eionet2-dashboard 3.1.7 → 3.2.0

package/.nvmrc

@@ -0,0 +1 @@
+24

package/.vscode/launch.json

@@ -30,6 +30,7 @@
             "cascadeTerminateToConfigurations": [
                 "Attach to Backend"
             ],
+            "runtimeExecutable": "/usr/bin/microsoft-edge",
             "presentation": {
                 "group": "all",
                 "hidden": true

package/.vscode/settings.json

@@ -2,5 +2,4 @@
     "debug.onTaskErrors": "abort",
     "azureFunctions.stopFuncTaskPostDebug": false,
     "azureFunctions.showProjectWarning": false,
-    "csharp.suppressDotnetRestoreNotification": true
-}
+}

package/.vscode/tasks.json

@@ -21,7 +21,7 @@
             },
             "args": {
                 "prerequisites": [
-                    "nodejs", // Validate if Node.js is installed.
+                    //"nodejs", // Validate if Node.js is installed.
                     "m365Account", // Sign-in prompt for Microsoft 365 account, then validate if the account enables the sideloading permission.
                     "portOccupancy" // Validate available ports to ensure those debug ones are not occupied.
                 ],

package/CHANGELOG.md

@@ -4,6 +4,20 @@ All notable changes to this project will be documented in this file. Dates are d
 
 Generated by [`auto-changelog`](https://github.com/CookPete/auto-changelog).
 
+### [3.2.0](https://github.com/eea/eionet2-dashboard/compare/3.1.7...3.2.0) - 18 February 2026
+
+#### :bug: Bug Fixes
+
+- fix: email filtering( Refs #297435) [Mihai Nicolae - [`a0ea6d0`](https://github.com/eea/eionet2-dashboard/commit/a0ea6d014642868e3ac7cb2ef7462408b2d11bbd)]
+
+#### :house: Internal changes
+
+- chore: build fix [Mihai Nicolae - [`0e2ec2c`](https://github.com/eea/eionet2-dashboard/commit/0e2ec2c1ce3f8e92a4d89d8aef6ff0fcefb2c7c3)]
+- chore: format [Mihai Nicolae - [`df7b3e5`](https://github.com/eea/eionet2-dashboard/commit/df7b3e54cf5c9bd97a2e87477259d7cebef126d3)]
+- chore: formatting [Mihai Nicolae - [`e85e1cb`](https://github.com/eea/eionet2-dashboard/commit/e85e1cb927ac9adeaf4ae853dbb300f13cf6c75a)]
+- chore: node build version [Mihai Nicolae - [`cc21733`](https://github.com/eea/eionet2-dashboard/commit/cc21733609aa8a6749ad1ba00424690c41d659ae)]
+- chore: build fix [Mihai Nicolae - [`328bc71`](https://github.com/eea/eionet2-dashboard/commit/328bc71f4d3677d86b912e1d6f1e4d01f193f6c2)]
+
 ### [3.1.7](https://github.com/eea/eionet2-dashboard/compare/3.1.4...3.1.7) - 6 February 2026
 
 #### :rocket: New Features
@@ -20,7 +34,6 @@ Generated by [`auto-changelog`](https://github.com/CookPete/auto-changelog).
 #### :bug: Bug Fixes
 
 - fix: correct email filtering (Refs #297435) [Mihai Nicolae - [`469a593`](https://github.com/eea/eionet2-dashboard/commit/469a593e71bf153e5ecc6c7d022ffeeb0fe7284d)]
-- fix: send correct notification [Mihai Nicolae - [`2d422b9`](https://github.com/eea/eionet2-dashboard/commit/2d422b9defaf23bd430561fb65f86d2dcc7954b4)]
 
 #### :house: Internal changes
 

package/Jenkinsfile

@@ -5,7 +5,7 @@ pipeline {
   environment {
             GIT_NAME = "eionet2-dashboard"
             SONARQUBE_TAGS = "eionet2"
-            PATH = "${tool 'NodeJS16'}/bin:${tool 'SonarQubeScanner'}/bin:$PATH"
+            PATH = "${tool 'NodeJS24'}/bin:${tool 'SonarQubeScanner'}/bin:$PATH"
  }
   stages{         
 
