Merge branch 'RC' into Develop/POC/TD-5284_retrival_of_moodle_user_id

Author: Binon

Auth/LearningHub.Nhs.Auth/Configuration/WebSettings.cs

@@ -56,5 +56,10 @@ public class WebSettings
         /// Gets or sets the SupportFeedbackForm.
         /// </summary>
         public string SupportFeedbackForm { get; set; }
+
+        /// <summary>
+        /// Gets or sets a value indicating whether IsPasswordUpdate.
+        /// </summary>
+        public bool IsPasswordUpdate { get; set; }
   }
 }

Auth/LearningHub.Nhs.Auth/Controllers/AccountController.cs

@@ -20,15 +20,11 @@
     using LearningHub.Nhs.Auth.Models.Account;
     using LearningHub.Nhs.Caching;
     using LearningHub.Nhs.Models.Common;
-    using LearningHub.Nhs.Models.Entities.Reporting;
     using Microsoft.AspNetCore.Authentication;
     using Microsoft.AspNetCore.Authorization;
-    using Microsoft.AspNetCore.Http;
     using Microsoft.AspNetCore.Mvc;
-    using Microsoft.Extensions.Configuration;
     using Microsoft.Extensions.Logging;
     using Microsoft.Extensions.Options;
-    using NHSUKViewComponents.Web.ViewModels;
 
     /// <summary>
     /// Account Controller operations.
@@ -72,7 +68,7 @@ public AccountController(
             this.authConfig = authConfig?.Value;
             this.webSettings = webSettings;
             this.logger = logger;
-    }
+        }
 
         /// <summary>
         /// Shows the Login page.
@@ -214,9 +210,9 @@ await this.UserService.AddLogonToUserHistory(
                 this.ModelState.AddModelError(string.Empty, loginResult.ErrorMessage);
             }
 
-             showFormWithError:
+showFormWithError:
 
-            // something went wrong, show form with error
+// something went wrong, show form with error
             var vm = await this.BuildLoginViewModelAsync(model);
             if ((vm.ClientId == "learninghubwebclient") || (vm.ClientId == "learninghubadmin"))
             {
@@ -268,6 +264,9 @@ public async Task<IActionResult> Logout(LogoutInputModel model)
                 // delete local authentication cookie
                 await this.HttpContext.SignOutAsync();
 
+                // Delete the authentication cookie to ensure it is invalidated
+                this.HttpContext.Response.Cookies.Delete(".AspNetCore.Identity.Application");
+
                 // raise the logout event
                 await this.Events.RaiseAsync(new UserLogoutSuccessEvent(this.User.GetSubjectId(), this.User.GetDisplayName()));
 
@@ -296,7 +295,15 @@ public async Task<IActionResult> Logout(LogoutInputModel model)
                 return this.SignOut(new AuthenticationProperties { RedirectUri = url }, vm.ExternalAuthenticationScheme);
             }
 
-            return this.View("LoggedOut", vm);
+            if (this.webSettings.IsPasswordUpdate)
+            {
+                var redirectUri = $"{this.webSettings.LearningHubWebClient}Home/ChangePasswordAcknowledgement";
+                return this.Redirect(redirectUri);
+            }
+            else
+            {
+                return this.View("LoggedOut", vm);
+            }
         }
 
         /// <summary>

Auth/LearningHub.Nhs.Auth/Controllers/HomeController.cs

@@ -80,6 +80,27 @@ public async Task<IActionResult> Error()
             return this.View("Error");
         }
 
+        /// <summary>
+        /// IsPasswordUpdateMethod.
+        /// </summary>
+        /// <param name="isLogout">The Logout.</param>
+        /// <returns>The <see cref="ActionResult"/>.</returns>
+        [HttpGet]
+        public IActionResult SetIsPasswordUpdate(bool isLogout)
+        {
+            if (isLogout)
+            {
+                this.webSettings.IsPasswordUpdate = false;
+            }
+            else
+            {
+                this.webSettings.IsPasswordUpdate = true;
+            }
+
+            var redirectUri = $"{this.webSettings.LearningHubWebClient}Home/UserLogout";
+            return this.Redirect(redirectUri);
+        }
+
         /// <summary>
         /// Shows the HealthCheck response.
         /// </summary>

