Merge branch 'main' into BC-5629-batch-deletion-mechanism

apps/server/src/modules/authentication/controllers/api-test/login.api.spec.ts

@@ -192,6 +192,7 @@ describe('Login Controller (api)', () => {
 				expect(decodedToken).toHaveProperty('accountId');
 				expect(decodedToken).toHaveProperty('schoolId');
 				expect(decodedToken).toHaveProperty('roles');
+				expect(decodedToken).toHaveProperty('isExternalUser');
 				expect(decodedToken).not.toHaveProperty('externalIdToken');
 			});
 		});
@@ -287,7 +288,7 @@ describe('Login Controller (api)', () => {
 					roles: [studentRole.id],
 					schoolId: school.id,
 					accountId: account.id,
-					isExternalUser: false,
+					isExternalUser: true,
 				});
 				expect(decodedToken).not.toHaveProperty('externalIdToken');
 			});

apps/server/src/modules/authentication/interface/index.ts

@@ -1 +1,2 @@
 export * from './user';
+export * from './oauth-current-user';

apps/server/src/modules/authentication/interface/oauth-current-user.ts

@@ -0,0 +1,6 @@
+import { ICurrentUser } from './user';
+
+export interface OauthCurrentUser extends ICurrentUser {
+	/** Contains the idToken of the external idp. Will be set during oAuth2 login and used for rp initiated logout  */
+	externalIdToken?: string;
+}

apps/server/src/modules/authentication/interface/user.ts

@@ -16,11 +16,6 @@ export interface ICurrentUser {
 	/** True if a support member impersonates the user */
 	impersonated?: boolean;
 
-	/** True if the user is an external user e.g. an oauth user */
+	/** True if the user is an external user e.g. an oauth user or ldap user */
 	isExternalUser: boolean;
 }
-
-export interface OauthCurrentUser extends ICurrentUser {
-	/** Contains the idToken of the external idp. Will be set during oAuth2 login and used for rp initiated logout  */
-	externalIdToken?: string;
-}

apps/server/src/modules/authentication/mapper/current-user.mapper.spec.ts

@@ -15,42 +15,78 @@ describe('CurrentUserMapper', () => {
 
 	describe('userToICurrentUser', () => {
 		describe('when mapping from a user entity to the current user object', () => {
-			it('should map with roles', () => {
-				const teacherRole = roleFactory.buildWithId({ name: RoleName.TEACHER, permissions: [Permission.STUDENT_EDIT] });
-				const user = userFactory.buildWithId({
-					roles: [teacherRole],
-				});
-				const currentUser: ICurrentUser = CurrentUserMapper.userToICurrentUser(accountId, user);
-				expect(currentUser).toMatchObject({
-					accountId,
-					systemId: undefined,
-					roles: [teacherRole.id],
-					schoolId: null,
+			describe('when user has roles', () => {
+				const setup = () => {
+					const teacherRole = roleFactory.buildWithId({
+						name: RoleName.TEACHER,
+						permissions: [Permission.STUDENT_EDIT],
+					});
+					const user = userFactory.buildWithId({
+						roles: [teacherRole],
+					});
+
+					return {
+						teacherRole,
+						user,
+					};
+				};
+
+				it('should map with roles', () => {
+					const { teacherRole, user } = setup();
+
+					const currentUser: ICurrentUser = CurrentUserMapper.userToICurrentUser(accountId, user, false);
+
+					expect(currentUser).toMatchObject({
+						accountId,
+						systemId: undefined,
+						roles: [teacherRole.id],
+						schoolId: null,
+						isExternalUser: false,
+					});
 				});
 			});
 
-			it('should map without roles', () => {
-				const user = userFactory.buildWithId();
-				const currentUser: ICurrentUser = CurrentUserMapper.userToICurrentUser(accountId, user);
-				expect(currentUser).toMatchObject({
-					accountId,
-					systemId: undefined,
-					roles: [],
-					schoolId: null,
+			describe('when user has no roles', () => {
+				it('should map without roles', () => {
+					const user = userFactory.buildWithId();
+
+					const currentUser: ICurrentUser = CurrentUserMapper.userToICurrentUser(accountId, user, true);
+
+					expect(currentUser).toMatchObject({
+						accountId,
+						systemId: undefined,
+						roles: [],
+						schoolId: null,
+						isExternalUser: true,
+					});
 				});
 			});
 
