Fixes #545

Author: oharsta

client/src/api/index.js

@@ -117,6 +117,9 @@ export function reportError(error) {
     return postPutJson("/api/v1/users/error", error, "post");
 }
 
+export function deleteUser(userId) {
+    return fetchDelete(`/api/v1/users/${userId}`);
+}
 //Invitations
 export function invitationByHash(hash) {
     return fetchJson(`/api/v1/invitations/public?hash=${hash}`, {}, {}, false);

client/src/components/User.js

@@ -5,18 +5,26 @@ import {dateFromEpoch} from "../utils/Date";
 import {AUTHORITIES, highestAuthority} from "../utils/UserRole";
 import I18n from "../locale/I18n";
 import Logo from "./Logo";
-import {Card, CardType} from "@surfnet/sds";
+import {Button, ButtonType, Card, CardType} from "@surfnet/sds";
 import {isEmpty} from "../utils/Utils";
 import {deriveRemoteApplicationAttributes, reduceApplicationFromUserRoles} from "../utils/Manage";
 import {ReactComponent as SearchIcon} from "@surfnet/sds/icons/functional-icons/search.svg";
 import {MoreLessText} from "./MoreLessText";
 import {RoleCard} from "./RoleCard";
 import DOMPurify from "dompurify";
+import ConfirmationDialog from "./ConfirmationDialog";
+import {deleteUser} from "../api";
+import {useNavigate} from "react-router-dom";
+import {useAppStore} from "../stores/AppStore";
 
 export const User = ({user, other, config, currentUser}) => {
+    const navigate = useNavigate();
+    const {setFlash} = useAppStore(state => state);
     const searchRef = useRef();
     const [query, setQuery] = useState("");
     const [queryApplication, setQueryApplication] = useState("");
+    const [confirmation, setConfirmation] = useState({});
+    const [confirmationOpen, setConfirmationOpen] = useState(false);
 
     if (user.institutionAdmin) {
         (user.applications || []).forEach(application => deriveRemoteApplicationAttributes(application, I18n.locale));
@@ -104,6 +112,25 @@ export const User = ({user, other, config, currentUser}) => {
         );
     }
 
+    const doDeleteUser = confirmation => {
+        if (confirmation) {
+            setConfirmation({
+                cancel: () => setConfirmationOpen(false),
+                action: () => doDeleteUser(false),
+                warning: true,
+                question: I18n.t("users.deleteConfirmation", {name: user.name}),
+            });
+            setConfirmationOpen(true);
+        } else {
+            deleteUser(user.id).then(() => {
+                setConfirmationOpen(false);
+                setConfirmation({});
+                navigate("/home/users");
+                setFlash(I18n.t("users.deleteFlash", {name: user.name}));
+            })
+        }
+    }
+
     user.highestAuthority = I18n.t(`access.${highestAuthority(user, false)}`);
     const attributes = [["name"], ["sub"], ["eduPersonPrincipalName"], ["schacHomeOrganization"], ["email"], ["highestAuthority"],
         ["lastActivity", true], ["organizationGUID"]];
@@ -117,16 +144,25 @@ export const User = ({user, other, config, currentUser}) => {
 
     return (
         <section className={"user"}>
+            {confirmationOpen && <ConfirmationDialog isOpen={confirmationOpen}
+                                                     cancel={confirmation.cancel}
+                                                     confirm={confirmation.action}
+                                                     question={confirmation.question}/>}
             {attributes.map((attr, index) => attribute(index, attr[0], attr[1]))}
-
+            {(currentUser.superUser && other && currentUser.id !== user.id) &&
+                <div className="span-row">
+                    <Button type={ButtonType.Delete}
+                            onClick={() => doDeleteUser(true)}/>
+                </div>
+            }
             <h3 className={"title span-row "}>{I18n.t("users.roles")}</h3>
             {(highestAuthority(user, false) === AUTHORITIES.GUEST && !other) &&
                 <p className={"span-row"}
                    dangerouslySetInnerHTML={{__html: DOMPurify.sanitize(I18n.t("users.guestRoleOnly", {welcomeUrl: config.welcomeUrl}))}}/>}
             {(!hasRoles && user.superUser) &&
                 <p className={"span-row "}>{I18n.t("users.noRolesInfo")}</p>}
             {(!hasRoles && user.institutionAdmin) &&
-                <p className={"span-row "}>{I18n.t("users.noRolesInstitutionAdmin")}</p>}
+                <p className={"span-row "}>{I18n.t(`users.noRolesInstitutionAdmin${other ? "Other" : ""}`, {name: user.name})}</p>}
             {(hasRoles) &&
                 <>
                     <div className="roles-search span-row">

