Merge pull request #1279 from ITfoxtec/test

Test

Author: Revsgaard

.github/workflows/ci_test_docker.yaml

@@ -33,15 +33,17 @@ jobs:
         uses: docker/[email protected]
         with:
           images: ${{ secrets.DOCKERHUB_ORG }}/foxids
-          tags: |            
+          tags: |
+            type=raw,value=${{ steps.get-version.outputs.version }}-test
             type=raw,value=latest-test,enable=true
 
       - name: Docker meta
         id: meta-fc
         uses: docker/[email protected]
         with:
           images: ${{ secrets.DOCKERHUB_ORG }}/foxids-control
-          tags: |     
+          tags: |
+            type=raw,value=${{ steps.get-version.outputs.version }}-test
             type=raw,value=latest-test,enable=true
 
       - name: Login to Docker Hub

Kubernetes/k8s-foxids-ingress-deployment.yaml

@@ -3,11 +3,11 @@ kind: Ingress
 metadata:
   name: foxids-ingress-http
   annotations:
-   #Rate Limiting
-   #nginx.ingress.kubernetes.io/limit-connections: "20"
-   #nginx.ingress.kubernetes.io/limit-rpm: "300"
-   #nginx.ingress.kubernetes.io/limit-rps: "10"
-   #nginx.ingress.kubernetes.io/limit-whitelist: "xxx.xxx.xxx.xxx" # your IP Address
+   # Rate Limiting, docs https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#rate-limiting
+   #nginx.ingress.kubernetes.io/limit-whitelist: "x.x.x.x/x"   # Configure the internal network to be excluded from rate-limiting, you can specify a list of IPs or CIDRs to allow
+   #nginx.ingress.kubernetes.io/limit-connections: "20"          # Limit the number of connections per IP address
+   #nginx.ingress.kubernetes.io/limit-rpm: "300"                 # Limit the number of requests per minute per IP address
+   #nginx.ingress.kubernetes.io/limit-rps: "10"                  # Limit the number of requests per second per IP address
    #Buffer
    nginx.ingress.kubernetes.io/proxy-buffers-number: "4"
    nginx.ingress.kubernetes.io/proxy-buffer-size: "32k"

docs/external-password-api.md

@@ -1,4 +1,4 @@
-# External Password - API
+# External Password API
 
 Use an external password API when you need FoxIDs to (a) delegate password validation to an existing password store or policy engine, (b) notify an external system about password changes performed in FoxIDs, or (c) handle both scenarios.
 
@@ -11,7 +11,7 @@ If the built-in password policy rejects the password, the external password API
 If you require both validation and change notification, and both can be handled by the same system, implement only the validation API. 
 When you receive a validation request where the password is accepted, perform your notification logic internally. Implement both endpoints only if you must call two different backend systems.
 
-External password APIs are part of the possible password checks for [internal users](users-internal.md).
+External password API can be [configured as password check](users-internal.md#password-check) for [internal users](users-internal.md).
 
 ## Implement API
 

docs/users-external.md

@@ -1,6 +1,7 @@
 # External users
-An external user is linked to one authentication method and can only be authenticated with that particular authentication method. External users can be linked to the authentication methods: OpenID Connect, SAML 2.0, External Login and Environment Link.  
-It is optional to use external users; they are not created by default.
+You can use just-in-time (JIT) provisioning to create external users and associate them with an external identity. 
+An external user is associated with one authentication method (OpenID Connect, SAML 2.0, External Login, or Environment Link) and can only be authenticated using that authentication method.   
+Using external users is optional; they are not created by default.
 
