Merge pull request #330 from eclipse-tractusx/release/v2.0.0-RC3

build(2.0.0-rc3): merge release into main
eclipse-tractusx · May 28, 2024 · 066c637 · 066c637
2 parents a7a5632 + 3dbccb1
commit 066c637
Show file tree

Hide file tree

Showing 25 changed files with 527 additions and 12 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,18 @@
 
 New features, fixed bugs, known defects and other noteworthy changes to each release of the Catena-X Portal Assets.
 
+## 2.0.0-RC3
+
+### Change
+
+- updated roles and rights matrix
+- added documentation for decline registration
+- added documentation for credential request, credential management and credential revocation
+
+### BugFixes
+
+- fixed missing image - added button-activate.png
+
 ## 2.0.0-RC2
 
 - reworked year in file header

diff --git a/...developer/01. Registration/06. Decline Registration/01. Decline Registration.md b/...developer/01. Registration/06. Decline Registration/01. Decline Registration.md
@@ -0,0 +1,121 @@
+## Decline Registration Feature Documentation
+
+### Summary
+
+This feature provides users with the ability to decline a registration invite and to remove their account from the CX Database.
+
+### Frontend Implementation
+
+#### Page: `/decline`
+
+##### Logic
+
+When a user receives an invitation email, a "decline" hyperlink is included. Clicking on this hyperlink redirects the user to the `/decline` page. The user must log in before they can delete their account.
+
+##### Happy Path
+
+1. **Page Rendering**: When navigating to `/decline`, the user should see the page as designed (refer to the provided screenshot).
+
+2. **Content Display**: The displayed description on this page must include the company name, the user's name, and all linked usernames of the company.
+
+3. **Page Accessibility**: The page should only be displayed if the company registration is in any of the following states:
+
+   - `CREATED`
+   - `ADD_COMPANY_DATA`
+   - `INVITE_USER`
+   - `SELECT_COMPANY_ROLE`
+   - `UPLOAD_DOCUMENTS`
+   - `VERIFY`
+
+   If the registration does not meet these prerequisites, the alternative flow described in "In case the registration pre-requisite is not fulfilled" should be followed.
+
+4. **Account Deletion**:
+
+   - Upon clicking "delete my company", the endpoint `xxxx` (implemented as part of CPLP-3548) is called.
+   - While the endpoint is processing, the "delete my company" button shows a loading element and cannot be retriggered by the user.
+
+5. **Deletion Success**:
+
+   - If the endpoint responds with success, a confirmation screen is shown to the user (refer to the provided screenshot).
+
+6. **Deletion Error**:
+   - If the endpoint responds with an error, an error screen is displayed.
+   - Users can attempt to retrigger the deletion process from this screen.
+
+#### In Case the Registration Pre-requisite is Not Fulfilled:
+
+1. If the user's registration status does not match the expected states, they are blocked from declining and presented with a screen that includes a hyperlink to `/home`.
+
+### Backend Implementation
+
+#### Summary
+
+The backend should support the ability for companies in the "registration" status to decline the registration process. This involves setting various records to "deleted" or "declined" and removing users and realms from Keycloak.
+
+#### Suggested API Endpoint
+
+`POST /api/registration/application/{applicationId}/declineRegistration`
+
+##### Business Logic
+
+- Set the company record related to the application as `deleted` in the `portal.companies` table.
+- Set the invitation related to the application ID as `declined` in the `portal.invitations` table.
+- Set all identities related to the specific application as `deleted` in the `portal.identities` table.
+- Set the company application status to `declined` in the `company_applications` table.
+- Any documents uploaded for the specific company in the `documents` table should be set to `INACTIVE`.
+
+##### Validation
+
+- Acting user must be assigned the role of `company Admin`.
+- Must belong to the registration/application company.
+- Application must be in one of the following statuses:
+  - `CREATED`
+  - `ADD_COMPANY_DATA`
+  - `INVITE_USER`
+  - `SELECT_COMPANY_ROLE`
+  - `UPLOAD_DOCUMENTS`
+  - `VERIFY`
+
+#### Keycloak Removal Process
+
+After the above steps, the user and company realm need to be removed from Keycloak. This involves:
+
+- User deletion on both central and shared IdP.
+- Realm deletion on shared IdP.
+- Identity provider deletion on central IdP.
+
+##### Handling Failures and Retries
+
