Merge branch 'main' of https://github.com/Altinn/altinn-access-manage…

…ment-frontend into renovate/microsoft.aspnetcore.openapi-9.x

.github/workflows/codeql.yml

@@ -0,0 +1,70 @@
+# This file was generated by GitHub and later altered to enable .net 9
+name: 'CodeQL'
+
+on:
+  push:
+    branches: ['main']
+  pull_request:
+    branches: ['main']
+  schedule:
+    - cron: '38 17 * * 1'
+
+jobs:
+  analyze:
+    name: Analyze (${{ matrix.language }})
+    runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+    permissions:
+      # required for all workflows
+      security-events: write
+
+      # required to fetch internal or private CodeQL packs
+      packages: read
+
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - language: csharp
+            build-mode: none
+          - language: javascript-typescript
+            build-mode: none
+        # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup .NET
+        uses: actions/setup-dotnet@v4
+        with:
+          dotnet-version: |
+            8.0.x
+            9.0.x
+
+      # Initializes the CodeQL tools for scanning.
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+          build-mode: ${{ matrix.build-mode }}
+          # If you wish to specify custom queries, you can do so here or in a config file.
+          # By default, queries listed here will override any specified in a config file.
+          # Prefix the list here with "+" to use these queries and those in the config file.
+
+      - if: matrix.build-mode == 'manual'
+        shell: bash
+        run: |
+          echo 'If you are using a "manual" build mode for one or more of the' \
+            'languages you are analyzing, replace this with the commands to build' \
+            'your code, for example:'
+          echo '  make bootstrap'
+          echo '  make release'
+          exit 1
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: '/language:${{matrix.language}}'

.github/workflows/deploy-at.yml

@@ -34,7 +34,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        environment: [AT23, AT24]
+        environment: [AT24]
 
     with:
       environment: ${{ matrix.environment }}

.github/workflows/template-build-and-test-backend.yml

@@ -4,7 +4,7 @@ on:
   workflow_call:
 
 env:
-  dotnet_version: 8.0.x
+  dotnet_version: 9.0.x
 
 jobs:
   build:
@@ -42,8 +42,7 @@ jobs:
       - name: Setup .NET
         uses: actions/setup-dotnet@v4
         with:
-          dotnet-version: |
-            8.0.x
+          dotnet-version: ${{ env.dotnet_version }}
       - name: Set up JDK 11
         uses: actions/setup-java@v4
         with:

.mock/handlers/lookup.ts

@@ -13,7 +13,6 @@ export const lookupHandlers = (ACCESSMANAGEMENT_BASE_URL: string) => [
       partyUuid: 'cd35779b-b174-4ecc-bbef-ece13611be7f',
       partyTypeName: 2,
       orgNumber: '310202398',
-      ssn: '',
       unitType: 'AS',
       name: 'DISKRET NÆR TIGER AS',
       isDeleted: false,

.mock/mockServiceWorker.js

@@ -8,8 +8,8 @@
  * - Please do NOT serve this file on production.
  */
 
-const PACKAGE_VERSION = '2.6.5';
-const INTEGRITY_CHECKSUM = 'ca7800994cc8bfb5eb961e037c877074';
+const PACKAGE_VERSION = '2.7.0';
+const INTEGRITY_CHECKSUM = '00729d72e3b82faf54ca8b9621dbb96f';
 const IS_MOCKED_RESPONSE = Symbol('isMockedResponse');
 const activeClientIds = new Set();
 
@@ -199,7 +199,17 @@ async function getResponse(event, client, requestId) {
     // Remove the "accept" header value that marked this request as passthrough.
     // This prevents request alteration and also keeps it compliant with the
     // user-defined CORS policies.
-    headers.delete('accept', 'msw/passthrough');
+    const acceptHeader = headers.get('accept');
+    if (acceptHeader) {
+      const values = acceptHeader.split(',').map((value) => value.trim());
+      const filteredValues = values.filter((value) => value !== 'msw/passthrough');
+
+      if (filteredValues.length > 0) {
+        headers.set('accept', filteredValues.join(', '));
+      } else {
+        headers.delete('accept');
+      }
+    }
 
     return fetch(requestClone, { headers });
   }

.vscode/launch.json

@@ -1,7 +1,4 @@
 {
-  // Use IntelliSense to learn about possible attributes.
-  // Hover to view descriptions of existing attributes.
-  // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
   "version": "0.2.0",
   "configurations": [
     {
@@ -10,6 +7,13 @@
       "name": "Launch Chrome against localhost",
       "url": "http://localhost:8080",
       "webRoot": "${workspaceFolder}"
+    },
+    {
+      "name": "C#: Altinn.AccessManagement.UI [LocalDev_5000]",
+      "type": "dotnet",
+      "request": "launch",
+      "projectPath": "${workspaceFolder}/backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.csproj",
+      "launchConfigurationId": "TargetFramework=;LocalDev_5000"
     }
   ]
 }

