Merge pull request #723 from skoruba/dev

1.0.0-rc4
skoruba · Oct 28, 2020 · 56b909f · 56b909f
2 parents 561c380 + aac6e0d
commit 56b909f
Show file tree

Hide file tree

Showing 468 changed files with 36,943 additions and 440 deletions.
diff --git a/README.md b/README.md
@@ -23,7 +23,7 @@ The application is written in the **Asp.Net Core MVC - using .NET Core 3.1**
 - Install the dotnet new template:
 
 ```sh
-dotnet new -i Skoruba.IdentityServer4.Admin.Templates::1.0.0-rc3
+dotnet new -i Skoruba.IdentityServer4.Admin.Templates::1.0.0-rc4
 ```
 
 - Create new project:
@@ -161,11 +161,11 @@ docker-compose up -d
 ### Docker images
 - Docker images will be available also in [docker hub](https://hub.docker.com/u/skoruba)
   - AdminUI:
-    - `skoruba/identityserver4-admin:rc3`
+    - `skoruba/identityserver4-admin:rc4`
   - Admin Api:
-    - `skoruba/identityserver4-admin-api:rc3`
+    - `skoruba/identityserver4-admin-api:rc4`
   - STS:
-    - `skoruba/identityserver4-sts-identity:rc3`
+    - `skoruba/identityserver4-sts-identity:rc4`
 
 ### Publish Docker images to Docker hub
 - Check the script in `build/publish-docker-images.ps1` - change the profile name according to your requirements.
@@ -245,6 +245,59 @@ The following Gulp commands are available:
 - In the controllers is used the policy which name is stored in - `AuthorizationConsts.AdministrationPolicy`. In the policy - `AuthorizationConsts.AdministrationPolicy` is defined required role stored in - `appsettings.json` - `AdministrationRole`.
 - With the default configuration, it is necessary to configure and run instance of IdentityServer4. It is possible to use initial migration for creating the client as it mentioned above
 
+## Azure Key Vault
+
+- It is possible to use Azure Key Vault and configure it in the `appsettings.json` with following configuration:
+
+```
+"AzureKeyVaultConfiguration": {
+    "AzureKeyVaultEndpoint": "",
+    "ClientId": "",
+    "ClientSecret": "",
+    "UseClientCredentials": true
+  }
+```
+
+If your application is running in `Azure App Service`, you can specify `AzureKeyVaultEndpoint`. For applications which are running outside of Azure environment it is possible to use the client credentials flow - so it is necesarry to go to Azure portal, register new application and connect this application to Azure Key Vault and setup the client secret.
+
+- It is possible to use Azure Key Vault for following parts of application:
+
+### Application Secrets and Database Connection Strings:
+
+- It is necesarry to configure the connection to Azure Key Vault and allow following settings:
+
+```
+"AzureKeyVaultConfiguration": {
+    "ReadConfigurationFromKeyVault": true
+  }
+```
+
+### Dataprotection:
+
+Enable Azure Key Vault for dataprotection with following configuration:
+```
+"DataProtectionConfiguration": {
+    "ProtectKeysWithAzureKeyVault": false
+  }
+```
+
+The you need specify the key identifier in configuration:
+
+```
+"AzureKeyVaultConfiguration": {
+    "DataProtectionKeyIdentifier": ""
+  }
+```
+
+### IdentityServer certificate for signing tokens:
+
+- It is possible to go to Azure Key Vault - generate new certificate and use this certificate name below:
+
+```
+"AzureKeyVaultConfiguration": {
+    "IdentityServerCertificateName": ""
+  }
+```
 
