Feature/signing #956
Feature/signing #956
Conversation
* adr for transaction handling * scaffold signee service
… is supplied, authorize it as a write action. Move deletion of stale data elements to ProcessTaskInitializer.
* Expose endpoint for searching for person using ssn and last name. * Use class and drop dto postfix. * Move mapping to reponse class. * Add success property to PersonSearchResult. Move person details into nested object.
* adds endpoint for getting an organisation from Enhetsregisteret * renames OrganisationSearch -> Lookup
* temp * feat: add phone and email to signee state * split signee states on person/org, handle delegation before notification * split signing notification and delegation to seperate services * Move SigneeParty to Models folder * update signeeConfig -> signeeParty * split out method for processing signees to support retries * restructure signeecontext, party and state * update signing service to use new signingcontext structure * split notification config based on the receiving system * Make telemetry nullable in signing service. * some more stuff * Fix compilation error * Touples in notification service. Sms number from registry. Store reason for sms/email failure. * Extract SigningService interface. Various adjustments after mob session. * For now: Add user action for initializing delegated signing. --------- Co-authored-by: Bjørn Tore Gjerde <bjorn.tore.gjerde@vivende.no>
* add model for delegation request * add step builder for delegation request * add scaffold for delegation client * add scaffold to signing delegation service * temp solution for const instead of magic strings * add delegation client * weird state * update handling of party id to use party uuid * rm sign delegate rights from access management client
…ake Telemetry optional in SigningService.
# Conflicts: # src/Altinn.App.Core/Configuration/PlatformSettings.cs # src/Altinn.App.Core/Extensions/ServiceCollectionExtensions.cs
…while env == development. (#940)
* update builder to standard set in correspondance (1/2) * restructure: add builders folder * formatting * add TryGet method to retrieve app resource id * cleanup * formatting * add custom exceptions * use IOptions for plattformsettings * simplify builder * format * trailing comma * more formatting
* update controllers * add 500 annotation for org lookup * fix copy pasta * update swagger * lastname usage goes too deep (storage) * update swagger * update test paths * use 200 OK when no hit * typo * log error * format * use the correct namespacing for the logger * shorten method
* adds self links to signing data elements * updates oas
* rename method * add terlemetry to singing delegation * use instancemuitator instead of instance * lastname changes * format * temp fix for bad model * add debug logging * format * domain model for application resource id * format * use app resource id * add AppResourceId and simplify parameters to signing delegation * debug logging * lets try loggin again * format * update instantiation of AppIdentifier * public * use actual instance id * inject taskId as param, due to being unable to resolve it * add delegation builder test * better logging for access management issues * rm unused using * better logging * just log everything * just log everything but better * forgot one * add summary for all public props * use party uuid * clarify vars, rm comments * log response * summaries * add app and org delegation * simplify delegation abstractions * move appResourceId into a named namespace * rm builders, use domain objects * client cleanup * add revoke signee rights * format * rm debug logging * workaround -> work around * block scoped variables * rm debug logging of sensitive data * delagate from current user * use UserParty instead of Party
* simplify lastname handling * get lastname from fullname * use invariant culture * rm redundant semi * update summary for PersonSignee.FullName
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| foreach (SigneeContext signeeContext in signeeContexts) | ||
| { | ||
| if (signeeContext.SigneeState.IsAccessDelegated is true) | ||
| { | ||
| try | ||
| { | ||
| DelegationRequest delegationRequest = new() | ||
| { | ||
| ResourceId = appResourceId.Value, | ||
| InstanceId = instanceGuid, | ||
| From = new DelegationParty | ||
| { | ||
| Value = | ||
| delegatorParty.PartyUuid.ToString() | ||
| ?? throw new InvalidOperationException("Delegator: PartyUuid is null"), | ||
| }, | ||
| To = new DelegationParty | ||
| { | ||
| Value = | ||
| signeeContext.Party.PartyUuid.ToString() | ||
| ?? throw new InvalidOperationException("Delegatee: PartyUuid is null"), | ||
| }, | ||
| Rights = | ||
| [ | ||
| new RightRequest | ||
| { | ||
| Resource = | ||
| [ | ||
| new AppResource { Value = appIdentifier.App }, | ||
| new OrgResource { Value = appIdentifier.Org }, | ||
| new TaskResource { Value = taskId }, | ||
| ], | ||
