Authentication

Author: MWClayson-NHS

application/CohortManager/src/Functions/Shared/Common/Authentication/AuthHelper.cs

@@ -0,0 +1,32 @@
+namespace Common;
+
+using System.Text.Json;
+using Microsoft.Azure.Functions.Worker;
+
+public static class AuthHelper
+{
+    public static bool TryGetTokenFromHeaders(FunctionContext context, out string token)
+    {
+        token = null!;
+
+        context.BindingContext.BindingData.TryGetValue("Headers", out var headersObj);
+
+        if(headersObj is not string headersStr)
+        {
+            return false;
+        }
+         var headers = JsonSerializer.Deserialize<Dictionary<string, string>>(headersStr);
+         if(headers == null)
+         {
+             return false;
+         }
+
+         if(!headers.TryGetValue("Authorization", out var authHeader) || !authHeader.StartsWith("Bearer "))
+         {
+             return false;
+         }
+
+         token = authHeader.Substring("Bearer ".Length).Trim();
+         return true;
+    }
+}

application/CohortManager/src/Functions/Shared/Common/Authentication/CIS2AuthMiddleware.cs

@@ -0,0 +1,49 @@
+namespace Common;
+
+using System.Net;
+using Microsoft.Azure.Functions.Worker;
+using Microsoft.Azure.Functions.Worker.Middleware;
+using Microsoft.Extensions.Logging;
+
+public class CIS2AuthMiddleware : IFunctionsWorkerMiddleware
+{
+
+    private readonly ILogger<CIS2AuthMiddleware> _logger;
+    private readonly ICreateResponse _createResponse;
+    private readonly IAuthenticationService _authService;
+
+    public CIS2AuthMiddleware(ILogger<CIS2AuthMiddleware> logger, ICreateResponse createResponse, IAuthenticationService authService)
+    {
+        _logger = logger;
+        _createResponse = createResponse;
+        _authService = authService;
+    }
+
+    public async Task Invoke(FunctionContext context, FunctionExecutionDelegate next)
+    {
+        var req = await context.GetHttpRequestDataAsync();
+
+        var tokenExists = AuthHelper.TryGetTokenFromHeaders(context, out var token);
+
+        if(!tokenExists)
+        {
+            _logger.LogWarning("Authorization header is missing or invalid");
+            var response = await _createResponse.CreateHttpResponseWithBodyAsync(HttpStatusCode.Unauthorized, req!, "Unauthorized: Missing or invalid Authorization header.");
+            context.GetInvocationResult().Value = response;
+            return;
+        }
+
+        var validateToken = await _authService.ValidateTokenAsync(token);
+
+        if(!validateToken)
+        {
+            _logger.LogWarning("Token validation failed");
+            var response = await _createResponse.CreateHttpResponseWithBodyAsync(HttpStatusCode.Unauthorized, req!, "Unauthorized: Invalid token.");
+            context.GetInvocationResult().Value = response;
+            return;
+        }
+
+        context.Items["AuthToken"] = token;
+        await next(context);
+    }
+}

application/CohortManager/src/Functions/Shared/Common/Authentication/IAuthenticationService.cs

@@ -4,5 +4,5 @@ namespace Common;
 
 public interface IAuthenticationService
 {
-       Task<bool> ValidateAccess(HttpRequestData request);
+    Task<bool> ValidateTokenAsync(string token);
 }

application/CohortManager/src/Functions/Shared/Common/Authentication/JwtAuthentication.cs

@@ -26,17 +26,8 @@ public JWTAuthentication(IOptions<AuthConfig> authConfig, ILogger<JWTAuthenticat
         );
     }
 
-    public async Task<bool> ValidateAccess(HttpRequestData request)
+    public async Task<bool> ValidateTokenAsync(string token)
     {
-
-        var authHeader = request.Headers.Single(x => x.Key == "Authorization").Value.FirstOrDefault();
-        if (string.IsNullOrEmpty(authHeader) || !authHeader.StartsWith("Bearer "))
-        {
-            _logger.LogWarning("Authorization header is missing or does not start with 'Bearer '");
-            return false;
-        }
-        var token = authHeader.Substring("Bearer ".Length).Trim();
-
         try
         {
             var oidcConfig = await _configurationManager.GetConfigurationAsync();
@@ -67,8 +58,6 @@ public async Task<bool> ValidateAccess(HttpRequestData request)
             _logger.LogError(ex, "An unexpected error occurred during token validation");
             return false;
         }
-        // Implement JWT validation logic here using _authConfig.MetaDataUrl and _authConfig.ClientId
-        // This is a placeholder implementation and should be replaced with actual JWT validation logic.
     }
 
