New page for easily finding the Urls for localtest ApiTokens (#126)

Altinn · Nov 27, 2024 · d7dc726 · d7dc726
1 parent 3ad4306
commit d7dc726
Show file tree

Hide file tree

Showing 7 changed files with 218 additions and 33 deletions.
diff --git a/src/Configuration/LocalPlatformSettings.cs b/src/Configuration/LocalPlatformSettings.cs
@@ -41,7 +41,7 @@ public string LocalTestingStaticTestDataPath
             }
         }
 
-        public string LocalFrontendHostname { get; set; }
+        public string LocalFrontendHostname { get; set; } = "localhost";
 
         public string LocalFrontendProtocol { get; set; } = "http";
 

diff --git a/src/Controllers/HomeController.cs b/src/Controllers/HomeController.cs
@@ -79,7 +79,7 @@ public async Task<IActionResult> Index()
                     model.Org = model.TestApps[0].Value?.Split("/").FirstOrDefault();
                     model.App = model.TestApps[0].Value?.Split("/").LastOrDefault();
                 }
-                model.TestUsers = await GetTestUsersForList();
+                model.TestUsers = await GetTestUsersAndPartiesSelectList();
                 model.UserSelect = Request.Cookies["Localtest_User.Party_Select"];
                 var defaultAuthLevel = await GetAppAuthLevel(model.AppModeIsHttp, model.TestApps);
                 model.AuthenticationLevels = GetAuthenticationLevels(defaultAuthLevel);
@@ -112,6 +112,7 @@ public IActionResult Error()
         /// <summary>
         /// Method that logs inn test user
         /// </summary>
+        /// <param name="action">Set to "reauthenticate" if you want to set cookies with no redirect</param>
         /// <param name="startAppModel">An object with information about app and user.</param>
         /// <returns>Redirects to returnUrl</returns>
         [HttpPost]
@@ -175,13 +176,28 @@ public async Task<ActionResult> LogInTestUser(string action, StartAppModel start
             return Redirect($"/{app.Id}/");
         }
 
+        [HttpGet("/Home/Tokens")]
+        public async Task<IActionResult> Tokens()
+        {
+            var model = new TokensViewModel
+            {
+                AuthenticationLevels = GetAuthenticationLevels(2),
+                TestUsers = await GetUsersSelectList(),
+                DefaultOrg = _localPlatformSettings.LocalAppMode == "http" ? (await GetAppsList()).First().Value?.Split("/").FirstOrDefault() : null,
+            };
+
+            return View(model);
+        }
+
+
         /// <summary>
-        ///
+        /// Returns a user token with the given userId as claim
         /// </summary>
-        /// <param name="userId"></param>
+        /// <param name="userId">UserId of the token holder</param>
+        /// <param name="authenticationLevel">Authentication level of the token</param>
         /// <returns></returns>
-        [HttpGet("{userId}")]
-        public async Task<ActionResult> GetTestUserToken(int userId)
+        [HttpGet("/Home/GetTestUserToken/{userId?}")]
+        public async Task<ActionResult> GetTestUserToken(int userId, [FromQuery] int authenticationLevel = 2)
         {
             UserProfile profile = await _userProfileService.GetUser(userId);
 
@@ -191,25 +207,28 @@ public async Task<ActionResult> GetTestUserToken(int userId)
             }
 
             // Create a test token with long duration
-            string token = await _authenticationService.GenerateTokenForProfile(profile, 2);
+            string token = await _authenticationService.GenerateTokenForProfile(profile, authenticationLevel);
             return Ok(token);
         }
 
         /// <summary>
         /// Returns a org token with the given org as claim
         /// </summary>
-        /// <param name="id"></param>
+        /// <param name="org">The short code used to identify the service owner org</param>
+        /// <param name="orgNumber">Organization number to be included in token (if not an official service owner)</param>
+        /// <param name="authenticationLevel">Authentication level of the token</param>
         /// <returns></returns>
-        [HttpGet("{id}")]
-        public async Task<ActionResult> GetTestOrgToken(string id, [FromQuery] string orgNumber = null, [FromQuery] string scopes = null)
+        [HttpGet("/Home/GetTestOrgToken/{org?}")]
+        public async Task<ActionResult> GetTestOrgToken(string org, [FromQuery] string orgNumber = null, [FromQuery] string scopes = null, [FromQuery] int? authenticationLevel = 3)
         {
+
             // Create a test token with long duration
-            string token = await _authenticationService.GenerateTokenForOrg(id, orgNumber, scopes);
+            string token = await _authenticationService.GenerateTokenForOrg(org, orgNumber, scopes, authenticationLevel);
 
             return Ok(token);
         }
 
-        private async Task<IEnumerable<SelectListItem>> GetTestUsersForList()
+        private async Task<IEnumerable<SelectListItem>> GetTestUsersAndPartiesSelectList()
         {
             var data = await _testDataService.GetTestData();
             var userItems = new List<SelectListItem>();
@@ -252,6 +271,23 @@ private async Task<IEnumerable<SelectListItem>> GetTestUsersForList()
             return userItems;
         }
 
