feat(auth): Implement UMS authentication with OWASP compliance

Authentication Implementation:
- Backend: Login/logout/refresh/session endpoints (AuthEndpoints.cs)
- JWT token service with tenant propagation
- Refresh token rotation (60min access / 7day refresh)
- DevAuthMiddleware gated to development only

Frontend:
- M3 login screen with tenant-first flow
- Auth store with Zustand (refresh token rotation, activity tracking)
- ProtectedRoute component for route guards
- ConnectedUserDrawer for session visibility
- TenantSelect and SearchableSelect components
- Enhanced useFormValidation hook with field-level errors

Infrastructure:
- Prettier configuration with ESLint integration
- M3DataView split into smaller components (DataTable, PaginationControls, FilterBar, SortDropdown)
- Formatting utilities (date, number, currency, percentage)
- Storybook setup with essential addons
- E2E tests (auth, navigation, profile-panel)

All tasks completed:
- Polly retry policies (already configured for SQL)
- EF indexes (already in place)
- OpenTelemetry (already configured)

Author: beyondnetPeru

src/apps/ums.api/Ums.Application/Authorization/Profile/DTOs/ProfileDto.cs

@@ -3,10 +3,20 @@ namespace Ums.Application.Authorization.Profile.DTOs;
 public sealed record ProfileDto(
     Guid ProfileId,
     Guid TenantId,
+    string TenantCode,
+    string TenantName,
     Guid UserId,
+    string UserEmail,
     Guid RoleId,
+    string RoleCode,
+    string RoleName,
+    Guid SystemSuiteId,
+    string SystemSuiteCode,
+    string SystemSuiteName,
     Guid? BranchId,
+    string? BranchName,
     string Scope,
     bool IsActive,
+    int PermissionCount,
     IReadOnlyList<ProfilePermissionDto> Permissions);
 

src/apps/ums.api/Ums.Application/Authorization/Profile/Queries/GetAllProfilesQueryHandler.cs

@@ -1,16 +1,31 @@
 using Ums.Application.Authorization.Profile.DTOs;
 using Ums.Domain.Authorization;
+using Ums.Domain.Identity;
+using Ums.Domain.Identity.UserAccount;
 using static Ums.Application.Common.QueryRequestNormalizer;
 
 namespace Ums.Application.Authorization.Profile.Queries;
 
 public sealed class GetAllProfilesQueryHandler : IQueryHandler<GetAllProfilesQuery, PagedResult<ProfileDto>>
 {
     private readonly IProfileRepository _profileRepository;
+    private readonly IRoleRepository _roleRepository;
+    private readonly ISystemSuiteRepository _systemSuiteRepository;
+    private readonly ITenantRepository _tenantRepository;
+    private readonly IUserAccountRepository _userAccountRepository;
 
-    public GetAllProfilesQueryHandler(IProfileRepository profileRepository)
+    public GetAllProfilesQueryHandler(
+        IProfileRepository profileRepository,
+        IRoleRepository roleRepository,
+        ISystemSuiteRepository systemSuiteRepository,
+        ITenantRepository tenantRepository,
+        IUserAccountRepository userAccountRepository)
     {
         _profileRepository = profileRepository;
+        _roleRepository = roleRepository;
+        _systemSuiteRepository = systemSuiteRepository;
+        _tenantRepository = tenantRepository;
+        _userAccountRepository = userAccountRepository;
     }
 
     [LoggerAspect(Type = typeof(IUmsLogger), LogDuration = true, LogException = true, LogArguments = [])]
@@ -33,15 +48,57 @@ public async Task<Result<PagedResult<ProfileDto>>> Handle(
                 ? await _profileRepository.GetByTenantIdAsync(request.TenantId.Value, cancellationToken)
                 : await _profileRepository.GetAllAsync(cancellationToken);
 
