Merge pull request #28 from brunohbrito/2.0/plug-new-identity-system

3.2.0/plug new identity system

CHANGELOG.md

@@ -1,3 +1,15 @@
+# v3.2
+
+1. ASP.NET Identity - Now you can plug your running Identity to use SSO. It need to made some changes at you IdentityUser with more data, like Name, Url, Bio.
+2. Changes in Events - Now all events are attached at his Aggregate Roots. Now events are very strong source of analisys.
+3. Event search at Admin Panel
+4. OAuth 2.0 Best practices
+   1. Jwa with Elliptic Curves
+   2. Jwk using ECDSA using P-256 and SHA-256 (ES256) by default
+   3. Changed how clients are created by default. Using Authorization Code with PKCE or Client Credentials only.
+5. Key Material management - Key material now available at Database. Now it's possible to Scale Horizontal without any "Unprocted ticket failed" error
+
+
 # v3.1
 
 1. Now AdminUI and SSO are completely separated projects

README.md

@@ -27,31 +27,33 @@ Linux users:
   - [Consent page](#consent-page)
   - [Profile](#profile)
 - [How to start?](#how-to-start)
-  - [Demo](#demo)
+  - [Already have an ASP.NET Identity?](#already-have-an-aspnet-identity)
+- [Demo](#demo)
   - [We are online](#we-are-online)
   - [Wanna go production?](#wanna-go-production)
 - [Technologies](#technologies)
   - [Architecture](#architecture)
-  - [Give a Star! ⭐](#give-a-star-%e2%ad%90)
+  - [Key Material](#key-material)
+  - [Data protection Keys (ASP.NET Core)](#data-protection-keys-aspnet-core)
+- [Give a Star! ⭐](#give-a-star-%e2%ad%90)
   - [Development Scenario](#development-scenario)
 - [Docs](#docs)
   - [Contributors](#contributors)
   - [Contributing](#contributing)
   - [Free](#free)
+- [3.2.0](#320)
   - [3.0.1](#301)
   - [v1.4.5](#v145)
 - [What comes next?](#what-comes-next)
 - [License](#license)
 
 # Presentation
 
-The main goal of JP Project is to be a Management Ecosystem for IdentityServer4 and ASP.NET Identity. 
-
-Helping Startup's and Organization to Speed Up Microservices Environment. Providing tools for an OAuth2 Server and User Management. 
+The main goal of JP Project is to be a Management Ecosystem for IdentityServer4 and ASP.NET Identity. Helping Startup's and companies to Speed Up Microservices Environment. Providing tools for an OAuth 2.0 Server and User Management. It's highly modular and easy to change for .NET teams.
 
 Built with IdentityServer4. An OpenID Connect and OAuth 2.0 framework for ASP.NET Core.
 
-SSO has some flows:
+SSO Features:
 * Single Sign On
 * Register users
 * Recover password flow
@@ -60,16 +62,24 @@ SSO has some flows:
 * Argon2 password hashing
 * CSP Headers
 * Event monitoring (For compliance scenarios)
+* Key Material Management
+* ASP.NET Core Dataprotection keys management
 
 Admin UI is an administrative panel where it's possible to manage both OAuth2 Server and Identities. 
 
-From OAuth2 panel it's possible to manage:
+From OAuth 2.0 panel it's possible to manage:
 * `Clients`
 * `Identity Resources`
 * `Api Resources`
 * `Persisted Grants`
 
-From Identity panel it's possible to manage `Users` and `Roles`
+For Identity panel it's possible to manage 
+* `Users` 
+* `Roles` 
+* Events
+* Server Settings:
+  * Create custom e-mail for Confirm Account and Forgot Password. It's also possible to configure E-mail settings and a blob Storage to store Users pictures (Azure Blob, AWS S3 and Filesystem).
+
 
 It's open source and free. From community to community.
 
@@ -96,7 +106,12 @@ First you need to choose.
 
 * You already have an IdentityServer4 Up and running? Go to [Admin Panel - Light version](https://github.com/brunohbrito/JPProject.IdentityServer4.AdminUI)
 
-## Demo 
+
+## Already have an ASP.NET Identity? 
+
+These options above requires almost no code. If you already have an ASP.NET IdentitySystem it's possible to connect SSO to use your users, but requires some modifications: Some required users fields from SSO, configure ASP.NET Identity in SSO project.
+
+# Demo 
 
 Check our demo online.
 
