public static (bool Result, string PolicyName) AddHelseIdWebAuthentication(this IServiceCollection services,
IHelseIdWebKonfigurasjon helseIdKonfigurasjon,
IRedirectPagesKonfigurasjon redirectPagesKonfigurasjon,
IHprFeatureFlags hprKonfigurasjon,
IWhitelist whitelist,
IHelseIdSecretHandler?secretHandler = null)
{
if (!helseIdKonfigurasjon.AuthUse)
{
return(false, "");
}
services.AddScoped <IHprFactory, HprFactory>();
services.AddScoped <ICurrentUser, CurrentHttpUser>();
JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();
(var authorizeFilter, string policyName) = AddAuthentication(services, helseIdKonfigurasjon, redirectPagesKonfigurasjon, hprKonfigurasjon, whitelist, secretHandler);
services.AddControllers(config => config.Filters.Add(authorizeFilter));
if (helseIdKonfigurasjon.UseHprNumber)
{
services.AddScoped <IAuthorizationHandler, HprAuthorizationHandler>();
}
if (hprKonfigurasjon.UseHpr && hprKonfigurasjon.UseHprPolicy)
{
services.AddScoped <IAuthorizationHandler, HprGodkjenningAuthorizationHandler>();
}
return(true, policyName);
}
public Analyser(IParser accessLogParser, IWhitelist whitelist, IBlacklist blacklist, IFileSystem fileSystem)
{
_accessLogParser = accessLogParser;
_whitelist = whitelist;
_blacklist = blacklist;
_fileSystem = fileSystem;
}
private void OnTriggerEnter2D(Collider2D collision)
{
IWhitelist whitelisted = collision.GetComponent <IWhitelist>();
if (whitelisted == null)
{
Destroy(collision.gameObject);
}
}
public static void AddWhitelist(IWhitelist whitelist, string content)
{
if (blacklists.ContainsKey(whitelist.GetType().Name) == false)
{
whitelist.Initialize(content);
whitelist.UpdateWhitelist();
whitelists.Add(whitelist.GetType().Name, whitelist);
}
else
{
// update the whitelist
IWhitelist refr = whitelists[whitelist.GetType().Name] as IWhitelist;
refr.Initialize(content);
ListUpdateState updateState = refr.UpdateWhitelist();
if (updateState == ListUpdateState.Failed)
{
throw new InvalidOperationException(whitelist + " could not be updated.");
}
}
}
public HprAuthorizationHandler(IWhitelist whitelist, ILogger <HprAuthorizationHandler> logger)
{
this.whitelist = whitelist;
Logger = logger;
}
public HprGodkjenningAuthorizationHandler(IHprFactory hprFactory, IWhitelist whitelist, ILogger <HprGodkjenningAuthorizationHandler> logger)
{
this.whitelist = whitelist;
_hprFactory = hprFactory;
Logger = logger;
}
public BaseRepository(IBudgetManagementContext context, IWhitelist whitelist)
{
Context = context;
Whitelist = whitelist;
}
public static (AuthorizationPolicy AuthPolicy, string PolicyName) AddHelseIdAuthorizationPolicy(this IServiceCollection services,
IHelseIdHprFeatures helseIdFeatures,
IHprFeatureFlags hprFeatures,
IHelseIdWebKonfigurasjon helseIdWebKonfigurasjon,
IWhitelist whitelist)
{
var authenticatedHidUserPolicy = new AuthorizationPolicyBuilder()
.RequireAuthenticatedUser()
.RequireClaim(IdentityClaims.SecurityLevel, helseIdWebKonfigurasjon.SecurityLevels)
.Build();
if (helseIdFeatures.UseHprNumber)
{
var hprNumberPolicyBuilder = new AuthorizationPolicyBuilder()
.Combine(authenticatedHidUserPolicy);
hprNumberPolicyBuilder.Requirements.Add(new HprAuthorizationRequirement());
var hprNumberPolicy = hprNumberPolicyBuilder.Build();
if (hprFeatures.UseHpr && hprFeatures.UseHprPolicy)
{
var policy = new AuthorizationPolicyBuilder()
.Combine(hprNumberPolicy);
policy.Requirements.Add(new HprGodkjenningAuthorizationRequirement());
var HprGodkjenningPolicy = policy.Build();
services.AddAuthorization(config =>
{
config.AddPolicy(Policies.HidAuthenticated, authenticatedHidUserPolicy);
config.AddPolicy(Policies.HprNummer, hprNumberPolicy);
config.AddPolicy(Policies.GodkjentHprKategoriPolicy, HprGodkjenningPolicy);
config.DefaultPolicy = HprGodkjenningPolicy;
});
return(HprGodkjenningPolicy, Policies.GodkjentHprKategoriPolicy);
}
services.AddAuthorization(config =>
{
config.AddPolicy(Policies.HidAuthenticated, authenticatedHidUserPolicy);
config.AddPolicy(Policies.HprNummer, hprNumberPolicy);
config.DefaultPolicy = hprNumberPolicy;
});
return(hprNumberPolicy, Policies.HprNummer);
}
services.AddAuthorization(config =>
{
config.AddPolicy(Policies.HidAuthenticated, authenticatedHidUserPolicy);
config.DefaultPolicy = authenticatedHidUserPolicy;
});
return(authenticatedHidUserPolicy, Policies.HidAuthenticated);
}
/// <summary>
/// Normally used by AddHelseIdWebAuthentication
/// </summary>
public static (AuthorizeFilter AuthorizeFilter, string PolicyName) AddAuthentication(IServiceCollection services,
IHelseIdWebKonfigurasjon helseIdKonfigurasjon,
IRedirectPagesKonfigurasjon redirectPagesKonfigurasjon,
IHprFeatureFlags hprKonfigurasjon,
IWhitelist whitelist,
IHelseIdSecretHandler?secretHandler = null
)
{
const double tokenRefreshBeforeExpirationTime = 2;
services.AddHelseIdAuthentication()
.AddCookie(options =>
{
options.DefaultHelseIdOptions(helseIdKonfigurasjon, redirectPagesKonfigurasjon);
})
.AddOpenIdConnect(HelseIdContext.Scheme, options =>
{
options.DefaultHelseIdOptions(helseIdKonfigurasjon, redirectPagesKonfigurasjon, secretHandler);
})
.AddAutomaticTokenManagement(options => options.DefaultHelseIdOptions(tokenRefreshBeforeExpirationTime)); // For å kunne ha en lengre sesjon, håndterer refresh token
(var authPolicy, string policyName) = services.AddHelseIdAuthorizationPolicy(helseIdKonfigurasjon, hprKonfigurasjon, helseIdKonfigurasjon, whitelist);
return(new AuthorizeFilter(authPolicy), policyName);
}