Merge pull request #5 from TechnologyEnhancedLearning/rc-hot-fix

RC hot fix - Merge into RC

Author: binon

Auth/LearningHub.Nhs.Auth/Configuration/WebSettings.cs

@@ -55,5 +55,10 @@ public class WebSettings
         /// Gets or sets the SupportForm.
         /// </summary>
         public string SupportForm { get; set; }
-    }
+
+        /// <summary>
+        /// Gets or sets the SupportFeedbackForm.
+        /// </summary>
+        public string SupportFeedbackForm { get; set; }
+  }
 }

Auth/LearningHub.Nhs.Auth/Controllers/AccountController.cs

@@ -334,6 +334,7 @@ private async Task<LoginViewModel> BuildLoginViewModelAsync(string returnUrl)
 
                 // Base _layout.cshtml template config
                 this.ViewData["AuthMainTitle"] = loginClientTemplate.AuthMainTitle;
+                this.ViewData["ClientUrl"] = loginClientTemplate.ClientUrl;
                 this.ViewData["ClientLogoUrl"] = loginClientTemplate.ClientLogoUrl;
                 this.ViewData["ClientLogoSrc"] = loginClientTemplate.ClientLogoSrc;
                 this.ViewData["ClientLogoAltText"] = loginClientTemplate.ClientLogoAltText;
@@ -380,7 +381,6 @@ private async Task<LoginViewModel> BuildLoginViewModelAsync(string returnUrl)
                 if (client != null)
                 {
                     allowLocal = client.EnableLocalLogin;
-
                     if (client.IdentityProviderRestrictions != null && client.IdentityProviderRestrictions.Any())
                     {
                         providers = providers.Where(provider => client.IdentityProviderRestrictions.Contains(provider.AuthenticationScheme)).ToList();

Auth/LearningHub.Nhs.Auth/Filters/SecurityHeadersAttribute.cs

@@ -37,7 +37,7 @@ public override void OnResultExecuting(ResultExecutingContext context)
 
                 // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
                 ////var csp = "default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';";
-                var csp = "object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';";
+                var csp = "object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self';";
                 //// also consider adding upgrade-insecure-requests once you have HTTPS in place for production
                 ////csp += "upgrade-insecure-requests;";
                 //// also an example if you need client images to be displayed from twitter

Auth/LearningHub.Nhs.Auth/Styles/sso.scss

@@ -10,22 +10,6 @@ body {
     background-color: $nhsuk-grey-white;
 }
 
-header {
-    background-color: $nhsuk-blue;
-    height: 112px;
-    padding: 0 15px;
-}
-
-footer {
-    background-color: $nhsuk-blue;
-    height: 130px;
-    padding: 0 15px;
-    position: absolute;
-    left: 0;
-    bottom: 0;
-    width: 100%;
-}
-
 a {
     text-decoration: underline;
 }

Auth/LearningHub.Nhs.Auth/Views/Shared/LearningHub/_Layout.cshtml

@@ -38,6 +38,10 @@
   <header class="nhsuk-header" role="banner">
     <partial name="~/Views/Shared/LearningHub/_NavPartial.cshtml" />
   </header>
+  <div class="nhsuk-width-container app-width-container beta-banner">
+    <span class="beta-banner__beta-box">BETA</span>
+    <span class="beta-banner__text">This is a new platform - your <a href="@(settings.Value.SupportFeedbackForm)" target="_blank">feedback</a> will help us to improve it.</span>
+  </div>
   <div class="nhsuk-width-container app-width-container--full">
     <main role="main" id="maincontent" class="nhsuk-main-wrapper app-main-wrapper--no-padding nhsuk-bg-white">
       @RenderBody()

