WIP for #538

oharsta · oharsta · commit 7aa42b754915 · 2025-11-06T15:05:36.000+01:00
diff --git a/server/src/main/java/invite/api/InvitationController.java b/server/src/main/java/invite/api/InvitationController.java
@@ -109,7 +109,6 @@ public ResponseEntity<InvitationResponse> newInvitation(@Validated @RequestBody
         return this.invitationOperations.sendInvitation(invitationRequest, user, null);
     }
 
-
     @DeleteMapping("/{id}")
     public ResponseEntity<Void> deleteInvitation(@PathVariable("id") Long id,
                                                  @Parameter(hidden = true) User user) {
@@ -252,6 +251,7 @@ public ResponseEntity<Map<String, Object>> accept(@Validated @RequestBody Accept
                 saveOAuth2AuthenticationToken(authentication, user, servletRequest, servletResponse);
             }
         }
+        user.setInternalPlaceholderIdentifier(invitation.getInternalPlaceholderIdentifier());
         userRepository.save(user);
         AccessLogger.user(LOG, Event.Created, user);
         newUserRoles.forEach(userRole -> userRoleAuditService.logAction(userRole, UserRoleAudit.ActionType.ADD));
diff --git a/server/src/main/java/invite/api/InvitationOperations.java b/server/src/main/java/invite/api/InvitationOperations.java
@@ -40,6 +40,7 @@ public InvitationOperations(InvitationResource invitationResource) {
     public ResponseEntity<InvitationResponse> sendInvitation(InvitationRequest invitationRequest,
                                                              User user,
                                                              RemoteUser remoteUser) {
+        invitationRequest.verify();
         Authority intendedAuthority = invitationRequest.getIntendedAuthority();
         if (!List.of(Authority.INSTITUTION_ADMIN, Authority.SUPER_USER).contains(intendedAuthority)
                 && CollectionUtils.isEmpty(invitationRequest.getRoleIdentifiers())) {
@@ -65,19 +66,26 @@ public ResponseEntity<InvitationResponse> sendInvitation(InvitationRequest invit
                 invitationRequest.setRoleExpiryDate(Instant.now().plus(defaultExpiryDays, ChronoUnit.DAYS));
             }
         }
-
-        List<Invitation> invitations = invitationRequest.getInvites().stream()
-                .filter(email -> {
-                    boolean valid = emailFormatValidator.isValid(email);
+        List<Invite> invites = invitationRequest.getInvitations();
+        if (invites == null) {
+            invites = new ArrayList<>();
+        }
+        List<String> requestInvites = invitationRequest.getInvites();
+        if (requestInvites != null) {
+            invites.addAll(requestInvites.stream().map(invite -> new Invite(invite, null)).toList());
+        }
+        List<Invitation> invitations = invites.stream()
+                .filter(invite -> {
+                    boolean valid = emailFormatValidator.isValid(invite.getEmail());
                     if (!valid) {
-                        LOG.debug("Not sending invalid email for invitation: " + email);
+                        LOG.debug("Not sending invalid email for invitation: " + invite.getEmail());
                     }
                     return valid;
                 })
-                .map(invitee -> new Invitation(
+                .map(invite -> new Invitation(
                         intendedAuthority,
                         HashGenerator.generateRandomHash(),
-                        invitee,
+                        invite.getEmail(),
                         invitationRequest.isEnforceEmailEquality(),
                         invitationRequest.isEduIDOnly(),
                         invitationRequest.isGuestRoleIncluded(),
@@ -88,8 +96,9 @@ public ResponseEntity<InvitationResponse> sendInvitation(InvitationRequest invit
                         invitationRequest.getRoleExpiryDate(),
                         requestedRoles.stream()
                                 .map(InvitationRole::new)
-                                .collect(toSet())))
-                .toList();
+                                .collect(toSet()),
+                        invite.getInternalPlaceholderIdentifier())
+                ).toList();
         if (user == null) {
             invitations.forEach(invitation -> invitation.setRemoteApiUser(remoteUser.getName()));
         }
diff --git a/server/src/main/java/invite/exception/InvalidInputException.java b/server/src/main/java/invite/exception/InvalidInputException.java
@@ -5,6 +5,7 @@
 
