created controllers, services for /api/login endpoint for user authen…

…tication on keycloak
dBildungsplattform · Oct 10, 2023 · be0e30d · be0e30d
1 parent 3b783af
commit be0e30d
Show file tree

Hide file tree

Showing 20 changed files with 627 additions and 0 deletions.
diff --git a/config/config.dev.json b/config/config.dev.json
@@ -13,5 +13,11 @@
         "BASE_URL": "http://127.0.0.1:8080",
         "REALM_NAME": "master",
         "CLIENT_ID": "admin-cli"
+    },
+    "SCHULPORTAL": {
+        "BASE_URL": "http://127.0.0.1:8080",
+        "REALM_NAME": "schulportal",
+        "CLIENT_ID": "schulportal",
+        "USERNAME": "dummy"
     }
 }
diff --git a/config/config.test.json b/config/config.test.json
@@ -13,5 +13,11 @@
         "BASE_URL": "http://127.0.0.1:8080",
         "REALM_NAME": "master",
         "CLIENT_ID": "admin-cli"
+    },
+    "SCHULPORTAL": {
+        "BASE_URL": "http://127.0.0.1:8080",
+        "REALM_NAME": "schulportal",
+        "CLIENT_ID": "schulportal",
+        "USERNAME": "dummy"
     }
 }
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -49,10 +49,12 @@
         "axios": "^1.5.0",
         "class-transformer": "^0.5.1",
         "class-validator": "^0.14.0",
+        "express": "^4.18.2",
         "lodash": "^4.17.21",
         "lodash-es": "^4.17.21",
         "nest-commander": "^3.9.0",
         "nest-keycloak-connect": "^1.9.2",
+        "openid-client": "^5.6.0",
         "reflect-metadata": "^0.1.13",
         "rxjs": "^7.2.0"
     },

