chore(sync) Syncing changes from dev to alpha

.github/workflows/lighthouse.yml

@@ -19,7 +19,7 @@ jobs:
       - name: setup node
         uses: actions/setup-node@v6
         with:
-          node-version: '16.x'
+          node-version: '22.x'
       - name: install node deps
         run: npm install
       - name: node build
@@ -38,10 +38,19 @@ jobs:
           install: localdb
       - name: migrate
         run: .\.dotnet-tools\dotnet-ef database update --project web/web.csproj
+        env:
+          Jwt__Key: "lighthouse-ci-test-jwt-key-minimum-32-characters-required"
+          Jwt__Issuer: "atlas-lighthouse-ci"
+          Jwt__Audience: "atlas-lighthouse-ci"
       - name: run Lighthouse CI
         run: |
           npm install -g @lhci/cli@0.9.x
           lhci autorun
         env:
           LHCI_GITHUB_APP_TOKEN: ${{ secrets.LHCI_GITHUB_APP_TOKEN }}
           LHCI_TOKEN: ${{ secrets.LHCI_TOKEN }}
+          Jwt__Key: "lighthouse-ci-test-jwt-key-minimum-32-characters-required"
+          Jwt__Issuer: "atlas-lighthouse-ci"
+          Jwt__Audience: "atlas-lighthouse-ci"
+          Cors__AllowedOrigins__0: "http://localhost:3000"
+          Auth__DefaultCallbackPath: "/auth/callback"

.github/workflows/release.yaml

@@ -19,7 +19,7 @@ jobs:
       - name: setup node
         uses: actions/setup-node@v6
         with:
-          node-version: '20.x'
+          node-version: '22.x'
       - name: install node deps
         run: npm install --ignore-scripts --no-audit --no-fund
       - name: Semantic Release

.github/workflows/sonar.yml

@@ -38,6 +38,11 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+          Jwt__Key: "sonar-ci-test-jwt-key-minimum-32-characters-required-for-build"
+          Jwt__Issuer: "atlas-sonar-ci"
+          Jwt__Audience: "atlas-sonar-ci"
+          Cors__AllowedOrigins__0: "http://localhost:3000"
+          Auth__DefaultCallbackPath: "/auth/callback"
         shell: powershell
         run: |
           .\.sonar\scanner\dotnet-sonarscanner begin /k:"atlas-bi_atlas-bi-library" /o:"atlas-bi" /d:sonar.login="${{ secrets.SONAR_TOKEN }}" /d:sonar.host.url="https://sonarcloud.io"

.github/workflows/test.yaml

@@ -17,7 +17,7 @@ jobs:
       - name: setup node
         uses: actions/setup-node@v6
         with:
-          node-version: '18.x'
+          node-version: '22.x'
 
       - name: install node deps
         run: npm install --ignore-scripts --no-audit --no-fund
@@ -41,7 +41,7 @@ jobs:
       - name: setup node
         uses: actions/setup-node@v6
         with:
-          node-version: '18.x'
+          node-version: '22.x'
       - name: install node deps
         run: npm install --ignore-scripts --no-audit --no-fund
       - name: node build
@@ -82,7 +82,7 @@ jobs:
       - name: setup node
         uses: actions/setup-node@v6
         with:
-          node-version: '18.x'
+          node-version: '22.x'
       - name: setup java
         uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654
         with:
@@ -94,7 +94,6 @@ jobs:
         run: npm run build
       - name: install dotnet deps
         run: |
-          dotnet tool install -g coverlet.console
           dotnet tool install -g dotnet-reportgenerator-globaltool
           dotnet restore
       - name: build
@@ -109,6 +108,21 @@ jobs:
           BROWSERSTACK_ACCESS_KEY: ${{ secrets.BROWSERSTACK_ACCESS_KEY }}
           BROWSERSTACK_USERNAME: ${{ secrets.BROWSERSTACK_USERNAME }}
 
+      - name: collect coverage file
+        if: always()
+        shell: pwsh
+        run: |
+          $coverageFile = Get-ChildItem -Path TestResults -Recurse -Filter coverage.cobertura.xml |
+            Sort-Object LastWriteTimeUtc -Descending |
+            Select-Object -First 1
+
+          if ($coverageFile) {
+            Copy-Item $coverageFile.FullName coverage.cobertura.xml -Force
+            Write-Host "Copied coverage file from $($coverageFile.FullName)"
+          } else {
+            Write-Host "Coverage file not found under TestResults"
+          }
+
       - name: console coverage
         if: always()
         run: |
@@ -204,7 +218,7 @@ jobs:
       - name: setup node
         uses: actions/setup-node@v6
         with:
-          node-version: '18.x'
+          node-version: '22.x'
       - name: setup java
         uses: actions/setup-java@be666c2fcd27ec809703dec50e508c2fdc7f6654
         with:
@@ -216,7 +230,6 @@ jobs:
         run: npm run build
       - name: install dotnet deps
         run: |
-          dotnet tool install -g coverlet.console
           dotnet tool install -g dotnet-reportgenerator-globaltool
           dotnet restore
       - name: build
@@ -231,6 +244,21 @@ jobs:
           BROWSERSTACK_ACCESS_KEY: ${{ secrets.BROWSERSTACK_ACCESS_KEY }}
           BROWSERSTACK_USERNAME: ${{ secrets.BROWSERSTACK_USERNAME }}
 
