Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Refactor LDAP sync to sync service structure #340

Merged
merged 9 commits into from
Feb 7, 2025
Merged

Refactor LDAP sync to sync service structure #340

merged 9 commits into from
Feb 7, 2025

Conversation

JustSamuel
Copy link
Contributor

@JustSamuel JustSamuel commented Sep 30, 2024
edited
Loading

Description

This PR changes the syncing of users to a user-first syncing. This means that instead of having different services scattered throughout the codebase, we focus on having a single interface that can be implemented and used in the general user sync.

A sync-service should implement a sync, fetch and down function. It can also be decided to override the guard function if needed. The new syncing structure is as follows:

The user-sync-service is akin to a compound design pattern and takes an array of services to use. Each of these services implements the sync function, enabling the user to be synced with an external service. This sync has a result object which can indicate one of the following:

  • The sync was skipped for the provided user (i.e. wrong user type)
  • The sync errored (GEWISDB is down)
  • The sync result, which is either true for a successful sync or false for a bad sync.

A bad sync can be the case that the user does no longer exist in LDAP or the GEWISDB.
After the user has been synced by all the services, the following happens:

  • If none of the syncs errored, we either down a user if all services returned a bad sync, or else do nothing.

down is the function which should clean up or remove data related to the user entity. For the LDAP sync this will be removing the LDAPAuthentication entry, but for the GEWISDB sync this will mean deactivating the user in SudoSOS as no longer existing in the GEWISDB is a reason to be deactivated. This bring us to the following question:

Currently down is only called when all syncs are bad. Is this desired?

Take the cases that a user becomes inactive and removed from AD. The LDAP sync will start to report bad syncs. This could be grounds to remove the user from the LDAP table. However only calling down when all syncs report bad feels safer as it makes for a build in safeguard. This is exceptionally clear from the other case, where a user is removed from GEWISDB but still exists in AD. This is strange, and we would expect a user to also be removed from LDAP. However if they are still in AD, they could still "login", meaning that removing their whole SudoSOS account could potentially lead to a duplicate being created if they login with LDAP.

Therefore I am more inclined to go with the "all syncs should report bad" option. In the end, everything will still be cleaned. It will just take a bit longer with the safer route.

Related issues/external references

#330

Types of changes

  • New feature (non-breaking change which adds functionality)

@JustSamuel JustSamuel marked this pull request as draft September 30, 2024 00:11
@JustSamuel JustSamuel requested a review from Yoronex September 30, 2024 00:11
@JustSamuel JustSamuel force-pushed the refactor/user-sync-service branch from a7fc805 to 28aa07a Compare September 30, 2024 00:17
@github-actions GitHub Actions
Copy link

