Make gitlab sync mandatory (#1208)

Author: frankdekker

.env

@@ -111,6 +111,7 @@ GITLAB_ACCESS_TOKEN=
 # Set callback url to: https://<your-123view-domain/app/user/gitlab-auth-finalize
 GITLAB_COMMENT_SYNC=false
 GITLAB_REVIEWER_SYNC=false
+GITLAB_SYNC_MANDATORY=false
 
 ##
 # The regex pattern to match against branches to sync reviewers approval status to the PR/MR

config/services.php

@@ -102,6 +102,7 @@
         ->bind('$allowCustomRecipients', '%env(bool:ALLOW_CUSTOM_RECIPIENTS_PER_RULE)%')
         ->bind('$gitlabCommentSyncEnabled', '%env(bool:GITLAB_COMMENT_SYNC)%')
         ->bind('$gitlabReviewerSyncEnabled', '%env(bool:GITLAB_REVIEWER_SYNC)%')
+        ->bind('$gitlabSyncMandatory', '%env(bool:GITLAB_SYNC_MANDATORY)%')
         ->bind('$gitlabApiUrl', '%env(GITLAB_API_URL)%')
         ->bind('$applicationName', '%env(APP_NAME)%')
         ->bind('$appAbsoluteUrl', '%env(APP_ABSOLUTE_URL)%')

phpmd.baseline.xml

@@ -8,6 +8,7 @@
   <violation rule="PHPMD\Rule\Design\TooManyFields" file="src/Entity/Repository/Repository.php"/>
   <violation rule="PHPMD\Rule\Naming\LongVariable" file="src/Entity/Repository/Repository.php"/>
   <violation rule="PHPMD\Rule\Design\TooManyFields" file="src/Entity/Review/CodeReview.php"/>
+  <violation rule="PHPMD\Rule\UnusedFormalParameter" file="src/EventSubscriber/MandatoryGitlabSyncSubscriber.php"/>
   <violation rule="PHPMD\Rule\UnusedFormalParameter" file="src/MessageHandler/Gitlab/ReviewerStateChangeMessageHandler.php"/>
   <violation rule="PHPMD\Rule\Design\LongParameterList" file="src/Model/Review/CodeReviewDto.php" method="__construct"/>
   <violation rule="PHPMD\Rule\UnusedFormalParameter" file="src/Service/Api/Gitlab/GitlabApiProvider.php"/>

src/Controller/App/User/UserGitSyncController.php

@@ -14,7 +14,7 @@
 
 class UserGitSyncController extends AbstractController
 {
-    public function __construct(private readonly bool $gitlabCommentSyncEnabled)
+    public function __construct(private readonly bool $gitlabCommentSyncEnabled, private readonly bool $gitlabReviewerSyncEnabled)
     {
     }
 
@@ -30,6 +30,6 @@ public function __invoke(): array
         $user  = $this->getUser();
         $token = $user->getGitAccessTokens()->findFirst(static fn($key, $token) => $token->getGitType() === RepositoryGitType::GITLAB);
 
-        return ['gitSyncModel' => new UserGitSyncViewModel($this->gitlabCommentSyncEnabled, $token !== null)];
+        return ['gitSyncModel' => new UserGitSyncViewModel($this->gitlabCommentSyncEnabled || $this->gitlabReviewerSyncEnabled, $token !== null)];
     }
 }

src/Controller/App/User/UserMandatoryGitlabSyncController.php

@@ -0,0 +1,21 @@
+<?php
+declare(strict_types=1);
+
+namespace DR\Review\Controller\App\User;
+
+use DR\Review\Controller\AbstractController;
+use DR\Review\Security\Role\Roles;
+use Symfony\Bridge\Twig\Attribute\Template;
+use Symfony\Component\Routing\Annotation\Route;
+use Symfony\Component\Security\Http\Attribute\IsGranted;
+
+class UserMandatoryGitlabSyncController extends AbstractController
+{
+    #[Route('/app/user-gitlab-sync-mandatory', self::class, methods: ['GET'])]
+    #[Template('app/user/user.gitlab.sync.mandatory.html.twig')]
+    #[IsGranted(Roles::ROLE_USER)]
+    public function __invoke(): void
+    {
+        // no special logic required, template only
+    }
+}

