Keycloak Phone Auth (#1122)

* custom keycloak provider for phone

* custom keycloak provider for phone

* custom keycloak provider for phone

* custom keycloak provider for phone

* Moved from IMemoryCache to IDistributedCache, catering for multiple i… (#1115)

* Moved from IMemoryCache to IDistributedCache, catering for multiple intances of the api

* Change store and category info cache to expire on an hourly basis ensuring new stores are picked-up

* partner sharing & post as active form issue, dropdown focus issue (#1117)

* removed theme folder from keycloak container

* keycloak provider: telephone number is optional

* keycloak provider: username email/phone fix and added required action for phone number change

* phone number as username rafctoring

* users.sh update

* API Refactoring

* Fixed users.sh

* Bug fixes

* Fixed keycloak extension issue

* org register: phone numbers for additional admins

* UI: changes to org edit, links etc for phoneNumber

* cleanup of dockerfile (keycloak provider arg) & keycloak realm user profile fields

* Phone number update: Allow updating / setting phone number if not set

* UPDATE_PHONE_NUMBER action now submitted as part of the PutUsersByUserIdAsync update

* UI: update phone number on user profile edit

* keycloak: set email theme to phone

* UI: update profile messages for reset password/phone form fields

* Keycloak update user logic to handle required actions correctly

* Rename `keycloak-providers` to `keycloak/providers` (#1120)

* Move Keycloak Provider Jars to `src/keycloak/providers/jars`

* Maintain project naming and structure conventions
* Add `temurin-17` and `maven` to `.mise.toml`

* Add Maven `target` dirs to `gitignore`

* Rename `keycloak-providers` to `keycloak/providers`

* Maintain project naming and structure conventions
* Update `.gitignore` accordingly
* Update the `pom.xml` files accordingly

* YOMA-538: Configure Twilio Keycloak SMS Provider (#1121)

* Using the Twilio Test keys in Dev and Stage
* Using Twilio Test number in Dev
* Stage and Prod have a placeholder while we wait for the actual Yoma number
* Twilio Live credentials in Prod
* Download our custom Twilio Provider JARs in the Download Providers init container

* Remove duplicate keycloak providers target gitignore

* YOMA-538: Fix Keycloak SMS SPI environment variables

* keycloak email theme fix

* keycloak fix: send event after user is persisted

* dotnet format

* Allow user email and phone number change (pending TODO ZLTO)

* user profile: allow email update on form

* UI: force sign-out after changing email/phone/password (user profile)

* keycloak: country code selector for phone number

* Fixed log info messages refering to email instead of username

* Fix Keycloak Deploy

* Remove Keycloak `chown` of Providers

* keycloak: twilio phone number config for country codes

* keycloak: comment for default twilio config (docker)

* Clean up Keycloak Providers Maven Target Dir

* Update Twilio Keycloak Config

* Fix Twilio Keycloak Config

* - Add tracking and update logic for ZLTO wallet username on system username change (email or phone)
- Add client-side category filtering with pagination for ZLTO Store Search due to no server-side filter in API

* User first name and last name is now nullable

* Linting

* ReceiveKeyCloakEvent: Type no parsed using the description

* API refactoring review

* keycloak: login screen - country code (WIP)

* keycloak: added country code to forgot password page

* keycloak: login screen - intl-tel-input control for phone number

* keycloak: forgot password screen - intl-tel-input control for phone number

* keycloak: added update password screen & updated phone number screen - intl-tel-input control for phone number

* keycloak: registration screen - intl-tel-input control for phone number

* keycloak: registration screen - require phone verification (only once on form resubmission)

* keycloak: registration screen - fix for phone verification session state

* keycloak: registration screen - fix for phone verification session issue

* keycloak: add /auth path to client requests (KC_HTTP_RELATIVE_PATH env var)

* keycloak: tabs on registration screen, styles & template refactor

* keycloak: form button spacing & phone verification on clear phone verification on re-render

* keycloak: improved password requirements indicator on register & update password pages

* keycloak: improved password requirements indicator on register & update password pages, added send code messages to update phone page

* keycloak: phone verification - send code & error messages

* keycloak: generate password on register & update password screens

* Add Twilio config to Yoma API

* Add Twilio integration with SMS and WhatsApp support. Fallback to WhatsApp if no email address is available. Integration currently disabled.

