Handle self identified users

Altinn · Jan 9, 2025 · 55a75b9 · 55a75b9
1 parent b057b56
commit 55a75b9
Show file tree

Hide file tree

Showing 4 changed files with 74 additions and 27 deletions.
diff --git a/src/Altinn.App.Api/Controllers/AuthenticationController.cs b/src/Altinn.App.Api/Controllers/AuthenticationController.cs
@@ -45,29 +45,46 @@ public async Task<ActionResult> GetCurrent()
     {
         var current = _authenticationContext.Current;
 
-        CurrentAuthenticationBaseResponse response = current switch
+        switch (current)
         {
-            AuthenticationInfo.Unauthenticated => new UnauthenticatedResponse(),
-            AuthenticationInfo.User user when await user.LoadDetails(validateSelectedParty: true) is var details =>
-                new UserResponse
-                {
-                    Profile = details.Profile,
-                    Party = details.Reportee,
-                    Parties = details.Parties,
-                    PartiesAllowedToInstantiate = details.PartiesAllowedToInstantiate,
-                    Roles = details.Roles,
-                },
-            AuthenticationInfo.Org org when await org.LoadDetails() is var details => new OrgResponse
+            case AuthenticationInfo.Unauthenticated:
+                return Unauthorized();
+            case AuthenticationInfo.User user:
             {
-                Party = details.Party,
-            },
-            AuthenticationInfo.ServiceOwner serviceOwner when await serviceOwner.LoadDetails() is var details =>
-                new ServiceOwnerResponse { Party = details.Party },
-            AuthenticationInfo.SystemUser => new SystemUserResponse(),
-            _ => throw new Exception("Unhandled authenticated type: " + current.GetType().Name),
-        };
-
-        return Ok(response);
+                var details = await user.LoadDetails(validateSelectedParty: true);
+                if (details.CanRepresent is not true)
+                    return Unauthorized();
+                return Ok(
+                    new UserResponse
+                    {
+                        Profile = details.Profile,
+                        Party = details.Reportee,
+                        Parties = details.Parties,
+                        PartiesAllowedToInstantiate = details.PartiesAllowedToInstantiate,
+                        Roles = details.Roles,
+                    }
+                );
+            }
+            case AuthenticationInfo.SelfIdentifiedUser selfIdentified:
+            {
+                var details = await selfIdentified.LoadDetails();
+                return Ok(new SelfIdentifiedUserResponse { Profile = details.Profile, Party = details.Reportee });
+            }
+            case AuthenticationInfo.Org org:
+            {
+                var details = await org.LoadDetails();
+                return Ok(new OrgResponse { Party = details.Party });
+            }
+            case AuthenticationInfo.ServiceOwner serviceOwner:
+            {
+                var details = await serviceOwner.LoadDetails();
+                return Ok(new ServiceOwnerResponse { Party = details.Party });
+            }
+            case AuthenticationInfo.SystemUser:
+                return Ok(new SystemUserResponse { });
+            default:
+                throw new Exception($"Unexpected authentication context: {current.GetType().Name}");
+        }
     }
 
     [JsonDerivedType(typeof(UnauthenticatedResponse), typeDiscriminator: "Unauthenticated")]
@@ -92,6 +109,13 @@ private sealed record UserResponse : CurrentAuthenticationBaseResponse
         public required IReadOnlyList<Role> Roles { get; init; }
     }
 
+    private sealed record SelfIdentifiedUserResponse : CurrentAuthenticationBaseResponse
+    {
+        public required UserProfile Profile { get; init; }
+
+        public required Party Party { get; init; }
+    }
+
     private sealed record OrgResponse : CurrentAuthenticationBaseResponse
     {
         public required Party Party { get; init; }

diff --git a/src/Altinn.App.Api/Controllers/AuthorizationController.cs b/src/Altinn.App.Api/Controllers/AuthorizationController.cs
@@ -1,8 +1,6 @@
 using System.Globalization;
 using Altinn.App.Core.Configuration;
 using Altinn.App.Core.Internal.Auth;
-using Altinn.App.Core.Models;
-using Altinn.Platform.Register.Models;
 using Authorization.Platform.Authorization.Models;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
@@ -82,6 +80,16 @@ public async Task<ActionResult> GetCurrentParty(bool returnPartyObject = false)
                 }
                 return Ok(reportee.PartyId);
             }
+            case AuthenticationInfo.SelfIdentifiedUser selfIdentified:
+            {
+                var details = await selfIdentified.LoadDetails();
+                if (returnPartyObject)
+                {
+                    return Ok(details.Reportee);
+                }
+
+                return Ok(details.Reportee.PartyId);
+            }
             case AuthenticationInfo.Org org:
             {
                 var details = await org.LoadDetails();
@@ -113,7 +121,7 @@ public async Task<ActionResult> GetCurrentParty(bool returnPartyObject = false)
                 return Ok(details.Party.PartyId);
             }
             default:
-                throw new NotImplementedException();
+                throw new Exception($"Unknown authentication context: {context.GetType().Name}");
         }
     }
 
@@ -173,6 +181,10 @@ public async Task<IActionResult> GetRolesForCurrentParty()
 
                 return Ok(details.Roles);
             }
+            case AuthenticationInfo.SelfIdentifiedUser:
+            {
+                return Ok(Array.Empty<Role>());
+            }
             case AuthenticationInfo.Org:
             {
                 return Ok(Array.Empty<Role>());
@@ -187,7 +199,7 @@ public async Task<IActionResult> GetRolesForCurrentParty()
                 return Ok(Array.Empty<Role>());
             }
             default:
-                throw new NotImplementedException();
+                throw new Exception($"Unknown authentication context: {context.GetType().Name}");
         }
     }
 }
diff --git a/src/Altinn.App.Api/Controllers/PartiesController.cs b/src/Altinn.App.Api/Controllers/PartiesController.cs
@@ -71,6 +71,12 @@ public async Task<IActionResult> Get(string org, string app, bool allowedToInsta
                 var details = await user.LoadDetails(validateSelectedParty: false);
                 return allowedToInstantiateFilter ? Ok(details.PartiesAllowedToInstantiate) : Ok(details.Parties);
             }
+            case AuthenticationInfo.SelfIdentifiedUser selfIdentified:
+            {
+                var details = await selfIdentified.LoadDetails();
+                IReadOnlyList<Party> parties = [details.Reportee];
+                return Ok(parties);
+            }
             case AuthenticationInfo.Org orgInfo:
             {
                 var details = await orgInfo.LoadDetails();
@@ -90,7 +96,7 @@ public async Task<IActionResult> Get(string org, string app, bool allowedToInsta
                 return Ok(parties);
             }
             default:
-                throw new NotImplementedException();
+                throw new Exception($"Unexpected authentication context: {context.GetType().Name}");
         }
     }
 

diff --git a/src/Altinn.App.Api/Controllers/ProfileController.cs b/src/Altinn.App.Api/Controllers/ProfileController.cs
@@ -38,8 +38,13 @@ public async Task<ActionResult> GetUser()
                 var details = await user.LoadDetails(validateSelectedParty: false);
                 return Ok(details.Profile);
             }
+            case AuthenticationInfo.SelfIdentifiedUser selfIdentifiedUser:
+            {
+                var details = await selfIdentifiedUser.LoadDetails();
+                return Ok(details.Profile);
+            }
             default:
-                return BadRequest("The userId is not proviced in the context.");
+                return BadRequest($"Unknown authentication context: {context.GetType().Name}");
         }
     }
 }