refactor: authors in database instead of Auth0 metadata

It's fairly complicated to read and maintain author information in the Auth0 user's metadata, so instead we'll just store the user's ID in mongo and read author information from there.

This also allows multiple users to work under multiple authors.

Author: JasonWeinzierl

src/BHS.Infrastructure/BHS.Infrastructure.csproj

@@ -8,8 +8,6 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Auth0.ManagementApi" Version="7.29.0" />
-    <PackageReference Include="Auth0Net.DependencyInjection" Version="4.0.0" />
     <PackageReference Include="Humanizer" Version="2.14.1" />
     <PackageReference Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="8.0.0" />
     <PackageReference Include="Microsoft.Extensions.Options.DataAnnotations" Version="8.0.0" />
@@ -24,7 +22,7 @@
 
   <ItemGroup>
     <InternalsVisibleTo Include="$(AssemblyName).Tests" />
-    <InternalsVisibleTo Include="BHS.Utilities.MongoMigration" />
+    <InternalsVisibleTo Include="DynamicProxyGenAssembly2" />
   </ItemGroup>
 
 </Project>

src/BHS.Infrastructure/IoC/BhsServiceCollectionExtensions.cs

@@ -1,6 +1,4 @@
-using Auth0Net.DependencyInjection;
-using Auth0Net.DependencyInjection.Cache;
-using BHS.Domain.Authors;
+using BHS.Domain.Authors;
 using BHS.Domain.Banners;
 using BHS.Domain.Blog;
 using BHS.Domain.ContactUs;
@@ -9,7 +7,6 @@
 using BHS.Domain.Notifications;
 using BHS.Domain.Photos;
 using BHS.Infrastructure.Adapters;
-using BHS.Infrastructure.Repositories.Auth0;
 using BHS.Infrastructure.Repositories.Mongo;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
@@ -38,13 +35,6 @@ public static IServiceCollection AddBhsServices(this IServiceCollection services
         services.AddSingleton(TimeProvider.System);
 
         services.AddMongoRepositories();
-        services.AddTransient<IAuthorRepository, AuthorRepository>();
-
-        services.AddAuth0AuthenticationClient(config => { });
-        services.AddOptions<Auth0Configuration>()
-                .BindConfiguration("Auth0ManagementApiOptions");
-        services.AddAuth0ManagementClient()
-                .AddManagementAccessToken();
 
         return services;
     }
@@ -69,6 +59,7 @@ private static IServiceCollection AddMongoRepositories(this IServiceCollection s
             return new MongoClient(clientSettings);
         });
 
+        services.AddSingleton<IAuthorRepository, AuthorRepository>();
         services.AddSingleton<IPostRepository, PostRepository>();
         services.AddSingleton<IPostPreviewRepository, PostPreviewRepository>();
         services.AddSingleton<ICategoryRepository, CategoryRepository>();

src/BHS.Infrastructure/Repositories/Auth0/AuthorRepository.cs

@@ -0,0 +1,26 @@
+using BHS.Contracts;
+using BHS.Domain.Authors;
+using MongoDB.Driver;
+
+namespace BHS.Infrastructure.Repositories.Mongo;
+
+internal sealed record AuthorDto(
+    string Id,
+    string[] AuthUserId,
+    string DisplayName);
+
+public class AuthorRepository(
+    IMongoClient mongoClient) : IAuthorRepository
+{
+    private readonly IMongoCollection<AuthorDto> _authorsCollection = mongoClient
+        .GetBhsCollection<AuthorDto>("authors");
+
+    public async Task<IReadOnlyCollection<Author>> GetByAuthUserId(string authUserId, CancellationToken cancellationToken = default)
+    {
+        return await _authorsCollection
+            .Aggregate()
+            .Match(x => x.AuthUserId.Contains(authUserId))
+            .Project(x => new Author(x.Id, x.DisplayName))
+            .ToListAsync(cancellationToken);
+    }
+}

src/BHS.Infrastructure/Repositories/Auth0/FailedAuthorRequestException.cs

@@ -1,7 +1,6 @@
 using BHS.Domain.Banners;
 using BHS.Domain.ContactUs;
 using BHS.Domain.Photos;
-using BHS.Infrastructure.Repositories.Auth0;
 using Microsoft.AspNetCore.Diagnostics;
 using Microsoft.AspNetCore.Mvc;
 using MongoDB.Driver;
@@ -35,13 +34,10 @@ private static int GetStatusCode(Exception? exception) =>
         {
             InvalidContactRequestException => StatusCodes.Status400BadRequest,
             InvalidPhotoIdException => StatusCodes.Status400BadRequest,
-            InvalidAuthorRequestException => StatusCodes.Status400BadRequest,
             InvalidBannerIdException => StatusCodes.Status400BadRequest,
 
             MongoWriteException ex when ex.WriteError.Category == ServerErrorCategory.DuplicateKey => StatusCodes.Status409Conflict,
 
