Feature/signing #956
Feature/signing #956
Conversation
* adr for transaction handling * scaffold signee service
… is supplied, authorize it as a write action. Move deletion of stale data elements to ProcessTaskInitializer.
* Expose endpoint for searching for person using ssn and last name. * Use class and drop dto postfix. * Move mapping to reponse class. * Add success property to PersonSearchResult. Move person details into nested object.
* adds endpoint for getting an organisation from Enhetsregisteret * renames OrganisationSearch -> Lookup
* temp * feat: add phone and email to signee state * split signee states on person/org, handle delegation before notification * split signing notification and delegation to seperate services * Move SigneeParty to Models folder * update signeeConfig -> signeeParty * split out method for processing signees to support retries * restructure signeecontext, party and state * update signing service to use new signingcontext structure * split notification config based on the receiving system * Make telemetry nullable in signing service. * some more stuff * Fix compilation error * Touples in notification service. Sms number from registry. Store reason for sms/email failure. * Extract SigningService interface. Various adjustments after mob session. * For now: Add user action for initializing delegated signing. --------- Co-authored-by: Bjørn Tore Gjerde <[email protected]>
* add model for delegation request * add step builder for delegation request * add scaffold for delegation client * add scaffold to signing delegation service * temp solution for const instead of magic strings * add delegation client * weird state * update handling of party id to use party uuid * rm sign delegate rights from access management client
…ake Telemetry optional in SigningService.
# Conflicts: # src/Altinn.App.Core/Configuration/PlatformSettings.cs # src/Altinn.App.Core/Extensions/ServiceCollectionExtensions.cs
…while env == development. (#940)
* update builder to standard set in correspondance (1/2) * restructure: add builders folder * formatting * add TryGet method to retrieve app resource id * cleanup * formatting * add custom exceptions * use IOptions for plattformsettings * simplify builder * format * trailing comma * more formatting
* update controllers * add 500 annotation for org lookup * fix copy pasta * update swagger * lastname usage goes too deep (storage) * update swagger * update test paths * use 200 OK when no hit * typo * log error * format * use the correct namespacing for the logger * shorten method
|
/publish |
PR release:
|
|
/publish |
PR release:
|
#1161) * Authorize process next as 'sign' when the process task type is signing and and no action was submitted. This is how storage authorizes it, and it means that the party that should run process next when everyone has signed, needs the 'sign' access right. * Move process next authorization into separate class and define what kind of actions allow process next for each task type.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| { | ||
| // Arrange | ||
| Instance instance = CreateInstance("task1", "data"); | ||
| _httpContextAccessorMock.Setup(x => x.HttpContext).Returns((HttpContext?)null); |
Check warning
Code scanning / CodeQL
Useless upcast Warning test
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 4 days ago
To fix the problem, we need to remove the redundant cast (HttpContext?)null. This can be done by simply replacing (HttpContext?)null with null. This change should be made in the file test/Altinn.App.Core.Tests/Internal/Process/ProcessEngineAuthorizerTests.cs on line 260.
| @@ -259,3 +259,3 @@ | ||
| Instance instance = CreateInstance("task1", "data"); | ||
| _httpContextAccessorMock.Setup(x => x.HttpContext).Returns((HttpContext?)null); | ||
| _httpContextAccessorMock.Setup(x => x.HttpContext).Returns(null); | ||
|
|
| _logger.LogDebug("User is authorized to perform action {Action}", checkedAction); | ||
| _logger.LogDebug( | ||
| "User successfully authorized to perform process next. Task ID: {CurrentTaskId}. Task type: {AltinnTaskType}. Action: {ProcessNextAction}.", | ||
| currentTaskId, |
Check failure
Code scanning / CodeQL
Log entries created from user input High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 4 days ago
To fix the problem, we need to sanitize the currentTaskId before logging it. This can be done by removing any newline characters from the currentTaskId to prevent log forging attacks. We will use the String.Replace method to achieve this.
