Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: skip io get user #2185

Draft
wants to merge 19 commits into
base: main
Choose a base branch
from
+22 −22
Draft

feat: skip io get user #2185

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
19 commits
Select commit Hold shift + click to select a range
990d379
family & friends proposal
infantesimone Jun 18, 2024
a030f04
Merge branch 'main' into pay-wallet-family-friends
pietro-tota Jun 19, 2024
cc6369f
Merge remote-tracking branch 'origin/main' into pay-wallet-family-fri…
pietro-tota Jun 19, 2024
f42f864
feat: start session famly&friends
pietro-tota Jun 19, 2024
82ed81a
feat: add family&friends check for all policy
pietro-tota Jun 19, 2024
8935442
fix: policy syntax
pietro-tota Jun 19, 2024
8c53fbc
fix: precommit
pietro-tota Jun 19, 2024
6ff48a0
fix: minor policy fix
pietro-tota Jun 19, 2024
9845bb6
fix: policy condition
pietro-tota Jun 19, 2024
ea1dc33
Merge branch 'main' into pay-wallet-family-friends
pietro-tota Jun 19, 2024
fb87919
fix: add policy comment
pietro-tota Jun 20, 2024
e257b83
Merge branch 'main' into pay-wallet-family-friends
ciuffagianluca Jun 21, 2024
bbb03b8
fix: fragment policy b64 padding decode
pietro-tota Jun 21, 2024
0b60b05
[CHK-2970] feat: force payment method statuses when using wallet API …
giovanniberti Jun 21, 2024
2b38e82
Merge branch 'main' into pay-wallet-family-friends
giovanniberti Jun 21, 2024
3a6f2c9
fix(wallet-app): wallet not found pm (#2184)
ciuffagianluca Jun 21, 2024
bc88042
feat: skip io get user
pietro-tota Jun 21, 2024
f30bd1a
Merge branch 'main' into skip-io-start-session
pietro-tota Jun 26, 2024
c1c0787
Merge branch 'main' into skip-io-start-session
infantesimone Jul 1, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion src/domains/pay-wallet-app/api/fragments/_fragment_policy_user_id_from_session_token.tpl.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,4 +18,4 @@
return "user-id-not-found";
}
}" />
</fragment>
</fragment>
42 changes: 21 additions & 21 deletions src/domains/shared-app/api/session-wallet/v1/_base_policy.xml.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@
<inbound>
<base />
<set-variable name="walletToken" value="@(context.Request.Headers.GetValueOrDefault("Authorization", "").Replace("Bearer ",""))" />
<!-- Perform PM start api call: for family&friends handling NPG flow must be activated only for
<!-- Perform PM start api call: for family&friends handling NPG flow must be activated only for
users that have been enabled in pay-wallet-family-friends-user-ids named value (list of user id = PDV fiscal code tokenization)
For family&friends flow we expect that all clients will go with PM flow except the ones in the above list, that will be restricted
to few selected users. Anticipating PM start session will prevent further api calls.
Expand Down Expand Up @@ -50,7 +50,7 @@
<set-variable name="userFiscalCode" value="@{
String userFiscalCode = ((JObject)context.Variables["pmSession"])?["data"]?["user"]?["fiscalCode"]?.ToString();
return userFiscalCode;
}"
}"
/>
<choose>
<when condition="@(String.IsNullOrEmpty((String)context.Variables["userFiscalCode"]))">
Expand Down Expand Up @@ -98,7 +98,7 @@
</choose>

