From 614a0059ad2dac053bd25c607dac3f93ef68b331 Mon Sep 17 00:00:00 2001 From: CDR Open Source Date: Fri, 20 Jun 2025 00:05:43 +0000 Subject: [PATCH] v3.0.1 release --- .azuredevops/pipelines/build-dr-func-v2.yml | 4 +- .azuredevops/pipelines/build-v2.yml | 306 +++--------------- .azuredevops/pipelines/code-scanning.yml | 24 ++ .azuredevops/pipelines/set-tag-name.yml | 33 ++ .azuredevops/pull_request_template.md | 29 +- CHANGELOG.md | 5 + Help/container/HELP.md | 4 +- README.md | 4 +- .../CdrAuthServer.API.Logger.csproj | 4 +- ....GetDataRecipients.IntegrationTests.csproj | 12 +- .../CdrAuthServer.GetDataRecipients.csproj | 2 +- .../CdrAuthServer.IntegrationTests.csproj | 5 +- .../CdrAuthServer.Repository.csproj | 11 +- .../CdrAuthServer.TLS.Gateway.csproj | 2 +- Source/CdrAuthServer.UI/package-lock.json | 144 ++++----- .../CdrAuthServer.mTLS.Gateway.csproj | 4 +- Source/CdrAuthServer/CdrAuthServer.csproj | 5 +- Source/CdrAuthServer/Program.cs | 67 ++-- Source/Directory.Build.props | 3 +- Source/docker-compose.E2ETests.Standalone.yml | 2 +- ...ose.GetDataRecipients.IntegrationTests.yml | 2 +- ...er-compose.IntegrationTests.Standalone.yml | 2 +- 22 files changed, 260 insertions(+), 414 deletions(-) create mode 100644 .azuredevops/pipelines/code-scanning.yml create mode 100644 .azuredevops/pipelines/set-tag-name.yml diff --git a/.azuredevops/pipelines/build-dr-func-v2.yml b/.azuredevops/pipelines/build-dr-func-v2.yml index c92eb3b..a811cc4 100644 --- a/.azuredevops/pipelines/build-dr-func-v2.yml +++ b/.azuredevops/pipelines/build-dr-func-v2.yml @@ -122,14 +122,14 @@ steps: condition: always() inputs: command: login - containerRegistry: $(AcrBaseUrl) + containerRegistry: $(SpSharedAcr) # Run trx formatter to output .MD and .CSV - script: | docker run \ -v=$(Build.SourcesDirectory)/cdr-auth-server/Source/_temp/getdatarecipients-integration-tests/testresults/results.trx:/app/results.trx:ro \ -v=$(Build.SourcesDirectory)/cdr-auth-server/Source/_temp/getdatarecipients-integration-tests/testresults/formatted/:/app/out/:rw \ - $(AcrBaseUrl).azurecr.io/trx-formatter -i results.trx -t "CDRAuthServer-GetDataRecipients" --outputprefix "CDRAuthServer-GetDataRecipients" -o out/ + $(SharedAcrBaseUrl).azurecr.io/trx-formatter -i results.trx -t "CDRAuthServer-GetDataRecipients" --outputprefix "CDRAuthServer-GetDataRecipients" -o out/ displayName: 'Run trx-formatter' condition: always() diff --git a/.azuredevops/pipelines/build-v2.yml b/.azuredevops/pipelines/build-v2.yml index 49bc317..8c165ad 100644 --- a/.azuredevops/pipelines/build-v2.yml +++ b/.azuredevops/pipelines/build-v2.yml @@ -10,19 +10,19 @@ schedules: trigger: - develop - - main + - main + +parameters: + # https://github.com/microsoft/azure-pipelines-yaml/blob/master/design/runtime-parameters.md#syntax + - name: MockRegisterOverrideDependentImageTag + type: string + default: ' ' # default value; if no default, then the parameter MUST be given by the user at runtime variables: - group: artifacts - name: baseSourceDirectory value: $(Build.SourcesDirectory)/Source -- name: mockRegisterContainerTag - ${{ if eq(variables['Build.SourceBranchName'], 'main') }}: - value: main - ${{ elseif contains(variables['Build.SourceBranch'], 'releases/') }}: - value: $(MockRegisterReleaseContainerTag) - ${{ else }}: - value: develop + pool: vmImage: ubuntu-latest @@ -31,54 +31,12 @@ jobs: - job: Build timeoutInMinutes: 120 steps: - - ################################################################################################### - # Set obligation date container tags - ################################################################################################### - - - task: PowerShell@2 - displayName: Update Obligation date - inputs: - targetType: 'inline' - script: | - $AuthServerObligationDate = "$(ObligationDate)" - if (-not [string]::IsNullOrWhiteSpace( $AuthServerObligationDate )) { - Write-Host "##vso[task.setvariable variable=ObligationDateTag]$AuthServerObligationDate" - } - else { - Write-Host "##vso[task.setvariable variable=ObligationDateTag]23-3" - } - - # Set release version variables for release tags - - task: PowerShell@2 - name: 'splitBranchName' - displayName: 'Split Branch Name' - inputs: - targetType: 'inline' - script: | - $branchParts = "$(Build.SourceBranchName)" -split '\.' - # Write-Host "Branch Name: $branchParts" - $majorVersion = $branchParts[0] - $minorVersion = $branchParts[1] - # Write-Host "Major Name: $majorVersion" - Write-Host "##vso[task.setvariable variable=majorVersion]$majorVersion" - Write-Host "##vso[task.setvariable variable=minorVersion]$minorVersion" - Write-Host "##vso[task.setvariable variable=majorMinorVersion]$majorVersion.$minorVersion" - - ################################################################################################### - # Build images - ################################################################################################### - - #!DF: This image is not used anywhere, so don't build. - # Build cdr-auth-server - # - task: Docker@2 - # displayName: Build cdr-auth-server image - # inputs: - # command: build - # Dockerfile: $(baseSourceDirectory)/Dockerfile - # buildContext: $(baseSourceDirectory) - # repository: cdr-auth-server - # tags: latest + # set the register tag to use based on the logic in the template file + - template: set-tag-name.yml + parameters: + name: RegisterTag + input: ${{ parameters.MockRegisterOverrideDependentImageTag }} + context: $[replace(variables['Build.SourceBranch'], 'refs/heads/', '')] ################################################################################################### # Unit tests @@ -137,14 +95,6 @@ jobs: # Login to ACR and pull mock solution containers ################################################################################################### - # Login to ACR - - task: Docker@2 - displayName: Login to ACR - condition: always() - inputs: - command: login - containerRegistry: $(AcrBaseUrl) - # Login to Shared ACR - task: Docker@2 displayName: Login to Shared ACR @@ -158,8 +108,8 @@ jobs: inputs: targetType: inline script: | - docker pull $(AcrBaseUrl).azurecr.io/mock-register:$(mockRegisterContainerTag) - docker tag $(AcrBaseUrl).azurecr.io/mock-register:$(mockRegisterContainerTag) mock-register:latest + docker pull $(SharedAcrBaseUrl).azurecr.io/mock-register:$(RegisterTag) + docker tag $(SharedAcrBaseUrl).azurecr.io/mock-register:$(RegisterTag) mock-register:latest ################################################################################################### # Build Standalone container @@ -210,7 +160,7 @@ jobs: docker run \ -v=$(baseSourceDirectory)/_temp/cdr-auth-server-integration-tests-standalone/testresults/results.trx:/app/results.trx:ro \ -v=$(baseSourceDirectory)/_temp/cdr-auth-server-integration-tests-standalone/testresults/formatted/:/app/out/:rw \ - $(AcrBaseUrl).azurecr.io/trx-formatter -i results.trx -t "CAS-Standalone" --outputprefix "CAS-Standalone" -o out/ + $(SharedAcrBaseUrl).azurecr.io/trx-formatter -i results.trx -t "CAS-Standalone" --outputprefix "CAS-Standalone" -o out/ displayName: "Run trx-formatter (Standalone)" condition: always() @@ -261,7 +211,7 @@ jobs: docker run \ -v=$(baseSourceDirectory)/_temp/cdr-auth-server-integration-tests-standalone/testresults/results.trx:/app/results.trx:ro \ -v=$(baseSourceDirectory)/_temp/cdr-auth-server-integration-tests-standalone/testresults/formatted/:/app/out/:rw \ - $(AcrBaseUrl).azurecr.io/trx-formatter -i results.trx -t "CAS-Standalone" --outputprefix "CAS-Standalone" -o out/ + $(SharedAcrBaseUrl).azurecr.io/trx-formatter -i results.trx -t "CAS-Standalone" --outputprefix "CAS-Standalone" -o out/ displayName: "Run trx-formatter (Standalone)" condition: always() @@ -330,7 +280,7 @@ jobs: docker run \ -v=$(baseSourceDirectory)/_temp/cdr-auth-server-e2e-tests-standalone/testresults/results.trx:/app/results.trx:ro \ -v=$(baseSourceDirectory)/_temp/cdr-auth-server-e2e-tests-standalone/testresults/formatted/:/app/out/:rw \ - $(AcrBaseUrl).azurecr.io/trx-formatter -i results.trx -t "CAS-Standalone-E2E" --outputprefix "CAS-Standalone-E2E" -o out/ + $(SharedAcrBaseUrl).azurecr.io/trx-formatter -i results.trx -t "CAS-Standalone-E2E" --outputprefix "CAS-Standalone-E2E" -o out/ displayName: "Run trx-formatter (Standalone)" condition: always() @@ -455,203 +405,37 @@ jobs: # Tag images and push to ACR ################################################################################################### - - task: Docker@2 - displayName: 'Re-Tag CDRAuthServer (Standalone) container image with :branch-name' - inputs: - containerRegistry: $(AcrBaseUrl) - repository: 'cdr-auth-server-standalone' - command: tag - arguments: 'cdr-auth-server-standalone $(AcrBaseUrl).azurecr.io/cdr-auth-server-standalone:$(Build.SourceBranchName)' - - - task: Docker@2 - displayName: 'Re-Tag CDRAuthServer (Standalone) API image with :latest (for develop branch only)' - condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/develop')) - inputs: - containerRegistry: $(AcrBaseUrl) - repository: 'cdr-auth-server-standalone' - command: tag - arguments: 'cdr-auth-server-standalone $(AcrBaseUrl).azurecr.io/cdr-auth-server-standalone:latest' - - - task: CmdLine@2 - displayName: 'Push CDRAuthServer (Standalone) container image with :branch-name tag to ACR' - inputs: - script: 'docker push $(AcrBaseUrl).azurecr.io/cdr-auth-server-standalone:$(Build.SourceBranchName)' - - - task: CmdLine@2 - displayName: 'Push CDRAuthServer (Standalone) container image with :latest tag to ACR (develop branch only)' - condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/develop')) - inputs: - script: 'docker push $(AcrBaseUrl).azurecr.io/cdr-auth-server-standalone:latest' - - ################################################################################################### - # Tag images and push to Shared ACR - ################################################################################################### - # Pipeline variables are required : SharedAcrBaseUrl and SpSharedAcr - - # develop branch tags - - task: Docker@2 - displayName: 'Re-Tag CDRAuthServer (Standalone) container API image with develop-latest (for develop branch only)' - condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/develop')) - inputs: - containerRegistry: $(SpSharedAcr) - repository: 'cdr-auth-server-standalone' - command: tag - arguments: 'cdr-auth-server-standalone $(SharedAcrBaseUrl).azurecr.io/cdr-auth-server-standalone:develop-latest' - - # develop-latest-obligation-date tag - - task: Docker@2 - displayName: 'Re-Tag CDRAuthServer (Standalone) container API image with develop-latest-{obligation-date} (for develop branch only)' - condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/develop')) - inputs: - containerRegistry: $(SpSharedAcr) - repository: 'cdr-auth-server-standalone' - command: tag - arguments: 'cdr-auth-server-standalone $(SharedAcrBaseUrl).azurecr.io/cdr-auth-server-standalone:develop-latest-$(ObligationDateTag)' - - # develop branch> build number tag only - - task: Docker@2 - displayName: 'Re-Tag CDRAuthServer (Standalone) container API image with build number (for develop branch only)' - condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/develop')) - inputs: - containerRegistry: $(SpSharedAcr) - repository: 'cdr-auth-server-standalone' - command: tag - arguments: 'cdr-auth-server-standalone $(SharedAcrBaseUrl).azurecr.io/cdr-auth-server-standalone:$(Build.BuildId)' - - # main branch tags - # Pipeline variables are required : SharedAcrBaseUrl - - task: Docker@2 - displayName: 'Re-Tag CDRAuthServer (Standalone) container API image with main-latest (for main branch only)' - condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main')) - inputs: - containerRegistry: $(SpSharedAcr) - repository: 'cdr-auth-server-standalone' - command: tag - arguments: 'cdr-auth-server-standalone $(SharedAcrBaseUrl).azurecr.io/cdr-auth-server-standalone:main-latest' - - # main-latest-obligation-date tag - - task: Docker@2 - displayName: 'Re-Tag CDRAuthServer (Standalone) container API image with main-latest-{obligation-date} (for main branch only)' - condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main')) - inputs: - containerRegistry: $(SpSharedAcr) - repository: 'cdr-auth-server-standalone' - command: tag - arguments: 'cdr-auth-server-standalone $(SharedAcrBaseUrl).azurecr.io/cdr-auth-server-standalone:main-latest-$(ObligationDateTag)' - - # Build number tag - - task: Docker@2 - displayName: 'Re-Tag CDRAuthServer (Standalone) container API image with build number (for main branch only)' - condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main')) - inputs: - containerRegistry: $(SpSharedAcr) - repository: 'cdr-auth-server-standalone' - command: tag - arguments: 'cdr-auth-server-standalone $(SharedAcrBaseUrl).azurecr.io/cdr-auth-server-standalone:$(Build.BuildId)' - - # Re tag for full version for releases branch - - task: Docker@2 - displayName: 'Re-Tag CDRAuthServer (Standalone) container API image with full version for releases branch' - # Cannot use releases/* wildcard - condition: eq(startsWith(variables['Build.SourceBranch'], 'refs/heads/releases/'), 'True') + - task: Bash@3 + displayName: 'Tag and push Authorisation Server image with Source Branch Name for any successful builds.' + condition: succeeded() inputs: - containerRegistry: $(SpSharedAcr) - repository: 'cdr-auth-server-standalone' - command: tag - arguments: 'cdr-auth-server-standalone $(SharedAcrBaseUrl).azurecr.io/cdr-auth-server-standalone:$(Build.SourceBranchName)' + targetType: inline + script: | + echo Tagging cdr-auth-server-standalone with Source Branch Name: $(Build.SourceBranchName) + docker tag cdr-auth-server-standalone $(SharedAcrBaseUrl).azurecr.io/cdr-auth-server-standalone:$(Build.SourceBranchName) - # Re tag release full version and obligation date - - task: Docker@2 - displayName: 'Re-Tag CDRAuthServer (Standalone) container API image with releases-{obligation-date} for releases branch' - condition: eq(startsWith(variables['Build.SourceBranch'], 'refs/heads/releases/'), 'True') - inputs: - containerRegistry: $(SpSharedAcr) - repository: 'cdr-auth-server-standalone' - command: tag - arguments: 'cdr-auth-server-standalone $(SharedAcrBaseUrl).azurecr.io/cdr-auth-server-standalone:$(Build.SourceBranchName)-$(ObligationDateTag)' + echo Pushing all tags to $(SharedAcrBaseUrl).azurecr.io/cdr-auth-server-standalone + docker image push --all-tags $(SharedAcrBaseUrl).azurecr.io/cdr-auth-server-standalone - # Re tag Major and Mnior Tags using above variables - - task: Docker@2 - displayName: 'Re-Tag CDRAuthServer (Standalone) container image with major and minor tags for releases branch' - condition: eq(startsWith(variables['Build.SourceBranch'], 'refs/heads/releases/'), 'True') - inputs: - containerRegistry: $(SpSharedAcr) - repository: 'cdr-auth-server-standalone' - command: tag - arguments: 'cdr-auth-server-standalone $(SharedAcrBaseUrl).azurecr.io/cdr-auth-server-standalone:"$(majorMinorVersion)"' - - # Re tag Major release Tag using above variables - - task: Docker@2 - displayName: 'Re-Tag CDRAuthServer (Standalone) container image with major tag for releases branch' - condition: eq(startsWith(variables['Build.SourceBranch'], 'refs/heads/releases/'), 'True') - inputs: - containerRegistry: $(SpSharedAcr) - repository: 'cdr-auth-server-standalone' - command: tag - arguments: 'cdr-auth-server-standalone $(SharedAcrBaseUrl).azurecr.io/cdr-auth-server-standalone:"$(majorVersion)"' - - # Pushing develop branch tags changes to the ACR - - task: CmdLine@2 - displayName: 'Push CDRAuthServer (Standalone) container container image with :develop-latest tag to ACR (develop branch only)' - condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/develop')) + - task: Bash@3 + displayName: 'Tag and Push Authorisation Server images for develop, main and release branches.' + condition: and(succeeded(), or(eq(variables['Build.SourceBranch'], 'refs/heads/develop'), eq(variables['Build.SourceBranch'], 'refs/heads/main'), startsWith(variables['Build.SourceBranch'], 'refs/heads/releases/'))) inputs: - script: 'docker push $(SharedAcrBaseUrl).azurecr.io/cdr-auth-server-standalone:develop-latest' + targetType: inline + script: | + echo Tagging cdr-auth-server-standalone with latest tag + docker tag cdr-auth-server-standalone $(SharedAcrBaseUrl).azurecr.io/cdr-auth-server-standalone:latest - - task: CmdLine@2 - displayName: 'Push CDRAuthServer (Standalone) container container image with :develop-latest-obligation-date tag to ACR (develop branch only)' - condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/develop')) - inputs: - script: 'docker push $(SharedAcrBaseUrl).azurecr.io/cdr-auth-server-standalone:develop-latest-$(ObligationDateTag)' - - - task: CmdLine@2 - displayName: 'Push CDRAuthServer (Standalone) container container image with :build id tag to ACR (develop branch only)' - condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/develop')) - inputs: - script: 'docker push $(SharedAcrBaseUrl).azurecr.io/cdr-auth-server-standalone:$(Build.BuildId)' + echo Tagging cdr-auth-server-standalone with Source Branch Name-latest: $(Build.SourceBranchName)-latest + docker tag cdr-auth-server-standalone $(SharedAcrBaseUrl).azurecr.io/cdr-auth-server-standalone:$(Build.SourceBranchName)-latest - # Pushing main branch tags changes to the ACR - - task: CmdLine@2 - displayName: 'Push CDRAuthServer (Standalone) container container image with :main-latest tag to ACR (main branch only)' - condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main')) - inputs: - script: 'docker push $(SharedAcrBaseUrl).azurecr.io/cdr-auth-server-standalone:main-latest' + if [ -n "$(ObligationDate)" ]; then + echo Tagging cdr-auth-server-standalone with obligation date: $(Build.SourceBranchName)-$(ObligationDate) + docker tag cdr-auth-server-standalone $(SharedAcrBaseUrl).azurecr.io/cdr-auth-server-standalone:$(Build.SourceBranchName)-$(ObligationDate) + fi - - task: CmdLine@2 - displayName: 'Push CDRAuthServer (Standalone) container container image with :main-latest-obligation-date tag to ACR (main branch only)' - condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main')) - inputs: - script: 'docker push $(SharedAcrBaseUrl).azurecr.io/cdr-auth-server-standalone:main-latest-$(ObligationDateTag)' - - - task: CmdLine@2 - displayName: 'Push CDRAuthServer (Standalone) container container image with :build id tag to ACR (main branch only)' - condition: and(succeeded(), eq(variables['Build.SourceBranch'], 'refs/heads/main')) - inputs: - script: 'docker push $(SharedAcrBaseUrl).azurecr.io/cdr-auth-server-standalone:$(Build.BuildId)' - - # Push release full version Tag - - task: CmdLine@2 - displayName: 'Push CDRAuthServer (Standalone) container container image with releases tags to ACR (releases branch only)' - condition: eq(startsWith(variables['Build.SourceBranch'], 'refs/heads/releases/'), 'True') - inputs: - script: 'docker push $(SharedAcrBaseUrl).azurecr.io/cdr-auth-server-standalone:$(Build.SourceBranchName)' + echo Tagging cdr-auth-server-standalone