Configuring OpenID Connect Authentication with moodle user id

Author: binon

Auth/LearningHub.Nhs.Auth/Configuration/ServiceMappings.cs

@@ -40,12 +40,22 @@ public static void AddServiceMappings(this IServiceCollection services, IConfigu
                             ServerCertificateCustomValidationCallback =
                                           HttpClientHandler.DangerousAcceptAnyServerCertificateValidator,
                         });
+
+                services.AddHttpClient<IMoodleHttpClient, MoodleHttpClient>()
+                    .ConfigurePrimaryHttpMessageHandler(
+                        () => new HttpClientHandler
+                        {
+                            ServerCertificateCustomValidationCallback =
+                                          HttpClientHandler.DangerousAcceptAnyServerCertificateValidator,
+                        });
             }
             else
             {
                 services.AddHttpClient<IUserApiHttpClient, UserApiHttpClient>();
+                services.AddHttpClient<IMoodleHttpClient, MoodleHttpClient>();
             }
 
+            services.AddScoped<IMoodleApiService, MoodleApiService>();
             services.AddDistributedMemoryCache();
             services.AddScoped<IExternalSystemService, ExternalSystemService>();
             services.AddTransient<IRegistrationService, RegistrationService>();

Auth/LearningHub.Nhs.Auth/Interfaces/IMoodleApiService.cs

@@ -0,0 +1,17 @@
+namespace LearningHub.Nhs.Auth.Interfaces
+{
+    using System.Threading.Tasks;
+
+    /// <summary>
+    /// IMoodleApiService.
+    /// </summary>
+    public interface IMoodleApiService
+    {
+        /// <summary>
+        /// GetResourcesAsync.
+        /// </summary>
+        /// <param name="currentUserId">The current User Id.</param>
+        /// <returns>A <see cref="Task{TResult}"/> representing the result of the asynchronous operation.</returns>
+        Task<int> GetMoodleUserIdByUsernameAsync(int currentUserId);
+    }
+}

Auth/LearningHub.Nhs.Auth/Interfaces/IMoodleHttpClient.cs

@@ -0,0 +1,23 @@
+namespace LearningHub.Nhs.Auth.Interfaces
+{
+    using System.Net.Http;
+    using System.Threading.Tasks;
+
+    /// <summary>
+    /// The Moodle Http Client interface.
+    /// </summary>
+    public interface IMoodleHttpClient
+    {
+        /// <summary>
+        /// The get cient async.
+        /// </summary>
+        /// <returns>The <see cref="Task"/>.</returns>
+        Task<HttpClient> GetClient();
+
+        /// <summary>
+        /// GetDefaultParameters.
+        /// </summary>
+        /// <returns>defaultParameters.</returns>
+        string GetDefaultParameters();
+    }
+}

Auth/LearningHub.Nhs.Auth/Models/MoodleUserResponseViewModel.cs

@@ -0,0 +1,121 @@
+namespace LearningHub.Nhs.Auth.Models
+{
+    using System.Collections.Generic;
+
+    /// <summary>
+    /// MoodleUserResponseViewModel.
+    /// </summary>
+    public class MoodleUserResponseViewModel
+    {
+        /// <summary>
+        /// Gets or sets the list of users.
+        /// </summary>
+        public List<MoodleUser> Users { get; set; }
+
+        /// <summary>
+        /// Gets or sets the warnings.
+        /// </summary>
+        public List<object> Warnings { get; set; }
+
+        /// <summary>
+        /// MoodleUser.
+        /// </summary>
+        public class MoodleUser
+        {
+            /// <summary>
+            /// Gets or sets the user ID.
+            /// </summary>
+            public int Id { get; set; }
+
+            /// <summary>
+            /// Gets or sets the username.
+            /// </summary>
+            public string Username { get; set; }
+
+            /// <summary>
+            /// Gets or sets the first name.
+            /// </summary>
+            public string FirstName { get; set; }
+
+            /// <summary>
+            /// Gets or sets the last name.
+            /// </summary>
+            public string LastName { get; set; }
+
+            /// <summary>
+            /// Gets or sets the full name.
+            /// </summary>
+            public string FullName { get; set; }
+
+            /// <summary>
+            /// Gets or sets the email.
+            /// </summary>
+            public string Email { get; set; }
+
+            /// <summary>
+            /// Gets or sets the department.
+            /// </summary>
+            public string Department { get; set; }
+
+            /// <summary>
+            /// Gets or sets the first access timestamp.
+            /// </summary>
+            public long FirstAccess { get; set; }
+
+            /// <summary>
+            /// Gets or sets the last access timestamp.
+            /// </summary>
+            public long LastAccess { get; set; }
+
+            /// <summary>
+            /// Gets or sets the authentication method.
+            /// </summary>
+            public string Auth { get; set; }
+
+            /// <summary>
+            /// Gets or sets a value indicating whether the user is suspended.
+            /// </summary>
+            public bool Suspended { get; set; }
+
+            /// <summary>
+            /// Gets or sets a value indicating whether the user is confirmed.
+            /// </summary>
+            public bool Confirmed { get; set; }
+
+            /// <summary>
+            /// Gets or sets the language.
+            /// </summary>
+            public string Lang { get; set; }
+
+            /// <summary>
+            /// Gets or sets the theme.
+            /// </summary>
+            public string Theme { get; set; }
+
+            /// <summary>
+            /// Gets or sets the timezone.
+            /// </summary>
+            public string Timezone { get; set; }
+
+            /// <summary>
+            /// Gets or sets the mail format.
+            /// </summary>
+            public int MailFormat { get; set; }
+
+            /// <summary>
+            /// Gets or sets the forum tracking preference.
+            /// </summary>
+            public int TrackForums { get; set; }
+
+            /// <summary>
+            /// Gets or sets the small profile image URL.
+            /// </summary>
+            public string ProfileImageUrlSmall { get; set; }
+
+            /// <summary>
+            /// Gets or sets the profile image URL.
+            /// </summary>
+            public string ProfileImageUrl { get; set; }
+        }
+    }
+}

