From ccf2104d6ba5003a60b81b5eec92ca7219b2a5d7 Mon Sep 17 00:00:00 2001 From: Swapnamol Abraham Date: Fri, 28 Feb 2025 11:21:01 +0000 Subject: [PATCH 01/24] TD-3732: Missing Security Headers --- Auth/LearningHub.Nhs.Auth/Program.cs | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/Auth/LearningHub.Nhs.Auth/Program.cs b/Auth/LearningHub.Nhs.Auth/Program.cs index 04759f5..910cb0b 100644 --- a/Auth/LearningHub.Nhs.Auth/Program.cs +++ b/Auth/LearningHub.Nhs.Auth/Program.cs @@ -56,6 +56,20 @@ await next(); }); +app.Use(async (context, next) => +{ + // Add security headers + context.Response.Headers.Add("Strict-Transport-Security", "max-age=31536000; includeSubDomains; preload"); + context.Response.Headers.Add("X-Content-Type-Options", "nosniff"); + context.Response.Headers.Add("X-XSS-Protection", "1; mode=block"); + context.Response.Headers.Add("X-Frame-Options", "DENY"); + context.Response.Headers.Add("Content-Security-Policy", "default-src 'self'; script-src 'self'; object-src 'none';"); + context.Response.Headers.Add("Referrer-Policy", "no-referrer-when-downgrade"); + context.Response.Headers.Add("Feature-Policy", "geolocation 'self'; microphone 'none'; camera 'none'"); + + await next(); +}); + if (app.Environment.IsDevelopment()) { app.UseDeveloperExceptionPage(); From 11526c1a09db81675acf8f0cceab1c3ed38c0235 Mon Sep 17 00:00:00 2001 From: Swapnamol Abraham Date: Wed, 5 Mar 2025 11:30:45 +0000 Subject: [PATCH 02/24] TD-3731: Password Change Does Not Invalidate Current Session --- .../Configuration/WebSettings.cs | 5 ++++ .../Controllers/AccountController.cs | 23 ++++++++++++------- .../Controllers/HomeController.cs | 21 +++++++++++++++++ Auth/LearningHub.Nhs.Auth/appsettings.json | 5 ++-- 4 files changed, 43 insertions(+), 11 deletions(-) diff --git a/Auth/LearningHub.Nhs.Auth/Configuration/WebSettings.cs b/Auth/LearningHub.Nhs.Auth/Configuration/WebSettings.cs index 54dab61..4b4113d 100644 --- a/Auth/LearningHub.Nhs.Auth/Configuration/WebSettings.cs +++ b/Auth/LearningHub.Nhs.Auth/Configuration/WebSettings.cs @@ -56,5 +56,10 @@ public class WebSettings /// Gets or sets the SupportFeedbackForm. /// public string SupportFeedbackForm { get; set; } + + /// + /// Gets or sets a value indicating whether IsPasswordUpdate. + /// + public bool IsPasswordUpdate { get; set; } } } diff --git a/Auth/LearningHub.Nhs.Auth/Controllers/AccountController.cs b/Auth/LearningHub.Nhs.Auth/Controllers/AccountController.cs index ff7b352..123fe1a 100644 --- a/Auth/LearningHub.Nhs.Auth/Controllers/AccountController.cs +++ b/Auth/LearningHub.Nhs.Auth/Controllers/AccountController.cs @@ -20,15 +20,11 @@ using LearningHub.Nhs.Auth.Models.Account; using LearningHub.Nhs.Caching; using LearningHub.Nhs.Models.Common; - using LearningHub.Nhs.Models.Entities.Reporting; using Microsoft.AspNetCore.Authentication; using Microsoft.AspNetCore.Authorization; - using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; - using Microsoft.Extensions.Configuration; using Microsoft.Extensions.Logging; using Microsoft.Extensions.Options; - using NHSUKViewComponents.Web.ViewModels; /// /// Account Controller operations. @@ -72,7 +68,7 @@ public AccountController( this.authConfig = authConfig?.Value; this.webSettings = webSettings; this.logger = logger; - } + } /// /// Shows the Login page. @@ -214,9 +210,9 @@ await this.UserService.AddLogonToUserHistory( this.ModelState.AddModelError(string.Empty, loginResult.ErrorMessage); } - showFormWithError: +showFormWithError: - // something went wrong, show form with error +// something went wrong, show form with error var vm = await this.BuildLoginViewModelAsync(model); if ((vm.ClientId == "learninghubwebclient") || (vm.ClientId == "learninghubadmin")) { @@ -268,6 +264,9 @@ public async Task Logout(LogoutInputModel model) // delete local authentication cookie await this.HttpContext.SignOutAsync(); + // Delete the authentication cookie to ensure it is invalidated + this.HttpContext.Response.Cookies.Delete(".AspNetCore.Identity.Application"); + // raise the logout event await this.Events.RaiseAsync(new UserLogoutSuccessEvent(this.User.GetSubjectId(), this.User.GetDisplayName())); @@ -296,7 +295,15 @@ public async Task Logout(LogoutInputModel model) return this.SignOut(new AuthenticationProperties { RedirectUri = url }, vm.ExternalAuthenticationScheme); } - return this.View("LoggedOut", vm); + if (this.webSettings.IsPasswordUpdate) + { + var redirectUri = $"{this.webSettings.LearningHubWebClient}Home/ChangePasswordAcknowledgement"; + return this.Redirect(redirectUri); + } + else + { + return this.View("LoggedOut", vm); + } } /// diff --git a/Auth/LearningHub.Nhs.Auth/Controllers/HomeController.cs b/Auth/LearningHub.Nhs.Auth/Controllers/HomeController.cs index 7855fea..aa0937f 100644 --- a/Auth/LearningHub.Nhs.Auth/Controllers/HomeController.cs +++ b/Auth/LearningHub.Nhs.Auth/Controllers/HomeController.cs @@ -80,6 +80,27 @@ public async Task Error() return this.View("Error"); } + /// + /// IsPasswordUpdateMethod. + /// + /// The Logout. + /// The . + [HttpGet] + public IActionResult SetIsPasswordUpdate(bool isLogout) + { + if (isLogout) + { + this.webSettings.IsPasswordUpdate = false; + } + else + { + this.webSettings.IsPasswordUpdate = true; + } + + var redirectUri = $"{this.webSettings.LearningHubWebClient}Home/UserLogout"; + return this.Redirect(redirectUri); + } + /// /// Shows the HealthCheck response. /// diff --git a/Auth/LearningHub.Nhs.Auth/appsettings.json b/Auth/LearningHub.Nhs.Auth/appsettings.json index f746802..c54a92d 100644 --- a/Auth/LearningHub.Nhs.Auth/appsettings.json +++ b/Auth/LearningHub.Nhs.Auth/appsettings.json @@ -39,9 +39,8 @@ "ElfhHub": "", "Rcr": "", "SupportForm": "https://support.learninghub.nhs.uk/support/tickets/new", - "SupportFeedbackForm": "https://forms.office.com/e/C8tteweEhG" - - + "SupportFeedbackForm": "https://forms.office.com/e/C8tteweEhG", + "IsPasswordUpdate": "false" }, "AllowOpenAthensDebug": false, "OaLhClients": { From