Merge pull request #723 from bcgov/yj

ychung-mot · web-flow · commit 164493771058 · 2024-10-21T09:29:10.000-07:00
chore: bcsc
diff --git a/server/StrDss.Api/Authorization/ApiAuthorizeAttribute.cs b/server/StrDss.Api/Authorization/ApiAuthorizeAttribute.cs
@@ -1,7 +1,9 @@
 ﻿using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.Filters;
+using Microsoft.IdentityModel.Protocols.WsTrust;
 using StrDss.Common;
+using System.Security.Claims;
 
 namespace StrDss.Api.Authorization
 {
@@ -21,7 +23,8 @@ public void OnAuthorization(AuthorizationFilterContext context)
             _logger = loggerFactory.CreateLogger<StrDssLogger>();
 
             var user = context.HttpContext.User;
-            var username = user?.Identity?.Name ?? "Unknown";
+            var username = user?.FindFirst(ClaimTypes.NameIdentifier)?.Value ?? user?.FindFirst(ClaimTypes.Name)?.Value ?? "Unknown";
+
             var ipAddress = context.HttpContext.Connection.RemoteIpAddress;
             var ip = ipAddress == null ? "Unknown" : ipAddress.ToString();
 
@@ -39,33 +42,14 @@ public void OnAuthorization(AuthorizationFilterContext context)
             if (identityProviderNm == "" && clientId != "")
             {
                 identityProviderNm = StrDssIdProviders.Aps;
+                username = clientId;
             }
 
             var displayName = user.GetCustomClaim(StrDssClaimTypes.DisplayName);
             
-            string userId;
-            switch (identityProviderNm)
-            {
-                case StrDssIdProviders.Idir:
-                    userId = user.GetCustomClaim(StrDssClaimTypes.IdirUserGuid);
-                    break;
-                case StrDssIdProviders.BceidBusiness:
-                    userId = user.GetCustomClaim(StrDssClaimTypes.BceidUserGuid);
-                    break;
-                case StrDssIdProviders.StrDss:
-                    userId = user.GetCustomClaim(StrDssClaimTypes.StrDssUserGuid);
-                    break;
-                case StrDssIdProviders.Aps:
-                    userId = clientId;
-                    break;
-                default:
-                    userId = "Unknown";
-                    break;
-            }
-
             if (_permissions.Length == 0)
             {
-                _logger.LogInformation($"[AUTH] User '{userId}' is authorized to access {context.ActionDescriptor.DisplayName} from IP address {ip}.");
+                _logger.LogInformation($"[AUTH] User '{username}' is authorized to access {context.ActionDescriptor.DisplayName} from IP address {ip}.");
                 return;
             }
 
@@ -82,12 +66,12 @@ public void OnAuthorization(AuthorizationFilterContext context)
 
             if (!hasPermission)
             {
-                _logger.LogInformation($"[AUTH] User '{userId}' does not have permission to access {context.ActionDescriptor.DisplayName} from IP address {ip}.");
+                _logger.LogInformation($"[AUTH] User '{username}' does not have permission to access {context.ActionDescriptor.DisplayName} from IP address {ip}.");
                 context.Result = new UnauthorizedResult(); //401
                 return;
             }
 
-            _logger.LogInformation($"[AUTH] User '{userId}' is authorized to access {context.ActionDescriptor.DisplayName} from IP address {ip}.");
+            _logger.LogInformation($"[AUTH] User '{username}' is authorized to access {context.ActionDescriptor.DisplayName} from IP address {ip}.");
         }
     }
 }
diff --git a/server/StrDss.Data/Repositories/UserRepository.cs b/server/StrDss.Data/Repositories/UserRepository.cs
@@ -18,6 +18,7 @@ public interface IUserRepository
         Task<(UserDto? user, List<string> permissions)> GetUserAndPermissionsByDisplayNameAsync(string displayName);
         Task<UserDto?> GetUserById(long id);
         Task<UserDto?> GetUserByGuid(Guid guid);
+        Task<UserDto?> GetUserByCurrentUser();
         Task UpdateUserAsync(UserDto dto);
         Task UpdateUserAsync(UserUpdateDto dto);
         Task DenyAccessRequest(AccessRequestDenyDto dto);
@@ -186,6 +187,22 @@ public async Task CreateUserAsync(UserCreateDto dto)
             return _mapper.Map<UserDto>(entity);
         }
 