Auth/LearningHub.Nhs.Auth/Services/MoodleApiService.cs

@@ -0,0 +1,64 @@
+namespace LearningHub.Nhs.Auth.Services
+{
+    using System;
+    using System.Net.Http;
+    using System.Threading.Tasks;
+    using LearningHub.Nhs.Auth.Interfaces;
+    using LearningHub.Nhs.Auth.Models;
+    using Newtonsoft.Json;
+
+    /// <summary>
+    /// MoodleApiService.
+    /// </summary>
+    public class MoodleApiService : IMoodleApiService
+    {
+        private readonly IMoodleHttpClient moodleHttpClient;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="MoodleApiService"/> class.
+        /// </summary>
+        /// <param name="moodleHttpClient">moodleHttpClient.</param>
+        public MoodleApiService(IMoodleHttpClient moodleHttpClient)
+        {
+            this.moodleHttpClient = moodleHttpClient;
+        }
+
+        /// <summary>
+        /// GetMoodleUserIdByUsernameAsync.
+        /// </summary>
+        /// <param name="currentUserId">current User Id.</param>
+        /// <returns>UserId from Moodle.</returns>
+        public async Task<int> GetMoodleUserIdByUsernameAsync(int currentUserId)
+        {
+            int moodleUserId = 0;
+            string additionalParameters = $"&criteria[0][key]=username&criteria[0][value]={currentUserId}";
+            string defaultParameters = this.moodleHttpClient.GetDefaultParameters();
+
+            var client = await this.moodleHttpClient.GetClient();
+
+            string url = $"&wsfunction=core_user_get_users{additionalParameters}";
+
+            HttpResponseMessage response = await client.GetAsync("?" + defaultParameters + url);
+            if (response.IsSuccessStatusCode)
+            {
+                var result = response.Content.ReadAsStringAsync().Result;
+                var viewmodel = JsonConvert.DeserializeObject<MoodleUserResponseViewModel>(result);
+
+                foreach (var user in viewmodel.Users)
+                {
+                    if (user.Username == currentUserId.ToString())
+                    {
+                        moodleUserId = user.Id;
+                    }
+                }
+            }
+            else if (response.StatusCode == System.Net.HttpStatusCode.Unauthorized ||
+                       response.StatusCode == System.Net.HttpStatusCode.Forbidden)
+            {
+                throw new Exception("AccessDenied");
+            }
+
+            return moodleUserId;
+        }
+    }
+}