| Action = new AltinnAction { Value = ActionType.Read }, | ||
| }, | ||
| new RightRequest | ||
| { | ||
| Resource = | ||
| [ | ||
| new AppResource { Value = appIdentifier.App }, | ||
| new OrgResource { Value = appIdentifier.Org }, | ||
| new TaskResource { Value = taskId }, | ||
| ], | ||
| Action = new AltinnAction { Value = ActionType.Sign }, | ||
| }, | ||
| ], | ||
| }; | ||
| DelegationResponse? response = await accessManagementClient.RevokeRights(delegationRequest, ct); | ||
| signeeContext.SigneeState.IsAccessDelegated = false; | ||
| telemetry?.RecordDelegationRevoke(DelegationResult.Success); | ||
| } | ||
| catch (Exception ex) | ||
| { | ||
| logger.LogError(ex, "Failed to revoke signee rights"); | ||
| signeeContext.SigneeState.DelegationFailedReason = "Failed to revoke signee rights: " + ex.Message; | ||
| telemetry?.RecordDelegationRevoke(DelegationResult.Error); | ||
| success = false; | ||
| } | ||
| } | ||
| } |
Check notice
Code scanning / CodeQL
Missed opportunity to use Where Note
| }, | ||
| ], | ||
| }; | ||
| DelegationResponse? response = await accessManagementClient.RevokeRights(delegationRequest, ct); |
Check warning
Code scanning / CodeQL
Useless assignment to local variable Warning
| catch (Exception ex) | ||
| { | ||
| logger.LogError(ex, "Failed to revoke signee rights"); | ||
| signeeContext.SigneeState.DelegationFailedReason = "Failed to revoke signee rights: " + ex.Message; | ||
| telemetry?.RecordDelegationRevoke(DelegationResult.Error); | ||
| success = false; | ||
| } |
Check notice
Code scanning / CodeQL
Generic catch clause Note
| }, | ||
| ], | ||
| }; | ||
| DelegationResponse? response = await accessManagementClient.DelegateRights(delegationRequest, ct); |
Check warning
Code scanning / CodeQL
Useless assignment to local variable Warning
| catch (Exception ex) | ||
| { | ||
| logger.LogError(ex, "Failed to delegate signee rights"); | ||
| state.DelegationFailedReason = "Failed to delegate signee rights: " + ex.Message; | ||
| telemetry?.RecordDelegation(DelegationResult.Error); | ||
| success = false; | ||
| } |
Check notice
Code scanning / CodeQL
Generic catch clause Note
| { | ||
| using var activity = telemetry?.StartAppInstanceRevokeActivity(); | ||
|
|
||
| HttpResponseMessage? httpResponseMessage = null; |
Check notice
Code scanning / CodeQL
Missed 'using' opportunity Note
| catch (Exception e) | ||
| { | ||
| var ex = | ||
| e is AccessManagementRequestException | ||
| ? e | ||
| : new AccessManagementRequestException( | ||
| $"Something went wrong when processing the access management request.", | ||
| null, | ||
| httpResponseMessage?.StatusCode, | ||
| httpContent, | ||
| e | ||
| ); | ||
| logger.LogError(ex, "Error when processing access management request."); | ||
|
|
||
| throw ex; | ||
| } |
Check notice
Code scanning / CodeQL
Generic catch clause Note
| { | ||
| using var activity = telemetry?.StartAppInstanceDelegationActivity(); | ||
|
|
||
| HttpResponseMessage? httpResponseMessage = null; |
Check notice
Code scanning / CodeQL
Missed 'using' opportunity Note
| catch (Exception e) | ||
| { | ||
| var ex = | ||
| e is AccessManagementRequestException | ||
| ? e | ||
| : new AccessManagementRequestException( | ||
| $"Something went wrong when processing the access management request.", | ||
| null, | ||
| httpResponseMessage?.StatusCode, | ||
| httpContent, | ||
| e | ||
| ); | ||
| logger.LogError(ex, "Error when processing access management request."); | ||
|
|
||
| throw ex; | ||
| } |
Check notice
Code scanning / CodeQL
Generic catch clause Note
|
/publish |
Published PR packages: |
* add traces and metrics to notifications for signing * extract getUserLanguage from pdfService * add metrics * add default notification bodies * remove language support from signing notification * cleanup usings * update default sms body * Populate email request, clarify sms sender number * Add default email subject * Add reference for email tracking * Consolidate sms and email notification interfaces * move signing notification default to signingnotificationservice * add signing notification service tests * robustify, add more tests * robustify, add more tests * break -> continue + test * typo * pr feedback, try send email if sms fails * typo
|
/publish |
Published PR packages: |
* fixes setting delegated status by inverting logic * removes is
|
/publish |
Published PR packages: |
* Download signDocuments and synchronize with SigneeContexts. Enables checking signature status. * Download signature documents in parallell. * Make sure to add sign document to on-the-fly signeeContexts. * Move download signDocument into a method. * Extract logic for creating SigneeContext from SignDocument to method. * Add some validation to SigningProcessTask.Start and skip running signee initialization and process signees if there is no point. * Fix merge error. * Use xUnit for asserts instead of FluentAssertions.
