feat: introduce user domain #287
Conversation
This ensures that test users can be used by the API, the SPA and the E2E project.
# Conflicts: # package.json
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
|
Kudos, SonarCloud Quality Gate passed! |
# Conflicts: # .github/actions/build-and-deploy-api/action.yml # .github/workflows/next-deployment.yml # apps/api/src/.env.template # apps/spa/src/app/app.module.ts # apps/spa/src/environments/environment.ts # libs/spa/auth/src/lib/components/dev-login.component.ts # package-lock.json # package.json
timonmasberg
force-pushed
the
feat/users
branch
from
df6b5d0 to
50566eb
Compare
# Conflicts: # .github/actions/build-and-deploy-api/action.yml # .github/workflows/next-deployment.yml # apps/api/src/.env.template # apps/spa/src/app/app.module.ts # apps/spa/src/environments/environment.ts # libs/spa/auth/src/lib/components/dev-login.component.ts # package-lock.json # package.json
timonmasberg
force-pushed
the
feat/users
branch
from
50566eb to
f615d71
Compare
# Conflicts: # .github/actions/build-and-deploy-api/action.yml # .github/workflows/next-deployment.yml # apps/api/src/.env.template # apps/spa/src/app/app.module.ts # apps/spa/src/environments/environment.ts # libs/spa/auth/src/lib/components/dev-login.component.ts # package-lock.json # package.json
timonmasberg
force-pushed
the
feat/users
branch
from
33a11db to
05156a7
Compare
timonmasberg
force-pushed
the
main
branch
2 times, most recently
from
9b697ff to
99a715d
Compare
apps/api/src/app/app.module.ts
Outdated
| const IS_NEXT_DEPLOYMENT = process.env.ENVIRONMENT_NAME === 'next'; | ||
| const IS_PROD_DEPLOYMENT = process.env.ENVIRONMENT_NAME === 'prod'; |
There was a problem hiding this comment.
How about we introduce a flag e.g., ENABLE_DEV_LOGIN and only if this is set to true we enable dev login, otherwise it is Azure Entra ID? That way we can control the use of Entra ID easier e.g. for local testing as well and use the safer method (Entra ID) by default.
| @@ -0,0 +1,11 @@ | |||
| import { PresentableException } from '@kordis/api/shared'; | |||
|
|
|||
| export class PresentableInsufficientPermissionException extends PresentableException { | |||
There was a problem hiding this comment.
Isn't this defacto the same as the PresentableUnauthorizedException?
apps/spa-e2e/src/test-users.ts
Outdated
|
|
||
| export const testUsernames = [...TEST_USERS.map((u) => u.userName)] as const; | ||
| export type TestUsernames = (typeof testUsernames)[number]; | ||
|
|
There was a problem hiding this comment.
Simplify. Accept suggestion from libs/shared/test-helpers/src/lib/test-users.test-helper.ts to enable code completion for usernames.
| export const testUsernames = [...TEST_USERS.map((u) => u.userName)] as const; | |
| export type TestUsernames = (typeof testUsernames)[number]; | |
| export type TestUsernames = (typeof TEST_USERS)[number]['userName']; | |
| import { UserDeactivated } from './object-type/user-deactivated.object-type'; | ||
|
|
||
| @Resolver(User) | ||
| export class UserResolver { |
There was a problem hiding this comment.
Can we put the assertOrgMembership to a whole resolver as a Decorator instead of ensuring that within every query/mutation?
| } else if (key === 'role') { | ||
| updatePayload[`extension_${this.extensionAppId}_Role`] = value; | ||
| } else if (key === 'organizationId') { | ||
| updatePayload[`extension_${this.extensionAppId}_OrganizationId`] = |
There was a problem hiding this comment.
We never want to update the user's organization id, right? So if the id is not required by Azure, we should not set it here, if it is required, we have to require it in the method's signature as well.
| await this.updateUserRequest(userId, updatePayload); | ||
| } | ||
|
|
||
| async changeEmail(userId: string, email: string): Promise<void> { |
There was a problem hiding this comment.
What about e-mail verification. Does Azure AD take responsibility for that?
| */ | ||
| @Injectable() | ||
| export class DevUserService extends BaseUserService { | ||
| private readonly users: User[] = [...TEST_USERS]; |
There was a problem hiding this comment.
If you move the type declaration for the users into the test-helpers file (probably good idea anyway to ensure correct types) and do a deep copy here, the type should be inferred automatically
| import { Role } from '@kordis/shared/auth'; | ||
|
|
||
| // keep in sync with the apps/api/dev-tokens.md file! | ||
| export const TEST_USERS = Object.freeze([ |
There was a problem hiding this comment.
If you use as const instead of Object.freeze the values will be assumed as literals by TypeScript and enable a beautiful code completion.
Also, we should do TEST_UERS: User[] to ensure these users are all legit (especially when we change the User object).
| } | ||
|
|
||
| async updateUser( | ||
| userId: string, |
There was a problem hiding this comment.
| userId: string, | |
| private async updateUser( |
| } else if (key === 'organizationId') { | ||
| updatePayload[`extension_${this.extensionAppId}_OrganizationId`] = | ||
| value; | ||
| } else { |
There was a problem hiding this comment.
| } else if (key === 'organizationId') { | |
| updatePayload[`extension_${this.extensionAppId}_OrganizationId`] = | |
| value; | |
| } else { | |
| } else { |
…separation of concerns
libs/api/user/src/lib/infra/service/aadb2c-user.service.spec.ts
Dismissed
Show dismissed
Hide dismissed
libs/api/user/src/lib/infra/service/aadb2c-user.service.spec.ts
Dismissed
Show dismissed
Hide dismissed
libs/api/user/src/lib/infra/service/aadb2c-user.service.spec.ts
Dismissed
Show dismissed
Hide dismissed
libs/api/user/src/lib/infra/service/aadb2c-user.service.spec.ts
Dismissed
Show dismissed
Hide dismissed
libs/api/user/src/lib/infra/service/aadb2c-user.service.spec.ts
Dismissed
Show dismissed
Hide dismissed
|
|
🎉 This PR is included in version 1.2.0 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
Description
Introduces a user domain with a dev in memory user store for local and preview environments, and a service that communicates with the MS Graph API to manage users on our AADB2C tenant. Furthermore, introduces a role hierarchy and a utility decorator to check the minimum required role in the request pipeline.
As a feature, if a user is logged in and gets deactivated, he will be logged out automatically.
Checklist:
The title of this PR and the commit history is conform with
the Conventional Commits specification.
I have performed a self-review of my own code.
My changes generate no new warnings, SonarCloud reports no Vulnerabilities, Bugs or Code Smells.
I have added tests (unit and E2E if user-facing) that prove my fix is effective or that my feature works,
Coverage > 80% and not less than the current coverage of the main branch.
The PR branch is up-to-date with the base branch. In case you merged
maininto your feature branch, make sure you have run the latest NX migrations (nx migrate --run-migrations).I have included the
reset.d.tsin thetsconfig.lib.jsonI have included the
reset.d.tsin thetsconfig.lib.jsonI have extended the
.eslintrc.jsonwith.eslintrc.angular.json