Skip to content

Commit

Permalink
Fixes #263
Browse files Browse the repository at this point in the history
  • Loading branch information
@oharsta
oharsta committed Nov 19, 2024
1 parent 3cc62cc commit 35511b4
Show file tree
Hide file tree
Showing 4 changed files with 79 additions and 54 deletions.
7 changes: 0 additions & 7 deletions server/src/main/java/access/provision/Provisioning.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -81,12 +81,5 @@ private void invariant() {
}
}

public boolean isApplicableForGroupRequest() {
return ProvisioningType.scim.equals(this.provisioningType);
}

public boolean isApplicableForUserRoleRequests() {
return ProvisioningType.eva.equals(this.provisioningType);
}
}

96 changes: 51 additions & 45 deletions server/src/main/java/access/provision/ProvisioningServiceDefault.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,7 @@ public Optional<GraphResponse> newUserRequest(User user) {
.isEmpty())
.forEach(provisioning -> {
UserRequest request = new UserRequest(user, provisioning);
if (provisioning.getScimUserIdentifier().equals(ScimUserIdentifier.eduID) &&
if (ScimUserIdentifier.eduID.equals(provisioning.getScimUserIdentifier()) &&
request.getExternalId().equals(user.getEduId())) {
//No fallback for failure
this.eduID.provisionEduid(new EduIDProvision(user.getEduId(), provisioning.getInstitutionGUID()));
Expand All @@ -124,41 +124,45 @@ public Optional<GraphResponse> newUserRequest(User user) {
public void updateUserRequest(User user) {
List<Provisioning> userProvisionings = getProvisionings(user);
List<Provisioning> provisionings = userProvisionings.stream()
.filter(provisioning -> provisioning.getProvisioningType().equals(ProvisioningType.scim))
.toList();
//Provision the user to all provisionings in Manage where the user is known
provisionings.forEach(provisioning -> {
Optional<RemoteProvisionedUser> provisionedUserOptional =
this.remoteProvisionedUserRepository.findByManageProvisioningIdAndUser(provisioning.getId(), user);
provisionedUserOptional.ifPresent(remoteProvisionedUser -> {
String userRequest = prettyJson(new UserRequest(user, provisioning, remoteProvisionedUser.getRemoteIdentifier()));
this.updateRequest(provisioning, userRequest, USER_API, remoteProvisionedUser.getRemoteIdentifier(), HttpMethod.PUT);
});
if (this.hasEvaHook(provisioning)) {
RequestEntity requestEntity = this.evaClient.updateUserRequest(provisioning, user);
this.doExchange(requestEntity, USER_API, mapParameterizedTypeReference, provisioning);
} else if (this.hasScimHook(provisioning)) {
Optional<RemoteProvisionedUser> provisionedUserOptional =
this.remoteProvisionedUserRepository.findByManageProvisioningIdAndUser(provisioning.getId(), user);
provisionedUserOptional.ifPresent(remoteProvisionedUser -> {
String userRequest = prettyJson(new UserRequest(user, provisioning, remoteProvisionedUser.getRemoteIdentifier()));
this.updateRequest(provisioning, userRequest, USER_API, remoteProvisionedUser.getRemoteIdentifier(), HttpMethod.PUT);
});
}
});
}

@Override
public void updateUserRoleRequest(UserRole userRole) {
List<Provisioning> provisionings = getProvisionings(userRole.getUser())
.stream()
.filter(provisioning -> provisioning.isApplicableForUserRoleRequests())
.toList();
List<Provisioning> provisionings = getProvisionings(userRole.getUser());
provisionings.forEach(provisioning -> {
RequestEntity requestEntity = this.evaClient.updateUserRequest(provisioning, userRole.getUser());
doExchange(requestEntity, USER_API, stringParameterizedTypeReference, provisioning);
if (this.hasEvaHook(provisioning)) {
RequestEntity requestEntity = this.evaClient.updateUserRequest(provisioning, userRole.getUser());
doExchange(requestEntity, USER_API, stringParameterizedTypeReference, provisioning);
}
//For now only eva is eligible for update's for the userRole (e.g. new end date)
});

}

@Override
public void deleteUserRoleRequest(UserRole userRole) {
List<Provisioning> provisionings = getProvisionings(userRole.getUser())
.stream()
.filter(provisioning -> provisioning.isApplicableForUserRoleRequests())
.toList();
List<Provisioning> provisionings = getProvisionings(userRole.getUser());
provisionings.forEach(provisioning -> {
RequestEntity requestEntity = this.evaClient.deleteUserRequest(provisioning, userRole.getUser());
doExchange(requestEntity, USER_API, stringParameterizedTypeReference, provisioning);
if (this.hasEvaHook(provisioning)) {
RequestEntity requestEntity = this.evaClient.deleteUserRequest(provisioning, userRole.getUser());
doExchange(requestEntity, USER_API, stringParameterizedTypeReference, provisioning);
}
//For now only eva is eligible for update's for the userRole (e.g. new end date)
});
}

