Add upload logo functionality and display account name and logo in navigation (#782)

### Summary & Motivation

Add support for uploading account logos and show the account names in
the side menu and invitation emails. While the account name could
previously be changed, it was not used anywhere. It is now displayed in
the side menu with the logo to clearly indicate which account the user
is currently logged into.

- Implement backend storage for account logos using Azure Blob Storage
using shared access signatures
- Create frontend UI components for uploading, displaying, and removing
account logos in the account settings
- Display logo and account name in the side menu
- Add logic to prevent user invitations when an account lacks a name
- Rename blob storage environment variable in AppGateway Bicep
infrastructure from `AVATARS_STORAGE_URL` to
`ACCOUNT_MANAGEMENT_STORAGE_URL` for unified storage connection. This
allows using the same connection string for both logos and avatars
stored in the Account Management Blob Storage account.

### Downstream projects

**Important: Infrastructure changes require careful deployment to avoid
downtime**

The environment variable `AVATARS_STORAGE_URL` has been renamed to
`ACCOUNT_MANAGEMENT_STORAGE_URL` in the AppGateway infrastructure.

Deployment steps to avoid downtime:

1. Manually add the `ACCOUNT_MANAGEMENT_STORAGE_URL` environment
variable to AppGateway with the same value as the existing
`AVATARS_STORAGE_URL`
2. Deploy the new AppGateway: `.github/workflows/app-gateway.yml`
3. Deploy Account Management: `.github/workflows/account-management.yml`
4. After verifying the services are running correctly, deploy the
infrastructure which will remove the old `AVATARS_STORAGE_URL`
environment variable using this:
`.github/workflows/cloud-infrastructure.yml`

Note: This deployment sequence has not been tested. Please verify in
your staging environment first.

Reminder: Deploying infrastructure in parallel with self-contained
systems may revert the active Docker version to the previous one. This
occurs because infrastructure deployment begins by retrieving the active
version and adding it to the Bicep deployment. If a new version is
deployed during this process, Bicep might revert it.

### Checklist

- [x] I have added tests, or done manual regression tests
- [x] I have updated the documentation, if necessary

Author: tjementum

application/AppGateway/Filters/ClusterDestinationConfigFilter.cs

@@ -10,7 +10,7 @@ public ValueTask<ClusterConfig> ConfigureClusterAsync(ClusterConfig cluster, Can
         {
             "account-management-api" => ReplaceDestinationAddress(cluster, "ACCOUNT_MANAGEMENT_API_URL"),
             "account-management-static" => ReplaceDestinationAddress(cluster, "ACCOUNT_MANAGEMENT_API_URL"),
-            "avatars-storage" => ReplaceDestinationAddress(cluster, "AVATARS_STORAGE_URL"),
+            "account-management-storage" => ReplaceDestinationAddress(cluster, "ACCOUNT_MANAGEMENT_STORAGE_URL"),
             "back-office-api" => ReplaceDestinationAddress(cluster, "BACK_OFFICE_API_URL"),
             "back-office-static" => ReplaceDestinationAddress(cluster, "BACK_OFFICE_API_URL"),
             _ => throw new InvalidOperationException($"Unknown Cluster ID {cluster.ClusterId}.")

application/AppGateway/Program.cs

@@ -38,7 +38,7 @@
     );
 }
 
-builder.AddNamedBlobStorages(("avatars-storage", "AVATARS_STORAGE_URL"));
+builder.AddNamedBlobStorages(("account-management-storage", "ACCOUNT_MANAGEMENT_STORAGE_URL"));
 
 builder.WebHost.UseKestrel(option => option.AddServerHeader = false);
 

application/AppGateway/Transformations/ManagedIdentityTransform.cs

@@ -8,7 +8,8 @@ public class ManagedIdentityTransform(TokenCredential credential)
 {
     protected override string? GetValue(RequestTransformContext context)
     {
-        if (!context.HttpContext.Request.Path.StartsWithSegments("/avatars", StringComparison.OrdinalIgnoreCase))
+        if (!context.HttpContext.Request.Path.StartsWithSegments("/avatars", StringComparison.OrdinalIgnoreCase) &&
+            !context.HttpContext.Request.Path.StartsWithSegments("/logos", StringComparison.OrdinalIgnoreCase))
         {
             return null;
         }
@@ -23,6 +24,9 @@ public class ApiVersionHeaderTransform() : RequestHeaderTransform("x-ms-version"
 {
     protected override string? GetValue(RequestTransformContext context)
     {
-        return !context.HttpContext.Request.Path.StartsWithSegments("/avatars") ? null : "2023-11-03";
+        return !context.HttpContext.Request.Path.StartsWithSegments("/avatars") &&
+               !context.HttpContext.Request.Path.StartsWithSegments("/logos")
+            ? null
+            : "2023-11-03";
     }
 }

application/AppGateway/Transformations/SharedAccessSignatureRequestTransform.cs

@@ -3,14 +3,26 @@
 
 namespace PlatformPlatform.AppGateway.Transformations;
 
-public class SharedAccessSignatureRequestTransform([FromKeyedServices("avatars-storage")] BlobStorageClient blobStorageClient)
+public class SharedAccessSignatureRequestTransform([FromKeyedServices("account-management-storage")] BlobStorageClient accountManagementBlobStorageClient)
     : RequestTransform
 {
     public override ValueTask ApplyAsync(RequestTransformContext context)
     {
-        if (!context.Path.StartsWithSegments("/avatars")) return ValueTask.CompletedTask;
+        string containerName;
+        if (context.Path.StartsWithSegments("/avatars"))
+        {
+            containerName = "avatars";
+        }
+        else if (context.Path.StartsWithSegments("/logos"))
+        {
+            containerName = "logos";
+        }
+        else
+        {
+            return ValueTask.CompletedTask;
+        }
 
