Remove delegationcheck (#440)

* remove delegation check + use new create endpoint WIP

* remove dead code

* add problemDetails mapper

* fix warnings + remove dead code

* fix warning

* return 404 if request is not found

* show specific error message for request id not found

* fix return type

* add translations for delegation errors

* move parameter to pathname

* fix texts

* remove PDP mock + old dependencies

* improve msw mock code + change mock to typescript

* fix after change in backend

* update problem mapping

* fixes

* temp test fix

* minor size change

* remove logging information message

* add problem detail for non-existing system

* show error message if system is not found

* test for not existing system

* add Authorize attribute back

* fix error message mapping

bff/src/Altinn.Authentication.UI/Altinn.Authentication.UI.Core/Common/Extensions/HttpClientExtensions.cs

@@ -14,7 +14,7 @@ public static class HttpClientExtension
 /// <param name="content">The http content.</param>
 /// <param name="platformAccessToken">The platformAccess tokens.</param>
 /// <returns>A HttpResponseMessage.</returns>
-public static Task<HttpResponseMessage> PostAsync(this HttpClient httpClient, string authorizationToken, string requestUri, HttpContent content, string platformAccessToken = null)
+public static Task<HttpResponseMessage> PostAsync(this HttpClient httpClient, string authorizationToken, string requestUri, HttpContent? content = null, string? platformAccessToken = null)
 {
     HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, requestUri);
     request.Headers.Add("Authorization", "Bearer " + authorizationToken);
@@ -36,7 +36,7 @@ public static Task<HttpResponseMessage> PostAsync(this HttpClient httpClient, st
 /// <param name="content">The http content.</param>
 /// <param name="platformAccessToken">The platformAccess tokens.</param>
 /// <returns>A HttpResponseMessage.</returns>
-public static Task<HttpResponseMessage> PutAsync(this HttpClient httpClient, string authorizationToken, string requestUri, HttpContent content, string platformAccessToken = null)
+public static Task<HttpResponseMessage> PutAsync(this HttpClient httpClient, string authorizationToken, string requestUri, HttpContent content, string? platformAccessToken = null)
 {
     HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Put, requestUri);
     request.Headers.Add("Authorization", "Bearer " + authorizationToken);
@@ -57,7 +57,7 @@ public static Task<HttpResponseMessage> PutAsync(this HttpClient httpClient, str
 /// <param name="requestUri">The request Uri.</param>
 /// <param name="platformAccessToken">The platformAccess tokens.</param>
 /// <returns>A HttpResponseMessage.</returns>
-public static Task<HttpResponseMessage> GetAsync(this HttpClient httpClient, string authorizationToken, string requestUri, string platformAccessToken = null)
+public static Task<HttpResponseMessage> GetAsync(this HttpClient httpClient, string authorizationToken, string requestUri, string? platformAccessToken = null)
 {
     HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Get, requestUri);
     request.Headers.Add("Authorization", "Bearer " + authorizationToken);
@@ -77,7 +77,7 @@ public static Task<HttpResponseMessage> GetAsync(this HttpClient httpClient, str
 /// <param name="requestUri">The request Uri.</param>
 /// <param name="platformAccessToken">The platformAccess tokens.</param>
 /// <returns>A HttpResponseMessage.</returns>
-public static Task<HttpResponseMessage> DeleteAsync(this HttpClient httpClient, string authorizationToken, string requestUri, string platformAccessToken = null)
+public static Task<HttpResponseMessage> DeleteAsync(this HttpClient httpClient, string authorizationToken, string requestUri, string? platformAccessToken = null)
 {
     HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Delete, requestUri);
     request.Headers.Add("Authorization", "Bearer " + authorizationToken);

bff/src/Altinn.Authentication.UI/Altinn.Authentication.UI.Core/Common/Problems/Problem.cs

@@ -47,4 +47,46 @@ private static readonly ProblemDescriptorFactory _factory
     public static ProblemDescriptor Generic_EndOfMethod { get; }
         = _factory.Create(5, HttpStatusCode.BadRequest, "Default error at the end of logic chain. Not supposed to appear.");
 
