Merge branch 'stories/ECER-5315' of https://github.com/bcgov/ECC-ECER into stories/ECER-5315

Author: bibhusahu91

.github/workflows/api-build.yml

@@ -10,8 +10,10 @@ on:
       - src/**
       - "!src/ECER.Clients.RegistryPortal/**"
       - "!src/ECER.Clients.E2ETestData/**"
+      - "!src/ECER.Clients.PSPPortal/**"
       - "!src/registry-portal.Dockerfile"
       - "!src/e2e-test-data.Dockerfile"
+      - "!src/psp-portal.Dockerfile"
       - .github/workflows/api-build.yml
       - .github/workflows/build-template.yml
 
@@ -20,8 +22,10 @@ on:
       - src/**
       - "!src/ECER.Clients.RegistryPortal/**"
       - "!src/ECER.Clients.E2ETestData/**"
-      - "!src/registry-portal.Dockerfile"
+      - "!src/ECER.Clients.PSPPortal/**" 
+      - "!src/registry-portal.Dockerfile" 
       - "!src/e2e-test-data.Dockerfile"
+      - "!src/psp-portal.Dockerfile"
       - .github/workflows/api-build.yml
       - .github/workflows/build-template.yml
 

.github/workflows/deploy-to-dev.yaml

@@ -58,6 +58,7 @@ jobs:
 
           oc tag -n ${{env.OPENSHIFT_NAMESPACE}} --alias=true registry-portal:${{github.event.inputs.version}} registry-portal:${{env.APP_ENVIRONMENT_DESTINATION}}
           oc tag -n ${{env.OPENSHIFT_NAMESPACE}} --alias=true api:${{github.event.inputs.version}} api:${{env.APP_ENVIRONMENT_DESTINATION}}
+          oc tag -n ${{env.OPENSHIFT_NAMESPACE}} --alias=true psp-portal:${{github.event.inputs.version}} psp-portal:${{env.APP_ENVIRONMENT_DESTINATION}}
 
           # E2ETestData only exists in Dev and is used for automation testing, this will not exist in higher environments. 
           oc tag -n ${{env.OPENSHIFT_NAMESPACE}} --alias=true e2e-test-data:${{github.event.inputs.version}} e2e-test-data:${{env.APP_ENVIRONMENT_DESTINATION}}

.github/workflows/deploy-to-prod.yaml

@@ -52,9 +52,12 @@ jobs:
           #grabs the image sha for our input environments using jq
           API_IMAGE_SHA=$(oc get is api -o json | jq -r '.spec.tags[] | select(.name == "${{inputs.app_environment_source}}").from.name')
           REGISTRY_PORTAL_IMAGE_SHA=$(oc get is registry-portal -o json | jq -r '.spec.tags[] | select(.name == "${{inputs.app_environment_source}}").from.name')
+          # PSP_PORTAL_IMAGE_SHA=$(oc get is psp-portal -o json | jq -r '.spec.tags[] | select(.name == "${{inputs.app_environment_source}}").from.name')
 
           echo registry-portal image sha being promoted: $REGISTRY_PORTAL_IMAGE_SHA
           echo api image sha being promoted: $API_IMAGE_SHA
+          # echo psp-portal image sha being promoted: $PSP_PORTAL_IMAGE_SHA
 
           oc tag -n ${{env.OPENSHIFT_NAMESPACE}} registry-portal:${{inputs.app_environment_source}} registry-portal:${{env.APP_ENVIRONMENT_DESTINATION}}
           oc tag -n ${{env.OPENSHIFT_NAMESPACE}} api:${{inputs.app_environment_source}} api:${{env.APP_ENVIRONMENT_DESTINATION}}
+          # oc tag -n ${{env.OPENSHIFT_NAMESPACE}} psp-portal:${{inputs.app_environment_source}} psp-portal:${{env.APP_ENVIRONMENT_DESTINATION}}

.github/workflows/deploy-to-test.yaml

@@ -45,9 +45,12 @@ jobs:
           #grabs the image sha for our input environments using jq
           API_IMAGE_SHA=$(oc get is api -o json | jq -r '.spec.tags[] | select(.name == "${{env.APP_ENVIRONMENT_SOURCE}}").from.name')
           REGISTRY_PORTAL_IMAGE_SHA=$(oc get is registry-portal -o json | jq -r '.spec.tags[] | select(.name == "${{env.APP_ENVIRONMENT_SOURCE}}").from.name')
+          PSP_PORTAL_IMAGE_SHA=$(oc get is psp-portal -o json | jq -r '.spec.tags[] | select(.name == "${{inputs.app_environment_source}}").from.name')
 
           echo registry-portal image sha being promoted: $REGISTRY_PORTAL_IMAGE_SHA
           echo api image sha being promoted: $API_IMAGE_SHA
+          echo psp-portal image sha being promoted: $PSP_PORTAL_IMAGE_SHA
 
           oc tag -n ${{env.OPENSHIFT_NAMESPACE}} registry-portal:${{env.APP_ENVIRONMENT_SOURCE}} registry-portal:${{env.APP_ENVIRONMENT_DESTINATION}}
           oc tag -n ${{env.OPENSHIFT_NAMESPACE}} api:${{env.APP_ENVIRONMENT_SOURCE}} api:${{env.APP_ENVIRONMENT_DESTINATION}}
+          oc tag -n ${{env.OPENSHIFT_NAMESPACE}} psp-portal:${{env.APP_ENVIRONMENT_SOURCE}} psp-portal:${{env.APP_ENVIRONMENT_DESTINATION}}