f898a6f05f4088fae75b607427f46127361ac8aa Mon Sep 17 00:00:00 2001 From: Swapnamol Abraham Date: Wed, 5 Mar 2025 14:36:28 +0000 Subject: [PATCH 03/24] TD-3733:Information Disclosures --- Auth/LearningHub.Nhs.Auth/Program.cs | 14 -------------- LearningHub.Nhs.UserApi/Program.cs | 12 ++++++++++++ 2 files changed, 12 insertions(+), 14 deletions(-) diff --git a/Auth/LearningHub.Nhs.Auth/Program.cs b/Auth/LearningHub.Nhs.Auth/Program.cs index 910cb0b..04759f5 100644 --- a/Auth/LearningHub.Nhs.Auth/Program.cs +++ b/Auth/LearningHub.Nhs.Auth/Program.cs @@ -56,20 +56,6 @@ await next(); }); -app.Use(async (context, next) => -{ - // Add security headers - context.Response.Headers.Add("Strict-Transport-Security", "max-age=31536000; includeSubDomains; preload"); - context.Response.Headers.Add("X-Content-Type-Options", "nosniff"); - context.Response.Headers.Add("X-XSS-Protection", "1; mode=block"); - context.Response.Headers.Add("X-Frame-Options", "DENY"); - context.Response.Headers.Add("Content-Security-Policy", "default-src 'self'; script-src 'self'; object-src 'none';"); - context.Response.Headers.Add("Referrer-Policy", "no-referrer-when-downgrade"); - context.Response.Headers.Add("Feature-Policy", "geolocation 'self'; microphone 'none'; camera 'none'"); - - await next(); -}); - if (app.Environment.IsDevelopment()) { app.UseDeveloperExceptionPage(); diff --git a/LearningHub.Nhs.UserApi/Program.cs b/LearningHub.Nhs.UserApi/Program.cs index e89e70b..8a6e0aa 100644 --- a/LearningHub.Nhs.UserApi/Program.cs +++ b/LearningHub.Nhs.UserApi/Program.cs @@ -10,6 +10,7 @@ var logger = NLogBuilder.ConfigureNLog("nlog.config").GetCurrentClassLogger(); +var csp = "object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self';"; try { logger.Debug("Log Started"); @@ -36,6 +37,17 @@ c.SwaggerEndpoint($"/swagger/{app.Configuration["Swagger:Title"]}/swagger.json", app.Configuration["Swagger:Version"]); }); + app.Use(async (context, next) => + { + context.Response.Headers.Add("content-security-policy", csp); + context.Response.Headers.Add("Referrer-Policy", "no-referrer"); + context.Response.Headers.Add("Strict-Transport-Security", "max-age=31536000; includeSubDomains"); + context.Response.Headers.Add("X-Content-Type-Options", "nosniff"); + context.Response.Headers.Add("X-Frame-Options", "SAMEORIGIN"); + context.Response.Headers.Add("X-XSS-protection", "0"); + await next(); + }); + app.UseMiddleware(); app.UseEndpoints(endpoints => endpoints.MapControllerRoute("default", "{controller=Home}/{action=Index}/{id?}")); From cc0ff4e6ee64abbe0a60be9164c859a2cd076ce7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 12 Mar 2025 04:54:06 +0000 Subject: [PATCH 04/24] Bump @babel/core from 7.26.9 to 7.26.10 in /Auth/LearningHub.Nhs.Auth (#137) Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core) from 7.26.9 to 7.26.10. - [Release notes](https://github.com/babel/babel/releases) - [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md) - [Commits](https://github.com/babel/babel/commits/v7.26.10/packages/babel-core) --- updated-dependencies: - dependency-name: "@babel/core" dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Auth/LearningHub.Nhs.Auth/package-lock.json | 62 ++++++++++----------- Auth/LearningHub.Nhs.Auth/package.json | 2 +- 2 files changed, 32 insertions(+), 32 deletions(-) diff --git a/Auth/LearningHub.Nhs.Auth/package-lock.json b/Auth/LearningHub.Nhs.Auth/package-lock.json index 3d0a1e4..3549001 100644 --- a/Auth/LearningHub.Nhs.Auth/package-lock.json +++ b/Auth/LearningHub.Nhs.Auth/package-lock.json @@ -16,7 +16,7 @@ "node": "^22" }, "devDependencies": { - "@babel/core": "^7.26.9", + "@babel/core": "^7.26.10", "@babel/preset-env": "^7.26.9", "babel-core": "^4.7.16", "babel-loader": "^8.2.2", @@ -72,22 +72,22 @@ } }, "node_modules/@babel/core": { - "version": "7.26.9", - "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.26.9.tgz", - "integrity": "sha512-lWBYIrF7qK5+GjY5Uy+/hEgp8OJWOD/rpy74GplYRhEauvbHDeFB8t5hPOZxCZ0Oxf4Cc36tK51/l3ymJysrKw==", + "version": "7.26.10", + "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.26.10.tgz", + "integrity": "sha512-vMqyb7XCDMPvJFFOaT9kxtiRh42GwlZEg1/uIgtZshS5a/8OaduUfCi7kynKgc3Tw/6Uo2D+db9qBttghhmxwQ==", "dev": true, "license": "MIT", "dependencies": { "@ampproject/remapping": "^2.2.0", "@babel/code-frame": "^7.26.2", - "@babel/generator": "^7.26.9", + "@babel/generator": "^7.26.10", "@babel/helper-compilation-targets": "^7.26.5", "@babel/helper-module-transforms": "^7.26.0", - "@babel/helpers": "^7.26.9", - "@babel/parser": "^7.26.9", + "@babel/helpers": "^7.26.10", + "@babel/parser": "^7.26.10", "@babel/template": "^7.26.9", - "@babel/traverse": "^7.26.9", - "@babel/types": "^7.26.9", + "@babel/traverse": "^7.26.10", + "@babel/types": "^7.26.10", "convert-source-map": "^2.0.0", "debug": "^4.1.0", "gensync": "^1.0.0-beta.2", @@ -103,14 +103,14 @@ } }, "node_modules/@babel/generator": { - "version": "7.26.9", - "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.26.9.tgz", - "integrity": "sha512-kEWdzjOAUMW4hAyrzJ0ZaTOu9OmpyDIQicIh0zg0EEcEkYXZb2TjtBhnHi2ViX7PKwZqF4xwqfAm299/QMP3lg==", + "version": "7.26.10", + "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.26.10.tgz", + "integrity": "sha512-rRHT8siFIXQrAYOYqZQVsAr8vJ+cBNqcVAY6m5V8/4QqzaPl+zDBe6cLEPRDuNOUf3ww8RfJVlOyQMoSI+5Ang==", "dev": true, "license": "MIT", "dependencies": { - "@babel/parser": "^7.26.9", - "@babel/types": "^7.26.9", + "@babel/parser": "^7.26.10", + "@babel/types": "^7.26.10", "@jridgewell/gen-mapping": "^0.3.5", "@jridgewell/trace-mapping": "^0.3.25", "jsesc": "^3.0.2" @@ -341,27 +341,27 @@ } }, "node_modules/@babel/helpers": { - "version": "7.26.9", - "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.26.9.tgz", - "integrity": "sha512-Mz/4+y8udxBKdmzt/UjPACs4G3j5SshJJEFFKxlCGPydG4JAHXxjWjAwjd09tf6oINvl1VfMJo+nB7H2YKQ0dA==", + "version": "7.26.10", + "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.26.10.tgz", + "integrity": "sha512-UPYc3SauzZ3JGgj87GgZ89JVdC5dj0AoetR5Bw6wj4niittNyFh6+eOGonYvJ1ao6B8lEa3Q3klS7ADZ53bc5g==", "dev": true, "license": "MIT", "dependencies": { "@babel/template": "^7.26.9", - "@babel/types": "^7.26.9" + "@babel/types": "^7.26.10" }, "engines": { "node": ">=6.9.0" } }, "node_modules/@babel/parser": { - "version": "7.26.9", - "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.26.9.tgz", - "integrity": "sha512-81NWa1njQblgZbQHxWHpxxCzNsa3ZwvFqpUg7P+NNUU6f3UU2jBEg4OlF/J6rl8+PQGh1q6/zWScd001YwcA5A==", + "version": "7.26.10", + "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.26.10.tgz", + "integrity": "sha512-6aQR2zGE/QFi8JpDLjUZEPYOs7+mhKXm86VaKFiLP35JQwQb6bwUE+XbvkH0EptsYhbNBSUGaUBLKqxH1xSgsA==", "dev": true, "license": "MIT", "dependencies": { - "@babel/types": "^7.26.9" + "@babel/types": "^7.26.10" }, "bin": { "parser": "bin/babel-parser.js" @@ -1378,17 +1378,17 @@ } }, "node_modules/@babel/traverse": { - "version": "7.26.9", - "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.26.9.tgz", - "integrity": "sha512-ZYW7L+pL8ahU5fXmNbPF+iZFHCv5scFak7MZ9bwaRPLUhHh7QQEMjZUg0HevihoqCM5iSYHN61EyCoZvqC+bxg==", + "version": "7.26.10", + "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.26.10.tgz", + "integrity": "sha512-k8NuDrxr0WrPH5Aupqb2LCVURP/S0vBEn5mK6iH+GIYob66U5EtoZvcdudR2jQ4cmTwhEwW1DLB+Yyas9zjF6A==", "dev": true, "license": "MIT", "dependencies": { "@babel/code-frame": "^7.26.2", - "@babel/generator": "^7.26.9", - "@babel/parser": "^7.26.9", + "@babel/generator": "^7.26.10", + "@babel/parser": "^7.26.10", "@babel/template": "^7.26.9", - "@babel/types": "^7.26.9", + "@babel/types": "^7.26.10", "debug": "^4.3.1", "globals": "^11.1.0" }, @@ -1397,9 +1397,9 @@ } }, "node_modules/@babel/types": { - "version": "7.26.9", - "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.26.9.tgz", - "integrity": "sha512-Y3IR1cRnOxOCDvMmNiym7XpXQ93iGDDPHx+Zj+NM+rg0fBaShfQLkg+hKPaZCEvg5N/LeCo4+Rj/i3FuJsIQaw==", + "version": "7.26.10", + "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.26.10.tgz", + "integrity": "sha512-emqcG3vHrpxUKTrxcblR36dcrcoRDvKmnL/dCL6ZsHaShW80qxCAcNhzQZrpeM765VzEos+xOi4s+r4IXzTwdQ==", "dev": true, "license": "MIT", "dependencies": { diff --git a/Auth/LearningHub.Nhs.Auth/package.json b/Auth/LearningHub.Nhs.Auth/package.json index 85a5318..2f72c15 100644 --- a/Auth/LearningHub.Nhs.Auth/package.json +++ b/Auth/LearningHub.Nhs.Auth/package.json @@ -26,7 +26,7 @@ "node": "^22" }, "devDependencies": { - "@babel/core": "^7.26.9", + "@babel/core": "^7.26.10", "@babel/preset-env": "^7.26.9", "babel-core": "^4.7.16", "babel-loader": "^8.2.2", From 0474fd75d21879446f2db0347c94a8f3b01baeae Mon Sep 17 00:00:00 2001 From: Swapnamol Abraham Date: Thu, 13 Mar 2025 14:26:09 +0000 Subject: [PATCH 05/24] TD-3743: Concurrent Sessions Allowed --- .../Helpers/InMemoryTicketStore.cs | 104 ++++++++++++++++++ .../ServiceCollectionExtension.cs | 10 +- 2 files changed, 113 insertions(+), 1 deletion(-) create mode 100644 Auth/LearningHub.Nhs.Auth/Helpers/InMemoryTicketStore.cs diff --git a/Auth/LearningHub.Nhs.Auth/Helpers/InMemoryTicketStore.cs b/Auth/LearningHub.Nhs.Auth/Helpers/InMemoryTicketStore.cs new file mode 100644 index 0000000..1bfa669 --- /dev/null +++ b/Auth/LearningHub.Nhs.Auth/Helpers/InMemoryTicketStore.cs @@ -0,0 +1,104 @@ +namespace LearningHub.Nhs.Auth.Helpers +{ + using System; + using System.Collections.Concurrent; + using System.Linq; + using System.Threading.Tasks; + using Microsoft.AspNetCore.Authentication; + using Microsoft.AspNetCore.Authentication.Cookies; + + /// + /// Defines the . + /// + public class InMemoryTicketStore : ITicketStore + { + private readonly ConcurrentDictionary cache; + + /// + /// Initializes a new instance of the class. + /// The InMemoryTicketStore. + /// + /// the cache. + public InMemoryTicketStore(ConcurrentDictionary cache) + { + this.cache = cache; + } + + /// + /// The StoreAsync. + /// + /// The ticket. + /// The key. + public async Task StoreAsync(AuthenticationTicket ticket) + { + var ticketUserId = ticket.Principal.Claims.Where(c => c.Type == "sub") + .FirstOrDefault() + .Value; + var matchingAuthTicket = this.cache.Values.FirstOrDefault( + t => t.Principal.Claims.FirstOrDefault( + c => c.Type == "sub" + && c.Value == ticketUserId) != null); + if (matchingAuthTicket != null) + { + var cacheKey = this.cache.Where( + entry => entry.Value == matchingAuthTicket) + .Select(entry => entry.Key) + .FirstOrDefault(); + this.cache.TryRemove( + cacheKey, + out _); + } + + var key = Guid + .NewGuid() + .ToString(); + await this.RenewAsync( + key, + ticket); + return key; + } + + /// + /// The RenewAsync. + /// + /// The key. + /// The ticket. + /// The Task. + public Task RenewAsync( + string key, + AuthenticationTicket ticket) + { + this.cache.AddOrUpdate( + key, + ticket, + (_, _) => ticket); + return Task.CompletedTask; + } + + /// + /// The RetrieveAsync. + /// + /// The Key. + /// The Task. + public Task RetrieveAsync(string key) + { + this.cache.TryGetValue( + key, + out var ticket); + return Task.FromResult(ticket); + } + + /// + /// The RemoveAsync. + /// + /// The key. + /// The Task. + public Task RemoveAsync(string key) + { + this.cache.TryRemove( + key, + out _); + return Task.CompletedTask; + } + } + } diff --git a/Auth/LearningHub.Nhs.Auth/ServiceCollectionExtension.cs b/Auth/LearningHub.Nhs.Auth/ServiceCollectionExtension.cs index 6aaf2f5..0a08288 100644 --- a/Auth/LearningHub.Nhs.Auth/ServiceCollectionExtension.cs +++ b/Auth/LearningHub.Nhs.Auth/ServiceCollectionExtension.cs @@ -1,10 +1,12 @@ namespace LearningHub.Nhs.Auth { using System; + using System.Collections.Concurrent; using System.Security.Cryptography.X509Certificates; using Azure.Identity; using IdentityServer4; using LearningHub.Nhs.Auth.Configuration; + using LearningHub.Nhs.Auth.Helpers; using LearningHub.Nhs.Auth.Middleware; using LearningHub.Nhs.Caching; using LearningHub.Nhs.Models.Enums; @@ -70,7 +72,13 @@ public static void ConfigureServices(this IServiceCollection services, IConfigur { options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; - }).AddCookie().AddOpenIdConnect( + }) + .