diff --git a/Auth/LearningHub.Nhs.Auth/Controllers/AccountController.cs b/Auth/LearningHub.Nhs.Auth/Controllers/AccountController.cs index 58f804d..123fe1a 100644 --- a/Auth/LearningHub.Nhs.Auth/Controllers/AccountController.cs +++ b/Auth/LearningHub.Nhs.Auth/Controllers/AccountController.cs @@ -5,7 +5,6 @@ using System.Linq; using System.Net; using System.Threading.Tasks; - using Azure.Core; using elfhHub.Nhs.Models.Common; using elfhHub.Nhs.Models.Enums; using IdentityModel; @@ -23,11 +22,9 @@ using LearningHub.Nhs.Models.Common; using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Authorization; - using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Logging; using Microsoft.Extensions.Options; - using UAParser; /// /// Account Controller operations. @@ -166,44 +163,34 @@ await this.interaction.GrantConsentAsync( if (loginResult.IsAuthenticated) { - var uaParser = Parser.GetDefault(); - var clientInfo = uaParser.Parse(this.Request.Headers["User-Agent"]); - var result = await this.UserService.CheckUserHasAnActiveSessionAsync(userId); - if (result.Items.Count == 0 || result.Items[0].BrowserName == clientInfo.UA.Family) - { - await this.SignInUser(userId, model.Username.Trim(), model.RememberLogin, context.Parameters["ext_referer"]); + await this.SignInUser(userId, model.Username.Trim(), model.RememberLogin, context.Parameters["ext_referer"]); - if (context != null) + if (context != null) + { + if (await this.ClientStore.IsPkceClientAsync(context.Client.ClientId)) { - if (await this.ClientStore.IsPkceClientAsync(context.Client.ClientId)) - { - // if the client is PKCE then we assume it's native, so this change in how to - // return the response is for better UX for the end user. - return this.View("Redirect", new RedirectViewModel { RedirectUrl = model.ReturnUrl }); - } - - // we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null - return this.Redirect(model.ReturnUrl); + // if the client is PKCE then we assume it's native, so this change in how to + // return the response is for better UX for the end user. + return this.View("Redirect", new RedirectViewModel { RedirectUrl = model.ReturnUrl }); } - // request for a local page - if (this.Url.IsLocalUrl(model.ReturnUrl)) - { - return this.Redirect(model.ReturnUrl); - } - else if (string.IsNullOrEmpty(model.ReturnUrl)) - { - return this.Redirect("~/"); - } - else - { - // user might have clicked on a malicious link - should be logged - throw new Exception("invalid return URL"); - } + // we can trust model.ReturnUrl since GetAuthorizationContextAsync returned non-null + return this.Redirect(model.ReturnUrl); + } + + // request for a local page + if (this.Url.IsLocalUrl(model.ReturnUrl)) + { + return this.Redirect(model.ReturnUrl); + } + else if (string.IsNullOrEmpty(model.ReturnUrl)) + { + return this.Redirect("~/"); } else { - return this.View("AlreadyActiveSession"); + // user might have clicked on a malicious link - should be logged + throw new Exception("invalid return URL"); } } else if (userId > 0) diff --git a/Auth/LearningHub.Nhs.Auth/Interfaces/IUserService.cs b/Auth/LearningHub.Nhs.Auth/Interfaces/IUserService.cs index e4ae21c..3a97b47 100644 --- a/Auth/LearningHub.Nhs.Auth/Interfaces/IUserService.cs +++ b/Auth/LearningHub.Nhs.Auth/Interfaces/IUserService.cs @@ -114,13 +114,6 @@ public interface IUserService /// Task StoreUserHistoryAsync(UserHistoryViewModel userHistory); - /// - /// check user has an laredy active session. - /// - /// The userId. - /// The . - Task> CheckUserHasAnActiveSessionAsync(int userId); - /// /// The store user history async. /// diff --git a/Auth/LearningHub.Nhs.Auth/Services/UserService.cs b/Auth/LearningHub.Nhs.Auth/Services/UserService.cs index 98246ec..2ba58b7 100644 --- a/Auth/LearningHub.Nhs.Auth/Services/UserService.cs +++ b/Auth/LearningHub.Nhs.Auth/Services/UserService.cs @@ -243,29 +243,5 @@ public async Task StoreUserHistoryAsync(UserHistoryViewModel userHistory) } } } - - /// - public async Task> CheckUserHasAnActiveSessionAsync(int userId) - { - PagedResultSet userHistoryViewModel = new PagedResultSet(); - - var client = this.UserApiHttpClient.GetClient(); - var request = $"UserHistory/CheckUserHasActiveSession/{userId}"; - var response = await client.GetAsync(request).ConfigureAwait(false); - - if (response.IsSuccessStatusCode) - { - var result = await response.Content.ReadAsStringAsync(); - userHistoryViewModel = JsonConvert.DeserializeObject>(result); - } - else if (response.StatusCode == HttpStatusCode.Unauthorized - || - response.StatusCode == HttpStatusCode.Forbidden) - { - throw new Exception("AccessDenied"); - } - - return userHistoryViewModel; - } } } diff --git a/Auth/LearningHub.Nhs.Auth/Views/Account/AlreadyActiveSession.cshtml b/Auth/LearningHub.Nhs.Auth/Views/Account/AlreadyActiveSession.cshtml deleted file mode 100644 index a0e908c..0000000 --- a/Auth/LearningHub.Nhs.Auth/Views/Account/AlreadyActiveSession.cshtml +++ /dev/null @@ -1,15 +0,0 @@ -@{ - ViewData["Title"] = "Session already active"; -} -
-
-
-
-

