3de688f8d6
Admin-003 — SignalR hubs were anonymously reachable: an unauthenticated client could open /hubs/fleet, /hubs/alerts and /hubs/script-log and stream fleet state, alert detail text and server script-log contents. Added [Authorize] to FleetStatusHub, AlertHub and ScriptLogHub, and chained .RequireAuthorization() onto all three MapHub() calls as a belt-and-braces backstop. Admin-004 — appsettings.json committed live-looking secrets (the `sa` ConfigDb password and the LDAP ServiceAccountPassword) in plaintext. Replaced both with empty placeholders sourced from user-secrets (dev) or the ConnectionStrings__ConfigDb / Authentication__Ldap__ServiceAccountPassword environment variables (prod); added a UserSecretsId to the Admin csproj and a fail-fast guard in Program.cs when ConfigDb is empty/missing. Admin-005 — Login.razor performed SignInAsync from an interactive Blazor circuit, where the original HTTP response has long completed so the auth cookie was not emitted. Rewrote it as a static-rendered plain HTML form (data-enhance="false") posting to a new AuthEndpoints.MapAuthEndpoints() minimal-API handler (/auth/login, /auth/logout) that does the LDAP bind, grant resolution, cookie SignInAsync and redirect while the endpoint still owns the response. Includes an open-redirect guard on returnUrl. Added xUnit + Shouldly regression tests: AuthEndpointsTests (login cookie issuance, failed-bind redirect, open-redirect rejection, logout, anonymous hub negotiate rejection) and AppSettingsSecretHygieneTests (no committed secrets). All 26 auth-related tests pass. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
34 lines
1.1 KiB
JSON
34 lines
1.1 KiB
JSON
{
|
|
"_secrets": "Admin-004: no secrets are committed here. Supply the ConfigDb connection string and the LDAP service-account password via user-secrets (dev) or environment variables / a secret store (prod). Env-var keys: ConnectionStrings__ConfigDb and Authentication__Ldap__ServiceAccountPassword. The connection string defaults to Encrypt=True (TLS); use a least-privilege SQL login, not 'sa'.",
|
|
"ConnectionStrings": {
|
|
"ConfigDb": ""
|
|
},
|
|
"Authentication": {
|
|
"Ldap": {
|
|
"Enabled": true,
|
|
"Server": "localhost",
|
|
"Port": 3893,
|
|
"UseTls": false,
|
|
"AllowInsecureLdap": true,
|
|
"SearchBase": "dc=lmxopcua,dc=local",
|
|
"ServiceAccountDn": "cn=serviceaccount,dc=lmxopcua,dc=local",
|
|
"ServiceAccountPassword": "",
|
|
"DisplayNameAttribute": "cn",
|
|
"GroupAttribute": "memberOf",
|
|
"GroupToRole": {
|
|
"ReadOnly": "ConfigViewer",
|
|
"ReadWrite": "ConfigEditor",
|
|
"AlarmAck": "FleetAdmin"
|
|
}
|
|
}
|
|
},
|
|
"Serilog": {
|
|
"MinimumLevel": "Information"
|
|
},
|
|
"Metrics": {
|
|
"Prometheus": {
|
|
"Enabled": true
|
|
}
|
|
}
|
|
}
|