fix(identity): add valid company checks (#377)

add checks to endpoints that use the company id of the current logged in user
eclipse-tractusx · Dec 7, 2023 · f73c0f7 · f73c0f7
1 parent 70c919b
commit f73c0f7
Show file tree

Hide file tree

Showing 7 changed files with 9 additions and 3 deletions.
diff --git a/src/administration/Administration.Service/BusinessLogic/IUserBusinessLogic.cs b/src/administration/Administration.Service/BusinessLogic/IUserBusinessLogic.cs
@@ -44,7 +44,6 @@ public interface IUserBusinessLogic
     /// Delete User Own Account using userId
     /// </summary>
     /// <param name="companyUserId"></param>
-    /// <param name="userId"></param>
     /// <returns></returns>
     Task<int> DeleteOwnUserAsync(Guid companyUserId);
     IAsyncEnumerable<Guid> DeleteOwnCompanyUsersAsync(IEnumerable<Guid> userIds);

diff --git a/src/administration/Administration.Service/Controllers/CompanyDataController.cs b/src/administration/Administration.Service/Controllers/CompanyDataController.cs
@@ -158,6 +158,7 @@ public IAsyncEnumerable<CompanyRoleConsentViewData> GetCompanyRoleAndConsentAgre
     [HttpPost]
     [Authorize(Roles = "view_company_data")]
     [Authorize(Policy = PolicyTypes.ValidIdentity)]
+    [Authorize(Policy = PolicyTypes.ValidCompany)]
     [Route("companyRolesAndConsents")]
     [ProducesResponseType(typeof(NoContentResult), StatusCodes.Status204NoContent)]
     [ProducesResponseType(typeof(ErrorResponse), StatusCodes.Status400BadRequest)]
@@ -230,6 +231,7 @@ public IAsyncEnumerable<VerifiedCredentialTypeId> GetCertificateTypes() =>
     [Consumes("multipart/form-data")]
     [Authorize(Roles = "request_ssicredential")]
     [Authorize(Policy = PolicyTypes.ValidIdentity)]
+    [Authorize(Policy = PolicyTypes.ValidCompany)]
     [Route("useCaseParticipation")]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     [ProducesResponseType(typeof(ErrorResponse), StatusCodes.Status400BadRequest)]
@@ -255,6 +257,7 @@ public async Task<NoContentResult> CreateUseCaseParticipation([FromForm] UseCase
     [Consumes("multipart/form-data")]
     [Authorize(Roles = "request_ssicredential")]
     [Authorize(Policy = PolicyTypes.ValidIdentity)]
+    [Authorize(Policy = PolicyTypes.ValidCompany)]
     [Route("certificates")]
     [ProducesResponseType(StatusCodes.Status204NoContent)]
     [ProducesResponseType(typeof(ErrorResponse), StatusCodes.Status400BadRequest)]

diff --git a/src/administration/Administration.Service/Controllers/ConnectorsController.cs b/src/administration/Administration.Service/Controllers/ConnectorsController.cs
@@ -165,7 +165,7 @@ public async Task<CreatedAtRouteResult> CreateManagedConnectorAsync([FromForm] M
     [HttpDelete]
     [Route("{connectorId}")]
     [Authorize(Roles = "delete_connectors")]
-    [Authorize(Policy = PolicyTypes.ValidIdentity)]
+    [Authorize(Policy = PolicyTypes.ValidCompany)]
     [ProducesResponseType(typeof(IActionResult), StatusCodes.Status204NoContent)]
     [ProducesResponseType(typeof(ErrorResponse), StatusCodes.Status404NotFound)]
     [ProducesResponseType(typeof(ErrorResponse), StatusCodes.Status409Conflict)]

diff --git a/src/administration/Administration.Service/Controllers/NetworkController.cs b/src/administration/Administration.Service/Controllers/NetworkController.cs
@@ -51,6 +51,7 @@ public NetworkController(INetworkBusinessLogic logic)
     /// Example: POST: api/administration/registration/network/{externalId}/retrigger-synchronize-users
     /// <response code="200">Empty response on success.</response>
     [HttpPost]
+    [Authorize(Policy = PolicyTypes.ValidCompany)]
     [Authorize(Roles = "create_partner_registration")]
     [Route("partnerRegistration")]
     [ProducesResponseType(StatusCodes.Status200OK)]

diff --git a/src/marketplace/Apps.Service/Controllers/AppChangeController.cs b/src/marketplace/Apps.Service/Controllers/AppChangeController.cs
@@ -111,6 +111,7 @@ public async Task<NoContentResult> CreateOrUpdateAppDescriptionsByIdAsync([FromR
         await _businessLogic.CreateOrUpdateAppDescriptionByIdAsync(appId, offerDescriptionDatas).ConfigureAwait(false);
         return NoContent();
     }
+
     /// <summary>
     /// Upload offerassigned AppLeadImage document for active apps for given appId for same company as user
     /// </summary>

diff --git a/src/marketplace/Services.Service/Controllers/ServicesController.cs b/src/marketplace/Services.Service/Controllers/ServicesController.cs
@@ -119,6 +119,7 @@ public Task<SubscriptionDetailData> GetSubscriptionDetail([FromRoute] Guid subsc
     [Route("{serviceId}", Name = nameof(GetServiceDetails))]
     [Authorize(Roles = "view_service_offering")]
     [Authorize(Policy = PolicyTypes.ValidIdentity)]
+    [Authorize(Policy = PolicyTypes.ValidCompany)]
     [ProducesResponseType(typeof(ServiceDetailResponse), StatusCodes.Status200OK)]
     [ProducesResponseType(typeof(ErrorResponse), StatusCodes.Status404NotFound)]
     public Task<ServiceDetailResponse> GetServiceDetails([FromRoute] Guid serviceId, [FromQuery] string? lang = "en") =>
@@ -190,6 +191,7 @@ public async Task<NoContentResult> StartAutoSetupServiceProcess([FromBody] Offer
         await _serviceBusinessLogic.StartAutoSetupAsync(data).ConfigureAwait(false);
         return NoContent();
     }
+
     /// <summary>
     /// Retrieves subscription statuses of provided services of the currently logged in user's company.
     /// </summary>

diff --git a/src/registration/Registration.Service/Controllers/RegistrationController.cs b/src/registration/Registration.Service/Controllers/RegistrationController.cs
@@ -304,7 +304,7 @@ public Task<int> SubmitCompanyRoleConsentToAgreementsAsync([FromRoute] Guid appl
         /// <response code="403">The user is not assignable to the given application.</response>
         [HttpGet]
         [Authorize(Roles = "view_registration")]
-        [Authorize(Policy = PolicyTypes.ValidIdentity)]
+        [Authorize(Policy = PolicyTypes.ValidCompany)]
         [Route("application/{applicationId}/companyRoleAgreementConsents")]
         [ProducesResponseType(typeof(CompanyRoleAgreementConsents), StatusCodes.Status200OK)]
         [ProducesResponseType(typeof(ErrorResponse), StatusCodes.Status403Forbidden)]