Merge pull request #490 from bcgov/1.0.4

Migrate to sso gold
bcgov · Feb 28, 2023 · 9b8f9c4 · 9b8f9c4
2 parents b48eaf8 + c12f2f1
commit 9b8f9c4
Show file tree

Hide file tree

Showing 21 changed files with 48 additions and 29 deletions.
diff --git a/README.md b/README.md
@@ -89,3 +89,4 @@ Use the following steps to run the local development environment
 ## OpenShift Deployment
 
 Refer to [this document](openshift/README.md) for OpenShift Deployment and Pipeline related topics
+
diff --git a/api/Crt.Api/Authentication/CrtJwtBearerEvents.cs b/api/Crt.Api/Authentication/CrtJwtBearerEvents.cs
@@ -71,14 +71,27 @@ public override async Task TokenValidated(TokenValidatedContext context)
         private async Task<bool> PopulateCurrentUserFromDb(ClaimsPrincipal principal)
         {
             _ = bool.TryParse(principal.FindFirstValue(CrtClaimTypes.KcIsApiClient), out bool isApiClient);
+            isApiClient = true;
+            var preferredUsername = principal.FindFirstValue(CrtClaimTypes.PreferredUsername);
+            string[] usernames = null;
+            var username = "";
+            var userGuid = new Guid("00000000-0000-0000-0000-000000000000");
+            var email = "";
+            if (preferredUsername.Contains("@"))
+            {
+                usernames = preferredUsername.Split("@");
+                username = usernames[0].ToUpperInvariant();
+                userGuid = new Guid(Guid.Parse(username).ToString());
+                email = principal.FindFirstValue(ClaimTypes.Email).ToUpperInvariant();
+            }
+            else
+            {
+                username = principal.FindFirstValue(CrtClaimTypes.KcClientId).ToUpperInvariant();
+                userGuid = new Guid(principal.FindFirstValue("idir_userid")?.ToUpperInvariant());
+                email = principal.FindFirstValue(ClaimTypes.Email)?.ToUpperInvariant();
+            }
 
-            //preferred_username token has a form of "{username}@{directory}".
-            var preferredUsername = isApiClient ? principal.FindFirstValue(CrtClaimTypes.KcApiUsername) : principal.FindFirstValue(CrtClaimTypes.KcUsername);
-            var usernames = preferredUsername.Split("@");
-            var username = usernames[0].ToUpperInvariant();
-
-            var userGuid = new Guid(principal.FindFirstValue(CrtClaimTypes.KcIdirGuid));
-            var email = principal.FindFirstValue(ClaimTypes.Email).ToUpperInvariant();
+
 
             var user = await _userService.GetActiveUserEntityAsync(userGuid);
             if (user == null)

diff --git a/api/Crt.Api/Controllers/UsersController.cs b/api/Crt.Api/Controllers/UsersController.cs
@@ -170,6 +170,8 @@ public async Task<ActionResult<KeycloakClientDto>> GetUserKeycloakClient()
         {
             var client = await _keyCloakService.GetUserClientAsync();
 
+
+
             if (client == null)
             {
                 return NotFound();

diff --git a/api/Crt.Api/appsettings.json b/api/Crt.Api/appsettings.json
@@ -1,7 +1,7 @@
 {
   "AllowedHosts": "*",
   "Constants": {
-    "Version": "1.0.3.0",
+    "Version": "1.0.4.0",
     "SwaggerApiUrl": "/swagger/v1/swagger.json"
   },
   "Serilog": {
@@ -16,11 +16,11 @@
       {
         "Name": "Async",
         "Args": {
-          "configure": [{ "Name": "Console" }]
+          "configure": [ { "Name": "Console" } ]
         }
       }
     ],
-    "Enrich": ["FromLogContext", "WithMachineName"]
+    "Enrich": [ "FromLogContext", "WithMachineName" ]
   },
   "ConnectionStrings": {
     "CRT": "Server=(localdb)\\mssqllocaldb;Database=CRT_DEV;Trusted_Connection=True;MultipleActiveResultSets=true"
@@ -30,8 +30,8 @@
     "WorkerCount": 1
   },
   "JWT": {
-    "Authority": "https://dev.oidc.gov.bc.ca/auth/realms/kmas316h",
-    "Audience": "moti-idir-dev"
+    "Authority": "https://dev.loginproxy.gov.bc.ca/auth/realms/moti-custom",
+    "Audience": "account"
   },
   "ServiceAccount": {
     "User": "<ServiceAccount:User>",

diff --git a/api/Crt.Domain/Services/KeyCloakService.cs b/api/Crt.Domain/Services/KeyCloakService.cs
@@ -132,6 +132,7 @@ public async Task<(Dictionary<string, List<string>> errors, KeycloakClientDto Cl
 
                 // Get newly created Keycloak client INTERNAL id
                 var newId = response.Headers.Location.Segments[response.Headers.Location.Segments.Length - 1];
+
                 _currentUser.ApiClientId = newId;
 