with build id: $(Build.BuildId) + docker tag cdr-auth-server-standalone $(SharedAcrBaseUrl).azurecr.io/cdr-auth-server-standalone:$(Build.BuildId) - # Push release full version Tag and obligation date - - task: CmdLine@2 - displayName: 'Push CDRAuthServer (Standalone) container container image with releases tags to ACR (releases branch only)' - condition: eq(startsWith(variables['Build.SourceBranch'], 'refs/heads/releases/'), 'True') - inputs: - script: 'docker push $(SharedAcrBaseUrl).azurecr.io/cdr-auth-server-standalone:$(Build.SourceBranchName)-$(ObligationDateTag)' - - # Push Major and Minor release Tags using above variables - - task: CmdLine@2 - displayName: 'Push CDRAuthServer (Standalone) container container image with releases tags to ACR (releases branch only)' - condition: eq(startsWith(variables['Build.SourceBranch'], 'refs/heads/releases/'), 'True') - inputs: - script: 'docker push $(SharedAcrBaseUrl).azurecr.io/cdr-auth-server-standalone:"$(majorMinorVersion)"' - - # Push Major release Tag using above variables - - task: CmdLine@2 - displayName: 'Push CDRAuthServer (Standalone) container container image with releases tags to ACR (releases branch only)' - condition: eq(startsWith(variables['Build.SourceBranch'], 'refs/heads/releases/'), 'True') - inputs: - script: 'docker push $(SharedAcrBaseUrl).azurecr.io/cdr-auth-server-standalone:"$(majorVersion)"' \ No newline at end of file + echo Pushing all tags to $(SharedAcrBaseUrl).azurecr.io/cdr-auth-server-standalone + docker image push --all-tags $(SharedAcrBaseUrl).azurecr.io/cdr-auth-server-standalone \ No newline at end of file diff --git a/.azuredevops/pipelines/code-scanning.yml b/.azuredevops/pipelines/code-scanning.yml new file mode 100644 index 0000000..ea3fe11 --- /dev/null +++ b/.azuredevops/pipelines/code-scanning.yml @@ -0,0 +1,24 @@ +resources: + repositories: + - repository: shared-code-scanning + type: git + name: Common/shared-code-scanning + ref: refs/heads/main + trigger: none + +schedules: +- cron: '0 17 * * 0' # Run at 17:00 Sunday night UTC (03:00+10:00 Monday Morning) + displayName: 'Weekly code scan' + branches: + include: + - develop + always: true + +# Disable standard CI build +trigger: none + +pool: + vmImage: 'ubuntu-latest' + +extends: + template: pipeline-templates/code-scanning.yml@shared-code-scanning \ No newline at end of file diff --git a/.azuredevops/pipelines/set-tag-name.yml b/.azuredevops/pipelines/set-tag-name.yml new file mode 100644 index 0000000..2d7fcab --- /dev/null +++ b/.azuredevops/pipelines/set-tag-name.yml @@ -0,0 +1,33 @@ +parameters: + - name: name # Name of the variable to set + type: string + - name: input + type: string + default: '' + - name: context + type: string # e.g., $(Build.SourceBranchName) + +steps: +- powershell: | + $input = "${{ parameters.input }}" + $context = "${{ parameters.context }}" + $varName = "${{ parameters.name }}" + + Write-Host "Setting variable: $varName" + Write-Host "Input provided: $input" + Write-Host "Context: $context" + + if (-not [string]::IsNullOrWhiteSpace($input)) { + Write-Host "##vso[task.setvariable variable=$varName]$input" + Write-Host "Used provided value for ${varName}: ${input}" + } else { + switch -Wildcard ($context) { + "main" { $value = "main-latest" } + "develop" { $value = "develop-latest" } + "*release*" { $value = "main-latest" } + default { $value = "develop-latest" } + } + Write-Host "Resolved ${varName} to: ${value}" + Write-Host "##vso[task.setvariable variable=$varName]$value" + } + displayName: 'Set ${{ parameters.name }} variable' diff --git a/.azuredevops/pull_request_template.md b/.azuredevops/pull_request_template.md index 0c8d12c..8a5a801 100644 --- a/.azuredevops/pull_request_template.md +++ b/.azuredevops/pull_request_template.md @@ -1,27 +1,14 @@ -**Checklist:** (Put an `x` in all the boxes that apply) -- [ ] My code follows the code style of this project. -- [ ] I have set this Pull Request to Auto Complete with the delete source branch option selected. -- [ ] Commented out code has been removed or will be removed. -- [ ] I have updated the documentation accordingly. -- [ ] I have added tests to cover my changes. -- [ ] All new and existing tests passed. -- [ ] I have updated the `CHANGELOG.md` file as appropriate. - - -**What kind of change does this PR introduce?** (Bug fix, feature, docs update, ...) - - - -**What is the current behavior?** (You can also link to an open issue here) +**What is the new behaviour?** +(if this is a feature change) +**Does this PR introduce a breaking change?** -**What is the new behavior?** (if this is a feature change) - - - -**Does this PR introduce a breaking change?** (What changes might users need to make in their application due to this PR?) +(What changes might users need to make in their application due to this PR?) +**Other information**: +**Checklist:** (Put an `x` in all the boxes that apply) -**Other information**: +- [ ] I have set this Pull Request to auto complete with the delete source branch option selected. +- [ ] I have updated the documentation in confluence or relevant readme.md text accordingly. \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index 6736a2d..62e56b9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,11 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] +## [3.0.1] - 2025-06-19 + +### Changed +- Fixed multiple build warnings to improve code quality and maintainability + ## [3.0.0] - 2025-03-19 ### Changed diff --git a/Help/container/HELP.md b/Help/container/HELP.md index 8d0d0b4..9dd2fcf 100644 --- a/Help/container/HELP.md +++ b/Help/container/HELP.md @@ -11,7 +11,7 @@

2. Run the Authorisation Server container

- docker run -d -e "ACCEPT_EULA=Y" -e "SA_PASSWORD=Pa{}w0rd2019" -p 1433:1433 --name mssql -h sql1 -d mcr.microsoft.com/mssql/server:2022-latest + docker run -d -e "ACCEPT_EULA=Y" -e "MSSQL_SA_PASSWORD=Pa{}w0rd2019" -p 1433:1433 --name mssql -h sql1 -d mcr.microsoft.com/mssql/server:2022-latest docker run -d -h authorisation-server -p 8001:8001 -p 3000:3000 --add-host=mssql:host-gateway --name authorisation-server consumerdataright/authorisation-server


Please note - This docker compose file utilises the Microsoft SQL Server Image from Docker Hub.
@@ -28,7 +28,7 @@ open a command prompt and execute the following;
docker build -f Dockerfile.standalone -t authorisation-server .
