fix(transport): NavMenu Admin-only visibility + BundleImportUnlockFailed audit + docker appsettings

- NavMenu: move Import Bundle out of the nested RequireDesign/RequireAdmin double-gate into the top-level Admin section so an Admin-only user sees it without needing the Design role; Export Bundle stays in the Design section. - TransportImport: inject IAuditService + ScadaLinkDbContext; emit a BundleImportUnlockFailed audit row (best-effort, swallowed on failure) on every wrong-passphrase attempt in SubmitPassphraseAsync, with attempt number and error reason in afterState. - docker central-node-a/b appsettings: add ScadaLink:Transport section with SourceEnvironment = "docker-cluster" so the importer picks up a non-null environment name in the audit trail. - CentralUI.Tests: register IAuditService mock + SQLite in-memory ScadaLinkDbContext in TransportImportPageTests to satisfy the two new injects.
2026-05-24 05:59:04 -04:00
parent 9f1bb81993
commit a2b8b69281
5 changed files with 60 additions and 8 deletions
--- a/src/ScadaLink.CentralUI/Components/Layout/NavMenu.razor
+++ b/src/ScadaLink.CentralUI/Components/Layout/NavMenu.razor
@@ -32,6 +32,11 @@
                                <li class="nav-item">
                                    <NavLink class="nav-link" href="/admin/api-keys">API Keys</NavLink>
                                </li>
+                                @* Import Bundle requires Admin only — Design role is not sufficient.
+                                   Export Bundle lives in the Design section (RequireDesign). *@
+                                <li class="nav-item">
+                                    <NavLink class="nav-link" href="/design/transport/import">Import Bundle</NavLink>
+                                </li>
                            </NavSection>
                        </Authorized>
                    </AuthorizeView>
@@ -57,13 +62,6 @@
                                <li class="nav-item">
                                    <NavLink class="nav-link" href="/design/transport/export">Export Bundle</NavLink>
                                </li>
-                                <AuthorizeView Policy="@AuthorizationPolicies.RequireAdmin">
-                                    <Authorized Context="importContext">
-                                        <li class="nav-item">
-                                            <NavLink class="nav-link" href="/design/transport/import">Import Bundle</NavLink>
-                                        </li>
-                                    </Authorized>
-                                </AuthorizeView>
                            </NavSection>
                        </Authorized>
                    </AuthorizeView>
--- a/src/ScadaLink.CentralUI/Components/Pages/Design/TransportImport.razor.cs
+++ b/src/ScadaLink.CentralUI/Components/Pages/Design/TransportImport.razor.cs
@@ -4,8 +4,10 @@ using Microsoft.AspNetCore.Components.Authorization;
 using Microsoft.AspNetCore.Components.Forms;
 using Microsoft.Extensions.Options;
 using ScadaLink.CentralUI.Auth;
+using ScadaLink.Commons.Interfaces.Services;
 using ScadaLink.Commons.Interfaces.Transport;
 using ScadaLink.Commons.Types.Transport;
+using ScadaLink.ConfigurationDatabase;
 using ScadaLink.Transport;
 using ScadaLink.Transport.Import;

@@ -57,6 +59,8 @@ public partial class TransportImport : ComponentBase
    [Inject] private NavigationManager Nav { get; set; } = default!;
    [Inject] private AuthenticationStateProvider Auth { get; set; } = default!;
    [Inject] private IOptions<TransportOptions> Options { get; set; } = default!;
+    [Inject] private IAuditService AuditService { get; set; } = default!;
+    [Inject] private ScadaLinkDbContext DbContext { get; set; } = default!;

    // ---- Wizard state ----
    private ImportWizardStep _step = ImportWizardStep.Upload;
@@ -255,10 +259,37 @@ public partial class TransportImport : ComponentBase
                await LoadPreviewAndAdvanceAsync();
            }
        }
-        catch (CryptographicException)
+        catch (CryptographicException ex)
        {
            _failedUnlockAttempts++;
            _passphrase = string.Empty;
+
+            // Emit audit row for every wrong-passphrase attempt (BundleImportUnlockFailed).
+            // Best-effort — audit failure must never abort the user-facing action.
+            try
+            {
+                var user = await Auth.GetCurrentUsernameAsync();
+                var entityId = _session?.Manifest.ContentHash ?? "<no-session>";
+                var entityName = _session?.Manifest.SourceEnvironment ?? "<unknown>";
+                await AuditService.LogAsync(
+                    user: user,
+                    action: "BundleImportUnlockFailed",
+                    entityType: "Bundle",
+                    entityId: entityId,
+                    entityName: entityName,
+                    afterState: new
+                    {
+                        AttemptNumber = _failedUnlockAttempts,
+                        Reason = ex.Message,
+                    },
+                    cancellationToken: CancellationToken.None);
+                await DbContext.SaveChangesAsync();
+            }
+            catch
+            {
+                // Audit failure is non-fatal — swallow and continue.
+            }
+
            if (_failedUnlockAttempts >= Options.Value.MaxUnlockAttemptsPerSession)
            {
                _errorMessage =