+Ensure proper handling of potential Keycloak failures, such as Keycloak being down. Coordinate with the designated contact (e.g., Norbert) to establish procedures for manual retriggers, automatic retries, and error handling.
+
+#### Backend Job Order
+
+##### #1 Portal DB Updates
+
+- Set records to `INACTIVE` or `DECLINED` as outlined above.
+
+##### #2 Keycloak DB Deletion
+
+- SharedIdP => Delete company realm (with specific error handling rules)
+- SharedIdP => Delete the realm service account
+- CentralIdP => Delete "shadow" user record
+- CentralIdP => Delete Identity Provider record
+
+##### #3 Portal DB Finalization
+
+- Set company record to `DELETED`.
+- Set all identities to `DELETED`.
+
+#### Note
+
+Ensure that all users connected to the company account are updated accordingly when modifying the `identities` table.
+
+<br>
+
+## NOTICE
+
+This work is licensed under the [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0).
+
+- SPDX-License-Identifier: Apache-2.0
+- SPDX-FileCopyrightText: 2024 Contributors to the Eclipse Foundation
+- Source URL: https://github.com/eclipse-tractusx/portal-assets
diff --git a/docs/developer/06. Certificates/01. UseCase Participation.md b/docs/developer/06. Certificates/01. UseCase Participation.md
@@ -0,0 +1,49 @@
+## UseCase Participation
+
+The use case participation page is created to enable data provider/consumer and solution providers to view their use case participation and to request the participation for new use cases.
+The use case participation is a verified credential which is stored on the company wallet which generates trust and liability in the network. The company signing the framework agrees to the use case date sharing rules.
+
+Accessing the page is possible via the user navigation
+
+<img width="152" alt="image" src="https://raw.githubusercontent.com/eclipse-tractusx/portal-assets/main/docs/static/use-case-participation-option.png">
+
+<br>
+<br>
+
+When accessing the page, an overview of available use case frameworks, link to the related document as well as the expiry dates is getting displayed.
+An example screen can get viewed below:
+
+<br>
+<img width="636" alt="image" src="https://raw.githubusercontent.com/eclipse-tractusx/portal-assets/main/docs/static/usecase-credential-application-overview.png">
+<br>
+<br>
+
+By clicking on "Edit" the signed use case document can get uploaded by the company and submitted.
+The submission will trigger a request on the operator side and needs to get approved by the same before the credential is successfully added inside the company wallet.
+
+<br>
+<img width="636" alt="image" src="https://raw.githubusercontent.com/eclipse-tractusx/portal-assets/main/docs/static/agreement-file-upload.png">
+<br>
+<br>
+
+> **_NOTE:_** Only PDF files upto 2 MB are allowed to get loaded.
+
+<br>
+<br>
+
+To view the current state of the credential request, the status is getting displayed on the main page
+
+<img width="96" alt="image" src="https://raw.githubusercontent.com/eclipse-tractusx/portal-assets/main/docs/static/status-pending.png">
+<br>
+<img width="77" alt="image" src="https://raw.githubusercontent.com/eclipse-tractusx/portal-assets/main/docs/static/status-active.png">
+
+<br>
+<br>
+
+## NOTICE
+
+This work is licensed under the [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0).
+
+- SPDX-License-Identifier: Apache-2.0
+- SPDX-FileCopyrightText: 2023 Contributors to the Eclipse Foundation
+- Source URL: https://github.com/eclipse-tractusx/portal-assets
diff --git a/docs/developer/06. Certificates/02. Other Certificates.md b/docs/developer/06. Certificates/02. Other Certificates.md
@@ -0,0 +1,51 @@
+## Company Certificates
+
+Beside the Use Case Frameworks, companies can apply/request for other kind of company certificates as well.
+
+Currently Supported:
+
+- Dismantler Credential
+
+<br>
+<br>
+
+Accessing the company certificate credentials request page can be done via the user navigation
+
+<br>
+<img width="152" alt="image" src="https://raw.githubusercontent.com/eclipse-tractusx/portal-assets/main/docs/static/certificate-option.png">
+<br>
+<br>
+
+When accessing the page, an overview of already submitted, active or inactive certificates is displayed.
+Via the button "Upload Certificate", new requests can get triggered.
+
+<br>
+<img width="156" alt="image" src="https://raw.githubusercontent.com/eclipse-tractusx/portal-assets/main/docs/static/button-upload-certificate.png">
+<br>
+<br>
+
+The overlay for the certificate upload is displayed and the user can upload the certificate as pdf.