@@ -37,7 +37,7 @@ pipeline {
       steps {
                       script{
                          checkout scm                         
-                         tool 'NodeJS16'
+                         tool 'NodeJS24'
                          tool 'SonarQubeScanner'
                          sh "cd tabs; yarn install"  
                        }

package/aad.manifest.json

@@ -1,133 +1,137 @@
 {
-    "id": "${{AAD_APP_OBJECT_ID}}",
-    "appId": "${{AAD_APP_CLIENT_ID}}",
-    "name": "${{CONFIG__MANIFEST__APPNAME__SHORT}}-aad",
-    "accessTokenAcceptedVersion": 2,
-    "signInAudience": "AzureADMyOrg",
-    "optionalClaims": {
-        "idToken": [],
-        "accessToken": [
-            {
-                "name": "idtyp",
-                "source": null,
-                "essential": false,
-                "additionalProperties": []
-            }
-        ],
-        "saml2Token": []
-    },
-    "requiredResourceAccess": [
-        {
-            "resourceAppId": "Microsoft Graph",
-            "resourceAccess": [
-                {
-                    "id": "User.Read.All",
-                    "type": "Role"
-                },
-                {
-                    "id": "Sites.Read.All",
-                    "type": "Role"
-                },
-                {
-                    "id": "OnlineMeetings.Read.All",
-                    "type": "Role"
-                },
-                {
-                    "id": "User.Read",
-                    "type": "Scope"
-                },
-                {
-                    "id": "Mail.Send",
-                    "type": "Role"
-                },
-                {
-                    "id": "User.ReadWrite.All",
-                    "type": "Role"
-                },
-                {
-                    "id": "Sites.ReadWrite.All",
-                    "type": "Role"
-                }
-            ]
-        }
-    ],
-    "oauth2Permissions": [
-        {
-            "adminConsentDescription": "Allows Teams to call the app's web APIs as the current user.",
-            "adminConsentDisplayName": "Teams can access app's web APIs",
-            "id": "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}",
-            "isEnabled": true,
-            "type": "User",
-            "userConsentDescription": "Enable Teams to call this app's web APIs with the same rights that you have",
-            "userConsentDisplayName": "Teams can access app's web APIs and make requests on your behalf",
-            "value": "access_as_user"
-        }
+  "id": "${{AAD_APP_OBJECT_ID}}",
+  "appId": "${{AAD_APP_CLIENT_ID}}",
+  "displayName": "${{CONFIG__MANIFEST__APPNAME__SHORT}}-aad",
+  "identifierUris": [
+    "api://${{PROVISIONOUTPUT__FRONTENDHOSTINGOUTPUT__DOMAIN}}/${{AAD_APP_CLIENT_ID}}"
+  ],
+  "signInAudience": "AzureADMyOrg",
+  "api": {
+    "requestedAccessTokenVersion": 2,
+    "oauth2PermissionScopes": [
+      {
+        "adminConsentDescription": "Allows Teams to call the app's web APIs as the current user.",
+        "adminConsentDisplayName": "Teams can access app's web APIs",
+        "id": "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}",
+        "isEnabled": true,
+        "type": "User",
+        "userConsentDescription": "Enable Teams to call this app's web APIs with the same rights that you have",
+        "userConsentDisplayName": "Teams can access app's web APIs and make requests on your behalf",
+        "value": "access_as_user"
+      }
     ],
     "preAuthorizedApplications": [
+      {
+        "appId": "1fec8e78-bce4-4aaf-ab1b-5451cc387264",
+        "delegatedPermissionIds": [
+          "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
+        ]
+      },
+      {
+        "appId": "5e3ce6c0-2b1f-4285-8d4b-75ee78787346",
+        "delegatedPermissionIds": [
+          "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
+        ]
+      },
+      {
+        "appId": "d3590ed6-52b3-4102-aeff-aad2292ab01c",
+        "delegatedPermissionIds": [
+          "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
+        ]
+      },
+      {
+        "appId": "00000002-0000-0ff1-ce00-000000000000",
+        "delegatedPermissionIds": [
+          "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
+        ]
+      },
+      {
+        "appId": "bc59ab01-8403-45c6-8796-ac3ef710b3e3",