github-actions bot commented Sep 30, 2024
edited
Loading

SudoSOS Coverage Report

Commit: d514c79
Base: develop@0fc421c

Type Base This PR
Total Statements Coverage  85.26%  85.28% (+0.02%)
Total Branches Coverage  81.45%  81.53% (+0.08%)
Total Functions Coverage  87.5%  87.24% (-0.26%)
Total Lines Coverage  85.59%  85.62% (+0.03%)
Details (changed files)
FileStatementsBranchesFunctionsLines
Details (all files)
FileStatementsBranchesFunctionsLines
/src/index.ts 88.73% 20% 50% 90.57%
/src/authentication/token-handler.ts 100% 100% 100% 100%
/src/controller/authentication-controller.ts 86.62% 100% 96.15% 86.47%
/src/controller/authentication-secure-controller.ts 88.23% 100% 100% 88.23%
/src/controller/balance-controller.ts 78.04% 50% 100% 78.04%
/src/controller/banner-controller.ts 82.52% 94.11% 100% 82.52%
/src/controller/base-controller.ts 100% 100% 100% 100%
/src/controller/container-controller.ts 85.96% 78.57% 100% 85.45%
/src/controller/debtor-controller.ts 82.96% 53.33% 100% 86.71%
/src/controller/event-controller.ts 82.66% 90% 100% 82.66%
/src/controller/event-shift-controller.ts 75.82% 90% 100% 75.82%
/src/controller/invoice-controller.ts 78.33% 75.86% 92.3% 78.08%
/src/controller/payout-request-controller.ts 69.36% 73.68% 84.61% 69.36%
/src/controller/point-of-sale-controller.ts 83.01% 78.94% 100% 83%
/src/controller/product-category-controller.ts 82.45% 100% 100% 82.45%
/src/controller/product-controller.ts 85.6% 85.71% 100% 86.77%
/src/controller/rbac-controller.ts 87.58% 87.5% 100% 87.32%
/src/controller/root-controller.ts 86.2% 100% 100% 86.2%
/src/controller/seller-payout-controller.ts 84.55% 84.61% 100% 84.44%
/src/controller/server-settings-controller.ts 100% 100% 100% 100%
/src/controller/simple-file-controller.ts 11.62% 0% 0% 11.62%
/src/controller/stripe-controller.ts 92.59% 100% 100% 92.59%
/src/controller/stripe-webhook-controller.ts 97.56% 100% 87.5% 97.56%
/src/controller/test-controller.ts 33.33% 100% 0% 33.33%
/src/controller/transaction-controller.ts 85.14% 96% 100% 84.69%
/src/controller/transaction-summary-controller.ts 91.3% 100% 100% 90.9%
/src/controller/transfer-controller.ts 84.21% 93.33% 100% 83.63%
/src/controller/user-controller.ts 84.71% 92.95% 100% 84.58%
/src/controller/vat-group-controller.ts 87.8% 100% 100% 87.8%
/src/controller/voucher-group-controller.ts 79.41% 71.42% 100% 79.41%
/src/controller/write-off-controller.ts 85.45% 100% 100% 85.45%
/src/controller/request/file-request.ts 0% 0% 0% 0%
/src/controller/request/validators/container-request-spec.ts 100% 100% 100% 100%
/src/controller/request/validators/general-validators.ts 86.53% 66.66% 77.77% 84.61%
/src/controller/request/validators/invoice-request-spec.ts 96.15% 80% 100% 100%
/src/controller/request/validators/point-of-sale-request-spec.ts 95% 100% 100% 94.11%
/src/controller/request/validators/product-request-spec.ts 90.32% 57.14% 100% 90%
/src/controller/request/validators/rbac-request-spec.ts 100% 100% 100% 100%
/src/controller/request/validators/string-spec.ts 100% 100% 100% 100%
/src/controller/request/validators/update-local-request-spec.ts 100% 100% 100% 100%
/src/controller/request/validators/update-nfc-request-spec.ts 100% 100% 100% 100%
/src/controller/request/validators/update-pin-request-spec.ts 100% 100% 100% 100%
/src/controller/request/validators/user-request-spec.ts 82.6% 25% 85.71% 83.33%
/src/controller/request/validators/validation-errors.ts 87.8% 100% 62.96% 100%
/src/controller/response/dinero.ts 0% 0% 0% 0%
