diff --git a/CHANGELOG.md b/CHANGELOG.md index c3c3b50f1a..109eb685c3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,183 +2,77 @@ New features, fixed bugs, known defects and other noteworthy changes to each release of the Catena-X Portal Backend. -## 2.0.0-RC10 - -### Feature -* **Processes Worker** -* added process to decline own companies registration -* **Administration Service** -* enabled the retrieval of service accounts with userstatusid != DELETED -* include pending serviceaccounts and add userstatus to result - -### Changes -* **Seeding** -* add bpdm roles - -### Bugfix -* **Registration Service** -* adjusted permission for /declineregistration -* add valid company policy -* **Administration Service** -* allowed deletion of configured url for own company -* fixed old autosetup process for dim technical user creation -* fixed conflict errors for inactive and pending service accounts -* fixed error "Sequence contains more than one element" for GET /serviceAccounts/{serviceAccountID} endpoint - -## 2.0.0-RC9 - -### Changes -* **Administration Service** -* enhanced companyDetailsWithAddress endpoint -* **Apps Service** -* added roleId for existing activeRoleDetails -* **Services Service** -* updated permissions for api endpoints - -### Bugfix -* **Invitation** -* added decline url for invite process -* **Seeding** -* added self description document to initial company -* **DIM Process Worker** -* stopped creating technical users for dim -* **Role assignment** -* fixed query for core offer to prevent role assignment triggering cascading role assignments -* **Token lifetime** -* set ClockSkew (security configuration jwtBearerOptions) to 5 minutes for token expiration -* **Offersubscription** -* fixed queries throwing a system exception instead of returning default value - -## 2.0.0-RC8 - -### Changes -* upgraded Npgsql and EntityFrameworkCore packages -* reworked year in file header - -### Bugfix -* **Administration Service** -* adjusted DIM service accounts -* removed enum for framework credentials: to create a framework credential string values are used now instead of enums to be more flexible - -### Technical Support -* **Dependabot** -* introduced grouping of pull request for version updates - -## 2.0.0-RC7 - -### Bugfix -* **Migrations Seeding** -* added missing service accounts and improve descriptions -* **Administration Service** -* adjusted request for framework credential creation -* adjusted error tolerance for GET companyData/decentraldentity/urls -* passed logging arguments to correct parameter -* adjusted clearinghouse data: get the DID of the company from the database if the DIM wallet is enabled instead of requesting it from the MIW -* adjusted framework credential creation to call the ssi issuer with the current user instead of the technical user -* **Apps Service** -* fixed short description returning error - -## 2.0.0-RC6 - -### Feature -* **Administration Service** -* dim: enhanced endpoint with issuer did, bpnl and did of the holder and url for the bpn did resolver - -### Bugfix -* **Administration Service** -* allowed null values in GET and POST identityprovider response -* fixed isOwner filter for GET api/administration/serviceaccount/owncompany/serviceaccounts - -## 2.0.0-RC5 - -### Changes -* **Administration Service** -* adjusted POST: api/administration/companydata/useCaseParticipation to create framework credentials with the ssi credential issuer - -### Bugfix -* **Process Worker** -* adjusted technical user creation process - -## 2.0.0-RC4 - -### Changes -* **Administration Service** -* adjusted GET: api/administration/adjust response of companydata/decentralidentity/urls to response the correct urls - -### Feature -* **Backend Logic** -* added auditing for certificate management -* **Apps Service** -* added GET: /api/apps/AppChange/{appId}/roles to receive the roles for a specific app - -### Bugfix -* **Process Worker** -* set the correct state for IDENTITY_WALLET application step after all steps are done - -## 2.0.0-RC3 - -### Changes -* **Administration Service** -* adjust endpoint api/administration/serviceaccount/owncompany/serviceaccounts/{serviceAccountId} to return the secrets of a dim technical user as well - -### Feature -* **Backend Logic** -* adjusted offer autosetup process to create dim technical users -* **Administration Service** -* added GET: api/administration/companydata/decentralidentity/urls endpoint to receive wallet information - -### Bugfix -* adjusted base url registration for http client setups -* adjusted the did schema validation -* added support for DUNS_ID for the BPDM gat endpoints -* adjusted saving of mailing