Merge remote-tracking branch 'origin/BG/239182-Newline_In_Uri' into B…

…G/239182-Newline_In_Uri

.github/workflows/codeql.yml

@@ -0,0 +1,78 @@
+# For most projects, this workflow file will not need changing; you simply need
+# to commit it to your repository.
+#
+# You may wish to alter this file to override the set of languages analyzed,
+# or to provide custom queries or build logic.
+#
+# ******** NOTE ********
+# We have attempted to detect the languages in your repository. Please check
+# the `language` matrix defined below to confirm you have the correct set of
+# supported CodeQL languages.
+#
+name: "CodeQL Advanced"
+
+on:
+  push:
+    branches: [ "master", "dev" ]
+  pull_request:
+    branches: [ "master", "dev" ]
+  schedule:
+    - cron: '33 9 * * 6'
+
+jobs:
+  analyze:
+    name: Analyze (${{ matrix.language }})
+    # Runner size impacts CodeQL analysis time. To learn more, please see:
+    #   - https://gh.io/recommended-hardware-resources-for-running-codeql
+    #   - https://gh.io/supported-runners-and-hardware-resources
+    #   - https://gh.io/using-larger-runners (GitHub.com only)
+    # Consider using larger runners or machines with greater resources for possible analysis time improvements.
+    runs-on: windows-latest ## .NET Framework requires Windows runner
+    permissions:
+      # required for all workflows
+      security-events: write
+
+      # required to fetch internal or private CodeQL packs
+      packages: read
+
+      # only required for workflows in private repositories
+      actions: read
+      contents: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+        - language: csharp
+          build-mode: autobuild
+        - language: javascript-typescript
+          build-mode: none
+        # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'
+        # Use `c-cpp` to analyze code written in C, C++ or both
+        # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
+        # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
+        # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
+        # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
+        # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
+        # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v3
+      with:
+        languages: ${{ matrix.language }}
+        build-mode: ${{ matrix.build-mode }}
+        # If you wish to specify custom queries, you can do so here or in a config file.
+        # By default, queries listed here will override any specified in a config file.
+        # Prefix the list here with "+" to use these queries and those in the config file.
+
+        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+        # queries: security-extended,security-and-quality
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v3
+      with:
+        category: "/language:${{matrix.language}}"

Web/Edubase.Services/Edubase.Services.csproj

@@ -245,6 +245,8 @@
     <Compile Include="ExternalLookup\IFSCPService.cs" />
     <Compile Include="ExternalLookup\IExternalLookupService.cs" />
     <Compile Include="ExternalLookup\IFBService.cs" />
+    <Compile Include="ExternalLookup\IOfstedService.cs" />
+    <Compile Include="ExternalLookup\OfstedService.cs" />
     <Compile Include="Geo\IPlacesLookupService.cs" />
     <Compile Include="Geo\PlaceDto.cs" />
     <Compile Include="Geo\PlacesLookupService.cs" />
@@ -258,7 +260,6 @@
     <Compile Include="Governors\Models\GovernorsDetailsDto.cs" />
     <Compile Include="Enums\eSortBy.cs" />
     <Compile Include="Domain\CompaniesHouseNumber.cs" />
-    <Compile Include="Domain\OfstedRatingUrl.cs" />
     <Compile Include="Establishments\Models\AggregratedEstablishmentFieldList.cs" />
     <Compile Include="Governors\Downloads\IGovernorDownloadService.cs" />
     <Compile Include="Governors\IGovernorsReadService.cs" />

Web/Edubase.Services/ExternalLookup/ExternalLookupService.cs

@@ -6,11 +6,13 @@ public class ExternalLookupService : IExternalLookupService
     {
         private readonly IFSCPDService _fscpdService;
         private readonly IFBService _fbService;
+        private readonly IOfstedService _ofstedService;
 
