#pragma warning disable CA1054 // Uri parameters should not be strings: We don't want Uri throwing exceptions here, we'd rather have invalid returnURls thrown around.
public IntegrationsController(
UserManager <WCAUser> userManager,
IMediator mediator,
IOptions <WCACoreSettings> settingsAccessor,
IHttpClientFactory httpClientFactory,
WCASignInManager signInManager,
IClock clock,
IExtendedPexaService pEXAService,
IActionstepService actionstepService,
IGlobalXService globalXService)
{
if (settingsAccessor is null)
{
throw new ArgumentNullException(nameof(settingsAccessor));
}
_userManager = userManager;
_mediator = mediator;
_httpClientFactory = httpClientFactory;
_actionstepSettings = settingsAccessor.Value.ActionstepSettings;
_pexaSettings = settingsAccessor.Value.PEXASettings;
_globalXOptions = settingsAccessor.Value.GlobalXOptions;
_signInManager = signInManager;
_clock = clock;
_pEXAService = pEXAService;
_actionstepService = actionstepService;
_globalXService = globalXService;
}
public void NoErrorsIfNoNameAvailable()
{
var claimsPrincipal = new ClaimsPrincipal();
var user = new WCAUser();
WCASignInManager.SetFirstAndLastNameIfMissing(user, claimsPrincipal, NullLogger.Instance);
Assert.Null(user.FirstName);
Assert.Null(user.LastName);
}
public void NameIsSetWithSingleWord()
{
const string firstName = "Name";
var identity = new ClaimsIdentity();
identity.AddClaim(new Claim(ActionstepJwtClaimTypes.Name, firstName));
var claimsPrincipal = new ClaimsPrincipal(identity);
var user = new WCAUser();
WCASignInManager.SetFirstAndLastNameIfMissing(user, claimsPrincipal, NullLogger.Instance);
Assert.Equal(firstName, user.FirstName);
Assert.Null(user.LastName);
}
public void NameIsSetWithTwoThreeWords()
{
const string firstName = "Firstname";
const string middleName = "Middlename";
const string lastName = "Lastname";
var identity = new ClaimsIdentity();
identity.AddClaim(new Claim(ActionstepJwtClaimTypes.Name, $"{firstName} {middleName} {lastName}"));
var claimsPrincipal = new ClaimsPrincipal(identity);
var user = new WCAUser();
WCASignInManager.SetFirstAndLastNameIfMissing(user, claimsPrincipal, NullLogger.Instance);
Assert.Equal(firstName, user.FirstName);
Assert.Equal(lastName, user.LastName);
}
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddApplicationInsightsTelemetry(options => { options.DeveloperMode = _env.IsDevelopment(); });
Trace.TraceInformation("WCA Startup: Entering ConfigureServices");
services.AddFeatureManagement()
.AddFeatureFilter <OrgKeyFilter>()
.AddFeatureFilter <UserFilter>();
services.AddOptions();
services.AddLogging();
services.Configure <AppSettings>(Configuration);
services.Configure <ActionstepSettings>(Configuration.GetSection(nameof(WCACoreSettings)).GetSection(nameof(ActionstepSettings)));
services.Configure <GlobalXOptions>(Configuration.GetSection(nameof(WCACoreSettings)).GetSection(nameof(GlobalXOptions)));
appSettings = Configuration.Get <AppSettings>();
services.AddWCACore(o =>
{
o.Configuration = Configuration;
o.AutoMapperProfileAssemblyMarkerTypes.Add(typeof(WebAutoMapperProfile));
o.IsDevelopment = _env.IsDevelopment();
});
AddWCADataProtection(services, appSettings.WCACoreSettings);
services.AddScoped <WCADbContextTransactionFilter>();
// Use a custom signin manager that automatically persists external login information
services.AddScoped <SignInManager <WCAUser>, WCASignInManager>();
services.AddScoped <WCASignInManager>();
services.AddMvc(options =>
{
// Require authorization across the application
var authorizePolicy = new AuthorizationPolicyBuilder(
IdentityConstants.ApplicationScheme,
"ActionstepJwt")
.RequireAuthenticatedUser()
.Build();
options.Filters.Add(new AuthorizeFilter(authorizePolicy));
options.Filters.Add <AutoValidateAntiforgeryTokenAttribute>();
options.Filters.Add <ApiExceptionFilter>();
})
.AddNewtonsoftJson(options => {
options.SerializerSettings.Converters.Add(new StringEnumConverter());
})
.AddFluentValidation(options =>
{
options.RegisterValidatorsFromAssemblyContaining <AddOrUpdateActionstepCredential.ValidatorCollection>();
});
// Swagger currently only to be used in development. Further work
// is required to clean this up before we expose documentation publicly.