+      - name: collect coverage file
+        if: always()
+        shell: pwsh
+        run: |
+          $coverageFile = Get-ChildItem -Path TestResults -Recurse -Filter coverage.cobertura.xml |
+            Sort-Object LastWriteTimeUtc -Descending |
+            Select-Object -First 1
+
+          if ($coverageFile) {
+            Copy-Item $coverageFile.FullName coverage.cobertura.xml -Force
+            Write-Host "Copied coverage file from $($coverageFile.FullName)"
+          } else {
+            Write-Host "Coverage file not found under TestResults"
+          }
+
       - name: console coverage
         if: always()
         run: |

docker-compose.yml

@@ -68,6 +68,10 @@ services:
     environment:
       PORT: ${WEB_PORT:-3000}
       SEED_DEMO: ${SEED_DEMO:-true}
+      DEMO_ADMIN_USERNAME: ${DEMO_ADMIN_USERNAME:-}
+      Jwt__Key: ${JWT_KEY}
+      Jwt__Issuer: ${JWT_ISSUER}
+      Jwt__Audience: ${JWT_AUDIENCE}
     expose:
       - ${WEB_PORT:-3000}
     ports:

package.json

@@ -8,7 +8,7 @@
     "@fontsource/rasa": "^5.0.0",
     "@fontsource/source-code-pro": "^5.0.0",
     "@fortawesome/fontawesome-free": "^7.0.0",
-    "@rollup/plugin-babel": "^6.0.3",
+    "@rollup/plugin-babel": "^7.0.0",
     "@rollup/plugin-commonjs": "^29.0.0",
     "@rollup/plugin-json": "^6.0.0",
     "@rollup/plugin-multi-entry": "^7.0.0",
@@ -86,9 +86,9 @@
     "db:update": "dotnet ef database update --project web/web.csproj -v",
     "dotnet:publish": "npm run build && dotnet publish web/web.csproj -r win-x86 --self-contained false -c Release -o out",
     "test:report_html": "reportgenerator -reports:coverage.cobertura.xml -targetdir:coverage/ -reporttypes:html",
-    "test:integrationTests": "coverlet web.Tests/bin/Debug/net9.0/web.Tests.dll --target \"dotnet\" --targetargs \"test --filter IntegrationTests --no-build -e Demo=True\" --format cobertura --exclude-by-file \"**/Migrations/*\"",
-    "test:browserTests": "coverlet web.Tests/bin/Debug/net9.0/web.Tests.dll --target \"dotnet\" --targetargs \"test --filter=BrowserTests --no-build -e Demo=True\" --format cobertura --exclude-by-file \"**/Migrations/*\"",
-    "test:functionTests": "coverlet web.Tests/bin/Debug/net9.0/web.Tests.dll --target \"dotnet\" --targetargs \"test --filter=FunctionTests --no-build -e Demo=True\" --format cobertura --exclude-by-file \"**/Migrations/*\"",
+    "test:integrationTests": "dotnet test web.Tests/web.Tests.csproj --filter IntegrationTests --no-build -e Demo=True --collect:\"XPlat Code Coverage;Format=cobertura\" --results-directory TestResults",
+    "test:browserTests": "dotnet test web.Tests/web.Tests.csproj --filter BrowserTests --no-build -e Demo=True --collect:\"XPlat Code Coverage;Format=cobertura\" --results-directory TestResults",
+    "test:functionTests": "dotnet test web.Tests/web.Tests.csproj --filter FunctionTests --no-build -e Demo=True --collect:\"XPlat Code Coverage;Format=cobertura\" --results-directory TestResults",
     "lint:js": "xo web/wwwroot/js",
     "lint:scss": "stylelint \"web/wwwroot/css/**/*.scss\"",
     "lint": "npm run lint:js & npm run lint:scss",
@@ -164,7 +164,7 @@
       "unicorn/prefer-at": "warn"
     }
   },
-  "version": "3.15.38",
+  "version": "3.15.39",
   "dependencies": {
     "sass": "^1.63.6"
   }

