From 9e8c9c1633cdf2939a062129f6a64c6aa38c892c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20L=C3=BCthi?= <philipp.luethi@geowerkstatt.ch>
Date: Thu, 14 Dec 2023 11:50:06 +0100
Subject: [PATCH 01/31] Add oidc-server mock

---
 config/oidc-mock-clients.json | 26 +++++++++++++++++++++++
 config/oidc-mock-users.json   | 39 +++++++++++++++++++++++++++++++++++
 docker-compose.yml            | 21 +++++++++++++++++++
 3 files changed, 86 insertions(+)
 create mode 100644 config/oidc-mock-clients.json
 create mode 100644 config/oidc-mock-users.json

diff --git a/config/oidc-mock-clients.json b/config/oidc-mock-clients.json
new file mode 100644
index 000000000..845ecc99e
--- /dev/null
+++ b/config/oidc-mock-clients.json
@@ -0,0 +1,26 @@
+[{
+  "ClientId": "bdms-client",
+  "Description": "Client for Authorization Code flow with PKCE",
+  "RequireClientSecret": false,
+  "AlwaysIncludeUserClaimsInIdToken": true,
+  "AllowedGrantTypes": [
+    "authorization_code"
+  ],
+  "AllowedResponseTypes": [
+    "code",
+    "id_token"
+  ],
+  "AllowAccessTokensViaBrowser": true,
+  "RedirectUris": [
+      "http://localhost:3000"
+  ],
+  "AllowedScopes": [
+      "openid",
+      "profile",
+      "email"
+  ],
+  "AccessTokenType": "JWT",
+  "IdentityTokenLifetime": 3600,
+  "AccessTokenLifetime": 3600
+}
+]
diff --git a/config/oidc-mock-users.json b/config/oidc-mock-users.json
new file mode 100644
index 000000000..d14b774dc
--- /dev/null
+++ b/config/oidc-mock-users.json
@@ -0,0 +1,39 @@
+[
+  {
+    "SubjectId":"admin",
+    "Username":"admin",
+    "Password":"swissforages",
+    "Claims": [
+      {
+        "Type": "name",
+        "Value": "Sam Jackson",
+        "ValueType": "string"
+      },
+      {
+        "Type": "family_name",
+        "Value": "Jackson",
+        "ValueType": "string"
+      },
+      {
+        "Type": "given_name",
+        "Value": "Sam",
+        "ValueType": "string"
+      },
+      {
+        "Type": "middle_name",
+        "Value": "L.",
+        "ValueType": "string"
+      },
+      {
+        "Type": "email",
+        "Value": "sam.tailor@gmail.com",
+        "ValueType": "string"
+      },
+      {
+        "Type": "email_verified",
+        "Value": "true",
+        "ValueType": "boolean"
+      }
+    ]
+  }
+]
diff --git a/docker-compose.yml b/docker-compose.yml
index aa4f049e8..c36ebb55b 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -120,3 +120,24 @@ services:
       ReverseProxy__Clusters__pythonApi__Destinations__legacyApi__Address: "http://api-legacy:8888/"
       S3__ENDPOINT: http://minio:9000
       S3__SECURE: 1
+  oidc-server:
+    image: soluto/oidc-server-mock
+    ports:
+      - "4011:80"
+    environment:
+      CLIENTS_CONFIGURATION_PATH: /tmp/config/clients-config.json
+      USERS_CONFIGURATION_PATH: /tmp/config/users-config.json
+      SERVER_OPTIONS_INLINE: |
+        {
+          "AccessTokenJwtType": "JWT",
+          "Discovery": {
+            "ShowKeySet": true
+          },
+          "Authentication": {
+            "CookieSameSiteMode": "Lax",
+            "CheckSessionCookieSameSiteMode": "Lax"
+          }
+        }
+    volumes:
+      - ./config/oidc-mock-clients.json:/tmp/config/clients-config.json:ro
+      - ./config/oidc-mock-users.json:/tmp/config/users-config.json:ro

From 84ed00b69270003c4967305b9c812902b7c03c7d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20L=C3=BCthi?= <philipp.luethi@geowerkstatt.ch>
Date: Thu, 14 Dec 2023 11:52:24 +0100
Subject: [PATCH 02/31] Add oidc authentication to api

---
 .../BasicAuthenticationHandler.cs             | 66 -------------------
 ...tabaseAuthenticationClaimsTranfomration.cs | 43 ++++++++++++
 src/api/BDMS.csproj                           |  1 +
 src/api/Program.cs                            | 17 ++---
 src/api/appsettings.Development.json          |  5 ++
 5 files changed, 58 insertions(+), 74 deletions(-)
 delete mode 100644 src/api/Authentication/BasicAuthenticationHandler.cs
 create mode 100644 src/api/Authentication/DatabaseAuthenticationClaimsTranfomration.cs

diff --git a/src/api/Authentication/BasicAuthenticationHandler.cs b/src/api/Authentication/BasicAuthenticationHandler.cs
deleted file mode 100644
index 8ead2d82f..000000000
--- a/src/api/Authentication/BasicAuthenticationHandler.cs
+++ /dev/null
@@ -1,66 +0,0 @@
-using Microsoft.AspNetCore.Authentication;
-using Microsoft.EntityFrameworkCore;
-using Microsoft.Extensions.Options;
-using Npgsql;
-using System.Security.Claims;
-using System.Text;
-using System.Text.Encodings.Web;
-
-namespace BDMS.Authentication;
-
-public class BasicAuthenticationHandler : AuthenticationHandler<AuthenticationSchemeOptions>
-{
-    private readonly BdmsContext dbContext;
-
-    /// <summary>
-    /// Initializes a new instance of the <see cref="BasicAuthenticationHandler"/> class.
-    /// </summary>
-    /// <param name="dbContext">The EF database context containing data for the BDMS application.</param>
-    /// <param name="options">The monitor for the options instance.</param>
-    /// <param name="logger">The <see cref="ILoggerFactory"/>.</param>
-    /// <param name="encoder">The <see cref="System.Text.Encodings.Web.UrlEncoder"/>.</param>
-    /// <exception cref="ArgumentNullException">If <paramref name="dbContext"/> is <c>null</c>.</exception>
-    public BasicAuthenticationHandler(BdmsContext dbContext, IOptionsMonitor<AuthenticationSchemeOptions> options, ILoggerFactory logger, UrlEncoder encoder)
-        : base(options, logger, encoder)
-    {
-        this.dbContext = dbContext ?? throw new ArgumentNullException(nameof(dbContext));
-    }
-
-    /// <inheritdoc/>
-    protected override Task<AuthenticateResult> HandleAuthenticateAsync()
-    {
-        var authorizationHeader = Request.Headers.Authorization.ToString();
-        if (authorizationHeader != null && authorizationHeader.StartsWith("basic ", StringComparison.OrdinalIgnoreCase))
-        {
-            // Get username and password from base64 encoded authorization header
-            var token = authorizationHeader[6..].Trim();
-            var credentialstring = Encoding.UTF8.GetString(Convert.FromBase64String(token));
-            var credentials = credentialstring.Split(':', 2);
-
-            // Get authenticated user from database
-            var authenticatedUser = dbContext.Users
-                .FromSqlRaw(
-                    "SELECT * FROM bdms.users WHERE username = @username AND password = crypt(@password, password)",
-                    new NpgsqlParameter("@username", credentials[0]),
-                    new NpgsqlParameter("@password", credentials[1]))
-                .SingleOrDefault();
-
-            // Handle invalid or disabled user
-            if (authenticatedUser == null || authenticatedUser.IsDisabled)
-            {
-                return Task.FromResult(AuthenticateResult.Fail("No valid authentication credentials have been provided or the specified user has been disabled in the backend."));
-            }
-
-            var claimsIdentity = new ClaimsIdentity();
-            claimsIdentity.AddClaim(new Claim(ClaimTypes.AuthenticationMethod, "Basic"));
-            claimsIdentity.AddClaim(new Claim(ClaimTypes.Name, authenticatedUser.Name));
-            if (authenticatedUser.IsAdmin) claimsIdentity.AddClaim(new Claim(ClaimTypes.Role, PolicyNames.Admin));
-            else if (authenticatedUser.IsViewer) claimsIdentity.AddClaim(new Claim(ClaimTypes.Role, PolicyNames.Viewer));
-
-            return Task.FromResult(AuthenticateResult.Success(
-                new AuthenticationTicket(new ClaimsPrincipal(claimsIdentity), "BasicAuthentication")));
-        }
-
-        return Task.FromResult(AuthenticateResult.Fail("No valid authentication credentials has been provided."));
-    }
-}
diff --git a/src/api/Authentication/DatabaseAuthenticationClaimsTranfomration.cs b/src/api/Authentication/DatabaseAuthenticationClaimsTranfomration.cs
new file mode 100644
index 000000000..586ce77c0
--- /dev/null
+++ b/src/api/Authentication/DatabaseAuthenticationClaimsTranfomration.cs
@@ -0,0 +1,43 @@
+using Microsoft.AspNetCore.Authentication;
+using System.Security.Claims;
+
+namespace BDMS.Authentication;
+
+public class DatabaseAuthenticationClaimsTranfomration : IClaimsTransformation
+{
+    private readonly BdmsContext dbContext;
+
+    /// <summary>
+    /// Initializes a new instance of the <see cref="DatabaseAuthenticationClaimsTranfomration"/> class.
+    /// </summary>
+    /// <param name="dbContext">The EF database context containing data for the BDMS application.</param>
+    /// <exception cref="ArgumentNullException">If <paramref name="dbContext"/> is <c>null</c>.</exception>
+    public DatabaseAuthenticationClaimsTranfomration(BdmsContext dbContext)
+    {
+        this.dbContext = dbContext ?? throw new ArgumentNullException(nameof(dbContext));
+    }
+
+    /// <inheritdoc/>
+    public async Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
+    {
+        var userId = principal.Claims.FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier);
+        var authenticatedUser = userId is not null ? dbContext.Users.FirstOrDefault(u => u.Name == userId.Value) : null;
+
+        if (authenticatedUser == null || authenticatedUser.IsDisabled)
+        {
+            return principal;
+        }
+
+        authenticatedUser.FirstName = principal.Claims.FirstOrDefault(c => c.Type == ClaimTypes.GivenName)?.Value ?? authenticatedUser.FirstName;
+        authenticatedUser.LastName = principal.Claims.FirstOrDefault(c => c.Type == ClaimTypes.Surname)?.Value ?? authenticatedUser.LastName;
+        await dbContext.SaveChangesAsync().ConfigureAwait(false);
+
+        var claimsIdentity = new ClaimsIdentity();
+        claimsIdentity.AddClaim(new Claim(ClaimTypes.Name, authenticatedUser.Name));
+        if (authenticatedUser.IsAdmin) claimsIdentity.AddClaim(new Claim(ClaimTypes.Role, PolicyNames.Admin));
+        else if (authenticatedUser.IsViewer) claimsIdentity.AddClaim(new Claim(ClaimTypes.Role, PolicyNames.Viewer));
+
+        principal.AddIdentity(claimsIdentity);
+        return principal;
+    }
+}
diff --git a/src/api/BDMS.csproj b/src/api/BDMS.csproj
index fcd48ab96..e3d4d4a7b 100644
--- a/src/api/BDMS.csproj
+++ b/src/api/BDMS.csproj
@@ -23,6 +23,7 @@
     <PackageReference Include="CsvHelper" Version="30.0.1" />
     <PackageReference Include="EFCore.BulkExtensions.PostgreSql" Version="8.0.0" />
     <PackageReference Include="Humanizer" Version="2.14.1" />
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.0" />
     <PackageReference Include="Microsoft.AspNetCore.Mvc.Versioning" Version="5.1.0" />
     <PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="8.0.0" />
     <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="8.0.0" />
diff --git a/src/api/Program.cs b/src/api/Program.cs
index ca98858f4..f61bc2b79 100644
--- a/src/api/Program.cs
+++ b/src/api/Program.cs
@@ -3,8 +3,8 @@
 using BDMS;
 using BDMS.Authentication;
 using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authentication.JwtBearer;
 using Microsoft.AspNetCore.Mvc;
-using Microsoft.AspNetCore.Server.HttpSys;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.OpenApi.Models;
 using System.Reflection;
@@ -21,6 +21,11 @@
 });
 builder.Services.AddEndpointsApiExplorer();
 
+builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
+    .AddJwtBearer(options => builder.Configuration.Bind("Auth", options));
+
+builder.Services.AddTransient<IClaimsTransformation, DatabaseAuthenticationClaimsTranfomration>();
+
 builder.Services.AddAuthorization(options =>
 {
     options.AddPolicy(PolicyNames.Admin, options => options.RequireRole(PolicyNames.Admin));
@@ -35,9 +40,6 @@
     options.FallbackPolicy = options.DefaultPolicy;
 });
 
-builder.Services.AddAuthentication("BasicAuthentication")
-    .AddScheme<AuthenticationSchemeOptions, BasicAuthenticationHandler>("BasicAuthentication", null);
-
 builder.Services.AddHttpContextAccessor();
 builder.Services.AddHttpClient();
 
@@ -62,11 +64,10 @@
         Version = "v2",
         Title = "BDMS REST API v2",
     });
-    options.AddSecurityDefinition("Basic", new OpenApiSecurityScheme
+    options.AddSecurityDefinition("OpenIdConnect", new OpenApiSecurityScheme
     {
         In = ParameterLocation.Header,
-        Type = SecuritySchemeType.Http,
-        Scheme = nameof(AuthenticationSchemes.Basic),
+        Type = SecuritySchemeType.OpenIdConnect,
     });
     options.AddSecurityRequirement(new OpenApiSecurityRequirement
     {
@@ -76,7 +77,7 @@
                 Reference = new OpenApiReference
                 {
                     Type = ReferenceType.SecurityScheme,
-                    Id = nameof(AuthenticationSchemes.Basic),
+                    Id = nameof(SecuritySchemeType.OpenIdConnect),
                 },
             },
             Array.Empty<string>()
diff --git a/src/api/appsettings.Development.json b/src/api/appsettings.Development.json
index 2c102edfd..2ab8aaa39 100644
--- a/src/api/appsettings.Development.json
+++ b/src/api/appsettings.Development.json
@@ -15,6 +15,11 @@
     "SECRET_KEY": "YELLOWMONKEY",
     "SECURE": "0"
   },
+  "Auth": {
+    "Authority": "http://localhost:4011",
+    "Audience": "bdms-client",
+    "RequireHttpsMetadata": "false"
+  },
   "ReverseProxy": {
     "Clusters": {
       "pythonApi": {

From e5a2670146d42f0eba837c842cb6c97f8a3a5f12 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20L=C3=BCthi?= <philipp.luethi@geowerkstatt.ch>
Date: Thu, 14 Dec 2023 11:56:56 +0100
Subject: [PATCH 03/31] Install react-oidc-context

---
 src/client/package-lock.json | 33 +++++++++++++++++++++++++++++++++
 src/client/package.json      |  2 ++
 2 files changed, 35 insertions(+)

diff --git a/src/client/package-lock.json b/src/client/package-lock.json
index 183513fb6..9b771cfd9 100644
--- a/src/client/package-lock.json
+++ b/src/client/package-lock.json
@@ -25,6 +25,7 @@
         "lodash": "^4.17.21",
         "markdown-to-jsx": "^6.11.4",
         "moment": "^2.29.4",
+        "oidc-client-ts": "^3.0.0-beta.0",
         "ol": "^8.2.0",
         "proj4": "^2.9.2",
         "prop-types": "^15.8.1",
@@ -37,6 +38,7 @@
         "react-hook-form": "^7.48.2",
         "react-i18next": "^13.5.0",
         "react-number-format": "^5.3.1",
+        "react-oidc-context": "^3.0.0-beta.0",
         "react-query": "^3.39.3",
         "react-redux": "^7.2.9",
         "react-router-dom": "^5.3.4",
@@ -11990,6 +11992,14 @@
         "node": ">=4.0"
       }
     },
+    "node_modules/jwt-decode": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/jwt-decode/-/jwt-decode-4.0.0.tgz",
+      "integrity": "sha512-+KJGIyHgkGuIq3IEBNftfhW/LfWhXUIY6OmyVWjliu5KH1y0fw7VQ8YndE2O4qZdMSd9SqbnC8GOcZEy0Om7sA==",
+      "engines": {
+        "node": ">=18"
+      }
+    },
     "node_modules/keyboard-key": {
       "version": "1.1.0",
       "resolved": "https://registry.npmjs.org/keyboard-key/-/keyboard-key-1.1.0.tgz",
@@ -13051,6 +13061,17 @@
       "resolved": "https://registry.npmjs.org/obuf/-/obuf-1.1.2.tgz",
       "integrity": "sha512-PX1wu0AmAdPqOL1mWhqmlOd8kOIZQwGZw6rh7uby9fTc5lhaOWFLX3I6R1hrF9k3zUY40e6igsLGkDXK92LJNg=="
     },
+    "node_modules/oidc-client-ts": {
+      "version": "3.0.0-beta.0",
+      "resolved": "https://registry.npmjs.org/oidc-client-ts/-/oidc-client-ts-3.0.0-beta.0.tgz",
+      "integrity": "sha512-LXd4/w6kzYe0Hc2d+orHR9ACmRVgUOtWxOttca5DoZgvWU1tWlMbIKfiiKRRLOsHejc2y28Q+JhvGofK8gfXyQ==",
+      "dependencies": {
+        "jwt-decode": "^4.0.0"
+      },
+      "engines": {
+        "node": ">=18"
+      }
+    },
     "node_modules/ol": {
       "version": "8.2.0",
       "resolved": "https://registry.npmjs.org/ol/-/ol-8.2.0.tgz",
@@ -15245,6 +15266,18 @@
         "react-dom": "^0.14 || ^15.0.0 || ^16.0.0 || ^17.0.0 || ^18.0.0"
       }
     },
+    "node_modules/react-oidc-context": {
+      "version": "3.0.0-beta.0",
+      "resolved": "https://registry.npmjs.org/react-oidc-context/-/react-oidc-context-3.0.0-beta.0.tgz",
+      "integrity": "sha512-Y3WjJ+2qBpNqkX7DTnYc2WRLhXajX2tCv2S5rSB05J9IOjAOBYPXArIlHbjp6UWnSBW8rGbobmoRB9clrqIcWg==",
+      "engines": {
+        "node": ">=18"
+      },
+      "peerDependencies": {
+        "oidc-client-ts": "^3.0.0-beta.0",
+        "react": ">=16.8.0"
+      }
+    },
     "node_modules/react-onclickoutside": {
       "version": "6.13.0",
       "resolved": "https://registry.npmjs.org/react-onclickoutside/-/react-onclickoutside-6.13.0.tgz",
diff --git a/src/client/package.json b/src/client/package.json
index 780f468b1..9336cae5b 100644
--- a/src/client/package.json
+++ b/src/client/package.json
@@ -39,6 +39,7 @@
     "lodash": "^4.17.21",
     "markdown-to-jsx": "^6.11.4",
     "moment": "^2.29.4",
+    "oidc-client-ts": "^3.0.0-beta.0",
     "ol": "^8.2.0",
     "proj4": "^2.9.2",
     "prop-types": "^15.8.1",
@@ -51,6 +52,7 @@
     "react-hook-form": "^7.48.2",
     "react-i18next": "^13.5.0",
     "react-number-format": "^5.3.1",
+    "react-oidc-context": "^3.0.0-beta.0",
     "react-query": "^3.39.3",
     "react-redux": "^7.2.9",
     "react-router-dom": "^5.3.4",

From a75c94b707e6cfbd62515d141c43f8927eca1762 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20L=C3=BCthi?= <philipp.luethi@geowerkstatt.ch>
Date: Thu, 14 Dec 2023 11:58:13 +0100
Subject: [PATCH 04/31] Implement oidc authentication in client

---
 src/client/src/api-lib/actions/index.js      |  10 +-
 src/client/src/api-lib/actions/user.js       |  10 +-
 src/client/src/api-lib/reducers/index.js     |   6 +-
 src/client/src/api/authentication.js         |   7 +-
 src/client/src/api/fetchApiV2.js             |   9 +-
 src/client/src/commons/menu/menuComponent.js |   6 +-
 src/client/src/index.js                      |  19 ++-
 src/client/src/pages/settings/dataLoader.js  | 131 +++----------------
 8 files changed, 53 insertions(+), 145 deletions(-)

diff --git a/src/client/src/api-lib/actions/index.js b/src/client/src/api-lib/actions/index.js
index 7bf7e57ad..180ac2f8b 100644
--- a/src/client/src/api-lib/actions/index.js
+++ b/src/client/src/api-lib/actions/index.js
@@ -1,6 +1,6 @@
 import axios from "axios";
 import store from "../reducers";
-import { getBasicAuthHeaderValue } from "../../api/authentication";
+import { getAuthorizationHeader } from "../../api/authentication";
 
 function getAuthorizationHeaders(headers = {}) {
   if (
@@ -8,11 +8,8 @@ function getAuthorizationHeaders(headers = {}) {
     store.getState().hasOwnProperty("core_user") &&
     store.getState().core_user.authentication !== null
   ) {
-    const credentials = store.getState().core_user.authentication;
-    headers.Authorization = getBasicAuthHeaderValue(
-      credentials.username,
-      credentials.password,
-    );
+    const authentication = store.getState().core_user.authentication;
+    headers.Authorization = getAuthorizationHeader(authentication);
     headers["bdms-authorization"] = "bdms-v1";
   }
   return headers;
@@ -173,7 +170,6 @@ export function fetch(path, action, method = "post", auth = null) {
             resolve(response.data, dispatch);
           })
           .catch(function (error) {
-            debugger;
             dispatch({
               type: action.type + "_CONNECTION_ERROR",
               path: path,
diff --git a/src/client/src/api-lib/actions/user.js b/src/client/src/api-lib/actions/user.js
index 5e15d277b..143836d7d 100644
--- a/src/client/src/api-lib/actions/user.js
+++ b/src/client/src/api-lib/actions/user.js
@@ -1,16 +1,10 @@
 import { fetch } from "./index";
 
-export function setAuthentication(
-  username,
-  password,
-  authentication = "basic",
-) {
+export function setAuthentication(user) {
   return {
     type: "SET_AUTHENTICATION",
     path: "/user",
-    username: username,
-    password: password,
-    authentication: authentication,
+    user: user,
   };
 }
 
diff --git a/src/client/src/api-lib/reducers/index.js b/src/client/src/api-lib/reducers/index.js
index 20c2f0a12..9e8d5a5ea 100644
--- a/src/client/src/api-lib/reducers/index.js
+++ b/src/client/src/api-lib/reducers/index.js
@@ -19,11 +19,7 @@ export function user() {
       case "SET_AUTHENTICATION": {
         return {
           ...state,
-          authentication: {
-            username: action.username,
-            password: action.password,
-            type: action.authentication,
-          },
+          authentication: action.user,
         };
       }
       case "UNSET_AUTHENTICATION": {
diff --git a/src/client/src/api/authentication.js b/src/client/src/api/authentication.js
index cd2bef777..9cc060806 100644
--- a/src/client/src/api/authentication.js
+++ b/src/client/src/api/authentication.js
@@ -1,6 +1,3 @@
-export function getBasicAuthHeaderValue(username, password) {
-  const encoder = new TextEncoder();
-  const data = encoder.encode(`${username}:${password}`);
-  const base64String = btoa(String.fromCharCode.apply(null, data));
-  return `Basic ${base64String}`;
+export function getAuthorizationHeader(authentication) {
+  return `${authentication.token_type} ${authentication.id_token}`;
 }
diff --git a/src/client/src/api/fetchApiV2.js b/src/client/src/api/fetchApiV2.js
index 596378054..8809cf825 100644
--- a/src/client/src/api/fetchApiV2.js
+++ b/src/client/src/api/fetchApiV2.js
@@ -1,6 +1,6 @@
 import store from "../reducers";
 import { useQuery, useMutation, useQueryClient } from "react-query";
-import { getBasicAuthHeaderValue } from "./authentication";
+import { getAuthorizationHeader } from "./authentication";
 
 /**
  * Fetch data from the C# Api.
@@ -19,13 +19,10 @@ export async function fetchApiV2(
   isFileDownload = false,
 ) {
   const baseUrl = "/api/v2/";
-  const credentials = store.getState().core_user.authentication;
+  const authentication = store.getState().core_user.authentication;
   const body = isFileUpload ? payload : JSON.stringify(payload);
   let headers = {
-    Authorization: getBasicAuthHeaderValue(
-      credentials.username,
-      credentials.password,
-    ),
+    Authorization: getAuthorizationHeader(authentication),
   };
   if (!isFileUpload && !isFileDownload)
     headers = { ...headers, "Content-Type": "application/json" };
diff --git a/src/client/src/commons/menu/menuComponent.js b/src/client/src/commons/menu/menuComponent.js
index 4fb1dffcd..8dbe5421a 100644
--- a/src/client/src/commons/menu/menuComponent.js
+++ b/src/client/src/commons/menu/menuComponent.js
@@ -1,6 +1,7 @@
 import React from "react";
 import { connect } from "react-redux";
 import PropTypes from "prop-types";
+import { withAuth } from "react-oidc-context";
 import { withTranslation } from "react-i18next";
 import _ from "lodash";
 
@@ -164,12 +165,11 @@ class MenuComponent extends React.Component {
                     <span
                       className="link linker"
                       onClick={() => {
+                        this.props.auth.removeUser();
                         this.props.unsetAuthentication();
                         if (_.isFunction(handleModeChange)) {
                           handleModeChange("viewer");
                         }
-                        // Clear cache
-                        // window.location.reload(true);
                       }}>
                       Logout
                     </span>
@@ -348,4 +348,4 @@ MenuComponent.propTypes = {
 export default connect(
   mapStateToProps,
   mapDispatchToProps,
-)(withTranslation(["common"])(MenuComponent));
+)(withAuth(withTranslation(["common"])(MenuComponent)));
diff --git a/src/client/src/index.js b/src/client/src/index.js
index ac4b743ba..c13401592 100644
--- a/src/client/src/index.js
+++ b/src/client/src/index.js
@@ -1,4 +1,5 @@
 import React from "react";
+import { AuthProvider } from "react-oidc-context";
 import { createRoot } from "react-dom/client";
 import { Provider } from "react-redux";
 
@@ -12,13 +13,29 @@ import "semantic-ui-css/semantic.css";
 
 import store from "./reducers";
 
+const onSigninCallback = user => {
+  window.history.replaceState({}, document.title, window.location.pathname);
+  store.dispatch({ type: "SET_", user });
+};
+
+const oidcConfig = {
+  // TODO: Use environment variables
+  authority: "http://localhost:4011",
+  client_id: "bdms-client",
+  scope: "openid profile email",
+  redirect_uri: window.location.origin,
+  onSigninCallback: onSigninCallback,
+};
+
 const container = document.getElementById("root");
 const root = createRoot(container);
 
 root.render(
   <I18nextProvider i18n={i18n}>
     <Provider store={store}>
-      <App />
+      <AuthProvider {...oidcConfig}>
+        <App />
+      </AuthProvider>
     </Provider>
   </I18nextProvider>,
 );
diff --git a/src/client/src/pages/settings/dataLoader.js b/src/client/src/pages/settings/dataLoader.js
index 8fd87149a..247e95ca6 100644
--- a/src/client/src/pages/settings/dataLoader.js
+++ b/src/client/src/pages/settings/dataLoader.js
@@ -1,12 +1,12 @@
-import React, { createRef } from "react";
+import React from "react";
 import { connect } from "react-redux";
 import PropTypes from "prop-types";
-import _ from "lodash";
 import { withTranslation } from "react-i18next";
+import { withAuth } from "react-oidc-context";
 import Markdown from "markdown-to-jsx";
 import TranslationKeys from "../../commons/translationKeys";
 
-import { Button, Input } from "semantic-ui-react";
+import { Button } from "semantic-ui-react";
 
 import {
   loadDomains,
@@ -20,7 +20,6 @@ import {
 class DataLoader extends React.Component {
   constructor(props) {
     super(props);
-    this.fieldToRef = createRef();
     this.state = {
       isFetching: true,
       title: {
@@ -41,13 +40,6 @@ class DataLoader extends React.Component {
   }
 
   componentDidMount() {
-    if (process.env.NODE_ENV === "development") {
-      this.props.setAuthentication("admin", "swissforages");
-    } else {
-      this.props.setAuthentication("", "");
-    }
-    this.fieldToRef.current.focus();
-
     getContent("login").then(r => {
       if (r.data.data !== null) {
         this.setState({
@@ -60,7 +52,12 @@ class DataLoader extends React.Component {
   }
 
   componentDidUpdate(prevProps) {
-    if (!_.isEqual(this.props.user.data, prevProps.user.data)) {
+    if (this.props.auth.isAuthenticated && !this.props.user?.authentication) {
+      this.props.setAuthentication(this.props.auth.user);
+    }
+
+    if (!prevProps.user?.authentication && this.props.user?.authentication) {
+      this.props.loadUser();
       this.props.loadSettings();
       this.props.loadDomains();
       this.props.loadBoreholeCount();
@@ -68,6 +65,10 @@ class DataLoader extends React.Component {
   }
 
   render() {
+    const isLoading =
+      this.props.auth.isLoading ||
+      this.props.auth.isAuthenticated ||
+      this.props.user.authentication;
     return (
       <div
         style={{
@@ -155,103 +156,21 @@ class DataLoader extends React.Component {
                 }}>
                 Sign in
               </div>
-              {/** Trick to disable autofill in chrome */}
-              <input
-                name="password"
-                style={{
-                  display: "none",
-                }}
-                type="password"
-              />
-              <div
-                style={{
-                  fontSize: "0.8em",
-                  paddingBottom: "4px",
-                }}>
-                Username
-              </div>
-              <Input
-                autoComplete="off"
-                fluid
-                onChange={e => {
-                  this.props.setAuthentication(
-                    e.target.value,
-                    this.props.user.authentication !== null
-                      ? this.props.user.authentication.password
-                      : "",
-                  );
-                }}
-                onKeyPress={e => {
-                  if (e.key === "Enter") {
-                    this.props.loadUser();
-                  }
-                }}
-                placeholder="username"
-                ref={this.fieldToRef}
-                value={
-                  this.props.user.authentication !== null
-                    ? this.props.user.authentication.username
-                    : ""
-                }
-              />
-
-              <div
-                style={{
-                  fontSize: "0.8em",
-                  padding: "8px 0px 4px 0px",
-                }}>
-                Password
-              </div>
-              <Input
-                autoComplete="off"
-                fluid
-                onChange={e => {
-                  this.props.setAuthentication(
-                    this.props.user.authentication !== null
-                      ? this.props.user.authentication.username
-                      : "",
-                    e.target.value,
-                  );
-                }}
-                onKeyPress={e => {
-                  if (e.key === "Enter") {
-                    this.props.loadUser();
-                  }
-                }}
-                placeholder="password"
-                type="password"
-                value={
-                  this.props.user.authentication !== null
-                    ? this.props.user.authentication.password
-                    : ""
-                }
-              />
               <Button
-                color={this.props.user.data !== null ? "green" : null}
+                color={isLoading ? "green" : null}
                 compact
                 content="Login"
                 fluid
-                loading={this.props.user.data !== null}
+                loading={isLoading}
                 onClick={() => {
-                  this.props.loadUser();
+                  this.props.auth.signinRedirect();
                 }}
-                primary={this.props.user.data === null}
+                primary={!isLoading}
                 size="small"
                 style={{
                   marginTop: "1.5em",
                 }}
               />
-              <div
-                style={{
-                  color: "red",
-                  fontSize: "0.8em",
-                }}>
-                {this.props.user.error === false ? (
-                  <span>&nbsp;</span>
-                ) : (
-                  "User or password wrong"
-                )}
-              </div>
             </div>
           </div>
 
@@ -270,13 +189,12 @@ class DataLoader extends React.Component {
 }
 
 DataLoader.propTypes = {
-  anonymousLogin: PropTypes.func,
   i18n: PropTypes.object,
   loadDomains: PropTypes.func,
   loadBoreholeCount: PropTypes.func,
   loadSettings: PropTypes.func,
   loadUser: PropTypes.func,
-  setAuthentication: PropTypes.func,
+  setUser: PropTypes.func,
   user: PropTypes.object,
 };
 
@@ -303,15 +221,8 @@ const mapDispatchToProps = dispatch => {
     loadUser: () => {
       dispatch(loadUser());
     },
-    setAuthentication: (username, password) => {
-      return dispatch(setAuthentication(username, password));
-    },
-    anonymousLogin: async (username, password) => {
-      await Promise.all([
-        dispatch(setAuthentication(username, password)),
-        dispatch(loadUser()),
-      ]);
-      return "ciao";
+    setAuthentication: user => {
+      dispatch(setAuthentication(user));
     },
   };
 };
@@ -319,4 +230,4 @@ const mapDispatchToProps = dispatch => {
 export default connect(
   mapStateToProps,
   mapDispatchToProps,
-)(withTranslation("common")(DataLoader));
+)(withAuth(withTranslation("common")(DataLoader)));

From 8f08aee1c31fc90a6cca133c4a5b3dee6e9d4216 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20L=C3=BCthi?= <philipp.luethi@geowerkstatt.ch>
Date: Thu, 14 Dec 2023 17:32:47 +0100
Subject: [PATCH 05/31] Enable runtime variables in client from .env or
 environment

---
 .gitignore                      |  3 +++
 docker-compose.yml              |  1 +
 src/client/.env                 |  1 +
 src/client/Dockerfile           |  3 +--
 src/client/package-lock.json    | 20 ++++++++++++++++----
 src/client/package.json         |  2 ++
 src/client/public/index.html    |  1 +
 src/client/react-environment.js | 26 ++++++++++++++++++++++++++
 src/client/server.js            |  5 +++++
 9 files changed, 56 insertions(+), 6 deletions(-)
 create mode 100644 src/client/react-environment.js

diff --git a/.gitignore b/.gitignore
index d6c9c18ef..c5bf1f423 100644
--- a/.gitignore
+++ b/.gitignore
@@ -412,6 +412,9 @@ src/client/cypress/screenshots
 # Dependencies
 /src/client/node_modules
 
