add session extension

SFA.DAS.DfESignIn.Auth.Samples/SFA.DAS.DfESignIn.SampleSite/Program.cs

@@ -16,8 +16,7 @@
     {
         options.Filters.Add(new AutoValidateAntiforgeryTokenAttribute());
     })
-    .SetDefaultNavigationSection(NavigationSection.YourCohorts)
-    .SetDfESignInConfiguration(true);
+    .SetDefaultNavigationSection(NavigationSection.YourCohorts);
 
 var app = builder.Build();
 

SFA.DAS.DfESignIn.Auth.Samples/SFA.DAS.DfESignIn.SampleSite/SFA.DAS.DfESignIn.SampleSite.csproj

@@ -5,8 +5,8 @@
     <ImplicitUsings>enable</ImplicitUsings>
   </PropertyGroup>
   <ItemGroup>
-    <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="7.6.0" />
-    <PackageReference Include="SFA.DAS.Provider.Shared.UI" Version="2.0.39" />
+    <PackageReference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect" Version="8.3.0" />
+    <PackageReference Include="SFA.DAS.Provider.Shared.UI" Version="2.0.41" />
     <PackageReference Include="WebEssentials.AspNetCore.CdnTagHelpers" Version="1.0.21" />
     <PackageReference Include="Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation" Version="8.0.6" />
   </ItemGroup>

SFA.DAS.DfESignIn.Auth/SFA.DAS.DfESignIn.Auth.UnitTests/AppStart/WhenAddingCustomServiceRoleTest.cs

@@ -8,7 +8,7 @@ public class WhenAddingCustomServiceRoleTest
     {
         [TestCase(CustomServiceRoleValueType.Code, null)]
         [TestCase(CustomServiceRoleValueType.Name ,"http://schemas.portal.com/displayname")]
-        public void Then_The_Properties_Are_Correctly_Returned(CustomServiceRoleValueType roleValue, string roleClaim)
+        public void Then_The_Properties_Are_Correctly_Returned(CustomServiceRoleValueType roleValue, string? roleClaim)
         {
             // arrange
             var customServiceRole = new Mock<ICustomServiceRole>();

SFA.DAS.DfESignIn.Auth/SFA.DAS.DfESignIn.Auth.UnitTests/SFA.DAS.DfESignIn.Auth.UnitTests.csproj

@@ -1,31 +1,34 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
     <PropertyGroup>
-        <TargetFramework>net6.0</TargetFramework>
+        <TargetFramework>net8.0</TargetFramework>
         <ImplicitUsings>enable</ImplicitUsings>
         <Nullable>enable</Nullable>
 