* when pasting multiple values, split them by ' ' & ';' characters and trim values (#1130)

* partner sharing & post as active form issue, dropdown focus issue (#1117)

* org register: phone numbers for additional admins

* UI: changes to org edit, links etc for phoneNumber

* keycloak: cryptographic security enhancement for password generation

* Comment change to force PR rerun

---------

Co-authored-by: Jason Dicker <[email protected]>
Co-authored-by: adrianwium <[email protected]>
Co-authored-by: Jason Dicker <[email protected]>

.github/workflows/cicd.yml

@@ -448,6 +448,7 @@ jobs:
               --selector app=keycloak \
               --set config-cli.init.ref=${{ github.event_name == 'release' && github.ref_name || github.sha }} \
               --set keycloak.themes.ref=${{ github.event_name == 'release' && github.ref_name || github.sha }} \
+              --set keycloak.providers.ref=${{ github.event_name == 'release' && github.ref_name || github.sha }} \
               --set postInstallHook.ref=${{ github.event_name == 'release' && github.ref_name || github.sha }}
           helmfile-version: ${{ env.HELMFILE_VERSION }}
           helm-version: ${{ env.HELM_VERSION }}

.gitignore

@@ -9,6 +9,9 @@
 **/public/workbox-*.js.map
 **/public/worker-*.js.map
 
+# Ignore the Maven Target Dirs which contain build artifacts
+src/keycloak/providers/**/target
+
 # Created by https://www.toptal.com/developers/gitignore/api/node,yarn,linux,macos,csharp,nextjs,windows,aspnetcore,dotnetcore,sublimetext,intellij+all,visualstudio,visualstudiocode
 # Edit at https://www.toptal.com/developers/gitignore?templates=node,yarn,linux,macos,csharp,nextjs,windows,aspnetcore,dotnetcore,sublimetext,intellij+all,visualstudio,visualstudiocode
 

.mise.toml

@@ -1,8 +1,10 @@
 # https://github.com/jdx/mise
 [tools]
 dotnet = "8.0"
+java = "temurin-17"
+maven = "3.9"
 node = "18"
 tilt = "latest"
 
 [env]
-MISE_FETCH_REMOTE_VERSIONS_TIMEOUT="30s" # Because azure is slow
+MISE_FETCH_REMOTE_VERSIONS_TIMEOUT = "30s" # Because azure is slow

helm/keycloak/conf/dev/secrets.yaml

@@ -29,6 +29,12 @@ keycloak:
                 database: ENC[AES256_GCM,data:E0jLFFQazWU=,iv:svmiHaLI96ty8NLaLt6Ymj0dKdnUHOGeERqHLPckxdk=,tag:sUHlYtuTURA3Uji3MtboWQ==,type:str]
                 user: ENC[AES256_GCM,data:WgSbrgPm0I4=,iv:+zNxjybnPaEc8hqz/8KiAgFnTqjy4YfBeD2FRyEMuyg=,tag:BQhC/umkzAzh8BC6/F2WBQ==,type:str]
                 password: ENC[AES256_GCM,data:p6jOnvclPDA=,iv:5/4OGvNaEl/tsiKRItUZC1L2LnIAhuentEvtf/jZwss=,tag:7yd/4poPZiZZaK/Kwe9QVg==,type:str]
+        twilio:
+            stringData:
+                sid: ENC[AES256_GCM,data:EbpNjDcFQkiQLlBrDJYCQzXzNXEMKH7zWG7I0C5Dr5rsOg==,iv:K74xK1QVaJlc/CpT2P/fCIfHsBBUDyFRnsP1Te+WxEc=,tag:fdYt5DOhwUQHz/YFDq2PBg==,type:str]
+                token: ENC[AES256_GCM,data:KzmcqjjPt25hrYV6begodVpI3AN8A/THixX6HARv6Q8=,iv:P6YVUVGLG1tCi3xx6MzQ8yYMuofBBh4C5/VbOvwQ3Ns=,tag:BKgfDFg6huUJrbgpjAUERQ==,type:str]
+                #ENC[AES256_GCM,data:ykHupEfcYDqFs4bVvZTwjBvLuR3BO9Ln2BpsoE77zSbK9bQ+etPL782lC0NdcXgsMZX4WIjSywlJ,iv:EBV1vzcxg9209TM3IffsurUbYi/yUUhj/eml3nyd/jw=,tag:Cy7YEcqNXFtq6FHODvxc1w==,type:comment]
+                number: ENC[AES256_GCM,data:9Qr8eSnY+hLhWKKTfg==,iv:2ObU32lXXqL6/7Ndn+3Tmc3GZ5rCPBa0mAVnwxy/1QU=,tag:aX+2ftMl/Ez2ILTRr1Shxw==,type:str]
 config-cli:
     secrets:
         KEYCLOAK_USER: ENC[AES256_GCM,data:DQzrhhayQ2Q=,iv:NwgCJZuKx+D2gUcSc1T+Vv0LigPo8UFeiYgbBfvT0vM=,tag:arBptodK9nGgPVRqsk7zGQ==,type:str]
@@ -54,8 +60,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2024-07-29T07:21:28Z"
-    mac: ENC[AES256_GCM,data:f0IgtC3m48QjEfaxx23ZS6YFOkcCmhrCFZr4msYfltQ3k6qbk6Qbe7GvJLnWpHETB5+B6OjRVfPciC6p1Y3C4Juf+Xa++5PUPf9D5PxAKcNI/SL8LKhejgmARlE2JfbfYd7bWNJZvYJy6CGR+jlgE4RnxuU7XbYgKABxjMhF/A0=,iv:XF+41nyyJpG/y8vgU4xw3TUWsS1ABCnIZnBSbssIyPo=,tag:ZMyqGPn2MKRicykri5hKkQ==,type:str]
+    lastmodified: "2024-10-17T12:23:28Z"
+    mac: ENC[AES256_GCM,data:CrEaxNrwPaUdFoDmdFXThBwHb6bM4XcLvegSDWojmW1hCU2N3xwQlS2Dw+YeT8uYzskifdGYpfNGSi7zxLh8hjMFKH1xfoGoiO2MPf6kAZRycjv7NDr6zHm3sxEeTZkcDL3PuqgLVlKdE5T97HJzuNXken6sMpYLLzJq9GjQBHU=,iv:Hg64GnGl0A0qvSp1W8i/Wbp92AcqXxCkUp9SkOdM14w=,tag:OOZwDZvFsc59GaLSLsATRQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.9.0
+    version: 3.9.1

