/// <inheritdoc />
public void LogExecuting(HttpContext httpContext, IClaimsExtractor claimsExtractor)
{
EnsureArg.IsNotNull(claimsExtractor, nameof(claimsExtractor));
EnsureArg.IsNotNull(httpContext, nameof(httpContext));
Log(AuditAction.Executing, statusCode: null, httpContext, claimsExtractor);
}
/// <inheritdoc />
public void LogExecuted(HttpContext httpContext, IClaimsExtractor claimsExtractor)
{
EnsureArg.IsNotNull(claimsExtractor, nameof(claimsExtractor));
EnsureArg.IsNotNull(httpContext, nameof(httpContext));
Log(AuditAction.Executed, (HttpStatusCode)httpContext.Response.StatusCode, httpContext, claimsExtractor);
}
/// <summary>
/// Initializes a new instance of the <see cref="ResourceWrapperFactory"/> class.
/// </summary>
/// <param name="rawResourceFactory">The raw resource factory.</param>
/// <param name="fhirRequestContextAccessor">The FHIR request context accessor.</param>
/// <param name="searchIndexer">The search indexer used to generate search indices.</param>
/// <param name="claimsExtractor">The claims extractor used to extract claims.</param>
/// <param name="compartmentIndexer">The compartment indexer.</param>
/// <param name="searchParameterDefinitionManager"> The search parameter definition manager.</param>
/// <param name="resourceDeserializer">Resource deserializer</param>
public ResourceWrapperFactory(
IRawResourceFactory rawResourceFactory,
IFhirRequestContextAccessor fhirRequestContextAccessor,
ISearchIndexer searchIndexer,
IClaimsExtractor claimsExtractor,
ICompartmentIndexer compartmentIndexer,
ISearchParameterDefinitionManager searchParameterDefinitionManager,
IResourceDeserializer resourceDeserializer)
{
EnsureArg.IsNotNull(rawResourceFactory, nameof(rawResourceFactory));
EnsureArg.IsNotNull(searchIndexer, nameof(searchIndexer));
EnsureArg.IsNotNull(fhirRequestContextAccessor, nameof(fhirRequestContextAccessor));
EnsureArg.IsNotNull(claimsExtractor, nameof(claimsExtractor));
EnsureArg.IsNotNull(compartmentIndexer, nameof(compartmentIndexer));
EnsureArg.IsNotNull(searchParameterDefinitionManager, nameof(searchParameterDefinitionManager));
EnsureArg.IsNotNull(resourceDeserializer, nameof(resourceDeserializer));
_rawResourceFactory = rawResourceFactory;
_searchIndexer = searchIndexer;
_fhirRequestContextAccessor = fhirRequestContextAccessor;
_claimsExtractor = claimsExtractor;
_compartmentIndexer = compartmentIndexer;
_searchParameterDefinitionManager = searchParameterDefinitionManager;
_resourceDeserializer = resourceDeserializer;
}
public AuditLoggingFilterAttribute(IClaimsExtractor claimsExtractor, IAuditHelper auditHelper)
{
EnsureArg.IsNotNull(claimsExtractor, nameof(claimsExtractor));
EnsureArg.IsNotNull(auditHelper, nameof(auditHelper));
_claimsExtractor = claimsExtractor;
_auditHelper = auditHelper;
}
/// <inheritdoc />
public void LogExecuted(HttpContext httpContext, IClaimsExtractor claimsExtractor)
{
EnsureArg.IsNotNull(claimsExtractor, nameof(claimsExtractor));
EnsureArg.IsNotNull(httpContext, nameof(httpContext));
string resourceType = _fhirRequestContextAccessor.FhirRequestContext.ResourceType;
Log(AuditAction.Executed, (HttpStatusCode)httpContext.Response.StatusCode, resourceType, httpContext, claimsExtractor);
}
public CreateExportRequestHandler(IClaimsExtractor claimsExtractor, IFhirOperationDataStore fhirOperationDataStore, IFhirAuthorizationService authorizationService)
{
EnsureArg.IsNotNull(claimsExtractor, nameof(claimsExtractor));
EnsureArg.IsNotNull(fhirOperationDataStore, nameof(fhirOperationDataStore));
EnsureArg.IsNotNull(authorizationService, nameof(authorizationService));
_claimsExtractor = claimsExtractor;
_fhirOperationDataStore = fhirOperationDataStore;
_authorizationService = authorizationService;
}
public CreateExportRequestHandler(IClaimsExtractor claimsExtractor, IFhirOperationDataStore fhirOperationDataStore, ISecretStore secretStore)
{
EnsureArg.IsNotNull(claimsExtractor, nameof(claimsExtractor));
EnsureArg.IsNotNull(fhirOperationDataStore, nameof(fhirOperationDataStore));
EnsureArg.IsNotNull(secretStore, nameof(secretStore));
_claimsExtractor = claimsExtractor;
_fhirOperationDataStore = fhirOperationDataStore;
_secretStore = secretStore;
}
/// <summary>
/// Logs an executed audit entry for the current operation.
