Merge pull request #278 from Strongminds/feature-hotfix-3.2.3

Feature hotfix 3.2.3

Core.ApplicationServices/SSO/Factories/ISsoStateFactory.cs

@@ -9,7 +9,7 @@ namespace Core.ApplicationServices.SSO.Factories
     public interface ISsoStateFactory
     {
         AbstractState CreateInitialState();
-        AbstractState CreatePrivilegeVerifiedState(Guid userExternalUuid);
+        AbstractState CreatePrivilegeVerifiedState(Guid userExternalUuid, string cvrNumber);
         AbstractState CreateUserLoggedIn(User valueUser);
         AbstractState CreateUserIdentifiedState(User user, StsBrugerInfo stsBrugerInfo);
         AbstractState CreateAuthorizingUserState(User user, Organization organization);

Core.ApplicationServices/SSO/Factories/SsoStateFactory.cs

@@ -60,12 +60,12 @@ public AbstractState CreateInitialState()
             {
                 throw new InvalidOperationException("Error: No SAML state");
             }
-            return new InitialFlowState(_configuration, Saml20IdentityParser.CreateFrom(_samlState.Value), this);
+            return new InitialFlowState(_configuration, Saml20IdentityParser.CreateFrom(_samlState.Value), this, _logger);
         }
 
-        public AbstractState CreatePrivilegeVerifiedState(Guid userExternalUuid)
+        public AbstractState CreatePrivilegeVerifiedState(Guid userExternalUuid, string cvrNumber)
         {
-            return new PrivilegeVerifiedState(userExternalUuid, _userRepository, _infoService, _ssoUserIdentityRepository, this);
+            return new PrivilegeVerifiedState(userExternalUuid, cvrNumber, _userRepository, _infoService, _ssoUserIdentityRepository, this);
         }
 
         public AbstractState CreateUserLoggedIn(User user)
@@ -75,12 +75,12 @@ public AbstractState CreateUserLoggedIn(User user)
 
         public AbstractState CreateUserIdentifiedState(User user, StsBrugerInfo stsBrugerInfo)
         {
-            return new UserIdentifiedState(user, stsBrugerInfo, _ssoUserIdentityRepository, _ssoOrganizationIdentityRepository, _organizationRepository,this,_logger);
+            return new UserIdentifiedState(user, stsBrugerInfo, _ssoUserIdentityRepository, _ssoOrganizationIdentityRepository, _organizationRepository, this, _logger);
         }
 
         public AbstractState CreateAuthorizingUserState(User user, Organization organization)
         {
-            return new AuthorizingUserState(user, organization, _organizationRoleService,this);
+            return new AuthorizingUserState(user, organization, _organizationRoleService, this);
         }
 
         public AbstractState CreateAuthorizingUserFromUnknownOrgState(User user)
@@ -90,7 +90,7 @@ public AbstractState CreateAuthorizingUserFromUnknownOrgState(User user)
 
         public AbstractState CreateAssigningRoleState(User user, Organization ssoOrganization)
         {
-            return new AssigningRoleState(user,ssoOrganization,_organizationRoleService,this);
+            return new AssigningRoleState(user, ssoOrganization, _organizationRoleService, this);
         }
 
         public AbstractState CreateFirstTimeUserNotFoundState(StsBrugerInfo stsBrugerInfo)

Core.ApplicationServices/SSO/Model/Saml20IdentityParser.cs

@@ -18,6 +18,23 @@ public static Saml20IdentityParser CreateFrom(ISaml20Identity sourceIdentity)
             return new Saml20IdentityParser(new Saml20IdentityNavigator(sourceIdentity));
         }
 
+        public Maybe<string> MatchCvrNumber()
+        {
+            var cvrNumberAttributes = _navigator
+                .GetAttribute(StsAdgangsStyringConstants.Attributes.CvrNumber)
+                .Select(x => x.AttributeValue)
+                .GetValueOrFallback(new string[0]);
+
+            foreach (var cvrNumber in cvrNumberAttributes)
+            {
+                if (!string.IsNullOrEmpty(cvrNumber))
+                {
+                    return cvrNumber;
+                }
+            }
+            return Maybe<string>.None;
+        }
+
         public Maybe<KitosSamlPrivilege> MatchPrivilege(string privilegeId)
         {
             return

Core.ApplicationServices/SSO/State/AuthorizingUserState.cs

@@ -13,7 +13,7 @@ public class AuthorizingUserState : AbstractState
         private readonly IOrganizationRoleService _organizationRoleService;
         private readonly ISsoStateFactory _ssoStateFactory;
 
