-
Notifications
You must be signed in to change notification settings - Fork 3
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Only allow legacy HTML on AditionalInfo content #1210
fix: Only allow legacy HTML on AditionalInfo content #1210
Conversation
📝 Walkthrough📝 WalkthroughWalkthroughThis pull request introduces modifications to the Changes
Possibly related PRs
Suggested reviewers
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
Documentation and Community
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 7
📜 Review details
Configuration used: .coderabbit.yaml
Review profile: ASSERTIVE
📒 Files selected for processing (4)
- src/Digdir.Domain.Dialogporten.Application/Features/V1/Common/Content/ContentValueDtoValidator.cs (2 hunks)
- tests/Digdir.Domain.Dialogporten.Application.Integration.Tests/Common/DialogApplication.cs (2 hunks)
- tests/Digdir.Domain.Dialogporten.Application.Integration.Tests/Common/IntegrationTestUser.cs (1 hunks)
- tests/Digdir.Domain.Dialogporten.Application.Integration.Tests/Features/V1/ServiceOwner/Dialogs/Commands/CreateDialogTests.cs (2 hunks)
🧰 Additional context used
🪛 Gitleaks
tests/Digdir.Domain.Dialogporten.Application.Integration.Tests/Common/IntegrationTestUser.cs
34-34: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
(generic-api-key)
🔇 Additional comments (12)
tests/Digdir.Domain.Dialogporten.Application.Integration.Tests/Common/IntegrationTestUser.cs (4)
8-14
: LGTM: Flexible constructor implementationThe new constructor allows for customization of claims while maintaining a set of default claims. This implementation enhances the flexibility of the
IntegrationTestUser
class, making it more versatile for various testing scenarios.
15-18
: LGTM: Default constructor maintains backwards compatibilityThe parameterless constructor provides a convenient way to create an
IntegrationTestUser
with default claims. This maintains backwards compatibility for existing usage while allowing for the new flexible initialization option.
24-39
: LGTM: Well-structured default claims methodThe
GetDefaultClaims
method effectively encapsulates the default claims, improving code maintainability. The hardcoded values are appropriate for testing purposes.Regarding the static analysis hint:
The flagged "Generic API Key" in line 34 is a false positive. The value "0192:991825827" appears to be a test identifier within the JSON structure of the "consumer" claim, not an actual API key.🧰 Tools
🪛 Gitleaks
34-34: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
(generic-api-key)
8-39
: Summary: Improved flexibility and maintainability of IntegrationTestUserThe changes to the
IntegrationTestUser
class significantly enhance its flexibility and maintainability:
- The new constructor allowing custom claims enables more diverse testing scenarios.
- The default constructor maintains backwards compatibility.
- The
GetDefaultClaims
method improves code organization and maintainability.These improvements align well with the PR objectives and support better integration testing capabilities. The changes are well-implemented and follow good coding practices.
🧰 Tools
🪛 Gitleaks
34-34: Detected a Generic API Key, potentially exposing access to various services and sensitive operations.
(generic-api-key)
src/Digdir.Domain.Dialogporten.Application/Features/V1/Common/Content/ContentValueDtoValidator.cs (2)
20-20
: ChangingLegacyHtmlMediaType
to public is appropriateMaking
LegacyHtmlMediaType
public allows it to be accessed outside the class, which is necessary for the updated validation logic involving user permissions.
72-75
: Conditional check correctly restrictsLegacyHtmlMediaType
toAdditionalInfo
contentThe added conditional ensures that
LegacyHtmlMediaType
is only appended to the allowed media types when thecontentType.Id
isDialogContentType.Values.AdditionalInfo
. This aligns with the PR objective to allow legacy HTML only onAdditionalInfo
content types.tests/Digdir.Domain.Dialogporten.Application.Integration.Tests/Common/DialogApplication.cs (2)
22-22
: Importing the necessary extension methodsThe addition of
using Microsoft.Extensions.DependencyInjection.Extensions;
is required for theRemoveAll<T>()
method used later in the code.
89-92
: Verify the impact ofQuerySplittingBehavior.SplitQuery
The use of
QuerySplittingBehavior.SplitQuery
changes how EF Core executes queries involving related data, potentially impacting performance and data consistency in tests.Run the following script to identify all usages of
QuerySplittingBehavior
in the codebase and ensure it's used appropriately:✅ Verification successful
Usage of
QuerySplittingBehavior.SplitQuery
VerifiedThe application of
QuerySplittingBehavior.SplitQuery
is limited to the intended files:
src/Digdir.Domain.Dialogporten.Infrastructure/InfrastructureExtensions.cs
tests/Digdir.Domain.Dialogporten.Application.Integration.Tests/Common/DialogApplication.cs
No additional instances were found in the codebase, ensuring that its usage is controlled and deliberate.