client/src/locale/en.js

@@ -108,6 +108,7 @@
         applications: "Applications",
         noRolesInfo: "You have no roles (which means you must be super-user)",
         noRolesInstitutionAdmin: "You are an institution admin and you have no roles (but you might have access to applications)",
+        noRolesInstitutionAdminOther: "{{name}} is an institution admin and has no roles (but might have access to applications)",
         noRolesNoApplicationsInstitutionAdmin: "You are an institution admin, but you have no roles and apparently your institution has also no access to applications",
         guestRoleOnly: "You are not an administrator. Are you looking for <a href='{{welcomeUrl}}'>the apps you can access</a>?",
         rolesInfo: "You have the following roles",
@@ -124,7 +125,9 @@
         authority: "Authority",
         endDate: "End date",
         expiryDays: "Expiry days",
-        roleExpiryTooltip: "Sort on roles to see which roles will expire the soonest"
+        roleExpiryTooltip: "Sort on roles to see which roles will expire the soonest",
+        deleteFlash: "User {{name}} has been deleted",
+        deleteConfirmation: "Are you absolutely sure you want to delete user {{name}}? There is no undo button."
     },
     role: {
         copyUrn: "Copy urn",

client/src/locale/nl.js

@@ -108,6 +108,7 @@ const nl = {
         applications: "Applicaties",
         noRolesInfo: "Je hebt geen rollen (je bent een super-user)",
         noRolesInstitutionAdmin: "Je bent instellingsadmin, maar hebt nog geen rollen (maar je hebt wel toegang tot je applicaties)",
+        noRolesInstitutionAdminOther: "{{name}} is een instellingsadmin, maar heeft nog geen rollen (maar wel toegang tot applicaties)",
         noRolesNoApplicationsInstitutionAdmin: "Je bent instellingsadmin, maar je hebt geen rollen en je instelling heeft blijkbaar ook geen toegang tot applicaties.",
         guestRoleOnly: "Je bent geen admin. Ben je op zoek naar de <a href='{{welcomeUrl}}'>applicaties waar je toegang to hebt</a>?",
         rolesInfo: "Je hebt de volgende rollen",
@@ -124,7 +125,9 @@ const nl = {
         authority: "Autoriteit",
         endDate: "Einddatum",
         expiryDays: "Verloopdagen",
-        roleExpiryTooltip: "Sorteer op rollen, om te zien welke rol het eerst zal verlopen"
+        roleExpiryTooltip: "Sorteer op rollen, om te zien welke rol het eerst zal verlopen",
+        deleteFlash: "Gebruiker {{name}} is verwijderd",
+        deleteConfirmation: "Weet je heel zeker dat je gebruiker {{name}} wilt verwijderen? Er is geen undo functionaliteit."
     },
     role: {
         copyUrn: "Copy urn",

server/src/main/java/invite/api/UserController.java

@@ -1,21 +1,22 @@
 package invite.api;
 
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import crypto.KeyStore;
 import invite.config.Config;
 import invite.exception.NotFoundException;
 import invite.exception.UserRestrictionException;
 import invite.manage.EntityType;
 import invite.manage.Manage;
 import invite.model.*;
 import invite.provision.Provisioning;
+import invite.provision.ProvisioningService;
 import invite.provision.graph.GraphClient;
 import invite.repository.InvitationRepository;
 import invite.repository.RemoteProvisionedUserRepository;
 import invite.repository.RoleRepository;
 import invite.repository.UserRepository;
 import invite.security.UserPermissions;
-import com.fasterxml.jackson.core.JsonProcessingException;
-import com.fasterxml.jackson.databind.ObjectMapper;
-import crypto.KeyStore;
 import io.swagger.v3.oas.annotations.Parameter;
 import io.swagger.v3.oas.annotations.security.SecurityRequirement;
 import jakarta.servlet.http.HttpServletRequest;
@@ -67,8 +68,7 @@ public class UserController {
     private final ObjectMapper objectMapper;
     private final RemoteProvisionedUserRepository remoteProvisionedUserRepository;
     private final GraphClient graphClient;
-    private final RoleRepository roleRepository;
-
+    private final ProvisioningService provisioningService;
 