         <IsPackable>false</IsPackable>
     </PropertyGroup>
 
     <ItemGroup>
-        <PackageReference Include="coverlet.msbuild" Version="3.1.2">
+        <PackageReference Include="coverlet.msbuild" Version="6.0.3">
+          <PrivateAssets>all</PrivateAssets>
+          <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
+        </PackageReference>
+        <PackageReference Include="FluentAssertions" Version="[7.1.0]" />
+        <PackageReference Include="Microsoft.Extensions.Http" Version="8.0.1" />
+        <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.12.0" />
+        <PackageReference Include="NUnit" Version="4.3.2" />
+        <PackageReference Include="NUnit3TestAdapter" Version="4.6.0" />
+        <PackageReference Include="NUnit.Analyzers" Version="4.6.0" />
+        <PackageReference Include="coverlet.collector" Version="6.0.3">
           <PrivateAssets>all</PrivateAssets>
           <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
         </PackageReference>
-        <PackageReference Include="FluentAssertions" Version="6.12.0" />
-        <PackageReference Include="Microsoft.Extensions.Http" Version="7.0.0" />
-        <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.1.0" />
-        <PackageReference Include="NUnit" Version="3.13.3" />
-        <PackageReference Include="NUnit3TestAdapter" Version="4.2.1" />
-        <PackageReference Include="NUnit.Analyzers" Version="3.3.0" />
-        <PackageReference Include="coverlet.collector" Version="3.1.2" />
         <PackageReference Include="SFA.DAS.Testing" Version="3.0.169" />
-        <PackageReference Include="SFA.DAS.Testing.AutoFixture" Version="3.0.169" />
+        <PackageReference Include="SFA.DAS.Testing.AutoFixture" Version="17.1.103" />
         <PackageReference Include="System.ComponentModel.TypeConverter" Version="4.3.0" />
-        <PackageReference Include="System.Drawing.Common" Version="8.0.0" />
-        <PackageReference Include="System.Security.Cryptography.Pkcs" Version="8.0.0" />
-        <PackageReference Include="System.Security.Cryptography.Xml" Version="8.0.0" />
+        <PackageReference Include="System.Drawing.Common" Version="8.0.12" />
+        <PackageReference Include="System.Security.Cryptography.Pkcs" Version="8.0.1" />
+        <PackageReference Include="System.Security.Cryptography.Xml" Version="8.0.2" />
         <PackageReference Include="System.Text.Encodings.Web" Version="8.0.0" />
         <PackageReference Include="System.Text.RegularExpressions" Version="4.3.1" />
     </ItemGroup>

SFA.DAS.DfESignIn.Auth/SFA.DAS.DfESignIn.Auth.UnitTests/Services/DfESignInServiceTest.cs

@@ -94,6 +94,7 @@ private static TokenValidatedContext ArrangeTokenValidatedContext(string userId,
                     new ClaimsIdentity(
                     new List<Claim>
                 {
+                    new(ClaimTypes.NameIdentifier, userId),
                     new(ClaimName.Sub, userId),
                     new(ClaimTypes.Email, emailAddress),
                     new(ClaimName.Organisation, JsonConvert.SerializeObject(organisation)),