+        "delegatedPermissionIds": [
+          "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
+        ]
+      },
+      {
+        "appId": "0ec893e0-5785-4de6-99da-4ed124e5296c",
+        "delegatedPermissionIds": [
+          "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
+        ]
+      },
+      {
+        "appId": "4765445b-32c6-49b0-83e6-1d93765276ca",
+        "delegatedPermissionIds": [
+          "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
+        ]
+      },
+      {
+        "appId": "4345a7b9-9a63-4910-a426-35363201d503",
+        "delegatedPermissionIds": [
+          "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
+        ]
+      }
+    ]
+  },
+  "info": {},
+  "optionalClaims": {
+    "idToken": [],
+    "accessToken": [
+      {
+        "name": "idtyp",
+        "source": null,
+        "essential": false,
+        "additionalProperties": []
+      }
+    ],
+    "saml2Token": []
+  },
+  "publicClient": {
+    "redirectUris": []
+  },
+  "requiredResourceAccess": [
+    {
+      "resourceAppId": "00000003-0000-0000-c000-000000000000",
+      "resourceAccess": [
         {
-            "appId": "1fec8e78-bce4-4aaf-ab1b-5451cc387264",
-            "permissionIds": [
-                "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
-            ]
-        },
-        {
-            "appId": "5e3ce6c0-2b1f-4285-8d4b-75ee78787346",
-            "permissionIds": [
-                "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
-            ]
+          "id": "df021288-bdef-4463-88db-98f22de89214",
+          "type": "Role"
         },
         {
-            "appId": "d3590ed6-52b3-4102-aeff-aad2292ab01c",
-            "permissionIds": [
-                "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
-            ]
+          "id": "332a536c-c7ef-4017-ab91-336970924f0d",
+          "type": "Role"
         },
         {
-            "appId": "00000002-0000-0ff1-ce00-000000000000",
-            "permissionIds": [
-                "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
-            ]
+          "id": "c1684f21-1984-47fa-9d61-2dc8c296bb70",
+          "type": "Role"
         },
         {
-            "appId": "bc59ab01-8403-45c6-8796-ac3ef710b3e3",
-            "permissionIds": [
-                "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
-            ]
+          "id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d",
+          "type": "Scope"
         },
         {
-            "appId": "0ec893e0-5785-4de6-99da-4ed124e5296c",
-            "permissionIds": [
-                "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
-            ]
+          "id": "b633e1c5-b582-4048-a93e-9f11b44c7e96",
+          "type": "Role"
         },
         {
-            "appId": "4765445b-32c6-49b0-83e6-1d93765276ca",
-            "permissionIds": [
-                "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
-            ]
+          "id": "741f803b-c850-494e-b5df-cde7c675a1ca",
+          "type": "Role"
         },
         {
-            "appId": "4345a7b9-9a63-4910-a426-35363201d503",
-            "permissionIds": [
-                "${{AAD_APP_ACCESS_AS_USER_PERMISSION_ID}}"
-            ]
+          "id": "9492366f-7969-46a4-8d15-ed1a20078fff",
+          "type": "Role"
         }
+      ]
+    }
+  ],
+  "web": {
+    "redirectUris": [
+      "${{PROVISIONOUTPUT__FRONTENDHOSTINGOUTPUT__ENDPOINT}}/auth-end.html"
     ],
-    "identifierUris": [
-        "api://${{PROVISIONOUTPUT__FRONTENDHOSTINGOUTPUT__DOMAIN}}/${{AAD_APP_CLIENT_ID}}"
-    ],
-    "replyUrlsWithType": [
-        {
-            "url": "${{PROVISIONOUTPUT__FRONTENDHOSTINGOUTPUT__ENDPOINT}}/auth-end.html",
-            "type": "Web"
-        },
-        {
-            "url": "${{PROVISIONOUTPUT__FRONTENDHOSTINGOUTPUT__ENDPOINT}}/auth-end.html?clientId=${{AAD_APP_CLIENT_ID}}",
-            "type": "Spa"
-        },
-        {
-            "url": "${{PROVISIONOUTPUT__FRONTENDHOSTINGOUTPUT__ENDPOINT}}/blank-auth-end.html",
-            "type": "Spa"
-        }
+    "implicitGrantSettings": {}
+  },
+  "spa": {
+    "redirectUris": [
+      "${{PROVISIONOUTPUT__FRONTENDHOSTINGOUTPUT__ENDPOINT}}/auth-end.html?clientId=${{AAD_APP_CLIENT_ID}}",
+      "${{PROVISIONOUTPUT__FRONTENDHOSTINGOUTPUT__ENDPOINT}}/blank-auth-end.html"
     ]
-}
+  }
+}

