refactor(service): users/auth: extract common enrollment function to service layer

restjohn · restjohn · commit 2142181b8c0e · 2024-10-31T15:54:32.000-06:00
diff --git a/service/src/ingress/ingress.app.api.ts b/service/src/ingress/ingress.app.api.ts
@@ -4,6 +4,7 @@ import { Avatar, User, UserExpanded, UserIcon } from '../entities/users/entities
 import { IdentityProviderUser } from './ingress.entities'
 
 
+
 export interface EnrollMyselfRequest {
   username: string
   password: string
@@ -53,6 +54,18 @@ export interface AdmitFromIdentityProviderOperation {
   (req: AdmitFromIdentityProviderRequest): Promise<AppResponse<AdmitFromIdentityProviderResult, EntityNotFoundError | AuthenticationFailedError | InfrastructureError>>
 }
 
+export interface UpdateIdentityProviderRequest {
+
+}
+
+export interface UpdateIdentityProviderResult {
+
+}
+
+export interface UpdateIdentityProviderOperation {
+  (req: UpdateIdentityProviderRequest): Promise<AppResponse<UpdateIdentityProviderResult, PermissionDeniedError | EntityNotFoundError>>
+}
+
 export const ErrAuthenticationFailed = Symbol.for('MageError.Ingress.AuthenticationFailed')
 export type AuthenticationFailedErrorData = { username: string, identityProviderName: string }
 export type AuthenticationFailedError = MageError<typeof ErrAuthenticationFailed, AuthenticationFailedErrorData>
diff --git a/service/src/ingress/ingress.app.impl.ts b/service/src/ingress/ingress.app.impl.ts
@@ -1,24 +1,24 @@
 import { entityNotFound, infrastructureError } from '../app.api/app.api.errors'
 import { AppResponse } from '../app.api/app.api.global'
-import { MageEventId } from '../entities/events/entities.events'
-import { Team, TeamId } from '../entities/teams/entities.teams'
-import { User, UserId, UserRepository, UserRepositoryError } from '../entities/users/entities.users'
+import { UserRepository } from '../entities/users/entities.users'
 import { AdmitFromIdentityProviderOperation, AdmitFromIdentityProviderRequest, authenticationFailedError, EnrollMyselfOperation, EnrollMyselfRequest } from './ingress.app.api'
-import { createEnrollmentCandidateUser, IdentityProvider, IdentityProviderRepository, IdentityProviderUser, UserIngressBindingRepository, UserIngressBindings } from './ingress.entities'
+import { IdentityProviderRepository, IdentityProviderUser, UserIngressBindingRepository } from './ingress.entities'
+import { ProcessNewUserEnrollment } from './ingress.services.api'
 import { LocalIdpCreateAccountOperation } from './local-idp.app.api'
 import { JWTService, TokenAssertion } from './verification'
 
 
-export function CreateEnrollMyselfOperation(createLocalIdpAccount: LocalIdpCreateAccountOperation, idpRepo: IdentityProviderRepository, userRepo: UserRepository): EnrollMyselfOperation {
+export function CreateEnrollMyselfOperation(createLocalIdpAccount: LocalIdpCreateAccountOperation, idpRepo: IdentityProviderRepository, enrollNewUser: ProcessNewUserEnrollment): EnrollMyselfOperation {
   return async function enrollMyself(req: EnrollMyselfRequest): ReturnType<EnrollMyselfOperation> {
     const localAccountCreate = await createLocalIdpAccount(req)
     if (localAccountCreate.error) {
       return AppResponse.error(localAccountCreate.error)
     }
     const localAccount = localAccountCreate.success!
-    const candidateMageAccount: Partial<User> = {
+    const candidateMageAccount: IdentityProviderUser = {
       username: localAccount.username,
       displayName: req.displayName,
+      phones: [],
     }
     if (req.email) {
       candidateMageAccount.email = req.email
@@ -27,69 +27,17 @@ export function CreateEnrollMyselfOperation(createLocalIdpAccount: LocalIdpCreat
       candidateMageAccount.phones = [ { number: req.phone, type: 'Main' } ]
     }
     const localIdp = await idpRepo.findIdpByName('local')
+    if (!localIdp) {
+      throw new Error('local idp not found')
+    }
+    const enrollmentResult = await enrollNewUser(candidateMageAccount, localIdp)
+
     // TODO: auto-activate account after enrollment policy
     throw new Error('unimplemented')
   }
 }
 