 ## Logging
 
@@ -317,6 +370,31 @@ services.AddAuditLogging(options => { options.Source = auditLoggingConfiguration
             services.AddTransient<IAuditLogService, AuditLogService<TAuditLog>>();
 ```
 
+### Admin Configuration
+
+Admin and STS can be customized without editing code in `appsettings.json` under AdminConfiguration section
+
+#### Themes
+
+Ui can be customized using themes integrated from [bootswatch](https://bootswatch.com).
+
+By default, configuration value is null to use default theme. if you want to use a theme, just fill the lowercase theme name as configuration value of `Theme` key.
+
+You can also use your custom theme by integrating it in your project or hosting css on your place to pass the url in `CustomThemeCss` key. (Note that custom theme override standard theme)
+
+- Important Note: Theme can use external ressources which caused errors due to CSP. If you get errors, please make sure that you configured correctly CSP section in your `appsettings.json` with thrusted domains for ressources.
+
+```json
+  "AdminConfiguration": {
+    "PageTitle": "Skoruba IdentityServer4",
+    "HomePageLogoUri": "~/images/skoruba-icon.png",
+    "FaviconUri": "~/favicon.ico",
+    "Theme": "united",
+    "CustomThemeCss": null,
+    ...
+  },
+```
+
 ### Audit Logging Configuration
 
 In `appsettings.json` is following configuration:
@@ -385,17 +463,27 @@ or using `Email`:
 
 ## How to configure an external provider in STS
 
-- In `Skoruba.IdentityServer4.STS.Identity/Helpers/StartupHelpers.cs` - is method called `AddExternalProviders` which contains the example with `GitHub` and in `appsettings.json`:
+- In `Skoruba.IdentityServer4.STS.Identity/Helpers/StartupHelpers.cs` - is method called `AddExternalProviders` which contains the example with `GitHub`, `AzureAD` configured in `appsettings.json`:
 
 ```
 "ExternalProvidersConfiguration": {
         "UseGitHubProvider": false,
         "GitHubClientId": "",
-        "GitHubClientSecret": ""
+        "GitHubClientSecret": "",
+        "UseAzureAdProvider": false,
+        "AzureAdClientId": "",
+        "AzureAdTenantId": "",
+        "AzureInstance": "",
+        "AzureAdSecret": "",
+        "AzureAdCallbackPath": "",
+        "AzureDomain": "" 
 }
 ```
 
 - It is possible to extend `ExternalProvidersConfiguration` with another configuration properties.
+- If you use DockerHub built image, you can use appsettings to configure these providers without changing the code
+  - GitHub
+  - AzureAD
 
 ### List of external providers for ASP.NET Core:
   - https://github.com/aspnet-contrib/AspNet.Security.OAuth.Providers
@@ -431,6 +519,17 @@ In STS project - in `appsettings.json`:
     }
 ```
 
+## CSP - Content Security Policy
+
+- If you want to use favicon or logo not included/hosted on the same place, you need to declare trusted domain where ressources are hosted in appsettings.json.
+
+```
+  "CspTrustedDomains": [
+    "google.com",
+    "mydomain.com"
+  ],
+```
+
 ## Health checks
 
 - AdminUI, AdminUI Api and STS contain endpoint `health`, which check databases and IdentityServer.
@@ -449,6 +548,7 @@ In STS project - in `appsettings.json`:
   - French
   - Finish
   - German
+  - Portuguese
 
 #### Feel free to send a PR with your translation. :blush:
 
@@ -618,8 +718,8 @@ It is possible to define the configuration according the client type - by defaul
 - [x] Health Checks (Databases and IdentityServer)
 - [x] Support for multiple database providers (SqlServer, Mysql, PostgreSQL)
 - [x] Simplify Admin Identity middleware ([#430](https://github.com/skoruba/IdentityServer4.Admin/issues/430))
-- [ ] Add support for loading signing key from Azure Key Vault ([#533](https://github.com/skoruba/IdentityServer4.Admin/issues/533))
-- [ ] Protect keys for dataprotection from Azure Key Vault
+- [x] Add support for loading signing key from Azure Key Vault ([#533](https://github.com/skoruba/IdentityServer4.Admin/issues/533))
+- [x] Protect keys for dataprotection from Azure Key Vault ([#715](https://github.com/skoruba/IdentityServer4.Admin/pull/715))
 
