search

nhsconnect / gpconnect-appointment-checker

GP Connect Appointment Checker
4 stars 1 forks source link

logging.error_log user_id and user_session_id are set to fixed values #91

Closed jonnyry closed 3 years ago

jonnyry commented 3 years ago

user_id and user_session_id in logging.error_log are both set to fixed values. in live they are 1 and 2 and don't correspond with the logged on user.

jonnyry commented 3 years ago

@ChristopherJamesMorris I noticed you refactored the following code:

            string emailAddress = context.Principal.GetClaimValue("Email");

             if (string.IsNullOrWhiteSpace(emailAddress))
             {
                 emailAddress = context.Principal.GetClaimValue("Email Address");

                 if (context.Principal.Identity is ClaimsIdentity identity)
                     identity.AddClaim(new Claim("Email", emailAddress));
             }

in file source/gpconnect-appointment-checker.SDS/Ldap/LdapTokenService.cs in commit https://github.com/nhsconnect/gpconnect-appointment-checker/pull/93/commits/767fe83044e766cfb338376123544225e32e25bd

Did you intentionally mean to remove the setting of the "Email" claim, if the "Email Address" claim has been used?

This was in there because the element on the banner that displays the user's email address refers to the "Email" claim, as so will fail to display it if so.

jonnyry commented 3 years ago

Fixed