From 0fd0b869ca90880dabc0e7b5726b052ba2ebdd1b Mon Sep 17 00:00:00 2001
From: Diego Molteni <dmolteni3@slb.com>
Date: Wed, 21 Jul 2021 17:07:21 +0100
Subject: [PATCH] added impersonated user reference

---
 docs/api/openapi.osdu.yaml                  |  5 ++-
 docs/api/openapi.yaml                       |  5 ++-
 src/services/impersonation_token/handler.ts |  3 ++
 src/services/impersonation_token/model.ts   |  1 +
 src/shared/utils.ts                         | 48 +++++++++++----------
 5 files changed, 37 insertions(+), 25 deletions(-)

diff --git a/docs/api/openapi.osdu.yaml b/docs/api/openapi.osdu.yaml
index 319055e7..58ba669c 100644
--- a/docs/api/openapi.osdu.yaml
+++ b/docs/api/openapi.osdu.yaml
@@ -1901,10 +1901,13 @@ definitions:
     properties:
       created_by:
         type: string
-        description: The trusted app id .
+        description: The trusted app id.
       created_date:
         type: string
         description: The create date and time.
+      user:
+        type: string
+        description: The impersonated user.
       resources:
         type: array
         items:
diff --git a/docs/api/openapi.yaml b/docs/api/openapi.yaml
index c306ca23..685a0632 100644
--- a/docs/api/openapi.yaml
+++ b/docs/api/openapi.yaml
@@ -1908,10 +1908,13 @@ definitions:
     properties:
       created_by:
         type: string
-        description: The trusted app id .
+        description: The trusted app id.
       created_date:
         type: string
         description: The create date and time.
+      user:
+        type: string
+        description: The impersonated user.
       resources:
         type: array
         items:
diff --git a/src/services/impersonation_token/handler.ts b/src/services/impersonation_token/handler.ts
index c233a4f1..065dbf44 100644
--- a/src/services/impersonation_token/handler.ts
+++ b/src/services/impersonation_token/handler.ts
@@ -57,6 +57,8 @@ export class ImpersonationTokenHandler {
         const tenantName = requestBody.resources[0].resource.split('/')[0];
         const tenant = await TenantDAO.get(tenantName);
         const subject = Utils.getSubFromPayload(req.headers.authorization);
+        const user = Utils.getSubIDFromPayload(req.headers['user-token'] as string) ||
+            Utils.getSubFromPayload(req.headers['user-token'] as string) || undefined;
 
         // check if the caller is a trusted application (subject, email(obsolete), emailV2(obsolete))
         try {
@@ -123,6 +125,7 @@ export class ImpersonationTokenHandler {
         const data = {
             created_by: subject,
             created_date: new Date().toString(),
+            user,
             metadata: requestBody.metadata,
             resources: requestBody.resources,
             signature: this.computeSignature(impersonationToken.impersonation_token)
diff --git a/src/services/impersonation_token/model.ts b/src/services/impersonation_token/model.ts
index 40962130..9341b0d7 100644
--- a/src/services/impersonation_token/model.ts
+++ b/src/services/impersonation_token/model.ts
@@ -41,4 +41,5 @@ export interface ImpersonationTokenDataModel {
     metadata: object;
     created_by: string;
     created_date: string;
+    user: string;
 }
diff --git a/src/shared/utils.ts b/src/shared/utils.ts
index 8c1dde11..774e8b3f 100644
--- a/src/shared/utils.ts
+++ b/src/shared/utils.ts
@@ -1,5 +1,5 @@
 // ============================================================================
-// Copyright 2017-2019, Schlumberger
+// Copyright 2017-2021, Schlumberger
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@@ -16,17 +16,15 @@
 
 import { Config } from '../cloud';
 