 @ResponseStatus(HttpStatus.BAD_REQUEST)
 public class InvalidInputException extends BaseException {
+
     public InvalidInputException(String message) {
         super(message);
     }
diff --git a/server/src/main/java/invite/model/Invitation.java b/server/src/main/java/invite/model/Invitation.java
@@ -73,6 +73,9 @@ public class Invitation implements Serializable {
     @Column(name = "organization_guid")
     private String organizationGUID;
 
+    @Column(name = "internal_placeholder_identifier")
+    private String internalPlaceholderIdentifier;
+
     @ManyToOne(fetch = FetchType.EAGER)
     @JoinColumn(name = "inviter_id")
     @JsonIgnore
@@ -98,7 +101,8 @@ public Invitation(Authority intendedAuthority,
                       User inviter,
                       Instant expiryDate,
                       Instant roleExpiryDate,
-                      @NotEmpty Set<InvitationRole> roles) {
+                      @NotEmpty Set<InvitationRole> roles,
+                      String internalPlaceholderIdentifier) {
         this.intendedAuthority = intendedAuthority;
         this.hash = hash;
         this.enforceEmailEquality = enforceEmailEquality;
diff --git a/server/src/main/java/invite/model/InvitationRequest.java b/server/src/main/java/invite/model/InvitationRequest.java
@@ -1,11 +1,12 @@
 package invite.model;
 
-import jakarta.validation.constraints.NotEmpty;
+import invite.exception.InvalidInputException;
 import jakarta.validation.constraints.NotNull;
 import lombok.AllArgsConstructor;
 import lombok.Getter;
 import lombok.NoArgsConstructor;
 import lombok.Setter;
+import org.springframework.util.CollectionUtils;
 
 import java.io.Serializable;
 import java.time.Instant;
@@ -32,9 +33,10 @@ public class InvitationRequest implements Serializable {
 
     private boolean suppressSendingEmails;
 
-    @NotEmpty
     private List<String> invites;
 
+    private List<Invite> invitations;
+
     private List<Long> roleIdentifiers;
 
     private String organizationGUID;
@@ -43,4 +45,10 @@ public class InvitationRequest implements Serializable {
 
     @NotNull
     private Instant expiryDate;
+
+    public void verify() {
+        if (CollectionUtils.isEmpty(invitations) && CollectionUtils.isEmpty(invites)) {
+            throw new InvalidInputException("Either at least one invitation or invite is required");
+        }
+    }
 }
diff --git a/server/src/main/java/invite/model/Invite.java b/server/src/main/java/invite/model/Invite.java
@@ -0,0 +1,19 @@
+package invite.model;
+
+import lombok.AllArgsConstructor;
+import lombok.Getter;
+import lombok.NoArgsConstructor;
+import lombok.Setter;
+
+import java.io.Serializable;
+
+@Getter
+@Setter
+@NoArgsConstructor
+@AllArgsConstructor
+public class Invite implements Serializable {
+
+    private String email;
+    private String internalPlaceholderIdentifier;
+
+}
diff --git a/server/src/main/java/invite/model/User.java b/server/src/main/java/invite/model/User.java
@@ -75,6 +75,9 @@ public class User implements Serializable, Provisionable {
     @Column
     private String email;
 
