Merged
Conversation
refactor(validators): update password validation to use IdmtPasswordOptions chore(solution): remove old .sln file and add new .slnx format fix(dependencies): update package versions for Idmt.BasicSample project test(integration): remove obsolete system info tests from AdminIntegrationTests test(integration): update AuthIntegrationTests to reflect new endpoint naming conventions test(integration): modify ManageIntegrationTests to use new reset-password endpoint test(integration): adjust MultiTenancyIntegrationTests for updated endpoint paths chore(tests): update Idmt.UnitTests project dependencies and remove unused tests test(unit): refactor ValidatorsTests to use IdmtPasswordOptions and remove obsolete validations
feat(auth): enhance refresh token handling with tenant validation fix(auth): add logging for password reset errors refactor(health): simplify health check by removing tenant user count feat(manage): update GetUserInfo to return detailed errors refactor(manage): streamline user registration process fix(manage): ensure user info updates only when changes occur fix(middleware): improve error handling in ValidateBearerTokenTenantMiddleware fix(persistence): use enum for audit actions in IdmtDbContext chore(tests): add unit tests for tenant operation service chore(tests): implement fluent validation tests for various requests chore(tests): update integration tests for tenant management
…oints Security: - Close refresh token tenant validation bypass by rejecting when tenant claim or context is null instead of silently allowing through - Block inactive users from resetting passwords via ResetPassword endpoint Correctness: - Return Unhealthy when database CanConnectAsync returns false (was always reporting Healthy) and propagate CancellationToken - Convert Logout handler to ErrorOr pattern with proper error handling instead of re-throwing raw exceptions to the client - Map Tenant.NotResolved (Validation type) to 400 in login endpoints instead of falling through to the default 500 arm - Return 409 Conflict when creating a tenant that already exists and is active, instead of silently returning 201 Created API consistency: - Rename RevokeTenantAccess route param from tenantId to tenantIdentifier to match GrantTenantAccess endpoint convention - Remove dead Ok<AccessTokenResponse> from RefreshToken Results<> type union since only SignInHttpResult is returned on success Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Implement `UpdateUserInfoHandlerTests` to validate user info update logic, including scenarios for missing claims, inactive users, and unchanged fields. - Add `CurrentUserMiddlewareTests` to ensure current user is set correctly from authenticated requests. - Enhance `ValidateBearerTokenTenantMiddlewareTests` with additional tests for empty tenant claims and custom claim types. - Create `IdmtTenantInfoTests` to validate tenant info model behavior and constraints. - Introduce `TokenRevocationServiceTests` to verify token revocation logic and cleanup of expired tokens. - Update `FluentValidatorTests` to check password reset request validation for weak passwords. - Modify `IdmtLinkGeneratorTests` to ensure email confirmation links are generated correctly with Base64 URL encoding. - Update project dependencies in `Idmt.UnitTests.csproj` for SQLite and testing utilities.
… tenant management endpoints
- Added a rate limiter policy to the authentication endpoints to prevent brute-force attacks and email flooding. - Integrated the rate limiting feature based on configuration options. refactor(manage): Change user role representation to a list - Updated the GetUserInfo response to return a list of roles instead of a single role. - Adjusted related tests to validate the new roles structure. chore(project): Add Microsoft.AspNetCore.App framework reference - Included a framework reference for Microsoft.AspNetCore.App in the project file. fix(token): Handle concurrent token revocation gracefully - Implemented a retry mechanism for concurrent token revocation to ensure correct expiration handling. - Added tests to verify the behavior under race conditions. test(tests): Enhance integration tests for user management and authentication - Updated tests to reflect changes in user roles and authentication flow. - Added new tests for pagination and role retrieval in user management. test(tests): Add unit tests for IdmtOptions and RateLimitingOptions - Created unit tests to validate the configuration options for IdmtOptions and RateLimitingOptions. - Ensured default values and custom configurations are correctly handled. test(tests): Improve LogoutHandler tests for tenant context handling - Enhanced tests for LogoutHandler to verify behavior with tenant context and claims. - Added assertions for logging warnings when tenant information is missing.
…ror responses and options integration - Added handling for locked-out users during login attempts in Login.cs. - Integrated IdmtOptions for cookie expiration in login authentication properties. - Updated refresh token logic to utilize DateTimeOffset for issued and expiration times in RefreshToken.cs. - Refactored middleware to return ProblemDetails for unauthorized and forbidden responses in ValidateBearerTokenTenantMiddleware.cs. - Changed timestamp properties in IdmtAuditLog, IdmtUser, RevokedToken, and TenantAccess models to DateTimeOffset for better time zone handling. - Updated database context to store DateTimeOffset as UTC ticks for compatibility across providers. - Modified token revocation service to accept DateTimeOffset for issuedAt parameter. - Introduced IdmtEmailSenderStartupCheck to warn about unconfigured email sender at startup. - Enhanced unit tests to cover new locked-out scenarios and updated date handling.