helm/keycloak/conf/prod/secrets.yaml

@@ -8,6 +8,12 @@ keycloak:
                 #ENC[AES256_GCM,data:lltrqHjMjrp+ZaGwOXM=,iv:kTnOAn3acFbMjFUE1nZNigomN3LrtOx0U2n1SFwlBeg=,tag:YdbwJyOLZV7ws5JDvhzJWg==,type:comment]
                 #ENC[AES256_GCM,data:VvwA2+9/yCyjQNc1JFM96yUxJr/orj07vnGjUY/hL3JB7saF7H6GSpBI,iv:4Xxc8MPEVT8SdFQSpfBBxPPoCCRGGQTdb8nw65+xnJ8=,tag:gLS1vBprSHHkTpkow6PjZA==,type:comment]
                 #ENC[AES256_GCM,data:o8X/VsS2vcLN6OoG5Q02lJNjTL6GSBgVq5W8/znbImHez42a0IqPpLBnPna+Dq6Ij9LTzAF3mYYfsnXbLfKcRpxj,iv:PXb3RXOC3/9JfqoNqUTyukReRhu6cE7glEojY/cH6B4=,tag:QvPLh2JFJ7515FbUuzL6Wg==,type:comment]
+        twilio:
+            stringData:
+                sid: ENC[AES256_GCM,data:KEuBL0NsjuJFpaZc+9h4pRE6PFY9c20wb1F6Ifyoz7IfdQ==,iv:pvcw+rV6lhbNpL4sXhinBDrYYMyLN31v0lXcAdUIJcY=,tag:d26c1C+iCv/qAYnsi6GtQQ==,type:str]
+                token: ENC[AES256_GCM,data:8ttJmjNkFNzutX+SoPQE5QYQF7DqhvOvcwIDhn44eBM=,iv:KvP5WtISwDqHITqQWZ44FOt1s1F/z29GPuH5fVLXqq0=,tag:McdfdILIDXPREhLw85/4Pw==,type:str]
+                #ENC[AES256_GCM,data:kz0+uKQT9byVVhDoBFkxOmMlhxyWpNLx2zyMAkAKprharFVT8dD+HCPAs/sui6L5YnUA+zeHrx5D,iv:SqiqLrDJk86rGPpgBTvbr+vxHHQhQbkYHCWE1mhkA84=,tag:tJMvS2yOrxsc0cm33Lbhkw==,type:comment]
+                number: ENC[AES256_GCM,data:OnN8p8+wMHfbcVkJ/Q==,iv:kHVtAjX49TEMG8TVRIXHZ906WSlCX8bi0PxioVEV0bc=,tag:yNH3cN5WkVJD/DfGAK5SbQ==,type:str]
 config-cli:
     secrets:
         KEYCLOAK_USER: ENC[AES256_GCM,data:k/b9R1DS3lw=,iv:n4OGjLPXpPoyrxCtCz+BPmwwy+fDcD6aG1J1whUzuXw=,tag:Pd+vak3/ZukMe3fcRqHFpg==,type:str]
@@ -33,8 +39,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2024-07-29T07:21:52Z"
-    mac: ENC[AES256_GCM,data:V1e0QvQl4prFG7UXaQST2Oz/lzPOMk3Udr36pVsHK3lj9OXl1V4SuMzAWyLJjaMTBprDvkjh2xk5tkYjYwj6/6H/GnawHLdAdjpNQk4zd1v0iWP1KfngAOhNN4tDDuXekK5e5WrHUBoDvRyunXK2zgd27Im2IqtFczwgmZ/6mr8=,iv:jwh32O52eHk+DL9otJPxncTSgjG2fEoMA52QlvKzl3k=,tag:tbzXPsbGFWnZKfsOaCJBUQ==,type:str]
+    lastmodified: "2024-10-17T12:23:09Z"
+    mac: ENC[AES256_GCM,data:gq2Lh8mWvq+dqmpmSJvzq4BUftj3KpCmT0KJSS0ikNu0jhY9s5S0o2rHDkiSkpzZcxOzqFI1klramm81S7fMOu9xDtt0kkesvOUxNDMBbqZyj6cBh8S1NzfkpHdq52BUiH9PIWu3y+4h0cAOUwegJMVH4wDe0Bhdld4zhmYl3LE=,iv:QLP7AgaXb+eevFKDX2Bz3XBHrFKjn60sOXZlyydky+8=,tag:m4KCjVDGdBvuv5MJSfee/g==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.9.0
+    version: 3.9.1