@@ -122,7 +137,7 @@ Check [docs](https://jp-project.readthedocs.io/en/latest/) to see how to and som
 
 Check below how it was developed.
 
-Written in ASP.NET Core and Angular 8.
+Written in ASP.NET Core 3.1 and Angular 8.
 
 - Angular 8
 - Rich UI interface
@@ -147,24 +162,36 @@ Written in ASP.NET Core and Angular 8.
 
 ## Architecture
 
+It respect the IdentityServer4 base classes and was built in the same way, for better compatibility and minimize impacts for future versions.
+
+![Dependencies](https://github.com/brunohbrito/JPProject.IdentityServer4.SSO/blob/master/docs/images/DependenciesGraph.png?raw=true)
+
 - Architecture with responsibility separation concerns, SOLID and Clean Code
-- Domain Driven Design (Layers and Domain Model Pattern)
+- Hexagonal architecture (Layers and Domain Model Pattern)
 - Domain Events
 - Domain Notification
 - CQRS (Imediate Consistency)
 - Event Sourcing
 - Unit of Work
 - Repository and Generic Repository
 
-## Give a Star! ⭐
+## Key Material
+
+The Cryptography Keys (JWKS) are stored within Database and auto refresh it every 90 days. It uses ECDSA using P-256 and SHA-256 (ES256) by default.
+
+## Data protection Keys (ASP.NET Core)
+
+The dataprotection keys are stored with database, like Key Material. 
+
+# Give a Star! ⭐
 
 Do you love it? give us a Star!
 
 ## Development Scenario
 
-Jp Project is built against ASP.NET Core 3.0.
+Jp Project is built against ASP.NET Core 3.1.
 
-* [Install](https://www.microsoft.com/net/download/core#/current) the latest .NET Core 3.0 SDK
+* [Install](https://www.microsoft.com/net/download/core#/current) the latest .NET Core 3.10 SDK
 
 `src/JPProject.SSO.sln` Contains SSO and API
 
@@ -194,6 +221,17 @@ We'll love it! Please [Read the docs](https://jp-project.readthedocs.io/en/lates
 If you need help building or running your Jp Project platform
 There are several ways we can help you out.
 
+# 3.2.0
+
+1. ASP.NET Identity - Now you can plug your running Identity to use SSO. It need to made some changes at you IdentityUser with more data, like Name, Url, Bio.
+2. Changes in Events - Now all events are attached at his Aggregate Roots. Now events are very strong source of analisys.
+3. Event search at Admin Panel
+4. OAuth 2.0 Best practices
+   1. Jwa with Elliptic Curves
+   2. Jwk using ECDSA using P-256 and SHA-256 (ES256) by default
+   3. Changed how clients are created by default. Using Authorization Code with PKCE or Client Credentials only.
+5. Key Material management - Key material now available at Database. Now it's possible to Scale Horizontal without any "Unprocted ticket failed" error
+
 ## 3.0.1
 
 1. ASP.NET Core 3.0 support
@@ -212,11 +250,11 @@ Check [Changelog.md](https://github.com/brunohbrito/JPProject.IdentityServer4.SS
 
 # What comes next?
 
+* An easy way to insert Client, IdentityResources and Api Resources by JSON - Aiming teams who needs to take data from Staging to past it to production
+* Key Material Management from Admin UI
 * Code coverage
 * UI for Device codes 
 * CI with SonarCloud
-* E-mail template management
-* Blob service management
 
 
 # License

azure-pipelines.pr.yml

@@ -70,12 +70,12 @@ jobs:
           customCommand: 'run test -- --watch=false --code-coverage'
           workingDir: src/Frontend/Jp.UserManagement
 
-      - task: Npm@1
-        displayName: 'NPM - E2E - UserManagement'
-        inputs:
-          command: custom
-          customCommand: 'run e2e'
-          workingDir: src/Frontend/Jp.UserManagement            
+      # - task: Npm@1
+      #   displayName: 'NPM - E2E - UserManagement'
+      #   inputs:
+      #     command: custom
+      #     customCommand: 'run e2e'
+      #     workingDir: src/Frontend/Jp.UserManagement            
 