+# Generated debug files
+src/client/public/env.js
+
 # Testing
 src/client/coverage
 
diff --git a/docker-compose.yml b/docker-compose.yml
index c36ebb55b..653aa0c1d 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -68,6 +68,7 @@ services:
         condition: service_healthy
     environment:
       REACT_APP_PROXY_HOST_API: http://api:5000/
+      REACT_APP_CLIENT_AUTHOROTY: http://localhost:4011/
       WATCHPACK_POLLING: 'true'
   api-legacy:
     build:
diff --git a/src/client/.env b/src/client/.env
index 2c4c17571..7eb59bb44 100644
--- a/src/client/.env
+++ b/src/client/.env
@@ -1 +1,2 @@
 REACT_APP_PROXY_HOST_API=http://localhost:5000/
+REACT_APP_CLIENT_AUTHOROTY=http://localhost:4011/
diff --git a/src/client/Dockerfile b/src/client/Dockerfile
index e2f744f97..493b96ec6 100644
--- a/src/client/Dockerfile
+++ b/src/client/Dockerfile
@@ -7,7 +7,7 @@ RUN apt-get -y install git vim curl htop python3 python3-pip
 RUN mkdir -p /app/src/client
 WORKDIR /app/src/client
 
-COPY ./package.json ./package-lock.json ./server.js ./
+COPY ./package.json ./package-lock.json ./
 RUN npm install
 
 # Build docs
@@ -30,7 +30,6 @@ WORKDIR /app
 
 COPY --from=development /app/src/client/node_modules /app/node_modules
 COPY --from=development /app/src/client/public/help /app/public/help
-COPY --from=development /app/src/client/server.js /app/server.js
 
 COPY . .
 
diff --git a/src/client/package-lock.json b/src/client/package-lock.json
index 9b771cfd9..2192c1936 100644
--- a/src/client/package-lock.json
+++ b/src/client/package-lock.json
@@ -15,6 +15,7 @@
         "@react-hook/resize-observer": "^1.2.6",
         "axios": "^1.6.2",
         "date-fns": "^2.30.0",
+        "dotenv": "^16.3.1",
         "express": "^4.18.2",
         "express-rate-limit": "^7.1.5",
         "http-proxy-middleware": "^2.0.6",
@@ -7739,11 +7740,14 @@
       }
     },
     "node_modules/dotenv": {
-      "version": "10.0.0",
-      "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-10.0.0.tgz",
-      "integrity": "sha512-rlBi9d8jpv9Sf1klPjNfFAuWDjKLwTIJJ/VxtoTwIR6hnZxcEOQCZg2oIL3MWBYw5GpUDKOEnND7LXTbIpQ03Q==",
+      "version": "16.3.1",
+      "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-16.3.1.tgz",
+      "integrity": "sha512-IPzF4w4/Rd94bA9imS68tZBaYyBWSCE47V1RGuMrB94iyTOIEwRmVL2x/4An+6mETpLrKJ5hQkB8W4kFAadeIQ==",
       "engines": {
-        "node": ">=10"
+        "node": ">=12"
+      },
+      "funding": {
+        "url": "https://github.com/motdotla/dotenv?sponsor=1"
       }
     },
     "node_modules/dotenv-expand": {
@@ -15493,6 +15497,14 @@
         }
       }
     },
+    "node_modules/react-scripts/node_modules/dotenv": {
+      "version": "10.0.0",
+      "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-10.0.0.tgz",
+      "integrity": "sha512-rlBi9d8jpv9Sf1klPjNfFAuWDjKLwTIJJ/VxtoTwIR6hnZxcEOQCZg2oIL3MWBYw5GpUDKOEnND7LXTbIpQ03Q==",
+      "engines": {
+        "node": ">=10"
+      }
+    },
     "node_modules/react-scripts/node_modules/fs-extra": {
       "version": "10.1.0",
       "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-10.1.0.tgz",
diff --git a/src/client/package.json b/src/client/package.json
index 9336cae5b..8cc10b7a7 100644
--- a/src/client/package.json
+++ b/src/client/package.json
@@ -29,6 +29,7 @@
     "@react-hook/resize-observer": "^1.2.6",
     "axios": "^1.6.2",
     "date-fns": "^2.30.0",
+    "dotenv": "^16.3.1",
     "express": "^4.18.2",
     "express-rate-limit": "^7.1.5",
     "http-proxy-middleware": "^2.0.6",
@@ -75,6 +76,7 @@
     "prettier": "^3.1.0"
   },
   "scripts": {
+    "prestart": "node -e \"require('\\.\\/react-environment.js').writeEnvJs()\"",
     "start": "react-scripts start",
     "build": "react-scripts build",
     "test": "cypress run",
diff --git a/src/client/public/index.html b/src/client/public/index.html
index d9c4cdc5e..e9b43e04a 100644
--- a/src/client/public/index.html
+++ b/src/client/public/index.html
@@ -9,6 +9,7 @@
     <meta name="theme-color" content="#000000">
     <link rel="shortcut icon" href="%PUBLIC_URL%/favicon.ico">
     <link href="%PUBLIC_URL%/fonts/fonts.css" rel="stylesheet">
+    <script src="env.js"></script>
 
     <style>
       .react-datepicker-wrapper {
diff --git a/src/client/react-environment.js b/src/client/react-environment.js
new file mode 100644
index 000000000..d85a56dcf
--- /dev/null
+++ b/src/client/react-environment.js
@@ -0,0 +1,26 @@
+const getEnvJsContent = env => {
+  var clientEnvVariables = Object.entries(env)
+    .filter((key, _) => key.toString().startsWith("REACT_APP_CLIENT_"))
+    .map(([key, value]) => [
+      key.toString().replace("REACT_APP_CLIENT_", ""),
+      value,
+    ]);
+  return (
+    "window.env = " +
+    JSON.stringify(Object.fromEntries(clientEnvVariables)) +
+    ";"
+  );
+};
+
+//write file env.js to public folder
+const writeEnvJs = () => {
+  const fs = require("fs");
+  const path = require("path");
+  require("dotenv").config();
+  fs.writeFileSync(
+    path.join(__dirname, "public", "env.js"),
+    getEnvJsContent(process.env),
+  );
+};
+
+module.exports = { getEnvJsContent, writeEnvJs };
diff --git a/src/client/server.js b/src/client/server.js
index c86a73022..0c828f7f0 100644
--- a/src/client/server.js
+++ b/src/client/server.js
@@ -1,3 +1,4 @@
+const { getEnvJsContent } = require("./react-environment.js");
 const express = require("express");
 const path = require("path");
 
@@ -20,6 +21,10 @@ app.get("/help/*", (req, res) => {
   res.sendFile(path.join(__dirname, "build", "help", "index.html"));
 });
 
+app.get("/env.js", (req, res) => {
+  res.send(getEnvJsContent(process.env));
+});
+
 app.get("*", (req, res) => {
   res.sendFile(path.join(__dirname, "build", "index.html"));
 });

From 2c9de9f4d01b2224f372766fe814023f81cff105 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20L=C3=BCthi?= <philipp.luethi@geowerkstatt.ch>
Date: Fri, 15 Dec 2023 09:09:45 +0100
Subject: [PATCH 06/31] Extract & Configure AuthProvider

---
 docker-compose.yml                          |  3 +-
 src/client/.env                             |  3 +-
 src/client/src/BdmsAuthProvider.js          | 45 +++++++++++++++++
 src/client/src/index.js                     | 20 ++------
 src/client/src/pages/settings/dataLoader.js | 55 +++++++++++----------
 5 files changed, 81 insertions(+), 45 deletions(-)
 create mode 100644 src/client/src/BdmsAuthProvider.js

diff --git a/docker-compose.yml b/docker-compose.yml
index 653aa0c1d..3de590761 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -68,7 +68,8 @@ services:
         condition: service_healthy
     environment:
       REACT_APP_PROXY_HOST_API: http://api:5000/
-      REACT_APP_CLIENT_AUTHOROTY: http://localhost:4011/
+      REACT_APP_CLIENT_AUTHORITY: http://localhost:4011/
+      REACT_APP_CLIENT_CLIENT_ID: bdms-client
       WATCHPACK_POLLING: 'true'
   api-legacy:
     build:
diff --git a/src/client/.env b/src/client/.env
index 7eb59bb44..880790c6b 100644
--- a/src/client/.env
+++ b/src/client/.env
@@ -1,2 +1,3 @@
 REACT_APP_PROXY_HOST_API=http://localhost:5000/
-REACT_APP_CLIENT_AUTHOROTY=http://localhost:4011/
+REACT_APP_CLIENT_AUTHORITY=http://localhost:4011/
+REACT_APP_CLIENT_CLIENT_ID=bdms-client
diff --git a/src/client/src/BdmsAuthProvider.js b/src/client/src/BdmsAuthProvider.js
new file mode 100644
index 000000000..f88e4dc66
--- /dev/null
+++ b/src/client/src/BdmsAuthProvider.js
@@ -0,0 +1,45 @@
+import { useEffect } from "react";
+import { AuthProvider, useAuth } from "react-oidc-context";
+import { useDispatch } from "react-redux";
+import { setAuthentication, unsetAuthentication } from "./api-lib";
+import { WebStorageStateStore } from "oidc-client-ts";
+
+const AuthenticationStoreSync = () => {
+  const auth = useAuth();
+  const dispatch = useDispatch();
+
+  useEffect(() => {
+    if (auth.user) {
+      dispatch(setAuthentication(auth.user));
+    }
+  }, [auth.user, dispatch]);
+};
+
+export const BdmsAuthProvider = props => {
+  const dispatch = useDispatch();
+
+  const onSigninCallback = user => {
+    window.history.replaceState({}, document.title, window.location.pathname);
+  };
+
+  const onRemoveUser = () => {
+    dispatch(unsetAuthentication());
+  };
+
+  const oidcConfig = {
+    authority: window.env.AUTHORITY,
+    client_id: window.env.CLIENT_ID,
+    scope: "openid profile email",
+    redirect_uri: window.location.origin,
+    userStore: new WebStorageStateStore({ store: window.localStorage }),
+    onSigninCallback,
+    onRemoveUser,
+  };
+
+  return (
+    <AuthProvider {...oidcConfig}>
+      <AuthenticationStoreSync />
+      {props.children}
+    </AuthProvider>
+  );
+};
diff --git a/src/client/src/index.js b/src/client/src/index.js
index c13401592..c8f41edce 100644
--- a/src/client/src/index.js
+++ b/src/client/src/index.js
@@ -1,5 +1,4 @@
 import React from "react";
-import { AuthProvider } from "react-oidc-context";
 import { createRoot } from "react-dom/client";
 import { Provider } from "react-redux";
 
@@ -8,34 +7,21 @@ import i18n from "./i18n";
 import "./index.css";
 import "ol/ol.css";
 import App from "./App";
+import { BdmsAuthProvider } from "./BdmsAuthProvider";
 
 import "semantic-ui-css/semantic.css";
 
 import store from "./reducers";
 
-const onSigninCallback = user => {
-  window.history.replaceState({}, document.title, window.location.pathname);
-  store.dispatch({ type: "SET_", user });
-};
-
-const oidcConfig = {
-  // TODO: Use environment variables
-  authority: "http://localhost:4011",
-  client_id: "bdms-client",
-  scope: "openid profile email",
-  redirect_uri: window.location.origin,
-  onSigninCallback: onSigninCallback,
-};
-
 const container = document.getElementById("root");
 const root = createRoot(container);
 
 root.render(
   <I18nextProvider i18n={i18n}>
     <Provider store={store}>
-      <AuthProvider {...oidcConfig}>
+      <BdmsAuthProvider>
         <App />
-      </AuthProvider>
+      </BdmsAuthProvider>
     </Provider>
   </I18nextProvider>,
 );
diff --git a/src/client/src/pages/settings/dataLoader.js b/src/client/src/pages/settings/dataLoader.js
index 247e95ca6..3335a223f 100644
--- a/src/client/src/pages/settings/dataLoader.js
+++ b/src/client/src/pages/settings/dataLoader.js
@@ -13,7 +13,6 @@ import {
   loadBoreholes,
   loadSettings,
   loadUser,
-  setAuthentication,
   getContent,
 } from "../../api-lib/index";
 
@@ -52,10 +51,6 @@ class DataLoader extends React.Component {
   }
 
   componentDidUpdate(prevProps) {
-    if (this.props.auth.isAuthenticated && !this.props.user?.authentication) {
-      this.props.setAuthentication(this.props.auth.user);
-    }
-
     if (!prevProps.user?.authentication && this.props.user?.authentication) {
       this.props.loadUser();
       this.props.loadSettings();
@@ -66,9 +61,7 @@ class DataLoader extends React.Component {
 
   render() {
     const isLoading =
-      this.props.auth.isLoading ||
-      this.props.auth.isAuthenticated ||
-      this.props.user.authentication;
+      this.props.auth?.isLoading || this.props.user?.authentication;
     return (
       <div
         style={{
@@ -156,21 +149,34 @@ class DataLoader extends React.Component {
                 }}>
                 Sign in
               </div>
-              <Button
-                color={isLoading ? "green" : null}
-                compact
-                content="Login"
-                fluid
-                loading={isLoading}
-                onClick={() => {
-                  this.props.auth.signinRedirect();
-                }}
-                primary={!isLoading}
-                size="small"
-                style={{
-                  marginTop: "1.5em",
-                }}
-              />
+              {isLoading ? (
+                <Button
+                  disabled
+                  color={"green"}
+                  compact
+                  loading
+                  content="Login"
+                  fluid
+                  size="small"
+                  style={{
+                    marginTop: "1.5em",
+                  }}
+                />
+              ) : (
+                <Button
+                  compact
+                  primary
+                  content="Login"
+                  fluid
+                  onClick={() => {
+                    this.props.auth.signinRedirect();
+                  }}
+                  size="small"
+                  style={{
+                    marginTop: "1.5em",
+                  }}
+                />
+              )}
             </div>
           </div>
 
@@ -221,9 +227,6 @@ const mapDispatchToProps = dispatch => {
     loadUser: () => {
       dispatch(loadUser());
     },
-    setAuthentication: user => {
-      dispatch(setAuthentication(user));
-    },
   };
 };
 

From 22cb1f83ef27d0792c5621189c4fa7796a0e9a43 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20L=C3=BCthi?= <philipp.luethi@geowerkstatt.ch>
Date: Fri, 15 Dec 2023 13:29:34 +0100
Subject: [PATCH 07/31] Remove username / password fields form preview

---
 src/client/src/commons/form/loginPreview.js | 62 +--------------------
 1 file changed, 3 insertions(+), 59 deletions(-)

diff --git a/src/client/src/commons/form/loginPreview.js b/src/client/src/commons/form/loginPreview.js
index 64173a6cf..903de6cef 100644
--- a/src/client/src/commons/form/loginPreview.js
+++ b/src/client/src/commons/form/loginPreview.js
@@ -1,18 +1,9 @@
-import React, { createRef } from "react";
+import React from "react";
 import PropTypes from "prop-types";
-import { Button, Input } from "semantic-ui-react";
+import { Button } from "semantic-ui-react";
 import Markdown from "markdown-to-jsx";
 
 class LoginPreview extends React.Component {
-  constructor(props) {
-    super(props);
-    this.fieldToRef = createRef();
-  }
-
-  componentDidMount() {
-    this.fieldToRef.current.focus();
-  }
-
   render() {
     return (
       <div
@@ -84,58 +75,11 @@ class LoginPreview extends React.Component {
             }}>
             Sign in
           </div>
-          {/** Trick to disable autofill in chrome */}
-          <input
-            name="password"
-            style={{
-              display: "none",
-            }}
-            type="password"
-          />
-          <div
-            style={{
-              fontSize: "0.8em",
-              paddingBottom: "4px",
-            }}>
-            Username
-          </div>
-          <Input
-            autoComplete="off"
-            fluid
-            placeholder="username"
-            ref={this.fieldToRef}
-            value={
-              this.props.user.authentication !== null
-                ? this.props.user.authentication.username
-                : ""
-            }
-          />
-
-          <div
-            style={{
-              fontSize: "0.8em",
-              padding: "8px 0px 4px 0px",
-            }}>
-            Password
-          </div>
-          <Input
-            autoComplete="off"
-            fluid
-            placeholder="password"
-            type="password"
-            value={
-              this.props.user.authentication !== null
-                ? this.props.user.authentication.password
-                : ""
-            }
-          />
           <Button
-            color={this.props.user.data !== null ? "green" : null}
             compact
             content="Login"
             fluid
-            loading={this.props.user.data !== null}
-            primary={this.props.user.data === null}
+            primary
             size="small"
             style={{
               marginTop: "1.5em",

From 9b72725829a38e60459690206eb165ef31cc66b0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20L=C3=BCthi?= <philipp.luethi@geowerkstatt.ch>
Date: Fri, 15 Dec 2023 13:35:33 +0100
Subject: [PATCH 08/31] Fixup: Load env.js from root when route is present

---
 src/client/public/index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/client/public/index.html b/src/client/public/index.html
index e9b43e04a..d5a8deeed 100644
--- a/src/client/public/index.html
+++ b/src/client/public/index.html
@@ -9,7 +9,7 @@
     <meta name="theme-color" content="#000000">
     <link rel="shortcut icon" href="%PUBLIC_URL%/favicon.ico">
     <link href="%PUBLIC_URL%/fonts/fonts.css" rel="stylesheet">
-    <script src="env.js"></script>
+    <script src="/env.js"></script>
 
     <style>
       .react-datepicker-wrapper {

From 3f30ca5b2e8351f9ded3a2c15f8d828e107f582b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20L=C3=BCthi?= <philipp.luethi@geowerkstatt.ch>
Date: Fri, 15 Dec 2023 13:42:44 +0100
Subject: [PATCH 09/31] Load env.js with the defer option

---
 src/client/public/index.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/client/public/index.html b/src/client/public/index.html
index d5a8deeed..225d61bef 100644
--- a/src/client/public/index.html
+++ b/src/client/public/index.html
@@ -9,7 +9,7 @@
     <meta name="theme-color" content="#000000">
     <link rel="shortcut icon" href="%PUBLIC_URL%/favicon.ico">
     <link href="%PUBLIC_URL%/fonts/fonts.css" rel="stylesheet">
-    <script src="/env.js"></script>
+    <script defer src="/env.js"></script>
 
     <style>
       .react-datepicker-wrapper {

From a3c3f2ddbe6bb3966e4686b6bde8daf76a9be66d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20L=C3=BCthi?= <philipp.luethi@geowerkstatt.ch>
Date: Thu, 21 Dec 2023 16:34:51 +0100
Subject: [PATCH 10/31] Fix transformation typo

---
 ...ion.cs => DatabaseAuthenticationClaimsTransformation.cs} | 6 +++---
 src/api/Program.cs                                          | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)
 rename src/api/Authentication/{DatabaseAuthenticationClaimsTranfomration.cs => DatabaseAuthenticationClaimsTransformation.cs} (90%)

diff --git a/src/api/Authentication/DatabaseAuthenticationClaimsTranfomration.cs b/src/api/Authentication/DatabaseAuthenticationClaimsTransformation.cs
similarity index 90%
rename from src/api/Authentication/DatabaseAuthenticationClaimsTranfomration.cs
rename to src/api/Authentication/DatabaseAuthenticationClaimsTransformation.cs
index 586ce77c0..eb363317d 100644
--- a/src/api/Authentication/DatabaseAuthenticationClaimsTranfomration.cs
+++ b/src/api/Authentication/DatabaseAuthenticationClaimsTransformation.cs
@@ -3,16 +3,16 @@
 
 namespace BDMS.Authentication;
 
-public class DatabaseAuthenticationClaimsTranfomration : IClaimsTransformation
+public class DatabaseAuthenticationClaimsTransformation : IClaimsTransformation
 {
     private readonly BdmsContext dbContext;
 
     /// <summary>
-    /// Initializes a new instance of the <see cref="DatabaseAuthenticationClaimsTranfomration"/> class.
+    /// Initializes a new instance of the <see cref="DatabaseAuthenticationClaimsTransformation"/> class.
     /// </summary>
     /// <param name="dbContext">The EF database context containing data for the BDMS application.</param>
     /// <exception cref="ArgumentNullException">If <paramref name="dbContext"/> is <c>null</c>.</exception>
-    public DatabaseAuthenticationClaimsTranfomration(BdmsContext dbContext)
+    public DatabaseAuthenticationClaimsTransformation(BdmsContext dbContext)
     {
         this.dbContext = dbContext ?? throw new ArgumentNullException(nameof(dbContext));
     }
diff --git a/src/api/Program.cs b/src/api/Program.cs
index 491aadb2d..564227825 100644
--- a/src/api/Program.cs
+++ b/src/api/Program.cs
@@ -24,7 +24,7 @@
 builder.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
     .AddJwtBearer(options => builder.Configuration.Bind("Auth", options));
 
-builder.Services.AddTransient<IClaimsTransformation, DatabaseAuthenticationClaimsTranfomration>();
+builder.Services.AddTransient<IClaimsTransformation, DatabaseAuthenticationClaimsTransformation>();
 
 builder.Services.AddAuthorization(options =>
 {

From edf7f40df03c8d215b5a7f227ab591425d52be56 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20L=C3=BCthi?= <philipp.luethi@geowerkstatt.ch>
Date: Fri, 22 Dec 2023 10:57:40 +0100
Subject: [PATCH 11/31] Remove unsetAuthentication from menuComponent

---
 src/client/src/commons/menu/menuComponent.js | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/src/client/src/commons/menu/menuComponent.js b/src/client/src/commons/menu/menuComponent.js
index 8dbe5421a..ebfc61a17 100644
--- a/src/client/src/commons/menu/menuComponent.js
+++ b/src/client/src/commons/menu/menuComponent.js
@@ -7,8 +7,6 @@ import _ from "lodash";
 
 import { List, Icon, Popup } from "semantic-ui-react";
 
-import { unsetAuthentication } from "../../api-lib/index";
-
 import Feedback from "../feedback/feedbackComponent";
 import TranslationText from "../form/translationText";
 import TranslationKeys from "../translationKeys";
@@ -166,7 +164,6 @@ class MenuComponent extends React.Component {
                       className="link linker"
                       onClick={() => {
                         this.props.auth.removeUser();
-                        this.props.unsetAuthentication();
                         if (_.isFunction(handleModeChange)) {
                           handleModeChange("viewer");
                         }
@@ -332,16 +329,12 @@ const mapStateToProps = state => {
 const mapDispatchToProps = dispatch => {
   return {
     dispatch: dispatch,
-    unsetAuthentication: (username, password) => {
-      dispatch(unsetAuthentication(username, password));
-    },
   };
 };
 
 MenuComponent.propTypes = {
   handleModeChange: PropTypes.func,
   mode: PropTypes.string,
-  unsetAuthentication: PropTypes.func,
   user: PropTypes.object,
 };
 

From f016abdb36fa899c3f4f89dbf0d9303b72040e25 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20L=C3=BCthi?= <philipp.luethi@geowerkstatt.ch>
Date: Fri, 22 Dec 2023 11:11:31 +0100
Subject: [PATCH 12/31] Enable token refreshes & auto logout after expiration

---
 src/client/src/BdmsAuthProvider.js | 26 +++++++++++++++-----------
 1 file changed, 15 insertions(+), 11 deletions(-)

diff --git a/src/client/src/BdmsAuthProvider.js b/src/client/src/BdmsAuthProvider.js
index f88e4dc66..443bfedae 100644
--- a/src/client/src/BdmsAuthProvider.js
+++ b/src/client/src/BdmsAuthProvider.js
@@ -1,4 +1,4 @@
-import { useEffect } from "react";
+import { useEffect, useState } from "react";
 import { AuthProvider, useAuth } from "react-oidc-context";
 import { useDispatch } from "react-redux";
 import { setAuthentication, unsetAuthentication } from "./api-lib";
@@ -8,32 +8,36 @@ const AuthenticationStoreSync = () => {
   const auth = useAuth();
   const dispatch = useDispatch();
 
+  const [userValueExpired, setUserValueExpired] = useState(false);
+
   useEffect(() => {
-    if (auth.user) {
+    if (auth.isLoading) return;
+
+    if (auth.user && !auth.user.expired) {
+      // Trigger delayed rerender to reevaluate user.expired value.
+      setTimeout(
+        () => setUserValueExpired(current => !current),
+        auth.user.expires_in * 1000,
+      );
       dispatch(setAuthentication(auth.user));
+    } else {
+      dispatch(unsetAuthentication());
     }
-  }, [auth.user, dispatch]);
+  }, [auth.user, userValueExpired, dispatch, auth.isLoading]);
 };
 
 export const BdmsAuthProvider = props => {
-  const dispatch = useDispatch();
-
   const onSigninCallback = user => {
     window.history.replaceState({}, document.title, window.location.pathname);
   };
 
-  const onRemoveUser = () => {
-    dispatch(unsetAuthentication());
-  };
-
   const oidcConfig = {
     authority: window.env.AUTHORITY,
     client_id: window.env.CLIENT_ID,
     scope: "openid profile email",
-    redirect_uri: window.location.origin,
+    redirect_uri: window.location.origin + window.location.pathname,
     userStore: new WebStorageStateStore({ store: window.localStorage }),
     onSigninCallback,
-    onRemoveUser,
   };
 
   return (

From 5dfc8c715521477dc6d6cac9326344f02d7615c1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20L=C3=BCthi?= <philipp.luethi@geowerkstatt.ch>
Date: Fri, 22 Dec 2023 10:57:00 +0100
Subject: [PATCH 13/31] Configure & start oidc-server for cypress tests

---
 .github/workflows/ci.yml    |  2 +-
 config/oidc-mock-users.json | 39 +++++++++++++++++++++++++++++++------
 docker-compose.yml          |  2 ++
 3 files changed, 36 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index fef987976..0d2be20a1 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -58,7 +58,7 @@ jobs:
         run: dotnet build BDMS.sln -c Release /warnaserror
 
       - name: Start db and api's
-        run: docker compose up --wait minio db api-legacy api
+        run: docker compose up --wait minio db api-legacy api oidc-server
 
       - working-directory: ./src/client
         run: npm ci
diff --git a/config/oidc-mock-users.json b/config/oidc-mock-users.json
index d14b774dc..02ed745f6 100644
--- a/config/oidc-mock-users.json
+++ b/config/oidc-mock-users.json
@@ -6,27 +6,54 @@
     "Claims": [
       {
         "Type": "name",
-        "Value": "Sam Jackson",
+        "Value": "Admin User",
         "ValueType": "string"
       },
       {
         "Type": "family_name",
-        "Value": "Jackson",
+        "Value": "User",
         "ValueType": "string"
       },
       {
         "Type": "given_name",
-        "Value": "Sam",
+        "Value": "Admin",
         "ValueType": "string"
       },
       {
-        "Type": "middle_name",
-        "Value": "L.",
+        "Type": "email",
+        "Value": "admin.user@local.dev",
+        "ValueType": "string"
+      },
+      {
+        "Type": "email_verified",
+        "Value": "true",
+        "ValueType": "boolean"
+      }
+    ]
+  },
+  {
+    "SubjectId":"editor",
+    "Username":"editor",
+    "Password":"swissforages",
+    "Claims": [
+      {
+        "Type": "name",
+        "Value": "Editor User",
+        "ValueType": "string"
+      },
+      {
+        "Type": "family_name",
+        "Value": "User",
+        "ValueType": "string"
+      },
+      {
+        "Type": "given_name",
+        "Value": "Editor",
         "ValueType": "string"
       },
       {
         "Type": "email",
-        "Value": "sam.tailor@gmail.com",
+        "Value": "editor.user@local.dev",
         "ValueType": "string"
       },
       {
diff --git a/docker-compose.yml b/docker-compose.yml
index 3de590761..22165bcc8 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -120,6 +120,7 @@ services:
       DOTNET_USE_POLLING_FILE_WATCHER: 1
       CONNECTIONSTRINGS__BdmsContext: Host=db;Username=SPAWNPLOW;Password=YELLOWSPATULA;Database=bdms;CommandTimeout=300
       ReverseProxy__Clusters__pythonApi__Destinations__legacyApi__Address: "http://api-legacy:8888/"
+      Auth__Authority: http://oidc-server
       S3__ENDPOINT: http://minio:9000
       S3__SECURE: 1
   oidc-server:
@@ -131,6 +132,7 @@ services:
       USERS_CONFIGURATION_PATH: /tmp/config/users-config.json
       SERVER_OPTIONS_INLINE: |
         {
+          "IssuerUri": "http://localhost:4011",
           "AccessTokenJwtType": "JWT",
           "Discovery": {
             "ShowKeySet": true

From 08d4359df9d0b4b31c5c7ccdb06fbdc8dc7660ea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20L=C3=BCthi?= <philipp.luethi@geowerkstatt.ch>
Date: Fri, 22 Dec 2023 11:28:07 +0100
Subject: [PATCH 14/31] Implement OIDC lifecycle in cypress tests

Remove some UI navigations
---
 .../cypress/e2e/admin/aboutSettings.cy.js     |  11 +-
 .../cypress/e2e/admin/loginScreen.cy.js       |   5 +-
 .../e2e/admin/userAdministration.cy.js        |   3 +-
 src/client/cypress/e2e/app.cy.js              |   3 +
 src/client/cypress/e2e/boreholeList.cy.js     |   5 +-
 src/client/cypress/e2e/codeList.cy.js         |  23 +-
 .../e2e/editor/boreholeEditorTable.cy.js      |   5 +-
 src/client/cypress/e2e/editor/bulkedit.cy.js  |  77 ++----
 .../e2e/editor/chronostratigraphy.cy.js       |  45 ++--
 .../cypress/e2e/editor/copyBorehole.cy.js     |   5 +-
 .../cypress/e2e/editor/fieldMeasurement.cy.js |  13 +-
 .../editor/groundwaterLevelMeasurement.cy.js  |  13 +-
 src/client/cypress/e2e/editor/hydrotest.cy.js |  13 +-
 src/client/cypress/e2e/editor/import.cy.js    |  99 +++----
 .../cypress/e2e/editor/instrumentation.cy.js  |   5 +-
 .../e2e/editor/lithostratigraphy.cy.js        |  47 ++--
 .../cypress/e2e/editor/waterIngress.cy.js     |  13 +-
 src/client/cypress/e2e/filter.cy.js           |  26 +-
 .../cypress/e2e/hierarchicalDataFilter.cy.js  |  11 +-
 src/client/cypress/e2e/srsFilter.cy.js        |   8 +-
 src/client/cypress/e2e/testHelpers.js         | 249 ++++++++++--------
 .../cypress/e2e/viewer/displayLayer.cy.js     |   8 +-
 src/client/src/pages/settings/dataLoader.js   |   2 +-
 23 files changed, 380 insertions(+), 309 deletions(-)

diff --git a/src/client/cypress/e2e/admin/aboutSettings.cy.js b/src/client/cypress/e2e/admin/aboutSettings.cy.js
index b24df7783..c390ef11b 100644
--- a/src/client/cypress/e2e/admin/aboutSettings.cy.js
+++ b/src/client/cypress/e2e/admin/aboutSettings.cy.js
@@ -1,9 +1,10 @@
-import { login } from "../testHelpers";
+import { loginAsAdmin } from "../testHelpers";
 import license from "../../fixtures/license.json";
 
 describe("Admin about page tests", () => {
   it("shows version information linking the corresponding release on GitHub.", () => {
-    login("/setting/about");
+    loginAsAdmin();
+    cy.visit("/setting/about");
 
     cy.get('[data-cy="version"]')
       .should("contain", "0.0.99+dev")
@@ -16,7 +17,8 @@ describe("Admin about page tests", () => {
 
   it("shows license information (with fixtures)", () => {
     cy.intercept("/license.json", license);
-    login("/setting/about");
+    loginAsAdmin();
+    cy.visit("/setting/about");
 
     cy.get('[data-cy^="credits-"]').should("have.length", 2);
     cy.get('[data-cy="credits-example-js@0.0.999"]').should(
@@ -30,7 +32,8 @@ describe("Admin about page tests", () => {
   });
 
   it("shows license information (without fixtures)", () => {
-    login("/setting/about");
+    loginAsAdmin();
+    cy.visit("/setting/about");
     cy.get('[data-cy^="credits-"]').should("have.length.above", 0);
   });
 });
diff --git a/src/client/cypress/e2e/admin/loginScreen.cy.js b/src/client/cypress/e2e/admin/loginScreen.cy.js
index 4af52443b..2720da6ce 100644
--- a/src/client/cypress/e2e/admin/loginScreen.cy.js
+++ b/src/client/cypress/e2e/admin/loginScreen.cy.js
@@ -1,8 +1,9 @@
-import { login } from "../testHelpers";
+import { loginAsAdmin } from "../testHelpers";
 
 describe("Admin login preview tests", () => {
   it("displays correct message when publishing a new welcome message.", () => {
-    login("/setting/login");
+    loginAsAdmin();
+    cy.visit("/setting/login");
 
     // Initial button state
     cy.get('[data-cy="save-welcome-message-button"]').should("not.be.visible");
diff --git a/src/client/cypress/e2e/admin/userAdministration.cy.js b/src/client/cypress/e2e/admin/userAdministration.cy.js
index cde07f54c..2b73b877b 100644
--- a/src/client/cypress/e2e/admin/userAdministration.cy.js
+++ b/src/client/cypress/e2e/admin/userAdministration.cy.js
@@ -2,7 +2,8 @@ import { loginAsAdmin } from "../testHelpers";
 
 describe("Admin settings test", () => {
   beforeEach(() => {
-    loginAsAdmin("/setting/admin");
+    loginAsAdmin();
+    cy.visit("/setting/admin");
 
     cy.get('[data-cy="user-list-table-body"]')
       .children()
diff --git a/src/client/cypress/e2e/app.cy.js b/src/client/cypress/e2e/app.cy.js
index 1ca6ed332..c32cffb51 100644
--- a/src/client/cypress/e2e/app.cy.js
+++ b/src/client/cypress/e2e/app.cy.js
@@ -3,6 +3,7 @@ import { loginAsAdmin, loginAsEditorInViewerMode } from "./testHelpers";
 describe("General app tests", () => {
   it("Displays the login page in the correct language", () => {
     // default is english
+    cy.session("logged out", () => cy.visit("/"));
     cy.visit("/");
     cy.contains("Sign in");
     cy.contains("Welcome to");
@@ -25,12 +26,14 @@ describe("General app tests", () => {
 
   it("Displays the current host as app title", () => {
     loginAsEditorInViewerMode();
+    cy.visit("/");
     cy.get('[data-cy="app-title"]').contains("localhost");
   });
 
   it("Correctly navigates back and forth from settings", () => {
     // correctly navigate back to viewer mode
     loginAsAdmin();
+    cy.visit("/");
     cy.get('[data-cy="menu"]').click();
     cy.get('[data-cy="settings-list-item"]').click();
     cy.contains("h3", "Done").click();
diff --git a/src/client/cypress/e2e/boreholeList.cy.js b/src/client/cypress/e2e/boreholeList.cy.js
index b1e204ee1..34581c272 100644
--- a/src/client/cypress/e2e/boreholeList.cy.js
+++ b/src/client/cypress/e2e/boreholeList.cy.js
@@ -4,6 +4,7 @@ describe("Borehole list tests", () => {
   it("Boreholes are displayed in correct order with editor login", () => {
     cy.intercept("/api/v1/borehole").as("borehole");
     loginAsEditorInViewerMode();
+    cy.visit("/");
 
     cy.get("div[id=map]").should("be.visible");
 
