From 2df3958d4dec339d592f62effe7bbbf8387d89d6 Mon Sep 17 00:00:00 2001 From: "Kristen.Herum" Date: Fri, 20 Dec 2024 07:28:31 +0100 Subject: [PATCH] Revert "Bugfix/altinn3 tilgang (#3700)" This reverts commit 1ea2342517e8d663f29f804cfac36d5a51b00b56. --- .github/workflows/integration-tests.yml | 10 +- apps/altinn3-tilgang-service/README.md | 1 - apps/altinn3-tilgang-service/build.gradle | 1 - apps/altinn3-tilgang-service/config.dev.yml | 1 - apps/altinn3-tilgang-service/config.prod.yml | 1 - .../docker-compose.yml | 18 --- apps/altinn3-tilgang-service/settings.gradle | 2 +- .../consumer/altinn/AltinnConsumer.java | 45 +++---- .../CreateAccessListeMemberCommand.java | 10 +- .../DeleteAccessListMemberCommand.java | 8 +- .../command/GetAccessListMembersCommand.java | 8 +- .../command/GetAuthorizedPartiesCommand.java | 40 ------- .../consumer/altinn/dto/AccessToken.java | 0 .../AltinnAuthorizedPartiesRequestDTO.java | 18 --- ...esponseDTO.java => AltinnResponseDTO.java} | 2 +- .../altinn/dto/AuthorizedPartyDTO.java | 42 ------- .../domain/PersonRequest.java | 13 -- .../AltinnBrukerTilgangController.java | 33 ------ ...ller.java => AltinnTilgangController.java} | 6 +- .../service/AltinnBrukerTilgangService.java | 112 ------------------ ...Service.java => AltinnTilgangService.java} | 2 +- .../service/MiljoerOversiktService.java | 14 ++- .../src/main/resources/application-local.yml | 6 +- .../src/main/resources/application.yml | 3 +- apps/dolly-frontend/config.idporten.yml | 5 +- apps/dolly-frontend/config.test.yml | 2 + apps/dolly-frontend/config.unstable.yml | 2 + apps/dolly-frontend/config.yml | 2 + .../web/DollyFrontendApplicationStarter.java | 2 + .../no/nav/dolly/web/config/Consumers.java | 1 + ...inn3PersonOrganisasjonTilgangConsumer.java | 66 ----------- .../PersonOrganisasjonTilgangConsumer.java | 62 ++++++++++ ... GetPersonOrganisasjonTilgangCommand.java} | 24 ++-- .../consumers/dto/AltinnBrukerRequest.java | 11 -- .../web/consumers/dto/OrganisasjonDTO.java | 12 ++ .../provider/web/BrukerTilgangController.java | 29 ----- .../web/provider/web/SessionController.java | 7 +- .../main/js/playwright/mocks/BasicMocks.tsx | 3 +- .../main/js/playwright/tests/Bankid.spec.ts | 2 +- .../src/main/js/proxy-routes.json | 7 +- .../PersonOrganisasjonTilgangService.tsx | 5 +- .../utils/hooks/useOrganisasjonTilgang.tsx | 2 +- .../src/main/resources/application-local.yml | 3 + .../src/main/resources/application.yml | 5 + .../src/main/resources/logback-spring.xml | 14 ++- .../libs/dto/altinn3/v1/OrganisasjonDTO.java | 17 --- .../libs/dto/altinn3/v1/PersonDTO.java | 32 ----- .../GetAuthenticatedResourceServerType.java | 16 +-- .../action/GetAuthenticatedToken.java | 27 +---- .../action/GetAuthenticatedUserId.java | 20 +--- .../reactivesecurity/action/JwtResolver.java | 23 +++- .../action/Oauth2Resolver.java | 35 ------ 52 files changed, 214 insertions(+), 618 deletions(-) delete mode 100644 apps/altinn3-tilgang-service/docker-compose.yml delete mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/GetAuthorizedPartiesCommand.java create mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AccessToken.java delete mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AltinnAuthorizedPartiesRequestDTO.java rename apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/{AltinnAccessListResponseDTO.java => AltinnResponseDTO.java} (95%) delete mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AuthorizedPartyDTO.java delete mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/domain/PersonRequest.java delete mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/provider/AltinnBrukerTilgangController.java rename apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/provider/{AltinnOrganisasjonTilgangController.java => AltinnTilgangController.java} (89%) delete mode 100644 apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/service/AltinnBrukerTilgangService.java rename apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/service/{AltinnOrganisasjonTilgangService.java => AltinnTilgangService.java} (98%) delete mode 100644 apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/Altinn3PersonOrganisasjonTilgangConsumer.java create mode 100644 apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/PersonOrganisasjonTilgangConsumer.java rename apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/command/{PostPersonOrganisasjonTilgangCommand.java => GetPersonOrganisasjonTilgangCommand.java} (59%) delete mode 100644 apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/dto/AltinnBrukerRequest.java create mode 100644 apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/dto/OrganisasjonDTO.java delete mode 100644 apps/dolly-frontend/src/main/java/no/nav/dolly/web/provider/web/BrukerTilgangController.java delete mode 100644 libs/data-transfer-objects/src/main/java/no/nav/testnav/libs/dto/altinn3/v1/OrganisasjonDTO.java delete mode 100644 libs/data-transfer-objects/src/main/java/no/nav/testnav/libs/dto/altinn3/v1/PersonDTO.java delete mode 100644 libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/Oauth2Resolver.java diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml index 9351999c60b..16c25d9ff37 100644 --- a/.github/workflows/integration-tests.yml +++ b/.github/workflows/integration-tests.yml @@ -3,6 +3,7 @@ on: push: paths: - 'apps/bruker-service/**' + - 'apps/person-organisasjon-tilgang-service/**' workflow_dispatch: jobs: @@ -13,4 +14,11 @@ jobs: working-directory: 'apps/bruker-service/' healthcheck: 'http://localhost:8002/internal/isAlive' secrets: - NAV_TOKEN: ${{ secrets.NAV_TOKEN }} \ No newline at end of file + NAV_TOKEN: ${{ secrets.NAV_TOKEN }} + person-organisasjon-tilgang-service: + if: github.event.pull_request.draft == false + uses: ./.github/workflows/common.integration-test.yml + with: + working-directory: 'apps/person-organisasjon-tilgang-service/' + healthcheck: 'http://localhost:8001/internal/isAlive' + secrets: inherit \ No newline at end of file diff --git a/apps/altinn3-tilgang-service/README.md b/apps/altinn3-tilgang-service/README.md index baad90dca7e..ad8b6f4dd72 100644 --- a/apps/altinn3-tilgang-service/README.md +++ b/apps/altinn3-tilgang-service/README.md @@ -10,4 +10,3 @@ Swagger finnes under [/swagger-ui.html](https://testnav-altinn3-tilgang-service. ## Lokal kjøring * [Generelt.](../../docs/local_general.md) * [Secret Manager.](../../docs/local_secretmanager.md) -* [Database i GCP.](../../docs/gcp_db.md) diff --git a/apps/altinn3-tilgang-service/build.gradle b/apps/altinn3-tilgang-service/build.gradle index cf1162f4ca0..1ea7ae40843 100644 --- a/apps/altinn3-tilgang-service/build.gradle +++ b/apps/altinn3-tilgang-service/build.gradle @@ -10,7 +10,6 @@ sonarqube { } dependencies { - implementation "no.nav.testnav.libs:data-transfer-objects" implementation "no.nav.testnav.libs:reactive-core" implementation "no.nav.testnav.libs:reactive-security" diff --git a/apps/altinn3-tilgang-service/config.dev.yml b/apps/altinn3-tilgang-service/config.dev.yml index 16511daa0a1..b9d45fba561 100644 --- a/apps/altinn3-tilgang-service/config.dev.yml +++ b/apps/altinn3-tilgang-service/config.dev.yml @@ -23,7 +23,6 @@ spec: consumes: - name: altinn:resourceregistry/accesslist.read - name: altinn:resourceregistry/accesslist.write - - name: altinn:accessmanagement/authorizedparties.resourceowner accessPolicy: inbound: rules: diff --git a/apps/altinn3-tilgang-service/config.prod.yml b/apps/altinn3-tilgang-service/config.prod.yml index 2ea338b1fb7..f24efb9735e 100644 --- a/apps/altinn3-tilgang-service/config.prod.yml +++ b/apps/altinn3-tilgang-service/config.prod.yml @@ -23,7 +23,6 @@ spec: consumes: - name: altinn:resourceregistry/accesslist.read - name: altinn:resourceregistry/accesslist.write - - name: altinn:accessmanagement/authorizedparties.resourceowner accessPolicy: inbound: rules: diff --git a/apps/altinn3-tilgang-service/docker-compose.yml b/apps/altinn3-tilgang-service/docker-compose.yml deleted file mode 100644 index b0eb57bd211..00000000000 --- a/apps/altinn3-tilgang-service/docker-compose.yml +++ /dev/null @@ -1,18 +0,0 @@ -services: - - cloud_sql_proxy: - image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.14.2 - network_mode: host - command: - - "dolly-dev-ff83:europe-north1:testnav-altinn3-tilgang-local" - - "--credentials-file=/application_default_credentials.json" - - "--run-connection-test" - volumes: - - type: bind - # Set a variable $DOLLY_APPLICATION_CREDENTIALS. We don't use - # GOOGLE_APPLICATION_CREDENTIALS, as this causes an extra step during login. - # - # - $HOME/.config/gcloud/application_default_credentials.json for Linux/macOS. - # - $APPDATA/gcloud/application_default_credentials.json for Windows. - source: $DOLLY_APPLICATION_CREDENTIALS - target: /application_default_credentials.json \ No newline at end of file diff --git a/apps/altinn3-tilgang-service/settings.gradle b/apps/altinn3-tilgang-service/settings.gradle index d7e1b8e69d7..e7a413ca6d0 100644 --- a/apps/altinn3-tilgang-service/settings.gradle +++ b/apps/altinn3-tilgang-service/settings.gradle @@ -6,9 +6,9 @@ rootProject.name = 'altinn3-tilgang-service' includeBuild "../../plugins/java" -includeBuild '../../libs/data-transfer-objects' includeBuild '../../libs/reactive-core' includeBuild '../../libs/reactive-security' +includeBuild '../../libs/vault' develocity { buildScan { diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/AltinnConsumer.