diff --git a/apps/profil-api/src/main/java/no/nav/registre/testnorge/profil/consumer/AzureAdProfileConsumer.java b/apps/profil-api/src/main/java/no/nav/registre/testnorge/profil/consumer/AzureAdProfileConsumer.java index d899735893c..3ba8cd3c1a9 100644 --- a/apps/profil-api/src/main/java/no/nav/registre/testnorge/profil/consumer/AzureAdProfileConsumer.java +++ b/apps/profil-api/src/main/java/no/nav/registre/testnorge/profil/consumer/AzureAdProfileConsumer.java @@ -10,6 +10,7 @@ import org.springframework.stereotype.Service; import org.springframework.web.reactive.function.client.ExchangeStrategies; import org.springframework.web.reactive.function.client.WebClient; +import reactor.core.publisher.Mono; import reactor.netty.http.client.HttpClient; import reactor.netty.transport.ProxyProvider; @@ -56,10 +57,10 @@ public AzureAdProfileConsumer( this.webClient = builder.build(); } - public Profil getProfil() { + public Mono getProfil() { return azureAdTokenService.exchange(url + "/.default") .flatMap(accessToken -> new GetProfileCommand(webClient, accessToken.getTokenValue()).call()) - .map(Profil::new).block(); + .map(Profil::new); } public Optional getProfilImage() { diff --git a/apps/profil-api/src/main/java/no/nav/registre/testnorge/profil/consumer/PersonOrganisasjonTilgangConsumer.java b/apps/profil-api/src/main/java/no/nav/registre/testnorge/profil/consumer/PersonOrganisasjonTilgangConsumer.java index 4e1ee9177f2..0a557545844 100644 --- a/apps/profil-api/src/main/java/no/nav/registre/testnorge/profil/consumer/PersonOrganisasjonTilgangConsumer.java +++ b/apps/profil-api/src/main/java/no/nav/registre/testnorge/profil/consumer/PersonOrganisasjonTilgangConsumer.java @@ -5,8 +5,6 @@ import no.nav.registre.testnorge.profil.consumer.command.GetPersonOrganisasjonTilgangCommand; import no.nav.testnav.libs.dto.altinn3.v1.OrganisasjonDTO; import no.nav.testnav.libs.securitycore.domain.ServerProperties; -import no.nav.testnav.libs.securitycore.domain.UserInfo; -import no.nav.testnav.libs.servletsecurity.action.GetUserInfo; import no.nav.testnav.libs.servletsecurity.exchange.TokenExchange; import org.springframework.stereotype.Component; import org.springframework.web.reactive.function.client.WebClient; @@ -16,34 +14,28 @@ @Slf4j @Component public class PersonOrganisasjonTilgangConsumer { + private final WebClient webClient; private final ServerProperties serverProperties; private final TokenExchange tokenExchange; - private final GetUserInfo getUserInfo; public PersonOrganisasjonTilgangConsumer( Consumers consumers, TokenExchange tokenExchange, - WebClient.Builder webClientBuilder, - GetUserInfo getUserInfo) { + WebClient.Builder webClientBuilder) { serverProperties = consumers.getTestnavAltinn3TilgangService(); this.tokenExchange = tokenExchange; this.webClient = webClientBuilder .baseUrl(serverProperties.getUrl()) .build(); - this.getUserInfo = getUserInfo; } - public Mono getOrganisasjon(String organisasjonsnummer) { - - var userId = getUserInfo.call() - .map(UserInfo::id) - .orElse(null); + public Mono getOrganisasjon(String ident, String organisasjonsnummer) { return Mono.from(tokenExchange.exchange(serverProperties) .flatMapMany(accessToken -> - new GetPersonOrganisasjonTilgangCommand(webClient, userId, accessToken.getTokenValue()).call())) + new GetPersonOrganisasjonTilgangCommand(webClient, ident, accessToken.getTokenValue()).call())) .doOnNext(organisasjon -> log.info("Mottatt organisasjon: {}", organisasjon)) .filter(organisasjon -> organisasjon.getOrganisasjonsnummer().equals(organisasjonsnummer)); } diff --git a/apps/profil-api/src/main/java/no/nav/registre/testnorge/profil/provider/ProfilController.java b/apps/profil-api/src/main/java/no/nav/registre/testnorge/profil/provider/ProfilController.java index e08430b3218..256c93f6ed5 100644 --- a/apps/profil-api/src/main/java/no/nav/registre/testnorge/profil/provider/ProfilController.java +++ b/apps/profil-api/src/main/java/no/nav/registre/testnorge/profil/provider/ProfilController.java @@ -28,7 +28,7 @@ public ProfilController(ProfilService profilService) { @SneakyThrows @GetMapping public ResponseEntity getProfile() { - var profil = profilService.getProfile(); + var profil = profilService.getProfile().block(); return ResponseEntity.ok().cacheControl(cacheControl).body(profil.toDTO()); } diff --git a/apps/profil-api/src/main/java/no/nav/registre/testnorge/profil/service/ProfilService.java b/apps/profil-api/src/main/java/no/nav/registre/testnorge/profil/service/ProfilService.java index 7bfc30827a5..b3ad968c834 100644 --- a/apps/profil-api/src/main/java/no/nav/registre/testnorge/profil/service/ProfilService.java +++ b/apps/profil-api/src/main/java/no/nav/registre/testnorge/profil/service/ProfilService.java @@ -11,6 +11,7 @@ import org.springframework.security.oauth2.jwt.JwtClaimNames; import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken; import org.springframework.stereotype.Service; +import reactor.core.publisher.Mono; import java.util.Optional; @@ -25,25 +26,28 @@ public class ProfilService { private final PersonOrganisasjonTilgangConsumer organisasjonTilgangConsumer; private final GetUserInfo getUserInfo; - public Profil getProfile() { + public Mono getProfile() { + if (isTokenX()) { return getUserInfo.call() - .map(userInfo -> new Profil( - userInfo.brukernavn(), - UKJENT, - UKJENT, - UKJENT, - userInfo.organisasjonsnummer(), - BANK_ID) - ) - .orElse(new Profil( - BANK_ID, - UKJENT, - UKJENT, - UKJENT, - UKJENT, - BANK_ID - )); + .map(userInfo -> organisasjonTilgangConsumer + .getOrganisasjon(getIdent(), userInfo.organisasjonsnummer()) + .map(organisasjon -> new Profil( + userInfo.brukernavn(), + UKJENT, + UKJENT, + organisasjon.getNavn(), + userInfo.organisasjonsnummer(), + BANK_ID) + )) + .orElse(Mono.just(new Profil( + BANK_ID, + UKJENT, + UKJENT, + UKJENT, + UKJENT, + BANK_ID + ))); } return azureAdProfileConsumer.getProfil(); } @@ -52,18 +56,29 @@ public Optional getImage() { return isTokenX() ? Optional.empty() : azureAdProfileConsumer.getProfilImage(); } - private JwtAuthenticationToken getJwtAuthenticationToken() { + private Optional getJwtAuthenticationToken() { + return Optional.ofNullable(SecurityContextHolder.getContext().getAuthentication()) .filter(JwtAuthenticationToken.class::isInstance) - .map(JwtAuthenticationToken.class::cast) - .orElseThrow(); + .map(JwtAuthenticationToken.class::cast); } private boolean isTokenX() { return getJwtAuthenticationToken() - .getTokenAttributes() - .get(JwtClaimNames.ISS) - .equals(tokenXResourceServerProperties.getIssuerUri()); + .map(token -> token + .getTokenAttributes() + .get(JwtClaimNames.ISS) + .equals(tokenXResourceServerProperties.getIssuerUri())) + .orElseThrow(); + } + + private String getIdent() { + + return getJwtAuthenticationToken() + .map(JwtAuthenticationToken::getTokenAttributes) + .map(attribs -> attribs.get("pid")) + .map(ident -> (String) ident) + .orElseThrow(); } } diff --git a/apps/profil-api/src/main/resources/logback-spring.xml b/apps/profil-api/src/main/resources/logback-spring.xml index f21b609f457..7573f10edb7 100644 --- a/apps/profil-api/src/main/resources/logback-spring.xml +++ b/apps/profil-api/src/main/resources/logback-spring.xml @@ -17,7 +17,7 @@ - + diff --git a/libs/servlet-security/src/main/java/no/nav/testnav/libs/servletsecurity/action/GetUserInfo.java b/libs/servlet-security/src/main/java/no/nav/testnav/libs/servletsecurity/action/GetUserInfo.java index bdbb82f6297..52a7b4cdcff 100644 --- a/libs/servlet-security/src/main/java/no/nav/testnav/libs/servletsecurity/action/GetUserInfo.java +++ b/libs/servlet-security/src/main/java/no/nav/testnav/libs/servletsecurity/action/GetUserInfo.java @@ -35,7 +35,6 @@ public Optional call() { var jwt = JWT.decode(token); var verifier = JWT.require(Algorithm.HMAC256(secret)).build(); verifier.verify(jwt); - log.info("jwt ---> {}", jwt.getToken()); return new UserInfo( jwt.getClaim(UserConstant.USER_CLAIM_ID).asString(), jwt.getClaim(UserConstant.USER_CLAIM_ORG).asString(),