Added required unit tests for evnetlog for systemuser

test/IntegrationTests/AltinnApps_DecisionTests.cs

@@ -63,6 +63,31 @@ public async Task PDP_Decision_AltinnApps0001()
             AssertionUtil.AssertAuthorizationEvent(eventQueue, expectedAuthorizationEvent, Times.Once());
         }
 
+        [Fact]
+        public async Task PDP_Decision_AltinnApps0001_SystemUser_eventlog()
+        {
+            string testCase = "AltinnApps0001SystemUser";
+            Mock<IFeatureManager> featureManageMock = new Mock<IFeatureManager>();
+            featureManageMock
+                .Setup(m => m.IsEnabledAsync("AuditLog"))
+                .Returns(Task.FromResult(true));
+            Mock<IEventsQueueClient> eventQueue = new Mock<IEventsQueueClient>();
+            eventQueue.Setup(q => q.EnqueueAuthorizationEvent(It.IsAny<string>(), It.IsAny<CancellationToken>()));
+            AuthorizationEvent expectedAuthorizationEvent = TestSetupUtil.GetAuthorizationEvent(testCase);
+
+            HttpClient client = GetTestClient(eventQueue.Object, featureManageMock.Object, timeProviderMock.Object);
+            client.DefaultRequestHeaders.Add("x-forwarded-for", "51.120.0.114, 10.122.16.225");
+            HttpRequestMessage httpRequestMessage = TestSetupUtil.CreateXacmlRequest(testCase);
+            XacmlContextResponse expected = TestSetupUtil.ReadExpectedResponse(testCase);
+
+            // Act
+            XacmlContextResponse contextResponse = await TestSetupUtil.GetXacmlContextResponseAsync(client, httpRequestMessage);
+
+            // Assert
+            AssertionUtil.AssertEqual(expected, contextResponse);
+            AssertionUtil.AssertAuthorizationEvent(eventQueue, expectedAuthorizationEvent, Times.Once());
+        }
+
         [Fact]
         public async Task PDP_Decision_AltinnApps0001_Auditlog_Off()
         {

test/IntegrationTests/Data/Xacml/3.0/AltinnApps/AltinnApps0001SystemUserRequest.xml

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="utf-8"?>
+<Request xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17 http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd" ReturnPolicyIdList="false" CombinedDecision="false" xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
+  <Attributes Category="urn:oasis:names:tc:xacml:1.0:subject-category:access-subject">
+    <Attribute IncludeInResult="false" AttributeId="urn:altinn:systemuser:uuid">
+      <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">ac58124c-1ea8-48ed-9fe6-1d9eb5d985e5</AttributeValue>
+    </Attribute>
+  </Attributes>
+  <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+    <Attribute IncludeInResult="false" AttributeId="urn:altinn:instance-id">
+      <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">1000/26133fb5-a9f2-45d4-90b1-f6d93ad40713</AttributeValue>
+    </Attribute>
+  </Attributes>
+  <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:action">
+    <Attribute IncludeInResult="false" AttributeId="urn:oasis:names:tc:xacml:1.0:action:action-id">
+      <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">read</AttributeValue>
+    </Attribute>
+  </Attributes>
+  <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:environment" />
+</Request>

test/IntegrationTests/Data/Xacml/3.0/AltinnApps/AltinnApps0001SystemUserResponse.xml

@@ -0,0 +1,28 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Response
+      xmlns="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17"
+      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+      xsi:schemaLocation="urn:oasis:names:tc:xacml:3.0:core:schema:wd-17
+        http://docs.oasis-open.org/xacml/3.0/xacml-core-v3-schema-wd-17.xsd">
+    <Result>
+        <Decision>Permit</Decision>
+        <Status>
+            <StatusCode
+                  Value="urn:oasis:names:tc:xacml:1.0:status:ok"/>
+        </Status>
+      <Obligations>
+        <Obligation
+            ObligationId="urn:altinn:obligation:authenticationLevel1" FulfillOn="Permit" >
+          <AttributeAssignment
+              AttributeId="urn:altinn:obligation1-assignment1"
+              DataType="http://www.w3.org/2001/XMLSchema#integer"
+              Category="urn:altinn:minimum-authenticationlevel">2</AttributeAssignment>
+        </Obligation>
+      </Obligations>
+      <Attributes Category="urn:oasis:names:tc:xacml:3.0:attribute-category:resource">
+        <Attribute IncludeInResult="true" AttributeId="urn:altinn:partyid">
+          <AttributeValue DataType="http://www.w3.org/2001/XMLSchema#string">1000</AttributeValue>
+        </Attribute>
+      </Attributes>
+    </Result>
+</Response>

