Develop/fixes/td 3730 no rate limiting enabled

.gitignore

@@ -52,3 +52,4 @@ obj
 /OpenAPI/LearningHub.Nhs.OpenApi/web.config
 /AdminUI/LearningHub.Nhs.AdminUI/LearningHub.Nhs.AdminUI.csproj.user
 /WebAPI/LearningHub.Nhs.API/LearningHub.Nhs.Api.csproj.user
+/ReportAPI/LearningHub.Nhs.ReportApi/web.config

AdminUI/LearningHub.Nhs.AdminUI/LearningHub.Nhs.AdminUI.csproj

@@ -89,7 +89,7 @@
 		<PackageReference Include="HtmlSanitizer" Version="6.0.453" />
 		<PackageReference Include="IdentityModel" Version="4.6.0" />
 		<PackageReference Include="LearningHub.Nhs.Caching" Version="2.0.2" />
-		<PackageReference Include="LearningHub.Nhs.Models" Version="3.0.47" />
+		<PackageReference Include="LearningHub.Nhs.Models" Version="3.0.48" />
 		<PackageReference Include="Microsoft.ApplicationInsights.AspNetCore" Version="2.19.0" />
 		<PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="6.0.36" />
 		<PackageReference Include="Microsoft.AspNetCore.Mvc.NewtonsoftJson" Version="6.0.36" />

LearningHub.Nhs.WebUI/Configuration/Settings.cs

@@ -186,6 +186,16 @@ public Settings()
         /// </summary>
         public string GoogleAnalyticsId { get; set; }
 
+        /// <summary>
+        /// Gets or sets the PasswordRequestLimitingPeriod.
+        /// </summary>
+        public int PasswordRequestLimitingPeriod { get; set; }
+
+        /// <summary>
+        /// Gets or sets the PasswordRequestLimit.
+        /// </summary>
+        public int PasswordRequestLimit { get; set; }
+
         /// <summary>
         /// Gets or sets the SupportUrls.
         /// </summary>

LearningHub.Nhs.WebUI/Controllers/AccountController.cs

@@ -1198,8 +1198,20 @@ public async Task<IActionResult> ForgotPassword(Models.Account.ForgotPasswordVie
                 return this.Ok(new { duplicate = true });
             }
 
-            await this.userService.ForgotPasswordAsync(model.EmailAddress);
-            return this.View("ForgotPasswordAcknowledgement");
+            var passwordRequestLimitingPeriod = this.Settings.PasswordRequestLimitingPeriod;
+            var passwordRequestLimit = this.Settings.PasswordRequestLimit;
+            var status = await this.userService.CanRequestPasswordResetAsync(model.EmailAddress, passwordRequestLimitingPeriod, passwordRequestLimit);
+            if (status)
+            {
+                await this.userService.ForgotPasswordAsync(model.EmailAddress);
+                return this.View("ForgotPasswordAcknowledgement");
+            }
+            else
+            {
+                this.ViewBag.Period = passwordRequestLimitingPeriod;
+                this.ViewBag.Limit = passwordRequestLimit;
+                return this.View("TooManyRequests");
+            }
         }
 
         /// <summary>

LearningHub.Nhs.WebUI/Controllers/HomeController.cs

@@ -6,7 +6,6 @@ namespace LearningHub.Nhs.WebUI.Controllers
     using System.Linq;
     using System.Net.Http;
     using System.Threading.Tasks;
-    using elfhHub.Nhs.Models.Common;
     using LearningHub.Nhs.Models.Content;
     using LearningHub.Nhs.Models.Enums.Content;
     using LearningHub.Nhs.Models.Extensions;
@@ -21,7 +20,6 @@ namespace LearningHub.Nhs.WebUI.Controllers
     using Microsoft.AspNetCore.Diagnostics;
     using Microsoft.AspNetCore.Hosting;
     using Microsoft.AspNetCore.Mvc;
-    using Microsoft.Extensions.Configuration;
     using Microsoft.Extensions.Logging;
     using Microsoft.Extensions.Options;
     using Microsoft.FeatureManagement;
@@ -54,7 +52,6 @@ public class HomeController : BaseController
         /// <param name="dashboardService">Dashboard service.</param>
         /// <param name="contentService">Content service.</param>
         /// <param name="featureManager"> featureManager.</param>
-        /// <param name="configuration"> config.</param>
         public HomeController(
             IHttpClientFactory httpClientFactory,
             IWebHostEnvironment hostingEnvironment,
@@ -65,8 +62,7 @@ public HomeController(
             LearningHubAuthServiceConfig authConfig,
             IDashboardService dashboardService,
             IContentService contentService,
-            IFeatureManager featureManager,
-            Microsoft.Extensions.Configuration.IConfiguration configuration)
+            IFeatureManager featureManager)
         : base(hostingEnvironment, httpClientFactory, logger, settings.Value)
         {
             this.authConfig = authConfig;
@@ -75,7 +71,6 @@ public HomeController(
             this.dashboardService = dashboardService;
             this.contentService = contentService;
             this.featureManager = featureManager;
-            this.configuration = configuration;
         }
 