       - task: Npm@1
         displayName: 'NPM - Build Prod - UserManagement'

azure-pipelines.yml

@@ -128,12 +128,12 @@ jobs:
           customCommand: 'run test -- --watch=false --code-coverage'
           workingDir: src/Frontend/Jp.UserManagement
 
-      - task: Npm@1
-        displayName: 'NPM - E2E - UserManagement'
-        inputs:
-          command: custom
-          customCommand: 'run e2e'
-          workingDir: src/Frontend/Jp.UserManagement   
+      # - task: Npm@1
+      #   displayName: 'NPM - E2E - UserManagement'
+      #   inputs:
+      #     command: custom
+      #     customCommand: 'run e2e'
+      #     workingDir: src/Frontend/Jp.UserManagement   
 
       - task: Npm@1
         displayName: 'NPM - Build Prod - UserManagement'

build/build docker for jpproject.net.ps1

@@ -2,8 +2,11 @@ Set-Location ..
 docker build -f .\build\continuous-delivery\users.dockerfile -t bhdebrito/jpproject-user-management-ui:prd .
 docker push bhdebrito/jpproject-user-management-ui:prd
 
-docker build -f sso.dockerfile -t bhdebrito/jpproject-sso .
+docker build -f .\build\continuous-delivery\users-docker.dockerfile -t bhdebrito/jpproject-user-management-ui:3.2.0 .
+docker push bhdebrito/jpproject-user-management-ui:3.2.0
+
+docker build -f sso.dockerfile -t bhdebrito/jpproject-sso -t bhdebrito/jpproject-sso:3.2.0 .
 docker push bhdebrito/jpproject-sso
 
-docker build -f api.dockerfile -t bhdebrito/jpproject-api .
+docker build -f api.dockerfile -t bhdebrito/jpproject-api:latest -t bhdebrito/jpproject-api:3.2.0 .
 docker push bhdebrito/jpproject-api

build/continuous-delivery/users-docker.dockerfile

@@ -0,0 +1,41 @@
+# base image
+FROM node:12.7-alpine as builder
+
+# install and cache app dependencies
+COPY ["src/Frontend/Jp.UserManagement/package.json", "./"]
+COPY ["src/Frontend/Jp.UserManagement/package-lock.json", "./"]
+
+## Storing node modules on a separate layer will prevent unnecessary npm installs at each build
+
+RUN npm ci && mkdir /app && mv ./node_modules ./app/
+
+WORKDIR /app
+
+# add app
+COPY ["src/Frontend/Jp.UserManagement/", "/app"]
+
+# rebuild node
+RUN npm rebuild node-sass
+# generate build
+RUN npm run ng build -- --configuration=docker
+
+##################
+### production ###
+##################
+
+# base image
+FROM nginx:1.17.2-alpine
+
+## Remove default nginx website
+RUN rm -rf /usr/share/nginx/html/*
+
+# copy artifact build from the 'build environment'
+COPY --from=builder /app/nginx/nginx.conf /etc/nginx/conf.d/default.conf
+COPY --from=builder /app/dist /usr/share/nginx/html
+
+
+# expose port 80
+EXPOSE 80/tcp
+
+# run nginx
+CMD ["nginx", "-g", "daemon off;"]

