Merge pull request #1294 from ITfoxtec/2.4.x-development

2.4.x development

Author: Revsgaard

Kubernetes/k8s-foxids-ingress-deployment.yaml

@@ -5,9 +5,9 @@ metadata:
   annotations:
    # Rate Limiting, docs https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#rate-limiting
    #nginx.ingress.kubernetes.io/limit-whitelist: "x.x.x.x/x"   # Configure the internal network to be excluded from rate-limiting, you can specify a list of IPs or CIDRs to allow
-   #nginx.ingress.kubernetes.io/limit-connections: "20"          # Limit the number of connections per IP address
-   #nginx.ingress.kubernetes.io/limit-rpm: "300"                 # Limit the number of requests per minute per IP address
-   #nginx.ingress.kubernetes.io/limit-rps: "10"                  # Limit the number of requests per second per IP address
+   #nginx.ingress.kubernetes.io/limit-connections: "200"       # Limit the number of connections per IP address
+   #nginx.ingress.kubernetes.io/limit-rpm: "600"               # Limit the number of requests per minute per IP address
+   #nginx.ingress.kubernetes.io/limit-rps: "200"               # Limit the number of requests per second per IP address
    #Buffer
    nginx.ingress.kubernetes.io/proxy-buffers-number: "4"
    nginx.ingress.kubernetes.io/proxy-buffer-size: "32k"

Kubernetes/k8s-redis-deployment.yaml

@@ -19,7 +19,9 @@ spec:
         - containerPort: 6379
         volumeMounts:
           - mountPath: /data
-            name: redis-data  
+            name: redis-data
+        securityContext:
+          allowPrivilegeEscalation: false  # Prevent privilege escalation in this container
       volumes:
       - name: redis-data
         persistentVolumeClaim:

src/FoxIDs.Control/FoxIDs.Control.csproj

@@ -2,7 +2,7 @@
 
 	<PropertyGroup>
 		<TargetFramework>net9.0</TargetFramework>
-		<Version>2.3.7</Version>
+		<Version>2.3.9</Version>
 		<RootNamespace>FoxIDs</RootNamespace>
 		<Authors>Anders Revsgaard</Authors>
 		<Company>FoxIDs</Company>

src/FoxIDs.ControlClient/FoxIDs.ControlClient.csproj

@@ -2,7 +2,7 @@
 
 	<PropertyGroup>
 		<TargetFramework>net9.0</TargetFramework>
-		<Version>2.3.7</Version>
+		<Version>2.3.9</Version>
 		<RootNamespace>FoxIDs.Client</RootNamespace>
 		<Authors>Anders Revsgaard</Authors>
 		<Company>FoxIDs</Company>

src/FoxIDs.ControlClient/Models/ViewModels/Parties/OidcDownPartyViewModel.cs

@@ -74,6 +74,7 @@ public class OidcDownPartyViewModel : IValidatableObject, IDownPartyName, IAllow
         /// Test URL
         /// </summary>
         [MaxLength(Constants.Models.DownParty.UrlLengthMax)]
+        [Display(Name = "Alternatively, start the test with this test URL")]
         public string TestUrl { get; set; }
 
         /// <summary>

src/FoxIDs.ControlClient/Pages/Users/InternalUsers.razor

@@ -113,6 +113,10 @@
                                 </div>
                                 <label class="label-control">Two-factor</label>
                             </div>
+                        } 
+                        else 
+                        {
+                            <FInputToggle @bind-Value="user.Form.Model.RequireMultiFactor" For="@(() => user.Form.Model.RequireMultiFactor)" TextType="y.n" />
                         }
                         <div class="form-group active-group active">
                             <Label For="@(() => user.Form.Model.Claims)" class="label-control" />

src/FoxIDs.ControlShared/FoxIDs.ControlShared.csproj

@@ -2,7 +2,7 @@
 
 	<PropertyGroup>
 		<TargetFramework>net9.0</TargetFramework>
-		<Version>2.3.7</Version>
+		<Version>2.3.9</Version>
 		<RootNamespace>FoxIDs</RootNamespace>
 		<Authors>Anders Revsgaard</Authors>
 		<Company>FoxIDs</Company>