+        public async Task<UserDto?> GetUserByCurrentUser()
+        {
+            DssUserIdentity? entity;
+
+            if (_currentUser.IsBcServicesCard)
+            {
+                entity = await _dbSet.AsNoTracking().FirstOrDefaultAsync(x => x.ExternalIdentityCd == _currentUser.ExternalIdentityCd);
+            }
+            else
+            {
+                entity = await _dbSet.AsNoTracking().FirstOrDefaultAsync(x => x.UserGuid == _currentUser.UserGuid);
+            }
+
+            return _mapper.Map<UserDto>(entity);
+        }
+
         public async Task UpdateUserAsync(UserDto dto)
         {
             var entity = await _dbSet.FirstAsync(x => x.UserIdentityId == dto.UserIdentityId);
diff --git a/server/StrDss.Model/CurrentUser.cs b/server/StrDss.Model/CurrentUser.cs
@@ -69,8 +69,8 @@ public void LoadUserSession(ClaimsPrincipal user)
             FirstName = textInfo.ToTitleCase(user.GetCustomClaim(ClaimTypes.GivenName));
             LastName = textInfo.ToTitleCase(user.GetCustomClaim(ClaimTypes.Surname));
             DisplayName = user.GetCustomClaim(StrDssClaimTypes.DisplayName);
-            ExternalIdentityCd = user.GetCustomClaim(StrDssClaimTypes.Sub);
-            IsBcServicesCard = ExternalIdentityCd == Environment.GetEnvironmentVariable("SSO_CLIENT");
+            ExternalIdentityCd = user.FindFirst(ClaimTypes.NameIdentifier)?.Value;
+            IsBcServicesCard = IdentityProviderNm == Environment.GetEnvironmentVariable("SSO_CLIENT");
 
             switch (IdentityProviderNm)
             {
diff --git a/server/StrDss.Service/UserService.cs b/server/StrDss.Service/UserService.cs
@@ -147,7 +147,7 @@ public async Task<Dictionary<string, List<string>>> CreateAccessRequestAsync(Acc
 
             _unitOfWork.Commit();
 
-            var user = await _userRepo.GetUserByGuid(_currentUser.UserGuid);
+            var user = await _userRepo.GetUserByCurrentUser();
 
             var adminUsers = await _userRepo.GetAdminUsers();
 
@@ -197,7 +197,7 @@ public async Task<Dictionary<string, List<string>>> CreateAccessRequestAsync(Acc
         {
             var errors = new Dictionary<string, List<string>>();
 
-            var userDto = await _userRepo.GetUserByGuid(_currentUser.UserGuid);
+            var userDto = await _userRepo.GetUserByCurrentUser();
             if (userDto != null)
             {
                 if (userDto.AccessRequestStatusCd == AccessRequestStatuses.Requested)

Original file line number	Diff line number	Diff line change
`@@ -147,7 +147,7 @@ public async Task<Dictionary<string, List<string>>> CreateAccessRequestAsync(Acc`
`147`	`147`
`148`	`148`	`_unitOfWork.Commit();`
`149`	`149`
`150`		`- var user = await _userRepo.GetUserByGuid(_currentUser.UserGuid);`
	`150`	`+ var user = await _userRepo.GetUserByCurrentUser();`
`151`	`151`
`152`	`152`	`var adminUsers = await _userRepo.GetAdminUsers();`
`153`	`153`
`@@ -197,7 +197,7 @@ public async Task<Dictionary<string, List<string>>> CreateAccessRequestAsync(Acc`
`197`	`197`	`{`
`198`	`198`	`var errors = new Dictionary<string, List<string>>();`
`199`	`199`
`200`		`- var userDto = await _userRepo.GetUserByGuid(_currentUser.UserGuid);`
	`200`	`+ var userDto = await _userRepo.GetUserByCurrentUser();`
`201`	`201`	`if (userDto != null)`
`202`	`202`	`{`
`203`	`203`	`if (userDto.AccessRequestStatusCd == AccessRequestStatuses.Requested)`