From 212001c1f6fcbb66878330783856a8450f695cee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20T=C3=A4gt?= <Daniel.Tagt@preciofishbone.se>
Date: Wed, 14 Feb 2024 10:32:42 +0100
Subject: [PATCH] Add to see if request is internal

---
 Valghalla.Application/Saml/ISaml2AuthService.cs      |  2 +-
 Valghalla.External.API/Controllers/AuthController.cs |  2 +-
 Valghalla.Integration/Saml/Saml2AuthService.cs       | 10 ++++++----
 Valghalla.Internal.API/Controllers/AuthController.cs |  2 +-
 4 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/Valghalla.Application/Saml/ISaml2AuthService.cs b/Valghalla.Application/Saml/ISaml2AuthService.cs
index 1fe264a..5dd6a04 100644
--- a/Valghalla.Application/Saml/ISaml2AuthService.cs
+++ b/Valghalla.Application/Saml/ISaml2AuthService.cs
@@ -10,7 +10,7 @@ public interface ISaml2AuthService
         void SaveClientSession();
         Task<string> GetLoginRedirectUrlAsync(CancellationToken cancellationToken);
         Task<string> LogoutAsync(bool profileDeleted, CancellationToken cancellationToken);
-        Task<string> SetupAssertionConsumerServiceAsync(Func<ClaimsPrincipal, ClaimsPrincipal> transform, CancellationToken cancellationToken);
+        Task<string> SetupAssertionConsumerServiceAsync(Func<ClaimsPrincipal, ClaimsPrincipal> transform, bool isInternal, CancellationToken cancellationToken);
         Task<string> SetupLogoutResponseAsync(string logoutPath, CancellationToken cancellationToken);
     }
 }
diff --git a/Valghalla.External.API/Controllers/AuthController.cs b/Valghalla.External.API/Controllers/AuthController.cs
index b9ce9a1..1137b08 100644
--- a/Valghalla.External.API/Controllers/AuthController.cs
+++ b/Valghalla.External.API/Controllers/AuthController.cs
@@ -54,7 +54,7 @@ public async Task<IActionResult> LoginAsync(CancellationToken cancellationToken)
         [HttpPost("AssertionConsumerService")]
         public async Task<IActionResult> SetupAssertionConsumerServiceAsync(CancellationToken cancellationToken)
         {
-            var redirectUrl = await saml2AuthService.SetupAssertionConsumerServiceAsync(TransformClaims, cancellationToken);
+            var redirectUrl = await saml2AuthService.SetupAssertionConsumerServiceAsync(TransformClaims, false, cancellationToken);
             saml2AuthService.SaveClientSession();
 
             return Redirect(redirectUrl);
diff --git a/Valghalla.Integration/Saml/Saml2AuthService.cs b/Valghalla.Integration/Saml/Saml2AuthService.cs
index 05b71b4..8020988 100644
--- a/Valghalla.Integration/Saml/Saml2AuthService.cs
+++ b/Valghalla.Integration/Saml/Saml2AuthService.cs
@@ -122,7 +122,7 @@ public async Task<string> LogoutAsync(bool profileDeleted, CancellationToken can
             return binding.RedirectLocation.OriginalString;
         }
 
-        public async Task<string> SetupAssertionConsumerServiceAsync(Func<ClaimsPrincipal, ClaimsPrincipal> transform, CancellationToken cancellationToken)
+        public async Task<string> SetupAssertionConsumerServiceAsync(Func<ClaimsPrincipal, ClaimsPrincipal> transform, bool isInternal, CancellationToken cancellationToken)
         {
             var saml2Config = await GetSaml2ConfigurationAsync(cancellationToken);
             var binding = new Saml2PostBinding();
@@ -138,7 +138,7 @@ public async Task<string> SetupAssertionConsumerServiceAsync(Func<ClaimsPrincipa
 
             binding.Unbind(HttpContext.Request.ToGenericHttpRequest(), saml2AuthnResponse);
 
-            await CreateSession(saml2AuthnResponse, transform);
+            await CreateSession(saml2AuthnResponse, transform, isInternal);
 
             var relayStateQuery = binding.GetRelayStateQuery();
 
@@ -208,7 +208,7 @@ public async Task<string> SetupLogoutResponseAsync(string logoutPath, Cancellati
             }
         }
 
-        private async Task CreateSession(Saml2AuthnResponse saml2AuthnResponse, Func<ClaimsPrincipal, ClaimsPrincipal> transform)
+        private async Task CreateSession(Saml2AuthnResponse saml2AuthnResponse, Func<ClaimsPrincipal, ClaimsPrincipal> transform, bool isInternal)
         {
             if (HttpContext.Request.Cookies.Any())
             {
@@ -218,7 +218,9 @@ private async Task CreateSession(Saml2AuthnResponse saml2AuthnResponse, Func<Cla
 
             await saml2AuthnResponse.CreateSession(HttpContext, claimsTransform: (claimsPrincipal) =>
             {
-                CheckJobRoleDefinition(claimsPrincipal);
+                if(isInternal)
+                    CheckJobRoleDefinition(claimsPrincipal);
+
                 CheckAssurance(claimsPrincipal);
                 return transform(claimsPrincipal);
             });
diff --git a/Valghalla.Internal.API/Controllers/AuthController.cs b/Valghalla.Internal.API/Controllers/AuthController.cs
index 5a91a7a..84ecb6b 100644
--- a/Valghalla.Internal.API/Controllers/AuthController.cs
+++ b/Valghalla.Internal.API/Controllers/AuthController.cs
@@ -58,7 +58,7 @@ public async Task<IActionResult> LoginAsync(CancellationToken cancellationToken)
         [HttpPost("AssertionConsumerService")]
         public async Task<IActionResult> SetupAssertionConsumerServiceAsync(CancellationToken cancellationToken)
         {
-            var redirectUrl = await saml2AuthService.SetupAssertionConsumerServiceAsync(TransformClaims, cancellationToken);
+            var redirectUrl = await saml2AuthService.SetupAssertionConsumerServiceAsync(TransformClaims, true, cancellationToken);
             return Redirect(redirectUrl);
         }