@@ -80,7 +81,8 @@ describe("Borehole list tests", () => {
   it("Boreholes are displayed in correct order with admin login", () => {
     cy.intercept("/api/v1/borehole").as("borehole");
     cy.intercept("/api/v1/borehole/edit").as("editorBorehole");
-    loginAsAdmin("/editor");
+    loginAsAdmin();
+    cy.visit("/editor");
 
     cy.wait("@editorBorehole");
     cy.get("div[id=map]").should("be.visible");
@@ -173,6 +175,7 @@ describe("Borehole list tests", () => {
 
   it("preserves column sorting and active page when navigating", () => {
     loginAsEditorInViewerMode();
+    cy.visit("/");
 
     // sort by name ascending
     cy.contains("div", "Original name")
diff --git a/src/client/cypress/e2e/codeList.cy.js b/src/client/cypress/e2e/codeList.cy.js
index 56969e358..485c80333 100644
--- a/src/client/cypress/e2e/codeList.cy.js
+++ b/src/client/cypress/e2e/codeList.cy.js
@@ -4,11 +4,8 @@ describe("Codelist translations tests", () => {
   it("Admin can open codelist translation section", () => {
     // Login and navigate to editor settings
     loginAsAdmin();
-    cy.get("div[id=map]").should("be.visible");
+    cy.visit("/setting/editor");
 
-    cy.get("i[class='th big icon']").click();
-    cy.contains("h4", "Settings").click();
-    cy.contains("h3", "Editor").click();
     cy.get("button").should("not.contain", "Collapse");
 
     cy.contains("div", "Codelist translations")
@@ -22,11 +19,7 @@ describe("Codelist translations tests", () => {
 
   it("Admin can edit translations", () => {
     loginAsAdmin();
-    cy.get("div[id=map]").should("be.visible");
-
-    cy.get("i[class='th big icon']").click();
-    cy.contains("h4", "Settings").click();
-    cy.contains("h3", "Editor").click();
+    cy.visit("/setting/editor");
     cy.contains("div", "Codelist translations")
       .parent("div")
       .children("div")
@@ -88,22 +81,14 @@ describe("Codelist translations tests", () => {
 
   it("Editor cannot open codelist translation section", () => {
     loginAsEditorInViewerMode();
-    cy.get("div[id=map]").should("be.visible");
-
-    cy.get("i[class='th big icon']").click();
-    cy.contains("h4", "Settings").click();
-    cy.contains("h3", "Editor").click();
+    cy.visit("/setting/editor");
     // Codelist translation section is not available
     cy.get("div").should("not.contain", "Codelist translations");
   });
 
   it("Admin can edit order", () => {
     loginAsAdmin();
-    cy.get("div[id=map]").should("be.visible");
-
-    cy.get("i[class='th big icon']").click();
-    cy.contains("h4", "Settings").click();
-    cy.contains("h3", "Editor").click();
+    cy.visit("/setting/editor");
     cy.contains("div", "Codelist translations")
       .parent("div")
       .children("div")
diff --git a/src/client/cypress/e2e/editor/boreholeEditorTable.cy.js b/src/client/cypress/e2e/editor/boreholeEditorTable.cy.js
index 1f53ae29e..99deb31dd 100644
--- a/src/client/cypress/e2e/editor/boreholeEditorTable.cy.js
+++ b/src/client/cypress/e2e/editor/boreholeEditorTable.cy.js
@@ -1,8 +1,9 @@
-import { login } from "../../e2e/testHelpers";
+import { loginAsAdmin } from "../../e2e/testHelpers";
 
 describe("Borehole editor table tests", () => {
   it("preserves column sorting and active page when navigating", () => {
-    login("/editor");
+    loginAsAdmin();
+    cy.visit("/editor");
 
     // sort by name ascending
     cy.contains("th", "Original name").click();
diff --git a/src/client/cypress/e2e/editor/bulkedit.cy.js b/src/client/cypress/e2e/editor/bulkedit.cy.js
index 58db6243e..f910fd036 100644
--- a/src/client/cypress/e2e/editor/bulkedit.cy.js
+++ b/src/client/cypress/e2e/editor/bulkedit.cy.js
@@ -1,55 +1,18 @@
-import { createBorehole, login, adminUserAuth } from "../testHelpers";
-
-export const changeWorkgroupRoleForUser = (
-  workgroupId,
-  userId,
-  role,
-  action,
-) => {
-  return cy
-    .request({
-      method: "POST",
-      url: "/api/v1/user/workgroup/edit",
-      body: {
-        action: action,
-        id: workgroupId,
-      },
-      auth: adminUserAuth,
-    })
-    .then(res => {
-      expect(res.body).to.have.property("success", true);
-      cy.request({
-        method: "POST",
-        url: "/api/v1/user/workgroup/edit",
-        body: {
-          action: "SET",
-          user_id: userId,
-          workgroup_id: workgroupId,
-          role_name: role,
-          active: action === "ENABLE" ? true : false,
-        },
-        auth: adminUserAuth,
-      }).then(res => {
-        expect(res.body).to.have.property("success", true);
-        cy.request({
-          method: "GET",
-          url: "/api/v2/user",
-          auth: adminUserAuth,
-        });
-      });
-    });
-};
+import { createBorehole, loginAsAdmin } from "../testHelpers";
+import adminUser from "../../fixtures/adminUser.json";
 
 describe("Test the borehole bulk edit feature.", () => {
   it("opens the bulk edit dialog with all boreholes selected", () => {
-    login("/editor");
+    loginAsAdmin();
+    cy.visit("/editor");
     cy.get('[data-cy="borehole-table"] thead .checkbox').click({ force: true });
     cy.contains("button", "Bulk editing").click({ force: true });
     cy.wait("@edit_ids");
   });
 
   it("checks if all toggle buttons do something", () => {
-    login("/editor");
+    loginAsAdmin();
+    cy.visit("/editor");
     cy.get('[data-cy="borehole-table"] thead .checkbox').click({ force: true });
     cy.contains("button", "Bulk editing").click({ force: true });
 
@@ -64,13 +27,26 @@ describe("Test the borehole bulk edit feature.", () => {
   });
 
   it("displays workgroup toggle only if user has permission for more than one workgroup", () => {
-    login("/editor");
+    loginAsAdmin();
+    cy.visit("/editor");
     cy.get('[data-cy="borehole-table"] thead .checkbox').click({ force: true });
     cy.contains("button", "Bulk editing").click({ force: true });
-
     cy.get(".modal .toggle").should("have.length", 30);
-    changeWorkgroupRoleForUser(6, 1, "EDIT", "ENABLE");
-    login("/editor");
+
+    loginAsAdmin("admin");
+    const adminUser2Workgroups = Object.assign({}, adminUser);
+    adminUser2Workgroups.data.workgroups.push({
+      id: 6,
+      workgroup: "Blue",
+      roles: ["EDIT"],
+      disabled: null,
+      supplier: false,
+    });
+    cy.intercept("/api/v1/user", {
+      statusCode: 200,
+      body: JSON.stringify(adminUser2Workgroups),
+    }).as("adminUser2Workgroups");
+    cy.visit("/editor");
     cy.get('[data-cy="borehole-table"] thead .checkbox').click({ force: true });
     cy.contains("button", "Bulk editing").click({ force: true });
 
@@ -83,16 +59,15 @@ describe("Test the borehole bulk edit feature.", () => {
         cy.wrap(el).scrollIntoView().click();
         cy.get('.modal [role="option"]').eq(0).click({ force: true });
       });
-    changeWorkgroupRoleForUser(6, 1, "EDIT", "DISABLE");
   });
 
   it("fills all bulkedit fields and saves.", () => {
-    login("/editor");
-
     // create boreholes
     createBorehole({ "extended.original_name": "NINTIC" }).as("borehole_id_1");
     createBorehole({ "extended.original_name": "LOMONE" }).as("borehole_id_2");
-    cy.contains("a", "Refresh").click();
+
+    loginAsAdmin();
+    cy.visit("/editor");
     cy.wait("@borehole");
 
     // select the boreholes for bulk edit
diff --git a/src/client/cypress/e2e/editor/chronostratigraphy.cy.js b/src/client/cypress/e2e/editor/chronostratigraphy.cy.js
index 8e6ca5649..486e3276d 100644
--- a/src/client/cypress/e2e/editor/chronostratigraphy.cy.js
+++ b/src/client/cypress/e2e/editor/chronostratigraphy.cy.js
@@ -1,8 +1,8 @@
 import {
   createBorehole,
   createStratigraphy,
-  adminUserAuth,
-  login,
+  loginAsAdmin,
+  bearerAuth,
 } from "../testHelpers";
 
 describe("Tests for the chronostratigraphy editor.", () => {
@@ -49,31 +49,34 @@ describe("Tests for the chronostratigraphy editor.", () => {
           ],
         };
         Object.entries(layers).forEach(([key, value]) => {
-          value.forEach(layer => {
-            cy.request({
-              method: "POST",
-              url: "/api/v2/" + key,
-              cache: "no-cache",
-              credentials: "same-origin",
-              headers: {
-                "Content-Type": "application/json",
-              },
-              body: {
-                stratigraphyId: response.body.id,
-                ...layer,
-              },
-              auth: adminUserAuth,
-            }).then(response => {
-              expect(response).to.have.property("status", 200);
+          cy.get("@id_token").then(token => {
+            value.forEach(layer => {
+              cy.request({
+                method: "POST",
+                url: "/api/v2/" + key,
+                cache: "no-cache",
+                credentials: "same-origin",
+                headers: {
+                  "Content-Type": "application/json",
+                },
+                body: {
+                  stratigraphyId: response.body.id,
+                  ...layer,
+                },
+                auth: bearerAuth(token),
+              }).then(response => {
+                expect(response).to.have.property("status", 200);
+              });
             });
           });
         });
       });
 
     // open chronostratigraphy editor
-    cy.get("@borehole_id").then(id =>
-      login(`editor/${id}/stratigraphy/chronostratigraphy`),
-    );
+    cy.get("@borehole_id").then(id => {
+      loginAsAdmin();
+      cy.visit(`editor/${id}/stratigraphy/chronostratigraphy`);
+    });
     cy.wait("@layer-by-profileId");
 
     // start editing session
diff --git a/src/client/cypress/e2e/editor/copyBorehole.cy.js b/src/client/cypress/e2e/editor/copyBorehole.cy.js
index 9d6c315d2..d4323badb 100644
--- a/src/client/cypress/e2e/editor/copyBorehole.cy.js
+++ b/src/client/cypress/e2e/editor/copyBorehole.cy.js
@@ -1,10 +1,11 @@
-import { createBorehole, login } from "../testHelpers";
+import { createBorehole, loginAsAdmin } from "../testHelpers";
 
 describe("Test copying of boreholes", () => {
   it("copies a borehole", () => {
-    login("/editor");
     createBorehole({ "extended.original_name": "NINTIC" }).as("borehole_id_1");
 
+    loginAsAdmin();
+    cy.visit("/editor");
     cy.get('[data-cy="borehole-table"] tbody')
       .children()
       .eq(1)
diff --git a/src/client/cypress/e2e/editor/fieldMeasurement.cy.js b/src/client/cypress/e2e/editor/fieldMeasurement.cy.js
index 2a298a6d5..d2b01995a 100644
--- a/src/client/cypress/e2e/editor/fieldMeasurement.cy.js
+++ b/src/client/cypress/e2e/editor/fieldMeasurement.cy.js
@@ -1,4 +1,8 @@
-import { createBorehole, createStratigraphy, login } from "../testHelpers";
+import {
+  createBorehole,
+  createStratigraphy,
+  loginAsAdmin,
+} from "../testHelpers";
 
 describe("Tests for the field measurement editor.", () => {
   beforeEach(function () {
@@ -11,9 +15,10 @@ describe("Tests for the field measurement editor.", () => {
       });
 
     // open field measurement editor
-    cy.get("@borehole_id").then(id =>
-      login(`editor/${id}/hydrogeology/fieldmeasurement`),
-    );
+    cy.get("@borehole_id").then(id => {
+      loginAsAdmin();
+      cy.visit(`editor/${id}/hydrogeology/fieldmeasurement`);
+    });
 
     // start editing session
     cy.contains("a", "Start editing").click();
diff --git a/src/client/cypress/e2e/editor/groundwaterLevelMeasurement.cy.js b/src/client/cypress/e2e/editor/groundwaterLevelMeasurement.cy.js
index c212ac3f6..d04619812 100644
--- a/src/client/cypress/e2e/editor/groundwaterLevelMeasurement.cy.js
+++ b/src/client/cypress/e2e/editor/groundwaterLevelMeasurement.cy.js
@@ -1,4 +1,8 @@
-import { createBorehole, createStratigraphy, login } from "../testHelpers";
+import {
+  createBorehole,
+  createStratigraphy,
+  loginAsAdmin,
+} from "../testHelpers";
 
 describe("Tests for the groundwater level measurement editor.", () => {
   beforeEach(function () {
@@ -11,9 +15,10 @@ describe("Tests for the groundwater level measurement editor.", () => {
       });
 
     // open groundwater level measurement editor
-    cy.get("@borehole_id").then(id =>
-      login(`editor/${id}/hydrogeology/groundwaterlevelmeasurement`),
-    );
+    cy.get("@borehole_id").then(id => {
+      loginAsAdmin();
+      cy.visit(`editor/${id}/hydrogeology/groundwaterlevelmeasurement`);
+    });
 
     // start editing session
     cy.contains("a", "Start editing").click();
diff --git a/src/client/cypress/e2e/editor/hydrotest.cy.js b/src/client/cypress/e2e/editor/hydrotest.cy.js
index c4f1a3f70..53a4c05b5 100644
--- a/src/client/cypress/e2e/editor/hydrotest.cy.js
+++ b/src/client/cypress/e2e/editor/hydrotest.cy.js
@@ -1,4 +1,8 @@
-import { createBorehole, createStratigraphy, login } from "../testHelpers";
+import {
+  createBorehole,
+  createStratigraphy,
+  loginAsAdmin,
+} from "../testHelpers";
 
 const openDropdown = dataCy => {
   cy.get(`[data-cy="${dataCy}"]`)
@@ -34,9 +38,10 @@ describe("Tests for the hydrotest editor.", () => {
       });
 
     // open hydrotest editor
-    cy.get("@borehole_id").then(id =>
-      login(`editor/${id}/hydrogeology/hydrotest`),
-    );
+    cy.get("@borehole_id").then(id => {
+      loginAsAdmin();
+      cy.visit(`editor/${id}/hydrogeology/hydrotest`);
+    });
 
     // start editing session
     cy.contains("a", "Start editing").click();
diff --git a/src/client/cypress/e2e/editor/import.cy.js b/src/client/cypress/e2e/editor/import.cy.js
index 60512de58..be0b42e00 100644
--- a/src/client/cypress/e2e/editor/import.cy.js
+++ b/src/client/cypress/e2e/editor/import.cy.js
@@ -1,8 +1,9 @@
-import { login, getImportFileFromFixtures } from "../../e2e/testHelpers";
+import { loginAsAdmin, getImportFileFromFixtures } from "../../e2e/testHelpers";
 
 describe("Test for importing boreholes.", () => {
   it("Successfully imports multiple boreholes.", () => {
-    login("/editor");
+    loginAsAdmin();
+    cy.visit("/editor");
     cy.contains("a", "Import").click();
 
     // Select borehole csv file
@@ -77,31 +78,35 @@ describe("Test for importing boreholes.", () => {
   });
 
   it("Displays borehole validation errors.", () => {
-    login("/editor");
+    loginAsAdmin();
+    cy.visit("/editor");
     cy.contains("a", "Import").click();
 
     // Select borehole csv file
-    let boreholeFile = new DataTransfer();
     getImportFileFromFixtures(
       "boreholes-missing-fields-and-duplicates.csv",
       null,
-    ).then(fileContent => {
-      const file = new File(
-        [fileContent],
-        "boreholes-missing-fields-and-duplicates.csv",
-        {
-          type: "text/csv",
-        },
-      );
-      boreholeFile.items.add(file);
-    });
-
-    cy.get('[data-cy="import-boreholeFile-input"]').within(() => {
-      cy.get("input[type=file]", { force: true }).then(input => {
-        input[0].files = boreholeFile.files;
-        input[0].dispatchEvent(new Event("change", { bubbles: true }));
+    )
+      .then(fileContent => {
+        const file = new File(
+          [fileContent],
+          "boreholes-missing-fields-and-duplicates.csv",
+          {
+            type: "text/csv",
+          },
+        );
+        let boreholeFile = new DataTransfer();
+        boreholeFile.items.add(file);
+        return boreholeFile;
+      })
+      .then(boreholeFile => {
+        cy.get('[data-cy="import-boreholeFile-input"]').within(() => {
+          cy.get("input[type=file]", { force: true }).then(input => {
+            input[0].files = boreholeFile.files;
+            input[0].dispatchEvent(new Event("change", { bubbles: true }));
+          });
+        });
       });
-    });
 
     cy.intercept("/api/v2/upload?workgroupId=1").as("borehole-upload");
 
@@ -123,45 +128,51 @@ describe("Test for importing boreholes.", () => {
   });
 
   it("Displays lithology validation errors.", () => {
-    login("/editor");
+    loginAsAdmin();
+    cy.visit("/editor");
     cy.contains("a", "Import").click();
 
     // Select borehole csv file
-    let boreholeFile = new DataTransfer();
-    getImportFileFromFixtures("boreholes-multiple-valid.csv", null).then(
-      fileContent => {
+    getImportFileFromFixtures("boreholes-multiple-valid.csv", null)
+      .then(fileContent => {
         const file = new File([fileContent], "boreholes-multiple-valid.csv", {
           type: "text/csv",
         });
+        let boreholeFile = new DataTransfer();
         boreholeFile.items.add(file);
-      },
-    );
-
-    cy.get('[data-cy="import-boreholeFile-input"]').within(() => {
-      cy.get("input[type=file]", { force: true }).then(input => {
-        input[0].files = boreholeFile.files;
-        input[0].dispatchEvent(new Event("change", { bubbles: true }));
+        return boreholeFile;
+      })
+      .then(boreholeFile => {
+        cy.get('[data-cy="import-boreholeFile-input"]').within(() => {
+          cy.get("input[type=file]", { force: true }).then(input => {
+            input[0].files = boreholeFile.files;
+            input[0].dispatchEvent(new Event("change", { bubbles: true }));
+          });
+        });
       });
-    });
 
     // Select lithology csv file
-    let lithologyFile = new DataTransfer();
     getImportFileFromFixtures(
       "lithology-single-not-valid.csv",
       null,
       "invalid-lithology",
-    ).then(fileContent => {
-      const file = new File([fileContent], "lithology-single-not-valid.csv", {
-        type: "text/csv",
-      });
-      lithologyFile.items.add(file);
-    });
-    cy.get('[data-cy="import-lithologyFile-input"]').within(() => {
-      cy.get("input[type=file]", { force: true }).then(input => {
-        input[0].files = lithologyFile.files;
-        input[0].dispatchEvent(new Event("change", { bubbles: true }));
+    )
+      .then(fileContent => {
+        const file = new File([fileContent], "lithology-single-not-valid.csv", {
+          type: "text/csv",
+        });
+        let lithologyFile = new DataTransfer();
+        lithologyFile.items.add(file);
+        return lithologyFile;
+      })
+      .then(lithologyFile => {
+        cy.get('[data-cy="import-lithologyFile-input"]').within(() => {
+          cy.get("input[type=file]", { force: true }).then(input => {
+            input[0].files = lithologyFile.files;
+            input[0].dispatchEvent(new Event("change", { bubbles: true }));
+          });
+        });
       });
-    });
 
     cy.intercept("/api/v2/upload?workgroupId=1").as("borehole-upload");
 
diff --git a/src/client/cypress/e2e/editor/instrumentation.cy.js b/src/client/cypress/e2e/editor/instrumentation.cy.js
index 6fbc2c040..a9e768bdc 100644
--- a/src/client/cypress/e2e/editor/instrumentation.cy.js
+++ b/src/client/cypress/e2e/editor/instrumentation.cy.js
@@ -1,5 +1,5 @@
 import {
-  loginAsViewer,
+  loginAsEditorInViewerMode,
   createBorehole,
   createAndEditBoreholeAsAdmin,
 } from "../testHelpers";
@@ -7,7 +7,8 @@ import {
 describe("Instrumentation tests", () => {
   it("Displays correct 'No Instumentation' message when logged in as viewer and no stratigraphies are defined", () => {
     createBorehole({ "extended.original_name": "A1_Borehole" });
-    loginAsViewer("/editor");
+    loginAsEditorInViewerMode();
+    cy.visit("/editor");
 
     // Select borehole A1_Borehole
     cy.get("tbody").children().first().click();
diff --git a/src/client/cypress/e2e/editor/lithostratigraphy.cy.js b/src/client/cypress/e2e/editor/lithostratigraphy.cy.js
index 5bffebf40..855cf559e 100644
--- a/src/client/cypress/e2e/editor/lithostratigraphy.cy.js
+++ b/src/client/cypress/e2e/editor/lithostratigraphy.cy.js
@@ -1,8 +1,8 @@
 import {
   createBorehole,
   createStratigraphy,
-  adminUserAuth,
-  login,
+  bearerAuth,
+  loginAsAdmin,
 } from "../testHelpers";
 
 describe("Tests for the lithostratigraphy editor.", () => {
@@ -34,29 +34,34 @@ describe("Tests for the lithostratigraphy editor.", () => {
             toDepth: 43,
           },
         ].forEach(layer => {
-          cy.request({
-            method: "POST",
-            url: "/api/v2/layer",
-            cache: "no-cache",
-            credentials: "same-origin",
-            headers: {
-              "Content-Type": "application/json",
-            },
-            body: {
-              stratigraphyId: response.body.id,
-              ...layer,
-            },
-            auth: adminUserAuth,
-          }).then(response => {
-            expect(response).to.have.property("status", 200);
-          });
+          cy.get("@id_token").then(token =>
+            cy
+              .request({
+                method: "POST",
+                url: "/api/v2/layer",
+                cache: "no-cache",
+                credentials: "same-origin",
+                headers: {
+                  "Content-Type": "application/json",
+                },
+                body: {
+                  stratigraphyId: response.body.id,
+                  ...layer,
+                },
+                auth: bearerAuth(token),
+              })
+              .then(response => {
+                expect(response).to.have.property("status", 200);
+              }),
+          );
         });
       });
 
     // open lithostratigraphy editor
-    cy.get("@borehole_id").then(id =>
-      login(`editor/${id}/stratigraphy/lithostratigraphy`),
-    );
+    cy.get("@borehole_id").then(id => {
+      loginAsAdmin();
+      cy.visit(`editor/${id}/stratigraphy/lithostratigraphy`);
+    });
     cy.wait("@layer-by-profileId");
 
     // start editing session
diff --git a/src/client/cypress/e2e/editor/waterIngress.cy.js b/src/client/cypress/e2e/editor/waterIngress.cy.js
index 455f1be61..c2ee54dfa 100644
--- a/src/client/cypress/e2e/editor/waterIngress.cy.js
+++ b/src/client/cypress/e2e/editor/waterIngress.cy.js
@@ -1,4 +1,8 @@
-import { createBorehole, createStratigraphy, login } from "../testHelpers";
+import {
+  createBorehole,
+  createStratigraphy,
+  loginAsAdmin,
+} from "../testHelpers";
 
 describe("Tests for the wateringress editor.", () => {
   beforeEach(function () {
@@ -11,9 +15,10 @@ describe("Tests for the wateringress editor.", () => {
       });
 
     // open wateringress editor
-    cy.get("@borehole_id").then(id =>
-      login(`editor/${id}/hydrogeology/wateringress`),
-    );
+    cy.get("@borehole_id").then(id => {
+      loginAsAdmin();
+      cy.visit(`editor/${id}/hydrogeology/wateringress`);
+    });
 
     // start editing session
     cy.contains("a", "Start editing").click();
diff --git a/src/client/cypress/e2e/filter.cy.js b/src/client/cypress/e2e/filter.cy.js
index 2e787dbdf..844e5bd04 100644
--- a/src/client/cypress/e2e/filter.cy.js
+++ b/src/client/cypress/e2e/filter.cy.js
@@ -1,13 +1,15 @@
-import { login, loginAsViewer } from "../e2e/testHelpers";
+import { loginAsAdmin, loginAsEditorInViewerMode } from "../e2e/testHelpers";
 
 describe("Search filter tests", () => {
   it("has search filters", () => {
-    login();
+    loginAsAdmin();
+    cy.visit("/");
     cy.contains("Search filters:");
   });
 
   it("shows the correct dropdowns", () => {
-    login();
+    loginAsAdmin();
+    cy.visit("/");
     cy.contains("span", "Location").click();
     cy.contains("Show all fields").children().eq(0).click();
     let indentifierDropdown = cy.contains("label", "ID type").next();
@@ -40,7 +42,8 @@ describe("Search filter tests", () => {
   });
 
   it("shows 'fiter by map' in editor on 'Large Map' appearance", () => {
-    loginAsViewer("/setting/editor");
+    loginAsEditorInViewerMode();
+    cy.visit("/setting/editor");
 
     // Check if Editor mode settings are apparant
     cy.contains("Location filters");
@@ -67,7 +70,8 @@ describe("Search filter tests", () => {
 
   it("checks that the registration filter settings control the filter visibility.", () => {
     // precondition filters not visible
-    login("/editor");
+    loginAsAdmin();
+    cy.visit("/editor");
     cy.contains("Registration").click();
     cy.contains("Show all fields")
       .next()
@@ -101,7 +105,8 @@ describe("Search filter tests", () => {
   });
 
   it("filters boreholes by creator name", () => {
-    login("/editor");
+    loginAsAdmin();
+    cy.visit("/editor");
     cy.contains("Registration").click();
     cy.contains("Show all fields").children(".checkbox").click();
 
@@ -119,7 +124,8 @@ describe("Search filter tests", () => {
   });
 
   it("filters boreholes by original lithology", () => {
-    login("/editor");
+    loginAsAdmin();
+    cy.visit("/editor");
     cy.contains("Lithology").click();
     cy.contains("Show all fields").children(".checkbox").click();
 
@@ -134,7 +140,8 @@ describe("Search filter tests", () => {
   });
 
   it("filters boreholes by creation date", () => {
-    login("/editor");
+    loginAsAdmin();
+    cy.visit("/editor");
     cy.contains("Registration").click();
     cy.contains("Show all fields").children(".checkbox").click();
 
@@ -172,7 +179,8 @@ describe("Search filter tests", () => {
   });
 
   it("filters boreholes by workgroup in viewer", () => {
-    login();
+    loginAsAdmin();
+    cy.visit("/");
     cy.contains("Workgroup").click();
     cy.contains("Default").click();
     cy.wait("@borehole");
diff --git a/src/client/cypress/e2e/hierarchicalDataFilter.cy.js b/src/client/cypress/e2e/hierarchicalDataFilter.cy.js
index 8e979cc3d..4c40d3a1e 100644
--- a/src/client/cypress/e2e/hierarchicalDataFilter.cy.js
+++ b/src/client/cypress/e2e/hierarchicalDataFilter.cy.js
@@ -1,8 +1,9 @@
-import { login } from "./testHelpers";
+import { loginAsAdmin } from "./testHelpers";
 
 describe("Hierachical data filter tests", () => {
   it("check visible filters", () => {
-    login("/editor");
+    loginAsAdmin();
+    cy.visit("/editor");
     cy.contains("span", "Chronostratigraphy").click();
     cy.get("Show all fields").should("not.exist");
     cy.get('[data-cy="hierarchical-data-search"]').should("have.length", 7);
@@ -12,7 +13,8 @@ describe("Hierachical data filter tests", () => {
   });
 
   it("check sorting of filter values", () => {
-    login("/editor");
+    loginAsAdmin();
+    cy.visit("/editor");
     cy.contains("span", "Chronostratigraphy").click();
     let periodsDropdown = cy.contains("label", "Period").next();
     periodsDropdown.click();
@@ -46,7 +48,8 @@ describe("Hierachical data filter tests", () => {
       "Burdigalian",
       "late Burdigalian",
     ];
-    login("/editor");
+    loginAsAdmin();
+    cy.visit("/editor");
     cy.contains("span", "Chronostratigraphy").click();
     cy.get('[data-cy="hierarchical-data-search"]')
       .eq(filterValues.length - 1)
diff --git a/src/client/cypress/e2e/srsFilter.cy.js b/src/client/cypress/e2e/srsFilter.cy.js
index 2a577b50c..b446fca59 100644
--- a/src/client/cypress/e2e/srsFilter.cy.js
+++ b/src/client/cypress/e2e/srsFilter.cy.js
@@ -1,4 +1,4 @@
-import { newEditableBorehole, login } from "./testHelpers";
+import { newEditableBorehole, loginAsAdmin } from "./testHelpers";
 
 describe("Tests for filtering data by reference system.", () => {
   function goToEditorLocationFilter() {
@@ -16,7 +16,8 @@ describe("Tests for filtering data by reference system.", () => {
   }
 
   it("can set filters as viewer", () => {
-    login();
+    loginAsAdmin();
+    cy.visit("/");
     goToViewerLocationFilter();
 
     cy.contains("div", "Spatial reference system")
@@ -44,7 +45,8 @@ describe("Tests for filtering data by reference system.", () => {
   });
 
   it("can set filters as editor", () => {
-    login("/editor");
+    loginAsAdmin();
+    cy.visit("/editor");
     goToEditorLocationFilter();
 
     cy.contains("div", "Spatial reference system")
diff --git a/src/client/cypress/e2e/testHelpers.js b/src/client/cypress/e2e/testHelpers.js
index 05e622794..7d715e869 100644
--- a/src/client/cypress/e2e/testHelpers.js
+++ b/src/client/cypress/e2e/testHelpers.js
@@ -2,10 +2,7 @@ import adminUser from "../fixtures/adminUser.json";
 import editorUser from "../fixtures/editorUser.json";
 import viewerUser from "../fixtures/viewerUser.json";
 
-export const adminUserAuth = {
-  user: "admin",
-  password: "swissforages",
-};
+export const bearerAuth = token => ({ bearer: token });
 
 export const interceptApiCalls = () => {
   // Api V1
@@ -70,43 +67,76 @@ export const interceptApiCalls = () => {
 };
 
 /**
- * Login into the application with the pre-filled user for the development environment.
- * @param {string} visitUrl The url to visit after logging in. Default is the root path.
+ * Login into the application with the user for the development environment.
  */
-export const login = (visitUrl = "/") => {
-  cy.intercept("api/v1/content").as("content");
-  cy.intercept("/api/v1/borehole/codes").as("code");
-  cy.visit(visitUrl);
-  cy.wait("@content");
-  cy.contains("button", "Login").click({ force: true });
-  cy.wait("@code");
+export const login = user => {
+  cy.session(
+    ["login", user],
+    () => {
+      cy.intercept("http://localhost:4011/connect/token").as("token");
+      cy.visit("/");
+      cy.get('[data-cy="login-button"]').click({ force: true });
+      cy.origin("http://localhost:4011", { args: { user } }, ({ user }) => {
+        cy.get("#Username").type(user);
+        cy.get("#Password").type("swissforages");
+        cy.contains("button", "Login").click({ force: true });
+      });
+      cy.wait("@token")
+        .then(interception => interception.response.body.id_token)
+        .then(token => window.localStorage.setItem("id_token", token));
+    },
+    {
+      validate() {
+        cy.window()
+          .then(win => win.localStorage.getItem("id_token"))
+          .as("id_token");
+        cy.get("@id_token").then(token =>
+          cy.request({
+            method: "POST",
+            url: "/api/v1/user",
+            body: {
+              action: "GET",
+            },
+            auth: bearerAuth(token),
+          }),
+        );
+      },
+      cacheAcrossSpecs: true,
+    },
+  );
 };
 
 /**
  * Login into the application as admin.
- * @param {string} visitUrl The url to visit after logging in. Default is the root path.
  */
-export const loginAsAdmin = (visitUrl = "/") => {
-  cy.intercept("/api/v1/user", adminUser);
-  login(visitUrl);
+export const loginAsAdmin = () => {
+  login(adminUser.data.username);
+  cy.intercept("/api/v1/user", {
+    statusCode: 200,
+    body: JSON.stringify(adminUser),
+  }).as("stubAdminUser");
 };
 
 /**
  * Login into the application as editor.
- * @param {string} visitUrl The url to visit after logging in. Default is the root path.
  */
-export const loginAsEditorInViewerMode = (visitUrl = "/") => {
-  cy.intercept("/api/v1/user", editorUser);
-  login(visitUrl);
+export const loginAsEditor = () => {
+  login(editorUser.data.username);
+  cy.intercept("/api/v1/user", {
+    statusCode: 200,
+    body: JSON.stringify(editorUser),
+  }).as("stubEditorUser");
 };
 