-        public ExternalLookupService(IFSCPDService fscpdService, IFBService fbService)
+        public ExternalLookupService(IFSCPDService fscpdService, IFBService fbService, IOfstedService ofstedService)
         {
             _fscpdService = fscpdService;
             _fbService = fbService;
+            _ofstedService = ofstedService;
         }
 
         public async Task<bool> FscpdCheckExists(int? urn, string name, bool mat = false)
@@ -32,5 +34,17 @@ public string SfbURL(int? lookupId, FbType lookupType)
         {
             return _fbService.PublicURL(lookupId, lookupType);
         }
+
+        public async Task<bool> OfstedReportPageCheckExists(int? urn)
+        {
+            return await _ofstedService.CheckExists(urn);
+        }
+
+        public string OfstedReportUrl(int? urn)
+        {
+            return _ofstedService.PublicURL(urn);
+        }
+
+
     }
 }

Web/Edubase.Services/ExternalLookup/IExternalLookupService.cs

@@ -8,5 +8,7 @@ public interface IExternalLookupService
         string FscpdURL(int? urn, string name, bool mat = false);
         Task<bool> SfbCheckExists(int? lookupId, FbType lookupType);
         string SfbURL(int? lookupId, FbType lookupType);
+        Task<bool> OfstedReportPageCheckExists(int? urn);
+        string OfstedReportUrl(int? urn);
     }
 }

Web/Edubase.Services/ExternalLookup/IOfstedService.cs

@@ -0,0 +1,10 @@
+using System.Threading.Tasks;
+
+namespace Edubase.Services.ExternalLookup
+{
+    public interface IOfstedService
+    {
+        Task<bool> CheckExists(int? urn);
+        string PublicURL(int? urn);
+    }
+}

Web/Edubase.Services/ExternalLookup/OfstedService.cs

@@ -0,0 +1,74 @@
+using System;
+using System.Configuration;
+using System.Net;
+using System.Net.Http;
+using System.Net.Http.Headers;
+using System.Runtime.Caching;
+using System.Threading.Tasks;
+using Edubase.Common;
+using Edubase.Services.IntegrationEndPoints;
+using Polly;
+
+namespace Edubase.Services.ExternalLookup
+{
+    public class OfstedService : IOfstedService
+    {
+        private readonly HttpClient _client;
+
+        private const string OfstedServiceTimeoutKey = "OfstedService_TimeoutSeconds";
+
+        private IAsyncPolicy<HttpResponseMessage> RetryPolicy => PollyUtil.CreateRetryPolicy(RetryIntervals, OfstedServiceTimeoutKey);
+
+        private TimeSpan[] RetryIntervals => PollyUtil.CsvSecondsToTimeSpans(ConfigurationManager.AppSettings["OfstedService_RetryIntervals"]);
+
+        private int CacheHours => ConfigurationManager.AppSettings["OfstedService_CacheHours"].ToInteger() ?? 8;
+
+        private string BaseUrl => ConfigurationManager.AppSettings["OfstedService_BaseAddress"];
+
+
+        public OfstedService(HttpClient client)
+        {
+            _client = client;
+        }
+
+        private HttpRequestMessage HeadRestRequest(int? urn)
+        {
+            return new HttpRequestMessage(HttpMethod.Head, PublicURL(urn));
+        }
+
+
+        public async Task<bool> CheckExists(int? urn)
+        {
+            var key = $"ofsted-report-{urn}";
+            var cachedPageStatus = MemoryCache.Default.Get(key);
+            if (cachedPageStatus != null)
+            {
+                return (bool) cachedPageStatus;
+            }
+
+            var request = HeadRestRequest(urn);
+            try
+            {
+                using (var response = await RetryPolicy.ExecuteAsync(async () =>
+                           await _client.SendAsync(request, HttpCompletionOption.ResponseHeadersRead)))
+                {
+                    var isOk = response.StatusCode == HttpStatusCode.OK;
+                    MemoryCache.Default.Set(
+                        new CacheItem(key, isOk),
+                        new CacheItemPolicy {AbsoluteExpiration = DateTimeOffset.Now.AddHours(CacheHours)}
+                    );
+                    return isOk;
+                }
+            }
+            catch
+            {
+                return false;
+            }
+        }
+
+        public string PublicURL(int? urn)
+        {
+            return BaseUrl + urn;
+        }
+    }
+}