Auth/LearningHub.Nhs.Auth/Views/Shared/LearningHub/_NavPartial.cshtml

@@ -1,24 +1,24 @@
 <div class="nhsuk-width-container nhsuk-header__container app-width-container @PreLoginClass()">
-  <div class="nhsuk-header__logo">
-    <a class="nhsuk-header__link nhsuk-header__link--service " href="/" aria-label="NHS homepage">
-      <svg class="nhsuk-logo" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 40 16" height="40" width="100">
-        <path class="nhsuk-logo__background" fill="#005eb8" d="M0 0h40v16H0z"></path>
-        <path class="nhsuk-logo__text" fill="#fff" d="M3.9 1.5h4.4l2.6 9h.1l1.8-9h3.3l-2.8 13H9l-2.7-9h-.1l-1.8 9H1.1M17.3 1.5h3.6l-1 4.9h4L25 1.5h3.5l-2.7 13h-3.5l1.1-5.6h-4.1l-1.2 5.6h-3.4M37.7 4.4c-.7-.3-1.6-.6-2.9-.6-1.4 0-2.5.2-2.5 1.3 0 1.8 5.1 1.2 5.1 5.1 0 3.6-3.3 4.5-6.4 4.5-1.3 0-2.9-.3-4-.7l.8-2.7c.7.4 2.1.7 3.2.7s2.8-.2 2.8-1.5c0-2.1-5.1-1.3-5.1-5 0-3.4 2.9-4.4 5.8-4.4 1.6 0 3.1.2 4 .6"></path>
-      </svg>
-      <span class="nhsuk-header__service-name">
-        Learning Hub
-      </span>
-    </a>
-  </div>
-  <div class="nhsuk-header__mobile-only-nav">
-  </div>
-  <div class="nhsuk-account__login nhsuk-header__not-mobile">
-  </div>
+    <div class="nhsuk-header__logo">
+        <a class="nhsuk-header__link nhsuk-header__link--service " href="https://@ViewData["ClientUrl"]" aria-label="NHS homepage">
+            <svg class="nhsuk-logo" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 40 16" height="40" width="100">
+                <path class="nhsuk-logo__background" fill="#005eb8" d="M0 0h40v16H0z"></path>
+                <path class="nhsuk-logo__text" fill="#fff" d="M3.9 1.5h4.4l2.6 9h.1l1.8-9h3.3l-2.8 13H9l-2.7-9h-.1l-1.8 9H1.1M17.3 1.5h3.6l-1 4.9h4L25 1.5h3.5l-2.7 13h-3.5l1.1-5.6h-4.1l-1.2 5.6h-3.4M37.7 4.4c-.7-.3-1.6-.6-2.9-.6-1.4 0-2.5.2-2.5 1.3 0 1.8 5.1 1.2 5.1 5.1 0 3.6-3.3 4.5-6.4 4.5-1.3 0-2.9-.3-4-.7l.8-2.7c.7.4 2.1.7 3.2.7s2.8-.2 2.8-1.5c0-2.1-5.1-1.3-5.1-5 0-3.4 2.9-4.4 5.8-4.4 1.6 0 3.1.2 4 .6"></path>
+            </svg>
+            <span class="nhsuk-header__service-name">
+                Learning Hub
+            </span>
+        </a>
+    </div>
+    <div class="nhsuk-header__mobile-only-nav">
+    </div>
+    <div class="nhsuk-account__login nhsuk-header__not-mobile">
+    </div>
 </div>
 @functions {
-  public string PreLoginClass()
-  {
-    if (!User.Identity.IsAuthenticated) return "nhsuk-header__pre-login";
-    return "";
-  }
+    public string PreLoginClass()
+    {
+        if (!User.Identity.IsAuthenticated) return "nhsuk-header__pre-login";
+        return "";
+    }
 }

