From 7d30bf8bb782d01e2986677c4722a0ef6830356b Mon Sep 17 00:00:00 2001 From: James Griffiths Date: Wed, 22 Jan 2025 12:02:06 +0000 Subject: [PATCH 1/8] EHD-1057: Simplify hosting: Code changes: Remove now-unused Elastic Beanstalk config file --- .../.ebextensions/upgrade-nginx.config | 69 ------------------- GenderPayGap.WebUI/GenderPayGap.WebUI.csproj | 6 -- 2 files changed, 75 deletions(-) delete mode 100644 GenderPayGap.WebUI/.ebextensions/upgrade-nginx.config diff --git a/GenderPayGap.WebUI/.ebextensions/upgrade-nginx.config b/GenderPayGap.WebUI/.ebextensions/upgrade-nginx.config deleted file mode 100644 index 5e029b0b4..000000000 --- a/GenderPayGap.WebUI/.ebextensions/upgrade-nginx.config +++ /dev/null @@ -1,69 +0,0 @@ - -############################################################################################ -# A note from February 2024... -# -# As of February 2024, this service: -# * Uses .Net Core 3.1 -# .Net Core 3.1 went out of support in Dec 2022 -# https://dotnet.microsoft.com/en-us/platform/support/policy/dotnet-core -# Check which version of .Net (Core) you're using here: -# /GenderPayGap.WebUI/GenderPayGap.WebUI.csproj (https://github.com/cabinetoffice/gender-pay-gap/blob/56b32abc4568/GenderPayGap.WebUI/GenderPayGap.WebUI.csproj#L4) -# -# * Uses AWS Elastic Beanstalk with platform version "64bit Amazon Linux 2 v2.4.0 running .NET Core" -# https://docs.aws.amazon.com/elasticbeanstalk/latest/platforms/platform-history-dotnetlinux.html#platform-history-2022-10-03 -# This Elastic Beanstalk (EB) platform version supports .Net Core 3.1 -# Check which EB platform version you're using here: -# /terraform/elasticbeanstalk.tf elb_solution_stack_name="..." (https://github.com/cabinetoffice/gender-pay-gap/blob/56b32abc4568/terraform/elasticbeanstalk.tf#L9) -# -# The Elastic Beanstalk platform version ("64bit Amazon Linux 2 v2.4.0 running .NET Core") uses Nginx version 1.20.0 -# https://docs.aws.amazon.com/elasticbeanstalk/latest/platforms/platform-history-dotnetlinux.html#platform-history-2022-10-03 -# -# Nginx version 1.20.0 has at least 2 security vulnerabilities that we've been made aware of by Cabinet Office Cyber Security -# So, we need to upgrade Nginx. -# We should also upgrade .Net Core, but this is a much bigger job. -# -# The easiest way to upgrade Nginx would be to use a more up-to-date Elastic Beanstalk platform version. -# For instance, as of February 2024, the version "64bit Amazon Linux 2 v2.6.4 running .NET Core" uses Nginx 1.22.1, -# which is unaffected by the security vulnerabilities we've been made aware of. -# https://docs.aws.amazon.com/elasticbeanstalk/latest/platforms/platform-history-dotnetlinux.html#platform-history-2024-01-29 -# However, this Elastic Beanstalk application version doesn't support .Net Core 3.1 -# -# The latest EB platform version that supports .Net Core 3.1 is "64bit Amazon Linux 2 v2.5.7 running .NET Core" -# https://docs.aws.amazon.com/elasticbeanstalk/latest/platforms/platform-history-dotnetlinux.html#platform-history-2023-09-05 -# But, as of February 2024, this EB platform version was no longer available to start using. -# Note: You can't start using an old EB platform version, but