-        public AuthorizingUserState(User user, Organization ssoOrganization, IOrganizationRoleService organizationRoleService,ISsoStateFactory ssoStateFactory)
+        public AuthorizingUserState(User user, Organization ssoOrganization, IOrganizationRoleService organizationRoleService, ISsoStateFactory ssoStateFactory)
         {
             _user = user;
             _ssoOrganization = ssoOrganization;
@@ -25,14 +25,14 @@ public override void Handle(FlowEvent @event, FlowContext context)
         {
             if (@event.Equals(FlowEvent.OrganizationFound))
             {
-                var rolesInOrganization = _organizationRoleService.GetRolesInOrganization(_user,_ssoOrganization.Id);
+                var rolesInOrganization = _organizationRoleService.GetRolesInOrganization(_user, _ssoOrganization.Id);
                 if (rolesInOrganization.Any())
                 {
-                    context.TransitionTo(_ssoStateFactory.CreateUserLoggedIn(_user),_=>_.HandleUserHasRoleInOrganization());
+                    context.TransitionTo(_ssoStateFactory.CreateUserLoggedIn(_user), _ => _.HandleUserHasRoleInOrganization());
                 }
                 else
                 {
-                    context.TransitionTo(_ssoStateFactory.CreateAssigningRoleState(_user,_ssoOrganization),_=>_.HandleUserHasNoRoleInOrganization());
+                    context.TransitionTo(_ssoStateFactory.CreateAssigningRoleState(_user, _ssoOrganization), _ => _.HandleUserHasNoRoleInOrganization());
                 }
             }
         }

Core.ApplicationServices/SSO/State/FirstTimeUserNotFoundState.cs

@@ -68,7 +68,7 @@ private User CreateAutoProvisonedUser(Organization organizationByCvrResult)
             user.Name = _stsBrugerInfo.FirstName;
             user.LastName = _stsBrugerInfo.LastName;
             user.DefaultOrganization = organizationByCvrResult;
-            user.Salt = string.Format("{0:N}{0:N}", Guid.NewGuid());
+            user.Salt = _cryptoService.Encrypt($"{Guid.NewGuid():N}{Guid.NewGuid():N}");
             user.Password = _cryptoService.Encrypt(string.Empty);
             _userRepository.Save();
             return user;

Core.ApplicationServices/SSO/State/FlowContext.cs

@@ -1,5 +1,4 @@
 using System;
-using NotImplementedException = System.NotImplementedException;
 
 namespace Core.ApplicationServices.SSO.State
 {

Core.ApplicationServices/SSO/State/InitialFlowState.cs

@@ -2,6 +2,7 @@
 using Core.ApplicationServices.SSO.Factories;
 using Core.ApplicationServices.SSO.Model;
 using Core.DomainModel.Result;
+using Serilog;
 
 namespace Core.ApplicationServices.SSO.State
 {
@@ -10,14 +11,17 @@ public class InitialFlowState : AbstractState
         private readonly string _samlKitosReadAccessRoleIdentifier;
         private readonly Saml20IdentityParser _parser;
         private readonly ISsoStateFactory _stateFactory;
+        private readonly ILogger _logger;
 
         public InitialFlowState(
-            SsoFlowConfiguration configuration, 
+            SsoFlowConfiguration configuration,
             Saml20IdentityParser parser,
-            ISsoStateFactory stateFactory)
+            ISsoStateFactory stateFactory,
+            ILogger logger)
         {
             _parser = parser;
             _stateFactory = stateFactory;
+            _logger = logger;
             _samlKitosReadAccessRoleIdentifier = $"{configuration.PrivilegePrefix}/roles/usersystemrole/readaccess/1";
         }
 
@@ -26,10 +30,20 @@ public override void Handle(FlowEvent @event, FlowContext context)
             if (@event.Equals(FlowEvent.LoginCompleted))
             {
                 var externalUserUuid = GetUserExternalUuid();
-                if (externalUserUuid.HasValue && CurrentUserHasKitosPrivilege())
+                var cvrNumber = _parser.MatchCvrNumber();
+                if (externalUserUuid.IsNone)
                 {
-                    context.TransitionTo(_stateFactory.CreatePrivilegeVerifiedState(externalUserUuid.Value), 
-                        _ => _.HandleUserPrivilegeVerified());
+                    _logger.Error("No external UUID passed from STS Adgangsstyring");
+                    context.TransitionTo(_stateFactory.CreateErrorState(), _ => _.HandleUnknownError());
+                }
+                else if (cvrNumber.IsNone)
+                {
+                    _logger.Error("CVR number not provided from STS Adgangsstyring");
+                    context.TransitionTo(_stateFactory.CreateErrorState(), _ => _.HandleUnknownError());
+                }
+                else if (CurrentUserHasKitosPrivilege())
+                {
+                    context.TransitionTo(_stateFactory.CreatePrivilegeVerifiedState(externalUserUuid.Value, cvrNumber.Value), _ => _.HandleUserPrivilegeVerified());
                 }
                 else
                 {

Core.ApplicationServices/SSO/State/PrivilegeVerifiedState.cs

@@ -11,18 +11,22 @@ namespace Core.ApplicationServices.SSO.State
     public class PrivilegeVerifiedState : AbstractState
     {
         private readonly Guid _userUuid;
+        private readonly string _cvrNumber;
         private readonly IStsBrugerInfoService _stsBrugerInfoService;
         private readonly ISsoUserIdentityRepository _ssoUserIdentityRepository;
         private readonly ISsoStateFactory _ssoStateFactory;
         private readonly IUserRepository _userRepository;
 
