/// <inheritdoc /> public void LogExecuting(HttpContext httpContext, IClaimsExtractor claimsExtractor) { EnsureArg.IsNotNull(claimsExtractor, nameof(claimsExtractor)); EnsureArg.IsNotNull(httpContext, nameof(httpContext)); Log(AuditAction.Executing, statusCode: null, httpContext, claimsExtractor); }
/// <inheritdoc /> public void LogExecuted(HttpContext httpContext, IClaimsExtractor claimsExtractor) { EnsureArg.IsNotNull(claimsExtractor, nameof(claimsExtractor)); EnsureArg.IsNotNull(httpContext, nameof(httpContext)); Log(AuditAction.Executed, (HttpStatusCode)httpContext.Response.StatusCode, httpContext, claimsExtractor); }
/// <summary> /// Initializes a new instance of the <see cref="ResourceWrapperFactory"/> class. /// </summary> /// <param name="rawResourceFactory">The raw resource factory.</param> /// <param name="fhirRequestContextAccessor">The FHIR request context accessor.</param> /// <param name="searchIndexer">The search indexer used to generate search indices.</param> /// <param name="claimsExtractor">The claims extractor used to extract claims.</param> /// <param name="compartmentIndexer">The compartment indexer.</param> /// <param name="searchParameterDefinitionManager"> The search parameter definition manager.</param> /// <param name="resourceDeserializer">Resource deserializer</param> public ResourceWrapperFactory( IRawResourceFactory rawResourceFactory, IFhirRequestContextAccessor fhirRequestContextAccessor, ISearchIndexer searchIndexer, IClaimsExtractor claimsExtractor, ICompartmentIndexer compartmentIndexer, ISearchParameterDefinitionManager searchParameterDefinitionManager, IResourceDeserializer resourceDeserializer) { EnsureArg.IsNotNull(rawResourceFactory, nameof(rawResourceFactory)); EnsureArg.IsNotNull(searchIndexer, nameof(searchIndexer)); EnsureArg.IsNotNull(fhirRequestContextAccessor, nameof(fhirRequestContextAccessor)); EnsureArg.IsNotNull(claimsExtractor, nameof(claimsExtractor)); EnsureArg.IsNotNull(compartmentIndexer, nameof(compartmentIndexer)); EnsureArg.IsNotNull(searchParameterDefinitionManager, nameof(searchParameterDefinitionManager)); EnsureArg.IsNotNull(resourceDeserializer, nameof(resourceDeserializer)); _rawResourceFactory = rawResourceFactory; _searchIndexer = searchIndexer; _fhirRequestContextAccessor = fhirRequestContextAccessor; _claimsExtractor = claimsExtractor; _compartmentIndexer = compartmentIndexer; _searchParameterDefinitionManager = searchParameterDefinitionManager; _resourceDeserializer = resourceDeserializer; }
public AuditLoggingFilterAttribute(IClaimsExtractor claimsExtractor, IAuditHelper auditHelper) { EnsureArg.IsNotNull(claimsExtractor, nameof(claimsExtractor)); EnsureArg.IsNotNull(auditHelper, nameof(auditHelper)); _claimsExtractor = claimsExtractor; _auditHelper = auditHelper; }
/// <inheritdoc /> public void LogExecuted(HttpContext httpContext, IClaimsExtractor claimsExtractor) { EnsureArg.IsNotNull(claimsExtractor, nameof(claimsExtractor)); EnsureArg.IsNotNull(httpContext, nameof(httpContext)); string resourceType = _fhirRequestContextAccessor.FhirRequestContext.ResourceType; Log(AuditAction.Executed, (HttpStatusCode)httpContext.Response.StatusCode, resourceType, httpContext, claimsExtractor); }
public CreateExportRequestHandler(IClaimsExtractor claimsExtractor, IFhirOperationDataStore fhirOperationDataStore, IFhirAuthorizationService authorizationService) { EnsureArg.IsNotNull(claimsExtractor, nameof(claimsExtractor)); EnsureArg.IsNotNull(fhirOperationDataStore, nameof(fhirOperationDataStore)); EnsureArg.IsNotNull(authorizationService, nameof(authorizationService)); _claimsExtractor = claimsExtractor; _fhirOperationDataStore = fhirOperationDataStore; _authorizationService = authorizationService; }