+Please note: the overlay supports the certificate selection. If only one certificate type is allowed, the dropdown will be pre-filled and can't get changed/updated.
+
+<br>
+<img width="622" alt="image" src="https://raw.githubusercontent.com/eclipse-tractusx/portal-assets/main/docs/static/certificate-file-upload.png">
+<br>
+<br>
+
+> **_NOTE:_** Only PDF files up to 2 MB are allowed to get uploaded.
+
+<br>
+<br>
+
+The submission will trigger a request on the operator side and needs to get approved by the same before the credential is successfully added inside the company wallet.
+
+<br>
+<br>
+
+## NOTICE
+
+This work is licensed under the [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0).
+
+- SPDX-License-Identifier: Apache-2.0
+- SPDX-FileCopyrightText: 2023 Contributors to the Eclipse Foundation
+- Source URL: https://github.com/eclipse-tractusx/portal-assets
diff --git a/docs/developer/06. Certificates/03. Credential Admin Board.md b/docs/developer/06. Certificates/03. Credential Admin Board.md
@@ -0,0 +1,66 @@
+## Credential Admin Board
+
+The credential admin board enables the administrator to view credential requests and approve/reject them.
+
+<p align="center">
+<img width="636" alt="image" src="https://raw.githubusercontent.com/eclipse-tractusx/portal-assets/main/docs/static/credential-request-overview.png">
+</p>
+
+The administrator can:
+
+- filter based on credential request status
+- open the attached document and verify the document correctness as well as the (if necessary) signature
+- approve the credential request
+- reject the credential request
+
+<br>
+<br>
+
+#### Filter based on credential request status
+
+Use the implemented filter views to view "all", "open", "confirmed" and "rejected" requests.
+
+<br>
+
+<p align="center">
+<img width="1235" alt="image" src="https://raw.githubusercontent.com/eclipse-tractusx/portal-assets/main/docs/static/credential-request-filters.png">
+</p>
+
+<br>
+<br>
+
+#### Open the attached document
+
+By clicking on the document icon, the attached document is getting downloaded and can get verified.
+
+<br>
+<br>
+
+#### Approve Credential Request
+
+With the credential approval button, the credential request approval endpoint is triggered (see details below) additionally, following task will get executed
+
+- credential request is getting set to "Active"
+- the verified credential is getting added to the customer wallet
+- the customer/requester is getting informed about the new added credential inside the owned managed identity wallet (via email)
+
+<br>
+<br>
+
+#### Reject Credential Request
+
+With the credential reject button, the credential request decline endpoint is triggered (see details below) additionally, following task will get executed
+
+- credential request is getting set to "Inactive"
+- the customer/requester is getting informed about the rejection/decline of the credential and getting enabled to start a new request (via email)
+
+<br>
+<br>
+
+## NOTICE
+
+This work is licensed under the [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0).
+
+- SPDX-License-Identifier: Apache-2.0
+- SPDX-FileCopyrightText: 2023 Contributors to the Eclipse Foundation
+- Source URL: https://github.com/eclipse-tractusx/portal-assets
diff --git a/docs/developer/06. Certificates/03. FAQ.md b/docs/developer/06. Certificates/03. FAQ.md
@@ -0,0 +1,28 @@
+## FAQ
+
+#### 1. Why can I not upload any certificate
+
+The "Company Certificates" page validates if the user company can upload any certificates (due to an outrunning certificate or a not yet requested certificate type). In case there is no certificate type existing which the user can request, the "Upload Certificate" button will be deactivated.
+
+<br>
+
+#### 2. Who validates my VC request after submission
+
+The platform operator is getting informed of the VC request, validates it and approves or declines the request. In both scenarios the requesting user will be informed about the decision. In case of the approval, the VC is created inside the customer wallet.
+
+<br>
+
+#### 3. For how long will the credential be valid.
+
+Credential valid till dates are defined by the VC issuer. In most cases credentials are valid for 12 month. In special cases (due to an certificate expiry) the duration might be shorter.
+The user can view the duration inside the wallet.
+
+<br>
+
+## NOTICE
+
+This work is licensed under the [Apache-2.0](https://www.apache.org/licenses/LICENSE-2.0).
+
+- SPDX-License-Identifier: Apache-2.0
+- SPDX-FileCopyrightText: 2023 Contributors to the Eclipse Foundation
+- Source URL: https://github.com/eclipse-tractusx/portal-assets