/// </summary>
/// <param name="httpContext">The HTTP context.</param>
/// <param name="claimsExtractor">The extractor used to extract claims.</param>
/// <param name="shouldCheckForAuthXFailure">Only emit LogExecuted messages if this is an authentication error (401), since others would already have been logged.</param>
public void LogExecuted(HttpContext httpContext, IClaimsExtractor claimsExtractor, bool shouldCheckForAuthXFailure = false)
{
EnsureArg.IsNotNull(claimsExtractor, nameof(claimsExtractor));
EnsureArg.IsNotNull(httpContext, nameof(httpContext));
var responseStatusCode = (HttpStatusCode)httpContext.Response.StatusCode;
if (!shouldCheckForAuthXFailure || responseStatusCode == HttpStatusCode.Unauthorized)
{
Log(AuditAction.Executed, responseStatusCode, httpContext, claimsExtractor);
}
}
public AuditMiddleware(
RequestDelegate next,
IClaimsExtractor claimsExtractor,
IAuditHelper auditHelper)
{
EnsureArg.IsNotNull(next, nameof(next));
EnsureArg.IsNotNull(claimsExtractor, nameof(claimsExtractor));
EnsureArg.IsNotNull(auditHelper, nameof(auditHelper));
_next = next;
_claimsExtractor = claimsExtractor;
_auditHelper = auditHelper;
}
public CreateExportRequestHandler(
IClaimsExtractor claimsExtractor,
IFhirOperationDataStore fhirOperationDataStore,
IFhirAuthorizationService authorizationService,
IOptions <ExportJobConfiguration> exportJobConfiguration)
{
EnsureArg.IsNotNull(claimsExtractor, nameof(claimsExtractor));
EnsureArg.IsNotNull(fhirOperationDataStore, nameof(fhirOperationDataStore));
EnsureArg.IsNotNull(authorizationService, nameof(authorizationService));
EnsureArg.IsNotNull(exportJobConfiguration?.Value, nameof(exportJobConfiguration));
_claimsExtractor = claimsExtractor;
_fhirOperationDataStore = fhirOperationDataStore;
_authorizationService = authorizationService;
_exportJobConfiguration = exportJobConfiguration.Value;
}
public CreateReindexRequestHandler(
IClaimsExtractor claimsExtractor,
IFhirOperationDataStore fhirOperationDataStore,
IFhirAuthorizationService authorizationService,
IOptions <ReindexJobConfiguration> reindexJobConfiguration)
{
EnsureArg.IsNotNull(claimsExtractor, nameof(claimsExtractor));
EnsureArg.IsNotNull(fhirOperationDataStore, nameof(fhirOperationDataStore));
EnsureArg.IsNotNull(authorizationService, nameof(authorizationService));
EnsureArg.IsNotNull(reindexJobConfiguration, nameof(reindexJobConfiguration));
_claimsExtractor = claimsExtractor;
_fhirOperationDataStore = fhirOperationDataStore;
_authorizationService = authorizationService;
_reindexJobConfiguration = reindexJobConfiguration.Value;
}
public ResourceWrapperFactoryTests()
{
var serializer = new FhirJsonSerializer();
_rawResourceFactory = new RawResourceFactory(serializer);
var dummyRequestContext = new FhirRequestContext(
"POST",
"https://localhost/Patient",
"https://localhost/",
Guid.NewGuid().ToString(),
new Dictionary <string, StringValues>(),
new Dictionary <string, StringValues>());
_fhirRequestContextAccessor = Substitute.For <RequestContextAccessor <IFhirRequestContext> >();
_fhirRequestContextAccessor.RequestContext.Returns(dummyRequestContext);
_claimsExtractor = Substitute.For <IClaimsExtractor>();
_compartmentIndexer = Substitute.For <ICompartmentIndexer>();
_searchIndexer = Substitute.For <ISearchIndexer>();