 ### 2.0.0
 - [ ] Update to IdentityServer4 version 4 ([#633](https://github.com/skoruba/IdentityServer4.Admin/issues/633))
@@ -676,7 +776,7 @@ Thanks goes to these wonderful people ([emoji key](https://github.com/kentcdodds
 |[<img src="https://avatars0.githubusercontent.com/u/12243486?s=400&v=3" width="118px;"/><br /><sub>LobsterBandit </sub>](https://github.com/LobsterBandit) <br />💻|[<img src="https://avatars2.githubusercontent.com/u/3465794?s=400&v=3" width="118px;"/><br /><sub>Mehmet Perk </sub>](https://github.com/mperk) <br />💻|[<img src="https://avatars2.githubusercontent.com/u/46886295?s=400&v=3" width="118px;"/><br /><sub>tapmui </sub>](https://github.com/tapmui) <br />🌍|[<img src="https://avatars0.githubusercontent.com/u/12451743?s=400&v=3" width="118px;"/><br /><sub>Saeed Rahimi </sub>](https://github.com/saeedrahimi) <br />💻|[<img src="https://avatars3.githubusercontent.com/u/10605614?s=400&u=9d5f1bca5e31db4eb1975bd5043be2972aa32519&v=3" width="118px;"/><br /><sub>Joshua Williams </sub>](https://github.com/jwilliamsnephos) <br />💻|[<img src="https://avatars3.githubusercontent.com/u/12607748?s=400&u=189a0ff36baaeab34250062fe26ed13a1b78c011&v=3" width="118px;"/><br /><sub>Shengjie Yan </sub>](https://github.com/sheng-jie) <br />💻
 |[<img src="https://avatars3.githubusercontent.com/u/18211871?s=400&u=a994693d3f5d7c5d5365a635af54106452bc16cb&v=3" width="118px;"/><br /><sub>Anatoliy </sub>](https://github.com/UspAN) <br />💻|[<img src="https://avatars0.githubusercontent.com/u/3778268?s=400&u=1702548638153e09cf51d2a80731c7f33ea9185f&v=3" width="118px;"/><br /><sub>Nicholas Peterson </sub>](https://github.com/nickelbob) <br />💻|[<img src="https://avatars2.githubusercontent.com/u/13870734?s=400&u=cbc2f60b6cd630a286b7e7b1c157951287f25563&v=3" width="118px;"/><br /><sub>Alec Papierniak </sub>](https://github.com/AlecPapierniak) <br />💻|[<img src="https://avatars0.githubusercontent.com/u/33623601?s=400&u=53a2bb57c68045766f11fcc5fd6d0282992fec39&v=3" width="118px;"/><br /><sub>Carl Reid </sub>](https://github.com/carlreid) <br />💻|[<img src="https://avatars1.githubusercontent.com/u/12170676?s=400&u=5053e27317b4f7f577504aa0c1c3fddc0dbcbb89&v=3" width="118px;"/><br /><sub>ViRuSTriNiTy </sub>](https://github.com/ViRuSTriNiTy) <br />💻|[<img src="https://avatars2.githubusercontent.com/u/10232683?s=400&v=3" width="118px;"/><br /><sub>J. Arturo </sub>](https://github.com/zinkpad) <br />💻
 |[<img src="https://avatars1.githubusercontent.com/u/7604648?s=400&u=59a1ce466533aadb4c02944805c62957935b0ba9&v=3" width="118px;"/><br /><sub>Weihan Li </sub>](https://github.com/WeihanLi) <br />💻|[<img src="https://avatars3.githubusercontent.com/u/4563019?s=400&v=3" width="118px;"/><br /><sub>Saša Tančev </sub>](https://github.com/tancevsasa) <br />💻|[<img src="https://avatars1.githubusercontent.com/u/12811343?s=400&u=a417cca5ea7e206ecd979d2f623502bc766a504c&v=3" width="118px;"/><br /><sub>cuibty </sub>](https://github.com/cuibty) <br />💻|[<img src="https://avatars3.githubusercontent.com/u/17126867?s=400&u=387bb1de303c993b683cd1335f57a96e1671be45&v=3" width="118px;"/><br /><sub>Simo Paasisalo </sub>](https://github.com/spaasis) <br />💻|[<img src="https://avatars1.githubusercontent.com/u/10352866?s=400&v=3" width="118px;"/><br /><sub>klyse </sub>](https://github.com/klyse) <br />💻|[<img src="https://avatars0.githubusercontent.com/u/19854428?s=400&u=d0f37a7f51e8eaac4da754c9f8deae714e03da65&v=3" width="118px;"/><br /><sub>Martinus Suherman </sub>](https://github.com/martinussuherman) <br />💻
-|[<img src="https://avatars1.githubusercontent.com/u/540241?s=400&v=3" width="118px;"/><br /><sub>Pavel Usachev </sub>](https://github.com/pavel-usachev) <br />💻
+|[<img src="https://avatars1.githubusercontent.com/u/540241?s=400&v=3" width="118px;"/><br /><sub>Pavel Usachev </sub>](https://github.com/pavel-usachev) <br />💻|[<img src="https://avatars2.githubusercontent.com/u/64419131?s=400&u=e18b51ba9a0c1c2bf69ed86fba2251b44c1c3136&v=3" width="118px;"/><br /><sub>LabTrans - STIGeo </sub>](https://github.com/labtrans-ufsc) <br />🌍|[<img src="https://avatars1.githubusercontent.com/u/7376668?s=400&u=93af8ae5f2980c172f2ca13b5380f20a50053866&v=4" width="118px;"/><br /><sub>Valentin LECERF </sub>](https://github.com/ioxFR) <br />💻|[<img src="https://avatars0.githubusercontent.com/u/9968151?s=400&u=c210e5d589ec6433069105d1420bf3d8cb6265f2&v=4" width="118px;"/><br /><sub>Thomas Aunvik </sub>](https://github.com/ThomasAunvik) <br />🐛|[<img src="https://avatars1.githubusercontent.com/u/661509?s=400&u=16eeaa522ebe0f92ef2851b7bbf721f349b815b5&v=4" width="118px;"/><br /><sub>Sebastian Gebhardt </sub>](https://github.com/sgebhardt) <br />🐛
 <!-- prettier-ignore-end -->
 
