Ticket #113 : Create BPMN workflow used to update the password

Author: habarthierry-hue

.gitignore

@@ -1,6 +1,8 @@
 ## Ignore Visual Studio temporary files, build results, and
 ## files generated by popular Visual Studio add-ons.
 
+credentials.json
+
 # User-specific files
 *.suo
 *.user

src/CaseManagement.BPMN.Host/Bpmns/UpdatePassword.bpmn

@@ -1,11 +1,12 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<definitions xmlns="http://www.omg.org/spec/BPMN/20100524/MODEL" xmlns:bpmndi="http://www.omg.org/spec/BPMN/20100524/DI" xmlns:omgdi="http://www.omg.org/spec/DD/20100524/DI" xmlns:omgdc="http://www.omg.org/spec/DD/20100524/DC" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" id="sid-38422fae-e03e-43a3-bef4-bd33b32041b2" targetNamespace="http://bpmn.io/bpmn" exporter="bpmn-js (https://demo.bpmn.io)" exporterVersion="8.7.1">
+<definitions xmlns="http://www.omg.org/spec/BPMN/20100524/MODEL" xmlns:bpmndi="http://www.omg.org/spec/BPMN/20100524/DI" xmlns:omgdi="http://www.omg.org/spec/DD/20100524/DI" xmlns:omgdc="http://www.omg.org/spec/DD/20100524/DC" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:cmg="https://github.com/simpleidserver/CaseManagement" id="sid-38422fae-e03e-43a3-bef4-bd33b32041b2" targetNamespace="http://bpmn.io/bpmn" exporter="bpmn-js (https://demo.bpmn.io)" exporterVersion="8.7.1">
   <message id="userMessage" name="user" />
+  <message id="humanTaskCreated" name="humanTaskCreated" />
   <process id="Process_1" isExecutable="false">
-    <serviceTask id="Task_1hcentk" name="Send Email">
+    <serviceTask id="Task_1hcentk" name="Send Email" implementation="##csharpcallback" cmg:delegateId="SendEmailDelegate">
       <incoming>Flow_0kge1w3</incoming>
     </serviceTask>
-    <userTask id="Activity_0fhwdxz" name="Submit Password">
+    <userTask id="Activity_0fhwdxz" name="Submit Password" implementation="##WsHumanTask" cmg:wsHumanTaskDefName="updatePassword">
       <incoming>Flow_1fdpmlk</incoming>
       <outgoing>Flow_08bn5nb</outgoing>
     </userTask>
@@ -14,7 +15,7 @@
     </endEvent>
     <sequenceFlow id="Flow_08bn5nb" sourceRef="Activity_0fhwdxz" targetRef="Activity_0yov4bm" />
     <sequenceFlow id="Flow_1p3mrfd" sourceRef="Activity_0yov4bm" targetRef="Event_08zcpaz" />
-    <serviceTask id="Activity_0yov4bm" name="Update Password">
+    <serviceTask id="Activity_0yov4bm" name="Update Password" implementation="##csharpcallback" cmg:delegateId="UpdateUserPasswordDelegate">
       <incoming>Flow_08bn5nb</incoming>
       <outgoing>Flow_1p3mrfd</outgoing>
     </serviceTask>
@@ -26,11 +27,19 @@
     <sequenceFlow id="Flow_0kge1w3" sourceRef="Event_0q7uygb" targetRef="Task_1hcentk" />
     <boundaryEvent id="Event_0q7uygb" attachedToRef="Activity_0fhwdxz">
       <outgoing>Flow_0kge1w3</outgoing>
-      <messageEventDefinition id="MessageEventDefinition_135rspe" />
+      <messageEventDefinition id="MessageEventDefinition_135rspe" messageRef="humanTaskCreated" />
     </boundaryEvent>
   </process>
   <bpmndi:BPMNDiagram id="BpmnDiagram_1">
     <bpmndi:BPMNPlane id="BpmnPlane_1" bpmnElement="Process_1">
+      <bpmndi:BPMNEdge id="Flow_0kge1w3_di" bpmnElement="Flow_0kge1w3">
+        <omgdi:waypoint x="490" y="208" />
+        <omgdi:waypoint x="490" y="280" />
+      </bpmndi:BPMNEdge>
+      <bpmndi:BPMNEdge id="Flow_1fdpmlk_di" bpmnElement="Flow_1fdpmlk">
+        <omgdi:waypoint x="188" y="150" />
+        <omgdi:waypoint x="390" y="150" />
+      </bpmndi:BPMNEdge>
       <bpmndi:BPMNEdge id="Flow_1p3mrfd_di" bpmnElement="Flow_1p3mrfd">
         <omgdi:waypoint x="820" y="150" />
         <omgdi:waypoint x="912" y="150" />
@@ -39,14 +48,12 @@
         <omgdi:waypoint x="490" y="150" />
         <omgdi:waypoint x="720" y="150" />
       </bpmndi:BPMNEdge>
-      <bpmndi:BPMNEdge id="Flow_1fdpmlk_di" bpmnElement="Flow_1fdpmlk">
-        <omgdi:waypoint x="188" y="150" />
-        <omgdi:waypoint x="390" y="150" />
-      </bpmndi:BPMNEdge>
-      <bpmndi:BPMNEdge id="Flow_0kge1w3_di" bpmnElement="Flow_0kge1w3">
-        <omgdi:waypoint x="490" y="208" />
-        <omgdi:waypoint x="490" y="280" />
-      </bpmndi:BPMNEdge>
+      <bpmndi:BPMNShape id="Activity_1saua76_di" bpmnElement="Task_1hcentk">
+        <omgdc:Bounds x="440" y="280" width="100" height="80" />
+      </bpmndi:BPMNShape>
+      <bpmndi:BPMNShape id="Activity_1j5vxke_di" bpmnElement="Activity_0fhwdxz">
+        <omgdc:Bounds x="390" y="110" width="100" height="80" />
+      </bpmndi:BPMNShape>
       <bpmndi:BPMNShape id="Event_08zcpaz_di" bpmnElement="Event_08zcpaz">
         <omgdc:Bounds x="912" y="132" width="36" height="36" />
       </bpmndi:BPMNShape>
@@ -56,15 +63,9 @@
       <bpmndi:BPMNShape id="Event_0bfv2sq_di" bpmnElement="StartEvent_1y45yut">
         <omgdc:Bounds x="152" y="132" width="36" height="36" />
       </bpmndi:BPMNShape>
-      <bpmndi:BPMNShape id="Activity_1j5vxke_di" bpmnElement="Activity_0fhwdxz">
-        <omgdc:Bounds x="390" y="110" width="100" height="80" />
-      </bpmndi:BPMNShape>
-      <bpmndi:BPMNShape id="Activity_1saua76_di" bpmnElement="Task_1hcentk">
-        <omgdc:Bounds x="440" y="280" width="100" height="80" />
-      </bpmndi:BPMNShape>
       <bpmndi:BPMNShape id="Event_10s7arv_di" bpmnElement="Event_0q7uygb">
         <omgdc:Bounds x="472" y="172" width="36" height="36" />
       </bpmndi:BPMNShape>
     </bpmndi:BPMNPlane>
   </bpmndi:BPMNDiagram>
-</definitions>
+</definitions>