public CreateExportRequestHandler(IClaimsExtractor claimsExtractor, IFhirOperationDataStore fhirOperationDataStore, ISecretStore secretStore) { EnsureArg.IsNotNull(claimsExtractor, nameof(claimsExtractor)); EnsureArg.IsNotNull(fhirOperationDataStore, nameof(fhirOperationDataStore)); EnsureArg.IsNotNull(secretStore, nameof(secretStore)); _claimsExtractor = claimsExtractor; _fhirOperationDataStore = fhirOperationDataStore; _secretStore = secretStore; }
/// <summary> /// Logs an executed audit entry for the current operation. /// </summary> /// <param name="httpContext">The HTTP context.</param> /// <param name="claimsExtractor">The extractor used to extract claims.</param> /// <param name="shouldCheckForAuthXFailure">Only emit LogExecuted messages if this is an authentication error (401), since others would already have been logged.</param> public void LogExecuted(HttpContext httpContext, IClaimsExtractor claimsExtractor, bool shouldCheckForAuthXFailure = false) { EnsureArg.IsNotNull(claimsExtractor, nameof(claimsExtractor)); EnsureArg.IsNotNull(httpContext, nameof(httpContext)); var responseStatusCode = (HttpStatusCode)httpContext.Response.StatusCode; if (!shouldCheckForAuthXFailure || responseStatusCode == HttpStatusCode.Unauthorized) { Log(AuditAction.Executed, responseStatusCode, httpContext, claimsExtractor); } }
public AuditMiddleware( RequestDelegate next, IClaimsExtractor claimsExtractor, IAuditHelper auditHelper) { EnsureArg.IsNotNull(next, nameof(next)); EnsureArg.IsNotNull(claimsExtractor, nameof(claimsExtractor)); EnsureArg.IsNotNull(auditHelper, nameof(auditHelper)); _next = next; _claimsExtractor = claimsExtractor; _auditHelper = auditHelper; }
public CreateExportRequestHandler( IClaimsExtractor claimsExtractor, IFhirOperationDataStore fhirOperationDataStore, IFhirAuthorizationService authorizationService, IOptions <ExportJobConfiguration> exportJobConfiguration) { EnsureArg.IsNotNull(claimsExtractor, nameof(claimsExtractor)); EnsureArg.IsNotNull(fhirOperationDataStore, nameof(fhirOperationDataStore)); EnsureArg.IsNotNull(authorizationService, nameof(authorizationService)); EnsureArg.IsNotNull(exportJobConfiguration?.Value, nameof(exportJobConfiguration)); _claimsExtractor = claimsExtractor; _fhirOperationDataStore = fhirOperationDataStore; _authorizationService = authorizationService; _exportJobConfiguration = exportJobConfiguration.Value; }
public CreateReindexRequestHandler( IClaimsExtractor claimsExtractor, IFhirOperationDataStore fhirOperationDataStore, IFhirAuthorizationService authorizationService, IOptions <ReindexJobConfiguration> reindexJobConfiguration) { EnsureArg.IsNotNull(claimsExtractor, nameof(claimsExtractor)); EnsureArg.IsNotNull(fhirOperationDataStore, nameof(fhirOperationDataStore)); EnsureArg.IsNotNull(authorizationService, nameof(authorizationService)); EnsureArg.IsNotNull(reindexJobConfiguration, nameof(reindexJobConfiguration)); _claimsExtractor = claimsExtractor; _fhirOperationDataStore = fhirOperationDataStore; _authorizationService = authorizationService; _reindexJobConfiguration = reindexJobConfiguration.Value; }
public ResourceWrapperFactoryTests() { var serializer = new FhirJsonSerializer(); _rawResourceFactory = new RawResourceFactory(serializer); var dummyRequestContext = new FhirRequestContext( "POST", "https://localhost/Patient", "https://localhost/", Guid.NewGuid().ToString(), new Dictionary <string, StringValues>(), new Dictionary <string, StringValues>()); _fhirRequestContextAccessor = Substitute.For <RequestContextAccessor <IFhirRequestContext> >(); _fhirRequestContextAccessor.RequestContext.Returns(dummyRequestContext); _claimsExtractor = Substitute.For <IClaimsExtractor>(); _compartmentIndexer = Substitute.For <ICompartmentIndexer>(); _searchIndexer = Substitute.For <ISearchIndexer>(); _searchParameterDefinitionManager = Substitute.For <ISearchParameterDefinitionManager>(); _searchParameterDefinitionManager.GetSearchParameterHashForResourceType(Arg.Any <string>()).Returns("hash"); _resourceWrapperFactory = new ResourceWrapperFactory( _rawResourceFactory, _fhirRequestContextAccessor, _searchIndexer, _claimsExtractor, _compartmentIndexer, _searchParameterDefinitionManager, Deserializers.ResourceDeserializer); _nameSearchParameterInfo = new SearchParameterInfo("name", "name", ValueSets.SearchParamType.String, new Uri("https://localhost/searchParameter/name")) { SortStatus = SortParameterStatus.Enabled }; _addressSearchParameterInfo = new SearchParameterInfo("address-city", "address-city", ValueSets.SearchParamType.String, new Uri("https://localhost/searchParameter/address-city")) { SortStatus = SortParameterStatus.Enabled }; _ageSearchParameterInfo = new SearchParameterInfo("age", "age", ValueSets.SearchParamType.Number, new Uri("https://localhost/searchParameter/age")) { SortStatus = SortParameterStatus.Supported }; }
public BundleAwareJwtBearerHandler( IOptionsMonitor <JwtBearerOptions> options, ILoggerFactory logger, UrlEncoder encoder, ISystemClock clock, IBundleHttpContextAccessor bundleHttpContextAccessor, IAuditHelper auditHelper, IClaimsExtractor claimsExtractor) : base(options, logger, encoder, clock) { EnsureArg.IsNotNull(bundleHttpContextAccessor, nameof(bundleHttpContextAccessor)); EnsureArg.IsNotNull(auditHelper, nameof(auditHelper)); EnsureArg.IsNotNull(claimsExtractor, nameof(claimsExtractor)); _bundleHttpContextAccessor = bundleHttpContextAccessor; _auditHelper = auditHelper; _claimsExtractor = claimsExtractor; }
public BundleAwareJwtBearerHandlerTests() { var jwtBearerOptions = new JwtBearerOptions(); var options = Substitute.For <IOptionsMonitor <JwtBearerOptions> >(); options.CurrentValue.Returns(jwtBearerOptions); var logger = NullLoggerFactory.Instance; var encoder = UrlEncoder.Default; var dataProtection = Substitute.For <IDataProtectionProvider>(); var clock = Substitute.For <ISystemClock>(); _bundleHttpContextAccessor = Substitute.For <IBundleHttpContextAccessor>(); _httpContext = new DefaultHttpContext(); _auditHelper = Substitute.For <IAuditHelper>(); _claimsExtractor = Substitute.For <IClaimsExtractor>(); _bundleAwareJwtBearerHandler = new BundleAwareJwtBearerHandler(options, logger, encoder, dataProtection, clock, _bundleHttpContextAccessor, _auditHelper, _claimsExtractor); _bundleAwareJwtBearerHandler.InitializeAsync(new AuthenticationScheme("jwt", "jwt", typeof(BundleAwareJwtBearerHandler)), _httpContext); }
private void Log(AuditAction auditAction, string controllerName, string actionName, HttpStatusCode?statusCode, string resourceType, HttpContext httpContext, IClaimsExtractor claimsExtractor) { IFhirRequestContext fhirRequestContext = _fhirRequestContextAccessor.FhirRequestContext; // fhirRequestContext.AuditEventType will not be set in the case of an unauthorized call because the filter that sets it will not be executed string auditEventType = string.IsNullOrWhiteSpace(fhirRequestContext.AuditEventType) ? _auditEventTypeMapping.GetAuditEventType(controllerName, actionName) : fhirRequestContext.AuditEventType; // Audit the call if an audit event type is associated with the action. if (auditEventType != null) { _auditLogger.LogAudit( auditAction, operation: auditEventType, resourceType: resourceType, requestUri: fhirRequestContext.Uri, statusCode: statusCode, correlationId: fhirRequestContext.CorrelationId, callerIpAddress: httpContext.Connection?.RemoteIpAddress?.ToString(), callerClaims: claimsExtractor.Extract(), customHeaders: _auditHeaderReader.Read(httpContext)); } }
public AuditLoggingFilterAttribute( IClaimsExtractor claimsExtractor, IAuditHelper auditHelper) : base(claimsExtractor, auditHelper) { }