+    @Column(name = "internal_placeholder_identifier")
+    private String internalPlaceholderIdentifier;
+
     @Column(name = "created_at")
     private Instant createdAt;
 
diff --git a/server/src/main/java/invite/provision/scim/UserRequest.java b/server/src/main/java/invite/provision/scim/UserRequest.java
@@ -36,6 +36,9 @@ public UserRequest(User user, Provisioning provisioning) {
         this.emails = List.of(new Email("other",user.getEmail()));
         //Add a default phonenumber, for remote systems that require that
         this.phoneNumbers = Collections.singletonList(new PhoneNumber("+31600000000"));
+        if (StringUtils.hasText(user.getInternalPlaceholderIdentifier())) {
+            this.id = user.getInternalPlaceholderIdentifier();
+        }
     }
 
     public UserRequest(User user, Provisioning provisioning, String remoteScimIdentifier) {
diff --git a/server/src/main/java/invite/repository/RemoteProvisionedUserRepository.java b/server/src/main/java/invite/repository/RemoteProvisionedUserRepository.java
@@ -12,4 +12,5 @@ public interface RemoteProvisionedUserRepository extends JpaRepository<RemotePro
 
     Optional<RemoteProvisionedUser> findByManageProvisioningIdAndUser(String manageId, User user);
 
+    Optional<RemoteProvisionedUser> findByRemoteScimIdentifier(String remoteScimIdentifier);
 }
diff --git a/server/src/main/java/invite/seed/PerformanceSeed.java b/server/src/main/java/invite/seed/PerformanceSeed.java
@@ -140,7 +140,8 @@ private Invitation createInvitation(User inviter, Role role) {
                 inviter,
                 Instant.now().plus(30, ChronoUnit.DAYS),
                 Instant.now().plus(365 * 5, ChronoUnit.DAYS),
-                roles);
+                roles,
+                null);
     }
 
     private Role createRole(List<Map<String, Object>> providers, String institutionGuid) {
diff --git a/server/src/main/resources/db/mysql/migration/V48_0__invitation_internal_placeholder_identifier.sql b/server/src/main/resources/db/mysql/migration/V48_0__invitation_internal_placeholder_identifier.sql
@@ -0,0 +1,2 @@
+ALTER TABLE `invitations`
+    add `internal_placeholder_identifier` varchar(255) DEFAULT NULL;
diff --git a/server/src/main/resources/db/mysql/migration/V49_0__user_internal_placeholder_identifier.sql b/server/src/main/resources/db/mysql/migration/V49_0__user_internal_placeholder_identifier.sql
@@ -0,0 +1,2 @@
+ALTER TABLE `users`
+    add `internal_placeholder_identifier` varchar(255) DEFAULT NULL;
diff --git a/server/src/test/java/invite/AbstractTest.java b/server/src/test/java/invite/AbstractTest.java
@@ -659,31 +659,31 @@ private void doSeed() {
 
         Invitation superUserInvitation =
                 new Invitation(Authority.SUPER_USER, Authority.SUPER_USER.name(), "super_user@new.com", false, false, false, message, Language.en,
-                        inviter, expiryDate, roleExpiryDate, Set.of());
+                        inviter, expiryDate, roleExpiryDate, Set.of(), null);
         Invitation managerInvitation =
                 new Invitation(Authority.MANAGER, Authority.MANAGER.name(), "manager@new.com", false, false, false, message, Language.en,
-                        inviter, expiryDate, roleExpiryDate, Set.of(new InvitationRole(research)));
+                        inviter, expiryDate, roleExpiryDate, Set.of(new InvitationRole(research)), null);
         Invitation inviterInvitation =
                 new Invitation(Authority.INVITER, Authority.INVITER.name(), "inviter@new.com", false, false, true, message, Language.en,
-                        inviter, expiryDate, roleExpiryDate, Set.of(new InvitationRole(calendar), new InvitationRole(mail)));
+                        inviter, expiryDate, roleExpiryDate, Set.of(new InvitationRole(calendar), new InvitationRole(mail)), null);
         inviterInvitation.setEnforceEmailEquality(true);
         Invitation guestInvitation =
                 new Invitation(Authority.GUEST, Authority.GUEST.name(), "guest@new.com",
                         false, false, false, message, Language.en,
-                        inviter, expiryDate, roleExpiryDate, Set.of(new InvitationRole(mail)));
+                        inviter, expiryDate, roleExpiryDate, Set.of(new InvitationRole(mail)), null);
         guestInvitation.setEduIDOnly(true);
         //To test graph callback
         guestInvitation.setSubInvitee(GUEST_SUB);
 
