Skip to content

Commit

Permalink
Merge pull request #4295 from cisagov/feat/CSET-2935
Browse files Browse the repository at this point in the history
JWT security implementation throughout all controllers
  • Loading branch information
randywoods authored Dec 12, 2024
2 parents 320554e + 67340a3 commit 8ce141c
Show file tree
Hide file tree
Showing 34 changed files with 186 additions and 119 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,12 @@
using CSETWebCore.Model.Analysis;
using Microsoft.EntityFrameworkCore;
using Snickler.EFCore;
using CSETWebCore.Business.Authorization;



namespace CSETWebCore.Api.Controllers
{
{ [CsetAuthorize]
[ApiController]
public class AggregationAnalysisController : ControllerBase
{
Expand All @@ -37,9 +39,13 @@ public AggregationAnalysisController(ITokenManager tokenManager, ITrendDataProce

[HttpPost]
[Route("api/aggregation/analysis/overallcompliancescore")]
public IActionResult OverallComplianceScore([FromBody] AggBody body)
public IActionResult OverallComplianceScore()
{
int aggregationID = body.AggregationID;
var aggregationID = _tokenManager.PayloadInt("aggreg");
if (aggregationID == null)
{
return Ok();
}
var assessmentList = _context.AGGREGATION_ASSESSMENT.Where(x => x.Aggregation_Id == aggregationID)
.Include(x => x.Assessment)
.Include(x => x.Assessment.STANDARD_SELECTION)
Expand Down Expand Up @@ -115,9 +121,13 @@ public IActionResult OverallComplianceScore([FromBody] AggBody body)
/// </summary>
[HttpPost]
[Route("api/aggregation/analysis/top5")]
public IActionResult Top5([FromBody] AggBody body)
public IActionResult Top5()
{
int aggregationID = body.AggregationID;
var aggregationID = _tokenManager.PayloadInt("aggreg");
if (aggregationID == null)
{
return Ok();
}
var response = new LineChart();
response.reportType = "Top 5 Most Improved Areas";
_trendData.Process(_context, (int?)aggregationID ?? 0, response, "TOP");
Expand All @@ -132,9 +142,14 @@ public IActionResult Top5([FromBody] AggBody body)
/// </summary>
[HttpPost]
[Route("api/aggregation/analysis/bottom5")]
public IActionResult Bottom5([FromBody] AggBody body)
public IActionResult Bottom5()
{
int aggregationID = body.AggregationID;
var aggregationID = _tokenManager.PayloadInt("aggreg");
if (aggregationID == null)
{
return Ok();
}

var response = new LineChart();
response.reportType = "Top 5 Areas of Concern (Bottom 5)";

Expand All @@ -150,8 +165,13 @@ public IActionResult Bottom5([FromBody] AggBody body)
/// <returns></returns>
[HttpPost]
[Route("api/aggregation/analysis/categorypercentcompare")]
public IActionResult CategoryPercentCompare(int aggregationID)
public IActionResult CategoryPercentCompare()
{
var aggregationID = _tokenManager.PayloadInt("aggreg");
if (aggregationID == null)
{
return Ok();
}
DataTable dt = new DataTable();
dt.Columns.Add("AssessmentId", typeof(int));
dt.Columns.Add("Alias");
Expand Down Expand Up @@ -252,14 +272,14 @@ orderby an.Question_Group_Heading
/// <returns></returns>
[HttpPost]
[Route("api/aggregation/analysis/overallaverages")]
public IActionResult GetOverallAverages(int aggregationID)
public IActionResult GetOverallAverages()
{
//var aggregationID = _tokenManager.PayloadInt("aggreg");
//if (aggregationID == null)
//{
// return Ok();
//}

var aggregationID = _tokenManager.PayloadInt("aggreg");
if (aggregationID == null)
{
return Ok();
}
var response = new HorizBarChart();
response.ReportTitle = "Overall Average Summary";

Expand Down Expand Up @@ -419,8 +439,13 @@ public IActionResult GetComponentsAnswerDistribution()