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash # Description: Find all occurrences of QuerySplittingBehavior configurations. # Test: Search for QuerySplittingBehavior usage. # Expect: Only intentional configurations are present. rg --type cs 'UseQuerySplittingBehavior\(QuerySplittingBehavior\.SplitQuery\)'Length of output: 421
tests/Digdir.Domain.Dialogporten.Application.Integration.Tests/Features/V1/ServiceOwner/Dialogs/Commands/CreateDialogTests.cs (4)
290-290
: Ensure proper collection initialization forAdditionalInfo
When assigning
CreateHtmlContentValueDto()
toAdditionalInfo
, make sure that any collection properties within are properly initialized to avoid runtime errors.Please double-check that all collection properties are correctly initialized.
305-320
: Verify that the correct scope allows HTML content forAdditionalInfo
The test checks that HTML content can be created with the correct scope. Ensure that the scope is correctly set and that the test would fail if the scope were missing or incorrect.
Please confirm that removing or changing the scope causes this test to fail as expected.
323-342
: Clarify test method name and purposeThe test method name
Cannot_Create_Title_Content_With_Html_MediaType_With_Correct_Scope
might be confusing since it suggests that even with the correct scope, creating title content with HTML media type is not allowed. Ensure this behavior is intended and aligns with the business rules.Please confirm that it is indeed expected that
Title
content cannot have HTML media type, even with the correct scope. If so, the test name is appropriate.
327-327
:⚠️ Potential issueFix invalid collection initialization in
Content.Title
Similar to previous instances, ensure that collections are initialized correctly when assigning
CreateHtmlContentValueDto()
toContent.Title
.Apply this diff to correct the syntax:
-createDialogCommand.Content.Title = CreateHtmlContentValueDto(); +createDialogCommand.Content.Title = CreateHtmlContentValueDto();[Note: If
CreateHtmlContentValueDto()
returns an object with properly initialized collections after fixing previous issues, this line may be correct.]Likely invalid or redundant comment.
tests/Digdir.Domain.Dialogporten.Application.Integration.Tests/Common/DialogApplication.cs
Show resolved
Hide resolved
tests/Digdir.Domain.Dialogporten.Application.Integration.Tests/Common/DialogApplication.cs
Outdated
Show resolved
Hide resolved
tests/Digdir.Domain.Dialogporten.Application.Integration.Tests/Common/DialogApplication.cs
Outdated
Show resolved
Hide resolved
...Application.Integration.Tests/Features/V1/ServiceOwner/Dialogs/Commands/CreateDialogTests.cs
Outdated
Show resolved
Hide resolved
...Application.Integration.Tests/Features/V1/ServiceOwner/Dialogs/Commands/CreateDialogTests.cs
Show resolved
Hide resolved
...Application.Integration.Tests/Features/V1/ServiceOwner/Dialogs/Commands/CreateDialogTests.cs
Show resolved
Hide resolved
...Application.Integration.Tests/Features/V1/ServiceOwner/Dialogs/Commands/CreateDialogTests.cs
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 2
📜 Review details
Configuration used: .coderabbit.yaml
Review profile: ASSERTIVE
📒 Files selected for processing (1)
- src/Digdir.Domain.Dialogporten.GraphQL/appsettings.Development.json (1 hunks)
🔇 Additional comments (1)
src/Digdir.Domain.Dialogporten.GraphQL/appsettings.Development.json (1)
64-64
: Authentication enabled in development environmentThe
DisableAuth
setting has been changed tofalse
, enabling authentication in the development environment. This change enhances security but may require additional setup for developers. Please ensure that:
- Clear instructions are provided for setting up and managing authentication in the development environment.
- Any potential impact on automated tests or CI/CD pipelines is addressed.
- Developers have the necessary credentials or mock authentication services to work in this environment.
To verify the impact of this change, please run the following script:
#!/bin/bash # Description: Check for any hardcoded auth bypasses or test-specific auth configurations echo "Checking for potential auth-related issues:" rg --type csharp -i "(disableauth|bypassauth|testauth)"This script will help identify any code that might be relying on disabled authentication or using test-specific auth configurations.
src/Digdir.Domain.Dialogporten.GraphQL/appsettings.Development.json
Outdated
Show resolved
Hide resolved
src/Digdir.Domain.Dialogporten.GraphQL/appsettings.Development.json
Outdated
Show resolved
Hide resolved
src/Digdir.Domain.Dialogporten.GraphQL/appsettings.Development.json
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 7
📜 Review details
Configuration used: .coderabbit.yaml
Review profile: ASSERTIVE
📒 Files selected for processing (2)
- tests/Digdir.Domain.Dialogporten.Application.Integration.Tests/Common/DialogApplication.cs (4 hunks)
- tests/Digdir.Domain.Dialogporten.Application.Integration.Tests/Features/V1/ServiceOwner/Dialogs/Commands/CreateDialogTests.cs (2 hunks)
🧰 Additional context used
📓 Learnings (1)
tests/Digdir.Domain.Dialogporten.Application.Integration.Tests/Features/V1/ServiceOwner/Dialogs/Commands/CreateDialogTests.cs (1)
Learnt from: oskogstad PR: digdir/dialogporten#1210 File: tests/Digdir.Domain.Dialogporten.Application.Integration.Tests/Features/V1/ServiceOwner/Dialogs/Commands/CreateDialogTests.cs:282-282 Timestamp: 2024-10-01T17:03:49.291Z Learning: Using square brackets `[]` for collection initialization is acceptable in the codebase's C# code.
