diff --git a/IssueVerifiableEmployee/Pages/EmployeeCredentials.cshtml.cs b/IssueVerifiableEmployee/Pages/EmployeeCredentials.cshtml.cs index cb325ce..7850913 100644 --- a/IssueVerifiableEmployee/Pages/EmployeeCredentials.cshtml.cs +++ b/IssueVerifiableEmployee/Pages/EmployeeCredentials.cshtml.cs @@ -26,7 +26,7 @@ public EmployeeCredentialsModel(MicrosoftGraphDelegatedClient microsoftGraphDele public async Task OnGetAsync() { var oid = User.Claims.FirstOrDefault(t => t.Type == Consts.OID_TYPE); - + var employeeData = await _microsoftGraphDelegatedClient .GetEmployee(oid!.Value); @@ -51,7 +51,7 @@ public async Task OnGetAsync() else { EmployeeMessage = $"You have no valid employee, Error: {employeeData.Error}"; - if(employeeData.Error!.Contains("Preferred Language")) + if (employeeData.Error!.Contains("Preferred Language")) { PreferredLanguageMissing = true; } diff --git a/IssueVerifiableEmployee/RejectSessionCookieWhenAccountNotInCacheEvents.cs b/IssueVerifiableEmployee/RejectSessionCookieWhenAccountNotInCacheEvents.cs index 98e6b7c..e0e9527 100644 --- a/IssueVerifiableEmployee/RejectSessionCookieWhenAccountNotInCacheEvents.cs +++ b/IssueVerifiableEmployee/RejectSessionCookieWhenAccountNotInCacheEvents.cs @@ -20,7 +20,7 @@ public async override Task ValidatePrincipal(CookieValidatePrincipalContext cont var tokenAcquisition = context.HttpContext.RequestServices .GetRequiredService(); - string token = await tokenAcquisition.GetAccessTokenForUserAsync(scopes: _downstreamScopes, + string token = await tokenAcquisition.GetAccessTokenForUserAsync(scopes: _downstreamScopes, user: context.Principal); } catch (MicrosoftIdentityWebChallengeUserException ex) when (AccountDoesNotExitInTokenCache(ex)) @@ -31,7 +31,7 @@ public async override Task ValidatePrincipal(CookieValidatePrincipalContext cont private static bool AccountDoesNotExitInTokenCache(MicrosoftIdentityWebChallengeUserException ex) { - return ex.InnerException is MsalUiRequiredException + return ex.InnerException is MsalUiRequiredException && (ex.InnerException as MsalUiRequiredException)!.ErrorCode == "user_null"; } } diff --git a/IssueVerifiableEmployee/SecurityHeadersDefinitions.cs b/IssueVerifiableEmployee/SecurityHeadersDefinitions.cs index 1c70e75..e5c41e7 100644 --- a/IssueVerifiableEmployee/SecurityHeadersDefinitions.cs +++ b/IssueVerifiableEmployee/SecurityHeadersDefinitions.cs @@ -1,5 +1,3 @@ -using Microsoft.AspNetCore.Builder; - namespace IssuerVerifiableEmployee; public static class SecurityHeadersDefinitions diff --git a/IssueVerifiableEmployee/Services/CacheData.cs b/IssueVerifiableEmployee/Services/CacheData.cs index 650efac..c9c6fc1 100644 --- a/IssueVerifiableEmployee/Services/CacheData.cs +++ b/IssueVerifiableEmployee/Services/CacheData.cs @@ -1,6 +1,6 @@ +using Microsoft.Extensions.Caching.Distributed; using System.Text.Json; using System.Text.Json.Serialization; -using Microsoft.Extensions.Caching.Distributed; namespace IssuerVerifiableEmployee.Services; diff --git a/IssueVerifiableEmployee/Services/GraphServices/MicrosoftGraphDelegatedClient.cs b/IssueVerifiableEmployee/Services/GraphServices/MicrosoftGraphDelegatedClient.cs index 1aed524..d420a81 100644 --- a/IssueVerifiableEmployee/Services/GraphServices/MicrosoftGraphDelegatedClient.cs +++ b/IssueVerifiableEmployee/Services/GraphServices/MicrosoftGraphDelegatedClient.cs @@ -30,14 +30,25 @@ public MicrosoftGraphDelegatedClient(GraphServiceClient graphServiceClient) return (null, "User MUST have a photo, upload in the Azure portal user basic profile, or using office"); } - var user = await _graphServiceClient.Users[oid] + var user = await _graphServiceClient.Users[oid] .GetAsync((requestConfiguration) => { - requestConfiguration.QueryParameters.Select = [ - "id", "givenName", "surname", "jobTitle", "displayName", - "mail", "employeeId", "employeeType", "otherMails", - "mobilePhone", "accountEnabled", "photo", "preferredLanguage", - "userPrincipalName", "identities"]; + requestConfiguration.QueryParameters.Select = [ + "id", + "givenName", + "surname", + "jobTitle", + "displayName", + "mail", + "employeeId", + "employeeType", + "otherMails", + "mobilePhone", + "accountEnabled", + "photo", + "preferredLanguage", + "userPrincipalName", + "identities"]; requestConfiguration.Headers.Add("ConsistencyLevel", "eventual"); }); @@ -83,7 +94,7 @@ public MicrosoftGraphDelegatedClient(GraphServiceClient graphServiceClient) Photo = photo, AccountEnabled = user.AccountEnabled.GetValueOrDefault() }; - + if (user.Mail != null) { employee.Mail = user.Mail; diff --git a/IssueVerifiableEmployee/Services/IssuerController.cs b/IssueVerifiableEmployee/Services/IssuerController.cs index cbd1833..b0eb3c4 100644 --- a/IssueVerifiableEmployee/Services/IssuerController.cs +++ b/IssueVerifiableEmployee/Services/IssuerController.cs @@ -1,13 +1,13 @@ +using IssuerVerifiableEmployee.Services; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; +using Microsoft.Extensions.Caching.Distributed; using Microsoft.Extensions.Options; -using System.Net; using System.Diagnostics; +using System.Globalization; +using System.Net; using System.Net.Http.Headers; -using IssuerVerifiableEmployee.Services; -using Microsoft.AspNetCore.Authorization; using System.Text.Json; -using Microsoft.Extensions.Caching.Distributed; -using System.Globalization; namespace IssuerVerifiableEmployee; diff --git a/IssueVerifiableEmployee/Services/IssuerService.cs b/IssueVerifiableEmployee/Services/IssuerService.cs index 9a9d1c4..5a06c26 100644 --- a/IssueVerifiableEmployee/Services/IssuerService.cs +++ b/IssueVerifiableEmployee/Services/IssuerService.cs @@ -40,7 +40,7 @@ public async Task GetIssuanceRequestPayloadAsync(HttpReq payload.Pin.Length = length; payload.Pin.Value = newpin; - + payload.CredentialsType = "VerifiedEmployee"; //get the manifest from the appsettings, this is the URL to the Verified Employee credential created in the azure portal. @@ -57,7 +57,7 @@ public async Task GetIssuanceRequestPayloadAsync(HttpReq payload.Authority = _credentialSettings.IssuerAuthority; var oid = request.HttpContext.User.Claims.FirstOrDefault(t => t.Type == Consts.OID_TYPE); - + var (Employee, Error) = await _microsoftGraphDelegatedClient .GetEmployee(oid!.Value);