Add migration flag to be managed with user

tsdicloud · tsdicloud · commit 813527a1fc2a · 2021-07-13T14:01:33.000Z
Signed-off-by: Bernd.Rederlechner@t-systems.com &lt;bernd.rederlechner@t-systems.com&gt;
diff --git a/README.md b/README.md
@@ -79,6 +79,7 @@ Get the details for an username or id.
     "email" : "primeolli@pattern.cloud", 
     "quota" : "25GB",
     "altemail" : "secolli@pattern.cloud", // optional 
+    "migrated" : false, // optional parameter, default = true
     "enabled" : false // optional parameter, default = true
 }
 ```
@@ -112,10 +113,13 @@ Update all information about a user without changing id or username.
     "email" : "primeolli@pattern.biz", 
     "quota" : "1TB",
     "altemail" : "secolli@pattern.cloud",
-    "enabled" : true 
+    "migrated" : false, 
+    "enabled" : true
 }
 ```
-You can selectively send any combination of fields.
+You can selectively send any combination of fields, except 'enabled'.
+If you want to keep a disabled user disabled, you have to explicitly set ''enabled': false'
+again.
 
 ### Success Responses
 **Code** : `200 OK`
diff --git a/appinfo/info.xml b/appinfo/info.xml
@@ -5,7 +5,7 @@
 	<name>NextMagentaCloud OpenID Connect user management util</name>
 	<summary>Utility app for NextMagentaCloud to create OpenID connect users</summary>
 	<description>This utility app supports NextMagentaCloud migration to create OpenID users with file content before actual first login.</description>
-	<version>0.1.1</version>
+	<version>0.2.1</version>
 	<licence>agpl</licence>
 	<author>Bernd Rederlechner</author>
 	<namespace>NextMagentaCloud</namespace>
diff --git a/lib/Controller/NmcUserApiController.php b/lib/Controller/NmcUserApiController.php
@@ -91,6 +91,7 @@ public function show($providername, $id) {
 	 * @param string|null $email
 	 * @param string|null $altemail
 	 * @param string $quota
+	 * @param bool $migrated
 	 * @param bool $enabled
 	 */
 	public function create(string $providername,
@@ -99,9 +100,10 @@ public function create(string $providername,
 						   $email = null,
 						   $altemail = null,
 						   string $quota = "3GB",
+						   bool $migrated = true,
 						   bool $enabled = true) {
-		return $this->handleAlreadyExists(function () use ($providername, $username, $displayname, $email, $altemail, $quota, $enabled) {
-			return $this->service->create($providername, $username, $displayname, $email,  $altemail, $quota, $enabled);
+		return $this->handleAlreadyExists(function () use ($providername, $username, $displayname, $email, $altemail, $quota, $migrated, $enabled) {
+			return $this->service->create($providername, $username, $displayname, $email,  $altemail, $quota, $migrated, $enabled);
 		});
 	}
 
@@ -116,17 +118,19 @@ public function create(string $providername,
 	 * @param string|null $email
 	 * @param string|null $altemail
 	 * @param string|null $quota
-	 * @param bool $enabled
+	 * @param bool|null $migrated
+	 * @param bool|null $enabled
 	 */
 	public function update(string $providername,
 						   string $id,
 						   $displayname,
 						   $email,
 						   $altemail,
 						   $quota,
+						   $migrated,
 						   bool $enabled = true) {
-		return $this->handleNotFound(function () use ($providername, $id, $displayname, $email, $altemail, $quota, $enabled) {
-			return $this->service->update($providername, $id, $displayname, $email, $altemail, $quota, $enabled);
+		return $this->handleNotFound(function () use ($providername, $id, $displayname, $email, $altemail, $quota, $migrated, $enabled) {
+			return $this->service->update($providername, $id, $displayname, $email, $altemail, $quota, $migrated, $enabled);
 		});
 	}
 
diff --git a/lib/Service/NmcUserService.php b/lib/Service/NmcUserService.php
@@ -2,6 +2,7 @@
 
 namespace OCA\NextMagentaCloud\Service;
 
+use OCP\IConfig;
 use OCP\IUserManager;
 use OCP\IServerContainer;
 use OCP\Accounts\IAccountManager;
@@ -20,7 +21,7 @@
 use OCP\AppFramework\Db\DoesNotExistException;
 use OCP\AppFramework\Db\MultipleObjectsReturnedException;
 
-
+use OCA\NextMagentaCloud\AppInfo\Application;
 
 use RuntimeException;
 
