Implement lobby session creation passphrase

Sebazzz · Sebazzz · commit f0cf0ccafe26 · 2020-03-20T22:58:00.000+01:00
diff --git a/doc/Installation.md b/doc/Installation.md
@@ -86,6 +86,8 @@ For instance with section `Server.Https` and setting `CertificatePath` becomes:
        }
     }
 
+You can add a `appsettings.Production.json` file to keep your own settings.
+
 ### General configuration - `Server`
 
 `BaseUrl`: Base URL used for mailing. If not set, auto-detection is attempted.
@@ -110,6 +112,10 @@ To configure logging to a file:
 
 `MaxRollingFiles`: Maximum file rollover. 0 for unlimited.
 
+### Security settings
+
+`LobbyCreationPassphrase`: Passphrase to create a lobby. Prevents anyone without this passphrase from creating retrospectives.
+
 ### Database set-up - `Database`
 
 Create an new empty database with a case insensitive collation (`SQL_Latin1_General_CP1_CI_AS` is preferred).
diff --git a/src/Return.Application/Common/Settings/SecuritySettings.cs b/src/Return.Application/Common/Settings/SecuritySettings.cs
@@ -0,0 +1,20 @@
+﻿// ******************************************************************************
+//  © 2020 Sebastiaan Dammann | damsteen.nl
+// 
+//  File:           : SecuritySettings.cs
+//  Project         : Return.Application
+// ******************************************************************************
+
+namespace Return.Application.Common.Settings {
+    using System;
+
+    public sealed class SecuritySettings {
+        /// <summary>
+        /// Passphrase for creating lobby's - set on server side to prevent just anyone from hosting retrospectives
+        /// </summary>
+        public string? LobbyCreationPassphrase { get; set; }
+
+
+        public bool LobbyCreationNeedsPassphrase => !String.IsNullOrEmpty(this.LobbyCreationPassphrase);
+    }
+}
diff --git a/src/Return.Application/Retrospectives/Commands/CreateRetrospective/CreateRetrospectiveCommand.cs b/src/Return.Application/Retrospectives/Commands/CreateRetrospective/CreateRetrospectiveCommand.cs
@@ -17,6 +17,6 @@ public class CreateRetrospectiveCommand : IRequest<CreateRetrospectiveCommandRes
 #nullable enable
         public string? Passphrase { get; set; }
 
-
+        public string? LobbyCreationPassphrase { get; set; }
     }
 }
diff --git a/src/Return.Application/Retrospectives/Commands/CreateRetrospective/CreateRetrospectiveCommandValidator.cs b/src/Return.Application/Retrospectives/Commands/CreateRetrospective/CreateRetrospectiveCommandValidator.cs
@@ -6,14 +6,24 @@
 // ******************************************************************************
 
 namespace Return.Application.Retrospectives.Commands.CreateRetrospective {
+    using System;
+    using Common.Settings;
     using FluentValidation;
+    using Microsoft.Extensions.Options;
 
     [System.Diagnostics.CodeAnalysis.SuppressMessage("Naming", "CA1710:Identifiers should have correct suffix", Justification = "This is a validation rule set.")]
     public sealed class CreateRetrospectiveCommandValidator : AbstractValidator<CreateRetrospectiveCommand> {
-        public CreateRetrospectiveCommandValidator() {
+        public CreateRetrospectiveCommandValidator(IOptions<SecuritySettings> securitySettingsAccessor) {
+            if (securitySettingsAccessor == null) throw new ArgumentNullException(nameof(securitySettingsAccessor));
+
             this.RuleFor(x => x.Title).NotEmpty().MaximumLength(256);
             this.RuleFor(x => x.Passphrase).MaximumLength(512);
             this.RuleFor(x => x.FacilitatorPassphrase).NotEmpty().MaximumLength(512);
+
+            this.RuleFor(x => x.LobbyCreationPassphrase)
+                .Equal(securitySettingsAccessor.Value.LobbyCreationPassphrase)
+                .When(_ => securitySettingsAccessor.Value.LobbyCreationNeedsPassphrase)
+                .WithMessage("Invalid passphrase entered needed for creating a lobby");
         }
     }
 }
diff --git a/src/Return.Application/Return.Application.csproj b/src/Return.Application/Return.Application.csproj
@@ -14,6 +14,8 @@
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
 
