Merge pull request #668 from bcgov/2.0.6

bcgov-brwang · web-flow · commit 376ef3cf84d3 · 2023-03-20T09:55:44.000-07:00
2.0.6
diff --git a/api/Hmcr.Api/Authentication/HmcrJwtBearerEvents.cs b/api/Hmcr.Api/Authentication/HmcrJwtBearerEvents.cs
@@ -70,16 +70,33 @@ private async Task<bool> PopulateCurrentUserFromDb(ClaimsPrincipal principal)
         {
             var isApiClient = false;
             bool.TryParse(principal.FindFirstValue(HmcrClaimTypes.KcIsApiClient), out isApiClient);
+            isApiClient = true;
 
-            //preferred_username token has a form of "{username}@{directory}".
-            var preferredUsername = isApiClient ? principal.FindFirstValue(HmcrClaimTypes.KcApiUsername) : principal.FindFirstValue(HmcrClaimTypes.KcUsername);
-            var usernames = preferredUsername.Split("@");
-            var username = usernames[0].ToUpperInvariant();
-            var directory = usernames[1].ToUpperInvariant();
+            //preferred_username token has a form of "{guid}@{directory}".
+            //var preferredUsername = isApiClient ? principal.FindFirstValue(HmcrClaimTypes.KcApiUsername) : principal.FindFirstValue(HmcrClaimTypes.KcUsername);
+            var preferredUsername = principal.FindFirstValue(HmcrClaimTypes.KcUsername);
+            var username = principal.FindFirstValue(HmcrClaimTypes.KcApiUsername);
 
-            var userGuidClaim = directory.ToUpperInvariant() == UserTypeDto.IDIR ? HmcrClaimTypes.KcIdirGuid : HmcrClaimTypes.KcBceidGuid;
-            var userGuid = new Guid(principal.FindFirstValue(userGuidClaim));
-            var email = principal.FindFirstValue(ClaimTypes.Email).ToUpperInvariant();
+            var directory = "";
+            Guid userGuid = new Guid("00000000-0000-0000-0000-000000000000");
+            var email = "";
+            if (preferredUsername.Contains("@"))
+            {
+                directory = preferredUsername.Split("@")[1].ToUpperInvariant();
+                username = principal.FindFirstValue(HmcrClaimTypes.KcUsername).Split("@")[0].ToUpperInvariant();
+                userGuid = new Guid(Guid.Parse(username).ToString());
+                email = principal.FindFirstValue(ClaimTypes.Email)?.ToUpperInvariant();
+
+            }
+            else
+            {
+                
+                username = principal.FindFirstValue(HmcrClaimTypes.KcUsername).Split("@")[0].ToUpperInvariant();
+                userGuid = new Guid(principal.FindFirstValue("idir_userid")?.ToUpperInvariant());
+                email = principal.FindFirstValue(ClaimTypes.Email)?.ToUpperInvariant();
+
+            }
+            
 
             var user = await _userService.GetActiveUserEntityAsync(userGuid);
             if (user == null)
@@ -96,7 +113,7 @@ private async Task<bool> PopulateCurrentUserFromDb(ClaimsPrincipal principal)
                 email = user.Email;
             }
 
-            if (directory == "IDIR")
+            if (directory.Equals("IDIR", StringComparison.OrdinalIgnoreCase))
             {
                 _curentUser.UserGuid = userGuid;
                 _curentUser.UserType = UserTypeDto.INTERNAL;
@@ -105,8 +122,8 @@ private async Task<bool> PopulateCurrentUserFromDb(ClaimsPrincipal principal)
             {
                 _curentUser.UserGuid = userGuid;
                 _curentUser.BusinessGuid = user.BusinessGuid;
-                _curentUser.BusinessLegalName = user.Party.BusinessLegalName;
-                _curentUser.BusinessNumber = user.Party.BusinessNumber ?? 0;
+                _curentUser.BusinessLegalName = user.Party?.BusinessLegalName;
+                _curentUser.BusinessNumber = user.Party?.BusinessNumber ?? 0;
                 _curentUser.UserType = UserTypeDto.BUSINESS;
             }
 
diff --git a/api/Hmcr.Api/Startup.cs b/api/Hmcr.Api/Startup.cs
@@ -10,6 +10,7 @@
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
+using Microsoft.IdentityModel.Logging;
 using Serilog.Ui.PostgreSqlProvider.Extensions;
 using Serilog.Ui.Web;
 
