Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enhance API Security #1430

Open
wants to merge 9 commits into
base: staging
Choose a base branch
from
+9,406 −1,845
Open

Enhance API Security #1430

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
fbf274b
Rebased and fixed tests
mshakirdfe Dec 19, 2024
fe837e0
resolved conflicts
mshakirdfe Dec 19, 2024
5fce6ff
Added DfE Nuget package source in docker file
mshakirdfe Jan 3, 2025
743668e
Removed Dfe Corelibs Nuget package source from DockerFile
mshakirdfe Jan 6, 2025
98daae7
Add protected nuget feed credentials
DrizzlyOwl Jan 6, 2025
a65af54
Increased cypress time out to 30 sec
mshakirdfe Jan 7, 2025
00d7d3f
Merge branch 'feature/188885-API-security-enhancement' of https://git…
mshakirdfe Jan 7, 2025
8d15e61
Reverted wrongly renamed const var
mshakirdfe Jan 7, 2025
e071704
Replace Swagger authorisation schema
mshakirdfe Jan 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion ConcernsCaseWork/ConcernsCaseWork.API.Contracts/ConcernsCaseWork.API.Contracts.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,8 @@
</PropertyGroup>

<ItemGroup>
<PackageReference Include="Ardalis.GuardClauses" Version="4.0.1" />
<PackageReference Include="Ardalis.GuardClauses" Version="5.0.0" />
<PackageReference Include="JetBrains.Annotations" Version="2024.3.0" />
</ItemGroup>

</Project>
10 changes: 10 additions & 0 deletions ConcernsCaseWork/ConcernsCaseWork.API.Contracts/PolicyType/Policy.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
namespace ConcernsCaseWork.API.Contracts.PolicyType
{
public static class Policy
{
#pragma warning disable IDE1006 // Naming Styles
public const string Default = "DefaultPolicy";
public const string CanDelete = "CanDelete";
#pragma warning restore IDE1006 // Naming Styles
}
}
22 changes: 12 additions & 10 deletions ConcernsCaseWork/ConcernsCaseWork.API.Tests/ConcernsCaseWork.API.Tests.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,21 +12,23 @@
<PackageReference Include="AutoFixture.AutoMoq" Version="4.18.1" />
<PackageReference Include="AutoFixture.Idioms" Version="4.18.1" />
<PackageReference Include="AutoFixture.Xunit2" Version="4.18.1" />
<PackageReference Include="FluentAssertions" Version="6.12.0" />
<PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="8.0.8" />
<PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" Version="8.0.8" />
<PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="8.0.0" />
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
<PackageReference Include="Moq" Version="4.20.70" />
<PackageReference Include="DfE.CoreLibs.Testing" Version="1.1.12" />
<PackageReference Include="FluentAssertions" Version="7.0.0" />
<PackageReference Include="Microsoft.AspNetCore.Mvc.Testing" Version="8.0.11" />
<PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" Version="8.0.11" />
<PackageReference Include="Microsoft.Extensions.Caching.Memory" Version="8.0.1" />
<PackageReference Include="Microsoft.Extensions.Configuration.UserSecrets" Version="8.0.1" />
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.12.0" />
<PackageReference Include="Moq" Version="4.20.72" />
<PackageReference Include="NBuilder" Version="6.1.0" />
<PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
<PackageReference Include="System.Net.Http.Json" Version="8.0.0" />
<PackageReference Include="xunit" Version="2.8.1" />
<PackageReference Include="xunit.runner.visualstudio" Version="2.8.1">
<PackageReference Include="System.Net.Http.Json" Version="8.0.1" />
<PackageReference Include="xunit" Version="2.9.2" />
<PackageReference Include="xunit.runner.visualstudio" Version="2.8.2">
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
<PrivateAssets>all</PrivateAssets>
</PackageReference>
<PackageReference Include="coverlet.collector" Version="3.2.0">
<PackageReference Include="coverlet.collector" Version="6.0.2">
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
<PrivateAssets>all</PrivateAssets>
</PackageReference>
Expand Down
12 changes: 6 additions & 6 deletions ...nsCaseWork/ConcernsCaseWork.API.Tests/Controllers/NTIUnderConsiderationControllerTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ public async Task Create_ReturnsApiSingleResponseWithNewNTIUnderConsideration()
.Setup(x => x.Execute(It.IsAny<CreateNTIUnderConsiderationRequest>()))
.Returns(response);