_searchParameterDefinitionManager = Substitute.For <ISearchParameterDefinitionManager>();
_searchParameterDefinitionManager.GetSearchParameterHashForResourceType(Arg.Any <string>()).Returns("hash");
_resourceWrapperFactory = new ResourceWrapperFactory(
_rawResourceFactory,
_fhirRequestContextAccessor,
_searchIndexer,
_claimsExtractor,
_compartmentIndexer,
_searchParameterDefinitionManager,
Deserializers.ResourceDeserializer);
_nameSearchParameterInfo = new SearchParameterInfo("name", "name", ValueSets.SearchParamType.String, new Uri("https://localhost/searchParameter/name"))
{
SortStatus = SortParameterStatus.Enabled
};
_addressSearchParameterInfo = new SearchParameterInfo("address-city", "address-city", ValueSets.SearchParamType.String, new Uri("https://localhost/searchParameter/address-city"))
{
SortStatus = SortParameterStatus.Enabled
};
_ageSearchParameterInfo = new SearchParameterInfo("age", "age", ValueSets.SearchParamType.Number, new Uri("https://localhost/searchParameter/age"))
{
SortStatus = SortParameterStatus.Supported
};
}
public BundleAwareJwtBearerHandler(
IOptionsMonitor <JwtBearerOptions> options,
ILoggerFactory logger,
UrlEncoder encoder,
ISystemClock clock,
IBundleHttpContextAccessor bundleHttpContextAccessor,
IAuditHelper auditHelper,
IClaimsExtractor claimsExtractor)
: base(options, logger, encoder, clock)
{
EnsureArg.IsNotNull(bundleHttpContextAccessor, nameof(bundleHttpContextAccessor));
EnsureArg.IsNotNull(auditHelper, nameof(auditHelper));
EnsureArg.IsNotNull(claimsExtractor, nameof(claimsExtractor));
_bundleHttpContextAccessor = bundleHttpContextAccessor;
_auditHelper = auditHelper;
_claimsExtractor = claimsExtractor;
}
public BundleAwareJwtBearerHandlerTests()
{
var jwtBearerOptions = new JwtBearerOptions();
var options = Substitute.For <IOptionsMonitor <JwtBearerOptions> >();
options.CurrentValue.Returns(jwtBearerOptions);
var logger = NullLoggerFactory.Instance;
var encoder = UrlEncoder.Default;
var dataProtection = Substitute.For <IDataProtectionProvider>();
var clock = Substitute.For <ISystemClock>();
_bundleHttpContextAccessor = Substitute.For <IBundleHttpContextAccessor>();
_httpContext = new DefaultHttpContext();
_auditHelper = Substitute.For <IAuditHelper>();
_claimsExtractor = Substitute.For <IClaimsExtractor>();
_bundleAwareJwtBearerHandler = new BundleAwareJwtBearerHandler(options, logger, encoder, dataProtection, clock, _bundleHttpContextAccessor, _auditHelper, _claimsExtractor);
_bundleAwareJwtBearerHandler.InitializeAsync(new AuthenticationScheme("jwt", "jwt", typeof(BundleAwareJwtBearerHandler)), _httpContext);
}
private void Log(AuditAction auditAction, string controllerName, string actionName, HttpStatusCode?statusCode, string resourceType, HttpContext httpContext, IClaimsExtractor claimsExtractor)
{
IFhirRequestContext fhirRequestContext = _fhirRequestContextAccessor.FhirRequestContext;
// fhirRequestContext.AuditEventType will not be set in the case of an unauthorized call because the filter that sets it will not be executed
string auditEventType = string.IsNullOrWhiteSpace(fhirRequestContext.AuditEventType) ? _auditEventTypeMapping.GetAuditEventType(controllerName, actionName) : fhirRequestContext.AuditEventType;
// Audit the call if an audit event type is associated with the action.