 All external users grouped under an authentication method are linked with the same claim type (e.g. the `sub` claim type) and the users are separated by unique claim values.
 

src/FoxIDs.Control/FoxIDs.Control.csproj

@@ -2,7 +2,7 @@
 
 	<PropertyGroup>
 		<TargetFramework>net9.0</TargetFramework>
-		<Version>2.2.2</Version>
+		<Version>2.3.6</Version>
 		<RootNamespace>FoxIDs</RootNamespace>
 		<Authors>Anders Revsgaard</Authors>
 		<Company>FoxIDs</Company>

src/FoxIDs.Control/Infrastructure/Hosting/FoxIDsClientRouteBindingMiddleware.cs

@@ -1,8 +1,6 @@
 using FoxIDs.Logic;
-using FoxIDs.Logic.Seed;
 using FoxIDs.Models;
 using Microsoft.AspNetCore.Http;
-using Microsoft.Extensions.DependencyInjection;
 using System;
 using System.Threading.Tasks;
 
@@ -18,8 +16,6 @@ protected override bool CheckCustomDomainSupport(string[] route)
             throw new NotSupportedException("Host in header not supported in Control Client.");
         }
 
-        protected override async ValueTask SeedAsync(IServiceProvider requestServices) => await requestServices.GetService<SeedLogic>().SeedAsync();
-
         protected override ValueTask<bool> PreAsync(HttpContext httpContext, string[] route)
         {
             if (route.Length == 0)
@@ -52,4 +48,4 @@ protected override Track.IdKey GetTrackIdKey(string[] route, bool useCustomDomai
             }
         }
     }
-}
+}

src/FoxIDs.Control/Infrastructure/Hosting/ServiceCollectionExtensions.cs

@@ -40,6 +40,7 @@ public static IServiceCollection AddLogic(this IServiceCollection services, FoxI
 
             services.AddTransient<SendEventEmailLogic>();
             services.AddTransient<SeedLogic>();
+
             services.AddTransient<MasterTenantDocumentsSeedLogic>();
             services.AddTransient<MainTenantDocumentsSeedLogic>();
 

src/FoxIDs.Control/Logic/Seed/SeedLogic.cs

@@ -1,67 +1,113 @@
 using FoxIDs.Infrastructure;
 using FoxIDs.Models.Config;
+using Microsoft.AspNetCore.DataProtection;
 using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.DependencyInjection;
 using System;
-using System.Threading.Tasks;
 using System.Threading;
+using System.Threading.Tasks;
 
 namespace FoxIDs.Logic.Seed
 {
     public class SeedLogic : LogicBase
     {
-        private static SemaphoreSlim signal = new SemaphoreSlim(1, 1);
-        private static bool isSeeded = false;
         private readonly TelemetryLogger logger;
+        private readonly IServiceProvider serviceProvider;
         private readonly FoxIDsControlSettings settings;
         private readonly MasterTenantDocumentsSeedLogic masterTenantDocumentsSeedLogic;
         private readonly MainTenantDocumentsSeedLogic mainTenantDocumentsSeedLogic;
 
-        public SeedLogic(TelemetryLogger logger, FoxIDsControlSettings settings, MasterTenantDocumentsSeedLogic masterTenantDocumentsSeedLogic, MainTenantDocumentsSeedLogic mainTenantDocumentsSeedLogic, IHttpContextAccessor httpContextAccessor) : base(httpContextAccessor)
+        public SeedLogic(TelemetryLogger logger, IServiceProvider serviceProvider, FoxIDsControlSettings settings, MasterTenantDocumentsSeedLogic masterTenantDocumentsSeedLogic, MainTenantDocumentsSeedLogic mainTenantDocumentsSeedLogic, IHttpContextAccessor httpContextAccessor) : base(httpContextAccessor)
         {
             this.logger = logger;
+            this.serviceProvider = serviceProvider;
             this.settings = settings;
             this.masterTenantDocumentsSeedLogic = masterTenantDocumentsSeedLogic;
             this.mainTenantDocumentsSeedLogic = mainTenantDocumentsSeedLogic;
         }
 