.github/workflows/deploy-to-uat.yaml

@@ -45,9 +45,12 @@ jobs:
           #grabs the image sha for our input environments using jq
           API_IMAGE_SHA=$(oc get is api -o json | jq -r '.spec.tags[] | select(.name == "${{env.APP_ENVIRONMENT_SOURCE}}").from.name')
           REGISTRY_PORTAL_IMAGE_SHA=$(oc get is registry-portal -o json | jq -r '.spec.tags[] | select(.name == "${{env.APP_ENVIRONMENT_SOURCE}}").from.name')
+          PSP_PORTAL_IMAGE_SHA=$(oc get is psp-portal -o json | jq -r '.spec.tags[] | select(.name == "${{env.APP_ENVIRONMENT_SOURCE}}").from.name')
 
           echo registry-portal image sha being promoted: $REGISTRY_PORTAL_IMAGE_SHA
           echo api image sha being promoted: $API_IMAGE_SHA
+          echo psp-portal image sha being promoted: $PSP_PORTAL_IMAGE_SHA
 
           oc tag -n ${{env.OPENSHIFT_NAMESPACE}} registry-portal:${{env.APP_ENVIRONMENT_SOURCE}} registry-portal:${{env.APP_ENVIRONMENT_DESTINATION}}
           oc tag -n ${{env.OPENSHIFT_NAMESPACE}} api:${{env.APP_ENVIRONMENT_SOURCE}} api:${{env.APP_ENVIRONMENT_DESTINATION}}
+          oc tag -n ${{env.OPENSHIFT_NAMESPACE}} psp-portal:${{env.APP_ENVIRONMENT_SOURCE}} psp-portal:${{env.APP_ENVIRONMENT_DESTINATION}}

.github/workflows/e2e-test-data-build.yml

@@ -10,8 +10,10 @@ on:
       - src/**
       - "!src/ECER.Clients.RegistryPortal/**"
       - "!src/ECER.Clients.Api/**"
+      - "!src/ECER.Clients.PSPPortal/**"
       - "!src/registry-portal.Dockerfile"
       - "!src/api.Dockerfile"
+      - "!src/psp-portal.Dockerfile"
       - .github/workflows/e2e-test-data-build.yml
       - .github/workflows/build-template.yml
 
@@ -20,9 +22,11 @@ on:
       - src/**
       - "!src/ECER.Clients.RegistryPortal/**"
       - "!src/ECER.Clients.Api/**"
+      - "!src/ECER.Clients.PSPPortal/**"
       - "!src/registry-portal.Dockerfile"
       - "!src/api.Dockerfile"
-      - .github/workflows/e2e-test-data-build.yml
+      - "!src/psp-portal.Dockerfile"
+      - .github/workflows/e2e-test-build.yml
       - .github/workflows/build-template.yml
 
 jobs:

.github/workflows/psp-portal-build.yml

@@ -0,0 +1,47 @@
+name: PSP Portal Build
+on:
+  workflow_dispatch:
+
+  push:
+    branches:
+      - master
+      - "release/**"
+    paths:
+      - src/**
+      - "!src/ECER.Clients.RegistryPortal/**"
+      - "!src/ECER.Clients.Api/**"
+      - "!src/ECER.Clients.E2ETestData/**"
+      - "!src/registry-portal.Dockerfile"
+      - "!src/api.Dockerfile"
+      - "!src/e2e-test-data.Dockerfile"
+      - .github/workflows/psp-portal-build.yml
+      - .github/workflows/build-template.yml
+
+  pull_request:
+    paths:
+      - src/**
+      - "!src/ECER.Clients.RegistryPortal/**"
+      - "!src/ECER.Clients.Api/**"
+      - "!src/ECER.Clients.E2ETestData/**"
+      - "!src/registry-portal.Dockerfile"
+      - "!src/api.Dockerfile"
+      - "!src/e2e-test-data.Dockerfile"
+      - .github/workflows/psp-portal-build.yml
+      - .github/workflows/build-template.yml
+
+jobs:
+  build:
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+      security-events: write
+    uses: ./.github/workflows/build-template.yml
+    with:
+      IMAGE_CONTEXT: src
+      IMAGE_FILE: src/psp-portal.Dockerfile
+      IMAGE_NAME: psp-portal
+      REGISTRY: ${{ vars.DOCKER_REGISTRY }}
+    secrets:
+      REGISTRY_USER: ${{ secrets.DOCKER_USERNAME }}
+      REGISTRY_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}