var result = await controllerSUT.Create(new CreateNTIUnderConsiderationRequest
var result = controllerSUT.Create(new CreateNTIUnderConsiderationRequest
{
CaseUrn = caseUrn,
CreatedAt = createdAt
Expand All @@ -83,7 +83,7 @@ public async Task GetAllStatuses_ReturnsAllStatuses()
.Setup(x => x.Execute(null))
.Returns(statuses);

var controllerResponse = (await controllerSUT.GetAllStatuses()).Result as OkObjectResult;
var controllerResponse = (controllerSUT.GetAllStatuses()).Result as OkObjectResult;

var actualResult = controllerResponse.Value as ApiSingleResponseV2<List<NTIUnderConsiderationStatus>>;

Expand All @@ -106,7 +106,7 @@ public async Task GetAllReasons_ReturnsAllReasons()
.Setup(x => x.Execute(null))
.Returns(reasons);

var controllerResponse = (await controllerSUT.GetAllReasons()).Result as OkObjectResult;
var controllerResponse = (controllerSUT.GetAllReasons()).Result as OkObjectResult;

var actualResult = controllerResponse.Value as ApiSingleResponseV2<List<NTIUnderConsiderationReason>>;

Expand Down Expand Up @@ -153,7 +153,7 @@ public async Task GetNTIUnderConsiderationByCaseUrn_ReturnsMatchingNTIUnderConsi
.Setup(x => x.Execute(caseUrn))
.Returns(collection);

var controllerResponse = (await controllerSUT.GetNtiUnderConsiderationByCaseUrn(caseUrn)).Result as OkObjectResult;
var controllerResponse = (controllerSUT.GetNtiUnderConsiderationByCaseUrn(caseUrn)).Result as OkObjectResult;

var actualResult = controllerResponse.Value as ApiSingleResponseV2<List<NTIUnderConsiderationResponse>>;

Expand Down Expand Up @@ -183,7 +183,7 @@ public async Task GetNTIUnderConsiderationByID_ReturnsMatchingNTIUnderConsiderat
.Setup(x => x.Execute(considerationId))
.Returns(considerationResponse);

var controllerResponse = (await controllerSUT.GetNTIUnderConsiderationById(considerationId)).Result as OkObjectResult;
var controllerResponse = (controllerSUT.GetNTIUnderConsiderationById(considerationId)).Result as OkObjectResult;


var actualResult = controllerResponse.Value as ApiSingleResponseV2<NTIUnderConsiderationResponse>;
Expand Down Expand Up @@ -223,7 +223,7 @@ public async Task PatchNTIUnderConsideration_ReturnsUpdatedNTIUnderConsideration
.Setup(x => x.Execute(request))
.Returns(response);

var controllerResponse = (await controllerSUT.Patch(request)).Result as OkObjectResult;
var controllerResponse = (controllerSUT.Patch(request)).Result as OkObjectResult;

var actualResult = controllerResponse.Value as ApiSingleResponseV2<NTIUnderConsiderationResponse>;

Expand Down
14 changes: 7 additions & 7 deletions ConcernsCaseWork/ConcernsCaseWork.API.Tests/Controllers/NTIWarningLetterControllerTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ public async Task Create_ReturnsApiSingleResponseWithNewNTIWarningLetter()
.Setup(x => x.Execute(It.IsAny<CreateNTIWarningLetterRequest>()))
.Returns(response);

var result = await controllerSUT.Create(new CreateNTIWarningLetterRequest
var result = controllerSUT.Create(new CreateNTIWarningLetterRequest
{
CaseUrn = caseUrn,
CreatedAt = createdAt
Expand All @@ -91,7 +91,7 @@ public async Task GetAllStatuses_ReturnsAllStatuses()
.Setup(x => x.Execute(null))
.Returns(statuses);

var controllerResponse = (await controllerSUT.GetAllStatuses()).Result as OkObjectResult;
var controllerResponse = (controllerSUT.GetAllStatuses()).Result as OkObjectResult;

var actualResult = controllerResponse.Value as ApiSingleResponseV2<List<NTIWarningLetterStatus>>;