test/IntegrationTests/Data/Xacml/3.0/AltinnApps/eventlog/AltinnApps0001SystemUserEvent.json

@@ -0,0 +1,13 @@
+{
+  "resource": "app_skd_taxreport",
+  "operation": "read",
+  "created": "2018-05-15T02:05:00+00:00",
+  "instanceId": "1000/26133fb5-a9f2-45d4-90b1-f6d93ad40713",
+  "subjectUserId": 1,
+  "subjectOrgCode": "",
+  "resourcePartyId": 1000,
+  "contextRequestJson": "{\"ReturnPolicyIdList\":false,\"CombinedDecision\":false,\"XPathVersion\":null,\"Attributes\":[{\"Id\":null,\"Content\":null,\"Attributes\":[{\"Issuer\":null,\"AttributeId\":\"urn:altinn:userid\",\"IncludeInResult\":false,\"AttributeValues\":[{\"Value\":\"1\",\"DataType\":\"http://www.w3.org/2001/XMLSchema#string\",\"Attributes\":[{\"IsNamespaceDeclaration\":false,\"Name\":{\"LocalName\":\"DataType\",\"Namespace\":{\"NamespaceName\":\"\"},\"NamespaceName\":\"\"},\"NextAttribute\":null,\"NodeType\":2,\"PreviousAttribute\":null,\"Value\":\"http://www.w3.org/2001/XMLSchema#string\",\"BaseUri\":\"\",\"Document\":null,\"Parent\":null}],\"Elements\":[]}]},{\"Issuer\":null,\"AttributeId\":\"urn:altinn:rolecode\",\"IncludeInResult\":false,\"AttributeValues\":[{\"Value\":\"regna\",\"DataType\":\"http://www.w3.org/2001/XMLSchema#string\",\"Attributes\":[],\"Elements\":[]},{\"Value\":\"dagl\",\"DataType\":\"http://www.w3.org/2001/XMLSchema#string\",\"Attributes\":[],\"Elements\":[]},{\"Value\":\"apiadm\",\"DataType\":\"http://www.w3.org/2001/XMLSchema#string\",\"Attributes\":[],\"Elements\":[]}]}],\"Category\":\"urn:oasis:names:tc:xacml:1.0:subject-category:access-subject\"},{\"Id\":null,\"Content\":null,\"Attributes\":[{\"Issuer\":null,\"AttributeId\":\"urn:altinn:instance-id\",\"IncludeInResult\":false,\"AttributeValues\":[{\"Value\":\"1000/26133fb5-a9f2-45d4-90b1-f6d93ad40713\",\"DataType\":\"http://www.w3.org/2001/XMLSchema#string\",\"Attributes\":[{\"IsNamespaceDeclaration\":false,\"Name\":{\"LocalName\":\"DataType\",\"Namespace\":{\"NamespaceName\":\"\"},\"NamespaceName\":\"\"},\"NextAttribute\":null,\"NodeType\":2,\"PreviousAttribute\":null,\"Value\":\"http://www.w3.org/2001/XMLSchema#string\",\"BaseUri\":\"\",\"Document\":null,\"Parent\":null}],\"Elements\":[]}]},{\"Issuer\":null,\"AttributeId\":\"urn:altinn:org\",\"IncludeInResult\":false,\"AttributeValues\":[{\"Value\":\"skd\",\"DataType\":\"http://www.w3.org/2001/XMLSchema#string\",\"Attributes\":[],\"Elements\":[]}]},{\"Issuer\":null,\"AttributeId\":\"urn:altinn:app\",\"IncludeInResult\":false,\"AttributeValues\":[{\"Value\":\"taxreport\",\"DataType\":\"http://www.w3.org/2001/XMLSchema#string\",\"Attributes\":[],\"Elements\":[]}]},{\"Issuer\":null,\"AttributeId\":\"urn:altinn:task\",\"IncludeInResult\":false,\"AttributeValues\":[{\"Value\":\"Task_1\",\"DataType\":\"http://www.w3.org/2001/XMLSchema#string\",\"Attributes\":[],\"Elements\":[]}]},{\"Issuer\":null,\"AttributeId\":\"urn:altinn:partyid\",\"IncludeInResult\":true,\"AttributeValues\":[{\"Value\":\"1000\",\"DataType\":\"http://www.w3.org/2001/XMLSchema#string\",\"Attributes\":[],\"Elements\":[]}]}],\"Category\":\"urn:oasis:names:tc:xacml:3.0:attribute-category:resource\"},{\"Id\":null,\"Content\":null,\"Attributes\":[{\"Issuer\":null,\"AttributeId\":\"urn:oasis:names:tc:xacml:1.0:action:action-id\",\"IncludeInResult\":false,\"AttributeValues\":[{\"Value\":\"read\",\"DataType\":\"http://www.w3.org/2001/XMLSchema#string\",\"Attributes\":[{\"IsNamespaceDeclaration\":false,\"Name\":{\"LocalName\":\"DataType\",\"Namespace\":{\"NamespaceName\":\"\"},\"NamespaceName\":\"\"},\"NextAttribute\":null,\"NodeType\":2,\"PreviousAttribute\":null,\"Value\":\"http://www.w3.org/2001/XMLSchema#string\",\"BaseUri\":\"\",\"Document\":null,\"Parent\":null}],\"Elements\":[]}]}],\"Category\":\"urn:oasis:names:tc:xacml:3.0:attribute-category:action\"},{\"Id\":null,\"Content\":null,\"Attributes\":[],\"Category\":\"urn:oasis:names:tc:xacml:3.0:attribute-category:environment\"}],\"RequestReferences\":[]}",
+  "ipadress": "51.120.0.114",
+  "Decision": "Permit",
+  "userIdentifier": "787f6747-2d35-4ea2-9685-0f4123720680s"
+}