+    /// <summary>
+    /// Gets a <see cref="ProblemDescriptor"/>.
+    /// </summary>
+    public static ProblemDescriptor RequestNotFound { get; }
+        = _factory.Create(10, HttpStatusCode.NotFound, "The request was not found for given party.");
+
+    /// <summary>
+    /// Gets a <see cref="ProblemDescriptor"/>.
+    /// </summary>
+    public static ProblemDescriptor SystemIdNotFound { get; }
+        = _factory.Create(11, HttpStatusCode.NotFound, "The Id does not refer to a Registered System.");
+
+    /// <summary>
+    /// Gets a <see cref="ProblemDescriptor"/>.
+    /// </summary>
+    public static ProblemDescriptor UnableToDoDelegationCheck { get; }
+        = _factory.Create(14, HttpStatusCode.InternalServerError, "DelegationCheck failed with unknown error.");
+
+    /// <summary>
+    /// Gets a <see cref="ProblemDescriptor"/>.
+    /// </summary>
+    public static ProblemDescriptor DelegationRightMissingRoleAccess { get; }
+        = _factory.Create(16, HttpStatusCode.Forbidden, "DelegationCheck failed with error: Has not access by a delegation of role in ER or Altinn.");
+
+    /// <summary>
+    /// Gets a <see cref="ProblemDescriptor"/>.
+    /// </summary>
+    public static ProblemDescriptor DelegationRightMissingDelegationAccess { get; }
+        = _factory.Create(18, HttpStatusCode.Forbidden, "DelegationCheck failed with error: Has not access by direct delegation.");
+
+    /// <summary>
+    /// Gets a <see cref="ProblemDescriptor"/>.
+    /// </summary>
+    public static ProblemDescriptor DelegationRightMissingSrrRightAccess { get; }
+        = _factory.Create(19, HttpStatusCode.Forbidden, "DelegationCheck failed with error: The service requires explicit access in SRR and the reportee is missing this.");
+
+    /// <summary>
+    /// Gets a <see cref="ProblemDescriptor"/>.
+    /// </summary>
+    public static ProblemDescriptor DelegationRightInsufficientAuthenticationLevel { get; }
+        = _factory.Create(20, HttpStatusCode.Forbidden, "DelegationCheck failed with error: The service requires explicit authentication level and the reportee is missing this.");
+
 }

bff/src/Altinn.Authentication.UI/Altinn.Authentication.UI.Core/Common/Problems/ProblemMapper.cs

@@ -0,0 +1,26 @@
+using Altinn.Authorization.ProblemDetails;
+
+namespace Altinn.Authentication.UI.Core.Common.Problems;
+/// <summary>
+/// Problem descriptors for the Authentication UI BFF.
+/// </summary>
+public static class ProblemMapper
+{
+    public static ProblemDescriptor MapToAuthUiError(string? authErrorCode)
+    {
+        return authErrorCode switch
+        {
+            "AUTH-00001" => Problem.Rights_NotFound_Or_NotDelegable,
+            "AUTH-00002" => Problem.Rights_FailedToDelegate,
+            "AUTH-00003" => Problem.SystemUser_FailedToCreate,
+            "AUTH-00004" => Problem.SystemUser_AlreadyExists,
+            "AUTH-00011" => Problem.SystemIdNotFound,
+            "AUTH-00014" => Problem.UnableToDoDelegationCheck,
+            "AUTH-00016" => Problem.DelegationRightMissingRoleAccess,
+            "AUTH-00018" => Problem.DelegationRightMissingDelegationAccess,
+            "AUTH-00019" => Problem.DelegationRightMissingSrrRightAccess,
+            "AUTH-00020" => Problem.DelegationRightInsufficientAuthenticationLevel,
+            _ => Problem.Generic_EndOfMethod,
+        };
+    }
+}

bff/src/Altinn.Authentication.UI/Altinn.Authentication.UI.Core/SystemUsers/ISystemUserClient.cs