Auth/LearningHub.Nhs.Auth/Helpers/InMemoryTicketStore.cs

@@ -0,0 +1,104 @@
+namespace LearningHub.Nhs.Auth.Helpers
+{
+        using System;
+        using System.Collections.Concurrent;
+        using System.Linq;
+        using System.Threading.Tasks;
+        using Microsoft.AspNetCore.Authentication;
+        using Microsoft.AspNetCore.Authentication.Cookies;
+
+        /// <summary>
+        /// Defines the <see cref="InMemoryTicketStore" />.
+        /// </summary>
+        public class InMemoryTicketStore : ITicketStore
+        {
+            private readonly ConcurrentDictionary<string, AuthenticationTicket> cache;
+
+            /// <summary>
+            /// Initializes a new instance of the <see cref="InMemoryTicketStore"/> class.
+            /// The InMemoryTicketStore.
+            /// </summary>
+            /// <param name="cache">the cache.</param>
+            public InMemoryTicketStore(ConcurrentDictionary<string, AuthenticationTicket> cache)
+            {
+                this.cache = cache;
+            }
+
+            /// <summary>
+            /// The StoreAsync.
+            /// </summary>
+            /// <param name="ticket">The ticket.</param>
+            /// <returns>The key.</returns>
+            public async Task<string> StoreAsync(AuthenticationTicket ticket)
+            {
+                var ticketUserId = ticket.Principal.Claims.Where(c => c.Type == "sub")
+                    .FirstOrDefault()
+                    .Value;
+                var matchingAuthTicket = this.cache.Values.FirstOrDefault(
+                    t => t.Principal.Claims.FirstOrDefault(
+                        c => c.Type == "sub"
+                        && c.Value == ticketUserId) != null);
+                if (matchingAuthTicket != null)
+                {
+                    var cacheKey = this.cache.Where(
+                        entry => entry.Value == matchingAuthTicket)
+                        .Select(entry => entry.Key)
+                        .FirstOrDefault();
+                    this.cache.TryRemove(
+                        cacheKey,
+                        out _);
+                }
+
+                var key = Guid
+                    .NewGuid()
+                    .ToString();
+                await this.RenewAsync(
+                    key,
+                    ticket);
+                return key;
+            }
+
+            /// <summary>
+            /// The RenewAsync.
+            /// </summary>
+            /// <param name="key">The key.</param>
+            /// <param name="ticket">The ticket.</param>
+            /// <returns>The Task.</returns>
+            public Task RenewAsync(
+                string key,
+                AuthenticationTicket ticket)
+            {
+                this.cache.AddOrUpdate(
+                    key,
+                    ticket,
+                    (_, _) => ticket);
+                return Task.CompletedTask;
+            }
+
+            /// <summary>
+            /// The RetrieveAsync.
+            /// </summary>
+            /// <param name="key">The Key.</param>
+            /// <returns>The Task.</returns>
+            public Task<AuthenticationTicket> RetrieveAsync(string key)
+            {
+                this.cache.TryGetValue(
+                    key,
+                    out var ticket);
+                return Task.FromResult(ticket);
+            }
+
+            /// <summary>
+            /// The RemoveAsync.
+            /// </summary>
+            /// <param name="key">The key.</param>
+            /// <returns>The Task.</returns>
+            public Task RemoveAsync(string key)
+            {
+                this.cache.TryRemove(
+                    key,
+                    out _);
+                return Task.CompletedTask;
+            }
+        }
+    }

Auth/LearningHub.Nhs.Auth/LearningHub.Nhs.Auth.csproj

@@ -113,7 +113,7 @@
 		<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="6.0.0" />
 		<PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="6.0.0" />
 		<PackageReference Include="NHSUKViewComponents.Web" Version="1.0.27" />
-		<PackageReference Include="NLog.Web.AspNetCore" Version="5.3.15" />
+		<PackageReference Include="NLog.Web.AspNetCore" Version="4.15.0" />
 		<PackageReference Include="StyleCop.Analyzers" Version="1.1.118">
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>

Auth/LearningHub.Nhs.Auth/ServiceCollectionExtension.cs

@@ -1,10 +1,12 @@
 namespace LearningHub.Nhs.Auth
 {
     using System;
+    using System.Collections.Concurrent;
     using System.Security.Cryptography.X509Certificates;
     using Azure.Identity;
     using IdentityServer4;
     using LearningHub.Nhs.Auth.Configuration;
+    using LearningHub.Nhs.Auth.Helpers;
     using LearningHub.Nhs.Auth.Middleware;
     using LearningHub.Nhs.Caching;
     using LearningHub.Nhs.Models.Enums;
@@ -70,7 +72,9 @@ public static void ConfigureServices(this IServiceCollection services, IConfigur
             {
                 options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
                 options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
-            }).AddCookie().AddOpenIdConnect(
+            })
+            .AddCookie()
+            .AddOpenIdConnect(
                 "oidc_oa",
                 options =>
                 {

Auth/LearningHub.Nhs.Auth/appsettings.json

@@ -39,9 +39,8 @@
     "ElfhHub": "",
     "Rcr": "",
     "SupportForm": "https://support.learninghub.nhs.uk/support/tickets/new",
-    "SupportFeedbackForm": "https://forms.office.com/e/C8tteweEhG"
-
-
+    "SupportFeedbackForm": "https://forms.office.com/e/C8tteweEhG",
+    "IsPasswordUpdate": "false"
   },
   "AllowOpenAthensDebug": false,
   "OaLhClients": {
@@ -186,6 +185,23 @@
         "RequireConsent": false,
         "RequirePkce": true,
         "AllowOfflineAccess": true
+      },
+      "moodle": {
+        "BaseUrl": "",
+        "ClientName": "",
+        "ClientSecret": "",
+        "AllowedGrantTypes": [ "authorization_code" ],
+        "RedirectUris": [ "/auth/oidc/" ],
+        "PostLogoutUris": [ "/login/logout.php" ],
+        "AllowedScopes": [ "openid", "profile", "learninghubapi", "userapi", "roles", "learningcredentialsapi" ],
+        "BackChannelLogoutSessionRequired": true,
+        "BackChannelLogoutUri": "/login/logout.php",
+        "FrontChannelLogoutSessionRequired": true,
+        "FrontChannelLogoutUri": "/login/logout.php",
+        "UpdateAccessTokenClaimsOnRefresh": true,
+        "RequireConsent": false,
+        "RequirePkce": false,
+        "AllowOfflineAccess": true
       }
     },
     "IdsClients": {