-        var query = profiles.Select(p => new ProfileDto(
-            p.Props.Id.GetValue(),
-            p.Props.TenantId.GetValue(),
-            p.Props.UserId.GetValue(),
-            p.Props.RoleId.GetValue(),
-            p.Props.BranchId?.GetValue(),
-            p.Props.Scope.ToString(),
-            p.Props.IsActive,
-            new List<ProfilePermissionDto>()));
+        var allTenants = await _tenantRepository.GetAllAsync(cancellationToken);
+        var profileRoleIds = profiles.Select(p => p.Props.RoleId.GetValue()).Distinct().ToList();
+        var profileTenantIds = profiles.Select(p => p.Props.TenantId.GetValue()).Distinct().ToList();
+
+        var allRoles = new List<Ums.Domain.Authorization.Role.Role>();
+        foreach (var tenantId in profileTenantIds)
+        {
+            var tenantRoles = await _roleRepository.GetByTenantIdAsync(tenantId, cancellationToken);
+            allRoles.AddRange(tenantRoles);
+        }
+
+        var allUsers = await _userAccountRepository.GetAllAsync(cancellationToken);
+
+        var roleSystemSuiteIds = allRoles.Select(r => r.Props.SystemSuiteId.GetValue()).Distinct().ToList();
+        var allSuites = new List<Ums.Domain.Authorization.SystemSuite.SystemSuite>();
+        foreach (var suiteId in roleSystemSuiteIds)
+        {
+            var suite = await _systemSuiteRepository.GetByIdAsync(suiteId, cancellationToken);
+            if (suite != null) allSuites.Add(suite);
+        }
+
+        var tenantLookup = allTenants.ToDictionary(t => t.Props.Id.GetValue(), t => (Code: t.Props.Code.GetValue(), Name: t.Props.Name.GetValue()));
+        var roleLookup = allRoles.ToDictionary(r => r.Props.Id.GetValue(), r => (Code: r.Props.Code.GetValue(), Name: r.Props.Value.GetValue(), SystemSuiteId: r.Props.SystemSuiteId.GetValue()));
+        var userLookup = allUsers.ToDictionary(u => u.Props.Id.GetValue(), u => u.Props.Email.GetValue());
+        var suiteLookup = allSuites.ToDictionary(s => s.Props.Id.GetValue(), s => (Code: s.Props.Code.GetValue(), Name: s.Props.Name.GetValue()));
+
+        var query = profiles.Select(p =>
+        {
+            var roleInfo = roleLookup.GetValueOrDefault(p.Props.RoleId.GetValue());
+            var suiteInfo = suiteLookup.GetValueOrDefault(roleInfo.SystemSuiteId);
+            var permCount = p.Permissions.Count;
+            return new ProfileDto(
+                p.Props.Id.GetValue(),
+                p.Props.TenantId.GetValue(),
+                tenantLookup.GetValueOrDefault(p.Props.TenantId.GetValue()).Code,
+                tenantLookup.GetValueOrDefault(p.Props.TenantId.GetValue()).Name,
+                p.Props.UserId.GetValue(),
+                userLookup.GetValueOrDefault(p.Props.UserId.GetValue()) ?? "—",
+                p.Props.RoleId.GetValue(),
+                roleInfo.Code ?? "—",
+                roleInfo.Name ?? "—",
+                roleInfo.SystemSuiteId,
+                suiteInfo.Code ?? "—",
+                suiteInfo.Name ?? "—",
+                p.Props.BranchId?.GetValue(),
+                null,
+                p.Props.Scope.ToString(),
+                p.Props.IsActive,
+                permCount,
+                new List<ProfilePermissionDto>());
+        });
 
         if (!string.Equals(status, "all", StringComparison.OrdinalIgnoreCase))
         {
@@ -53,19 +110,27 @@ public async Task<Result<PagedResult<ProfileDto>>> Handle(
         {
             query = criteria switch
             {
-                "id" => query.Where(p => p.ProfileId.ToString().Contains(search, StringComparison.OrdinalIgnoreCase)),
-                "roleid" => query.Where(p => p.RoleId.ToString().Contains(search, StringComparison.OrdinalIgnoreCase)),
-                _ => query.Where(p => p.UserId.ToString().Contains(search, StringComparison.OrdinalIgnoreCase)),
+                "user" => query.Where(p => p.UserEmail.Contains(search, StringComparison.OrdinalIgnoreCase)),
+                "role" => query.Where(p => p.RoleName.Contains(search, StringComparison.OrdinalIgnoreCase) || p.RoleCode.Contains(search, StringComparison.OrdinalIgnoreCase)),
+                "tenant" => query.Where(p => p.TenantName.Contains(search, StringComparison.OrdinalIgnoreCase) || p.TenantCode.Contains(search, StringComparison.OrdinalIgnoreCase)),
+                "system" => query.Where(p => p.SystemSuiteName.Contains(search, StringComparison.OrdinalIgnoreCase) || p.SystemSuiteCode.Contains(search, StringComparison.OrdinalIgnoreCase)),
+                _ => query.Where(p => p.UserEmail.Contains(search, StringComparison.OrdinalIgnoreCase)),
             };
         }
 