+        private async Task<List<SelectListItem>> GetUsersSelectList()
+        {
+            var data = await _testDataService.GetTestData();
+            var testUsers = new List<SelectListItem>();
+            foreach (UserProfile profile in data.Profile.User.Values)
+            {
+                var properProfile = await _userProfileService.GetUser(profile.UserId);
+                testUsers.Add(new()
+                {
+                    Text = properProfile?.Party.Name,
+                    Value = profile.UserId.ToString(),
+                });
+            }
+
+            return testUsers;
+        }
+
         private async Task<int> GetAppAuthLevel(bool isHttp, IEnumerable<SelectListItem> testApps)
         {
             if (!isHttp)
@@ -276,7 +312,7 @@ private async Task<int> GetAppAuthLevel(bool isHttp, IEnumerable<SelectListItem>
             }
         }
 
-        private List<SelectListItem> GetAuthenticationLevels(int defaultAuthLevel)
+        private static List<SelectListItem> GetAuthenticationLevels(int defaultAuthLevel)
         {
             return new()
             {

diff --git a/src/Models/TokensModel.cs b/src/Models/TokensModel.cs
@@ -0,0 +1,11 @@
+#nullable enable
+using Microsoft.AspNetCore.Mvc.Rendering;
+
+namespace LocalTest.Models;
+
+public class TokensViewModel
+{
+    public required IEnumerable<SelectListItem> TestUsers { get; init; }
+    public required List<SelectListItem> AuthenticationLevels { get; init; }
+    public required string DefaultOrg { get; init; }
+}
diff --git a/src/Services/Authentication/Implementation/AuthenticationService.cs b/src/Services/Authentication/Implementation/AuthenticationService.cs
@@ -1,19 +1,16 @@
 #nullable enable
-using System;
-using System.Collections.Generic;
 using System.IdentityModel.Tokens.Jwt;
 using System.Security.Claims;
 using System.Security.Cryptography.X509Certificates;
-using System.Threading.Tasks;
-using AuthSettings = Altinn.Platform.Authentication.Configuration.GeneralSettings;
+using Altinn.Platform.Authorization.Services.Interface;
 using Altinn.Platform.Profile.Models;
+using AltinnCore.Authentication.Constants;
 using LocalTest.Clients.CdnAltinnOrgs;
+using LocalTest.Configuration;
 using LocalTest.Services.Authentication.Interface;
 using Microsoft.Extensions.Options;
 using Microsoft.IdentityModel.Tokens;
-using LocalTest.Configuration;
-using AltinnCore.Authentication.Constants;
-using Altinn.Platform.Authorization.Services.Interface;
+using AuthSettings = Altinn.Platform.Authentication.Configuration.GeneralSettings;
 
 namespace LocalTest.Services.Authentication.Implementation;
 
@@ -24,13 +21,19 @@ public class AuthenticationService : IAuthentication
     private readonly GeneralSettings _generalSettings;
     private readonly IClaims _claimsService;
 
-    public AuthenticationService(AltinnOrgsClient orgsClient, IOptions<AuthSettings> authSettings, IOptions<GeneralSettings> generalSettings, IClaims claimsService)
+    public AuthenticationService(
+        AltinnOrgsClient orgsClient,
+        IOptions<AuthSettings> authSettings,
+        IOptions<GeneralSettings> generalSettings,
+        IClaims claimsService
+    )
     {
         _orgsClient = orgsClient;
         _authSettings = authSettings.Value;
         _generalSettings = generalSettings.Value;
         _claimsService = claimsService;
     }
+
     ///<inheritdoc/>
     public string GenerateToken(ClaimsPrincipal principal)
     {
@@ -56,7 +59,12 @@ public string GenerateToken(ClaimsPrincipal principal)
     }
 
     /// <inheritdoc />
-    public async Task<string> GenerateTokenForOrg(string org, string? orgNumber = null, string? scopes = null)
+    public async Task<string> GenerateTokenForOrg(
+        string org,
+        string? orgNumber = null,
+        string? scopes = null,
+        int? authenticationLevel = null
+    )
     {
         if (orgNumber is null)
         {
@@ -66,14 +74,27 @@ public async Task<string> GenerateTokenForOrg(string org, string? orgNumber = nu
 