         /// <summary>
@@ -170,26 +165,16 @@ public IActionResult Error(int? httpStatusCode)
             }
             else
             {
-                if (originalPath == "/TooManyRequests")
+                this.ViewBag.ErrorHeader = httpStatusCode.Value switch
                 {
-                    this.ViewBag.Period = this.configuration["IpRateLimiting:GeneralRules:0:Period"];
-                    this.ViewBag.Limit = this.configuration["IpRateLimiting:GeneralRules:0:Limit"];
-
-                    return this.View("TooManyRequests");
-                }
-                else
-                {
-                    this.ViewBag.ErrorHeader = httpStatusCode.Value switch
-                    {
-                        401 => "You do not have permission to access this page",
-                        404 => "We cannot find the page you are looking for",
-                        _ => "We cannot find the page you are looking for",
-                    };
+                    401 => "You do not have permission to access this page",
+                    404 => "We cannot find the page you are looking for",
+                    _ => "We cannot find the page you are looking for",
+                };
 
-                    this.ViewBag.HttpStatusCode = httpStatusCode.Value;
-                    this.ViewBag.HomePageUrl = "/home";
-                    return this.View("CustomError");
-                }
+                this.ViewBag.HttpStatusCode = httpStatusCode.Value;
+                this.ViewBag.HomePageUrl = "/home";
+                return this.View("CustomError");
             }
         }
 

LearningHub.Nhs.WebUI/Interfaces/IUserService.cs

@@ -418,6 +418,15 @@ public interface IUserService
         /// <returns>A <see cref="Task{TResult}"/> representing the result of the asynchronous operation.</returns>
         Task<EmailChangeValidationTokenViewModel> RegenerateEmailChangeValidationTokenAsync(string newPrimaryEmail, bool isUserRoleUpgrade);
 
+        /// <summary>
+        /// User Can request for password reset.
+        /// </summary>
+        /// <param name="emailAddress">The email Address.</param>
+        /// <param name="passwordRequestLimitingPeriod">The passwordRequestLimitingPeriod.</param>
+        /// <param name="passwordRequestLimit">ThepasswordRequestLimit.</param>
+        /// <returns>A <see cref="Task{TResult}"/> representing the result of the asynchronous operation.</returns>
+        Task<bool> CanRequestPasswordResetAsync(string emailAddress, int passwordRequestLimitingPeriod, int passwordRequestLimit);
+
         /// <summary>
         /// GenerateEmailChangeValidationTokenAndSendEmail.
         /// </summary>

LearningHub.Nhs.WebUI/LearningHub.Nhs.WebUI.csproj

@@ -113,7 +113,7 @@
 		<PackageReference Include="HtmlAgilityPack" Version="1.11.72" />
 		<PackageReference Include="IdentityModel" Version="4.6.0" />
 		<PackageReference Include="LearningHub.Nhs.Caching" Version="2.0.0" />
-		<PackageReference Include="LearningHub.Nhs.Models" Version="3.0.47" />
+		<PackageReference Include="LearningHub.Nhs.Models" Version="3.0.48" />
 		<PackageReference Include="linqtotwitter" Version="6.9.0" />
 		<PackageReference Include="Microsoft.ApplicationInsights.AspNetCore" Version="2.19.0" />
 		<PackageReference Include="Microsoft.ApplicationInsights.EventCounterCollector" Version="2.21.0" />

LearningHub.Nhs.WebUI/Program.cs

@@ -84,7 +84,6 @@
     app.UseAuthorization();
 
     app.UseMiddleware<NLogMiddleware>();
-    app.UseMiddleware<LHIPRateLimitMiddleware>();
     app.UseStaticFiles();
 
     app.Map(TimezoneInfoMiddleware.TimezoneInfoUrl, b => b.UseMiddleware<TimezoneInfoMiddleware>());