 /**
  * Login into the application as viewer.
- * @param {string} visitUrl The url to visit after logging in. Default is the root path.
  */
-export const loginAsViewer = (visitUrl = "/") => {
-  cy.intercept("/api/v1/user", viewerUser);
-  login(visitUrl);
+export const loginAsEditorInViewerMode = () => {
+  login(editorUser.data.username);
+  cy.intercept("/api/v1/user", {
+    statusCode: 200,
+    body: JSON.stringify(viewerUser),
+  }).as("stubViewerUser");
 };
 
 export const newEditableBorehole = () => {
@@ -117,7 +147,8 @@ export const newEditableBorehole = () => {
 };
 
 export const newUneditableBorehole = () => {
-  login("/editor");
+  loginAsAdmin();
+  cy.visit("/editor");
   cy.contains("a", "New").click();
   cy.contains("button", "Create").click();
   const id = waitForCreation();
@@ -136,83 +167,93 @@ const waitForCreation = () => {
 };
 
 export const createBorehole = values => {
-  return cy
-    .request({
-      method: "POST",
-      url: "/api/v1/borehole/edit",
-      body: {
-        action: "CREATE",
-        id: 1,
-      },
-      auth: adminUserAuth,
-    })
-    .then(res => {
-      expect(res.body).to.have.property("success", true);
-      let boreholeId = res.body.id;
-      let fields = Object.entries(values).map(([key, value]) => [key, value]);
-      if (fields.length > 0) {
-        cy.request({
-          method: "POST",
-          url: "/api/v1/borehole/edit",
-          body: {
-            action: "MULTIPATCH",
-            fields: fields,
-            ids: [boreholeId],
-          },
-          auth: adminUserAuth,
-        }).then(res => expect(res.body).to.have.property("success", true));
-      }
-      return cy.wrap(boreholeId);
-    });
+  loginAsAdmin();
+  return cy.get("@id_token").then(token =>
+    cy
+      .request({
+        method: "POST",
+        url: "/api/v1/borehole/edit",
+        body: {
+          action: "CREATE",
+          id: 1,
+        },
+        auth: bearerAuth(token),
+      })
+      .then(res => {
+        expect(res.body).to.have.property("success", true);
+        let boreholeId = res.body.id;
+        let fields = Object.entries(values).map(([key, value]) => [key, value]);
+        if (fields.length > 0) {
+          cy.request({
+            method: "POST",
+            url: "/api/v1/borehole/edit",
+            body: {
+              action: "MULTIPATCH",
+              fields: fields,
+              ids: [boreholeId],
+            },
+            auth: bearerAuth(token),
+          }).then(res => expect(res.body).to.have.property("success", true));
+        }
+        return cy.wrap(boreholeId);
+      }),
+  );
 };
 
 export const createAndEditBoreholeAsAdmin = values => {
-  return createBorehole(values).then(value => loginAsAdmin(`/editor/${value}`));
+  return createBorehole(values).then(value => {
+    loginAsAdmin();
+    cy.visit(`/editor/${value}`);
+  });
 };
 
 export const deleteBorehole = id => {
-  cy.request({
-    method: "POST",
-    url: "/api/v1/borehole/edit",
-    body: {
-      action: "DELETE",
-      id: id,
-    },
-    auth: adminUserAuth,
-  })
-    .its("body.success")
-    .should("eq", true);
+  loginAsAdmin();
+  cy.get("@id_token").then(token => {
+    cy.request({
+      method: "POST",
+      url: "/api/v1/borehole/edit",
+      body: {
+        action: "DELETE",
+        id: id,
+      },
+      auth: bearerAuth(token),
+    })
+      .its("body.success")
+      .should("eq", true);
+  });
 };
 
 export const loginAndResetState = () => {
-  // Reset boreholes
-  cy.request({
-    method: "POST",
-    url: "/api/v1/borehole/edit",
-    body: {
-      action: "IDS",
-    },
-    auth: adminUserAuth,
-  }).then(response => {
-    response.body.data
-      .filter(id => id > 1009999) // max id in seed data.
-      .forEach(id => {
-        deleteBorehole(id);
-      });
-  });
+  loginAsAdmin();
+  cy.get("@id_token").then(token => {
+    // Reset boreholes
+    cy.request({
+      method: "POST",
+      url: "/api/v1/borehole/edit",
+      body: {
+        action: "IDS",
+      },
+      auth: bearerAuth(token),
+    }).then(response => {
+      response.body.data
+        .filter(id => id > 1009999) // max id in seed data.
+        .forEach(id => {
+          deleteBorehole(id);
+        });
+    });
 
-  // Reset user settings (i.e. table ordering)
-  cy.request({
-    method: "POST",
-    url: "/api/v2/user/resetAllSettings",
-    cache: "no-cache",
-    credentials: "same-origin",
-    headers: {
-      "Content-Type": "application/json",
-      Authorization: `Basic ${btoa(
-        `${adminUserAuth.user}:${adminUserAuth.password}`,
-      )}`,
-    },
+    // Reset user settings (i.e. table ordering)
+    cy.request({
+      method: "POST",
+      url: "/api/v2/user/resetAllSettings",
+      cache: "no-cache",
+      credentials: "same-origin",
+      auth: bearerAuth(token),
+      headers: {
+        "Content-Type": "application/json",
+      },
+    });
   });
 };
 
@@ -291,15 +332,17 @@ export const getImportFileFromFixtures = (fileName, encoding, dataSet) => {
 };
 
 export const createStratigraphy = (boreholeId, kindId) => {
-  return cy.request({
-    method: "POST",
-    url: "/api/v2/stratigraphy",
-    body: {
-      boreholeId: boreholeId,
-      kindId: kindId,
-    },
-    cache: "no-cache",
-    credentials: "same-origin",
-    auth: adminUserAuth,
+  cy.get("@id_token").then(token => {
+    return cy.request({
+      method: "POST",
+      url: "/api/v2/stratigraphy",
+      body: {
+        boreholeId: boreholeId,
+        kindId: kindId,
+      },
+      cache: "no-cache",
+      credentials: "same-origin",
+      auth: bearerAuth(token),
+    });
   });
 };
diff --git a/src/client/cypress/e2e/viewer/displayLayer.cy.js b/src/client/cypress/e2e/viewer/displayLayer.cy.js
index ee545ef8b..61ad6ba7a 100644
--- a/src/client/cypress/e2e/viewer/displayLayer.cy.js
+++ b/src/client/cypress/e2e/viewer/displayLayer.cy.js
@@ -1,6 +1,6 @@
 import {
   newEditableBorehole,
-  login,
+  loginAsAdmin,
   createBorehole,
   setValueOfInputElement,
 } from "../testHelpers";
@@ -8,7 +8,8 @@ import {
 describe("Test for the borehole form.", () => {
   it("Adds complete layer and displays it in viewer mode, checks if fields can be optionally hidden.", () => {
     // Assert map number of boreholes
-    login("/editor");
+    loginAsAdmin();
+    cy.visit("/editor");
     cy.get("div[id=map]").should("be.visible");
     cy.get("tbody").children().should("have.length", 100);
 
@@ -155,7 +156,8 @@ describe("Test for the borehole form.", () => {
 
   it("Checks if null values are displayed as dash.", () => {
     createBorehole({ "extended.original_name": "A1_Borehole" });
-    login();
+    loginAsAdmin();
+    cy.visit("/");
 
     // Select borehole A1_Borehole
     cy.get("tbody").children().contains("td", "A1_Borehole").click();
diff --git a/src/client/src/pages/settings/dataLoader.js b/src/client/src/pages/settings/dataLoader.js
index 3335a223f..9c561f3d7 100644
--- a/src/client/src/pages/settings/dataLoader.js
+++ b/src/client/src/pages/settings/dataLoader.js
@@ -175,6 +175,7 @@ class DataLoader extends React.Component {
                   style={{
                     marginTop: "1.5em",
                   }}
+                  data-cy="login-button"
                 />
               )}
             </div>
@@ -200,7 +201,6 @@ DataLoader.propTypes = {
   loadBoreholeCount: PropTypes.func,
   loadSettings: PropTypes.func,
   loadUser: PropTypes.func,
-  setUser: PropTypes.func,
   user: PropTypes.object,
 };
 

From 04aeee96789476519b4ae7417f0ccbe4c5590d97 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20L=C3=BCthi?= <philipp.luethi@geowerkstatt.ch>
Date: Tue, 9 Jan 2024 18:15:47 +0100
Subject: [PATCH 15/31] Migrate username to subject_id

---
 config/oidc-mock-users.json                   |    4 +-
 ...0240109150510_AddUserSubjectId.Designer.cs | 2672 +++++++++++++++++
 .../20240109150510_AddUserSubjectId.cs        |   64 +
 .../Migrations/BdmsContextModelSnapshot.cs    |    6 +-
 src/api/Models/User.cs                        |    8 +-
 5 files changed, 2750 insertions(+), 4 deletions(-)
 create mode 100644 src/api/Migrations/20240109150510_AddUserSubjectId.Designer.cs
 create mode 100644 src/api/Migrations/20240109150510_AddUserSubjectId.cs

