Merged
Conversation
Co-authored-by: Ronaldo Macapobre <rmacapob@gov.bc.ca>
fix: add missing courtlist request mapping
* - Change Civil documents dropdown to show categories instead of doc types - Update category names to start with capital letter and remaining characters in lower case - Show Document Type in Scheduled Documents under Court List page - Use issueDsc instead of issueTypeDesc to show the more appropriate value * - Fix failing unit tests - Fix bug when deleting documents from binder --------- Co-authored-by: Ronaldo Macapobre <rmacapob@gov.bc.ca>
JASPER 577: Nutrient updates
* - Add S3 module to include certificate S3 bucket that will have the global bundle PEM file - Create S3Service to isolate logic that uses AWS SDK implementation - Update to try to connect to AWS Mongo Db * Comment out seeder and hangfire for now * Remove Hangfire setup * Pass the settings to the client * debug * Download the PEM file as part of the Dockerfile process * More logs * Revert changes and cleanup * Revert * Disable hangfire for now * Move DEFAULT_USERS as env variable instead of secret so it can be parsed as a JSON string during seeding process. * Add --no-install-recommends as suggested by SonarCloud * Fix SonarCloud warning --------- Co-authored-by: Ronaldo Macapobre <rmacapob@gov.bc.ca>
jasper-121 add access request page with basic api to allow saving new…
--- updated-dependencies: - dependency-name: GdPicture.API dependency-version: 14.3.14 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [uuid](https://github.com/uuidjs/uuid) from 11.1.0 to 12.0.0. - [Release notes](https://github.com/uuidjs/uuid/releases) - [Changelog](https://github.com/uuidjs/uuid/blob/main/CHANGELOG.md) - [Commits](uuidjs/uuid@v11.1.0...v12.0.0) --- updated-dependencies: - dependency-name: uuid dependency-version: 12.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
* - Change Civil documents dropdown to show categories instead of doc types - Update category names to start with capital letter and remaining characters in lower case - Show Document Type in Scheduled Documents under Court List page - Use issueDsc instead of issueTypeDesc to show the more appropriate value * - Fix failing unit tests - Fix bug when deleting documents from binder * - Calculate Scheduled documents for Civil Case Details - Programatically rename CSR to Court Summary * Add toLowerCase() consistency and better checking. --------- Co-authored-by: Ronaldo Macapobre <rmacapob@gov.bc.ca>
…-14.3.14 Bump GdPicture.API from 14.3.13 to 14.3.14
Bumps the all-actions group with 1 update: [aws-actions/configure-aws-credentials](https://github.com/aws-actions/configure-aws-credentials). Updates `aws-actions/configure-aws-credentials` from 4 to 5 - [Release notes](https://github.com/aws-actions/configure-aws-credentials/releases) - [Changelog](https://github.com/aws-actions/configure-aws-credentials/blob/main/CHANGELOG.md) - [Commits](aws-actions/configure-aws-credentials@v4...v5) --- updated-dependencies: - dependency-name: aws-actions/configure-aws-credentials dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major dependency-group: all-actions ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…2.0.0 build(deps): bump uuid from 11.1.0 to 12.0.0 in /web
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 7.0.4 to 7.1.5. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/main/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v7.1.5/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 7.1.5 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
tests: adjust tests
JASPER 585: View court-list appearance details documents
….1.5 build(deps-dev): bump vite from 7.0.4 to 7.1.5 in /web
JASPER 582: Include case-number in document tab title
