Merge pull request #944 from portagenetwork/aaron/issues/912

Add rake task for `openid_connect` / CILogon cleanup
portagenetwork · Nov 6, 2024 · 344b823 · 344b823
2 parents c6134ae + 0a2b126
commit 344b823
Show file tree

Hide file tree

Showing 2 changed files with 51 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,10 @@
 
 ## [Unreleased]
 
+### Added
+
+ - Add rake task for openid_connect / CILogon cleanup [#944](https://github.com/portagenetwork/roadmap/pull/944)
+
 ### Changed
 
  - Email Confirmation Changes [#923](https://github.com/portagenetwork/roadmap/pull/923)

diff --git a/lib/tasks/dmp_assistant_upgrade.rake b/lib/tasks/dmp_assistant_upgrade.rake
@@ -12,7 +12,12 @@ namespace :dmp_assistant_upgrade do
     p '------------------------------------------------------------------------'
     handle_email_confirmations_for_existing_users
     p 'Task completed: Handle email confirmations for existing users'
-    p 'All tasks completed successfully'
+    p 'Beginning task: Update `openid_connect` IdentifierScheme and its identifers'
+    p '------------------------------------------------------------------------'
+    if openid_scheme_and_its_identifiers_updated?
+      p 'Task completed: Update `openid_connect` IdentifierScheme and its identifers'
+      p 'All tasks completed successfully'
+    end
   end
   # rubocop:enable Naming/VariableNumber
 
@@ -53,4 +58,45 @@ namespace :dmp_assistant_upgrade do
   def super_admin_perm_ids
     [Perm.add_orgs.id, Perm.grant_api.id, Perm.change_affiliation.id]
   end
+
+  # Returns a boolean indicating whether the task was executed successfully
+  def openid_scheme_and_its_identifiers_updated?
+    identifier_scheme = IdentifierScheme.includes(:identifiers)
+                                        .find_by!(name: 'openid_connect')
+    old_prefix = identifier_scheme.identifier_prefix
+    p "Updating identifier_prefix to '' for openid_connect IdentifierScheme"
+    p '------------------------------------------------------------------------'
+    begin
+      ensure_correct_identifier_prefix(old_prefix)
+    rescue StandardError => e
+      p "Error updating IdentifierScheme: #{e.message}"
+      return false
+    end
+
+    # Update identifier_prefix to '' for openid_connect
+    identifier_scheme.update!(identifier_prefix: '')
+    p "identifier_prefix updated from #{old_prefix} to '' for #{identifier_scheme.name} IdentifierScheme"
+    p "Updating prefixed value for identifiers with multiple occurences of 'cilogon'"
+    p '------------------------------------------------------------------------'
+    find_and_update_identifiers(identifier_scheme, old_prefix)
+    true
+  end
+
+  def ensure_correct_identifier_prefix(prefix)
+    expected_prefix = 'http://cilogon.org/serverE/users/'
+    error_msg = "Unexpected identifier_prefix! Expected #{expected_prefix} but got #{prefix}."
+    raise error_msg unless prefix == expected_prefix
+  end
+
+  def find_and_update_identifiers(identifier_scheme, old_prefix)
+    # `identifier_scheme.identifiers` == openid_connect-related identifiers
+    # Get identifiers where `.value` has both the old_prefix and multiple occurences of 'cilogon'
+    identifiers = identifier_scheme.identifiers.where('value ~* ?', "#{old_prefix}.+cilogon.+")
+    count = identifiers.count
+    p "(Found #{count} such identifiers)"
+    # identifier_scheme.identifier_prefix was initially used to prefix identifier.value
+    # Update by removing old_prefix from identifier.value
+    identifiers.each { |identifier| identifier.update!(value: identifier.value.delete_prefix(old_prefix)) }
+    p "Updated prefixed value from #{old_prefix} to '' for #{count} identifiers"
+  end
 end