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options => + { + options.AccessDeniedPath = "/Home/AccessDenied"; + options.SessionStore = new InMemoryTicketStore(new ConcurrentDictionary()); + }) + .AddOpenIdConnect( "oidc_oa", options => { From 0318db8e19b711fcc71be74ee0dad4b7fb8f995f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 18 Mar 2025 04:51:11 +0000 Subject: [PATCH 06/24] Bump sass from 1.85.1 to 1.86.0 in /Auth/LearningHub.Nhs.Auth Bumps [sass](https://github.com/sass/dart-sass) from 1.85.1 to 1.86.0. - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](https://github.com/sass/dart-sass/compare/1.85.1...1.86.0) --- updated-dependencies: - dependency-name: sass dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- Auth/LearningHub.Nhs.Auth/package-lock.json | 8 ++++---- Auth/LearningHub.Nhs.Auth/package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Auth/LearningHub.Nhs.Auth/package-lock.json b/Auth/LearningHub.Nhs.Auth/package-lock.json index 3549001..a629e65 100644 --- a/Auth/LearningHub.Nhs.Auth/package-lock.json +++ b/Auth/LearningHub.Nhs.Auth/package-lock.json @@ -25,7 +25,7 @@ "cross-env": "^7.0.3", "css-loader": "^5.2.4", "file-loader": "^6.2.0", - "sass": "^1.85.1", + "sass": "^1.86.0", "sass-loader": "^11.0.1", "style-loader": "^2.0.0", "ts-loader": "^9.5.2", @@ -5877,9 +5877,9 @@ "license": "MIT" }, "node_modules/sass": { - "version": "1.85.1", - "resolved": "https://registry.npmjs.org/sass/-/sass-1.85.1.tgz", - "integrity": "sha512-Uk8WpxM5v+0cMR0XjX9KfRIacmSG86RH4DCCZjLU2rFh5tyutt9siAXJ7G+YfxQ99Q6wrRMbMlVl6KqUms71ag==", + "version": "1.86.0", + "resolved": "https://registry.npmjs.org/sass/-/sass-1.86.0.tgz", + "integrity": "sha512-zV8vGUld/+mP4KbMLJMX7TyGCuUp7hnkOScgCMsWuHtns8CWBoz+vmEhoGMXsaJrbUP8gj+F1dLvVe79sK8UdA==", "dev": true, "license": "MIT", "dependencies": { diff --git a/Auth/LearningHub.Nhs.Auth/package.json b/Auth/LearningHub.Nhs.Auth/package.json index 2f72c15..6d82053 100644 --- a/Auth/LearningHub.Nhs.Auth/package.json +++ b/Auth/LearningHub.Nhs.Auth/package.json @@ -35,7 +35,7 @@ "cross-env": "^7.0.3", "css-loader": "^5.2.4", "file-loader": "^6.2.0", - "sass": "^1.85.1", + "sass": "^1.86.0", "sass-loader": "^11.0.1", "style-loader": "^2.0.0", "ts-loader": "^9.5.2", From 6200dee0121dd9c792a9959ff38158fae7b38427 Mon Sep 17 00:00:00 2001 From: Swapnamol Abraham Date: Tue, 18 Mar 2025 15:25:55 +0000 Subject: [PATCH 07/24] CSP updated --- LearningHub.Nhs.UserApi/Program.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LearningHub.Nhs.UserApi/Program.cs b/LearningHub.Nhs.UserApi/Program.cs index 8a6e0aa..24463ca 100644 --- a/LearningHub.Nhs.UserApi/Program.cs +++ b/LearningHub.Nhs.UserApi/Program.cs @@ -39,7 +39,7 @@ app.Use(async (context, next) => { - context.Response.Headers.Add("content-security-policy", csp); + ////context.Response.Headers.Add("content-security-policy", csp); context.Response.Headers.Add("Referrer-Policy", "no-referrer"); context.Response.Headers.Add("Strict-Transport-Security", "max-age=31536000; includeSubDomains"); context.Response.Headers.Add("X-Content-Type-Options", "nosniff"); From d6deb8738ad05f2c09b64f9d01c5f7d469246c96 Mon Sep 17 00:00:00 2001 From: Swapnamol Abraham Date: Tue, 18 Mar 2025 15:55:55 +0000 Subject: [PATCH 08/24] Reverted CSP fixes --- LearningHub.Nhs.UserApi/Program.cs | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/LearningHub.Nhs.UserApi/Program.cs b/LearningHub.Nhs.UserApi/Program.cs index 24463ca..f0a8346 100644 --- a/LearningHub.Nhs.UserApi/Program.cs +++ b/LearningHub.Nhs.UserApi/Program.cs @@ -37,16 +37,16 @@ c.SwaggerEndpoint($"/swagger/{app.Configuration["Swagger:Title"]}/swagger.json", app.Configuration["Swagger:Version"]); }); - app.Use(async (context, next) => - { - ////context.Response.Headers.Add("content-security-policy", csp); - context.Response.Headers.Add("Referrer-Policy", "no-referrer"); - context.Response.Headers.Add("Strict-Transport-Security", "max-age=31536000; includeSubDomains"); - context.Response.Headers.Add("X-Content-Type-Options", "nosniff"); - context.Response.Headers.Add("X-Frame-Options", "SAMEORIGIN"); - context.Response.Headers.Add("X-XSS-protection", "0"); - await next(); - }); + ////app.Use(async (context, next) => + ////{ + //// context.Response.Headers.Add("content-security-policy", csp); + //// context.Response.Headers.Add("Referrer-Policy", "no-referrer"); + //// context.Response.Headers.Add("Strict-Transport-Security", "max-age=31536000; includeSubDomains"); + //// context.Response.Headers.Add("X-Content-Type-Options", "nosniff"); + //// context.Response.Headers.Add("X-Frame-Options", "SAMEORIGIN"); + //// context.Response.Headers.Add("X-XSS-protection", "0"); + //// await next(); + ////}); app.UseMiddleware(); From 969b770f15f616aae71a3a446b6cd39ef864dbe2 Mon Sep 17 00:00:00 2001 From: Swapnamol Abraham Date: Wed, 19 Mar 2025 11:08:06 +0000 Subject: [PATCH 09/24] Reverted in memory store --- Auth/LearningHub.Nhs.Auth/ServiceCollectionExtension.cs | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/Auth/LearningHub.Nhs.Auth/ServiceCollectionExtension.cs b/Auth/LearningHub.Nhs.Auth/ServiceCollectionExtension.cs index 0a08288..6268047 100644 --- a/Auth/LearningHub.Nhs.Auth/ServiceCollectionExtension.cs +++ b/Auth/LearningHub.Nhs.Auth/ServiceCollectionExtension.cs @@ -73,11 +73,7 @@ public static void ConfigureServices(this IServiceCollection services, IConfigur options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; }) - .