AltinnTestTools/TokenGenerator/GetPersonalToken.cs at 22b24d53f0535072198d62b3d814d32341205f0c · Altinn/AltinnTestTools · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
using System;
using System.Linq;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Azure.WebJobs;
using Microsoft.Azure.WebJobs.Extensions.Http;
using Microsoft.AspNetCore.Http;
using System.Threading.Tasks;
using Microsoft.Extensions.Options;
using TokenGenerator.Services.Interfaces;
using System.Threading;

namespace TokenGenerator;

public class GetPersonalToken
{
    private readonly IToken tokenHelper;
    private readonly IRequestValidator requestValidator;
    private readonly IAuthorization authorization;
    private readonly IRandomIdentifier randomIdentifier;
    private readonly IRegisterService registerService;
    private readonly Settings settings;

    public GetPersonalToken(IToken tokenHelper, IRequestValidator requestValidator, IAuthorization authorization, IRandomIdentifier randomIdentifier, IRegisterService registerService, IOptions<Settings> settings)
    {
        this.tokenHelper = tokenHelper;
        this.requestValidator = requestValidator;
        this.authorization = authorization;
        this.randomIdentifier = randomIdentifier;
        this.registerService = registerService;
        this.settings = settings.Value;
    }

    [FunctionName(nameof(GetPersonalToken))]
    public async Task<ActionResult> Run([HttpTrigger(AuthorizationLevel.Anonymous, "get", Route = null)] HttpRequest req)
    {
        using var cancellationSource = CancellationTokenSource.CreateLinkedTokenSource(req.HttpContext.RequestAborted);
        ActionResult failedAuthorizationResult = await authorization.Authorize(settings.AuthorizedScopePersonal);
        if (failedAuthorizationResult != null)
        {
            return failedAuthorizationResult;
        }

        requestValidator.ValidateQueryParam("env", true, tokenHelper.IsValidEnvironment, out string env);
        requestValidator.ValidateQueryParam("scopes", false, tokenHelper.TryParseScopes, out string[] scopes, new[] { "altinn:enduser" });
        requestValidator.ValidateQueryParam("userId", false, uint.TryParse, out uint userId);
        requestValidator.ValidateQueryParam("partyId", false, uint.TryParse, out uint partyId);
        requestValidator.ValidateQueryParam("pid", false, tokenHelper.IsValidPid, out string pid);
        requestValidator.ValidateQueryParam("bulkCount", false, uint.TryParse, out uint bulkCount);
        requestValidator.ValidateQueryParam("authLvl", false, tokenHelper.IsValidAuthLvl, out string authLvl, "3");
        requestValidator.ValidateQueryParam("consumerOrgNo", false, tokenHelper.IsValidPidOrOrgNo, out string consumerOrgNo, "991825827");
        requestValidator.ValidateQueryParam("partyuuid", false, Guid.TryParse, out Guid partyUuid);
        requestValidator.ValidateQueryParam("userName", false, tokenHelper.IsValidIdentifier, out string userName, "");
        requestValidator.ValidateQueryParam("clientAmr", false, tokenHelper.IsValidIdentifier, out string clientAmr, "virksomhetssertifikat");
        requestValidator.ValidateQueryParam<uint>("ttl", false, uint.TryParse, out uint ttl, 1800);
        requestValidator.ValidateQueryParam("delegationSource", false, tokenHelper.IsValidUri, out string delegationSource);
        requestValidator.ValidateQueryParam("getEnvIds", false, bool.TryParse, out bool getEnvIds);

        if (requestValidator.GetErrors().Count > 0)
        {
             return new BadRequestObjectResult(requestValidator.GetErrors());
        }

        if (bulkCount > 0)
        {
            var randomList = randomIdentifier.GetRandomPersonalIdentifiers(bulkCount);
            var tokenList = await tokenHelper.GetTokenList(randomList, async randomPid =>
                await tokenHelper.GetPersonalToken(req, env, scopes, userId, partyId, randomPid, authLvl, consumerOrgNo, userName, clientAmr, ttl, delegationSource, partyUuid));

            return new OkObjectResult(tokenList);
        }

        if (getEnvIds)
        {
            if (!settings.EnvPlatformSubscriptionKeyDict.TryGetValue(env, out string subscriptionKey))
            {
                return new BadRequestObjectResult($"No subscription key configured for environment: {env}");
            }

            if (string.IsNullOrWhiteSpace(pid))
            {
                return new BadRequestObjectResult("pid is required when getEnvIds is true.");
            }

            var platformAccessToken = await tokenHelper.GetPlatformAccessToken(env, settings.PlatformAccessTokenIssuerName, 300);
            var result = await registerService.GetEnvironmentIdentifiers(env, pid, platformAccessToken, subscriptionKey, cancellationSource.Token);
            if (!result.Success)
            {
                return new BadRequestObjectResult("Could not retrieve environment identifiers. Check that the pid is valid for the specified environment.");
            }

            userId = result.Party.User.UserId;
            userName = result.Party.User.Username;
            partyId = result.Party.PartyId;
            partyUuid = result.Party.Uuid;
        }

        pid ??= randomIdentifier.GetRandomPersonalIdentifiers(1).First();
        string token = await tokenHelper.GetPersonalToken(req, env, scopes, userId, partyId, pid, authLvl, consumerOrgNo, userName, clientAmr, ttl, delegationSource, partyUuid);

        if (!string.IsNullOrEmpty(req.Query["dump"]))
        {
            return new OkObjectResult(tokenHelper.Dump(token));
        }

        return new OkObjectResult(token);
    }
}