         List<Claim> claims = new List<Claim>();
         string issuer = _generalSettings.Hostname;
-        claims.Add(new Claim(AltinnCoreClaimTypes.Org, org.ToLower(), ClaimValueTypes.String, issuer));
-        // 3 is the default level for altinn tokens form Maskinporten
-        claims.Add(new Claim(AltinnCoreClaimTypes.AuthenticationLevel, "3", ClaimValueTypes.Integer32, issuer));
+        claims.Add(
+            new Claim(AltinnCoreClaimTypes.Org, org.ToLower(), ClaimValueTypes.String, issuer)
+        );
+        claims.Add(
+            new Claim(
+                AltinnCoreClaimTypes.AuthenticationLevel,
+                // 3 is the default authentication level from maskinporten
+                (authenticationLevel ?? 3).ToString(),
+                ClaimValueTypes.Integer32,
+                issuer
+            )
+        );
+
         scopes ??= "altinn:serviceowner/instances.read";
         claims.Add(new Claim("urn:altinn:scope", scopes, ClaimValueTypes.String, issuer));
+
         if (!string.IsNullOrEmpty(orgNumber))
         {
-            claims.Add(new Claim(AltinnCoreClaimTypes.OrgNumber, orgNumber, ClaimValueTypes.String, issuer));
+            claims.Add(
+                new Claim(AltinnCoreClaimTypes.OrgNumber, orgNumber, ClaimValueTypes.String, issuer)
+            );
         }
 
         ClaimsIdentity identity = new ClaimsIdentity(_generalSettings.GetClaimsIdentity);
@@ -89,11 +110,46 @@ public async Task<string> GenerateTokenForProfile(UserProfile profile, int authe
     {
         List<Claim> claims = new List<Claim>();
         string issuer = _generalSettings.Hostname;
-        claims.Add(new Claim(ClaimTypes.NameIdentifier, profile.UserId.ToString(), ClaimValueTypes.String, issuer));
-        claims.Add(new Claim(AltinnCoreClaimTypes.UserId, profile.UserId.ToString(), ClaimValueTypes.String, issuer));
-        claims.Add(new Claim(AltinnCoreClaimTypes.UserName, profile.UserName, ClaimValueTypes.String, issuer));
-        claims.Add(new Claim(AltinnCoreClaimTypes.PartyID, profile.PartyId.ToString(), ClaimValueTypes.Integer32, issuer));
-        claims.Add(new Claim(AltinnCoreClaimTypes.AuthenticationLevel, authenticationLevel.ToString(), ClaimValueTypes.Integer32, issuer));
+        claims.Add(
+            new Claim(
+                ClaimTypes.NameIdentifier,
+                profile.UserId.ToString(),
+                ClaimValueTypes.String,
+                issuer
+            )
+        );
+        claims.Add(
+            new Claim(
+                AltinnCoreClaimTypes.UserId,
+                profile.UserId.ToString(),
+                ClaimValueTypes.String,
+                issuer
+            )
+        );
+        claims.Add(
+            new Claim(
+                AltinnCoreClaimTypes.UserName,
+                profile.UserName,
+                ClaimValueTypes.String,
+                issuer
+            )
+        );
+        claims.Add(
+            new Claim(
+                AltinnCoreClaimTypes.PartyID,
+                profile.PartyId.ToString(),
+                ClaimValueTypes.Integer32,
+                issuer
+            )
+        );
+        claims.Add(
+            new Claim(
+                AltinnCoreClaimTypes.AuthenticationLevel,
+                authenticationLevel.ToString(),
+                ClaimValueTypes.Integer32,
+                issuer
+            )
+        );
         claims.AddRange(await _claimsService.GetCustomClaims(profile.UserId, issuer));
 
         ClaimsIdentity identity = new ClaimsIdentity(_generalSettings.GetClaimsIdentity);
@@ -103,4 +159,3 @@ public async Task<string> GenerateTokenForProfile(UserProfile profile, int authe
         return GenerateToken(principal);
     }
 }
-
diff --git a/src/Services/Authentication/Interface/IAuthentication.cs b/src/Services/Authentication/Interface/IAuthentication.cs
@@ -19,8 +19,15 @@ public interface IAuthentication
         /// </summary>
         /// <param name="org">Three letter application owner name (eg, TST )</param>
         /// <param name="orgNumber">Optional Organization number for the application owner. Will be fetched if not provided</param>
+        /// <param name="scopes">Space separated scopes for the token. If null default to "altinn:serviceowner/instances.read"</param>
+        /// <param name="authenticationLevel">The authentication level of the generated token</param>
         /// <returns>JWT token</returns>
-        public Task<string> GenerateTokenForOrg(string org, string? orgNumber = null, string? scopes = null);
+        public Task<string> GenerateTokenForOrg(
+            string org,
+            string? orgNumber = null,
+            string? scopes = null,
+            int? authenticationLevel = null
+        );
 