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options => - { - options.AccessDeniedPath = "/Home/AccessDenied"; - options.SessionStore = new InMemoryTicketStore(new ConcurrentDictionary()); - }) + .AddCookie() .AddOpenIdConnect( "oidc_oa", options => From cb03bf16db35cf6d967273b7c5204c15a77097c3 Mon Sep 17 00:00:00 2001 From: Swapnamol Abraham Date: Wed, 19 Mar 2025 11:11:09 +0000 Subject: [PATCH 10/24] reverted --- LearningHub.Nhs.UserApi/Program.cs | 1 - 1 file changed, 1 deletion(-) diff --git a/LearningHub.Nhs.UserApi/Program.cs b/LearningHub.Nhs.UserApi/Program.cs index f0a8346..1a6246f 100644 --- a/LearningHub.Nhs.UserApi/Program.cs +++ b/LearningHub.Nhs.UserApi/Program.cs @@ -10,7 +10,6 @@ var logger = NLogBuilder.ConfigureNLog("nlog.config").GetCurrentClassLogger(); -var csp = "object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self';"; try { logger.Debug("Log Started"); From 72b8cc07af0a4c71fb62d796342dbf1ac9c620ad Mon Sep 17 00:00:00 2001 From: Swapnamol Abraham Date: Wed, 19 Mar 2025 12:53:27 +0000 Subject: [PATCH 11/24] Test --- Auth/LearningHub.Nhs.Auth/Filters/SecurityHeadersAttribute.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Auth/LearningHub.Nhs.Auth/Filters/SecurityHeadersAttribute.cs b/Auth/LearningHub.Nhs.Auth/Filters/SecurityHeadersAttribute.cs index 0dd0fc4..4953b75 100644 --- a/Auth/LearningHub.Nhs.Auth/Filters/SecurityHeadersAttribute.cs +++ b/Auth/LearningHub.Nhs.Auth/Filters/SecurityHeadersAttribute.cs @@ -33,7 +33,7 @@ public override void OnResultExecuting(ResultExecutingContext context) // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy ////var csp = "default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';"; - var csp = "object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self';"; + var csp = "object-src 'none'; frame-ancestors 'none'; base-uri 'self';"; //// also consider adding upgrade-insecure-requests once you have HTTPS in place for production ////csp += "upgrade-insecure-requests;"; //// also an example if you need client images to be displayed from twitter From 294deb73fa47c5f2adc473fbbb6b382ce463b2be Mon Sep 17 00:00:00 2001 From: Swapnamol Abraham Date: Wed, 19 Mar 2025 14:39:04 +0000 Subject: [PATCH 12/24] Revert "reverted" This reverts commit cb03bf16db35cf6d967273b7c5204c15a77097c3. --- LearningHub.Nhs.UserApi/Program.cs | 1 + 1 file changed, 1 insertion(+) diff --git a/LearningHub.Nhs.UserApi/Program.cs b/LearningHub.Nhs.UserApi/Program.cs index 1a6246f..f0a8346 100644 --- a/LearningHub.Nhs.UserApi/Program.cs +++ b/LearningHub.Nhs.UserApi/Program.cs @@ -10,6 +10,7 @@ var logger = NLogBuilder.ConfigureNLog("nlog.config").GetCurrentClassLogger(); +var csp = "object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self';"; try { logger.Debug("Log Started"); From 11714d9d591daafacf312f597536af9df96015c8 Mon Sep 17 00:00:00 2001 From: Swapnamol Abraham Date: Wed, 19 Mar 2025 14:40:54 +0000 Subject: [PATCH 13/24] Revert "Test" This reverts commit 72b8cc07af0a4c71fb62d796342dbf1ac9c620ad. --- Auth/LearningHub.Nhs.Auth/Filters/SecurityHeadersAttribute.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Auth/LearningHub.Nhs.Auth/Filters/SecurityHeadersAttribute.cs b/Auth/LearningHub.Nhs.Auth/Filters/SecurityHeadersAttribute.cs index 4953b75..0dd0fc4 100644 --- a/Auth/LearningHub.Nhs.Auth/Filters/SecurityHeadersAttribute.cs +++ b/Auth/LearningHub.Nhs.Auth/Filters/SecurityHeadersAttribute.cs @@ -33,7 +33,7 @@ public override void OnResultExecuting(ResultExecutingContext context) // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy ////var csp = "default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';"; - var csp = "object-src 'none'; frame-ancestors 'none'; base-uri 'self';"; + var csp = "object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self';"; //// also consider adding upgrade-insecure-requests once you have HTTPS in place for production ////csp += "upgrade-insecure-requests;"; //// also an example if you need client images to be displayed from twitter From a6fe18a3f57377e177c13b71506672789905688d Mon Sep 17 00:00:00 2001 From: Swapnamol Abraham Date: Wed, 19 Mar 2025 16:55:54 +0000 Subject: [PATCH 14/24] Added in store memmory ticket store --- Auth/LearningHub.Nhs.Auth/ServiceCollectionExtension.cs | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Auth/LearningHub.Nhs.Auth/ServiceCollectionExtension.cs b/Auth/LearningHub.Nhs.Auth/ServiceCollectionExtension.cs index 6268047..632c087 100644 --- a/Auth/LearningHub.Nhs.Auth/ServiceCollectionExtension.cs +++ b/Auth/LearningHub.Nhs.Auth/ServiceCollectionExtension.cs @@ -73,7 +73,11 @@ public static void ConfigureServices(this IServiceCollection services, IConfigur options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; }) - .AddCookie() + .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options => + { + options.AccessDeniedPath = "/Home/AccessDenied"; + options.SessionStore = new InMemoryTicketStore(new ConcurrentDictionary()); + }) .AddOpenIdConnect( "oidc_oa", options => From 79a4bbc14348156914f2fea2767ec7287b5a5276 Mon Sep 17 00:00:00 2001 From: Swapnamol Abraham Date: Wed, 19 Mar 2025 17:14:33 +0000 Subject: [PATCH 15/24] Reverted the chnages --- Auth/LearningHub.Nhs.Auth/ServiceCollectionExtension.cs | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/Auth/LearningHub.Nhs.Auth/ServiceCollectionExtension.cs b/Auth/LearningHub.Nhs.Auth/ServiceCollectionExtension.cs index 632c087..6268047 100644 --- a/Auth/LearningHub.Nhs.Auth/ServiceCollectionExtension.cs +++ b/Auth/LearningHub.Nhs.Auth/ServiceCollectionExtension.cs @@ -73,11 +73,7 @@ public static void ConfigureServices(this IServiceCollection services, IConfigur options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; }) - .