Merge branch 'dev' into psp-9794

.github/workflows/deploy-prod-start-argo.yml

@@ -153,4 +153,4 @@ jobs:
       - name: call scripts to sync keycloak
         shell: bash
         run: |
-          oc process -f ./openshift/4.0/templates/jobs/keycloak-sync-pipeline-run.yaml -p ASPNETCORE_ENVIRONMENT=$ASPNETCORE_ENVIRONMENT -p NAMESPACE=3cd915-prod -p BRANCH=$DESTINATION -p API_URL=http://pims-api-prod:8080/api  | oc create -f - | grep -oP "(?<=\/)[^\s]*" | (read PIPELINE_NAME; oc wait --for=condition=succeeded pipelineruns/$PIPELINE_NAME --timeout=500s)
+          oc process -f ./openshift/4.0/templates/jobs/keycloak-sync-pipeline-run.yaml -p ASPNETCORE_ENVIRONMENT=$ASPNETCORE_ENVIRONMENT -p NAMESPACE=3cd915-prod -p BRANCH=$GIT_BRANCH -p API_URL=http://pims-api-prod:8080/api  | oc create -f - | grep -oP "(?<=\/)[^\s]*" | (read PIPELINE_NAME; oc wait --for=condition=succeeded pipelineruns/$PIPELINE_NAME --timeout=500s)

.github/workflows/deploy-prod-start.yml

@@ -143,4 +143,4 @@ jobs:
       - name: call scripts to sync keycloak
         shell: bash
         run: |
-          oc process -f ./openshift/4.0/templates/jobs/keycloak-sync-pipeline-run.yaml -p ASPNETCORE_ENVIRONMENT=$ASPNETCORE_ENVIRONMENT -p NAMESPACE=3cd915-prod -p BRANCH=$DESTINATION -p API_URL=http://pims-api:8080/api  | oc create -f - | grep -oP "(?<=\/)[^\s]*" | (read PIPELINE_NAME; oc wait --for=condition=succeeded pipelineruns/$PIPELINE_NAME --timeout=500s)
+          oc process -f ./openshift/4.0/templates/jobs/keycloak-sync-pipeline-run.yaml -p ASPNETCORE_ENVIRONMENT=$ASPNETCORE_ENVIRONMENT -p NAMESPACE=3cd915-prod -p BRANCH=GIT_BRANCH -p API_URL=http://pims-api:8080/api  | oc create -f - | grep -oP "(?<=\/)[^\s]*" | (read PIPELINE_NAME; oc wait --for=condition=succeeded pipelineruns/$PIPELINE_NAME --timeout=500s)

.github/workflows/retag-test-to-uat-argo.yml

@@ -155,7 +155,7 @@ jobs:
       - name: call scripts to sync keycloak
         shell: bash
         run: |
-          oc process -f ./openshift/4.0/templates/jobs/keycloak-sync-pipeline-run.yaml -p ASPNETCORE_ENVIRONMENT=$ASPNETCORE_ENVIRONMENT -p NAMESPACE=$NAMESPACE_OVERRIDE -p BRANCH=test -p API_URL=http://pims-api-uat:8080/api -p KEYCLOAK_SECRET_NAME=pims-api-sso-uat -p KEYCLOAK_SERVICE_ACCOUNT_SECRET_NAME=pims-api-sso-uat  | oc create -f - | grep -oP "(?<=\/)[^\s]*" | (read PIPELINE_NAME; oc wait --for=condition=succeeded pipelineruns/$PIPELINE_NAME --timeout=500s)
+          oc process -f ./openshift/4.0/templates/jobs/keycloak-sync-pipeline-run.yaml -p ASPNETCORE_ENVIRONMENT=$ASPNETCORE_ENVIRONMENT -p NAMESPACE=$NAMESPACE_OVERRIDE -p BRANCH=$GIT_BRANCH -p API_URL=http://pims-api-uat:8080/api -p KEYCLOAK_SECRET_NAME=pims-api-sso-uat -p KEYCLOAK_SERVICE_ACCOUNT_SECRET_NAME=pims-api-sso-uat  | oc create -f - | grep -oP "(?<=\/)[^\s]*" | (read PIPELINE_NAME; oc wait --for=condition=succeeded pipelineruns/$PIPELINE_NAME --timeout=500s)
 