src/CaseManagement.BPMN.Host/CaseManagement.BPMN.Host.csproj

@@ -14,6 +14,7 @@
     <PackageReference Include="Swashbuckle.AspNetCore" Version="5.5.0" />
     <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="5.0.3" />
     <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="5.0.3" />
+    <PackageReference Include="MassTransit.AspNetCore" Version="7.1.7" />
   </ItemGroup>
   <ItemGroup>
     <ProjectReference Include="..\CaseManagement.BPMN.AspNetCore\CaseManagement.BPMN.AspNetCore.csproj" />

src/CaseManagement.BPMN.Host/Delegates/SendEmailDelegate.cs

@@ -1,5 +1,6 @@
 using CaseManagement.BPMN.Domains;
 using CaseManagement.BPMN.Exceptions;
+using Newtonsoft.Json.Linq;
 using System.Collections.Generic;
 using System.Linq;
 using System.Net;
@@ -13,26 +14,24 @@ public class SendEmailDelegate : IDelegateHandler
     {
         public Task<ICollection<MessageToken>> Execute(ICollection<MessageToken> incoming, DelegateConfigurationAggregate delegateConfiguration, CancellationToken cancellationToken)
         {
-            var user = incoming.FirstOrDefault(i => i.Name == "userMessage");
-            if (user == null)
+            var humanTaskInstanceCreated = incoming.FirstOrDefault(i => i.Name == "humanTaskCreated");
+            if (humanTaskInstanceCreated == null)
             {
-                throw new BPMNProcessorException("userMessage must be passed in the request");
-            }
-
-            var email = user.GetProperty("email");
-            if (string.IsNullOrWhiteSpace(email))
-            {
-                throw new BPMNProcessorException("email is not passed in the request");
+                throw new BPMNProcessorException("humanTaskCreated must be passed in the request");
             }
 
