Merge pull request #1258 from ITfoxtec/test

Test

Author: Revsgaard

.vscode/launch.json

@@ -0,0 +1,52 @@
+{
+    // Use IntelliSense to learn about possible attributes.
+    // Hover to view descriptions of existing attributes.
+    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "name": "Launch FoxIDs",
+            "type": "coreclr",
+            "request": "launch",
+            "preLaunchTask": "build FoxIDs",
+            "program": "${workspaceFolder}/src/FoxIDs/bin/Debug/net9.0/FoxIDs.dll",
+            "args": [],
+            "cwd": "${workspaceFolder}/src/FoxIDs",
+            "stopAtEntry": false,
+            "serverReadyAction": {
+                "action": "openExternally",
+                "pattern": "\\bNow listening on:\\s+(https?://\\S+)"
+            },
+            "env": {
+                "ASPNETCORE_ENVIRONMENT": "Development"
+            }
+        },
+        {
+            "name": "Launch FoxIDs.Control",
+            "type": "coreclr",
+            "request": "launch",
+            "preLaunchTask": "build FoxIDs.Control",
+            "program": "${workspaceFolder}/src/FoxIDs.Control/bin/Debug/net9.0/FoxIDs.Control.dll",
+            "args": [],
+            "cwd": "${workspaceFolder}/src/FoxIDs.Control",
+            "stopAtEntry": false,
+            "serverReadyAction": {
+                "action": "openExternally",
+                "pattern": "\\bNow listening on:\\s+(https?://\\S+)"
+            },
+            "env": {
+                "ASPNETCORE_ENVIRONMENT": "Development"
+            }
+        }
+    ],
+    "compounds": [
+    {
+      "name": "Launch FoxIDs & FoxIDs.Control",
+      "configurations": [
+        "Launch FoxIDs",
+        "Launch FoxIDs.Control"
+      ],
+      "stopAll": true
+    }
+  ]
+}

.vscode/tasks.json

@@ -0,0 +1,29 @@
+{
+	"version": "2.0.0",
+	"tasks": [
+		{
+			"label": "build FoxIDs",
+			"type": "process",
+			"command": "dotnet",
+			"args": [
+				"build",
+				"${workspaceFolder}/src/FoxIDs/FoxIDs.csproj",
+                "/property:GenerateFullPaths=true",
+                "/consoleloggerparameters:NoSummary"
+			],
+			"problemMatcher": "$msCompile"
+		},
+		{
+			"label": "build FoxIDs.Control",
+			"type": "process",
+			"command": "dotnet",
+			"args": [
+				"build",
+				"${workspaceFolder}/src/FoxIDs.Control/FoxIDs.Control.csproj",
+                "/property:GenerateFullPaths=true",
+                "/consoleloggerparameters:NoSummary"
+			],
+			"problemMatcher": "$msCompile"
+		}
+	]
+}

Kubernetes/k8s-foxids-ingress-deployment.yaml

@@ -3,8 +3,15 @@ kind: Ingress
 metadata:
   name: foxids-ingress-http
   annotations:
+   #Rate Limiting
+   #nginx.ingress.kubernetes.io/limit-connections: "20"
+   #nginx.ingress.kubernetes.io/limit-rpm: "300"
+   #nginx.ingress.kubernetes.io/limit-rps: "10"
+   #nginx.ingress.kubernetes.io/limit-whitelist: "xxx.xxx.xxx.xxx" # your IP Address
+   #Buffer
    nginx.ingress.kubernetes.io/proxy-buffers-number: "4"
    nginx.ingress.kubernetes.io/proxy-buffer-size: "32k"
+   #Certificate
    cert-manager.io/issuer: "letsencrypt-production" #production    
    #cert-manager.io/issuer: "letsencrypt-staging" #staging
 spec:

docs/deployment-k8s.md

@@ -363,6 +363,9 @@ kubectl apply -f xxx.yaml --namespace=test
 **Log**  
 All logs from FoxIDs including errors, trace and events is written to `stdout`. Consider how to handle [application logs](https://kubernetes.io/docs/concepts/cluster-administration/logging/) and collect logs from the containers.
 
+**Rate Limiting**  
+Configure [limits on connections and transmission rates](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#rate-limiting) in `k8s-foxids-ingress-deployment.yaml`.
+
 **MongoDB Operator**  
 Consider MongoDB Operator if you need multiple instances of MongoDB.
 

docs/login.md

@@ -65,6 +65,8 @@ In this example the user is asked to do two-factor authentication with an authen
 
 ![2FA example](images/configure-login-2fa-example.png)
 
+A phone number and email can either be configured as a user identifier or as a claim with the `phone_number` and `email` claim types.
+
 The two-factor authentication type is selected as shown in this table.
 