-			it('should map system and school', () => {
-				const user = userFactory.buildWithId({
-					school: schoolFactory.buildWithId(),
-				});
-				const systemId = 'mockSystemId';
-				const currentUser: ICurrentUser = CurrentUserMapper.userToICurrentUser(accountId, user, systemId);
-				expect(currentUser).toMatchObject({
-					accountId,
-					systemId,
-					roles: [],
-					schoolId: user.school.id,
+			describe('when systemId is provided', () => {
+				const setup = () => {
+					const user = userFactory.buildWithId({
+						school: schoolFactory.buildWithId(),
+					});
+					const systemId = 'mockSystemId';
+
+					return {
+						user,
+						systemId,
+					};
+				};
+
+				it('should map system and school', () => {
+					const { user, systemId } = setup();
+
+					const currentUser: ICurrentUser = CurrentUserMapper.userToICurrentUser(accountId, user, false, systemId);
+
+					expect(currentUser).toMatchObject({
+						accountId,
+						systemId,
+						roles: [],
+						schoolId: user.school.id,
+						isExternalUser: false,
+					});
 				});
 			});
 		});

apps/server/src/modules/authentication/mapper/current-user.mapper.ts

@@ -6,14 +6,14 @@ import { ICurrentUser, OauthCurrentUser } from '../interface';
 import { CreateJwtPayload, JwtPayload } from '../interface/jwt-payload';
 
 export class CurrentUserMapper {
-	static userToICurrentUser(accountId: string, user: User, systemId?: string): ICurrentUser {
+	static userToICurrentUser(accountId: string, user: User, isExternalUser: boolean, systemId?: string): ICurrentUser {
 		return {
 			accountId,
 			systemId,
 			roles: user.roles.getItems().map((role: Role) => role.id),
 			schoolId: user.school.id,
 			userId: user.id,
-			isExternalUser: false,
+			isExternalUser,
 		};
 	}
 

apps/server/src/modules/authentication/strategy/ldap.strategy.spec.ts

@@ -436,7 +436,7 @@ describe('LdapStrategy', () => {
 					schoolId: school.id,
 					systemId: system.id,
 					accountId: account.id,
-					isExternalUser: false,
+					isExternalUser: true,
 				});
 			});
 		});
@@ -501,7 +501,7 @@ describe('LdapStrategy', () => {
 					schoolId: school.id,
 					systemId: system.id,
 					accountId: account.id,
-					isExternalUser: false,
+					isExternalUser: true,
 				});
 			});
 		});

apps/server/src/modules/authentication/strategy/ldap.strategy.ts

@@ -1,10 +1,10 @@
+import { AccountDto } from '@modules/account/services/dto';
 import { Injectable, UnauthorizedException } from '@nestjs/common';
 import { PassportStrategy } from '@nestjs/passport';
 import { LegacySchoolDo, SystemEntity, User } from '@shared/domain';
 import { LegacySchoolRepo, SystemRepo, UserRepo } from '@shared/repo';
 import { ErrorLoggable } from '@src/core/error/loggable/error.loggable';
 import { Logger } from '@src/core/logger';
-import { AccountDto } from '@modules/account/services/dto';
 import { Strategy } from 'passport-custom';
 import { LdapAuthorizationBodyParams } from '../controllers/dto';
 import { ICurrentUser } from '../interface';
@@ -48,7 +48,7 @@ export class LdapStrategy extends PassportStrategy(Strategy, 'ldap') {
 
 		await this.checkCredentials(account, system, ldapDn, password);
 
-		const currentUser: ICurrentUser = CurrentUserMapper.userToICurrentUser(account.id, user, systemId);
+		const currentUser: ICurrentUser = CurrentUserMapper.userToICurrentUser(account.id, user, true, systemId);
 
 		return currentUser;
 	}

apps/server/src/modules/authentication/strategy/local.strategy.ts

@@ -39,7 +39,7 @@ export class LocalStrategy extends PassportStrategy(Strategy) {
 			new Error(`login failing, because account ${account.id} has no userId`)
 		);
 		const user = await this.userRepo.findById(accountUserId, true);
-		const currentUser = CurrentUserMapper.userToICurrentUser(account.id, user);
+		const currentUser = CurrentUserMapper.userToICurrentUser(account.id, user, false);
 		return currentUser;
 	}