if you're already using an old platform version, you can continue using it -# Hence why we can't start using v2.5.7, but we can continue to use v2.4.0 -# -# So, there's no EB platform version available that we can update to that supports both: -# - .Net Core 3.1 and -# - Nginx 1.22.1 or newer -# -# So, we're going to have to upgrade Nginx manually. -# This code below asks Elastic Beanstalk to upgrade Nginx from the URL specified (v1.24.0 as of February 2024) -# See AWS documentation: -# - https://docs.aws.amazon.com/elasticbeanstalk/latest/dg/customize-containers-ec2.html#linux-packages -# -# -############################################################################################ -# -# .#### ##### .####. #####. -# # # # # # # -# '###. # # # #####' -# # # # # # -# ####' # '####' # -# -# !!! WHAT TO DO IF YOU'RE EDITING THIS FILE IN THE FUTURE !!! -# -# First, check if this file is needed at all -# You don't need this file if: -# - The EB platform version you're using uses an up-to-date version of Nginx -# OR -# - You can upgrade to an EB platform version that: -# - supports the version of .Net (Core) that you're using AND -# - has an up-to-date version of Nginx -# See: https://docs.aws.amazon.com/elasticbeanstalk/latest/platforms/platforms-supported.html#platforms-supported.dotnetlinux -# -############################################################################################ -packages: - rpm: - nginx: https://nginx.org/packages/centos/7/x86_64/RPMS/nginx-1.24.0-1.el7.ngx.x86_64.rpm diff --git a/GenderPayGap.WebUI/GenderPayGap.WebUI.csproj b/GenderPayGap.WebUI/GenderPayGap.WebUI.csproj index 7a1d73648..233988fc4 100644 --- a/GenderPayGap.WebUI/GenderPayGap.WebUI.csproj +++ b/GenderPayGap.WebUI/GenderPayGap.WebUI.csproj @@ -16,12 +16,6 @@ - - - - Always - - From 0312719585b9c2e8253aaa9f62ab9b396e08c3ca Mon Sep 17 00:00:00 2001 From: James Griffiths Date: Wed, 22 Jan 2025 12:19:00 +0000 Subject: [PATCH 2/8] EHD-1057: Simplify hosting: Code changes: Fix unit tests (was broken when running on Linux) --- .../CoreTests/Helpers/CsvWriterTests.cs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/GenderPayGap.UnitTests/GenderPayGap.WebUI.Tests/CoreTests/Helpers/CsvWriterTests.cs b/GenderPayGap.UnitTests/GenderPayGap.WebUI.Tests/CoreTests/Helpers/CsvWriterTests.cs index 66444d297..a58f54298 100644 --- a/GenderPayGap.UnitTests/GenderPayGap.WebUI.Tests/CoreTests/Helpers/CsvWriterTests.cs +++ b/GenderPayGap.UnitTests/GenderPayGap.WebUI.Tests/CoreTests/Helpers/CsvWriterTests.cs @@ -14,7 +14,7 @@ public void CsvWriter_Sanitizes_Strings_That_Start_With(char character) { // Arrange var value = character + "test"; - var expectedCsvRow = "\"'" + character + $"test\"{Environment.NewLine}"; + var expectedCsvRow = "\"'" + character + $"test\"\r\n"; // Act var actualCsvRow = WebUI.Helpers.CsvWriter.Write(WriteValue(value)); @@ -28,7 +28,7 @@ public void CsvWriter_Does_Not_Sanitize_Negative_Values() { // Arrange var value = -10.2; - var expectedCsvRow = $"\"-10.2\"{Environment.NewLine}"; + var expectedCsvRow = $"\"-10.2\"\r\n"; // Act var actualCsvRow = WebUI.Helpers.CsvWriter.Write(WriteValue(value)); @@ -42,7 +42,7 @@ public void