Add Rsk.Open.Identityserver.AuditEventSink

RSK.IdentityServer4.AuditEventSink.sln

@@ -21,6 +21,10 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Rsk.Audit.Tests.Common", "t
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Rsk.Audit.Tests.Integration", "tests\Rsk.Audit.Tests.Integration\Rsk.Audit.Tests.Integration.csproj", "{374C47E2-B685-47BD-AD1A-6E435623E055}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Rsk.Open.IdentityServer.AuditEventSink", "src\Rsk.Open.IdentityServer.AuditEventSink\Rsk.Open.IdentityServer.AuditEventSink.csproj", "{535B7E62-8578-4B75-AB82-81E854A3F8DD}"
+EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Rsk.Open.IdentityServer.AuditEventSink.Tests", "tests\Rsk.Open.IdentityServer.AuditEventSink.Tests\Rsk.Open.IdentityServer.AuditEventSink.Tests.csproj", "{CE817EDF-273F-4605-926D-A876DD1AA5BC}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -55,6 +59,14 @@ Global
 		{374C47E2-B685-47BD-AD1A-6E435623E055}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{374C47E2-B685-47BD-AD1A-6E435623E055}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{374C47E2-B685-47BD-AD1A-6E435623E055}.Release|Any CPU.Build.0 = Release|Any CPU
+		{535B7E62-8578-4B75-AB82-81E854A3F8DD}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{535B7E62-8578-4B75-AB82-81E854A3F8DD}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{535B7E62-8578-4B75-AB82-81E854A3F8DD}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{535B7E62-8578-4B75-AB82-81E854A3F8DD}.Release|Any CPU.Build.0 = Release|Any CPU
+		{CE817EDF-273F-4605-926D-A876DD1AA5BC}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{CE817EDF-273F-4605-926D-A876DD1AA5BC}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{CE817EDF-273F-4605-926D-A876DD1AA5BC}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{CE817EDF-273F-4605-926D-A876DD1AA5BC}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -67,6 +79,8 @@ Global
 		{3EA6C204-5D23-4844-B7D7-4C342CA401CD} = {4AD87BDC-20A4-4426-80E4-0706AA9D8294}
 		{6FAFBAE2-745C-4243-BDA9-F01A6973F8D6} = {4AD87BDC-20A4-4426-80E4-0706AA9D8294}
 		{374C47E2-B685-47BD-AD1A-6E435623E055} = {4AD87BDC-20A4-4426-80E4-0706AA9D8294}
+		{535B7E62-8578-4B75-AB82-81E854A3F8DD} = {0F18CE73-394B-4E63-8791-E6FDD93581AC}
+		{CE817EDF-273F-4605-926D-A876DD1AA5BC} = {4AD87BDC-20A4-4426-80E4-0706AA9D8294}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {741C58BE-23A1-4690-81D8-57D7789ACE7F}