-export interface AssignTeamMember {
-  (member: UserId, team: TeamId): Promise<boolean>
-}
-
-export interface FindEventTeam {
-  (mageEventId: MageEventId): Promise<Team | null>
-}
-
-async function enrollNewUser(idpAccount: IdentityProviderUser, idp: IdentityProvider, userRepo: UserRepository, ingressBindingRepo: UserIngressBindingRepository, findEventTeam: FindEventTeam, assignTeamMember: AssignTeamMember): Promise<{ mageAccount: User, ingressBindings: UserIngressBindings }> {
-  console.info(`enrolling new user account ${idpAccount.username} from identity provider ${idp.name}`)
-  const candidate = createEnrollmentCandidateUser(idpAccount, idp)
-  const mageAccount = await userRepo.create(candidate)
-  if (mageAccount instanceof UserRepositoryError) {
-    throw mageAccount
-  }
-  const ingressBindings = await ingressBindingRepo.saveUserIngressBinding(
-    mageAccount.id,
-    {
-      userId: mageAccount.id,
-      idpId: idp.id,
-      idpAccountId: idpAccount.username,
-      idpAccountAttrs: {},
-      // TODO: these do not have functionality yet
-      verified: true,
-      enabled: true,
-    }
-  )
-  if (ingressBindings instanceof Error) {
-    throw ingressBindings
-  }
-  const { assignToTeams, assignToEvents } = idp.userEnrollmentPolicy
-  const assignEnrolledToTeam = (teamId: TeamId): Promise<{ teamId: TeamId, assigned: boolean }> => {
-    return assignTeamMember(mageAccount.id, teamId)
-      .then(assigned => ({ teamId, assigned }))
-      .catch(err => {
-        console.error(`error assigning enrolled user ${mageAccount.username} to team ${teamId}`, err)
-        return { teamId, assigned: false }
-      })
-  }
-  const assignEnrolledToEventTeam = (eventId: MageEventId): Promise<{ eventId: MageEventId, teamId: TeamId | null, assigned: boolean }> => {
-    return findEventTeam(eventId)
-      .then<{ eventId: MageEventId, teamId: TeamId | null, assigned: boolean }>(eventTeam => {
-        if (eventTeam) {
-          return assignEnrolledToTeam(eventTeam.id).then(teamAssignment => ({ eventId, ...teamAssignment }))
-        }
-        console.error(`failed to find implicit team for event ${eventId} while enrolling user ${mageAccount.username}`)
-        return { eventId, teamId: null, assigned: false }
-      })
-      .catch(err => {
-        console.error(`error looking up implicit team for event ${eventId} while enrolling user ${mageAccount.username}`, err)
-        return { eventId, teamId: null, assigned: false }
-      })
-  }
-  await Promise.all([ ...assignToTeams.map(assignEnrolledToTeam), ...assignToEvents.map(assignEnrolledToEventTeam) ])
-  return { mageAccount, ingressBindings }
-}
-
-export function CreateAdmitFromIdentityProviderOperation(idpRepo: IdentityProviderRepository, ingressBindingRepo: UserIngressBindingRepository, userRepo: UserRepository, findEventTeam: FindEventTeam, assignTeamMember: AssignTeamMember, tokenService: JWTService): AdmitFromIdentityProviderOperation {
+export function CreateAdmitFromIdentityProviderOperation(idpRepo: IdentityProviderRepository, ingressBindingRepo: UserIngressBindingRepository, userRepo: UserRepository, enrollNewUser: ProcessNewUserEnrollment, tokenService: JWTService): AdmitFromIdentityProviderOperation {
   return async function admitFromIdentityProvider(req: AdmitFromIdentityProviderRequest): ReturnType<AdmitFromIdentityProviderOperation> {
     const idp = await idpRepo.findIdpByName(req.identityProviderName)
     if (!idp) {
@@ -104,7 +52,7 @@ export function CreateAdmitFromIdentityProviderOperation(idpRepo: IdentityProvid
             return { mageAccount: existingAccount, ingressBindings }
           })
         }
-        return enrollNewUser(idpAccount, idp, userRepo, ingressBindingRepo, findEventTeam, assignTeamMember)
+        return enrollNewUser(idpAccount, idp)
       })
       .then(enrolled => {
         const { mageAccount, ingressBindings } = enrolled
