N21-1376 fixes removal of provisioned groups (#4518)

hpi-schul-cloud · Nov 3, 2023 · f38c0be · f38c0be
1 parent 3d78d50
commit f38c0be
Show file tree

Hide file tree

Showing 2 changed files with 50 additions and 7 deletions.
diff --git a/apps/server/src/modules/provisioning/strategy/oidc/oidc.strategy.spec.ts b/apps/server/src/modules/provisioning/strategy/oidc/oidc.strategy.spec.ts
@@ -269,5 +269,46 @@ describe('OidcStrategy', () => {
 				expect(oidcProvisioningService.provisionExternalGroup).not.toHaveBeenCalled();
 			});
 		});
+
+		describe('when group data is not provided', () => {
+			const setup = () => {
+				Configuration.set('FEATURE_SANIS_GROUP_PROVISIONING_ENABLED', true);
+
+				const externalUserId = 'externalUserId';
+				const oauthData: OauthDataDto = new OauthDataDto({
+					system: new ProvisioningSystemDto({
+						systemId: 'systemId',
+						provisioningStrategy: SystemProvisioningStrategy.OIDC,
+					}),
+					externalUser: new ExternalUserDto({
+						externalId: externalUserId,
+					}),
+					externalGroups: undefined,
+				});
+
+				const user: UserDO = userDoFactory.withRoles([{ id: 'roleId', name: RoleName.USER }]).build({
+					externalId: externalUserId,
+				});
+
+				oidcProvisioningService.provisionExternalUser.mockResolvedValue(user);
+
+				return {
+					externalUserId,
+					oauthData,
+				};
+			};
+
+			it('should remove external groups and affiliation', async () => {
+				const { externalUserId, oauthData } = setup();
+
+				await strategy.apply(oauthData);
+
+				expect(oidcProvisioningService.removeExternalGroupsAndAffiliation).toHaveBeenCalledWith(
+					externalUserId,
+					[],
+					oauthData.system.systemId
+				);
+			});
+		});
 	});
 });
diff --git a/apps/server/src/modules/provisioning/strategy/oidc/oidc.strategy.ts b/apps/server/src/modules/provisioning/strategy/oidc/oidc.strategy.ts
@@ -23,18 +23,20 @@ export abstract class OidcProvisioningStrategy extends ProvisioningStrategy {
 			school?.id
 		);
 
-		if (Configuration.get('FEATURE_SANIS_GROUP_PROVISIONING_ENABLED') && data.externalGroups) {
+		if (Configuration.get('FEATURE_SANIS_GROUP_PROVISIONING_ENABLED')) {
 			await this.oidcProvisioningService.removeExternalGroupsAndAffiliation(
 				data.externalUser.externalId,
-				data.externalGroups,
+				data.externalGroups ?? [],
 				data.system.systemId
 			);
 
-			await Promise.all(
-				data.externalGroups.map((externalGroup) =>
-					this.oidcProvisioningService.provisionExternalGroup(externalGroup, data.system.systemId)
-				)
-			);
+			if (data.externalGroups) {
+				await Promise.all(
+					data.externalGroups.map((externalGroup) =>
+						this.oidcProvisioningService.provisionExternalGroup(externalGroup, data.system.systemId)
+					)
+				);
+			}
 		}
 
 		return new ProvisioningDto({ externalUserId: user.externalId || data.externalUser.externalId });