LearningHub.Nhs.WebUI/ServiceCollectionExtension.cs

@@ -111,8 +111,6 @@ public static void ConfigureServices(this IServiceCollection services, IConfigur
                 }
             });
 
-            ConfigureIpRateLimiting(services, configuration);
-
             // this method setup so httpcontext is available from controllers
             services.AddHttpContextAccessor();
             services.AddSingleton(learningHubAuthSvcConf);
@@ -139,17 +137,5 @@ public static void ConfigureServices(this IServiceCollection services, IConfigur
 
             services.AddFeatureManagement();
         }
-
-        /// <summary>
-        /// ConfigureIpRateLimiting.
-        /// </summary>
-        /// <param name="services">The services.</param>
-        /// <param name="configuration">The configuration.</param>
-        private static void ConfigureIpRateLimiting(IServiceCollection services, IConfiguration configuration)
-        {
-            services.Configure<IpRateLimitOptions>(configuration.GetSection("IpRateLimiting"));
-            services.AddInMemoryRateLimiting();
-            services.AddSingleton<IRateLimitConfiguration, RateLimitConfiguration>();
-        }
     }
 }

LearningHub.Nhs.WebUI/Services/UserService.cs

@@ -1640,6 +1640,31 @@ public async Task<EmailChangeValidationTokenViewModel> RegenerateEmailChangeVali
             return viewmodel;
         }
 
+        /// <inheritdoc/>
+        public async Task<bool> CanRequestPasswordResetAsync(string emailAddress, int passwordRequestLimitingPeriod, int passwordRequestLimit)
+        {
+            bool status = false;
+
+            var client = await this.LearningHubHttpClient.GetClientAsync();
+
+            var request = $"User/CanRequestPasswordReset/{emailAddress}/{passwordRequestLimitingPeriod}/{passwordRequestLimit}";
+            var response = await client.GetAsync(request).ConfigureAwait(false);
+
+            if (response.IsSuccessStatusCode)
+            {
+                var result = await response.Content.ReadAsStringAsync();
+                status = JsonConvert.DeserializeObject<bool>(result);
+            }
+            else if (response.StatusCode == HttpStatusCode.Unauthorized
+                        ||
+                     response.StatusCode == HttpStatusCode.Forbidden)
+            {
+                throw new Exception("AccessDenied");
+            }
+
+            return status;
+        }
+
         /// <inheritdoc/>
         public async Task<EmailChangeValidationTokenViewModel> GenerateEmailChangeValidationTokenAndSendEmailAsync(string emailAddress, bool isUserRoleUpgrade)
         {

LearningHub.Nhs.WebUI/Views/Shared/TooManyRequests.cshtml → LearningHub.Nhs.WebUI/Views/Account/TooManyRequests.cshtml

@@ -2,12 +2,6 @@
     ViewData["Title"] = "Reset limit reached";
     // Get the value from ViewBag
     var period = ViewBag.Period.ToString();
-
-    // Remove the last character (if the string is not empty)
-    if (!string.IsNullOrEmpty(period) && period.Length > 0)
-    {
-        period = period.Substring(0, period.Length - 1);
-    }
 }
 <div class="bg-white">
     <div class="nhsuk-width-container app-width-container">

LearningHub.Nhs.WebUI/appsettings.json

@@ -37,6 +37,8 @@
     "KeepUserSessionAliveIntervalMins": 15,
     "SecurityQuestionsToAsk": 2,
     "Restricted": false,
+    "PasswordRequestLimitingPeriod": 1, // minutes
+    "PasswordRequestLimit": 2,
     "AzureBlobSettings": {
       "ConnectionString": "",
       "UploadContainer": ""
@@ -158,18 +160,5 @@
   "FeatureManagement": {
     "ContributeAudioVideoResource": true,
     "DisplayAudioVideoResource": true
-  },
-  "IpRateLimiting": {
-    "EnableEndpointRateLimiting": true,
-    "StackBlockedRequests": false,
-    "RealIpHeader": "X-Real-IP",
-    "HttpStatusCode": 429,
-    "GeneralRules": [
-      {
-        "Endpoint": "post:/Account/ForgotPassword",
-        "Period": "1m",
-        "Limit": 5
-      }
-    ]
   }
 }