 }

application/CohortManager/src/Functions/Shared/Common/Extensions/AuthenticationExtension.cs

@@ -9,9 +9,14 @@ public static IHostBuilder AddAuthentication(this IHostBuilder hostBuilder)
     {
 
         hostBuilder.AddConfiguration<AuthConfig>();
+        hostBuilder.ConfigureFunctionsWorkerDefaults(workerOptions =>
+        {
+            workerOptions.UseMiddleware<CIS2AuthMiddleware>();
+        });
         hostBuilder.ConfigureServices((context, services) =>
         {
-            services.AddSingleton<IAuthenticationService, JWTAuthentication>();
+
+            //services.AddSingleton<IAuthenticationService, JWTAuthentication>();
         });
         return hostBuilder;
      }

application/CohortManager/src/Functions/screeningDataServices/GetValidationExceptions/GetValidationExceptions.cs

@@ -24,15 +24,13 @@ public class GetValidationExceptions
     private readonly IValidationExceptionData _validationData;
     private readonly IHttpParserHelper _httpParserHelper;
     private readonly IPaginationService<ValidationException> _paginationService;
-    private readonly IAuthenticationService _authenticationService;
 
-    public GetValidationExceptions(ILogger<GetValidationExceptions> logger, ICreateResponse createResponse, IValidationExceptionData validationData, IHttpParserHelper httpParserHelper, IPaginationService<ValidationException> paginationService, IAuthenticationService authenticationService)
+    public GetValidationExceptions(ILogger<GetValidationExceptions> logger, ICreateResponse createResponse, IValidationExceptionData validationData, IHttpParserHelper httpParserHelper, IPaginationService<ValidationException> paginationService)
     {
         _logger = logger;
         _createResponse = createResponse;
         _validationData = validationData;
         _httpParserHelper = httpParserHelper;
-        _authenticationService = authenticationService;
         _paginationService = paginationService;
     }
 
@@ -59,14 +57,6 @@ public async Task<HttpResponseData> Run([HttpTrigger(AuthorizationLevel.Anonymou
         var isReport = _httpParserHelper.GetQueryParameterAsBool(req, "isReport");
         var ruleId = _httpParserHelper.GetQueryParameterAsNullableInt(req, "ruleId");
         var dateCreated = _httpParserHelper.GetQueryParameterAsDateTime(req, "dateCreated");
-
-        var validated = await _authenticationService.ValidateAccess(req);
-
-        if(!validated)
-        {
-            return _createResponse.CreateHttpResponse(HttpStatusCode.Unauthorized, req, "Unauthorized access.");
-        }
-
         try
         {
             if (exceptionId > 0)

application/CohortManager/src/Functions/screeningDataServices/GetValidationExceptions/Program.cs

@@ -10,14 +10,21 @@
 
 var host = new HostBuilder()
     .AddConfiguration<GetValidationExceptionsConfig>(out GetValidationExceptionsConfig config)
-    .ConfigureFunctionsWorkerDefaults()
+    .AddConfiguration<AuthConfig>()
+    .ConfigureFunctionsWorkerDefaults(
+            workerOptions =>
+            {
+                workerOptions.UseMiddleware<CIS2AuthMiddleware>();
+            }
+    )
     .AddDataServicesHandler()
     .AddDataService<ExceptionManagement>(config.ExceptionManagementDataServiceURL)
     .AddDataService<ParticipantDemographic>(config.DemographicDataServiceURL)
     .Build()
-    .AddAuthentication()
+    //.AddAuthentication()
     .ConfigureServices(services =>
     {
+        services.AddSingleton<IAuthenticationService, JWTAuthentication>();
         services.AddTransient<IValidationExceptionData, ValidationExceptionData>();
         services.AddSingleton<ICreateResponse, CreateResponse>();
         services.AddSingleton<IHttpParserHelper, HttpParserHelper>();