build(2.0.0): merge main into dev

CHANGELOG.md

@@ -2,183 +2,77 @@
 
 New features, fixed bugs, known defects and other noteworthy changes to each release of the Catena-X Portal Backend.
 
-## 2.0.0-RC10
-
-### Feature
-* **Processes Worker**
-* added process to decline own companies registration
-* **Administration Service**
-* enabled the retrieval of service accounts with userstatusid != DELETED
-* include pending serviceaccounts and add userstatus to result
-
-### Changes
-* **Seeding**
-* add bpdm roles
-
-### Bugfix
-* **Registration Service**
-* adjusted permission for /declineregistration
-* add valid company policy
-* **Administration Service**
-* allowed deletion of configured url for own company
-* fixed old autosetup process for dim technical user creation
-* fixed conflict errors for inactive and pending service accounts
-* fixed error "Sequence contains more than one element" for GET /serviceAccounts/{serviceAccountID} endpoint
-
-## 2.0.0-RC9
-
-### Changes
-* **Administration Service**
-* enhanced companyDetailsWithAddress endpoint
-* **Apps Service**
-* added roleId for existing activeRoleDetails
-* **Services Service**
-* updated permissions for api endpoints
-
-### Bugfix
-* **Invitation**
-* added decline url for invite process
-* **Seeding**
-* added self description document to initial company
-* **DIM Process Worker**
-* stopped creating technical users for dim
-* **Role assignment**
-* fixed query for core offer to prevent role assignment triggering cascading role assignments
-* **Token lifetime**
-* set ClockSkew (security configuration jwtBearerOptions) to 5 minutes for token expiration
-* **Offersubscription**
-* fixed queries throwing a system exception instead of returning default value
-
-## 2.0.0-RC8
-
-### Changes
-* upgraded Npgsql and EntityFrameworkCore packages
-* reworked year in file header
-
-### Bugfix
-* **Administration Service**
-* adjusted DIM service accounts
-* removed enum for framework credentials: to create a framework credential string values are used now instead of enums to be more flexible
-
-### Technical Support
-* **Dependabot**
-* introduced grouping of pull request for version updates
-
-## 2.0.0-RC7
-
-### Bugfix
-* **Migrations Seeding**
-* added missing service accounts and improve descriptions
-* **Administration Service**
-* adjusted request for framework credential creation
-* adjusted error tolerance for GET companyData/decentraldentity/urls
-* passed logging arguments to correct parameter
-* adjusted clearinghouse data: get the DID of the company from the database if the DIM wallet is enabled instead of requesting it from the MIW
-* adjusted framework credential creation to call the ssi issuer with the current user instead of the technical user
-* **Apps Service**
-* fixed short description returning error
-
-## 2.0.0-RC6
-
-### Feature
-* **Administration Service**
-* dim: enhanced endpoint with issuer did, bpnl and did of the holder and url for the bpn did resolver
-
-### Bugfix
-* **Administration Service**
-* allowed null values in GET and POST identityprovider response
-* fixed isOwner filter for GET api/administration/serviceaccount/owncompany/serviceaccounts
-
-## 2.0.0-RC5
-
-### Changes
-* **Administration Service**
-* adjusted POST: api/administration/companydata/useCaseParticipation to create framework credentials with the ssi credential issuer
-
-### Bugfix
-* **Process Worker**
-* adjusted technical user creation process
-
-## 2.0.0-RC4
-
-### Changes
-* **Administration Service**
-* adjusted GET: api/administration/adjust response of companydata/decentralidentity/urls to response the correct urls
-
-### Feature
-* **Backend Logic**
-* added auditing for certificate management
-* **Apps Service**
-* added GET: /api/apps/AppChange/{appId}/roles to receive the roles for a specific app
-
-### Bugfix
-* **Process Worker**
-* set the correct state for IDENTITY_WALLET application step after all steps are done
-
-## 2.0.0-RC3
-
-### Changes
-* **Administration Service**
-* adjust endpoint api/administration/serviceaccount/owncompany/serviceaccounts/{serviceAccountId} to return the secrets of a dim technical user as well
-
-### Feature
-* **Backend Logic**
-* adjusted offer autosetup process to create dim technical users
-* **Administration Service**
-* added GET: api/administration/companydata/decentralidentity/urls endpoint to receive wallet information
-
-### Bugfix
-* adjusted base url registration for http client setups
-* adjusted the did schema validation
-* added support for DUNS_ID for the BPDM gat endpoints
-* adjusted saving of mailing process steps
-
-## 2.0.0-RC2
-
-### Change
-* moved api paths from BPDM out of code into config / helm chart
-* merged all migrations since 2.0.0-alpha into one 2.0.0-rc2
-
-### Feature
-* added DID to DID BPN resolver
-* added new checklist steps
-
-### Bugfix
-* fixed company invite: changed invitation processStepType order and removed disposal of mimeMessage for mailing
-* fixed mail not being set at new user invite
-
-## 2.0.0-RC1
+## 2.0.0
 