azure-pipelines.open-identity-server.yml

@@ -0,0 +1,91 @@
+trigger: none
+pr: none
+
+variables:
+- group: "NugetPackageRelease"
+- name: buildConfiguration
+  value: 'Release'
+- name: identityPackageVersion
+  value: '1.0.0.0'
+
+stages:
+- stage: Build
+  jobs:
+  - job: BuildOpenIdentityServer
+    strategy:
+      matrix:
+        linux:
+          imageName: 'ubuntu-latest'
+          shouldPack: true
+        mac:
+         imageName: 'macOS-latest'
+         shouldPack: true
+        windows:
+          imageName: 'windows-latest'
+          shouldPack: true
+    pool:
+      vmImage: $(imageName)
+    steps:
+    - task: UseDotNet@2
+      displayName: Install .NET Core sdk version 10.x
+      inputs:
+        packageType: sdk
+        version: 10.x
+        installationPath: $(Agent.ToolsDirectory)/dotnet
+    - task: NuGetToolInstaller@0
+      inputs:
+        versionSpec: 5.4.0
+    - task: DotNetCoreCLI@2
+      displayName: 'Dotnet restore'
+      inputs:
+        command: 'restore'
+        projects: 'src/Rsk.Open.IdentityServer.AuditEventSink/Rsk.Open.IdentityServer.AuditEventSink.csproj'
+        feedsToUse: 'config'
+        nugetConfigPath: $(System.DefaultWorkingDirectory)/NuGet.AzDO.config
+    - task: DotNetCoreCLI@2
+      displayName: dotnet build src/Rsk.Open.IdentityServer.AuditEventSink/Rsk.Open.IdentityServer.AuditEventSink.csproj
+      inputs:
+        command: 'build'
+        projects: 'src/Rsk.Open.IdentityServer.AuditEventSink/Rsk.Open.IdentityServer.AuditEventSink.csproj'
+        arguments: -c $(buildConfiguration) --no-restore /p:Version="$(identityPackageVersion)"
+    - task: DotNetCoreCLI@2
+      displayName: dotnet test - Run Open IdentityServer Tests
+      inputs:
+        command: 'test'
+        projects: 'tests/Rsk.Open.IdentityServer.AuditEventSink.Tests/Rsk.Open.IdentityServer.AuditEventSink.Tests.csproj'
+        arguments: -c $(buildConfiguration) --no-restore
+    - task: DotNetCoreCLI@2
+      displayName: Package Rsk.Open.IdentityServer.AuditEventSink.csproj for Nuget
+      inputs:
+        command: 'pack'
+        packagesToPack: 'src/Rsk.Open.IdentityServer.AuditEventSink/Rsk.Open.IdentityServer.AuditEventSink.csproj'
+        nobuild: true
+        includesymbols: true
+        versionEnvVar: identityPackageVersion
+        versioningScheme: 'byEnvVar'
+        verbosityPack: 'Normal'
+        outputDir: '$(Build.ArtifactStagingDirectory)'
+    - task: PublishBuildArtifacts@1
+      condition: and(succeeded(), eq(variables['shouldPack'], true))
+      displayName: Publish Open IdentityServer artifacts
+      inputs:
+        PathtoPublish: '$(Build.ArtifactStagingDirectory)'
+        ArtifactName: 'Rsk.Open.IdentityServer.AuditEventSink nupkg'
+        publishLocation: 'Container'
+
+- stage: Publish
+  dependsOn: Build
+  condition: succeeded()
+  jobs:
+  - deployment: PublishNuGet
+    environment: Release
+    strategy:
+        runOnce:
+          deploy:
+            steps:
+              - template: templates/publish-nuget.yml
+                parameters:
+                  toLive: true
+                  artifact: 'Rsk.Open.IdentityServer.AuditEventSink nupkg'
+                  packageToPublish: '$(Pipeline.Workspace)/Rsk.Open.IdentityServer.AuditEventSink nupkg/*.nupkg'
+

src/Rsk.Audit.EF/Rsk.Audit.EF.csproj

@@ -26,7 +26,7 @@
   </ItemGroup>
 
   <ItemGroup>
-      <PackageReference Include="Rsk.Audit" Version="4.0.0" />
+    <PackageReference Include="Rsk.Audit" Version="4.0.0" />
   </ItemGroup>
 
   <ItemGroup>

src/Rsk.DuendeIdentityServer.AuditEventSink/Rsk.DuendeIdentityServer.AuditEventSink.csproj

@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
     <PropertyGroup>
         <TargetFramework>net10.0</TargetFramework>