Auth/LearningHub.Nhs.Auth/Views/Shared/_Signout_Layout.cshtml

@@ -5,53 +5,49 @@
 <!DOCTYPE html>
 <html>
 <head>
-    <meta charset="utf-8" />
-    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <title>@ViewData["Title"] - Learning Hub Authentication</title>
-
-    <environment include="Development">
-        <link rel="stylesheet" href="~/lib/bootstrap/dist/css/bootstrap.css" />
-        <link rel="stylesheet" type="text/css" href="~/css/site.css" />
-        <link rel="stylesheet" type="text/css" href="~/css/auth.css" />
-        <link rel="stylesheet" type="text/css" href="~/lib/fontawesome-pro-5.9.0/css/all.css" />
-    </environment>
-    <environment exclude="Development">
-        <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css"
-              asp-fallback-href="~/lib/bootstrap/dist/css/bootstrap.min.css"
-              asp-fallback-test-class="sr-only" asp-fallback-test-property="position" asp-fallback-test-value="absolute"
-              crossorigin="anonymous"
-              integrity="sha256-eSi1q2PG6J7g7ib17yAaWMcrr5GrtohYChqibrV7PBE=" />
-
-        <link rel="stylesheet" type="text/css" href="~/css/site.min.css" />
-        <link rel="stylesheet" type="text/css" href="~/css/auth.min.css" />
-        <link rel="stylesheet" type="text/css" href="~/lib/fontawesome-pro-5.9.0/css/all.min.css" />
-    </environment>
+  <meta charset="utf-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+  <title>@ViewData["Title"] - Learning Hub Authentication</title>
+  <link rel="stylesheet" type="text/css" href="~/css/site.css" />
+  <link rel="stylesheet" type="text/css" href="~/css/auth.css" />
+  <environment include="Development">
+    <link rel="stylesheet" href="~/lib/bootstrap/dist/css/bootstrap.css" />
+    <link rel="stylesheet" type="text/css" href="~/lib/fontawesome-pro-5.9.0/css/all.css" />
+  </environment>
+  <environment exclude="Development">
+    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css"
+          asp-fallback-href="~/lib/bootstrap/dist/css/bootstrap.min.css"
+          asp-fallback-test-class="sr-only" asp-fallback-test-property="position" asp-fallback-test-value="absolute"
+          crossorigin="anonymous"
+          integrity="sha256-eSi1q2PG6J7g7ib17yAaWMcrr5GrtohYChqibrV7PBE=" />
+    <link rel="stylesheet" type="text/css" href="~/lib/fontawesome-pro-5.9.0/css/all.min.css" />
+  </environment>
 </head>
 <body>
-    <div class="container-fluid">
-        <main role="main" id="maincontent" tabindex="-1">
-            @RenderBody()
-        </main>
-    </div>
+  <div class="container-fluid">
+    <main role="main" id="maincontent" tabindex="-1">
+      @RenderBody()
+    </main>
+  </div>
 
-    <environment include="Development">
-        <script src="~/lib/jquery/dist/jquery.js"></script>
-        <script src="~/lib/bootstrap/dist/js/bootstrap.bundle.js"></script>
-    </environment>
-    <environment exclude="Development">
-        <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js"
-                asp-fallback-src="~/lib/jquery/dist/jquery.min.js"
-                asp-fallback-test="window.jQuery"
-                crossorigin="anonymous"
-                integrity="sha256-FgpCb/KJQlLNfOu91ta32o/NMZxltwRo8QtmkMRdAu8=">
-        </script>
-        <script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/js/bootstrap.bundle.min.js"
-                asp-fallback-src="~/lib/bootstrap/dist/js/bootstrap.bundle.min.js"
-                asp-fallback-test="window.jQuery && window.jQuery.fn && window.jQuery.fn.modal"
-                crossorigin="anonymous"
-                integrity="sha256-E/V4cWE4qvAeO5MOhjtGtqDzPndRO1LBk8lJ/PR7CA4=">
-        </script>
-    </environment>
-    @RenderSection("Scripts", required: false)
+  <environment include="Development">
+    <script src="~/lib/jquery/dist/jquery.js"></script>
+    <script src="~/lib/bootstrap/dist/js/bootstrap.bundle.js"></script>
+  </environment>
+  <environment exclude="Development">
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js"
+            asp-fallback-src="~/lib/jquery/dist/jquery.min.js"
+            asp-fallback-test="window.jQuery"
+            crossorigin="anonymous"
+            integrity="sha256-FgpCb/KJQlLNfOu91ta32o/NMZxltwRo8QtmkMRdAu8=">
+    </script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/js/bootstrap.bundle.min.js"
+            asp-fallback-src="~/lib/bootstrap/dist/js/bootstrap.bundle.min.js"
+            asp-fallback-test="window.jQuery && window.jQuery.fn && window.jQuery.fn.modal"
+            crossorigin="anonymous"
+            integrity="sha256-E/V4cWE4qvAeO5MOhjtGtqDzPndRO1LBk8lJ/PR7CA4=">
+    </script>
+  </environment>
+  @RenderSection("Scripts", required: false)
 </body>
 </html>