[HttpPost]
[Route("api/aggregation/analysis/categoryaverages")]
public IActionResult GetCategoryAverages(int aggregationID)
public IActionResult GetCategoryAverages()
{
var aggregationID = _tokenManager.PayloadInt("aggreg");
if (aggregationID == null)
{
return Ok();
}
var dict = new Dictionary<string, List<decimal>>();

var assessmentList = _context.AGGREGATION_ASSESSMENT.Where(x => x.Aggregation_Id == aggregationID)
Expand Down Expand Up @@ -473,8 +498,13 @@ public IActionResult GetCategoryAverages(int aggregationID)
/// <returns></returns>
[HttpPost]
[Route("api/aggregation/analysis/getanswertotals")]
public IActionResult GetAnswerTotals(int aggregationID)
public IActionResult GetAnswerTotals()
{
var aggregationID = _tokenManager.PayloadInt("aggreg");
if (aggregationID == null)
{
return Ok();
}
var assessmentList = _context.AGGREGATION_ASSESSMENT.Where(x => x.Aggregation_Id == aggregationID)
.Include(x => x.Assessment).OrderBy(x => x.Assessment.Assessment_Date)
.ToList();
Expand Down Expand Up @@ -518,8 +548,13 @@ public IActionResult GetAnswerTotals(int aggregationID)
/// <returns></returns>
[HttpPost]
[Route("api/aggregation/analysis/maturity/answertotals")]
public IActionResult GetMaturityAnswerTotalsFlexible(int aggregationID)
public IActionResult GetMaturityAnswerTotalsFlexible()
{
var aggregationID = _tokenManager.PayloadInt("aggreg");
if (aggregationID == null)
{
return Ok();
}
var assessmentList = _context.AGGREGATION_ASSESSMENT.Where(x => x.Aggregation_Id == aggregationID)
.Include(x => x.Assessment).OrderBy(x => x.Assessment.Assessment_Date)
.ToList();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@
//
//
////////////////////////////////

using System;
using CSETWebCore.Business.Aggregation;
using CSETWebCore.DataLayer.Model;
using CSETWebCore.Interfaces.Helpers;
Expand All @@ -17,6 +19,8 @@ namespace CSETWebCore.Api.Controllers
{
[CsetAuthorize]
[ApiController]
[Obsolete("This controller is no longer used")]

public class AggregationController : ControllerBase
{
private readonly ITokenManager _token;
Expand Down Expand Up @@ -75,7 +79,7 @@ public IActionResult GetAggregation()


[HttpPost]
[Route("api/aggregation/update")]
[Route("api/aggregation/update")]
public IActionResult UpdateAggregation([FromBody] Aggregation aggregation)
{
var aggregationID = _token.PayloadInt("aggreg");
Expand All @@ -94,6 +98,11 @@ public IActionResult UpdateAggregation([FromBody] Aggregation aggregation)
[Route("api/aggregation/delete")]
public IActionResult DeleteAggregation([FromQuery] int aggregationId)
{
var aggregationID = _token.PayloadInt("aggreg");
if (aggregationID == null)
{
return Ok();
}
var manager = new AggregationBusiness(_context, _token);
manager.DeleteAggregation(aggregationId);
return Ok();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,22 +6,28 @@
////////////////////////////////
using Microsoft.AspNetCore.Mvc;
using CSETWebCore.Business.Aggregation;
using CSETWebCore.Business.Authorization;
using CSETWebCore.DataLayer.Model;
using CSETWebCore.Interfaces.Helpers;


namespace CSETWebCore.Api.Controllers
{
{ [CsetAuthorize]
public class AggregationMaturityController : Controller
{
private CSETContext _context;
private readonly ITokenManager _tokenManager;



/// <summary>
/// CTOR
/// </summary>
public AggregationMaturityController(CSETContext context)
public AggregationMaturityController(ITokenManager tokenManager, CSETContext context)
{
_context = context;
_tokenManager = tokenManager;

}


Expand All @@ -34,10 +40,15 @@ public AggregationMaturityController(CSETContext context)
/// <returns></returns>
[HttpGet]
[Route("api/aggregation/analysis/maturity/compliance")]
public IActionResult GetComplianceByModelAndDomain([FromQuery] int aggregationId)
{
public IActionResult GetComplianceByModelAndDomain()
{
var aggregationID = _tokenManager.PayloadInt("aggreg");
if (aggregationID == null)
{
return Ok();
}
var amb = new AggregationMaturityBusiness(_context);
var resp = amb.GetMaturityModelComplianceChart(aggregationId);
var resp = amb.GetMaturityModelComplianceChart(aggregationID.Value);

return Ok(resp);
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -267,6 +267,7 @@ public IActionResult GetAssessmentsCompletion()

