From 33b0282342493bb205a1cca5b57d1a2977db8977 Mon Sep 17 00:00:00 2001
From: Eric Schubert <e.schubert@openproject.com>
Date: Mon, 30 Sep 2024 16:57:30 +0200
Subject: [PATCH] [#57707] rework group users query

- https://community.openproject.org/work_packages/57707
- use authentication strategy pattern
---
 .../nextcloud/group_users_query.rb            | 64 ++++++++++---------
 .../storage_interaction/nextcloud/util.rb     | 14 ----
 .../nextcloud_managed_folder_sync_service.rb  |  2 +-
 ...tcloud_managed_folder_sync_service_spec.rb |  5 +-
 4 files changed, 39 insertions(+), 46 deletions(-)

diff --git a/modules/storages/app/common/storages/peripherals/storage_interaction/nextcloud/group_users_query.rb b/modules/storages/app/common/storages/peripherals/storage_interaction/nextcloud/group_users_query.rb
index 8ab9d8b9bcc9..19cf94f9bf39 100644
--- a/modules/storages/app/common/storages/peripherals/storage_interaction/nextcloud/group_users_query.rb
+++ b/modules/storages/app/common/storages/peripherals/storage_interaction/nextcloud/group_users_query.rb
@@ -34,47 +34,51 @@ module StorageInteraction
       module Nextcloud
         class GroupUsersQuery
           include TaggedLogging
-          using ServiceResultRefinements
 
-          def self.call(storage:, group: storage.group)
-            new(storage).call(group:)
+          def self.call(storage:, auth_strategy:, group:)
+            new(storage).call(auth_strategy:, group:)
           end
 
           def initialize(storage)
             @storage = storage
-            @username = storage.username
-            @password = storage.password
           end
 
-          # rubocop:disable Metrics/AbcSize
-          def call(group:)
+          def call(auth_strategy:, group:)
             with_tagged_logger do
-              url = UrlBuilder.url(@storage.uri, "ocs/v1.php/cloud/groups", CGI.escapeURIComponent(group))
+              Authentication[auth_strategy].call(storage: @storage, http_options:) do |http|
+                url = UrlBuilder.url(@storage.uri, "ocs/v1.php/cloud/groups", group)
+                info "Requesting user list for group #{group} via url #{url} "
 
-              info "Requesting user list for group #{group} via url #{url} "
-              response = OpenProject.httpx
-                                    .basic_auth(@username, @password)
-                                    .with(headers: { "OCS-APIRequest" => "true" })
-                                    .get(url)
+                handle_response(http.get(url))
+              end
+            end
+          end
 
-              error_data = StorageErrorData.new(source: self.class, payload: response)
+          private
 
-              case response
-              in { status: 200..299 }
-                group_users = Nokogiri::XML(response.body.to_s).xpath("/ocs/data/users/element").map(&:text)
-                info "#{group_users.size} users found"
-                ServiceResult.success(result: group_users)
-              in { status: 405 }
-                Util.error(:not_allowed, "Outbound request method not allowed", error_data)
-              in { status: 401 }
-                Util.error(:unauthorized, "Outbound request not authorized", error_data)
-              in { status: 404 }
-                Util.error(:not_found, "Outbound request destination not found", error_data)
-              in { status: 409 }
-                Util.error(:conflict, error_text_from_response(response), error_data)
-              else
-                Util.error(:error, "Outbound request failed", error_data)
-              end
+          def http_options
+            Util.ocs_api_request
+          end
+
+          # rubocop:disable Metrics/AbcSize
+          def handle_response(response)
+            error_data = StorageErrorData.new(source: self.class, payload: response)
+
+            case response
+            in { status: 200..299 }
+              group_users = Nokogiri::XML(response.body.to_s).xpath("/ocs/data/users/element").map(&:text)
+              info "#{group_users.size} users found"
+              ServiceResult.success(result: group_users)
+            in { status: 405 }
+              Util.error(:not_allowed, "Outbound request method not allowed", error_data)
+            in { status: 401 }
+              Util.error(:unauthorized, "Outbound request not authorized", error_data)
+            in { status: 404 }
+              Util.error(:not_found, "Outbound request destination not found", error_data)
+            in { status: 409 }
+              Util.error(:conflict, error_text_from_response(response), error_data)
+            else
+              Util.error(:error, "Outbound request failed", error_data)
             end
           end
 
diff --git a/modules/storages/app/common/storages/peripherals/storage_interaction/nextcloud/util.rb b/modules/storages/app/common/storages/peripherals/storage_interaction/nextcloud/util.rb
index d12de30e0fad..4ea4c3809743 100644
--- a/modules/storages/app/common/storages/peripherals/storage_interaction/nextcloud/util.rb
+++ b/modules/storages/app/common/storages/peripherals/storage_interaction/nextcloud/util.rb
@@ -62,20 +62,6 @@ def error(code, log_message = nil, data = nil)
               )
             end
 
-            def token(user:, configuration:, &)
-              connection_manager = OAuthClients::ConnectionManager.new(user:, configuration:)
-              connection_manager.get_access_token.match(
-                on_success: lambda do |token|
-                  connection_manager.request_with_token_refresh(token) { yield token }
-                end,
-                on_failure: lambda do |_|
-                  error(:unauthorized,
-                        "Query could not be created! No access token found!",
-                        StorageErrorData.new(source: connection_manager))
-                end
-              )
-            end
-
             def error_text_from_response(response)
               response.xml.xpath("//s:message").text
             end
diff --git a/modules/storages/app/services/storages/nextcloud_managed_folder_sync_service.rb b/modules/storages/app/services/storages/nextcloud_managed_folder_sync_service.rb
index 9a6554009f83..78e27cc34aed 100644
--- a/modules/storages/app/services/storages/nextcloud_managed_folder_sync_service.rb
+++ b/modules/storages/app/services/storages/nextcloud_managed_folder_sync_service.rb
@@ -308,7 +308,7 @@ def build_set_permissions_input_data(file_id, user_permissions)
 
     def remote_group_users
       info "Retrieving users that a part of the #{@storage.group} group"
-      group_users.call(storage: @storage, group: @storage.group)
+      group_users.call(storage: @storage, auth_strategy:, group: @storage.group)
     end
 
     ### Model Scopes
diff --git a/modules/storages/spec/services/storages/nextcloud_managed_folder_sync_service_spec.rb b/modules/storages/spec/services/storages/nextcloud_managed_folder_sync_service_spec.rb
index cce5b7cb51a7..37b15f03ee8b 100644
--- a/modules/storages/spec/services/storages/nextcloud_managed_folder_sync_service_spec.rb
+++ b/modules/storages/spec/services/storages/nextcloud_managed_folder_sync_service_spec.rb
@@ -185,7 +185,10 @@ module Storages
         end
 
         # No AuthStrategy on GroupUsers
-        allow(group_users).to receive(:call).with(storage:, group: storage.group).and_return(group_users_result)
+        allow(group_users).to receive(:call).with(storage:,
+                                                  auth_strategy:,
+                                                  group: storage.group)
+                                            .and_return(group_users_result)
         # Updating the group users
         allow(add_user).to receive(:call).with(storage:,
                                                auth_strategy:,