@@ -29,6 +30,7 @@ public Startup(IConfiguration configuration, IWebHostEnvironment env)
 
         public void ConfigureServices(IServiceCollection services)
         {
+            IdentityModelEventSource.ShowPII = true;
             var connectionString = Configuration.GetValue<string>("ConnectionStrings:HMCR");
             var enableSensitiveDataLogging = Configuration.GetValue<bool>("EnableSensitiveDataLogging");
 
diff --git a/api/Hmcr.Api/appsettings.json b/api/Hmcr.Api/appsettings.json
@@ -1,7 +1,7 @@
 {
   "AllowedHosts": "*",
   "Constants": {
-    "Version": "2.0.5.0",
+    "Version": "2.0.6.0",
     "SwaggerApiUrl": "/swagger/v1/swagger.json"
   },
   "Serilog": {
@@ -93,7 +93,7 @@
     "InventoryAPI": 120
   },
   "JWT": {
-    "Authority": "https://dev.oidc.gov.bc.ca/auth/realms/<realmid>",
+    "Authority": "https://dev.loginproxy.gov.bc.ca/auth/realms/<realmid>",
     "Audience": "<app-id>"
   },
   "BCeID": {
diff --git a/api/Hmcr.Bceid/BceidApi.cs b/api/Hmcr.Bceid/BceidApi.cs
@@ -95,7 +95,6 @@ private void RefreshCache(object source, ElapsedEventArgs e)
             }
 
             request.onlineServiceId = _client.Osid;
-
             var response = await _client.getAccountDetailAsync(request);
 
             if (response.code != ResponseCode.Success)
diff --git a/api/Hmcr.Data/Database/Entities/AppDbContextPartial.cs b/api/Hmcr.Data/Database/Entities/AppDbContextPartial.cs
@@ -1,5 +1,7 @@
 ﻿using Hmcr.Model;
 using Hmcr.Model.Dtos;
+using Hmcr.Model.Dtos.User;
+using Hmcr.Model.Utils;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.EntityFrameworkCore.ChangeTracking;
 using System;
@@ -66,14 +68,14 @@ private void PerformAudit()
                 if (entry.Members.Any(m => m.Metadata.Name == AppCreateUserGuid)) //auditable entity
                 {
                     entry.Member(AppLastUpdateUserid).CurrentValue = _currentUser.Username;
-                    entry.Member(AppLastUpdateUserDirectory).CurrentValue = _currentUser.AuthDirName;
+                    entry.Member(AppLastUpdateUserDirectory).CurrentValue = _currentUser.AuthDirName.ToShortDirectory();
                     entry.Member(AppLastUpdateUserGuid).CurrentValue = _currentUser.UserGuid;
                     entry.Member(AppLastUpdateTimestamp).CurrentValue = currentTime; 
 
                     if (entry.State == EntityState.Added)
                     {
                         entry.Member(AppCreateUserid).CurrentValue = _currentUser.Username;
-                        entry.Member(AppCreateUserDirectory).CurrentValue = _currentUser.AuthDirName;
+                        entry.Member(AppCreateUserDirectory).CurrentValue = _currentUser.AuthDirName.ToShortDirectory();
                         entry.Member(AppCreateUserGuid).CurrentValue = _currentUser.UserGuid;
                         entry.Member(AppCreateTimestamp).CurrentValue = currentTime;
                         entry.Member(ConcurrencyControlNumber).CurrentValue = (long)1;
diff --git a/api/Hmcr.Model/HmcrClaimTypes.cs b/api/Hmcr.Model/HmcrClaimTypes.cs
@@ -4,9 +4,9 @@ public static class HmcrClaimTypes
     {
         public const string KcUsername = "preferred_username";
         public const string KcBceidGuid = "bceid_userid";
-        public const string KcIdirGuid = "idir_userid";
+        public const string KcIdirGuid = "idir_user_guid";
         public const string KcIsApiClient = "api_client";
-        public const string KcApiUsername = "username";
+        public const string KcApiUsername = "idir_username";
 
         public const string Permission = "HMCR_PERMISSION";
         public const string ServiceAreaNumber = "HMCR_SERVICE_AREA_NUMBER";
diff --git a/api/Hmcr.Model/Utils/StringExtensions.cs b/api/Hmcr.Model/Utils/StringExtensions.cs
@@ -109,6 +109,20 @@ public static bool IsBusinessUser(this string str)
             return str.ToUpperInvariant() == UserTypeDto.BUSINESS;
         }
 