package/api/extensions.csproj

@@ -5,7 +5,6 @@
 	<DefaultItemExcludes>**</DefaultItemExcludes>
   </PropertyGroup>
   <ItemGroup>
-    <PackageReference Include="Microsoft.Azure.WebJobs.Extensions.TeamsFx" Version="0.1.*" />
     <PackageReference Include="Microsoft.Azure.WebJobs.Script.ExtensionsMetadataGenerator" Version="1.1.3" />
   </ItemGroup>
-</Project>
+</Project>

package/api/getGraphData/function.json

@@ -17,11 +17,6 @@
       "type": "http",
       "direction": "out",
       "name": "$return"
-    },
-    {
-      "direction": "in",
-      "name": "teamsfxContext",
-      "type": "TeamsFx"
     }
   ]
-}
+}

package/api/getGraphData/index.js

@@ -1,26 +1,16 @@
 require("isomorphic-fetch");
-const teamsfx = require("@microsoft/teamsfx");
+const { ConfidentialClientApplication } = require("@azure/msal-node");
+const { Client } = require("@microsoft/microsoft-graph-client");
 
 /**
- * This function handles requests from teamsfx client.
- * The HTTP request should contain an SSO token queried from Teams in the header.
- * Before trigger this function, teamsfx binding would process the SSO token and generate teamsfx configuration.
- *
- * This function initializes the teamsfx SDK with the configuration and calls these APIs:
- * - OnBehalfOfUserCredential() - Construct credential with the received SSO token and initialized configuration.
- * - getUserInfo() - Get the user's information from the received SSO token.
- * - createMicrosoftGraphClient() - Get a graph client to access user's Microsoft 365 data.
- *
- * The response contains multiple message blocks constructed into a JSON object, including:
- * - An echo of the request body.
- * - The display name encoded in the SSO token.
- * - Current user's Microsoft 365 profile if the user has consented.
+ * This function handles requests from the Teams tab client.
+ * The HTTP request must include a Teams SSO token in the Authorization header.
+ * This function performs OBO (on-behalf-of) to call Microsoft Graph.
  *
  * @param {Context} context - The Azure Functions context object.
  * @param {HttpRequest} req - The HTTP request.
- * @param {teamsfxContext} { [key: string]: any; } - The context generated by teamsfx binding.
  */
-module.exports = async function (context, req, teamsfxContext) {
+module.exports = async function (context, req) {
   context.log("HTTP trigger function processed a request.");
 
   // Initialize response.
@@ -33,72 +23,81 @@ module.exports = async function (context, req, teamsfxContext) {
   res.body.receivedHTTPRequestBody = req.body || "";
 
 
-  // Set default configuration for teamsfx SDK.
-  try {
-    teamsfx.loadConfiguration();
-  } catch (e) {
-    context.log.error(e);
+  // Prepare access token.
+  const authHeader = req.headers && (req.headers.authorization || req.headers.Authorization);
+  const accessToken = authHeader && authHeader.startsWith("Bearer ")
+    ? authHeader.slice("Bearer ".length)
+    : null;
+  if (!accessToken) {
     return {
-      status: 500,
+      status: 400,
       body: {
-        error: "Failed to load app configuration.",
+        error: "No access token was found in request header. Expected Authorization: Bearer <token>.",
       },
     };
   }
 