services.AddSwaggerDocument(config =>
{
config.DocumentName = "v0.1";
config.PostProcess = document =>
{
document.Info.Version = "v0.1";
document.Info.Title = "WorkCloud API";
document.Info.Description = "WorkCloud integrations and services.";
document.Info.Contact = new NSwag.OpenApiContact
{
Name = "WorkCloud Support",
Email = "*****@*****.**",
Url = "https://www.workcloud.support/"
};
};
});
services.AddRazorPages(options =>
{
options.Conventions.AuthorizeAreaFolder("Admin", "/", AllowAdminSitePolicyName);
});
// Add application services.
// TODO: Refactor AccountController stuff to use SendGrid, or
// implement IEmailSender and ISmsSender
// services.AddTransient<IEmailSender, AuthMessageSender>();
// services.AddTransient<ISmsSender, AuthMessageSender>();
// Configure authentication middleware
services.AddIdentity <WCAUser, IdentityRole>(options =>
{
options.User.RequireUniqueEmail = true;
options.ClaimsIdentity.UserIdClaimType = "KonektaUserID";
})
.AddEntityFrameworkStores <WCADbContext>();
services.ConfigureActionstepJwtOptions()
.Configure <ILogger <WCASignInManager> >((options, logger) =>
{
options.Audience = appSettings.WCACoreSettings.ActionstepSettings.ValidTokenAudience;
options.Events.OnTokenValidated = context => WCASignInManager.SignInWithActionstepJwt(context, logger);
});
services.ConfigureActionstepLoginOptions();
services.ConfigureApplicationCookie(o =>
{
const int days = 30;
o.SlidingExpiration = true;
var validCookieTime = new TimeSpan(days, 0, 0, 0, 0);
o.Cookie.MaxAge = validCookieTime;
o.ExpireTimeSpan = validCookieTime;
o.LoginPath = new PathString("/Identity/Account/Login");
o.LogoutPath = new PathString("/Identity/Account/Logout");
o.AccessDeniedPath = new PathString("/Identity/Account/AccessDenied");
o.Cookie.SecurePolicy = CookieSecurePolicy.Always;
// SameSite must be none so that it works in the Actionstep iframe.
o.Cookie.SameSite = SameSiteMode.None;
});
services.AddAuthentication(IdentityConstants.ApplicationScheme)
.AddActionstepJwt()
.AddActionstepLogin();
services.AddAuthorization(options =>
{
options.AddPolicy(AllowAdminSitePolicyName, policy =>
policy.RequireRole(
SecurityRoles.AllowAdminSite.ToString(),
SecurityRoles.GlobalAdministrator.ToString()));
});
// Add application services.
services.AddTransient <IStampDutyService, StampDutyService>();
// Configure antiforgery to accept token in header
services.AddAntiforgery(options =>
{
options.HeaderName = "X-XSRF-Token";
options.SuppressXFrameOptionsHeader = true;
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
// Also check Origin header?
// SameSite must be none so that it works in the Actionstep iframe.
options.Cookie.SameSite = SameSiteMode.None;
});
services.AddCors();
#pragma warning disable CA2000 // Dispose objects before losing scope: Not disposing because this is added as a singleton
services.AddSingleton(typeof(IConverter), new SynchronizedConverter(new PdfTools()));
#pragma warning restore CA2000 // Dispose objects before losing scope
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_3_0);
services.AddSpaStaticFiles(configuration =>
{
configuration.RootPath = "client-app/build";
});
Trace.TraceInformation("WCA Startup: Leaving ConfigureServices");
}