/src/database/database.ts 95.55% 50% 33.33% 97.72%
/src/database/schema.ts 92% 100% 50% 95.83%
/src/database/with-manager.ts 100% 100% 100% 100%
/src/entity/banner.ts 100% 100% 100% 100%
/src/entity/base-entity-without-id.ts 100% 100% 100% 100%
/src/entity/base-entity.ts 100% 100% 100% 100%
/src/entity/server-setting.ts 84.61% 0% 100% 100%
/src/entity/vat-group.ts 100% 100% 100% 100%
/src/entity/authenticator/authentication-method.ts 100% 100% 100% 100%
/src/entity/authenticator/ean-authenticator.ts 100% 100% 100% 100%
/src/entity/authenticator/hash-based-authentication-method.ts 100% 100% 100% 100%
/src/entity/authenticator/key-authenticator.ts 100% 100% 100% 100%
/src/entity/authenticator/ldap-authenticator.ts 100% 100% 100% 100%
/src/entity/authenticator/local-authenticator.ts 100% 100% 100% 100%
/src/entity/authenticator/member-authenticator.ts 100% 100% 100% 100%
/src/entity/authenticator/nfc-authenticator.ts 100% 100% 100% 100%
/src/entity/authenticator/pin-authenticator.ts 100% 100% 100% 100%
/src/entity/authenticator/reset-token.ts 100% 100% 100% 100%
/src/entity/container/container-revision.ts 95.23% 100% 83.33% 94.11%
/src/entity/container/container.ts 100% 100% 100% 100%
/src/entity/event/event-shift-answer.ts 100% 100% 100% 100%
/src/entity/event/event-shift.ts 100% 100% 100% 100%
/src/entity/event/event.ts 100% 100% 100% 100%
/src/entity/file/banner-image.ts 100% 100% 100% 100%
/src/entity/file/base-file.ts 100% 100% 100% 100%
/src/entity/file/invoice-pdf.ts 100% 100% 100% 100%
/src/entity/file/payout-request-pdf.ts 100% 100% 100% 100%
/src/entity/file/pdf-able.ts 88.88% 83.33% 88.88% 93.75%
/src/entity/file/pdf-file.ts 100% 100% 100% 100%
/src/entity/file/product-image.ts 100% 100% 100% 100%
/src/entity/file/seller-payout-pdf.ts 100% 100% 100% 100%
/src/entity/fine/fine.ts 100% 100% 100% 100%
/src/entity/fine/fineHandoutEvent.ts 100% 100% 100% 100%
/src/entity/fine/userFineGroup.ts 100% 100% 100% 100%
/src/entity/invoices/invoice-status.ts 100% 100% 100% 100%
/src/entity/invoices/invoice.ts 100% 100% 100% 100%
/src/entity/point-of-sale/point-of-sale-revision.ts 94.44% 100% 75% 93.33%
/src/entity/point-of-sale/point-of-sale.ts 100% 100% 100% 100%
/src/entity/point-of-sale/product-ordering.ts 100% 100% 100% 100%
/src/entity/product/product-category.ts 100% 100% 100% 100%
/src/entity/product/product-revision.ts 96.55% 100% 83.33% 96.15%
/src/entity/product/product.ts 100% 100% 100% 100%
/src/entity/rbac/assigned-role.ts 100% 100% 100% 100%
/src/entity/rbac/permission.ts 100% 100% 100% 100%
/src/entity/rbac/role-user-type.ts 100% 100% 100% 100%
/src/entity/rbac/role.ts 100% 100% 100% 100%
/src/entity/report/fine-report.ts 100% 100% 100% 100%
/src/entity/report/report.ts 100% 100% 100% 100%
/src/entity/stripe/stripe-deposit.ts 100% 100% 100% 100%
/src/entity/stripe/stripe-payment-intent-status.ts 100% 100% 100% 100%
/src/entity/stripe/stripe-payment-intent.ts 100% 100% 100% 100%
/src/entity/transactions/balance.ts 100% 100% 100% 100%
/src/entity/transactions/sub-transaction-row.ts 100% 100% 100% 100%
/src/entity/transactions/sub-transaction.ts 100% 100% 100% 100%
/src/entity/transactions/transaction.ts 100% 100% 100% 100%
/src/entity/transactions/transfer.ts 100% 100% 100% 100%
/src/entity/transactions/write-off.ts 100% 100% 100% 100%
/src/entity/transactions/payout/base-payout.ts 100% 100% 100% 100%
/src/entity/transactions/payout/payout-request-status.ts 100% 100% 100% 100%
