Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BC-7229 user blocking functionality #4981

Merged
merged 23 commits into from
May 15, 2024
Merged

BC-7229 user blocking functionality #4981

merged 23 commits into from
May 15, 2024

Conversation

MichalNers
Copy link
Contributor

@MichalNers MichalNers commented May 5, 2024
edited by KacperPassCon

Description

New functionality allowing to prevent from login in to the system when user account is deactivated

Links to Tickets or other pull requests

BC-7229

Changes

New functionality allowing to prevent from login in to the system when user account is deactivated

Deployment

New Repos, NPM pakages or vendor scripts

Approval for review

  • DEV: If api was changed - generate-client:server was executed in vue frontend and changes were tested and put in a PR with the same branch name.
  • QA: In addition to review, the code has been manually tested (if manual testing is possible)
  • All points were discussed with the ticket creator, support-team or product owner. The code upholds all quality guidelines from the PR-template.

Notice: Please remove the WIP label if the PR is ready to review, otherwise nobody will review it.

@MichalNers MichalNers requested a review from bn-pass May 6, 2024 19:16
virgilchiriac
virgilchiriac reviewed May 7, 2024
View reviewed changes
apps/server/src/modules/account/domain/account.ts Show resolved Hide resolved
apps/server/src/modules/authentication/services/authentication.service.ts Outdated
@@ -33,6 +34,9 @@ export class AuthenticationService {
if (!account) {
throw new UnauthorizedLoggableException(username, systemId);
}
if (account.deactivatedAt != null && account.deactivatedAt.getTime() <= Date.now()) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

avoid falsy check != null

apps/server/src/modules/authentication/strategy/oauth2.strategy.ts
const currentUser: OauthCurrentUser = CurrentUserMapper.mapToOauthCurrentUser(
account.id,
user,
systemId,
tokenDto.idToken
);

return currentUser;
}
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what about the other login strategies?

Copy link
Contributor Author

@MichalNers MichalNers May 7, 2024
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

other strategies use a method loadAccount from authorization.service where this code is also implemented

@virgilchiriac
Copy link
Contributor

virgilchiriac commented May 7, 2024
edited

how will this be used? There is no clear endpoint to deactivate account
How should such a deactivated account show up in other places, other than login blocked? There is no indicator the account is deactivated for example in Admin Table > Students / Teachers

was answered: out of scope for this ticket

@virgilchiriac
Copy link
Contributor

This is easy to overlook. Therefor please add also some API tests for the authentication scenarious

@MichalNers
Copy link
Contributor Author

This is easy to overlook. Therefor please add also some API tests for the authentication scenarious

Added tests to existing login.api.spec

@virgilchiriac
Copy link
Contributor

This is easy to overlook. Therefor please add also some API tests for the authentication scenarious

Added tests to existing login.api.spec

any reason why the 3rd login way, via Oauth2 cannot be included in the test?

@MichalNers
Copy link
Contributor Author

This is easy to overlook. Therefor please add also some API tests for the authentication scenarious

Added tests to existing login.api.spec

any reason why the 3rd login way, via Oauth2 cannot be included in the test?

already pushed

virgilchiriac
virgilchiriac approved these changes May 14, 2024
View reviewed changes
apps/server/src/modules/authentication/controllers/api-test/login.api.spec.ts
userId: newUser.id,
username: newUser.email,
password: defaultPasswordHash,
deactivatedAt: new Date(),
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

it just occured to me, that if date is in future, it should still allowed the login
this would be another case to be tested
when we have here new Date(), and the check below executes just a few millisecond after, yes it works, because we use timestamp, but it would be better to clearly define a date in the past and one in the future.

@virgilchiriac
Copy link
Contributor

We should probably also have a test when date is in the future.

@sonarcloud SonarCloud
Copy link

sonarcloud bot commented May 15, 2024

Quality Gate Passed Quality Gate passed

Issues
1 New issue
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@MichalNers MichalNers merged commit 2d8444b into main May 15, 2024
54 of 56 checks passed
@MichalNers MichalNers deleted the BC-7229-user-blocking-functionality branch May 15, 2024 09:08
dyedwiper added a commit that referenced this pull request May 28, 2024
@dyedwiper
Revert "BC-7229 user blocking functionality (#4981)"
e797b59 
This reverts commit 2d8444b.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bn-pass bn-pass bn-pass approved these changes

@virgilchiriac virgilchiriac virgilchiriac approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@MichalNers @virgilchiriac @bn-pass @sszafGCA