 This project follows the [all-contributors](https://github.com/kentcdodds/all-contributors) specification.

diff --git a/build/publish-docker-images.ps1 b/build/publish-docker-images.ps1
@@ -1,5 +1,7 @@
 param([string] $version)
 
+Set-Location "../"
+
 # build docker images according to docker-compose
 docker-compose build
 

diff --git a/src/Skoruba.IdentityServer4.Admin.Api/Controllers/RolesController.cs b/src/Skoruba.IdentityServer4.Admin.Api/Controllers/RolesController.cs
@@ -121,7 +121,7 @@ public async Task<IActionResult> Delete(TKey id)
         }
 
         [HttpGet("{id}/Users")]
-        public async Task<ActionResult<TRolesDto>> GetRoleUsers(string id, string searchText, int page = 1, int pageSize = 10)
+        public async Task<ActionResult<TUsersDto>> GetRoleUsers(string id, string searchText, int page = 1, int pageSize = 10)
         {
             var usersDto = await _identityService.GetRoleUsersAsync(id, searchText, page, pageSize);
 
@@ -178,4 +178,4 @@ public async Task<IActionResult> DeleteRoleClaims(TKey id, int claimId)
             return Ok();
         }
     }
-}
+}
diff --git a/src/Skoruba.IdentityServer4.Admin.Api/Program.cs b/src/Skoruba.IdentityServer4.Admin.Api/Program.cs
@@ -50,6 +50,10 @@ private static IConfiguration GetConfiguration(string[] args)
                 configurationBuilder.AddUserSecrets<Startup>();
             }
 
+            var configuration = configurationBuilder.Build();
+
+            configuration.AddAzureKeyVaultConfiguration(configurationBuilder);
+
             configurationBuilder.AddCommandLine(args);
             configurationBuilder.AddEnvironmentVariables();
 
@@ -60,6 +64,8 @@ public static IHostBuilder CreateHostBuilder(string[] args) =>
             Host.CreateDefaultBuilder(args)
                  .ConfigureAppConfiguration((hostContext, configApp) =>
                  {
+                     var configurationRoot = configApp.Build();
+
                      configApp.AddJsonFile("serilog.json", optional: true, reloadOnChange: true);
 
                      var env = hostContext.HostingEnvironment;
@@ -71,6 +77,8 @@ public static IHostBuilder CreateHostBuilder(string[] args) =>
                          configApp.AddUserSecrets<Startup>();
                      }
 
