private static async Task PopulateAccountsClaim(TokenValidatedContext ctx, IEmployerAccountService accountsSvc) { var userId = ctx.Principal.Claims.First(c => c.Type.Equals(EmployerPsrsClaims.IdamsUserIdClaimTypeIdentifier)).Value; var associatedAccountsClaim = await accountsSvc.GetClaim(userId); ctx.Principal.Identities.First().AddClaim(associatedAccountsClaim); }
public QuestionController(IReportService reportService, IEmployerAccountService employerAccountService, IWebConfiguration webConfiguration, IPeriodService periodService, IUserService userService) : base(webConfiguration, employerAccountService) { _reportService = reportService; _periodService = periodService; _userService = userService; }
public CreateReservationLevyEmployerCommandValidator(IEmployerAccountService employerAccountService, IApiClient apiClient, IOptions <ReservationsApiConfiguration> config, IEncodingService encodingService) { _employerAccountService = employerAccountService; _apiClient = apiClient; _encodingService = encodingService; _config = config.Value; }
public GetAccountReservationStatusQueryHandler(IApiClient apiClient, IValidator <GetAccountReservationStatusQuery> validator, IOptions <ReservationsApiConfiguration> configOptions, IEmployerAccountService accountsService) { _apiClient = apiClient; _validator = validator; _accountsService = accountsService; _config = configOptions.Value; }
public static void AddAndConfigureEmployerAuthentication( this IServiceCollection services, IOptions <IdentityServerConfiguration> configuration, IEmployerAccountService accountsSvc) { services .AddAuthentication(sharedOptions => { sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme; sharedOptions.DefaultSignOutScheme = OpenIdConnectDefaults.AuthenticationScheme; }).AddOpenIdConnect(options => { options.ClientId = configuration.Value.ClientId; options.ClientSecret = configuration.Value.ClientSecret; options.Authority = configuration.Value.BaseAddress; options.MetadataAddress = $"{configuration.Value.BaseAddress}/.well-known/openid-configuration"; options.ResponseType = "code"; var scopes = configuration.Value.Scopes.Split(' '); foreach (var scope in scopes) { options.Scope.Add(scope); } options.ClaimActions.MapUniqueJsonKey("sub", "id"); options.Events.OnTokenValidated = async(ctx) => await PopulateAccountsClaim(ctx, accountsSvc); options.Events.OnRemoteFailure = c => { if (c.Failure.Message.Contains("Correlation failed")) { c.Response.Redirect("/"); c.HandleResponse(); } return(Task.CompletedTask); }; }) .AddCookie(options => { options.AccessDeniedPath = new PathString("/error/403"); options.ExpireTimeSpan = TimeSpan.FromHours(1); options.Cookie.Name = "SFA.DAS.Reservations.Web.Auth"; options.Cookie.SecurePolicy = CookieSecurePolicy.Always; options.SlidingExpiration = true; options.Cookie.SameSite = SameSiteMode.None; options.CookieManager = new ChunkingCookieManager() { ChunkSize = 3000 }; }); }
public HomeController(IReportService reportService, IEmployerAccountService employerAccountService, IWebConfiguration webConfiguration, IPeriodService periodService, IAuthorizationService authorizationService) : base(webConfiguration, employerAccountService) { _reportService = reportService; _periodService = periodService; _authorizationService = authorizationService; _currentPeriod = _periodService.GetCurrentPeriod(); submitLookup = new ReadOnlyDictionary <string, SubmitAction>( buildSubmitLookups()); }
public ReportController(IReportService reportService, IEmployerAccountService employerAccountService, IUserService userService, IWebConfiguration webConfiguration, IPeriodService periodService, IAuthorizationService authorizationService, IMediator mediatr) : base(webConfiguration, employerAccountService) { _reportService = reportService; _userService = userService; _authorizationService = authorizationService ?? throw new ArgumentNullException(nameof(authorizationService)); _mediatr = mediatr ?? throw new ArgumentNullException(nameof(mediatr)); _currentPeriod = periodService.GetCurrentPeriod(); }
public GetEmployerAccountLegalEntitiesHandler(IEmployerAccountService employerAccountService) { _employerAccountService = employerAccountService; }