- Identify the line where
currentTaskIdis logged (line 353). - Sanitize the
currentTaskIdby replacing newline characters with an empty string before logging it.
| @@ -352,3 +352,3 @@ | ||
| "User successfully authorized to perform process next. Task ID: {CurrentTaskId}. Task type: {AltinnTaskType}. Action: {ProcessNextAction}.", | ||
| currentTaskId, | ||
| currentTaskId?.Replace(Environment.NewLine, ""), | ||
| altinnTaskType, |
| _logger.LogDebug( | ||
| "User successfully authorized to perform process next. Task ID: {CurrentTaskId}. Task type: {AltinnTaskType}. Action: {ProcessNextAction}.", | ||
| currentTaskId, | ||
| altinnTaskType, |
Check failure
Code scanning / CodeQL
Log entries created from user input High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 4 days ago
To fix the problem, we need to ensure that any user input that is logged is properly sanitized. In this case, we should sanitize altinnTaskType before logging it. This can be done by using a method that removes or encodes any potentially harmful characters from the user input.
The best way to fix this without changing existing functionality is to introduce a sanitization method that removes newline characters and other potentially harmful characters from altinnTaskType before it is logged. We can create a utility method LogSanitizer.Sanitize to handle this sanitization.
| @@ -353,3 +353,3 @@ | ||
| currentTaskId, | ||
| altinnTaskType, | ||
| LogSanitizer.Sanitize(altinnTaskType), | ||
| LogSanitizer.Sanitize(processNext?.Action ?? "none") |
| { | ||
| _logger.LogError( | ||
| "Instance {InstanceId} has no current task. The process must be started before process next can be authorized.", | ||
| instance.Id |
Check failure
Code scanning / CodeQL
Log entries created from user input High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 4 days ago
To fix the problem, we need to sanitize the instance.Id before logging it. This can be done by removing any new line characters or other potentially harmful characters from the instance.Id. We can create a utility method to sanitize the input and use it before logging.
- Create a utility method
Sanitizein a helper class to remove new line characters from the input. - Use this method to sanitize
instance.Idbefore logging it inProcessEngineAuthorizer.cs.
| @@ -39,3 +39,3 @@ | ||
| "Instance {InstanceId} has no current task. The process must be started before process next can be authorized.", | ||
| instance.Id | ||
| LogSanitizer.Sanitize(instance.Id) | ||
| ); |
| foreach (string actionToAuthorize in actionsThatAllowProcessNextForTaskType) | ||
| { | ||
| bool isActionAuthorized = await _authorizationService.AuthorizeAction( | ||
| new AppIdentifier(instance.AppId), | ||
| new InstanceIdentifier(instance), | ||
| _httpContext.User, | ||
| actionToAuthorize, | ||
| currentTaskId | ||
| ); | ||
|
|
||
| if (isActionAuthorized) | ||
| { | ||
| isAnyActionAuthorized = true; | ||
| break; | ||
| } | ||
| } |
Check notice
Code scanning / CodeQL
Missed opportunity to use Select Note
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 4 days ago
To fix the problem, we will replace the foreach loop with a LINQ Select method to transform the sequence and then use the Any method to check if any action is authorized. This approach will make the code more readable by clearly expressing the intent to transform the sequence and check a condition.
- Replace the
foreachloop with a LINQSelectmethod to transform the sequence. - Use the
Anymethod to check if any action is authorized. - Ensure the asynchronous operations are handled correctly within the LINQ query.
| @@ -70,19 +70,13 @@ | ||
|
|
||
| var isAnyActionAuthorized = false; | ||
| foreach (string actionToAuthorize in actionsThatAllowProcessNextForTaskType) | ||
| { | ||
| bool isActionAuthorized = await _authorizationService.AuthorizeAction( | ||
| new AppIdentifier(instance.AppId), | ||
| new InstanceIdentifier(instance), | ||
| _httpContext.User, | ||
| actionToAuthorize, | ||
| currentTaskId | ||
| ); | ||
|
|
||
| if (isActionAuthorized) | ||
| { | ||
| isAnyActionAuthorized = true; | ||
| break; | ||
| } | ||
| } | ||
| var isAnyActionAuthorized = await Task.WhenAny( | ||
| actionsThatAllowProcessNextForTaskType.Select(async actionToAuthorize => | ||
| await _authorizationService.AuthorizeAction( | ||
| new AppIdentifier(instance.AppId), | ||
| new InstanceIdentifier(instance), | ||
| _httpContext.User, | ||
| actionToAuthorize, | ||
| currentTaskId | ||
| ) | ||
| ) | ||
| ).ContinueWith(task => task.Result); | ||
|
|
|
|
||
| _logger.LogInformation( | ||
| "Process next performed without an action. Authorizing based on task type {AltinnTaskType}, which means using action(s) [{Actions}]. Authorization result: {IsAnyActionAuthorized}.", | ||
| altinnTaskType, |
Check failure
Code scanning / CodeQL
Log entries created from user input High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 4 days ago
To fix the problem, we need to sanitize the altinnTaskType before logging it. This can be done by removing any newline characters and other potentially harmful characters from the user input. We can create a utility method to sanitize the input and use it before logging.