test/IntegrationTests/Data/Xacml/3.0/ResourceRegistry/eventlog/ResourceRegistry_SystemUserWithDelegation_PermitEvent.json

@@ -0,0 +1,11 @@
+{
+  "created": "2018-05-15T02:05:00+00:00",
+  "subjectOrgCode": "",
+  "resourcePartyId": 50005545,
+  "resource": "ttd-externalpdp-resource1",
+  "instanceid": "",
+  "operation": "read",
+  "contextRequestJson": "{\"ReturnPolicyIdList\":false,\"CombinedDecision\":false,\"XPathVersion\":null,\"Attributes\":[{\"Id\":null,\"Content\":null,\"Attributes\":[{\"Issuer\":null,\"AttributeId\":\"urn:altinn:systemuser:uuid\",\"IncludeInResult\":false,\"AttributeValues\":[{\"Value\":\"47caea5b-a80b-4343-b1d3-31eb523a4e28\",\"DataType\":\"http:\/\/www.w3.org\/2001\/XMLSchema#string\",\"Attributes\":[],\"Elements\":[]}]}],\"Category\":\"urn:oasis:names:tc:xacml:1.0:subject-category:access-subject\"},{\"Id\":null,\"Content\":null,\"Attributes\":[{\"Issuer\":null,\"AttributeId\":\"urn:oasis:names:tc:xacml:1.0:action:action-id\",\"IncludeInResult\":false,\"AttributeValues\":[{\"Value\":\"read\",\"DataType\":\"http:\/\/www.w3.org\/2001\/XMLSchema#string\",\"Attributes\":[],\"Elements\":[]}]}],\"Category\":\"urn:oasis:names:tc:xacml:3.0:attribute-category:action\"},{\"Id\":null,\"Content\":null,\"Attributes\":[{\"Issuer\":null,\"AttributeId\":\"urn:altinn:resource\",\"IncludeInResult\":false,\"AttributeValues\":[{\"Value\":\"ttd-externalpdp-resource1\",\"DataType\":\"http:\/\/www.w3.org\/2001\/XMLSchema#string\",\"Attributes\":[],\"Elements\":[]}]},{\"Issuer\":null,\"AttributeId\":\"urn:altinn:organization:identifier-no\",\"IncludeInResult\":false,\"AttributeValues\":[{\"Value\":\"910459880\",\"DataType\":\"http:\/\/www.w3.org\/2001\/XMLSchema#string\",\"Attributes\":[],\"Elements\":[]}]},{\"Issuer\":null,\"AttributeId\":\"urn:altinn:partyid\",\"IncludeInResult\":false,\"AttributeValues\":[{\"Value\":\"50005545\",\"DataType\":\"http:\/\/www.w3.org\/2001\/XMLSchema#string\",\"Attributes\":[],\"Elements\":[]}]}],\"Category\":\"urn:oasis:names:tc:xacml:3.0:attribute-category:resource\"}],\"RequestReferences\":[]}",
+  "Decision": "Permit",
+  "userIdentifier": "47caea5b-a80b-4343-b1d3-31eb523a4e28"
+}

