Skip to content

Commit

Permalink
Merge branch 'THR-18-dev-feature-h5p-editor' of https://github.com/hp…
Browse files Browse the repository at this point in the history
…i-schul-cloud/schulcloud-server into THR-18-dev-feature-h5p-editor
  • Loading branch information
MajedAlaitwniCap committed Nov 6, 2023
2 parents a8242f6 + 93ee321 commit f1aac17
Show file tree
Hide file tree
Showing 159 changed files with 4,339 additions and 1,429 deletions.
1 change: 1 addition & 0 deletions .github/workflows/test.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ on:
branches: [ main ]
pull_request:
branches: [ main ]
workflow_dispatch:

permissions:
contents: read
Expand Down
8 changes: 5 additions & 3 deletions ansible/roles/schulcloud-server-core/tasks/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -92,12 +92,14 @@
template: api-fwu-deployment.yml.j2
when: FEATURE_FWU_CONTENT_ENABLED is defined and FEATURE_FWU_CONTENT_ENABLED|bool

- name: Fwu Learning Contents Ingress
- name: Fwu Learning Contents Ingress Remove
kubernetes.core.k8s:
kubeconfig: ~/.kube/config
namespace: "{{ NAMESPACE }}"
template: api-fwu-ingress.yml.j2
apply: yes
state: absent
api_version: networking.k8s.io/v1
kind: Ingress
name: "{{ NAMESPACE }}-api-fwu-ingress"
when: FEATURE_FWU_CONTENT_ENABLED is defined and FEATURE_FWU_CONTENT_ENABLED|bool

- name: Delete Files CronJob
Expand Down

This file was deleted.

Original file line number Diff line number Diff line change
@@ -1,16 +1,17 @@
import { EntityManager } from '@mikro-orm/core';
import { SSOErrorCode } from '@modules/oauth/loggable';
import { OauthTokenResponse } from '@modules/oauth/service/dto';
import { ServerTestModule } from '@modules/server/server.module';
import { HttpStatus, INestApplication } from '@nestjs/common';
import { Test, TestingModule } from '@nestjs/testing';
import { Account, RoleName, SchoolEntity, SystemEntity, User } from '@shared/domain';
import { accountFactory, roleFactory, schoolFactory, systemFactory, userFactory } from '@shared/testing';
import { SSOErrorCode } from '@modules/oauth/loggable';
import { OauthTokenResponse } from '@modules/oauth/service/dto';
import { ServerTestModule } from '@modules/server/server.module';
import axios from 'axios';
import MockAdapter from 'axios-mock-adapter';
import crypto, { KeyPairKeyObjectResult } from 'crypto';
import jwt from 'jsonwebtoken';
import request, { Response } from 'supertest';
import { ICurrentUser } from '../../interface';
import { LdapAuthorizationBodyParams, LocalAuthorizationBodyParams, OauthLoginResponse } from '../dto';

const ldapAccountUserName = 'ldapAccountUserName';
Expand Down Expand Up @@ -145,41 +146,38 @@ describe('Login Controller (api)', () => {
});

describe('loginLdap', () => {
let account: Account;
let user: User;
let school: SchoolEntity;
let system: SystemEntity;

beforeAll(async () => {
const schoolExternalId = 'mockSchoolExternalId';
system = systemFactory.withLdapConfig().buildWithId({});
school = schoolFactory.buildWithId({ systems: [system], externalId: schoolExternalId });
const studentRoles = roleFactory.build({ name: RoleName.STUDENT, permissions: [] });
describe('when user login succeeds', () => {
const setup = async () => {
const schoolExternalId = 'mockSchoolExternalId';
const system: SystemEntity = systemFactory.withLdapConfig().buildWithId({});
const school: SchoolEntity = schoolFactory.buildWithId({ systems: [system], externalId: schoolExternalId });
const studentRoles = roleFactory.build({ name: RoleName.STUDENT, permissions: [] });

user = userFactory.buildWithId({ school, roles: [studentRoles], ldapDn: mockUserLdapDN });
const user: User = userFactory.buildWithId({ school, roles: [studentRoles], ldapDn: mockUserLdapDN });

account = accountFactory.buildWithId({
userId: user.id,
username: `${schoolExternalId}/${ldapAccountUserName}`.toLowerCase(),
systemId: system.id,
});
const account: Account = accountFactory.buildWithId({
userId: user.id,
username: `${schoolExternalId}/${ldapAccountUserName}`.toLowerCase(),
systemId: system.id,
});

em.persist(system);
em.persist(school);
em.persist(studentRoles);
em.persist(user);
em.persist(account);
await em.flush();
});
await em.persistAndFlush([system, school, studentRoles, user, account]);

describe('when user login succeeds', () => {
it('should return jwt', async () => {
const params: LdapAuthorizationBodyParams = {
username: ldapAccountUserName,
password: defaultPassword,
schoolId: school.id,
systemId: system.id,
};

return {
params,
};
};

it('should return jwt', async () => {
const { params } = await setup();

const response = await request(app.getHttpServer()).post(`${basePath}/ldap`).send(params);