|
/publish |
Published PR packages: |
# Conflicts: # src/Altinn.App.Core/Extensions/ServiceCollectionExtensions.cs # test/Altinn.App.Api.Tests/OpenApi/swagger.yaml
| _logger.LogError( | ||
| ex, | ||
| "Failed to download signature document for DataElement with ID {DataElementId}.", | ||
| signatureDataElement.Id |
Check failure
Code scanning / CodeQL
Log entries created from user input High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 5 days ago
To fix the problem, we need to sanitize the signatureDataElement.Id before logging it. This can be done by removing any newline characters from the Id to prevent log forging. We will use the String.Replace method to achieve this.
- Identify the line where
signatureDataElement.Idis logged. - Sanitize the
Idby replacing newline characters with an empty string before logging it. - Ensure that the fix does not alter the existing functionality of the code.
| @@ -342,2 +342,3 @@ | ||
| { | ||
| string sanitizedId = signatureDataElement.Id.Replace(Environment.NewLine, "").Replace("\n", "").Replace("\r", ""); | ||
| _logger.LogError( | ||
| @@ -345,3 +346,3 @@ | ||
| "Failed to download signature document for DataElement with ID {DataElementId}.", | ||
| signatureDataElement.Id | ||
| sanitizedId | ||
| ); |
|
|
||
| public class SigningNotificationServiceTests | ||
| { | ||
| Mock<ILogger<SigningNotificationService>> _loggerMock = new(); |
Check notice
Code scanning / CodeQL
Missed 'readonly' opportunity Note test
| new HttpResponseMessage() | ||
| { | ||
| StatusCode = HttpStatusCode.Conflict, | ||
| ReasonPhrase = "Conflict", | ||
| Content = new StringContent("Failed to send SMS notification"), | ||
| }, |
Check warning
Code scanning / CodeQL
Missing Dispose call on local IDisposable Warning test
| new HttpResponseMessage() | ||
| { | ||
| StatusCode = HttpStatusCode.Conflict, | ||
| ReasonPhrase = "Conflict", | ||
| Content = new StringContent("Failed to send email notification"), | ||
| }, |
Check warning
Code scanning / CodeQL
Missing Dispose call on local IDisposable Warning test
|
|
||
| _logger.LogInformation( | ||
| "Signing action handler invoked for instance {Id}. In task: {CurrentTaskId}", | ||
| context.Instance.Id, |
Check failure
Code scanning / CodeQL
Log entries created from user input High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 4 days ago
To fix the problem, we need to sanitize the context.Instance.Id before logging it. Since the log entries are plain text, we should remove any newline characters from the user input to prevent log forging. This can be done using the String.Replace method to replace newline characters with an empty string.