+                     configurationRoot.AddAzureKeyVaultConfiguration(configApp);
+
                      configApp.AddEnvironmentVariables();
                      configApp.AddCommandLine(args);
                  })

diff --git a/src/Skoruba.IdentityServer4.Admin.Api/Skoruba.IdentityServer4.Admin.Api.csproj b/src/Skoruba.IdentityServer4.Admin.Api/Skoruba.IdentityServer4.Admin.Api.csproj
@@ -2,7 +2,7 @@
 
     <PropertyGroup>
         <TargetFramework>netcoreapp3.1</TargetFramework>
-        <Version>1.0.0-rc3</Version>
+        <Version>1.0.0-rc4</Version>
         <Authors>Jan Škoruba</Authors>
         <AspNetCoreHostingModel>InProcess</AspNetCoreHostingModel>
         <UserSecretsId>1cc472a2-4e4b-48ce-846b-5219f71fc643</UserSecretsId>
@@ -73,3 +73,4 @@
     </ItemGroup>
 
 </Project>
+
diff --git a/src/Skoruba.IdentityServer4.Admin.Api/Startup.cs b/src/Skoruba.IdentityServer4.Admin.Api/Startup.cs
@@ -45,9 +45,7 @@ public void ConfigureServices(IServiceCollection services)
             // Add DbContexts
             RegisterDbContexts(services);
 
-            services.AddDataProtection()
-                .SetApplicationName("Skoruba.IdentityServer4")
-                .PersistKeysToDbContext<IdentityServerDataProtectionDbContext>();
+            services.AddDataProtection<IdentityServerDataProtectionDbContext>(Configuration);
 
             // Add email senders which is currently setup for SendGrid and SMTP
             services.AddEmailSenders(Configuration);

diff --git a/src/Skoruba.IdentityServer4.Admin.Api/appsettings.json b/src/Skoruba.IdentityServer4.Admin.Api/appsettings.json
@@ -40,13 +40,24 @@
     },
     "IdentityOptions": {
         "Password": {
-          "RequiredLength": 8
+            "RequiredLength": 8
         },
         "User": {
-          "RequireUniqueEmail": true
+            "RequireUniqueEmail": true
         },
         "SignIn": {
-          "RequireConfirmedAccount": false
+            "RequireConfirmedAccount": false
         }
+    },
+    "DataProtectionConfiguration": {
+        "ProtectKeysWithAzureKeyVault": false
+    },
+    "AzureKeyVaultConfiguration": {
+        "AzureKeyVaultEndpoint": "",
+        "ClientId": "",
+        "ClientSecret": "",
+        "UseClientCredentials": true,
+        "DataProtectionKeyIdentifier": "",
+        "ReadConfigurationFromKeyVault": false
     }
 }
diff --git a/....Admin.BusinessLogic.Identity/Skoruba.IdentityServer4.Admin.BusinessLogic.Identity.csproj b/....Admin.BusinessLogic.Identity/Skoruba.IdentityServer4.Admin.BusinessLogic.Identity.csproj
@@ -2,7 +2,7 @@
 
 	<PropertyGroup>
 		<TargetFramework>netcoreapp3.1</TargetFramework>
-		<Version>1.0.0-rc3</Version>
+		<Version>1.0.0-rc4</Version>
 		<Authors>Jan Škoruba</Authors>
 		<Description>Business Logic layer for the administration of the Asp.Net Core Identity and IdentityServer4</Description>
 		<PackageTags>IdentityServer4 Admin OpenIDConnect OAuth2 Identity</PackageTags>
@@ -31,3 +31,4 @@
 </Project>
 
 
+
diff --git a/...ver4.Admin.BusinessLogic.Shared/Skoruba.IdentityServer4.Admin.BusinessLogic.Shared.csproj b/...ver4.Admin.BusinessLogic.Shared/Skoruba.IdentityServer4.Admin.BusinessLogic.Shared.csproj
@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <TargetFramework>netcoreapp3.1</TargetFramework>
-	  <Version>1.0.0-rc3</Version>
+	  <Version>1.0.0-rc4</Version>
 	  <Authors>Jan Škoruba</Authors>
 	  <PackageTags>IdentityServer4 Admin OpenIDConnect OAuth2 Identity</PackageTags>
 	  <Description>Shared Business Logic layer for the administration of the IdentityServer4 and Asp.Net Core Identity</Description>
@@ -14,3 +14,4 @@
 </Project>
 