Web/Edubase.Web.UI/App_Start/IocConfig.cs

@@ -137,6 +137,9 @@ private static void RegisterTypes(ContainerBuilder builder)
             builder.RegisterInstance(CreateSfbClient()).SingleInstance().Named<HttpClient>("SfbClient");
             builder.Register(c => new FBService(c.ResolveNamed<HttpClient>("SfbClient"))).As<IFBService>();
 
+            builder.RegisterInstance(CreateOfstedClient()).SingleInstance().Named<HttpClient>("OfstedClient");
+            builder.Register(c => new OfstedService(c.ResolveNamed<HttpClient>("OfstedClient"))).As<IOfstedService>();
+
             builder.RegisterType<ExternalLookupService>().As<IExternalLookupService>().SingleInstance().AutoActivate();
 
             builder.RegisterInstance(AutoMapperWebConfiguration.CreateMapper()).As<IMapper>();
@@ -319,6 +322,37 @@ private static HttpClient CreateSfbClient()
             return client;
         }
 
+        private static HttpClient CreateOfstedClient()
+        {
+            if (!int.TryParse(ConfigurationManager.AppSettings["OfstedService_TimeoutSeconds"], out var timeoutsettings))
+            {
+                timeoutsettings = 10;
+            }
+
+            var client = new HttpClient(new HttpClientHandler { UseCookies = false })
+            {
+                BaseAddress = new Uri(ConfigurationManager.AppSettings["OfstedService_BaseAddress"]),
+                Timeout = TimeSpan.FromSeconds(timeoutsettings)
+            };
+
+            var apiUsername = ConfigurationManager.AppSettings["OfstedService_Username"];
+            var apiPassword = ConfigurationManager.AppSettings["OfstedService_Password"];
+
+            if (!apiUsername.IsNullOrEmpty() && !apiPassword.IsNullOrEmpty())
+            {
+                client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue(Basic,
+                    new BasicAuthCredentials(apiUsername, apiPassword).ToString());
+            }
+
+            var productValue = new ProductInfoHeaderValue("GIAS", Assembly.GetExecutingAssembly().GetName().Version.ToString());
+            var commentValue = new ProductInfoHeaderValue("(Chrome; Edge; Mozilla; +https://www.get-information-schools.service.gov.uk)");
+
+            client.DefaultRequestHeaders.UserAgent.Add(productValue);
+            client.DefaultRequestHeaders.UserAgent.Add(commentValue);
+
+            return client;
+        }
+
         public static HttpClient CreateLookupClient(string lookupApiAddress, string lookupApiUsername, string lookupApiPassword)
         {
             // If the given values are empty, default to using the generic/standard API address and credentials

Web/Edubase.Web.UI/Areas/Establishments/Controllers/EstablishmentController.cs

@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.Configuration;
 using System.Linq;
 using System.Linq.Expressions;
 using System.Reflection;
@@ -357,6 +358,9 @@ public async Task<ActionResult> Details(int id, string searchQueryString = "", e
 
             await viewModel.SetFscpdAsync();
             await viewModel.SetShowFinancialBenchmarkingAsync();
+            await viewModel.SetShowOfstedReportLinkAsync();
+
+            viewModel.ShowOfstedRatings = "true".Equals(ConfigurationManager.AppSettings["Feature_Ofsted_ShowRatings"]);
 
             viewModel.TabWarnings = new TabWarningsModel(viewModel.Establishment.TypeId);
 
@@ -382,7 +386,7 @@ await Task.WhenAll(
             viewModel.SchoolCapacityToolTipLink = viewModel.Establishment.TypeId.Equals((int)ET.AcademySecure16to19)
                 ? string.Empty
                 : _resourcesHelper.GetResourceStringForEstablishment("SchoolCapacityLink", (eLookupEstablishmentTypeGroup?) viewModel.Establishment.EstablishmentTypeGroupId, User);
-               
+
             return View(viewModel);
         }
 
@@ -405,6 +409,8 @@ public async Task<ActionResult> GovernanceChangeHistoryAsync(int id, int skip =
             };
 
             await viewModel.SetFscpdAsync();
+            await viewModel.SetShowFinancialBenchmarkingAsync();
+            await viewModel.SetShowOfstedReportLinkAsync();
 
             await Task.WhenAll(
                 PopulateDisplayPolicies(viewModel)