The best way to fix the problem without changing existing functionality is to modify the logging statement to sanitize the context.Instance.Id before it is logged. This involves updating the logging statement in the HandleAction method of the SigningUserAction class.
| @@ -101,5 +101,6 @@ | ||
|
|
||
| string sanitizedInstanceId = context.Instance.Id.Replace(Environment.NewLine, "").Replace("\n", "").Replace("\r", ""); | ||
| _logger.LogInformation( | ||
| "Signing action handler invoked for instance {Id}. In task: {CurrentTaskId}", | ||
| context.Instance.Id, | ||
| sanitizedInstanceId, | ||
| currentTask.Id |
| catch (Exception e) | ||
| { | ||
| // TODO: What do we do here? This failure is pretty silent... but throwing would cause havoc | ||
| _logger.LogError(e, "Correspondence send failed: {Exception}", e.Message); | ||
| } |
Check notice
Code scanning / CodeQL
Generic catch clause Note
| ApplicationMetadata appMetadata, | ||
| AltinnSignatureConfiguration? signatureConfiguration, | ||
| IHostEnvironment hostEnvironment, | ||
| IAltinnCdnClient? altinnCdnClient = null |
Check notice
Code scanning / CodeQL
Missed 'using' opportunity Note
| var responseMessage = new HttpResponseMessage(HttpStatusCode.OK) | ||
| { | ||
| Content = new StringContent( | ||
| """ | ||
| { | ||
| "orgs": { | ||
| "ttd": { | ||
| "name": { | ||
| "en": "Test Ministry", | ||
| "nb": "Testdepartementet", | ||
| "nn": "Testdepartementet" | ||
| }, | ||
| "logo": "", | ||
| "orgnr": "", | ||
| "homepage": "", | ||
| "environments": [ | ||
| "at22", | ||
| "at23", | ||
| "at24", | ||
| "tt02", | ||
| "yt01", | ||
| "production" | ||
| ] | ||
| }, | ||
| "udi": { | ||
| "name": { | ||
| "en": "The Norwegian Directorate of Immigration", | ||
| "nb": "Utlendingsdirektoratet", | ||
| "nn": "Utlendingsdirektoratet" | ||
| }, | ||
| "logo": "https://altinncdn.no/orgs/udi/udi.png", | ||
| "orgnr": "974760746", | ||
| "homepage": "https://www.udi.no", | ||
| "environments": [ | ||
| "tt02", | ||
| "production" | ||
| ] | ||
| } | ||
| } | ||
| } | ||
| """ | ||
| ), | ||
| }; |
Check warning
Code scanning / CodeQL
Missing Dispose call on local IDisposable Warning test
| public async Task GetOrgs_ThrowsJsonException_WhenResponseIsLiteralNull() | ||
| { | ||
| // Arrange | ||
| var httpClientFactoryMock = new Mock<IHttpClientFactory>(); |
Check warning
Code scanning / CodeQL
Useless assignment to local variable Warning test
| ItExpr.IsAny<HttpRequestMessage>(), | ||
| ItExpr.IsAny<CancellationToken>() | ||
| ) | ||
| .ReturnsAsync(new HttpResponseMessage(HttpStatusCode.OK) { Content = new StringContent("null") }); |
Check warning
Code scanning / CodeQL
Missing Dispose call on local IDisposable Warning test
| public async Task GetOrgs_CancellationTokenIsRespected() | ||
| { | ||
| // Arrange | ||
| var httpClientFactoryMock = new Mock<IHttpClientFactory>(); |
Check warning
Code scanning / CodeQL
Useless assignment to local variable Warning test
| { | ||
| // Arrange | ||
| var httpClientFactoryMock = new Mock<IHttpClientFactory>(); | ||
| var cancellationTokenSource = new CancellationTokenSource(); |
Check warning
Code scanning / CodeQL
Missing Dispose call on local IDisposable Warning test
| ItExpr.IsAny<HttpRequestMessage>(), | ||
| ItExpr.IsAny<CancellationToken>() | ||
| ) | ||
| .ReturnsAsync(new HttpResponseMessage(HttpStatusCode.OK)); |
Check warning
Code scanning / CodeQL
Missing Dispose call on local IDisposable Warning test
| public void IsNullOrEmpty_ReturnsTrue_WhenEnumerableIsNull() | ||
| { | ||
| IEnumerable<string>? source = null; | ||
| var result = source.IsNullOrEmpty(); |
Check failure
Code scanning / CodeQL
Dereferenced variable is always null Error test
|
|
/publish |
PR release:
|
Description
PR so that vi can publish an experimental package
Related Issue(s)
Verification
Documentation