Add to see if request is internal

OS2Valghalla · Feb 14, 2024 · 212001c · 212001c
1 parent fc0fdb2
commit 212001c
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 7 deletions.
diff --git a/Valghalla.Application/Saml/ISaml2AuthService.cs b/Valghalla.Application/Saml/ISaml2AuthService.cs
@@ -10,7 +10,7 @@ public interface ISaml2AuthService
         void SaveClientSession();
         Task<string> GetLoginRedirectUrlAsync(CancellationToken cancellationToken);
         Task<string> LogoutAsync(bool profileDeleted, CancellationToken cancellationToken);
-        Task<string> SetupAssertionConsumerServiceAsync(Func<ClaimsPrincipal, ClaimsPrincipal> transform, CancellationToken cancellationToken);
+        Task<string> SetupAssertionConsumerServiceAsync(Func<ClaimsPrincipal, ClaimsPrincipal> transform, bool isInternal, CancellationToken cancellationToken);
         Task<string> SetupLogoutResponseAsync(string logoutPath, CancellationToken cancellationToken);
     }
 }
diff --git a/Valghalla.External.API/Controllers/AuthController.cs b/Valghalla.External.API/Controllers/AuthController.cs
@@ -54,7 +54,7 @@ public async Task<IActionResult> LoginAsync(CancellationToken cancellationToken)
         [HttpPost("AssertionConsumerService")]
         public async Task<IActionResult> SetupAssertionConsumerServiceAsync(CancellationToken cancellationToken)
         {
-            var redirectUrl = await saml2AuthService.SetupAssertionConsumerServiceAsync(TransformClaims, cancellationToken);
+            var redirectUrl = await saml2AuthService.SetupAssertionConsumerServiceAsync(TransformClaims, false, cancellationToken);
             saml2AuthService.SaveClientSession();
 
             return Redirect(redirectUrl);

diff --git a/Valghalla.Integration/Saml/Saml2AuthService.cs b/Valghalla.Integration/Saml/Saml2AuthService.cs
@@ -122,7 +122,7 @@ public async Task<string> LogoutAsync(bool profileDeleted, CancellationToken can
             return binding.RedirectLocation.OriginalString;
         }
 
-        public async Task<string> SetupAssertionConsumerServiceAsync(Func<ClaimsPrincipal, ClaimsPrincipal> transform, CancellationToken cancellationToken)
+        public async Task<string> SetupAssertionConsumerServiceAsync(Func<ClaimsPrincipal, ClaimsPrincipal> transform, bool isInternal, CancellationToken cancellationToken)
         {
             var saml2Config = await GetSaml2ConfigurationAsync(cancellationToken);
             var binding = new Saml2PostBinding();
@@ -138,7 +138,7 @@ public async Task<string> SetupAssertionConsumerServiceAsync(Func<ClaimsPrincipa
 
             binding.Unbind(HttpContext.Request.ToGenericHttpRequest(), saml2AuthnResponse);
 
-            await CreateSession(saml2AuthnResponse, transform);
+            await CreateSession(saml2AuthnResponse, transform, isInternal);
 
             var relayStateQuery = binding.GetRelayStateQuery();
 
@@ -208,7 +208,7 @@ public async Task<string> SetupLogoutResponseAsync(string logoutPath, Cancellati
             }
         }
 
-        private async Task CreateSession(Saml2AuthnResponse saml2AuthnResponse, Func<ClaimsPrincipal, ClaimsPrincipal> transform)
+        private async Task CreateSession(Saml2AuthnResponse saml2AuthnResponse, Func<ClaimsPrincipal, ClaimsPrincipal> transform, bool isInternal)
         {
             if (HttpContext.Request.Cookies.Any())
             {
@@ -218,7 +218,9 @@ private async Task CreateSession(Saml2AuthnResponse saml2AuthnResponse, Func<Cla
 
             await saml2AuthnResponse.CreateSession(HttpContext, claimsTransform: (claimsPrincipal) =>
             {
-                CheckJobRoleDefinition(claimsPrincipal);
+                if(isInternal)
+                    CheckJobRoleDefinition(claimsPrincipal);
+
                 CheckAssurance(claimsPrincipal);
                 return transform(claimsPrincipal);
             });

diff --git a/Valghalla.Internal.API/Controllers/AuthController.cs b/Valghalla.Internal.API/Controllers/AuthController.cs
@@ -58,7 +58,7 @@ public async Task<IActionResult> LoginAsync(CancellationToken cancellationToken)
         [HttpPost("AssertionConsumerService")]
         public async Task<IActionResult> SetupAssertionConsumerServiceAsync(CancellationToken cancellationToken)
         {
-            var redirectUrl = await saml2AuthService.SetupAssertionConsumerServiceAsync(TransformClaims, cancellationToken);
+            var redirectUrl = await saml2AuthService.SetupAssertionConsumerServiceAsync(TransformClaims, true, cancellationToken);
             return Redirect(redirectUrl);
         }