OpenAPI/LearningHub.Nhs.OpenApi.Models/LearningHub.Nhs.OpenApi.Models.csproj

@@ -16,7 +16,7 @@
     </PropertyGroup>
 
     <ItemGroup>
-      <PackageReference Include="LearningHub.Nhs.Models" Version="3.0.47" />
+      <PackageReference Include="LearningHub.Nhs.Models" Version="3.0.48" />
       <PackageReference Include="NLog.Web.AspNetCore" Version="4.15.0" />
     </ItemGroup>
 

OpenAPI/LearningHub.Nhs.OpenApi.Services.Interface/LearningHub.Nhs.OpenApi.Services.Interface.csproj

@@ -17,7 +17,7 @@
 
     <ItemGroup>
 		  <PackageReference Include="elfhHub.Nhs.Models" Version="3.0.9" />
-      <PackageReference Include="LearningHub.Nhs.Models" Version="3.0.47" />
+		  <PackageReference Include="LearningHub.Nhs.Models" Version="3.0.48" />
     </ItemGroup>
 
     <ItemGroup>

OpenAPI/LearningHub.Nhs.OpenApi.Services/LearningHub.Nhs.OpenApi.Services.csproj

@@ -30,7 +30,7 @@
 	  <PackageReference Include="Azure.Storage.Files.Shares" Version="12.8.0" />
 	  <PackageReference Include="LearningHub.Nhs.Caching" Version="2.0.0" />
 	  <PackageReference Include="elfhHub.Nhs.Models" Version="3.0.9" />
-      <PackageReference Include="LearningHub.Nhs.Models" Version="3.0.47" />
+	  <PackageReference Include="LearningHub.Nhs.Models" Version="3.0.48" />
       <PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" Version="9.0.1" />
       <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="9.0.1" />
 	  <PackageReference Include="System.Configuration.ConfigurationManager" Version="6.0.1" />

ReportAPI/LearningHub.Nhs.ReportApi.Services.Interface/LearningHub.Nhs.ReportApi.Services.Interface.csproj

@@ -16,7 +16,7 @@
 
    <ItemGroup>
     <PackageReference Include="Azure.Messaging.ServiceBus" Version="7.18.3" />
-    <PackageReference Include="LearningHub.Nhs.Models" Version="3.0.47" />
+    <PackageReference Include="LearningHub.Nhs.Models" Version="3.0.48" />
   </ItemGroup>
 
   <ItemGroup>

ReportAPI/LearningHub.Nhs.ReportApi.Services.UnitTests/LearningHub.Nhs.ReportApi.Services.UnitTests.csproj

@@ -18,7 +18,7 @@
 
   <ItemGroup>
     <PackageReference Include="AutoFixture" Version="4.18.1" />
-    <PackageReference Include="LearningHub.Nhs.Models" Version="3.0.47" />
+    <PackageReference Include="LearningHub.Nhs.Models" Version="3.0.48" />
     <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="9.0.1" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.12.0" />
     <PackageReference Include="Moq" Version="4.20.72" />

ReportAPI/LearningHub.Nhs.ReportApi.Services/LearningHub.Nhs.ReportApi.Services.csproj

@@ -19,7 +19,7 @@
     <PackageReference Include="AutoMapper" Version="10.1.1" />
     <PackageReference Include="Azure.Messaging.ServiceBus" Version="7.18.3" />   
     <PackageReference Include="Azure.Storage.Blobs" Version="12.23.0" />   
-    <PackageReference Include="LearningHub.Nhs.Models" Version="3.0.47" />
+    <PackageReference Include="LearningHub.Nhs.Models" Version="3.0.48" />
     <PackageReference Include="Microsoft.AspNetCore.Mvc.NewtonsoftJson" Version="6.0.36" />
     <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="9.0.1" />
     <PackageReference Include="Microsoft.Extensions.Options" Version="6.0.0" />

ReportAPI/LearningHub.Nhs.ReportApi.Shared/LearningHub.Nhs.ReportApi.Shared.csproj

@@ -17,7 +17,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="LearningHub.Nhs.Models" Version="3.0.47" />
+    <PackageReference Include="LearningHub.Nhs.Models" Version="3.0.48" />
   </ItemGroup>
 
   <ItemGroup>

ReportAPI/LearningHub.Nhs.ReportApi/LearningHub.Nhs.ReportApi.csproj

@@ -20,7 +20,7 @@
 
 	<ItemGroup>
 
-		<PackageReference Include="LearningHub.Nhs.Models" Version="3.0.47" />
+		<PackageReference Include="LearningHub.Nhs.Models" Version="3.0.48" />
 
 		<PackageReference Include="Microsoft.ApplicationInsights.AspNetCore" Version="2.21.0" />