Merge pull request #389 from ITfoxtec/test

Test

FoxIDs.sln

@@ -35,7 +35,6 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "FoxIDs.SharedBase", "src\Fo
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "docs", "docs", "{CB5D86A0-DD55-49F6-B7AF-8162E9DA4CAF}"
 	ProjectSection(SolutionItems) = preProject
-		docs\_sidebar.md = docs\_sidebar.md
 		docs\certificates.md = docs\certificates.md
 		docs\claim-transform.md = docs\claim-transform.md
 		docs\control.md = docs\control.md
@@ -73,6 +72,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "docs", "docs", "{CB5D86A0-D
 		docs\up-party-oidc.md = docs\up-party-oidc.md
 		docs\up-party-saml-2.0.md = docs\up-party-saml-2.0.md
 		docs\users.md = docs\users.md
+		docs\_sidebar.md = docs\_sidebar.md
 	EndProjectSection
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "images", "images", "{CB88126F-3F28-4511-93E1-2454E239E9C7}"
@@ -153,7 +153,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "images", "images", "{CB8812
 		docs\images\structure.png = docs\images\structure.png
 		docs\images\structure.svg = docs\images\structure.svg
 		docs\images\structure.vsdx = docs\images\structure.vsdx
-		docs\images\upload-risk-passwords.png = docs\images\upload-risk-passwords.png
+		docs\images\upload-risk-passwords-seed-client.png = docs\images\upload-risk-passwords-seed-client.png
 	EndProjectSection
 EndProject
 Global

docs/deployment.md

@@ -38,20 +38,61 @@ In this case you can experience getting a 'ConflictError' with the error message
 
 The solution is to delete (purge) the old Key Vault, which will release the name.
 
-## Seed
+## Upload risk passwords
 
-### Upload risk passwords
+You can read the number of risk passwords uploaded to FoxIDs in [FoxIDs Control Client](control.md#foxids-control-client) master tenant on the Risk Passwords tap. And you can test if a password is okay or has appeared in breaches.
 
-You can upload risk passwrods in FoxIDs Control Client master tenant on the Risk Passwords tap. 
+You can upload risk passwords with the FoxIDs seed tool. The seed tool is a console application. 
 
-![FoxIDs Control Client - Upload risk passwrods](images/upload-risk-passwords.png)
+> The seed tool code can be [downloaded](https://github.com/ITfoxtec/FoxIDs/tree/master/tools/FoxIDs.SeedTool) and need to be compiled to run.
 
 Download the `SHA-1` pwned passwords `ordered by prevalence` from [haveibeenpwned.com/passwords](https://haveibeenpwned.com/Passwords).
 
 > Be aware that it takes some time to upload all risk passwords. This step can be omitted and postponed to later.  
-> The risk passwords are uploaded as bulk which has a higher consumption. Please make sure to adjust the Cosmos DB provisioned throughput (e.g. to 20000 RU/s) temporarily.
 
-### Add sample configuration to a track
+The risk passwords are uploaded as bulk which has a higher consumption. Please make sure to adjust the Cosmos DB provisioned throughput (e.g. to 20000 RU/s or higher) temporarily. 
+The throughput can be adjusted in Azure Cosmos DB --> Data Explorer --> Scale & Settings.
+
+### Configure the seed tool
+
+The seed tool is configured in the `appsettings.json` file.
+
+> Access to upload risk passwords is granted in the `master` tenant.
+
+Create a seed tool OAuth 2.0 client in the [FoxIDs Control Client](control.md#foxids-control-client):
+
+1. Login to the `master` track and select the Parties tab
+2. Create a OAuth 2.0 down-party, click `OAuth 2.0 - Client Credentials Grant`.
+3. Set the client id to `foxids_seed`.
+4. Remember the client secret.
+5. In the resource and scopes section. Grant the sample seed client access to the FoxIDs Control API resource `foxids_control_api` with the scope `foxids:master`.
+6. Click show advanced settings. 
+7. In the issue claims section. Add a claim with the name `role` and the value `foxids:tenant.admin`. This will granted the client the administrator role. 
+
+The seed tool client is thereby granted access to update to the master tenant.
+
+![FoxIDs Control Client - seed tool client](images/upload-risk-passwords-seed-client.png)
+
+Add the FoxIDs and FoxIDs Control API endpoints and client secret to the seed tool configuration. 
+
+```json
+"SeedSettings": {
+    "FoxIDsEndpoint": "https://foxidsxxxx.azurewebsites.net",
+    "FoxIDsControlEndpoint": "https://foxidscontrolxxxx.azurewebsites.net",
+    "ClientSecret": "xxx",
+    ...
+}
+```
+
+### Run the seed tool
+
+Run the seed tool executable SeedTool.exe or run the seed tool directly from Visual Studio. 
+
+* Click 'p' to start uploading risk passwords  
+
+The risk password upload will take a while.
+
+## Add sample configuration to a track
 
 It is possible to run the sample applications after they are configured in a FoxIDs track. The sample configuration can be added with the [sample seed tool](samples.md#configure-samples-in-foxids-track).
 
@@ -90,7 +131,7 @@ Depending on the reverse proxy your are using you might be required to also conf
    - The setting `Settings:FoxIDsEndpoint` is changed to the FoxIDs service sites new primary custom domain.
    - The setting `Settings:FoxIDsControlEndpoint` is changed to the FoxIDs Control sites new primary custom domain.
 
