[NEW-FEATURE] Port security from tco

docfx/articles/security/INSTALLATION.md

@@ -0,0 +1,130 @@
+# Installation 
+
+All necessary logic for security is located in AxOpen.Security library. 
+
+## 1. Install AxOpen.Security NuGet package or add reference to this project 
+
+## 2. Add reference to AxOpen.Security assembly. 
+
+Go to `App.razor` and add `AdditionalAssemblies` as parameter of `Router` component. The following line must be added to `Router` component:
+
+```C#
+AdditionalAssemblies="new[] { typeof(BlazorSecurity).Assembly}">
+```
+
+Also, make sure, that `Router` component is wrapped inside `CascadingAuthenticationState` component. At the end, the `Router` component should look like this:
+
+```html
+<CascadingAuthenticationState>
+    <Router AppAssembly="@typeof(App).Assembly" 
+            AdditionalAssemblies="new[] { typeof(BlazorSecurity).Assembly}">
+            ...
+    </Router>
+</CascadingAuthenticationState>
+```
+
+## 3. Configure Ax Blazor security services in dependency injection container of Blazor application located in `Program.cs` file.
+
+To correctly configure security services you must:
+
+- configure repository
+- create in-app roles
+- configure AxBlazorSecurity in DI container
+
+### **Configuring repository**
+The security requires 2 instances of repositories:
+- for persistence of user data
+- for persistence of groups of roles
+
+Within AXOpen 4 different types of repositories are available:
+- InMemory
+- Json
+- MongoDB
+- RavenDB
+
+For example, the Json repository can be configured as follows:
+
+[!code-csharp[](../../../src/security/integrations/axopen_blazor_auth_app/Program.cs?name=SetupJson)]
+
+Add `SetUpJson` method in `Program.cs` file.
+
+### **Creating in-app roles**
+
+In your Blazor application create new static class `Roles` and specify the roles, that will be used in your application. You can add as many roles as you want. The `Roles` class can be defined like this:
+
+```C#
+public static class Roles
+{
+    public static List<Role> CreateRoles()
+    {
+        var roles = new List<Role>
+        {
+            new Role(process_settings_access),
+            new Role(process_traceability_access),
+        };
+
+        return roles;
+    }
+
+    public const string process_settings_access = nameof(process_settings_access);
+    public const string process_traceability_access = nameof(process_traceability_access);
+}
+```
+
+### **Configure AxBlazorSecurity services**
+
+Finally, the `AxBlazorSecurity` security can be configured in DI container of Blazor application. Go to `Program.cs` file and add following line to builder:
+
+
+[!code-csharp[](../../../src/security/integrations/axopen_blazor_auth_app/Program.cs?name=AxConfiguration)]
+
+
+The first parameter is set up repository and the second parameter are created roles.
+
+## 4. Add security views to application 
+
+Go to `MainLayout.razor` located in `Shared` folder and add `LoginDisplay` view inside top bar.
+```html
+<main>
+    <div class="top-row px-4 auth">
+        <AxOpen.Security.Views.LoginDisplay/>
+    </div>
+
+    <article class="content px-4">
+        @Body
+    </article>
+</main>
+```
+
+
+Within `Pages` of the Blazor application, create new `Security.razor` page and add there `SecurityManagementView`.
+
+```html
+@page "/Security"
+
+<h3>Security</h3>
+
+<AxOpen.Security.Views.SecurityManagementView />
+
+```
+
+Add you security view inside the navigation menu in `NavMenu.razor`:
+
+```html
+<div class="nav-item px-3">
+    <NavLink class="nav-link" href="security">
+        <span class="oi oi-list-rich" aria-hidden="true"></span> Security
+    </NavLink>
+</div>
+```
+## Default login
+
+If everything done correctly, now security should be available in Blazor application.
+Now it should be possible to log-in with default user.
+The default user is created on application startup with following credentials:
+
+- Username: **admin**
+- Password: **admin**
+
+The user has default `Administrator` role and is in default `AdminGroup`.
+