@@ -35,6 +36,9 @@ class NmcUserService {
 	/** @var IServerContainer */
 	private $serverc;
 
+	/** @var IConfig */
+	private $config;
+
 	/** @var UserMapper */
 	private $oidcUserMapper;
 
@@ -50,13 +54,15 @@ class NmcUserService {
 	public function __construct(IUserManager $userManager,
 							IAccountManager $accountManager,
 							IServerContainer $serverContainer,
+							IConfig $config,
 							UserMapper $oidcUserMapper,
 							ProviderMapper $oidcProviderMapper,
 							IProvider $tokenProvider,
 							ISecureRandom $random) {
 		$this->userManager = $userManager;
 		$this->accountManager = $accountManager;
 		$this->serverc = $serverContainer;
+		$this->config = $config;
 		$this->oidcUserMapper = $oidcUserMapper;
 		$this->oidcProviderMapper = $oidcProviderMapper;
 		$this->tokenProvider = $tokenProvider;
@@ -129,6 +135,20 @@ protected function userExists(string $provider, string $username) {
 		}
 	}
 
+	/**
+	 *  Set migration flag to user settings $user->getUID()
+	 */
+	protected function setMigrationFlag($userId, bool $flag) {
+		$this->config->setUserValue($userId, Application::APP_NAME, 'migrated', $flag ? 1 : 0 );
+	}
+
+	/**
+	 *  get migration flag to user settings
+	 */
+	protected function getMigrationFlag($userId) {
+		return $this->config->getUserValue($userId, Application::APP_NAME, 'migrated', 0) == 1 ? true : false ;
+	}
+
 	/**
 	 * Get openid user data based on username in id system or
 	 * by the generic hash id used by NextCloud user_oidc
@@ -145,6 +165,7 @@ public function find(string $provider, string $username) {
 				'altemail' => $userAccount->getProperty(IAccountManager::PROPERTY_ADDRESS)->getValue(), // tmp location only
 				'quota' => $user->getQuota(),
 				'enabled' => $user->isEnabled(),
+				'migrated' => $this->getMigrationFlag($user->getUID())
 			];
 		} catch (DoesNotExistException | MultipleObjectsReturnedException $eNotFound) {
 			throw new NotFoundException($eNotFound->getMessage());
@@ -181,6 +202,7 @@ protected function createDbUser(string $providerId, string $username) {
 		return $this->oidcUserMapper->insert($user);
 	}
 
+
 	/**
 	 * Create a compliant user for
 	 */
@@ -190,10 +212,11 @@ public function create(string $provider,
 						$email = null,
 						$altemail = null,
 						string $quota = "3 GB",
+						bool $migrated = true,
 						bool $enabled = true) {
 		$providerId = $this->findProviderByIdentifier($provider);
 		if ($this->userExists($providerId, $username)) {
-			throw new UserExistException("OpenID user " . $username . "," . $oidcUserId . " already exists!");
+			throw new UserExistException("OpenID user " . $provider . ":" . $username . " already exists!");
 		}
 		
 		$oidcUser = $this->createDbUser($providerId, $username);
@@ -214,6 +237,7 @@ public function create(string $provider,
 
 		$user->setQuota($quota);
 		$user->setEnabled($enabled);
+		$this->setMigrationFlag($user->getUID(), $migrated);
 
 		try {
 			$userFolder = $this->serverc->getUserFolder($user->getUID());
@@ -242,7 +266,8 @@ public function update(string $provider,
 						$email = null,
 						$altemail = null,
 						$quota = null,
-						bool $enabled = true) {
+						$migrated = null,
+						bool $enabled = null) {
 		$user = $this->findUser($provider, $username);
 		$oidcUser = $this->oidcUserMapper->getUser($user->getUID());
 		$userAccount = $this->accountManager->getAccount($user);
@@ -259,10 +284,13 @@ public function update(string $provider,
 		if ($quota !== null) {
 			$user->setQuota($quota);
 		}
-		$user->setEnabled($enabled);
-							
+		if ($migrated !== null) {
+			$this->setMigrationFlag($user->getUID(), $migrated);
+		}
+		if ($enabled !== null) {
+			$user->setEnabled($enabled);
+		}							
 		if ($displayname !== null) {
-			$oidcUser->setDisplayName($displayname);
 			$oidcUser->setDisplayName($displayname);
 			$this->oidcUserMapper->update($oidcUser);
 		}
@@ -274,6 +302,7 @@ public function update(string $provider,
 			'altemail' => $userAccount->getProperty(IAccountManager::PROPERTY_ADDRESS)->getValue(), // tmp location only
 			'quota' => $user->getQuota(),
 			'enabled' => $user->isEnabled(),
+			'migrated' => $this->getMigrationFlag($user->getUID())
 		];
 	}
 
diff --git a/tests/README.md b/tests/README.md
@@ -6,100 +6,118 @@ tail -f /var/log/nextcloud/nextcloud.json.log |jq 'select(.user=="apitest")'
 # Some example tests with curl:
 - GET, user not found:
 ```
-curl -i -u apitest:qL***u -X GET https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/nmcusers/telekom/12345
+curl -i -u apitest:qL*** u -X GET https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/nmcusers/telekom/12345
 ```
 