Expand Down Expand Up @@ -208,36 +212,38 @@ public void updateGroupRequest(UserRole userRole, OperationType operationType) {
}
Role role = userRole.getRole();
List<Provisioning> provisionings = getProvisionings(role).stream()
.filter(Provisioning::isApplicableForGroupRequest)
.toList();
provisionings.forEach(provisioning -> {
Optional<RemoteProvisionedGroup> provisionedGroupOptional = this.remoteProvisionedGroupRepository
.findByManageProvisioningIdAndRole(provisioning.getId(), role);
provisionedGroupOptional.ifPresentOrElse(provisionedGroup -> {
List<UserRole> userRoles = new ArrayList<>();
if (provisioning.isScimUpdateRolePutMethod()) {
//We need all userRoles for a PUT and we only provision guests
userRoles = userRoleRepository.findByRole(userRole.getRole())
.stream()
.filter(userRoleDB -> userRoleDB.getAuthority().equals(Authority.GUEST) || userRoleDB.isGuestRoleIncluded())
.collect(Collectors.toCollection(ArrayList::new));
boolean userRolePresent = userRoles.stream().anyMatch(dbUserRole -> dbUserRole.getId().equals(userRole.getId()));
if (operationType.equals(OperationType.Add) && !userRolePresent) {
userRoles.add(userRole);
} else if (operationType.equals(OperationType.Remove) && userRolePresent) {
userRoles = userRoles.stream()
.filter(dbUserRole -> !dbUserRole.getId().equals(userRole.getId()))
if (this.hasScimHook(provisioning)) {
Optional<RemoteProvisionedGroup> provisionedGroupOptional = this.remoteProvisionedGroupRepository
.findByManageProvisioningIdAndRole(provisioning.getId(), role);
provisionedGroupOptional.ifPresentOrElse(provisionedGroup -> {
List<UserRole> userRoles = new ArrayList<>();
if (provisioning.isScimUpdateRolePutMethod()) {
//We need all userRoles for a PUT and we only provision guests
userRoles = userRoleRepository.findByRole(userRole.getRole())
.stream()
.filter(userRoleDB -> userRoleDB.getAuthority().equals(Authority.GUEST) || userRoleDB.isGuestRoleIncluded())
.collect(Collectors.toCollection(ArrayList::new));
boolean userRolePresent = userRoles.stream().anyMatch(dbUserRole -> dbUserRole.getId().equals(userRole.getId()));
if (operationType.equals(OperationType.Add) && !userRolePresent) {
userRoles.add(userRole);
} else if (operationType.equals(OperationType.Remove) && userRolePresent) {
userRoles = userRoles.stream()
.filter(dbUserRole -> !dbUserRole.getId().equals(userRole.getId()))
.collect(Collectors.toCollection(ArrayList::new));
}
} else {
userRoles.add(userRole);
}
} else {
userRoles.add(userRole);
sendGroupPutRequest(provisioning, provisionedGroup, userRoles, role, operationType);
}, () -> {
this.newGroupRequest(role);
this.updateGroupRequest(userRole, operationType);
}
sendGroupPutRequest(provisioning, provisionedGroup, userRoles, role, operationType);
}, () -> {
this.newGroupRequest(role);
this.updateGroupRequest(userRole, operationType);
}
);
);
}
//For now only scim is eligible for update's for the groups (e.g. role name / members have changed)
});
}

Expand Down
2 changes: 1 addition & 1 deletion server/src/test/java/access/AbstractTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -470,7 +470,7 @@ protected String stubForCreateEvaUser() throws JsonProcessingException {
return value;
}

protected void stubForUpdateEvaUser() throws JsonProcessingException {
protected void stubForUpdateEvaUser() {
stubFor(post(urlPathMatching("/eva/api/v1/guest/create"))
.willReturn(aResponse()
.withHeader("Content-Type", "application/json")));
Expand Down
28 changes: 27 additions & 1 deletion server/src/test/java/access/provision/ProvisioningServiceDefaultTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
import access.model.*;
import access.provision.scim.OperationType;
import com.fasterxml.jackson.core.JsonProcessingException;
import com.github.tomakehurst.wiremock.client.WireMock;
import com.github.tomakehurst.wiremock.verification.LoggedRequest;
import org.junit.jupiter.api.Test;
import org.springframework.beans.factory.annotation.Autowired;
Expand All @@ -26,7 +27,7 @@ class ProvisioningServiceDefaultTest extends AbstractTest {
@Test
void newUserRequest() throws JsonProcessingException {
User user = userRepository.findBySubIgnoreCase(GUEST_SUB).get();

//See server/src/main/resources/manage/provisioning.json, applicationId="3"
this.stubForManageProvisioning(List.of("3"));
String remoteScimIdentifier = this.stubForCreateEvaUser();
provisioningService.newUserRequest(user);
Expand Down Expand Up @@ -164,4 +165,29 @@ void deleteGroupRequest() throws JsonProcessingException {
Optional<RemoteProvisionedGroup> remoteProvisionedGroupOptional = remoteProvisionedGroupRepository.findByManageProvisioningIdAndRole("7", role);
assertTrue(remoteProvisionedGroupOptional.isEmpty());
}

@Test
void updateEvaUserRequest() throws JsonProcessingException {
User user = userRepository.findBySubIgnoreCase(GUEST_SUB).get();
//See server/src/main/resources/manage/provisioning.json, applicationId="3"
this.stubForManageProvisioning(List.of("3"));
String remoteScimIdentifier = this.stubForCreateEvaUser();
provisioningService.newUserRequest(user);

//Change the name and do update
user.setName("Ely Doe");
provisioningService.updateUserRequest(user);

List<RemoteProvisionedUser> remoteProvisionedUsers = remoteProvisionedUserRepository.findAll();
assertEquals(1, remoteProvisionedUsers.size());
assertEquals(remoteScimIdentifier, remoteProvisionedUsers.get(0).getRemoteIdentifier());

List<LoggedRequest> requests = findAll(postRequestedFor(urlPathMatching("/eva/api/v1/guest/create")));
assertEquals(2, requests.size());
String updateRequest = requests.getLast().getBodyAsString();
//After URLEncoding
assertTrue(updateRequest.contains("name=Ely+Doe"));
assertTrue(updateRequest.contains(String.format("id=%s", remoteScimIdentifier)));
}

}

0 comments on commit 35511b4

Please sign in to comment.