         Invitation institutionAdminInvitation =
                 new Invitation(Authority.INSTITUTION_ADMIN, INSTITUTION_ADMIN_INVITATION_HASH, "institutionh@admin.com",
                         false, false, false, message, Language.en,
-                        institutionAdmin, expiryDate, roleExpiryDate, Set.of(new InvitationRole(network)));
+                        institutionAdmin, expiryDate, roleExpiryDate, Set.of(new InvitationRole(network)), null);
 
         Invitation graphInvitation =
                 new Invitation(Authority.GUEST, GRAPH_INVITATION_HASH, "graph@new.com",
                         false, false, false, message, Language.en,
-                        inviter, expiryDate, roleExpiryDate, Set.of(new InvitationRole(network)));
+                        inviter, expiryDate, roleExpiryDate, Set.of(new InvitationRole(network)), null);
         doSave(invitationRepository, superUserInvitation, managerInvitation, inviterInvitation, guestInvitation,
                 institutionAdminInvitation, graphInvitation);
 
diff --git a/server/src/test/java/invite/api/InvitationControllerTest.java b/server/src/test/java/invite/api/InvitationControllerTest.java
@@ -21,6 +21,7 @@
 import java.time.temporal.ChronoUnit;
 import java.util.List;
 import java.util.Map;
+import java.util.UUID;
 
 import static invite.security.SecurityConfig.API_TOKEN_HEADER;
 import static com.github.tomakehurst.wiremock.client.WireMock.*;
@@ -85,6 +86,7 @@ void newInvitation() throws Exception {
                 false,
                 false,
                 List.of("new@new.nl"),
+                List.of(new Invite("new2@new.nl", "placeholder-1")),
                 roleIdentifiers,
                 null,
                 Instant.now().plus(365, ChronoUnit.DAYS),
@@ -98,10 +100,10 @@ void newInvitation() throws Exception {
                 .contentType(ContentType.JSON)
                 .body(invitationRequest)
                 .post("/api/v1/invitations")
-                .as(new TypeRef<Map<String, Object>>() {
+                .as(new TypeRef<>() {
                 });
         assertEquals(201, results.get("status"));
-        assertEquals(1, ((List) results.get("recipientInvitationURLs")).size());
+        assertEquals(2, ((List) results.get("recipientInvitationURLs")).size());
     }
 
     @Test
@@ -119,6 +121,7 @@ void newInvitationEmptyRoles() throws Exception {
                 false,
                 false,
                 List.of("new@new.nl"),
+                List.of(),
                 emptyList(),
                 null,
                 Instant.now().plus(365, ChronoUnit.DAYS),
@@ -153,6 +156,7 @@ void newInvitationWithInvitationUrls() throws Exception {
                 false,
                 true,
                 List.of("new@new.nl"),
+                List.of(),
                 roleIdentifiers,
                 null,
                 Instant.now().plus(365, ChronoUnit.DAYS),
@@ -179,6 +183,45 @@ void newInvitationWithInvitationUrls() throws Exception {
         assertEquals(String.format("http://localhost:4000/invitation/accept?hash=%s", invitation.getHash()), recipientInvitationURL.getInvitationURL());
     }
 