helm/keycloak/conf/stage/secrets.yaml

@@ -4,10 +4,12 @@ keycloak:
             stringData:
                 WEBHOOK_HTTP_AUTH_USERNAME: ENC[AES256_GCM,data:kdNoR0TG3g==,iv:SyrnoQetML1TaQ3Q0gx0qaw2twLaqByfCXC8p5h3/ac=,tag:bUTJWQ0VrGwySlaiyCHE9Q==,type:str]
                 WEBHOOK_HTTP_AUTH_PASSWORD: ENC[AES256_GCM,data:OgP8nv4ob23E3btlwoTlFj+2ckJW5zU67RMX9lp4RLA=,iv:s2HqvlhzqGleTOJbC1z6oyzWiz6S5zu62zNx11y8Mic=,tag:U+Z8WCFhDrXrn2qqU0lQSA==,type:str]
-                #ENC[AES256_GCM,data:KthHAuqqxw==,iv:FlWBiukpHGyEBoJNNCKG/F3kMqi5mYwuRLPFfF9BUAk=,tag:2nHj2HoNX6ZrBI+Bbayldg==,type:comment]
-#ENC[AES256_GCM,data:dZSqAcdfG1b3IhPYhAMtXZPbtizE+rQCyNt/bSeaOX/qY5ScBQqoxuHL4qtFlGZtGmiZtqvwMqEhUTc5fegaZ6ep83Z/HdJObRPtjmEAg42ORRPWOVaVmm9bI2nNh0MCwr8tjbvg2O5I1aqrETzJFo9zkZxvpmrhMd/mHJHHipJkBxs=,iv:q2u9QupkWkDEcw64qKr+5FHtdm56lBe6pSCw4f2r/A8=,tag:1atRQX1bp+/OcgkSHFK5fg==,type:comment]
-#ENC[AES256_GCM,data:l+wobjYxdlJKFqISuazpFUNNlqaZ2zpjVnK3tFOX+l6FzDmh0MzXM6efypMdgRKXgR5XQaiXwlLgRLbtP8wxdZGnouVHH4F5uZwtg51NwvsbNiJ2iWU4Bf1OiAsaoeF+oyLinwjnQ8Xa2t48fbC8ZNWPqDlSTJ/dtcotBK+YcCfJZtFCrGxoROQXuwWp23obcp1HFLySGgKMrzr1anF3S1pvXJL/ik8=,iv:jJdJb3Bp/HKabP0LK1OYk6eQ7BMY1QYEx8vISvPKSZI=,tag:5p/lsUlBtqrda15LqjrhBA==,type:comment]
-#ENC[AES256_GCM,data:tgOPq8BYWbSfNmyGejxhHaWiXVC6PZtoSN5k+0m015xh+0lWSSzqmJ67PhAzyDVDV+iHehe1IvCIsQ216FdHwpu05jsS1L1OeMtzaqSjYaIZvOPj5WY1dwzcsTRIH7tAGwxMCZW/JH+Ch6XE7UgYwnMSEmiH4qyZHoe+bctXu7sPfLZ/zP5ES6ZazDrKNVU5tutHqXZn2FlI7ezYaLTHlP0GlbG5EeJfZaMv,iv:rdlmfW6ppeYSgjraea3KUdOzQF9nooRedWUnjlAm/u0=,tag:CW8jwOt34izyVt9kX1dymg==,type:comment]
+        twilio:
+            stringData:
+                sid: ENC[AES256_GCM,data:qN5gQzOFjgrQ4q11PTWicyxoLOcoxLVAeXZO/7QNxZnEdQ==,iv:kY/3CiaQskm6D1Cwg/3+jAzIZwkx7oNZj2dw6jxmw+4=,tag:BWN1PdzGKmfFIYTwr1pp7Q==,type:str]
+                token: ENC[AES256_GCM,data:s2VLoA+o8m40gvTCGJEMFa2L/31eL5p76CdLkqhxyPU=,iv:mWEbVTmZx7xrDgvMoX/uE0+zj0/Pvk/YC4Cf+NDToXo=,tag:0UlDJ92BTRVC4BP4Gf8MVg==,type:str]
+                #ENC[AES256_GCM,data:M6KkbQRB60LcfAZRHj0Y6KK/h3HpZ8pXfKQAhd9nAUi+rlKD9GAlF962C1pWnZ6smr0Boie/SdQa,iv:EII2KqdcZzzYZIVhRekOhA6So5ZMyBIlLt5gFbzRP9A=,tag:Z3Vi1ixD3EhW+cijx69TKA==,type:comment]
+                number: ENC[AES256_GCM,data:L57ep1VM7KItOKnrjQ==,iv:h/jsS9OY+jRqv/F0snphkt3wAc5aAK86lVFcQgVfNE4=,tag:APBh9EsWfQFsLN8Tq/rHTg==,type:str]
 config-cli:
     secrets:
         KEYCLOAK_USER: ENC[AES256_GCM,data:eXMN0g6tu3I=,iv:+VFQ4+ug/ux/QKq8GQ4MgPMf/3sqlpgZPAOw3F6qZjg=,tag:AExr/1YRiWwaTRIFZzzdAA==,type:str]
@@ -33,8 +35,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2024-07-29T07:22:03Z"
-    mac: ENC[AES256_GCM,data:VzQ9L9QcGWQkPVIEIVGtqJ4FdQroAV8TUs1cX9dFL0FiCKF8fhnj0yEMhY46uQqhGMpl6ljDPJniLQA8rhQPsLE/qk7n2pDN6jQpvbYN+dvDv9sHkmK+JKPJf4P0PyTz3/ufvMbfKPvInA4l5rOL7NrQTkKu/R1bc7dYV67vKtY=,iv:pk85jVmdI5Tg6kV8ZdhRkeJ2bFMC9yCuT2zsF+pIi0g=,tag:mAkeu1+IlkvO34toSF9w+w==,type:str]
+    lastmodified: "2024-10-17T12:23:12Z"
+    mac: ENC[AES256_GCM,data:FSnTLi7tRmPTm2CKUtfAtqVu9vKUwtBOLHeqIW33bGAPVnN0Z7CzCvK4d3g4d9UAfgFPExb79gb0CzhvSgH79gsv8EeJQc9CcW56J4mNGPch1+FrtyktbTu4oG2FhXF00fR4Ed0XncvhET2SIRkuISq+BSEZ48P2bxuWXtsnqR8=,iv:/KVkYPoJyyYLEk06lioMvHU5iCvDBJxTgFaCRez4it8=,tag:Lob5O3lUTvCpUJTIVnMHDg==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
-    version: 3.9.0
+    version: 3.9.1