-> HINT: You can create a `main` tenant and add the custom primary domain used on the FoxIDs service as a [custom domain](custom-domain.md) to remove the tenant element from the URL.
+> You can create a `main` tenant and add the custom primary domain used on the FoxIDs service as a [custom domain](custom-domain.md) to remove the tenant element from the URL.
 
 ## Reverse proxy
 It is recommended to place both the FoxIDs Azure App service and the FoxIDs Control Azure App service behind a [reverse proxy](reverse-proxy.md). 

docs/samples.md

@@ -96,17 +96,16 @@ Add the FoxIDs and FoxIDs Control API endpoints to the sample seed tool configur
 
 > Access to create the sample configuration in a track is granted in the `master` track. The sample configuration should not be added to the `master` track.
 
-Create the sample seed OAuth 2.0 client in the FoxIDs Control Client:
+Create a sample seed tool OAuth 2.0 client in the [FoxIDs Control Client](control.md#foxids-control-client):
 
 1. Select the `master` track and create a OAuth 2.0 down-party, click `OAuth 2.0 - Client Credentials Grant`.
 2. Set the client id to `sample_seed`.
 3. Remember the client secret.
 4. In the resource and scopes section. Grant the sample seed client access to the FoxIDs Control API resource `foxids_control_api` with the scope `foxids:tenant`.
-5. In the scopes section. Remove all scopes.
-6. Click show advanced settings. 
-7. In the issue claims section. Granted the client the administrator `role` with the value `foxids:tenant.admin`. 
+5. Click show advanced settings. 
+6. In the issue claims section. Add a claim with the name `role` and the value `foxids:tenant.admin`. This will granted the client the administrator role. 
 
-The sample seed client is thereby granted access to update the tenant.
+The sample seed tool client is thereby granted access to update to the tenant.
 
 ![FoxIDs Control Client - sample_seed client](images/sample_seed-client.png)
 

src/FoxIDs.Control/Controllers/Master/MRiskPasswordTestController.cs

@@ -0,0 +1,47 @@
+using FoxIDs.Infrastructure;
+using FoxIDs.Models;
+using FoxIDs.Repository;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using System.Net;
+using System.Threading.Tasks;
+
+namespace FoxIDs.Controllers
+{
+    public class MRiskPasswordTestController : MasterApiController
+    {
+        private readonly IMasterRepository masterRepository;
+
+        public MRiskPasswordTestController(TelemetryScopedLogger logger, IMasterRepository masterRepository) : base(logger)
+        {
+            this.masterRepository = masterRepository;
+        }
+
+        /// <summary>
+        /// Test if a password has appeared in breaches and is in risk.
+        /// </summary>
+        /// <param name="password">Password.</param>
+        /// <returns>True if in risk.</returns>
+        [ProducesResponseType(typeof(bool), StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status404NotFound)]
+        public async Task<ActionResult<bool>> GetRiskPasswordTest(string password)
+        {
+            try
+            {
+                if (!ModelState.TryValidateRequiredParameter(password, nameof(password))) return BadRequest(ModelState);
+
+                var passwordSha1Hash = password.Sha1Hash();
+                var mRiskPassword = await masterRepository.GetAsync<RiskPassword>(await RiskPassword.IdFormat(passwordSha1Hash));
+                return Ok(true);
+            }
+            catch (CosmosDataException ex)
+            {
+                if (ex.StatusCode == HttpStatusCode.NotFound)
+                {
+                    return Ok(false);
+                }
+                throw;
+            }
+        }
+    }
+}

src/FoxIDs.Control/FoxIDs.Control.csproj

@@ -2,7 +2,7 @@
 
 	<PropertyGroup>
 		<TargetFramework>net6.0</TargetFramework>
-		<Version>1.0.4.13</Version>
+		<Version>1.0.5.1</Version>
 		<RootNamespace>FoxIDs</RootNamespace>
 		<Authors>Anders Revsgaard</Authors>
 		<Company>ITfoxtec</Company>

src/FoxIDs.Control/appsettings.json

@@ -16,7 +16,7 @@
   "AllowedHosts": "*",
   "Settings": {
     "FoxIDsEndpoint": "https://foxidsxxxx.azurewebsites.net", // or custom domain "https://foxidsxxxx.com" or local development https://localhost:44330
-    "FoxIDsControlEndpoint": "https://foxidscontrolxxxx.azurewebsites.net", // or custom domain "https://foxidscontrolxxxx.com" or local development https://localhost:44331
+    "FoxIDsControlEndpoint": "https://foxidscontrolxxxx.azurewebsites.net", // or custom domain "https://control.foxidsxxxx.com" or local development https://localhost:44331
     "DownParty": "foxids_control_api",
     "MasterSeedEnabled": true,
     "CosmosDb": {

src/FoxIDs.ControlClient/FoxIDs.ControlClient.csproj

@@ -3,7 +3,7 @@
 	<PropertyGroup>
 		<TargetFramework>net6.0</TargetFramework>
 		<RazorLangVersion>3.0</RazorLangVersion>
-		<Version>1.0.4.13</Version>
+		<Version>1.0.5.1</Version>
 		<RootNamespace>FoxIDs.Client</RootNamespace>
 		<Authors>Anders Revsgaard</Authors>
 		<Company>ITfoxtec</Company>