diff --git a/service/src/ingress/ingress.services.api.ts b/service/src/ingress/ingress.services.api.ts
@@ -0,0 +1,6 @@
+import { User } from '../entities/users/entities.users'
+import { IdentityProvider, IdentityProviderUser, UserIngressBindings } from './ingress.entities'
+
+export interface ProcessNewUserEnrollment {
+  (idpAccount: IdentityProviderUser, idp: IdentityProvider): Promise<{ mageAccount: User, ingressBindings: UserIngressBindings }>
+}
diff --git a/service/src/ingress/ingress.services.impl.ts b/service/src/ingress/ingress.services.impl.ts
@@ -0,0 +1,64 @@
+import { MageEventId } from '../entities/events/entities.events'
+import { Team, TeamId } from '../entities/teams/entities.teams'
+import { User, UserId, UserRepository, UserRepositoryError } from '../entities/users/entities.users'
+import { createEnrollmentCandidateUser, IdentityProvider, IdentityProviderUser, UserIngressBindingRepository, UserIngressBindings } from './ingress.entities'
+import { ProcessNewUserEnrollment } from './ingress.services.api'
+
+export interface AssignTeamMember {
+  (member: UserId, team: TeamId): Promise<boolean>
+}
+
+export interface FindEventTeam {
+  (mageEventId: MageEventId): Promise<Team | null>
+}
+
+export function CreateProcessNewUserEnrollmentService(userRepo: UserRepository, ingressBindingRepo: UserIngressBindingRepository, findEventTeam: FindEventTeam, assignTeamMember: AssignTeamMember): ProcessNewUserEnrollment {
+  return async function processNewUserEnrollment(idpAccount: IdentityProviderUser, idp: IdentityProvider): Promise<{ mageAccount: User, ingressBindings: UserIngressBindings }> {
+    console.info(`enrolling new user account ${idpAccount.username} from identity provider ${idp.name}`)
+    const candidate = createEnrollmentCandidateUser(idpAccount, idp)
+    const mageAccount = await userRepo.create(candidate)
+    if (mageAccount instanceof UserRepositoryError) {
+      throw mageAccount
+    }
+    const ingressBindings = await ingressBindingRepo.saveUserIngressBinding(
+      mageAccount.id,
+      {
+        userId: mageAccount.id,
+        idpId: idp.id,
+        idpAccountId: idpAccount.username,
+        idpAccountAttrs: {},
+        // TODO: these do not have functionality yet
+        verified: true,
+        enabled: true,
+      }
+    )
+    if (ingressBindings instanceof Error) {
+      throw ingressBindings
+    }
+    const { assignToTeams, assignToEvents } = idp.userEnrollmentPolicy
+    const assignEnrolledToTeam = (teamId: TeamId): Promise<{ teamId: TeamId, assigned: boolean }> => {
+      return assignTeamMember(mageAccount.id, teamId)
+        .then(assigned => ({ teamId, assigned }))
+        .catch(err => {
+          console.error(`error assigning enrolled user ${mageAccount.username} to team ${teamId}`, err)
+          return { teamId, assigned: false }
+        })
+    }
+    const assignEnrolledToEventTeam = (eventId: MageEventId): Promise<{ eventId: MageEventId, teamId: TeamId | null, assigned: boolean }> => {
+      return findEventTeam(eventId)
+        .then<{ eventId: MageEventId, teamId: TeamId | null, assigned: boolean }>(eventTeam => {
+          if (eventTeam) {
+            return assignEnrolledToTeam(eventTeam.id).then(teamAssignment => ({ eventId, ...teamAssignment }))
+          }
+          console.error(`failed to find implicit team for event ${eventId} while enrolling user ${mageAccount.username}`)
+          return { eventId, teamId: null, assigned: false }
+        })
+        .catch(err => {
+          console.error(`error looking up implicit team for event ${eventId} while enrolling user ${mageAccount.username}`, err)
+          return { eventId, teamId: null, assigned: false }
+        })
+    }
+    await Promise.all([ ...assignToTeams.map(assignEnrolledToTeam), ...assignToEvents.map(assignEnrolledToEventTeam) ])
+    return { mageAccount, ingressBindings }
+  }
+}