process steps - -## 2.0.0-RC2 - -### Change -* moved api paths from BPDM out of code into config / helm chart -* merged all migrations since 2.0.0-alpha into one 2.0.0-rc2 - -### Feature -* added DID to DID BPN resolver -* added new checklist steps - -### Bugfix -* fixed company invite: changed invitation processStepType order and removed disposal of mimeMessage for mailing -* fixed mail not being set at new user invite - -## 2.0.0-RC1 +## 2.0.0 ### Change * **Backend Logic** - * Save the error details of the clearinghouse service inside the portal db of application checklist/process worker + * saved the error details of the clearinghouse service inside the portal db of application checklist/process worker * **Apps Services** * updated backend logic of `PUT /api/apps/AppReleaseProcess/{appId}/submit` to allow the submission without defined/configured technical user profile * **Administration Service** - * remove obsolete endpoint `GET /api/user/app/{appId}/roles` - * remove obsolete endpoint `PUT /api/user/app/{appId}/roles` - * added connector url inside the response body of `GET /api/administration/Connectors` - * added connector url inside the response body of `GET /api/administration/Connectors/managed` - * added connector url inside the response body of `GET /api/administration/Connectors/{connectorID}` -* upgraded all services and jobs to .net 8 -* upgraded nuget packages -* merged all migrations since v1.8.0-rc6 into one 2.0.0-alpha + * removed obsolete endpoints + * `GET /api/user/app/{appId}/roles` ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat) + * `PUT /api/user/app/{appId}/roles` ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat) + * included connector URL in responses for connector-related endpoints (GET /api/administration/Connectors, GET /api/administration/Connectors/managed, GET /api/administration/Connectors/{connectorID}) + * modified POST: api/administration/companydata/useCaseParticipation logic to create framework credentials via the SSI credential issuer interface + * improved GET /serviceAccounts/{serviceAccountID} and GET /serviceAccounts to return service accounts regardless of state (excluding DELETE) and included userStatus in the payload + * updated PUT /api/administration/SubscriptionConfiguration/owncompany to allow URL deletion by submitting an empty URL + * enhanced GET /api/administration/registration/application/{applicationId}/companyDetailsWithAddress payload with "created", "lastChanged", "documents" details + * removed "documents" from GET /api/administration/registration/application/{applicationId}/companyDetailsWithAddress payload (Breaking Change) ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat) +* **Services Service** + * updated permission validation for api endpoints + * GET /api/services/subscribed/subscription-status ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat) + * GET /api/services/{serviceId}/subscription/{subscriptionId}/subscriber ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat) + * GET /api/services/{serviceId}/subscription/{subscriptionId}/provider ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat) * updated swagger (endpoint documentation, payload examples and allowed values) * changed the CompanyInvitationData to class instead of record -* updated seeding: - * removed service account sa-cl5-custodian-1 - * removed the following roles: BPDM Gate Read, BPDM Gate Read & Write, BPDM Partner Gate, BPDM Management, BPDM Pool - * added the following roles: BPDM Sharing Admin, BPDM Sharing Input Manager, BPDM Sharing Input Consumer, BPDM Sharing Output Consumer, BPDM Pool Admin, BPDM Pool Consumer +* **Seeding** + * removed service account sa-cl5-custodian-1 ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat) + * added missing service accounts and improved descriptions + * removed the following roles: BPDM Gate Read, BPDM Gate Read & Write, BPDM Partner Gate, BPDM Management, BPDM Pool ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat) + * added the following roles: BPDM Sharing Admin, BPDM Sharing Input Manager, BPDM Sharing Input Consumer, BPDM Sharing Output Consumer, BPDM Pool Admin, BPDM Pool Consumer, Business Partner Data Manager, BPDM Pool Sharing Consumer + * added self description document to release company record (operator) ### Feature * **Certificate Management (Administration Service)** * released new endpoint to delete company owned company certificates `DELETE /api/administration/companydata/companyCertificate/document/{documentId}` * released new endpoint to view other companies certificates via the document ID `GET /api/administration/companydata/companyCertificates/documents/{documentId}` * released specific document endpoint to fetch owned company certificates by documentID `GET /api/administration/companydata/companyCertificates/{documentId}` -* **Registration Process Worker** - * implemented new backend logic for the process step "IDENTITY_WALLET_CREATION" by separating the step logic (bpm credential creation separated and payload changed) ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat) - * added retrigger endpoint to restarted a failed dim wallet setup step - * added postback endpoint to receive the did document and authentication information ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat) + * added auditing + * Certificate Uploads: Capture the event when a new certificate is uploaded to the system + * Certificate Deletions: Capture the event when an existing certificate is deleted from the system + * User Identification: Log the identity of the user who performed the action + * Timestamp Recording: Log the exact date and time when the action was performed +* **Process Worker** + * released new process step "SEND_MAIL" and integrated the step for all mail jobs +* **Self-Soverein-Identity Next (Support Central (MIW) and Decentral (DIM) Identity Management Systems)** ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat) + * implemented a configuration switch to facilitate seamless transitions between centralized (Support Central, MIW) and decentralized (Identity Management Systems, DIM) wallet flows + * **Registration Process Worker** + * refined the "IDENTITY_WALLET_CREATION" process step with new backend logic to uncouple BPM credential creation from the main flow and modify the associated payload + * enriched the registration workflow with additional application checklist and process steps, such as "BPNL_CREDENTIAL", "MEMBERSHIP_CREDENTIAL" and "VALIDATE_DID_DOCUMENT" + * established a retrigger endpoint to resume a failed DIM setup step, enhancing robustness in the registration process + * introduced a postback endpoint for receiving DID documents and authentication details, with accompanying schema validation to ensure data integrity + * added didDocument schema validation for postback endpoint + * added didDocument publication flow and validation of the successful publication + * added process worker step and backend logic to register didDocument received from integrated wallet inside the BDRS (BPN-DID Resolver) service + * **Multi Provider Technical User** + * enabled feature to allow technical user creation for multiple providers + * enhanced response data of technical user related endpoints to include user status, addressing the need for comprehensive user management: + * POST /api/apps/autoSetup + * GET /api/apps/{appId}/subscription/{subscriptionId}/provider + * GET /api/apps/{appId}/subscription/{subscriptionId}/subscriber + * GET /api/services/{serviceId}/subscription/{subscriptionId}/provider + * GET /api/services/{serviceId}/subscription/{subscriptionId}/subscriber + * **Service Account Secret Retrieval** + * modified GET api/administration/serviceaccount/owncompany/serviceaccounts/{serviceAccountId} to differentiate secret retrieval based on the service account provider (database vs integrated identity provider + * **Clearinghouse Data Interface Adjustment** + * altered the interface to retrieve a company's DID directly from the database when the DIM wallet feature is active, as opposed to sourcing it from MIW, simplifying the data retrieval process and reducing dependencies on external services +* **Registration Decline** + * released function to decline as customer the registration process and delete user accounts + * added registration decline process worker steps + * enabled decline feature via url inside the email template "invite" +* **Autosetup Process Worker** + * adjusted offer autosetup process to create dim technical users * **Agreement Status** * updated logic of POST and GET agreement endpoint (apps service) to only consider active agreements * updated logic of POST and GET agreement endpoint (services service) to only consider active agreements @@ -188,17 +82,26 @@ New features, fixed bugs, known defects and other noteworthy changes to each rel * **Business Process Worker** * added new backend worker for invitations to run the invitation steps asynchronously * added mailing worker and moved all backend functions for sending emails into the worker -* Email Templates - * Enabled email service for create user account under owned IdP as well as for migration of an user account from any IdP to a ownedIdP +* **Email Templates** + * enabled email service for create user account