Expand All @@ -114,7 +114,7 @@ public async Task GetAllReasons_ReturnsAllReasons()
.Setup(x => x.Execute(null))
.Returns(reasons);

var controllerResponse = (await controllerSUT.GetAllReasons()).Result as OkObjectResult;
var controllerResponse = (controllerSUT.GetAllReasons()).Result as OkObjectResult;

var actualResult = controllerResponse.Value as ApiSingleResponseV2<List<NTIWarningLetterReason>>;

Expand All @@ -137,7 +137,7 @@ public async Task GetAllConditions_ReturnsAllConditions()
.Setup(x => x.Execute(null))
.Returns(conditions);

var controllerResponse = (await controllerSUT.GetAllConditions()).Result as OkObjectResult;
var controllerResponse = (controllerSUT.GetAllConditions()).Result as OkObjectResult;

var actualResult = controllerResponse.Value as ApiSingleResponseV2<List<NTIWarningLetterCondition>>;

Expand Down Expand Up @@ -207,7 +207,7 @@ public async Task GetNTIWarningLetterByCaseUrn_ReturnsMatchingNTIWarningLetter_W
.Setup(x => x.Execute(caseUrn))
.Returns(collection);

var controllerResponse = (await controllerSUT.GetNtiWarningLetterByCaseUrn(caseUrn)).Result as OkObjectResult;
var controllerResponse = (controllerSUT.GetNtiWarningLetterByCaseUrn(caseUrn)).Result as OkObjectResult;

var actualResult = controllerResponse.Value as ApiSingleResponseV2<List<NTIWarningLetterResponse>>;

Expand Down Expand Up @@ -237,7 +237,7 @@ public async Task GetNTIWarningLetterByID_ReturnsMatchingNTIWarningLetter_WhenGi
.Setup(x => x.Execute(warningLetterId))
.Returns(warningLetterResponse);

var controllerResponse = (await controllerSUT.GetNTIWarningLetterById(warningLetterId)).Result as OkObjectResult;
var controllerResponse = (controllerSUT.GetNTIWarningLetterById(warningLetterId)).Result as OkObjectResult;

var actualResult = controllerResponse.Value as ApiSingleResponseV2<NTIWarningLetterResponse>;

Expand Down Expand Up @@ -276,7 +276,7 @@ public async Task PatchNTIWarningLetter_ReturnsUpdatedNTIWarningLetter()
.Setup(x => x.Execute(request))
.Returns(response);

var controllerResponse = (await controllerSUT.Patch(request)).Result as OkObjectResult;
var controllerResponse = (controllerSUT.Patch(request)).Result as OkObjectResult;

var actualResult = controllerResponse.Value as ApiSingleResponseV2<NTIWarningLetterResponse>;

Expand Down
16 changes: 8 additions & 8 deletions ConcernsCaseWork/ConcernsCaseWork.API.Tests/Controllers/NoticeToImproveControllerTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ public async Task Create_ReturnsApiSingleResponseWithNewNoticeToImprove()
.Setup(x => x.Execute(It.IsAny<CreateNoticeToImproveRequest>()))
.Returns(response);

var result = await controllerSUT.Create(new CreateNoticeToImproveRequest { CaseUrn = caseUrn, CreatedAt = createdAt });
var result = controllerSUT.Create(new CreateNoticeToImproveRequest { CaseUrn = caseUrn, CreatedAt = createdAt });

result.Result.Should().BeEquivalentTo(new ObjectResult(expectedResponse) { StatusCode = StatusCodes.Status201Created });
}
Expand All @@ -89,7 +89,7 @@ public async Task GetAllStatuses_ReturnsAllStatuses()
.Setup(x => x.Execute(null))
.Returns(statuses);

var controllerResponse = (await controllerSUT.GetAllStatuses()).Result as OkObjectResult;
var controllerResponse = (controllerSUT.GetAllStatuses()).Result as OkObjectResult;

var actualResult = controllerResponse.Value as ApiSingleResponseV2<List<NoticeToImproveStatus>>;