helm/keycloak/values.yaml

@@ -196,18 +196,26 @@ keycloak:
   themes:
     enabled: false
     ref: develop
+  providers:
+    ref: develop
   extraInitContainers: |-
-    - name: download-extensions
+    - name: download-providers
       image: docker.io/busybox:stable
       imagePullPolicy: IfNotPresent
       command:
         - sh
       args:
         - -c
         - |-
+          cd /providers
           wget -q \
             https://github.com/vymalo/keycloak-webhook/releases/download/v{{ .Values.webhook.version }}/keycloak-webhook-{{ .Values.webhook.version }}-all.jar \
               -O /providers/keycloak-webhook-{{ .Values.webhook.version }}.jar
+          wget -qO - \
+            --header="Accept:application/vnd.github.v3.raw" \
+            https://api.github.com/repos/didx-xyz/yoma/tarball/{{ .Values.providers.ref }} | tar xz
+          cp -v ./didx-xyz-yoma-*/src/keycloak/providers/jars/*.jar /providers
+          rm -rf ./didx-xyz-yoma-*
       volumeMounts:
         - name: providers
           mountPath: /providers
@@ -281,6 +289,27 @@ keycloak:
       value: sslmode=prefer
     - name: KC_LOG_CONSOLE_OUTPUT
       value: json
+    - name: KC_SPI_PHONE_DEFAULT_SERVICE
+      value: twilio
+    - name: KC_SPI_MESSAGE_SENDER_SERVICE_TWILIO_ACCOUNT
+      valueFrom:
+        secretKeyRef:
+          name: {{ include "keycloak.fullname" . }}-twilio
+          key: sid
+    - name: KC_SPI_MESSAGE_SENDER_SERVICE_TWILIO_TOKEN
+      valueFrom:
+        secretKeyRef:
+          name: {{ include "keycloak.fullname" . }}-twilio
+          key: token
+    - name: KC_SPI_MESSAGE_SENDER_SERVICE_TWILIO_NUMBER
+      valueFrom:
+        secretKeyRef:
+          name: {{ include "keycloak.fullname" . }}-twilio
+          key: number
+    - name: KC_SPI_PHONE_DEFAULT_TOKEN_EXPIRES_IN
+      value: "120"
+    - name: KC_SPI_PHONE_DEFAULT_YOMA_DEFAULT_NUMBER_REGEX
+      value: "^\\+?\\d+$"
 