-
 export class Utils {
 
-    public static getPropertyFromTokenPayload(base64jwtpayload: string, property: string): string {
-        const payload = this.getPayloadFromStringToken(base64jwtpayload);
+    public static getPropertyFromTokenPayload(base64JwtPayload: string, property: string): string {
+        const payload = this.getPayloadFromStringToken(base64JwtPayload);
         return property in payload ? payload[property] : undefined;
     }
 
-
     // This method is temporary required by slb during the migration of sauth from v1 to v2
-    // The method replace slb.com domain name with delfiserviceaccount.com.t
+    // The method replace slb.com domain name with delfiserviceaccount.com
     // Temporary hardcoded can be removed on 01/22 when sauth v1 will be dismissed.
     // Others service domain won't be affected by this call
     public static checkSauthV1EmailDomainName(email: string): string {
@@ -34,20 +32,24 @@ export class Utils {
             email.replace('slbservice.com@slb.com', 'slbservice.com@delfiserviceaccount.com') : email;
     }
 
-    public static getIssFromPayload(base64jwtpayload: string): string {
-        return this.getPayloadFromStringToken(base64jwtpayload).iss;
+    public static getIssFromPayload(base64JwtPayload: string): string {
+        return this.getPayloadFromStringToken(base64JwtPayload).iss;
+    }
+
+    public static getExpTimeFromPayload(base64JwtPayload: string): number {
+        return Number(this.getPayloadFromStringToken(base64JwtPayload).exp);
     }
 
-    public static getExpTimeFromPayload(base64jwtpayload: string): number {
-        return Number(this.getPayloadFromStringToken(base64jwtpayload).exp);
+    public static getAudienceFromPayload(base64JwtPayload: string): string {
+        return this.getPayloadFromStringToken(base64JwtPayload).aud
     }
 
-    public static getAudienceFromPayload(base64jwtpayload: string): string {
-        return this.getPayloadFromStringToken(base64jwtpayload).aud
+    public static getSubIDFromPayload(base64JwtPayload: string): string {
+        return this.getPayloadFromStringToken(base64JwtPayload).subid;
     }
 
-    public static getSubFromPayload(base64jwtpayload: string): string {
-        return this.getPayloadFromStringToken(base64jwtpayload).sub;
+    public static getSubFromPayload(base64JwtPayload: string): string {
+        return this.getPayloadFromStringToken(base64JwtPayload).sub;
     }
 
     public static makeID(len: number): string {
@@ -59,22 +61,22 @@ export class Utils {
         return id;
     }
 
-    public static getPayloadFromStringToken(base64jwtpayload: string): any {
+    public static getPayloadFromStringToken(base64JwtPayload: string): any {
 
-        if (base64jwtpayload === undefined) { return undefined; }
+        if (base64JwtPayload === undefined) { return undefined; }
 
-        base64jwtpayload = base64jwtpayload.replace(' ', '');
-        base64jwtpayload = base64jwtpayload.replace('Bearer', '');
-        const base64jwtpayloadtokens = base64jwtpayload.split('.');
+        base64JwtPayload = base64JwtPayload.replace(' ', '');
+        base64JwtPayload = base64JwtPayload.replace('Bearer', '');
+        const base64JwtPayloadTokens = base64JwtPayload.split('.');
 
-        base64jwtpayload = base64jwtpayloadtokens.length === 3 ? base64jwtpayloadtokens[1] : base64jwtpayload;
+        base64JwtPayload = base64JwtPayloadTokens.length === 3 ? base64JwtPayloadTokens[1] : base64JwtPayload;
 
-        const missingPadding = base64jwtpayload.length % 4;
+        const missingPadding = base64JwtPayload.length % 4;
         if (missingPadding !== 0) {
-            base64jwtpayload += '='.repeat(4 - missingPadding);
+            base64JwtPayload += '='.repeat(4 - missingPadding);
         }
 
-        return JSON.parse(Buffer.from(base64jwtpayload, 'base64').toString());
+        return JSON.parse(Buffer.from(base64JwtPayload, 'base64').toString());
 
     }
 
-- 
GitLab