Auth/LearningHub.Nhs.Auth/Services/MoodleHttpClient.cs

@@ -0,0 +1,87 @@
+namespace LearningHub.Nhs.Auth.Services
+{
+    using System;
+    using System.Net.Http;
+    using System.Net.Http.Headers;
+    using System.Threading.Tasks;
+    using LearningHub.Nhs.Auth.Interfaces;
+    using Microsoft.Extensions.Configuration;
+
+    /// <summary>
+    /// The moodle http client.
+    /// </summary>
+    public class MoodleHttpClient : IMoodleHttpClient, IDisposable
+    {
+        private readonly HttpClient httpClient = new ();
+        private bool initialised = false;
+        private string moodleAPIBaseUrl;
+        private string moodleAPIMoodleWSRestFormat;
+        private string moodleAPIWSToken;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="MoodleHttpClient"/> class.
+        /// </summary>
+        /// <param name="httpClient">httpClient.</param>
+        /// <param name="config">config.</param>
+        public MoodleHttpClient(HttpClient httpClient, IConfiguration config)
+        {
+            this.httpClient = httpClient;
+            this.moodleAPIBaseUrl = config["MoodleAPIConfig:BaseUrl"];
+            this.moodleAPIMoodleWSRestFormat = config["MoodleAPIConfig:MoodleWSRestFormat"];
+            this.moodleAPIWSToken = config["MoodleAPIConfig:WSToken"];
+        }
+
+        /// <summary>
+        /// The Get Client method.
+        /// </summary>
+        /// <returns>The <see cref="Task"/>.</returns>
+        public async Task<HttpClient> GetClient()
+        {
+            this.Initialise(this.moodleAPIBaseUrl);
+            return this.httpClient;
+        }
+
+        /// <summary>
+        /// GetDefaultParameters.
+        /// </summary>
+        /// <returns>defaultParameters.</returns>
+        public string GetDefaultParameters()
+        {
+            string defaultParameters = $"wstoken={this.moodleAPIWSToken}"
+                              + $"&moodlewsrestformat={this.moodleAPIMoodleWSRestFormat}";
+
+            return defaultParameters;
+        }
+
+        /// <inheritdoc/>
+        public void Dispose()
+        {
+            this.Dispose(true);
+            GC.SuppressFinalize(this);
+        }
+
+        /// <summary>
+        /// The dispoase.
+        /// </summary>
+        /// <param name="disposing">disposing.</param>
+        protected virtual void Dispose(bool disposing)
+        {
+            if (disposing)
+            {
+                this.httpClient.Dispose();
+            }
+        }
+
+        private void Initialise(string httpClientUrl)
+        {
+            if (this.initialised == false)
+            {
+                this.httpClient.BaseAddress = new Uri(httpClientUrl);
+                this.httpClient.DefaultRequestHeaders.Accept.Clear();
+                this.httpClient.DefaultRequestHeaders.Accept.Add(
+                    new MediaTypeWithQualityHeaderValue("application/json"));
+                this.initialised = true;
+            }
+        }
+    }
+}

Auth/LearningHub.Nhs.Auth/UserServices/LearningHubProfileService.cs

@@ -20,12 +20,16 @@ public class LearningHubProfileService : IProfileService
         /// <param name="userService">
         /// The user service.
         /// </param>
+        /// <param name="moodleApiService">
+        /// The moodle api service.
+        /// </param>
         /// <param name="logger">
         /// The logger.
         /// </param>
-        public LearningHubProfileService(IUserService userService, ILogger<LearningHubProfileService> logger)
+        public LearningHubProfileService(IUserService userService, IMoodleApiService moodleApiService, ILogger<LearningHubProfileService> logger)
         {
             this.UserService = userService;
+            this.MoodleApiService = moodleApiService;
             this.Logger = logger;
         }
 
@@ -39,6 +43,11 @@ public LearningHubProfileService(IUserService userService, ILogger<LearningHubPr
         /// </summary>
         protected IUserService UserService { get; }
 
+        /// <summary>
+        /// Gets the moodle api service.
+        /// </summary>
+        protected IMoodleApiService MoodleApiService { get; }
+
         /// <summary>
         /// The get profile data async.
         /// </summary>
@@ -53,6 +62,8 @@ public async Task GetProfileDataAsync(ProfileDataRequestContext context)
             if (context != null)
             {
                 var user = await this.UserService.GetBasicUserByUserIdAsync(context.Subject.GetSubjectId());
+                var moodleUser = await this.MoodleApiService.GetMoodleUserIdByUsernameAsync(user.Id);
+
                 var roleName = await this.UserService.GetUserRoleAsync(user.Id);
 
                 var claims = new List<Claim>
@@ -63,6 +74,7 @@ public async Task GetProfileDataAsync(ProfileDataRequestContext context)
                                      new Claim("family_name", user.LastName),
                                      new Claim("role", roleName),
                                      new Claim("elfh_userName", user.UserName),
+                                     new Claim("preferred_username", moodleUser.ToString()),
                                  };
 
                 if (context.Subject.HasClaim("openAthensUser", "true"))

Auth/LearningHub.Nhs.Auth/appsettings.json

@@ -51,6 +51,11 @@
     "3584C984-028C-4002-AA4B-58AF665AEBDD": "",
     "LearningHubOAClient": ""
   },
+  "MoodleAPIConfig": {
+    "BaseUrl": "",
+    "MoodleWSRestFormat": "json",
+    "WSToken": ""
+  },
   "OaScopes": [ "" ],
   "AuthKey": "",
   "AuthOrigin": "",