Merge branch 'main' into chore/pass-tracecontext-to-pdf-generator

.editorconfig

@@ -116,6 +116,9 @@ dotnet_diagnostic.IDE0005.severity = warning
 
 dotnet_diagnostic.CA1825.severity = warning
 
+# IDE0052: Remove unread private member
+dotnet_diagnostic.IDE0052.severity = warning
+
 # CA1848: Use the LoggerMessage delegates
 dotnet_diagnostic.CA1848.severity = none
 
@@ -131,6 +134,9 @@ dotnet_diagnostic.CA1822.severity = warning
 # IDE0080: Remove unnecessary suppression operator
 dotnet_diagnostic.IDE0080.severity = error
 
+# CA1859: Use concrete types when possible for improved performance
+dotnet_diagnostic.CA1859.severity = warning
+
 # CA1716: Rename namespace "" so that it no longer conflicts with the reserved language keyword 'Interface'
 # TODO: fixing this would be breaking
 dotnet_diagnostic.CA1716.severity = suggestion

.github/workflows/publish-release.yml

@@ -33,12 +33,16 @@ jobs:
       - name: Install deps
         run: |
           dotnet restore
+      - name: Extract release notes
+        id: extract-notes
+        run: echo "${{ github.event.release.body }}" > RELEASE_NOTES.md
       - name: Build
         run: |
           dotnet build --configuration Release --no-restore -p:Deterministic=true -p:BuildNumber=${{ github.run_number }}
       - name: Pack
         run: |
-          dotnet pack AppLibDotnet.sln --configuration Release --no-restore --no-build -p:Deterministic=true -p:BuildNumber=${{ github.run_number }}
+          dotnet pack AppLibDotnet.sln --configuration Release --no-restore --no-build \
+            -p:Deterministic=true -p:BuildNumber=${{ github.run_number }}
       - name: Versions
         run: |
           dotnet --version

Directory.Build.props

@@ -9,7 +9,8 @@
     <EnableNETAnalyzers>true</EnableNETAnalyzers>
     <AnalysisMode>Minimum</AnalysisMode>
     <Features>strict</Features>
-    <!-- <CodeAnalysisTreatWarningsAsErrors>false</CodeAnalysisTreatWarningsAsErrors> -->
+    <NuGetAudit>true</NuGetAudit>
+    <NuGetAuditMode>all</NuGetAuditMode>
   </PropertyGroup>
 
   <ItemGroup>

src/Altinn.App.Api/Controllers/ActionsController.cs

@@ -238,7 +238,7 @@ private async Task<Dictionary<
         string,
         Dictionary<string, List<ValidationIssueWithSource>>
     >?> GetIncrementalValidations(
-        IInstanceDataAccessor dataAccessor,
+        InstanceDataUnitOfWork dataAccessor,
         DataElementChanges changes,
         List<string>? ignoredValidators,
         string? language

src/Altinn.App.Api/Controllers/PdfController.cs

@@ -30,7 +30,6 @@ public class PdfController : ControllerBase
     private readonly IAppResources _resources;
     private readonly IAppModel _appModel;
     private readonly IDataClient _dataClient;
-    private readonly IWebHostEnvironment _env;
     private readonly IPdfService _pdfService;
 
     /// <summary>
@@ -41,7 +40,6 @@ public class PdfController : ControllerBase
     /// <param name="resources">The app resource service</param>
     /// <param name="appModel">The app model service</param>
     /// <param name="dataClient">The data client</param>
-    /// <param name="env">The environment</param>
     /// <param name="pdfService">The PDF service</param>
     public PdfController(
         IInstanceClient instanceClient,
@@ -50,7 +48,6 @@ public PdfController(
         IAppResources resources,
         IAppModel appModel,
         IDataClient dataClient,
-        IWebHostEnvironment env,
         IPdfService pdfService
     )
     {
@@ -59,7 +56,6 @@ IPdfService pdfService
         _resources = resources;
         _appModel = appModel;
         _dataClient = dataClient;
-        _env = env;
         _pdfService = pdfService;
     }
 

src/Altinn.App.Api/Controllers/ProfileController.cs

@@ -14,15 +14,13 @@ namespace Altinn.App.Api.Controllers;
 public class ProfileController : Controller
 {
     private readonly IProfileClient _profileClient;
-    private readonly ILogger _logger;
 