…y for tenant access operations
|
You have run out of free Bugbot PR reviews for this billing cycle. This will reset on April 11. To receive reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial. |
idotta
added a commit
that referenced
this pull request
Mar 6, 2026
* feat(validation): add ValidationHelper for FluentValidation integration refactor(validators): update password validation to use IdmtPasswordOptions chore(solution): remove old .sln file and add new .slnx format fix(dependencies): update package versions for Idmt.BasicSample project test(integration): remove obsolete system info tests from AdminIntegrationTests test(integration): update AuthIntegrationTests to reflect new endpoint naming conventions test(integration): modify ManageIntegrationTests to use new reset-password endpoint test(integration): adjust MultiTenancyIntegrationTests for updated endpoint paths chore(tests): update Idmt.UnitTests project dependencies and remove unused tests test(unit): refactor ValidatorsTests to use IdmtPasswordOptions and remove obsolete validations * feat(auth): require authorization for logout endpoint feat(auth): enhance refresh token handling with tenant validation fix(auth): add logging for password reset errors refactor(health): simplify health check by removing tenant user count feat(manage): update GetUserInfo to return detailed errors refactor(manage): streamline user registration process fix(manage): ensure user info updates only when changes occur fix(middleware): improve error handling in ValidateBearerTokenTenantMiddleware fix(persistence): use enum for audit actions in IdmtDbContext chore(tests): add unit tests for tenant operation service chore(tests): implement fluent validation tests for various requests chore(tests): update integration tests for tenant management * fix: address 8 high-priority bugs across auth, admin, and health endpoints Security: - Close refresh token tenant validation bypass by rejecting when tenant claim or context is null instead of silently allowing through - Block inactive users from resetting passwords via ResetPassword endpoint Correctness: - Return Unhealthy when database CanConnectAsync returns false (was always reporting Healthy) and propagate CancellationToken - Convert Logout handler to ErrorOr pattern with proper error handling instead of re-throwing raw exceptions to the client - Map Tenant.NotResolved (Validation type) to 400 in login endpoints instead of falling through to the default 500 arm - Return 409 Conflict when creating a tenant that already exists and is active, instead of silently returning 201 Created API consistency: - Rename RevokeTenantAccess route param from tenantId to tenantIdentifier to match GrantTenantAccess endpoint convention - Remove dead Ok<AccessTokenResponse> from RefreshToken Results<> type union since only SignInHttpResult is returned on success * feat: enhance tenant management with validation and logging improvements * Add unit tests for user info update handler and middleware - Implement `UpdateUserInfoHandlerTests` to validate user info update logic, including scenarios for missing claims, inactive users, and unchanged fields. - Add `CurrentUserMiddlewareTests` to ensure current user is set correctly from authenticated requests. - Enhance `ValidateBearerTokenTenantMiddlewareTests` with additional tests for empty tenant claims and custom claim types. - Create `IdmtTenantInfoTests` to validate tenant info model behavior and constraints. - Introduce `TokenRevocationServiceTests` to verify token revocation logic and cleanup of expired tokens. - Update `FluentValidatorTests` to check password reset request validation for weak passwords. - Modify `IdmtLinkGeneratorTests` to ensure email confirmation links are generated correctly with Base64 URL encoding. - Update project dependencies in `Idmt.UnitTests.csproj` for SQLite and testing utilities. * fix(tests): update RefreshTokenHandlerTests to handle null tenant context correctly * feat: add TokenRevocationCleanupService and enhance authorization for tenant management endpoints * feat(auth): Implement rate limiting for authentication endpoints - Added a rate limiter policy to the authentication endpoints to prevent brute-force attacks and email flooding. - Integrated the rate limiting feature based on configuration options. refactor(manage): Change user role representation to a list - Updated the GetUserInfo response to return a list of roles instead of a single role. - Adjusted related tests to validate the new roles structure. chore(project): Add Microsoft.AspNetCore.App framework reference - Included a framework reference for Microsoft.AspNetCore.App in the project file. fix(token): Handle concurrent token revocation gracefully - Implemented a retry mechanism for concurrent token revocation to ensure correct expiration handling. - Added tests to verify the behavior under race conditions. test(tests): Enhance integration tests for user management and authentication - Updated tests to reflect changes in user roles and authentication flow. - Added new tests for pagination and role retrieval in user management. test(tests): Add unit tests for IdmtOptions and RateLimitingOptions - Created unit tests to validate the configuration options for IdmtOptions and RateLimitingOptions. - Ensured default values and custom configurations are correctly handled. test(tests): Improve LogoutHandler tests for tenant context handling - Enhanced tests for LogoutHandler to verify behavior with tenant context and claims. - Added assertions for logging warnings when tenant information is missing. * feat(auth): Enhance login and refresh token handling with improved error responses and options integration - Added handling for locked-out users during login attempts in Login.cs. - Integrated IdmtOptions for cookie expiration in login authentication properties. - Updated refresh token logic to utilize DateTimeOffset for issued and expiration times in RefreshToken.cs. - Refactored middleware to return ProblemDetails for unauthorized and forbidden responses in ValidateBearerTokenTenantMiddleware.cs. - Changed timestamp properties in IdmtAuditLog, IdmtUser, RevokedToken, and TenantAccess models to DateTimeOffset for better time zone handling. - Updated database context to store DateTimeOffset as UTC ticks for compatibility across providers. - Modified token revocation service to accept DateTimeOffset for issuedAt parameter. - Introduced IdmtEmailSenderStartupCheck to warn about unconfigured email sender at startup. - Enhanced unit tests to cover new locked-out scenarios and updated date handling. * refactor(errors): Clean up error definitions and formatting in IdmtErrors class * refactor(auth): Update authorization policies to require SysUserPolicy for tenant access operations * refactor(ci): Update solution file references from .sln to .slnx in CI workflows ---------
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.