diff --git a/src/modules/ui-backend/api/keycloak-exception-filter.ts b/src/modules/ui-backend/api/keycloak-exception-filter.ts
@@ -0,0 +1,6 @@
+import { Catch } from '@nestjs/common';
+import { KeycloakClientError } from '../../../shared/error/index.js';
+import { UiBackendExceptionFilter } from './ui-backend-exception-filter.js';
+
+@Catch(KeycloakClientError)
+export class KeyCloakExceptionFilter extends UiBackendExceptionFilter<KeycloakClientError> {}
diff --git a/src/modules/ui-backend/api/login.controller.spec.ts b/src/modules/ui-backend/api/login.controller.spec.ts
@@ -0,0 +1,116 @@
+import { Test, TestingModule } from '@nestjs/testing';
+import { LoginController } from './login.controller.js';
+import { createMock, DeepMocked } from '@golevelup/ts-jest';
+import { LoginService } from '../domain/login.service.js';
+import { faker } from '@faker-js/faker';
+import { TokenSet } from 'openid-client';
+import { UserParams } from './user.params.js';
+import { KeycloakClientError, UserAuthenticationFailedError } from '../../../shared/error/index.js';
+import { NewLoginService } from '../domain/new-login.service.js';
+
+describe('LoginController', () => {
+    let module: TestingModule;
+    let loginController: LoginController;
+    let loginServiceMock: DeepMocked<LoginService>;
+    let someServiceMock: DeepMocked<NewLoginService>;
+    let tokenSet: DeepMocked<TokenSet>;
+
+    beforeAll(async () => {
+        module = await Test.createTestingModule({
+            imports: [],
+            providers: [
+                LoginController,
+                {
+                    provide: LoginService,
+                    useValue: createMock<LoginService>(),
+                },
+                {
+                    provide: NewLoginService,
+                    useValue: createMock<NewLoginService>(),
+                },
+                {
+                    provide: TokenSet,
+                    useValue: createMock<TokenSet>(),
+                },
+            ],
+        }).compile();
+        loginController = module.get(LoginController);
+        loginServiceMock = module.get(LoginService);
+        someServiceMock = module.get(NewLoginService);
+        tokenSet = module.get(TokenSet);
+    });
+
+    afterAll(async () => {
+        await module.close();
+    });
+
+    beforeEach(() => {
+        jest.resetAllMocks();
+    });
+
+    it('should be defined', () => {
+        expect(loginController).toBeDefined();
+    });
+
+    describe('when getting result from service', () => {
+        it('should not throw', async () => {
+            const userParams: UserParams = {
+                username: faker.string.alpha(),
+                password: faker.string.alpha(),
+            };
+            loginServiceMock.getTokenForUser.mockResolvedValue(tokenSet);
+            await expect(loginController.loginUser(userParams)).resolves.not.toThrow();
+            expect(loginServiceMock.getTokenForUser).toHaveBeenCalledTimes(1);
+        });
+    });
+
+    describe('when getting KeyCloak-error from service', () => {
+        it('should throw', async () => {
+            const errorMsg: string = 'keycloak not available';
+            const userParams: UserParams = {
+                username: faker.string.alpha(),
+                password: faker.string.alpha(),
+            };
+            loginServiceMock.getTokenForUser.mockImplementation(() => {
+                throw new KeycloakClientError(errorMsg);
+            });
+            await expect(loginController.loginUser(userParams)).rejects.toThrow(errorMsg);
+            expect(loginServiceMock.getTokenForUser).toHaveBeenCalledTimes(1);
+        });
+    });
+
+    describe('when getting User-authentication-failed-error from service', () => {
+        it('should throw', async () => {
+            const errorMsg: string = 'user could not be authenticated';
+            const userParams: UserParams = {
+                username: faker.string.alpha(),
+                password: faker.string.alpha(),
+            };
+            loginServiceMock.getTokenForUser.mockImplementation(() => {
+                throw new UserAuthenticationFailedError(errorMsg);
+            });
+            await expect(loginController.loginUser(userParams)).rejects.toThrow(errorMsg);
+            expect(loginServiceMock.getTokenForUser).toHaveBeenCalledTimes(1);
+        });
+    });
+
+    describe('when getting User-authentication-failed-error from service', () => {
+        it('should throw', async () => {
+            const userParams: UserParams = {
+                username: faker.string.alpha(),
+                password: faker.string.alpha(),
+            };
+            someServiceMock.auth.mockResolvedValueOnce({
+                ok: false,
+                error: new UserAuthenticationFailedError('User could not be authenticated successfully.'),
+            });
+            await expect(loginController.loginUserResult(userParams)).resolves.toStrictEqual<
+                Result<UserAuthenticationFailedError>
+            >({
+                ok: false,
+                error: new UserAuthenticationFailedError('User could not be authenticated successfully.'),
+            });
+            expect(someServiceMock.auth).toHaveBeenCalledTimes(1);
+        });
+    });
+});
diff --git a/src/modules/ui-backend/api/login.controller.ts b/src/modules/ui-backend/api/login.controller.ts
@@ -0,0 +1,47 @@
+import { Body, Controller, HttpStatus, Post, UseFilters } from '@nestjs/common';
+import {
+    ApiInternalServerErrorResponse,
+    ApiNotFoundResponse,
+    ApiServiceUnavailableResponse,
+    ApiTags,
+} from '@nestjs/swagger';
+import { UserParams } from './user.params.js';
+import { LoginService } from '../domain/login.service.js';
+import { TokenSet } from 'openid-client';
+import { KeyCloakExceptionFilter } from './keycloak-exception-filter.js';
+import { UserAuthenticationFailedExceptionFilter } from './user-authentication-failed-exception-filter.js';
+import { NewLoginService } from '../domain/new-login.service.js';
+import { DomainError } from '../../../shared/error/index.js';
+
+@ApiTags('api/login')
+@Controller({ path: 'login'})
+export class LoginController {
+    public constructor(private loginService: LoginService, private someService: NewLoginService) {}
+
+    @Post()
+    @UseFilters(
+        new KeyCloakExceptionFilter(HttpStatus.SERVICE_UNAVAILABLE),
+        new UserAuthenticationFailedExceptionFilter(HttpStatus.NOT_FOUND),
+    )
+    @ApiNotFoundResponse({
+        description: 'USER_AUTHENTICATION_FAILED_ERROR: User could not be authenticated successfully.',
+    })
+    @ApiInternalServerErrorResponse({ description: 'Internal server error while retrieving token.' })
+    @ApiServiceUnavailableResponse({ description: 'KEYCLOAK_CLIENT_ERROR: KeyCloak service did not respond.' })
+    public async loginUser(@Body() params: UserParams): Promise<TokenSet> {
+        return this.loginService.getTokenForUser(params.username, params.password);
+    }
+
+    @Post('result')
+    @UseFilters(
+        new KeyCloakExceptionFilter(HttpStatus.SERVICE_UNAVAILABLE),
+        new UserAuthenticationFailedExceptionFilter(HttpStatus.NOT_FOUND),
+    )
+    @ApiNotFoundResponse({
+        description: 'USER_AUTHENTICATION_FAILED_ERROR: User could not be authenticated successfully.',
+    })
+    @ApiInternalServerErrorResponse({ description: 'Internal server error while retrieving token.' })
+    public async loginUserResult(@Body() params: UserParams): Promise<Result<string, DomainError>> {
+        return this.someService.auth(params.username, params.password);
+    }
+}