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/AltinnConsumer.java index cf62199a355..ae8f52b3b39 100644 --- a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/AltinnConsumer.java +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/AltinnConsumer.java @@ -10,11 +10,8 @@ import no.nav.testnav.altinn3tilgangservice.consumer.altinn.command.CreateAccessListeMemberCommand; import no.nav.testnav.altinn3tilgangservice.consumer.altinn.command.DeleteAccessListMemberCommand; import no.nav.testnav.altinn3tilgangservice.consumer.altinn.command.GetAccessListMembersCommand; -import no.nav.testnav.altinn3tilgangservice.consumer.altinn.command.GetAuthorizedPartiesCommand; import no.nav.testnav.altinn3tilgangservice.consumer.altinn.command.GetExchangeTokenCommand; -import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.AltinnAccessListResponseDTO; -import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.AltinnAuthorizedPartiesRequestDTO; -import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.AuthorizedPartyDTO; +import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.AltinnResponseDTO; import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.BrregResponseDTO; import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.OrganisasjonCreateDTO; import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.OrganisasjonDeleteDTO; @@ -28,7 +25,6 @@ import reactor.core.publisher.Flux; import reactor.core.publisher.Mono; -import java.util.Arrays; import java.util.List; import java.util.Map; @@ -80,7 +76,7 @@ public Flux delete(String organisasjonsnummer) { return Flux.from(getAccessListMembers() .flatMapMany(value -> Flux.fromIterable(value.getData())) - .map(AltinnAccessListResponseDTO.AccessListMembershipDTO::getIdentifiers) + .map(AltinnResponseDTO.AccessListMembershipDTO::getIdentifiers) .collectList() .map(data -> getIdentifier(data, organisasjonsnummer)) .map(identifier -> @@ -110,16 +106,16 @@ public Flux create(String organisasjonsnummer) { new OrganisasjonCreateDTO(organisasjonsnummer), altinnConfig).call()) .flatMapMany(response -> - isBlank(response.getFeilmelding()) ? - Flux.fromIterable(response.getData()) - .map(this::getOrgnummer) - .filter(organisasjonsnummer::equals) - .flatMap(brregConsumer::getEnheter) : - Mono.just(BrregResponseDTO.builder() - .organisasjonsnummer(organisasjonsnummer) - .feilmelding(response.getFeilmelding()) - .status(response.getStatus()) - .build())) + isBlank(response.getFeilmelding()) ? + Flux.fromIterable(response.getData()) + .map(this::getOrgnummer) + .filter(organisasjonsnummer::equals) + .flatMap(brregConsumer::getEnheter) : + Mono.just(BrregResponseDTO.builder() + .organisasjonsnummer(organisasjonsnummer) + .feilmelding(response.getFeilmelding()) + .status(response.getStatus()) + .build())) .map(response -> mapperFacade.map(response, Organisasjon.class)); } @@ -129,18 +125,7 @@ public Flux getOrganisasjoner() { .flatMapMany(this::convertToOrganisasjon); } - public Flux getAuthorizedParties(String ident) { - - return maskinportenConsumer.getAccessToken() - .flatMap(this::exchangeToken) - .flatMap(exchangeToken -> new GetAuthorizedPartiesCommand(webClient, - new AltinnAuthorizedPartiesRequestDTO(ident), - exchangeToken).call()) - .map(Arrays::asList) - .flatMapIterable(list -> list); - } - - private Mono getAccessListMembers() { + private Mono getAccessListMembers() { return maskinportenConsumer.getAccessToken() .flatMap(this::exchangeToken) @@ -150,7 +135,7 @@ private Mono getAccessListMembers() { altinnConfig).call()); } - private Flux convertToOrganisasjon(AltinnAccessListResponseDTO altInnResponse) { + private Flux convertToOrganisasjon(AltinnResponseDTO altInnResponse) { return Flux.fromIterable(altInnResponse.getData()) .map(this::getOrgnummer) @@ -170,7 +155,7 @@ private OrganisasjonDeleteDTO getIdentifier(List data, String organisa } @SneakyThrows - private String getOrgnummer(AltinnAccessListResponseDTO.AccessListMembershipDTO data) { + private String getOrgnummer(AltinnResponseDTO.AccessListMembershipDTO data) { return data.getIdentifiers() .get(ORGANISASJON_ID) diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/CreateAccessListeMemberCommand.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/CreateAccessListeMemberCommand.java index d665fd9723d..997a7b65a70 100644 --- a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/CreateAccessListeMemberCommand.java +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/CreateAccessListeMemberCommand.java @@ -3,7 +3,7 @@ import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import no.nav.testnav.altinn3tilgangservice.config.AltinnConfig; -import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.AltinnAccessListResponseDTO; +import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.AltinnResponseDTO; import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.OrganisasjonCreateDTO; import no.nav.testnav.libs.reactivecore.utils.WebClientFilter; import org.springframework.http.HttpHeaders; @@ -16,7 +16,7 @@ @Slf4j @RequiredArgsConstructor -public class CreateAccessListeMemberCommand implements Callable> { +public class CreateAccessListeMemberCommand implements Callable> { private static final String ALTINN_URL = "/resourceregistry/api/v1/access-lists/{owner}/{identifier}/members"; @@ -27,7 +27,7 @@ public class CreateAccessListeMemberCommand implements Callable call() { + public Mono call() { return webClient .post() @@ -37,14 +37,14 @@ public Mono call() { .header(HttpHeaders.AUTHORIZATION, "Bearer " + token) .header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) .retrieve() - .bodyToMono(AltinnAccessListResponseDTO.class) + .bodyToMono(AltinnResponseDTO.class) .doOnError(WebClientFilter::logErrorMessage) .doOnSuccess(value -> log.info("Altinn organisasjontilgang opprettet for {}", organisasjon.getData().stream() .map(data -> data.split(":")) .map(data -> data[data.length-1]) .collect(Collectors.joining()))) - .onErrorResume(throwable -> Mono.just(AltinnAccessListResponseDTO.builder() + .onErrorResume(throwable -> Mono.just(AltinnResponseDTO.builder() .status(WebClientFilter.getStatus(throwable)) .feilmelding(WebClientFilter.getMessage(throwable)) .build())); diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/DeleteAccessListMemberCommand.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/DeleteAccessListMemberCommand.java index e685b681507..ddaac4a82da 100644 --- a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/DeleteAccessListMemberCommand.java +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/DeleteAccessListMemberCommand.java @@ -3,7 +3,7 @@ import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import no.nav.testnav.altinn3tilgangservice.config.AltinnConfig; -import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.AltinnAccessListResponseDTO; +import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.AltinnResponseDTO; import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.OrganisasjonDeleteDTO; import no.nav.testnav.libs.reactivecore.utils.WebClientFilter; import org.springframework.http.HttpHeaders; @@ -19,7 +19,7 @@ @Slf4j @RequiredArgsConstructor -public class DeleteAccessListMemberCommand implements Callable> { +public class DeleteAccessListMemberCommand implements Callable> { private static final String ALTINN_URL = "/resourceregistry/api/v1/access-lists/{owner}/{identifier}/members"; @@ -30,7 +30,7 @@ public class DeleteAccessListMemberCommand implements Callable call() { + public Mono call() { return webClient .method(HttpMethod.DELETE) @@ -41,7 +41,7 @@ public Mono call() { .header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) .bodyValue(identifiers) .retrieve() - .bodyToMono(AltinnAccessListResponseDTO.class) + .bodyToMono(AltinnResponseDTO.class) .doOnSuccess(value -> log.info("Altinn organisasjontilgang slettet for {}", identifiers.getData().stream() .filter(data -> data.contains(ORGANISASJON_ID)) diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/GetAccessListMembersCommand.