private static async Task PopulateAccountsClaim(TokenValidatedContext ctx, IEmployerAccountService accountsSvc) { var userId = ctx.Principal.Claims.First(c => c.Type.Equals(EmployerPsrsClaims.IdamsUserIdClaimTypeIdentifier)).Value; var associatedAccountsClaim = await accountsSvc.GetClaim(userId); ctx.Principal.Identities.First().AddClaim(associatedAccountsClaim); }
public bool IsEmployerAuthorised(AuthorizationHandlerContext context, bool allowAllUserRoles) { if (!(context.Resource is AuthorizationFilterContext mvcContext) || !mvcContext.RouteData.Values.ContainsKey(RouteValues.EmployerAccountId)) { return(false); } var accountIdFromUrl = mvcContext.RouteData.Values[RouteValues.EmployerAccountId].ToString().ToUpper(); var employerAccountClaim = context.User.FindFirst(c => c.Type.Equals(EmployerClaims.AccountsClaimsTypeIdentifier)); if (employerAccountClaim?.Value == null) { return(false); } Dictionary <string, EmployerIdentifier> employerAccounts; try { employerAccounts = JsonConvert.DeserializeObject <Dictionary <string, EmployerIdentifier> >(employerAccountClaim.Value); } catch (JsonReaderException e) { _logger.LogError(e, "Could not deserialize employer account claim for user", employerAccountClaim.Value); return(false); } EmployerIdentifier employerIdentifier = null; if (employerAccounts != null) { employerIdentifier = employerAccounts.ContainsKey(accountIdFromUrl) ? employerAccounts[accountIdFromUrl] : null; } if (employerAccounts == null || !employerAccounts.ContainsKey(accountIdFromUrl)) { if (!context.User.HasClaim(c => c.Type.Equals(EmployerClaims.IdamsUserIdClaimTypeIdentifier))) { return(false); } var userClaim = context.User.Claims .First(c => c.Type.Equals(EmployerClaims.IdamsUserIdClaimTypeIdentifier)); var userId = userClaim.Value; var updatedAccountClaim = _accountsService.GetClaim(userId, EmployerClaims.AccountsClaimsTypeIdentifier).Result; var updatedEmployerAccounts = JsonConvert.DeserializeObject <Dictionary <string, EmployerIdentifier> >(updatedAccountClaim?.Value); userClaim.Subject.AddClaim(updatedAccountClaim); if (!updatedEmployerAccounts.ContainsKey(accountIdFromUrl)) { return(false); } employerIdentifier = updatedEmployerAccounts[accountIdFromUrl]; } if (!mvcContext.HttpContext.Items.ContainsKey(ContextItemKeys.EmployerIdentifier)) { mvcContext.HttpContext.Items.Add(ContextItemKeys.EmployerIdentifier, employerAccounts.GetValueOrDefault(accountIdFromUrl)); } if (!allowAllUserRoles && !CheckUserRoleForAccess(employerIdentifier)) { return(false); } return(true); }