-  // Prepare access token.
-  const accessToken = teamsfxContext["AccessToken"];
-  if (!accessToken) {
+  const method = req.method.toLowerCase();
+  const credentialType =
+    method !== "get" ? (req.body && req.body.credentialType) : req.query.credentialType;
+  const eTag = method == 'patch' ? req.body.eTag : undefined;
+
+  const tenantId = process.env.M365_TENANT_ID;
+  const clientId = process.env.M365_CLIENT_ID;
+  const clientSecret = process.env.M365_CLIENT_SECRET;
+  const authorityHost = process.env.M365_AUTHORITY_HOST || "https://login.microsoftonline.com";
+  const graphScopes = (process.env.GRAPH_SCOPES || "https://graph.microsoft.com/.default")
+    .split(/[,\s]+/)
+    .map((scope) => scope.trim())
+    .filter(Boolean);
+
+  if (!tenantId || !clientId || !clientSecret) {
     return {
-      status: 400,
+      status: 500,
       body: {
-        error: "No access token was found in request header.",
+        error: "Missing required M365_* configuration for OBO.",
       },
     };
   }
 
+  const msalClient = new ConfidentialClientApplication({
+    auth: {
+      clientId,
+      clientSecret,
+      authority: `${authorityHost}/${tenantId}`,
+    },
+  });
 
-
-  // Construct credential.
-  let credential;
-  const method = req.method.toLowerCase();
-  const credentialType = method != "get" ? req.body && req.body.credentialType : req.query.credentialType;
-  const eTag = method == 'patch' ? req.body.eTag : undefined;
   try {
-    if (!credentialType) {
+    let tokenResult;
+    if (credentialType === "app") {
+      tokenResult = await msalClient.acquireTokenByClientCredential({
+        scopes: graphScopes,
+      });
+    } else {
+      tokenResult = await msalClient.acquireTokenOnBehalfOf({
+        oboAssertion: accessToken,
+        scopes: graphScopes,
+      });
+    }
+
+    if (!tokenResult || !tokenResult.accessToken) {
       return {
         status: 500,
         body: {
-          error: "Specify the type of credential in the body using field credentialType.",
+          error:
+            credentialType === "app"
+              ? "Failed to obtain Graph access token via client credentials."
+              : "Failed to obtain Graph access token via OBO.",
         },
       };
     }
 
-    switch (credentialType) {
-      case ("user"):
-        credential = new teamsfx.OnBehalfOfUserCredential(accessToken);
-        break;
-      case ("app"):
-        credential = new teamsfx.M365TenantCredential();
-        break;
-    }
+    const graphClient = Client.init({
+      authProvider: (done) => done(null, tokenResult.accessToken),
+    });
 
-  } catch (e) {
-    context.log.error(e);
-    return {
-      status: 500,
-      body: {
-        error:
-          "Failed to obtain on-behalf-of credential using your accessToken. " +
-          "Ensure your function app is configured with the right Azure AD App registration.",
-      },
-    };
-  }
-
-  // Create a graph client to access user's Microsoft 365 data after user has consented.
-  try {
-    const graphClient = teamsfx.createMicrosoftGraphClient(credential);
-    graphClient.config.defaultVersion = 'beta';
+    //graphClient.config.defaultVersion = 'beta';
     let path = "";
     let result;
 
@@ -134,7 +133,7 @@ module.exports = async function (context, req, teamsfxContext) {
         break;
     }
 
-    if (result.type == 'image/jpeg') {
+    if (result?.type == 'image/jpeg') {
       res.headers = {
         'Content-Type': 'image/jpeg',
       }
@@ -147,8 +146,8 @@ module.exports = async function (context, req, teamsfxContext) {
 
   } catch (e) {
     return {
-      status: e.statusCode,
-      body: e.body
+      status: e.statusCode || e.status || 500,
+      body: e.body || { error: e.message },
     };
   }
 

package/api/host.json

@@ -8,4 +8,4 @@
       }
     }
   }
-}
+}