SFA.DAS.DfESignIn.Auth/SFA.DAS.DfESignIn.Auth.sln

@@ -11,11 +11,7 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SFA.DAS.DfESignIn.Auth.Unit
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Samples", "Samples", "{0FC1A393-51E5-4BD9-9576-B2436B1EA214}"
 EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SFA.DAS.DfESignIn.SampleSite", "..\SFA.DAS.DfESignIn.Auth.Samples\SFA.DAS.DfESignIn.SampleSite\SFA.DAS.DfESignIn.SampleSite.csproj", "{6F8D7D4D-2DDF-49D2-8194-B7DB97E3E919}"
-EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "SFA.DAS.DfESignIn.SampleSite.Standard", "..\SFA.DAS.DfESignIn.Auth.Samples\SFA.DAS.DfESignIn.SampleSite.Standard\SFA.DAS.DfESignIn.SampleSite.Standard.csproj", "{EAB6A659-8373-41BA-9E4D-F14829E18B5B}"
-EndProject
-Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SFA.DAS.DfESignIn.SampleSite.Framework", "..\SFA.DAS.DfESignIn.Auth.Samples\SFA.DAS.DfESignIn.SampleSite.Framework\SFA.DAS.DfESignIn.SampleSite.Framework.csproj", "{1B22F969-0729-4DF9-8B69-952B3CC83EA5}"
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SFA.DAS.DfESignIn.SampleSite", "..\SFA.DAS.DfESignIn.Auth.Samples\SFA.DAS.DfESignIn.SampleSite\SFA.DAS.DfESignIn.SampleSite.csproj", "{D69B8770-B560-4FDF-8999-6999CAAC8CDA}"
 EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
@@ -31,27 +27,17 @@ Global
 		{A314850F-0D42-4CC3-9901-20D8F2CE51E8}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{A314850F-0D42-4CC3-9901-20D8F2CE51E8}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{A314850F-0D42-4CC3-9901-20D8F2CE51E8}.Release|Any CPU.Build.0 = Release|Any CPU
-		{6F8D7D4D-2DDF-49D2-8194-B7DB97E3E919}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{6F8D7D4D-2DDF-49D2-8194-B7DB97E3E919}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{6F8D7D4D-2DDF-49D2-8194-B7DB97E3E919}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{6F8D7D4D-2DDF-49D2-8194-B7DB97E3E919}.Release|Any CPU.Build.0 = Release|Any CPU
-		{EAB6A659-8373-41BA-9E4D-F14829E18B5B}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{EAB6A659-8373-41BA-9E4D-F14829E18B5B}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{EAB6A659-8373-41BA-9E4D-F14829E18B5B}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{EAB6A659-8373-41BA-9E4D-F14829E18B5B}.Release|Any CPU.Build.0 = Release|Any CPU
-		{1B22F969-0729-4DF9-8B69-952B3CC83EA5}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{1B22F969-0729-4DF9-8B69-952B3CC83EA5}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{1B22F969-0729-4DF9-8B69-952B3CC83EA5}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{1B22F969-0729-4DF9-8B69-952B3CC83EA5}.Release|Any CPU.Build.0 = Release|Any CPU
+		{D69B8770-B560-4FDF-8999-6999CAAC8CDA}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{D69B8770-B560-4FDF-8999-6999CAAC8CDA}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{D69B8770-B560-4FDF-8999-6999CAAC8CDA}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{D69B8770-B560-4FDF-8999-6999CAAC8CDA}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
 	EndGlobalSection
 	GlobalSection(NestedProjects) = preSolution
 		{A314850F-0D42-4CC3-9901-20D8F2CE51E8} = {D0E29E1B-0D74-49E5-83AF-581FEA6F4966}
-		{6F8D7D4D-2DDF-49D2-8194-B7DB97E3E919} = {0FC1A393-51E5-4BD9-9576-B2436B1EA214}
-		{EAB6A659-8373-41BA-9E4D-F14829E18B5B} = {0FC1A393-51E5-4BD9-9576-B2436B1EA214}
-		{1B22F969-0729-4DF9-8B69-952B3CC83EA5} = {0FC1A393-51E5-4BD9-9576-B2436B1EA214}
+		{D69B8770-B560-4FDF-8999-6999CAAC8CDA} = {0FC1A393-51E5-4BD9-9576-B2436B1EA214}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {8508DF57-1D2D-4A6F-8C8D-3581C7303EBD}

SFA.DAS.DfESignIn.Auth/SFA.DAS.DfESignIn.Auth/AppStart/ConfigureDfESignInAuthenticationExtension.cs

@@ -27,6 +27,7 @@ internal static void ConfigureDfESignInAuthentication(
             string signedOutCallbackPath,
             string redirectUrl)
         {
+            Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.DefaultInboundClaimTypeMap.Clear();
             services
                 .AddAuthentication(sharedOptions =>
                 {

SFA.DAS.DfESignIn.Auth/SFA.DAS.DfESignIn.Auth/Extensions/SessionExtensions.cs

@@ -0,0 +1,19 @@
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Routing;
+
+namespace SFA.DAS.DfESignIn.Auth.Extensions
+{
+    public static class SessionExtensions
+    {
+        public static void MapSessionKeepAliveEndpoint(this IEndpointRouteBuilder endpoints, string route = "/service/keepalive")
+        {
+            endpoints.MapGet(route, async context =>
+            {
+                context.Response.StatusCode = context.User.Identity?.IsAuthenticated == true 
+                    ? StatusCodes.Status204NoContent 
+                    : StatusCodes.Status401Unauthorized;
+            });
+        }
+    }
+}