Auth/LearningHub.Nhs.Auth/Views/Shared/_SsoLayout.cshtml

@@ -1,89 +1,75 @@
 @using IdentityServer4.Extensions
+@inject Microsoft.Extensions.Options.IOptions<LearningHub.Nhs.Auth.Configuration.WebSettings> settings
 @{
-    string name = null;
-    if (!true.Equals(ViewData["signed-out"]))
-    {
-        name = Context.User?.GetDisplayName();
-    }
+  string name = null;
+  if (!true.Equals(ViewData["signed-out"]))
+  {
+    name = Context.User?.GetDisplayName();
+  }
 }
 <!DOCTYPE html>
 <html>
 <head>
-    <meta charset="utf-8" />
-    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-    <title>@ViewData["Title"] - Learning Hub Authentication</title>
-
-    <environment include="Development">
-        <link rel="stylesheet" href="~/lib/bootstrap/dist/css/bootstrap.css" />
-        <link rel="stylesheet" type="text/css" href="~/css/site.css" />
-        <link rel="stylesheet" type="text/css" href="~/css/sso.css" />
-        <link rel="stylesheet" type="text/css" href="~/lib/fontawesome-pro-5.9.0/css/all.css" />
-    </environment>
-    <environment exclude="Development">
-        <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css"
-              asp-fallback-href="~/lib/bootstrap/dist/css/bootstrap.min.css"
-              asp-fallback-test-class="sr-only" asp-fallback-test-property="position" asp-fallback-test-value="absolute"
-              crossorigin="anonymous"
-              integrity="sha256-eSi1q2PG6J7g7ib17yAaWMcrr5GrtohYChqibrV7PBE=" />
-
-        <link rel="stylesheet" type="text/css" href="~/css/site.min.css" />
-        <link rel="stylesheet" type="text/css" href="~/css/sso.min.css" />
-        <link rel="stylesheet" type="text/css" href="~/lib/fontawesome-pro-5.9.0/css/all.min.css" />
-    </environment>
+  <meta charset="utf-8" />
+  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+  <title>@ViewData["Title"] - Learning Hub Authentication</title>
+  <link href="~/css/nhsuk/common.css" rel="stylesheet" asp-append-version="true" />
+  <link href="~/css/nhsuk/layout.css" rel="stylesheet" asp-append-version="true" />
+  <link rel="stylesheet" type="text/css" href="~/css/site.css" asp-append-version="true" />
+  <link rel="stylesheet" type="text/css" href="~/css/auth.css" asp-append-version="true" />
+  <link rel="stylesheet" type="text/css" href="~/css/sso.css" asp-append-version="true" />
+  <environment include="Development">
+    <link rel="stylesheet" href="~/lib/bootstrap/dist/css/bootstrap.css" asp-append-version="true" />
+    <link rel="stylesheet" type="text/css" href="~/lib/fontawesome-pro-5.9.0/css/all.css" asp-append-version="true" />
+  </environment>
+  <environment exclude="Development">
+    <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css"
+          asp-fallback-href="~/lib/bootstrap/dist/css/bootstrap.min.css"
+          asp-fallback-test-class="sr-only" asp-fallback-test-property="position" asp-fallback-test-value="absolute"
+          crossorigin="anonymous"
+          integrity="sha256-eSi1q2PG6J7g7ib17yAaWMcrr5GrtohYChqibrV7PBE=" />
+    <link rel="stylesheet" type="text/css" href="~/lib/fontawesome-pro-5.9.0/css/all.min.css" asp-append-version="true" />
+  </environment>
 </head>
 <body>
-    <header>
-        <div class="lh-container">
-            <div class="d-flex flex-column py-4 justify-content-between" style="height: 100%;">
-                <div>
-                    <a href="/" id="home-link"><img src="/images/nhs-white.svg" alt="NHS"></a>
-                </div>
-                <div id="home-beta-link" class="header-title-sso">
-                    Learning Hub<sup class="header-beta">Beta</sup>
-                </div>
-            </div>
-        </div>
-    </header>
-
-    <div class="container-fluid">
-        <main role="main" id="maincontent" tabindex="-1">
-            @RenderBody()
-        </main>
+  <header class="nhsuk-header" role="banner">
+    <partial name="~/Views/Shared/LearningHub/_NavPartial.cshtml" />
+    <div id="home-beta-link" class="header-title-sso">     
     </div>
+  </header>
+  <div class="nhsuk-width-container app-width-container beta-banner">
+    <span class="beta-banner__beta-box">BETA</span>
+    <span class="beta-banner__text">This is a new platform - your <a href="@(settings.Value.SupportFeedbackForm)" target="_blank">feedback</a> will help us to improve it.</span>
+  </div>
+  <div class="container-fluid">
+    <main role="main" id="maincontent" tabindex="-1">
+      @RenderBody()
+    </main>
+  </div>
 