src/FoxIDs.Shared/FoxIDs.Shared.csproj

@@ -2,7 +2,7 @@
 
 	<PropertyGroup>
 		<TargetFramework>net9.0</TargetFramework>
-		<Version>2.3.7</Version>
+		<Version>2.3.9</Version>
 		<RootNamespace>FoxIDs</RootNamespace>
 		<Authors>Anders Revsgaard</Authors>
 		<Company>FoxIDs</Company>

src/FoxIDs.SharedBase/FoxIDs.SharedBase.csproj

@@ -2,7 +2,7 @@
 
 	<PropertyGroup>
 		<TargetFramework>net9.0</TargetFramework>
-		<Version>2.3.7</Version>
+		<Version>2.3.9</Version>
 		<RootNamespace>FoxIDs</RootNamespace>
 		<Authors>Anders Revsgaard</Authors>
 		<Company>FoxIDs</Company>

src/FoxIDs/Controllers/LoginController.cs

@@ -85,9 +85,16 @@ public async Task<IActionResult> Login(bool passwordAuth = false, bool passwordL
                     }
 
                     if (!(sequenceData.DoLoginPasswordAction || sequenceData.DoLoginPasswordlessEmailAction || sequenceData.DoLoginPasswordlessSmsAction))
-                    {                      
-                        sequenceData.DoLoginIdentifierStep = true;
-                        await sequenceLogic.SaveSequenceDataAsync(sequenceData);
+                    {
+                        if (!sequenceData.LoginHint.IsNullOrWhiteSpace())
+                        {
+                            return await StartAuthenticationInternalLoginHintAsync(sequenceData);
+                        }
+                        else
+                        {
+                            sequenceData.DoLoginIdentifierStep = true;
+                            await sequenceLogic.SaveSequenceDataAsync(sequenceData);
+                        }
                     }
                     else
                     {
@@ -487,10 +494,36 @@ private LoginRequest GetLoginRequest(LoginUpSequenceData sequenceData)
                 LoginAction = sequenceData.LoginAction,
                 UserId = sequenceData.UserId,
                 MaxAge = sequenceData.MaxAge,
-                LoginHint = sequenceData.LoginHint,
+                LoginHint = sequenceData.UserIdentifier,
                 Acr = sequenceData.Acr
             };
-        }       
+        }
+
+        private async Task<IActionResult> StartAuthenticationInternalLoginHintAsync(LoginUpSequenceData sequenceData)
+        {
+            try
+            {
+                logger.ScopeTrace(() => "Start authentication with login hint.");
+                loginPageLogic.CheckUpParty(sequenceData);
+                var loginUpParty = await tenantDataRepository.GetAsync<LoginUpParty>(sequenceData.UpPartyId);
+                securityHeaderLogic.AddImgSrc(loginUpParty.IconUrl);
+                securityHeaderLogic.AddImgSrcFromCss(loginUpParty.Css);
+
+                sequenceData.DoLoginIdentifierStep = false;
+                if (sequenceData.LoginHint.IsNullOrWhiteSpace())
+                {
+                    throw new InvalidOperationException("Login hint is required and cannot be empty.");
+                }
+                sequenceData.UserIdentifier = sequenceData.LoginHint;
+                sequenceData.LoginHint = null; // Clear login hint so it is not used again.
+                await sequenceLogic.SaveSequenceDataAsync(sequenceData);
+                return await StartAuthenticationInternalAsync(sequenceData, loginUpParty);
+            }
+            catch (Exception ex)
+            {
+                throw new EndpointException($"Authentication with login hint failed, Name '{RouteBinding.UpParty.Name}'.", ex) { RouteBinding = RouteBinding };
+            }
+        }
 
         private async Task<IActionResult> StartAuthenticationInternalAsync(LoginUpSequenceData sequenceData, LoginUpParty loginUpParty)
         {