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/GetAccessListMembersCommand.java index 19f63d2f8db..1c615118bf7 100644 --- a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/GetAccessListMembersCommand.java +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/GetAccessListMembersCommand.java @@ -3,7 +3,7 @@ import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import no.nav.testnav.altinn3tilgangservice.config.AltinnConfig; -import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.AltinnAccessListResponseDTO; +import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.AltinnResponseDTO; import no.nav.testnav.libs.reactivecore.utils.WebClientFilter; import org.springframework.http.HttpHeaders; import org.springframework.http.MediaType; @@ -14,7 +14,7 @@ @Slf4j @RequiredArgsConstructor -public class GetAccessListMembersCommand implements Callable> { +public class GetAccessListMembersCommand implements Callable> { private static final String ALTINN_URL = "/resourceregistry/api/v1/access-lists/{owner}/{identifier}/members"; @@ -23,7 +23,7 @@ public class GetAccessListMembersCommand implements Callable call() { + public Mono call() { return webClient .get() @@ -32,7 +32,7 @@ public Mono call() { .header(HttpHeaders.AUTHORIZATION, "Bearer " + token) .header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) .retrieve() - .bodyToMono(AltinnAccessListResponseDTO.class) + .bodyToMono(AltinnResponseDTO.class) .doOnError(WebClientFilter::logErrorMessage) .doOnSuccess(value -> log.info("Altinn-tilgang hentet")); } diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/GetAuthorizedPartiesCommand.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/GetAuthorizedPartiesCommand.java deleted file mode 100644 index d58693bacb2..00000000000 --- a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/command/GetAuthorizedPartiesCommand.java +++ /dev/null @@ -1,40 +0,0 @@ -package no.nav.testnav.altinn3tilgangservice.consumer.altinn.command; - -import lombok.RequiredArgsConstructor; -import lombok.extern.slf4j.Slf4j; -import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.AltinnAuthorizedPartiesRequestDTO; -import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.AuthorizedPartyDTO; -import no.nav.testnav.libs.reactivecore.utils.WebClientFilter; -import org.springframework.http.HttpHeaders; -import org.springframework.http.MediaType; -import org.springframework.web.reactive.function.client.WebClient; -import reactor.core.publisher.Mono; - -import java.util.concurrent.Callable; - -@Slf4j -@RequiredArgsConstructor -public class GetAuthorizedPartiesCommand implements Callable> { - - private static final String ALTINN_URL = "/accessmanagement/api/v1/resourceowner/authorizedparties"; - - private final WebClient webClient; - private final AltinnAuthorizedPartiesRequestDTO request; - private final String token; - - @Override - public Mono call() { - - log.info("Spørring på bruker {}", request); - return webClient - .post() - .uri(builder -> builder.path(ALTINN_URL) - .build()) - .header(HttpHeaders.AUTHORIZATION, "Bearer " + token) - .header(HttpHeaders.CONTENT_TYPE, MediaType.APPLICATION_JSON_VALUE) - .bodyValue(request) - .retrieve() - .bodyToMono(AuthorizedPartyDTO[].class) - .doOnError(WebClientFilter::logErrorMessage); - } -} \ No newline at end of file diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AccessToken.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AccessToken.java new file mode 100644 index 00000000000..e69de29bb2d diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AltinnAuthorizedPartiesRequestDTO.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AltinnAuthorizedPartiesRequestDTO.java deleted file mode 100644 index 7e2eecded37..00000000000 --- a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AltinnAuthorizedPartiesRequestDTO.java +++ /dev/null @@ -1,18 +0,0 @@ -package no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto; - -import lombok.Data; - -@Data -public class AltinnAuthorizedPartiesRequestDTO { - - private static final String IDENT_IDENTIFIKATOR = "urn:altinn:person:identifier-no"; - - private String type; - private String value; - - public AltinnAuthorizedPartiesRequestDTO(String ident) { - - this.type = IDENT_IDENTIFIKATOR; - this.value = ident; - } -} diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AltinnAccessListResponseDTO.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AltinnResponseDTO.java similarity index 95% rename from apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AltinnAccessListResponseDTO.java rename to apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AltinnResponseDTO.java index 6521fa55049..720fec9136f 100644 --- a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AltinnAccessListResponseDTO.java +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AltinnResponseDTO.java @@ -17,7 +17,7 @@ @Builder @NoArgsConstructor @AllArgsConstructor -public class AltinnAccessListResponseDTO { +public class AltinnResponseDTO { private List data; private String feilmelding; diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AuthorizedPartyDTO.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AuthorizedPartyDTO.java deleted file mode 100644 index 0fe03486d57..00000000000 --- a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/consumer/altinn/dto/AuthorizedPartyDTO.java +++ /dev/null @@ -1,42 +0,0 @@ -package no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto; - -import lombok.AllArgsConstructor; -import lombok.Builder; -import lombok.Data; -import lombok.NoArgsConstructor; - -import java.util.ArrayList; -import java.util.List; - -import static java.util.Objects.isNull; - -@Data -@Builder -@NoArgsConstructor -@AllArgsConstructor -public class AuthorizedPartyDTO { - - private String name; - private String organizationNumber; - private String unitType; - private Boolean isDeleted; - private List authorizedResources; - private List subunits; - - public List getAuthorizedResources() { - - if (isNull(authorizedResources)) { - authorizedResources = new ArrayList<>(); - } - return authorizedResources; - } - - public List getSubunits() { - - if (isNull(subunits)) { - subunits = new ArrayList<>(); - } - return subunits; - } -} - diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/domain/PersonRequest.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/domain/PersonRequest.java deleted file mode 100644 index 40f9ef759f0..00000000000 --- a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/domain/PersonRequest.java +++ /dev/null @@ -1,13 +0,0 @@ -package no.nav.testnav.altinn3tilgangservice.domain; - -import lombok.AllArgsConstructor; -import lombok.Data; -import lombok.NoArgsConstructor; - -@Data -@NoArgsConstructor -@AllArgsConstructor -public class PersonRequest { - - private String ident; -} diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/provider/AltinnBrukerTilgangController.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/provider/AltinnBrukerTilgangController.java deleted file mode 100644 index 55893774beb..00000000000 --- a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/provider/AltinnBrukerTilgangController.java +++ /dev/null @@ -1,33 +0,0 @@ -package no.nav.testnav.altinn3tilgangservice.provider; - -import lombok.RequiredArgsConstructor; -import no.nav.testnav.altinn3tilgangservice.domain.PersonRequest; -import no.nav.testnav.altinn3tilgangservice.service.AltinnBrukerTilgangService; -import no.nav.testnav.libs.dto.altinn3.v1.OrganisasjonDTO; -import no.nav.testnav.libs.dto.altinn3.v1.PersonDTO; -import org.springframework.web.bind.annotation.PostMapping; -import org.springframework.web.bind.annotation.RequestBody; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RestController; -import reactor.core.publisher.Flux; -import reactor.core.publisher.Mono; - -@RestController -@RequestMapping("/api/v1/brukertilgang") -@RequiredArgsConstructor -public class AltinnBrukerTilgangController { - - private final AltinnBrukerTilgangService brukerTilgangService; - - @PostMapping - public Flux getPersonOrganisasjonTilgang(@RequestBody PersonRequest request) { - - return brukerTilgangService.getPersonOrganisasjonTilgang(request.getIdent()); - } - - @PostMapping("/detaljert") - public Mono getPersonOrganisasjonDetaljertTilgang(@RequestBody PersonRequest request) { - - return brukerTilgangService.getPersonOrganisasjonDetaljertTilgang(request.getIdent()); - } -} diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/provider/AltinnOrganisasjonTilgangController.