 ### Change
 * **Backend Logic**
-  * Save the error details of the clearinghouse service inside the portal db of application checklist/process worker
+  * saved the error details of the clearinghouse service inside the portal db of application checklist/process worker
 * **Apps Services**
   * updated backend logic of `PUT /api/apps/AppReleaseProcess/{appId}/submit` to allow the submission without defined/configured technical user profile
 * **Administration Service**
-  * remove obsolete endpoint `GET /api/user/app/{appId}/roles`
-  * remove obsolete endpoint `PUT /api/user/app/{appId}/roles`
-  * added connector url inside the response body of `GET /api/administration/Connectors`
-  * added connector url inside the response body of `GET /api/administration/Connectors/managed`
-  * added connector url inside the response body of `GET /api/administration/Connectors/{connectorID}`
-* upgraded all services and jobs to .net 8
-* upgraded nuget packages
-* merged all migrations since v1.8.0-rc6 into one 2.0.0-alpha
+  * removed obsolete endpoints
+    * `GET /api/user/app/{appId}/roles` ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat)
+    * `PUT /api/user/app/{appId}/roles` ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat)
+  * included connector URL in responses for connector-related endpoints (GET /api/administration/Connectors, GET /api/administration/Connectors/managed, GET /api/administration/Connectors/{connectorID})
+  * modified POST: api/administration/companydata/useCaseParticipation logic to create framework credentials via the SSI credential issuer interface
+  * improved GET /serviceAccounts/{serviceAccountID} and GET /serviceAccounts to return service accounts regardless of state (excluding DELETE) and included userStatus in the payload
+  * updated PUT /api/administration/SubscriptionConfiguration/owncompany to allow URL deletion by submitting an empty URL
+  * enhanced GET /api/administration/registration/application/{applicationId}/companyDetailsWithAddress payload with "created", "lastChanged", "documents" details
+  * removed "documents" from GET /api/administration/registration/application/{applicationId}/companyDetailsWithAddress payload (Breaking Change) ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat)
+* **Services Service**
+  * updated permission validation for api endpoints
+    * GET /api/services/subscribed/subscription-status ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat)
+    * GET /api/services/{serviceId}/subscription/{subscriptionId}/subscriber ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat)
+    * GET /api/services/{serviceId}/subscription/{subscriptionId}/provider ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat)
 * updated swagger (endpoint documentation, payload examples and allowed values)
 * changed the CompanyInvitationData to class instead of record
-* updated seeding:
-  * removed service account sa-cl5-custodian-1
-  * removed the following roles: BPDM Gate Read, BPDM Gate Read & Write, BPDM Partner Gate, BPDM Management, BPDM Pool
-  * added the following roles: BPDM Sharing Admin, BPDM Sharing Input Manager, BPDM Sharing Input Consumer, BPDM Sharing Output Consumer, BPDM Pool Admin, BPDM Pool Consumer
+* **Seeding**
+  * removed service account sa-cl5-custodian-1 ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat)
+  * added missing service accounts and improved descriptions
+  * removed the following roles: BPDM Gate Read, BPDM Gate Read & Write, BPDM Partner Gate, BPDM Management, BPDM Pool ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat)
+  * added the following roles: BPDM Sharing Admin, BPDM Sharing Input Manager, BPDM Sharing Input Consumer, BPDM Sharing Output Consumer, BPDM Pool Admin, BPDM Pool Consumer, Business Partner Data Manager, BPDM Pool Sharing Consumer
+  * added self description document to release company record (operator)
 