     /// <summary>
     /// Initializes a new instance of the <see cref="ProfileController"/> class
     /// </summary>
-    public ProfileController(IProfileClient profileClient, ILogger<ProfileController> logger)
+    public ProfileController(IProfileClient profileClient)
     {
         _profileClient = profileClient;
-        _logger = logger;
     }
 
     /// <summary>

src/Altinn.App.Api/Extensions/HttpClientBuilderExtensions.cs

@@ -1,5 +1,6 @@
 using Altinn.App.Core.Features.Maskinporten;
-using Altinn.App.Core.Features.Maskinporten.Delegates;
+using Altinn.App.Core.Features.Maskinporten.Constants;
+using Altinn.App.Core.Features.Maskinporten.Extensions;
 
 namespace Altinn.App.Api.Extensions;
 
@@ -10,25 +11,46 @@ public static class HttpClientBuilderExtensions
 {
     /// <summary>
     /// <para>
-    /// Sets up a <see cref="MaskinportenDelegatingHandler"/> middleware for the supplied <see cref="HttpClient"/>,
-    /// which will inject an Authorization header with a Bearer token for all requests.
+    /// Authorises all requests with Maskinporten using the provided scopes,
+    /// and injects the resulting token in the Authorization header using the Bearer scheme.
     /// </para>
     /// <para>
-    /// If your target API does <em>not</em> use this authentication scheme, you should consider implementing
-    /// <see cref="MaskinportenClient.GetAccessToken"/> directly and handling authorization details manually.
+    /// If your target API does <em>not</em> use this authorisation scheme, you should consider implementing
+    /// <see cref="MaskinportenClient.GetAccessToken"/> directly and handling the specifics manually.
     /// </para>
     /// </summary>
     /// <param name="builder">The Http client builder</param>
     /// <param name="scope">The scope to claim authorization for with Maskinporten</param>
     /// <param name="additionalScopes">Additional scopes as required</param>
-    public static IHttpClientBuilder UseMaskinportenAuthorization(
+    public static IHttpClientBuilder UseMaskinportenAuthorisation(
         this IHttpClientBuilder builder,
         string scope,
         params string[] additionalScopes
     )
     {
-        var scopes = new[] { scope }.Concat(additionalScopes);
-        var factory = ActivatorUtilities.CreateFactory<MaskinportenDelegatingHandler>([typeof(IEnumerable<string>)]);
-        return builder.AddHttpMessageHandler(provider => factory(provider, [scopes]));
+        return builder.AddMaskinportenHttpMessageHandler(scope, additionalScopes, TokenAuthorities.Maskinporten);
+    }
+
+    /// <summary>
+    /// <para>
+    /// Authorises all requests with Maskinporten using the provided scopes.
+    /// The resulting token is then exchanged for an Altinn issued token and injected in
+    /// the Authorization header using the Bearer scheme.
+    /// </para>
+    /// <para>
+    /// If your target API does <em>not</em> use this authorisation scheme, you should consider implementing
+    /// <see cref="MaskinportenClient.GetAltinnExchangedToken(IEnumerable{string}, CancellationToken)"/> directly and handling the specifics manually.
+    /// </para>
+    /// </summary>
+    /// <param name="builder">The Http client builder</param>
+    /// <param name="scope">The scope to claim authorization for with Maskinporten</param>
+    /// <param name="additionalScopes">Additional scopes as required</param>
+    public static IHttpClientBuilder UseMaskinportenAltinnAuthorisation(
+        this IHttpClientBuilder builder,
+        string scope,
+        params string[] additionalScopes
+    )
+    {
+        return builder.AddMaskinportenHttpMessageHandler(scope, additionalScopes, TokenAuthorities.AltinnTokenExchange);
     }
 }

src/Altinn.App.Api/Extensions/ServiceCollectionExtensions.cs

@@ -11,7 +11,9 @@
 using Altinn.App.Core.Constants;
 using Altinn.App.Core.Extensions;
 using Altinn.App.Core.Features;
+using Altinn.App.Core.Features.Correspondence.Extensions;
 using Altinn.App.Core.Features.Maskinporten;
+using Altinn.App.Core.Features.Maskinporten.Extensions;
 using Altinn.App.Core.Features.Maskinporten.Models;
 using Altinn.Common.PEP.Authorization;
 using Altinn.Common.PEP.Clients;
@@ -82,7 +84,6 @@ IWebHostEnvironment env
 
         services.AddPlatformServices(config, env);
         services.AddAppServices(config, env);
-        services.AddMaskinportenClient();
         services.ConfigureDataProtection();
 
         var useOpenTelemetrySetting = config.GetValue<bool?>("AppSettings:UseOpenTelemetry");
@@ -97,6 +98,11 @@ IWebHostEnvironment env
             AddApplicationInsights(services, config, env);
         }
 