src/Rsk.Open.IdentityServer.AuditEventSink/AdapterFactory.cs

@@ -0,0 +1,63 @@
+using System;
+using System.Collections.Generic;
+using Open.IdentityServer.Events;
+using RSK.Audit;
+using Rsk.Open.IdentityServer.AuditEventSink.Adapters;
+
+namespace Rsk.Open.IdentityServer.AuditEventSink
+{
+    public class AdapterFactory : IAdapterFactory
+    {
+        private readonly Dictionary<Type, Func<Event, IAuditEventArguments>> eventAdapters;
+
+        public AdapterFactory(IDictionary<Type, Func<Event, IAuditEventArguments>> customEventAdapters = null)
+        {
+            eventAdapters = CreateDefaultEventAdapters();
+
+            if (customEventAdapters == null) return;
+
+            foreach (var mapping in customEventAdapters)
+            {
+                eventAdapters[mapping.Key] = mapping.Value;
+            }
+        }
+
+        public IAuditEventArguments Create(Event evt)
+        {
+            if (evt == null)
+            {
+                return null;
+            }
+
+            return eventAdapters.TryGetValue(evt.GetType(), out var adapterFactory)
+                ? adapterFactory(evt)
+                : null;
+        }
+
+        private static Dictionary<Type, Func<Event, IAuditEventArguments>> CreateDefaultEventAdapters()
+        {
+            return new Dictionary<Type, Func<Event, IAuditEventArguments>>
+            {
+                [typeof(TokenIssuedSuccessEvent)] = e => new TokenIssuedSuccessEventAdapter((TokenIssuedSuccessEvent)e),
+                [typeof(UserLoginSuccessEvent)] = e => new UserLoginSuccessEventAdapter((UserLoginSuccessEvent)e),
+                [typeof(UserLoginFailureEvent)] = e => new UserLoginFailureEventAdapter((UserLoginFailureEvent)e),
+                [typeof(UserLogoutSuccessEvent)] = e => new UserLogoutSuccessEventAdapter((UserLogoutSuccessEvent)e),
+                [typeof(ConsentGrantedEvent)] = e => new ConsentGrantedEventAdapter((ConsentGrantedEvent)e),
+                [typeof(ConsentDeniedEvent)] = e => new ConsentDeniedEventAdapter((ConsentDeniedEvent)e),
+                [typeof(TokenIssuedFailureEvent)] = e => new TokenIssuedFailureEventAdapter((TokenIssuedFailureEvent)e),
+                [typeof(GrantsRevokedEvent)] = e => new GrantsRevokedEventAdapter((GrantsRevokedEvent)e),
+                [typeof(DeviceAuthorizationFailureEvent)] = e => new DeviceAuthorizationFailureEventAdapter((DeviceAuthorizationFailureEvent)e),
+                [typeof(DeviceAuthorizationSuccessEvent)] = e => new DeviceAuthorizationSuccessEventAdapter((DeviceAuthorizationSuccessEvent)e),
+                [typeof(TokenRevokedSuccessEvent)] = e => new TokenRevokedSuccessEventAdapter((TokenRevokedSuccessEvent)e),
+                [typeof(InvalidClientConfigurationEvent)] = e => new InvalidClientConfigurationEventAdapter((InvalidClientConfigurationEvent)e),
+                [typeof(TokenIntrospectionFailureEvent)] = e => new TokenIntrospectionFailureEventAdapter((TokenIntrospectionFailureEvent)e),
+                [typeof(TokenIntrospectionSuccessEvent)] = e => new TokenIntrospectionSuccessEventAdapter((TokenIntrospectionSuccessEvent)e),
+                [typeof(ClientAuthenticationFailureEvent)] = e => new ClientAuthenticationFailureEventAdapter((ClientAuthenticationFailureEvent)e),
+                [typeof(ClientAuthenticationSuccessEvent)] = e => new ClientAuthenticationSuccessEventAdapter((ClientAuthenticationSuccessEvent)e),
+                [typeof(ApiAuthenticationFailureEvent)] = e => new ApiAuthenticationFailureEventAdapter((ApiAuthenticationFailureEvent)e),
+                [typeof(ApiAuthenticationSuccessEvent)] = e => new ApiAuthenticationSuccessEventAdapter((ApiAuthenticationSuccessEvent)e),
+                [typeof(UnhandledExceptionEvent)] = e => new UnhandledExceptionEventAdapter((UnhandledExceptionEvent)e)
+            };
+        }
+    }
+}

src/Rsk.Open.IdentityServer.AuditEventSink/Adapters/ApiAuthenticationFailureEventAdapter.cs