 ### Feature
 * **Certificate Management (Administration Service)**
   * released new endpoint to delete company owned company certificates `DELETE /api/administration/companydata/companyCertificate/document/{documentId}`
   * released new endpoint to view other companies certificates via the document ID `GET /api/administration/companydata/companyCertificates/documents/{documentId}`
   * released specific document endpoint to fetch owned company certificates by documentID `GET /api/administration/companydata/companyCertificates/{documentId}`
-* **Registration Process Worker**
-  * implemented new backend logic for the process step "IDENTITY_WALLET_CREATION" by separating the step logic (bpm credential creation separated and payload changed) ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat)
-  * added retrigger endpoint to restarted a failed dim wallet setup step
-  * added postback endpoint to receive the did document and authentication information ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat)
+  * added auditing
+    * Certificate Uploads: Capture the event when a new certificate is uploaded to the system
+    * Certificate Deletions: Capture the event when an existing certificate is deleted from the system
+    * User Identification: Log the identity of the user who performed the action
+    * Timestamp Recording: Log the exact date and time when the action was performed
+* **Process Worker**
+  * released new process step "SEND_MAIL" and integrated the step for all mail jobs
+* **Self-Soverein-Identity Next (Support Central (MIW) and Decentral (DIM) Identity Management Systems)** ![Tag](https://img.shields.io/static/v1?label=&message=BreakingChange&color=yellow&style=flat)
+  * implemented a configuration switch to facilitate seamless transitions between centralized (Support Central, MIW) and decentralized (Identity Management Systems, DIM) wallet flows
+  * **Registration Process Worker**
+    * refined the "IDENTITY_WALLET_CREATION" process step with new backend logic to uncouple BPM credential creation from the main flow and modify the associated payload
+    * enriched the registration workflow with additional application checklist and process steps, such as "BPNL_CREDENTIAL", "MEMBERSHIP_CREDENTIAL" and "VALIDATE_DID_DOCUMENT"
+    * established a retrigger endpoint to resume a failed DIM setup step, enhancing robustness in the registration process
+    * introduced a postback endpoint for receiving DID documents and authentication details, with accompanying schema validation to ensure data integrity
+    * added didDocument schema validation for postback endpoint
+    * added didDocument publication flow and validation of the successful publication
+    * added process worker step and backend logic to register didDocument received from integrated wallet inside the BDRS (BPN-DID Resolver) service
+  * **Multi Provider Technical User**
+    * enabled feature to allow technical user creation for multiple providers
+    * enhanced response data of technical user related endpoints to include user status, addressing the need for comprehensive user management:
+      * POST /api/apps/autoSetup
+      * GET /api/apps/{appId}/subscription/{subscriptionId}/provider
+      * GET /api/apps/{appId}/subscription/{subscriptionId}/subscriber
+      * GET /api/services/{serviceId}/subscription/{subscriptionId}/provider
+      * GET /api/services/{serviceId}/subscription/{subscriptionId}/subscriber
+  * **Service Account Secret Retrieval**
+    * modified GET api/administration/serviceaccount/owncompany/serviceaccounts/{serviceAccountId} to differentiate secret retrieval based on the service account provider (database vs integrated identity provider
+  * **Clearinghouse Data Interface Adjustment**
+    * altered the interface to retrieve a company's DID directly from the database when the DIM wallet feature is active, as opposed to sourcing it from MIW, simplifying the data retrieval process and reducing dependencies on external services
+* **Registration Decline**
+  * released function to decline as customer the registration process and delete user accounts
+  * added registration decline process worker steps
+  * enabled decline feature via url inside the email template "invite"
+* **Autosetup Process Worker**
+  * adjusted offer autosetup process to create dim technical users
 * **Agreement Status**
   * updated logic of POST and GET agreement endpoint (apps service) to only consider active agreements
   * updated logic of POST and GET agreement endpoint (services service) to only consider active agreements
@@ -188,17 +82,26 @@ New features, fixed bugs, known defects and other noteworthy changes to each rel
 * **Business Process Worker**
   * added new backend worker for invitations to run the invitation steps asynchronously
   * added mailing worker and moved all backend functions for sending emails into the worker
-* Email Templates
-  * Enabled email service for create user account under owned IdP as well as for migration of an user account from any IdP to a ownedIdP
+* **Email Templates**
+  * enabled email service for create user account under owned IdP as well as for migration of an user account from any IdP to a ownedIdP
+* **Others**
+  * released GET: api/administration/companydata/decentralidentity/urls endpoint to provide connector registration relevant information
+  * added GET /api/apps/AppChange/{appId}/roles to retrieve app configured roles for owned apps
+  * added GET /api/apps/AppReleaseProcess/{appId}/roles to retrieve app uploaded roles
 
