Merge pull request #7 from brunohbrito/1.2.1

1.2.1

Author: brunobritodev

CHANGELOG.md

@@ -1,3 +1,17 @@
+# v.1.2.1
+
+Now the components is available through Docker Hub.
+* Generated docker install file to easy test
+* Created a docker-compose based on images from Docker Hub
+* Updated packages for security alerts:
+  * bootstrap: [CVE-2019-8331](https://nvd.nist.gov/vuln/detail/CVE-2019-8331) -> Updated for version 4.3.1
+    * In Bootstrap 4 before 4.3.1 and Bootstrap 3 before 3.4.1, XSS is possible in the tooltip or popover data-template attribute. For more information, see: https://blog.getbootstrap.com/2019/02/13/bootstrap-4-3-1-and-3-4-1/
+  * lodash: [CVE-2018-16487](https://nvd.nist.gov/vuln/detail/CVE-2018-16487)
+    * A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.
+  * webpack-dev-server [CVE-2018-14732](https://nvd.nist.gov/vuln/detail/CVE-2018-14732)
+    * An issue was discovered in lib/Server.js in webpack-dev-server before 3.1.11. Attackers are able to steal developer's code because the origin of requests is not checked by the WebSocket server, which is used for HMR (Hot Module Replacement). Anyone can receive the HMR message sent by the WebSocket server via a ws://127.0.0.1:8080/ connection from any origin
+
+
 # v1.2.0
 
 ## User Management

README.md

@@ -103,6 +103,7 @@ There are several ways we can help you out.
 ## v1.2
 
 - Docker support
+- Available at Docker Hub
 - IdentityServer4 v2 (release 2.4.0)
   - Device flow
 - ASP.NET Core 2.2 support

build/docker-compose.yml

@@ -0,0 +1,71 @@
+version: "3"
+
+services:
+
+    #############################
+    # Database
+    #############################
+    jpdatabase:
+      image: mysql
+      command: --default-authentication-plugin=mysql_native_password
+      restart: always
+      environment:
+          MYSQL_ROOT_PASSWORD: root
+          MYSQL_USER: jp
+          MYSQL_DATABASE: jpproject
+          MYSQL_PASSWORD: 10203040
+    
+    #############################
+    # Server SSO
+    #############################
+    jpproject:
+        image: bhdebrito/jpproject-sso
+        ports:
+            - "5000:5000"
+        links:
+            - jpdatabase
+        depends_on:
+            - jpdatabase
+        environment: 
+            DATABASE_TYPE: "MySql"
+            CUSTOMCONNSTR_DATABASE_CONNECTION: "server=jpdatabase,port=3306;database=jpproject;user=jp;password=10203040"
+            ASPNETCORE_ENVIRONMENT: "Development"
+            ASPNETCORE_URLS: http://+:5000
+
+    # #############################
+    # # Management API
+    # #############################
+    jpproject-api:
+        image: bhdebrito/jpproject-api
+        ports:
+            - "5003:80"
+        depends_on:
+            - jpdatabase
+        environment: 
+            DATABASE_TYPE: "MySql"
+            CUSTOMCONNSTR_DATABASE_CONNECTION: "server=jpdatabase,port=3306;database=jpproject;user=jp;password=10203040"
+            ASPNETCORE_ENVIRONMENT: "Development"
+            AUTHORITY: "http://jpproject:5000"
+            ASPNETCORE_URLS: http://+
+
+    #############################
+    # User management UI
+    #############################
+    user-ui:
+        image: bhdebrito/jpproject-user-management-ui
+        depends_on:
+            - jpproject-api
+            - jpproject
+        ports:
+            - 4200:80
+
+    #############################
+    # Admin Ui
+    #############################
+    admin-ui:
+        image: bhdebrito/jpproject-admin-ui
+        depends_on:
+            - jpproject-api
+            - jpproject
+        ports:
+            - 4300:80

build/docker-run.bat

@@ -0,0 +1,9 @@
+@echo off
+cd /d %~dp0
+ECHO This script will update your HOST file with an entry 127.0.0.1 jpproject (Pre req for docker-compose). Then will run compose
+pause
+start /shared update-host.bat
+
+ECHO Running compose
+docker-compose up
+PAUSE

build/jpproject-docker-windows.zip

@@ -9,8 +9,5 @@ FIND /C /I "jpproject" %WINDIR%\system32\drivers\etc\hosts
 IF %ERRORLEVEL% NEQ 0 ECHO %NEWLINE%>>%WINDIR%\system32\drivers\etc\hosts
 IF %ERRORLEVEL% NEQ 0 ECHO 127.0.0.1    jpproject>>%WINDIR%\system32\drivers\etc\hosts
 ECHO Finished
-GOTO END
-
-:END
 ECHO.
-PAUSE
+EXIT

build/update-host.bat

@@ -14,11 +14,11 @@ internal class IdentityBootStrapper
         public static void RegisterServices(IServiceCollection services, IConfiguration config)
         {
            // Infra - Identity Services
+            services.AddSingleton<IEmailConfiguration>(config.GetSection("EmailConfiguration").Get<EmailConfiguration>());
             services.AddTransient<IEmailSender, AuthEmailMessageSender>();
             services.AddTransient<ISmsSender, AuthSMSMessageSender>();
             services.AddTransient<IUserService, UserService>();
             services.AddTransient<IRoleService, RoleService>();
-            services.AddSingleton<IEmailConfiguration>(config.GetSection("EmailConfiguration").Get<EmailConfiguration>());
             services.AddSingleton<IImageStorage, AzureImageStoreService>();
 