@@ -0,0 +1,21 @@
+using System;
+using Open.IdentityServer.Events;
+using RSK.Audit;
+
+namespace Rsk.Open.IdentityServer.AuditEventSink.Adapters
+{
+    public class ApiAuthenticationFailureEventAdapter : IAuditEventArguments
+    {
+        private readonly ApiAuthenticationFailureEvent evt;
+
+        public ApiAuthenticationFailureEventAdapter(ApiAuthenticationFailureEvent evt)
+        {
+            this.evt = evt ?? throw new ArgumentNullException(nameof(evt));
+        }
+
+        public ResourceActor Actor => new ResourceActor(ResourceActor.MachineSubjectType, null, null);
+        public string Action => evt.Name;
+        public AuditableResource Resource => new AuditableResource("IdentityServer", evt.ApiName);
+        public FormattedString Description => evt.ToString().SafeForFormatted();
+    }
+}

src/Rsk.Open.IdentityServer.AuditEventSink/Adapters/ApiAuthenticationSuccessEventAdapter.cs

@@ -0,0 +1,21 @@
+using System;
+using Open.IdentityServer.Events;
+using RSK.Audit;
+
+namespace Rsk.Open.IdentityServer.AuditEventSink.Adapters
+{
+    public class ApiAuthenticationSuccessEventAdapter : IAuditEventArguments
+    {
+        private readonly ApiAuthenticationSuccessEvent evt;
+
+        public ApiAuthenticationSuccessEventAdapter(ApiAuthenticationSuccessEvent evt)
+        {
+            this.evt = evt ?? throw new ArgumentNullException(nameof(evt));
+        }
+
+        public ResourceActor Actor => new ResourceActor(ResourceActor.MachineSubjectType, null, null);
+        public string Action => evt.Name;
+        public AuditableResource Resource => new AuditableResource("IdentityServer", evt.ApiName);
+        public FormattedString Description => evt.ToString().SafeForFormatted();
+    }
+}

src/Rsk.Open.IdentityServer.AuditEventSink/Adapters/ClientAuthenticationFailureEventAdapter.cs

@@ -0,0 +1,21 @@
+using System;
+using Open.IdentityServer.Events;
+using RSK.Audit;
+
+namespace Rsk.Open.IdentityServer.AuditEventSink.Adapters
+{
+    public class ClientAuthenticationFailureEventAdapter : IAuditEventArguments
+    {
+        private readonly ClientAuthenticationFailureEvent evt;
+
+        public ClientAuthenticationFailureEventAdapter(ClientAuthenticationFailureEvent evt)
+        {
+            this.evt = evt ?? throw new ArgumentNullException(nameof(evt));
+        }
+
+        public ResourceActor Actor => new ResourceActor(ResourceActor.MachineSubjectType, evt.ClientId, evt.ClientId);
+        public string Action => evt.Name;
+        public AuditableResource Resource => new AuditableResource("IdentityServer");
+        public FormattedString Description => evt.ToString().SafeForFormatted();
+    }
+}

src/Rsk.Open.IdentityServer.AuditEventSink/Adapters/ClientAuthenticationSuccessEventAdapter.cs

@@ -0,0 +1,21 @@
+using System;
+using Open.IdentityServer.Events;
+using RSK.Audit;
+
+namespace Rsk.Open.IdentityServer.AuditEventSink.Adapters
+{
+    public class ClientAuthenticationSuccessEventAdapter : IAuditEventArguments
+    {
+        private readonly ClientAuthenticationSuccessEvent evt;
+
+        public ClientAuthenticationSuccessEventAdapter(ClientAuthenticationSuccessEvent evt)
+        {
+            this.evt = evt ?? throw new ArgumentNullException(nameof(evt));
+        }
+
+        public ResourceActor Actor => new ResourceActor(ResourceActor.MachineSubjectType, evt.ClientId, evt.ClientId);
+        public string Action => evt.Name;
+        public AuditableResource Resource => new AuditableResource("IdentityServer");
+        public FormattedString Description => evt.ToString().SafeForFormatted();
+    }
+}