diff --git a/config/oidc-mock-users.json b/config/oidc-mock-users.json
index 02ed745f6..860ae0976 100644
--- a/config/oidc-mock-users.json
+++ b/config/oidc-mock-users.json
@@ -1,6 +1,6 @@
 [
   {
-    "SubjectId":"admin",
+    "SubjectId":"sub_admin",
     "Username":"admin",
     "Password":"swissforages",
     "Claims": [
@@ -32,7 +32,7 @@
     ]
   },
   {
-    "SubjectId":"editor",
+    "SubjectId":"sub_editor",
     "Username":"editor",
     "Password":"swissforages",
     "Claims": [
diff --git a/src/api/Migrations/20240109150510_AddUserSubjectId.Designer.cs b/src/api/Migrations/20240109150510_AddUserSubjectId.Designer.cs
new file mode 100644
index 000000000..851e28699
--- /dev/null
+++ b/src/api/Migrations/20240109150510_AddUserSubjectId.Designer.cs
@@ -0,0 +1,2672 @@
+// <auto-generated />
+using System;
+using BDMS;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Infrastructure;
+using Microsoft.EntityFrameworkCore.Migrations;
+using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
+using NetTopologySuite.Geometries;
+using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
+
+#nullable disable
+
+namespace BDMS.Migrations
+{
+    [DbContext(typeof(BdmsContext))]
+    [Migration("20240109150510_AddUserSubjectId")]
+    partial class AddUserSubjectId
+    {
+        /// <inheritdoc />
+        protected override void BuildTargetModel(ModelBuilder modelBuilder)
+        {
+#pragma warning disable 612, 618
+            modelBuilder
+                .HasDefaultSchema("bdms")
+                .HasAnnotation("ProductVersion", "8.0.0")
+                .HasAnnotation("Relational:MaxIdentifierLength", 63);
+
+            NpgsqlModelBuilderExtensions.HasPostgresExtension(modelBuilder, "ltree");
+            NpgsqlModelBuilderExtensions.HasPostgresExtension(modelBuilder, "postgis");
+            NpgsqlModelBuilderExtensions.UseIdentityByDefaultColumns(modelBuilder);
+
+            modelBuilder.Entity("BDMS.Models.Borehole", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("integer")
+                        .HasColumnName("id_bho");
+
+                    NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
+
+                    b.Property<string>("AlternateName")
+                        .HasColumnType("text")
+                        .HasColumnName("alternate_name_bho");
+
+                    b.Property<string>("Canton")
+                        .HasColumnType("text")
+                        .HasColumnName("canton_bho");
+
+                    b.Property<int?>("ChronostratigraphyId")
+                        .HasColumnType("integer")
+                        .HasColumnName("chronostrat_id_cli");
+
+                    b.Property<string>("Country")
+                        .HasColumnType("text")
+                        .HasColumnName("country_bho");
+
+                    b.Property<DateTime?>("Created")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("created_bho");
+
+                    b.Property<int?>("CreatedById")
+                        .HasColumnType("integer")
+                        .HasColumnName("created_by_bho");
+
+                    b.Property<int?>("CuttingsId")
+                        .HasColumnType("integer")
+                        .HasColumnName("cuttings_id_cli");
+
+                    b.Property<DateTime?>("DrillingDate")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("drilling_date_bho");
+
+                    b.Property<double?>("DrillingDiameter")
+                        .HasColumnType("double precision")
+                        .HasColumnName("drilling_diameter_bho");
+
+                    b.Property<int?>("DrillingMethodId")
+                        .HasColumnType("integer")
+                        .HasColumnName("drilling_method_id_cli");
+
+                    b.Property<double?>("ElevationZ")
+                        .HasColumnType("double precision")
+                        .HasColumnName("elevation_z_bho");
+
+                    b.Property<Point>("Geometry")
+                        .HasColumnType("geometry")
+                        .HasColumnName("geom_bho");
+
+                    b.Property<bool?>("HasGroundwater")
+                        .HasColumnType("boolean")
+                        .HasColumnName("groundwater_bho");
+
+                    b.Property<int?>("HrsId")
+                        .HasColumnType("integer")
+                        .HasColumnName("hrs_id_cli");
+
+                    b.Property<double?>("Inclination")
+                        .HasColumnType("double precision")
+                        .HasColumnName("inclination_bho");
+
+                    b.Property<double?>("InclinationDirection")
+                        .HasColumnType("double precision")
+                        .HasColumnName("inclination_direction_bho");
+
+                    b.Property<bool?>("IsPublic")
+                        .HasColumnType("boolean")
+                        .HasColumnName("public_bho");
+
+                    b.Property<int?>("KindId")
+                        .HasColumnType("integer")
+                        .HasColumnName("kind_id_cli");
+
+                    b.Property<int?>("LithologyTopBedrockId")
+                        .HasColumnType("integer")
+                        .HasColumnName("lithology_top_bedrock_id_cli");
+
+                    b.Property<int?>("LithostratigraphyId")
+                        .HasColumnType("integer")
+                        .HasColumnName("lithostrat_id_cli");
+
+                    b.Property<double?>("LocationX")
+                        .HasColumnType("double precision")
+                        .HasColumnName("location_x_bho");
+
+                    b.Property<double?>("LocationXLV03")
+                        .HasColumnType("double precision")
+                        .HasColumnName("location_x_lv03_bho");
+
+                    b.Property<double?>("LocationY")
+                        .HasColumnType("double precision")
+                        .HasColumnName("location_y_bho");
+
+                    b.Property<double?>("LocationYLV03")
+                        .HasColumnType("double precision")
+                        .HasColumnName("location_y_lv03_bho");
+
+                    b.Property<DateTime?>("Locked")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("locked_bho");
+
+                    b.Property<int?>("LockedById")
+                        .HasColumnType("integer")
+                        .HasColumnName("locked_by_bho");
+
+                    b.Property<string>("Municipality")
+                        .HasColumnType("text")
+                        .HasColumnName("municipality_bho");
+
+                    b.Property<bool?>("NationalInterest")
+                        .HasColumnType("boolean")
+                        .HasColumnName("national_interest");
+
+                    b.Property<string>("OriginalName")
+                        .HasColumnType("text")
+                        .HasColumnName("original_name_bho");
+
+                    b.Property<int?>("OriginalReferenceSystem")
+                        .HasColumnType("integer")
+                        .HasColumnName("srs_id_cli");
+
+                    b.Property<string>("ProjectName")
+                        .HasColumnType("text")
+                        .HasColumnName("project_name_bho");
+
+                    b.Property<int?>("PurposeId")
+                        .HasColumnType("integer")
+                        .HasColumnName("purpose_id_cli");
+
+                    b.Property<int?>("QtDepthId")
+                        .HasColumnType("integer")
+                        .HasColumnName("qt_depth_id_cli");
+
+                    b.Property<int?>("QtElevationId")
+                        .HasColumnType("integer")
+                        .HasColumnName("qt_elevation_id_cli");
+
+                    b.Property<int?>("QtInclinationDirectionId")
+                        .HasColumnType("integer")
+                        .HasColumnName("qt_inclination_direction_id_cli");
+
+                    b.Property<int?>("QtLocationId")
+                        .HasColumnType("integer")
+                        .HasColumnName("qt_location_id_cli");
+
+                    b.Property<int?>("QtReferenceElevationId")
+                        .HasColumnType("integer")
+                        .HasColumnName("qt_reference_elevation_id_cli");
+
+                    b.Property<double?>("QtTopBedrock")
+                        .HasColumnType("double precision")
+                        .HasColumnName("qt_top_bedrock");
+
+                    b.Property<double?>("QtTopBedrockTvd")
+                        .HasColumnType("double precision")
+                        .HasColumnName("qt_top_bedrock_tvd");
+
+                    b.Property<int?>("QtTotalDepthTvdId")
+                        .HasColumnType("integer")
+                        .HasColumnName("qt_total_depth_tvd_id_cli");
+
+                    b.Property<double?>("ReferenceElevation")
+                        .HasColumnType("double precision")
+                        .HasColumnName("reference_elevation_bho");
+
+                    b.Property<int?>("ReferenceElevationTypeId")
+                        .HasColumnType("integer")
+                        .HasColumnName("reference_elevation_type_id_cli");
+
+                    b.Property<string>("Remarks")
+                        .HasColumnType("text")
+                        .HasColumnName("remarks_bho");
+
+                    b.Property<int?>("RestrictionId")
+                        .HasColumnType("integer")
+                        .HasColumnName("restriction_id_cli");
+
+                    b.Property<DateTime?>("RestrictionUntil")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("restriction_until_bho");
+
+                    b.Property<DateTime?>("SpudDate")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("spud_date_bho");
+
+                    b.Property<int?>("StatusId")
+                        .HasColumnType("integer")
+                        .HasColumnName("status_id_cli");
+
+                    b.Property<double?>("TopBedrock")
+                        .HasColumnType("double precision")
+                        .HasColumnName("top_bedrock_bho");
+
+                    b.Property<double?>("TopBedrockTvd")
+                        .HasColumnType("double precision")
+                        .HasColumnName("top_bedrock_tvd_bho");
+
+                    b.Property<double?>("TotalDepth")
+                        .HasColumnType("double precision")
+                        .HasColumnName("total_depth_bho");
+
+                    b.Property<double?>("TotalDepthTvd")
+                        .HasColumnType("double precision")
+                        .HasColumnName("total_depth_tvd_bho");
+
+                    b.Property<DateTime?>("Updated")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("updated_bho");
+
+                    b.Property<int?>("UpdatedById")
+                        .HasColumnType("integer")
+                        .HasColumnName("updated_by_bho");
+
+                    b.Property<int?>("WorkgroupId")
+                        .HasColumnType("integer")
+                        .HasColumnName("id_wgp_fk");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("ChronostratigraphyId");
+
+                    b.HasIndex("CreatedById");
+
+                    b.HasIndex("CuttingsId");
+
+                    b.HasIndex("DrillingMethodId");
+
+                    b.HasIndex("HrsId");
+
+                    b.HasIndex("KindId");
+
+                    b.HasIndex("LithologyTopBedrockId");
+
+                    b.HasIndex("LithostratigraphyId");
+
+                    b.HasIndex("LockedById");
+
+                    b.HasIndex("PurposeId");
+
+                    b.HasIndex("QtDepthId");
+
+                    b.HasIndex("QtElevationId");
+
+                    b.HasIndex("QtInclinationDirectionId");
+
+                    b.HasIndex("QtLocationId");
+
+                    b.HasIndex("QtReferenceElevationId");
+
+                    b.HasIndex("QtTotalDepthTvdId");
+
+                    b.HasIndex("ReferenceElevationTypeId");
+
+                    b.HasIndex("RestrictionId");
+
+                    b.HasIndex("StatusId");
+
+                    b.HasIndex("UpdatedById");
+
+                    b.HasIndex("WorkgroupId");
+
+                    b.ToTable("borehole", "bdms");
+                });
+
+            modelBuilder.Entity("BDMS.Models.BoreholeCodelist", b =>
+                {
+                    b.Property<int>("BoreholeId")
+                        .HasColumnType("integer")
+                        .HasColumnName("id_bho_fk");
+
+                    b.Property<int>("CodelistId")
+                        .HasColumnType("integer")
+                        .HasColumnName("id_cli_fk");
+
+                    b.Property<string>("SchemaName")
+                        .IsRequired()
+                        .HasColumnType("text")
+                        .HasColumnName("code_cli");
+
+                    b.Property<string>("Value")
+                        .IsRequired()
+                        .HasColumnType("text")
+                        .HasColumnName("value_bco");
+
+                    b.HasKey("BoreholeId", "CodelistId");
+
+                    b.HasIndex("CodelistId");
+
+                    b.ToTable("borehole_codelist", "bdms");
+                });
+
+            modelBuilder.Entity("BDMS.Models.BoreholeFile", b =>
+                {
+                    b.Property<int>("BoreholeId")
+                        .HasColumnType("integer")
+                        .HasColumnName("id_bho_fk");
+
+                    b.Property<int>("FileId")
+                        .HasColumnType("integer")
+                        .HasColumnName("id_fil_fk");
+
+                    b.Property<DateTime?>("Attached")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("attached_bfi");
+
+                    b.Property<DateTime?>("Created")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("created_bfi");
+
+                    b.Property<int?>("CreatedById")
+                        .HasColumnType("integer")
+                        .HasColumnName("created_by_bfi");
+
+                    b.Property<string>("Description")
+                        .HasColumnType("text")
+                        .HasColumnName("description_bfi");
+
+                    b.Property<bool?>("Public")
+                        .HasColumnType("boolean")
+                        .HasColumnName("public_bfi");
+
+                    b.Property<DateTime?>("Updated")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("update_bfi");
+
+                    b.Property<int?>("UpdatedById")
+                        .HasColumnType("integer")
+                        .HasColumnName("updater_bfi");
+
+                    b.Property<int?>("UserId")
+                        .HasColumnType("integer")
+                        .HasColumnName("id_usr_fk");
+
+                    b.HasKey("BoreholeId", "FileId");
+
+                    b.HasIndex("CreatedById");
+
+                    b.HasIndex("FileId");
+
+                    b.HasIndex("UpdatedById");
+
+                    b.HasIndex("UserId");
+
+                    b.ToTable("borehole_files", "bdms");
+                });
+
+            modelBuilder.Entity("BDMS.Models.ChronostratigraphyLayer", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("integer")
+                        .HasColumnName("id_chr");
+
+                    NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
+
+                    b.Property<int?>("ChronostratigraphyId")
+                        .HasColumnType("integer")
+                        .HasColumnName("chronostratigraphy_id");
+
+                    b.Property<DateTime?>("Created")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("creation");
+
+                    b.Property<int?>("CreatedById")
+                        .HasColumnType("integer")
+                        .HasColumnName("creator");
+
+                    b.Property<double?>("FromDepth")
+                        .HasColumnType("double precision")
+                        .HasColumnName("depth_from");
+
+                    b.Property<bool?>("IsLast")
+                        .HasColumnType("boolean")
+                        .HasColumnName("is_last");
+
+                    b.Property<int>("StratigraphyId")
+                        .HasColumnType("integer")
+                        .HasColumnName("id_sty_fk");
+
+                    b.Property<double?>("ToDepth")
+                        .HasColumnType("double precision")
+                        .HasColumnName("depth_to");
+
+                    b.Property<DateTime?>("Updated")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("update");
+
+                    b.Property<int?>("UpdatedById")
+                        .HasColumnType("integer")
+                        .HasColumnName("updater");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("ChronostratigraphyId");
+
+                    b.HasIndex("CreatedById");
+
+                    b.HasIndex("StratigraphyId");
+
+                    b.HasIndex("UpdatedById");
+
+                    b.ToTable("chronostratigraphy", "bdms");
+                });
+
+            modelBuilder.Entity("BDMS.Models.Codelist", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("integer")
+                        .HasColumnName("id_cli");
+
+                    NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
+
+                    b.Property<string>("Code")
+                        .IsRequired()
+                        .HasColumnType("text")
+                        .HasColumnName("code_cli");
+
+                    b.Property<string>("Conf")
+                        .HasColumnType("text")
+                        .HasColumnName("conf_cli");
+
+                    b.Property<string>("De")
+                        .HasColumnType("text")
+                        .HasColumnName("text_cli_de");
+
+                    b.Property<string>("DescriptionDe")
+                        .HasColumnType("text")
+                        .HasColumnName("description_cli_de");
+
+                    b.Property<string>("DescriptionEn")
+                        .IsRequired()
+                        .HasColumnType("text")
+                        .HasColumnName("description_cli_en");
+
+                    b.Property<string>("DescriptionFr")
+                        .HasColumnType("text")
+                        .HasColumnName("description_cli_fr");
+
+                    b.Property<string>("DescriptionIt")
+                        .HasColumnType("text")
+                        .HasColumnName("description_cli_it");
+
+                    b.Property<string>("DescriptionRo")
+                        .HasColumnType("text")
+                        .HasColumnName("description_cli_ro");
+
+                    b.Property<string>("En")
+                        .IsRequired()
+                        .HasColumnType("text")
+                        .HasColumnName("text_cli_en");
+
+                    b.Property<string>("Fr")
+                        .HasColumnType("text")
+                        .HasColumnName("text_cli_fr");
+
+                    b.Property<int?>("Geolcode")
+                        .HasColumnType("integer")
+                        .HasColumnName("geolcode");
+
+                    b.Property<bool?>("IsDefault")
+                        .HasColumnType("boolean")
+                        .HasColumnName("default_cli");
+
+                    b.Property<string>("It")
+                        .HasColumnType("text")
+                        .HasColumnName("text_cli_it");
+
+                    b.Property<int?>("Order")
+                        .HasColumnType("integer")
+                        .HasColumnName("order_cli");
+
+                    b.Property<string>("Path")
+                        .HasColumnType("ltree")
+                        .HasColumnName("path_cli");
+
+                    b.Property<string>("Ro")
+                        .HasColumnType("text")
+                        .HasColumnName("text_cli_ro");
+
+                    b.Property<string>("Schema")
+                        .HasColumnType("text")
+                        .HasColumnName("schema_cli");
+
+                    b.HasKey("Id");
+
+                    b.ToTable("codelist", "bdms");
+                });
+
+            modelBuilder.Entity("BDMS.Models.Completion", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("integer")
+                        .HasColumnName("id");
+
+                    NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
+
+                    b.Property<DateTime?>("AbandonDate")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("abandon_date");
+
+                    b.Property<int>("BoreholeId")
+                        .HasColumnType("integer")
+                        .HasColumnName("borehole_id");
+
+                    b.Property<DateTime?>("Created")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("creation");
+
+                    b.Property<int?>("CreatedById")
+                        .HasColumnType("integer")
+                        .HasColumnName("creator");
+
+                    b.Property<bool>("IsPrimary")
+                        .HasColumnType("boolean")
+                        .HasColumnName("is_primary");
+
+                    b.Property<int>("KindId")
+                        .HasColumnType("integer")
+                        .HasColumnName("kind_id");
+
+                    b.Property<string>("Name")
+                        .HasColumnType("text")
+                        .HasColumnName("name");
+
+                    b.Property<string>("Notes")
+                        .HasColumnType("text")
+                        .HasColumnName("notes");
+
+                    b.Property<DateTime?>("Updated")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("update");
+
+                    b.Property<int?>("UpdatedById")
+                        .HasColumnType("integer")
+                        .HasColumnName("updater");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("BoreholeId");
+
+                    b.HasIndex("CreatedById");
+
+                    b.HasIndex("KindId");
+
+                    b.HasIndex("UpdatedById");
+
+                    b.ToTable("completion", "bdms");
+                });
+
+            modelBuilder.Entity("BDMS.Models.Config", b =>
+                {
+                    b.Property<string>("Name")
+                        .HasColumnType("text")
+                        .HasColumnName("name_cfg");
+
+                    b.Property<string>("Value")
+                        .HasColumnType("text")
+                        .HasColumnName("value_cfg");
+
+                    b.HasKey("Name");
+
+                    b.ToTable("config", "bdms");
+                });
+
+            modelBuilder.Entity("BDMS.Models.Content", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("integer")
+                        .HasColumnName("id_cnt");
+
+                    NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
+
+                    b.Property<DateTime?>("Creation")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("creation_cnt");
+
+                    b.Property<DateTime?>("Expired")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("expired_cnt");
+
+                    b.Property<bool?>("IsDraft")
+                        .HasColumnType("boolean")
+                        .HasColumnName("draft_cnt");
+
+                    b.Property<string>("Name")
+                        .IsRequired()
+                        .HasColumnType("text")
+                        .HasColumnName("name_cnt");
+
+                    b.Property<string>("TextDe")
+                        .HasColumnType("text")
+                        .HasColumnName("text_cnt_de");
+
+                    b.Property<string>("TextEn")
+                        .HasColumnType("text")
+                        .HasColumnName("text_cnt_en");
+
+                    b.Property<string>("TextFr")
+                        .HasColumnType("text")
+                        .HasColumnName("text_cnt_fr");
+
+                    b.Property<string>("TextIt")
+                        .HasColumnType("text")
+                        .HasColumnName("text_cnt_it");
+
+                    b.Property<string>("TextRo")
+                        .HasColumnType("text")
+                        .HasColumnName("text_cnt_ro");
+
+                    b.Property<string>("TitelRo")
+                        .HasColumnType("text")
+                        .HasColumnName("title_cnt_ro");
+
+                    b.Property<string>("TitleDe")
+                        .HasColumnType("text")
+                        .HasColumnName("title_cnt_de");
+
+                    b.Property<string>("TitleEn")
+                        .HasColumnType("text")
+                        .HasColumnName("title_cnt_en");
+
+                    b.Property<string>("TitleFr")
+                        .HasColumnType("text")
+                        .HasColumnName("title_cnt_fr");
+
+                    b.Property<string>("TitleIt")
+                        .HasColumnType("text")
+                        .HasColumnName("title_cnt_it");
+
+                    b.HasKey("Id");
+
+                    b.ToTable("contents", "bdms");
+                });
+
+            modelBuilder.Entity("BDMS.Models.FaciesDescription", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("integer")
+                        .HasColumnName("id_fac");
+
+                    NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
+
+                    b.Property<DateTime?>("Created")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("creation");
+
+                    b.Property<int?>("CreatedById")
+                        .HasColumnType("integer")
+                        .HasColumnName("creator");
+
+                    b.Property<string>("Description")
+                        .HasColumnType("text")
+                        .HasColumnName("description");
+
+                    b.Property<double?>("FromDepth")
+                        .HasColumnType("double precision")
+                        .HasColumnName("depth_from");
+
+                    b.Property<bool?>("IsLast")
+                        .HasColumnType("boolean")
+                        .HasColumnName("is_last");
+
+                    b.Property<int?>("QtDescriptionId")
+                        .HasColumnType("integer")
+                        .HasColumnName("qt_description_id");
+
+                    b.Property<int>("StratigraphyId")
+                        .HasColumnType("integer")
+                        .HasColumnName("id_sty_fk");
+
+                    b.Property<double?>("ToDepth")
+                        .HasColumnType("double precision")
+                        .HasColumnName("depth_to");
+
+                    b.Property<DateTime?>("Updated")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("update");
+
+                    b.Property<int?>("UpdatedById")
+                        .HasColumnType("integer")
+                        .HasColumnName("updater");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("CreatedById");
+
+                    b.HasIndex("QtDescriptionId");
+
+                    b.HasIndex("StratigraphyId");
+
+                    b.HasIndex("UpdatedById");
+
+                    b.ToTable("facies_description", "bdms");
+                });
+
+            modelBuilder.Entity("BDMS.Models.Feedback", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("integer")
+                        .HasColumnName("id_feb");
+
+                    NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
+
+                    b.Property<DateTime?>("Created")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("created_feb");
+
+                    b.Property<bool?>("IsFrw")
+                        .HasColumnType("boolean")
+                        .HasColumnName("frw_feb");
+
+                    b.Property<string>("Message")
+                        .HasColumnType("text")
+                        .HasColumnName("message_feb");
+
+                    b.Property<string>("Tag")
+                        .HasColumnType("text")
+                        .HasColumnName("tag_feb");
+
+                    b.Property<string>("User")
+                        .IsRequired()
+                        .HasColumnType("text")
+                        .HasColumnName("user_feb");
+
+                    b.HasKey("Id");
+
+                    b.ToTable("feedbacks", "bdms");
+                });
+
+            modelBuilder.Entity("BDMS.Models.File", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("integer")
+                        .HasColumnName("id_fil");
+
+                    NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
+
+                    b.Property<DateTime?>("Created")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("uploaded_fil");
+
+                    b.Property<int?>("CreatedById")
+                        .HasColumnType("integer")
+                        .HasColumnName("id_usr_fk");
+
+                    b.Property<string>("Hash")
+                        .IsRequired()
+                        .HasColumnType("text")
+                        .HasColumnName("hash_fil");
+
+                    b.Property<string>("Name")
+                        .IsRequired()
+                        .HasColumnType("text")
+                        .HasColumnName("name_fil");
+
+                    b.Property<string>("NameUuid")
+                        .HasColumnType("text")
+                        .HasColumnName("name_uuid_fil");
+
+                    b.Property<string>("Type")
+                        .IsRequired()
+                        .HasColumnType("text")
+                        .HasColumnName("type_fil");
+
+                    b.Property<DateTime?>("Updated")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("updated_fil");
+
+                    b.Property<int?>("UpdatedById")
+                        .HasColumnType("integer")
+                        .HasColumnName("updated_by_fil");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("CreatedById");
+
+                    b.HasIndex("UpdatedById");
+
+                    b.ToTable("files", "bdms");
+                });
+
+            modelBuilder.Entity("BDMS.Models.HydrotestCodelist", b =>
+                {
+                    b.Property<int>("HydrotestId")
+                        .HasColumnType("integer")
+                        .HasColumnName("id_ht_fk");
+
+                    b.Property<int>("CodelistId")
+                        .HasColumnType("integer")
+                        .HasColumnName("id_cli_fk");
+
+                    b.HasKey("HydrotestId", "CodelistId");
+
+                    b.HasIndex("CodelistId");
+
+                    b.ToTable("hydrotest_codelist", "bdms");
+                });
+
+            modelBuilder.Entity("BDMS.Models.HydrotestResult", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("integer")
+                        .HasColumnName("id");
+
+                    NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
+
+                    b.Property<DateTime?>("Created")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("creation");
+
+                    b.Property<int?>("CreatedById")
+                        .HasColumnType("integer")
+                        .HasColumnName("creator");
+
+                    b.Property<int>("HydrotestId")
+                        .HasColumnType("integer")
+                        .HasColumnName("hydrotest_id");
+
+                    b.Property<double?>("MaxValue")
+                        .HasColumnType("double precision")
+                        .HasColumnName("max_value");
+
+                    b.Property<double?>("MinValue")
+                        .HasColumnType("double precision")
+                        .HasColumnName("min_value");
+
+                    b.Property<int>("ParameterId")
+                        .HasColumnType("integer")
+                        .HasColumnName("parameter");
+
+                    b.Property<DateTime?>("Updated")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("update");
+
+                    b.Property<int?>("UpdatedById")
+                        .HasColumnType("integer")
+                        .HasColumnName("updater");
+
+                    b.Property<double?>("Value")
+                        .HasColumnType("double precision")
+                        .HasColumnName("value");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("CreatedById");
+
+                    b.HasIndex("HydrotestId");
+
+                    b.HasIndex("ParameterId");
+
+                    b.HasIndex("UpdatedById");
+
+                    b.ToTable("hydrotest_result", "bdms");
+                });
+
+            modelBuilder.Entity("BDMS.Models.Instrumentation", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("integer")
+                        .HasColumnName("id");
+
+                    NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
+
+                    b.Property<int>("CompletionId")
+                        .HasColumnType("integer")
+                        .HasColumnName("completion_id");
+
+                    b.Property<DateTime?>("Created")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("creation");
+
+                    b.Property<int?>("CreatedById")
+                        .HasColumnType("integer")
+                        .HasColumnName("creator");
+
+                    b.Property<double?>("FromDepth")
+                        .HasColumnType("double precision")
+                        .HasColumnName("from_depth");
+
+                    b.Property<int?>("KindId")
+                        .HasColumnType("integer")
+                        .HasColumnName("kind_id");
+
+                    b.Property<string>("Name")
+                        .HasColumnType("text")
+                        .HasColumnName("name");
+
+                    b.Property<string>("Notes")
+                        .HasColumnType("text")
+                        .HasColumnName("notes");
+
+                    b.Property<int?>("StatusId")
+                        .HasColumnType("integer")
+                        .HasColumnName("status_id");
+
+                    b.Property<double?>("ToDepth")
+                        .HasColumnType("double precision")
+                        .HasColumnName("to_depth");
+
+                    b.Property<DateTime?>("Updated")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("update");
+
+                    b.Property<int?>("UpdatedById")
+                        .HasColumnType("integer")
+                        .HasColumnName("updater");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("CompletionId");
+
+                    b.HasIndex("CreatedById");
+
+                    b.HasIndex("KindId");
+
+                    b.HasIndex("StatusId");
+
+                    b.HasIndex("UpdatedById");
+
+                    b.ToTable("instrumentation", "bdms");
+                });
+
+            modelBuilder.Entity("BDMS.Models.Layer", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("integer")
+                        .HasColumnName("id_lay");
+
+                    NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
+
+                    b.Property<int?>("AlterationId")
+                        .HasColumnType("integer")
+                        .HasColumnName("alteration_id_cli");
+
+                    b.Property<string>("Casing")
+                        .HasColumnType("text")
+                        .HasColumnName("casng_id");
+
+                    b.Property<DateTime?>("CasingDateFinish")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("casng_date_finish_lay");
+
+                    b.Property<DateTime?>("CasingDateSpud")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("casng_date_spud_lay");
+
+                    b.Property<double?>("CasingInnerDiameter")
+                        .HasColumnType("double precision")
+                        .HasColumnName("casng_inner_diameter_lay");
+
+                    b.Property<int?>("CasingKindId")
+                        .HasColumnType("integer")
+                        .HasColumnName("casng_kind_id_cli");
+
+                    b.Property<int?>("CasingMaterialId")
+                        .HasColumnType("integer")
+                        .HasColumnName("casng_material_id_cli");
+
+                    b.Property<double?>("CasingOuterDiameter")
+                        .HasColumnType("double precision")
+                        .HasColumnName("casng_outer_diameter_lay");
+
+                    b.Property<int?>("CohesionId")
+                        .HasColumnType("integer")
+                        .HasColumnName("cohesion_id_cli");
+
+                    b.Property<int?>("CompactnessId")
+                        .HasColumnType("integer")
+                        .HasColumnName("compactness_id_cli");
+
+                    b.Property<int?>("ConsistanceId")
+                        .HasColumnType("integer")
+                        .HasColumnName("consistance_id_cli");
+
+                    b.Property<DateTime?>("Created")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("creation_lay");
+
+                    b.Property<int?>("CreatedById")
+                        .HasColumnType("integer")
+                        .HasColumnName("creator_lay");
+
+                    b.Property<int?>("FillKindId")
+                        .HasColumnType("integer")
+                        .HasColumnName("fill_kind_id_cli");
+
+                    b.Property<int?>("FillMaterialId")
+                        .HasColumnType("integer")
+                        .HasColumnName("fill_material_id_cli");
+
+                    b.Property<double?>("FromDepth")
+                        .HasColumnType("double precision")
+                        .HasColumnName("depth_from_lay");
+
+                    b.Property<int?>("GradationId")
+                        .HasColumnType("integer")
+                        .HasColumnName("gradation_id_cli");
+
+                    b.Property<int?>("GrainSize1Id")
+                        .HasColumnType("integer")
+                        .HasColumnName("grain_size_1_id_cli");
+
+                    b.Property<int?>("GrainSize2Id")
+                        .HasColumnType("integer")
+                        .HasColumnName("grain_size_2_id_cli");
+
+                    b.Property<int?>("HumidityId")
+                        .HasColumnType("integer")
+                        .HasColumnName("humidity_id_cli");
+
+                    b.Property<string>("Instrument")
+                        .HasColumnType("text")
+                        .HasColumnName("instr_id");
+
+                    b.Property<int?>("InstrumentCasingId")
+                        .HasColumnType("integer")
+                        .HasColumnName("instr_id_sty_fk");
+
+                    b.Property<int?>("InstrumentCasingLayerId")
+                        .HasColumnType("integer")
+                        .HasColumnName("instr_id_lay_fk");
+
+                    b.Property<int?>("InstrumentKindId")
+                        .HasColumnType("integer")
+                        .HasColumnName("instr_kind_id_cli");
+
+                    b.Property<int?>("InstrumentStatusId")
+                        .HasColumnType("integer")
+                        .HasColumnName("instr_status_id_cli");
+
+                    b.Property<bool?>("IsLast")
+                        .HasColumnType("boolean")
+                        .HasColumnName("last_lay");
+
+                    b.Property<bool?>("IsStriae")
+                        .HasColumnType("boolean")
+                        .HasColumnName("striae_lay");
+
+                    b.Property<bool?>("IsUndefined")
+                        .HasColumnType("boolean")
+                        .HasColumnName("undefined_lay");
+
+                    b.Property<int?>("LithologyId")
+                        .HasColumnType("integer")
+                        .HasColumnName("lithology_id_cli");
+
+                    b.Property<int?>("LithologyTopBedrockId")
+                        .HasColumnType("integer")
+                        .HasColumnName("lithology_top_bedrock_id_cli");
+
+                    b.Property<int?>("LithostratigraphyId")
+                        .HasColumnType("integer")
+                        .HasColumnName("lithostratigraphy_id_cli");
+
+                    b.Property<string>("Notes")
+                        .HasColumnType("text")
+                        .HasColumnName("notes_lay");
+
+                    b.Property<string>("OriginalLithology")
+                        .HasColumnType("text")
+                        .HasColumnName("original_lithology");
+
+                    b.Property<string>("OriginalUscs")
+                        .HasColumnType("text")
+                        .HasColumnName("uscs_original_lay");
+
+                    b.Property<int?>("PlasticityId")
+                        .HasColumnType("integer")
+                        .HasColumnName("plasticity_id_cli");
+
+                    b.Property<int?>("QtDescriptionId")
+                        .HasColumnType("integer")
+                        .HasColumnName("qt_description_id_cli");
+
+                    b.Property<int>("StratigraphyId")
+                        .HasColumnType("integer")
+                        .HasColumnName("id_sty_fk");
+
+                    b.Property<double?>("ToDepth")
+                        .HasColumnType("double precision")
+                        .HasColumnName("depth_to_lay");
+
+                    b.Property<DateTime?>("Updated")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("update_lay");
+
+                    b.Property<int?>("UpdatedById")
+                        .HasColumnType("integer")
+                        .HasColumnName("updater_lay");
+
+                    b.Property<int?>("Uscs1Id")
+                        .HasColumnType("integer")
+                        .HasColumnName("uscs_1_id_cli");
+
+                    b.Property<int?>("Uscs2Id")
+                        .HasColumnType("integer")
+                        .HasColumnName("uscs_2_id_cli");
+
+                    b.Property<int?>("UscsDeterminationId")
+                        .HasColumnType("integer")
+                        .HasColumnName("uscs_determination_id_cli");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("AlterationId");
+
+                    b.HasIndex("CasingKindId");
+
+                    b.HasIndex("CasingMaterialId");
+
+                    b.HasIndex("CohesionId");
+
+                    b.HasIndex("CompactnessId");
+
+                    b.HasIndex("ConsistanceId");
+
+                    b.HasIndex("CreatedById");
+
+                    b.HasIndex("FillKindId");
+
+                    b.HasIndex("FillMaterialId");
+
+                    b.HasIndex("GradationId");
+
+                    b.HasIndex("GrainSize1Id");
+
+                    b.HasIndex("GrainSize2Id");
+
+                    b.HasIndex("HumidityId");
+
+                    b.HasIndex("InstrumentCasingId");
+
+                    b.HasIndex("InstrumentKindId");
+
+                    b.HasIndex("InstrumentStatusId");
+
+                    b.HasIndex("LithologyId");
+
+                    b.HasIndex("LithologyTopBedrockId");
+
+                    b.HasIndex("LithostratigraphyId");
+
+                    b.HasIndex("PlasticityId");
+
+                    b.HasIndex("QtDescriptionId");
+
+                    b.HasIndex("StratigraphyId");
+
+                    b.HasIndex("UpdatedById");
+
+                    b.HasIndex("Uscs1Id");
+
+                    b.HasIndex("Uscs2Id");
+
+                    b.HasIndex("UscsDeterminationId");
+
+                    b.ToTable("layer", "bdms");
+                });
+
+            modelBuilder.Entity("BDMS.Models.LayerCodelist", b =>
+                {
+                    b.Property<int>("LayerId")
+                        .HasColumnType("integer")
+                        .HasColumnName("id_lay_fk");
+
+                    b.Property<int>("CodelistId")
+                        .HasColumnType("integer")
+                        .HasColumnName("id_cli_fk");
+
+                    b.Property<string>("SchemaName")
+                        .IsRequired()
+                        .HasColumnType("text")
+                        .HasColumnName("code_cli");
+
+                    b.HasKey("LayerId", "CodelistId");
+
+                    b.HasIndex("CodelistId");
+
+                    b.ToTable("layer_codelist", "bdms");
+                });
+
+            modelBuilder.Entity("BDMS.Models.LithologicalDescription", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("integer")
+                        .HasColumnName("id_ldp");
+
+                    NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
+
+                    b.Property<DateTime?>("Created")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("creation");
+
+                    b.Property<int?>("CreatedById")
+                        .HasColumnType("integer")
+                        .HasColumnName("creator");
+
+                    b.Property<string>("Description")
+                        .HasColumnType("text")
+                        .HasColumnName("description");
+
+                    b.Property<double?>("FromDepth")
+                        .HasColumnType("double precision")
+                        .HasColumnName("depth_from");
+
+                    b.Property<bool?>("IsLast")
+                        .HasColumnType("boolean")
+                        .HasColumnName("is_last");
+
+                    b.Property<int?>("QtDescriptionId")
+                        .HasColumnType("integer")
+                        .HasColumnName("qt_description_id");
+
+                    b.Property<int>("StratigraphyId")
+                        .HasColumnType("integer")
+                        .HasColumnName("id_sty_fk");
+
+                    b.Property<double?>("ToDepth")
+                        .HasColumnType("double precision")
+                        .HasColumnName("depth_to");
+
+                    b.Property<DateTime?>("Updated")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("update");
+
+                    b.Property<int?>("UpdatedById")
+                        .HasColumnType("integer")
+                        .HasColumnName("updater");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("CreatedById");
+
+                    b.HasIndex("QtDescriptionId");
+
+                    b.HasIndex("StratigraphyId");
+
+                    b.HasIndex("UpdatedById");
+
+                    b.ToTable("lithological_description", "bdms");
+                });
+
+            modelBuilder.Entity("BDMS.Models.LithostratigraphyLayer", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("integer")
+                        .HasColumnName("id");
+
+                    NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
+
+                    b.Property<DateTime?>("Created")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("creation");
+
+                    b.Property<int?>("CreatedById")
+                        .HasColumnType("integer")
+                        .HasColumnName("creator");
+
+                    b.Property<double?>("FromDepth")
+                        .HasColumnType("double precision")
+                        .HasColumnName("depth_from");
+
+                    b.Property<bool?>("IsLast")
+                        .HasColumnType("boolean")
+                        .HasColumnName("is_last");
+
+                    b.Property<int?>("LithostratigraphyId")
+                        .HasColumnType("integer")
+                        .HasColumnName("lithostratigraphy_id");
+
+                    b.Property<int>("StratigraphyId")
+                        .HasColumnType("integer")
+                        .HasColumnName("stratigraphy_id");
+
+                    b.Property<double?>("ToDepth")
+                        .HasColumnType("double precision")
+                        .HasColumnName("depth_to");
+
+                    b.Property<DateTime?>("Updated")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("update");
+
+                    b.Property<int?>("UpdatedById")
+                        .HasColumnType("integer")
+                        .HasColumnName("updater");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("CreatedById");
+
+                    b.HasIndex("LithostratigraphyId");
+
+                    b.HasIndex("StratigraphyId");
+
+                    b.HasIndex("UpdatedById");
+
+                    b.ToTable("lithostratigraphy", "bdms");
+                });
+
+            modelBuilder.Entity("BDMS.Models.Observation", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("integer")
+                        .HasColumnName("id");
+
+                    NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
+
+                    b.Property<int>("BoreholeId")
+                        .HasColumnType("integer")
+                        .HasColumnName("borehole_id");
+
+                    b.Property<int?>("CasingId")
+                        .HasColumnType("integer")
+                        .HasColumnName("casing");
+
+                    b.Property<string>("Comment")
+                        .HasColumnType("text")
+                        .HasColumnName("comment");
+
+                    b.Property<bool?>("CompletionFinished")
+                        .HasColumnType("boolean")
+                        .HasColumnName("completion_finished");
+
+                    b.Property<DateTime?>("Created")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("creation");
+
+                    b.Property<int?>("CreatedById")
+                        .HasColumnType("integer")
+                        .HasColumnName("creator");
+
+                    b.Property<double?>("Duration")
+                        .HasColumnType("double precision")
+                        .HasColumnName("duration");
+
+                    b.Property<DateTime?>("EndTime")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("end_time");
+
+                    b.Property<double?>("FromDepthM")
+                        .HasColumnType("double precision")
+                        .HasColumnName("from_depth_m");
+
+                    b.Property<double?>("FromDepthMasl")
+                        .HasColumnType("double precision")
+                        .HasColumnName("from_depth_masl");
+
+                    b.Property<int>("ReliabilityId")
+                        .HasColumnType("integer")
+                        .HasColumnName("reliability");
+
+                    b.Property<DateTime?>("StartTime")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("start_time");
+
+                    b.Property<double?>("ToDepthM")
+                        .HasColumnType("double precision")
+                        .HasColumnName("to_depth_m");
+
+                    b.Property<double?>("ToDepthMasl")
+                        .HasColumnType("double precision")
+                        .HasColumnName("to_depth_masl");
+
+                    b.Property<int>("Type")
+                        .HasColumnType("integer")
+                        .HasColumnName("observation_type");
+
+                    b.Property<DateTime?>("Updated")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("update");
+
+                    b.Property<int?>("UpdatedById")
+                        .HasColumnType("integer")
+                        .HasColumnName("updater");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("BoreholeId");
+
+                    b.HasIndex("CasingId");
+
+                    b.HasIndex("CreatedById");
+
+                    b.HasIndex("ReliabilityId");
+
+                    b.HasIndex("UpdatedById");
+
+                    b.ToTable("observation", "bdms");
+
+                    b.UseTptMappingStrategy();
+                });
+
+            modelBuilder.Entity("BDMS.Models.Stratigraphy", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("integer")
+                        .HasColumnName("id_sty");
+
+                    NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
+
+                    b.Property<int?>("BoreholeId")
+                        .HasColumnType("integer")
+                        .HasColumnName("id_bho_fk");
+
+                    b.Property<string>("Casing")
+                        .HasColumnType("text")
+                        .HasColumnName("casng_id");
+
+                    b.Property<DateTime?>("CasingDate")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("casng_date_abd_sty");
+
+                    b.Property<DateTime?>("Created")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("creation_sty");
+
+                    b.Property<int?>("CreatedById")
+                        .HasColumnType("integer")
+                        .HasColumnName("author_sty");
+
+                    b.Property<DateTime?>("Date")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("date_sty");
+
+                    b.Property<int?>("FillCasingId")
+                        .HasColumnType("integer")
+                        .HasColumnName("fill_casng_id_sty_fk");
+
+                    b.Property<bool?>("IsPrimary")
+                        .HasColumnType("boolean")
+                        .HasColumnName("primary_sty");
+
+                    b.Property<int>("KindId")
+                        .HasColumnType("integer")
+                        .HasColumnName("kind_id_cli");
+
+                    b.Property<string>("Name")
+                        .HasColumnType("text")
+                        .HasColumnName("name_sty");
+
+                    b.Property<string>("Notes")
+                        .HasColumnType("text")
+                        .HasColumnName("notes_sty");
+
+                    b.Property<DateTime?>("Updated")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("update_sty");
+
+                    b.Property<int?>("UpdatedById")
+                        .HasColumnType("integer")
+                        .HasColumnName("updater_sty");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("BoreholeId");
+
+                    b.HasIndex("CreatedById");
+
+                    b.HasIndex("FillCasingId");
+
+                    b.HasIndex("KindId");
+
+                    b.HasIndex("UpdatedById");
+
+                    b.ToTable("stratigraphy", "bdms");
+                });
+
+            modelBuilder.Entity("BDMS.Models.Term", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("integer")
+                        .HasColumnName("id_tes");
+
+                    NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
+
+                    b.Property<DateTime>("Creation")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("creation_tes");
+
+                    b.Property<DateTime?>("Expiration")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("expired_tes");
+
+                    b.Property<bool>("IsDraft")
+                        .HasColumnType("boolean")
+                        .HasColumnName("draft_tes");
+
+                    b.Property<string>("TextDe")
+                        .HasColumnType("text")
+                        .HasColumnName("text_tes_de");
+
+                    b.Property<string>("TextEn")
+                        .IsRequired()
+                        .HasColumnType("text")
+                        .HasColumnName("text_tes_en");
+
+                    b.Property<string>("TextFr")
+                        .HasColumnType("text")
+                        .HasColumnName("text_tes_fr");
+
+                    b.Property<string>("TextIt")
+                        .HasColumnType("text")
+                        .HasColumnName("text_tes_it");
+
+                    b.Property<string>("TextRo")
+                        .HasColumnType("text")
+                        .HasColumnName("text_tes_ro");
+
+                    b.HasKey("Id");
+
+                    b.ToTable("terms", "bdms");
+                });
+
+            modelBuilder.Entity("BDMS.Models.User", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("integer")
+                        .HasColumnName("id_usr");
+
+                    NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
+
+                    b.Property<DateTime?>("DisabledAt")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("disabled_usr");
+
+                    b.Property<string>("FirstName")
+                        .IsRequired()
+                        .HasColumnType("text")
+                        .HasColumnName("firstname");
+
+                    b.Property<bool>("IsAdmin")
+                        .HasColumnType("boolean")
+                        .HasColumnName("admin_usr");
+
+                    b.Property<bool>("IsViewer")
+                        .HasColumnType("boolean")
+                        .HasColumnName("viewer_usr");
+
+                    b.Property<string>("LastName")
+                        .IsRequired()
+                        .HasColumnType("text")
+                        .HasColumnName("lastname");
+
+                    b.Property<string>("Name")
+                        .IsRequired()
+                        .HasColumnType("text")
+                        .HasColumnName("username");
+
+                    b.Property<string>("subject_id")
+                        .IsRequired()
+                        .HasColumnType("text");
+
+                    b.HasKey("Id");
+
+                    b.ToTable("users", "bdms");
+                });
+
+            modelBuilder.Entity("BDMS.Models.UserEvent", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("integer")
+                        .HasColumnName("id_evs");
+
+                    NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
+
+                    b.Property<DateTime?>("Created")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("created_evs");
+
+                    b.Property<string>("Payload")
+                        .HasColumnType("jsonb")
+                        .HasColumnName("payload_evs");
+
+                    b.Property<string>("Topic")
+                        .IsRequired()
+                        .HasColumnType("text")
+                        .HasColumnName("topic_evs");
+
+                    b.Property<int>("UserId")
+                        .HasColumnType("integer")
+                        .HasColumnName("id_usr_fk");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("UserId");
+
+                    b.ToTable("events", "bdms");
+                });
+
+            modelBuilder.Entity("BDMS.Models.UserWorkgroupRole", b =>
+                {
+                    b.Property<int>("UserId")
+                        .HasColumnType("integer")
+                        .HasColumnName("id_usr_fk");
+
+                    b.Property<int>("WorkgroupId")
+                        .HasColumnType("integer")
+                        .HasColumnName("id_wgp_fk");
+
+                    b.Property<int>("Role")
+                        .HasColumnType("int")
+                        .HasColumnName("id_rol_fk");
+
+                    b.HasKey("UserId", "WorkgroupId", "Role");
+
+                    b.ToTable("users_roles", "bdms");
+                });
+
+            modelBuilder.Entity("BDMS.Models.Workflow", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("integer")
+                        .HasColumnName("id_wkf");
+
+                    NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
+
+                    b.Property<int>("BoreholeId")
+                        .HasColumnType("integer")
+                        .HasColumnName("id_bho_fk");
+
+                    b.Property<DateTime?>("Finished")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("finished_wkf");
+
+                    b.Property<string>("Notes")
+                        .HasColumnType("text")
+                        .HasColumnName("notes_wkf");
+
+                    b.Property<int?>("Role")
+                        .HasColumnType("integer")
+                        .HasColumnName("id_rol_fk");
+
+                    b.Property<DateTime?>("Started")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("started_wkf");
+
+                    b.Property<int>("UserId")
+                        .HasColumnType("integer")
+                        .HasColumnName("id_usr_fk");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("BoreholeId");
+
+                    b.HasIndex("UserId");
+
+                    b.ToTable("workflow", "bdms");
+                });
+
+            modelBuilder.Entity("BDMS.Models.Workgroup", b =>
+                {
+                    b.Property<int>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("integer")
+                        .HasColumnName("id_wgp");
+
+                    NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<int>("Id"));
+
+                    b.Property<DateTime?>("Created")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("created_wgp");
+
+                    b.Property<DateTime?>("Disabled")
+                        .HasColumnType("timestamp with time zone")
+                        .HasColumnName("disabled_wgp");
+
+                    b.Property<bool?>("IsSupplier")
+                        .HasColumnType("boolean")
+                        .HasColumnName("supplier_wgp");
+
+                    b.Property<string>("Name")
+                        .IsRequired()
+                        .HasColumnType("text")
+                        .HasColumnName("name_wgp");
+
+                    b.Property<string>("Settings")
+                        .HasColumnType("json")
+                        .HasColumnName("settings_wgp");
+
+                    b.HasKey("Id");
+
+                    b.ToTable("workgroups", "bdms");
+                });
+
+            modelBuilder.Entity("BDMS.Models.FieldMeasurement", b =>
+                {
+                    b.HasBaseType("BDMS.Models.Observation");
+
+                    b.Property<int>("ParameterId")
+                        .HasColumnType("integer")
+                        .HasColumnName("parameter");
+
+                    b.Property<int>("SampleTypeId")
+                        .HasColumnType("integer")
+                        .HasColumnName("sample_type");
+
+                    b.Property<double>("Value")
+                        .HasColumnType("double precision")
+                        .HasColumnName("value");
+
+                    b.HasIndex("ParameterId");
+
+                    b.HasIndex("SampleTypeId");
+
+                    b.ToTable("field_measurement", "bdms");
+                });
+
+            modelBuilder.Entity("BDMS.Models.GroundwaterLevelMeasurement", b =>
+                {
+                    b.HasBaseType("BDMS.Models.Observation");
+
+                    b.Property<int>("KindId")
+                        .HasColumnType("integer")
+                        .HasColumnName("kind");
+
+                    b.Property<double?>("LevelM")
+                        .HasColumnType("double precision")
+                        .HasColumnName("level_m");
+
+                    b.Property<double?>("LevelMasl")
+                        .HasColumnType("double precision")
+                        .HasColumnName("level_masl");
+
+                    b.HasIndex("KindId");
+
+                    b.ToTable("groundwater_level_measurement", "bdms");
+                });
+
+            modelBuilder.Entity("BDMS.Models.Hydrotest", b =>
+                {
+                    b.HasBaseType("BDMS.Models.Observation");
+
+                    b.ToTable("hydrotest", "bdms");
+                });
+
+            modelBuilder.Entity("BDMS.Models.WaterIngress", b =>
+                {
+                    b.HasBaseType("BDMS.Models.Observation");
+
+                    b.Property<int?>("ConditionsId")
+                        .HasColumnType("integer")
+                        .HasColumnName("conditions");
+
+                    b.Property<int>("QuantityId")
+                        .HasColumnType("integer")
+                        .HasColumnName("quantity");
+
+                    b.HasIndex("ConditionsId");
+
+                    b.HasIndex("QuantityId");
+
+                    b.ToTable("water_ingress", "bdms");
+                });
+
+            modelBuilder.Entity("BDMS.Models.Borehole", b =>
+                {
+                    b.HasOne("BDMS.Models.Codelist", "Chronostratigraphy")
+                        .WithMany()
+                        .HasForeignKey("ChronostratigraphyId");
+
+                    b.HasOne("BDMS.Models.User", "CreatedBy")
+                        .WithMany()
+                        .HasForeignKey("CreatedById");
+
+                    b.HasOne("BDMS.Models.Codelist", "Cuttings")
+                        .WithMany()
+                        .HasForeignKey("CuttingsId");
+
+                    b.HasOne("BDMS.Models.Codelist", "DrillingMethod")
+                        .WithMany()
+                        .HasForeignKey("DrillingMethodId");
+
+                    b.HasOne("BDMS.Models.Codelist", "Hrs")
+                        .WithMany()
+                        .HasForeignKey("HrsId");
+
+                    b.HasOne("BDMS.Models.Codelist", "Kind")
+                        .WithMany()
+                        .HasForeignKey("KindId");
+
+                    b.HasOne("BDMS.Models.Codelist", "LithologyTopBedrock")
+                        .WithMany()
+                        .HasForeignKey("LithologyTopBedrockId");
+
+                    b.HasOne("BDMS.Models.Codelist", "Lithostratigraphy")
+                        .WithMany()
+                        .HasForeignKey("LithostratigraphyId");
+
+                    b.HasOne("BDMS.Models.User", "LockedBy")
+                        .WithMany()
+                        .HasForeignKey("LockedById");
+
+                    b.HasOne("BDMS.Models.Codelist", "Purpose")
+                        .WithMany()
+                        .HasForeignKey("PurposeId");
+
+                    b.HasOne("BDMS.Models.Codelist", "QtDepth")
+                        .WithMany()
+                        .HasForeignKey("QtDepthId");
+
+                    b.HasOne("BDMS.Models.Codelist", "QtElevation")
+                        .WithMany()
+                        .HasForeignKey("QtElevationId");
+
+                    b.HasOne("BDMS.Models.Codelist", "QtInclinationDirection")
+                        .WithMany()
+                        .HasForeignKey("QtInclinationDirectionId");
+
+                    b.HasOne("BDMS.Models.Codelist", "QtLocation")
+                        .WithMany()
+                        .HasForeignKey("QtLocationId");
+
+                    b.HasOne("BDMS.Models.Codelist", "QtReferenceElevation")
+                        .WithMany()
+                        .HasForeignKey("QtReferenceElevationId");
+
+                    b.HasOne("BDMS.Models.Codelist", "QtTotalDepthTvd")
+                        .WithMany()
+                        .HasForeignKey("QtTotalDepthTvdId");
+
+                    b.HasOne("BDMS.Models.Codelist", "ReferenceElevationType")
+                        .WithMany()
+                        .HasForeignKey("ReferenceElevationTypeId");
+
+                    b.HasOne("BDMS.Models.Codelist", "Restriction")
+                        .WithMany()
+                        .HasForeignKey("RestrictionId");
+
+                    b.HasOne("BDMS.Models.Codelist", "Status")
+                        .WithMany()
+                        .HasForeignKey("StatusId");
+
+                    b.HasOne("BDMS.Models.User", "UpdatedBy")
+                        .WithMany()
+                        .HasForeignKey("UpdatedById");
+
+                    b.HasOne("BDMS.Models.Workgroup", "Workgroup")
+                        .WithMany("Boreholes")
+                        .HasForeignKey("WorkgroupId");
+
+                    b.Navigation("Chronostratigraphy");
+
+                    b.Navigation("CreatedBy");
+
+                    b.Navigation("Cuttings");
+
+                    b.Navigation("DrillingMethod");
+
+                    b.Navigation("Hrs");
+
+                    b.Navigation("Kind");
+
+                    b.Navigation("LithologyTopBedrock");
+
+                    b.Navigation("Lithostratigraphy");
+
+                    b.Navigation("LockedBy");
+
+                    b.Navigation("Purpose");
+
+                    b.Navigation("QtDepth");
+
+                    b.Navigation("QtElevation");
+
+                    b.Navigation("QtInclinationDirection");
+
+                    b.Navigation("QtLocation");
+
+                    b.Navigation("QtReferenceElevation");
+
+                    b.Navigation("QtTotalDepthTvd");
+
+                    b.Navigation("ReferenceElevationType");
+
+                    b.Navigation("Restriction");
+
+                    b.Navigation("Status");
+
+                    b.Navigation("UpdatedBy");
+
+                    b.Navigation("Workgroup");
+                });
+
+            modelBuilder.Entity("BDMS.Models.BoreholeCodelist", b =>
+                {
+                    b.HasOne("BDMS.Models.Borehole", "Borehole")
+                        .WithMany("BoreholeCodelists")
+                        .HasForeignKey("BoreholeId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("BDMS.Models.Codelist", "Codelist")
+                        .WithMany("BoreholeCodelists")
+                        .HasForeignKey("CodelistId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.Navigation("Borehole");
+
+                    b.Navigation("Codelist");
+                });
+
+            modelBuilder.Entity("BDMS.Models.BoreholeFile", b =>
+                {
+                    b.HasOne("BDMS.Models.Borehole", "Borehole")
+                        .WithMany("BoreholeFiles")
+                        .HasForeignKey("BoreholeId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("BDMS.Models.User", "CreatedBy")
+                        .WithMany()
+                        .HasForeignKey("CreatedById");
+
+                    b.HasOne("BDMS.Models.File", "File")
+                        .WithMany("BoreholeFiles")
+                        .HasForeignKey("FileId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("BDMS.Models.User", "UpdatedBy")
+                        .WithMany()
+                        .HasForeignKey("UpdatedById");
+
+                    b.HasOne("BDMS.Models.User", "User")
+                        .WithMany()
+                        .HasForeignKey("UserId");
+
+                    b.Navigation("Borehole");
+
+                    b.Navigation("CreatedBy");
+
+                    b.Navigation("File");
+
+                    b.Navigation("UpdatedBy");
+
+                    b.Navigation("User");
+                });
+
+            modelBuilder.Entity("BDMS.Models.ChronostratigraphyLayer", b =>
+                {
+                    b.HasOne("BDMS.Models.Codelist", "Chronostratigraphy")
+                        .WithMany()
+                        .HasForeignKey("ChronostratigraphyId");
+
+                    b.HasOne("BDMS.Models.User", "CreatedBy")
+                        .WithMany()
+                        .HasForeignKey("CreatedById");
+
+                    b.HasOne("BDMS.Models.Stratigraphy", "Stratigraphy")
+                        .WithMany("ChronostratigraphyLayers")
+                        .HasForeignKey("StratigraphyId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("BDMS.Models.User", "UpdatedBy")
+                        .WithMany()
+                        .HasForeignKey("UpdatedById");
+
+                    b.Navigation("Chronostratigraphy");
+
+                    b.Navigation("CreatedBy");
+
+                    b.Navigation("Stratigraphy");
+
+                    b.Navigation("UpdatedBy");
+                });
+
+            modelBuilder.Entity("BDMS.Models.Completion", b =>
+                {
+                    b.HasOne("BDMS.Models.Borehole", "Borehole")
+                        .WithMany()
+                        .HasForeignKey("BoreholeId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("BDMS.Models.User", "CreatedBy")
+                        .WithMany()
+                        .HasForeignKey("CreatedById");
+
+                    b.HasOne("BDMS.Models.Codelist", "Kind")
+                        .WithMany()
+                        .HasForeignKey("KindId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("BDMS.Models.User", "UpdatedBy")
+                        .WithMany()
+                        .HasForeignKey("UpdatedById");
+
+                    b.Navigation("Borehole");
+
+                    b.Navigation("CreatedBy");
+
+                    b.Navigation("Kind");
+
+                    b.Navigation("UpdatedBy");
+                });
+
+            modelBuilder.Entity("BDMS.Models.FaciesDescription", b =>
+                {
+                    b.HasOne("BDMS.Models.User", "CreatedBy")
+                        .WithMany()
+                        .HasForeignKey("CreatedById");
+
+                    b.HasOne("BDMS.Models.Codelist", "QtDescription")
+                        .WithMany()
+                        .HasForeignKey("QtDescriptionId");
+
+                    b.HasOne("BDMS.Models.Stratigraphy", "Stratigraphy")
+                        .WithMany("FaciesDescriptions")
+                        .HasForeignKey("StratigraphyId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("BDMS.Models.User", "UpdatedBy")
+                        .WithMany()
+                        .HasForeignKey("UpdatedById");
+
+                    b.Navigation("CreatedBy");
+
+                    b.Navigation("QtDescription");
+
+                    b.Navigation("Stratigraphy");
+
+                    b.Navigation("UpdatedBy");
+                });
+
+            modelBuilder.Entity("BDMS.Models.File", b =>
+                {
+                    b.HasOne("BDMS.Models.User", "CreatedBy")
+                        .WithMany()
+                        .HasForeignKey("CreatedById");
+
+                    b.HasOne("BDMS.Models.User", "UpdatedBy")
+                        .WithMany()
+                        .HasForeignKey("UpdatedById");
+
+                    b.Navigation("CreatedBy");
+
+                    b.Navigation("UpdatedBy");
+                });
+
+            modelBuilder.Entity("BDMS.Models.HydrotestCodelist", b =>
+                {
+                    b.HasOne("BDMS.Models.Codelist", "Codelist")
+                        .WithMany("HydrotestCodelists")
+                        .HasForeignKey("CodelistId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("BDMS.Models.Hydrotest", "Hydrotest")
+                        .WithMany("HydrotestCodelists")
+                        .HasForeignKey("HydrotestId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.Navigation("Codelist");
+
+                    b.Navigation("Hydrotest");
+                });
+
+            modelBuilder.Entity("BDMS.Models.HydrotestResult", b =>
+                {
+                    b.HasOne("BDMS.Models.User", "CreatedBy")
+                        .WithMany()
+                        .HasForeignKey("CreatedById");
+
+                    b.HasOne("BDMS.Models.Hydrotest", "Hydrotest")
+                        .WithMany("HydrotestResults")
+                        .HasForeignKey("HydrotestId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("BDMS.Models.Codelist", "Parameter")
+                        .WithMany()
+                        .HasForeignKey("ParameterId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("BDMS.Models.User", "UpdatedBy")
+                        .WithMany()
+                        .HasForeignKey("UpdatedById");
+
+                    b.Navigation("CreatedBy");
+
+                    b.Navigation("Hydrotest");
+
+                    b.Navigation("Parameter");
+
+                    b.Navigation("UpdatedBy");
+                });
+
+            modelBuilder.Entity("BDMS.Models.Instrumentation", b =>
+                {
+                    b.HasOne("BDMS.Models.Completion", "Completion")
+                        .WithMany()
+                        .HasForeignKey("CompletionId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("BDMS.Models.User", "CreatedBy")
+                        .WithMany()
+                        .HasForeignKey("CreatedById");
+
+                    b.HasOne("BDMS.Models.Codelist", "Kind")
+                        .WithMany()
+                        .HasForeignKey("KindId");
+
+                    b.HasOne("BDMS.Models.Codelist", "Status")
+                        .WithMany()
+                        .HasForeignKey("StatusId");
+
+                    b.HasOne("BDMS.Models.User", "UpdatedBy")
+                        .WithMany()
+                        .HasForeignKey("UpdatedById");
+
+                    b.Navigation("Completion");
+
+                    b.Navigation("CreatedBy");
+
+                    b.Navigation("Kind");
+
+                    b.Navigation("Status");
+
+                    b.Navigation("UpdatedBy");
+                });
+
+            modelBuilder.Entity("BDMS.Models.Layer", b =>
+                {
+                    b.HasOne("BDMS.Models.Codelist", "Alteration")
+                        .WithMany()
+                        .HasForeignKey("AlterationId");
+
+                    b.HasOne("BDMS.Models.Codelist", "CasingKind")
+                        .WithMany()
+                        .HasForeignKey("CasingKindId");
+
+                    b.HasOne("BDMS.Models.Codelist", "CasingMaterial")
+                        .WithMany()
+                        .HasForeignKey("CasingMaterialId");
+
+                    b.HasOne("BDMS.Models.Codelist", "Cohesion")
+                        .WithMany()
+                        .HasForeignKey("CohesionId");
+
+                    b.HasOne("BDMS.Models.Codelist", "Compactness")
+                        .WithMany()
+                        .HasForeignKey("CompactnessId");
+
+                    b.HasOne("BDMS.Models.Codelist", "Consistance")
+                        .WithMany()
+                        .HasForeignKey("ConsistanceId");
+
+                    b.HasOne("BDMS.Models.User", "CreatedBy")
+                        .WithMany()
+                        .HasForeignKey("CreatedById");
+
+                    b.HasOne("BDMS.Models.Codelist", "FillKind")
+                        .WithMany()
+                        .HasForeignKey("FillKindId");
+
+                    b.HasOne("BDMS.Models.Codelist", "FillMaterial")
+                        .WithMany()
+                        .HasForeignKey("FillMaterialId");
+
+                    b.HasOne("BDMS.Models.Codelist", "Gradation")
+                        .WithMany()
+                        .HasForeignKey("GradationId");
+
+                    b.HasOne("BDMS.Models.Codelist", "GrainSize1")
+                        .WithMany()
+                        .HasForeignKey("GrainSize1Id");
+
+                    b.HasOne("BDMS.Models.Codelist", "GrainSize2")
+                        .WithMany()
+                        .HasForeignKey("GrainSize2Id");
+
+                    b.HasOne("BDMS.Models.Codelist", "Humidity")
+                        .WithMany()
+                        .HasForeignKey("HumidityId");
+
+                    b.HasOne("BDMS.Models.Stratigraphy", "InstrumentCasing")
+                        .WithMany()
+                        .HasForeignKey("InstrumentCasingId");
+
+                    b.HasOne("BDMS.Models.Codelist", "InstrumentKind")
+                        .WithMany()
+                        .HasForeignKey("InstrumentKindId");
+
+                    b.HasOne("BDMS.Models.Codelist", "InstrumentStatus")
+                        .WithMany()
+                        .HasForeignKey("InstrumentStatusId");
+
+                    b.HasOne("BDMS.Models.Codelist", "Lithology")
+                        .WithMany()
+                        .HasForeignKey("LithologyId");
+
+                    b.HasOne("BDMS.Models.Codelist", "LithologyTopBedrock")
+                        .WithMany()
+                        .HasForeignKey("LithologyTopBedrockId");
+
+                    b.HasOne("BDMS.Models.Codelist", "Lithostratigraphy")
+                        .WithMany()
+                        .HasForeignKey("LithostratigraphyId");
+
+                    b.HasOne("BDMS.Models.Codelist", "Plasticity")
+                        .WithMany()
+                        .HasForeignKey("PlasticityId");
+
+                    b.HasOne("BDMS.Models.Codelist", "QtDescription")
+                        .WithMany()
+                        .HasForeignKey("QtDescriptionId");
+
+                    b.HasOne("BDMS.Models.Stratigraphy", "Stratigraphy")
+                        .WithMany("Layers")
+                        .HasForeignKey("StratigraphyId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("BDMS.Models.User", "UpdatedBy")
+                        .WithMany()
+                        .HasForeignKey("UpdatedById");
+
+                    b.HasOne("BDMS.Models.Codelist", "Uscs1")
+                        .WithMany()
+                        .HasForeignKey("Uscs1Id");
+
+                    b.HasOne("BDMS.Models.Codelist", "Uscs2")
+                        .WithMany()
+                        .HasForeignKey("Uscs2Id");
+
+                    b.HasOne("BDMS.Models.Codelist", "UscsDetermination")
+                        .WithMany()
+                        .HasForeignKey("UscsDeterminationId");
+
+                    b.Navigation("Alteration");
+
+                    b.Navigation("CasingKind");
+
+                    b.Navigation("CasingMaterial");
+
+                    b.Navigation("Cohesion");
+
+                    b.Navigation("Compactness");
+
+                    b.Navigation("Consistance");
+
+                    b.Navigation("CreatedBy");
+
+                    b.Navigation("FillKind");
+
+                    b.Navigation("FillMaterial");
+
+                    b.Navigation("Gradation");
+
+                    b.Navigation("GrainSize1");
+
+                    b.Navigation("GrainSize2");
+
+                    b.Navigation("Humidity");
+
+                    b.Navigation("InstrumentCasing");
+
+                    b.Navigation("InstrumentKind");
+
+                    b.Navigation("InstrumentStatus");
+
+                    b.Navigation("Lithology");
+
+                    b.Navigation("LithologyTopBedrock");
+
+                    b.Navigation("Lithostratigraphy");
+
+                    b.Navigation("Plasticity");
+
+                    b.Navigation("QtDescription");
+
+                    b.Navigation("Stratigraphy");
+
+                    b.Navigation("UpdatedBy");
+
+                    b.Navigation("Uscs1");
+
+                    b.Navigation("Uscs2");
+
+                    b.Navigation("UscsDetermination");
+                });
+
+            modelBuilder.Entity("BDMS.Models.LayerCodelist", b =>
+                {
+                    b.HasOne("BDMS.Models.Codelist", "Codelist")
+                        .WithMany("LayerCodelists")
+                        .HasForeignKey("CodelistId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("BDMS.Models.Layer", "Layer")
+                        .WithMany("LayerCodelists")
+                        .HasForeignKey("LayerId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.Navigation("Codelist");
+
+                    b.Navigation("Layer");
+                });
+
+            modelBuilder.Entity("BDMS.Models.LithologicalDescription", b =>
+                {
+                    b.HasOne("BDMS.Models.User", "CreatedBy")
+                        .WithMany()
+                        .HasForeignKey("CreatedById");
+
+                    b.HasOne("BDMS.Models.Codelist", "QtDescription")
+                        .WithMany()
+                        .HasForeignKey("QtDescriptionId");
+
+                    b.HasOne("BDMS.Models.Stratigraphy", "Stratigraphy")
+                        .WithMany("LithologicalDescriptions")
+                        .HasForeignKey("StratigraphyId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("BDMS.Models.User", "UpdatedBy")
+                        .WithMany()
+                        .HasForeignKey("UpdatedById");
+
+                    b.Navigation("CreatedBy");
+
+                    b.Navigation("QtDescription");
+
+                    b.Navigation("Stratigraphy");
+
+                    b.Navigation("UpdatedBy");
+                });
+
+            modelBuilder.Entity("BDMS.Models.LithostratigraphyLayer", b =>
+                {
+                    b.HasOne("BDMS.Models.User", "CreatedBy")
+                        .WithMany()
+                        .HasForeignKey("CreatedById");
+
+                    b.HasOne("BDMS.Models.Codelist", "Lithostratigraphy")
+                        .WithMany()
+                        .HasForeignKey("LithostratigraphyId");
+
+                    b.HasOne("BDMS.Models.Stratigraphy", "Stratigraphy")
+                        .WithMany("LithostratigraphyLayers")
+                        .HasForeignKey("StratigraphyId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("BDMS.Models.User", "UpdatedBy")
+                        .WithMany()
+                        .HasForeignKey("UpdatedById");
+
+                    b.Navigation("CreatedBy");
+
+                    b.Navigation("Lithostratigraphy");
+
+                    b.Navigation("Stratigraphy");
+
+                    b.Navigation("UpdatedBy");
+                });
+
+            modelBuilder.Entity("BDMS.Models.Observation", b =>
+                {
+                    b.HasOne("BDMS.Models.Borehole", "Borehole")
+                        .WithMany()
+                        .HasForeignKey("BoreholeId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("BDMS.Models.Stratigraphy", "Casing")
+                        .WithMany()
+                        .HasForeignKey("CasingId");
+
+                    b.HasOne("BDMS.Models.User", "CreatedBy")
+                        .WithMany()
+                        .HasForeignKey("CreatedById");
+
+                    b.HasOne("BDMS.Models.Codelist", "Reliability")
+                        .WithMany()
+                        .HasForeignKey("ReliabilityId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("BDMS.Models.User", "UpdatedBy")
+                        .WithMany()
+                        .HasForeignKey("UpdatedById");
+
+                    b.Navigation("Borehole");
+
+                    b.Navigation("Casing");
+
+                    b.Navigation("CreatedBy");
+
+                    b.Navigation("Reliability");
+
+                    b.Navigation("UpdatedBy");
+                });
+
+            modelBuilder.Entity("BDMS.Models.Stratigraphy", b =>
+                {
+                    b.HasOne("BDMS.Models.Borehole", "Borehole")
+                        .WithMany("Stratigraphies")
+                        .HasForeignKey("BoreholeId");
+
+                    b.HasOne("BDMS.Models.User", "CreatedBy")
+                        .WithMany()
+                        .HasForeignKey("CreatedById");
+
+                    b.HasOne("BDMS.Models.Stratigraphy", "FillCasing")
+                        .WithMany()
+                        .HasForeignKey("FillCasingId");
+
+                    b.HasOne("BDMS.Models.Codelist", "Kind")
+                        .WithMany()
+                        .HasForeignKey("KindId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("BDMS.Models.User", "UpdatedBy")
+                        .WithMany()
+                        .HasForeignKey("UpdatedById");
+
+                    b.Navigation("Borehole");
+
+                    b.Navigation("CreatedBy");
+
+                    b.Navigation("FillCasing");
+
+                    b.Navigation("Kind");
+
+                    b.Navigation("UpdatedBy");
+                });
+
+            modelBuilder.Entity("BDMS.Models.UserEvent", b =>
+                {
+                    b.HasOne("BDMS.Models.User", "User")
+                        .WithMany("BoringEvents")
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.Navigation("User");
+                });
+
+            modelBuilder.Entity("BDMS.Models.UserWorkgroupRole", b =>
+                {
+                    b.HasOne("BDMS.Models.User", null)
+                        .WithMany("WorkgroupRoles")
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("BDMS.Models.Workflow", b =>
+                {
+                    b.HasOne("BDMS.Models.Borehole", "Borehole")
+                        .WithMany("Workflows")
+                        .HasForeignKey("BoreholeId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("BDMS.Models.User", "User")
+                        .WithMany()
+                        .HasForeignKey("UserId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.Navigation("Borehole");
+
+                    b.Navigation("User");
+                });
+
+            modelBuilder.Entity("BDMS.Models.FieldMeasurement", b =>
+                {
+                    b.HasOne("BDMS.Models.Observation", null)
+                        .WithOne()
+                        .HasForeignKey("BDMS.Models.FieldMeasurement", "Id")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("BDMS.Models.Codelist", "Parameter")
+                        .WithMany()
+                        .HasForeignKey("ParameterId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("BDMS.Models.Codelist", "SampleType")
+                        .WithMany()
+                        .HasForeignKey("SampleTypeId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.Navigation("Parameter");
+
+                    b.Navigation("SampleType");
+                });
+
+            modelBuilder.Entity("BDMS.Models.GroundwaterLevelMeasurement", b =>
+                {
+                    b.HasOne("BDMS.Models.Observation", null)
+                        .WithOne()
+                        .HasForeignKey("BDMS.Models.GroundwaterLevelMeasurement", "Id")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("BDMS.Models.Codelist", "Kind")
+                        .WithMany()
+                        .HasForeignKey("KindId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.Navigation("Kind");
+                });
+
+            modelBuilder.Entity("BDMS.Models.Hydrotest", b =>
+                {
+                    b.HasOne("BDMS.Models.Observation", null)
+                        .WithOne()
+                        .HasForeignKey("BDMS.Models.Hydrotest", "Id")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("BDMS.Models.WaterIngress", b =>
+                {
+                    b.HasOne("BDMS.Models.Codelist", "Conditions")
+                        .WithMany()
+                        .HasForeignKey("ConditionsId");
+
+                    b.HasOne("BDMS.Models.Observation", null)
+                        .WithOne()
+                        .HasForeignKey("BDMS.Models.WaterIngress", "Id")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("BDMS.Models.Codelist", "Quantity")
+                        .WithMany()
+                        .HasForeignKey("QuantityId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.Navigation("Conditions");
+
+                    b.Navigation("Quantity");
+                });
+
+            modelBuilder.Entity("BDMS.Models.Borehole", b =>
+                {
+                    b.Navigation("BoreholeCodelists");
+
+                    b.Navigation("BoreholeFiles");
+
+                    b.Navigation("Stratigraphies");
+
+                    b.Navigation("Workflows");
+                });
+
+            modelBuilder.Entity("BDMS.Models.Codelist", b =>
+                {
+                    b.Navigation("BoreholeCodelists");
+
+                    b.Navigation("HydrotestCodelists");
+
+                    b.Navigation("LayerCodelists");
+                });
+
+            modelBuilder.Entity("BDMS.Models.File", b =>
+                {
+                    b.Navigation("BoreholeFiles");
+                });
+
+            modelBuilder.Entity("BDMS.Models.Layer", b =>
+                {
+                    b.Navigation("LayerCodelists");
+                });
+
+            modelBuilder.Entity("BDMS.Models.Stratigraphy", b =>
+                {
+                    b.Navigation("ChronostratigraphyLayers");
+
+                    b.Navigation("FaciesDescriptions");
+
+                    b.Navigation("Layers");
+
+                    b.Navigation("LithologicalDescriptions");
+
+                    b.Navigation("LithostratigraphyLayers");
+                });
+
+            modelBuilder.Entity("BDMS.Models.User", b =>
+                {
+                    b.Navigation("BoringEvents");
+
+                    b.Navigation("WorkgroupRoles");
+                });
+
+            modelBuilder.Entity("BDMS.Models.Workgroup", b =>
+                {
+                    b.Navigation("Boreholes");
+                });
+
+            modelBuilder.Entity("BDMS.Models.Hydrotest", b =>
+                {
+                    b.Navigation("HydrotestCodelists");
+
+                    b.Navigation("HydrotestResults");
+                });
+#pragma warning restore 612, 618
+        }
+    }
+}
diff --git a/src/api/Migrations/20240109150510_AddUserSubjectId.cs b/src/api/Migrations/20240109150510_AddUserSubjectId.cs
new file mode 100644
index 000000000..74f11b5b2
--- /dev/null
+++ b/src/api/Migrations/20240109150510_AddUserSubjectId.cs
@@ -0,0 +1,64 @@
+using Microsoft.EntityFrameworkCore.Migrations;
+
+#nullable disable
+
+namespace BDMS.Migrations
+{
+    /// <inheritdoc />
+    public partial class AddUserSubjectId : Migration
+    {
+        /// <inheritdoc />
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.AddColumn<string>(
+                name: "subject_id",
+                schema: "bdms",
+                table: "users",
+                type: "text",
+                nullable: false,
+                defaultValue: "");
+
+            migrationBuilder.DropUniqueConstraint(
+                name: "users_username_key",
+                table: "users",
+                schema: "bdms");
+
+            migrationBuilder.Sql(@"
+                UPDATE bdms.users
+                SET
+                    subject_id = CONCAT('sub_', username),
+                    username = CONCAT(SUBSTRING(firstname, 1, 1), '. ', lastname);
+            ");
+
+            migrationBuilder.AddUniqueConstraint(
+                name: "users_subject_id_unique",
+                table: "users",
+                column: "subject_id",
+                schema: "bdms");
+        }
+
+        /// <inheritdoc />
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropUniqueConstraint(
+                name: "users_subject_id_unique",
+                table: "users",
+                schema: "bdms");
+
+            migrationBuilder.Sql(@"
+                UPDATE bdms.users
+                SET username = SUBSTRING(subject_id, 5);");
+
+            migrationBuilder.AddUniqueConstraint(
+                name: "users_username_key",
+                table: "users",
+                column: "username",
+                schema: "bdms");
+
+            migrationBuilder.DropColumn(
+                name: "subject_id",
+                schema: "bdms",
+                table: "users");
+        }
+    }
+}
diff --git a/src/api/Migrations/BdmsContextModelSnapshot.cs b/src/api/Migrations/BdmsContextModelSnapshot.cs
index 81c4911f0..8b1a4a1de 100644
--- a/src/api/Migrations/BdmsContextModelSnapshot.cs
+++ b/src/api/Migrations/BdmsContextModelSnapshot.cs
@@ -1,4 +1,4 @@
-// <auto-generated />
+// <auto-generated />
 using System;
 using BDMS;
 using Microsoft.EntityFrameworkCore;
@@ -1597,6 +1597,10 @@ protected override void BuildModel(ModelBuilder modelBuilder)
                         .HasColumnType("text")
                         .HasColumnName("username");
 
