[BUG] 🐛 Fixed filter users by group (#418)

Signed-off-by: Emmanuel Barrios <emmanuel.barrios@insee.fr>

Author: Emmanuel Barrios

sugoi-api-file-store-provider/src/main/java/fr/insee/sugoi/store/file/FileWriterStore.java

@@ -308,7 +308,7 @@ public ProviderResponse addUserToGroup(
                   () -> new UserNotFoundException(config.get(GlobalKeysConfig.REALM), userId));
       if (user != null) {
         try {
-          user.addGroup(new Group(appName, groupName));
+          user.addGroup(new Group(groupName, appName));
           updateUser(user, new ProviderRequest(null, false, null));
           if (group.getUsers() == null) {
             group.setUsers(new ArrayList<>());

sugoi-api-file-store-provider/src/test/java/fr/insee/sugoi/store/file/FileWriterStoreTest.java

@@ -77,8 +77,8 @@ public void setup() {
       testoOrgAdress.setLines(
           new String[] {"Insee", null, null, "88 AVE VERDIER", null, null, null});
 
-      Group utilisateursApplitest = new Group("Applitest", "Utilisateurs_Applitest");
-      Group adminApplitest = new Group("Applitest", "Administrateurs_Applitest");
+      Group utilisateursApplitest = new Group("Utilisateurs_Applitest", "Applitest");
+      Group adminApplitest = new Group("Administrateurs_Applitest", "Applitest");
       adminApplitest.setDescription("toto");
       User simpleTestcUser = new User();
       simpleTestcUser.setUsername("testc");
@@ -254,33 +254,28 @@ public void testDeleteUser() {
         fileReaderStore.getGroup("Applitest", "Utilisateurs_Applitest").get().getUsers().stream()
             .anyMatch(user -> user.getUsername().equalsIgnoreCase("byebye")));
     assertThat(
-        "byebye is in Utilisateurs_Applitest",
+        "byebye is in Utilisateurs",
         fileReaderStore.getUsersInGroup("Applitest", "Utilisateurs_Applitest").getResults().stream()
             .anyMatch(user -> user.getUsername().equalsIgnoreCase("byebye")));
     fileWriterStore.deleteUser("byebye", null);
     assertThat("byebye should have been deleted", fileReaderStore.getUser("byebye").isEmpty());
     assertThat(
-        "byebye should no more be in Utilisateurs_Applitest",
-        !fileReaderStore.getGroup("Applitest", "Utilisateurs_Applitest").get().getUsers().stream()
-            .anyMatch(user -> user.getUsername().equalsIgnoreCase("byebye")));
+        "byebye should no more be in Utilisateurs",
+        fileReaderStore.getGroup("Applitest", "Utilisateurs_Applitest").get().getUsers().stream()
+            .noneMatch(user -> user.getUsername().equalsIgnoreCase("byebye")));
     assertThat(
-        "byebye is in Utilisateurs_Applitest",
-        !fileReaderStore
-            .getUsersInGroup("Applitest", "Utilisateurs_Applitest")
-            .getResults()
-            .stream()
-            .anyMatch(user -> user.getUsername().equalsIgnoreCase("byebye")));
+        "byebye is in Utilisateurs",
+        fileReaderStore.getUsersInGroup("Applitest", "Utilisateurs_Applitest").getResults().stream()
+            .noneMatch(user -> user.getUsername().equalsIgnoreCase("byebye")));
   }
 
   @Test
   public void testCreateApplication() {
     Application application = new Application();
     application.setName("MyApplication");
     List<Group> groups = new ArrayList<>();
-    Group group1 = new Group();
-    group1.setName("Group1_MyApplication");
-    Group group2 = new Group();
-    group2.setName("Group2_MyApplication");
+    Group group1 = new Group("Group1_MyApplication", "MyApplication");
+    Group group2 = new Group("Group2_MyApplication", "MyApplication");
     group2.setUsers(List.of(new User("toto")));
     groups.add(group1);
     groups.add(group2);
@@ -300,8 +295,7 @@ public void testCreateApplication() {
   @Test
   public void testUpdateApplication() {
     Application application = fileReaderStore.getApplication("Applitest").get();
-    Group group1 = new Group();
-    group1.setName("Group1_Applitest");
+    Group group1 = new Group("Group1_Applitest", "Applitest");
     application.getGroups().add(group1);
     application.getGroups().get(0).setDescription("new description");
     application.getGroups().stream()
@@ -322,8 +316,8 @@ public void testUpdateApplication() {
             .anyMatch(group -> group.getDescription().equals("new description")));
     assertThat(
         "Users should not have been modified",
-        !retrievedApplication.getGroups().stream()
-            .anyMatch(
+        retrievedApplication.getGroups().stream()
+            .noneMatch(
                 group ->
                     group.getName().equals("Utilisateurs_Applitest")
                         && group.getUsers().size() != 3));
@@ -334,8 +328,8 @@ public void testDeleteApplication() {
     Application application = new Application();
     application.setName("NotEmptyApplication");
     List<Group> groups = new ArrayList<>();
-    Group group1 = new Group();
-    group1.setName("Group1_NotEmptyApplication");
+    Group group1 = new Group("Group1_NotEmptyApplication", "NotEmptyApplication");
+    groups.add(group1);
     application.setGroups(groups);
     fileWriterStore.createApplication(application, null);
     assertThat(
@@ -350,8 +344,7 @@ public void testDeleteApplication() {
 
