private static async Task PopulateAccountsClaim(TokenValidatedContext ctx, IEmployerAccountService accountsSvc)
{
var userId = ctx.Principal.Claims.First(c => c.Type.Equals(EmployerPsrsClaims.IdamsUserIdClaimTypeIdentifier)).Value;
var associatedAccountsClaim = await accountsSvc.GetClaim(userId);
ctx.Principal.Identities.First().AddClaim(associatedAccountsClaim);
}
public QuestionController(IReportService reportService, IEmployerAccountService employerAccountService, IWebConfiguration webConfiguration, IPeriodService periodService, IUserService userService)
: base(webConfiguration, employerAccountService)
{
_reportService = reportService;
_periodService = periodService;
_userService = userService;
}
public CreateReservationLevyEmployerCommandValidator(IEmployerAccountService employerAccountService,
IApiClient apiClient, IOptions <ReservationsApiConfiguration> config, IEncodingService encodingService)
{
_employerAccountService = employerAccountService;
_apiClient = apiClient;
_encodingService = encodingService;
_config = config.Value;
}
public GetAccountReservationStatusQueryHandler(IApiClient apiClient,
IValidator <GetAccountReservationStatusQuery> validator,
IOptions <ReservationsApiConfiguration> configOptions, IEmployerAccountService accountsService)
{
_apiClient = apiClient;
_validator = validator;
_accountsService = accountsService;
_config = configOptions.Value;
}
public static void AddAndConfigureEmployerAuthentication(
this IServiceCollection services,
IOptions <IdentityServerConfiguration> configuration,
IEmployerAccountService accountsSvc)
{
services
.AddAuthentication(sharedOptions =>
{
sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
sharedOptions.DefaultSignOutScheme = OpenIdConnectDefaults.AuthenticationScheme;
}).AddOpenIdConnect(options =>
{
options.ClientId = configuration.Value.ClientId;
options.ClientSecret = configuration.Value.ClientSecret;
options.Authority = configuration.Value.BaseAddress;
options.MetadataAddress = $"{configuration.Value.BaseAddress}/.well-known/openid-configuration";
options.ResponseType = "code";
var scopes = configuration.Value.Scopes.Split(' ');
foreach (var scope in scopes)
{
options.Scope.Add(scope);
}
options.ClaimActions.MapUniqueJsonKey("sub", "id");
options.Events.OnTokenValidated = async(ctx) => await PopulateAccountsClaim(ctx, accountsSvc);
options.Events.OnRemoteFailure = c =>
{
if (c.Failure.Message.Contains("Correlation failed"))
{
c.Response.Redirect("/");
c.HandleResponse();
}
return(Task.CompletedTask);
};
})
.AddCookie(options =>
{
options.AccessDeniedPath = new PathString("/error/403");
options.ExpireTimeSpan = TimeSpan.FromHours(1);
options.Cookie.Name = "SFA.DAS.Reservations.Web.Auth";
options.Cookie.SecurePolicy = CookieSecurePolicy.Always;
options.SlidingExpiration = true;
options.Cookie.SameSite = SameSiteMode.None;
options.CookieManager = new ChunkingCookieManager()
{
ChunkSize = 3000
};
});
}
public HomeController(IReportService reportService, IEmployerAccountService employerAccountService,
IWebConfiguration webConfiguration, IPeriodService periodService,
IAuthorizationService authorizationService)
: base(webConfiguration, employerAccountService)
{
_reportService = reportService;
_periodService = periodService;
_authorizationService = authorizationService;
_currentPeriod = _periodService.GetCurrentPeriod();
submitLookup = new ReadOnlyDictionary <string, SubmitAction>(
buildSubmitLookups());
}
public ReportController(IReportService reportService,
IEmployerAccountService employerAccountService,
IUserService userService,
IWebConfiguration webConfiguration,
IPeriodService periodService,
IAuthorizationService authorizationService,
IMediator mediatr)
: base(webConfiguration, employerAccountService)
{
_reportService = reportService;
_userService = userService;
_authorizationService = authorizationService ?? throw new ArgumentNullException(nameof(authorizationService));
_mediatr = mediatr ?? throw new ArgumentNullException(nameof(mediatr));
_currentPeriod = periodService.GetCurrentPeriod();
}
public GetEmployerAccountLegalEntitiesHandler(IEmployerAccountService employerAccountService)
{
_employerAccountService = employerAccountService;
}
public static void AddAndConfigureAuthentication(this IServiceCollection services, IWebConfiguration configuration, IEmployerAccountService accountsSvc)
{
_configuration = configuration;
services.AddAuthentication(sharedOptions =>
{
sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
sharedOptions.DefaultSignOutScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddOpenIdConnect(options =>
{
options.ClientId = _configuration.Identity.ClientId;
options.ClientSecret = _configuration.Identity.ClientSecret;
options.AuthenticationMethod =
(OpenIdConnectRedirectBehavior)_configuration.Identity.AuthenticationMethod;
options.Authority = _configuration.Identity.Authority;
options.ResponseType = _configuration.Identity.ResponseType;
options.SaveTokens = _configuration.Identity.SaveTokens;
var scopes = GetScopes();
foreach (var scope in scopes)
{
options.Scope.Add(scope);
}
var mapUniqueJsonKeys = GetMapUniqueJsonKey();
options.ClaimActions.MapUniqueJsonKey(mapUniqueJsonKeys[0], mapUniqueJsonKeys[1]);
options.Events.OnTokenValidated = async(ctx) => await PopulateAccountsClaim(ctx, accountsSvc);
})
.AddCookie(options =>
{
options.AccessDeniedPath = new PathString("/Service/AccessDenied");
options.ExpireTimeSpan = TimeSpan.FromHours(1);
switch (configuration.SessionStore.Type)
{
case "Redis":
options.SessionStore = new RedisCacheTicketStore(configuration.SessionStore.Connectionstring);
break;
case "Default":
break;
}
options.Events.OnRedirectToAccessDenied = RedirectToAccessDenied;
});
}
public EmployerAccountAuthorizationHandler(IEmployerAccountService accountsService, ILogger <EmployerAccountAuthorizationHandler> logger)
{
_accountsService = accountsService;
_logger = logger;
}
public GetAccountTransferConnectionsHandler(IValidator <GetAccountTransferConnectionsRequest> validator, IEmployerAccountService employerAccountService)
{
_validator = validator;
_employerAccountService = employerAccountService;
}
public GetAccountUsersQueryHandler(IEmployerAccountService employerAccountService)
{
_employerAccountService = employerAccountService;
}
protected BaseController(IWebConfiguration webConfiguration, IEmployerAccountService employerAccountService)
{
_webConfiguration = webConfiguration;
_employerAccountService = employerAccountService;
}
public GetAccountLegalEntitiesValidator(IEmployerAccountService employerAccountService)
{
_employerAccountService = employerAccountService;
}
public static void AddAndConfigureAuthentication(this IServiceCollection services, IWebConfiguration configuration, IEmployerAccountService accountsSvc)
{
_configuration = configuration;
services.AddAuthentication(sharedOptions =>
{
sharedOptions.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
sharedOptions.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
sharedOptions.DefaultSignOutScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddOpenIdConnect(options =>
{
options.ClientId = _configuration.Identity.ClientId;
options.ClientSecret = _configuration.Identity.ClientSecret;
options.Authority = _configuration.Identity.Authority;
options.ResponseType = "code";
options.UsePkce = false;
var scopes = GetScopes();
foreach (var scope in scopes)
{
options.Scope.Add(scope);
}
var mapUniqueJsonKeys = GetMapUniqueJsonKey();
options.ClaimActions.MapUniqueJsonKey(mapUniqueJsonKeys[0], mapUniqueJsonKeys[1]);
options.Events.OnTokenValidated = async(ctx) => await PopulateAccountsClaim(ctx, accountsSvc);
options.Events.OnRemoteFailure = c =>
{
if (c.Failure.Message.Contains("Correlation failed"))
{
c.Response.Redirect("/");
c.HandleResponse();
}
return(Task.CompletedTask);
};
})
.AddCookie(options =>
{
options.AccessDeniedPath = new PathString("/Service/AccessDenied");
options.ExpireTimeSpan = TimeSpan.FromHours(1);
switch (configuration.SessionStore.Type)
{
case "Redis":
options.SessionStore = new RedisCacheTicketStore(configuration.SessionStore.Connectionstring);
break;
case "Default":
break;
}
options.Events.OnRedirectToAccessDenied = RedirectToAccessDenied;
});
}
public ContentPolicyReportController(ILogger <ContentPolicyReportController> logger,
IEmployerAccountService employerAccountService, IWebConfiguration webConfiguration)
: base(webConfiguration, employerAccountService)
{
_logger = logger;
}
public GetAccountLegalEntitiestHandler(IValidator <GetAccountLegalEntitiesRequest> validator, IEmployerAccountService employerAccountService)
{
_validator = validator;
_employerAccountService = employerAccountService;
}
public GetUserAccountRoleQueryHandler(IValidator <GetUserAccountRoleQuery> validator, IEmployerAccountService employerAccountService)
{
_validator = validator;
_employerAccountService = employerAccountService;
}
