Skip to content

Commit

Permalink
Merge branch 'main' into N21-1824-course-resync
Browse files Browse the repository at this point in the history
  • Loading branch information
@sdinkov
sdinkov committed Jul 19, 2024
2 parents be7e127 + 2488659 commit d3e819b
Show file tree
Hide file tree
Showing 20 changed files with 701 additions and 1,716 deletions.
5 changes: 5 additions & 0 deletions ansible/roles/h5p-library-management/templates/api-h5p-library-management-cronjob.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,11 @@ spec:
git.branch: {{ SCHULCLOUD_SERVER_BRANCH_NAME }}
git.repo: {{ SCHULCLOUD_SERVER_REPO_NAME }}
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
runAsNonRoot: true
volumes:
- name: libraries-list
configMap:
Expand Down
1 change: 1 addition & 0 deletions ...s/moin-schule-sync/templates/moin-schule-users-deletion-queueing-cronjob-configmap.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,3 +11,4 @@ data:
EXIT_ON_ERROR: "true"
SC_DOMAIN: "{{ DOMAIN }}"
FEATURE_PROMETHEUS_METRICS_ENABLED: "true"
ETHERPAD__PAD_URI: "https://{{ DOMAIN }}/etherpad/p"
1 change: 1 addition & 0 deletions ansible/roles/moin-schule-sync/templates/moin-schule-users-sync-cronjob-configmap.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,3 +11,4 @@ data:
EXIT_ON_ERROR: "true"
SC_DOMAIN: "{{ DOMAIN }}"
FEATURE_PROMETHEUS_METRICS_ENABLED: "true"
ETHERPAD__PAD_URI: "https://{{ DOMAIN }}/etherpad/p"
5 changes: 5 additions & 0 deletions ansible/roles/schulcloud-server-core/templates/api-delete-s3-files-cronjob.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,11 @@ spec:
spec:
template:
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
runAsNonRoot: true
containers:
- name: delete-s3-files-cronjob
image: {{ SCHULCLOUD_SERVER_IMAGE }}:{{ SCHULCLOUD_SERVER_IMAGE_TAG }}
Expand Down
5 changes: 5 additions & 0 deletions ansible/roles/schulcloud-server-core/templates/data-deletion-trigger-cronjob.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,11 @@ spec:
spec:
template:
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
runAsNonRoot: true
containers:
- name: data-deletion-trigger-cronjob
image: {{ SCHULCLOUD_SERVER_IMAGE }}:{{ SCHULCLOUD_SERVER_IMAGE_TAG }}
Expand Down
5 changes: 5 additions & 0 deletions ansible/roles/schulcloud-server-core/templates/migration-job.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,11 @@ spec:
labels:
app: api-migration
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
runAsNonRoot: true
containers:
- name: api-migration-job
image: {{ SCHULCLOUD_SERVER_IMAGE }}:{{ SCHULCLOUD_SERVER_IMAGE_TAG }}
Expand Down
5 changes: 5 additions & 0 deletions ansible/roles/schulcloud-server-core/templates/tldraw-delete-files-cronjob.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,11 @@ spec:
spec:
template:
spec:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
runAsNonRoot: true
containers:
- name: tldraw-delete-files-cronjob
image: {{ SCHULCLOUD_SERVER_IMAGE }}:{{ SCHULCLOUD_SERVER_IMAGE_TAG }}
Expand Down
2 changes: 1 addition & 1 deletion ansible/roles/schulcloud-server-init/templates/job_init.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ spec:
mountPath: /update.sh
subPath: update.sh
command: ['/bin/sh','-c']
args: ['cp /update.sh /update.run.sh && chmod +x /update.run.sh &&./update.run.sh']
args: ['cp /update.sh /update.run.sh && chmod +x /update.run.sh && ./update.run.sh']
resources:
limits:
cpu: "3000m"
Expand Down
3 changes: 1 addition & 2 deletions apps/server/src/modules/deletion/api/controller/api-test/deletion-executions.api.spec.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,11 +35,10 @@ describe(`deletionExecution (api)`, () => {

describe('executeDeletions', () => {
describe('when execute deletionRequests with default limit', () => {
jest.setTimeout(20000);
it('should return status 204', async () => {
const response = await testApiClient.post('');
expect(response.status).toEqual(204);
});
}, 20000);
});

describe('without token', () => {
Expand Down
32 changes: 0 additions & 32 deletions apps/server/src/modules/provisioning/loggable/email-already-exists.loggable.spec.ts
View file

This file was deleted.