/src/entity/transactions/payout/payout-request.ts 100% 100% 100% 100%
/src/entity/transactions/payout/seller-payout.ts 100% 100% 100% 100%
/src/entity/transformer/dinero-transformer.ts 100% 100% 100% 100%
/src/entity/user/invoice-user.ts 100% 100% 100% 100%
/src/entity/user/local-user.ts 100% 100% 100% 100%
/src/entity/user/user-voucher-group.ts 100% 100% 100% 100%
/src/entity/user/user.ts 97.87% 83.33% 100% 100%
/src/entity/user/voucher-group.ts 100% 100% 100% 100%
/src/errors/index.ts 100% 100% 50% 100%
/src/errors/not-implemented-error.ts 20% 0% 0% 20%
/src/errors/pdf-error.ts 100% 100% 100% 100%
/src/files/initialize.ts 100% 100% 100% 100%
/src/files/response.ts 28.57% 100% 0% 28.57%
/src/files/storage/disk-storage.ts 82.14% 66.66% 60% 82.14%
/src/files/storage/file-storage.ts 100% 100% 100% 100%
/src/files/storage/index.ts 100% 100% 50% 100%
/src/files/storage/locations.ts 100% 100% 100% 100%
/src/gewis/gewis.ts 77.77% 28.57% 71.42% 82.35%
/src/gewis/controller/gewis-authentication-controller.ts 87.5% 66.66% 100% 87.5%
/src/gewis/database/seed.ts 100% 100% 100% 100%
/src/gewis/entity/gewis-user.ts 100% 100% 100% 100%
/src/gewis/helpers/gewis-helper.ts 100% 83.33% 100% 100%
/src/gewis/service/gewisdb-sync-service.ts 91.42% 88.88% 73.33% 96.77%
/src/helpers/ad.ts 90% 100% 100% 90%
/src/helpers/bindings.ts 100% 100% 100% 100%
/src/helpers/database.ts 100% 100% 100% 100%
/src/helpers/express-pdf.ts 100% 50% 100% 100%
/src/helpers/hash.ts 100% 100% 100% 100%
/src/helpers/ordering.ts 90.9% 75% 100% 90%
/src/helpers/pagination.ts 100% 87.87% 100% 100%
/src/helpers/pdf.ts 93.93% 63.63% 100% 96.66%
/src/helpers/query-filter.ts 95.08% 93.75% 94.44% 96.07%
/src/helpers/raw-body.ts 100% 100% 100% 100%
/src/helpers/revision-to-response.ts 91.3% 64.28% 88.88% 95.23%
/src/helpers/specification-validation.ts 94.59% 87.5% 88.88% 96.87%
/src/helpers/timestamps.ts 58.82% 60% 66.66% 56.25%
/src/helpers/token-helper.ts 100% 100% 100% 100%
/src/helpers/transaction-mapper.ts 90% 100% 76.19% 91.07%
/src/helpers/validators.ts 94.54% 88.88% 100% 97.67%
/src/mailer/index.ts 100% 100% 100% 100%
/src/mailer/mail-body-generator.ts 91.66% 83.33% 100% 91.66%
/src/mailer/mail-message.ts 100% 100% 100% 100%
/src/mailer/mailer.ts 100% 100% 100% 100%
/src/mailer/transporter.ts 100% 100% 100% 100%
/src/mailer/messages/changed-pin.ts 85.71% 100% 0% 85.71%
/src/mailer/messages/forgot-event-planning.ts 76.92% 100% 57.14% 76.92%
/src/mailer/messages/hello-world.ts 100% 100% 100% 100%
/src/mailer/messages/index.ts 100% 100% 100% 100%
/src/mailer/messages/mail-content-builder.ts 81.81% 53.33% 100% 81.81%
/src/mailer/messages/membership-expiry-notification.ts 86.66% 50% 66.66% 86.66%
/src/mailer/messages/password-reset.ts 33.33% 0% 0% 33.33%
/src/mailer/messages/user-debt-notification.ts 85.71% 100% 60% 85.71%
/src/mailer/messages/user-got-fined.ts 76.92% 100% 57.14% 76.92%
/src/mailer/messages/user-will-get-fined.ts 70.37% 50% 60% 70.37%
/src/mailer/messages/welcome-to-sudosos.ts 85.71% 100% 60% 85.71%
/src/mailer/messages/welcome-with-reset.ts 85.71% 100% 60% 85.71%
/src/middleware/policy-middleware.ts 100% 100% 100% 100%
/src/middleware/request-validator-middleware.ts 92.3% 66.66% 100% 100%
/src/middleware/restriction-middleware.ts 96.15% 93.33% 75% 100%
/src/middleware/token-middleware.ts 100% 100% 100% 100%
/src/migrations/1707251162194-invoice-refactor.ts 5.71% 0% 0% 6.06%
/src/migrations/1720608140757-soft-deletes.ts 25% 100% 0% 25%
