From dcb221df5f10e1a757175c95928aa289e5e6beda Mon Sep 17 00:00:00 2001 From: Igor Richter Date: Thu, 28 Sep 2023 11:51:26 +0200 Subject: [PATCH] remove from group: - strategy + spec - service WIP --- .../strategy/oidc/oidc.strategy.spec.ts | 20 +++++++++++++++++++ .../strategy/oidc/oidc.strategy.ts | 6 +++++- .../oidc/service/oidc-provisioning.service.ts | 15 ++++++++++++++ 3 files changed, 40 insertions(+), 1 deletion(-) diff --git a/apps/server/src/modules/provisioning/strategy/oidc/oidc.strategy.spec.ts b/apps/server/src/modules/provisioning/strategy/oidc/oidc.strategy.spec.ts index 80bdfdf4c88..86192dac09b 100644 --- a/apps/server/src/modules/provisioning/strategy/oidc/oidc.strategy.spec.ts +++ b/apps/server/src/modules/provisioning/strategy/oidc/oidc.strategy.spec.ts @@ -198,6 +198,18 @@ describe('OidcStrategy', () => { }; }; + it('should call the OidcProvisioningService.removeUserFromExternalGroups', async () => { + const { oauthData } = setup(); + + await strategy.apply(oauthData); + + expect(oidcProvisioningService.removeUserFromExternalGroups).toHaveBeenCalledWith( + oauthData.externalUser.externalId, + oauthData.externalGroups, + oauthData.system.systemId + ); + }); + it('should call the OidcProvisioningService.provisionExternalGroup for each group', async () => { const { oauthData } = setup(); @@ -241,6 +253,14 @@ describe('OidcStrategy', () => { }; }; + it('should not call the OidcProvisioningService.removeUserFromExternalGroups', async () => { + const { oauthData } = setup(); + + await strategy.apply(oauthData); + + expect(oidcProvisioningService.removeUserFromExternalGroups).not.toHaveBeenCalled(); + }); + it('should not call the OidcProvisioningService.provisionExternalGroup', async () => { const { oauthData } = setup(); diff --git a/apps/server/src/modules/provisioning/strategy/oidc/oidc.strategy.ts b/apps/server/src/modules/provisioning/strategy/oidc/oidc.strategy.ts index f51fc49abed..7fe361bfabb 100644 --- a/apps/server/src/modules/provisioning/strategy/oidc/oidc.strategy.ts +++ b/apps/server/src/modules/provisioning/strategy/oidc/oidc.strategy.ts @@ -24,7 +24,11 @@ export abstract class OidcProvisioningStrategy extends ProvisioningStrategy { ); if (Configuration.get('FEATURE_SANIS_GROUP_PROVISIONING_ENABLED') && data.externalGroups) { - // TODO: N21-1212 remove user from groups + await this.oidcProvisioningService.removeUserFromExternalGroups( + data.externalUser.externalId, + data.externalGroups, + data.system.systemId + ); await Promise.all( data.externalGroups.map((externalGroup) => diff --git a/apps/server/src/modules/provisioning/strategy/oidc/service/oidc-provisioning.service.ts b/apps/server/src/modules/provisioning/strategy/oidc/service/oidc-provisioning.service.ts index 1a16b8578c9..179af9eb370 100644 --- a/apps/server/src/modules/provisioning/strategy/oidc/service/oidc-provisioning.service.ts +++ b/apps/server/src/modules/provisioning/strategy/oidc/service/oidc-provisioning.service.ts @@ -185,4 +185,19 @@ export class OidcProvisioningService { return filteredUsers; } + + async removeUserFromExternalGroups( + externalUserId: EntityId, + externalGroups: ExternalGroupDto[], + systemId: EntityId + ): Promise { + const existingGroupsOfUser: Group[] = await this.groupService.findByUserId(externalUserId); // TODO implement service and repo function + + const groupsWithoutUser: Group[] = await Promise.all( + existingGroupsOfUser.map(async (existingGroup: Group): Promise => { + // TODO check for existingGroup not in externalGroups[] and remove user from this group + }) + ); + // TODO remove all groupsWithoutUser.length === 0 + } }