Rename AdminDomains to PrivilegedUserDomains (#379)

* Rename AdminDomains to PrivilegedUserDomains

* Add NVD suppressions

.editorconfig

@@ -35,6 +35,13 @@ dotnet_style_prefer_simplified_interpolation = true:suggestion
 dotnet_style_prefer_collection_expression = when_types_exactly_match:suggestion
 dotnet_style_namespace_match_folder = true:suggestion
 
+# JSON files
+[*.json]
+insert_final_newline = true
+indent_style = space
+indent_size = 2
+trim_trailing_whitespace = true
+
 # C# files
 [*.cs]
 

NVDSuppressions.xml

@@ -506,4 +506,94 @@
     </notes>
     <cve>CVE-2024-38460</cve>
   </suppress>
+  <suppress>
+    <notes>
+      <![CDATA[
+   file name: Azure.Core.dll
+   Will be reviewed as part of .NET 8 update.
+   ]]>
+    </notes>
+    <packageUrl regex="true">^pkg:generic/Azure\.Core@.*$</packageUrl>
+    <cve>CVE-2024-43591</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      <![CDATA[
+   file name: Azure.Core:Various
+   Will be reviewed as part of .NET 8 update.
+   ]]>
+    </notes>
+    <packageUrl regex="true">^pkg:nuget/Azure\.Core@.*$</packageUrl>
+    <cve>CVE-2024-43591</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      <![CDATA[
+   file name: Azure.Identity:1.12.0
+   Will be reviewed as part of .NET 8 update.
+   ]]>
+    </notes>
+    <packageUrl regex="true">^pkg:nuget/Azure\.Identity@.*$</packageUrl>
+    <cve>CVE-2024-43591</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      <![CDATA[
+   file name: Microsoft.Azure.Cosmos.Table.dll
+   Will be reviewed as part of .NET 8 update.
+   ]]>
+    </notes>
+    <packageUrl regex="true">^pkg:generic/Microsoft\.Azure\.Cosmos\.Table@.*$</packageUrl>
+    <cve>CVE-2024-43591</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      <![CDATA[
+   file name: Microsoft.Azure.DocumentDB.Core.dll
+   Will be reviewed as part of .NET 8 update.
+   ]]>
+    </notes>
+    <packageUrl regex="true">^pkg:generic/Microsoft\.Azure\.DocumentDB\.Core@.*$</packageUrl>
+    <cve>CVE-2024-43591</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      <![CDATA[
+   file name: Microsoft.Azure.Services.AppAuthentication:1.0.3
+   Will be reviewed as part of .NET 8 update.
+   ]]>
+    </notes>
+    <packageUrl regex="true">^pkg:nuget/Microsoft\.Azure\.Services\.AppAuthentication@.*$</packageUrl>
+    <cve>CVE-2024-43591</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      <![CDATA[
+   file name: Microsoft.Extensions.Azure.dll
+   Will be reviewed as part of .NET 8 update.
+   ]]>
+    </notes>
+    <packageUrl regex="true">^pkg:generic/Microsoft\.Extensions\.Azure@.*$</packageUrl>
+    <cve>CVE-2024-43591</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      <![CDATA[
+   file name: Microsoft.Extensions.Azure:1.6.3
+   Will be reviewed as part of .NET 8 update.
+   ]]>
+    </notes>
+    <packageUrl regex="true">^pkg:nuget/Microsoft\.Extensions\.Azure@.*$</packageUrl>
+    <cve>CVE-2024-43591</cve>
+  </suppress>
+  <suppress>
+    <notes>
+      <![CDATA[
+   file name: System.ClientModel.dll
+   Will be reviewed as part of .NET 8 update.
+   ]]>
+    </notes>
+    <packageUrl regex="true">^pkg:generic/System\.ClientModel@.*$</packageUrl>
+    <cve>CVE-2024-43591</cve>
+  </suppress>
 </suppressions>

UKHO.ExchangeSetService.API/UKHO.ExchangeSetService.API.UnitTests/Filters/BespokeExchangeSetAuthorizationFilterAttributeTests.cs

@@ -54,7 +54,7 @@ public void Setup()
             fakeAzureAdB2CConfiguration.Value.Instance = "https://azureAdB2CInstance/";
             fakeAzureAdB2CConfiguration.Value.TenantId = "azure-ad2c-tenant";
             fakeAzureAdConfig.Value.MicrosoftOnlineLoginUrl = "https://login.microsoftonline.com/";
-            this.fakeConfiguration["AdminDomains"] = "abc.com";
+            fakeConfiguration["PrivilegedUserDomains"] = "abc.com";
             httpContext = new DefaultHttpContext();
 
             bespokeFilterAttribute = new BespokeExchangeSetAuthorizationFilterAttribute(fakeAzureAdConfig, fakeConfiguration, fakeAzureAdB2CHelper, fakelogger);

UKHO.ExchangeSetService.API/UKHO.ExchangeSetService.API/Filters/BespokeExchangeSetAuthorizationFilterAttribute.cs

@@ -90,10 +90,10 @@ public override async Task OnActionExecutionAsync(ActionExecutingContext context
 
                 if (azureAdB2CHelper.IsAzureB2CUser(azureAdB2C, correlationId))
                 {
-                    var adminDomains = !string.IsNullOrEmpty(this.configuration["AdminDomains"]) ? new(this.configuration["AdminDomains"].Split(',').Select(s => s.Trim())) : new List<string>();
+                    var privilegedUserDomains = !string.IsNullOrEmpty(configuration["PrivilegedUserDomains"]) ? new(configuration["PrivilegedUserDomains"].Split(',').Select(s => s.Trim())) : new List<string>();
                     var userEmail = context.HttpContext.User.FindFirstValue(ClaimTypes.Email);
 
-                    if (userEmail == null || !adminDomains.Any(x => userEmail.EndsWith(x, StringComparison.InvariantCultureIgnoreCase)))
+                    if (userEmail == null || !privilegedUserDomains.Any(x => userEmail.EndsWith(x, StringComparison.InvariantCultureIgnoreCase)))
                     {
                         context.HttpContext.Response.StatusCode = StatusCodes.Status403Forbidden;
                         return;
@@ -127,4 +127,4 @@ private static bool ExchangeSetStandardExists(string exchangeSetStandard)
             return ExchangeSetStandards.Any(s => exchangeSetStandard.Contains(s, StringComparison.OrdinalIgnoreCase));
         }
     }
-}
+}

UKHO.ExchangeSetService.API/UKHO.ExchangeSetService.API/appsettings.json

@@ -111,5 +111,5 @@
   "AllowedHosts": "*",
   "APPINSIGHTS_INSTRUMENTATIONKEY": "",
   "MaximumNumerOfDaysValidForSinceDateTimeEndpoint": 28,
-  "AdminDomains": ""
-}
+  "PrivilegedUserDomains": ""
+}