Merge pull request #1048 from TechnologyEnhancedLearning/Develop/Fixes/TD-3730-No-Rate-Limiting-Enabled

Develop/fixes/td 3730 no rate limiting enabled

Author: AnjuJose011

.gitignore

@@ -52,3 +52,4 @@ obj
 /OpenAPI/LearningHub.Nhs.OpenApi/web.config
 /AdminUI/LearningHub.Nhs.AdminUI/LearningHub.Nhs.AdminUI.csproj.user
 /WebAPI/LearningHub.Nhs.API/LearningHub.Nhs.Api.csproj.user
+/ReportAPI/LearningHub.Nhs.ReportApi/web.config

AdminUI/LearningHub.Nhs.AdminUI/LearningHub.Nhs.AdminUI.csproj

@@ -89,7 +89,7 @@
 		<PackageReference Include="HtmlSanitizer" Version="6.0.453" />
 		<PackageReference Include="IdentityModel" Version="4.6.0" />
 		<PackageReference Include="LearningHub.Nhs.Caching" Version="2.0.2" />
-		<PackageReference Include="LearningHub.Nhs.Models" Version="3.0.47" />
+		<PackageReference Include="LearningHub.Nhs.Models" Version="3.0.48" />
 		<PackageReference Include="Microsoft.ApplicationInsights.AspNetCore" Version="2.19.0" />
 		<PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="6.0.36" />
 		<PackageReference Include="Microsoft.AspNetCore.Mvc.NewtonsoftJson" Version="6.0.36" />

LearningHub.Nhs.WebUI/Configuration/Settings.cs

@@ -186,6 +186,16 @@ public Settings()
         /// </summary>
         public string GoogleAnalyticsId { get; set; }
 
+        /// <summary>
+        /// Gets or sets the PasswordRequestLimitingPeriod.
+        /// </summary>
+        public int PasswordRequestLimitingPeriod { get; set; }
+
+        /// <summary>
+        /// Gets or sets the PasswordRequestLimit.
+        /// </summary>
+        public int PasswordRequestLimit { get; set; }
+
         /// <summary>
         /// Gets or sets the SupportUrls.
         /// </summary>

LearningHub.Nhs.WebUI/Controllers/AccountController.cs

@@ -1198,8 +1198,20 @@ public async Task<IActionResult> ForgotPassword(Models.Account.ForgotPasswordVie
                 return this.Ok(new { duplicate = true });
             }
 
-            await this.userService.ForgotPasswordAsync(model.EmailAddress);
-            return this.View("ForgotPasswordAcknowledgement");
+            var passwordRequestLimitingPeriod = this.Settings.PasswordRequestLimitingPeriod;
+            var passwordRequestLimit = this.Settings.PasswordRequestLimit;
+            var status = await this.userService.CanRequestPasswordResetAsync(model.EmailAddress, passwordRequestLimitingPeriod, passwordRequestLimit);
+            if (status)
+            {
+                await this.userService.ForgotPasswordAsync(model.EmailAddress);
+                return this.View("ForgotPasswordAcknowledgement");
+            }
+            else
+            {
+                this.ViewBag.Period = passwordRequestLimitingPeriod;
+                this.ViewBag.Limit = passwordRequestLimit;
+                return this.View("TooManyRequests");
+            }
         }
 
         /// <summary>

LearningHub.Nhs.WebUI/Controllers/HomeController.cs

@@ -6,7 +6,6 @@ namespace LearningHub.Nhs.WebUI.Controllers
     using System.Linq;
     using System.Net.Http;
     using System.Threading.Tasks;
-    using elfhHub.Nhs.Models.Common;
     using LearningHub.Nhs.Models.Content;
     using LearningHub.Nhs.Models.Enums.Content;
     using LearningHub.Nhs.Models.Extensions;
@@ -21,7 +20,6 @@ namespace LearningHub.Nhs.WebUI.Controllers
     using Microsoft.AspNetCore.Diagnostics;
     using Microsoft.AspNetCore.Hosting;
     using Microsoft.AspNetCore.Mvc;
-    using Microsoft.Extensions.Configuration;
     using Microsoft.Extensions.Logging;
     using Microsoft.Extensions.Options;
     using Microsoft.FeatureManagement;
@@ -54,7 +52,6 @@ public class HomeController : BaseController
         /// <param name="dashboardService">Dashboard service.</param>
         /// <param name="contentService">Content service.</param>
         /// <param name="featureManager"> featureManager.</param>
-        /// <param name="configuration"> config.</param>
         public HomeController(
             IHttpClientFactory httpClientFactory,
             IWebHostEnvironment hostingEnvironment,
@@ -65,8 +62,7 @@ public HomeController(
             LearningHubAuthServiceConfig authConfig,
             IDashboardService dashboardService,
             IContentService contentService,
-            IFeatureManager featureManager,
-            Microsoft.Extensions.Configuration.IConfiguration configuration)
+            IFeatureManager featureManager)
         : base(hostingEnvironment, httpClientFactory, logger, settings.Value)
         {
             this.authConfig = authConfig;
@@ -75,7 +71,6 @@ public HomeController(
             this.dashboardService = dashboardService;
             this.contentService = contentService;
             this.featureManager = featureManager;
-            this.configuration = configuration;
         }
 