 - GET, provider not found:
 ```
-curl -i -u apitest:*** -X GET https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/nmcusers/o2/2f9cee4eab29cd216733b3ddde2o2c693730131c9fb1b2f6c893e1ec9b8
+curl -i -u apitest:***  -X GET https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/nmcusers/o2/2f9cee4eab29cd216733b3ddde2o2c693730131c9fb1b2f6c893e1ec9b8
 ```
 
 - GET, existing user. anid/username key
 ```
-curl -i -u apitest:***  -X GET https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/nmcusers/telekom/120049010000000006612061
+curl -i -u apitest:***   -X GET https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/nmcusers/telekom/120049010000000006612061
 ```
 
 - GET, no limit
 ```
-curl -i -u apitest:***  -X GET https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/nmcusers/telekom
+curl -i -u apitest:***   -X GET https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/nmcusers/telekom
 ```
 
 - GET list, limit
 ```
-curl -i -u apitest:***  -X GET https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/nmcusers/telekom?limit=1
+curl -i -u apitest:***   -X GET https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/nmcusers/telekom?limit=1
 ```
 
 - GET list, offset
 ```
-curl -i -u apitest:***  -X GET https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/nmcusers/telekom?offset=1
+curl -i -u apitest:***   -X GET https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/nmcusers/telekom?offset=1
 ```
 
 - GET list, offset, limit
 ```
-curl -i -u apitest:***  -X GET https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/nmcusers/telekom?offset=1&limit=3
+curl -i -u apitest:***   -X GET https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/nmcusers/telekom?offset=1&limit=3
 ```
 
 
 - CREATE, with known anid/username, no email:
 ```
-curl -i -u apitest:***  -X POST -H "Content-Type: application/json" -H "Accept: application/json" --data-raw '{"username": "120049010000000006612061", "displayname": "User, Test", "quota": "3GB" }' https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/nmcusers/telekom 
+curl -i -u apitest:***   -X POST -H "Content-Type: application/json" -H "Accept: application/json" --data-raw '{"username": "120049010000000006612061", "displayname": "User, Test", "quota": "3GB" }' https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/nmcusers/telekom 
 ```
 On second call, there should be a `409 CONFLICT` because user already exists 
 
+- CREATE, with known anid/username, no quota, email, altemail, migrated, disabled:
+```
+curl -i -u apitest:***   -X POST -H "Content-Type: application/json" -H "Accept: application/json" --data-raw '{"username": "120049010000000006615089", "displayname": "User, Test", "email": "nmcloud03@ver.sul.t-online.de", "altemail": "fool@fool.cloud", "enabled": false, "migrated": true}' https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/nmcusers/telekom 
+```
+
 - CREATE, with known anid/username, no quota, email, altemail:
 ```
-curl -i -u apitest:***  -X POST -H "Content-Type: application/json" -H "Accept: application/json" --data-raw '{"username": "120049010000000006613061", "displayname": "User, Test", "email": "nmcloud03@ver.sul.t-online.de", "altemail": "fool@fool.cloud"}' https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/nmcusers/telekom 
+curl -i -u apitest:***   -X POST -H "Content-Type: application/json" -H "Accept: application/json" --data-raw '{"username": "120049010000000006613061", "displayname": "User, Test", "email": "nmcloud03@ver.sul.t-online.de", "altemail": "fool@fool.cloud"}' https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/nmcusers/telekom 
 ```
 
 
+
 - PUT update, user not found:
-curl -i -u apitest:***  -X PUT -H "Content-Type: application/json" -H "Accept: application/json" --data-raw '{ "displayname": "User, Test2" }' https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/nmcusers/telekom/12345
+curl -i -u apitest:***   -X PUT -H "Content-Type: application/json" -H "Accept: application/json" --data-raw '{ "displayname": "User, Test2" }' https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/nmcusers/telekom/12345
 