 <table>

docs/reverse-proxy.md

@@ -44,7 +44,7 @@ Optionally both requiring (`secret1`) and sending (`secret2`) in a `X-FoxIDs-Sec
     </globalRules>
 
 ## Read HTTP headers
-The FoxIDs site support reading the client IP address in the following HTTP headers in order of priority:
+The FoxIDs site support reading the forwarded client IP address in the following HTTP headers in order of priority:
 
  1. `CF-Connecting-IP`
  2. `X-Azure-ClientIP`

docs/users-upload.md

@@ -1,11 +1,11 @@
-# Upload users
+# Upload many users
 
 Provisioning your users in an environment, with or without a password:
 
 - You can upload the users with there password, if you know the users' passwords. 
 - Otherwise, you can upload the users without a password and the users are then requested to set a password with an email or SMS conformation code. Require the users to have either an email or phone number.
 
-The users are bulk uploaded to an environment with 1,000 users at the time and supporting upload of millions of users. You can either user the [FoxIDs Control API](control.md#foxids-control-api) directly or use the [seed tool](#upload-with-seed-tool). 
+The users are bulk uploaded to an environment with 1,000 users at the time and supporting multiple upload of millions of users. You can either user the [FoxIDs Control API](control.md#foxids-control-api) directly or use the [seed tool](#upload-with-seed-tool). 
 
 ## Upload with seed tool
 

src/FoxIDs.Control/Controllers/Helpers/TReadCertificateController.cs

@@ -23,13 +23,12 @@ public TReadCertificateController(TelemetryScopedLogger logger, IMapper mapper)
             this.mapper = mapper;
         }
 
-        /// <summary>
-        /// Read JWK with certificate information.
-        /// </summary>
-        /// <param name="certificateAndPassword">Base64 URL encode certificate and optionally password.</param>
-        /// <returns>User.</returns>
-        [ProducesResponseType(typeof(Api.JwkWithCertificateInfo), StatusCodes.Status200OK)]
-        public async Task<ActionResult<Api.JwkWithCertificateInfo>> PostReadCertificate([FromBody] Api.CertificateAndPassword certificateAndPassword)
+    /// <summary>
+    /// Read JWK with certificate information from PFX.
+    /// </summary>
+    /// <param name="certificateAndPassword">Base64 URL encode certificate and optionally password.</param>
+    [ProducesResponseType(typeof(Api.JwkWithCertificateInfo), StatusCodes.Status200OK)]
+    public async Task<ActionResult<Api.JwkWithCertificateInfo>> PostReadCertificate([FromBody] Api.CertificateAndPassword certificateAndPassword)
         {
             if (!await ModelState.TryValidateObjectAsync(certificateAndPassword)) return BadRequest(ModelState);
 

src/FoxIDs.Control/Controllers/Helpers/TReadCertificateFromPemController.cs

@@ -0,0 +1,50 @@
+using AutoMapper;
+using FoxIDs.Infrastructure;
+using Api = FoxIDs.Models.Api;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using System.Threading.Tasks;
+using ITfoxtec.Identity;
+using System.Security.Cryptography.X509Certificates;
+using System;
+using System.ComponentModel.DataAnnotations;
+using FoxIDs.Infrastructure.Security;
+
+namespace FoxIDs.Controllers
+{
+    [TenantScopeAuthorize(Constants.ControlApi.Segment.Basic, Constants.ControlApi.Segment.Party)]
+    public class TReadCertificateFromPemController : ApiController
+    {
+        private readonly IMapper mapper;
+
+        public TReadCertificateFromPemController(TelemetryScopedLogger logger, IMapper mapper) : base(logger)
+        {
+            this.mapper = mapper;
+        }
+
+        /// <summary>
+        /// Read JWK with certificate information from PEM certificate (.crt) and private key (.key).
+        /// </summary>
+        /// <param name="certificateCrtAndKey">PEM certificate and private key.</param>
+        [ProducesResponseType(typeof(Api.JwkWithCertificateInfo), StatusCodes.Status200OK)]
+        public async Task<ActionResult<Api.JwkWithCertificateInfo>> PostReadCertificateFromPem([FromBody] Api.CertificateCrtAndKey certificateCrtAndKey)
+        {
+            if (!await ModelState.TryValidateObjectAsync(certificateCrtAndKey)) return BadRequest(ModelState);
+
+            try
+            {
+                var certificate = X509Certificate2.CreateFromPem(certificateCrtAndKey.CertificatePemCrt, certificateCrtAndKey.CertificatePemKey);
+                var jwt = await certificate.ToFTJsonWebKeyAsync(includePrivateKey: certificate.HasPrivateKey);
+                return Ok(mapper.Map<Api.JwkWithCertificateInfo>(jwt));
+            }
+            catch (ValidationException)
+            {
+                throw;
+            }
+            catch (Exception ex)
+            {
+                throw new ValidationException("Unable to read PEM certificate and key.", ex);
+            }
+        }
+    }
+}