+    @Test
+    void newInvitationWithInternalPlaceHolderIdentifiers() throws Exception {
+        super.stubForManageProvidersAllowedByIdP(ORGANISATION_GUID);
+
+        List<Long> roleIdentifiers = roleRepository.findByApplicationUsagesApplicationManageId("1").stream()
+                .map(Role::getId)
+                .toList();
+
+        String internalPlaceholderIdentifier = UUID.randomUUID().toString();
+        InvitationRequest invitationRequest = new InvitationRequest(
+                Authority.GUEST,
+                "Message",
+                Language.en,
+                true,
+                false,
+                false,
+                true,
+                null,
+                List.of(new Invite("test@external.com", internalPlaceholderIdentifier),
+                        new Invite("tes2t@external.com", internalPlaceholderIdentifier)),
+                roleIdentifiers,
+                null,
+                Instant.now().plus(365, ChronoUnit.DAYS),
+                Instant.now().plus(12, ChronoUnit.DAYS));
+
+        InvitationResponse invitationResponse = given()
+                .when()
+                .accept(ContentType.JSON)
+                .header(API_TOKEN_HEADER, API_TOKEN_HASH)
+                .contentType(ContentType.JSON)
+                .body(invitationRequest)
+                .post("/api/external/v1/invitations")
+                .as(new TypeRef<>() {
+                });
+        assertEquals(201, invitationResponse.getStatus());
+        List<RecipientInvitationURL> recipientInvitationURLs = invitationResponse.getRecipientInvitationURLs();
+        assertEquals(2, recipientInvitationURLs.size());
+    }
+
     @Test
     void accept() throws Exception {
         AccessCookieFilter accessCookieFilter = openIDConnectFlow("/api/v1/users/login", "user@new.com");
@@ -615,6 +658,7 @@ void newInvitationInvalidEmail() throws Exception {
                 false,
                 false,
                 List.of("nope"),
+                List.of(),
                 roleIdentifiers,
                 null,
                 Instant.now().plus(365, ChronoUnit.DAYS),
@@ -828,6 +872,7 @@ void newInvitationInstitutionAdmin() throws Exception {
                 false,
                 false,
                 List.of("new@new.nl"),
+                List.of(),
                 emptyList(),
                 ORGANISATION_GUID,
                 Instant.now().plus(365, ChronoUnit.DAYS),
@@ -883,6 +928,7 @@ void newInvitationWithUserToken() throws Exception {
                 false,
                 true,
                 List.of("new@new.nl"),
+                List.of(),
                 roleIdentifiers,
                 null,
                 Instant.now().plus(365, ChronoUnit.DAYS),
diff --git a/server/src/test/java/invite/api/InvitationMailControllerTest.java b/server/src/test/java/invite/api/InvitationMailControllerTest.java
@@ -59,6 +59,7 @@ void newInvitationCustomDisplayName() throws Exception {
                 false,
                 false,
                 List.of("new@new.nl"),
+                null,
                 roleIdentifiers,
                 null,
                 Instant.now().plus(365, ChronoUnit.DAYS),
diff --git a/server/src/test/java/invite/internal/InternalInviteControllerTest.java b/server/src/test/java/invite/internal/InternalInviteControllerTest.java
@@ -138,6 +138,7 @@ void newInvitation() {
                 false,
                 false,
                 List.of("new@new.nl"),
+                List.of(),
                 roleIdentifiers,
                 null,
                 Instant.now().plus(365, ChronoUnit.DAYS),
diff --git a/server/src/test/java/invite/mail/MailBoxTest.java b/server/src/test/java/invite/mail/MailBoxTest.java
@@ -55,7 +55,8 @@ private String doSendInviteMail(boolean eduIDOnly, Authority intendedAuthority)
                 Instant.now().plus(30, ChronoUnit.DAYS),
                 Instant.now().plus(365, ChronoUnit.DAYS),
                 Set.of(new InvitationRole(new Role("name", "desc", application("1", EntityType.SAML20_SP), 365, false, false)),
-                        new InvitationRole(new Role("name", "desc", application("1", EntityType.SAML20_SP), 365, false, false))));
+                        new InvitationRole(new Role("name", "desc", application("1", EntityType.SAML20_SP), 365, false, false))),
+                null);
         mailBox.sendInviteMail(user, invitation, List.of(
                 new GroupedProviders(
                         localManage.providerById(EntityType.SAML20_SP, "1"),
diff --git a/server/src/test/java/invite/model/InvitationTest.java b/server/src/test/java/invite/model/InvitationTest.java
diff --git a/server/src/test/java/invite/provision/ProvisioningServiceDefaultTest.java b/server/src/test/java/invite/provision/ProvisioningServiceDefaultTest.java