[HttpGet]
[Route("api/getAssessmentById")]
[Obsolete("Method no longer in use.")]
public IActionResult GetAssessmentById(int assessmentId)
{
var assessment = _assessmentBusiness.GetAssessmentById(assessmentId);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -14,11 +14,13 @@
using System;
using System.IO;
using System.Threading.Tasks;
using CSETWebCore.Business.Authorization;
using ICSharpCode.SharpZipLib.Zip;


namespace CSETWebCore.Api.Controllers
{
[CsetAuthorize]
public class AssessmentImportController : ControllerBase
{
private ITokenManager _tokenManager;
Expand All @@ -39,7 +41,6 @@ public AssessmentImportController(ITokenManager token, CSETContext context, IImp
}

[HttpGet]
// [CSETAuthorize]
[Route("api/assessment/legacy/import/installed")]
public IActionResult LegacyImportIsInstalled()
{
Expand All @@ -48,7 +49,6 @@ public IActionResult LegacyImportIsInstalled()


[HttpPost]
// [CSETAuthorize]
[Route("api/assessment/legacy/import")]
public async Task<IActionResult> ImportLegacyAssessment()
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,16 +5,6 @@
using CSETWebCore.Interfaces.Helpers;
using CSETWebCore.Interfaces.Reports;
using Microsoft.AspNetCore.Mvc;
using CSETWebCore.Helpers.ReportWidgets;
using System.Xml.Linq;
using System.Xml.XPath;
using System.Linq;
using System.Collections.Generic;
using CSETWebCore.Business.Maturity;
using CSETWebCore.Business.Reports;
using CSETWebCore.Reports.Models;
using CSETWebCore.Api.Models;
using Newtonsoft.Json;
using CSETWebCore.Interfaces.Cmu;

namespace CSETWebCore.Api.Controllers
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -646,8 +646,9 @@ public IActionResult SaveUserLanguage([FromBody] UserLanguage lang)
/// <returns></returns>
[HttpPost]
[Route("api/contacts/ValidateRemoval")]
public IActionResult ValidateMyRemoval(int assessmentId)
public IActionResult ValidateMyRemoval()
{
int assessmentId = _token.AssessmentForUser();
_token.IsAuthenticated();
if (_token.AmILastAdminWithUsers(assessmentId))
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,13 @@
//
//
////////////////////////////////

using System;
using Microsoft.AspNetCore.Mvc;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using CSETWebCore.Business.Authorization;
using CSETWebCore.DataLayer.Model;
using CSETWebCore.Interfaces.Assessment;
using CSETWebCore.Interfaces.Demographic;
Expand All @@ -20,6 +23,7 @@

namespace CSETWebCore.Api.Controllers
{
[CsetAuthorize]
[ApiController]
public class DemographicsController : ControllerBase
{
Expand Down Expand Up @@ -51,6 +55,7 @@ public DemographicsController(ITokenManager token, IAssessmentBusiness assessmen
/// </summary>
[HttpGet]
[Route("api/demographics")]
[Obsolete("No longer in use anymore")]
public IActionResult Get()
{
int assessmentId = _token.AssessmentForUser();
Expand All @@ -63,6 +68,7 @@ public IActionResult Get()
/// </summary>
[HttpPost]
[Route("api/demographics")]
[Obsolete("No longer in use anymore")]
public IActionResult Post([FromBody] Demographics demographics)
{
demographics.AssessmentId = _token.AssessmentForUser();
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using CSETWebCore.Business.Authorization;
using CSETWebCore.DataLayer.Model;
using CSETWebCore.Interfaces.Assessment;
using CSETWebCore.Interfaces.Demographic;
Expand All @@ -21,7 +22,7 @@
using CSETWebCore.Business.Demographic;

namespace CSETWebCore.Api.Controllers
{
{ [CsetAuthorize]
[ApiController]
public class DemographicsExtendedController : ControllerBase
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,14 +4,16 @@
//
//
////////////////////////////////

using CSETWebCore.Business.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using CSETWebCore.Interfaces.Framework;
using CSETWebCore.Interfaces.Helpers;
using CSETWebCore.Model.Framework;

namespace CSETWebCore.Api.Controllers
{
{ [CsetAuthorize]
[ApiController]
public class FrameworkController : ControllerBase
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@
using Microsoft.EntityFrameworkCore;

namespace CSETWebCore.Api.Controllers
{
{ [Obsolete("No longer in use")]
[ApiController]
public class GalleryEditorController : ControllerBase
{
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,10 +15,11 @@
using System.Data;
using System.Linq;
using CSETWebCore.Business;
using CSETWebCore.Business.Authorization;
using CSETWebCore.Business.Sal;

namespace CSETWebCore.Api.Controllers
{
{ [CsetAuthorize]
[ApiController]
public class GeneralSalController : ControllerBase
{
Expand Down
Loading

0 comments on commit 8ce141c

Please sign in to comment.