src/EventSubscriber/MandatoryGitlabSyncSubscriber.php

@@ -0,0 +1,77 @@
+<?php
+declare(strict_types=1);
+
+namespace DR\Review\EventSubscriber;
+
+use DR\Review\Controller\App\User\Gitlab\UserGitlabOAuth2FinishController;
+use DR\Review\Controller\App\User\Gitlab\UserGitlabOAuth2StartController;
+use DR\Review\Controller\App\User\UserMandatoryGitlabSyncController;
+use DR\Review\Controller\Auth\LogoutController;
+use DR\Review\Doctrine\Type\RepositoryGitType;
+use DR\Review\Entity\User\User;
+use Symfony\Bundle\SecurityBundle\Security;
+use Symfony\Component\EventDispatcher\Attribute\AsEventListener;
+use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\HttpKernel\Event\RequestEvent;
+use Symfony\Component\HttpKernel\KernelEvents;
+use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
+
+#[AsEventListener(KernelEvents::REQUEST)]
+readonly class MandatoryGitlabSyncSubscriber
+{
+    private const array ALLOWED_CONTROLLERS = [
+        UserGitlabOAuth2StartController::class,
+        UserGitlabOAuth2FinishController::class,
+        UserMandatoryGitlabSyncController::class,
+        LogoutController::class
+    ];
+
+    public function __construct(
+        private bool $gitlabCommentSyncEnabled,
+        private bool $gitlabReviewerSyncEnabled,
+        private bool $gitlabSyncMandatory,
+        private Security $security,
+        private UrlGeneratorInterface $urlGenerator
+    ) {
+    }
+
+    public function __invoke(RequestEvent $event): void
+    {
+        $user = $this->security->getUser();
+        // skip if not logged in
+        if ($user instanceof User === false) {
+            return;
+        }
+
+        // skip if the controller is whitelisted
+        $attributes = $event->getRequest()->attributes->all();
+        if (in_array($attributes['_controller'] ?? '', self::ALLOWED_CONTROLLERS, true)) {
+            return;
+        }
+
+        // skip api urls
+        if (str_starts_with($event->getRequest()->getRequestUri(), '/api')) {
+            return;
+        }
+
+        // skip if sync is not configured
+        if ($this->gitlabCommentSyncEnabled === false && $this->gitlabReviewerSyncEnabled === false) {
+            return;
+        }
+
+        // skip if sync is not mandatory
+        if ($this->gitlabSyncMandatory === false) {
+            return;
+        }
+
+        // skip if user already has a gitlab token
+        $token = $user->getGitAccessTokens()->findFirst(static fn($key, $token) => $token->getGitType() === RepositoryGitType::GITLAB);
+        if ($token !== null) {
+            return;
+        }
+
+        // redirect to mandatory sync page
+        $url = $this->urlGenerator->generate(UserMandatoryGitlabSyncController::class);
+        $event->setResponse(new RedirectResponse($url));
+    }
+}

templates/app/user/user.gitlab.sync.mandatory.html.twig

@@ -0,0 +1,19 @@
+{% extends 'app/app.base.html.twig' %}
+
+{% block page_content %}
+    <div class="mt-5 text-center">
+        <div class="alert alert-danger">
+            {{ 'user.gitlab.sync.mandatory.text'|trans({app_name: app_name}) }}
+        </div>
+
+        <div class="mt-3">
+            {{ 'git.sync.explanation'|trans }}
+        </div>
+
+        <div class="mt-3">
+            <a class="btn btn-primary" href="{{ path('DR\\Review\\Controller\\App\\User\\Gitlab\\UserGitlabOAuth2StartController') }}">
+                {{ 'git.sync.enable'|trans }}
+            </a>
+        </div>
+    </div>
+{% endblock %}