+            var inc = humanTaskInstanceCreated.JObjMessageContent.SelectToken("$.incoming[?(@.Name == 'user')].MessageContent");
+            var messageContent = JObject.Parse(inc.ToString());
+            var email = messageContent["email"].ToString();
             var parameter = SendDelegateParameter.Build(delegateConfiguration);
-            using (var smtpClient = new SmtpClient(parameter.SmtpHost)
-            {
-                Port = parameter.SmtpPort,
-                Credentials = new NetworkCredential(parameter.SmtpUserName, parameter.SmtpPassword),
-                EnableSsl = parameter.SmtpEnableSsl
-            })
+            using (var smtpClient = new SmtpClient())
             {
+                smtpClient.EnableSsl = parameter.SmtpEnableSsl;
+                smtpClient.UseDefaultCredentials = false;
+                smtpClient.Credentials = new NetworkCredential(parameter.SmtpUserName, parameter.SmtpPassword);
+                smtpClient.Host = parameter.SmtpHost;
+                smtpClient.Port = parameter.SmtpPort;
+                smtpClient.DeliveryMethod = SmtpDeliveryMethod.Network;
                 var mailMessage = new MailMessage
                 {
                     From = new MailAddress(parameter.FromEmail),

src/CaseManagement.BPMN.Host/Delegates/UpdateUserPasswordDelegate.cs

@@ -14,11 +14,11 @@ namespace CaseManagement.BPMN.Host.Delegates
 {
     public class UpdateUserPasswordDelegate : IDelegateHandler
     {
-        private const string ActivityName = "Activity_12xhvyl";
+        private const string ActivityName = "Activity_0fhwdxz";
 
         public async Task<ICollection<MessageToken>> Execute(ICollection<MessageToken> incoming, DelegateConfigurationAggregate delegateConfiguration, CancellationToken cancellationToken)
         {
-            var user = incoming.FirstOrDefault(i => i.Name == "userMessage");
+            var user = incoming.FirstOrDefault(i => i.Name == "user");
             if (user == null)
             {
                 throw new BPMNProcessorException("userMessage must be passed in the request");
@@ -36,7 +36,7 @@ public async Task<ICollection<MessageToken>> Execute(ICollection<MessageToken> i
                 throw new BPMNProcessorException($"incoming token '{ActivityName}' doesn't exist");
             }
 
-            var password = messageToken.GetProperty("password");
+            var password = messageToken.GetProperty("pwd");
             var parameter = UpdateUserPasswordParameter.Create(delegateConfiguration);
             using (var httpClient = new HttpClient())
             {
@@ -57,11 +57,12 @@ public async Task<ICollection<MessageToken>> Execute(ICollection<MessageToken> i
                     { "password", password }
                 };
                 var content = new StringContent(obj.ToString(), Encoding.UTF8, "application/json");
+                var url = parameter.UserUrl.Replace("{id}", userId);
                 var request = new HttpRequestMessage
                 {
                     Method = HttpMethod.Put,
                     Content = content,
-                    RequestUri = new Uri($"{parameter.UserUrl}/{userId}/password")
+                    RequestUri = new Uri(url)
                 };
                 request.Headers.Add("Authorization", $"Bearer {tokenResponse.AccessToken}");
                 var httpResponse = await httpClient.SendAsync(request, cancellationToken);

src/CaseManagement.BPMN.Host/Startup.cs

@@ -2,6 +2,7 @@
 // Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.
 using CaseManagement.BPMN.Domains;
 using CaseManagement.BPMN.Host.Delegates;
+using MassTransit;
 using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Builder;
 using Microsoft.AspNetCore.Hosting;
@@ -11,17 +12,25 @@
 using Microsoft.Extensions.Logging;
 using Microsoft.IdentityModel.Tokens;
 using Newtonsoft.Json;
+using Newtonsoft.Json.Linq;
 using System;
 using System.Collections.Concurrent;
 using System.Collections.Generic;
 using System.IO;
 using System.Linq;
+using System.Net.Http;
+using System.Security.Claims;
 using System.Security.Cryptography;
 