Original file line number	Diff line number	Diff line change
`@@ -109,7 +109,6 @@ public ResponseEntity<InvitationResponse> newInvitation(@Validated @RequestBody`
`109`	`109`	`return this.invitationOperations.sendInvitation(invitationRequest, user, null);`
`110`	`110`	`}`
`111`	`111`
`112`		`-`
`113`	`112`	`@DeleteMapping("/{id}")`
`114`	`113`	`public ResponseEntity<Void> deleteInvitation(@PathVariable("id") Long id,`
`115`	`114`	`@Parameter(hidden = true) User user) {`
`@@ -252,6 +251,7 @@ public ResponseEntity<Map<String, Object>> accept(@Validated @RequestBody Accept`
`252`	`251`	`saveOAuth2AuthenticationToken(authentication, user, servletRequest, servletResponse);`
`253`	`252`	`}`
`254`	`253`	`}`
	`254`	`+ user.setInternalPlaceholderIdentifier(invitation.getInternalPlaceholderIdentifier());`
`255`	`255`	`userRepository.save(user);`
`256`	`256`	`AccessLogger.user(LOG, Event.Created, user);`
`257`	`257`	`newUserRoles.forEach(userRole -> userRoleAuditService.logAction(userRole, UserRoleAudit.ActionType.ADD));`
Original file line number	Diff line number	Diff line change
`@@ -5,6 +5,7 @@`
`5`	`5`
`6`	`6`	`@ResponseStatus(HttpStatus.BAD_REQUEST)`
`7`	`7`	`public class InvalidInputException extends BaseException {`
	`8`	`+`
`8`	`9`	`public InvalidInputException(String message) {`
`9`	`10`	`super(message);`
`10`	`11`	`}`
Original file line number	Diff line number	Diff line change
`@@ -36,6 +36,9 @@ public UserRequest(User user, Provisioning provisioning) {`
`36`	`36`	`this.emails = List.of(new Email("other",user.getEmail()));`
`37`	`37`	`//Add a default phonenumber, for remote systems that require that`
`38`	`38`	`this.phoneNumbers = Collections.singletonList(new PhoneNumber("+31600000000"));`
	`39`	`+ if (StringUtils.hasText(user.getInternalPlaceholderIdentifier())) {`
	`40`	`+ this.id = user.getInternalPlaceholderIdentifier();`
	`41`	`+ }`
`39`	`42`	`}`
`40`	`43`
`41`	`44`	`public UserRequest(User user, Provisioning provisioning, String remoteScimIdentifier) {`
Original file line number	Diff line number	Diff line change
`@@ -12,4 +12,5 @@ public interface RemoteProvisionedUserRepository extends JpaRepository<RemotePro`
`12`	`12`
`13`	`13`	`Optional<RemoteProvisionedUser> findByManageProvisioningIdAndUser(String manageId, User user);`
`14`	`14`
	`15`	`+ Optional<RemoteProvisionedUser> findByRemoteScimIdentifier(String remoteScimIdentifier);`
`15`	`16`	`}`
Original file line number	Diff line number	Diff line change
`@@ -140,7 +140,8 @@ private Invitation createInvitation(User inviter, Role role) {`
`140`	`140`	`inviter,`
`141`	`141`	`Instant.now().plus(30, ChronoUnit.DAYS),`
`142`	`142`	`Instant.now().plus(365 * 5, ChronoUnit.DAYS),`
`143`		`- roles);`
	`143`	`+ roles,`
	`144`	`+ null);`
`144`	`145`	`}`
`145`	`146`
`146`	`147`	`private Role createRole(List<Map<String, Object>> providers, String institutionGuid) {`