/src/migrations/1720610649657-payout-request-pdf.ts 12.5% 100% 0% 14.28%
/src/migrations/1720624912260-database-rbac.ts 13.72% 0% 4.76% 14.43%
/src/migrations/1721916495084-transfers-vat.ts 16.66% 0% 0% 18.18%
/src/migrations/1722004753128-write-offs.ts 23.8% 0% 0% 26.31%
/src/migrations/1722022351000-pos-cashiers.ts 33.33% 100% 0% 33.33%
/src/migrations/1722083254200-server-settings.ts 50% 100% 0% 50%
/src/migrations/1722084520361-pos-users.ts 21.05% 100% 0% 22.22%
/src/migrations/1722118077157-invoice-rework.ts 13.33% 0% 0% 14.28%
/src/migrations/1722517212441-nested-product-categories.ts 15.38% 100% 0% 16.66%
/src/migrations/1722869409448-stripe-payment-intents.ts 11.11% 100% 16.66% 12.12%
/src/migrations/1724506999318-invoice-as-topups.ts 11.39% 0% 0% 12.5%
/src/migrations/1724855153990-seller-payouts.ts 13.55% 0% 5.55% 15.23%
/src/migrations/1725196803203-user-type-enums.ts 15% 0% 0% 15%
/src/migrations/1725388477226-custom-invoice-entries.ts 15.38% 0% 0% 16.66%
/src/migrations/1726066600389-seller-payout-pdf.ts 23.07% 100% 25% 25%
/src/migrations/1726689003147-ldap-objectguid.ts 12% 0% 0% 13.63%
/src/rbac/default-roles.ts 100% 100% 100% 100%
/src/rbac/role-manager.ts 86% 81.81% 91.66% 88.09%
/src/server-settings/server-settings-store.ts 98.24% 88.88% 100% 100%
/src/server-settings/setting-defaults.ts 100% 100% 100% 100%
/src/service/ad-service.ts 100% 75% 100% 100%
/src/service/authentication-service.ts 92.5% 73.07% 100% 92.03%
/src/service/balance-service.ts 98.27% 87.27% 100% 98.05%
/src/service/banner-service.ts 95.23% 88.88% 100% 95.12%
/src/service/container-service.ts 97.02% 85.18% 100% 100%
/src/service/debtor-service.ts 98.41% 85% 100% 100%
/src/service/event-service.ts 100% 100% 100% 100%
/src/service/file-service.ts 97.22% 72.22% 100% 97.18%
/src/service/invoice-service.ts 93.75% 57.14% 95.55% 97.9%
/src/service/payout-request-service.ts 100% 97.36% 100% 100%
/src/service/point-of-sale-service.ts 97.26% 88.88% 100% 100%
/src/service/product-category-service.ts 100% 100% 100% 100%
/src/service/product-service.ts 94.44% 78.26% 95.45% 94.87%
/src/service/rbac-service.ts 96.34% 86.95% 100% 100%
/src/service/report-service.ts 99.01% 90% 100% 100%
/src/service/seller-payout-service.ts 100% 100% 100% 100%
/src/service/stripe-service.ts 98.5% 92.85% 100% 98.41%
/src/service/transaction-service.ts 96.99% 83.95% 100% 96.69%
/src/service/transaction-summary-service.ts 93.54% 100% 87.5% 92.59%
/src/service/transfer-service.ts 100% 97.43% 100% 100%
/src/service/user-service.ts 90.98% 56.6% 84.61% 94.49%
/src/service/vat-group-service.ts 97.36% 76.47% 93.75% 96.96%
/src/service/voucher-group-service.ts 100% 100% 100% 100%
/src/service/write-off-service.ts 100% 85.71% 100% 100%
/src/service/pdf/invoice-pdf-service.ts 97.05% 87.5% 100% 96.66%
/src/service/pdf/payout-request-pdf-service.ts 100% 100% 100% 100%
/src/service/pdf/pdf-service.ts 100% 75% 100% 100%
/src/service/pdf/report-pdf-service.ts 100% 100% 100% 100%
/src/service/pdf/seller-payout-pdf-service.ts 50% 100% 20% 57.14%
/src/service/pdf/user-report-pdf-service.ts 95% 50% 100% 100%
/src/service/sync/sync-service.ts 22.22% 0% 0% 25%
/src/service/sync/user/ldap-sync-service.ts 94.38% 70.58% 100% 96.15%
/src/service/sync/user/user-sync-service.ts 100% 100% 100% 100%
/src/start/swagger.ts 82.5% 53.33% 66.66% 82.05%
/src/subscriber/index.ts 100% 100% 100% 100%
/src/subscriber/transaction-subscriber.ts 91.17% 88.88% 66.66% 92.85%
/src/subscriber/transfer-subscriber.ts 100% 100% 100% 100%