 ### Technical Support
-* adjusted the get_current_version script for nuget packages to only return the tag name
-* introduced codeql scan
-* removed veracode workflow
+* upgraded all services and jobs to .Net 8
+* Token lifetime: set ClockSkew (security configuration jwtBearerOptions) to 5 minutes for token expiration
+* moved api paths from BPDM out of code into config / helm chart
+* upgraded nuget packages
 * removed unused deprecated packages
+* adjusted the get_current_version script for nuget packages to only return the tag name
+* introduced CodeQL scan
+* removed Veracode workflow
 * improved workflows and documentation
 * upgraded gh actions and change to pinned actions full length commit sha
-* add dependabot.yml file
+* add dependabot.yml file and introduced grouping of pull request for version updates
+* reworked year in file header
 
 ### Bugfix
 * adjusted endpoint `GET api/administration/serviceaccount/owncompany/serviceaccounts` to filter for active service accounts by default
@@ -209,9 +112,35 @@ New features, fixed bugs, known defects and other noteworthy changes to each rel
   * use identifier.Value instead of repeating its type
   * use CompanyUniqueIdData instead of UniqueIdentifierData
 * fixed sonar findings
-* fixed codeql findings
+* fixed CodeQL findings
 * CONTRIBUTING.md: linked to contribution details
 * updated eclipse dash tool for dependencies check
+* Core role assignment - fixed query for core offer to prevent role assignment triggering cascading role assignments
+* fixed endpoint GET /api/apps/active short description returning error
+* in BpdmService.FetchInputLegalEntity map bpdm-identifier-types to string instead of BpdmIdentifierTypeId
+* fixed isOwner filter for GET api/administration/serviceaccount/owncompany/serviceaccounts
+
+### Known Knowns
+The following are known issues identified in the current release:
+* **Email Template Issues:**
+  * The `verified_credential_approved.html` email template does not populate the "wallet" value as expected.
+  * The `decline_registration.html` email template is triggered when a customer utilizes the self-decline feature.
+* **Autosetup Feature Limitation:**
+  * The autosetup feature lacks support for service providers and app providers to automatically retrieve customer connector configuration details such as `authURL`, `WalletURL`, etc.
+* **Deletion Support Deficiencies:**
+  * The deletion of technical users from external providers is currently not supported.
+  * Removal of BDRS (BPN-DID Resolver Service) entries is currently not supported.
+  * Deletion of wallet tenants has not been implemented.
+* **Obsolete Code:**
+  * Redundant backend code from a previous version of the SSI implementation remains in the codebase and has not been purged.
+* **Code quality Finding:**
+  * A potential null reference for 'identityProviderLinks' has been identified, indicating that it could be null on at least one execution path. [#694](https://github.com/eclipse-tractusx/portal-backend/issues/694)
+* **Validation Limitations:**
+  * Pattern validation for URL inputs in `POST` and `PUT` endpoints is currently limited, potentially allowing invalid URLs to be accepted. [#587](https://github.com/eclipse-tractusx/portal-backend/issues/587)
+* **Validation of File Upload Limitation:**
+  * It is recommended to make make use of an existing trustworthy 3rd party virus-scan service for a more broad scan for known malicious signatures. [#779](https://github.com/eclipse-tractusx/portal-backend/issues/779)
+* **In Memory Storage Limitation**:
+  * Sensitive information (such as passwords) is read in an unencrypted manner in memory.
 
 ## 1.8.1
 

README.md

@@ -34,6 +34,10 @@ Run the following command from the CLI in the directory of the service you want
 dotnet run
 ```
 
+## Known Issues and Limitations
+
+See [Known Knowns](/CHANGELOG.md#known-knowns).
+
 ## Notice for Docker image
 
 This application provides container images for demonstration purposes.

src/Directory.Build.props

@@ -20,6 +20,6 @@
 <Project>
   <PropertyGroup>
     <VersionPrefix>2.0.0</VersionPrefix>
-    <VersionSuffix>RC10</VersionSuffix>
+    <VersionSuffix></VersionSuffix>
   </PropertyGroup>
 </Project>