-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BC-7229 user blocking functionality #4981
Conversation
…com/hpi-schul-cloud/schulcloud-server into BC-7229-user-blocking-functionality
apps/server/src/modules/authentication/loggable/user-account-deactivated-exception.ts
Outdated
Show resolved
Hide resolved
apps/server/src/modules/authentication/services/authentication.service.spec.ts
Outdated
Show resolved
Hide resolved
apps/server/src/modules/authentication/services/authentication.service.spec.ts
Outdated
Show resolved
Hide resolved
apps/server/src/modules/authentication/services/authentication.service.ts
Outdated
Show resolved
Hide resolved
@@ -33,6 +34,9 @@ export class AuthenticationService { | |||
if (!account) { | |||
throw new UnauthorizedLoggableException(username, systemId); | |||
} | |||
if (account.deactivatedAt != null && account.deactivatedAt.getTime() <= Date.now()) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
avoid falsy check != null
const currentUser: OauthCurrentUser = CurrentUserMapper.mapToOauthCurrentUser( | ||
account.id, | ||
user, | ||
systemId, | ||
tokenDto.idToken | ||
); | ||
|
||
return currentUser; | ||
} | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what about the other login strategies?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
other strategies use a method loadAccount from authorization.service where this code is also implemented
how will this be used? There is no clear endpoint to deactivate account was answered: out of scope for this ticket |
This is easy to overlook. Therefor please add also some API tests for the authentication scenarious |
Added tests to existing login.api.spec |
any reason why the 3rd login way, via Oauth2 cannot be included in the test? |
already pushed |
userId: newUser.id, | ||
username: newUser.email, | ||
password: defaultPasswordHash, | ||
deactivatedAt: new Date(), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it just occured to me, that if date is in future, it should still allowed the login
this would be another case to be tested
when we have here new Date(), and the check below executes just a few millisecond after, yes it works, because we use timestamp, but it would be better to clearly define a date in the past and one in the future.
We should probably also have a test when date is in the future. |
Quality Gate passedIssues Measures |
Description
New functionality allowing to prevent from login in to the system when user account is deactivated
Links to Tickets or other pull requests
BC-7229
Changes
New functionality allowing to prevent from login in to the system when user account is deactivated
Deployment
New Repos, NPM pakages or vendor scripts
Approval for review
generate-client:server
was executed in vue frontend and changes were tested and put in a PR with the same branch name.