-        var sharedAccessSignature = blobStorageClient.GetSharedAccessSignature("avatars", TimeSpan.FromMinutes(10));
+        var sharedAccessSignature = accountManagementBlobStorageClient.GetSharedAccessSignature(containerName, TimeSpan.FromMinutes(10));
         context.HttpContext.Request.QueryString = new QueryString(sharedAccessSignature);
 
         return ValueTask.CompletedTask;

application/AppGateway/appsettings.json

@@ -68,7 +68,7 @@
         }
       },
       "avatars": {
-        "ClusterId": "avatars-storage",
+        "ClusterId": "account-management-storage",
         "Match": {
           "Path": "/avatars/{**catch-all}"
         },
@@ -79,6 +79,18 @@
           }
         ]
       },
+      "logos": {
+        "ClusterId": "account-management-storage",
+        "Match": {
+          "Path": "/logos/{**catch-all}"
+        },
+        "Transforms": [
+          {
+            "ResponseHeader": "Cache-Control",
+            "Set": "public, max-age=2592000, immutable"
+          }
+        ]
+      },
       "account-management-api": {
         "ClusterId": "account-management-api",
         "Match": {
@@ -205,7 +217,7 @@
           }
         }
       },
-      "avatars-storage": {
+      "account-management-storage": {
         "Destinations": {
           "destination": {
             "Address": "http://127.0.0.1:10000/devstoreaccount1"

application/AppHost/Program.cs

@@ -45,6 +45,7 @@
     .WithUrlForEndpoint("http", u => u.DisplayText = "Read mail here");
 
 CreateBlobContainer("avatars");
+CreateBlobContainer("logos");
 
 var frontendBuild = builder
     .AddNpmApp("frontend-build", "../")

application/account-management/Api/Endpoints/TenantEndpoints.cs

@@ -22,6 +22,14 @@ public void MapEndpoints(IEndpointRouteBuilder routes)
             => (await mediator.Send(command)).AddRefreshAuthenticationTokens()
         );
 
+        group.MapPost("/current/update-logo", async Task<ApiResult> (IFormFile file, IMediator mediator)
+            => await mediator.Send(new UpdateTenantLogoCommand(file.OpenReadStream(), file.ContentType))
+        ).DisableAntiforgery();
+
+        group.MapDelete("/current/remove-logo", async Task<ApiResult> (IMediator mediator)
+            => await mediator.Send(new RemoveTenantLogoCommand())
+        );
+
         routes.MapDelete("/internal-api/account-management/tenants/{id}", async Task<ApiResult> (TenantId id, IMediator mediator)
             => await mediator.Send(new DeleteTenantCommand(id))
         );

application/account-management/Core/Configuration.cs

@@ -1,6 +1,7 @@
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Hosting;
 using PlatformPlatform.AccountManagement.Database;
+using PlatformPlatform.AccountManagement.Features.Tenants;
 using PlatformPlatform.AccountManagement.Features.Users.Shared;
 using PlatformPlatform.AccountManagement.Integrations.Gravatar;
 using PlatformPlatform.SharedKernel.Configuration;
@@ -16,7 +17,7 @@ public static IHostApplicationBuilder AddAccountManagementInfrastructure(this IH
         // Infrastructure is configured separately from other Infrastructure services to allow mocking in tests
         return builder
             .AddSharedInfrastructure<AccountManagementDbContext>("account-management-database")
-            .AddNamedBlobStorages(("avatars-storage", "BLOB_STORAGE_URL"));
+            .AddNamedBlobStorages(("account-management-storage", "BLOB_STORAGE_URL"));
     }
 
     public static IServiceCollection AddAccountManagementServices(this IServiceCollection services)
@@ -28,6 +29,8 @@ public static IServiceCollection AddAccountManagementServices(this IServiceColle
             }
         );
 
+        TenantMapsterConfig.Configure();
+
         return services
             .AddSharedServices<AccountManagementDbContext>(Assembly)
             .AddScoped<AvatarUpdater>()

application/account-management/Core/Database/Migrations/20250804001944_AddTenantLogo.cs

@@ -0,0 +1,19 @@
+using Microsoft.EntityFrameworkCore.Infrastructure;
+using Microsoft.EntityFrameworkCore.Migrations;
+
+namespace PlatformPlatform.AccountManagement.Database.Migrations;
+
+[DbContext(typeof(AccountManagementDbContext))]
+[Migration("20250804001944_AddTenantLogo")]
+public sealed class AddTenantLogo : Migration
+{
+    protected override void Up(MigrationBuilder migrationBuilder)
+    {
+        migrationBuilder.AddColumn<string>(
+            name: "Logo",
+            table: "Tenants",
+            type: "varchar(150)",
+            nullable: false,
+            defaultValue: "{}");
+    }
+}

application/account-management/Core/Features/TelemetryEvents.cs

@@ -51,6 +51,12 @@ public sealed class TenantCreated(TenantId tenantId, TenantState state)
 public sealed class TenantDeleted(TenantId tenantId, TenantState tenantState, int usersDeleted)
     : TelemetryEvent(("tenant_id", tenantId), ("tenant_state", tenantState), ("users_deleted", usersDeleted));
 
+public sealed class TenantLogoRemoved
+    : TelemetryEvent;
+
+public sealed class TenantLogoUpdated(string contentType, long size)
+    : TelemetryEvent(("content_type", contentType), ("size", size));
+
 public sealed class TenantUpdated
     : TelemetryEvent;