+                    b.Property<string>("SubjectId")
+                        .IsRequired()
+                        .HasColumnType("text");
+
                     b.HasKey("Id");
 
                     b.ToTable("users", "bdms");
diff --git a/src/api/Models/User.cs b/src/api/Models/User.cs
index 087d19ca2..592f0f522 100644
--- a/src/api/Models/User.cs
+++ b/src/api/Models/User.cs
@@ -1,4 +1,4 @@
-using System.ComponentModel.DataAnnotations;
+using System.ComponentModel.DataAnnotations;
 using System.ComponentModel.DataAnnotations.Schema;
 
 namespace BDMS.Models;
@@ -20,6 +20,12 @@ public class User : IIdentifyable
     [Column("username")]
     public string Name { get; set; }
 
+    /// <summary>
+    /// Gets or sets the <see cref="User"/>s subject id provided by oidc.
+    /// </summary>
+    [Column("subject_id")]
+    public string SubjectId { get; set; }
+
     /// <summary>
     /// Gets or sets the <see cref="User"/>s firstname.
     /// </summary>

From d18e34d5ea5d24a83d63aebb86c4021cc1dba74e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20L=C3=BCthi?= <philipp.luethi@geowerkstatt.ch>
Date: Wed, 10 Jan 2024 09:00:26 +0100
Subject: [PATCH 16/31] Create unknown users

Set Password to fulfill not null constraint
---
 ...DatabaseAuthenticationClaimsTransformation.cs | 16 +++++++++++-----
 src/api/Migrations/BdmsContextModelSnapshot.cs   |  7 ++++++-
 src/api/Models/User.cs                           |  6 +++++-
 3 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/src/api/Authentication/DatabaseAuthenticationClaimsTransformation.cs b/src/api/Authentication/DatabaseAuthenticationClaimsTransformation.cs
index eb363317d..094f418d9 100644
--- a/src/api/Authentication/DatabaseAuthenticationClaimsTransformation.cs
+++ b/src/api/Authentication/DatabaseAuthenticationClaimsTransformation.cs
@@ -1,4 +1,5 @@
-using Microsoft.AspNetCore.Authentication;
+using BDMS.Models;
+using Microsoft.AspNetCore.Authentication;
 using System.Security.Claims;
 
 namespace BDMS.Authentication;
@@ -21,15 +22,20 @@ public DatabaseAuthenticationClaimsTransformation(BdmsContext dbContext)
     public async Task<ClaimsPrincipal> TransformAsync(ClaimsPrincipal principal)
     {
         var userId = principal.Claims.FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier);
-        var authenticatedUser = userId is not null ? dbContext.Users.FirstOrDefault(u => u.Name == userId.Value) : null;
+        if (userId is null) return principal;
 
-        if (authenticatedUser == null || authenticatedUser.IsDisabled)
+        var authenticatedUser = dbContext.Users.FirstOrDefault(u => u.SubjectId == userId.Value)
+        ?? new User
         {
-            return principal;
-        }
+            SubjectId = userId.Value,
+            Password = "Undefined", // TODO: Remove with #911
+        };
+        if (authenticatedUser.IsDisabled) return principal;
 
         authenticatedUser.FirstName = principal.Claims.FirstOrDefault(c => c.Type == ClaimTypes.GivenName)?.Value ?? authenticatedUser.FirstName;
         authenticatedUser.LastName = principal.Claims.FirstOrDefault(c => c.Type == ClaimTypes.Surname)?.Value ?? authenticatedUser.LastName;
+        authenticatedUser.Name = $"{authenticatedUser.FirstName[0]}. {authenticatedUser.LastName}";
+        dbContext.Update(authenticatedUser);
         await dbContext.SaveChangesAsync().ConfigureAwait(false);
 
         var claimsIdentity = new ClaimsIdentity();
diff --git a/src/api/Migrations/BdmsContextModelSnapshot.cs b/src/api/Migrations/BdmsContextModelSnapshot.cs
index 8b1a4a1de..f44933bc9 100644
--- a/src/api/Migrations/BdmsContextModelSnapshot.cs
+++ b/src/api/Migrations/BdmsContextModelSnapshot.cs
@@ -1,4 +1,4 @@
-// <auto-generated />
+// <auto-generated />
 using System;
 using BDMS;
 using Microsoft.EntityFrameworkCore;
@@ -1597,6 +1597,11 @@ protected override void BuildModel(ModelBuilder modelBuilder)
                         .HasColumnType("text")
                         .HasColumnName("username");
 
+                    b.Property<string>("Password")
+                        .IsRequired()
+                        .HasColumnType("text")
+                        .HasColumnName("password");
+
                     b.Property<string>("SubjectId")
                         .IsRequired()
                         .HasColumnType("text");
diff --git a/src/api/Models/User.cs b/src/api/Models/User.cs
index 592f0f522..e240b7898 100644
--- a/src/api/Models/User.cs
+++ b/src/api/Models/User.cs
@@ -1,4 +1,4 @@
-using System.ComponentModel.DataAnnotations;
+using System.ComponentModel.DataAnnotations;
 using System.ComponentModel.DataAnnotations.Schema;
 
 namespace BDMS.Models;
@@ -77,6 +77,10 @@ public class User : IIdentifyable
     [NotMapped]
     public bool? Deletable { get; set; }
 
+    // TODO: Remove with #911
+    [Column("password")]
+    public string Password { get; set; }
+
     /// <inheritdoc/>
     public override string ToString() => Name;
 }

From 9d2cbb10fb1cbdc02132af5b4cc10e11394c56d4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20L=C3=BCthi?= <philipp.luethi@geowerkstatt.ch>
Date: Wed, 10 Jan 2024 09:00:55 +0100
Subject: [PATCH 17/31] Use subject_id for legacy api authentication

---
 src/api-legacy/v1/basehandler.py                       | 10 +++++-----
 .../LegacyApiAuthenticationMiddleware.cs               |  8 ++++----
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/src/api-legacy/v1/basehandler.py b/src/api-legacy/v1/basehandler.py
index 1cee19418..dc6c94cb6 100644
--- a/src/api-legacy/v1/basehandler.py
+++ b/src/api-legacy/v1/basehandler.py
@@ -28,16 +28,16 @@ def __init__(self, *args, **kwargs):
     async def prepare(self):
 
         auth_header = self.request.headers.get('Authorization')
-        
+
         if auth_header is None:
             self.set_header('WWW-Authenticate', 'Basic realm=BDMS')
             self.set_status(401)
             self.finish()
             return
 
-        username = auth_header
+        subject_id = auth_header
 
-        async with self.pool.acquire() as conn: 
+        async with self.pool.acquire() as conn:
 
             val = await conn.fetchval("""
                 SELECT row_to_json(t)
@@ -167,11 +167,11 @@ async def prepare(self):
                     ON w.id_usr_fk = id_usr
 
                     WHERE
-                        username = $1
+                        subject_id = $1
                     AND
                         disabled_usr IS NULL
                 ) as t
-            """, username)
+            """, subject_id)
 
             if val is None:
                 self.set_status(401)
diff --git a/src/api/Authentication/LegacyApiAuthenticationMiddleware.cs b/src/api/Authentication/LegacyApiAuthenticationMiddleware.cs
index c69e517a7..27ecd2c7c 100644
--- a/src/api/Authentication/LegacyApiAuthenticationMiddleware.cs
+++ b/src/api/Authentication/LegacyApiAuthenticationMiddleware.cs
@@ -15,14 +15,14 @@ public async Task InvokeAsync(HttpContext context, RequestDelegate next)
     {
         if (context.Request.Path.StartsWithSegments(new PathString("/api/v1"), StringComparison.OrdinalIgnoreCase))
         {
-            var userName = context.User.Claims.FirstOrDefault(c => c.Type == ClaimTypes.Name);
-            if (userName is not null)
+            var subjectId = context.User.Claims.FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier);
+            if (subjectId is not null)
             {
-                context.Request.Headers.Authorization = userName.Value;
+                context.Request.Headers.Authorization = subjectId.Value;
 
                 await next.Invoke(context).ConfigureAwait(false);
 
-                logger.LogInformation("Authorized user <{UserName}> for legacy api accessing route <{Route}>", userName.Value, context.Request.Path);
+                logger.LogInformation("Authorized user with subject_id <{SubjectId}> for legacy api accessing route <{Route}>", subjectId.Value, context.Request.Path);
                 return;
             }
         }

From 28400b9a3f59dbac4971abaedc9f22514fc64355 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20L=C3=BCthi?= <philipp.luethi@geowerkstatt.ch>
Date: Wed, 10 Jan 2024 09:07:26 +0100
Subject: [PATCH 18/31] Fix IDE0161 in migration

---
 .../20240109150510_AddUserSubjectId.cs        | 107 +++++++++---------
 1 file changed, 53 insertions(+), 54 deletions(-)

diff --git a/src/api/Migrations/20240109150510_AddUserSubjectId.cs b/src/api/Migrations/20240109150510_AddUserSubjectId.cs
index 74f11b5b2..063417b2e 100644
--- a/src/api/Migrations/20240109150510_AddUserSubjectId.cs
+++ b/src/api/Migrations/20240109150510_AddUserSubjectId.cs
@@ -2,63 +2,62 @@
 
 #nullable disable
 
-namespace BDMS.Migrations
+namespace BDMS.Migrations;
+
+/// <inheritdoc />
+public partial class AddUserSubjectId : Migration
 {
     /// <inheritdoc />
-    public partial class AddUserSubjectId : Migration
+    protected override void Up(MigrationBuilder migrationBuilder)
     {
-        /// <inheritdoc />
-        protected override void Up(MigrationBuilder migrationBuilder)
-        {
-            migrationBuilder.AddColumn<string>(
-                name: "subject_id",
-                schema: "bdms",
-                table: "users",
-                type: "text",
-                nullable: false,
-                defaultValue: "");
-
-            migrationBuilder.DropUniqueConstraint(
-                name: "users_username_key",
-                table: "users",
-                schema: "bdms");
-
-            migrationBuilder.Sql(@"
-                UPDATE bdms.users
-                SET
-                    subject_id = CONCAT('sub_', username),
-                    username = CONCAT(SUBSTRING(firstname, 1, 1), '. ', lastname);
-            ");
-
-            migrationBuilder.AddUniqueConstraint(
-                name: "users_subject_id_unique",
-                table: "users",
-                column: "subject_id",
-                schema: "bdms");
-        }
-
-        /// <inheritdoc />
-        protected override void Down(MigrationBuilder migrationBuilder)
-        {
-            migrationBuilder.DropUniqueConstraint(
-                name: "users_subject_id_unique",
-                table: "users",
-                schema: "bdms");
-
-            migrationBuilder.Sql(@"
-                UPDATE bdms.users
-                SET username = SUBSTRING(subject_id, 5);");
-
-            migrationBuilder.AddUniqueConstraint(
-                name: "users_username_key",
-                table: "users",
-                column: "username",
-                schema: "bdms");
+        migrationBuilder.AddColumn<string>(
+            name: "subject_id",
+            schema: "bdms",
+            table: "users",
+            type: "text",
+            nullable: false,
+            defaultValue: "");
+
+        migrationBuilder.DropUniqueConstraint(
+            name: "users_username_key",
+            table: "users",
+            schema: "bdms");
+
+        migrationBuilder.Sql(@"
+            UPDATE bdms.users
+            SET
+                subject_id = CONCAT('sub_', username),
+                username = CONCAT(SUBSTRING(firstname, 1, 1), '. ', lastname);
+        ");
+
+        migrationBuilder.AddUniqueConstraint(
+            name: "users_subject_id_unique",
+            table: "users",
+            column: "subject_id",
+            schema: "bdms");
+    }
 
-            migrationBuilder.DropColumn(
-                name: "subject_id",
-                schema: "bdms",
-                table: "users");
-        }
+    /// <inheritdoc />
+    protected override void Down(MigrationBuilder migrationBuilder)
+    {
+        migrationBuilder.DropUniqueConstraint(
+            name: "users_subject_id_unique",
+            table: "users",
+            schema: "bdms");
+
+        migrationBuilder.Sql(@"
+            UPDATE bdms.users
+            SET username = SUBSTRING(subject_id, 5);");
+
+        migrationBuilder.AddUniqueConstraint(
+            name: "users_username_key",
+            table: "users",
+            column: "username",
+            schema: "bdms");
+
+        migrationBuilder.DropColumn(
+            name: "subject_id",
+            schema: "bdms",
+            table: "users");
     }
 }

From 9e95aea2bf1942addcd4e20b5e21598897375132 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20L=C3=BCthi?= <philipp.luethi@geowerkstatt.ch>
Date: Wed, 10 Jan 2024 11:59:53 +0100
Subject: [PATCH 19/31] Use SubjectId for user identification

---
 src/api/BdmsContext.cs                        |  4 ++--
 src/api/BoreholeFileUploadService.cs          |  6 +++---
 src/api/BoreholeLockService.cs                | 10 +++++-----
 src/api/Controllers/BoreholeController.cs     |  2 +-
 src/api/Controllers/StratigraphyController.cs |  2 +-
 src/api/Controllers/UploadController.cs       |  4 ++--
 src/api/Controllers/UserController.cs         |  2 +-
 tests/BdmsContextTest.cs                      | 20 +++++++++----------
 tests/BoreholeFileUploadServiceTest.cs        |  4 ++--
 tests/BoreholeLockServiceTest.cs              | 12 +++++------
 tests/Controllers/BoreholeControllerTest.cs   |  6 +++---
 .../Controllers/BoreholeFileControllerTest.cs | 14 ++++++-------
 .../Controllers/StratigraphyControllerTest.cs |  6 +++---
 tests/Controllers/UploadControllerTest.cs     |  2 +-
 tests/Controllers/UserControllerTest.cs       |  2 +-
 tests/Helpers.cs                              |  6 +++---
 16 files changed, 51 insertions(+), 51 deletions(-)

diff --git a/src/api/BdmsContext.cs b/src/api/BdmsContext.cs
index f8d90ec5a..ed5221792 100644
--- a/src/api/BdmsContext.cs
+++ b/src/api/BdmsContext.cs
@@ -52,12 +52,12 @@ public BdmsContext(DbContextOptions options)
     /// </summary>
     public async Task<int> UpdateChangeInformationAndSaveChangesAsync(HttpContext httpContext)
     {
-        var userName = httpContext?.User.FindFirst(ClaimTypes.Name)?.Value;
+        var subjectId = httpContext?.User.FindFirst(ClaimTypes.NameIdentifier)?.Value;
 
         var entities = ChangeTracker.Entries<IChangeTracking>();
         var user = await Users
             .AsNoTracking()
-            .SingleOrDefaultAsync(u => u.Name == userName)
+            .SingleOrDefaultAsync(u => u.SubjectId == subjectId)
             .ConfigureAwait(false);
 
         foreach (var entity in entities)
diff --git a/src/api/BoreholeFileUploadService.cs b/src/api/BoreholeFileUploadService.cs
index 9d3f11742..8c04ab534 100644
--- a/src/api/BoreholeFileUploadService.cs
+++ b/src/api/BoreholeFileUploadService.cs
@@ -52,14 +52,14 @@ public async Task UploadFileAndLinkToBorehole(IFormFile file, int boreholeId)
         using var transaction = context.Database.CurrentTransaction == null ? await context.Database.BeginTransactionAsync().ConfigureAwait(false) : null;
         try
         {
-            var userName = httpContextAccessor.HttpContext.User.FindFirst(ClaimTypes.Name).Value;
+            var subjectId = httpContextAccessor.HttpContext.User.FindFirst(ClaimTypes.NameIdentifier).Value;
 
             var user = await context.Users
                 .AsNoTracking()
-                .SingleOrDefaultAsync(u => u.Name == userName)
+                .SingleOrDefaultAsync(u => u.SubjectId == subjectId)
                 .ConfigureAwait(false);
 
-            if (user == null || userName == null) throw new InvalidOperationException($"No user with username <{userName}> found.");
+            if (user == null || subjectId == null) throw new InvalidOperationException($"No user with subject_id <{subjectId}> found.");
 