-    <footer>
-        <div class="lh-container">
-            <div class="d-flex flex-column py-4 justify-content-between" style="height: 100%;">
-                <div>
-                    <a href="/" id="home-link"><img src="/images/nhs-white.svg" alt="NHS"></a>
-                </div>
-                <div id="home-beta-link" class="header-title-sso">
-                    Learning Hub<sup class="header-beta">Beta</sup>
-                </div>
-            </div>
-        </div>
-    </footer>
-
-    <environment include="Development">
-        <script src="~/lib/jquery/dist/jquery.js"></script>
-        <script src="~/lib/bootstrap/dist/js/bootstrap.bundle.js"></script>
-    </environment>
-    <environment exclude="Development">
-        <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js"
-                asp-fallback-src="~/lib/jquery/dist/jquery.min.js"
-                asp-fallback-test="window.jQuery"
-                crossorigin="anonymous"
-                integrity="sha256-FgpCb/KJQlLNfOu91ta32o/NMZxltwRo8QtmkMRdAu8=">
-        </script>
-        <script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/js/bootstrap.bundle.min.js"
-                asp-fallback-src="~/lib/bootstrap/dist/js/bootstrap.bundle.min.js"
-                asp-fallback-test="window.jQuery && window.jQuery.fn && window.jQuery.fn.modal"
-                crossorigin="anonymous"
-                integrity="sha256-E/V4cWE4qvAeO5MOhjtGtqDzPndRO1LBk8lJ/PR7CA4=">
-        </script>
-    </environment>
+  <footer role="contentinfo">
+    <partial name="~/Views/Shared/LearningHub/_FooterPartial.cshtml" />
+  </footer>
+  <environment include="Development">
+    <script src="~/lib/jquery/dist/jquery.js"></script>
+    <script src="~/lib/bootstrap/dist/js/bootstrap.bundle.js"></script>
+  </environment>
+  <environment exclude="Development">
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.3.1/jquery.min.js"
+            asp-fallback-src="~/lib/jquery/dist/jquery.min.js"
+            asp-fallback-test="window.jQuery"
+            crossorigin="anonymous"
+            integrity="sha256-FgpCb/KJQlLNfOu91ta32o/NMZxltwRo8QtmkMRdAu8=">
+    </script>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/js/bootstrap.bundle.min.js"
+            asp-fallback-src="~/lib/bootstrap/dist/js/bootstrap.bundle.min.js"
+            asp-fallback-test="window.jQuery && window.jQuery.fn && window.jQuery.fn.modal"
+            crossorigin="anonymous"
+            integrity="sha256-E/V4cWE4qvAeO5MOhjtGtqDzPndRO1LBk8lJ/PR7CA4=">
+    </script>
+  </environment>
 
-    <partial name="~/Views/Shared/_ValidationScriptsPartial.cshtml" />
-    @RenderSection("Scripts", required: false)
+  <partial name="~/Views/Shared/_ValidationScriptsPartial.cshtml" />
+  @RenderSection("Scripts", required: false)
 </body>
 </html>