<set-variable name="pdvToken" value="@(((IResponse)context.Variables["pdv-token"]).Body.As<JObject>())" />
<!-- used as jwt claims https://auth0.com/docs/secure/tokens/json-web-tokens/json-web-token-claims -->
<!-- used as jwt claims https://auth0.com/docs/secure/tokens/json-web-tokens/json-web-token-claims -->
<set-variable name="userId" value="@((string)((JObject)context.Variables["pdvToken"])["token"])" />
<choose>
<when condition="@(String.IsNullOrEmpty((string)context.Variables["userId"]))">
Expand Down Expand Up @@ -128,9 +128,9 @@
<!-- pagoPA platform wallet JWT session token : END -->
</when>
<otherwise>
<!-- Get User IO : START-->
<!-- Get User IO
<send-request ignore-error="true" timeout="10" response-variable-name="user-auth-body" mode="new">
<set-url>@("${io_backend_base_path}/pagopa/api/v1/user?version=20200114")</set-url>
<set-url>@("${io_backend_base_path}/pagopa/api/v1/user?version=20200114")</set-url>
<set-method>GET</set-method>
<set-header name="Accept" exists-action="override">
<value>application/json</value>
Expand Down Expand Up @@ -172,42 +172,42 @@
</when>
</choose>
<set-variable name="userAuthBody" value="@(((IResponse)context.Variables["user-auth-body"]).Body.As<JObject>())" />
<!-- Get User IO : END-->
Get User IO : END-->
<!-- pagoPA platform wallet JWT session token : START -->
<!-- Token JWT START-->
<set-variable name="x-jwt-token" value="@{
//Construct the Base64Url-encoded header
var header = new { typ = "JWT", alg = "HS512" };
var jwtHeaderBase64UrlEncoded = Convert.ToBase64String(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(header))).Replace("/", "_").Replace("+", "-"). Replace("=", "");
// Construct the Base64Url-encoded payload

// Construct the Base64Url-encoded payload
var jti = Guid.NewGuid().ToString(); //sets the iat claim. Random uuid added to prevent the reuse of this token
var date = DateTime.Now;
var iat = new DateTimeOffset(date).ToUnixTimeSeconds(); // sets the issued time of the token now
var exp = new DateTimeOffset(date.AddMinutes(20)).ToUnixTimeSeconds(); // sets the expiration of the token to be 20 minutes from now
String userId = ((string)context.Variables.GetValueOrDefault("userId",""));
String userId = ((string)context.Variables.GetValueOrDefault("userId",""));

// Read email and pass it to the JWT. By now the email in shared as is. It MUST be encoded (by pdv) but POST transaction need to updated to not match email address as email field
JObject userAuth = (JObject)context.Variables["userAuthBody"];
String spidEmail = (String)userAuth["spid_email"];
String noticeEmail = (String)userAuth["notice_email"];
String email = String.IsNullOrEmpty(noticeEmail) ? spidEmail : noticeEmail;

var payload = new { iat, exp, jti, email, userId};
// JObject userAuth = (JObject)context.Variables["userAuthBody"];
// String spidEmail = (String)userAuth["spid_email"];
// String noticeEmail = (String)userAuth["notice_email"];
// String email = String.IsNullOrEmpty(noticeEmail) ? spidEmail : noticeEmail;
String email = ((JObject)context.Variables["pmSession"])["data"]["user"]["notificationEmail"].ToString();
var payload = new { iat, exp, jti, email, userId};
var jwtPayloadBase64UrlEncoded = Convert.ToBase64String(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(payload))).Replace("/", "_").Replace("+", "-"). Replace("=", "");
// Construct the Base64Url-encoded signature

// Construct the Base64Url-encoded signature
var signature = new HMACSHA512(Convert.FromBase64String("{{pagopa-wallet-session-jwt-signing-key}}")).ComputeHash(Encoding.UTF8.GetBytes($"{jwtHeaderBase64UrlEncoded}.{jwtPayloadBase64UrlEncoded}"));
var jwtSignatureBase64UrlEncoded = Convert.ToBase64String(signature).Replace("/", "_").Replace("+", "-"). Replace("=", "");

// Return the HMAC SHA512-signed JWT as the value for the Authorization header
return $"{jwtHeaderBase64UrlEncoded}.{jwtPayloadBase64UrlEncoded}.{jwtSignatureBase64UrlEncoded}";
return $"{jwtHeaderBase64UrlEncoded}.{jwtPayloadBase64UrlEncoded}.{jwtSignatureBase64UrlEncoded}";
}" />
<!-- Token JWT END-->
<!-- pagoPA platform wallet JWT session token : END -->
</otherwise>
</choose>


<return-response>
<set-status code="201" />
Expand All @@ -228,4 +228,4 @@
<on-error>
<base />
</on-error>
</policies>
</policies>