 namespace CaseManagement.BPMN.Host
 {
     public class Startup
     {
+        private Dictionary<string, string> MAPPING_OPENIDCLAIM_TO_CLAIM = new Dictionary<string, string>
+        {
+            { "sub", ClaimTypes.NameIdentifier },
+            { "role", ClaimTypes.Role }
+        };
         private readonly IHostingEnvironment _env;
         private readonly IConfiguration _configuration;
 
@@ -44,11 +53,58 @@ public void ConfigureServices(IServiceCollection services)
             })
             .AddJwtBearer(options =>
             {
+                options.Events = new JwtBearerEvents
+                {
+                    OnTokenValidated = async (ctx) =>
+                    {
+                        var issuer = ctx.Principal.Claims.First(c => c.Type == "iss").Value;
+                        using (var httpClient = new HttpClient())
+                        {
+                            var authorization = ctx.Request.Headers["Authorization"][0];
+                            var bearer = authorization.Split(" ").Last();
+                            var requestMessage = new HttpRequestMessage
+                            {
+                                RequestUri = new Uri($"{issuer}/userinfo"),
+                                Method = HttpMethod.Get
+                            };
+                            requestMessage.Headers.Add("Authorization", $"Bearer {bearer}");
+                            var httpResponse = await httpClient.SendAsync(requestMessage);
+                            var json = await httpResponse.Content.ReadAsStringAsync();
+                            var jObj = JObject.Parse(json);
+                            var identity = new ClaimsIdentity("userInfo");
+                            foreach (var kvp in jObj)
+                            {
+                                var key = kvp.Key;
+                                if (MAPPING_OPENIDCLAIM_TO_CLAIM.ContainsKey(key))
+                                {
+                                    key = MAPPING_OPENIDCLAIM_TO_CLAIM[key];
+                                }
+
+                                if (kvp.Value.ToString().StartsWith('['))
+                                {
+                                    var arr = JArray.Parse(kvp.Value.ToString()).Select(_ => _.ToString()).ToList();
+                                    foreach (var str in arr)
+                                    {
+                                        identity.AddClaim(new Claim(kvp.Key, str));
+                                    }
+                                }
+                                else
+                                {
+                                    identity.AddClaim(new Claim(kvp.Key, kvp.Value.ToString()));
+                                }
+                            }
+
+                            var principal = new ClaimsPrincipal(identity);
+                            ctx.Principal = principal;
+                        }
+                    }
+                };
                 options.TokenValidationParameters = new TokenValidationParameters
                 {
                     IssuerSigningKey = ExtractKey("openid_puk.txt"),
                     ValidAudiences = new List<string>
                     {
+                        "caseManagementWebsite",
                         "https://localhost:60000",
                         "https://simpleidserver.northeurope.cloudapp.azure.com/openid"
                     },
@@ -69,6 +125,7 @@ public void ConfigureServices(IServiceCollection services)
                 opts.CallbackUrl = "http://localhost:60007/processinstances/{id}/complete/{eltId}";
             }).AddProcessFiles(files).AddDelegateConfigurations(GetDelegateConfigurations());
             services.AddSwaggerGen();
+            services.AddMassTransitHostedService();
             services.Configure<ForwardedHeadersOptions>(options =>
             {
                 options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
@@ -131,6 +188,7 @@ private static byte[] Base64DecodeBytes(string base64EncodedData)
 