Yoronex
Yoronex reviewed Sep 30, 2024
View reviewed changes
@JustSamuel JustSamuel force-pushed the refactor/user-sync-service branch 10 times, most recently from 4a524be to 446691f Compare October 2, 2024 14:04
@JustSamuel JustSamuel changed the title Refactor user sync service Refactor LDAP sync to sync service structure Oct 2, 2024
@JustSamuel JustSamuel force-pushed the refactor/user-sync-service branch from cc05292 to 72f2e5b Compare October 6, 2024 20:45
@JustSamuel JustSamuel force-pushed the refactor/user-sync-service branch 4 times, most recently from ef207b5 to 24c9f3c Compare November 20, 2024 13:17
@JustSamuel JustSamuel force-pushed the refactor/user-sync-service branch 8 times, most recently from 1c88b3d to df93c65 Compare January 19, 2025 19:21
@JustSamuel JustSamuel requested a review from Yoronex January 19, 2025 19:21
@JustSamuel JustSamuel force-pushed the refactor/user-sync-service branch from df93c65 to 302f5cc Compare January 19, 2025 19:26
@JustSamuel JustSamuel marked this pull request as ready for review January 19, 2025 19:27
@JustSamuel JustSamuel force-pushed the refactor/user-sync-service branch 2 times, most recently from 4321116 to bc3d5ab Compare January 21, 2025 16:19
This was linked to issues Jan 24, 2025
[Feature] Always sync AD service accounts, even if they do not yet exist in SudoSOS #330
Closed
[Refactor] User syncing #331
Closed
@JustSamuel JustSamuel force-pushed the refactor/user-sync-service branch from bc3d5ab to ea55643 Compare January 25, 2025 00:41
Yoronex
Yoronex reviewed Jan 26, 2025
View reviewed changes
@JustSamuel JustSamuel force-pushed the refactor/user-sync-service branch 4 times, most recently from c66f410 to a982f76 Compare February 2, 2025 17:37
@JustSamuel JustSamuel requested a review from Yoronex February 7, 2025 15:54
@JustSamuel JustSamuel force-pushed the refactor/user-sync-service branch from a982f76 to d514c79 Compare February 7, 2025 15:54
@JustSamuel JustSamuel merged commit 1e02f0b into develop Feb 7, 2025
6 checks passed
@JustSamuel JustSamuel deleted the refactor/user-sync-service branch February 7, 2025 16:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Yoronex Yoronex Yoronex approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Refactor] User syncing [Feature] Always sync AD service accounts, even if they do not yet exist in SudoSOS
2 participants
@JustSamuel @Yoronex