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/provider/AltinnTilgangController.java similarity index 89% rename from apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/provider/AltinnOrganisasjonTilgangController.java rename to apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/provider/AltinnTilgangController.java index 484700ce2d9..140f414c701 100644 --- a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/provider/AltinnOrganisasjonTilgangController.java +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/provider/AltinnTilgangController.java @@ -4,7 +4,7 @@ import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import no.nav.testnav.altinn3tilgangservice.domain.OrganisasjonResponse; -import no.nav.testnav.altinn3tilgangservice.service.AltinnOrganisasjonTilgangService; +import no.nav.testnav.altinn3tilgangservice.service.AltinnTilgangService; import org.springframework.web.bind.annotation.DeleteMapping; import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.PathVariable; @@ -20,9 +20,9 @@ @RestController @RequestMapping("/api/v1/organisasjoner") @RequiredArgsConstructor -public class AltinnOrganisasjonTilgangController { +public class AltinnTilgangController { - private final AltinnOrganisasjonTilgangService altinnTilgangService; + private final AltinnTilgangService altinnTilgangService; @GetMapping @Operation(description = "Henter alle organisasjoner med Altinn-tilgang") diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/service/AltinnBrukerTilgangService.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/service/AltinnBrukerTilgangService.java deleted file mode 100644 index 581ba8f8ff5..00000000000 --- a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/service/AltinnBrukerTilgangService.java +++ /dev/null @@ -1,112 +0,0 @@ -package no.nav.testnav.altinn3tilgangservice.service; - -import lombok.RequiredArgsConstructor; -import lombok.extern.slf4j.Slf4j; -import no.nav.testnav.altinn3tilgangservice.consumer.altinn.AltinnConsumer; -import no.nav.testnav.altinn3tilgangservice.consumer.altinn.dto.AuthorizedPartyDTO; -import no.nav.testnav.altinn3tilgangservice.domain.Organisasjon; -import no.nav.testnav.libs.dto.altinn3.v1.OrganisasjonDTO; -import no.nav.testnav.libs.dto.altinn3.v1.PersonDTO; -import org.springframework.stereotype.Service; -import reactor.core.publisher.Flux; -import reactor.core.publisher.Mono; -import reactor.util.function.Tuple2; - -import java.util.List; - -import static org.apache.commons.lang3.BooleanUtils.isFalse; -import static org.apache.commons.lang3.StringUtils.isNotBlank; - -@Slf4j -@Service -@RequiredArgsConstructor -public class AltinnBrukerTilgangService { - - private static final String DOLLY_RESOURCE = "nav_dolly_tilgang-samarbeidspartnere"; - private final AltinnConsumer altinnConsumer; - - public Flux getPersonOrganisasjonTilgang(String ident) { - - return Flux.zip( - altinnConsumer.getAuthorizedParties(ident), - altinnConsumer.getOrganisasjoner().collectList()) - .flatMap(this::getOrganisasjon); - } - - private Mono getOrganisasjon(Tuple2> organisasjoner) { - - return Mono.just(organisasjoner.getT1()) - .filter(party -> party.getAuthorizedResources().contains(DOLLY_RESOURCE)) - .filter(party -> organisasjoner.getT2().stream() - .anyMatch(organisasjon -> organisasjon.getOrganisasjonsnummer().equals(party.getOrganizationNumber()))) - .map(part -> OrganisasjonDTO.builder() - .navn(part.getName()) - .organisasjonsnummer(part.getOrganizationNumber()) - .organisasjonsform(part.getUnitType()) - .build()); - } - - public Mono getPersonOrganisasjonDetaljertTilgang(String ident) { - - return Mono.zip( - altinnConsumer.getAuthorizedParties(ident).collectList(), - altinnConsumer.getOrganisasjoner().collectList()) - .flatMapMany(this::getTilpassetOrganisasjon) - .collectList() - .map(organisasjoner -> PersonDTO.builder() - .ident(ident) - .organisasjoner(organisasjoner) - .build()); - } - - private Flux getTilpassetOrganisasjon(Tuple2, List> organisasjoner) { - - return Flux.fromIterable(organisasjoner.getT1()) - .filter(party -> isNotBlank(party.getOrganizationNumber()) && isNotBlank(party.getName())) - .filter(party -> isFalse(party.getIsDeleted())) - .map(party -> PersonDTO.OrganisasjonDTO.builder() - .navn(party.getName()) - .organisasjonsnummer(party.getOrganizationNumber()) - .organisasjonsform(party.getUnitType()) - .hasAltinnDollyTilgang(hasAltinnDollyTilgang(party)) - .hasDollyOrganisasjonTilgang(hasDollyOrganisasjonTilgang(organisasjoner.getT2(), party)) - .melding(getMelding(party.getName(), party.getOrganizationNumber(), - hasAltinnDollyTilgang(party), hasDollyOrganisasjonTilgang(organisasjoner.getT2(), party))) - .build()); - } - - private static boolean hasAltinnDollyTilgang(AuthorizedPartyDTO authorizedParty) { - - return authorizedParty.getAuthorizedResources().contains(DOLLY_RESOURCE); - } - - private static boolean hasDollyOrganisasjonTilgang(List organisasjoner, AuthorizedPartyDTO party) { - - return organisasjoner.stream() - .anyMatch(organisasjon -> organisasjon.getOrganisasjonsnummer().equals(party.getOrganizationNumber())); - } - - private static String getMelding(String orgnavn, String orgnummer, boolean hasAltinnDollyTilgang, boolean hasDollyOrganisasjonTilgang) { - - return new StringBuilder() - .append(!hasAltinnDollyTilgang ? - "Du mangler tilgang i Altinn på følgende tjenste: " + - "\"Tilgang til NAVs Dolly for samarbeidspartnere\" " + - "for organisasjon %s (med orgnummer %s)%n".formatted(orgnavn, orgnummer) : "") - .append(!hasAltinnDollyTilgang && !hasDollyOrganisasjonTilgang ? - " og %n" : "") - .append(!hasDollyOrganisasjonTilgang ? - "Organisasjon %s (med orgnummer %s) " .formatted(orgnavn, orgnummer) + - "mangler tilgang på Dolly syntetiske testdata selvbetjening%n" : "") - .append(!hasAltinnDollyTilgang || !hasDollyOrganisasjonTilgang ? - "Hvis du har til hensikt å bruke Dolly til å generere testdata, gjør følgende:%n" : "") - .append(!hasAltinnDollyTilgang ? - "- Ta kontakt med Altinn-ansvarlig i %s (med orgnummer %s) ".formatted(orgnavn, orgnummer) + - "og spør om vedkommene kan gi deg tilgang til tjenesten: " + - "\"Tilgang til NAVs Dolly for samarbeidspartnere\"%n" : "") - .append(!hasDollyOrganisasjonTilgang ? - "- Ta kontakt med NAV ved Anders Marstrander epost: anders.marstrander@nav.no, og spør om " + - "organisasjon med orgnr %s kan gis tilgang til Dolly syntetiske testdata selvbetjening%n".formatted(orgnummer) : "") - .toString(); - } -} diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/service/AltinnOrganisasjonTilgangService.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/service/AltinnTilgangService.java similarity index 98% rename from apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/service/AltinnOrganisasjonTilgangService.java rename to apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/service/AltinnTilgangService.java index 6dc40eb83fd..d4151a28ecf 100644 --- a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/service/AltinnOrganisasjonTilgangService.java +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/service/AltinnTilgangService.java @@ -17,7 +17,7 @@ @Service @RequiredArgsConstructor -public class AltinnOrganisasjonTilgangService { +public class AltinnTilgangService { private static final String ORGANISASJON_TILGANG = "tilgang"; private final AltinnConsumer altinnConsumer; diff --git a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/service/MiljoerOversiktService.java b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/service/MiljoerOversiktService.java index 3774737e83f..81202173881 100644 --- a/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/service/MiljoerOversiktService.java +++ b/apps/altinn3-tilgang-service/src/main/java/no/nav/testnav/altinn3tilgangservice/service/MiljoerOversiktService.java @@ -4,9 +4,7 @@ import no.nav.testnav.altinn3tilgangservice.consumer.altinn.AltinnConsumer; import no.nav.testnav.altinn3tilgangservice.database.entity.OrganisasjonTilgang; import no.nav.testnav.altinn3tilgangservice.database.repository.OrganisasjonTilgangRepository; -import org.springframework.http.HttpStatus; import org.springframework.stereotype.Service; -import org.springframework.web.server.ResponseStatusException; import reactor.core.publisher.Mono; import static org.apache.commons.lang3.BooleanUtils.isTrue; @@ -49,13 +47,17 @@ public Mono updateMiljoe(String orgnummer, String miljoe) { organisasjon.setMiljoe(miljoe); return organisasjonTilgangRepository.save(organisasjon); }) : - - throwError(orgnummer)); + organisasjonTilgangRepository.save(OrganisasjonTilgang.builder() + .organisasjonNummer(orgnummer) + .miljoe(miljoe) + .build())); } private static Mono throwError(String orgnummer) { - throw new ResponseStatusException(HttpStatus.NOT_FOUND, - "Organisasjonsnummer %s ble ikke funnet".formatted(orgnummer)); + return Mono.just(OrganisasjonTilgang.builder() + .organisasjonNummer(orgnummer) + .feilmelding("404 Not found: Organisasjonsnummer %s ble ikke funnet".formatted(orgnummer)) + .build()); } } diff --git a/apps/altinn3-tilgang-service/src/main/resources/application-local.yml