docfx/articles/security/README.md

@@ -0,0 +1,102 @@
+# AXOpen.Security
+
+AxOpen.Security is library which provides authentication and authorization in Blazor AX applications. It is based on a default solution for authentication in Blazor, which is extended by using implemented repositories within Ax.Open.Data. As a result, multiple storage providers for security can be used.
+
+## Installation
+
+The security library is available in form of NuGet package. Detailed installation instructions of security into empty Blazor project is located in [security installation article](INSTALLATION.md).
+
+## Basic concepts
+
+Each user is limited to having just a single group. A group is formed by a collection of multiple roles. When a user is assigned to a group, they possess all the roles associated with that group.
+It is possible for a single role to be assigned to multiple groups.
+
+## Security views
+
+SecurityManagementView component serves for managing users. It is available only if user is logged in with administrator rights.
+
+When user is logged in with administrator rights, it is possible to modify all available users and groups. Administrator can delete users or change group.
+
+### User management
+
+The SecurityManagementView component includes a tab dedicated to user management. Within this tab, users can be updated or newly created. When a user is selected, a card is displayed showing the current data for that user, there is an option to update or delete user.
+
+![user management](~/images/UserManagement.png)
+
+### Group Management
+
+The SecurityManagementView component includes a tab for group management. Within this tab, groups can be updated or newly created. When a group is selected, a card is displayed showing the assigned roles for that group. Users have the option assigned or unassign roles or delete group.
+
+![group management](~/images/GroupManagement.png)
+
+### Account Management
+
+In account management view is possible to change the your user data, like email address or password.
+
+![account management](~/images/AccountManagement.png)
+
+### User Create
+
+In user create view is possible to new user.
+
+![Create user](~/images/CreateUser.png)
+
+## AuthorizeView and AuthenticationContext
+
+There are two ways how to work with authentication and authorization.
+
+- Use of the `AuthorizeView` component in Blazor component
+- Use of the `AuthenticationStateProvider` within a C# class
+
+### Use of AuthorizeView
+
+The `AuthorizeView` is used to create a secure views within a Blazor application. It contains two child components `Authorized` and `NotAuthorized`, which serves for visualizing view in a corresponded views. In addition, the parameter `Roles` can be used to specified roles, based on which the authorized view is shown.
+
+The `AuthorizeView` contain base class named `context`, which is used to access identity of currently logged in user.
+
+The example of usage of `AuthorizeView` within a Blazor component is shown below:
+
+```html
+<AuthorizeView Roles="Administrator">
+    <Authorized>
+        <h4>You have role Administrator.</h4>
+        <h4>Your name is: @context.User.Identity.Name</h4>
+    </Authorized>
+    <NotAuthorized>
+            <h4>You dont have role Administrator.</h4>
+    </NotAuthorized>
+</AuthorizeView>
+```
+
+If the user is authenticated and is also authorized with the `Administrator` role, the authorized view is shown. Otherwise, non-authorized view is displayed.
+
+Also, there is a possibility to call method from `RoleGroupManager` called `GetRoles`, which takes as parameter name of the group and returns corresponded roles. `RoleGroupManager` is accessible from `IRepositoryService`.
+
+```html
+@inject IRepositoryService rs
+
+<AuthorizeView Roles="@rs.RoleGroupManager.GetRoles("AdminGroup")">
+```
+
+### Use of AuthenticationStateProvider
+
+The `AuthenticationStateProvider` serves for accessing current logged in user and his claims. This provider can be injected to any C# class (either from constructor injection (in ViewModel) or with `Inject` attribute in Blazor component), where user need to work with authentication context. The authentication context of current user can be accessed in following way:
+
+```C#
+@page "/mypage"
+@inject AuthenticationStateProvider _asp
+
+@code
+{
+    protected override async Task OnInitializedAsync()
+    {
+        var context = await _asp.GetAuthenticationStateAsync();
+        var isAuth = context.User.Identity.IsAuthenticated;
+        if (isAuth)
+        {
+            Console.Writeline("I'm authenticated");
+        }
+    }
+}
+
+```

docfx/articles/toc.yml

@@ -34,4 +34,10 @@
   href: ~/articles/messaging/README.md
   items:
   - name: AxoMessenger
-    href: ~/articles/messaging/AXOMESSENGER.md
+    href: ~/articles/messaging/AXOMESSENGER.md
+- name: AXOpen.Security
+  href: ~/articles/security/README.md  
+  items:
+  - name: Installation
+    href: ~/articles/security/INSTALLATION.md
+

src/AXOpen-L1-tests.slnf

@@ -3,8 +3,9 @@
     "path": "AXOpen.sln",
     "projects": [
       "core\\tests\\AXOpen.Core.Tests\\axopen_core_tests.csproj",
+      "data\\tests\\AXOpen.Data.Tests\\axopen_data_tests.csproj",
       "data\\tests\\AXOpen.Repository.Integration.Tests_L1\\axopen_repository_integration_tests_L1.csproj",
-      "data\\tests\\AXOpen.Data.Tests\\axopen_data_tests.csproj"
+      "security\\tests\\axopen_security_tests\\axopen_security_tests.csproj"
     ]
   }
 }

src/AXOpen-L2-tests.slnf

@@ -4,7 +4,9 @@
     "projects": [
       "core\\tests\\AXOpen.Core.Tests\\axopen_core_tests.csproj",
       "data\\tests\\AXOpen.Repository.Integration.Tests_L1\\axopen_repository_integration_tests_L1.csproj",
-      "data\\tests\\AXOpen.Data.Tests\\axopen_data_tests.csproj"
+      "data\\tests\\AXOpen.Data.Tests\\axopen_data_tests.csproj",      
+      "data\\tests\\AXOpen.Repository.Integration.Tests_L1\\axopen_repository_integration_tests_L1.csproj",
+      "security\\tests\\axopen_security_tests\\axopen_security_tests.csproj"
     ]
   }
 }

