/Models/StartAppModel.cs +++ b/src/Models/StartAppModel.cs @@ -64,6 +64,11 @@ public class StartAppModel /// public string AppPathSelection { get; set; } + /// + /// Authentication level for the test user + /// + public string AuthenticationLevel { get; set; } + /// /// List of TestUsers for dropdown /// @@ -73,5 +78,10 @@ public class StartAppModel /// List of selectable Apps for dropdown /// public IEnumerable TestApps { get; set; } + + /// + /// List of possible authentication levels + /// + public IEnumerable AuthenticationLevels { get; set; } } } diff --git a/src/Views/Home/Index.cshtml b/src/Views/Home/Index.cshtml index a85e4519..64d41484 100644 --- a/src/Views/Home/Index.cshtml +++ b/src/Views/Home/Index.cshtml @@ -3,7 +3,7 @@ ViewData["Title"] = "Altinn Studio Local Testing"; } -@{ +@{ if (Model.HttpException != null) { +
+ + @Html.DropDownListFor(model => model.AuthenticationLevel, Model.AuthenticationLevels, new { Class = "form-control" }) +
}