   affinity: |-
     nodeAffinity:
@@ -328,7 +357,7 @@ keycloak:
     admission.datadoghq.com/enabled: "false" # disabled by default (for now)
   podAnnotations:
     # gcr.io/datadoghq/dd-lib-java-init
-    admission.datadoghq.com/java-lib.version: v1.39.0
+    admission.datadoghq.com/java-lib.version: v1.40.1
     ad.datadoghq.com/keycloak.logs: '[{ "service": "keycloak", "source": "jboss_wildfly" }]'
 
   lifecycleHooks: |
@@ -379,6 +408,13 @@ keycloak:
   http:
     relativePath: /auth
 
+  secrets:
+    twilio:
+      stringData:
+        sid: superDuperVerySecret
+        token: superDuperVerySecret
+        number: superDuperVerySecret
+
   autoscaling:
     # If `true`, an autoscaling/v2 HorizontalPodAutoscaler resource is created (requires Kubernetes 1.23 or above)
     # Autoscaling seems to be most reliable when using KUBE_PING service discovery (see README for details)

helm/yoma-api/conf/base/secrets.yaml

@@ -52,6 +52,7 @@ appSettings:
         SwaggerScopesClientCredentials: ENC[AES256_GCM,data:AJP63VIImR4=,iv:ZcC8hUkTVngm8SDFIgBvrXjpFGAsMIsvwMNdhgV+zqs=,tag:O4+saessUL9FiWSy1PPwpw==,type:str]
         TestDataSeedingDelayInMinutes: ENC[AES256_GCM,data:fg==,iv:6ZUIol+SIYFcqRZVyCu4WZi7IGioX8Gr9Q6ksvQHxmw=,tag:mnMF7JThkUFpQtaZfC2ZUw==,type:int]
         TestDataSeedingEnvironments: ENC[AES256_GCM,data:1ZBcho+GzOP3MpNsVks3FwZR,iv:CHVCYxLxWDuMFm77upO7N+IzGMxrB/HOzJXinqdM3Vw=,tag:THcAavgQrcM+IjTCIDmAfQ==,type:str]
+        TwilioEnabledEnvironments: null
         YomaOrganizationName: ENC[AES256_GCM,data:QxSwgu+4KuUdyoKz/oQlM8eIB3RdwxcqA4nX4skNcw==,iv:ybfK99GaMDcaXk1DDVnGJqzkbueCCOUvzxh12TlCQj8=,tag:gKpqMvZrxJEz5SGRDHJosw==,type:str]
         YomaSupportEmailAddress: ENC[AES256_GCM,data:6DSJ84zaVrBbVcNSe7Z84J6B,iv:EnrWTxwOOERulmK1TavjrpmxW4VkYahtDP1XLUsqjR0=,tag:nRTtqTZ3cWwG5aQB/Wb+wg==,type:str]
     Bitly:
@@ -227,6 +228,12 @@ appSettings:
         BaseUrl: ENC[AES256_GCM,data:+o+AI3UClkY7Nr90/azY0RYy2jZ7HEntkOUrA4otyZvDnA==,iv:Fs5q0BMgdXw3S+E9O3zqMFn5Rim7R+MlSv1aF04VVVg=,tag:XplLANUsJKhGKikTXyrCcA==,type:str]
         ApiVersionL: ENC[AES256_GCM,data:nsVY,iv:u8KWkKJ3a677Q+jlp418LnJp8RV4plEWqfPPsOMN2LA=,tag:+OF/PGVmUVyv/bESnDkC+g==,type:str]
         ApiKey: ENC[AES256_GCM,data:vcDaE4jUE50=,iv:G6pRg9X9W0GoRtYFv1qZVeGSdg2pe90ixh8n7ZKNrqQ=,tag:AJkYHe4Fauvxx8REF08t6g==,type:str]
+    Twilio:
+        AccountSid: ENC[AES256_GCM,data:2JZmM7QjPqGp2ClyucnuEJgCjqRPVaVrU7SBsSMTM5VjTQ==,iv:WIOtVnOWDUD4oMYQ6u7nigYThH6wA5NTT/RzlB3tljI=,tag:JdmrGiNFheDOMxZO7jbFeg==,type:str]
+        AuthToken: ENC[AES256_GCM,data:dfmWnvnYxZK/NQrkvCBp3V2RzVNlD4ei3zhFqeoGonw=,iv:b9d1GXQX8VXangH4MMy4mF+M4uENeAYhZdAo8NIi8ZI=,tag:u/u8NFAuQhjTecTdS6qdEg==,type:str]
+        From:
+            SMS: ENC[AES256_GCM,data:efG0G5ZOfEL27Cc=,iv:H7rS4t4r3gyEUqzyw5mazsL2ziEECJuH6pXcqMDvFO4=,tag:FQjGjXIjSaWBvziZVgVCrw==,type:str]
+        Templates: null
 sops:
     kms:
         - arn: arn:aws:kms:eu-west-1:210913241065:alias/helm/yoma-dev
@@ -241,8 +248,8 @@ sops:
     azure_kv: []
     hc_vault: []
     age: []
-    lastmodified: "2024-10-24T08:24:36Z"
-    mac: ENC[AES256_GCM,data:sXfc3C8aGpHU38OkDNskj8hzvGOI38A/INpcAhMy4Dq7PHnhuhKImvFlGKbrb9UA+SP4dmSeHeQ1yUPMDd/z+O/m3P81d/FgXvwlo5c3i42GFbB9uH71fiI2E/WWNRSnnZOh6uLrJDVNuAFsDG+0kWlTS1XjrgrRHVrUXsEXWkI=,iv:mVpZIkuhf8RL1JHLkjZbaK8Q+4gfRzLqHJFZJFB2LUs=,tag:nv7bsyasxlfbm3emPPbV1Q==,type:str]
+    lastmodified: "2024-10-29T12:32:32Z"
+    mac: ENC[AES256_GCM,data:o+K7sitICd/AC+PpweMj84zkSIzb5mma+iFHfIaNiujmWGIh7VHC8/9E+owryRguIgyQWu5NVaLjKOJKQGM5y8eA376F/WBTl+czGhP9oe/iKNS3IJU8/NRbyeuMZZJAZFHpcV4Hcz7fdhCDlNex5mb0UxJSugavjfq0snuymuQ=,iv:Fx4qIP3ZhJRhEQeyDLScgj4kY9qXZ3bhAnegs0Y1r+c=,tag:nVVjxa6DPLdBOxTkmP6fng==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.1