         /// <summary>
@@ -170,26 +165,16 @@ public IActionResult Error(int? httpStatusCode)
             }
             else
             {
-                if (originalPath == "/TooManyRequests")
+                this.ViewBag.ErrorHeader = httpStatusCode.Value switch
                 {
-                    this.ViewBag.Period = this.configuration["IpRateLimiting:GeneralRules:0:Period"];
-                    this.ViewBag.Limit = this.configuration["IpRateLimiting:GeneralRules:0:Limit"];
-
-                    return this.View("TooManyRequests");
-                }
-                else
-                {
-                    this.ViewBag.ErrorHeader = httpStatusCode.Value switch
-                    {
-                        401 => "You do not have permission to access this page",
-                        404 => "We cannot find the page you are looking for",
-                        _ => "We cannot find the page you are looking for",
-                    };
+                    401 => "You do not have permission to access this page",
+                    404 => "We cannot find the page you are looking for",
+                    _ => "We cannot find the page you are looking for",
+                };
 
-                    this.ViewBag.HttpStatusCode = httpStatusCode.Value;
-                    this.ViewBag.HomePageUrl = "/home";
-                    return this.View("CustomError");
-                }
+                this.ViewBag.HttpStatusCode = httpStatusCode.Value;
+                this.ViewBag.HomePageUrl = "/home";
+                return this.View("CustomError");
             }
         }
 

LearningHub.Nhs.WebUI/Interfaces/IUserService.cs

@@ -418,6 +418,15 @@ public interface IUserService
         /// <returns>A <see cref="Task{TResult}"/> representing the result of the asynchronous operation.</returns>
         Task<EmailChangeValidationTokenViewModel> RegenerateEmailChangeValidationTokenAsync(string newPrimaryEmail, bool isUserRoleUpgrade);
 
+        /// <summary>
+        /// User Can request for password reset.
+        /// </summary>
+        /// <param name="emailAddress">The email Address.</param>
+        /// <param name="passwordRequestLimitingPeriod">The passwordRequestLimitingPeriod.</param>
+        /// <param name="passwordRequestLimit">ThepasswordRequestLimit.</param>
+        /// <returns>A <see cref="Task{TResult}"/> representing the result of the asynchronous operation.</returns>
+        Task<bool> CanRequestPasswordResetAsync(string emailAddress, int passwordRequestLimitingPeriod, int passwordRequestLimit);
+
         /// <summary>
         /// GenerateEmailChangeValidationTokenAndSendEmail.
         /// </summary>

LearningHub.Nhs.WebUI/LearningHub.Nhs.WebUI.csproj

@@ -113,7 +113,7 @@
 		<PackageReference Include="HtmlAgilityPack" Version="1.11.72" />
 		<PackageReference Include="IdentityModel" Version="4.6.0" />
 		<PackageReference Include="LearningHub.Nhs.Caching" Version="2.0.0" />
-		<PackageReference Include="LearningHub.Nhs.Models" Version="3.0.47" />
+		<PackageReference Include="LearningHub.Nhs.Models" Version="3.0.48" />
 		<PackageReference Include="linqtotwitter" Version="6.9.0" />
 		<PackageReference Include="Microsoft.ApplicationInsights.AspNetCore" Version="2.19.0" />
 		<PackageReference Include="Microsoft.ApplicationInsights.EventCounterCollector" Version="2.21.0" />

LearningHub.Nhs.WebUI/Middleware/LHIPRateLimitMiddleware.cs

@@ -84,7 +84,6 @@
     app.UseAuthorization();
 
     app.UseMiddleware<NLogMiddleware>();
-    app.UseMiddleware<LHIPRateLimitMiddleware>();
     app.UseStaticFiles();
 
     app.Map(TimezoneInfoMiddleware.TimezoneInfoUrl, b => b.UseMiddleware<TimezoneInfoMiddleware>());

LearningHub.Nhs.WebUI/Program.cs

@@ -111,8 +111,6 @@ public static void ConfigureServices(this IServiceCollection services, IConfigur
                 }
             });
 
-            ConfigureIpRateLimiting(services, configuration);
-
             // this method setup so httpcontext is available from controllers
             services.AddHttpContextAccessor();
             services.AddSingleton(learningHubAuthSvcConf);
@@ -139,17 +137,5 @@ public static void ConfigureServices(this IServiceCollection services, IConfigur
 
             services.AddFeatureManagement();
         }
-
-        /// <summary>
-        /// ConfigureIpRateLimiting.
-        /// </summary>
-        /// <param name="services">The services.</param>
-        /// <param name="configuration">The configuration.</param>
-        private static void ConfigureIpRateLimiting(IServiceCollection services, IConfiguration configuration)
-        {
-            services.Configure<IpRateLimitOptions>(configuration.GetSection("IpRateLimiting"));
-            services.AddInMemoryRateLimiting();
-            services.AddSingleton<IRateLimitConfiguration, RateLimitConfiguration>();
-        }
     }
 }