under owned IdP as well as for migration of an user account from any IdP to a ownedIdP +* **Others** + * released GET: api/administration/companydata/decentralidentity/urls endpoint to provide connector registration relevant information + * added GET /api/apps/AppChange/{appId}/roles to retrieve app configured roles for owned apps + * added GET /api/apps/AppReleaseProcess/{appId}/roles to retrieve app uploaded roles ### Technical Support -* adjusted the get_current_version script for nuget packages to only return the tag name -* introduced codeql scan -* removed veracode workflow +* upgraded all services and jobs to .Net 8 +* Token lifetime: set ClockSkew (security configuration jwtBearerOptions) to 5 minutes for token expiration +* moved api paths from BPDM out of code into config / helm chart +* upgraded nuget packages * removed unused deprecated packages +* adjusted the get_current_version script for nuget packages to only return the tag name +* introduced CodeQL scan +* removed Veracode workflow * improved workflows and documentation * upgraded gh actions and change to pinned actions full length commit sha -* add dependabot.yml file +* add dependabot.yml file and introduced grouping of pull request for version updates +* reworked year in file header ### Bugfix * adjusted endpoint `GET api/administration/serviceaccount/owncompany/serviceaccounts` to filter for active service accounts by default @@ -209,9 +112,35 @@ New features, fixed bugs, known defects and other noteworthy changes to each rel * use identifier.Value instead of repeating its type * use CompanyUniqueIdData instead of UniqueIdentifierData * fixed sonar findings -* fixed codeql findings +* fixed CodeQL findings * CONTRIBUTING.md: linked to contribution details * updated eclipse dash tool for dependencies check +* Core role assignment - fixed query for core offer to prevent role assignment triggering cascading role assignments +* fixed endpoint GET /api/apps/active short description returning error +* in BpdmService.FetchInputLegalEntity map bpdm-identifier-types to string instead of BpdmIdentifierTypeId +* fixed isOwner filter for GET api/administration/serviceaccount/owncompany/serviceaccounts + +### Known Knowns +The following are known issues identified in the current release: +* **Email Template Issues:** + * The `verified_credential_approved.html` email template does not populate the "wallet" value as expected. + * The `decline_registration.html` email template is triggered when a customer utilizes the self-decline feature. +* **Autosetup Feature Limitation:** + * The autosetup feature lacks support for service providers and app providers to automatically retrieve customer connector configuration details such as `authURL`, `WalletURL`, etc. +* **Deletion Support Deficiencies:** + * The deletion of technical users from external providers is currently not supported. + * Removal of BDRS (BPN-DID Resolver Service) entries is currently not supported. + * Deletion of wallet tenants has not been implemented. +* **Obsolete Code:** + * Redundant backend code from a previous version of the SSI implementation remains in the codebase and has not been purged. +* **Code quality Finding:** + * A potential null reference for 'identityProviderLinks' has been identified, indicating that it could be null on at least one execution path. [#694](https://github.com/eclipse-tractusx/portal-backend/issues/694) +* **Validation Limitations:** + * Pattern validation for URL inputs in `POST` and `PUT` endpoints is currently limited, potentially allowing invalid URLs to be accepted. [#587](https://github.com/eclipse-tractusx/portal-backend/issues/587) +* **Validation of File Upload Limitation:** + * It is recommended to make make use of an existing trustworthy 3rd party virus-scan service for a more broad scan for known malicious signatures. [#779](https://github.com/eclipse-tractusx/portal-backend/issues/779) +* **In Memory Storage Limitation**: + * Sensitive information (such as passwords) is read in an unencrypted manner in memory. ## 1.8.1 diff --git a/README.md b/README.md index bf576456c0..5cdd1d9013 100644 --- a/README.md +++ b/README.md @@ -34,6 +34,10 @@ Run the following command from the CLI in the directory of the service you want dotnet run ``` +## Known Issues and Limitations + +See [Known Knowns](/CHANGELOG.md#known-knowns). + ## Notice for Docker image This application provides container images for demonstration purposes. diff --git a/src/Directory.Build.props b/src/Directory.Build.props index d5135fbe1d..17fb129034 100644 --- a/src/Directory.Build.props +++ b/src/Directory.Build.props @@ -20,6 +20,6 @@ 2.0.0 - RC10 +