build/generate-application-migrations.ps1

@@ -0,0 +1,40 @@
+param([string] $migrations = 'Initial', [string] $db = "sqlserver")
+$currentPath = Get-Location
+Set-Location ../src/Frontend/Jp.UI.SSO
+
+$settings = Get-Content appsettings.json -raw
+
+# SQL Server Migration
+if ($db -eq "sqlserver") {
+    $settings = $settings -replace '"DatabaseType".*', '"DatabaseType": "SqlServer",'
+    $settings | set-content appsettings.json
+
+    dotnet ef migrations add $migrations -c SsoContext  -p ..\..\Backend\Jp.Database\Jp.Database.csproj
+}
+
+
+
+# MySql Migration
+if ($db -eq "mysql") {
+    $settings = $settings -replace '"DatabaseType".*', '"DatabaseType": "MySql",'
+    $settings | set-content 'appsettings.json'
+
+    dotnet ef migrations add $migrations -c SsoContext -p ..\..\Backend\Jp.Database\Jp.Database.csproj
+}
+
+# Postgre Migration
+if ($db -eq "postgre") {
+    $settings = $settings -replace '"DatabaseType".*', '"DatabaseType": "Postgre",'
+    $settings | set-content 'appsettings.json'
+    dotnet ef migrations add $migrations -c SsoContext -p ..\..\Backend\Jp.Database\Jp.Database.csproj
+}
+
+# Sqlite Migration
+
+if ($db -eq "sqlite") {
+    $settings = $settings -replace '"DatabaseType".*', '"DatabaseType": "Sqlite",'
+    $settings | set-content 'appsettings.json'
+    dotnet ef migrations add $migrations -c SsoContext -p ..\..\Backend\Jp.Database\Jp.Database.csproj
+}
+
+Set-Location $currentPath

db.json

@@ -1,12 +1,13 @@
 {
 	"notifications": [
-		{ "icon": "text-info fas fa-layer-group", "title": "Feature", "description": "2019-10 SSO and AdminUI now are separated projects" },
+		{ "icon": "text-primary fas fa-file-signature", "title": "Cryptography", "description": "2020-02 Identity Customization + Event Source" },
+		{ "icon": "text-danger fas fa-key", "title": "Cryptography", "description": "2020-01 Key Material" },
+		{ "icon": "text-primary fas fa-hdd", "title": "Blob AWS", "description": "2019-12 AWS S3 Blob Store" },
+		{ "icon": "text-info fas fa-mug-hot", "title": "Global Settings", "description": "2019-12 Global Settings" },
+		{ "icon": "text-warning fas fa-envelope-open-text", "title": "E-mail", "description": "2019-11 Conifgure E-mail settings" },
+		{ "icon": "text-primary fas fa-layer-group", "title": "Feature", "description": "2019-10 SSO and AdminUI now are separated projects" },
 		{ "icon": "text-info fas fa-seedling", "title": "NET Core 3.0", "description": "2019-10 Updated to ASP.NET Core 3" },
 		{ "icon": "text-info fab fa-microsoft", "title": "DevOps", "description": "2019-06 Azure CI/CD ready" },
-		{ "icon": "text-info fas fa-kiwi-bird", "title": "Session", "description": "2019-05 UI Session improvements" },
-		{ "icon": "text-warning fab fa-docker", "title": "Docker", "description": "2019-04 Docker Ready" },
-		{ "icon": "text-info fas fa-code-branch", "title": "NET Core 2.2", "description": "2019-03 Updated to ASP.NET Core 2.2" },
-		{ "icon": "text-success fas fa-id-card", "title": "ID4", "description": "2019-03 IdentityServer4 2.4 Components" },
-		{ "icon": "text-danger fas fa-rocket", "title": "Launch", "description": "2018-10 first release" }
+		{ "icon": "text-info fas fa-kiwi-bird", "title": "Session", "description": "2019-05 UI Session improvements" }
 	]
 }

docs/configuration/databaseType.rst

@@ -3,7 +3,7 @@ Database Type
 
 By default the project come with MySql, to change is very simple. You just need to change the ``appsettings.json``.
 
-The file ``appsettings.json`` of **Jp.UI.SSO** and **Jp.UserManagement** has a DatabaseType property. Change it to ``MySql`` or ``SqlServer``
+The file ``appsettings.json`` of **Jp.UI.SSO** and **Jp.UserManagement** has a DatabaseType property. Change it to ``MySql``, ``SqlServer``, ``Postgre``, ``Sqlite``
 
 .. warning:: Both of them must point to the same config Database. You just need to config **Connection String** at Environment or at ``appsettings.json``. For Environment see `docs here <quickstarts/ambient_variables.html>`_
 
@@ -13,7 +13,7 @@ SQL on Docker
 
 Don't have the SQL Server on you local machine? Use it from Docker
 
-.. code::
+.. code:: ps1
 
    docker run -e 'ACCEPT_EULA=Y' -e 'SA_PASSWORD=@Password1' -e 'MSSQL_PID=Express' -p 1433:1433 -d microsoft/mssql-server-linux:latest