.yarnrc.yml

@@ -4,4 +4,4 @@ enableGlobalCache: false
 
 nodeLinker: node-modules
 
-yarnPath: .yarn/releases/yarn-4.5.1.cjs
+yarnPath: .yarn/releases/yarn-4.6.0.cjs

Dockerfile

@@ -1,35 +1,33 @@
 # Building accessmanagement frontend
 FROM node:22-slim AS generate-accessmanagement-frontend
-# FROM node:lts as generate-accessmanagement-frontend
 
 WORKDIR /build
 COPY . .
-RUN corepack enable
-RUN yarn --immutable
-RUN yarn build
+RUN corepack enable && \
+    yarn --immutable && \
+    yarn build
 
 # Building the backend
-FROM mcr.microsoft.com/dotnet/sdk:8.0.100-1-alpine3.18 AS generate-accessmanagement-backend
+FROM mcr.microsoft.com/dotnet/sdk:9.0-alpine AS generate-accessmanagement-backend
+
 WORKDIR /build
 COPY backend .
-RUN dotnet build src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.csproj -c Release -o /app_output
 RUN dotnet publish src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.csproj -c Release -o /app_output
 
 # Building the final image
-FROM mcr.microsoft.com/dotnet/aspnet:8.0.6-alpine3.18 AS final
-EXPOSE 80
-#EXPOSE 443
+FROM mcr.microsoft.com/dotnet/aspnet:9.0-alpine AS final
+
 WORKDIR /app
-# ENV DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false \
-#     DOTNET_RUNNING_IN_CONTAINER=true
-ENV ASPNETCORE_ENVIRONMENT = Development
-ENV ASPNETCORE_HTTP_PORTS = 80
-RUN apk add --no-cache icu-libs krb5-libs libgcc libintl libssl1.1 libstdc++ zlib
+EXPOSE 80
+
+ENV ASPNETCORE_ENVIRONMENT=Development
+ENV ASPNETCORE_HTTP_PORTS=80
 
 COPY --from=generate-accessmanagement-backend /app_output .
 COPY --from=generate-accessmanagement-frontend /build/dist/assets ./wwwroot/accessmanagement/assets
 COPY --from=generate-accessmanagement-frontend /build/src/localizations ./wwwroot/accessmanagement/localizations
 COPY --from=generate-accessmanagement-frontend /build/dist/manifest.json ./wwwroot/accessmanagement
 
 RUN mkdir /tmp/logtelemetry
-ENTRYPOINT ["dotnet", "Altinn.AccessManagement.UI.dll"]
+
+ENTRYPOINT ["dotnet", "Altinn.AccessManagement.UI.dll"]

README.md

@@ -64,6 +64,82 @@ OBS: These settings use https which requires a certificate to be uploaded or gen
 
 Now that the BFF is running, you can move on to the react app.
 
+#### Troubleshooting
+
+If you encounter the error **"Unhandled exception. System.IO.IOException: Failed to bind to address https://localhost:443"**, it usually means the application doesn't have the necessary permissions to use that port. This is because port 443 is a privileged port, typically requiring root access. However, running your entire application with elevated privileges (e.g., using sudo) is not recommended due to security risks. Instead, you can use a reverse proxy like nginx to handle port 443 and forward requests to your application running on a non-privileged port. This allows you to avoid running your app as root while still serving it on the standard HTTPS port.
+
+1. Install nginx:
+
+```Bash
+brew install nginx
+```
+
+2. Configure nginx:
+
+Navigate to the nginx servers directory:
+
+```Bash
+cd /opt/homebrew/etc/nginx/servers
+```
+
+Create a new configuration file (e.g., am_ui.conf) and add the following content:
+
+```Nginx
+server {
+    listen 443 ssl;
+    server_name localhost;
+
+    ssl_certificate ssl/localhost.crt;
+    ssl_certificate_key ssl/localhost.key;
+
+    location / {
+        proxy_pass https://localhost:5000;  
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection keep-alive;
+        proxy_set_header Host $host;
+        proxy_cache_bypass $http_upgrade;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
+```
+
+
+3. Create an SSL certificate:
+
+Go back to the main nginx directory:
+
+```Bash
+cd /opt/homebrew/etc/nginx/
+```
+
+Create an ssl directory:
+
+```Bash
+mkdir ssl
+```
+
+Generate a self-signed certificate:
+
+```Bash
+cd ssl
+openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout localhost.key -out localhost.crt
+```
+(You'll be prompted to enter information for the certificate. This information is not critical for local development, so feel free to fill in any values.)
+
+4. Start nginx:
+
+Start nginx
+```Bash
+sudo nginx
+```
+
+Try running your app again. It should now work correctly on port 443, with nginx handling SSL encryption and forwarding requests to your application.
+
+
+
+
 ### Step 3: Run the React application
 