src/Rsk.Open.IdentityServer.AuditEventSink/Adapters/ConsentDeniedEventAdapter.cs

@@ -0,0 +1,21 @@
+using System;
+using Open.IdentityServer.Events;
+using RSK.Audit;
+
+namespace Rsk.Open.IdentityServer.AuditEventSink.Adapters
+{
+    public class ConsentDeniedEventAdapter : IAuditEventArguments
+    {
+        private readonly ConsentDeniedEvent evt;
+
+        public ConsentDeniedEventAdapter(ConsentDeniedEvent evt)
+        {
+            this.evt = evt ?? throw new ArgumentNullException(nameof(evt));
+        }
+
+        public ResourceActor Actor => new ResourceActor(ResourceActor.UserSubjectType, evt.SubjectId, evt.SubjectId);
+        public string Action => evt.Name;
+        public AuditableResource Resource => new AuditableResource("Client", evt.ClientId);
+        public FormattedString Description => evt.ToString().SafeForFormatted();
+    }
+}

src/Rsk.Open.IdentityServer.AuditEventSink/Adapters/ConsentGrantedEventAdapter.cs

@@ -0,0 +1,20 @@
+using Open.IdentityServer.Events;
+using RSK.Audit;
+
+namespace Rsk.Open.IdentityServer.AuditEventSink.Adapters
+{
+    public class ConsentGrantedEventAdapter : IAuditEventArguments
+    {
+        private readonly ConsentGrantedEvent evt;
+
+        public ConsentGrantedEventAdapter(ConsentGrantedEvent evt)
+        {
+            this.evt = evt;
+        }
+
+        public ResourceActor Actor => new ResourceActor(ResourceActor.UserSubjectType, evt.SubjectId, evt.SubjectId);
+        public string Action => evt.Name;
+        public AuditableResource Resource => new AuditableResource("Client", evt.ClientId);
+        public FormattedString Description => evt.ToString().SafeForFormatted();
+    }
+}

src/Rsk.Open.IdentityServer.AuditEventSink/Adapters/DeviceAuthorizationFailureEventAdapter.cs

@@ -0,0 +1,21 @@
+using System;
+using Open.IdentityServer.Events;
+using RSK.Audit;
+
+namespace Rsk.Open.IdentityServer.AuditEventSink.Adapters
+{
+    public class DeviceAuthorizationFailureEventAdapter : IAuditEventArguments
+    {
+        private readonly DeviceAuthorizationFailureEvent evt;
+
+        public DeviceAuthorizationFailureEventAdapter(DeviceAuthorizationFailureEvent evt)
+        {
+            this.evt = evt ?? throw new ArgumentNullException(nameof(evt));
+        }
+
+        public ResourceActor Actor => new ResourceActor(ResourceActor.MachineSubjectType, evt.ClientId, evt.ClientName);
+        public string Action => evt.Name;
+        public AuditableResource Resource => new AuditableResource("IdentityServer", evt.Endpoint);
+        public FormattedString Description => evt.ToString().SafeForFormatted();
+    }
+}

src/Rsk.Open.IdentityServer.AuditEventSink/Adapters/DeviceAuthorizationSuccessEventAdapter.cs

@@ -0,0 +1,21 @@
+using System;
+using Open.IdentityServer.Events;
+using RSK.Audit;
+
+namespace Rsk.Open.IdentityServer.AuditEventSink.Adapters
+{
+    public class DeviceAuthorizationSuccessEventAdapter : IAuditEventArguments
+    {
+        private readonly DeviceAuthorizationSuccessEvent evt;
+
+        public DeviceAuthorizationSuccessEventAdapter(DeviceAuthorizationSuccessEvent evt)
+        {
+            this.evt = evt ?? throw new ArgumentNullException(nameof(evt));
+        }
+
+        public ResourceActor Actor => new ResourceActor(ResourceActor.MachineSubjectType, evt.ClientId, evt.ClientName);
+        public string Action => evt.Name;
+        public AuditableResource Resource => new AuditableResource("IdentityServer", evt.Endpoint);
+        public FormattedString Description => evt.ToString().SafeForFormatted();
+    }
+}