@ViewData["Title"]

-

You are already logged in from another browser. Please continue using the same browser or close the existing session and try again with a new one.

-

If you have any questions, please contact the support team.

-

@DateTimeOffset.Now.ToString("d MMMM yyyy HH:mm:ss")

-
-
-
-
\ No newline at end of file diff --git a/LearningHub.Nhs.UserApi.Repository.Interface/IUserHistoryRepository.cs b/LearningHub.Nhs.UserApi.Repository.Interface/IUserHistoryRepository.cs index 8684ba8..e72aebf 100644 --- a/LearningHub.Nhs.UserApi.Repository.Interface/IUserHistoryRepository.cs +++ b/LearningHub.Nhs.UserApi.Repository.Interface/IUserHistoryRepository.cs @@ -59,12 +59,5 @@ public interface IUserHistoryRepository /// The . /// Task GetPagedByUserIdAsync(int userId, int startPage, int pageSize); - - /// - /// Check user has an active login session. - /// - /// The userId. - /// The . - Task CheckUserHasActiveSessionAsync(int userId); } } \ No newline at end of file diff --git a/LearningHub.Nhs.UserApi.Repository/UserHistoryRepository.cs b/LearningHub.Nhs.UserApi.Repository/UserHistoryRepository.cs index 3f0386b..673a3ae 100644 --- a/LearningHub.Nhs.UserApi.Repository/UserHistoryRepository.cs +++ b/LearningHub.Nhs.UserApi.Repository/UserHistoryRepository.cs @@ -9,7 +9,6 @@ using LearningHub.Nhs.UserApi.Repository.Interface; using Microsoft.Data.SqlClient; using Microsoft.EntityFrameworkCore; - using Newtonsoft.Json.Linq; /// /// The user history repository. @@ -67,13 +66,11 @@ public async Task CreateAsync(int userId, int tenantId, UserHistoryViewModel use new SqlParameter("@LoginIP", SqlDbType.VarChar) { Value = userHistoryVM.LoginIP ?? (object)DBNull.Value }, new SqlParameter("@LoginSuccessFul", SqlDbType.Bit) { Value = userHistoryVM.LoginSuccessFul ?? (object)DBNull.Value }, new SqlParameter("@TenantId", SqlDbType.Int) { Value = tenantId }, - new SqlParameter("@SessionId", SqlDbType.VarChar) { Value = (userHistoryVM.UserHistoryTypeId == 0 && userHistoryVM.Detail == "User logged on. Source of auth: LearningHub.Nhs.Auth Account\\Login") ? userHistoryVM.SessionId : (object)DBNull.Value }, - new SqlParameter("@IsActive", SqlDbType.Bit) { Value = (userHistoryVM.UserHistoryTypeId == 0 && userHistoryVM.Detail == "User logged on. Source of auth: LearningHub.Nhs.Auth Account\\Login") ? userHistoryVM.IsActive : (object)DBNull.Value }, new SqlParameter("@AmendUserId", SqlDbType.Int) { Value = userId }, new SqlParameter("@AmendDate", SqlDbType.DateTimeOffset) { Value = DateTimeOffset.Now }, }; - string sql = "proc_UserHistoryInsert @UserId, @UserHistoryTypeId, @Detail, @UserAgent, @BrowserName, @BrowserVersion, @UrlReferer, @LoginIP, @LoginSuccessFul, @TenantId, @SessionId, @IsActive, @AmendUserId, @AmendDate"; + string sql = "proc_UserHistoryInsert @UserId, @UserHistoryTypeId, @Detail, @UserAgent, @BrowserName, @BrowserVersion, @UrlReferer, @LoginIP, @LoginSuccessFul, @TenantId, @AmendUserId, @AmendDate"; await this.DbContext.Database.ExecuteSqlRawAsync(sql, sqlParams); } @@ -101,24 +98,5 @@ public async Task GetPagedByUserIdAsync(int userId return retVal; } - - /// - public async Task CheckUserHasActiveSessionAsync(int userId) - { - try - { - var retVal = new UserHistoryStoredProcResults(); - var param0 = new SqlParameter("@p0", SqlDbType.Int) { Value = userId }; - - var result = await this.DbContext.Set().FromSqlRaw( - "dbo.proc_ActiveLearningHubUserbyId @p0", param0).AsNoTracking().ToListWithNoLockAsync(); - retVal.Results = result; - return retVal; - } - catch (Exception ex) - { - return null; - } - } } } \ No newline at end of file diff --git a/LearningHub.Nhs.UserApi.Services.Interface/IUserHistoryService.cs b/LearningHub.Nhs.UserApi.Services.Interface/IUserHistoryService.cs index 9c6954b..7ed5e01 100644 --- a/LearningHub.Nhs.UserApi.Services.Interface/IUserHistoryService.cs +++ b/LearningHub.Nhs.UserApi.Services.Interface/IUserHistoryService.cs @@ -53,12 +53,5 @@ public interface IUserHistoryService /// The . /// Task> GetUserHistoryPageAsync(int page, int pageSize, string sortColumn = "", string sortDirection = "", string presetFilter = "", string filter = ""); - - /// - /// Check user has an active login session. - /// - /// The userId. - /// The . - Task> CheckUserHasActiveSessionAsync(int userId); } } diff --git a/LearningHub.Nhs.UserApi.Services/UserHistoryService.cs b/LearningHub.Nhs.UserApi.Services/UserHistoryService.cs index e6ef86c..c65377c 100644 --- a/LearningHub.Nhs.UserApi.Services/UserHistoryService.cs +++ b/LearningHub.Nhs.UserApi.Services/UserHistoryService.cs @@ -1,6 +1,5 @@ namespace LearningHub.Nhs.UserApi.Services { - using System; using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; @@ -57,8 +56,6 @@ public async Task CreateAsync(UserHistoryViewModel if (retVal.IsValid) { - userHistoryVM.SessionId = Guid.NewGuid().ToString(); - userHistoryVM.IsActive = true; await this.userHistoryRepository.CreateAsync(userHistoryVM.UserId, this.settings.LearningHubTenantId, userHistoryVM); } @@ -102,16 +99,6 @@ public async Task> GetUserHistoryPageAsync( return result; } - /// - public async Task> CheckUserHasActiveSessionAsync(int userId) - { - PagedResultSet result = new PagedResultSet(); - var userHistory = await this.userHistoryRepository.CheckUserHasActiveSessionAsync(userId); - userHistory.Results.ForEach(x => x.UserAgent = this.ParseUserAgentString(x.UserAgent)); - result.Items = this.mapper.Map>(userHistory.Results); - return result; - } - private string ParseUserAgentString(string userAgent) { string retVal = string.Empty; diff --git a/LearningHub.Nhs.UserApi/Controllers/UserHistoryController.cs b/LearningHub.Nhs.UserApi/Controllers/UserHistoryController.cs index d1436d4..f86d769 100644 --- a/LearningHub.Nhs.UserApi/Controllers/UserHistoryController.cs +++ b/LearningHub.Nhs.UserApi/Controllers/UserHistoryController.cs @@ -100,19 +100,6 @@ public async Task GetUserHistoryPageAsync(int page, int pageSize, return this.Ok(pagedResultSet); } - /// - /// Check the user has an active login session. - /// - /// The UserId. - /// The . - [HttpGet] - [Route("CheckUserHasActiveSession/{userId}")] - public async Task CheckUserHasActiveSessionAsync(int userId) - { - PagedResultSet pagedResultSet = await this.userHistoryService.CheckUserHasActiveSessionAsync(userId); - return this.Ok(pagedResultSet); - } - /// /// Create a UserHistory. ///