if (auditEventType != null)
{
_auditLogger.LogAudit(
auditAction,
operation: auditEventType,
resourceType: resourceType,
requestUri: fhirRequestContext.Uri,
statusCode: statusCode,
correlationId: fhirRequestContext.CorrelationId,
callerIpAddress: httpContext.Connection?.RemoteIpAddress?.ToString(),
callerClaims: claimsExtractor.Extract(),
customHeaders: _auditHeaderReader.Read(httpContext));
}
}
public AuditLoggingFilterAttribute(
IClaimsExtractor claimsExtractor,
IAuditHelper auditHelper)
: base(claimsExtractor, auditHelper)
{
}
private void Log(AuditAction auditAction, HttpStatusCode?statusCode, HttpContext httpContext, IClaimsExtractor claimsExtractor)
{
IFhirRequestContext fhirRequestContext = _fhirRequestContextAccessor.RequestContext;
string auditEventType = fhirRequestContext.AuditEventType;
// We are retaining AuditEventType when CustomError occurs. Below check ensures that the audit log is not entered for the custom error request
httpContext.Request.RouteValues.TryGetValue("action", out object actionName);
if (!string.IsNullOrEmpty(actionName?.ToString()) && KnownRoutes.CustomError.Contains(actionName?.ToString(), StringComparison.OrdinalIgnoreCase))
{
return;
}
// Audit the call if an audit event type is associated with the action.
// Since AuditEventType holds value for both AuditEventType and FhirAnonymousOperationType ensure that we only log the AuditEventType
if (!string.IsNullOrEmpty(auditEventType) && !FhirAnonymousOperationTypeList.Contains(auditEventType, StringComparer.OrdinalIgnoreCase))
{
_auditLogger.LogAudit(
auditAction,
operation: auditEventType,
resourceType: fhirRequestContext.ResourceType,
requestUri: fhirRequestContext.Uri,
statusCode: statusCode,
correlationId: fhirRequestContext.CorrelationId,
callerIpAddress: httpContext.Connection?.RemoteIpAddress?.ToString(),
callerClaims: claimsExtractor.Extract(),
customHeaders: _auditHeaderReader.Read(httpContext));
}
}
private void Log(AuditAction auditAction, string controllerName, string actionName, HttpStatusCode?statusCode, string resourceType, HttpContext httpContext, IClaimsExtractor claimsExtractor)
{
string auditEventType = _auditEventTypeMapping.GetAuditEventType(controllerName, actionName);
// Audit the call if an audit event type is associated with the action.
if (auditEventType != null)
{
IFhirRequestContext fhirRequestContext = _fhirRequestContextAccessor.FhirRequestContext;
_auditLogger.LogAudit(
auditAction,
operation: auditEventType,
resourceType: resourceType,
requestUri: fhirRequestContext.Uri,
statusCode: statusCode,
correlationId: fhirRequestContext.CorrelationId,
callerIpAddress: httpContext.Connection?.RemoteIpAddress?.ToString(),
callerClaims: claimsExtractor.Extract(),
customHeaders: _auditHeaderReader.Read(httpContext));
}
}
private void Log(AuditAction auditAction, HttpStatusCode?statusCode, HttpContext httpContext, IClaimsExtractor claimsExtractor)
{
IFhirRequestContext fhirRequestContext = _fhirRequestContextAccessor.FhirRequestContext;
string auditEventType = fhirRequestContext.AuditEventType;
// Audit the call if an audit event type is associated with the action.
if (!string.IsNullOrEmpty(auditEventType))
{
_auditLogger.LogAudit(
auditAction,
operation: auditEventType,
resourceType: fhirRequestContext.ResourceType,
requestUri: fhirRequestContext.Uri,
statusCode: statusCode,
correlationId: fhirRequestContext.CorrelationId,
callerIpAddress: httpContext.Connection?.RemoteIpAddress?.ToString(),
callerClaims: claimsExtractor.Extract(),
customHeaders: _auditHeaderReader.Read(httpContext));
}
}
/// <inheritdoc />
public void LogExecuting(string controllerName, string actionName, HttpContext httpContext, IClaimsExtractor claimsExtractor)
{
EnsureArg.IsNotNull(claimsExtractor, nameof(claimsExtractor));
EnsureArg.IsNotNull(httpContext, nameof(httpContext));
Log(AuditAction.Executing, controllerName, actionName, statusCode: null, resourceType: null, httpContext, claimsExtractor);
}
/// <inheritdoc />
public void LogExecuted(string controllerName, string actionName, string responseResultType, HttpContext httpContext, IClaimsExtractor claimsExtractor)
{
EnsureArg.IsNotNull(claimsExtractor, nameof(claimsExtractor));
EnsureArg.IsNotNull(httpContext, nameof(httpContext));
Log(AuditAction.Executed, controllerName, actionName, (HttpStatusCode)httpContext.Response.StatusCode, responseResultType, httpContext, claimsExtractor);
}