             // If file does not exist on storage, upload it and create file in database.
             if (fileId == null)
diff --git a/src/api/BoreholeLockService.cs b/src/api/BoreholeLockService.cs
index a7318b39c..cf7781bb0 100644
--- a/src/api/BoreholeLockService.cs
+++ b/src/api/BoreholeLockService.cs
@@ -12,13 +12,13 @@ public class BoreholeLockService(BdmsContext context, ILogger<BoreholeLockServic
     private readonly TimeProvider timeProvider = timeProvider;
 
     /// <inheritdoc />
-    public async Task<bool> IsBoreholeLockedAsync(int? boreholeId, string? userName)
+    public async Task<bool> IsBoreholeLockedAsync(int? boreholeId, string? subjectId)
     {
         var user = await context.Users
             .Include(u => u.WorkgroupRoles)
             .AsNoTracking()
-            .SingleOrDefaultAsync(u => u.Name == userName)
-            .ConfigureAwait(false) ?? throw new InvalidOperationException($"Current user with name <{userName}> does not exist.");
+            .SingleOrDefaultAsync(u => u.SubjectId == subjectId)
+            .ConfigureAwait(false) ?? throw new InvalidOperationException($"Current user with subjectId <{subjectId}> does not exist.");
 
         var borehole = await context.Boreholes
             .Include(b => b.Workflows)
@@ -33,14 +33,14 @@ public async Task<bool> IsBoreholeLockedAsync(int? boreholeId, string? userName)
 
         if (!user.WorkgroupRoles.Any(x => x.WorkgroupId == borehole.WorkgroupId && userWorkflowRoles.Contains(x.Role)))
         {
-            logger.LogWarning("Current user with name <{UserName}> does not have the required role to create a stratigraphy for borehole with id <{BoreholeId}>.", userName, boreholeId);
+            logger.LogWarning("Current user with name <{UserName}> does not have the required role to create a stratigraphy for borehole with id <{BoreholeId}>.", subjectId, boreholeId);
             throw new UnauthorizedAccessException();
         }
 
         if (borehole.Locked.HasValue && borehole.Locked.Value.AddMinutes(LockTimeoutInMinutes) > timeProvider.GetUtcNow() && borehole.LockedById != user.Id)
         {
             var lockedUserFullName = $"{borehole.LockedBy?.FirstName} {borehole.LockedBy?.LastName}";
-            logger.LogWarning("Current user with name <{UserName}> tried to create a stratigraphy for borehole with id <{BoreholeId}>, but the borehole is locked by user <{LockedByUserName}>.", userName, boreholeId, lockedUserFullName);
+            logger.LogWarning("Current user with name <{UserName}> tried to create a stratigraphy for borehole with id <{BoreholeId}>, but the borehole is locked by user <{LockedByUserName}>.", subjectId, boreholeId, lockedUserFullName);
             return true;
         }
 
diff --git a/src/api/Controllers/BoreholeController.cs b/src/api/Controllers/BoreholeController.cs
index a5ab82ba0..fc6554627 100644
--- a/src/api/Controllers/BoreholeController.cs
+++ b/src/api/Controllers/BoreholeController.cs
@@ -36,7 +36,7 @@ public async Task<ActionResult<int>> CopyAsync([Required] int id, [Required] int
         var user = await context.Users
             .Include(u => u.WorkgroupRoles)
             .AsNoTracking()
-            .SingleOrDefaultAsync(u => u.Name == HttpContext.User.FindFirst(ClaimTypes.Name).Value)
+            .SingleOrDefaultAsync(u => u.SubjectId == HttpContext.User.FindFirst(ClaimTypes.NameIdentifier).Value)
             .ConfigureAwait(false);
 
         if (user == null || !user.WorkgroupRoles.Any(w => w.WorkgroupId == workgroupId && w.Role == Role.Editor))
diff --git a/src/api/Controllers/StratigraphyController.cs b/src/api/Controllers/StratigraphyController.cs
index dd0ef70a4..daae7e826 100644
--- a/src/api/Controllers/StratigraphyController.cs
+++ b/src/api/Controllers/StratigraphyController.cs
@@ -59,7 +59,7 @@ public async Task<ActionResult<int>> CopyAsync([Required] int id)
         var user = await Context.Users
             .Include(u => u.WorkgroupRoles)
             .AsNoTracking()
-            .SingleOrDefaultAsync(u => u.Name == HttpContext.User.FindFirst(ClaimTypes.Name).Value)
+            .SingleOrDefaultAsync(u => u.SubjectId == HttpContext.User.FindFirst(ClaimTypes.NameIdentifier).Value)
             .ConfigureAwait(false);
 
         if (user == null || !user.WorkgroupRoles.Any(w => w.Role == Role.Editor))
diff --git a/src/api/Controllers/UploadController.cs b/src/api/Controllers/UploadController.cs
index bec81ad4a..8a00e5422 100644
--- a/src/api/Controllers/UploadController.cs
+++ b/src/api/Controllers/UploadController.cs
@@ -93,11 +93,11 @@ public async Task<ActionResult<int>> UploadFileAsync(int workgroupId, IFormFile
                 return ValidationProblem(statusCode: (int)HttpStatusCode.BadRequest);
             }
 
-            var userName = HttpContext.User.FindFirst(ClaimTypes.Name)?.Value;
+            var subjectId = HttpContext.User.FindFirst(ClaimTypes.NameIdentifier)?.Value;
 
             var user = await context.Users
                 .AsNoTracking()
-                .SingleOrDefaultAsync(u => u.Name == userName)
+                .SingleOrDefaultAsync(u => u.SubjectId == subjectId)
                 .ConfigureAwait(false);
 
             // Map to Borehole type
diff --git a/src/api/Controllers/UserController.cs b/src/api/Controllers/UserController.cs
index c4fa20c0d..64514904c 100644
--- a/src/api/Controllers/UserController.cs
+++ b/src/api/Controllers/UserController.cs
@@ -29,7 +29,7 @@ public UserController(BdmsContext context)
     [HttpGet("self")]
     [Authorize(Policy = PolicyNames.Viewer)]
     public async Task<ActionResult<User?>> GetUserInformationAsync() =>
-        await context.Users.SingleOrDefaultAsync(u => u.Name == HttpContext.User.FindFirst(ClaimTypes.Name).Value).ConfigureAwait(false);
+        await context.Users.SingleOrDefaultAsync(u => u.SubjectId == HttpContext.User.FindFirst(ClaimTypes.NameIdentifier).Value).ConfigureAwait(false);
 
     /// <summary>
     /// Gets the user list.
diff --git a/tests/BdmsContextTest.cs b/tests/BdmsContextTest.cs
index a693aa473..0a3f2586b 100644
--- a/tests/BdmsContextTest.cs
+++ b/tests/BdmsContextTest.cs
@@ -26,8 +26,8 @@ public void CanFetchUsersFromDatabase()
 
         Assert.AreEqual(7, users.Count());
 
-        var admin = users.Single(u => u.Name == "admin");
-        Assert.AreEqual("admin", admin.Name);
+        var admin = users.Single(u => u.SubjectId == "sub_admin");
+        Assert.AreEqual("sub_admin", admin.SubjectId);
         Assert.AreEqual(1, admin.Id);
         Assert.AreEqual(true, admin.IsAdmin);
         Assert.AreEqual(true, admin.IsViewer);
@@ -39,8 +39,8 @@ public void CanFetchUsersFromDatabase()
         AssertWorkgroupRole(DefaultWorkgroupId, Role.Validator, admin);
         AssertWorkgroupRole(DefaultWorkgroupId, Role.Publisher, admin);
 
-        var editor = users.Single(u => u.Name == "editor");
-        Assert.AreEqual("editor", editor.Name);
+        var editor = users.Single(u => u.SubjectId == "sub_editor");
+        Assert.AreEqual("sub_editor", editor.SubjectId);
         Assert.AreEqual(2, editor.Id);
         Assert.AreEqual(false, editor.IsAdmin);
         Assert.AreEqual(true, editor.IsViewer);
@@ -48,8 +48,8 @@ public void CanFetchUsersFromDatabase()
         Assert.AreEqual(1, editor.WorkgroupRoles.Count());
         AssertWorkgroupRole(DefaultWorkgroupId, Role.Editor, editor);
 
-        var controller = users.Single(u => u.Name == "controller");
-        Assert.AreEqual("controller", controller.Name);
+        var controller = users.Single(u => u.SubjectId == "sub_controller");
+        Assert.AreEqual("sub_controller", controller.SubjectId);
         Assert.AreEqual(3, controller.Id);
         Assert.AreEqual(false, controller.IsAdmin);
         Assert.AreEqual(true, controller.IsViewer);
@@ -57,8 +57,8 @@ public void CanFetchUsersFromDatabase()
         Assert.AreEqual(1, controller.WorkgroupRoles.Count());
         AssertWorkgroupRole(DefaultWorkgroupId, Role.Controller, controller);
 
-        var validator = users.Single(u => u.Name == "validator");
-        Assert.AreEqual("validator", validator.Name);
+        var validator = users.Single(u => u.SubjectId == "sub_validator");
+        Assert.AreEqual("sub_validator", validator.SubjectId);
         Assert.AreEqual(4, validator.Id);
         Assert.AreEqual(false, validator.IsAdmin);
         Assert.AreEqual(true, validator.IsViewer);
@@ -66,8 +66,8 @@ public void CanFetchUsersFromDatabase()
         Assert.AreEqual(1, validator.WorkgroupRoles.Count());
         AssertWorkgroupRole(DefaultWorkgroupId, Role.Validator, validator);
 
-        var publisher = users.Single(u => u.Name == "publisher");
-        Assert.AreEqual("publisher", publisher.Name);
+        var publisher = users.Single(u => u.SubjectId == "sub_publisher");
+        Assert.AreEqual("sub_publisher", publisher.SubjectId);
         Assert.AreEqual(5, publisher.Id);
         Assert.AreEqual(false, publisher.IsAdmin);
         Assert.AreEqual(true, publisher.IsViewer);
diff --git a/tests/BoreholeFileUploadServiceTest.cs b/tests/BoreholeFileUploadServiceTest.cs
index 58c46c2fe..5d7cd160c 100644
--- a/tests/BoreholeFileUploadServiceTest.cs
+++ b/tests/BoreholeFileUploadServiceTest.cs
@@ -27,11 +27,11 @@ public void TestInitialize()
         var configuration = new ConfigurationBuilder().AddJsonFile("appsettings.Development.json").Build();
 
         context = ContextFactory.GetTestContext();
-        adminUser = context.Users.FirstOrDefault(u => u.Name == "admin") ?? throw new InvalidOperationException("No User found in database.");
+        adminUser = context.Users.FirstOrDefault(u => u.SubjectId == "sub_admin") ?? throw new InvalidOperationException("No User found in database.");
 
         var contextAccessorMock = new Mock<IHttpContextAccessor>(MockBehavior.Strict);
         contextAccessorMock.Setup(x => x.HttpContext).Returns(new DefaultHttpContext());
-        contextAccessorMock.Object.HttpContext.User = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, adminUser.Name) }));
+        contextAccessorMock.Object.HttpContext.User = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(ClaimTypes.NameIdentifier, adminUser.SubjectId) }));
 
         var loggerMock = new Mock<ILogger<BoreholeFileUploadService>>(MockBehavior.Strict);
         loggerMock.Setup(l => l.Log(It.IsAny<LogLevel>(), It.IsAny<EventId>(), It.IsAny<It.IsAnyType>(), It.IsAny<Exception>(), (Func<It.IsAnyType, Exception, string>)It.IsAny<object>()));
diff --git a/tests/BoreholeLockServiceTest.cs b/tests/BoreholeLockServiceTest.cs
index 6af7b1538..f1dacc0b4 100644
--- a/tests/BoreholeLockServiceTest.cs
+++ b/tests/BoreholeLockServiceTest.cs
@@ -9,7 +9,7 @@ namespace BDMS;
 [TestClass]
 public class BoreholeLockServiceTest
 {
-    private const string EditorUserName = "editor";
+    private const string EditorSubjectId = "sub_editor";
     private const int EditorUserId = 2;
 
     private BoreholeLockService boreholeLockService;
@@ -38,13 +38,13 @@ public async Task IsBoreholeLockedWithUnknownUser()
 
     [TestMethod]
     public async Task IsBoreholeLockedWithUnknownBorehole()
-        => await Assert.ThrowsExceptionAsync<InvalidOperationException>(async () => await boreholeLockService.IsBoreholeLockedAsync(null, EditorUserName));
+        => await Assert.ThrowsExceptionAsync<InvalidOperationException>(async () => await boreholeLockService.IsBoreholeLockedAsync(null, EditorSubjectId));
 
     [TestMethod]
     public async Task IsBoreholeLockedWithUnauthorizedUser()
     {
         var borehole = await context.Boreholes.FirstAsync();
-        await Assert.ThrowsExceptionAsync<UnauthorizedAccessException>(async () => await boreholeLockService.IsBoreholeLockedAsync(borehole.Id, "deletableUser"));
+        await Assert.ThrowsExceptionAsync<UnauthorizedAccessException>(async () => await boreholeLockService.IsBoreholeLockedAsync(borehole.Id, "sub_deletableUser"));
     }
 
     [TestMethod]
@@ -56,7 +56,7 @@ public async Task IsBoreholeLockedByOtherUser()
         var timeProviderMock = CreateTimeProviderMock(borehole.Locked.Value.AddMinutes(1));
         boreholeLockService = new BoreholeLockService(context, new Mock<ILogger<BoreholeLockService>>().Object, timeProviderMock.Object);
 
-        Assert.AreEqual(true, await boreholeLockService.IsBoreholeLockedAsync(borehole.Id, EditorUserName));
+        Assert.AreEqual(true, await boreholeLockService.IsBoreholeLockedAsync(borehole.Id, EditorSubjectId));
     }
 
     [TestMethod]
@@ -69,7 +69,7 @@ public async Task CreateForLockedBoreholeBySameUser()
         var timeProviderMock = CreateTimeProviderMock(fakeUtcDate);
         boreholeLockService = new BoreholeLockService(context, new Mock<ILogger<BoreholeLockService>>().Object, timeProviderMock.Object);
 
-        Assert.AreEqual(false, await boreholeLockService.IsBoreholeLockedAsync(borehole.Id, EditorUserName));
+        Assert.AreEqual(false, await boreholeLockService.IsBoreholeLockedAsync(borehole.Id, EditorSubjectId));
     }
 
     [TestMethod]
@@ -82,7 +82,7 @@ public async Task CreateForLockedBoreholeWithElapsedLockTimeout()
         var timeProviderMock = CreateTimeProviderMock(fakeUtcDate);
         boreholeLockService = new BoreholeLockService(context, new Mock<ILogger<BoreholeLockService>>().Object, timeProviderMock.Object);
 
-        Assert.AreEqual(false, await boreholeLockService.IsBoreholeLockedAsync(borehole.Id, EditorUserName));
+        Assert.AreEqual(false, await boreholeLockService.IsBoreholeLockedAsync(borehole.Id, EditorSubjectId));
     }
 
     private Borehole GetLockedBorehole(bool lockedByEditor)
diff --git a/tests/Controllers/BoreholeControllerTest.cs b/tests/Controllers/BoreholeControllerTest.cs
index ea8e29ccd..17e9ce8a3 100644
--- a/tests/Controllers/BoreholeControllerTest.cs
+++ b/tests/Controllers/BoreholeControllerTest.cs
@@ -43,8 +43,8 @@ public async Task Copy()
         var copiedBorehole = GetBorehole((int)copiedBoreholeId);
 
         Assert.AreEqual($"{originalBorehole.OriginalName} (Copy)", copiedBorehole.OriginalName);
-        Assert.AreEqual(originalBorehole.CreatedBy.Name, copiedBorehole.CreatedBy.Name);
-        Assert.AreEqual(originalBorehole.UpdatedBy.Name, copiedBorehole.UpdatedBy.Name);
+        Assert.AreEqual(originalBorehole.CreatedBy.SubjectId, copiedBorehole.CreatedBy.SubjectId);
+        Assert.AreEqual(originalBorehole.UpdatedBy.SubjectId, copiedBorehole.UpdatedBy.SubjectId);
         Assert.AreEqual(DefaultWorkgroupId, copiedBorehole.Workgroup.Id);
         Assert.AreEqual(1, copiedBorehole.Workflows.Count);
         Assert.AreEqual(Role.Editor, copiedBorehole.Workflows.First().Role);
@@ -182,7 +182,7 @@ await Assert.ThrowsExceptionAsync<InvalidOperationException>(async () =>
     [TestMethod]
     public async Task CopyWithNonAdminUser()
     {
-        controller.HttpContext.SetClaimsPrincipal("editor", PolicyNames.Viewer);
+        controller.HttpContext.SetClaimsPrincipal("sub_editor", PolicyNames.Viewer);
         var result = await controller.CopyAsync(boreholeId, workgroupId: DefaultWorkgroupId).ConfigureAwait(false);
         ActionResultAssert.IsOk(result.Result);
         var copiedBoreholeId = ((OkObjectResult?)result.Result)?.Value;
diff --git a/tests/Controllers/BoreholeFileControllerTest.cs b/tests/Controllers/BoreholeFileControllerTest.cs
index fc114418d..d157bdf90 100644
--- a/tests/Controllers/BoreholeFileControllerTest.cs
+++ b/tests/Controllers/BoreholeFileControllerTest.cs
@@ -26,11 +26,11 @@ public void TestInitialize()
         var configuration = new ConfigurationBuilder().AddJsonFile("appsettings.Development.json").Build();
 
         context = ContextFactory.GetTestContext();
-        adminUser = context.Users.FirstOrDefault(u => u.Name == "admin") ?? throw new InvalidOperationException("No User found in database.");
+        adminUser = context.Users.FirstOrDefault(u => u.SubjectId == "sub_admin") ?? throw new InvalidOperationException("No User found in database.");
 
         var contextAccessorMock = new Mock<IHttpContextAccessor>(MockBehavior.Strict);
         contextAccessorMock.Setup(x => x.HttpContext).Returns(new DefaultHttpContext());
-        contextAccessorMock.Object.HttpContext.User = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, adminUser.Name) }));
+        contextAccessorMock.Object.HttpContext.User = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(ClaimTypes.NameIdentifier, adminUser.SubjectId) }));
 
         var s3ClientMock = new AmazonS3Client(
             configuration["S3:ACCESS_KEY"],
@@ -80,15 +80,15 @@ public async Task UploadAndDownload()
         // Get file
         Assert.AreNotEqual(null, file.Hash);
         Assert.AreEqual(DateTime.UtcNow.Date, file.Created?.Date);
-        Assert.AreEqual(adminUser.Name, file.CreatedBy.Name);
+        Assert.AreEqual(adminUser.SubjectId, file.CreatedBy.SubjectId);
         Assert.AreEqual(adminUser.Id, file.CreatedById);
 
         var boreholefile = context.BoreholeFiles.Single(bf => bf.FileId == file.Id);
         Assert.AreEqual(DateTime.UtcNow.Date, boreholefile.Created?.Date);
-        Assert.AreEqual(adminUser.Name, boreholefile.CreatedBy.Name);
+        Assert.AreEqual(adminUser.SubjectId, boreholefile.CreatedBy.SubjectId);
         Assert.AreEqual(adminUser.Id, boreholefile.CreatedById);
         Assert.AreEqual(DateTime.UtcNow.Date, boreholefile.Updated?.Date);
-        Assert.AreEqual(adminUser.Name, boreholefile.UpdatedBy.Name);
+        Assert.AreEqual(adminUser.SubjectId, boreholefile.UpdatedBy.SubjectId);
         Assert.AreEqual(adminUser.Id, boreholefile.UpdatedById);
         Assert.AreEqual(DateTime.UtcNow.Date, boreholefile.Attached?.Date);
     }
@@ -142,9 +142,9 @@ public async Task GetAllOfBorehole()
         var secondBoreholeFile = boreholeFilesOfBorehole.Value?.FirstOrDefault(bf => bf.File.Name == secondFileName);
 
         Assert.AreEqual(firstFileName, firstBoreholeFile.File.Name);
-        Assert.AreEqual(adminUser.Name, firstBoreholeFile.User.Name);
+        Assert.AreEqual(adminUser.SubjectId, firstBoreholeFile.User.SubjectId);
         Assert.AreEqual(secondFileName, secondBoreholeFile.File.Name);
-        Assert.AreEqual(adminUser.Name, secondBoreholeFile.User.Name);
+        Assert.AreEqual(adminUser.SubjectId, secondBoreholeFile.User.SubjectId);
         Assert.AreEqual(boreholeFilesBeforeUpload + 2, boreholeFilesOfBorehole.Value?.Count());
     }
 
diff --git a/tests/Controllers/StratigraphyControllerTest.cs b/tests/Controllers/StratigraphyControllerTest.cs
index 531782f4c..332d5761b 100644
--- a/tests/Controllers/StratigraphyControllerTest.cs
+++ b/tests/Controllers/StratigraphyControllerTest.cs
@@ -97,8 +97,8 @@ public async Task Copy()
         var copiedStratigraphy = GetStratigraphy((int)copiedStratigraphyId);
 
         Assert.AreEqual("Earnest Little (Clone)", copiedStratigraphy.Name);
-        Assert.AreEqual("admin", copiedStratigraphy.CreatedBy.Name);
-        Assert.AreEqual("controller", copiedStratigraphy.UpdatedBy.Name);
+        Assert.AreEqual("sub_admin", copiedStratigraphy.CreatedBy.SubjectId);
+        Assert.AreEqual("sub_controller", copiedStratigraphy.UpdatedBy.SubjectId);
         Assert.AreEqual(false, copiedStratigraphy.IsPrimary);
         Assert.AreSame(originalStratigraphy.Kind, copiedStratigraphy.Kind);
         Assert.AreEqual(originalStratigraphy.FillCasing.Kind, copiedStratigraphy.FillCasing.Kind);
@@ -166,7 +166,7 @@ await Assert.ThrowsExceptionAsync<InvalidOperationException>(async () =>
     [TestMethod]
     public async Task CopyWithNonAdminUser()
     {
-        controller.HttpContext.SetClaimsPrincipal("editor", PolicyNames.Viewer);
+        controller.HttpContext.SetClaimsPrincipal("sub_editor", PolicyNames.Viewer);
         var result = await controller.CopyAsync(StratigraphyId).ConfigureAwait(false);
         ActionResultAssert.IsOk(result.Result);
 
diff --git a/tests/Controllers/UploadControllerTest.cs b/tests/Controllers/UploadControllerTest.cs
index 4116b7a87..304a07791 100644
--- a/tests/Controllers/UploadControllerTest.cs
+++ b/tests/Controllers/UploadControllerTest.cs
@@ -52,7 +52,7 @@ public void TestInitialize()
         var loggerBoreholeFileUploadService = new Mock<ILogger<BoreholeFileUploadService>>(MockBehavior.Strict);
         var contextAccessorMock = new Mock<IHttpContextAccessor>(MockBehavior.Strict);
         contextAccessorMock.Setup(x => x.HttpContext).Returns(new DefaultHttpContext());
-        contextAccessorMock.Object.HttpContext.User = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(ClaimTypes.Name, context.Users.FirstOrDefault().Name) }));
+        contextAccessorMock.Object.HttpContext.User = new ClaimsPrincipal(new ClaimsIdentity(new[] { new Claim(ClaimTypes.NameIdentifier, context.Users.FirstOrDefault().SubjectId) }));
         var boreholeFileUploadService = new BoreholeFileUploadService(context, configuration, loggerBoreholeFileUploadService.Object, contextAccessorMock.Object, s3ClientMock);
 
         controller = new UploadController(ContextFactory.CreateContext(), loggerMock.Object, locationService, coordinateService, boreholeFileUploadService) { ControllerContext = GetControllerContextAdmin() };
diff --git a/tests/Controllers/UserControllerTest.cs b/tests/Controllers/UserControllerTest.cs
index 63e410511..0baebcd12 100644
--- a/tests/Controllers/UserControllerTest.cs
+++ b/tests/Controllers/UserControllerTest.cs
@@ -21,7 +21,7 @@ public async Task GetAll()
 
         foreach (var user in users)
         {
-            Assert.AreEqual(user.Name == "deletableUser", user.Deletable);
+            Assert.AreEqual(user.SubjectId == "sub_deletableUser", user.Deletable);
         }
     }
 }
diff --git a/tests/Helpers.cs b/tests/Helpers.cs
index ede989d5f..9bc8ba26a 100644
--- a/tests/Helpers.cs
+++ b/tests/Helpers.cs
@@ -13,13 +13,13 @@ internal static ControllerContext GetControllerContextAdmin()
         => new() { HttpContext = new DefaultHttpContext().SetAdminClaimsPrincipal() };
 
     internal static HttpContext SetAdminClaimsPrincipal(this HttpContext httpContext)
-        => httpContext.SetClaimsPrincipal("admin", PolicyNames.Admin);
+        => httpContext.SetClaimsPrincipal("sub_admin", PolicyNames.Admin);
 
-    internal static HttpContext SetClaimsPrincipal(this HttpContext httpContext, string name, string role)
+    internal static HttpContext SetClaimsPrincipal(this HttpContext httpContext, string subjectId, string role)
     {
         var adminClaims = new List<Claim>()
         {
-           new Claim(ClaimTypes.Name, name),
+           new Claim(ClaimTypes.NameIdentifier, subjectId),
            new Claim(ClaimTypes.Role, role),
         };
 

From 9776f2ce654ca26e808727d59b196272c4851199 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20L=C3=BCthi?= <philipp.luethi@geowerkstatt.ch>
Date: Wed, 10 Jan 2024 14:55:05 +0100
Subject: [PATCH 20/31] Fixup: Use SubjectId for user identification

---
 src/api/Controllers/StratigraphyController.cs | 8 ++++----
 src/api/IBoreholeLockService.cs               | 4 ++--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/api/Controllers/StratigraphyController.cs b/src/api/Controllers/StratigraphyController.cs
index daae7e826..eb6fd1343 100644
--- a/src/api/Controllers/StratigraphyController.cs
+++ b/src/api/Controllers/StratigraphyController.cs
@@ -161,8 +161,8 @@ public override async Task<ActionResult<Stratigraphy>> CreateAsync(Stratigraphy
         try
         {
             // Check if associated borehole is locked
-            var userName = HttpContext.User.FindFirst(ClaimTypes.Name)?.Value;
-            if (await boreholeLockService.IsBoreholeLockedAsync(entity.BoreholeId, userName).ConfigureAwait(false))
+            var subjectId = HttpContext.User.FindFirst(ClaimTypes.NameIdentifier)?.Value;
+            if (await boreholeLockService.IsBoreholeLockedAsync(entity.BoreholeId,  subjectId).ConfigureAwait(false))
             {
                 return Problem("The borehole is locked by another user.");
             }
@@ -207,8 +207,8 @@ public async Task<ActionResult<int>> AddBedrockLayerAsync([Required] int id)
         try
         {
             // Check if associated borehole is locked
-            var userName = HttpContext.User.FindFirst(ClaimTypes.Name)?.Value;
-            if (await boreholeLockService.IsBoreholeLockedAsync(stratigraphy.BoreholeId, userName).ConfigureAwait(false))
+            var subjectId = HttpContext.User.FindFirst(ClaimTypes.NameIdentifier)?.Value;
+            if (await boreholeLockService.IsBoreholeLockedAsync(stratigraphy.BoreholeId, subjectId).ConfigureAwait(false))
             {
                 return Problem("The borehole is locked by another user.");
             }
diff --git a/src/api/IBoreholeLockService.cs b/src/api/IBoreholeLockService.cs
index 882039c2b..d8657d9a1 100644
--- a/src/api/IBoreholeLockService.cs
+++ b/src/api/IBoreholeLockService.cs
@@ -11,9 +11,9 @@ public interface IBoreholeLockService
     /// Checks whether the borehole with the specified <paramref name="boreholeId"/> is locked.
     /// </summary>
     /// <param name="boreholeId">The <see cref="Borehole.Id"/> to check locks for.</param>
-    /// <param name="userName">The current user name.</param>
+    /// <param name="subjectId">The <see cref="User.SubjectId" /> of the current user.</param>
     /// <returns><c>true</c> if the borehole is locked by another user; otherwise, <c>false</c>.</returns>
     /// <exception cref="InvalidOperationException">Provided user or <see cref="Borehole"/> does not exist.</exception>
     /// <exception cref="UnauthorizedAccessException">Current user is not allowed to create the given <see cref="Stratigraphy"/>.</exception>
-    Task<bool> IsBoreholeLockedAsync(int? boreholeId, string? userName);
+    Task<bool> IsBoreholeLockedAsync(int? boreholeId, string? subjectId);
 }

From de4c47eed98d2ee67b460f52b62fd80b40b875eb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20L=C3=BCthi?= <philipp.luethi@geowerkstatt.ch>
Date: Wed, 10 Jan 2024 15:33:12 +0100
Subject: [PATCH 21/31] Rename GetUserName to Subject & return NameIdentifier

---
 src/api/BoreholeFileUploadService.cs          | 2 +-
 src/api/Controllers/BoreholeController.cs     | 2 +-
 src/api/Controllers/StratigraphyController.cs | 8 ++++----
 src/api/Controllers/UploadController.cs       | 2 +-
 src/api/Controllers/UserController.cs         | 2 +-
 src/api/HttpContextExtensions.cs              | 8 ++++----
 6 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/src/api/BoreholeFileUploadService.cs b/src/api/BoreholeFileUploadService.cs
index 3b55dce03..a1322177f 100644
--- a/src/api/BoreholeFileUploadService.cs
+++ b/src/api/BoreholeFileUploadService.cs
@@ -51,7 +51,7 @@ public async Task UploadFileAndLinkToBorehole(IFormFile file, int boreholeId)
         using var transaction = context.Database.CurrentTransaction == null ? await context.Database.BeginTransactionAsync().ConfigureAwait(false) : null;
         try
         {
-            var subjectId = httpContextAccessor.HttpContext?.GetUserName();
+            var subjectId = httpContextAccessor.HttpContext?.GetUserSubjectId();
 
             var user = await context.Users
                 .AsNoTracking()
diff --git a/src/api/Controllers/BoreholeController.cs b/src/api/Controllers/BoreholeController.cs
index 8a4c2111e..c9f98aac2 100644
--- a/src/api/Controllers/BoreholeController.cs
+++ b/src/api/Controllers/BoreholeController.cs
@@ -35,7 +35,7 @@ public async Task<ActionResult<int>> CopyAsync([Required] int id, [Required] int
         var user = await context.Users
             .Include(u => u.WorkgroupRoles)
             .AsNoTracking()
-            .SingleOrDefaultAsync(u => u.Name == HttpContext.GetUserName())
+            .SingleOrDefaultAsync(u => u.Name == HttpContext.GetUserSubjectId())
             .ConfigureAwait(false);
 
         if (user == null || !user.WorkgroupRoles.Any(w => w.WorkgroupId == workgroupId && w.Role == Role.Editor))
diff --git a/src/api/Controllers/StratigraphyController.cs b/src/api/Controllers/StratigraphyController.cs
index 2cb21cf93..026d20206 100644
--- a/src/api/Controllers/StratigraphyController.cs
+++ b/src/api/Controllers/StratigraphyController.cs
@@ -78,7 +78,7 @@ public async Task<ActionResult<int>> CopyAsync([Required] int id)
         var user = await Context.Users
             .Include(u => u.WorkgroupRoles)
             .AsNoTracking()
-            .SingleOrDefaultAsync(u => u.Name == HttpContext.GetUserName())
+            .SingleOrDefaultAsync(u => u.Name == HttpContext.GetUserSubjectId())
             .ConfigureAwait(false);
 
         if (user == null || !user.WorkgroupRoles.Any(w => w.Role == Role.Editor))
@@ -180,7 +180,7 @@ public override async Task<ActionResult<Stratigraphy>> CreateAsync(Stratigraphy
         try
         {
             // Check if associated borehole is locked
-            var subjectId = HttpContext.GetUserName();
+            var subjectId = HttpContext.GetUserSubjectId();
             if (await boreholeLockService.IsBoreholeLockedAsync(entity.BoreholeId,  subjectId).ConfigureAwait(false))
             {
                 return Problem("The borehole is locked by another user.");
@@ -226,7 +226,7 @@ public async Task<ActionResult<int>> AddBedrockLayerAsync([Required] int id)
         try
         {
             // Check if associated borehole is locked
-            var subjectId = HttpContext.GetUserName();
+            var subjectId = HttpContext.GetUserSubjectId();
             if (await boreholeLockService.IsBoreholeLockedAsync(stratigraphy.BoreholeId, subjectId).ConfigureAwait(false))
             {
                 return Problem("The borehole is locked by another user.");
@@ -273,7 +273,7 @@ public override async Task<ActionResult<Stratigraphy>> EditAsync(Stratigraphy en
         try
         {
             // Check if associated borehole is locked
-            var userName = HttpContext.GetUserName();
+            var userName = HttpContext.GetUserSubjectId();
             if (await boreholeLockService.IsBoreholeLockedAsync(entity.BoreholeId, userName).ConfigureAwait(false))
             {
                 return Problem("The borehole is locked by another user.");
diff --git a/src/api/Controllers/UploadController.cs b/src/api/Controllers/UploadController.cs
index 345b5b98e..c50ea91a2 100644
--- a/src/api/Controllers/UploadController.cs
+++ b/src/api/Controllers/UploadController.cs
@@ -92,7 +92,7 @@ public async Task<ActionResult<int>> UploadFileAsync(int workgroupId, IFormFile
                 return ValidationProblem(statusCode: (int)HttpStatusCode.BadRequest);
             }
 
-            var subjectId = HttpContext.GetUserName();
+            var subjectId = HttpContext.GetUserSubjectId();
 
             var user = await context.Users
                 .AsNoTracking()
diff --git a/src/api/Controllers/UserController.cs b/src/api/Controllers/UserController.cs
index 2fcf8f836..89fb9c9e8 100644
--- a/src/api/Controllers/UserController.cs
+++ b/src/api/Controllers/UserController.cs
@@ -27,7 +27,7 @@ public UserController(BdmsContext context)
     [HttpGet("self")]
     [Authorize(Policy = PolicyNames.Viewer)]
     public async Task<ActionResult<User?>> GetUserInformationAsync() =>
-        await context.Users.SingleOrDefaultAsync(u => u.SubjectId == HttpContext.GetUserName()).ConfigureAwait(false);
+        await context.Users.SingleOrDefaultAsync(u => u.SubjectId == HttpContext.GetUserSubjectId()).ConfigureAwait(false);
 