CsvWriter_Does_Not_Sanitize_Strings_That_Do_Not_Start_With_Injection { // Arrange var value = "Test - string that doesn't start with an injection character"; - var expectedCsvRow = $"\"Test - string that doesn't start with an injection character\"{Environment.NewLine}"; + var expectedCsvRow = $"\"Test - string that doesn't start with an injection character\"\r\n"; // Act var actualCsvRow = WebUI.Helpers.CsvWriter.Write(WriteValue(value)); From da5e9ac7bfa0eff68691f35fa33edf2ec5ef764f Mon Sep 17 00:00:00 2001 From: James Griffiths Date: Wed, 22 Jan 2025 12:03:04 +0000 Subject: [PATCH 3/8] EHD-1057: Simplify hosting: Code changes: Remove referenced to unused tables from AdminDataMigrationController --- .../Controllers/Admin/AdminDataMigrationController.cs | 2 -- 1 file changed, 2 deletions(-) diff --git a/GenderPayGap.WebUI/Controllers/Admin/AdminDataMigrationController.cs b/GenderPayGap.WebUI/Controllers/Admin/AdminDataMigrationController.cs index 4030b2961..a438937f1 100644 --- a/GenderPayGap.WebUI/Controllers/Admin/AdminDataMigrationController.cs +++ b/GenderPayGap.WebUI/Controllers/Admin/AdminDataMigrationController.cs @@ -210,7 +210,6 @@ private void ImportDataFromJsonString(string fileAsString) DELETE FROM ""DraftReturns"" WHERE 1 = 1; DELETE FROM ""InactiveUserOrganisations"" WHERE 1 = 1; - DELETE FROM ""ReturnStatus"" WHERE 1 = 1; DELETE FROM ""Returns"" WHERE 1 = 1; DELETE FROM ""AuditLogs"" WHERE 1 = 1; @@ -221,7 +220,6 @@ private void ImportDataFromJsonString(string fileAsString) DELETE FROM ""OrganisationScopes"" WHERE 1 = 1; DELETE FROM ""UserOrganisations"" WHERE 1 = 1; DELETE FROM ""OrganisationStatus"" WHERE 1 = 1; - DELETE FROM ""OrganisationReferences"" WHERE 1 = 1; DELETE FROM ""OrganisationAddresses"" WHERE 1 = 1; DELETE FROM ""OrganisationNames"" WHERE 1 = 1; From 8ebfa71912e3bbc0de4197698e6571c500121681 Mon Sep 17 00:00:00 2001 From: James Griffiths Date: Wed, 22 Jan 2025 12:02:38 +0000 Subject: [PATCH 4/8] EHD-1057: Simplify hosting: Code changes: Improve logging in HealthCheckController --- GenderPayGap.WebUI/Controllers/HealthCheckController.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/GenderPayGap.WebUI/Controllers/HealthCheckController.cs b/GenderPayGap.WebUI/Controllers/HealthCheckController.cs index e55502094..af96be0e7 100644 --- a/GenderPayGap.WebUI/Controllers/HealthCheckController.cs +++ b/GenderPayGap.WebUI/Controllers/HealthCheckController.cs @@ -64,7 +64,7 @@ private void CheckFileConnection() } catch (Exception e) { - throw new Exception($"Could not read or write a file: {e.Message}"); + throw new Exception($"Could not read or write a file: {e.Message}", e); } } From 36f06f9e2d09c6cb612b38d605aafa2977a7f5e0 Mon Sep 17 00:00:00 2001 From: James Griffiths Date: Wed, 22 Jan 2025 12:01:19 +0000 Subject: [PATCH 5/8] EHD-1057: Simplify hosting: Code changes: Simplify OffsetCurrentDateTimeForSite --- .../Extensions/AspNetCore/Config.cs | 26 +++++++------------ GenderPayGap.Core/Global.cs | 1 + .../Controllers/Account/CloseAccountTests.cs | 2 +- .../ExtensionsAspNetCoreTests/ConfigTests.cs | 3 ++- .../ExtensionsTests/VirtualDateTimeTests.cs | 3 ++- 5 files changed, 15 insertions(+), 20 deletions(-) diff --git a/GenderPayGap.Core/Extensions/AspNetCore/Config.cs b/GenderPayGap.Core/Extensions/AspNetCore/Config.cs index 8790aa799..ed63cbcaa 100644 --- a/GenderPayGap.Core/Extensions/AspNetCore/Config.cs +++ b/GenderPayGap.Core/Extensions/AspNetCore/Config.cs @@ -1,5 +1,6 @@ using System.Diagnostics; using System.Globalization; +using GenderPayGap.Core; using Microsoft.Extensions.Configuration; namespace GenderPayGap.Extensions.AspNetCore @@ -11,14 +12,12 @@ public static class Config public static IConfiguration Configuration; - private static TimeSpan? SingletonOffsetCurrentDateTimeForSite; - static Config() { Console.WriteLine($"Environment: {EnvironmentName}"); Configuration = Build(); - VirtualDateTime.Initialise(OffsetCurrentDateTimeForSite()); + VirtualDateTime.Initialise(Global.OffsetCurrentDateTimeForSite); } public static string EnvironmentName => Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT"); @@ -105,10 +104,15 @@ public static int GetAppSettingInt(string key, int defaultValue = 0) return defaultValue; } - public static DateTime GetAppSettingDateTime(string key) + public static DateTime? GetAppSettingDateTime(string key) { string settingValue = GetAppSetting(key); + if (settingValue == "null") + { + return null; + } + if (DateTime.TryParseExact(settingValue, "yyMMddHHmmss", null, DateTimeStyles.AssumeLocal, out DateTime parsedValueShortFormat)) { return parsedValueShortFormat; @@ -119,7 +123,7 @@ public static DateTime GetAppSettingDateTime(string key) return parsedValueOtherFormat; } - return DateTime.MinValue; + return null; } private static IConfiguration GetAppSettings() @@ -139,17 +143,5 @@ public static void SetAppSetting(string key, string value) appSettings[key] = value; } - public static TimeSpan OffsetCurrentDateTimeForSite() - { - if (SingletonOffsetCurrentDateTimeForSite == null) - { - SingletonOffsetCurrentDateTimeForSite = IsProduction() - ? TimeSpan.Zero - : TimeSpan.Parse(GetAppSetting("OffsetCurrentDateTimeForSite", "0")); - } - - return (TimeSpan) SingletonOffsetCurrentDateTimeForSite; - } - } } diff --git a/GenderPayGap.Core/Global.cs b/GenderPayGap.Core/Global.cs index 6a5b62ab6..aba86b067 100644 --- a/GenderPayGap.Core/Global.cs +++ b/GenderPayGap.Core/Global.cs @@ -38,6 +38,7 @@ public static class Global #region Settings that we expect to want to update at short notice + public static TimeSpan OffsetCurrentDateTimeForSite => TimeSpan.Parse(Config.GetAppSetting("OffsetCurrentDateTimeForSite", "0")); public static bool MaintenanceMode => Config.GetAppSettingBool("MaintenanceMode", defaultValue: false); public static DateTime? MaintenanceModeUpAgainTime => Config.GetAppSettingDateTime("MaintenanceModeUpAgainTime"); public static List ReportingStartYearsToExcludeFromLateFlagEnforcement => diff --git a/GenderPayGap.UnitTests/GenderPayGap.WebUI.Tests/Controllers/Account/CloseAccountTests.cs b/GenderPayGap.UnitTests/GenderPayGap.WebUI.Tests/Controllers/Account/CloseAccountTests.cs index 62736b966..d47242e6d 100644 --- a/GenderPayGap.UnitTests/GenderPayGap.WebUI.Tests/Controllers/Account/CloseAccountTests.cs +++ b/GenderPayGap.UnitTests/GenderPayGap.WebUI.Tests/Controllers/Account/CloseAccountTests.cs @@ -20,7 +20,7 @@ public class CloseAccountTests public void Setup() { UiTestHelper.SetDefaultEncryptionKeys(); - VirtualDateTime.Initialise(Config.OffsetCurrentDateTimeForSite()); + VirtualDateTime.Initialise(Global.OffsetCurrentDateTimeForSite); } [Test] diff --git a/GenderPayGap.UnitTests/GenderPayGap.WebUI.Tests/ExtensionsAspNetCoreTests/ConfigTests.cs b/GenderPayGap.UnitTests/GenderPayGap.WebUI.Tests/ExtensionsAspNetCoreTests/ConfigTests.cs index 96cfa2617..d54839562 100644 --- a/GenderPayGap.UnitTests/GenderPayGap.WebUI.Tests/ExtensionsAspNetCoreTests/ConfigTests.cs +++ b/GenderPayGap.UnitTests/GenderPayGap.WebUI.Tests/ExtensionsAspNetCoreTests/ConfigTests.cs @@ -1,3 +1,4 @@ +using GenderPayGap.Core; using GenderPayGap.Extensions.AspNetCore; namespace Tests @@ -13,7 +14,7 @@ public void Config_DefaultDate_Returns_DateTime_Now_Plus_917_Days_When_Configure var expectedOffsetCurrentDateTimeForSite = new TimeSpan(917, 0, 0, 0, 0); // Act - TimeSpan actualOffsetCurrentDateTimeForSite = Config.OffsetCurrentDateTimeForSite(); + TimeSpan actualOffsetCurrentDateTimeForSite = Global.OffsetCurrentDateTimeForSite; // Assert Assert.AreEqual( diff --git a/GenderPayGap.UnitTests/GenderPayGap.WebUI.Tests/ExtensionsTests/VirtualDateTimeTests.cs b/GenderPayGap.UnitTests/GenderPayGap.WebUI.Tests/ExtensionsTests/VirtualDateTimeTests.cs index c84e0da5c..f21314963 100644 --- a/GenderPayGap.UnitTests/GenderPayGap.WebUI.Tests/ExtensionsTests/VirtualDateTimeTests.cs +++ b/GenderPayGap.UnitTests/GenderPayGap.WebUI.Tests/ExtensionsTests/VirtualDateTimeTests.cs @@ -1,3 +1,4 @@ +using GenderPayGap.Core; using GenderPayGap.Extensions.AspNetCore; namespace GenderPayGap.Extensions.Tests @@ -15,7 +16,7 @@ public void Setup() [TearDown] public void TearDown() { - VirtualDateTime.Initialise(Config.OffsetCurrentDateTimeForSite()); + VirtualDateTime.Initialise(Global.OffsetCurrentDateTimeForSite); } [Test] From bd56fb58c80932fb1fa875d87adb31165510de36 Mon Sep 17 00:00:00 2001 From: James Griffiths Date: Wed, 22 Jan 2025 12:18:29 +0000 Subject: [PATCH 6/8] EHD-1057: Simplify hosting: Code changes: Add less-frequently-changed settings to config files instead of always using environment variables --- .../GenderPayGap.WebUI.Tests/AppSettings.UnitTests.json | 5 ----- .../GenderPayGap.WebUI.Tests/GenderPayGap.WebUI.Tests.csproj | 5 ----- .../GenderPayGap.WebUI.Tests/appsettings.json | 5 ++++- GenderPayGap.WebUI/appsettings.PROD.json | 4 +++- GenderPayGap.WebUI/appsettings.json | 5 +++-- 5 files changed, 10 insertions(+), 14 deletions(-) delete mode 100644 GenderPayGap.UnitTests/GenderPayGap.WebUI.Tests/AppSettings.UnitTests.json diff --git a/GenderPayGap.UnitTests/GenderPayGap.WebUI.Tests/AppSettings.UnitTests.json b/GenderPayGap.UnitTests/GenderPayGap.WebUI.Tests/AppSettings.UnitTests.json deleted file mode 100644 index bce698c4f..000000000 --- a/GenderPayGap.UnitTests/GenderPayGap.WebUI.Tests/AppSettings.UnitTests.