+    <PackageReference Include="Microsoft.Extensions.Options" Version="3.1.2" />
+
     <PackageReference Include="MediatR" Version="8.0.1" />
     <PackageReference Include="MediatR.Extensions.Microsoft.DependencyInjection" Version="8.0.0" />
 
diff --git a/src/Return.Web/Pages/CreateRetrospective.razor b/src/Return.Web/Pages/CreateRetrospective.razor
@@ -1,8 +1,11 @@
 @page "/create-retro"
 @inherits MediatorComponent
 @using Microsoft.Extensions.Logging
+@using Microsoft.Extensions.Options
+@using Return.Application.Common.Settings
 @using Return.Application.Retrospectives.Commands.CreateRetrospective
 @inject ILogger<CreateRetrospective> Logger
+@inject IOptions<SecuritySettings> SecuritySettingsAccessor
 
 @if (ShowCompletionMessage)
 {
@@ -106,6 +109,18 @@ else
                 </div>
             </div>
         </div>
+        
+        @if (SecuritySettingsAccessor.Value.LobbyCreationNeedsPassphrase)
+        {
+            <div class="field">
+                <label class="label" for="retro-lobby-creation-passphrase">Lobby creation passphrase</label>
+                <div class="control">
+                    <InputText id="retro-lobby-creation-passphrase" class="input" type="password" @bind-Value="@Model.LobbyCreationPassphrase" />
+                </div>
+
+                <ValidationMessage For="() => Model.LobbyCreationPassphrase"></ValidationMessage>
+            </div>
+        }
 
         <div class="field is-grouped">
             <div class="control">
diff --git a/src/Return.Web/Startup.cs b/src/Return.Web/Startup.cs
@@ -8,6 +8,7 @@ namespace Return.Web {
     using System;
     using Application;
     using Application.Common.Abstractions;
+    using Application.Common.Settings;
     using Application.Services;
     using Configuration;
     using Domain;
@@ -54,6 +55,8 @@ public void ConfigureServices(IServiceCollection services) {
             services.Configure<HttpsServerOptions>(this.Configuration.GetSection("server").GetSection("https"));
             services.Configure<ServerOptions>(this.Configuration.GetSection("server"));
 
+            services.Configure<SecuritySettings>(this.Configuration.GetSection("Security"));
+
             // Framework
             services.AddRazorPages();
             services.AddServerSideBlazor();
diff --git a/src/Return.Web/appsettings.json b/src/Return.Web/appsettings.json
@@ -12,8 +12,13 @@
             "MaxRollingFiles": 24
         }
     },
+
     "AllowedHosts": "*",
 
+    "Security": {
+        "LobbyCreationPassphrase": null
+    },
+
     "Database": {
         "ConnectionString": "",
         "Server": "(localdb)\\mssqllocaldb",

Original file line number	Diff line number	Diff line change
@@ -86,6 +86,8 @@ For instance with section `Server.Https` and setting `CertificatePath` becomes:
`86`	`86`	`}`
`87`	`87`	`}`
`88`	`88`
	`89`	+You can add a `appsettings.Production.json` file to keep your own settings.
	`90`	`+`
`89`	`91`	### General configuration - `Server`
`90`	`92`
`91`	`93`	`BaseUrl`: Base URL used for mailing. If not set, auto-detection is attempted.
`@@ -110,6 +112,10 @@ To configure logging to a file:`
`110`	`112`
`111`	`113`	`MaxRollingFiles`: Maximum file rollover. 0 for unlimited.
`112`	`114`
	`115`	`+### Security settings`
	`116`	`+`
	`117`	+`LobbyCreationPassphrase`: Passphrase to create a lobby. Prevents anyone without this passphrase from creating retrospectives.
	`118`	`+`
`113`	`119`	### Database set-up - `Database`
`114`	`120`
`115`	`121`	Create an new empty database with a case insensitive collation (`SQL_Latin1_General_CP1_CI_AS` is preferred).
Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,6 @@ public class CreateRetrospectiveCommand : IRequest<CreateRetrospectiveCommandRes`
`17`	`17`	`#nullable enable`
`18`	`18`	`public string? Passphrase { get; set; }`
`19`	`19`
`20`		`-`
	`20`	`+ public string? LobbyCreationPassphrase { get; set; }`
`21`	`21`	`}`
`22`	`22`	`}`