+        public static string ToShortDirectory(this string str)
+        {
+            var directoryStr = str.Trim().ToUpperInvariant();
+            switch (directoryStr)
+            {
+                case "BCEIDBUSINESS":
+                    return UserTypeDto.BCeId;
+                case "IDIR":
+                    return UserTypeDto.IDIR;
+                default:
+                    return directoryStr.Substring(0, 12);
+            }
+        }
+
         public static string GetSha256Hash(this string text)
         {
             if (string.IsNullOrEmpty(text))
diff --git a/client/.env.development b/client/.env.development
@@ -1,8 +1,8 @@
 BROWSER=none
 REACT_APP_API_HOST=localhost:27238
 REACT_APP_CLIENT_ORIGIN=localhost:3000
-REACT_APP_SSO_CLIENT=hmcr-public-dev
-REACT_APP_SSO_REALM=fygf50pt
-REACT_APP_SSO_HOST=https://dev.oidc.gov.bc.ca/auth
+REACT_APP_SSO_CLIENT=<clientid>
+REACT_APP_SSO_REALM=<realms>
+REACT_APP_SSO_HOST=<sso_host>
 REACT_APP_DEFAULT_PAGE_SIZE_OPTIONS=25,50,100,200
 REACT_APP_DEFAULT_PAGE_SIZE=25
diff --git a/client/README.md b/client/README.md
@@ -66,3 +66,4 @@ This section has moved here: https://facebook.github.io/create-react-app/docs/de
 ### `npm run build` fails to minify
 
 This section has moved here: https://facebook.github.io/create-react-app/docs/troubleshooting#npm-run-build-fails-to-minify
+
diff --git a/client/package-lock.json b/client/package-lock.json
diff --git a/client/package.json b/client/package.json
@@ -13,7 +13,7 @@
     "formik": "^2.1.4",
     "http-proxy-middleware": "^1.0.3",
     "jquery": "^3.5.1",
-    "keycloak-js": "^9.0.3",
+    "keycloak-js": "^19.0.1",
     "lodash": "^4.17.21",
     "moment": "^2.24.0",
     "node-sass": "^7.0.1",
diff --git a/client/src/js/Keycloak.js b/client/src/js/Keycloak.js
@@ -13,7 +13,7 @@ const keycloakConfig = {
 export const keycloak = Keycloak(keycloakConfig);
 
 export const init = (onSuccess) => {
-  keycloak.init({ onLoad: 'login-required', promiseType: 'native' }).then((authenticated) => {
+  keycloak.init({ onLoad: 'login-required', promiseType: 'native', pkceMethod: 'S256'}).then((authenticated) => {
     if (authenticated && onSuccess) {
       onSuccess();
     }
diff --git a/client/src/js/components/ApiAccess.js b/client/src/js/components/ApiAccess.js
@@ -101,7 +101,7 @@ const ApiAccess = ({ hideErrorDialog }) => {
     const sampleRequestPowershell =
       `$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"\n` +
       `$headers.Add("Authorization", "Bearer aaaabbbbccccdddd...")\n\n` +
-      `$response = Invoke-RestMethod '${sampleUrl}' -Method 'GET' -Headers $headers -Body $body\n` +
+      `$response = Invoke-RestMethod '${sampleUrl}' -Method 'GET' -Headers $headers\n` +
       `$response | ConvertTo-Json\n`;
 