🔇 Additional comments (3)
tests/Digdir.Domain.Dialogporten.Application.Integration.Tests/Features/V1/ServiceOwner/Dialogs/Commands/CreateDialogTests.cs (3)
279-285
: Helper methodCreateHtmlContentValueDto
is well implementedThe method provides a reusable way to create HTML content values for testing purposes.
287-304
: TestCannot_Create_AdditionalInfo_Content_With_Html_MediaType_Without_Correct_Scope
correctly verifies unauthorized accessThe test accurately checks that creating
AdditionalInfo
content with HTML media type fails without the correct scope.
306-326
: TestCan_Create_AdditionalInfo_Content_With_Html_MediaType_With_Correct_Scope
successfully validates authorized accessThe test confirms that a user with the appropriate scope can create
AdditionalInfo
content with HTML media type.
tests/Digdir.Domain.Dialogporten.Application.Integration.Tests/Common/DialogApplication.cs
Outdated
Show resolved
Hide resolved
tests/Digdir.Domain.Dialogporten.Application.Integration.Tests/Common/DialogApplication.cs
Show resolved
Hide resolved
tests/Digdir.Domain.Dialogporten.Application.Integration.Tests/Common/DialogApplication.cs
Show resolved
Hide resolved
tests/Digdir.Domain.Dialogporten.Application.Integration.Tests/Common/DialogApplication.cs
Outdated
Show resolved
Hide resolved
tests/Digdir.Domain.Dialogporten.Application.Integration.Tests/Common/DialogApplication.cs
Show resolved
Hide resolved
tests/Digdir.Domain.Dialogporten.Application.Integration.Tests/Common/DialogApplication.cs
Show resolved
Hide resolved
...Application.Integration.Tests/Features/V1/ServiceOwner/Dialogs/Commands/CreateDialogTests.cs
Show resolved
Hide resolved
Quality Gate passedIssues Measures |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 1
📜 Review details
Configuration used: .coderabbit.yaml
Review profile: ASSERTIVE
📒 Files selected for processing (1)
- tests/Digdir.Domain.Dialogporten.Application.Integration.Tests/Common/DialogApplication.cs (4 hunks)
🔇 Additional comments (4)
tests/Digdir.Domain.Dialogporten.Application.Integration.Tests/Common/DialogApplication.cs (4)
38-38
: Introduction of_fixtureRootProvider
The addition of
_fixtureRootProvider
provides a consistent service provider for the fixture, enhancing test reliability and isolation.
95-97
: Verify the use ofSplitQuery
behaviorThe
UseQuerySplittingBehavior(QuerySplittingBehavior.SplitQuery)
configuration changes how EF Core handles query splitting, which can impact performance and data retrieval patterns.Ensure that this setting aligns with your application's requirements and that it's necessary for your integration tests.
187-187
: Proper disposal of_fixtureRootProvider
Including
await _fixtureRootProvider.DisposeAsync();
inDisposeAsync()
ensures that all resources are correctly released, preventing potential memory leaks.
210-214
: Resetting_rootProvider
to maintain test isolationBy disposing
_rootProvider
and resetting it to_fixtureRootProvider
inResetState()
, you effectively prevent state leakage between tests caused by singleton services, enhancing test reliability.
tests/Digdir.Domain.Dialogporten.Application.Integration.Tests/Common/DialogApplication.cs
Show resolved
Hide resolved
tests/Digdir.Domain.Dialogporten.Application.Integration.Tests/Common/DialogApplication.cs
Show resolved
Hide resolved
🤖 I have created a release *beep* *boop* --- ## [1.22.0](v1.21.0...v1.22.0) (2024-10-07) ### Features * Add support for supplied transmission attachment ID on create/update ([#1242](#1242)) ([c7bfb07](c7bfb07)) ### Bug Fixes * Only allow legacy HTML on AditionalInfo content ([#1210](#1210)) ([aa4acde](aa4acde)) * **webAPI:** Specifying EndUserId on the ServiceOwner Search endpoint produces 500 - Internal Server error ([#1234](#1234)) ([49c0d34](49c0d34)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please).
Description
Added check for content type.
Only add HTML to valid media types if scope is set, and type is AdditionalInfo
Related Issue(s)
Verification
Documentation
docs
-directory, Altinnpedia or a separate linked PR in altinn-studio-docs., if applicable)Summary by CodeRabbit
New Features
Bug Fixes
Tests
Chores