@@ -5,10 +5,8 @@ namespace Altinn.Authentication.UI.Core.SystemUsers;
 public interface ISystemUserClient
 {
     Task<SystemUser?> GetSpecificSystemUserReal(int partyId, Guid id, CancellationToken cancellationToken = default);
-    Task<SystemUser?> PostNewSystemUserReal(int partyId, CreateSystemUserRequestToAuthComp newSystemUserDescriptor, CancellationToken cancellation = default);
+    Task<Result<SystemUser>> CreateSystemUser(int partyId, SystemUserRequestDto newSystemUser, CancellationToken cancellation = default);
     Task<Result<bool>> DeleteSystemUserReal(int partyId, Guid id, CancellationToken cancellationToken = default);
     Task<bool> ChangeSystemUserRealTitle(string newTitle, Guid id, CancellationToken cancellationToken = default);
-    Task<bool> ChangeSystemUserRealDescription(string newDescr, Guid id, CancellationToken cancellationToken = default);
     Task<List<SystemUser>> GetSystemUserRealsForChosenUser(int id, CancellationToken cancellationToken = default);
-    Task<bool> ChangeSystemUserRealProduct(string selectedSystemType, Guid id, CancellationToken cancellationToken = default);
 }

bff/src/Altinn.Authentication.UI/Altinn.Authentication.UI.Core/SystemUsers/ISystemUserService.cs

@@ -10,14 +10,11 @@ public interface ISystemUserService
     /// <summary>
     /// Return all system users created for a given party
     /// </summary>
-    Task<List<SystemUser>> GetAllSystemUsersForParty(int partyId, CancellationToken cancellationToken = default);
+    Task<Result<List<SystemUser>>> GetAllSystemUsersForParty(int partyId, CancellationToken cancellationToken = default);
     Task<SystemUser?> GetSpecificSystemUserDTO(int partyId, Guid id, CancellationToken cancellationToken = default);
-
-    /// <summary>
-    /// Creates a system user
-    /// </summary>
-    Task<Result<SystemUser>> CreateSystemUser(int partyId, CreateSystemUserRequestToAuthComp newSystemUserDescriptor, CancellationToken cancellation = default);
-
+
+    Task<Result<SystemUser>> CreateSystemUser(int partyId, SystemUserRequestDto newSystemUserDescriptor, CancellationToken cancellation = default);
+
     /// <summary>
     /// Deletes system user
     /// </summary>
@@ -27,14 +24,4 @@ public interface ISystemUserService
     /// Change system user title
     /// </summary>
     Task<bool> ChangeSystemUserTitle(string newTitle, Guid id, CancellationToken cancellationToken = default);
-
-    /// <summary>
-    /// Change system user description
-    /// </summary>
-    Task<bool> ChangeSystemUserDescription(string newDescr, Guid id, CancellationToken cancellationToken = default);
-
-    /// <summary>
-    /// Change system user product. To do. Do we need this?
-    /// </summary>
-    Task<bool> ChangeSystemUserProduct(string selectedSystemType, Guid id, CancellationToken cancellationToken = default);
 }

bff/src/Altinn.Authentication.UI/Altinn.Authentication.UI.Core/SystemUsers/CreateSystemUserRequestGUI.cs → bff/src/Altinn.Authentication.UI/Altinn.Authentication.UI.Core/SystemUsers/SystemUserRequestDto.cs

@@ -2,21 +2,25 @@
 
 namespace Altinn.Authentication.UI.Core.SystemUsers;
 
-public sealed record CreateSystemUserRequestGUI
+/// <summary>
+/// When the Frontend POST a new SystemUser this is the DTO 
+/// sent to the Authentication Component
+/// </summary>
+public class SystemUserRequestDto
 {
     /// <summary>
     /// The Title is set by the end-user in the Frontend, by default it is the same as the System's Display Name
     /// Even if this DTO allows null, the db field is of course still required   
     /// </summary>
     [JsonPropertyName("integrationTitle")]
-    public string? IntegrationTitle { get; set; }
+    public string IntegrationTitle { get; set; }
 
     /// <summary>
     /// For off the shelf systems.
     /// Should probably be human readable (instead of a GUID) but unique string without whitespace
     /// The "real" Authentication Component should validate that the SystemName is unique
     /// Retrieved from the SystemRegister, the full CRUD Api is in a different service
     /// </summary>
-    [JsonPropertyName("selectedSystemType")]
-    public string? SelectedSystemType { get; set; }
+    [JsonPropertyName("systemId")]
+    public string SystemId { get; set; }
 }