   tag-release-image:
     name: Release Tag

.github/workflows/retag-test-to-uat.yml

@@ -141,7 +141,7 @@ jobs:
       - name: call scripts to sync keycloak
         shell: bash
         run: |
-          oc process -f ./openshift/4.0/templates/jobs/keycloak-sync-pipeline-run.yaml -p ASPNETCORE_ENVIRONMENT=$ASPNETCORE_ENVIRONMENT -p NAMESPACE=$NAMESPACE_OVERRIDE -p BRANCH=test -p API_URL=http://pims-api-uat:8080/api -p KEYCLOAK_SECRET_NAME=pims-api-sso-uat -p KEYCLOAK_SERVICE_ACCOUNT_SECRET_NAME=pims-api-sso-uat  | oc create -f - | grep -oP "(?<=\/)[^\s]*" | (read PIPELINE_NAME; oc wait --for=condition=succeeded pipelineruns/$PIPELINE_NAME --timeout=500s)
+          oc process -f ./openshift/4.0/templates/jobs/keycloak-sync-pipeline-run.yaml -p ASPNETCORE_ENVIRONMENT=$ASPNETCORE_ENVIRONMENT -p NAMESPACE=$NAMESPACE_OVERRIDE -p BRANCH=$GIT_BRANCH -p API_URL=http://pims-api-uat:8080/api -p KEYCLOAK_SECRET_NAME=pims-api-sso-uat -p KEYCLOAK_SERVICE_ACCOUNT_SECRET_NAME=pims-api-sso-uat  | oc create -f - | grep -oP "(?<=\/)[^\s]*" | (read PIPELINE_NAME; oc wait --for=condition=succeeded pipelineruns/$PIPELINE_NAME --timeout=500s)
 
   tag-release-image:
     name: Release Tag

.github/workflows/uat_hotfix.yml

@@ -168,7 +168,7 @@ jobs:
       - name: call scripts to sync keycloak
         shell: bash
         run: |
-          oc process -f ./openshift/4.0/templates/jobs/keycloak-sync-pipeline-run.yaml -p ASPNETCORE_ENVIRONMENT=$ASPNETCORE_ENVIRONMENT -p NAMESPACE=$NAMESPACE_OVERRIDE -p BRANCH=$DESTINATION -p API_URL=http://pims-api-uat:8080/api  | oc create -f - | grep -oP "(?<=\/)[^\s]*" | (read PIPELINE_NAME; oc wait --for=condition=succeeded pipelineruns/$PIPELINE_NAME --timeout=500s)
+          oc process -f ./openshift/4.0/templates/jobs/keycloak-sync-pipeline-run.yaml -p ASPNETCORE_ENVIRONMENT=$ASPNETCORE_ENVIRONMENT -p NAMESPACE=$NAMESPACE_OVERRIDE -p BRANCH=$GIT_BRANCH -p API_URL=http://pims-api-uat:8080/api -p KEYCLOAK_SECRET_NAME=pims-api-sso-uat -p KEYCLOAK_SERVICE_ACCOUNT_SECRET_NAME=pims-api-sso-uat | oc create -f - | grep -oP "(?<=\/)[^\s]*" | (read PIPELINE_NAME; oc wait --for=condition=succeeded pipelineruns/$PIPELINE_NAME --timeout=500s)
 
   tag-release-image:
     name: Release Tag

.github/workflows/uat_hotfix_argo.yml

@@ -187,7 +187,7 @@ jobs:
       - name: call scripts to sync keycloak
         shell: bash
         run: |
-          oc process -f ./openshift/4.0/templates/jobs/keycloak-sync-pipeline-run.yaml -p ASPNETCORE_ENVIRONMENT=$ASPNETCORE_ENVIRONMENT -p NAMESPACE=$NAMESPACE_OVERRIDE -p BRANCH=$DESTINATION -p API_URL=http://pims-api-uat:8080/api  | oc create -f - | grep -oP "(?<=\/)[^\s]*" | (read PIPELINE_NAME; oc wait --for=condition=succeeded pipelineruns/$PIPELINE_NAME --timeout=500s)
+          oc process -f ./openshift/4.0/templates/jobs/keycloak-sync-pipeline-run.yaml -p ASPNETCORE_ENVIRONMENT=$ASPNETCORE_ENVIRONMENT -p NAMESPACE=$NAMESPACE_OVERRIDE -p BRANCH=$GIT_BRANCH -p API_URL=http://pims-api-uat:8080/api -p KEYCLOAK_SECRET_NAME=pims-api-sso-uat -p KEYCLOAK_SERVICE_ACCOUNT_SECRET_NAME=pims-api-sso-uat | oc create -f - | grep -oP "(?<=\/)[^\s]*" | (read PIPELINE_NAME; oc wait --for=condition=succeeded pipelineruns/$PIPELINE_NAME --timeout=500s)
 