         private static ConcurrentBag<DelegateConfigurationAggregate> GetDelegateConfigurations()
         {
+            var credential = JsonConvert.DeserializeObject<CredentialsParameter>(File.ReadAllText(Path.Combine(Directory.GetCurrentDirectory(), "credentials.json")));
             var getWeatherInformationDelegate = DelegateConfigurationAggregate.Create("GetWeatherInformationDelegate", typeof(GetWeatherInformationDelegate).FullName);
             getWeatherInformationDelegate.AddDisplayName("fr", "Récupérer météo");
             getWeatherInformationDelegate.AddDescription("fr", "Récupérer les informations sur la météo");
@@ -142,21 +200,21 @@ private static ConcurrentBag<DelegateConfigurationAggregate> GetDelegateConfigur
             sendEmailDelegate.AddDisplayName("en", "Send email");
             sendEmailDelegate.AddRecord("httpBody", "Please click on this link to update the password");
             sendEmailDelegate.AddRecord("subject", "Update password");
-            sendEmailDelegate.AddRecord("fromEmail", "");
-            sendEmailDelegate.AddRecord("smtpHost", "");
-            sendEmailDelegate.AddRecord("smtpPort", "");
-            sendEmailDelegate.AddRecord("smtpUserName", "");
-            sendEmailDelegate.AddRecord("smtpPassword", "");
-            sendEmailDelegate.AddRecord("smtpEnableSsl", "");
+            sendEmailDelegate.AddRecord("fromEmail", credential.Login);
+            sendEmailDelegate.AddRecord("smtpHost", "smtp.gmail.com");
+            sendEmailDelegate.AddRecord("smtpPort", "587");
+            sendEmailDelegate.AddRecord("smtpUserName", credential.Login);
+            sendEmailDelegate.AddRecord("smtpPassword", credential.Password);
+            sendEmailDelegate.AddRecord("smtpEnableSsl", "true");
 
             var updateUserPasswordDelegate = DelegateConfigurationAggregate.Create("UpdateUserPasswordDelegate", typeof(UpdateUserPasswordDelegate).FullName);
             updateUserPasswordDelegate.AddDisplayName("fr", "Mettre à jour le mot de passe");
             updateUserPasswordDelegate.AddDisplayName("en", "Update password");
-            updateUserPasswordDelegate.AddRecord("clientId", "");
-            updateUserPasswordDelegate.AddRecord("clientSecret", "");
+            updateUserPasswordDelegate.AddRecord("clientId", "humanTaskClient");
+            updateUserPasswordDelegate.AddRecord("clientSecret", "humanTaskClientSecret");
             updateUserPasswordDelegate.AddRecord("tokenUrl", "https://localhost:60000/token");
-            updateUserPasswordDelegate.AddRecord("userUrl", "");
-            updateUserPasswordDelegate.AddRecord("scope", "update_password");
+            updateUserPasswordDelegate.AddRecord("userUrl", "https://localhost:60000/management/users/{id}/password");
+            updateUserPasswordDelegate.AddRecord("scope", "manage_users");
 
             return new ConcurrentBag<DelegateConfigurationAggregate>
             {
@@ -165,5 +223,11 @@ private static ConcurrentBag<DelegateConfigurationAggregate> GetDelegateConfigur
                 updateUserPasswordDelegate
             };
         }
+
+        private class CredentialsParameter
+        {
+            public string Login { get; set; }
+            public string Password { get; set; }
+        }
     }
 }

src/CaseManagement.BPMN/Domains/ProcessInstance/MessageToken.cs

@@ -23,7 +23,7 @@ public JObject JObjMessageContent
 
         public string GetProperty(string key)
         {
-            if (JObjMessageContent.ContainsKey(key))
+            if (!JObjMessageContent.ContainsKey(key))
             {
                 return null;
             }

src/CaseManagement.BPMN/Parser/BPMNParser.cs

@@ -41,12 +41,18 @@ public static ICollection<ProcessInstanceAggregate> BuildInstances(tDefinitions
             var result = new List<ProcessInstanceAggregate>();
             var processes = definitions.Items.Where(_ => _ is tProcess).Cast<tProcess>();
             var messages = definitions.Items.Where(_ => _ is tMessage).Cast<tMessage>();
+            var itemDefs = definitions.Items.Where(_ => _ is tItemDefinition).Cast<tItemDefinition>();
             foreach(var process in processes)
             {
                 var builder = ProcessInstanceBuilder.New(processFileId);
                 foreach(var message in messages)
                 {
-                    builder.AddMessage(message.id, message.name, string.Empty);
+                    builder.AddMessage(message.id, message.name, message.itemRef?.Name);
+                }
+
+                foreach(var itemDef in itemDefs)
+                {
+                    builder.AddItemDef(itemDef.id, ItemKinds.Information, false, null);
                 }
 
                 foreach(var item in process.Items)