             // Infra - Identity

src/Backend/Jp.Infra.CrossCutting.IoC/IdentityBootStrapper.cs

@@ -69884,3 +69884,27 @@ ORDER BY `e`.`CreationDate` DESC
 2019-03-28 01:22:23.575 -03:00 [INF] Executing ObjectResult, writing value of type 'Jp.Infra.CrossCutting.Tools.Model.DefaultResponse`1[[System.Collections.Generic.IEnumerable`1[[Jp.Application.EventSourcedNormalizers.EventHistoryData, Jp.Application, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]], System.Private.CoreLib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=7cec85d7bea7798e]]'.
 2019-03-28 01:22:23.583 -03:00 [INF] Executed action Jp.Management.Controllers.ManagementController.GetLogs (Jp.Management) in 96.9139ms
 2019-03-28 01:22:23.586 -03:00 [INF] Request finished in 126.7038ms 200 application/json; charset=utf-8
+2019-03-28 16:12:41.236 -03:00 [INF] Authority URI: https://localhost:5001
+2019-03-28 16:12:42.475 -03:00 [INF] User profile is available. Using 'C:\Users\bruno.brito\AppData\Local\ASP.NET\DataProtection-Keys' as key repository and Windows DPAPI to encrypt keys at rest.
+2019-03-28 16:16:08.207 -03:00 [INF] Request starting HTTP/1.1 OPTIONS https://localhost:5002/management/user-data  
+2019-03-28 16:16:08.235 -03:00 [WRN] The CORS protocol does not allow specifying a wildcard (any) origin and credentials at the same time. Configure the policy by listing individual origins if credentials needs to be supported.
+2019-03-28 16:16:08.238 -03:00 [INF] CORS policy execution successful.
+2019-03-28 16:16:08.246 -03:00 [INF] Request finished in 41.9141ms 204 
+2019-03-28 16:16:08.271 -03:00 [INF] Request starting HTTP/1.1 GET https://localhost:5002/management/user-data  
+2019-03-28 16:16:08.273 -03:00 [WRN] The CORS protocol does not allow specifying a wildcard (any) origin and credentials at the same time. Configure the policy by listing individual origins if credentials needs to be supported.
+2019-03-28 16:16:08.276 -03:00 [INF] CORS policy execution successful.
+2019-03-28 16:16:08.590 -03:00 [INF] Successfully validated the token.
+2019-03-28 16:16:08.598 -03:00 [DBG] AuthenticationScheme: Bearer was successfully authenticated.
+2019-03-28 16:16:08.787 -03:00 [INF] Route matched with {action = "UserData", controller = "Management"}. Executing action Jp.Management.Controllers.ManagementController.UserData (Jp.Management)
+2019-03-28 16:16:08.810 -03:00 [INF] Authorization was successful.
+2019-03-28 16:16:09.100 -03:00 [INF] Executing action method Jp.Management.Controllers.ManagementController.UserData (Jp.Management) - Validation state: "Valid"
+2019-03-28 16:16:09.570 -03:00 [INF] Entity Framework Core 2.2.3-servicing-35854 initialized 'ApplicationIdentityContext' using provider 'Pomelo.EntityFrameworkCore.MySql' with options: MigrationsAssembly=Jp.Infra.Migrations.MySql 
+2019-03-28 16:16:10.010 -03:00 [INF] Executed DbCommand (41ms) [Parameters=[@__get_Item_0='?' (DbType = Guid)], CommandType='"Text"', CommandTimeout='30']
+SELECT `e`.`Id`, `e`.`AccessFailedCount`, `e`.`Bio`, `e`.`Company`, `e`.`ConcurrencyStamp`, `e`.`Email`, `e`.`EmailConfirmed`, `e`.`JobTitle`, `e`.`LockoutEnabled`, `e`.`LockoutEnd`, `e`.`Name`, `e`.`NormalizedEmail`, `e`.`NormalizedUserName`, `e`.`PasswordHash`, `e`.`PhoneNumber`, `e`.`PhoneNumberConfirmed`, `e`.`Picture`, `e`.`SecurityStamp`, `e`.`TwoFactorEnabled`, `e`.`Url`, `e`.`UserName`
+FROM `Users` AS `e`
+WHERE `e`.`Id` = @__get_Item_0
+LIMIT 1
+2019-03-28 16:16:10.146 -03:00 [INF] Executed action method Jp.Management.Controllers.ManagementController.UserData (Jp.Management), returned result Microsoft.AspNetCore.Mvc.OkObjectResult in 1038.4361000000001ms.
+2019-03-28 16:16:10.159 -03:00 [INF] Executing ObjectResult, writing value of type 'Jp.Infra.CrossCutting.Tools.Model.DefaultResponse`1[[Jp.Application.ViewModels.UserViewModels.UserViewModel, Jp.Application, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null]]'.
+2019-03-28 16:16:10.177 -03:00 [INF] Executed action Jp.Management.Controllers.ManagementController.UserData (Jp.Management) in 1385.9533000000001ms
+2019-03-28 16:16:10.190 -03:00 [INF] Request finished in 1918.5536ms 200 application/json; charset=utf-8