   tag-release-image:
     name: Release Tag

.github/workflows/uat_pre_release_hotfix.yml

@@ -194,7 +194,7 @@ jobs:
       - name: call scripts to sync keycloak
         shell: bash
         run: |
-          oc process -f ./openshift/4.0/templates/jobs/keycloak-sync-pipeline-run.yaml -p ASPNETCORE_ENVIRONMENT=$ASPNETCORE_ENVIRONMENT -p NAMESPACE=$NAMESPACE_OVERRIDE -p BRANCH=$DESTINATION -p API_URL=http://pims-api-uat:8080/api  | oc create -f - | grep -oP "(?<=\/)[^\s]*" | (read PIPELINE_NAME; oc wait --for=condition=succeeded pipelineruns/$PIPELINE_NAME --timeout=500s)
+          oc process -f ./openshift/4.0/templates/jobs/keycloak-sync-pipeline-run.yaml -p ASPNETCORE_ENVIRONMENT=$ASPNETCORE_ENVIRONMENT -p NAMESPACE=$NAMESPACE_OVERRIDE -p BRANCH=$GIT_BRANCH -p API_URL=http://pims-api-uat:8080/api -p KEYCLOAK_SECRET_NAME=pims-api-sso-uat -p KEYCLOAK_SERVICE_ACCOUNT_SECRET_NAME=pims-api-sso-uat | oc create -f - | grep -oP "(?<=\/)[^\s]*" | (read PIPELINE_NAME; oc wait --for=condition=succeeded pipelineruns/$PIPELINE_NAME --timeout=500s)
 
   tag-release-image:
     name: Release Tag

.github/workflows/uat_pre_release_hotfix_argo.yml

@@ -217,7 +217,7 @@ jobs:
       - name: call scripts to sync keycloak
         shell: bash
         run: |
-          oc process -f ./openshift/4.0/templates/jobs/keycloak-sync-pipeline-run.yaml -p ASPNETCORE_ENVIRONMENT=$ASPNETCORE_ENVIRONMENT -p NAMESPACE=$NAMESPACE_OVERRIDE -p BRANCH=$DESTINATION -p API_URL=http://pims-api-uat:8080/api  | oc create -f - | grep -oP "(?<=\/)[^\s]*" | (read PIPELINE_NAME; oc wait --for=condition=succeeded pipelineruns/$PIPELINE_NAME --timeout=500s)
+          oc process -f ./openshift/4.0/templates/jobs/keycloak-sync-pipeline-run.yaml -p ASPNETCORE_ENVIRONMENT=$ASPNETCORE_ENVIRONMENT -p NAMESPACE=$NAMESPACE_OVERRIDE -p BRANCH=$GIT_BRANCH -p API_URL=http://pims-api-uat:8080/api -p KEYCLOAK_SECRET_NAME=pims-api-sso-uat -p KEYCLOAK_SERVICE_ACCOUNT_SECRET_NAME=pims-api-sso-uat  | oc create -f - | grep -oP "(?<=\/)[^\s]*" | (read PIPELINE_NAME; oc wait --for=condition=succeeded pipelineruns/$PIPELINE_NAME --timeout=500s)
 
   tag-release-image:
     name: Release Tag

source/backend/api/Pims.Api.csproj

@@ -2,7 +2,7 @@
 <Project Sdk="Microsoft.NET.Sdk.Web">
   <PropertyGroup>
     <UserSecretsId>0ef6255f-9ea0-49ec-8c65-c172304b4926</UserSecretsId>
-    <Version>5.8.0-97.18</Version>
+    <Version>5.8.0-97.21</Version>
     <AssemblyVersion>5.8.0.97</AssemblyVersion>
     <GenerateDocumentationFile>true</GenerateDocumentationFile>
     <ProjectGuid>{16BC0468-78F6-4C91-87DA-7403C919E646}</ProjectGuid>

source/backend/api/Services/DocumentFileService.cs

@@ -13,6 +13,7 @@
 using Pims.Api.Models.Requests.Http;
 using Pims.Core.Api.Exceptions;
 using Pims.Core.Api.Services;
+using Pims.Core.Exceptions;
 using Pims.Core.Extensions;
 using Pims.Core.Security;
 using Pims.Dal.Entities;
@@ -95,7 +96,7 @@ public async Task UploadAcquisitionDocument(long acquisitionFileId, DocumentUplo
         {
             Logger.LogInformation("Uploading document for single acquisition file");
             User.ThrowIfNotAllAuthorized(Permissions.DocumentAdd, Permissions.AcquisitionFileEdit);
-            uploadRequest.ThrowInvalidFileSize();
+            ValidateDocumentUpload(uploadRequest);
 
