feat(process): slimline process identity config #361
Conversation
Refs: CPLP-3102
Refs: CPLP-3102
| claimsIdentity.AddClaim(new Claim(PortalClaimTypes.IdentityType, Enum.GetName(identityData.IdentityType) ?? throw new ConflictException($"IdentityType {(int)identityData.IdentityType} is out of range"))); | ||
| claimsIdentity.AddClaim(new Claim(PortalClaimTypes.CompanyId, identityData.CompanyId.ToString())); | ||
| return true; | ||
| case false when !Guid.TryParse(preferredUserName, out var identityId): |
There was a problem hiding this comment.
the ! in when !Guid.TryParse looks incorrect. We should have a unit-test for the method TransformAsync
instead of the cumbersome switch / case that somewhat hides the actual flow of information I recommend a more traditional implementation:
private async ValueTask<bool> AddIdentity(ClaimsPrincipal principal, ClaimsIdentity claimsIdentity)
{
var preferredUserName = principal.Claims.SingleOrDefault(x => x.Type == PortalClaimTypes.PreferredUserName)?.Value;
if (!string.IsNullOrWhiteSpace(preferredUserName) && Guid.TryParse(preferredUserName, out var identityId))
{
claimsIdentity.AddClaim(new Claim(PortalClaimTypes.IdentityId, identityId.ToString()));
return true;
}
var sub = principal.Claims.SingleOrDefault(x => x.Type == PortalClaimTypes.Sub)?.Value;
_logger.LogInformation("Preferred user name {PreferredUserName} couldn't be parsed to uuid for userEntityId {Sub}", preferredUserName, sub);
IdentityData? identityData;
if (string.IsNullOrWhiteSpace(sub) || (identityData = await _portalDbRepositories.GetInstance<IUserRepository>().GetActiveUserDataByUserEntityId(sub).ConfigureAwait(false)) == null)
{
_logger.LogWarning("No identity found for userEntityId {Sub}", sub);
return false;
}
claimsIdentity.AddClaim(new Claim(PortalClaimTypes.IdentityId, identityData.UserId.ToString()));
return true;
}
There was a problem hiding this comment.
I did change the implementation and added unit tests.
| public IdentityData IdentityData => | ||
| _identityData ??= _httpContextAccessor.HttpContext?.User.GetIdentityData() | ||
| ?? throw new ConflictException("The identity should be set here"); | ||
| public Guid IdentityId => (_identityId ??= _httpContextAccessor.HttpContext?.User.GetIdentityId())!.Value; |
There was a problem hiding this comment.
sonar marks this as a code smell. According to the smell's documentation it should accept
public Guid IdentityId => (_identityId ?? (_identityId = _httpContextAccessor.HttpContext?.User.GetIdentityId()))!.Value;
(I guess the rule doesn't yet know about the ??= operator, so maybe we should just mark this as a false positive?)
There was a problem hiding this comment.
I'd mark it as a false positive
Refs: CPLP-3102
|
Kudos, SonarCloud Quality Gate passed!
|
Description
All configuration values needed for the process identity were removed except for the identity id.
Why
The determination of the identity needed for the process worker is now done with a database request to get the needed values for the specified user.
Issue
N/A - Jira Issue: CPLP-3102
Corresponding CD PR
#130
Checklist