-        public async Task SeedAsync()
+        public async Task SeedAsync(CancellationToken cancellationToken = default)
+        {
+            try
+            {
+                await SeedLogAsync(cancellationToken);
+                DataProtectionCheck();
+                await SeedDbAsync();
+            }
+            catch (OperationCanceledException)
+            {
+                throw;
+            }
+            catch (ObjectDisposedException)
+            {
+                throw;
+            }
+            catch (Exception ex)
+            {
+                logger.CriticalError(ex);
+                throw;
+            }
+        }
+
+        private async Task SeedLogAsync(CancellationToken cancellationToken)
+        {
+            if (settings.Options?.Log == LogOptions.OpenSearchAndStdoutErrors)
+            {
+                try
+                {
+                    var openSearchTelemetryLogger = serviceProvider.GetService<OpenSearchTelemetryLogger>();
+                    if (await openSearchTelemetryLogger.SeedAsync(cancellationToken))
+                    {
+                        logger.Trace("OpenSearch log storage seeded on startup.");
+                    }
+                }
+                catch (Exception oex)
+                {
+                    throw new Exception("Error seeding OpenSearch log storage on startup.", oex);
+                }
+            }
+        }
+
+        private void DataProtectionCheck()
         {
-            if (isSeeded)
+            if (!(settings.Options.DataStorage == DataStorageOptions.CosmosDb && settings.Options.Cache == CacheOptions.Redis))
             {
-                return;
+                try
+                {
+                    var dataProtection = serviceProvider.GetService<IDataProtectionProvider>();
+                    _ = dataProtection.CreateProtector("seed check protector").Protect("seed check protect data");
+                }
+                catch (Exception oex)
+                {
+                    throw new Exception("Error checking data protection on startup.", oex);
+                }
             }
-            await signal.WaitAsync();
+        }
+
+        private async Task SeedDbAsync()
+        {
             try
             {
-                if (!isSeeded)
+                if (settings.MasterSeedEnabled)
                 {
-                    isSeeded = true;
-                    if (settings.MasterSeedEnabled)
+                    if (await masterTenantDocumentsSeedLogic.SeedAsync())
                     {
-                        if (await masterTenantDocumentsSeedLogic.SeedAsync())
-                        {
-                            logger.Trace("Document container(s) seeded with master tenant.");
-                        }
+                        logger.Trace("Document container(s) seeded with master tenant on startup.");
+                    }
 
-                        if (settings.MainTenantSeedEnabled)
+                    if (settings.MainTenantSeedEnabled)
+                    {
+                        if (await mainTenantDocumentsSeedLogic.SeedAsync())
                         {
-                            if (await mainTenantDocumentsSeedLogic.SeedAsync())
-                            {
-                                logger.Trace("Document container(s) seeded with main tenant.");
-                            }
+                            logger.Trace("Document container(s) seeded with main tenant on startup.");
                         }
                     }
                 }
             }
-            catch (Exception ex)
-            {
-                logger.CriticalError(ex, "Error seeding master documents.");
-                throw;
-            }
-            finally
+            catch (Exception maex)
             {
-                signal.Release(1);
+                throw new Exception("Error seeding master documents on startup.", maex);
             }
         }
     }
-}
+}

src/FoxIDs.Control/Program.cs

@@ -7,14 +7,24 @@
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.DependencyInjection;
 using System;
+using FoxIDs.Logic.Seed;
+using System.Threading.Tasks;
+using System.Threading;
 
 namespace FoxIDs
 {
     public class Program
     {
-        public static void Main(string[] args)
+        public static async Task Main(string[] args)
         {
-            CreateWebHostBuilder(args).Build().Run();
+            var host = CreateWebHostBuilder(args).Build();
+
+            using var scope = host.Services.CreateScope();
+            var seed = scope.ServiceProvider.GetService<SeedLogic>();
+            var lifetime = scope.ServiceProvider.GetService<IHostApplicationLifetime>();
+            await seed.SeedAsync(lifetime?.ApplicationStopping ?? CancellationToken.None);
+
+            await host.RunAsync();
         }
 
         public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>

src/FoxIDs.Control/Startup.cs

@@ -9,6 +9,7 @@
 using Microsoft.Extensions.Hosting;
 using Microsoft.Net.Http.Headers;
 using System.Text.Json.Serialization;
+using FoxIDs.Logic.Seed;
 
 namespace FoxIDs
 {