test/IntegrationTests/ExternalDecisionTest.cs

@@ -1,15 +1,19 @@
+using System;
 using System.Net.Http;
 using System.Net.Http.Headers;
+using System.Threading;
 using System.Threading.Tasks;
 using Altinn.Authorization.ABAC.Interface;
 using Altinn.Authorization.ABAC.Xacml;
 using Altinn.Authorization.ABAC.Xacml.JsonProfile;
 using Altinn.Common.AccessToken.Services;
 using Altinn.Common.Authentication.Configuration;
+using Altinn.Platform.Authorization.Clients.Interfaces;
 using Altinn.Platform.Authorization.Controllers;
 using Altinn.Platform.Authorization.IntegrationTests.MockServices;
 using Altinn.Platform.Authorization.IntegrationTests.Util;
 using Altinn.Platform.Authorization.IntegrationTests.Webfactory;
+using Altinn.Platform.Authorization.Models.EventLog;
 using Altinn.Platform.Authorization.Repositories.Interface;
 using Altinn.Platform.Authorization.Services.Interface;
 using Altinn.Platform.Authorization.Services.Interfaces;
@@ -20,6 +24,8 @@
 using Microsoft.AspNetCore.TestHost;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Options;
+using Microsoft.FeatureManagement;
+using Moq;
 using Newtonsoft.Json.Linq;
 using Xunit;
 
@@ -28,10 +34,14 @@ namespace Altinn.Platform.Authorization.IntegrationTests
     public class ExternalDecisionTest :IClassFixture<CustomWebApplicationFactory<DecisionController>>
     {
         private readonly CustomWebApplicationFactory<DecisionController> _factory;
+        private readonly Mock<IFeatureManager> featureManageMock = new Mock<IFeatureManager>();
+        private readonly Mock<TimeProvider> timeProviderMock = new Mock<TimeProvider>();
 
         public ExternalDecisionTest(CustomWebApplicationFactory<DecisionController> fixture)
         {
             _factory = fixture;
+            SetupFeatureMock(true);
+            SetupDateTimeMock();
         }
 
         [Fact]
@@ -205,7 +215,7 @@ public async Task PDPExternal_Decision_AltinnResourceRegistry0011()
         public async Task PDPExternal_Decision_SystemUserWithResourceDelegation_Permit()
         {
             string token = PrincipalUtil.GetOrgToken("skd", "974761076", "altinn:authorization/authorize");
-            string testCase = "ResourceRegistry_SystemUserWithDelegation_Permit";
+            string testCase = "ResourceRegistry_SystemUserWithDelegation_Permit";            
             HttpClient client = GetTestClient();
             client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("bearer", token);
             HttpRequestMessage httpRequestMessage = TestSetupUtil.CreateXacmlRequestExternal(testCase);
@@ -218,6 +228,35 @@ public async Task PDPExternal_Decision_SystemUserWithResourceDelegation_Permit()
             AssertionUtil.AssertEqual(expected, contextResponse);
         }
 