15 changes: 0 additions & 15 deletions apps/server/src/modules/provisioning/loggable/email-already-exists.loggable.ts
View file

This file was deleted.

1 change: 0 additions & 1 deletion apps/server/src/modules/provisioning/loggable/index.ts
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,4 @@
export * from './user-for-group-not-found.loggable';
export * from './school-for-group-not-found.loggable';
export * from './group-role-unknown.loggable';
export { EmailAlreadyExistsLoggable } from './email-already-exists.loggable';
export { SchoolExternalToolCreatedLoggable } from './school-external-tool-created.loggable';
49 changes: 0 additions & 49 deletions .../modules/provisioning/strategy/oidc/service/schulconnex-user-provisioning.service.spec.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@ describe(SchulconnexUserProvisioningService.name, () => {
let userService: DeepMocked<UserService>;
let roleService: DeepMocked<RoleService>;
let accountService: DeepMocked<AccountService>;
let logger: DeepMocked<Logger>;

beforeAll(async () => {
module = await Test.createTestingModule({
Expand Down Expand Up @@ -51,7 +50,6 @@ describe(SchulconnexUserProvisioningService.name, () => {
userService = module.get(UserService);
roleService = module.get(RoleService);
accountService = module.get(AccountService);
logger = module.get(Logger);
});

afterAll(async () => {
Expand Down Expand Up @@ -140,27 +138,6 @@ describe(SchulconnexUserProvisioningService.name, () => {
});
});

it('should call user service to check uniqueness of email', async () => {
const { externalUser, schoolId, systemId } = setupUser();

userService.findByExternalId.mockResolvedValue(null);

await service.provisionExternalUser(externalUser, systemId, schoolId);

expect(userService.isEmailUniqueForExternal).toHaveBeenCalledWith(externalUser.email, undefined);
});

it('should call the user service to save the user', async () => {
const { externalUser, schoolId, savedUser, systemId } = setupUser();

userService.findByExternalId.mockResolvedValue(null);
userService.isEmailUniqueForExternal.mockResolvedValue(true);

await service.provisionExternalUser(externalUser, systemId, schoolId);

expect(userService.save).toHaveBeenCalledWith(new UserDO({ ...savedUser, id: undefined }));
});

it('should return the saved user', async () => {
const { externalUser, schoolId, savedUser, systemId } = setupUser();

Expand Down Expand Up @@ -198,35 +175,9 @@ describe(SchulconnexUserProvisioningService.name, () => {
await expect(promise).rejects.toThrow(UnprocessableEntityException);
});
});

describe('when the external user has an email, that already exists', () => {
it('should log EmailAlreadyExistsLoggable', async () => {
const { externalUser, systemId, schoolId } = setupUser();

userService.findByExternalId.mockResolvedValue(null);
userService.isEmailUniqueForExternal.mockResolvedValue(false);

await service.provisionExternalUser(externalUser, systemId, schoolId);

expect(logger.warning).toHaveBeenCalledWith({
email: externalUser.email,
});
});
});
});

describe('when the user already exists', () => {
it('should call user service to check uniqueness of email', async () => {
const { externalUser, schoolId, systemId, existingUser } = setupUser();

userService.findByExternalId.mockResolvedValue(existingUser);
userService.isEmailUniqueForExternal.mockResolvedValue(true);

await service.provisionExternalUser(externalUser, systemId, schoolId);

expect(userService.isEmailUniqueForExternal).toHaveBeenCalledWith(externalUser.email, existingUser.externalId);
});

it('should call the user service to save the user', async () => {
const { externalUser, schoolId, existingUser, systemId } = setupUser();