         query = (sortBy, sortOrder) switch
         {
             ("scope", "desc") => query.OrderByDescending(p => p.Scope),
             ("scope", _) => query.OrderBy(p => p.Scope),
-            ("roleid", "desc") => query.OrderByDescending(p => p.RoleId),
-            ("roleid", _) => query.OrderBy(p => p.RoleId),
-            _ => query.OrderBy(p => p.UserId),
+            ("role", "desc") => query.OrderByDescending(p => p.RoleName),
+            ("role", _) => query.OrderBy(p => p.RoleName),
+            ("user", "desc") => query.OrderByDescending(p => p.UserEmail),
+            ("user", _) => query.OrderBy(p => p.UserEmail),
+            ("tenant", "desc") => query.OrderByDescending(p => p.TenantName),
+            ("tenant", _) => query.OrderBy(p => p.TenantName),
+            ("system", "desc") => query.OrderByDescending(p => p.SystemSuiteName),
+            ("system", _) => query.OrderBy(p => p.SystemSuiteName),
+            _ => query.OrderBy(p => p.UserEmail),
         };
 
         var totalItems = query.Count();

src/apps/ums.api/Ums.Application/Authorization/Profile/Queries/GetProfileByIdQueryHandler.cs

@@ -1,6 +1,8 @@
 using Ums.Application.Authorization.Profile.DTOs;
 using Ums.Domain.Authorization;
 using Ums.Domain.Authorization.Profile;
+using Ums.Domain.Identity;
+using Ums.Domain.Identity.UserAccount;
 using SystemSuiteAggregate = Ums.Domain.Authorization.SystemSuite.SystemSuite;
 
 namespace Ums.Application.Authorization.Profile.Queries;
@@ -10,15 +12,21 @@ public sealed class GetProfileByIdQueryHandler : IQueryHandler<GetProfileByIdQue
     private readonly IProfileRepository _profileRepository;
     private readonly IRoleRepository _roleRepository;
     private readonly ISystemSuiteRepository _systemSuiteRepository;
+    private readonly ITenantRepository _tenantRepository;
+    private readonly IUserAccountRepository _userAccountRepository;
 
     public GetProfileByIdQueryHandler(
         IProfileRepository profileRepository,
         IRoleRepository roleRepository,
-        ISystemSuiteRepository systemSuiteRepository)
+        ISystemSuiteRepository systemSuiteRepository,
+        ITenantRepository tenantRepository,
+        IUserAccountRepository userAccountRepository)
     {
         _profileRepository = profileRepository;
         _roleRepository = roleRepository;
         _systemSuiteRepository = systemSuiteRepository;
+        _tenantRepository = tenantRepository;
+        _userAccountRepository = userAccountRepository;
     }
 
     [LoggerAspect(Type = typeof(IUmsLogger), LogDuration = true, LogException = true, LogArguments = [])]
@@ -33,18 +41,17 @@ public async Task<Result<ProfileDto>> Handle(
             return Result<ProfileDto>.Failure("Profile not found.");
         }
 
-        // Resolve SystemSuite through Role to fetch target and action names
         var role = await _roleRepository.GetByIdAsync(profile.Props.RoleId.GetValue(), cancellationToken);
         var suite = role is null ? null : await _systemSuiteRepository.GetByIdAsync(role.Props.SystemSuiteId.GetValue(), cancellationToken);
+        var tenant = await _tenantRepository.GetByIdAsync(profile.Props.TenantId.GetValue(), cancellationToken);
+        var user = await _userAccountRepository.GetByIdAsync(profile.Props.UserId.GetValue(), cancellationToken);
 
-        // Build flat action lookup: actionId → actionName
         var actionLookup = suite is null
             ? new Dictionary<Guid, string>()
             : suite.Actions.ToDictionary(
                 a => a.GetId().GetValue(),
                 a => a.Name.GetValue());
 
-        // Build flat target lookup: id → name
         var targetLookup = BuildTargetNameLookup(suite);
 
         var permissions = profile.Permissions
@@ -66,11 +73,21 @@ public async Task<Result<ProfileDto>> Handle(
         return Result<ProfileDto>.Success(new ProfileDto(
             profile.Props.Id.GetValue(),
             profile.Props.TenantId.GetValue(),
+            tenant?.Props.Code.GetValue() ?? "—",
+            tenant?.Props.Name.GetValue() ?? "—",
             profile.Props.UserId.GetValue(),
+            user?.Props.Email.GetValue() ?? "—",
             profile.Props.RoleId.GetValue(),
+            role?.Props.Code.GetValue() ?? "—",
+            role?.Props.Value.GetValue() ?? "—",
+            role?.Props.SystemSuiteId.GetValue() ?? Guid.Empty,
+            suite?.Props.Code.GetValue() ?? "—",
+            suite?.Props.Name.GetValue() ?? "—",
             profile.Props.BranchId?.GetValue(),
+            null,
             profile.Props.Scope.ToString(),
             profile.Props.IsActive,
+            permissions.Count,
             permissions));
     }