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options => - { - options.AccessDeniedPath = "/Home/AccessDenied"; - options.SessionStore = new InMemoryTicketStore(new ConcurrentDictionary()); - }) + .AddCookie() .AddOpenIdConnect( "oidc_oa", options => From fb344cc8a92123edcb8a277c86e4db2cd8c9173f Mon Sep 17 00:00:00 2001 From: Swapnamol Abraham Date: Wed, 19 Mar 2025 17:55:07 +0000 Subject: [PATCH 16/24] CSP code added --- LearningHub.Nhs.UserApi/Program.cs | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/LearningHub.Nhs.UserApi/Program.cs b/LearningHub.Nhs.UserApi/Program.cs index f0a8346..8a6e0aa 100644 --- a/LearningHub.Nhs.UserApi/Program.cs +++ b/LearningHub.Nhs.UserApi/Program.cs @@ -37,16 +37,16 @@ c.SwaggerEndpoint($"/swagger/{app.Configuration["Swagger:Title"]}/swagger.json", app.Configuration["Swagger:Version"]); }); - ////app.Use(async (context, next) => - ////{ - //// context.Response.Headers.Add("content-security-policy", csp); - //// context.Response.Headers.Add("Referrer-Policy", "no-referrer"); - //// context.Response.Headers.Add("Strict-Transport-Security", "max-age=31536000; includeSubDomains"); - //// context.Response.Headers.Add("X-Content-Type-Options", "nosniff"); - //// context.Response.Headers.Add("X-Frame-Options", "SAMEORIGIN"); - //// context.Response.Headers.Add("X-XSS-protection", "0"); - //// await next(); - ////}); + app.Use(async (context, next) => + { + context.Response.Headers.Add("content-security-policy", csp); + context.Response.Headers.Add("Referrer-Policy", "no-referrer"); + context.Response.Headers.Add("Strict-Transport-Security", "max-age=31536000; includeSubDomains"); + context.Response.Headers.Add("X-Content-Type-Options", "nosniff"); + context.Response.Headers.Add("X-Frame-Options", "SAMEORIGIN"); + context.Response.Headers.Add("X-XSS-protection", "0"); + await next(); + }); app.UseMiddleware(); From 2103eea4da0176b418ba849b941011cd2d0f737d Mon Sep 17 00:00:00 2001 From: Swapnamol Abraham Date: Thu, 20 Mar 2025 10:08:28 +0000 Subject: [PATCH 17/24] Removed Sandbox --- Auth/LearningHub.Nhs.Auth/Filters/SecurityHeadersAttribute.cs | 2 +- LearningHub.Nhs.UserApi/Program.cs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Auth/LearningHub.Nhs.Auth/Filters/SecurityHeadersAttribute.cs b/Auth/LearningHub.Nhs.Auth/Filters/SecurityHeadersAttribute.cs index 0dd0fc4..4953b75 100644 --- a/Auth/LearningHub.Nhs.Auth/Filters/SecurityHeadersAttribute.cs +++ b/Auth/LearningHub.Nhs.Auth/Filters/SecurityHeadersAttribute.cs @@ -33,7 +33,7 @@ public override void OnResultExecuting(ResultExecutingContext context) // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy ////var csp = "default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';"; - var csp = "object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self';"; + var csp = "object-src 'none'; frame-ancestors 'none'; base-uri 'self';"; //// also consider adding upgrade-insecure-requests once you have HTTPS in place for production ////csp += "upgrade-insecure-requests;"; //// also an example if you need client images to be displayed from twitter diff --git a/LearningHub.Nhs.UserApi/Program.cs b/LearningHub.Nhs.UserApi/Program.cs index 8a6e0aa..15fad9d 100644 --- a/LearningHub.Nhs.UserApi/Program.cs +++ b/LearningHub.Nhs.UserApi/Program.cs @@ -10,7 +10,7 @@ var logger = NLogBuilder.ConfigureNLog("nlog.config").GetCurrentClassLogger(); -var csp = "object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self';"; +var csp = "object-src 'none'; frame-ancestors 'none'; base-uri 'self';"; try { logger.Debug("Log Started"); From b7c7090389954bf0c1e6f00f52167bcc17fee1ee Mon Sep 17 00:00:00 2001 From: Swapnamol Abraham Date: Thu, 20 Mar 2025 12:12:38 +0000 Subject: [PATCH 18/24] Added in memory ticket store --- Auth/LearningHub.Nhs.Auth/ServiceCollectionExtension.cs | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/Auth/LearningHub.Nhs.Auth/ServiceCollectionExtension.cs b/Auth/LearningHub.Nhs.Auth/ServiceCollectionExtension.cs index 6268047..632c087 100644 --- a/Auth/LearningHub.Nhs.Auth/ServiceCollectionExtension.cs +++ b/Auth/LearningHub.Nhs.Auth/ServiceCollectionExtension.cs @@ -73,7 +73,11 @@ public static void ConfigureServices(this IServiceCollection services, IConfigur options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; }) - .AddCookie() + .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options => + { + options.AccessDeniedPath = "/Home/AccessDenied"; + options.SessionStore = new InMemoryTicketStore(new ConcurrentDictionary()); + }) .AddOpenIdConnect( "oidc_oa", options => From 610f1a5bb583b97e9e1a63839489c4c071d3656b Mon Sep 17 00:00:00 2001 From: Swapnamol Abraham Date: Thu, 20 Mar 2025 14:06:57 +0000 Subject: [PATCH 19/24] Reverted in memory ticket store from RC --- .../Filters/SecurityHeadersAttribute.cs | 2 +- Auth/LearningHub.Nhs.Auth/ServiceCollectionExtension.cs | 6 +----- LearningHub.Nhs.UserApi/Program.cs | 2 +- 3 files changed, 3 insertions(+), 7 deletions(-) diff --git a/Auth/LearningHub.Nhs.Auth/Filters/SecurityHeadersAttribute.cs b/Auth/LearningHub.Nhs.Auth/Filters/SecurityHeadersAttribute.cs index 4953b75..0dd0fc4 100644 --- a/Auth/LearningHub.Nhs.Auth/Filters/SecurityHeadersAttribute.cs +++ b/Auth/LearningHub.Nhs.Auth/Filters/SecurityHeadersAttribute.cs @@ -33,7 +33,7 @@ public override void OnResultExecuting(ResultExecutingContext context) // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy ////var csp = "default-src 'self'; object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts; base-uri 'self';"; - var csp = "object-src 'none'; frame-ancestors 'none'; base-uri 'self';"; + var csp = "object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self';"; //// also