src/FoxIDs.Control/Controllers/Tracks/TTrackSendSmsController.cs

@@ -0,0 +1,124 @@
+using AutoMapper;
+using FoxIDs.Infrastructure;
+using FoxIDs.Repository;
+using FoxIDs.Models;
+using Api = FoxIDs.Models.Api;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using System.Threading.Tasks;
+using System;
+using FoxIDs.Logic;
+using FoxIDs.Infrastructure.Security;
+
+namespace FoxIDs.Controllers
+{
+    [TenantScopeAuthorize]
+    public class TTrackSendSmsController : ApiController
+    {
+        private readonly TelemetryScopedLogger logger;
+        private readonly IMapper mapper;
+        private readonly ITenantDataRepository tenantDataRepository;
+        private readonly TrackCacheLogic trackCacheLogic;
+
+        public TTrackSendSmsController(TelemetryScopedLogger logger, IMapper mapper, ITenantDataRepository tenantDataRepository, TrackCacheLogic trackCacheLogic) : base(logger)
+        {
+            this.logger = logger;
+            this.mapper = mapper;
+            this.tenantDataRepository = tenantDataRepository;
+            this.trackCacheLogic = trackCacheLogic;
+        }
+
+        /// <summary>
+        /// Get environment send SMS settings.
+        /// </summary>
+        /// <returns>Send SMS settings.</returns>
+        [ProducesResponseType(typeof(Api.ResourceItem), StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status204NoContent)]
+        [ProducesResponseType(StatusCodes.Status404NotFound)]
+        public async Task<ActionResult<Api.SendSms>> GetTrackSendSms()
+        {
+            try
+            {
+                var mTrack = await tenantDataRepository.GetTrackByNameAsync(new Track.IdKey { TenantName = RouteBinding.TenantName, TrackName = RouteBinding.TrackName });
+                if (mTrack.SendSms == null)
+                {
+                    return NoContent();
+                }
+                return Ok(mapper.Map<Api.SendSms>(mTrack.SendSms));
+            }
+            catch (FoxIDsDataException ex)
+            {
+                if (ex.StatusCode == DataStatusCode.NotFound)
+                {
+                    logger.Warning(ex, $"NotFound, Get Track.SendSms by environment name '{RouteBinding.TrackName}'.");
+                    return NotFound("Track.SendSms", RouteBinding.TrackName);
+                }
+                throw;
+            }
+        }
+
+        /// <summary>
+        /// Update environment send SMS settings.
+        /// </summary>
+        /// <param name="sendSms">Send SMS settings.</param>
+        /// <returns>Send SMS settings.</returns>
+        [ProducesResponseType(typeof(Api.TrackResourceItem), StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status404NotFound)]
+        public async Task<ActionResult<Api.SendSms>> PutTrackSendSms([FromBody] Api.SendSms sendSms)
+        {
+            try
+            {
+                if (!await ModelState.TryValidateObjectAsync(sendSms)) return BadRequest(ModelState);
+
+                var trackIdKey = new Track.IdKey { TenantName = RouteBinding.TenantName, TrackName = RouteBinding.TrackName };
+                var mTrack = await tenantDataRepository.GetTrackByNameAsync(trackIdKey);
+
+                mTrack.SendSms = mapper.Map<SendSms>(sendSms);
+                await tenantDataRepository.UpdateAsync(mTrack);
+
+                await trackCacheLogic.InvalidateTrackCacheAsync(trackIdKey);
+
+                return Ok(mapper.Map<Api.SendSms>(mTrack.SendSms));
+            }
+            catch (FoxIDsDataException ex)
+            {
+                if (ex.StatusCode == DataStatusCode.NotFound)
+                {
+                    logger.Warning(ex, $"NotFound, Update Track.SendSms by environment name '{RouteBinding.TrackName}'.");
+                    return NotFound("Track.SendSms", Convert.ToString(RouteBinding.TrackName));
+                }
+                throw;
+            }
+        }
+
+        /// <summary>
+        /// Delete environment send SMS settings.
+        /// </summary>
+        [ProducesResponseType(StatusCodes.Status204NoContent)]
+        [ProducesResponseType(StatusCodes.Status404NotFound)]
+        public async Task<IActionResult> DeleteTrackSendSms()
+        {
+            try
+            {
+                var trackIdKey = new Track.IdKey { TenantName = RouteBinding.TenantName, TrackName = RouteBinding.TrackName };
+                var mTrack = await tenantDataRepository.GetTrackByNameAsync(trackIdKey);
+
+                mTrack.SendSms = null;
+                await tenantDataRepository.UpdateAsync(mTrack);
+
+                await trackCacheLogic.InvalidateTrackCacheAsync(trackIdKey);
+
+                return NoContent();
+            }
+            catch (FoxIDsDataException ex)
+            {
+                if (ex.StatusCode == DataStatusCode.NotFound)
+                {
+                    logger.Warning(ex, $"NotFound, Delete Track.SendSms by environment name '{RouteBinding.TrackName}'.");
+                    return NotFound("Track.SendSms", Convert.ToString(RouteBinding.TrackName));
+                }
+                throw;
+            }
+        }
+    }
+}