src/api/Yoma.Core.sln

@@ -44,6 +44,8 @@ Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Yoma.Core.Infrastructure.Bi
 EndProject
 Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Yoma.Core.Infrastructure.SAYouth", "src\infrastructure\Yoma.Core.Infrastructure.SAYouth\Yoma.Core.Infrastructure.SAYouth.csproj", "{A3E9E26D-ED27-4791-9A0C-5C1345FB99AD}"
 EndProject
+Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "Yoma.Core.Infrastructure.Twilio", "src\infrastructure\Yoma.Core.Infrastructure.Twillio\Yoma.Core.Infrastructure.Twilio.csproj", "{B00B10EE-AC67-43BB-90D3-E2C1E9EBDA95}"
+EndProject
 Global
 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 		Debug|Any CPU = Debug|Any CPU
@@ -98,6 +100,10 @@ Global
 		{A3E9E26D-ED27-4791-9A0C-5C1345FB99AD}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{A3E9E26D-ED27-4791-9A0C-5C1345FB99AD}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{A3E9E26D-ED27-4791-9A0C-5C1345FB99AD}.Release|Any CPU.Build.0 = Release|Any CPU
+		{B00B10EE-AC67-43BB-90D3-E2C1E9EBDA95}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{B00B10EE-AC67-43BB-90D3-E2C1E9EBDA95}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{B00B10EE-AC67-43BB-90D3-E2C1E9EBDA95}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{B00B10EE-AC67-43BB-90D3-E2C1E9EBDA95}.Release|Any CPU.Build.0 = Release|Any CPU
 	EndGlobalSection
 	GlobalSection(SolutionProperties) = preSolution
 		HideSolutionNode = FALSE
@@ -118,6 +124,7 @@ Global
 		{4244D97D-502A-4B37-9C1A-EFD7D2DBEFDD} = {2129F035-3D60-4CC4-AE25-9BFEE9340D8D}
 		{4988FBD6-4E1F-4830-A0EC-8975FE152FF1} = {2129F035-3D60-4CC4-AE25-9BFEE9340D8D}
 		{A3E9E26D-ED27-4791-9A0C-5C1345FB99AD} = {2129F035-3D60-4CC4-AE25-9BFEE9340D8D}
+		{B00B10EE-AC67-43BB-90D3-E2C1E9EBDA95} = {2129F035-3D60-4CC4-AE25-9BFEE9340D8D}
 	EndGlobalSection
 	GlobalSection(ExtensibilityGlobals) = postSolution
 		SolutionGuid = {D658A68F-8A10-4EF2-B8C9-F1350399BF58}