SFA.DAS.DfESignIn.Auth/SFA.DAS.DfESignIn.Auth/SFA.DAS.DfESignIn.Auth.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
     <PropertyGroup>
-        <TargetFrameworks>net6.0;netstandard2.0</TargetFrameworks>
+        <TargetFrameworks>net8.0;</TargetFrameworks>
         <ImplicitUsings>disable</ImplicitUsings>
         <Nullable>disable</Nullable>
         <Authors>GOV.UK Education and Skills Funding Agency (ESFA) Digital Apprenticeship Service (DAS)</Authors>
@@ -15,35 +15,20 @@
     </PropertyGroup>
 
     <ItemGroup>
-        <PackageReference Include="Microsoft.AspNetCore.Authentication.Cookies" Version="2.1.34" />
-        <PackageReference Include="Microsoft.AspNetCore.Http" Version="2.2.0" />
-        <PackageReference Include="Microsoft.Azure.Functions.Extensions" Version="1.1.0" />
-        <PackageReference Include="Microsoft.Rest.ClientRuntime" Version="2.3.24" />
-        <PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
-        <PackageReference Include="Polly.Extensions.Http" Version="3.0.0" />
-        <PackageReference Include="SFA.DAS.Configuration.AzureTableStorage" Version="3.0.84" />
+        <PackageReference Include="Azure.Core" Version="1.44.1" />
+        <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
+        <PackageReference Include="SFA.DAS.Configuration.AzureTableStorage" Version="17.1.113" />
         <PackageReference Include="System.Drawing.Common" Version="8.0.0" />
         <PackageReference Include="System.Net.Http" Version="4.3.4" />
         <PackageReference Include="System.Security.Cryptography.Xml" Version="8.0.0" />
         <PackageReference Include="System.Text.Encodings.Web" Version="8.0.0" />
         <PackageReference Include="System.Text.RegularExpressions" Version="4.3.1" />
-    </ItemGroup>
-
-    <ItemGroup Condition="'$(TargetFramework)' == 'net6.0'">
-        <PackageReference Include="Microsoft.Extensions.Caching.Memory" Version="7.0.0" />
-        <PackageReference Include="Microsoft.Extensions.Http" Version="7.0.0" />
-        <PackageReference Include="Microsoft.Extensions.Http.Polly" Version="7.0.13" />
-        <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="6.0.8" />
-        <PackageReference Include="Microsoft.Extensions.Caching.StackExchangeRedis" Version="7.0.13" />
-        <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.0.3" />
-        <PackageReference Include="Microsoft.IdentityModel.KeyVaultExtensions" Version="6.22.0" />
-    </ItemGroup>
-    <ItemGroup Condition="'$(TargetFramework)' == 'netstandard2.0'">
-        <PackageReference Include="Microsoft.Extensions.Caching.Memory" Version="2.2.0" />
-        <PackageReference Include="Microsoft.Extensions.Http.Polly" Version="2.2.0" />
-        <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="2.2.0" />
-        <PackageReference Include="Microsoft.AspNetCore.Authentication.Cookies" Version="2.2.0" />
-        <PackageReference Include="Microsoft.Extensions.Http" Version="2.2.0" />
-        <PackageReference Include="Microsoft.Extensions.Caching.StackExchangeRedis" Version="2.2.5" />
+        <PackageReference Include="Microsoft.Extensions.Caching.Memory" Version="8.0.1" />
+        <PackageReference Include="Microsoft.Extensions.Http" Version="8.0.1" />
+        <PackageReference Include="Microsoft.Extensions.Http.Polly" Version="8.0.12" />
+        <PackageReference Include="Microsoft.AspNetCore.Authentication.OpenIdConnect" Version="8.0.12" />
+        <PackageReference Include="Microsoft.Extensions.Caching.StackExchangeRedis" Version="8.0.12" />
+        <PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="8.3.0" />
+        <PackageReference Include="Microsoft.IdentityModel.KeyVaultExtensions" Version="7.7.1" />
     </ItemGroup>
 </Project>