             PimsDocument pimsDocument = CreatePimsDocument(uploadRequest);
             _documentQueueRepository.SaveChanges();
@@ -117,7 +118,7 @@ public async Task UploadResearchDocument(long researchFileId, DocumentUploadRequ
         {
             Logger.LogInformation("Uploading document for single research file");
             User.ThrowIfNotAllAuthorized(Permissions.DocumentAdd, Permissions.ResearchFileEdit);
-            uploadRequest.ThrowInvalidFileSize();
+            ValidateDocumentUpload(uploadRequest);
 
             PimsDocument pimsDocument = CreatePimsDocument(uploadRequest);
             _documentQueueRepository.SaveChanges();
@@ -139,7 +140,7 @@ public async Task UploadProjectDocument(long projectId, DocumentUploadRequest up
         {
             Logger.LogInformation("Uploading document for single Project");
             User.ThrowIfNotAllAuthorized(Permissions.DocumentAdd, Permissions.ProjectEdit);
-            uploadRequest.ThrowInvalidFileSize();
+            ValidateDocumentUpload(uploadRequest);
 
             PimsDocument pimsDocument = CreatePimsDocument(uploadRequest);
             _documentQueueRepository.SaveChanges();
@@ -161,7 +162,7 @@ public async Task UploadLeaseDocument(long leaseId, DocumentUploadRequest upload
         {
             Logger.LogInformation("Uploading document for single Lease");
             User.ThrowIfNotAllAuthorized(Permissions.DocumentAdd, Permissions.LeaseEdit);
-            uploadRequest.ThrowInvalidFileSize();
+            ValidateDocumentUpload(uploadRequest);
 
             PimsDocument pimsDocument = CreatePimsDocument(uploadRequest);
             _documentQueueRepository.SaveChanges();
@@ -183,7 +184,7 @@ public async Task UploadPropertyActivityDocument(long propertyActivityId, Docume
         {
             Logger.LogInformation("Uploading document for single Property Activity");
             User.ThrowIfNotAllAuthorized(Permissions.DocumentAdd, Permissions.ManagementEdit);
-            uploadRequest.ThrowInvalidFileSize();
+            ValidateDocumentUpload(uploadRequest);
 
             PimsDocument pimsDocument = CreatePimsDocument(uploadRequest);
             _documentQueueRepository.SaveChanges();
@@ -205,7 +206,7 @@ public async Task UploadDispositionDocument(long dispositionFileId, DocumentUplo
         {
             Logger.LogInformation("Uploading document for single disposition file");
             User.ThrowIfNotAllAuthorized(Permissions.DocumentAdd, Permissions.DispositionEdit);
-            uploadRequest.ThrowInvalidFileSize();
+            ValidateDocumentUpload(uploadRequest);
 
             PimsDocument pimsDocument = CreatePimsDocument(uploadRequest);
             _documentQueueRepository.SaveChanges();
@@ -392,6 +393,16 @@ public async Task<ExternalResponse<string>> DeleteDispositionDocumentAsync(PimsD
             return result;
         }
 
+        private static void ValidateDocumentUpload(DocumentUploadRequest uploadRequest)
+        {
+            uploadRequest.ThrowInvalidFileSize();
+
+            if (!DocumentService.IsValidDocumentExtension(uploadRequest.File.FileName))
+            {
+                throw new BusinessRuleViolationException($"This file has an invalid file extension.");
+            }
+        }
+
         private PimsDocument CreatePimsDocument(DocumentUploadRequest uploadRequest, string documentExternalId = null)
         {
             // Create the pims document

source/backend/api/Services/DocumentService.cs

@@ -490,22 +490,13 @@ public async Task<ExternalResponse<FileDownloadResponse>> DownloadFileAsync(long
             this.User.ThrowIfNotAuthorized(Permissions.DocumentView);
 