Expand All @@ -112,7 +112,7 @@ public async Task GetAllReasons_ReturnsAllReasons()
.Setup(x => x.Execute(null))
.Returns(reasons);

var controllerResponse = (await controllerSUT.GetAllReasons()).Result as OkObjectResult;
var controllerResponse = (controllerSUT.GetAllReasons()).Result as OkObjectResult;

var actualResult = controllerResponse.Value as ApiSingleResponseV2<List<NoticeToImproveReason>>;

Expand All @@ -135,7 +135,7 @@ public async Task GetAllConditions_ReturnsAllConditions()
.Setup(x => x.Execute(null))
.Returns(conditions);

var controllerResponse = (await controllerSUT.GetAllConditions()).Result as OkObjectResult;
var controllerResponse = (controllerSUT.GetAllConditions()).Result as OkObjectResult;

var actualResult = controllerResponse.Value as ApiSingleResponseV2<List<NoticeToImproveCondition>>;

Expand All @@ -158,7 +158,7 @@ public async Task GetAllConditionTypes_ReturnsAllConditionTypes()
.Setup(x => x.Execute(null))
.Returns(conditionTypes);

var controllerResponse = (await controllerSUT.GetAllConditionTypes()).Result as OkObjectResult;
var controllerResponse = (controllerSUT.GetAllConditionTypes()).Result as OkObjectResult;

var actualResult = controllerResponse.Value as ApiSingleResponseV2<List<NoticeToImproveConditionType>>;

Expand Down Expand Up @@ -193,7 +193,7 @@ public async Task GetNoticeToImproveByCaseUrn_ReturnsMatchingNoticeToImprove_Whe
.Setup(x => x.Execute(caseUrn))
.Returns(collection);

var controllerResponse = (await controllerSUT.GetNoticesToImproveByCaseUrn(caseUrn)).Result as OkObjectResult;
var controllerResponse = (controllerSUT.GetNoticesToImproveByCaseUrn(caseUrn)).Result as OkObjectResult;

var actualResult = controllerResponse.Value as ApiSingleResponseV2<List<NoticeToImproveResponse>>;

Expand All @@ -220,7 +220,7 @@ public async Task GetNoticeToImproveByID_ReturnsMatchingNoticeToImprove_WhenGive
.Returns(noticeToImproveResponse);


var controllerResponse = (await controllerSUT.GetNoticeToImproveById(noticeToImproveId)).Result as OkObjectResult;
var controllerResponse = (controllerSUT.GetNoticeToImproveById(noticeToImproveId)).Result as OkObjectResult;


var actualResult = controllerResponse.Value as ApiSingleResponseV2<NoticeToImproveResponse>;
Expand Down Expand Up @@ -256,7 +256,7 @@ public async Task PatchNoticeToImprove_ReturnsUpdatedNoticeToImprove()
.Setup(x => x.Execute(request))
.Returns(response);

var controllerResponse = (await controllerSUT.Patch(request)).Result as OkObjectResult;
var controllerResponse = (controllerSUT.Patch(request)).Result as OkObjectResult;

var actualResult = controllerResponse.Value as ApiSingleResponseV2<NoticeToImproveResponse>;

Expand Down
2 changes: 1 addition & 1 deletion ConcernsCaseWork/ConcernsCaseWork.API.Tests/Controllers/PermissionsControllerTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -45,7 +45,7 @@ public async Task GetPermissions_When_UserInfo_And_CaseIds_Returns_PermissionRes
var mockUserInfoService = new Mock<IServerUserInfoService>();
var mockUseCase = new Mock<IGetCasePermissionsUseCase>();

UserInfo fakeUserInfo = new() { Name = "John.Smith", Roles = new[] { Claims.CaseWorkerRoleClaim } };
UserInfo fakeUserInfo = new() { Name = "John.Smith", Roles = [Claims.CaseWorkerRoleClaim] };
mockUserInfoService.SetupGet(x => x.UserInfo).Returns(fakeUserInfo);

var fakeCaseIds = new long[] { 123 };
Expand Down
Loading
Loading