- Create a utility method
Sanitizein a new or existing utility class. - Use this method to sanitize
altinnTaskTypebefore logging it.
| @@ -89,4 +89,4 @@ | ||
| _logger.LogInformation( | ||
| "Process next performed without an action. Authorizing based on task type {AltinnTaskType}, which means using action(s) [{Actions}]. Authorization result: {IsAnyActionAuthorized}.", | ||
| altinnTaskType, | ||
| "Process next performed without an action. Authorizing based on task type {SanitizedAltinnTaskType}, which means using action(s) [{Actions}]. Authorization result: {IsAnyActionAuthorized}.", | ||
| LogSanitizer.Sanitize(altinnTaskType), | ||
| string.Join(",", actionsThatAllowProcessNextForTaskType), |
| _logger.LogInformation( | ||
| "Process next performed without an action. Authorizing based on task type {AltinnTaskType}, which means using action(s) [{Actions}]. Authorization result: {IsAnyActionAuthorized}.", | ||
| altinnTaskType, | ||
| string.Join(",", actionsThatAllowProcessNextForTaskType), |
Check failure
Code scanning / CodeQL
Log entries created from user input High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 4 days ago
To fix the problem, we need to sanitize the user input before logging it. Specifically, we should ensure that the altinnTaskType and the actions derived from it do not contain any characters that could be used to forge log entries. We can use a method to sanitize the input by removing or encoding any potentially harmful characters.
- Create a method to sanitize the
altinnTaskTypeand the actions derived from it. - Use this method to sanitize the
altinnTaskTypebefore logging it. - Ensure that the actions derived from
altinnTaskTypeare also sanitized before logging.
| @@ -89,5 +89,5 @@ | ||
| _logger.LogInformation( | ||
| "Process next performed without an action. Authorizing based on task type {AltinnTaskType}, which means using action(s) [{Actions}]. Authorization result: {IsAnyActionAuthorized}.", | ||
| altinnTaskType, | ||
| string.Join(",", actionsThatAllowProcessNextForTaskType), | ||
| "Process next performed without an action. Authorizing based on task type {SanitizedAltinnTaskType}, which means using action(s) [{SanitizedActions}]. Authorization result: {IsAnyActionAuthorized}.", | ||
| LogSanitizer.Sanitize(altinnTaskType), | ||
| string.Join(",", actionsThatAllowProcessNextForTaskType.Select(LogSanitizer.Sanitize)), | ||
| isAnyActionAuthorized |
|
/publish |
PR release:
|
* Add GetRoles method to Authorization client * add GetAuthorizedOrganisations endpoint * Add telemetry to authorization client GetRoles method * extract method * add mock for auth client * format * Add response dto * update swagger snaphot * update test setup to include new dependency * add signing controller tests * add signing service test * mv GetAuthorizedOrganisations GetAuthorizedOrganisationSignees * mv authorised authorized * update swagger test expected snapshot * use IAthenticationContext instead of IHttpContextAccessor * use pdp multi part request to get key role organisations * filter permitted * cleanup * update test * add tempt tt02 debug logging * do actions optionally on behalf of an org * stringly typed * rm unused using as this apparently crashed the github runners which are more strcit than building locally * update swagger verified for snapshot * add logging * update test * more logging * found the issue... * handle on behalf of * rm getRoles from auth client as this is no longer used * rm unused using * rm solved TODO * rm noisy logging * make method static..
test/Altinn.App.Api.Tests/Controllers/SigningControllerTests.cs
Dismissed
Show dismissed
Hide dismissed
|
* Don't use string interpolation in logging message templates. * Remove this unnecessary check for null. * format * rm todos * condition always evaluates to true * mark class as static * rm todo comments * 'int' should not be explicitly used as the underlying type of enum * remove unused local variable
Description
PR so that vi can publish an experimental package
Related Issue(s)
Verification
Documentation