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "GEODistributionList": "geo-distribution-list@example.com", - "ReportingStartYearsToExcludeFromLateFlagEnforcement": "[2019]", - "ReportingStartYearsWithFurloughScheme": "[2020,2021]" -} \ No newline at end of file diff --git a/GenderPayGap.UnitTests/GenderPayGap.WebUI.Tests/GenderPayGap.WebUI.Tests.csproj b/GenderPayGap.UnitTests/GenderPayGap.WebUI.Tests/GenderPayGap.WebUI.Tests.csproj index 8e1b0b787..b1370a401 100644 --- a/GenderPayGap.UnitTests/GenderPayGap.WebUI.Tests/GenderPayGap.WebUI.Tests.csproj +++ b/GenderPayGap.UnitTests/GenderPayGap.WebUI.Tests/GenderPayGap.WebUI.Tests.csproj @@ -19,11 +19,6 @@ Always Always - - appsettings.json - Always - Always - diff --git a/GenderPayGap.UnitTests/GenderPayGap.WebUI.Tests/appsettings.json b/GenderPayGap.UnitTests/GenderPayGap.WebUI.Tests/appsettings.json index 1a27d82f5..cafc8a47e 100644 --- a/GenderPayGap.UnitTests/GenderPayGap.WebUI.Tests/appsettings.json +++ b/GenderPayGap.UnitTests/GenderPayGap.WebUI.Tests/appsettings.json @@ -1,5 +1,8 @@ { "DefaultEncryptionKey": "", // some unit tests require this key to be empty "OffsetCurrentDateTimeForSite": "917", - "GoogleAnalyticsAccountId": null + "GoogleAnalyticsAccountId": null, + "GEODistributionList": "geo-distribution-list@example.com", + "ReportingStartYearsToExcludeFromLateFlagEnforcement": "[2019]", + "ReportingStartYearsWithFurloughScheme": "[2020,2021]" } \ No newline at end of file diff --git a/GenderPayGap.WebUI/appsettings.PROD.json b/GenderPayGap.WebUI/appsettings.PROD.json index 000acd9cf..537a5abb7 100644 --- a/GenderPayGap.WebUI/appsettings.PROD.json +++ b/GenderPayGap.WebUI/appsettings.PROD.json @@ -3,5 +3,7 @@ "MaxNumCallsCompaniesHouseApiPerFiveMins": "100", "SendGoogleAnalyticsDataToGovUk": "true", "UseStartUrl": "true", - "LogToSentry": "true" + "LogToSentry": "true", + "GEODistributionList": "gpg.reporting@cabinetoffice.gov.uk", + "ReminderEmailDays": "[114, 93, 62, 31, 15, 4]" } \ No newline at end of file diff --git a/GenderPayGap.WebUI/appsettings.json b/GenderPayGap.WebUI/appsettings.json index b1aefb6e6..17eadf190 100644 --- a/GenderPayGap.WebUI/appsettings.json +++ b/GenderPayGap.WebUI/appsettings.json @@ -12,8 +12,9 @@ }, "DaysToKeepBackupFiles": 35, - "FeatureFlagPrivateManualRegistration": "false", - "FeatureFlagSendRegistrationReviewEmails": "true", + "FeatureFlagPrivateManualRegistration": "true", + "FeatureFlagSendRegistrationReviewEmails": "false", + "GEODistributionList": "", "MaxNumCallsCompaniesHouseApiPerFiveMins": "10", "ReminderEmailDays": "[]", "ReportingStartYearsToExcludeFromLateFlagEnforcement": "[2019]", From b8dcd1dd00ec18b0ea50a3b8d8de6e7f3cb93603 Mon Sep 17 00:00:00 2001 From: James Griffiths Date: Wed, 22 Jan 2025 11:59:53 +0000 Subject: [PATCH 7/8] EHD-1057: Simplify hosting: Code changes: Use default environment variables for AWS credentials - so we can use EC2 instance profiles --- GenderPayGap.Core/Global.cs | 8 ++++---- .../FileRepositories/AwsFileRepository.cs | 3 +-- 2 files changed, 5 insertions(+), 6 deletions(-) diff --git a/GenderPayGap.Core/Global.cs b/GenderPayGap.Core/Global.cs index aba86b067..674c9f446 100644 --- a/GenderPayGap.Core/Global.cs +++ b/GenderPayGap.Core/Global.cs @@ -1,4 +1,4 @@ -using GenderPayGap.Extensions.AspNetCore; +using GenderPayGap.Extensions.AspNetCore; using Newtonsoft.Json; namespace GenderPayGap.Core @@ -19,9 +19,9 @@ public static