                 // Write new Keycloak client INTERNAL id to database 
@@ -194,6 +195,7 @@ private async Task<HttpClient> CreateHttpClientWithTokenAsync()
                 RequestUri = new Uri($"{_authority}/protocol/openid-connect/token"),
                 Content = new FormUrlEncodedContent(new Dictionary<string, string> { { "grant_type", "client_credentials" } })
             };
+
             requestToken.Headers.Authorization = new AuthenticationHeaderValue("Basic", basicAuth);
 
             try
@@ -218,7 +220,6 @@ private HttpClient BuildHttpClient(string token)
             var httpClient = _httpClientFactory.CreateClient();
             httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", token);
             httpClient.BaseAddress = new Uri($"{_authority.Replace("auth/realms", "auth/admin/realms")}/");
-
             return httpClient;
         }
 

diff --git a/api/Crt.Model/CrtClaimTypes.cs b/api/Crt.Model/CrtClaimTypes.cs
@@ -2,11 +2,12 @@
 {
     public static class CrtClaimTypes
     {
-        public const string KcUsername = "preferred_username";
-        public const string KcIdirGuid = "idir_userid";
+        public const string KcUsername = "idir_username";
+        public const string KcIdirGuid = "idir_user_guid";
         public const string KcIsApiClient = "api_client";
+        public const string KcClientId = "clientId";
         public const string KcApiUsername = "username";
-
+        public const string PreferredUsername = "preferred_username";
         public const string Permission = "CRT_PERMISSION";
         public const string ServiceAreaNumber = "CRT_SERVICE_AREA_NUMBER";
     }

diff --git a/client/src/js/Keycloak.js b/client/src/js/Keycloak.js
@@ -14,19 +14,20 @@ export const keycloak = Keycloak(keycloakConfig);
 
 const login = keycloak.login;
 keycloak.login = (options) => {
-  options.idpHint = 'idir';
+  options.idpHint = 'oidc-custom-idir';
   login(options);
 };
 
 export const init = (onSuccess) => {
   //disable checkLoginIframe
   //https://medium.com/@szoradi.balazs/keycloak-login-infinite-loop-9005bcd9a915
-  keycloak.init({ onLoad: 'login-required', promiseType: 'native', checkLoginIframe: false }).then((authenticated) => {
+  keycloak.init({ onLoad: 'login-required', promiseType: 'native', checkLoginIframe: false}).then((authenticated) => {
     if (authenticated && onSuccess) {
       onSuccess();
     }
   });
 
+
   keycloak.onAuthLogout = () => {
     window.location.reload();
   };

diff --git a/openshift/api-build-config.yaml b/openshift/api-build-config.yaml
@@ -1,4 +1,4 @@
-apiVersion: v1
+apiVersion: template.openshift.io/v1
 kind: Template
 metadata:
   creationTimestamp: null

diff --git a/openshift/api-deploy-config.yaml b/openshift/api-deploy-config.yaml
@@ -1,4 +1,4 @@
-apiVersion: v1
+apiVersion: template.openshift.io/v1
 kind: Template
 metadata:
   creationTimestamp: null

diff --git a/openshift/client-build-config.yaml b/openshift/client-build-config.yaml
@@ -1,4 +1,4 @@
-apiVersion: v1
+apiVersion: template.openshift.io/v1
 kind: Template
 metadata:
   creationTimestamp: null

diff --git a/openshift/client-deploy-config.yaml b/openshift/client-deploy-config.yaml
@@ -1,4 +1,4 @@
-apiVersion: v1
+apiVersion: template.openshift.io/v1
 kind: Template
 metadata:
   creationTimestamp: null

diff --git a/openshift/configmaps/api-appsettings.yaml b/openshift/configmaps/api-appsettings.yaml
@@ -1,4 +1,4 @@
-apiVersion: v1
+apiVersion: template.openshift.io/v1
 kind: Template
 metadata:
   name: "true"
@@ -9,7 +9,7 @@ objects:
         {
           "AllowedHosts": "*",
           "Constants": {
-              "Version": "1.0.3.0",
+              "Version": "1.0.4.0",
               "SwaggerApiUrl": "/swagger/v1/swagger.json"
           },
           "Serilog": {

diff --git a/openshift/postgresql-deploy-config.yaml b/openshift/postgresql-deploy-config.yaml
@@ -1,5 +1,5 @@
 kind: Template
-apiVersion: v1
+apiVersion: template.openshift.io/v1
 metadata:
   name: ${PROJECT_NAME}
 objects:

diff --git a/openshift/secrets/apikeys-secret.yaml b/openshift/secrets/apikeys-secret.yaml
@@ -1,4 +1,4 @@
-apiVersion: v1
+apiVersion: template.openshift.io/v1
 kind: Template
 metadata:
   creationTimestamp: null

diff --git a/openshift/secrets/database-secrets.yaml b/openshift/secrets/database-secrets.yaml
diff --git a/openshift/secrets/keycloak-service-account-secrets.yaml b/openshift/secrets/keycloak-service-account-secrets.yaml
diff --git a/openshift/secrets/logdb-postgresql-secrets.yaml b/openshift/secrets/logdb-postgresql-secrets.yaml
diff --git a/openshift/secrets/service-account-secrets.yaml b/openshift/secrets/service-account-secrets.yaml
@@ -1,4 +1,4 @@
-apiVersion: v1
+apiVersion: template.openshift.io/v1
 kind: Template
 metadata:
   creationTimestamp: null

diff --git a/openshift/secrets/sso-secrets.yaml b/openshift/secrets/sso-secrets.yaml
diff --git a/openshift/twm-build-config.yaml b/openshift/twm-build-config.yaml
@@ -1,4 +1,4 @@
-apiVersion: v1
+apiVersion: template.openshift.io/v1
 kind: Template
 metadata:
   creationTimestamp: null

diff --git a/openshift/twm-deploy-config.yaml b/openshift/twm-deploy-config.yaml
@@ -1,4 +1,4 @@
-apiVersion: v1
+apiVersion: template.openshift.io/v1
 kind: Template
 metadata:
   creationTimestamp: null