 Pull the newest version of this repo and navigate to its root
@@ -86,17 +162,23 @@ Happy coding!
 
 The BFF provides us with the option of mocking away all external connections, instead fetching data from static files or generating it dynamically on-call. This can be usefull when testing out code only pertaining to the frontend or when developing functionality that lacks backend support.
 
-The mock can be activated locally or in a specific environment by going to the relevant appsettings file and setting `UseMockData` to true. Be aware that this should NEVER be done for TT02 or PROD!
+The mock can be activated locally or in a specific environment by using the appsettings file for that environment and setting the relevant flags in the 'MockSettings' section. Each flag here relates to a client in the BFF and thus, to the integration to external backends. Setting one of these to true means that instead of the regular client being used at runtime, a mocked version will be used instead. The mocked client will use data from static files instead of making calls to external sources. Since each client can be mocked individually, there is a number of possible combinations that can be enabled, depending on the needed case. In development, you are free to use whatever combination you want, and in certain situations, we enable mocking in one or more of the AT environments. That being said...
+
+**Be aware that the mock should NEVER be enabled for TT02 or PROD!**
 
 ```bash
-"GeneralSettings": {
-  "FrontendBaseUrl": "https://am.ui.at22.altinn.cloud",
-  "Hostname": "at22.altinn.cloud",
-  "UseMockData": true
+"MockSettings": {
+  "AccessManagement_V0": false,
+  "AccessManagement": true,
+  "AccessPackage": true,
+  "ResourceRegistry": false,
+  "Profile": false,
+  "Register": false,
+  "KeyVault": false
 },
 ```
 
-Fun fact: The static files used to run the mock is the same that is used for integration tests - meaning we get twice the usage out of the same data! ♻️
+Fun fact: The static files used to run the mock are also used for integration tests - meaning we get twice the usage out of the same data! ♻️
 
 ### Login when in mock-mode
 
@@ -234,3 +316,5 @@ This project uses [MSW (Mock Service Worker)](https://mswjs.io/) to mock API req
 ### Documentation: 
 *  For more information on writing stories, see the [Storybook Docs](https://storybook.js.org/docs/react/get-started/introduction).
 *  To learn about using MSW with Storybook, check out the [MSW documentation](https://mswjs.io/docs/getting-started/integrate/storybook).
+
+

backend/src/Altinn.AccessManagement.UI/Altinn.AccessManagement.UI.Core/Altinn.AccessManagement.UI.Core.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
 	<PropertyGroup>
-		<TargetFramework>net8.0</TargetFramework>
+		<TargetFramework>net9.0</TargetFramework>
 		<ImplicitUsings>enable</ImplicitUsings>
 		<Nullable>disable</Nullable>
 		<GenerateDocumentationFile>True</GenerateDocumentationFile>
@@ -14,11 +14,13 @@
 		<PackageReference Include="Azure.Security.KeyVault.Certificates" Version="4.7.0" />
 		<PackageReference Include="Azure.Security.KeyVault.Secrets" Version="4.7.0" />
 		<PackageReference Include="Microsoft.AspNetCore.Http.Abstractions" Version="2.2.0" />
-		<PackageReference Include="Microsoft.Extensions.Caching.Abstractions" Version="8.0.0" />
+		<PackageReference Include="Microsoft.Bcl.Cryptography" Version="9.0.0" />
+		<PackageReference Include="Microsoft.Extensions.Caching.Abstractions" Version="9.0.0" />
 		<PackageReference Include="StyleCop.Analyzers" Version="1.1.118">
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
 		</PackageReference>
+		<PackageReference Include="System.Text.Json" Version="9.0.0" />
 	</ItemGroup>
 
 	<ItemGroup Condition="'$(Configuration)'=='Debug'">