+        // AddMaskinportenClient adds a keyed service. This needs to happen after AddApplicationInsights,
+        // due to a bug in app insights: https://github.com/microsoft/ApplicationInsights-dotnet/issues/2828
+        services.AddMaskinportenClient();
+        services.AddCorrespondenceClient();
+
         AddAuthenticationScheme(services, config, env);
         AddAuthorizationPolicies(services);
         AddAntiforgery(services);
@@ -159,23 +165,6 @@ string configSectionPath
         return services;
     }
 
-    /// <summary>
-    /// Adds a singleton <see cref="AddMaskinportenClient"/> service to the service collection.
-    /// If no <see cref="MaskinportenSettings"/> configuration is found, it binds one to the path "MaskinportenSettings".
-    /// </summary>
-    /// <param name="services">The service collection</param>
-    private static IServiceCollection AddMaskinportenClient(this IServiceCollection services)
-    {
-        if (services.GetOptionsDescriptor<MaskinportenSettings>() is null)
-        {
-            services.ConfigureMaskinportenClient("MaskinportenSettings");
-        }
-
-        services.AddSingleton<IMaskinportenClient, MaskinportenClient>();
-
-        return services;
-    }
-
     /// <summary>
     /// Adds Application Insights to the service collection.
     /// </summary>
@@ -502,19 +491,6 @@ private static void AddAntiforgery(IServiceCollection services)
         services.TryAddSingleton<ValidateAntiforgeryTokenIfAuthCookieAuthorizationFilter>();
     }
 
-    private static IServiceCollection RemoveOptions<TOptions>(this IServiceCollection services)
-        where TOptions : class
-    {
-        var descriptor = services.GetOptionsDescriptor<TOptions>();
-
-        if (descriptor is not null)
-        {
-            services.Remove(descriptor);
-        }
-
-        return services;
-    }
-
     private static (string? Key, string? ConnectionString) GetAppInsightsConfig(
         IConfiguration config,
         IHostEnvironment env

src/Altinn.App.Api/Extensions/WebHostBuilderExtensions.cs

@@ -1,5 +1,5 @@
 using Altinn.App.Core.Extensions;
-using Microsoft.Extensions.FileProviders;
+using Altinn.App.Core.Features.Maskinporten.Extensions;
 
 namespace Altinn.App.Api.Extensions;
 
@@ -29,36 +29,19 @@ public static void ConfigureAppWebHost(this IWebHostBuilder builder, string[] ar
 
                 configBuilder.AddInMemoryCollection(config);
 
-                configBuilder.AddMaskinportenSettingsFile(context);
+                configBuilder.AddMaskinportenSettingsFile(
+                    context,
+                    "MaskinportenSettingsFilepath",
+                    "/mnt/app-secrets/maskinporten-settings.json"
+                );
+                configBuilder.AddMaskinportenSettingsFile(
+                    context,
+                    "MaskinportenSettingsInternalFilepath",
+                    "/mnt/app-secrets/maskinporten-settings-internal.json"
+                );
 
                 configBuilder.LoadAppConfig(args);
             }
         );
     }
-
-    private static IConfigurationBuilder AddMaskinportenSettingsFile(
-        this IConfigurationBuilder configurationBuilder,
-        WebHostBuilderContext context
-    )
-    {
-        string jsonProvidedPath =
-            context.Configuration.GetValue<string>("MaskinportenSettingsFilepath")
-            ?? "/mnt/app-secrets/maskinporten-settings.json";
-        string jsonAbsolutePath = Path.GetFullPath(jsonProvidedPath);
-
-        if (File.Exists(jsonAbsolutePath))
-        {
-            string jsonDir = Path.GetDirectoryName(jsonAbsolutePath) ?? string.Empty;
-            string jsonFile = Path.GetFileName(jsonAbsolutePath);
-
-            configurationBuilder.AddJsonFile(
-                provider: new PhysicalFileProvider(jsonDir),
-                path: jsonFile,
-                optional: true,
-                reloadOnChange: true
-            );
-        }
-
-        return configurationBuilder;
-    }
 }