src/api/cicd/scripts/postgressql-init/post.sql

@@ -10,19 +10,19 @@ SET TIMEZONE='UTC';
 -- [email protected] (KeyCloak password: P@ssword1)
 INSERT INTO "Entity"."User"("Id", "Email", "EmailConfirmed", "FirstName", "Surname", "DisplayName", "PhoneNumber", "CountryId", "EducationId",
             "PhotoId", "GenderId", "DateOfBirth", "DateLastLogin", "ExternalId", "YoIDOnboarded", "DateYoIDOnboarded", "DateCreated", "DateModified")
-VALUES(gen_random_uuid(), '[email protected]', TRUE, 'Test', 'User', 'Test User', '+27125555555', (SELECT "Id" FROM "Lookup"."Country" ORDER BY RANDOM() LIMIT 1), (SELECT "Id" FROM "Lookup"."Education" ORDER BY RANDOM() LIMIT 1),
+VALUES(gen_random_uuid(), '[email protected]', TRUE, 'Test', 'User', 'Test User', NULL, (SELECT "Id" FROM "Lookup"."Country" ORDER BY RANDOM() LIMIT 1), (SELECT "Id" FROM "Lookup"."Education" ORDER BY RANDOM() LIMIT 1),
         NULL, (SELECT "Id" FROM "Lookup"."Gender" ORDER BY RANDOM() LIMIT 1), CURRENT_DATE - INTERVAL '20 years', NULL, NULL, TRUE, (CURRENT_TIMESTAMP AT TIME ZONE 'UTC'), (CURRENT_TIMESTAMP AT TIME ZONE 'UTC'), (CURRENT_TIMESTAMP AT TIME ZONE 'UTC'));
 
 -- [email protected] (KeyCloak password: P@ssword1)
 INSERT INTO "Entity"."User"("Id", "Email", "EmailConfirmed", "FirstName", "Surname", "DisplayName", "PhoneNumber", "CountryId", "EducationId",
             "PhotoId", "GenderId", "DateOfBirth", "DateLastLogin", "ExternalId", "YoIDOnboarded", "DateYoIDOnboarded", "DateCreated", "DateModified")
-VALUES(gen_random_uuid(), '[email protected]', TRUE, 'Test Admin', 'User', 'Test Admin User', '+27125555555', (SELECT "Id" FROM "Lookup"."Country" ORDER BY RANDOM() LIMIT 1), (SELECT "Id" FROM "Lookup"."Education" ORDER BY RANDOM() LIMIT 1),
+VALUES(gen_random_uuid(), '[email protected]', TRUE, 'Test Admin', 'User', 'Test Admin User', NULL, (SELECT "Id" FROM "Lookup"."Country" ORDER BY RANDOM() LIMIT 1), (SELECT "Id" FROM "Lookup"."Education" ORDER BY RANDOM() LIMIT 1),
         NULL, (SELECT "Id" FROM "Lookup"."Gender" ORDER BY RANDOM() LIMIT 1), CURRENT_DATE - INTERVAL '21 years', NULL, NULL, TRUE, (CURRENT_TIMESTAMP AT TIME ZONE 'UTC'), (CURRENT_TIMESTAMP AT TIME ZONE 'UTC'), (CURRENT_TIMESTAMP AT TIME ZONE 'UTC'));
 
 -- [email protected] (KeyCloak password: P@ssword1)
 INSERT INTO "Entity"."User"("Id", "Email", "EmailConfirmed", "FirstName", "Surname", "DisplayName", "PhoneNumber", "CountryId", "EducationId",
             "PhotoId", "GenderId", "DateOfBirth", "DateLastLogin", "ExternalId", "YoIDOnboarded", "DateYoIDOnboarded", "DateCreated", "DateModified")
-VALUES(gen_random_uuid(), '[email protected]', TRUE, 'Test Organization Admin', 'User', 'Test Organization Admin User', '+27125555555', (SELECT "Id" FROM "Lookup"."Country" ORDER BY RANDOM() LIMIT 1), (SELECT "Id" FROM "Lookup"."Education" ORDER BY RANDOM() LIMIT 1),
+VALUES(gen_random_uuid(), '[email protected]', TRUE, 'Test Organization Admin', 'User', 'Test Organization Admin User', NULL, (SELECT "Id" FROM "Lookup"."Country" ORDER BY RANDOM() LIMIT 1), (SELECT "Id" FROM "Lookup"."Education" ORDER BY RANDOM() LIMIT 1),
         NULL, (SELECT "Id" FROM "Lookup"."Gender" ORDER BY RANDOM() LIMIT 1), CURRENT_DATE - INTERVAL '22 years', NULL, NULL, TRUE, (CURRENT_TIMESTAMP AT TIME ZONE 'UTC'), (CURRENT_TIMESTAMP AT TIME ZONE 'UTC'), (CURRENT_TIMESTAMP AT TIME ZONE 'UTC'));
 
 -- SSI Tenant Creation (Pending) for YOID onboarded users