.github/workflows/registry-portal-build.yml

@@ -10,8 +10,10 @@ on:
       - src/**
       - "!src/ECER.Clients.Api/**"
       - "!src/ECER.Clients.E2ETestData/**"
+      - "!src/ECER.Clients.PSPPortal/**"
       - "!src/api.Dockerfile"
       - "!src/e2e-test-data.Dockerfile"
+      - "!src/psp-portal.Dockerfile"
       - .github/workflows/registry-portal-build.yml
       - .github/workflows/build-template.yml
 
@@ -20,8 +22,10 @@ on:
       - src/**
       - "!src/ECER.Clients.Api/**"
       - "!src/ECER.Clients.E2ETestData/**"
+      - "!src/ECER.Clients.PSPPortal/**"
       - "!src/api.Dockerfile"
       - "!src/e2e-test-data.Dockerfile"
+      - "!src/psp-portal.Dockerfile"
       - .github/workflows/registry-portal-build.yml
       - .github/workflows/build-template.yml
 

.github/workflows/tag-create.git.and.imagestream.tag.yaml

@@ -96,11 +96,34 @@ jobs:
       REGISTRY_USER: ${{ secrets.DOCKER_USERNAME }}
       REGISTRY_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
 
+  build-psp-portal:
+    needs: validate-input
+    permissions:
+      contents: read
+      packages: write
+      id-token: write
+      security-events: write
+    uses: ./.github/workflows/build-template.yml
+    with:
+      IMAGE_CONTEXT: src
+      IMAGE_FILE: src/psp-portal.Dockerfile
+      IMAGE_NAME: psp-portal
+      REGISTRY: ${{ vars.DOCKER_REGISTRY }}
+    secrets:
+      REGISTRY_USER: ${{ secrets.DOCKER_USERNAME }}
+      REGISTRY_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
+
   git-tag:
     name: Tag image
     runs-on: ubuntu-22.04
     needs:
-      [validate-input, build-api, build-registry-portal, build-e2e-test-data]
+      [
+        validate-input,
+        build-api,
+        build-registry-portal,
+        build-e2e-test-data,
+        build-psp-portal,
+      ]
     environment: dev
 
     steps:
@@ -110,8 +133,6 @@ jobs:
       - name: Create tag
         uses: actions/github-script@v7
         with:
-          # we need to use a PAT token instead of the GITHUB_TOKEN to be able to create a tag that will trigger events.
-          # https://docs.github.com/en/actions/security-for-github-actions/security-guides/automatic-token-authentication
           script: |
             console.log(`this action was run on branch :: ${context.ref}`);
             console.log(`Github SHA :: ${context.sha}`);

src/ECER.Clients.PSPPortal/ECER.Clients.PSPPortal.Server/AuthenticationService.cs

@@ -0,0 +1,56 @@
+using ECER.Clients.PSPPortal.Server.Shared;
+using ECER.Managers.Registry.Contract.Registrants;
+using ECER.Utilities.Security;
+using MediatR;
+using Microsoft.Extensions.Caching.Distributed;
+using Microsoft.Extensions.Options;
+using System.Security.Claims;
+
+namespace ECER.Clients.PSPPortal.Server;
+
+public class AuthenticationService(IMediator messageBus, IDistributedCache cache, IOptions<ClaimCacheSettings> claimCacheSettings)
+{
+  public async Task<ClaimsPrincipal?> EnrichUserSecurityContext(ClaimsPrincipal principal, CancellationToken ct)
+  {
+    ArgumentNullException.ThrowIfNull(principal);
+
+    var identityProvider = principal.FindFirst(RegistryPortalClaims.IdenityProvider)?.Value;
+    var identityId = principal.FindFirst(ClaimTypes.Name)?.Value;
+
+    if (string.IsNullOrEmpty(identityProvider) || string.IsNullOrEmpty(identityId)) return principal;
+
+    // try and get the current user information
+    var userClaims = await GetUserClaims(new UserIdentity(identityId, identityProvider), ct);
+
+    if (userClaims == null) return principal;
+
+    principal.AddIdentity(new ClaimsIdentity(userClaims));
+
+    return principal;
+  }
+
+  private async Task<Claim[]?> GetUserClaims(UserIdentity userIdentity, CancellationToken ct)
+  {
+    // try to find the registrant
+    var registrant = await cache.GetAsync($"userinfo:{userIdentity.UserId}@{userIdentity.IdentityProvider}",
+      async ct => (await messageBus.Send(new SearchRegistrantQuery { ByUserIdentity = userIdentity }, ct)).Items.SingleOrDefault(),
+      new DistributedCacheEntryOptions { AbsoluteExpirationRelativeToNow = TimeSpan.FromSeconds(claimCacheSettings.Value.CacheTimeInSeconds) },
+      ct);
+
+    if (registrant == null) return null;
+
+    // add registrant claims
+    var userId = new Claim("user_id", registrant.UserId);
+    Claim verificationStatus = new Claim("verified", "");
+    if (registrant.Profile.Status == StatusCode.Verified)
+    {
+      verificationStatus = new Claim("verified", "true");
+    }
+    else if (registrant.Profile.Status is StatusCode.Unverified or StatusCode.PendingforDocuments)
+    {
+      verificationStatus = new Claim("verified", "false");
+    }
+
+    return [userId, verificationStatus];
+  }
+}