         /// <summary>
         /// Get JWT token for user profile

diff --git a/src/Views/Home/Tokens.cshtml b/src/Views/Home/Tokens.cshtml
@@ -0,0 +1,71 @@
+@model TokensViewModel
+@{
+  ViewData["Title"] = "Tokens for localtest";
+}
+<div class="container">
+    <h1 class="display-4">Welcome to Altinn App Local Testing</h1>
+    <p>Create tokens for accessing the localtest apis.</p>
+
+    <div class="alert alert-warning">Note that LocalTest is not an exact replica of the production systems, and that there are differences</div>
+
+    <div class="flex flex-column">
+
+        <h2>Generate end users token (like from idporten)</h2>
+        @using (Html.BeginForm("GetTestUserToken", "Home", FormMethod.Get, new { Class = "form" }))
+        {
+            <div class="form-group">
+                <label>Select user</label>
+                @Html.DropDownList("userId", Model.TestUsers, new { Class = "form-control" })
+            </div>
+            <div class="form-group">
+                <label>Select your authentication level</label>
+                @Html.DropDownList("authenticationLevel", Model.AuthenticationLevels, new { Class = "form-control" })
+            </div>
+
+            <div class="form-group">
+                <button type="submit" class="btn btn-primary">Get User token</button>
+            </div>
+        }
+        </div>
+        <div class="flex flex-column">
+        <h2>Service owner tokens</h2>
+        @using (Html.BeginForm("GetTestOrgToken", "Home", FormMethod.Get, new { Class = "form-signin" }))
+        {
+            <div class="form-group">
+                <label>Select service owner org</label>
+                @Html.TextBox("org", Model.DefaultOrg, new { Class = "form-control" })
+            </div>
+            <div class="form-group">
+                <label>Select your authentication level</label>
+                @Html.DropDownList("authenticationLevel", Model.AuthenticationLevels, new { Class = "form-control" })
+            </div>
+            <div class="form-group">
+                <label>optional org number for the token</label>
+                @Html.TextBox("orgNumber", "", new { Class = "form-control", Placeholder = "For official orgs this is fetch from altinncdn.no" })
+            </div>
+            <div class="form-group">
+                <label>Scopes for the token separated by space " " (scopes does not seem to be verified by localtest storage)</label>
+
+                @Html.TextBox("scopes", "", new { Class = "form-control", Id = "scopes", PlaceHolder = "altinn:serviceowner/instances.read" })
+            </div>
+
+            <div class="form-group">
+                <button type="submit" class="btn btn-primary">Get Org token</button>
+            </div>
+        }
+    </div>
+</div>
+
+@section Scripts
+{
+    <script>
+        document.getElementByid("addScopeBtn")
+    </script>
+}
+
+@section Styles
+{
+    <style>
+
+    </style>
+}
diff --git a/src/Views/Shared/_Layout.cshtml b/src/Views/Shared/_Layout.cshtml
@@ -6,6 +6,7 @@
     <title>@ViewData["Title"] - Altinn Studio</title>
     <link href="https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-T3c6CoIi6uLrA9TneNEoa7RxnatzjcDSCmG1MXxSR1GAsXEV/Dwwykc2MPK8M2HN" crossorigin="anonymous">
     <link rel="stylesheet" href="~/localtestresources/css/site.css" />
+    @RenderSection("Styles", required: false)
 </head>
 <body>
     <header>
@@ -29,6 +30,10 @@
                             <a class="nav-link text-secondary" asp-area="" asp-controller="TenorUsers"
                                 asp-action="Index">User administration</a>
                         </li>
+                        <li class="nav-item">
+                            <a class="nav-link text-dark" asp-area="" asp-controller="Home"
+                                asp-action="Tokens">Tokens</a>
+                        </li>
                         <li class="nav-item">
                             <a class="nav-link text-dark" asp-area="" asp-controller="StorageExplorer" asp-action="Index">Storage Explorer</a>
                         </li>
-Original file line number
+Diff line change
@@ Expand Up / @@ -41,7 +41,7 @@ public string LocalTestingStaticTestDataPath @@
                 }
             }
-            public string LocalFrontendHostname { get; set; }
+            public string LocalFrontendHostname { get; set; } = "localhost";
             public string LocalFrontendProtocol { get; set; } = "http";
@@ Expand Down @@