public static void AddAndConfigureAuthentication(this IServiceCollection services, IWebConfiguration configuration, IEmployerAccountService accountsSvc) { _configuration = configuration; services.AddAuthentication(sharedOptions => { sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme; sharedOptions.DefaultSignOutScheme = OpenIdConnectDefaults.AuthenticationScheme; }) .AddOpenIdConnect(options => { options.ClientId = _configuration.Identity.ClientId; options.ClientSecret = _configuration.Identity.ClientSecret; options.AuthenticationMethod = (OpenIdConnectRedirectBehavior)_configuration.Identity.AuthenticationMethod; options.Authority = _configuration.Identity.Authority; options.ResponseType = _configuration.Identity.ResponseType; options.SaveTokens = _configuration.Identity.SaveTokens; var scopes = GetScopes(); foreach (var scope in scopes) { options.Scope.Add(scope); } var mapUniqueJsonKeys = GetMapUniqueJsonKey(); options.ClaimActions.MapUniqueJsonKey(mapUniqueJsonKeys[0], mapUniqueJsonKeys[1]); options.Events.OnTokenValidated = async(ctx) => await PopulateAccountsClaim(ctx, accountsSvc); }) .AddCookie(options => { options.AccessDeniedPath = new PathString("/Service/AccessDenied"); options.ExpireTimeSpan = TimeSpan.FromHours(1); switch (configuration.SessionStore.Type) { case "Redis": options.SessionStore = new RedisCacheTicketStore(configuration.SessionStore.Connectionstring); break; case "Default": break; } options.Events.OnRedirectToAccessDenied = RedirectToAccessDenied; }); }
public EmployerAccountAuthorizationHandler(IEmployerAccountService accountsService, ILogger <EmployerAccountAuthorizationHandler> logger) { _accountsService = accountsService; _logger = logger; }
public GetAccountTransferConnectionsHandler(IValidator <GetAccountTransferConnectionsRequest> validator, IEmployerAccountService employerAccountService) { _validator = validator; _employerAccountService = employerAccountService; }
public GetAccountUsersQueryHandler(IEmployerAccountService employerAccountService) { _employerAccountService = employerAccountService; }
protected BaseController(IWebConfiguration webConfiguration, IEmployerAccountService employerAccountService) { _webConfiguration = webConfiguration; _employerAccountService = employerAccountService; }
public GetAccountLegalEntitiesValidator(IEmployerAccountService employerAccountService) { _employerAccountService = employerAccountService; }
public static void AddAndConfigureAuthentication(this IServiceCollection services, IWebConfiguration configuration, IEmployerAccountService accountsSvc) { _configuration = configuration; services.AddAuthentication(sharedOptions => { sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme; sharedOptions.DefaultSignOutScheme = OpenIdConnectDefaults.AuthenticationScheme; }) .AddOpenIdConnect(options => { options.ClientId = _configuration.Identity.ClientId; options.ClientSecret = _configuration.Identity.ClientSecret; options.Authority = _configuration.Identity.Authority; options.ResponseType = "code"; options.UsePkce = false; var scopes = GetScopes(); foreach (var scope in scopes) { options.Scope.Add(scope); } var mapUniqueJsonKeys = GetMapUniqueJsonKey(); options.ClaimActions.MapUniqueJsonKey(mapUniqueJsonKeys[0], mapUniqueJsonKeys[1]); options.Events.OnTokenValidated = async(ctx) => await PopulateAccountsClaim(ctx, accountsSvc); options.Events.OnRemoteFailure = c => { if (c.Failure.Message.Contains("Correlation failed")) { c.Response.Redirect("/"); c.HandleResponse(); } return(Task.CompletedTask); }; }) .AddCookie(options => { options.AccessDeniedPath = new PathString("/Service/AccessDenied"); options.ExpireTimeSpan = TimeSpan.FromHours(1); switch (configuration.SessionStore.Type) { case "Redis": options.SessionStore = new RedisCacheTicketStore(configuration.SessionStore.Connectionstring); break; case "Default": break; } options.Events.OnRedirectToAccessDenied = RedirectToAccessDenied; }); }
public ContentPolicyReportController(ILogger <ContentPolicyReportController> logger, IEmployerAccountService employerAccountService, IWebConfiguration webConfiguration) : base(webConfiguration, employerAccountService) { _logger = logger; }
public GetAccountLegalEntitiestHandler(IValidator <GetAccountLegalEntitiesRequest> validator, IEmployerAccountService employerAccountService) { _validator = validator; _employerAccountService = employerAccountService; }
public GetUserAccountRoleQueryHandler(IValidator <GetUserAccountRoleQuery> validator, IEmployerAccountService employerAccountService) { _validator = validator; _employerAccountService = employerAccountService; }