Merge pull request #36 from City-of-Helsinki/UHF-9466

UHF-9466: Exclude Tunnistamo users from User Expire, automatic phpcs fixes
City-of-Helsinki · Apr 30, 2024 · e968d82 · e968d82
2 parents 18aa1b6 + c9bfede
commit e968d82
Show file tree

Hide file tree

Showing 7 changed files with 103 additions and 9 deletions.
diff --git a/helfi_tunnistamo.module b/helfi_tunnistamo.module
@@ -8,6 +8,8 @@
 declare(strict_types=1);
 
 use Drupal\Component\Uuid\Uuid;
+use Drupal\Core\Database\Query\AlterableInterface;
+use Drupal\Core\Database\Query\SelectInterface;
 use Drupal\Core\Form\FormStateInterface;
 use Drupal\helfi_tunnistamo\Plugin\OpenIDConnectClient\Tunnistamo;
 use Drupal\openid_connect\Entity\OpenIDConnectClientEntity;
@@ -36,7 +38,7 @@ function helfi_tunnistamo_form_user_form_alter(&$form, FormStateInterface $form_
     return;
   }
 
-  if (!\Drupal::service('externalauth.authmap')->getAll($account->id())) {
+  if (!Drupal::service('externalauth.authmap')->getAll($account->id())) {
     return;
   }
   // Prevent users from changing the email if they have used openid_connect
@@ -63,7 +65,7 @@ function helfi_tunnistamo_create_email(array $userinfo) : string {
  */
 function helfi_tunnistamo_openid_connect_userinfo_alter(
   array &$userinfo,
-  array $context
+  array $context,
 ) : void {
   $plugin = OpenIDConnectClientEntity::load($context['plugin_id'])?->getPlugin();
 
@@ -84,3 +86,16 @@ function helfi_tunnistamo_openid_connect_userinfo_alter(
   }
 
 }
+
+/**
+ * Implements hook_query_TAG_alter().
+ *
+ * Exclude Tunnistamo users from User Expire feature.
+ */
+function helfi_tunnistamo_query_expired_users_alter(AlterableInterface $query) : void {
+  assert($query instanceof SelectInterface);
+  // Only load users that have no 'authmap' entry. This should exclude
+  // all Tunnistamo users.
+  $query->leftJoin('authmap', 'a', 'a.uid = users_field_data.uid');
+  $query->condition('a.uid', operator: 'IS NULL');
+}
diff --git a/src/Event/RedirectUrlEvent.php b/src/Event/RedirectUrlEvent.php
@@ -27,7 +27,7 @@ final class RedirectUrlEvent extends Event {
   public function __construct(
     private Url $redirectUrl,
     private Request $request,
-    private Tunnistamo $client
+    private Tunnistamo $client,
   ) {
   }
 

diff --git a/src/EventSubscriber/HttpExceptionSubscriber.php b/src/EventSubscriber/HttpExceptionSubscriber.php
@@ -29,7 +29,7 @@ final class HttpExceptionSubscriber extends HttpExceptionSubscriberBase {
   public function __construct(
     private EntityTypeManagerInterface $entityTypeManager,
     private OpenIDConnectSession $session,
-    private AccountProxyInterface $accountProxy
+    private AccountProxyInterface $accountProxy,
   ) {
   }
 

diff --git a/src/Plugin/OpenIDConnectClient/Tunnistamo.php b/src/Plugin/OpenIDConnectClient/Tunnistamo.php
@@ -46,7 +46,7 @@ public static function create(
     ContainerInterface $container,
     array $configuration,
     $plugin_id,
-    $plugin_definition
+    $plugin_definition,
   ) : self {
     $instance = parent::create($container, $configuration, $plugin_id, $plugin_definition);
     $instance->eventDispatcher = $container->get('event_dispatcher');
@@ -99,7 +99,7 @@ private function isDebugLogEnabled(): bool {
    */
   protected function getRedirectUrl(
     array $route_parameters = [],
-    array $options = []
+    array $options = [],
   ): Url {
     $url = parent::getRedirectUrl($route_parameters, $options);
     /** @var \Drupal\helfi_tunnistamo\Event\RedirectUrlEvent $urlEvent */
@@ -150,7 +150,7 @@ public function getEndpoints(): array {
    */
   public function buildConfigurationForm(
     array $form,
-    FormStateInterface $form_state
+    FormStateInterface $form_state,
   ): array {
     $form = parent::buildConfigurationForm($form, $form_state);
 

diff --git a/tests/src/Kernel/KernelTestBase.php b/tests/src/Kernel/KernelTestBase.php
@@ -42,6 +42,7 @@ protected function setUp(): void {
     $this->installConfig('helfi_tunnistamo');
     $this->installEntitySchema('action');
     $this->installEntitySchema('user');
+    $this->installSchema('externalauth', ['authmap']);
 