SFA.DAS.DfESignIn.Auth/SFA.DAS.DfESignIn.Auth/Services/DfESignInService.cs

@@ -18,21 +18,13 @@
 
 namespace SFA.DAS.DfESignIn.Auth.Services
 {
-    internal class DfESignInService : IDfESignInService
+    internal class DfESignInService(
+        IOptions<DfEOidcConfiguration> configuration,
+        IApiHelper apiHelper,
+        ICustomServiceRole customServiceRole)
+        : IDfESignInService
     {
-        private readonly DfEOidcConfiguration _configuration;
-        private readonly IApiHelper _apiHelper;
-        private readonly ICustomServiceRole _customServiceRole;
-
-        public DfESignInService(
-            IOptions<DfEOidcConfiguration> configuration,
-            IApiHelper apiHelper,
-            ICustomServiceRole customServiceRole)
-        {
-            _configuration = configuration.Value;
-            _apiHelper = apiHelper;
-            _customServiceRole = customServiceRole;
-        }
+        private readonly DfEOidcConfiguration _configuration = configuration.Value;
 
         public async Task PopulateAccountClaims(TokenValidatedContext ctx)
         {
@@ -43,7 +35,7 @@ public async Task PopulateAccountClaims(TokenValidatedContext ctx)
 
             if (userOrganisation != null && ctx.Principal != null)
             {
-                var userId = ctx.Principal.GetClaimValue(ClaimName.Sub);
+                var userId = ctx.Principal.GetClaimValue(ClaimTypes.NameIdentifier);
                 var ukPrn = userOrganisation.UkPrn?.ToString() ?? "0";
 
                 if (userId != null)
@@ -62,7 +54,7 @@ public async Task PopulateAccountClaims(TokenValidatedContext ctx)
 
         private async Task PopulateDfEClaims(TokenValidatedContext ctx, string userId, string userOrgId)
         {
-            var response = await _apiHelper.Get<ApiServiceResponse>($"{_configuration.APIServiceUrl}/services/{_configuration.APIServiceId}/organisations/{userOrgId}/users/{userId}");
+            var response = await apiHelper.Get<ApiServiceResponse>($"{_configuration.APIServiceUrl}/services/{_configuration.APIServiceId}/organisations/{userOrgId}/users/{userId}");
 
             if (response != null)
             {
@@ -82,8 +74,8 @@ private async Task PopulateDfEClaims(TokenValidatedContext ctx, string userId, s
                         .First()
                         .AddClaim(
                             new Claim(
-                                type: _customServiceRole.RoleClaimType ?? CustomClaimsIdentity.Service,
-                                value: _customServiceRole.RoleValueType.Equals(CustomServiceRoleValueType.Name)
+                                type: customServiceRole.RoleClaimType ?? CustomClaimsIdentity.Service,
+                                value: customServiceRole.RoleValueType.Equals(CustomServiceRoleValueType.Name)
                                     ? role.Name
                                     : role.Code));
                 }

SFA.DAS.Employer.Shared.UI/SFA.DAS.Employer.Shared.UI/Views/Shared/_Footer.cshtml

@@ -2,7 +2,6 @@
 @using SFA.DAS.Employer.Shared.UI.Models
 @inject SFA.DAS.Employer.Shared.UI.UrlBuilder LinkGenerator
 
-<!-- Include the script only if the user is logged in -->
 @if (User.Identity != null && User.Identity.IsAuthenticated)
 {
     <script src="/js/sessionTimeout.js"></script>

SFA.DAS.Provider.Shared.UI/SFA.DAS.Provider.Shared.UI/Views/Shared/_Layout.cshtml

@@ -147,6 +147,12 @@
         <script src="/libs/jquery/jquery.min.js"></script>
         <script src="/js/das-all.js"></script>
         <script src="/js/app.min.js"></script>
+
+        @if (User.Identity != null && User.Identity.IsAuthenticated)
+        {
+            <script src="/js/sessionTimeout.js"></script>
+        }
+
         <script nws-csp-add-nonce="true">
             window.DASFrontend.initAll();
         </script>