b/apps/altinn3-tilgang-service/src/main/resources/application-local.yml index b53b18bab13..7916eb7f7fa 100644 --- a/apps/altinn3-tilgang-service/src/main/resources/application-local.yml +++ b/apps/altinn3-tilgang-service/src/main/resources/application-local.yml @@ -1,9 +1,9 @@ -ALTINN_URL: https://platform.tt02.altinn.no +ALTINN_URL: https://tt02.altinn.no AZURE_APP_CLIENT_ID: ${sm://azure-app-client-id} AZURE_APP_CLIENT_SECRET: ${sm://azure-app-client-secret} -MASKINPORTEN_CLIENT_ID: ef2960de-7fa6-4396-80a5-2eca00e4af28 +MASKINPORTEN_CLIENT_ID: dummy MASKINPORTEN_CLIENT_JWK: dummy -MASKINPORTEN_SCOPES: altinn:resourceregistry/accesslist.read altinn:resourceregistry/accesslist.write altinn:accessmanagement/authorizedparties.resourceowner +MASKINPORTEN_SCOPES: dummy MASKINPORTEN_WELL_KNOWN_URL: https://test.maskinporten.no/.well-known/oauth-authorization-server TOKEN_X_ISSUER: dummy diff --git a/apps/altinn3-tilgang-service/src/main/resources/application.yml b/apps/altinn3-tilgang-service/src/main/resources/application.yml index 16f513682d3..70a799743f3 100644 --- a/apps/altinn3-tilgang-service/src/main/resources/application.yml +++ b/apps/altinn3-tilgang-service/src/main/resources/application.yml @@ -52,5 +52,4 @@ server: encoding: charset: UTF-8 error: - include-message: always - include-stacktrace: never \ No newline at end of file + include-message: always \ No newline at end of file diff --git a/apps/dolly-frontend/config.idporten.yml b/apps/dolly-frontend/config.idporten.yml index 64f2ba53138..aed20782252 100644 --- a/apps/dolly-frontend/config.idporten.yml +++ b/apps/dolly-frontend/config.idporten.yml @@ -17,7 +17,7 @@ spec: tenant: nav.no replicas: min: 1 - max: 1 + max: 2 port: 8080 ingresses: - "https://dolly-idporten.ekstern.dev.nav.no" @@ -42,8 +42,11 @@ spec: - application: testnav-organisasjon-faste-data-service - application: testnav-organisasjon-forvalter - application: testnav-organisasjon-service + - application: testnav-organisasjon-tilgang-service - application: testnav-pdl-forvalter - application: testnav-person-faste-data-service + - application: testnav-person-organisasjon-tilgang-service + - application: testnav-person-organisasjon-tilgang-service-dev - application: testnav-person-search-service - application: testnav-person-service - application: testnav-skattekort-service diff --git a/apps/dolly-frontend/config.test.yml b/apps/dolly-frontend/config.test.yml index 9494c59a1f0..260eafa9a3e 100644 --- a/apps/dolly-frontend/config.test.yml +++ b/apps/dolly-frontend/config.test.yml @@ -46,8 +46,10 @@ spec: - application: testnav-organisasjon-faste-data-service - application: testnav-organisasjon-forvalter - application: testnav-organisasjon-service + - application: testnav-organisasjon-tilgang-service - application: testnav-pdl-forvalter-dev - application: testnav-person-faste-data-service + - application: testnav-person-organisasjon-tilgang-service-dev - application: testnav-person-search-service - application: testnav-person-service - application: testnav-sykemelding-api-dev diff --git a/apps/dolly-frontend/config.unstable.yml b/apps/dolly-frontend/config.unstable.yml index 19b2a8aa5cc..7a6b3df1dba 100644 --- a/apps/dolly-frontend/config.unstable.yml +++ b/apps/dolly-frontend/config.unstable.yml @@ -44,7 +44,9 @@ spec: - application: testnav-organisasjon-faste-data-service - application: testnav-organisasjon-forvalter - application: testnav-organisasjon-service + - application: testnav-organisasjon-tilgang-service - application: testnav-pdl-forvalter-dev + - application: testnav-person-organisasjon-tilgang-service-dev - application: testnav-person-search-service - application: testnav-person-service - application: testnav-tenor-search-service diff --git a/apps/dolly-frontend/config.yml b/apps/dolly-frontend/config.yml index 2faeb17bc3a..f0429be6a19 100644 --- a/apps/dolly-frontend/config.yml +++ b/apps/dolly-frontend/config.yml @@ -51,8 +51,10 @@ spec: - application: testnav-organisasjon-faste-data-service - application: testnav-organisasjon-forvalter - application: testnav-organisasjon-service + - application: testnav-organisasjon-tilgang-service - application: testnav-pdl-forvalter - application: testnav-person-faste-data-service + - application: testnav-person-organisasjon-tilgang-service - application: testnav-person-search-service - application: testnav-person-service - application: testnav-skattekort-service diff --git a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/DollyFrontendApplicationStarter.java b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/DollyFrontendApplicationStarter.java index d6bcdebdc7b..2df2a6e90d0 100644 --- a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/DollyFrontendApplicationStarter.java +++ b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/DollyFrontendApplicationStarter.java @@ -53,6 +53,7 @@ public class DollyFrontendApplicationStarter { @Bean public RouteLocator customRouteLocator(RouteLocatorBuilder builder) { + return builder .routes() .route(createRoute(consumers.getTestnavKontoregisterPersonProxy())) @@ -84,6 +85,7 @@ public RouteLocator customRouteLocator(RouteLocatorBuilder builder) { .route(createRoute(consumers.getTestnavSigrunstubProxy())) .route(createRoute(consumers.getTestnavPdlForvalter(), "testnav-pdl-forvalter")) .route(createRoute(consumers.getTestnavPersonSearchService())) + .route(createRoute(consumers.getTestnavPersonOrganisasjonTilgangService(), "testnav-person-organisasjon-tilgang-service")) .route(createRoute(consumers.getTestnavSkjermingsregisterProxy())) .route(createRoute(consumers.getTestnavDokarkivProxy())) .route(createRoute(consumers.getTestnavArbeidsplassenCVProxy())) diff --git a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/config/Consumers.java b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/config/Consumers.java index 86a118efec9..c29e9a91726 100644 --- a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/config/Consumers.java +++ b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/config/Consumers.java @@ -51,6 +51,7 @@ public class Consumers { private ServerProperties testnavOrganisasjonService; private ServerProperties testnavPdlForvalter; private ServerProperties testnavPensjonTestdataFacadeProxy; + private ServerProperties testnavPersonOrganisasjonTilgangService; private ServerProperties testnavPersonSearchService; private ServerProperties testnavPersonService; private ServerProperties testnavSigrunstubProxy; diff --git a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/Altinn3PersonOrganisasjonTilgangConsumer.java b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/Altinn3PersonOrganisasjonTilgangConsumer.java deleted file mode 100644 index 50a38ef30f7..00000000000 --- a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/Altinn3PersonOrganisasjonTilgangConsumer.java +++ /dev/null @@ -1,66 +0,0 @@ -package no.nav.dolly.web.consumers; - -import lombok.extern.slf4j.Slf4j; -import no.nav.dolly.web.config.Consumers; -import no.nav.dolly.web.consumers.command.PostPersonOrganisasjonTilgangCommand; -import no.nav.dolly.web.service.AccessService; -import no.nav.testnav.libs.dto.altinn3.v1.OrganisasjonDTO; -import no.nav.testnav.libs.reactivesecurity.action.GetAuthenticatedUserId; -import no.nav.testnav.libs.securitycore.domain.ServerProperties; -import org.springframework.stereotype.Component; -import org.springframework.web.reactive.function.client.WebClient; -import org.springframework.web.reactive.function.client.WebClientResponseException; -import org.springframework.web.server.ServerWebExchange; -import reactor.core.publisher.Flux; -import reactor.core.publisher.Mono; - -@Slf4j -@Component -public class Altinn3PersonOrganisasjonTilgangConsumer { - - private final WebClient webClient; - private final ServerProperties serverProperties; - private final AccessService accessService; - private final GetAuthenticatedUserId getAuthenticatedUserId; - - public Altinn3PersonOrganisasjonTilgangConsumer( - Consumers consumers, - AccessService accessService, - WebClient.Builder webClientBuilder, - GetAuthenticatedUserId getAuthenticatedUserId) { - - this.accessService = accessService; - serverProperties = consumers.getTestnavAltinn3TilgangService(); - - this.webClient = webClientBuilder - .baseUrl(serverProperties.getUrl()) - .build(); - this.getAuthenticatedUserId = getAuthenticatedUserId; - } - - public Mono hasAccess(String organisasjonsnummer, ServerWebExchange exchange) { - - return getAuthenticatedUserId - .call() - .flatMap(userId -> accessService.getAccessToken(serverProperties, exchange) - .flatMapMany(accessToken -> new PostPersonOrganisasjonTilgangCommand(webClient, userId, accessToken).call()) - .filter(organisasjonDTO -> organisasjonDTO.getOrganisasjonsnummer().equals(organisasjonsnummer)) - .onErrorResume( - WebClientResponseException.class::isInstance, - throwable -> { - log.warn("Person har ikke tilgang til organisasjon {}.", organisasjonsnummer); - return Mono.empty(); - }) - .reduce(Boolean.FALSE, (acc, value) -> Boolean.TRUE)); - } - - public Flux getOrganisasjoner(ServerWebExchange exchange) { - - return getAuthenticatedUserId - .call() - .flatMapMany(userId -> - accessService.getAccessToken(serverProperties, exchange) - .flatMapMany(accessToken -> new PostPersonOrganisasjonTilgangCommand(webClient, userId, accessToken).call())); - } -} - diff --git a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/PersonOrganisasjonTilgangConsumer.java b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/PersonOrganisasjonTilgangConsumer.java new file mode 100644 index 00000000000..cec7481322b --- /dev/null +++ b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/PersonOrganisasjonTilgangConsumer.java @@ -0,0 +1,62 @@ +package no.nav.dolly.web.consumers; + +import com.fasterxml.jackson.databind.ObjectMapper; +import lombok.extern.slf4j.Slf4j; +import no.nav.dolly.web.config.Consumers; +import no.nav.dolly.web.consumers.command.GetPersonOrganisasjonTilgangCommand; +import no.nav.dolly.web.service.AccessService; +import no.nav.testnav.libs.securitycore.domain.ServerProperties; +import org.springframework.http.MediaType; +import org.springframework.http.codec.json.Jackson2JsonDecoder; +import org.springframework.http.codec.json.Jackson2JsonEncoder; +import org.springframework.stereotype.Component; +import org.springframework.web.reactive.function.client.ExchangeStrategies; +import org.springframework.web.reactive.function.client.WebClient; +import org.springframework.web.reactive.function.client.WebClientResponseException; +import org.springframework.web.server.ServerWebExchange; +import reactor.core.publisher.Mono; + +@Slf4j +@Component +public class PersonOrganisasjonTilgangConsumer { + private final WebClient webClient; + private final ServerProperties serverProperties; + + private final AccessService accessService; + + public PersonOrganisasjonTilgangConsumer( + Consumers consumers, + AccessService accessService, + ObjectMapper objectMapper, + WebClient.Builder webClientBuilder) { + + this.accessService = accessService; + serverProperties = consumers.getTestnavPersonOrganisasjonTilgangService(); + ExchangeStrategies jacksonStrategy = ExchangeStrategies.builder() + .codecs(config -> { + config.defaultCodecs() + .jackson2JsonEncoder(new Jackson2JsonEncoder(objectMapper, MediaType.APPLICATION_JSON)); + config.defaultCodecs() + .jackson2JsonDecoder(new Jackson2JsonDecoder(objectMapper, MediaType.APPLICATION_JSON)); + }).build(); + + this.webClient = webClientBuilder + .exchangeStrategies(jacksonStrategy) + .baseUrl(serverProperties.getUrl()) + .build(); + } + + public Mono hasAccess(String organisasjonsnummer, ServerWebExchange exchange) { + return accessService.getAccessToken(serverProperties, exchange) + .flatMap(accessToken -> new GetPersonOrganisasjonTilgangCommand(webClient, accessToken, organisasjonsnummer).call()) + .onErrorResume( + WebClientResponseException.class::isInstance, + throwable -> { + log.warn("Person har ikke tilgang til organisasjon {}.", organisasjonsnummer); + return Mono.empty(); + }) + .flatMap(value -> Mono.just(true)) + .switchIfEmpty(Mono.just(false)); + } +} + diff --git a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/command/PostPersonOrganisasjonTilgangCommand.java b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/command/GetPersonOrganisasjonTilgangCommand.java similarity index 59% rename from apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/command/PostPersonOrganisasjonTilgangCommand.java rename to apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/command/GetPersonOrganisasjonTilgangCommand.java index 7b7e5ece269..3bdfb86c837 100644 --- a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/command/PostPersonOrganisasjonTilgangCommand.java +++ b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/command/GetPersonOrganisasjonTilgangCommand.java @@ -2,12 +2,11 @@ import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; -import no.nav.dolly.web.consumers.dto.AltinnBrukerRequest; -import no.nav.testnav.libs.dto.altinn3.v1.OrganisasjonDTO; +import no.nav.dolly.web.consumers.dto.OrganisasjonDTO; import no.nav.testnav.libs.reactivecore.utils.WebClientFilter; import org.springframework.http.HttpHeaders; import org.springframework.web.reactive.function.client.WebClient; -import reactor.core.publisher.Flux; +import reactor.core.publisher.Mono; import reactor.util.retry.Retry; import java.time.Duration; @@ -15,24 +14,21 @@ @Slf4j @RequiredArgsConstructor -public class PostPersonOrganisasjonTilgangCommand implements Callable> { - +public class GetPersonOrganisasjonTilgangCommand implements Callable> { private final WebClient webClient; - private final String ident; private final String token; + private final String organisasjonsnummer; @Override - public Flux call() { - + public Mono call() { return webClient - .post() - .uri(builder -> builder.path("/api/v1/brukertilgang").build()) + .get() + .uri(builder -> builder.path("/api/v1/person/organisasjoner/{organisasjonsnummer}").build(organisasjonsnummer)) .header(HttpHeaders.AUTHORIZATION, "Bearer " + token) - .bodyValue(new AltinnBrukerRequest(ident)) .retrieve() - .bodyToFlux(OrganisasjonDTO.class) - .doOnError(error -> log.error("Feilet å hente organisasjon, status: {}, feilmelding: {}", - WebClientFilter.getStatus(error), + .bodyToMono(OrganisasjonDTO.class) + .doOnError(error -> log.error("Feilet å hente organisasjon, status: {}, feilmelding: ", + WebClientFilter.getMessage(error), WebClientFilter.getMessage(error), error)) .retryWhen(Retry.backoff(3, Duration.ofSeconds(5)) diff --git a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/dto/AltinnBrukerRequest.java b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/dto/AltinnBrukerRequest.java deleted file mode 100644 index 91dbb8b2a03..00000000000 --- a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/dto/AltinnBrukerRequest.java +++ /dev/null @@ -1,11 +0,0 @@ -package no.nav.dolly.web.consumers.dto; - -import lombok.AllArgsConstructor; -import lombok.Data; - -@Data -@AllArgsConstructor -public class AltinnBrukerRequest { - - private String ident; -} diff --git a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/dto/OrganisasjonDTO.java b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/dto/OrganisasjonDTO.java new file mode 100644 index 00000000000..fdd85cd2839 --- /dev/null +++ b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/consumers/dto/OrganisasjonDTO.java @@ -0,0 +1,12 @@ +package no.nav.dolly.web.consumers.dto; + +import java.time.LocalDateTime; + +public record OrganisasjonDTO( + String navn, + String orgnisasjonsnummer, + String orgnisasjonsfrom, + LocalDateTime gyldigTil +) { +} + diff --git a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/provider/web/BrukerTilgangController.java b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/provider/web/BrukerTilgangController.java deleted file mode 100644 index 829b41b4fab..00000000000 --- a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/provider/web/BrukerTilgangController.java +++ /dev/null @@ -1,29 +0,0 @@ -package no.nav.dolly.web.provider.web; - -import lombok.RequiredArgsConstructor; -import lombok.extern.slf4j.Slf4j; -import no.nav.dolly.web.consumers.Altinn3PersonOrganisasjonTilgangConsumer; -import no.nav.testnav.libs.dto.altinn3.v1.OrganisasjonDTO; -import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RestController; -import org.springframework.web.server.ServerWebExchange; -import reactor.core.publisher.Mono; - -import java.util.List; - -@Slf4j -@RestController -@RequestMapping("/altinn") -@RequiredArgsConstructor -public class BrukerTilgangController { - - private final Altinn3PersonOrganisasjonTilgangConsumer altinn3PersonOrganisasjonTilgangConsumer; - - @GetMapping("/organisasjoner") - public Mono> getOrganisasjoner(ServerWebExchange exchange) { - - return altinn3PersonOrganisasjonTilgangConsumer.getOrganisasjoner(exchange) - .collectList(); - } -} diff --git a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/provider/web/SessionController.java b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/provider/web/SessionController.java index f6222576b25..0652790796c 100644 --- a/apps/dolly-frontend/src/main/java/no/nav/dolly/web/provider/web/SessionController.java +++ b/apps/dolly-frontend/src/main/java/no/nav/dolly/web/provider/web/SessionController.java @@ -2,7 +2,7 @@ import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; -import no.nav.dolly.web.consumers.Altinn3PersonOrganisasjonTilgangConsumer; +import