-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #182 from DFE-Digital/feature/eyqb-319-no-public-a…
…ccess Guard the public service behind configurable secrets with a challenge page
- Loading branch information
Showing
50 changed files
with
1,239 additions
and
106 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
14 changes: 14 additions & 0 deletions
14
src/Dfe.EarlyYearsQualification.Web/Controllers/Base/ServiceController.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
using Dfe.EarlyYearsQualification.Web.Filters; | ||
using Microsoft.AspNetCore.Mvc; | ||
|
||
namespace Dfe.EarlyYearsQualification.Web.Controllers.Base; | ||
|
||
/// <summary> | ||
/// Controller class that is guarded by a <see cref="IChallengeResourceFilterAttribute" /> | ||
/// so that it is possible, while in private beta and in non-production environments, | ||
/// to configure a secret that must be entered to gain access to the service. | ||
/// All controllers except <see cref="ChallengeController" />, <see cref="ErrorController" /> | ||
/// and <see cref="HealthController" /> should derive from this type. | ||
/// </summary> | ||
[ServiceFilter<IChallengeResourceFilterAttribute>] | ||
public class ServiceController : Controller; |
69 changes: 69 additions & 0 deletions
69
src/Dfe.EarlyYearsQualification.Web/Controllers/ChallengeController.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
using Dfe.EarlyYearsQualification.Web.Filters; | ||
using Dfe.EarlyYearsQualification.Web.Models; | ||
using Microsoft.AspNetCore.Mvc; | ||
|
||
namespace Dfe.EarlyYearsQualification.Web.Controllers; | ||
|
||
public class ChallengeController( | ||
ILogger<ChallengeController> logger, | ||
IUrlHelper urlHelper) | ||
: Controller | ||
{ | ||
private const string DefaultRedirectAddress = "/"; | ||
|
||
[HttpGet] | ||
[ResponseCache(Duration = 0, Location = ResponseCacheLocation.None, NoStore = true)] | ||
public Task<IActionResult> Index([FromQuery] ChallengeModel model) | ||
{ | ||
if (!ModelState.IsValid) | ||
{ | ||
logger.LogWarning("Invalid challenge model (get)"); | ||
} | ||
|
||
model.RedirectAddress = SanitiseReferralAddress(model.RedirectAddress); | ||
|
||
logger.LogWarning("Challenge page invoked"); | ||
|
||
return Task.FromResult<IActionResult>(View("EntryForm", model)); | ||
} | ||
|
||
[HttpPost] | ||
public Task<IActionResult> Post([FromForm] ChallengeModel model) | ||
{ | ||
if (!ModelState.IsValid) | ||
{ | ||
logger.LogWarning("Invalid challenge model (post)"); | ||
} | ||
|
||
var referralAddress = SanitiseReferralAddress(model.RedirectAddress); | ||
|
||
if (model.Value != null) | ||
{ | ||
logger.LogInformation("Challenge secret access value entered successfully"); | ||
|
||
SetAuthSecretCookie(model.Value); | ||
return Task.FromResult<IActionResult>(new RedirectResult(referralAddress)); | ||
} | ||
|
||
return Index(model); | ||
} | ||
|
||
private void SetAuthSecretCookie(string accessValue) | ||
{ | ||
HttpContext.Response | ||
.Cookies | ||
.Append(ChallengeResourceFilterAttribute.AuthSecretCookieName, accessValue); | ||
} | ||
|
||
private string SanitiseReferralAddress(string? from) | ||
{ | ||
var redirectAddress = from ?? DefaultRedirectAddress; | ||
|
||
if (!urlHelper.IsLocalUrl(redirectAddress)) | ||
{ | ||
redirectAddress = DefaultRedirectAddress; | ||
} | ||
|
||
return redirectAddress; | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
16 changes: 16 additions & 0 deletions
16
src/Dfe.EarlyYearsQualification.Web/Controllers/ErrorController.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
using System.Diagnostics; | ||
using Dfe.EarlyYearsQualification.Web.Models; | ||
using Microsoft.AspNetCore.Mvc; | ||
|
||
namespace Dfe.EarlyYearsQualification.Web.Controllers; | ||
|
||
[Route("/error")] | ||
public class ErrorController : Controller | ||
{ | ||
[HttpGet] | ||
[ResponseCache(Duration = 0, Location = ResponseCacheLocation.None, NoStore = true)] | ||
public IActionResult Index() | ||
{ | ||
return View("Error", new ErrorViewModel { RequestId = Activity.Current?.Id ?? HttpContext.TraceIdentifier }); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.