public void ValidatePdpDecision_TC07()
{
// Arrange
XacmlJsonResponse response = new XacmlJsonResponse();
response.Response = new List <XacmlJsonResult>();
// Act & Assert
Assert.Throws <ArgumentNullException>(() => DecisionHelper.ValidatePdpDecision(response.Response, null));
}
public void ValidatePdpDecision_TC06()
{
// Arrange
XacmlJsonResponse response = new XacmlJsonResponse();
response.Response = null;
// Act & Assert
Assert.Throws <ArgumentNullException>(() => DecisionHelper.ValidatePdpDecision(response.Response, CreateUserClaims(false)));
}
public async Task <bool> GetDecisionForUnvalidateRequest(XacmlJsonRequestRoot xacmlJsonRequest, ClaimsPrincipal user)
{
if (_pepSettings.DisablePEP)
{
return(true);
}
XacmlJsonResponse response = await GetDecisionForRequest(xacmlJsonRequest);
return(DecisionHelper.ValidatePdpDecision(response.Response, user));
}
/// <inheritdoc/>
public async Task <bool> GetDecisionForUnvalidateRequest(XacmlJsonRequestRoot xacmlJsonRequest, ClaimsPrincipal user)
{
XacmlJsonResponse response = await GetDecisionForRequest(xacmlJsonRequest);
if (response?.Response == null)
{
throw new ArgumentNullException("response");
}
_logger.LogInformation($"// Altinn PEP // PDPAppSI // Request sent to platform authorization: {JsonConvert.SerializeObject(xacmlJsonRequest)}");
return(DecisionHelper.ValidatePdpDecision(response.Response, user));
}
private async Task <bool> AuthorizeAction(string currenTaskType, string org, string app, string instanceId)
{
string actionType = currenTaskType.Equals("data") ? "write" : null;
XacmlJsonRequestRoot request = DecisionHelper.CreateDecisionRequest(org, app, HttpContext.User, actionType, null, instanceId);
XacmlJsonResponse response = await _pdp.GetDecisionForRequest(request);
if (response?.Response == null)
{
_logger.LogInformation($"// Process Controller // Authorization of moving process forward failed with request: {JsonConvert.SerializeObject(request)}.");
return(false);
}
bool authorized = DecisionHelper.ValidatePdpDecision(response.Response, HttpContext.User);
return(authorized);
}
private async Task <bool> AuthorizeInstatiation(string org, string app, Party party)
{
bool authorized = false;
XacmlJsonRequestRoot request = DecisionHelper.CreateDecisionRequest(org, app, HttpContext.User, "instantiate", party.PartyId.ToString(), null);
XacmlJsonResponse response = await _pdp.GetDecisionForRequest(request);
if (response?.Response == null)
{
_logger.LogInformation($"// Instances Controller // Authorization of instantiation failed with request: {JsonConvert.SerializeObject(request)}.");
return(authorized);
}
authorized = DecisionHelper.ValidatePdpDecision(response.Response, HttpContext.User);
return(authorized);
}
public void ValidatePdpDecision_TC01()
{
// Arrange
XacmlJsonResponse response = new XacmlJsonResponse();
response.Response = new List <XacmlJsonResult>();
XacmlJsonResult xacmlJsonResult = new XacmlJsonResult();
xacmlJsonResult.Decision = XacmlContextDecision.Permit.ToString();
response.Response.Add(xacmlJsonResult);
// Act
bool result = DecisionHelper.ValidatePdpDecision(response.Response, CreateUserClaims(false));
// Assert
Assert.True(result);
}
/// <summary>
/// This method authorize access bases on context and requirement
/// Is triggered by annotation on MVC action and setup in startup.
/// </summary>
/// <param name="context">The context</param>
/// <param name="requirement">The requirement</param>
/// <returns>A Task</returns>
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, AppAccessRequirement requirement)
{
XacmlJsonRequestRoot request = DecisionHelper.CreateDecisionRequest(context, requirement, _httpContextAccessor.HttpContext.GetRouteData());
_logger.LogInformation($"// Altinn PEP // AppAccessHandler // Request sent: {JsonConvert.SerializeObject(request)}");
XacmlJsonResponse response = await _pdp.GetDecisionForRequest(request);
if (response?.Response == null)
{
throw new ArgumentNullException("response");
}
if (!DecisionHelper.ValidatePdpDecision(response.Response, context.User))
{
context.Fail();
}
context.Succeed(requirement);
await Task.CompletedTask;
}
public async Task <bool> GetDecisionForUnvalidateRequest(XacmlJsonRequestRoot xacmlJsonRequest, ClaimsPrincipal user)
{
XacmlJsonResponse response = await GetDecisionForRequest(xacmlJsonRequest);
return(DecisionHelper.ValidatePdpDecision(response.Response, user));
}
public async Task <ActionResult <Instance> > Post(string appId, [FromBody] Instance instance)
{
(Application appInfo, ActionResult appInfoError) = await GetApplicationOrErrorAsync(appId);
int instanceOwnerPartyId = int.Parse(instance.InstanceOwner.PartyId);
if (appInfoError != null)
{
return(appInfoError);
}
if (string.IsNullOrWhiteSpace(instance.InstanceOwner.PartyId))
{
return(BadRequest("Cannot create an instance without an instanceOwner.PartyId."));
}
// Checking that user is authorized to instantiate.
XacmlJsonRequestRoot request = DecisionHelper.CreateDecisionRequest(appInfo.Org, appInfo.Id.Split('/')[1], HttpContext.User, "instantiate", instanceOwnerPartyId, null);
XacmlJsonResponse response = await _pdp.GetDecisionForRequest(request);
if (response?.Response == null)
{
_logger.LogInformation($"// Instances Controller // Authorization of instantiation failed with request: {JsonConvert.SerializeObject(request)}.");
return(Forbid());
}
bool authorized = DecisionHelper.ValidatePdpDecision(response.Response, HttpContext.User);
if (!authorized)
{
return(Forbid());
}
Instance storedInstance = new Instance();
try
{
DateTime creationTime = DateTime.UtcNow;
string userId = GetUserId();
Instance instanceToCreate = CreateInstanceFromTemplate(appInfo, instance, creationTime, userId);
storedInstance = await _instanceRepository.Create(instanceToCreate);
await DispatchEvent(InstanceEventType.Created, storedInstance);
_logger.LogInformation($"Created instance: {storedInstance.Id}");
storedInstance.SetPlatformSelfLinks(_storageBaseAndHost);
await _partiesWithInstancesClient.SetHasAltinn3Instances(instanceOwnerPartyId);
return(Created(storedInstance.SelfLinks.Platform, storedInstance));
}
catch (Exception storageException)
{
_logger.LogError($"Unable to create {appId} instance for {instance.InstanceOwner.PartyId} due to {storageException}");
// compensating action - delete instance
await _instanceRepository.Delete(storedInstance);
_logger.LogError($"Deleted instance {storedInstance.Id}");
return(StatusCode(500, $"Unable to create {appId} instance for {instance.InstanceOwner.PartyId} due to {storageException.Message}"));
}
}