web.Tests/FunctionTests/Authorization/DemoAuthHandler.Tests.cs

@@ -0,0 +1,45 @@
+using System.Security.Claims;
+using System.Text.Encodings.Web;
+using System.Linq;
+using System.Threading.Tasks;
+using Atlas_Web.Authentication;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.Logging.Abstractions;
+using Microsoft.Extensions.Options;
+using Moq;
+using Xunit;
+
+namespace web.Tests.FunctionTests.Authorization;
+
+public class DemoAuthHandlerTests
+{
+    [Fact]
+    public async Task AuthenticateAsync_UsesConfiguredDemoAdminUsername()
+    {
+        var options = new DemoSchemeOptions { Username = "local-admin" };
+        var optionsMonitor = new Mock<IOptionsMonitor<DemoSchemeOptions>>();
+        optionsMonitor.Setup(x => x.CurrentValue).Returns(options);
+        optionsMonitor.Setup(x => x.Get(It.IsAny<string>())).Returns(options);
+
+        var handler = new DemoAuthHandler(
+            optionsMonitor.Object,
+            NullLoggerFactory.Instance,
+            UrlEncoder.Default,
+            new SystemClock()
+        );
+
+        await handler.InitializeAsync(
+            new AuthenticationScheme("Demo", "Demo", typeof(DemoAuthHandler)),
+            new DefaultHttpContext()
+        );
+
+        var result = await handler.AuthenticateAsync();
+
+        Assert.True(result.Succeeded);
+        Assert.Equal(
+            "local-admin",
+            result.Principal?.Claims.Single(c => c.Type == ClaimTypes.Name).Value
+        );
+    }
+}

web.Tests/FunctionTests/Controllers/AuthApiController.Tests.cs

@@ -0,0 +1,72 @@
+using System.Collections.Generic;
+using System.IdentityModel.Tokens.Jwt;
+using System.Linq;
+using System.Threading.Tasks;
+using Atlas_Web.Controllers.Api;
+using Atlas_Web.Models;
+using Atlas_Web.Services;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.Extensions.Configuration;
+using Microsoft.IdentityModel.Tokens;
+using Xunit;
+
+namespace web.Tests.FunctionTests.Controllers;
+
+public class AuthApiControllerTests
+{
+    [Fact]
+    public async Task Login_UsesConfiguredDemoAdminUsername_WhenDemoModeIsEnabled()
+    {
+        var options = new DbContextOptionsBuilder<Atlas_WebContext>()
+            .UseInMemoryDatabase(databaseName: "auth-api-demo-admin")
+            .Options;
+
+        await using var context = new Atlas_WebContext(options);
+        context.Users.Add(
+            new User
+            {
+                UserId = 99,
+                Username = "local-admin",
+                FullnameCalc = "Local Admin",
+            }
+        );
+        await context.SaveChangesAsync();
+
+        var config = new ConfigurationBuilder()
+            .AddInMemoryCollection(
+                new Dictionary<string, string>
+                {
+                    ["Demo"] = "True",
+                    ["DEMO_ADMIN_USERNAME"] = "local-admin",
+                    ["Cors:AllowedOrigins:0"] = "http://localhost:3000",
+                    ["Auth:DefaultCallbackPath"] = "/auth/callback",
+                    ["Jwt:Issuer"] = "atlas-test-issuer",
+                    ["Jwt:Audience"] = "atlas-test-audience",
+                }
+            )
+            .Build();
+
+        var signingKey = new SymmetricSecurityKey(
+            System.Text.Encoding.UTF8.GetBytes(
+                "test-jwt-secret-key-for-function-tests-32-chars-minimum"
+            )
+        );
+        var jwt = new JwtTokenService(signingKey, "atlas-test-issuer", "atlas-test-audience");
+        var controller = new AuthApiController(jwt, context, config);
+
+        var result = await controller.Login("http://localhost:3000/auth/callback");
+
+        var redirect = Assert.IsType<RedirectResult>(result);
+        var target = new System.Uri(redirect.Url!, System.UriKind.Absolute);
+        var token = Microsoft.AspNetCore.WebUtilities.QueryHelpers.ParseQuery(target.Query)["token"]
+            .Single();
+        var jwtToken = new JwtSecurityTokenHandler().ReadJwtToken(token);
+
+        Assert.Equal(
+            "local-admin",
+            jwtToken.Claims.Single(c => c.Type == System.Security.Claims.ClaimTypes.Name).Value
+        );
+        Assert.Equal("99", jwtToken.Claims.Single(c => c.Type == "UserId").Value);
+    }
+}