     @Autowired
     public UserController(Config config,
@@ -81,15 +81,15 @@ public UserController(Config config,
                           @Value("${config.eduid-idp-schac-home-organization}") String eduidIdpSchacHomeOrganization,
                           @Value("${config.server-url}") String serverBaseURL,
                           @Value("${voot.group_urn_domain}") String groupUrnPrefix,
-                          RoleRepository roleRepository) {
+                          ProvisioningService provisioningService) {
         this.invitationRepository = invitationRepository;
+        this.provisioningService = provisioningService;
         this.config = config.withGroupUrnPrefix(groupUrnPrefix);
         this.userRepository = userRepository;
         this.objectMapper = objectMapper;
         this.manage = manage;
         this.remoteProvisionedUserRepository = remoteProvisionedUserRepository;
         this.graphClient = new GraphClient(serverBaseURL, eduidIdpSchacHomeOrganization, keyStore, objectMapper);
-        this.roleRepository = roleRepository;
     }
 
     @GetMapping("config")
@@ -209,6 +209,20 @@ public View msAcceptReturn(@PathVariable("manageId") String manageId, @PathVaria
         return new RedirectView(redirectReference.get());
     }
 
+    @DeleteMapping("/{userId}")
+    public ResponseEntity<Void> delete(@PathVariable("userId") Long userId, @Parameter(hidden = true) User user) {
+        User other = userRepository.findById(userId).orElseThrow(() -> new NotFoundException("User not found"));
+
+        LOG.debug(String.format("DELETE /users for user %s by %s",
+                other.getEduPersonPrincipalName(), user.getEduPersonPrincipalName()));
+        UserPermissions.assertSuperUser(user);
+
+        this.provisioningService.deleteUserRequest(user);
+        userRepository.delete(other);
+        return Results.deleteResult();
+    }
+
+
     @PostMapping("error")
     public ResponseEntity<Map<String, Integer>> error(@RequestBody Map<String, Object> payload,
                                                       @Parameter(hidden = true) User user) throws

server/src/test/java/invite/api/UserControllerTest.java

@@ -1,5 +1,6 @@
 package invite.api;
 
+import com.github.tomakehurst.wiremock.verification.LoggedRequest;
 import invite.AbstractTest;
 import invite.AccessCookieFilter;
 import invite.DefaultPage;
@@ -9,7 +10,6 @@
 import invite.model.RemoteProvisionedUser;
 import invite.model.User;
 import invite.model.UserRole;
-import com.github.tomakehurst.wiremock.verification.LoggedRequest;
 import io.restassured.common.mapper.TypeRef;
 import io.restassured.http.ContentType;
 import org.junit.jupiter.api.Test;
@@ -21,10 +21,7 @@
 import java.io.IOException;
 import java.net.URLDecoder;
 import java.nio.charset.StandardCharsets;
-import java.util.List;
-import java.util.Map;
-import java.util.Set;
-import java.util.UUID;
+import java.util.*;
 import java.util.stream.Stream;
 
 import static com.github.tomakehurst.wiremock.client.WireMock.*;
@@ -223,6 +220,26 @@ void meWithImpersonation() throws Exception {
         assertEquals(MANAGE_SUB, user.getSub());
     }
 
+    @Test
+    void delete() throws Exception {
+        AccessCookieFilter accessCookieFilter = openIDConnectFlow("/api/v1/users/login", SUPER_SUB);
+
+        User institutionAdmin = userRepository.findBySubIgnoreCase(INSTITUTION_ADMIN_SUB).get();
+
+        given()
+                .when()
+                .filter(accessCookieFilter.cookieFilter())
+                .header(accessCookieFilter.csrfToken().getHeaderName(), accessCookieFilter.csrfToken().getToken())
+                .accept(ContentType.JSON)
+                .contentType(ContentType.JSON)
+                .pathParam("userId", institutionAdmin.getId())
+                .delete("/api/v1/users/{userId}")
+                .then()
+                .statusCode(HttpStatus.NO_CONTENT.value());
+        Optional<User> userOptional = userRepository.findBySubIgnoreCase(INSTITUTION_ADMIN_SUB);
+        assertTrue(userOptional.isEmpty());
+    }
+
     @Test
     void meWithImpersonationInstitutionAdmin() throws Exception {
         AccessCookieFilter accessCookieFilter = openIDConnectFlow("/api/v1/users/login", SUPER_SUB);