Bumps [vite](https://github.com/vitejs/vite/tree/HEAD/packages/vite) from 6.3.4 to 6.3.6. - [Release notes](https://github.com/vitejs/vite/releases) - [Changelog](https://github.com/vitejs/vite/blob/v6.3.6/packages/vite/CHANGELOG.md) - [Commits](https://github.com/vitejs/vite/commits/v6.3.6/packages/vite) --- updated-dependencies: - dependency-name: vite dependency-version: 6.3.6 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* - Expose new CourtList endpoint handle viewing of document bundle - Create DocumentConverter to isolate the process for converting CfcDocument to CriminalDocuments - Update Binder mappings - Create Dtos to store request and response data for viewing document bundle - Add props for Binder and BinderDocument - Update BinderProcessBase to move JudicialBinder specific codes. - Create KeyDocumentBinderProcessor - CourtListService update where the core logic is. This includes binder initialization, generating pdf requests and merging. - Add keyDocsBinderRefreshHours to handle the state of key document binder * - Update ReportStrategy to use ReportServicesClient to avoid circular dependency - Add missing CourtClassCd label * - Make logic generic in preparation to handle Judicial Binders - Encode document id * cleanup * - Refactor InitializeBindersToMerge to address Cognitive Complexity - Address other SonarCloud issues. * Move KeyDocuments related code to its on function in an attemp to improve the functions cognitive complexity * - Add validation for KDProcessor - Fix other sonar cloud issues * Convert foreach to LINQ * Remove optional keys * - Exclude DocType=File where the filename is the same as the DocumentId. - Update courtClassCd to parse it in the BE instead * Add tests for DocumentConvert * - Fix failing unit test due to other change in the past - Ignore legacy unit tests to prevent the build to proceed when new/existing test fails. * Add unit test for KeyDocumentsBinderProcessor * Setting BinderDocDto DocumentId to null when mapping CriminalDocument that does not have an image id * - Handle scenarios where there are no binders and pdf request to merge - Add unit tests * Refactor document bundle process as per code review feedback * Remove refactored code from CourtList and skipped some tests so all unit tests passes for now. * Address sonar cloud issues * Use physicalFileId when querying criminal content * Add DocumentId null checking to exclude documents that does not have doc id * Cleanup and adding back unit tests --------- Co-authored-by: Ronaldo Macapobre <rmacapob@gov.bc.ca>
refactor: make binder updateddate nullable
JASPER 578: View court-list key documents
Bumps [axios](https://github.com/axios/axios) from 1.8.2 to 1.12.0. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.8.2...v1.12.0) --- updated-dependencies: - dependency-name: axios dependency-version: 1.12.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [axios](https://github.com/axios/axios) from 1.11.0 to 1.12.0. - [Release notes](https://github.com/axios/axios/releases) - [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md) - [Commits](axios/axios@v1.11.0...v1.12.0) --- updated-dependencies: - dependency-name: axios dependency-version: 1.12.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…9.0.9 (#503) --- updated-dependencies: - dependency-name: Microsoft.AspNetCore.Authentication.OpenIdConnect dependency-version: 9.0.9 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Ronaldo Macapobre <rmacapob@gov.bc.ca>
…, All Documents (#510) - Fix issue when selecting Court Summary - Remove sorting of Judicial Binders Co-authored-by: Ronaldo Macapobre <rmacapob@gov.bc.ca>
- Use AWS_SECRET_PREFIX to access lz related secrets Co-authored-by: Ronaldo Macapobre <rmacapob@gov.bc.ca>
#504) --- updated-dependencies: - dependency-name: Microsoft.AspNetCore.Authentication.JwtBearer dependency-version: 9.0.9 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
--- updated-dependencies: - dependency-name: Microsoft.AspNetCore.Mvc.NewtonsoftJson dependency-version: 9.0.9 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Always open new tab when viewing merged documents
Co-authored-by: Ronaldo Macapobre <rmacapob@gov.bc.ca>
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
|
||
| //We are always sending X-Forwarded-Port, only time we aren't is when we are hitting the API directly. | ||
| var baseUri = HttpContext.Request.Headers.ContainsKey("X-Forwarded-Host") ? $"{HttpContext.Request.Headers["X-Base-Href"]}logout" : "/api"; | ||