consider adding upgrade-insecure-requests once you have HTTPS in place for production ////csp += "upgrade-insecure-requests;"; //// also an example if you need client images to be displayed from twitter diff --git a/Auth/LearningHub.Nhs.Auth/ServiceCollectionExtension.cs b/Auth/LearningHub.Nhs.Auth/ServiceCollectionExtension.cs index 632c087..6268047 100644 --- a/Auth/LearningHub.Nhs.Auth/ServiceCollectionExtension.cs +++ b/Auth/LearningHub.Nhs.Auth/ServiceCollectionExtension.cs @@ -73,11 +73,7 @@ public static void ConfigureServices(this IServiceCollection services, IConfigur options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme; options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; }) - .AddCookie(CookieAuthenticationDefaults.AuthenticationScheme, options => - { - options.AccessDeniedPath = "/Home/AccessDenied"; - options.SessionStore = new InMemoryTicketStore(new ConcurrentDictionary()); - }) + .AddCookie() .AddOpenIdConnect( "oidc_oa", options => diff --git a/LearningHub.Nhs.UserApi/Program.cs b/LearningHub.Nhs.UserApi/Program.cs index 15fad9d..8a6e0aa 100644 --- a/LearningHub.Nhs.UserApi/Program.cs +++ b/LearningHub.Nhs.UserApi/Program.cs @@ -10,7 +10,7 @@ var logger = NLogBuilder.ConfigureNLog("nlog.config").GetCurrentClassLogger(); -var csp = "object-src 'none'; frame-ancestors 'none'; base-uri 'self';"; +var csp = "object-src 'none'; frame-ancestors 'none'; sandbox allow-forms allow-same-origin allow-scripts allow-popups; base-uri 'self';"; try { logger.Debug("Log Started"); From 790851062bee1a96823e108bc0d5d922e14692b4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 1 Apr 2025 04:24:04 +0000 Subject: [PATCH 20/24] Bump sass from 1.86.0 to 1.86.1 in /Auth/LearningHub.Nhs.Auth (#144) Bumps [sass](https://github.com/sass/dart-sass) from 1.86.0 to 1.86.1. - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](https://github.com/sass/dart-sass/compare/1.86.0...1.86.1) --- updated-dependencies: - dependency-name: sass dependency-version: 1.86.1 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Auth/LearningHub.Nhs.Auth/package-lock.json | 8 ++++---- Auth/LearningHub.Nhs.Auth/package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Auth/LearningHub.Nhs.Auth/package-lock.json b/Auth/LearningHub.Nhs.Auth/package-lock.json index a629e65..c472305 100644 --- a/Auth/LearningHub.Nhs.Auth/package-lock.json +++ b/Auth/LearningHub.Nhs.Auth/package-lock.json @@ -25,7 +25,7 @@ "cross-env": "^7.0.3", "css-loader": "^5.2.4", "file-loader": "^6.2.0", - "sass": "^1.86.0", + "sass": "^1.86.1", "sass-loader": "^11.0.1", "style-loader": "^2.0.0", "ts-loader": "^9.5.2", @@ -5877,9 +5877,9 @@ "license": "MIT" }, "node_modules/sass": { - "version": "1.86.0", - "resolved": "https://registry.npmjs.org/sass/-/sass-1.86.0.tgz", - "integrity": "sha512-zV8vGUld/+mP4KbMLJMX7TyGCuUp7hnkOScgCMsWuHtns8CWBoz+vmEhoGMXsaJrbUP8gj+F1dLvVe79sK8UdA==", + "version": "1.86.1", + "resolved": "https://registry.npmjs.org/sass/-/sass-1.86.1.tgz", + "integrity": "sha512-Yaok4XELL1L9Im/ZUClKu//D2OP1rOljKj0Gf34a+GzLbMveOzL7CfqYo+JUa5Xt1nhTCW+OcKp/FtR7/iqj1w==", "dev": true, "license": "MIT", "dependencies": { diff --git a/Auth/LearningHub.Nhs.Auth/package.json b/Auth/LearningHub.Nhs.Auth/package.json index 6d82053..6766d99 100644 --- a/Auth/LearningHub.Nhs.Auth/package.json +++ b/Auth/LearningHub.Nhs.Auth/package.json @@ -35,7 +35,7 @@ "cross-env": "^7.0.3", "css-loader": "^5.2.4", "file-loader": "^6.2.0", - "sass": "^1.86.0", + "sass": "^1.86.1", "sass-loader": "^11.0.1", "style-loader": "^2.0.0", "ts-loader": "^9.5.2", From 928bca2195a03ac17829c0fa34e2d4435e38c804 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 3 Apr 2025 05:10:47 +0000 Subject: [PATCH 21/24] Bump sass from 1.86.1 to 1.86.2 in /Auth/LearningHub.Nhs.Auth (#145) Bumps [sass](https://github.com/sass/dart-sass) from 1.86.1 to 1.86.2. - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](https://github.com/sass/dart-sass/compare/1.86.1...1.86.2) --- updated-dependencies: - dependency-name: sass dependency-version: 1.86.2 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Auth/LearningHub.Nhs.Auth/package-lock.json | 8 ++++---- Auth/LearningHub.Nhs.Auth/package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Auth/LearningHub.Nhs.Auth/package-lock.json b/Auth/LearningHub.Nhs.Auth/package-lock.json index c472305..22d15bb 100644 --- a/Auth/LearningHub.Nhs.Auth/package-lock.json +++ b/Auth/LearningHub.Nhs.Auth/package-lock.json @@ -25,7 +25,7 @@ "cross-env": "^7.0.3", "css-loader": "^5.2.4", "file-loader": "^6.2.0", - "sass": "^1.86.1", + "sass": "^1.86.2", "sass-loader": "^11.0.1", "style-loader": "^2.0.0", "ts-loader": "^9.5.2", @@ -5877,9 +5877,9 @@ "license": "MIT" }, "node_modules/sass": { - "version": "1.86.1", - "resolved": "https://registry.npmjs.org/sass/-/sass-1.86.1.tgz", - "integrity": "sha512-Yaok4XELL1L9Im/ZUClKu//D2OP1rOljKj0Gf34a+GzLbMveOzL7CfqYo+JUa5Xt1nhTCW+OcKp/FtR7/iqj1w==", + "version": "1.86.2", + "resolved": "https://registry.npmjs.org/sass/-/sass-1.86.2.tgz", + "integrity": "sha512-Rpfn0zAIDqvnSb2DihJTDFjbhqLHu91Wqac9rxontWk7R+2txcPjuujMqu1eeoezh5kAblVCS5EdFdyr0Jmu+w==", "dev": true, "license": "MIT", "dependencies": { diff --git a/Auth/LearningHub.Nhs.Auth/package.json b/Auth/LearningHub.Nhs.Auth/package.json index 6766d99..26249bf 100644 --- a/Auth/LearningHub.Nhs.Auth/package.json +++ b/Auth/LearningHub.Nhs.Auth/package.json @@ -35,7 +35,7 @@ "cross-env": "^7.0.3", "css-loader": "^5.2.4", "file-loader": "^6.2.0", - "sass": "^1.86.1", + "sass": "^1.86.2", "sass-loader": "^11.0.1", "style-loader": "^2.0.0", "ts-loader": "^9.5.2", From 429e9a44bd512a93c2a45b861025821957cfc808 Mon Sep 17 00:00:00 2001 From: Swapnamol Abraham Date: Mon, 7 Apr 2025 17:16:32 +0100 Subject: [PATCH 22/24] TD-5407: Implemented a fix to avoid SQL exception