 
+
diff --git a/...ba.IdentityServer4.Admin.BusinessLogic/Skoruba.IdentityServer4.Admin.BusinessLogic.csproj b/...ba.IdentityServer4.Admin.BusinessLogic/Skoruba.IdentityServer4.Admin.BusinessLogic.csproj
@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <TargetFramework>netcoreapp3.1</TargetFramework>
-    <Version>1.0.0-rc3</Version>
+    <Version>1.0.0-rc4</Version>
     <Authors>Jan Škoruba</Authors>
     <Description>Business Logic layer for the administration of the IdentityServer4</Description>
     <PackageTags>IdentityServer4 Admin OpenIDConnect OAuth2 Identity</PackageTags>
@@ -47,3 +47,4 @@
 </Project>
 
 
+
diff --git a/...ntityFramework.Extensions/Skoruba.IdentityServer4.Admin.EntityFramework.Extensions.csproj b/...ntityFramework.Extensions/Skoruba.IdentityServer4.Admin.EntityFramework.Extensions.csproj
@@ -2,7 +2,7 @@
 
     <PropertyGroup>
         <TargetFramework>netcoreapp3.1</TargetFramework>
-        <Version>1.0.0-rc3</Version>
+        <Version>1.0.0-rc4</Version>
         <Authors>Jan Škoruba</Authors>
         <PackageTags>IdentityServer4 Admin OpenIDConnect OAuth2 Identity</PackageTags>
         <Description>EntityFramework extensions for the administration of the IdentityServer4 and Asp.Net Core Identity</Description>
@@ -14,3 +14,4 @@
 </Project>
 
 
+
diff --git a/...in.EntityFramework.Identity/Skoruba.IdentityServer4.Admin.EntityFramework.Identity.csproj b/...in.EntityFramework.Identity/Skoruba.IdentityServer4.Admin.EntityFramework.Identity.csproj
@@ -2,7 +2,7 @@
 
 	<PropertyGroup>
 		<TargetFramework>netcoreapp3.1</TargetFramework>
-		<Version>1.0.0-rc3</Version>
+		<Version>1.0.0-rc4</Version>
 		<Authors>Jan Škoruba</Authors>
 		<Description>Entity Framework layer for the administration of the Asp.Net Core Identity and IdentityServer4</Description>
 		<PackageTags>IdentityServer4 Admin OpenIDConnect OAuth2 Identity</PackageTags>
@@ -23,3 +23,4 @@
 </Project>
 
 
+
diff --git a/...r4.Admin.EntityFramework.MySql/Skoruba.IdentityServer4.Admin.EntityFramework.MySql.csproj b/...r4.Admin.EntityFramework.MySql/Skoruba.IdentityServer4.Admin.EntityFramework.MySql.csproj
@@ -2,7 +2,7 @@
 
     <PropertyGroup>
         <TargetFramework>netcoreapp3.1</TargetFramework>
-        <Version>1.0.0-rc3</Version>
+        <Version>1.0.0-rc4</Version>
         <Authors>Jan Škoruba</Authors>
         <PackageTags>IdentityServer4 Admin OpenIDConnect OAuth2 Identity</PackageTags>
         <Description>Entity Framework layer for the administration of the IdentityServer4 and Asp.Net Core Identity with MySql support</Description>
@@ -26,3 +26,4 @@
 </Project>
 
 
+
diff --git a/...ntityFramework.PostgreSQL/Skoruba.IdentityServer4.Admin.EntityFramework.PostgreSQL.csproj b/...ntityFramework.PostgreSQL/Skoruba.IdentityServer4.Admin.EntityFramework.PostgreSQL.csproj
@@ -2,7 +2,7 @@
 
     <PropertyGroup>
         <TargetFramework>netcoreapp3.1</TargetFramework>
-        <Version>1.0.0-rc3</Version>
+        <Version>1.0.0-rc4</Version>
         <Authors>Jan Škoruba</Authors>
         <PackageTags>IdentityServer4 Admin OpenIDConnect OAuth2 Identity</PackageTags>
         <Description>Entity Framework layer for the administration of the IdentityServer4 and Asp.Net Core Identity with PostrgreSQL support</Description>
@@ -25,3 +25,4 @@
 </Project>
 
 
+