             ExternalResponse<FileDownloadResponse> downloadResult = await documentStorageRepository.TryDownloadFileAsync(mayanDocumentId, mayanFileId);
-            if (IsValidDocumentExtension(downloadResult.Payload.FileName))
-            {
-                if (downloadResult.Status != ExternalResponseStatus.Success)
-                {
-                    throw GetMayanResponseError(downloadResult.Message);
-                }
-                return downloadResult;
-            }
-            else
+
+            // because we bypass file extension checks from legacy systems, we should not check the extension here.
+            if (downloadResult.Status != ExternalResponseStatus.Success)
             {
-                return new ExternalResponse<FileDownloadResponse>()
-                {
-                    Status = ExternalResponseStatus.Error,
-                    Message = $"Document with id ${mayanDocumentId} has an invalid extension",
-                };
+                throw GetMayanResponseError(downloadResult.Message);
             }
+            return downloadResult;
         }
 
         public async Task<ExternalResponse<FileStreamResponse>> StreamFileAsync(long mayanDocumentId, long mayanFileId)
@@ -514,22 +505,13 @@ public async Task<ExternalResponse<FileStreamResponse>> StreamFileAsync(long may
             this.User.ThrowIfNotAuthorized(Permissions.DocumentView);
 
             ExternalResponse<FileStreamResponse> downloadResult = await documentStorageRepository.TryStreamFileAsync(mayanDocumentId, mayanFileId);
-            if (IsValidDocumentExtension(downloadResult.Payload.FileName))
+
+            // because we bypass file extension checks from legacy systems, we should not check the extension here.
+            if (downloadResult.Status != ExternalResponseStatus.Success)
             {
-                if (downloadResult.Status != ExternalResponseStatus.Success)
-                {
-                    throw GetMayanResponseError(downloadResult.Message);
-                }
-                return downloadResult;
-            }
-            else
-            {
-                return new ExternalResponse<FileStreamResponse>()
-                {
-                    Status = ExternalResponseStatus.Error,
-                    Message = $"Document with id ${mayanDocumentId} has an invalid extension",
-                };
+                throw GetMayanResponseError(downloadResult.Message);
             }
+            return downloadResult;
         }
 
         public async Task<ExternalResponse<FileDownloadResponse>> DownloadFileLatestAsync(long mayanDocumentId)
@@ -541,19 +523,8 @@ public async Task<ExternalResponse<FileDownloadResponse>> DownloadFileLatestAsyn
             {
                 if (documentResult.Payload != null)
                 {
-                    if (IsValidDocumentExtension(documentResult.Payload.FileLatest.FileName))
-                    {
-                        ExternalResponse<FileDownloadResponse> downloadResult = await documentStorageRepository.TryDownloadFileAsync(documentResult.Payload.Id, documentResult.Payload.FileLatest.Id);
-                        return downloadResult;
-                    }
-                    else
-                    {
-                        return new ExternalResponse<FileDownloadResponse>()
-                        {
-                            Status = ExternalResponseStatus.Error,
-                            Message = $"Document with id ${mayanDocumentId} has an invalid extension",
-                        };
-                    }
+                    ExternalResponse<FileDownloadResponse> downloadResult = await documentStorageRepository.TryDownloadFileAsync(documentResult.Payload.Id, documentResult.Payload.FileLatest.Id);
+                    return downloadResult;
                 }
                 else
                 {
@@ -639,7 +610,7 @@ public async Task<HttpResponseMessage> DownloadFilePageImageAsync(long mayanDocu
             return result;
         }
 
-        private static bool IsValidDocumentExtension(string fileName)
+        public static bool IsValidDocumentExtension(string fileName)
         {
             var fileNameExtension = Path.GetExtension(fileName).Replace(".", string.Empty).ToLower();
             return ValidExtensions.Contains(fileNameExtension);

source/backend/tests/core/TestHelper.cs

@@ -222,10 +222,9 @@ public T CreateInstance<T>()
             return (T)ActivatorUtilities.CreateInstance(this.Provider, typeof(T));
         }
 
-        public IFormFile GetFormFile(string text)
+        public IFormFile GetFormFile(string text, string fileName = "test.pdf")
         {
             // Setup mock file using a memory stream
-            var fileName = "test.pdf";
             var stream = new MemoryStream();
             var writer = new StreamWriter(stream);
             writer.Write(text);