src/AXOpen-L3-tests.slnf

@@ -19,7 +19,10 @@
       "integrations\\src\\AXOpen.Integrations\\axopen_integrations.csproj",
       "integrations\\tests\\AXOpen.Integration.Tests\\axopen_integration_tests.csproj",
       "probers\\src\\AXOpen.Probers\\ix_ax_axopen_probers.csproj",
-      "probers\\tests\\AXOpen.Probers.Tests\\axopen_probers_tests.csproj"
+      "probers\\tests\\AXOpen.Probers.Tests\\axopen_probers_tests.csproj",
+      "data\\tests\\AXOpen.Data.Tests\\axopen_data_tests.csproj",
+      "data\\tests\\AXOpen.Repository.Integration.Tests_L1\\axopen_repository_integration_tests_L1.csproj",
+      "security\\tests\\axopen_security_tests\\axopen_security_tests.csproj"      
     ]
   }
 }

src/AXOpen.sln

@@ -106,8 +106,6 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "axopen_utils_tests", "utils
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "axopen_integrations", "integrations\src\AXOpen.Integrations\axopen_integrations.csproj", "{93754908-A6AD-497A-B154-0A42F94EF4AC}"
 EndProject
-Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "axopen_integrations_blazor", "integrations\src\AXOpen.Integrations.Blazor\axopen_integrations_blazor.csproj", "{C074C0BD-0E94-4DFD-AEBD-CB16C4726E42}"
-EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "axopen_integration_data_blazor_tests", "integrations\tests\AXOpen.Integration.Data.Blazor.Tests\axopen_integration_data_blazor_tests.csproj", "{C8A4FDF4-59BA-40E0-9E65-2EA5AB343BFC}"
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "axopen_integration_tests", "integrations\tests\AXOpen.Integration.Tests\axopen_integration_tests.csproj", "{73D27627-127D-45C8-BD25-EE21F2E3756E}"
@@ -118,6 +116,22 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "axo.snippetify", "tools\src
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{71A7EE6D-7F41-4336-9B7E-6166F35EDF59}"
 EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "security", "security", "{F64B0B65-3671-442D-95D3-5DA6452FF715}"
+EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "src", "src", "{8017588A-7145-460D-ACEB-402D7005DA33}"
+EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "integrations", "integrations", "{1248626A-34D4-48B2-8401-4981029EB5FC}"
+EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "tests", "tests", "{D58B2F3E-683E-41D7-B249-1B208CBD7DD5}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "axopen_security_tests", "security\tests\axopen_security_tests\axopen_security_tests.csproj", "{144ECA7B-4216-491A-860C-B9CB57E06A0A}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "axopen_blazor_auth_app", "security\integrations\axopen_blazor_auth_app\axopen_blazor_auth_app.csproj", "{F1769F72-2934-41EF-A1AB-B35F3F0EBCBA}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "axopen_security_blazor", "security\src\AXOpen.Security\axopen_security_blazor.csproj", "{255286BF-2A5A-4EB8-BBBB-0CBCA67DEAB3}"
+EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "axopen_integrations_blazor", "integrations\src\AXOpen.Integrations.Blazor\axopen_integrations_blazor.csproj", "{1EC46148-A114-4018-92BE-93F1E0273A33}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -220,10 +234,6 @@ Global
 		{93754908-A6AD-497A-B154-0A42F94EF4AC}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{93754908-A6AD-497A-B154-0A42F94EF4AC}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{93754908-A6AD-497A-B154-0A42F94EF4AC}.Release|Any CPU.Build.0 = Release|Any CPU
-		{C074C0BD-0E94-4DFD-AEBD-CB16C4726E42}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{C074C0BD-0E94-4DFD-AEBD-CB16C4726E42}.Debug|Any CPU.Build.0 = Debug|Any CPU
-		{C074C0BD-0E94-4DFD-AEBD-CB16C4726E42}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{C074C0BD-0E94-4DFD-AEBD-CB16C4726E42}.Release|Any CPU.Build.0 = Release|Any CPU