   }
 
@@ -66,7 +67,7 @@ protected function setupEndpoints(
     ?string $authorization = 'https://localhost/authorization',
     ?string $token = 'https://localhost/token',
     ?string $userinfo = 'https://localhost/userinfo',
-    ?string $endSession = 'https://localhost/endsession'
+    ?string $endSession = 'https://localhost/endsession',
   ) : void {
     $this->container->get('kernel')->rebuildContainer();
     $this->setPluginConfiguration('environment_url', $environmentUrl);

diff --git a/tests/src/Kernel/UserExpireTest.php b/tests/src/Kernel/UserExpireTest.php
@@ -0,0 +1,79 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Drupal\Tests\helfi_tunnistamo\Kernel;
+
+use Drupal\helfi_api_base\Features\FeatureManager;
+use Drupal\helfi_api_base\UserExpire\UserExpireManager;
+use Drupal\Tests\user\Traits\UserCreationTrait;
+use Drupal\user\Entity\User;
+
+/**
+ * Tests API Base's user expiration feature with Tunnistamo.
+ *
+ * @group helfi_tunnistamo
+ */
+class UserExpireTest extends KernelTestBase {
+
+  use UserCreationTrait;
+
+  /**
+   * {@inheritdoc}
+   */
+  protected function setUp() : void {
+    parent::setUp();
+
+    /** @var \Drupal\helfi_api_base\Features\FeatureManager $featureManager */
+    $featureManager = $this->container->get(FeatureManager::class);
+    $featureManager->enableFeature(FeatureManager::USER_EXPIRE);
+  }
+
+  /**
+   * Gets the SUT.
+   *
+   * @return \Drupal\helfi_api_base\UserExpire\UserExpireManager
+   *   The SUT.
+   */
+  public function getSut() : UserExpireManager {
+    return $this->container->get(UserExpireManager::class);
+  }
+
+  /**
+   * Tests the expired users.
+   */
+  public function testTunnistamoUsers() : void {
+    /** @var \Drupal\user\UserInterface[] $users */
+    $users = [
+      '1' => $this->createUser(),
+      '2' => $this->createUser(),
+    ];
+
+    foreach ($users as $user) {
+      // Make sure users have never logged in.
+      $this->assertEquals(0, $user->getLastAccessedTime());
+      $this->assertTrue($user->getCreatedTime() > 0);
+      // Set access time over the threshold.
+      $user->setLastAccessTime(strtotime('-7 months'))
+        ->save();
+    }
+    // Make sure both users are marked as expired.
+    $expired = $this->getSut()->getExpiredUserIds();
+    $this->assertEquals([1 => 1, 2 => 2], $expired);
+
+    /** @var \Drupal\externalauth\ExternalAuthInterface $externalAuth */
+    $externalAuth = $this->container->get('externalauth.externalauth');
+    $externalAuth->linkExistingAccount('123', 'openid_connect.tunnistamo', $users['2']);
+
+    // Make sure user 2 is not marked as expired after logging in using
+    // Tunnistamo.
+    $expired = $this->getSut()->getExpiredUserIds();
+    $this->assertArrayNotHasKey(2, $expired);
+
+    $this->getSut()->cancelExpiredUsers();
+
+    $this->assertTrue(User::load(1)->isBlocked());
+    $this->assertFalse(User::load(2)->isBlocked());
+  }
+
+}
diff --git a/tests/src/Kernel/UserInfoAlterTest.php b/tests/src/Kernel/UserInfoAlterTest.php
@@ -26,7 +26,6 @@ class UserInfoAlterTest extends KernelTestBase {
   protected function setUp() : void {
     parent::setUp();
 
-    $this->installSchema('externalauth', ['authmap']);
     $this->installSchema('user', ['users_data']);
     $this->installConfig('user');
   }