-        public PrivilegeVerifiedState(Guid userUuid,
+        public PrivilegeVerifiedState(
+            Guid userUuid,
+            string cvrNumber,
             IUserRepository userRepository,
             IStsBrugerInfoService stsBrugerInfoService,
             ISsoUserIdentityRepository ssoUserIdentityRepository,
             ISsoStateFactory ssoStateFactory)
         {
             _userUuid = userUuid;
+            _cvrNumber = cvrNumber;
             _stsBrugerInfoService = stsBrugerInfoService;
             _ssoUserIdentityRepository = ssoUserIdentityRepository;
             _userRepository = userRepository;
@@ -44,7 +48,7 @@ public override void Handle(FlowEvent @event, FlowContext context)
                     }
                     else
                     {
-                        var stsBrugerInfo = _stsBrugerInfoService.GetStsBrugerInfo(_userUuid);
+                        var stsBrugerInfo = _stsBrugerInfoService.GetStsBrugerInfo(_userUuid, _cvrNumber);
                         if (!stsBrugerInfo.HasValue)
                         {
                             context.TransitionTo(_ssoStateFactory.CreateErrorState(), _ => _.HandleUnableToResolveUserInStsOrganisation());
@@ -58,7 +62,7 @@ public override void Handle(FlowEvent @event, FlowContext context)
                 }
                 else // Try to find the user by email
                 {
-                    var stsBrugerInfo = _stsBrugerInfoService.GetStsBrugerInfo(_userUuid);
+                    var stsBrugerInfo = _stsBrugerInfoService.GetStsBrugerInfo(_userUuid, _cvrNumber);
                     if (!stsBrugerInfo.HasValue)
                     {
                         context.TransitionTo(_ssoStateFactory.CreateErrorState(), _ => _.HandleUnableToResolveUserInStsOrganisation());

Core.ApplicationServices/SSO/State/UserIdentifiedState.cs

@@ -72,7 +72,7 @@ private void HandleUserWithSsoIdentity(FlowContext context)
             }
             else
             {
-                //If not sso binding exists for the organization, try to create one by finding the org by cvr and adding the sso relation
+                //If no sso binding exists for the organization, try to create one by finding the org by cvr and adding the sso relation
                 var organizationByCvrResult = _organizationRepository.GetByCvr(_externalUser.MunicipalityCvr);
                 if (organizationByCvrResult.HasValue)
                 {

Core.ApplicationServices/SSO/StsAdgangsStyringConstants.cs

@@ -5,6 +5,7 @@ public static class StsAdgangsStyringConstants
         public static class Attributes
         {
             public const string PrivilegeKey = "dk:gov:saml:attribute:Privileges_intermediate";
+            public const string CvrNumber = "dk:gov:saml:attribute:CvrNumberIdentifier";
         }
     }
 }

Core.DomainModel/Result/Maybe.cs

@@ -51,7 +51,7 @@ public Maybe<TResult> Select<TResult>(Func<T, TResult> selector)
                 throw new ArgumentNullException(nameof(selector));
 
             return HasValue ?
-                Maybe<TResult>.Some(selector(Value)) :
+                selector(Value).FromNullable() :
                 Maybe<TResult>.None;
         }
 

Core.DomainServices/Core.DomainServices.csproj

@@ -108,7 +108,6 @@
     <Compile Include="Repositories\GDPR\SensitivePersonalDataTypeRepository.cs" />
     <Compile Include="SSO\StsAdresseHelpers.cs" />
     <Compile Include="SSO\StsOrganisationConstants.cs" />
-    <Compile Include="SSO\StsOrganisationHelpers.cs" />
     <Compile Include="SSO\StsOrganisationIntegrationConfiguration.cs" />
     <Compile Include="SSO\StsBrugerInfoService.cs" />
     <Compile Include="SSO\StsBrugerHelpers.cs" />
@@ -118,7 +117,6 @@
     <Compile Include="Repositories\Qa\IBrokenExternalReferencesReportRepository.cs" />
     <Compile Include="SSO\StsPersonData.cs" />
     <Compile Include="SSO\StsPersonHelpers.cs" />
-    <Compile Include="SSO\StsVirksomhedHelpers.cs" />
     <Compile Include="Time\IOperationClock.cs" />
     <Compile Include="Repositories\KLE\IKLEConverterHelper.cs" />
     <Compile Include="Repositories\KLE\IKLEParentHelper.cs" />

Core.DomainServices/SSO/IStsBrugerInfoService.cs

@@ -5,6 +5,6 @@ namespace Core.DomainServices.SSO
 {
     public interface IStsBrugerInfoService
     {
-        Maybe<StsBrugerInfo> GetStsBrugerInfo(Guid uuid);
+        Maybe<StsBrugerInfo> GetStsBrugerInfo(Guid uuid, string cvrNumber);
     }
 }