     return (
diff --git a/openshift/api-build-config.yaml b/openshift/api-build-config.yaml
@@ -1,4 +1,4 @@
-apiVersion: v1
+apiVersion: template.openshift.io/v1
 kind: Template
 metadata:
   creationTimestamp: null
diff --git a/openshift/api-deploy-config.yaml b/openshift/api-deploy-config.yaml
@@ -1,4 +1,4 @@
-apiVersion: v1
+apiVersion: template.openshift.io/v1
 kind: Template
 metadata:
   creationTimestamp: null
diff --git a/openshift/client-build-config.yaml b/openshift/client-build-config.yaml
@@ -1,4 +1,4 @@
-apiVersion: v1
+apiVersion: template.openshift.io/v1
 kind: Template
 metadata:
   creationTimestamp: null
diff --git a/openshift/client-deploy-config.yaml b/openshift/client-deploy-config.yaml
@@ -1,4 +1,4 @@
-apiVersion: v1
+apiVersion: template.openshift.io/v1
 kind: Template
 metadata:
   creationTimestamp: null
diff --git a/openshift/configmaps/api-appsettings.yaml b/openshift/configmaps/api-appsettings.yaml
@@ -1,4 +1,4 @@
-apiVersion: v1
+apiVersion: template.openshift.io/v1
 kind: Template
 metadata:
   name: "true"
@@ -9,7 +9,7 @@ objects:
         {
             "AllowedHosts": "*",
             "Constants": {
-                "Version": "2.0.5.0",
+                "Version": "2.0.6.0",
                 "SwaggerApiUrl": "/swagger/v1/swagger.json"
             },
             "Serilog": {
@@ -90,7 +90,7 @@ objects:
               "InventoryAPI": ${GEOSERVER_TIMEOUT}
             },
             "JWT": {
-                "Authority": "https://dev.oidc.gov.bc.ca/auth/realms/<realmid>",
+                "Authority": "https://dev.loginproxy.gov.bc.ca/auth/realms/<realmid>",
                 "Audience": "<app-id>"
             },
             "BCeID": {
diff --git a/openshift/hangfire-build-config.yaml b/openshift/hangfire-build-config.yaml
@@ -1,4 +1,4 @@
-apiVersion: v1
+apiVersion: template.openshift.io/v1
 kind: Template
 metadata:
   creationTimestamp: null
diff --git a/openshift/hangfire-deploy-config.yaml b/openshift/hangfire-deploy-config.yaml
@@ -1,4 +1,4 @@
-apiVersion: v1
+apiVersion: template.openshift.io/v1
 kind: Template
 metadata:
   creationTimestamp: null
diff --git a/openshift/postgresql-deploy-config.yaml b/openshift/postgresql-deploy-config.yaml
@@ -1,5 +1,5 @@
 kind: Template
-apiVersion: v1
+apiVersion: template.openshift.io/v1
 metadata:
   name: ${PROJECT_NAME}
 objects:
diff --git a/openshift/secrets/bceid-secrets.yaml b/openshift/secrets/bceid-secrets.yaml
diff --git a/openshift/secrets/database-secrets.yaml b/openshift/secrets/database-secrets.yaml
diff --git a/openshift/secrets/email-secrets.yaml b/openshift/secrets/email-secrets.yaml
diff --git a/openshift/secrets/keycloak-service-account-secrets.yaml b/openshift/secrets/keycloak-service-account-secrets.yaml
diff --git a/openshift/secrets/logdb-postgresql-secrets.yaml b/openshift/secrets/logdb-postgresql-secrets.yaml
diff --git a/openshift/secrets/service-account-secrets.yaml b/openshift/secrets/service-account-secrets.yaml
@@ -1,4 +1,4 @@
-apiVersion: v1
+apiVersion: template.openshift.io/v1
 kind: Template
 metadata:
   creationTimestamp: null
diff --git a/openshift/secrets/sso-secrets.yaml b/openshift/secrets/sso-secrets.yaml

Original file line number	Diff line number	Diff line change
`@@ -95,7 +95,6 @@ private void RefreshCache(object source, ElapsedEventArgs e)`
`95`	`95`	`}`
`96`	`96`
`97`	`97`	`request.onlineServiceId = _client.Osid;`
`98`		`-`
`99`	`98`	`var response = await _client.getAccountDetailAsync(request);`
`100`	`99`
`101`	`100`	`if (response.code != ResponseCode.Success)`
Original file line number	Diff line number	Diff line change
`@@ -66,3 +66,4 @@ This section has moved here: https://facebook.github.io/create-react-app/docs/de`
`66`	`66`	### `npm run build` fails to minify
`67`	`67`
`68`	`68`	`This section has moved here: https://facebook.github.io/create-react-app/docs/troubleshooting#npm-run-build-fails-to-minify`
	`69`	`+`