diff --git a/server/src/main/java/access/api/InvitationController.java b/server/src/main/java/access/api/InvitationController.java index 1bf4fae8..4a8e5b78 100644 --- a/server/src/main/java/access/api/InvitationController.java +++ b/server/src/main/java/access/api/InvitationController.java @@ -211,6 +211,7 @@ public ResponseEntity> accept(@Validated @RequestBody Accept user.setLastActivity(Instant.now()); invitation.setStatus(Status.ACCEPTED); + invitation.setSubInvitee(sub); invitationRepository.save(invitation); AccessLogger.invitation(LOG, Event.Accepted, invitation); diff --git a/server/src/main/java/access/api/UserController.java b/server/src/main/java/access/api/UserController.java index 205a7b20..a4df36ad 100644 --- a/server/src/main/java/access/api/UserController.java +++ b/server/src/main/java/access/api/UserController.java @@ -146,8 +146,8 @@ public View msAcceptReturn(@PathVariable("sub") String sub) { Map provisioningMap = manage.providerById(EntityType.PROVISIONING, remoteProvisionedUser.getManageProvisioningId()); Provisioning provisioning = new Provisioning(provisioningMap); graphClient.updateUserRequest(user, provisioning, remoteProvisionedUser.getRemoteIdentifier()); - //TODO, this does not work as the invitation is accepted with a different email. Store something on the invitation for the graph repsonse - String invitationHash = invitationRepository.findTopByEmailOrderByCreatedAtDesc(user.getEmail()).map(Invitation::getHash).orElse(""); + String invitationHash = invitationRepository.findTopBySubInviteeOrderByCreatedAtDesc(user.getSub()) + .map(Invitation::getHash).orElse(""); String redirectUrl = String.format("%s/proceed?hash=%s&isRedirect=true", config.getWelcomeUrl(), invitationHash); redirectReference.set(redirectUrl); }); diff --git a/server/src/main/java/access/model/Invitation.java b/server/src/main/java/access/model/Invitation.java index 733b94e6..a6e5ef5b 100644 --- a/server/src/main/java/access/model/Invitation.java +++ b/server/src/main/java/access/model/Invitation.java @@ -43,6 +43,9 @@ public class Invitation implements Serializable { @JsonProperty(access = JsonProperty.Access.WRITE_ONLY) private String hash; + @Column(name = "sub_invitee") + private String subInvitee; + @Column(name = "enforce_email_equality") private boolean enforceEmailEquality; diff --git a/server/src/main/java/access/repository/InvitationRepository.java b/server/src/main/java/access/repository/InvitationRepository.java index 2533b214..591166bf 100644 --- a/server/src/main/java/access/repository/InvitationRepository.java +++ b/server/src/main/java/access/repository/InvitationRepository.java @@ -17,7 +17,7 @@ public interface InvitationRepository extends JpaRepository { attributePaths = {"inviter", "roles", "roles.role"}) Optional findByHash(String hash); - Optional findTopByEmailOrderByCreatedAtDesc(String email); + Optional findTopBySubInviteeOrderByCreatedAtDesc(String email); List findByStatusAndRoles_role(Status status, Role role); diff --git a/server/src/main/resources/db/mysql/migration/V7_0__invitation_sub.sql b/server/src/main/resources/db/mysql/migration/V7_0__invitation_sub.sql new file mode 100644 index 00000000..3dc1a13a --- /dev/null +++ b/server/src/main/resources/db/mysql/migration/V7_0__invitation_sub.sql @@ -0,0 +1,2 @@ +ALTER TABLE `invitations` + add `sub_invitee` varchar(255) DEFAULT NULL; diff --git a/server/src/test/java/access/Seed.java b/server/src/test/java/access/Seed.java index 97f28842..d80d8a36 100644 --- a/server/src/test/java/access/Seed.java +++ b/server/src/test/java/access/Seed.java @@ -96,6 +96,9 @@ public void doSeed() { new Invitation(Authority.GUEST, Authority.GUEST.name(), "guest@new.com", false,false, message, inviter, expiryDate,roleExpiryDate, Set.of(new InvitationRole(mail))); guestInvitation.setEduIDOnly(true); + //To test graph callback + guestInvitation.setSubInvitee(GUEST_SUB); + Invitation graphInvitation = new Invitation(Authority.GUEST, GRAPH_INVITATION_HASH, "graph@new.com", false,false, message, inviter,expiryDate, roleExpiryDate, Set.of(new InvitationRole(network))); diff --git a/server/src/test/java/access/api/UserControllerTest.java b/server/src/test/java/access/api/UserControllerTest.java index 006ca99e..d094c47c 100644 --- a/server/src/test/java/access/api/UserControllerTest.java +++ b/server/src/test/java/access/api/UserControllerTest.java @@ -351,7 +351,7 @@ void msAcceptReturn() throws Exception { .get("/api/v1/users/ms-accept-return/{sub}") .then() .statusCode(302) - .header("Location", "http://localhost:4000"); + .header("Location", "http://localhost:4000/proceed?hash=GUEST&isRedirect=true"); } @Test diff --git a/server/src/test/java/access/provision/graph/GraphClientTest.java b/server/src/test/java/access/provision/graph/GraphClientTest.java index 52fd3666..425b5e8c 100644 --- a/server/src/test/java/access/provision/graph/GraphClientTest.java +++ b/server/src/test/java/access/provision/graph/GraphClientTest.java @@ -1,26 +1,25 @@ package access.provision.graph; +import access.AbstractTest; import access.manage.LocalManage; import access.provision.Provisioning; import com.azure.identity.ClientSecretCredential; import com.azure.identity.ClientSecretCredentialBuilder; import com.fasterxml.jackson.databind.ObjectMapper; import com.microsoft.graph.authentication.TokenCredentialAuthProvider; -import com.microsoft.graph.models.User; import com.microsoft.graph.requests.GraphServiceClient; import com.microsoft.graph.requests.UserRequest; +import org.junit.jupiter.api.Disabled; import org.junit.jupiter.api.Test; import java.util.List; -import java.util.Map; -import static access.Seed.GUEST_SUB; import static access.Seed.INVITER_SUB; -import static org.junit.jupiter.api.Assertions.*; -class GraphClientTest { +class GraphClientTest extends AbstractTest { @Test + @Disabled void newUserRequest() { GraphClient graphClient = new GraphClient("http://localhost:8080", "test.eduid.nl"); LocalManage localManage = new LocalManage(new ObjectMapper(), true);