-            FailedAuthorRequestException => StatusCodes.Status500InternalServerError,
-
             NotImplementedException => StatusCodes.Status501NotImplemented,
 
             _ => StatusCodes.Status500InternalServerError,

src/BHS.Infrastructure/Repositories/Auth0/InvalidAuthorRequestException.cs

@@ -1,5 +1,4 @@
-using Auth0.ManagementApi;
-using EphemeralMongo;
+using EphemeralMongo;
 using Microsoft.AspNetCore.Authorization.Policy;
 using Microsoft.AspNetCore.Hosting;
 using Microsoft.AspNetCore.Mvc.Testing;
@@ -9,7 +8,6 @@
 using Microsoft.Extensions.Diagnostics.HealthChecks;
 using Microsoft.Extensions.Hosting;
 using MongoDB.Driver;
-using NSubstitute;
 
 namespace BHS.Api.IntegrationTests;
 
@@ -19,8 +17,6 @@ public sealed class BhsWebApplicationFactory<TProgram> : WebApplicationFactory<T
     private readonly MongoUrl _mongoUrl;
     private bool _disposedValue;
 
-    public IManagementConnection MockManagementConnection { get; } = Substitute.For<IManagementConnection>();
-
     public BhsWebApplicationFactory()
     {
         _mongoRunner = MongoRunner.Run(new MongoRunnerOptions
@@ -52,10 +48,6 @@ protected override IHost CreateHost(IHostBuilder builder)
                 // Replace any occurrence of the MongoDB connection string.
                 { "ConnectionStrings:bhsMongo", _mongoUrl.ToString() },
                 { "Serilog:WriteTo:0:Args:databaseUrl", _mongoUrl.ToString() },
-
-                { "Auth0ManagementApiOptions:Domain", "test.com" },
-                { "Auth0ManagementApiOptions:ClientId", "foo" },
-                { "Auth0ManagementApiOptions:ClientSecret", "bar" },
             });
         });
 
@@ -65,10 +57,6 @@ protected override IHost CreateHost(IHostBuilder builder)
             services.RemoveAll<IPolicyEvaluator>();
             services.AddSingleton<IPolicyEvaluator, NoAuthEvaluator>();
 
-            // Mock Auth0 management api.
-            services.RemoveAll<IManagementConnection>();
-            services.AddSingleton(provider => MockManagementConnection);
-
             // SendGrid healthcheck is more appropriate for smoke tests, not integration tests.
             services.PostConfigure<HealthCheckServiceOptions>(opt =>
             {

src/BHS.Infrastructure/Repositories/Mongo/AuthorRepository.cs

@@ -1,15 +1,10 @@
-using Auth0.Core.Exceptions;
-using Auth0.ManagementApi;
-using Auth0.ManagementApi.Models;
-using BHS.Contracts;
+using BHS.Contracts;
 using BHS.Contracts.Banners;
 using BHS.Contracts.Blog;
 using BHS.Contracts.Leadership;
 using BHS.Contracts.Photos;
 using BHS.Web;
 using MongoDB.Bson;
-using NSubstitute;
-using NSubstitute.ExceptionExtensions;
 using System.Net;
 using System.Net.Http.Json;
 using System.Net.Mime;
@@ -22,7 +17,6 @@ namespace BHS.Api.IntegrationTests;
 public class EndpointTests(BhsWebApplicationFactory<Program> factory) : IClassFixture<BhsWebApplicationFactory<Program>>
 {
     private readonly HttpClient _httpClient = factory.CreateClient();
-    private readonly IManagementConnection _mockManagementConnection = factory.MockManagementConnection;
 
     [Fact]
     public async Task HealthCheck_Ok()
@@ -45,15 +39,16 @@ public async Task Swagger_Ok()
     }
 
     [Fact]
-    public async Task Author_GetByAuthUserId_InvalidFormat_400()
+    public async Task Author_GetByAuthUserId_Empty()
     {
-        _mockManagementConnection
-            .GetAsync<User>(Arg.Any<Uri>(), Arg.Any<Dictionary<string, string>>(), null, Arg.Any<CancellationToken>())
-            .Throws(new ErrorApiException(HttpStatusCode.BadRequest));
-
         using var response = await _httpClient.GetAsync("/api/authors?authUserId=12345", TestContext.Current.CancellationToken);
 
-        Assert.Equal(HttpStatusCode.BadRequest, response.StatusCode);
+        Assert.Equal(HttpStatusCode.OK, response.StatusCode);
+        Assert.Equal(MediaTypeNames.Application.Json, response.Content.Headers.ContentType?.MediaType);
+
+        var authors = await response.Content.ReadFromJsonAsync<IEnumerable<Author>>(TestContext.Current.CancellationToken);
+        Assert.NotNull(authors);
+        Assert.Empty(authors);
     }
 
     [Fact]