on LinkExistingUserToSso method --- .../LH/IExternalSystemUserRepository.cs | 8 +++++++ .../LH/ExternalSystemUserRepository.cs | 22 +++++++++++++++++++ .../RegistrationService.cs | 2 +- 3 files changed, 31 insertions(+), 1 deletion(-) diff --git a/LearningHub.Nhs.UserApi.Repository.Interface/LH/IExternalSystemUserRepository.cs b/LearningHub.Nhs.UserApi.Repository.Interface/LH/IExternalSystemUserRepository.cs index d84ded7..6f76875 100644 --- a/LearningHub.Nhs.UserApi.Repository.Interface/LH/IExternalSystemUserRepository.cs +++ b/LearningHub.Nhs.UserApi.Repository.Interface/LH/IExternalSystemUserRepository.cs @@ -1,6 +1,7 @@ namespace LearningHub.Nhs.UserApi.Repository.Interface.LH { using System.Threading.Tasks; + using elfhHub.Nhs.Models.Entities; using LearningHub.Nhs.Models.Entities.External; /// @@ -15,5 +16,12 @@ public interface IExternalSystemUserRepository : IGenericLHRepositoryThe external system id. /// The . Task GetByIdAsync(int userId, int externalSystemId); + + /// + /// Create External system user. + /// + /// The userExternalSystem. + /// The . + Task CreateExternalSystemUserAsync(ExternalSystemUser userExternalSystem); } } diff --git a/LearningHub.Nhs.UserApi.Repository/LH/ExternalSystemUserRepository.cs b/LearningHub.Nhs.UserApi.Repository/LH/ExternalSystemUserRepository.cs index 0e03129..c02b97d 100644 --- a/LearningHub.Nhs.UserApi.Repository/LH/ExternalSystemUserRepository.cs +++ b/LearningHub.Nhs.UserApi.Repository/LH/ExternalSystemUserRepository.cs @@ -1,10 +1,15 @@ namespace LearningHub.Nhs.UserApi.Repository.LH { + using System; + using System.Collections.Generic; + using System.Data; using System.Linq; using System.Threading.Tasks; + using elfhHub.Nhs.Models.Entities; using LearningHub.Nhs.Models.Entities.External; using LearningHub.Nhs.UserApi.Repository; using LearningHub.Nhs.UserApi.Repository.Interface.LH; + using Microsoft.Data.SqlClient; using Microsoft.EntityFrameworkCore; /// @@ -30,5 +35,22 @@ public async Task GetByIdAsync(int userId, int externalSyste .AsNoTracking() .FirstOrDefaultWithNoLockAsync(); } + + /// + public async Task CreateExternalSystemUserAsync(ExternalSystemUser userExternalSystem) + { + try + { + var param0 = new SqlParameter("@p0", SqlDbType.Int) { Value = userExternalSystem.UserId }; + var param1 = new SqlParameter("@p1", SqlDbType.VarChar) { Value = userExternalSystem.ExternalSystemId }; + var param2 = new SqlParameter("@p2", SqlDbType.VarChar) { Value = userExternalSystem.UserId }; + var param3 = new SqlParameter("@p3", SqlDbType.Int) { Value = this.TimezoneOffsetManager.UserTimezoneOffset ?? (object)DBNull.Value }; + await this.DbContext.Database.ExecuteSqlRawAsync("[external].ExternalSystemUserCreate @p0, @p1, @p2, @p3", param0, param1, param2, param3); + } + catch (Exception ex) + { + throw new Exception(ex.Message); + } + } } } diff --git a/LearningHub.Nhs.UserApi.Services/RegistrationService.cs b/LearningHub.Nhs.UserApi.Services/RegistrationService.cs index ea3d67b..7dccbaf 100644 --- a/LearningHub.Nhs.UserApi.Services/RegistrationService.cs +++ b/LearningHub.Nhs.UserApi.Services/RegistrationService.cs @@ -185,7 +185,7 @@ public async Task LinkExistingUserToSso(int userId, int externalSystemId) ExternalSystemId = externalSystemId, }; - await this.externalSystemUserRepository.CreateAsync(userId, userExternalSystem); + await this.externalSystemUserRepository.CreateExternalSystemUserAsync(userExternalSystem); } /// From ecf118fbb6b33815aad8f665734cc2b6547fbb98 Mon Sep 17 00:00:00 2001 From: Swapnamol Abraham Date: Tue, 8 Apr 2025 11:23:54 +0100 Subject: [PATCH 23/24] Corrected the datatype --- .../LH/ExternalSystemUserRepository.cs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/LearningHub.Nhs.UserApi.Repository/LH/ExternalSystemUserRepository.cs b/LearningHub.Nhs.UserApi.Repository/LH/ExternalSystemUserRepository.cs index c02b97d..bc00c49 100644 --- a/LearningHub.Nhs.UserApi.Repository/LH/ExternalSystemUserRepository.cs +++ b/LearningHub.Nhs.UserApi.Repository/LH/ExternalSystemUserRepository.cs @@ -42,8 +42,8 @@ public async Task CreateExternalSystemUserAsync(ExternalSystemUser userExternalS try { var param0 = new SqlParameter("@p0", SqlDbType.Int) { Value = userExternalSystem.UserId }; - var param1 = new SqlParameter("@p1", SqlDbType.VarChar) { Value = userExternalSystem.ExternalSystemId }; - var param2 = new SqlParameter("@p2", SqlDbType.VarChar) { Value = userExternalSystem.UserId }; + var param1 = new SqlParameter("@p1", SqlDbType.Int) { Value = userExternalSystem.ExternalSystemId }; + var param2 = new SqlParameter("@p2", SqlDbType.Int) { Value = userExternalSystem.UserId }; var param3 = new SqlParameter("@p3", SqlDbType.Int) { Value = this.TimezoneOffsetManager.UserTimezoneOffset ?? (object)DBNull.Value }; await this.DbContext.Database.ExecuteSqlRawAsync("[external].ExternalSystemUserCreate @p0, @p1, @p2, @p3", param0, param1, param2, param3); } From 0b6e8691a59508fbb4e2607291037955156bf7e7 Mon Sep 17 00:00:00 2001 From: Swapnamol Abraham Date: Tue, 8 Apr 2025 14:15:41 +0100 Subject: [PATCH 24/24] Modified EF call with SP call --- LearningHub.Nhs.UserApi.Services/RegistrationService.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LearningHub.Nhs.UserApi.Services/RegistrationService.cs b/LearningHub.Nhs.UserApi.Services/RegistrationService.cs index 7dccbaf..f3dccd3 100644 --- a/LearningHub.Nhs.UserApi.Services/RegistrationService.cs +++ b/LearningHub.Nhs.UserApi.Services/RegistrationService.cs @@ -336,7 +336,7 @@ public async Task RegisterUser(RegistrationRequestV ExternalSystemId = registrationRequest.ExternalSystemId.Value, }; - await this.externalSystemUserRepository.CreateAsync(userId, userExternalSystem); + await this.externalSystemUserRepository.CreateExternalSystemUserAsync(userExternalSystem); } if (registrationRequest.IsExternalUser == false)