tests/Unit/Controller/App/User/UserGitSyncControllerTest.php

@@ -43,6 +43,6 @@ public function testInvokeWithoutToken(): void
 
     public function getController(): AbstractController
     {
-        return new UserGitSyncController(true);
+        return new UserGitSyncController(true, true);
     }
 }

tests/Unit/Controller/App/User/UserMandatoryGitlabSyncControllerTest.php

@@ -0,0 +1,19 @@
+<?php
+declare(strict_types=1);
+
+namespace DR\Review\Tests\Unit\Controller\App\User;
+
+use DR\Review\Controller\App\User\UserMandatoryGitlabSyncController;
+use DR\Review\Tests\AbstractTestCase;
+use PHPUnit\Framework\Attributes\CoversClass;
+
+#[CoversClass(UserMandatoryGitlabSyncController::class)]
+class UserMandatoryGitlabSyncControllerTest extends AbstractTestCase
+{
+    public function testInvoke(): void
+    {
+        $this->expectNotToPerformAssertions();
+        $controller = new UserMandatoryGitlabSyncController();
+        ($controller)();
+    }
+}

tests/Unit/EventSubscriber/MandatoryGitlabSyncSubscriberTest.php

@@ -0,0 +1,170 @@
+<?php
+declare(strict_types=1);
+
+namespace DR\Review\Tests\Unit\EventSubscriber;
+
+use DR\Review\Controller\App\User\Gitlab\UserGitlabOAuth2FinishController;
+use DR\Review\Controller\App\User\Gitlab\UserGitlabOAuth2StartController;
+use DR\Review\Controller\App\User\UserMandatoryGitlabSyncController;
+use DR\Review\Controller\Auth\LogoutController;
+use DR\Review\Doctrine\Type\RepositoryGitType;
+use DR\Review\Entity\User\GitAccessToken;
+use DR\Review\Entity\User\User;
+use DR\Review\EventSubscriber\MandatoryGitlabSyncSubscriber;
+use DR\Review\Tests\AbstractTestCase;
+use PHPUnit\Framework\Attributes\CoversClass;
+use PHPUnit\Framework\Attributes\TestWith;
+use PHPUnit\Framework\MockObject\MockObject;
+use Symfony\Bundle\SecurityBundle\Security;
+use Symfony\Component\HttpFoundation\ParameterBag;
+use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpKernel\Event\RequestEvent;
+use Symfony\Component\HttpKernel\HttpKernelInterface;
+use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
+
+#[CoversClass(MandatoryGitlabSyncSubscriber::class)]
+class MandatoryGitlabSyncSubscriberTest extends AbstractTestCase
+{
+    private Security&MockObject              $security;
+    private UrlGeneratorInterface&MockObject $urlGenerator;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+        $this->security     = $this->createMock(Security::class);
+        $this->urlGenerator = $this->createMock(UrlGeneratorInterface::class);
+    }
+
+    public function testInvokeSkipsWhenUserNotLoggedIn(): void
+    {
+        $subscriber = $this->createSubscriber();
+        $event      = $this->createRequestEvent();
+
+        $this->security->expects($this->once())->method('getUser')->willReturn(null);
+        $this->urlGenerator->expects($this->never())->method('generate');
+
+        ($subscriber)($event);
+
+        static::assertNull($event->getResponse());
+    }
+
+    #[TestWith([UserGitlabOAuth2StartController::class])]
+    #[TestWith([UserGitlabOAuth2FinishController::class])]
+    #[TestWith([UserMandatoryGitlabSyncController::class])]
+    #[TestWith([LogoutController::class])]
+    public function testInvokeSkipsForAllowedControllers(string $controllerClass): void
+    {
+        $subscriber = $this->createSubscriber();
+        $event      = $this->createRequestEvent($controllerClass);
+        $user       = new User();
+
+        $this->security->expects($this->once())->method('getUser')->willReturn($user);
+        $this->urlGenerator->expects($this->never())->method('generate');
+
+        ($subscriber)($event);
+
+        static::assertNull($event->getResponse());
+    }
+
+    public function testInvokeSkipsWhenSyncNotConfigured(): void