class Global : "SslMode=Require;Trust Server Certificate=true"); public static string S3BucketName => Config.GetAppSetting("S3_BUCKET_NAME"); - public static string S3BucketAwsAccessKeyId => Config.GetAppSetting("S3_BUCKET_AWS_ACCESS_KEY_ID"); - public static string S3BucketAwsSecretAccessKey => Config.GetAppSetting("S3_BUCKET_AWS_SECRET_ACCESS_KEY"); - public static string S3BucketAwsRegion => Config.GetAppSetting("S3_BUCKET_AWS_REGION"); + public static string S3BucketAwsAccessKeyId => Config.GetAppSetting("AWS_ACCESS_KEY_ID"); + public static string S3BucketAwsSecretAccessKey => Config.GetAppSetting("AWS_SECRET_ACCESS_KEY"); + public static string S3BucketAwsRegion => Config.GetAppSetting("AWS_DEFAULT_REGION"); public static string CompaniesHouseApiKey => Config.GetAppSetting("CompaniesHouseApiKey"); public static string GovUkNotifyApiKey => Config.GetAppSetting("GovUkNotifyApiKey"); diff --git a/GenderPayGap.WebUI/ExternalServices/FileRepositories/AwsFileRepository.cs b/GenderPayGap.WebUI/ExternalServices/FileRepositories/AwsFileRepository.cs index 1a5126b57..ab8c9b4b0 100644 --- a/GenderPayGap.WebUI/ExternalServices/FileRepositories/AwsFileRepository.cs +++ b/GenderPayGap.WebUI/ExternalServices/FileRepositories/AwsFileRepository.cs @@ -175,8 +175,7 @@ public bool FileExists(string relativeFilePath) private AmazonS3Client CreateAmazonS3Client() { - var credentials = new BasicAWSCredentials(awsAccessKeyId, awsSecretAccessKey); - var amazonS3Client = new AmazonS3Client(credentials, RegionEndpoint.GetBySystemName(awsRegion)); + var amazonS3Client = new AmazonS3Client(); return amazonS3Client; } From 7582511961a0889d6103174652b7ae6b6ed406d9 Mon Sep 17 00:00:00 2001 From: James Griffiths Date: Wed, 22 Jan 2025 11:58:15 +0000 Subject: [PATCH 8/8] EHD-1057: Simplify hosting: Code changes: Use X-Forwarded-Proto HTTP header --- GenderPayGap.WebUI/Program.cs | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/GenderPayGap.WebUI/Program.cs b/GenderPayGap.WebUI/Program.cs index 4720f5451..2145c38f4 100644 --- a/GenderPayGap.WebUI/Program.cs +++ b/GenderPayGap.WebUI/Program.cs @@ -17,6 +17,7 @@ using GenderPayGap.WebUI.Search; using GenderPayGap.WebUI.Services; using Microsoft.AspNetCore.Authentication.Cookies; +using Microsoft.AspNetCore.HttpOverrides; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.ModelBinding; using Microsoft.AspNetCore.Mvc.ModelBinding.Binders; @@ -130,6 +131,13 @@ private static void ConfigureServices(IServiceCollection services) options.JsonSerializerOptions.PropertyNameCaseInsensitive = true; options.JsonSerializerOptions.PropertyNamingPolicy = null; }); + + // Configure forwarded headers - this is so that the anti-forgery middleware (see below) is allowed to set a "Secure only" cookie + services.Configure( + options => + { + options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto; + }); // Add anti-forgery token by default to forms making sure the Secure flag is always set services.AddAntiforgery( @@ -237,6 +245,8 @@ private static void ConfigureApp(WebApplication app) { app.Urls.Add($"http://*:{Environment.GetEnvironmentVariable("PORT")}/"); } + + app.UseForwardedHeaders(); app.UseStaticFiles();