Expand Down
37 changes: 6 additions & 31 deletions ...r/src/modules/provisioning/strategy/oidc/service/schulconnex-user-provisioning.service.ts
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,10 @@
import { AccountSave, AccountService } from '@modules/account';
import { EmailAlreadyExistsLoggable } from '@modules/provisioning/loggable';
import { RoleDto, RoleService } from '@modules/role';
import { UserService } from '@modules/user';
import { Injectable, UnprocessableEntityException } from '@nestjs/common';
import { RoleReference, UserDO } from '@shared/domain/domainobject';
import { RoleName } from '@shared/domain/interface';
import { EntityId } from '@shared/domain/types';
import { Logger } from '@src/core/logger';
import CryptoJS from 'crypto-js';
import { ExternalUserDto } from '../../../dto';

Expand All @@ -15,8 +13,7 @@ export class SchulconnexUserProvisioningService {
constructor(
private readonly userService: UserService,
private readonly roleService: RoleService,
private readonly accountService: AccountService,
private readonly logger: Logger
private readonly accountService: AccountService
) {}

public async provisionExternalUser(
Expand All @@ -26,14 +23,12 @@ export class SchulconnexUserProvisioningService {
): Promise<UserDO> {
const foundUser: UserDO | null = await this.userService.findByExternalId(externalUser.externalId, systemId);

const isEmailUnique: boolean = await this.checkUniqueEmail(externalUser.email, foundUser?.externalId);

const roleRefs: RoleReference[] | undefined = await this.createRoleReferences(externalUser.roles);

let createNewAccount = false;
let user: UserDO;
if (foundUser) {
user = this.updateUser(externalUser, foundUser, isEmailUnique, roleRefs, schoolId);
user = this.updateUser(externalUser, foundUser, roleRefs, schoolId);
} else {
if (!schoolId) {
throw new UnprocessableEntityException(
Expand All @@ -42,7 +37,7 @@ export class SchulconnexUserProvisioningService {
}

createNewAccount = true;
user = this.createUser(externalUser, isEmailUnique, schoolId, roleRefs);
user = this.createUser(externalUser, schoolId, roleRefs);
}

const savedUser: UserDO = await this.userService.save(user);
Expand All @@ -59,20 +54,6 @@ export class SchulconnexUserProvisioningService {
return savedUser;
}

private async checkUniqueEmail(email?: string, externalId?: string): Promise<boolean> {
if (email) {
const isEmailUnique: boolean = await this.userService.isEmailUniqueForExternal(email, externalId);

if (!isEmailUnique) {
this.logger.warning(new EmailAlreadyExistsLoggable(email, externalId));
}

return isEmailUnique;
}

return true;
}

private async createRoleReferences(roles?: RoleName[]): Promise<RoleReference[] | undefined> {
if (roles) {
const foundRoles: RoleDto[] = await this.roleService.findByNames(roles);
Expand All @@ -89,32 +70,26 @@ export class SchulconnexUserProvisioningService {
private updateUser(
externalUser: ExternalUserDto,
foundUser: UserDO,
isEmailUnique: boolean,
roleRefs?: RoleReference[],
schoolId?: string
): UserDO {
const user: UserDO = foundUser;
user.firstName = externalUser.firstName ?? foundUser.firstName;
user.lastName = externalUser.lastName ?? foundUser.lastName;
user.email = isEmailUnique ? externalUser.email ?? foundUser.email : foundUser.email;
user.email = externalUser.email ?? foundUser.email;
user.roles = roleRefs ?? foundUser.roles;
user.schoolId = schoolId ?? foundUser.schoolId;
user.birthday = externalUser.birthday ?? foundUser.birthday;

return user;
}

private createUser(
externalUser: ExternalUserDto,
isEmailUnique: boolean,
schoolId: string,
roleRefs?: RoleReference[]
): UserDO {
private createUser(externalUser: ExternalUserDto, schoolId: string, roleRefs?: RoleReference[]): UserDO {
const user: UserDO = new UserDO({
externalId: externalUser.externalId,
firstName: externalUser.firstName ?? '',
lastName: externalUser.lastName ?? '',
email: isEmailUnique ? externalUser.email ?? '' : '',
email: externalUser.email ?? '',
roles: roleRefs ?? [],
schoolId,
birthday: externalUser.birthday,
Expand Down
Loading

0 comments on commit d3e819b

Please sign in to comment.