 		{C8A4FDF4-59BA-40E0-9E65-2EA5AB343BFC}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{C8A4FDF4-59BA-40E0-9E65-2EA5AB343BFC}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{C8A4FDF4-59BA-40E0-9E65-2EA5AB343BFC}.Release|Any CPU.ActiveCfg = Release|Any CPU
@@ -236,6 +246,22 @@ Global
 		{D892F56E-D5BA-470F-85BE-16C777AC5559}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{D892F56E-D5BA-470F-85BE-16C777AC5559}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{D892F56E-D5BA-470F-85BE-16C777AC5559}.Release|Any CPU.Build.0 = Release|Any CPU
+		{144ECA7B-4216-491A-860C-B9CB57E06A0A}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{144ECA7B-4216-491A-860C-B9CB57E06A0A}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{144ECA7B-4216-491A-860C-B9CB57E06A0A}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{144ECA7B-4216-491A-860C-B9CB57E06A0A}.Release|Any CPU.Build.0 = Release|Any CPU
+		{F1769F72-2934-41EF-A1AB-B35F3F0EBCBA}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{F1769F72-2934-41EF-A1AB-B35F3F0EBCBA}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{F1769F72-2934-41EF-A1AB-B35F3F0EBCBA}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{F1769F72-2934-41EF-A1AB-B35F3F0EBCBA}.Release|Any CPU.Build.0 = Release|Any CPU
+		{255286BF-2A5A-4EB8-BBBB-0CBCA67DEAB3}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{255286BF-2A5A-4EB8-BBBB-0CBCA67DEAB3}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{255286BF-2A5A-4EB8-BBBB-0CBCA67DEAB3}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{255286BF-2A5A-4EB8-BBBB-0CBCA67DEAB3}.Release|Any CPU.Build.0 = Release|Any CPU
+		{1EC46148-A114-4018-92BE-93F1E0273A33}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{1EC46148-A114-4018-92BE-93F1E0273A33}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{1EC46148-A114-4018-92BE-93F1E0273A33}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{1EC46148-A114-4018-92BE-93F1E0273A33}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -281,11 +307,17 @@ Global
 		{A6798409-448B-4A6C-8C9D-4EC45F8EF24C} = {281D9B0C-444B-4AE8-AD0A-880AFF62B24B}
 		{9F51D978-13EA-4DB8-A3EA-C9FE1A2B7740} = {F25CCCC1-2864-4BF5-8A0D-1389BA1BB155}
 		{93754908-A6AD-497A-B154-0A42F94EF4AC} = {FFD509A8-8D3C-4756-9B2E-10A063A246E9}
-		{C074C0BD-0E94-4DFD-AEBD-CB16C4726E42} = {FFD509A8-8D3C-4756-9B2E-10A063A246E9}
 		{C8A4FDF4-59BA-40E0-9E65-2EA5AB343BFC} = {CE0F4E49-A685-4518-87A3-EE17D0547004}
 		{73D27627-127D-45C8-BD25-EE21F2E3756E} = {CE0F4E49-A685-4518-87A3-EE17D0547004}
 		{D892F56E-D5BA-470F-85BE-16C777AC5559} = {71A7EE6D-7F41-4336-9B7E-6166F35EDF59}
 		{71A7EE6D-7F41-4336-9B7E-6166F35EDF59} = {AE9D9AAE-0A33-473E-84CB-0AC972FD9A26}
+		{8017588A-7145-460D-ACEB-402D7005DA33} = {F64B0B65-3671-442D-95D3-5DA6452FF715}
+		{1248626A-34D4-48B2-8401-4981029EB5FC} = {F64B0B65-3671-442D-95D3-5DA6452FF715}
+		{D58B2F3E-683E-41D7-B249-1B208CBD7DD5} = {F64B0B65-3671-442D-95D3-5DA6452FF715}
+		{144ECA7B-4216-491A-860C-B9CB57E06A0A} = {D58B2F3E-683E-41D7-B249-1B208CBD7DD5}
+		{F1769F72-2934-41EF-A1AB-B35F3F0EBCBA} = {1248626A-34D4-48B2-8401-4981029EB5FC}
+		{255286BF-2A5A-4EB8-BBBB-0CBCA67DEAB3} = {8017588A-7145-460D-ACEB-402D7005DA33}
+		{1EC46148-A114-4018-92BE-93F1E0273A33} = {FFD509A8-8D3C-4756-9B2E-10A063A246E9}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {292B45BE-E9CB-443B-979D-C0AFCD8D5675}

src/Security/integrations/JSONREPOS/Groups/AdminGroup

@@ -0,0 +1,16 @@
+{
+  "Changes": [],
+  "RecordId": null,
+  "DataEntityId": "AdminGroup",
+  "Name": "AdminGroup",
+  "Roles": [
+    "Administrator",
+    "process_settings_access",
+    "process_traceability_access",
+    "can_user_open_technological_settings",
+    "ground_position_start"
+  ],
+  "RolesHash": "AQAAAAIAAYagAAAAEOSebWCNUuX0vDgFfY8vzrt/raI9msUQuJIFaBMY6vdSuOpYX02l+kSBBkt58ZBO+A==",
+  "Created": "2023-05-24T14:25:43.4379549+02:00",
+  "Modified": "2023-05-25T14:19:17.2205596+02:00"
+}