   @Test
   public void testCreateGroup() {
-    Group group = new Group();
-    group.setName("Groupy_Applitest");
+    Group group = new Group("Groupy_Applitest", "Applitest");
     group.setDescription("Super groupy de test");
     User user = new User();
     user.setUsername("usery");
@@ -367,13 +360,12 @@ public void testCreateGroup() {
 
   @Test
   public void testDeleteGroup() {
-    Group group = new Group();
-    group.setName("Asupprimer_WebServicesLdap");
+    Group group = new Group("Asupprimer_WebServicesLdap", "WebServicesLdap");
     group.setDescription("supprime ce groupe");
     fileWriterStore.createGroup("WebServicesLdap", group, null);
     fileWriterStore.deleteGroup("WebServicesLdap", "Asupprimer_WebServicesLdap", null);
     assertThat(
-        "Should have been deleted",
+        "Asupprimer Should have been deleted",
         fileReaderStore.getGroup("WebServicesLdap", "Asupprimer_WebServicesLdap").isEmpty());
   }
 

sugoi-api-ldap-store-provider/src/main/java/fr/insee/sugoi/store/ldap/LdapReaderStore.java

@@ -263,16 +263,13 @@ private <MapperType> Filter getFilterFromObject(
       return LdapFilter.and(
           mapper.createAttributesForFilter(object).stream()
               .filter(attribute -> !attribute.getValue().equals(""))
-              .map(
-                  attribute -> {
-                    return LdapFilter.contains(attribute.getName(), attribute.getValues());
-                  })
+              .map(attribute -> LdapFilter.createFilter(attribute.getName(), attribute.getValues()))
               .collect(Collectors.toList()));
     } else if (searchType.equalsIgnoreCase("OR")) {
       List<Filter> objectClassListFilter =
           mapper.createAttributesForFilter(object).stream()
               .filter(attribute -> attribute.getName().equals("objectClass"))
-              .map(attribute -> LdapFilter.contains(attribute.getName(), attribute.getValues()))
+              .map(attribute -> LdapFilter.createFilter(attribute.getName(), attribute.getValues()))
               .collect(Collectors.toList());
 
       List<Filter> attributeListFilter =
@@ -281,7 +278,7 @@ private <MapperType> Filter getFilterFromObject(
                   attribute ->
                       !attribute.getName().equals("objectClass")
                           && !attribute.getValue().equals(""))
-              .map(attribute -> LdapFilter.contains(attribute.getName(), attribute.getValues()))
+              .map(attribute -> LdapFilter.createFilter(attribute.getName(), attribute.getValues()))
               .collect(Collectors.toList());
 
       if (!objectClassListFilter.isEmpty() && attributeListFilter.isEmpty()) {

sugoi-api-ldap-store-provider/src/test/java/fr/insee/sugoi/ldap/LdapReaderStoreTest.java

@@ -208,9 +208,9 @@ public void testSearchUserWithMatchingMail() {
   }
 
   @Test
-  public void testSearchUsersWithMatchingGroup() {
+  void testSearchUsersWithMatchingGroup() {
     User testUser = new User();
-    testUser.setGroups(List.of(new Group("Utilisateurs_Applitest")));
+    testUser.setGroups(List.of(new Group("Utilisateurs_Applitest", "Applitest")));
     List<User> users =
         ldapReaderStore.searchUsers(testUser, new PageableResult(), "AND").getResults();
     assertThat(

sugoi-api-ldap-store-provider/src/test/java/fr/insee/sugoi/ldap/LdapWriterStoreTest.java

@@ -267,10 +267,8 @@ public void testCreateApplication() {
     Application application = new Application();
     application.setName("MyApplication");
     List<Group> groups = new ArrayList<>();
-    Group group1 = new Group();
-    group1.setName("Group1_MyApplication");
-    Group group2 = new Group();
-    group2.setName("Group2_MyApplication");
+    Group group1 = new Group("Group1_MyApplication", "MyApplication");
+    Group group2 = new Group("Group2_MyApplication", "MyApplication");
     groups.add(group1);
     groups.add(group2);
     application.setGroups(groups);
@@ -286,8 +284,7 @@ public void testCreateApplication() {
   @Test
   public void testUpdateApplicationWithGroupAdding() {
     Application application = ldapReaderStore.getApplication("Applitest").get();
-    Group group1 = new Group();
-    group1.setName("Group1_Applitest");
+    Group group1 = new Group("Group1_Applitest", "Applitest");
     application.getGroups().add(group1);
     ldapWriterStore.updateApplication(application, null);
     Application retrievedApplication = ldapReaderStore.getApplication("Applitest").get();
@@ -346,8 +343,7 @@ public void testDeleteApplication() {
     Application application = new Application();
     application.setName("NotEmptyApplication");
     List<Group> groups = new ArrayList<>();
-    Group group1 = new Group();
-    group1.setName("Group1_NotEmptyApplication");
+    Group group1 = new Group("Group1_NotEmptyApplication", "NotEmptyApplication");
     application.setGroups(groups);
     ldapWriterStore.createApplication(application, null);
     ldapWriterStore.deleteApplication("NotEmptyApplication", null);
@@ -361,8 +357,7 @@ public void testDeleteApplication() {
 
