kawa/SharepointToolbox-Web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
17f6010a931697560b00f74371d4632f02a1f01e
SharepointToolbox-Web/Services/Audit/AuditService.cs
T
kawa 17f6010a93 Fix open-redirect token leak and related auth hardening 
Security review fixes:
- Constrain OAuth connect returnUrl to a site-relative path so the
  redeemable token_key can't be redirected off-domain (was a refresh-
  token leak / connection hijack)
- Route all login redirects (entra/dev/local) through ToLocalReturnUrl,
  also closing a protocol-relative // open redirect in local-login
- Neutralize CSV formula prefixes in both audit-log exporters via
  CsvSanitizer
- Force Secure flag on the prod auth cookie (Always, not SameAsRequest)
- Gate admin pages with an app_role-claim "Admin" policy instead of a
  render-time check

Findings and rationale recorded in SECURITY-TODO.md.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-11 11:39:20 +02:00

60 lines
2.2 KiB
C#
Raw Blame History

using System.Text;
using Microsoft.AspNetCore.Authentication;
using SharepointToolbox.Web.Core.Models;
using SharepointToolbox.Web.Infrastructure.Persistence;
using SharepointToolbox.Web.Services.Export;
using SharepointToolbox.Web.Services.Session;
namespace SharepointToolbox.Web.Services.Audit;
public class AuditService : IAuditService
{
private readonly AuditRepository _repo;
private readonly IUserContextAccessor _userContext;
public AuditService(AuditRepository repo, IUserContextAccessor userContext)
{
_repo = repo;
_userContext = userContext;
}
public async Task LogAsync(string action, string clientName, IEnumerable<string> sites, string details = "")
{
var entry = new AuditEntry
{
Action = action,
ClientName = clientName,
Sites = sites.ToList(),
Details = details,
UserEmail = _userContext.Email,
UserDisplay = _userContext.DisplayName,
UserRole = _userContext.Role
};
await _repo.AppendAsync(entry);
}
public Task<IReadOnlyList<AuditEntry>> GetAllAsync() => _repo.LoadAllAsync();
public async Task<string> ExportCsvAsync()
{
var entries = await _repo.LoadAllAsync();
var sb = new StringBuilder();
sb.AppendLine("Timestamp,UserEmail,UserDisplay,UserRole,Action,Client,Sites,Details");
foreach (var e in entries.OrderByDescending(x => x.Timestamp))
{
// CsvSanitizer adds spreadsheet formula-injection guards (= + - @) on top of
// RFC 4180 quoting; the user/display/client/site fields are user-controlled.
sb.AppendLine(string.Join(",",
CsvSanitizer.Escape(e.Timestamp.ToLocalTime().ToString("yyyy-MM-dd HH:mm:ss")),
CsvSanitizer.Escape(e.UserEmail),
CsvSanitizer.Escape(e.UserDisplay),
CsvSanitizer.Escape(e.UserRole.ToString()),
CsvSanitizer.Escape(e.Action),
CsvSanitizer.Escape(e.ClientName),
CsvSanitizer.Escape(string.Join("; ", e.Sites)),
CsvSanitizer.Escape(e.Details)));
}
return sb.ToString();
}
}
Reference in New Issue View Git Blame Copy Permalink