no.nav.dolly.web.consumers.PersonOrganisasjonTilgangConsumer; import no.nav.dolly.web.service.BrukerService; import no.nav.testnav.libs.securitycore.config.UserSessionConstant; import org.springframework.http.HttpStatus; @@ -24,7 +24,7 @@ public class SessionController { private final BrukerService brukerService; - private final Altinn3PersonOrganisasjonTilgangConsumer altinn3PersonOrganisasjonTilgangConsumer; + private final PersonOrganisasjonTilgangConsumer personOrganisasjonTilgangConsumer; /** * Ping endepunkt for aa holde sessionen aapen. @@ -44,8 +44,7 @@ public Mono> delete(ServerWebExchange exchange) { @PutMapping("/user") public Mono> addUserToSession(@RequestParam String organisasjonsnummer, ServerWebExchange exchange) { - - return altinn3PersonOrganisasjonTilgangConsumer + return personOrganisasjonTilgangConsumer .hasAccess(organisasjonsnummer, exchange) .doOnError(e -> log.error("Feil ved sjekk av tilgang til org {}", organisasjonsnummer, e)) .flatMap(hasAccess -> { diff --git a/apps/dolly-frontend/src/main/js/playwright/mocks/BasicMocks.tsx b/apps/dolly-frontend/src/main/js/playwright/mocks/BasicMocks.tsx index ce86904ffba..7518f066e45 100644 --- a/apps/dolly-frontend/src/main/js/playwright/mocks/BasicMocks.tsx +++ b/apps/dolly-frontend/src/main/js/playwright/mocks/BasicMocks.tsx @@ -23,7 +23,8 @@ export const personOrgTilgangMock = [ { navn: 'testytest', organisasjonsnummer: '12345678', - organisasjonsform: 'BEDR', + organisasjonsfrom: 'BEDR', + gyldigTil: '2100-10-10T10:10:10.100Z', }, ] diff --git a/apps/dolly-frontend/src/main/js/playwright/tests/Bankid.spec.ts b/apps/dolly-frontend/src/main/js/playwright/tests/Bankid.spec.ts index f832c6a7883..10d86341dca 100644 --- a/apps/dolly-frontend/src/main/js/playwright/tests/Bankid.spec.ts +++ b/apps/dolly-frontend/src/main/js/playwright/tests/Bankid.spec.ts @@ -11,7 +11,7 @@ test.describe('Bankid testing', () => { headers: { 'content-type': 'application/json' }, }) }) - await page.route(new RegExp(/altinn\/organisasjoner/), async (route) => { + await page.route(new RegExp(/testnav-person-organisasjon-tilgang-service/), async (route) => { await route.fulfill({ status: 200, body: JSON.stringify(personOrgTilgangMock), diff --git a/apps/dolly-frontend/src/main/js/proxy-routes.json b/apps/dolly-frontend/src/main/js/proxy-routes.json index ea55ec091c7..2b7e1cf21bb 100644 --- a/apps/dolly-frontend/src/main/js/proxy-routes.json +++ b/apps/dolly-frontend/src/main/js/proxy-routes.json @@ -29,10 +29,6 @@ "/session/user": { "changeOrigin": false }, - "/altinn/organisasjoner": { - "target": "http://localhost:8020", - "secure": false - }, "/testnav-organisasjon-faste-data-service/api": { "changeOrigin": true }, @@ -117,6 +113,9 @@ "/testnav-person-search-service/api": { "changeOrigin": true }, + "/testnav-person-organisasjon-tilgang-service/api": { + "changeOrigin": true + }, "/testnav-pdl-forvalter/api": { "changeOrigin": true }, diff --git a/apps/dolly-frontend/src/main/js/src/service/services/personOrganisasjonTilgang/PersonOrganisasjonTilgangService.tsx b/apps/dolly-frontend/src/main/js/src/service/services/personOrganisasjonTilgang/PersonOrganisasjonTilgangService.tsx index e079958b6b3..c67a1f009c7 100644 --- a/apps/dolly-frontend/src/main/js/src/service/services/personOrganisasjonTilgang/PersonOrganisasjonTilgangService.tsx +++ b/apps/dolly-frontend/src/main/js/src/service/services/personOrganisasjonTilgang/PersonOrganisasjonTilgangService.tsx @@ -1,7 +1,8 @@ import Request from '@/service/services/Request' import logoutBruker from '@/components/utlogging/logoutBruker' -const personOrgTilgangServiceUrl = '/altinn/organisasjoner' +const personOrgTilgangServiceUrl = + '/testnav-person-organisasjon-tilgang-service/api/v1/person/organisasjoner' export default { getOrganisasjoner() { @@ -14,5 +15,5 @@ export default { .then((response) => { return response }) - } + }, } diff --git a/apps/dolly-frontend/src/main/js/src/utils/hooks/useOrganisasjonTilgang.tsx b/apps/dolly-frontend/src/main/js/src/utils/hooks/useOrganisasjonTilgang.tsx index 47969f3c8eb..98f8d78bfb6 100644 --- a/apps/dolly-frontend/src/main/js/src/utils/hooks/useOrganisasjonTilgang.tsx +++ b/apps/dolly-frontend/src/main/js/src/utils/hooks/useOrganisasjonTilgang.tsx @@ -3,7 +3,7 @@ import { fetcher } from '@/api' import { useBrukerProfil } from '@/utils/hooks/useBruker' const getOrganisasjonMiljoeUrl = (orgnummer: string) => - `/testnav-altinn3-tilgang-service/api/v1/miljoer/organisasjon/${orgnummer}` + `/testnav-altinn3-tilgang-service/api/v1/miljoer/organisasjon/orgnummer?orgnummer=${orgnummer}` const organisasjonTilgangUrl = `/testnav-altinn3-tilgang-service/api/v1/organisasjoner` diff --git a/apps/dolly-frontend/src/main/resources/application-local.yml b/apps/dolly-frontend/src/main/resources/application-local.yml index 48b781833ba..be0739b2cf1 100644 --- a/apps/dolly-frontend/src/main/resources/application-local.yml +++ b/apps/dolly-frontend/src/main/resources/application-local.yml @@ -41,6 +41,9 @@ consumers: testnav-varslinger-service: name: testnav-varslinger-service-dev url: http://testnav-varslinger-service-dev.intern.dev.nav.no + testnav-person-organisasjon-tilgang-service: + name: testnav-person-organisasjon-tilgang-service-dev + url: https://testnav-person-organisasjon-tilgang-service.intern.dev.nav.no oppsummeringsdokument-service: url: https://testnav-oppsummeringsdokument-service.intern.dev.nav.no testnav-bruker-service: diff --git a/apps/dolly-frontend/src/main/resources/application.yml b/apps/dolly-frontend/src/main/resources/application.yml index 1731e1a42b7..9653c61db58 100644 --- a/apps/dolly-frontend/src/main/resources/application.yml +++ b/apps/dolly-frontend/src/main/resources/application.yml @@ -155,6 +155,11 @@ consumers: namespace: dolly name: testnorge-tilbakemelding-api url: http://testnorge-tilbakemelding-api.dolly.svc.cluster.local + testnav-person-organisasjon-tilgang-service: + cluster: dev-gcp + namespace: dolly + name: testnav-person-organisasjon-tilgang-service + url: http://testnav-person-organisasjon-tilgang-service.dolly.svc.cluster.local testnav-bruker-service: cluster: dev-gcp namespace: dolly diff --git a/apps/dolly-frontend/src/main/resources/logback-spring.xml b/apps/dolly-frontend/src/main/resources/logback-spring.xml index b80ca79b071..966dbc796b2 100644 --- a/apps/dolly-frontend/src/main/resources/logback-spring.xml +++ b/apps/dolly-frontend/src/main/resources/logback-spring.xml @@ -3,9 +3,17 @@ - -1 - true - - + + true + 10280 + 20 + ^sun\.reflect\..*\.invoke + ^net\.sf\.cglib\.proxy\.MethodProxy\.invoke + java\.util\.concurrent\..* + org\.apache\.catalina\..* + org\.apache\.coyote\..* + org\.apache\.tomcat\..* + diff --git a/libs/data-transfer-objects/src/main/java/no/nav/testnav/libs/dto/altinn3/v1/OrganisasjonDTO.java b/libs/data-transfer-objects/src/main/java/no/nav/testnav/libs/dto/altinn3/v1/OrganisasjonDTO.java deleted file mode 100644 index 725ba98dfb4..00000000000 --- a/libs/data-transfer-objects/src/main/java/no/nav/testnav/libs/dto/altinn3/v1/OrganisasjonDTO.java +++ /dev/null @@ -1,17 +0,0 @@ -package no.nav.testnav.libs.dto.altinn3.v1; - -import lombok.AllArgsConstructor; -import lombok.Builder; -import lombok.Data; -import lombok.NoArgsConstructor; - -@Data -@Builder -@NoArgsConstructor -@AllArgsConstructor -public class OrganisasjonDTO { - - private String navn; - private String organisasjonsnummer; - private String organisasjonsform; -} \ No newline at end of file diff --git a/libs/data-transfer-objects/src/main/java/no/nav/testnav/libs/dto/altinn3/v1/PersonDTO.java b/libs/data-transfer-objects/src/main/java/no/nav/testnav/libs/dto/altinn3/v1/PersonDTO.java deleted file mode 100644 index c5a91530fda..00000000000 --- a/libs/data-transfer-objects/src/main/java/no/nav/testnav/libs/dto/altinn3/v1/PersonDTO.java +++ /dev/null @@ -1,32 +0,0 @@ -package no.nav.testnav.libs.dto.altinn3.v1; - -import lombok.AllArgsConstructor; -import lombok.Builder; -import lombok.Data; -import lombok.NoArgsConstructor; - -import java.util.List; - -@Data -@Builder -@NoArgsConstructor -@AllArgsConstructor -public class PersonDTO { - - private String ident; - private List organisasjoner; - - @Data - @Builder - @NoArgsConstructor - @AllArgsConstructor - public static class OrganisasjonDTO { - - private String navn; - private String organisasjonsnummer; - private String organisasjonsform; - private Boolean hasAltinnDollyTilgang; - private Boolean hasDollyOrganisasjonTilgang; - private String melding; - } -} diff --git a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/GetAuthenticatedResourceServerType.java b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/GetAuthenticatedResourceServerType.java index b6b72f5802d..a3596f957d2 100644 --- a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/GetAuthenticatedResourceServerType.java +++ b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/GetAuthenticatedResourceServerType.java @@ -2,7 +2,6 @@ import lombok.RequiredArgsConstructor; import no.nav.testnav.libs.securitycore.domain.ResourceServerType; -import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken; import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken; import org.springframework.stereotype.Component; import reactor.core.publisher.Mono; @@ -31,18 +30,11 @@ private Optional getResourceTypeForm(JwtAuthenticationToken @Override public Mono call() { - return getJwtAuthenticationToken() .onErrorResume(JwtResolverException.class, throwable -> Mono.empty()) - .flatMap(authentication -> { - if (authentication instanceof JwtAuthenticationToken jwtAuthenticationTokentoken) { - return getResourceTypeForm(jwtAuthenticationTokentoken) - .map(Mono::just) - .orElseGet(Mono::empty); - } else if (authentication instanceof OAuth2AuthenticationToken) { - return Mono.just(ResourceServerType.TOKEN_X); - } - return Mono.empty(); - }); + .flatMap(token -> getResourceTypeForm(token) + .map(Mono::just) + .orElseGet(Mono::empty) + ); } } diff --git a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/GetAuthenticatedToken.java b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/GetAuthenticatedToken.java index 0a5d4e957fd..bc5f09c71f3 100644 --- a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/GetAuthenticatedToken.java +++ b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/GetAuthenticatedToken.java @@ -1,18 +1,11 @@ package no.nav.testnav.libs.reactivesecurity.action; -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.databind.ObjectMapper; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import no.nav.testnav.libs.securitycore.domain.Token; -import org.springframework.http.HttpStatus; -import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken; -import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken; import org.springframework.stereotype.Component; -import org.springframework.web.server.ResponseStatusException; import reactor.core.publisher.Mono; -import java.time.Instant; import java.util.concurrent.Callable; @Component @@ -28,21 +21,13 @@ public Mono call() { .call() .flatMap(serverType -> switch (serverType) { case TOKEN_X -> getJwtAuthenticationToken() - .map(OAuth2AuthenticationToken.class::cast) - .handle((oauth2, sink) -> { - try { - sink.next(Token.builder() - .clientCredentials(false) - .userId(oauth2.getPrincipal().getAttributes().get("pid").toString()) - .accessTokenValue(new ObjectMapper().writeValueAsString(oauth2)) - .expiresAt((Instant) oauth2.getPrincipal().getAttributes().get("exp")) - .build()); - } catch (JsonProcessingException e) { - sink.error(new ResponseStatusException(HttpStatus.INTERNAL_SERVER_ERROR, "Feilet å konvertere token to string", e)); - } - }); + .map(jwt -> Token.builder() + .clientCredentials(false) + .userId(jwt.getTokenAttributes().get("pid").toString()) + .accessTokenValue(jwt.getToken().getTokenValue()) + .expiresAt(jwt.getToken().getExpiresAt()) + .build()); case AZURE_AD -> getJwtAuthenticationToken() - .map(JwtAuthenticationToken.class::cast) .map(jwt -> Token.builder() .clientCredentials(jwt.getTokenAttributes().get("oid").equals(jwt.getTokenAttributes().get("sub"))) .userId(jwt.getTokenAttributes().get("oid").toString()) diff --git a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/GetAuthenticatedUserId.java b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/GetAuthenticatedUserId.java index b0636ee9c7d..63193f44bcc 100644 --- a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/GetAuthenticatedUserId.java +++ b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/GetAuthenticatedUserId.java @@ -1,15 +1,11 @@ package no.nav.testnav.libs.reactivesecurity.action; import lombok.RequiredArgsConstructor; -import lombok.extern.slf4j.Slf4j; -import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken; -import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken; import org.springframework.stereotype.Component; import reactor.core.publisher.Mono; import java.util.concurrent.Callable; -@Slf4j @Component @RequiredArgsConstructor public class GetAuthenticatedUserId extends JwtResolver implements Callable> { @@ -27,20 +23,6 @@ public Mono call() { } private Mono getTokenAttribute(String attribute) { - - return getJwtAuthenticationToken() - .map(authentication -> - - switch (authentication) { - - case JwtAuthenticationToken jwtAuthenticationToken -> - jwtAuthenticationToken.getTokenAttributes().get(attribute).toString(); - - case OAuth2AuthenticationToken oauth2AuthenticationToken -> - oauth2AuthenticationToken.getPrincipal().getAttributes().get("pid").toString(); - - default -> ""; - } - ); + return getJwtAuthenticationToken().map(value -> value.getTokenAttributes().get(attribute).toString()); } } diff --git a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/JwtResolver.java b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/JwtResolver.java index 5b19c554aa1..6f360743c2f 100644 --- a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/JwtResolver.java +++ b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/JwtResolver.java @@ -1,19 +1,34 @@ package no.nav.testnav.libs.reactivesecurity.action; import lombok.extern.slf4j.Slf4j; -import org.springframework.security.core.Authentication; +import org.springframework.security.authentication.CredentialsExpiredException; import org.springframework.security.core.context.ReactiveSecurityContextHolder; import org.springframework.security.core.context.SecurityContext; +import org.springframework.security.oauth2.jwt.Jwt; +import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken; import reactor.core.publisher.Mono; +import java.time.Instant; +import java.time.ZonedDateTime; + @Slf4j +@SuppressWarnings("java:S1610") abstract class JwtResolver { - Mono getJwtAuthenticationToken() { + Mono getJwtAuthenticationToken() { return ReactiveSecurityContextHolder .getContext() .switchIfEmpty(Mono.error(new JwtResolverException("ReactiveSecurityContext is empty"))) - .doOnNext(context -> log.info("JwtResolver context.authentication {} {}", context.getAuthentication().getClass().getCanonicalName(), context.getAuthentication())) - .map(SecurityContext::getAuthentication); + .map(SecurityContext::getAuthentication) + .map(JwtAuthenticationToken.class::cast) + .doOnError(throwable -> log.warn("Klarte ikke hente Jwt Auth Token", throwable)) + .doOnSuccess(jwtAuthenticationToken -> { + Jwt credentials = (Jwt) jwtAuthenticationToken.getCredentials(); + Instant expiresAt = credentials.getExpiresAt(); + if (expiresAt == null || expiresAt.isBefore(ZonedDateTime.now().toInstant().plusSeconds(120))) { + throw new CredentialsExpiredException("Jwt er utløpt eller utløper innen kort tid"); + } + }); } + } diff --git a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/Oauth2Resolver.java b/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/Oauth2Resolver.java deleted file mode 100644 index 68dac390a55..00000000000 --- a/libs/reactive-security/src/main/java/no/nav/testnav/libs/reactivesecurity/action/Oauth2Resolver.java +++ /dev/null @@ -1,35 +0,0 @@ -package no.nav.testnav.libs.reactivesecurity.action; - -import lombok.experimental.UtilityClass; -import lombok.extern.slf4j.Slf4j; -import org.springframework.security.authentication.CredentialsExpiredException; -import org.springframework.security.core.context.ReactiveSecurityContextHolder; -import org.springframework.security.core.context.SecurityContext; -import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken; -import org.springframework.security.oauth2.jwt.Jwt; -import reactor.core.publisher.Mono; - -import java.time.Instant; -import java.time.ZonedDateTime; - -@Slf4j -@UtilityClass -public class Oauth2Resolver { - - public static Mono getOauth2AuthenticationToken() { - return ReactiveSecurityContextHolder - .getContext() - .switchIfEmpty(Mono.error(new JwtResolverException("ReactiveSecurityContext is empty"))) - .doOnNext(context -> log.info("Oauth2Resolver context.authentication {} {}", context.getAuthentication().getClass().getCanonicalName(), context.getAuthentication())) - .map(SecurityContext::getAuthentication) - .map(OAuth2AuthenticationToken.class::cast) - .doOnError(throwable -> log.warn("Klarte ikke hente Jwt Auth Token", throwable)) - .doOnSuccess(jwtAuthenticationToken -> { - Jwt credentials = (Jwt) jwtAuthenticationToken.getCredentials(); - Instant expiresAt = credentials.getExpiresAt(); - if (expiresAt == null || expiresAt.isBefore(ZonedDateTime.now().toInstant().plusSeconds(120))) { - throw new CredentialsExpiredException("Jwt er utløpt eller utløper innen kort tid"); - } - }); - } -}