   @Test
   public void testCreateGroup() {
-    Group group = new Group();
-    group.setName("Groupy_Applitest");
+    Group group = new Group("Groupy_Applitest", "Applitest");
     group.setDescription("Super groupy de test");
     User user = new User();
     user.setUsername("usery");
@@ -389,8 +384,7 @@ void testCreateGroupApplicationNotFound() {
 
   @Test
   public void testDeleteGroup() {
-    Group group = new Group();
-    group.setName("Asupprimer_WebServicesLdap");
+    Group group = new Group("Asupprimer_WebServicesLdap", "WebServicesLdap");
     group.setDescription("supprime ce groupe");
     ldapWriterStore.createGroup("WebServicesLdap", group, null);
     ldapWriterStore.deleteGroup("WebServicesLdap", "Asupprimer_WebServicesLdap", null);

sugoi-api-ldap-store-provider/src/test/resources/ldap.ldif

@@ -264,7 +264,7 @@ objectClass: inseeAttributsAuthentification
 objectClass: inseeAttributsHabilitation
 objectClass: inseeAttributsCommunication
 inseeOrganisationDN: uid=testo,ou=organisations,ou=clients_domaine1,o=insee,c=fr
-memberOf: cn=Administrateur_Applitest,ou=Applitest_Objets,ou=Applitest,ou=Applications,o=insee,c=fr
+memberOf: cn=Administrateurs_Applitest,ou=Applitest_Objets,ou=Applitest,ou=Applications,o=insee,c=fr
 uid: nogroup
 
 dn: uid=byebye,ou=contacts,ou=clients_domaine1,o=insee,c=fr

sugoi-api-ldap-utils/src/main/java/fr/insee/sugoi/ldap/utils/LdapFilter.java

@@ -25,13 +25,14 @@ public static Filter exists(String property) {
     return Filter.createPresenceFilter(property);
   }
 
-  public static Filter contains(String property, String[] values) {
+  public static Filter createFilter(String property, String[] values) {
     return LdapFilter.and(
-        Arrays.asList(values).stream()
+        Arrays.stream(values)
             .map(
                 value ->
                     property.equalsIgnoreCase("objectclass")
-                        ? Filter.createEqualityFilter("objectclass", value)
+                            || property.equalsIgnoreCase("memberOf")
+                        ? Filter.createEqualityFilter(property, value)
                         : Filter.createSubAnyFilter(property, value))
             .collect(Collectors.toList()));
   }

sugoi-api-ldap-utils/src/main/java/fr/insee/sugoi/ldap/utils/mapper/GenericLdapMapper.java

@@ -207,7 +207,7 @@ private static Object transformLdapAttributeToSugoiAttribute(
                       pattern.matcher(attributeValue.substring(attributeValue.indexOf(",") + 1));
                   if (matcher.matches()) {
                     return new Group(
-                        matcher.group(1), LdapUtils.getNodeValueFromDN(attributeValue));
+                        LdapUtils.getNodeValueFromDN(attributeValue), matcher.group(1));
                   } else {
                     return null;
                   }
@@ -272,17 +272,17 @@ private static Attribute transformSugoiToAttribute(
         // Assume that if list is empty it's really to set an empty list (delete all
         // values)
         // Groups list can be set null if not needed
+        String genericGroup = "cn={group}" + "," + config.get(LdapConfigKeys.GROUP_SOURCE_PATTERN);
+
         return new Attribute(
             ldapAttributeName,
             ((List<Group>) sugoiValue)
                 .stream()
                     .map(
                         group ->
-                            String.format(
-                                // TODO should be a param
-                                "cn=%s,",
-                                //
-                                group.getName()))
+                            genericGroup
+                                .replace("{appliname}", group.getAppName())
+                                .replace("{group}", group.getName()))
                     .collect(Collectors.toList()));
       case LIST_STRING:
         // Assume that if list is empty it's really to set an empty list (delete all

sugoi-api-model/src/main/java/fr/insee/sugoi/model/Group.java

@@ -28,9 +28,9 @@ public Group(String name) {
     this.name = name;
   }
 
-  public Group(String appName, String name) {
-    this.appName = appName;
+  public Group(String name, String appName) {
     this.name = name;
+    this.appName = appName;
   }
 
   public String getName() {

sugoi-api-model/src/main/java/fr/insee/sugoi/model/User.java

@@ -33,7 +33,6 @@ public class User implements Serializable {
   private List<Group> groups;
   // Don't set a default empty list to distinguish case null (not provided) and empty
   private List<Habilitation> habilitations;
-
   private PostalAddress address;
   private Map<String, Object> metadatas = new HashMap<>();
   private Map<String, Object> attributes = new HashMap<>();