private void Log(AuditAction auditAction, HttpStatusCode?statusCode, HttpContext httpContext, IClaimsExtractor claimsExtractor) { IFhirRequestContext fhirRequestContext = _fhirRequestContextAccessor.RequestContext; string auditEventType = fhirRequestContext.AuditEventType; // We are retaining AuditEventType when CustomError occurs. Below check ensures that the audit log is not entered for the custom error request httpContext.Request.RouteValues.TryGetValue("action", out object actionName); if (!string.IsNullOrEmpty(actionName?.ToString()) && KnownRoutes.CustomError.Contains(actionName?.ToString(), StringComparison.OrdinalIgnoreCase)) { return; } // Audit the call if an audit event type is associated with the action. // Since AuditEventType holds value for both AuditEventType and FhirAnonymousOperationType ensure that we only log the AuditEventType if (!string.IsNullOrEmpty(auditEventType) && !FhirAnonymousOperationTypeList.Contains(auditEventType, StringComparer.OrdinalIgnoreCase)) { _auditLogger.LogAudit( auditAction, operation: auditEventType, resourceType: fhirRequestContext.ResourceType, requestUri: fhirRequestContext.Uri, statusCode: statusCode, correlationId: fhirRequestContext.CorrelationId, callerIpAddress: httpContext.Connection?.RemoteIpAddress?.ToString(), callerClaims: claimsExtractor.Extract(), customHeaders: _auditHeaderReader.Read(httpContext)); } }
private void Log(AuditAction auditAction, string controllerName, string actionName, HttpStatusCode?statusCode, string resourceType, HttpContext httpContext, IClaimsExtractor claimsExtractor) { string auditEventType = _auditEventTypeMapping.GetAuditEventType(controllerName, actionName); // Audit the call if an audit event type is associated with the action. if (auditEventType != null) { IFhirRequestContext fhirRequestContext = _fhirRequestContextAccessor.FhirRequestContext; _auditLogger.LogAudit( auditAction, operation: auditEventType, resourceType: resourceType, requestUri: fhirRequestContext.Uri, statusCode: statusCode, correlationId: fhirRequestContext.CorrelationId, callerIpAddress: httpContext.Connection?.RemoteIpAddress?.ToString(), callerClaims: claimsExtractor.Extract(), customHeaders: _auditHeaderReader.Read(httpContext)); } }
private void Log(AuditAction auditAction, HttpStatusCode?statusCode, HttpContext httpContext, IClaimsExtractor claimsExtractor) { IFhirRequestContext fhirRequestContext = _fhirRequestContextAccessor.FhirRequestContext; string auditEventType = fhirRequestContext.AuditEventType; // Audit the call if an audit event type is associated with the action. if (!string.IsNullOrEmpty(auditEventType)) { _auditLogger.LogAudit( auditAction, operation: auditEventType, resourceType: fhirRequestContext.ResourceType, requestUri: fhirRequestContext.Uri, statusCode: statusCode, correlationId: fhirRequestContext.CorrelationId, callerIpAddress: httpContext.Connection?.RemoteIpAddress?.ToString(), callerClaims: claimsExtractor.Extract(), customHeaders: _auditHeaderReader.Read(httpContext)); } }
/// <inheritdoc /> public void LogExecuting(string controllerName, string actionName, HttpContext httpContext, IClaimsExtractor claimsExtractor) { EnsureArg.IsNotNull(claimsExtractor, nameof(claimsExtractor)); EnsureArg.IsNotNull(httpContext, nameof(httpContext)); Log(AuditAction.Executing, controllerName, actionName, statusCode: null, resourceType: null, httpContext, claimsExtractor); }
/// <inheritdoc /> public void LogExecuted(string controllerName, string actionName, string responseResultType, HttpContext httpContext, IClaimsExtractor claimsExtractor) { EnsureArg.IsNotNull(claimsExtractor, nameof(claimsExtractor)); EnsureArg.IsNotNull(httpContext, nameof(httpContext)); Log(AuditAction.Executed, controllerName, actionName, (HttpStatusCode)httpContext.Response.StatusCode, responseResultType, httpContext, claimsExtractor); }