Please note - By default, the container above will be using a MS SQL database container, using this command from a MS Windows command prompt will run the database,
- docker run -d -e "ACCEPT_EULA=Y" -e "SA_PASSWORD=Pa{}w0rd2019" -p 1433:1433 --name mssql -h sql1 -d mcr.microsoft.com/mssql/server:2022-latest + docker run -d -e "ACCEPT_EULA=Y" -e "MSSQL_SA_PASSWORD=Pa{}w0rd2019" -p 1433:1433 --name mssql -h sql1 -d mcr.microsoft.com/mssql/server:2022-latest docker run -d -h authorisation-server -p 8001:8001 -p 3000:3000 --add-host=mssql:host-gateway --name authorisation-server authorisation-server

 diff --git a/README.md b/README.md index b8e5c55..abb022a 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ ![Consumer Data Right Logo](./Assets/cdr-logo.png?raw=true) -[![Consumer Data Standards v1.33.0](https://img.shields.io/badge/Consumer%20Data%20Standards-v1.33.0-blue.svg)](https://consumerdatastandardsaustralia.github.io/standards-archives/standards-1.33.0/#introduction) +[![Consumer Data Standards v1.34.0](https://img.shields.io/badge/Consumer%20Data%20Standards-v1.34.0-blue.svg)](https://consumerdatastandardsaustralia.github.io/standards-archives/standards-1.34.0/#introduction) [![Conformance Test Suite Data Recipients 4.4.0](https://img.shields.io/badge/Conformance%20Test%20Suite%20Data%20Recipients-v4.4.0-darkblue.svg)](https://www.cdr.gov.au/for-providers/conformance-test-suite-data-recipients) [![FAPI 1.0 Advanced Profile](https://img.shields.io/badge/FAPI%201.0-orange.svg)](https://openid.net/specs/openid-financial-api-part-2-1_0.html) [![made-with-dotnet](https://img.shields.io/badge/Made%20with-.NET-1f425Ff.svg)](https://dotnet.microsoft.com/) @@ -16,7 +16,7 @@ The project is used in the Participant Tooling Authorisation Server, providing t ## Authorisation Server - Alignment The Authorisation Server: -- aligns to [v1.33.0](https://consumerdatastandardsaustralia.github.io/standards-archives/standards-1.33.0/#introduction) of the [Consumer Data Standards](https://consumerdatastandardsaustralia.github.io/standards-archives/standards-1.33.0/#introduction) in particular [FAPI 1.0 Migration Phase 4](https://consumerdatastandardsaustralia.github.io/standards-archives/standards-1.33.0/#introduction) with backwards compatibility to Migration Phase 2 and 3; +- aligns to [v1.34.0](https://consumerdatastandardsaustralia.github.io/standards-archives/standards-1.34.0/#introduction) of the [Consumer Data Standards](https://consumerdatastandardsaustralia.github.io/standards-archives/standards-1.34.0/#introduction) in particular [FAPI 1.0 Migration Phase 4](https://consumerdatastandardsaustralia.github.io/standards-archives/standards-1.34.0/#introduction) with backwards compatibility to Migration Phase 2 and 3; - has passed v4.4.0 of the [Conformance Test Suite for Data Recipients](https://www.cdr.gov.au/for-providers/conformance-test-suite-data-recipients); and - is certified with the [FAPI 1.0 Advanced Profile](https://openid.net/specs/openid-financial-api-part-2-1_0.html) . diff --git a/Source/CdrAuthServer.API.Logger/CdrAuthServer.API.Logger.csproj b/Source/CdrAuthServer.API.Logger/CdrAuthServer.API.Logger.csproj index 8de99f8..b81b8f0 100644 --- a/Source/CdrAuthServer.API.Logger/CdrAuthServer.API.Logger.csproj +++ b/Source/CdrAuthServer.API.Logger/CdrAuthServer.API.Logger.csproj @@ -11,9 +11,9 @@ - + - + diff --git a/Source/CdrAuthServer.GetDataRecipients.IntegrationTests/CdrAuthServer.GetDataRecipients.IntegrationTests.csproj b/Source/CdrAuthServer.GetDataRecipients.IntegrationTests/CdrAuthServer.GetDataRecipients.IntegrationTests.csproj index ef33b24..3fd8263 100644 --- a/Source/CdrAuthServer.GetDataRecipients.IntegrationTests/CdrAuthServer.GetDataRecipients.IntegrationTests.csproj +++ b/Source/CdrAuthServer.GetDataRecipients.IntegrationTests/CdrAuthServer.GetDataRecipients.IntegrationTests.csproj @@ -22,7 +22,7 @@ - + @@ -44,16 +44,16 @@ - - + + all runtime; build; native; contentfiles; analyzers; buildtransitive - - + + runtime; build; native; contentfiles; analyzers; buildtransitive all - + \ No newline at end of file diff --git a/Source/CdrAuthServer.GetDataRecipients/CdrAuthServer.GetDataRecipients.csproj b/Source/CdrAuthServer.GetDataRecipients/CdrAuthServer.GetDataRecipients.csproj index 4d674a2..52bc73c 100644 --- a/Source/CdrAuthServer.GetDataRecipients/CdrAuthServer.GetDataRecipients.csproj +++ b/Source/CdrAuthServer.GetDataRecipients/CdrAuthServer.GetDataRecipients.csproj @@ -25,7 +25,7 @@ - + all diff --git a/Source/CdrAuthServer.IntegrationTests/CdrAuthServer.IntegrationTests.csproj b/Source/CdrAuthServer.IntegrationTests/CdrAuthServer.IntegrationTests.csproj index 415f413..f509ed5 100644 --- a/Source/CdrAuthServer.IntegrationTests/CdrAuthServer.IntegrationTests.csproj +++ b/Source/CdrAuthServer.IntegrationTests/CdrAuthServer.IntegrationTests.csproj @@ -35,9 +35,8 @@ - - - + + diff --git a/Source/CdrAuthServer.Repository/CdrAuthServer.Repository.csproj b/Source/CdrAuthServer.Repository/CdrAuthServer.Repository.csproj index af6a96d..2abcbdc 100644 --- a/Source/CdrAuthServer.Repository/CdrAuthServer.Repository.csproj +++ b/Source/CdrAuthServer.Repository/CdrAuthServer.Repository.csproj @@ -12,21 +12,20 @@ - - - + + all runtime; build; native; contentfiles; analyzers; buildtransitive - - + + all runtime; build; native; contentfiles; analyzers; buildtransitive - + all diff --git a/Source/CdrAuthServer.TLS.Gateway/CdrAuthServer.TLS.Gateway.csproj b/Source/CdrAuthServer.TLS.Gateway/CdrAuthServer.TLS.Gateway.csproj index 7413281..0e5577b 100644 --- a/Source/CdrAuthServer.TLS.Gateway/CdrAuthServer.TLS.Gateway.csproj +++ b/Source/CdrAuthServer.TLS.Gateway/CdrAuthServer.TLS.Gateway.csproj @@ -21,7 +21,7 @@ - + diff --git a/Source/CdrAuthServer.UI/package-lock.json b/Source/CdrAuthServer.UI/package-lock.json index 3eb26d4..1361c79 100644 --- a/Source/CdrAuthServer.UI/package-lock.json +++ b/Source/CdrAuthServer.UI/package-lock.json @@ -92,13 +92,15 @@ } }, "node_modules/@babel/code-frame": { - "version": "7.23.5", - "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.23.5.tgz", - "integrity": "sha512-CgH3s1a96LipHCmSUmYFPwY7MNx8C3avkq7i4Wl3cfa662ldtUe4VM1TPXX70pfmrlWTb6jLqTYrZyT2ZTJBgA==", + "version": "7.26.2", + "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.26.2.tgz", + "integrity": "sha512-RJlIHRueQgwWitWgF8OdFYGZX328Ax5BCemNGlqHfplnRT9ESi8JkFlvaVYbS+UubVY6dpv87Fs2u5M29iNFVQ==", "dev": true, + "license": "MIT", "dependencies": { - "@babel/highlight": "^7.23.4", - "chalk": "^2.4.2" + "@babel/helper-validator-identifier": "^7.25.9", + "js-tokens": "^4.0.0", + "picocolors": "^1.0.0" }, "engines": { "node": ">=6.9.0" @@ -450,19 +452,21 @@ } }, "node_modules/@babel/helper-string-parser": { - "version": "7.23.4", - "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.23.4.tgz", - "integrity": "sha512-803gmbQdqwdf4olxrX4AJyFBV/RTr3rSmOj0rKwesmzlfhYNDEs+/iOcznzpNWlJlIlTJC2QfPFcHB6DlzdVLQ==", + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.25.9.tgz", + "integrity": "sha512-4A/SCr/2KLd5jrtOMFzaKjVtAei3+2r/NChoBNoZ3EyP/+GlhoaEGoWOZUmFmoITP7zOJyHIMm+DYRd8o3PvHA==", "dev": true, + "license": "MIT", "engines": { "node": ">=6.9.0" } }, "node_modules/@babel/helper-validator-identifier": { - "version": "7.22.20", - "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.22.20.tgz", - "integrity": "sha512-Y4OZ+ytlatR8AI+8KZfKuL5urKp7qey08ha31L8b3BwewJAoJamTzyvxPR/5D+KkdJCGPq/+8TukHBlY10FX9A==", + "version": "7.25.9", + "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.25.9.tgz", + "integrity": "sha512-Ed61U6XJc3CVRfkERJWDz4dJwKe7iLmmJsbOGu9wSloNSFttHV0I8g6UAgb7qnK5ly5bGLPd4oXZlxCdANBOWQ==", "dev": true, + "license": "MIT", "engines": { "node": ">=6.9.0" } @@ -491,38 +495,28 @@ } }, "node_modules/@babel/helpers": { - "version": "7.23.8", - "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.23.8.tgz", - "integrity": "sha512-KDqYz4PiOWvDFrdHLPhKtCThtIcKVy6avWD2oG4GEvyQ+XDZwHD4YQd+H2vNMnq2rkdxsDkU82T+Vk8U/WXHRQ==", + "version": "7.26.10", + "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.26.10.tgz", + "integrity": "sha512-UPYc3SauzZ3JGgj87GgZ89JVdC5dj0AoetR5Bw6wj4niittNyFh6+eOGonYvJ1ao6B8lEa3Q3klS7ADZ53bc5g==", "dev": true, + "license": "MIT", "dependencies": { - "@babel/template": "^7.22.15", - "@babel/traverse": "^7.23.7", - "@babel/types": "^7.23.6" + "@babel/template": "^7.26.9", + "@babel/types": "^7.26.10" }, "engines": { "node": ">=6.9.0" } }, - "node_modules/@babel/highlight": { - "version": "7.23.4", - "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.23.4.tgz", - "integrity": "sha512-acGdbYSfp2WheJoJm/EBBBLh/ID8KDc64ISZ9DYtBmC8/Q204PZJLHyzeB5qMzJ5trcOkybd78M4x2KWsUq++A==", + "node_modules/@babel/parser": { + "version": "7.26.10", + "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.26.10.tgz", + "integrity": "sha512-6aQR2zGE/QFi8JpDLjUZEPYOs7+mhKXm86VaKFiLP35JQwQb6bwUE+XbvkH0EptsYhbNBSUGaUBLKqxH1xSgsA==", "dev": true, + "license": "MIT", "dependencies": { - "@babel/helper-validator-identifier": "^7.22.20", - "chalk": "^2.4.2", - "js-tokens": "^4.0.0" + "@babel/types": "^7.26.10" }, - "engines": { - "node": ">=6.9.0" - } - }, - "node_modules/@babel/parser": { - "version": "7.23.6", - "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.23.6.tgz", - "integrity": "sha512-Z2uID7YJ7oNvAI20O9X0bblw7Qqs8Q2hFy0R9tAfnfLkp5MW0UH9eUvnDSnFwKZ0AvgS1ucqR4KzvVHgnke1VQ==", - "dev": true, "bin": { "parser": "bin/babel-parser.js" }, @@ -2079,9 +2073,10 @@ "dev": true }, "node_modules/@babel/runtime": { - "version": "7.23.8", - "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.23.8.tgz", - "integrity": "sha512-Y7KbAP984rn1VGMbGqKmBLio9V7y5Je9GvU4rQPCPinCyNfUcToxIXl06d59URp/F3LwinvODxab5N/G6qggkw==", + "version": "7.26.10", + "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.26.10.tgz", + "integrity": "sha512-2WJMeRQPHKSPemqk/awGrAiuFfzBmOIPXKizAsVhWH9YJqLZ0H+HS4c8loHGgW6utJ3E/ejXQUsiGaQy2NZ9Fw==", + "license": "MIT", "dependencies": { "regenerator-runtime": "^0.14.0" }, @@ -2090,14 +2085,15 @@ } }, "node_modules/@babel/template": { - "version": "7.22.15", - "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.22.15.tgz", - "integrity": "sha512-QPErUVm4uyJa60rkI73qneDacvdvzxshT3kksGqlGWYdOTIUOwJ7RDUL8sGqslY1uXWSL6xMFKEXDS3ox2uF0w==", + "version": "7.26.9", + "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.26.9.tgz", + "integrity": "sha512-qyRplbeIpNZhmzOysF/wFMuP9sctmh2cFzRAZOn1YapxBsE1i9bJIY586R/WBLfLcmcBlM8ROBiQURnnNy+zfA==", "dev": true, + "license": "MIT", "dependencies": { - "@babel/code-frame": "^7.22.13", - "@babel/parser": "^7.22.15", - "@babel/types": "^7.22.15" + "@babel/code-frame": "^7.26.2", + "@babel/parser": "^7.26.9", + "@babel/types": "^7.26.9" }, "engines": { "node": ">=6.9.0" @@ -2125,14 +2121,14 @@ } }, "node_modules/@babel/types": { - "version": "7.23.6", - "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.23.6.tgz", - "integrity": "sha512-+uarb83brBzPKN38NX1MkB6vb6+mwvR6amUulqAE7ccQw1pEl+bCia9TbdG1lsnFP7lZySvUn37CHyXQdfTwzg==", + "version": "7.26.10", + "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.26.10.tgz", + "integrity": "sha512-emqcG3vHrpxUKTrxcblR36dcrcoRDvKmnL/dCL6ZsHaShW80qxCAcNhzQZrpeM765VzEos+xOi4s+r4IXzTwdQ==", "dev": true, + "license": "MIT", "dependencies": { - "@babel/helper-string-parser": "^7.23.4", - "@babel/helper-validator-identifier": "^7.22.20", - "to-fast-properties": "^2.0.0" + "@babel/helper-string-parser": "^7.25.9", + "@babel/helper-validator-identifier": "^7.25.9" }, "engines": { "node": ">=6.9.0" @@ -8120,10 +8116,11 @@ "dev": true }, "node_modules/cross-spawn": { - "version": "7.0.3", - "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz", - "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==", + "version": "7.0.6", + "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz", + "integrity": "sha512-uV2QOWP2nWzsy2aMp8aRibhi9dlzF5Hgh5SHaB9OiTGEyDTiJJyx0uy51QXdyWbtAHNua4XJzUKca3OzKUd3vA==", "dev": true, + "license": "MIT", "dependencies": { "path-key": "^3.1.0", "shebang-command": "^2.0.0", @@ -9103,9 +9100,10 @@ "dev": true }, "node_modules/elliptic": { - "version": "6.6.0", - "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.6.0.tgz", - "integrity": "sha512-dpwoQcLc/2WLQvJvLRHKZ+f9FgOdjnq11rurqwekGQygGPsYSK29OMMD2WalatiqQ+XGFDglTNixpPfI+lpaAA==", + "version": "6.6.1", + "resolved": "https://registry.npmjs.org/elliptic/-/elliptic-6.6.1.tgz", + "integrity": "sha512-RaddvvMatK2LJHqFJ+YA4WysVN5Ita9E35botqIYspQ4TkRAlCicdzKOjlyv/1Za5RyTNn7di//eEV0uTAfe3g==", + "license": "MIT", "dependencies": { "bn.js": "^4.11.9", "brorand": "^1.1.0", @@ -10176,10 +10174,11 @@ } }, "node_modules/express": { - "version": "4.21.1", - "resolved": "https://registry.npmjs.org/express/-/express-4.21.1.tgz", - "integrity": "sha512-YSFlK1Ee0/GC8QaO91tHcDxJiE/X4FbpAyQWkxAvG6AXCuR65YzK8ua6D9hvi/TzUfZMpc+BwuM1IPw8fmQBiQ==", + "version": "4.21.2", + "resolved": "https://registry.npmjs.org/express/-/express-4.21.2.tgz", + "integrity": "sha512-28HqgMZAmih1Czt9ny7qr6ek2qddF4FclbMzwhCREB6OFfH+rXAnuNCwo1/wFvrtbgsQDb4kSbX9de9lFbrXnA==", "dev": true, + "license": "MIT", "dependencies": { "accepts": "~1.3.8", "array-flatten": "1.1.1", @@ -10200,7 +10199,7 @@ "methods": "~1.1.2", "on-finished": "2.4.1", "parseurl": "~1.3.3", - "path-to-regexp": "0.1.10", + "path-to-regexp": "0.1.12", "proxy-addr": "~2.0.7", "qs": "6.13.0", "range-parser": "~1.2.1", @@ -10215,6 +10214,10 @@ }, "engines": { "node": ">= 0.10.0" + }, + "funding": { + "type": "opencollective", + "url": "https://opencollective.com/express" } }, "node_modules/express/node_modules/debug": { @@ -17040,15 +17043,16 @@ } }, "node_modules/nanoid": { - "version": "3.3.7", - "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.7.tgz", - "integrity": "sha512-eSRppjcPIatRIMC1U6UngP8XFcz8MQWGQdt1MTBQ7NaAmvXDfvNxbvWV3x2y6CdEUciCSsDHDQZbhYaB8QEo2g==", + "version": "3.3.9", + "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.9.tgz", + "integrity": "sha512-SppoicMGpZvbF1l3z4x7No3OlIjP7QJvC9XR7AhZr1kL133KHnKPztkKDc+Ir4aJ/1VhTySrtKhrsycmrMQfvg==", "funding": [ { "type": "github", "url": "https://github.com/sponsors/ai" } ], + "license": "MIT", "bin": { "nanoid": "bin/nanoid.cjs" }, @@ -17613,10 +17617,11 @@ } }, "node_modules/path-to-regexp": { - "version": "0.1.10", - "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.10.tgz", - "integrity": "sha512-7lf7qcQidTku0Gu3YDPc8DJ1q7OOucfa/BSsIwjuh56VU7katFvuM8hULfkwB3Fns/rsVF7PwPKVw1sl5KQS9w==", - "dev": true + "version": "0.1.12", + "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.12.tgz", + "integrity": "sha512-RA1GjUVMnvYFxuqovrEqZoxxW5NUZqbwKtYz/Tt7nXerk0LbLblQmrsgdeOxV5SFHf0UDggjS/bSeOZwt1pmEQ==", + "dev": true, + "license": "MIT" }, "node_modules/path-type": { "version": "4.0.0", @@ -21969,15 +21974,6 @@ "integrity": "sha512-3f0uOEAQwIqGuWW2MVzYg8fV/QNnc/IpuJNG837rLuczAaLVHslWHZQj4IGiEl5Hs3kkbhwL9Ab7Hrsmuj+Smw==", "dev": true }, - "node_modules/to-fast-properties": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-2.0.0.tgz", - "integrity": "sha512-/OaKK0xYrs3DmxRYqL/yDc+FxFUVYhDlXMhRmv3z915w2HF1tnN1omB354j8VUGO/hbRzyD6Y3sA7v7GS/ceog==", - "dev": true, - "engines": { - "node": ">=4" - } - }, "node_modules/to-regex-range": { "version": "5.0.1", "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz", diff --git a/Source/CdrAuthServer.mTLS.Gateway/CdrAuthServer.mTLS.Gateway.csproj b/Source/CdrAuthServer.mTLS.Gateway/CdrAuthServer.mTLS.Gateway.csproj index b495286..5bc2e56 100644 --- a/Source/CdrAuthServer.mTLS.Gateway/CdrAuthServer.mTLS.Gateway.csproj +++ b/Source/CdrAuthServer.mTLS.Gateway/CdrAuthServer.mTLS.Gateway.csproj @@ -22,8 +22,8 @@ - - + + diff --git a/Source/CdrAuthServer/CdrAuthServer.csproj b/Source/CdrAuthServer/CdrAuthServer.csproj index 9e2fd40..c5148a8 100644 --- a/Source/CdrAuthServer/CdrAuthServer.csproj +++ b/Source/CdrAuthServer/CdrAuthServer.csproj @@ -52,8 +52,9 @@ - - + + + diff --git a/Source/CdrAuthServer/Program.cs b/Source/CdrAuthServer/Program.cs index e5caa60..2ca064f 100644 --- a/Source/CdrAuthServer/Program.cs +++ b/Source/CdrAuthServer/Program.cs @@ -26,10 +26,13 @@ using Microsoft.IdentityModel.Protocols.OpenIdConnect; using Microsoft.IdentityModel.Tokens; using Newtonsoft.Json; +using Polly; +using Polly.Extensions.Http; using Serilog; using Serilog.Settings.Configuration; using static CdrAuthServer.Infrastructure.Constants; +var app = WebApplication.Create(); var builder = WebApplication.CreateBuilder(args); builder.Configuration.AddEnvironmentVariables(); builder.Services.AddSingleton(); @@ -69,7 +72,9 @@ await builder.Services.ConfigureWebServer( builder.Services.AddHttpClient() .ConfigurePrimaryHttpMessageHandler(s => HttpHelper.CreateHttpClientHandler(builder.Configuration)) - .AddHttpMessageHandler(); + .AddHttpMessageHandler() + .SetHandlerLifetime(TimeSpan.FromMinutes(5)) + .AddPolicyHandler(GetRetryPolicy()); builder.Services.AddHttpClient() .ConfigurePrimaryHttpMessageHandler(s => HttpHelper.CreateHttpClientHandler(builder.Configuration)) @@ -114,10 +119,11 @@ await builder.Services.ConfigureWebServer( .AddAuthentication(JwtBearerDefaults.AuthenticationScheme) .AddJwtBearer(async options => { + var jwksService = app.Services.GetRequiredService(); options.Configuration = new OpenIdConnectConfiguration() { JwksUri = $"{metadataAddress}/jwks", - JsonWebKeySet = await LoadJwks($"{metadataAddress}/jwks", HttpHelper.CreateHttpClientHandler(builder.Configuration)), + JsonWebKeySet = await jwksService.GetJwks(new Uri($"{metadataAddress}/jwks")), }; options.TokenValidationParameters = BuildTokenValidationParameters(options, validIssuers, validAudiences, clockSkew); @@ -242,7 +248,7 @@ await builder.Services.ConfigureWebServer( .AddCheck("migration", () => healthCheckMigration ? HealthCheckResult.Healthy(healthCheckMigrationMessage) : HealthCheckResult.Unhealthy(healthCheckMigrationMessage)) .AddCheck("seed-data", () => healthCheckSeedData ? HealthCheckResult.Healthy(healthCheckSeedDataMessage) : HealthCheckResult.Unhealthy(healthCheckSeedDataMessage)); -var app = builder.Build(); +app = builder.Build(); app.UseStaticFiles(); // A static base path can be set by the CdrAuthServer:BasePath app setting. @@ -349,13 +355,6 @@ static Task CustomResponseWriter(HttpContext context, HealthReport healthReport) return context.Response.WriteAsync(result); } -static async Task LoadJwks(string jwksUri, HttpMessageHandler httpMessageHandler) -{ - var httpClient = new HttpClient(httpMessageHandler); - var httpResponse = await httpClient.GetAsync(jwksUri); - return await httpResponse.Content.ReadAsJson(); -} - void MigrateDatabase() { var optionsBuilder = new DbContextOptionsBuilder(); @@ -404,24 +403,24 @@ static TokenValidationParameters BuildTokenValidationParameters( ValidateAudience = true, ValidAudiences = validAudiences, AudienceValidator = (IEnumerable audiences, SecurityToken securityToken, TokenValidationParameters validationParameters) => - { - var validAudiences = new HashSet(validationParameters.ValidAudiences, StringComparer.OrdinalIgnoreCase); + { + var validAudiences = new HashSet(validationParameters.ValidAudiences, StringComparer.OrdinalIgnoreCase); - bool isValid = audiences.Any(audience => - validAudiences.Contains(audience) || - validAudiences.Any(validAudience => audience.StartsWith(validAudience, StringComparison.OrdinalIgnoreCase))); + bool isValid = audiences.Any(audience => + validAudiences.Contains(audience) || + validAudiences.Any(validAudience => audience.StartsWith(validAudience, StringComparison.OrdinalIgnoreCase))); - if (!isValid) - { - string errorMessage = $"IDX10214: Audience validation failed. Audiences: '{string.Join(',', audiences)}'. Did not match: '{string.Join(',', validationParameters.ValidAudiences)}'."; - throw new SecurityTokenInvalidAudienceException(errorMessage) - { - InvalidAudience = string.Join(',', audiences), - }; - } + if (!isValid) + { + string errorMessage = $"IDX10214: Audience validation failed. Audiences: '{string.Join(',', audiences)}'. Did not match: '{string.Join(',', validationParameters.ValidAudiences)}'."; + throw new SecurityTokenInvalidAudienceException(errorMessage) + { + InvalidAudience = string.Join(',', audiences), + }; + } - return isValid; - }, + return isValid; + }, ValidateLifetime = true, ClockSkew = TimeSpan.FromSeconds(clockSkew), @@ -430,3 +429,21 @@ static TokenValidationParameters BuildTokenValidationParameters( IssuerSigningKeys = options.Configuration!.JsonWebKeySet.Keys, }; } + +static Polly.Retry.AsyncRetryPolicy GetRetryPolicy() +{ + // Handles HttpRequestException, Http status codes >= 500 (server errors) and status code 408 (request timeout) + int maxRetryCount = 5; + int retryDelaySeconds = 5; + return HttpPolicyExtensions + .HandleTransientHttpError() + .WaitAndRetryAsync( + maxRetryCount, + (retryAttempt) => TimeSpan.FromSeconds(retryAttempt * retryDelaySeconds), + (exception, timeSpan, retryCount, context) => + Log.Logger.Warning( + "Request failed. Retrying in {Seconds}s (attempt {RetryCount} of {MaxRetryCount}).", + timeSpan.TotalSeconds, + retryCount, + maxRetryCount)); +} diff --git a/Source/Directory.Build.props b/Source/Directory.Build.props index c75d430..bca697b 100644 --- a/Source/Directory.Build.props +++ b/Source/Directory.Build.props @@ -1,10 +1,11 @@ net8.0 - 3.0.0 + 3.0.1 true true true + NU1901;NU1902 $(NoWarn);1591 diff --git a/Source/docker-compose.E2ETests.Standalone.yml b/Source/docker-compose.E2ETests.Standalone.yml index b8e8ecd..534ede5 100644 --- a/Source/docker-compose.E2ETests.Standalone.yml +++ b/Source/docker-compose.E2ETests.Standalone.yml @@ -99,7 +99,7 @@ services: - "1433:1433" environment: - ACCEPT_EULA=Y - - SA_PASSWORD=Pa{}w0rd2019 + - MSSQL_SA_PASSWORD=Pa{}w0rd2019 healthcheck: test: /opt/mssql-tools18/bin/sqlcmd -S . -U sa -P "Pa{}w0rd2019" -Q "SELECT 1" -No || exit 1 timeout: 5s diff --git a/Source/docker-compose.GetDataRecipients.IntegrationTests.yml b/Source/docker-compose.GetDataRecipients.IntegrationTests.yml index 1a7e374..5fe0f6c 100644 --- a/Source/docker-compose.GetDataRecipients.IntegrationTests.yml +++ b/Source/docker-compose.GetDataRecipients.IntegrationTests.yml @@ -7,7 +7,7 @@ services: - "1433:1433" environment: - ACCEPT_EULA=Y - - SA_PASSWORD=Pa{}w0rd2019 + - MSSQL_SA_PASSWORD=Pa{}w0rd2019 healthcheck: test: /opt/mssql-tools18/bin/sqlcmd -S . -U sa -P "Pa{}w0rd2019" -Q "SELECT 1" -No || exit 1 timeout: 5s diff --git a/Source/docker-compose.IntegrationTests.Standalone.yml b/Source/docker-compose.IntegrationTests.Standalone.yml index bd16ef1..be42e88 100644 --- a/Source/docker-compose.IntegrationTests.Standalone.yml +++ b/Source/docker-compose.IntegrationTests.Standalone.yml @@ -122,7 +122,7 @@ services: - "1433:1433" environment: - ACCEPT_EULA=Y - - SA_PASSWORD=Pa{}w0rd2019 + - MSSQL_SA_PASSWORD=Pa{}w0rd2019 healthcheck: test: /opt/mssql-tools18/bin/sqlcmd -S . -U sa -P "Pa{}w0rd2019" -Q "SELECT 1" -No || exit 1 timeout: 5s