     /// <summary>
     /// Gets the user list.
diff --git a/src/api/HttpContextExtensions.cs b/src/api/HttpContextExtensions.cs
index c584b19cf..03a8427c8 100644
--- a/src/api/HttpContextExtensions.cs
+++ b/src/api/HttpContextExtensions.cs
@@ -8,10 +8,10 @@ namespace BDMS;
 internal static class HttpContextExtensions
 {
     /// <summary>
-    /// Gets the name of the user from the <see cref="HttpContext"/>.
+    /// Gets the SubjectId of the user from the <see cref="HttpContext"/>.
     /// </summary>
     /// <param name="httpContext">The current <see cref="HttpContext"/>.</param>
-    /// <returns>The username or <c>null</c>, if the username cannot be read.</returns>
-    internal static string GetUserName(this HttpContext httpContext)
-        => httpContext.User.FindFirst(ClaimTypes.Name).Value;
+    /// <returns>The SubjectId or <c>null</c>, if the users SubjectId cannot be read.</returns>
+    internal static string GetUserSubjectId(this HttpContext httpContext)
+        => httpContext.User.FindFirst(ClaimTypes.NameIdentifier).Value;
 }

From 41c4f2cd59c84d508eca8795193aee6db294cd2e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20L=C3=BCthi?= <philipp.luethi@geowerkstatt.ch>
Date: Wed, 10 Jan 2024 16:07:07 +0100
Subject: [PATCH 22/31] Fix user resolution

---
 src/api/Controllers/BoreholeController.cs     | 2 +-
 src/api/Controllers/StratigraphyController.cs | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/api/Controllers/BoreholeController.cs b/src/api/Controllers/BoreholeController.cs
index c9f98aac2..22ef4480f 100644
--- a/src/api/Controllers/BoreholeController.cs
+++ b/src/api/Controllers/BoreholeController.cs
@@ -35,7 +35,7 @@ public async Task<ActionResult<int>> CopyAsync([Required] int id, [Required] int
         var user = await context.Users
             .Include(u => u.WorkgroupRoles)
             .AsNoTracking()
-            .SingleOrDefaultAsync(u => u.Name == HttpContext.GetUserSubjectId())
+            .SingleOrDefaultAsync(u => u.SubjectId == HttpContext.GetUserSubjectId())
             .ConfigureAwait(false);
 
         if (user == null || !user.WorkgroupRoles.Any(w => w.WorkgroupId == workgroupId && w.Role == Role.Editor))
diff --git a/src/api/Controllers/StratigraphyController.cs b/src/api/Controllers/StratigraphyController.cs
index 026d20206..6c7271718 100644
--- a/src/api/Controllers/StratigraphyController.cs
+++ b/src/api/Controllers/StratigraphyController.cs
@@ -78,7 +78,7 @@ public async Task<ActionResult<int>> CopyAsync([Required] int id)
         var user = await Context.Users
             .Include(u => u.WorkgroupRoles)
             .AsNoTracking()
-            .SingleOrDefaultAsync(u => u.Name == HttpContext.GetUserSubjectId())
+            .SingleOrDefaultAsync(u => u.SubjectId == HttpContext.GetUserSubjectId())
             .ConfigureAwait(false);
 
         if (user == null || !user.WorkgroupRoles.Any(w => w.Role == Role.Editor))

From 3d99512c401588a54f4a61e24f360edc288bcd21 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20L=C3=BCthi?= <philipp.luethi@geowerkstatt.ch>
Date: Thu, 11 Jan 2024 15:02:24 +0100
Subject: [PATCH 23/31] Includeid in /v1/user api response

---
 src/api-legacy/v1/user/handler.py           | 5 +++--
 src/client/cypress/e2e/testHelpers.js       | 6 +++---
 src/client/cypress/fixtures/adminUser.json  | 5 +++--
 src/client/cypress/fixtures/editorUser.json | 5 +++--
 src/client/cypress/fixtures/viewerUser.json | 4 ++--
 5 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/src/api-legacy/v1/user/handler.py b/src/api-legacy/v1/user/handler.py
index dca9ecf1e..6080d7086 100644
--- a/src/api-legacy/v1/user/handler.py
+++ b/src/api-legacy/v1/user/handler.py
@@ -20,9 +20,9 @@ async def execute(self, request):
             for workgroup in self.user['workgroups']:
                 if workgroup['disabled'] is not None:
                     workgroup['roles'] = ['VIEW']
-                
+
                 workgroups.append(workgroup)
-            
+
                 for role in workgroup['roles']:
                     if role not in roles:
                         roles.append(role)
@@ -33,6 +33,7 @@ async def execute(self, request):
                     "name": self.user['name'],
                     "roles": roles,
                     "terms": self.user['terms'],
+                    "id": self.user['id'],
                     "username": self.user['username'],
                     "viewer": self.user['viewer'],
                     "workgroups": workgroups
diff --git a/src/client/cypress/e2e/testHelpers.js b/src/client/cypress/e2e/testHelpers.js
index 677fb48e0..7f359d71e 100644
--- a/src/client/cypress/e2e/testHelpers.js
+++ b/src/client/cypress/e2e/testHelpers.js
@@ -113,7 +113,7 @@ export const login = user => {
  * Login into the application as admin.
  */
 export const loginAsAdmin = () => {
-  login(adminUser.data.username);
+  login("admin");
   cy.intercept("/api/v1/user", {
     statusCode: 200,
     body: JSON.stringify(adminUser),
@@ -124,7 +124,7 @@ export const loginAsAdmin = () => {
  * Login into the application as editor.
  */
 export const loginAsEditor = () => {
-  login(editorUser.data.username);
+  login("editor");
   cy.intercept("/api/v1/user", {
     statusCode: 200,
     body: JSON.stringify(editorUser),
@@ -135,7 +135,7 @@ export const loginAsEditor = () => {
  * Login into the application as viewer.
  */
 export const loginAsEditorInViewerMode = () => {
-  login(editorUser.data.username);
+  login("editor");
   cy.intercept("/api/v1/user", {
     statusCode: 200,
     body: JSON.stringify(viewerUser),
diff --git a/src/client/cypress/fixtures/adminUser.json b/src/client/cypress/fixtures/adminUser.json
index c11b12d72..1115df269 100644
--- a/src/client/cypress/fixtures/adminUser.json
+++ b/src/client/cypress/fixtures/adminUser.json
@@ -2,10 +2,11 @@
   "success": true,
   "data": {
     "admin": true,
-    "name": "admin user",
+    "name": "Admin User",
     "roles": ["VIEW", "EDIT", "CONTROL", "VALID", "PUBLIC"],
     "terms": true,
-    "username": "admin",
+    "id": 1,
+    "username": "A. User",
     "viewer": true,
     "workgroups": [
       {
diff --git a/src/client/cypress/fixtures/editorUser.json b/src/client/cypress/fixtures/editorUser.json
index ec5ea2c6c..1558c49bd 100644
--- a/src/client/cypress/fixtures/editorUser.json
+++ b/src/client/cypress/fixtures/editorUser.json
@@ -2,10 +2,11 @@
   "success": true,
   "data": {
     "admin": false,
-    "name": "editor user",
+    "name": "Editor User",
     "roles": ["EDIT"],
     "terms": true,
-    "username": "editor",
+    "id": 2,
+    "username": "E. User",
     "viewer": true,
     "workgroups": [
       {
diff --git a/src/client/cypress/fixtures/viewerUser.json b/src/client/cypress/fixtures/viewerUser.json
index c6c4b18df..0c13efce3 100644
--- a/src/client/cypress/fixtures/viewerUser.json
+++ b/src/client/cypress/fixtures/viewerUser.json
@@ -2,10 +2,10 @@
   "success": true,
   "data": {
     "admin": false,
-    "name": "viewer user",
+    "name": "Editor User",
     "roles": ["VIEW"],
     "terms": true,
-    "username": "viewer",
+    "username": "E. User",
     "viewer": true,
     "workgroups": [
       {

From cf9e9a77a98004c39550ead2e173be02a13b4e1b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20L=C3=BCthi?= <philipp.luethi@geowerkstatt.ch>
Date: Thu, 11 Jan 2024 15:21:12 +0100
Subject: [PATCH 24/31] Check borehole lock against user id

---
 .../src/commons/form/borehole/boreholeForm.js     |  4 ++--
 .../form/borehole/segments/coordinatesSegment.js  |  2 +-
 .../form/borehole/segments/indentifierSegment.js  |  2 +-
 .../form/borehole/segments/locationSegment.js     |  2 +-
 .../commons/form/borehole/segments/nameSegment.js |  2 +-
 .../form/borehole/segments/restrictionSegment.js  |  2 +-
 src/client/src/commons/form/profile/profile.js    |  2 +-
 .../src/commons/form/workflow/workflowForm.js     | 14 ++++++--------
 .../src/commons/menu/editor/menuEditorForm.js     | 15 ++++++---------
 9 files changed, 20 insertions(+), 25 deletions(-)

diff --git a/src/client/src/commons/form/borehole/boreholeForm.js b/src/client/src/commons/form/borehole/boreholeForm.js
index 75397a6b7..37000c8fb 100644
--- a/src/client/src/commons/form/borehole/boreholeForm.js
+++ b/src/client/src/commons/form/borehole/boreholeForm.js
@@ -125,7 +125,7 @@ class BoreholeForm extends React.Component {
     }
     if (
       this.props.borehole.data.lock === null ||
-      this.props.borehole.data.lock.username !== this.props.user.data.username
+      this.props.borehole.data.lock.id !== this.props.user.data.id
     ) {
       this.context.error(t("common:errorStartEditing"));
       return false;
@@ -249,7 +249,7 @@ class BoreholeForm extends React.Component {
     const isEditable =
       borehole?.data.role === "EDIT" &&
       borehole?.data.lock !== null &&
-      borehole?.data.lock?.username === user?.data.username;
+      borehole?.data.lock?.id === user?.data.id;
     if (borehole.error !== null) {
       return <div>{t(borehole.error, borehole.data)}</div>;
     }
diff --git a/src/client/src/commons/form/borehole/segments/coordinatesSegment.js b/src/client/src/commons/form/borehole/segments/coordinatesSegment.js
index 8da2eac09..7504be4ea 100644
--- a/src/client/src/commons/form/borehole/segments/coordinatesSegment.js
+++ b/src/client/src/commons/form/borehole/segments/coordinatesSegment.js
@@ -69,7 +69,7 @@ const CoordinatesSegment = props => {
   const isEditable =
     borehole?.data.role === "EDIT" &&
     borehole?.data.lock !== null &&
-    borehole?.data.lock?.username === user?.data.username;
+    borehole?.data.lock?.id === user?.data.id;
 
   //initially validate the form to display errors.
   useEffect(() => {
diff --git a/src/client/src/commons/form/borehole/segments/indentifierSegment.js b/src/client/src/commons/form/borehole/segments/indentifierSegment.js
index b17e2a12b..d8a1d88ed 100644
--- a/src/client/src/commons/form/borehole/segments/indentifierSegment.js
+++ b/src/client/src/commons/form/borehole/segments/indentifierSegment.js
@@ -24,7 +24,7 @@ const IdentifierSegment = props => {
   const isEditable =
     borehole?.data.role === "EDIT" &&
     borehole?.data.lock !== null &&
-    borehole?.data.lock?.username === user?.data.username;
+    borehole?.data.lock?.id === user?.data.id;
 
   return (
     <Segment>
diff --git a/src/client/src/commons/form/borehole/segments/locationSegment.js b/src/client/src/commons/form/borehole/segments/locationSegment.js
index 630223501..856c500ac 100644
--- a/src/client/src/commons/form/borehole/segments/locationSegment.js
+++ b/src/client/src/commons/form/borehole/segments/locationSegment.js
@@ -12,7 +12,7 @@ const LocationSegment = props => {
   const isEditable =
     borehole?.data.role === "EDIT" &&
     borehole?.data.lock !== null &&
-    borehole?.data.lock?.username === user?.data.username;
+    borehole?.data.lock?.id === user?.data.id;
 
   return (
     <div
diff --git a/src/client/src/commons/form/borehole/segments/nameSegment.js b/src/client/src/commons/form/borehole/segments/nameSegment.js
index 0813542f7..b2d652b98 100644
--- a/src/client/src/commons/form/borehole/segments/nameSegment.js
+++ b/src/client/src/commons/form/borehole/segments/nameSegment.js
@@ -8,7 +8,7 @@ const NameSegment = props => {
   const isEditable =
     borehole?.data.role === "EDIT" &&
     borehole?.data.lock !== null &&
-    borehole?.data.lock?.username === user?.data.username;
+    borehole?.data.lock?.id === user?.data.id;
 
   return (
     <Segment>
diff --git a/src/client/src/commons/form/borehole/segments/restrictionSegment.js b/src/client/src/commons/form/borehole/segments/restrictionSegment.js
index 69af5dcb9..a8d245714 100644
--- a/src/client/src/commons/form/borehole/segments/restrictionSegment.js
+++ b/src/client/src/commons/form/borehole/segments/restrictionSegment.js
@@ -21,7 +21,7 @@ const RestrictionSegment = props => {
   const isEditable =
     borehole?.data.role === "EDIT" &&
     borehole?.data.lock !== null &&
-    borehole?.data.lock?.username === user?.data.username;
+    borehole?.data.lock?.id === user?.data.id;
 
   return (
     <Segment>
diff --git a/src/client/src/commons/form/profile/profile.js b/src/client/src/commons/form/profile/profile.js
index 7b8695556..82bea8b91 100644
--- a/src/client/src/commons/form/profile/profile.js
+++ b/src/client/src/commons/form/profile/profile.js
@@ -105,7 +105,7 @@ const Profile = props => {
     if (
       !(
         borehole?.data?.lock === null ||
-        borehole?.data?.lock.username !== user?.data?.username ||
+        borehole?.data?.lock.id !== user?.data?.id ||
         borehole?.data?.role !== "EDIT"
       )
     ) {
diff --git a/src/client/src/commons/form/workflow/workflowForm.js b/src/client/src/commons/form/workflow/workflowForm.js
index cb2593afd..9baf5b699 100644
--- a/src/client/src/commons/form/workflow/workflowForm.js
+++ b/src/client/src/commons/form/workflow/workflowForm.js
@@ -83,7 +83,7 @@ class WorkflowForm extends React.Component {
     const { t } = this.props;
     if (
       this.props.borehole.data.lock === null ||
-      this.props.borehole.data.lock.username !== this.props.user.data.username
+      this.props.borehole.data.lock.id !== this.props.user.data.id
     ) {
       this.context.error(t("common:errorStartEditing"));
     } else {
@@ -108,8 +108,7 @@ class WorkflowForm extends React.Component {
     const filtered = workflows.data.filter(flow => flow.finished !== null);
 
     const readOnly =
-      borehole.data.lock === null ||
-      borehole.data.lock.username !== user.data.username;
+      borehole.data.lock === null || borehole.data.lock.id !== user.data.id;
 
     const supplier =
       borehole.data.workgroup && borehole.data.workgroup.supplier;
@@ -181,7 +180,7 @@ class WorkflowForm extends React.Component {
                     color: "#2185d0",
                   }}>
                   {flow.creator.name}{" "}
-                  {flow.creator.username === user.data.username ? (
+                  {flow.creator.id === user.data.id ? (
                     <span
                       style={{
                         color: "#787878",
@@ -601,8 +600,8 @@ class WorkflowForm extends React.Component {
                   onChange={(e, data) => {
                     if (
                       this.props.borehole.data.lock === null ||
-                      this.props.borehole.data.lock.username !==
-                        this.props.user.data.username
+                      this.props.borehole.data.lock.id !==
+                        this.props.user.data.id
                     ) {
                       this.context.error(t("common:errorStartEditing"));
                     } else {
@@ -640,8 +639,7 @@ class WorkflowForm extends React.Component {
                 <Button
                   disabled={
                     this.props.borehole.data.lock === null ||
-                    this.props.borehole.data.lock.username !==
-                      this.props.user.data.username
+                    this.props.borehole.data.lock.id !== this.props.user.data.id
                   }
                   fluid
                   loading={workflows.isRejecting === true}
diff --git a/src/client/src/commons/menu/editor/menuEditorForm.js b/src/client/src/commons/menu/editor/menuEditorForm.js
index 326941868..d481eaa10 100644
--- a/src/client/src/commons/menu/editor/menuEditorForm.js
+++ b/src/client/src/commons/menu/editor/menuEditorForm.js
@@ -775,8 +775,7 @@ class MenuEditorForm extends React.Component {
                   fontWeight: "bold",
                 }}>
                 {borehole.data.creator !== undefined
-                  ? borehole.data.creator.username ===
-                    this.props.user.data.username
+                  ? borehole.data.creator.id === this.props.user.data.id
                     ? borehole.data.creator.fullname +
                       " (" +
                       t("common:you") +
@@ -839,15 +838,13 @@ class MenuEditorForm extends React.Component {
                   fontWeight: "bold",
                 }}>
                 {borehole.data.lock !== null
-                  ? borehole.data.lock.username ===
-                    this.props.user.data.username
+                  ? borehole.data.lock.id === this.props.user.data.id
                     ? borehole.data.updater.fullname +
                       " (" +
                       t("common:you") +
                       ")"
                     : borehole.data.lock.fullname
-                  : borehole.data.updater.username ===
-                      this.props.user.data.username
+                  : borehole.data.updater.id === this.props.user.data.id
                     ? borehole.data.updater.fullname +
                       " (" +
                       t("common:you") +
@@ -981,7 +978,7 @@ class MenuEditorForm extends React.Component {
               <Menu.Item
                 disabled={
                   borehole.data.lock === null ||
-                  borehole.data.lock.username !== user.data.username
+                  borehole.data.lock.id !== user.data.id
                 }
                 onClick={() => {
                   this.setState({
@@ -1038,12 +1035,12 @@ class MenuEditorForm extends React.Component {
           <Menu.Item
             disabled={
               borehole.data.lock !== null &&
-              borehole.data.lock.username !== user.data.username
+              borehole.data.lock.id !== user.data.id
             }
             onClick={() => {
               if (
                 borehole.data.lock !== null &&
-                borehole.data.lock.username === user.data.username
+                borehole.data.lock.id === user.data.id
               ) {
                 this.props.unlock(borehole.data.id);
               } else if (borehole.data.lock === null) {

From 13339c8491f607360f6573b9ee6d4e0456418b66 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20L=C3=BCthi?= <philipp.luethi@geowerkstatt.ch>
Date: Thu, 11 Jan 2024 15:56:38 +0100
Subject: [PATCH 25/31] Fix filter by username test

---
 src/client/cypress/e2e/filter.cy.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/client/cypress/e2e/filter.cy.js b/src/client/cypress/e2e/filter.cy.js
index 844e5bd04..9514f5e33 100644
--- a/src/client/cypress/e2e/filter.cy.js
+++ b/src/client/cypress/e2e/filter.cy.js
@@ -111,7 +111,7 @@ describe("Search filter tests", () => {
     cy.contains("Show all fields").children(".checkbox").click();
 
     // input value
-    cy.contains("Created by").next().find("input").type("val_da%r");
+    cy.contains("Created by").next().find("input").type("v_ U%r");
     cy.wait("@edit_list");
 
     // check content of table
@@ -119,7 +119,7 @@ describe("Search filter tests", () => {
       .children()
       .should("have.length", 100)
       .each((el, index, list) => {
-        cy.wrap(el).contains("validator");
+        cy.wrap(el).contains("v. user");
       });
   });
 

From 295a618777fc2917a2167b1f600bc13aaee8a800 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20L=C3=BCthi?= <philipp.luethi@geowerkstatt.ch>
Date: Thu, 11 Jan 2024 16:08:50 +0100
Subject: [PATCH 26/31] Fix username checks in content checks

---
 src/client/cypress/e2e/boreholeList.cy.js | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/client/cypress/e2e/boreholeList.cy.js b/src/client/cypress/e2e/boreholeList.cy.js
index 34581c272..cc2dcc14b 100644
--- a/src/client/cypress/e2e/boreholeList.cy.js
+++ b/src/client/cypress/e2e/boreholeList.cy.js
@@ -125,14 +125,14 @@ describe("Borehole list tests", () => {
         }
       });
 
-    cy.get("tbody").children().eq(0).contains("td", "publisher");
-    cy.get("tbody").children().eq(1).contains("td", "publisher");
-    cy.get("tbody").children().eq(2).contains("td", "publisher");
+    cy.get("tbody").children().eq(0).contains("td", "p. user");
+    cy.get("tbody").children().eq(1).contains("td", "p. user");
+    cy.get("tbody").children().eq(2).contains("td", "p. user");
 
     cy.contains("th", "Created by").click();
-    cy.get("tbody").children().eq(0).contains("td", "admin");
-    cy.get("tbody").children().eq(1).contains("td", "admin");
-    cy.get("tbody").children().eq(2).contains("td", "admin");
+    cy.get("tbody").children().eq(0).contains("td", "A. User");
+    cy.get("tbody").children().eq(1).contains("td", "A. User");
+    cy.get("tbody").children().eq(2).contains("td", "A. User");
 
     // sort by name ascending
     cy.contains("th", "Original name").click();

From 1099eee8b74283647d07245678749c8d1942cead Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20L=C3=BCthi?= <philipp.luethi@geowerkstatt.ch>
Date: Thu, 11 Jan 2024 16:37:41 +0100
Subject: [PATCH 27/31] Fix instrumentation v2 cypress auth handling

---
 .../e2e/editor/instrumentation-v2.cy.js       | 21 ++++++++++---------
 1 file changed, 11 insertions(+), 10 deletions(-)

diff --git a/src/client/cypress/e2e/editor/instrumentation-v2.cy.js b/src/client/cypress/e2e/editor/instrumentation-v2.cy.js
index f11444b9b..a57bac699 100644
--- a/src/client/cypress/e2e/editor/instrumentation-v2.cy.js
+++ b/src/client/cypress/e2e/editor/instrumentation-v2.cy.js
@@ -1,4 +1,4 @@
-import { loginAsAdmin, adminUserAuth, createBorehole } from "../testHelpers";
+import { loginAsAdmin, bearerAuth, createBorehole } from "../testHelpers";
 
 const openDropdown = dataCy => {
   cy.get(`[data-cy="${dataCy}"]`)
@@ -18,8 +18,8 @@ describe("Instrumentation crud tests", () => {
     createBorehole({ "extended.original_name": "INTEADAL" })
       .as("borehole_id")
       .then(id =>
-        cy
-          .request({
+        cy.get("@id_token").then(token => {
+          cy.request({
             method: "POST",
             url: "/api/v2/completion",
             cache: "no-cache",
@@ -32,17 +32,18 @@ describe("Instrumentation crud tests", () => {
               isPrimary: true,
               kindId: 16000002,
             },
-            auth: adminUserAuth,
-          })
-          .then(response => {
+            auth: bearerAuth(token),
+          }).then(response => {
             expect(response).to.have.property("status", 200);
-          }),
+          });
+        }),
       );
 
     // open completion editor
-    cy.get("@borehole_id").then(id =>
-      loginAsAdmin(`/editor/${id}/completion/v2`),
-    );
+    cy.get("@borehole_id").then(id => {
+      loginAsAdmin();
+      cy.visit(`/editor/${id}/completion/v2`);
+    });
 
     cy.contains("Tabs");
 

From 72555001ee7a867b102d1677484e9a5c0031b5c2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20L=C3=BCthi?= <philipp.luethi@geowerkstatt.ch>
Date: Thu, 11 Jan 2024 17:26:11 +0100
Subject: [PATCH 28/31] Fix userAdministration tests.

Match lines with new Usernames
Skip add user tests handled in #911
---
 src/client/cypress/e2e/admin/userAdministration.cy.js | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/client/cypress/e2e/admin/userAdministration.cy.js b/src/client/cypress/e2e/admin/userAdministration.cy.js
index 2b73b877b..372549170 100644
--- a/src/client/cypress/e2e/admin/userAdministration.cy.js
+++ b/src/client/cypress/e2e/admin/userAdministration.cy.js
@@ -10,7 +10,7 @@ describe("Admin settings test", () => {
       .should("have.length", 7);
   });
 
-  it("displays correct message when enabling user.", () => {
+  it.skip("displays correct message when enabling user.", () => {
     // add user
     cy.get('[placeholder="Username"]').type("Testuser");
     cy.get('[placeholder="Password"]').type("123456");
@@ -73,7 +73,7 @@ describe("Admin settings test", () => {
     cy.get('.modal [data-cy="permanently-delete-user-button"]').click();
   });
 
-  it("can add user with admin role.", () => {
+  it.skip("can add user with admin role.", () => {
     // add admin user
     cy.get('[data-cy="admin-checkbox"]').click();
 
@@ -149,7 +149,7 @@ describe("Admin settings test", () => {
     let filesUser = cy
       .get('[data-cy="user-list-table-body"]')
       .children()
-      .contains("tr", "filesUser");
+      .contains("tr", "has_files");
 
     cy.contains("user_that_only");
     cy.contains("has_files");
@@ -169,7 +169,7 @@ describe("Admin settings test", () => {
     let deletableUser = cy
       .get('[data-cy="user-list-table-body"]')
       .children()
-      .contains("tr", "deletableUser");
+      .contains("tr", "be_deleted");
 
     cy.contains("user_that_can");
     cy.contains("be_deleted");
@@ -244,7 +244,7 @@ describe("Admin settings test", () => {
     // is reloaded and assert role assignments
     cy.get('[data-cy="user-list-table-body"]')
       .children()
-      .contains("td", "admin")
+      .contains("td", "Admin")
       .click();
 
     cy.get('[data-cy="user-list-table-body"]')

From 7403ca639ac4d1a7c9866f7b3c3973b3f507a292 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20L=C3=BCthi?= <philipp.luethi@geowerkstatt.ch>
Date: Thu, 11 Jan 2024 17:38:53 +0100
Subject: [PATCH 29/31] Add Changelog

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index cf8a241fd..bdb0be621 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,7 @@
 - Updated layer management to use the .NET API.
 - Update stratigraphy management to use the .NET API.
 - Hide outer ring for disabled radio buttons.
+- Handle Authentication with a OpenID Connect.
 
 ## v2.0.506 - 2023-12-21
 

From 626b25c04c67edc1647415143ae5ddbf6860712b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20L=C3=BCthi?= <philipp.luethi@geowerkstatt.ch>
Date: Thu, 11 Jan 2024 17:41:48 +0100
Subject: [PATCH 30/31] Unify LogWarnings referencing users subject_id

---
 src/api/BoreholeLockService.cs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/api/BoreholeLockService.cs b/src/api/BoreholeLockService.cs
index cf7781bb0..58cc5a160 100644
--- a/src/api/BoreholeLockService.cs
+++ b/src/api/BoreholeLockService.cs
@@ -33,14 +33,14 @@ public async Task<bool> IsBoreholeLockedAsync(int? boreholeId, string? subjectId
 
         if (!user.WorkgroupRoles.Any(x => x.WorkgroupId == borehole.WorkgroupId && userWorkflowRoles.Contains(x.Role)))
         {
-            logger.LogWarning("Current user with name <{UserName}> does not have the required role to create a stratigraphy for borehole with id <{BoreholeId}>.", subjectId, boreholeId);
+            logger.LogWarning("Current user with subject_id <{SubjectId}> does not have the required role to create a stratigraphy for borehole with id <{BoreholeId}>.", subjectId, boreholeId);
             throw new UnauthorizedAccessException();
         }
 
         if (borehole.Locked.HasValue && borehole.Locked.Value.AddMinutes(LockTimeoutInMinutes) > timeProvider.GetUtcNow() && borehole.LockedById != user.Id)
         {
             var lockedUserFullName = $"{borehole.LockedBy?.FirstName} {borehole.LockedBy?.LastName}";
-            logger.LogWarning("Current user with name <{UserName}> tried to create a stratigraphy for borehole with id <{BoreholeId}>, but the borehole is locked by user <{LockedByUserName}>.", subjectId, boreholeId, lockedUserFullName);
+            logger.LogWarning("Current user with subject_id <{SubjectId}> tried to create a stratigraphy for borehole with id <{BoreholeId}>, but the borehole is locked by user <{LockedByUserName}>.", subjectId, boreholeId, lockedUserFullName);
             return true;
         }
 

From 9aa82fbc5a8bd3b8d27e084ce8fdac60980ed22e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Philipp=20L=C3=BCthi?= <philipp.luethi@geowerkstatt.ch>
Date: Thu, 11 Jan 2024 17:59:42 +0100
Subject: [PATCH 31/31] Downgrade oidc beta components

---
 src/client/package-lock.json | 39 +++++++++++++++++++-----------------
 src/client/package.json      |  4 ++--
 2 files changed, 23 insertions(+), 20 deletions(-)

diff --git a/src/client/package-lock.json b/src/client/package-lock.json
index 2192c1936..5449e283b 100644
--- a/src/client/package-lock.json
+++ b/src/client/package-lock.json
@@ -26,7 +26,7 @@
         "lodash": "^4.17.21",
         "markdown-to-jsx": "^6.11.4",
         "moment": "^2.29.4",
-        "oidc-client-ts": "^3.0.0-beta.0",
+        "oidc-client-ts": "2.4.0",
         "ol": "^8.2.0",
         "proj4": "^2.9.2",
         "prop-types": "^15.8.1",
@@ -39,7 +39,7 @@
         "react-hook-form": "^7.48.2",
         "react-i18next": "^13.5.0",
         "react-number-format": "^5.3.1",
-        "react-oidc-context": "^3.0.0-beta.0",
+        "react-oidc-context": "2.3.1",
         "react-query": "^3.39.3",
         "react-redux": "^7.2.9",
         "react-router-dom": "^5.3.4",
@@ -6652,6 +6652,11 @@
         "node": ">= 8"
       }
     },
+    "node_modules/crypto-js": {
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/crypto-js/-/crypto-js-4.2.0.tgz",
+      "integrity": "sha512-KALDyEYgpY+Rlob/iriUtjV6d5Eq+Y191A5g4UqLAi8CyGP9N1+FdVbkc1SxKc2r4YAYqG8JzO2KGL+AizD70Q=="
+    },
     "node_modules/crypto-random-string": {
       "version": "2.0.0",
       "resolved": "https://registry.npmjs.org/crypto-random-string/-/crypto-random-string-2.0.0.tgz",
@@ -11997,12 +12002,9 @@
       }
     },
     "node_modules/jwt-decode": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/jwt-decode/-/jwt-decode-4.0.0.tgz",
-      "integrity": "sha512-+KJGIyHgkGuIq3IEBNftfhW/LfWhXUIY6OmyVWjliu5KH1y0fw7VQ8YndE2O4qZdMSd9SqbnC8GOcZEy0Om7sA==",
-      "engines": {
-        "node": ">=18"
-      }
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/jwt-decode/-/jwt-decode-3.1.2.tgz",
+      "integrity": "sha512-UfpWE/VZn0iP50d8cz9NrZLM9lSWhcJ+0Gt/nm4by88UL+J1SiKN8/5dkjMmbEzwL2CAe+67GsegCbIKtbp75A=="
     },
     "node_modules/keyboard-key": {
       "version": "1.1.0",
@@ -13066,14 +13068,15 @@
       "integrity": "sha512-PX1wu0AmAdPqOL1mWhqmlOd8kOIZQwGZw6rh7uby9fTc5lhaOWFLX3I6R1hrF9k3zUY40e6igsLGkDXK92LJNg=="
     },
     "node_modules/oidc-client-ts": {
-      "version": "3.0.0-beta.0",
-      "resolved": "https://registry.npmjs.org/oidc-client-ts/-/oidc-client-ts-3.0.0-beta.0.tgz",
-      "integrity": "sha512-LXd4/w6kzYe0Hc2d+orHR9ACmRVgUOtWxOttca5DoZgvWU1tWlMbIKfiiKRRLOsHejc2y28Q+JhvGofK8gfXyQ==",
+      "version": "2.4.0",
+      "resolved": "https://registry.npmjs.org/oidc-client-ts/-/oidc-client-ts-2.4.0.tgz",
+      "integrity": "sha512-WijhkTrlXK2VvgGoakWJiBdfIsVGz6CFzgjNNqZU1hPKV2kyeEaJgLs7RwuiSp2WhLfWBQuLvr2SxVlZnk3N1w==",
       "dependencies": {
-        "jwt-decode": "^4.0.0"
+        "crypto-js": "^4.2.0",
+        "jwt-decode": "^3.1.2"
       },
       "engines": {
-        "node": ">=18"
+        "node": ">=12.13.0"
       }
     },
     "node_modules/ol": {
@@ -15271,14 +15274,14 @@
       }
     },
     "node_modules/react-oidc-context": {
-      "version": "3.0.0-beta.0",
-      "resolved": "https://registry.npmjs.org/react-oidc-context/-/react-oidc-context-3.0.0-beta.0.tgz",
-      "integrity": "sha512-Y3WjJ+2qBpNqkX7DTnYc2WRLhXajX2tCv2S5rSB05J9IOjAOBYPXArIlHbjp6UWnSBW8rGbobmoRB9clrqIcWg==",
+      "version": "2.3.1",
+      "resolved": "https://registry.npmjs.org/react-oidc-context/-/react-oidc-context-2.3.1.tgz",
+      "integrity": "sha512-WdhmEU6odNzMk9pvOScxUkf6/1aduiI/nQryr7+iCl2VDnYLASDTIV/zy58KuK4VXG3fBaRKukc/mRpMjF9a3Q==",
       "engines": {
-        "node": ">=18"
+        "node": ">=12.13.0"
       },
       "peerDependencies": {
-        "oidc-client-ts": "^3.0.0-beta.0",
+        "oidc-client-ts": "^2.2.1",
         "react": ">=16.8.0"
       }
     },
diff --git a/src/client/package.json b/src/client/package.json
index 8cc10b7a7..be44601b0 100644
--- a/src/client/package.json
+++ b/src/client/package.json
@@ -40,7 +40,7 @@
     "lodash": "^4.17.21",
     "markdown-to-jsx": "^6.11.4",
     "moment": "^2.29.4",
-    "oidc-client-ts": "^3.0.0-beta.0",
+    "oidc-client-ts": "2.4.0",
     "ol": "^8.2.0",
     "proj4": "^2.9.2",
     "prop-types": "^15.8.1",
@@ -53,7 +53,7 @@
     "react-hook-form": "^7.48.2",
     "react-i18next": "^13.5.0",
     "react-number-format": "^5.3.1",
-    "react-oidc-context": "^3.0.0-beta.0",
+    "react-oidc-context": "2.3.1",
     "react-query": "^3.39.3",
     "react-redux": "^7.2.9",
     "react-router-dom": "^5.3.4",