+        /// <summary>
+        /// Scenario where systemuser has received delegation from the resource party for the resource. Should give Permit result.
+        /// </summary>
+        [Fact]
+        public async Task PDPExternal_Decision_SystemUserWithResourceDelegation_Permit_Eventlog()
+        {
+            string token = PrincipalUtil.GetOrgToken("skd", "974761076", "altinn:authorization/authorize");
+            string testCase = "ResourceRegistry_SystemUserWithDelegation_Permit";
+            Mock<IFeatureManager> featureManageMock = new Mock<IFeatureManager>();
+            featureManageMock
+                .Setup(m => m.IsEnabledAsync("AuditLog"))
+                .Returns(Task.FromResult(true));
+            Mock<IEventsQueueClient> eventQueue = new Mock<IEventsQueueClient>();
+            eventQueue.Setup(q => q.EnqueueAuthorizationEvent(It.IsAny<string>(), It.IsAny<CancellationToken>()));
+            AuthorizationEvent expectedAuthorizationEvent = TestSetupUtil.GetAuthorizationEvent(testCase);
+
+            HttpClient client = GetTestClient(eventQueue.Object, featureManageMock.Object, timeProviderMock.Object);
+            client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("bearer", token);
+            HttpRequestMessage httpRequestMessage = TestSetupUtil.CreateXacmlRequestExternal(testCase);
+            XacmlJsonResponse expected = TestSetupUtil.ReadExpectedJsonProfileResponse(testCase);
+
+            // Act
+            XacmlJsonResponse contextResponse = await TestSetupUtil.GetXacmlJsonProfileContextResponseAsync(client, httpRequestMessage);
+
+            // Assert
+            AssertionUtil.AssertEqual(expected, contextResponse);
+            AssertionUtil.AssertAuthorizationEvent(eventQueue, expectedAuthorizationEvent, Times.Once());
+        }
+
         /// <summary>
         /// Scenario where systemuser has received delegation from the resource party for the resource. Should give Permit result.
         /// </summary>
@@ -298,7 +337,7 @@ public async Task PDPExternal_Decision_SystemUserWithDelegations_MultiRequest_Pe
             AssertionUtil.AssertEqual(expected, contextResponse);
         }
 
-        private HttpClient GetTestClient()
+        private HttpClient GetTestClient(IEventsQueueClient eventLog = null, IFeatureManager featureManager = null, TimeProvider timeProviderMock = null)
         {
             HttpClient client = _factory.WithWebHostBuilder(builder =>
             {
@@ -319,10 +358,36 @@ private HttpClient GetTestClient()
                     services.AddSingleton<IResourceRegistry, ResourceRegistryMock>();
                     services.AddSingleton<IAccessManagementWrapper, AccessManagementWrapperMock>();
                     services.AddSingleton<IPublicSigningKeyProvider, PublicSigningKeyProviderMock>();
+                    if (featureManager != null)
+                    {
+                        services.AddSingleton(featureManager);
+                    }
+
+                    if (eventLog != null)
+                    {
+                        services.AddSingleton(eventLog);
+                    }
+
+                    if (timeProviderMock != null)
+                    {
+                        services.AddSingleton(timeProviderMock);
+                    }
                 });
             }).CreateClient(new WebApplicationFactoryClientOptions { AllowAutoRedirect = false });
 
             return client;
         }
+
+        private void SetupFeatureMock(bool featureFlag)
+        {
+            featureManageMock
+                .Setup(m => m.IsEnabledAsync("AuditLog"))
+                .Returns(Task.FromResult(featureFlag));
+        }
+
+        private void SetupDateTimeMock()
+        {
+            timeProviderMock.Setup(x => x.GetUtcNow()).Returns(new DateTimeOffset(2018, 05, 15, 02, 05, 00, TimeSpan.Zero));
+        }
     }
 }