+    {
+        $subscriber = $this->createSubscriber(false, false, false);
+        $event      = $this->createRequestEvent();
+        $user       = new User();
+
+        $this->security->expects($this->once())->method('getUser')->willReturn($user);
+        $this->urlGenerator->expects($this->never())->method('generate');
+
+        ($subscriber)($event);
+
+        static::assertNull($event->getResponse());
+    }
+
+    public function testInvokeSkipsSyncIsNotMandatory(): void
+    {
+        $subscriber = $this->createSubscriber(true, true, false);
+        $event      = $this->createRequestEvent();
+        $user       = new User();
+
+        $this->security->expects($this->once())->method('getUser')->willReturn($user);
+        $this->urlGenerator->expects($this->never())->method('generate');
+
+        ($subscriber)($event);
+
+        static::assertNull($event->getResponse());
+    }
+
+    public function testInvokeSkipsWhenUserHasGitlabToken(): void
+    {
+        $subscriber  = $this->createSubscriber();
+        $event       = $this->createRequestEvent();
+        $gitlabToken = (new GitAccessToken())->setGitType(RepositoryGitType::GITLAB);
+
+        $user = new User();
+        $user->getGitAccessTokens()->add($gitlabToken);
+
+        $this->security->expects($this->once())->method('getUser')->willReturn($user);
+        $this->urlGenerator->expects($this->never())->method('generate');
+
+        ($subscriber)($event);
+
+        static::assertNull($event->getResponse());
+    }
+
+    public function testInvokeSkipsWhenInvokingApiUrl(): void
+    {
+        $subscriber = $this->createSubscriber();
+        $event      = $this->createRequestEvent(requestUri: '/api/some-endpoint');
+        $user       = new User();
+
+        $this->security->expects($this->once())->method('getUser')->willReturn($user);
+        $this->urlGenerator->expects($this->never())->method('generate');
+
+        ($subscriber)($event);
+
+        static::assertNull($event->getResponse());
+    }
+
+    public function testInvokeRedirectsToMandatorySyncPage(): void
+    {
+        $subscriber  = $this->createSubscriber();
+        $event       = $this->createRequestEvent();
+        $user        = new User();
+        $expectedUrl = '/mandatory-gitlab-sync';
+
+        $this->security->expects($this->once())->method('getUser')->willReturn($user);
+        $this->urlGenerator->expects($this->once())
+            ->method('generate')
+            ->with(UserMandatoryGitlabSyncController::class)
+            ->willReturn($expectedUrl);
+
+        ($subscriber)($event);
+
+        $response = $event->getResponse();
+        static::assertInstanceOf(RedirectResponse::class, $response);
+        static::assertSame($expectedUrl, $response->getTargetUrl());
+    }
+
+    private function createSubscriber(
+        bool $gitlabCommentSyncEnabled = true,
+        bool $gitlabReviewerSyncEnabled = true,
+        bool $gitlabSyncMandatory = true
+    ): MandatoryGitlabSyncSubscriber {
+        return new MandatoryGitlabSyncSubscriber(
+            $gitlabCommentSyncEnabled,
+            $gitlabReviewerSyncEnabled,
+            $gitlabSyncMandatory,
+            $this->security,
+            $this->urlGenerator
+        );
+    }
+
+    private function createRequestEvent(string $controller = 'some.controller', string $requestUri = '/app/test'): RequestEvent
+    {
+        $request             = new Request(server: ['REQUEST_URI' => $requestUri]);
+        $request->attributes = new ParameterBag(['_controller' => $controller]);
+
+        return new RequestEvent($this->createMock(HttpKernelInterface::class), $request, HttpKernelInterface::MAIN_REQUEST);
+    }
+}