// eslint-disable-next-line @typescript-eslint/no-unsafe-assignment, @typescript-eslint/no-unsafe-member-access
Expand All @@ -199,14 +197,99 @@ describe('Login Controller (api)', () => {
});

describe('when user login fails', () => {
it('should return error response', async () => {
const setup = async () => {
const schoolExternalId = 'mockSchoolExternalId';
const system: SystemEntity = systemFactory.withLdapConfig().buildWithId({});
const school: SchoolEntity = schoolFactory.buildWithId({ systems: [system], externalId: schoolExternalId });
const studentRoles = roleFactory.build({ name: RoleName.STUDENT, permissions: [] });

const user: User = userFactory.buildWithId({ school, roles: [studentRoles], ldapDn: mockUserLdapDN });

const account: Account = accountFactory.buildWithId({
userId: user.id,
username: `${schoolExternalId}/${ldapAccountUserName}`.toLowerCase(),
systemId: system.id,
});

await em.persistAndFlush([system, school, studentRoles, user, account]);

const params: LdapAuthorizationBodyParams = {
username: 'nonExistentUser',
password: 'wrongPassword',
schoolId: school.id,
systemId: system.id,
};
await request(app.getHttpServer()).post(`${basePath}/ldap`).send(params).expect(401);

return {
params,
};
};

it('should return error response', async () => {
const { params } = await setup();

const response = await request(app.getHttpServer()).post(`${basePath}/ldap`).send(params);

expect(response.status).toEqual(HttpStatus.UNAUTHORIZED);
});
});

describe('when logging in as a user of the Central LDAP of Brandenburg', () => {
const setup = async () => {
const officialSchoolNumber = '01234';
const system: SystemEntity = systemFactory.withLdapConfig().buildWithId({});
const school: SchoolEntity = schoolFactory.buildWithId({
systems: [system],
externalId: officialSchoolNumber,
officialSchoolNumber,
});
const studentRole = roleFactory.build({ name: RoleName.STUDENT, permissions: [] });

const user: User = userFactory.buildWithId({ school, roles: [studentRole], ldapDn: mockUserLdapDN });

const account: Account = accountFactory.buildWithId({
userId: user.id,
username: `${officialSchoolNumber}/${ldapAccountUserName}`.toLowerCase(),
systemId: system.id,
});

await em.persistAndFlush([system, school, studentRole, user, account]);

const params: LdapAuthorizationBodyParams = {
username: ldapAccountUserName,
password: defaultPassword,
schoolId: school.id,
systemId: system.id,
};

return {
params,
user,
account,
school,
system,
studentRole,
};
};

it('should return a jwt', async () => {
const { params, user, account, school, system, studentRole } = await setup();

const response = await request(app.getHttpServer()).post(`${basePath}/ldap`).send(params);

// eslint-disable-next-line @typescript-eslint/no-unsafe-member-access
expect(response.body.accessToken).toBeDefined();
// eslint-disable-next-line @typescript-eslint/no-unsafe-member-access,@typescript-eslint/no-unsafe-argument
const decodedToken = jwt.decode(response.body.accessToken);
expect(decodedToken).toMatchObject<ICurrentUser>({
userId: user.id,
systemId: system.id,
roles: [studentRole.id],
schoolId: school.id,
accountId: account.id,
isExternalUser: false,
});
expect(decodedToken).not.toHaveProperty('externalIdToken');
});
});
});
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@ export interface CreateJwtPayload {
systemId?: string; // without this the user needs to change his PW during first login
support?: boolean;
// support UserId is missed see featherJS
isExternalUser: boolean;
}

export interface JwtPayload extends CreateJwtPayload {
Expand Down
3 changes: 3 additions & 0 deletions apps/server/src/modules/authentication/interface/user.ts
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,9 @@ export interface ICurrentUser {

/** True if a support member impersonates the user */
impersonated?: boolean;

/** True if the user is an external user e.g. an oauth user */
isExternalUser: boolean;
}

export interface OauthCurrentUser extends ICurrentUser {
Expand Down
Loading

0 comments on commit f1aac17

Please sign in to comment.