| var baseUri = HttpContext.Request.Headers.ContainsKey("X-Forwarded-Host") ? $"{HttpContext.Request.Headers["X-Base-Href"]}" : "/api"; |
Check warning
Code scanning / SonarCloud
Use model binding instead of reading raw request data
|
|
||
| //We are always sending X-Forwarded-Port, only time we aren't is when we are hitting the API directly. | ||
| var baseUri = HttpContext.Request.Headers.ContainsKey("X-Forwarded-Host") ? $"{HttpContext.Request.Headers["X-Base-Href"]}logout" : "/api"; | ||
| var baseUri = HttpContext.Request.Headers.ContainsKey("X-Forwarded-Host") ? $"{HttpContext.Request.Headers["X-Base-Href"]}" : "/api"; |
Check warning
Code scanning / SonarCloud
Use model binding instead of reading raw request data
| if (result == null || !result.Any()) | ||
| { | ||
| this.Logger.LogInformation("User with email: {email} is not found", email); | ||
| this.Logger.LogInformation("User with email: {Email} is not found", email.Replace(Environment.NewLine, "")); |
Check warning
Code scanning / CodeQL
Exposure of private information Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 5 months ago
To remediate, avoid logging the full, unsanitized email address. Replace it with a masked version that does not reveal the complete email, e.g. only log the email's domain or obscure part of the username. This minimizes the exposure of private information if logs are accessed inappropriately, while still providing operational context for debugging.
Specifically, edit api/Services/UserService.cs at line 77 so that the logged information is masked.
To implement masking, define a small method (either inline or at the class level, as allowed by shown code context) to safely obscure the email address. If the method can't be defined outside the method scope, create a simple inline masking in-place.
No additional imports are required.
Suggested changeset
1
api/Services/UserService.cs
| @@ -38,6 +38,16 @@ | ||
| private readonly IRepositoryBase<Role> _roleRepo = roleRepo; | ||
| private readonly IPermissionRepository _permissionRepo = permissionRepo; | ||
|
|
||
| // Masks email address for logging by obscuring the username part | ||
| private static string MaskEmail(string email) | ||
| { | ||
| if (string.IsNullOrWhiteSpace(email)) return string.Empty; | ||
| var parts = email.Split('@'); | ||
| if (parts.Length != 2) return "***"; | ||
| var username = parts[0].Length <= 2 ? "***" : parts[0].Substring(0, 2) + "***"; | ||
| return $"{username}@{parts[1]}"; | ||
| } | ||
|
|
||
| public override string CacheName => "GetUsersAsync"; | ||
|
|
||
| public override async Task<OperationResult<UserDto>> ValidateAsync(UserDto dto, bool isEdit = false) | ||
| @@ -74,7 +84,7 @@ | ||
| var result = await this.Repo.FindAsync(u => u.Email == email); | ||
| if (result == null || !result.Any()) | ||
| { | ||
| this.Logger.LogInformation("User with email: {Email} is not found", email.Replace(Environment.NewLine, "")); | ||
| this.Logger.LogInformation("User with email: {Email} is not found", MaskEmail(email)); | ||
| return null; | ||
| } | ||
|
|
Copilot is powered by AI and may make mistakes. Always verify output.
Unable to commit as this autofix suggestion is now outdated
|
ronaldo-macapobre
temporarily deployed
to
test
GitHub Actions
Inactive
ronaldo-macapobre
temporarily deployed
to
test
GitHub Actions
Inactive
ronaldo-macapobre
temporarily deployed
to
prod
GitHub Actions
Inactive
ronaldo-macapobre
temporarily deployed
to
prod
GitHub Actions
Inactive
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull Request for JIRA Ticket: ----put ticket number here----
Issue ticket number and link
Include the JIRA ticket # and link here
Description
Please include a summary of the changes and the related issue. Please also include relevant motivation and context. List any dependencies that are required for this change.
Fixes # (issue)
Type of change
Please delete options that are not relevant.
How Has This Been Tested?
Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration
Test Configuration:
If applicable
Checklist:
Documentation References
Put any doc references here