Merge branch 'main' into VFD-289-aurora-rds-postgresql-serverless-v-2-pystytys

Author: lsipii

VirtualFinland.UserAPI/src/VirtualFinland.UsersAPI/Helpers/Configurations/IIdentityProviderConfig.cs

@@ -8,21 +8,6 @@ public static void ValidateServer(IConfiguration configuration)
     {
         var validationExceptions = new List<string>();
 
-        if (string.IsNullOrEmpty(configuration["Testbed:OpenIDConfigurationURL"]))
-        {
-            validationExceptions.Add("Testbed:OpenIDConfigurationURL is missing");
-        }
-
-        if (string.IsNullOrEmpty(configuration["Sinuna:OpenIDConfigurationURL"]))
-        {
-            validationExceptions.Add("Sinuna:OpenIDConfigurationURL is missing");
-        }
-
-        if (string.IsNullOrEmpty(configuration["SuomiFi:AuthorizationJwksJsonUrl"]))
-        {
-            validationExceptions.Add("SuomiFi:AuthorizationJwksJsonUrl is missing");
-        }
-
         if (string.IsNullOrEmpty(configuration["CodesetApiBaseUrl"]))
         {
             validationExceptions.Add("CodesetApiBaseUrl is missing");

VirtualFinland.UserAPI/src/VirtualFinland.UsersAPI/Helpers/Configurations/ServerConfigurationValidation.cs

@@ -10,10 +10,6 @@ public static class Web
 
     public static class Security
     {
-        public static string TestBedBearerScheme => "DefaultTestBedBearerScheme";
-        public static string SuomiFiBearerScheme => "SuomiFiBearerScheme";
-        public static string SinunaScheme => "SinunaScheme";
-        public static string AllPoliciesPolicy => "AllPolicies";
         public static string ResolvePolicyFromTokenIssuer => "ResolvePolicyFromTokenIssuer";
     }
 

VirtualFinland.UserAPI/src/VirtualFinland.UsersAPI/Helpers/Configurations/SinunaIdentityProviderConfig.cs

@@ -1,3 +1,5 @@
+using VirtualFinland.UserAPI.Security.Models;
+
 namespace VirtualFinland.UserAPI.Helpers.Services;
 
 public class AuthenticationService
@@ -16,9 +18,9 @@ public AuthenticationService(UserSecurityService userSecurityService)
         return person.Id;
     }
 
-    public UserSecurityService.JWTTokenResult ParseAuthenticationHeader(HttpRequest httpRequest)
+    public JwtTokenResult ParseAuthenticationHeader(HttpRequest httpRequest)
     {
         var token = httpRequest.Headers.Authorization.ToString().Replace("Bearer ", string.Empty);
-        return _userSecurityService.ParseJWTToken(token);
+        return _userSecurityService.ParseJwtToken(token);
     }
 }

VirtualFinland.UserAPI/src/VirtualFinland.UsersAPI/Helpers/Configurations/TestBedIdentityProviderConfig.cs

@@ -5,7 +5,7 @@
 using System.Text.Json.Serialization;
 using Microsoft.IdentityModel.Tokens;
 using VirtualFinland.UserAPI.Exceptions;
-using VirtualFinland.UserAPI.Helpers.Configurations;
+using VirtualFinland.UserAPI.Security.Configurations;
 
 namespace VirtualFinland.UserAPI.Helpers.Services;
 

VirtualFinland.UserAPI/src/VirtualFinland.UsersAPI/Helpers/Constants.cs

@@ -1,7 +1,7 @@
-using System.IdentityModel.Tokens.Jwt;
 using Microsoft.EntityFrameworkCore;
 using VirtualFinland.UserAPI.Data;
 using VirtualFinland.UserAPI.Exceptions;
+using VirtualFinland.UserAPI.Security.Models;
 using VirtualFinland.UserAPI.Models.UsersDatabase;
 
 namespace VirtualFinland.UserAPI.Helpers.Services;
@@ -10,11 +10,13 @@ public class UserSecurityService
 {
     private readonly UsersDbContext _usersDbContext;
     private readonly ILogger<UserSecurityService> _logger;
+    private readonly IApplicationSecurity _applicationSecurity;
 
-    public UserSecurityService(UsersDbContext usersDbContext, ILogger<UserSecurityService> logger)
+    public UserSecurityService(UsersDbContext usersDbContext, ILogger<UserSecurityService> logger, IApplicationSecurity applicationSecurity)
     {
         _usersDbContext = usersDbContext;
         _logger = logger;
+        _applicationSecurity = applicationSecurity;
     }
 
     /// <summary>
@@ -25,7 +27,7 @@ public UserSecurityService(UsersDbContext usersDbContext, ILogger<UserSecuritySe
     /// <exception cref="NotAuthorizedException">If user id and the issuer are not found in the DB for any given user, this is not a valid user within the users database.</exception>
     public async Task<Person> VerifyAndGetAuthenticatedUser(string token)
     {
-        var jwtTokenResult = ParseJWTToken(token);
+        var jwtTokenResult = ParseJwtToken(token);
 
         try
         {
@@ -42,46 +44,8 @@ public async Task<Person> VerifyAndGetAuthenticatedUser(string token)
     /// <summary>
     /// Parses the JWT token and returns the issuer and the user id
     /// </summary>
-    public JWTTokenResult ParseJWTToken(string token)
+    public JwtTokenResult ParseJwtToken(string token)
     {
-        if (string.IsNullOrEmpty(token))
-        {
-            throw new NotAuthorizedException("No token provided");
-        }
-
-        var issuer = GetTokenIssuer(token);
-        var userId = GetTokenUserId(token);
-
-        if (userId == null || issuer == null)
-        {
-            throw new NotAuthorizedException("The given token is not valid");
-        }
-        return new JWTTokenResult() { UserId = userId, Issuer = issuer };
-    }
-
-    private static string? GetTokenUserId(string token)
-    {
-        var tokenHandler = new JwtSecurityTokenHandler();
-
-        if (!tokenHandler.CanReadToken(token))
-        {
-            return string.Empty;
-        }
-
-        var jwtSecurityToken = tokenHandler.ReadJwtToken(token);
-        return string.IsNullOrEmpty(jwtSecurityToken.Subject) ? jwtSecurityToken.Claims.FirstOrDefault(o => o.Type == "userId")?.Value : jwtSecurityToken.Subject;
-    }
-
-    private static string? GetTokenIssuer(string token)
-    {
-        var tokenHandler = new JwtSecurityTokenHandler();
-        var canReadToken = tokenHandler.CanReadToken(token);
-        return canReadToken ? tokenHandler.ReadJwtToken(token).Issuer : string.Empty;
-    }
-
-    public class JWTTokenResult
-    {
-        public string? UserId { get; set; }
-        public string? Issuer { get; set; }
+        return _applicationSecurity.ParseJwtToken(token);
     }
 }