 - PUT update, provider not found:
-curl -i -u apitest:***  -X PUT -H "Content-Type: application/json" -H "Accept: application/json" --data-raw '{ "displayname": "User, Test2" }' https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/nmcusers/o2/120049010000000006612061
+curl -i -u apitest:***   -X PUT -H "Content-Type: application/json" -H "Accept: application/json" --data-raw '{ "displayname": "User, Test2" }' https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/nmcusers/o2/120049010000000006612061
 
 - PUT update, anid/username key, displayname change only
 ```
-curl -i -u apitest:***  -X PUT -H "Content-Type: application/json" -H "Accept: application/json" --data-raw '{ "displayname": "User, Test2" }' https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/nmcusers/telekom/120049010000000006612061
+curl -i -u apitest:***   -X PUT -H "Content-Type: application/json" -H "Accept: application/json" --data-raw '{ "displayname": "User, Test2" }' https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/nmcusers/telekom/120049010000000006612061
+```
+
+- PUT update, anid/username key, disable only
+```
+curl -i -u apitest:***   -X PUT -H "Content-Type: application/json" -H "Accept: application/json" --data-raw '{ "enabled": true }' https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/nmcusers/telekom/120049010000000006612061
+```
+
+- PUT update, anid/username key, migration flag
+```
+curl -i -u apitest:***   -X PUT -H "Content-Type: application/json" -H "Accept: application/json" --data-raw '{ "migrated": true }' https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/nmcusers/telekom/120049010000000006612061
 ```
 
+
+
 - PUT update, anid/username key, account changes on quota only
 ```
-curl -i -u apitest:***  -X PUT -H "Content-Type: application/json" -H "Accept: application/json" --data-raw '{ "quota": "1TB" }' https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/nmcusers/telekom/120049010000000006612061 
+curl -i -u apitest:***   -X PUT -H "Content-Type: application/json" -H "Accept: application/json" --data-raw '{ "quota": "1TB" }' https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/nmcusers/telekom/120049010000000006612061 
 ```
 
 - PUT update, anid/username key, changes on displayname, email and altemail only
 ```
-curl -i -u apitest:***  -X PUT -H "Content-Type: application/json" -H "Accept: application/json" --data-raw '{ "email": "nmcloud02@ver.sul.magenta.de", "altemail": "fool2@foolish.org" }' https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/nmcusers/telekom/120049010000000006612061 
+curl -i -u apitest:***   -X PUT -H "Content-Type: application/json" -H "Accept: application/json" --data-raw '{ "email": "nmcloud02@ver.sul.magenta.de", "altemail": "fool2@foolish.org" }' https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/nmcusers/telekom/120049010000000006612061 
 ```
 
 
 - DELETE, not found
 ```
-curl -i -u apitest:***  -X DELETE https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/nmcusers/telekom/12345
+curl -i -u apitest:***   -X DELETE https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/nmcusers/telekom/12345
 ```
 
 - DELETE, existing user with id
 ```
-curl -i -u apitest:***  -X DELETE https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/nmcusers/telekom/2f9cee4eab29cd216733b3ddde29ab209ec693730131c9fb1b2f6c893e1ec9b8
+curl -i -u apitest:***   -X DELETE https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/nmcusers/telekom/2f9cee4eab29cd216733b3ddde29ab209ec693730131c9fb1b2f6c893e1ec9b8
 ```
 
 - DELETE, existing user with anid/username
 ```
-curl -i -u apitest:***  -X DELETE https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/nmcusers/telekom/120049010000000006612061
+curl -i -u apitest:***   -X DELETE https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/nmcusers/telekom/120049010000000006612061
 ```
 
 - GET token, not found
 ```
-curl -i -u apitest:***  -X GET https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/token/telekom/12345
+curl -i -u apitest:***   -X GET https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/token/telekom/12345
 ```
 
 - GET token, existing user by id hash:
 ```
-curl -i -u apitest:***  -X GET https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/token/telekom/2f9cee4eab29cd216733b3ddde29ab209ec693730131c9fb1b2f6c893e1ec9b8
+curl -i -u apitest:***   -X GET https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/token/telekom/2f9cee4eab29cd216733b3ddde29ab209ec693730131c9fb1b2f6c893e1ec9b8
 ```
 
 - GET token, existing user by anid/username:
 ```
-curl -i -u apitest:***  -X GET https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/token/telekom/120049010000000006612061
+curl -i -u apitest:***   -X GET https://dev2.next.magentacloud.de/apps/nmcuser_oidc/api/1.1/token/telekom/120049010000000006612061
 ```
