WIP for #294

Author: oharsta

server/src/main/java/access/api/IdentityProviderController.java

@@ -1,40 +1,34 @@
 package access.api;
 
-import access.exception.InvalidInputException;
 import access.exception.NotAllowedException;
 import access.exception.NotFoundException;
 import access.jira.JiraClient;
 import access.jira.JiraIssue;
-import access.manage.ChangeRequest;
+import access.mail.MailBox;
+import access.manage.DashBoardConnectionOption;
 import access.manage.Manage;
-import access.manage.PathUpdateType;
-import access.manage.RequestType;
 import access.model.*;
 import access.repository.OrganizationRepository;
 import access.repository.UserRepository;
 import io.swagger.v3.oas.annotations.security.SecurityRequirement;
-import lombok.SneakyThrows;
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.transaction.annotation.Transactional;
-import org.springframework.util.CollectionUtils;
-import org.springframework.util.StringUtils;
 import org.springframework.validation.annotation.Validated;
-import org.springframework.web.bind.annotation.*;
+import org.springframework.web.bind.annotation.PutMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
 
-import java.time.Instant;
-import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 
 import static access.SwaggerOpenIdConfig.API_TOKENS_SCHEME_NAME;
 import static access.SwaggerOpenIdConfig.OPEN_ID_SCHEME_NAME;
-import static access.api.Results.deleteResult;
-import static access.manage.ManageData.getData;
-import static access.manage.ManageData.getMetaDataFields;
+import static access.manage.ManageData.*;
 
 @RestController
 @RequestMapping(value = {"/api/v1/idp"}, produces = MediaType.APPLICATION_JSON_VALUE)
@@ -49,15 +43,18 @@ public class IdentityProviderController implements UserAccessRights {
     private final OrganizationRepository organizationRepository;
     private final Manage manage;
     private final JiraClient jiraClient;
+    private final MailBox mailBox;
 
     public IdentityProviderController(UserRepository userRepository,
                                       OrganizationRepository organizationRepository,
                                       Manage manage,
-                                      JiraClient jiraClient) {
+                                      JiraClient jiraClient,
+                                      MailBox mailBox) {
         this.userRepository = userRepository;
         this.organizationRepository = organizationRepository;
         this.manage = manage;
         this.jiraClient = jiraClient;
+        this.mailBox = mailBox;
     }
 
     @PutMapping({"/connect"})
@@ -74,6 +71,7 @@ public ResponseEntity<Map<String, Object>> connect(User user, @RequestBody @Vali
                 .orElseThrow(() -> new NotFoundException("Organization with manageIdentifier not found: " + idpManageIdentifier));
 
         User userFromDB = reinitializeUser(user, userRepository);
+        //See https://github.com/OpenConext/OpenConext-access/wiki/Service-Connect-Flow
         boolean memberRequest = !userFromDB.isSuperUser();
         if (memberRequest) {
             OrganizationMembership organizationMembership = getOrganizationMembership(userFromDB, organization, Authority.GUEST)
@@ -83,19 +81,40 @@ public ResponseEntity<Map<String, Object>> connect(User user, @RequestBody @Vali
         }
         if (memberRequest) {
             //The only action is to email the institution admin of the organization, with a deep link to App
-            // TODO send email
+            List<User> admins = organization.getOrganizationMemberships().stream()
+                    .filter(membership -> membership.getAuthority().equals(Authority.ADMIN))
+                    .map(membership -> membership.getUser())
+                    .toList();
+            if (admins.isEmpty()) {
+                //Edge case, send the mail to the superusers instead
+                admins = userRepository.findBySuperUser(true);
+            }
+            String deeplink = String.format("/application-detail/%s/%s",
+                    serviceProvider.get("type"),
+                    serviceProvider.get("id"));
+            mailBox.sendConnectionRequest(userFromDB, admins, organization, getProviderName(serviceProvider),
+                    connectionRequest.getMessage(), deeplink);
             return Results.createResult();
         }
         //Now check if the connection can be made automatically
         Map<String, Object> spMetaDataFields = getMetaDataFields(getData(serviceProvider));
-        String connectOption = (String) spMetaDataFields.getOrDefault("coin:dashboard_connect_option", "connect_with_interaction");
+        DashBoardConnectionOption connectOption = DashBoardConnectionOption
+                .fromValue((String) spMetaDataFields.getOrDefault("coin:dashboard_connect_option", "connect_with_interaction"));
         String idpInstitutionGUID = (String) getMetaDataFields(getData(identityProvider)).get("coin:institution_guid");
 
         boolean idpAndSpShareInstitution = spMetaDataFields.getOrDefault("coin:institution_guid", "nope")
                 .equals(idpInstitutionGUID);
-        boolean connectWithoutInteraction = idpAndSpShareInstitution || !connectOption.equals("connect_with_interaction");
+        boolean connectWithoutInteraction = idpAndSpShareInstitution || !connectOption.equals(DashBoardConnectionOption.connectWithInteraction);
         if (connectWithoutInteraction) {
             manage.connectWithoutInteraction(identityProvider, serviceProvider, userFromDB);
+            if (connectOption.equals(DashBoardConnectionOption.connectWithoutInteractionWithEmail)) {
+                mailBox.sendNewConnectionCreated(
+                        userFromDB,
+                        contactPersons(serviceProvider),
+                        getProviderName(identityProvider),
+                        getProviderName(serviceProvider),
+                        (String) getData(serviceProvider).get("entityid"));
+            }
             return Results.createResult();
         }
 

server/src/main/java/access/mail/MailBox.java

@@ -75,6 +75,59 @@ public void sendInviteMail(Invitation invitation) {
                 invitation.getEmail());
     }
 
+    @SneakyThrows
+    public void sendConnectionRequest(User requester,
+                                      List<User> recipients,
+                                      Organization organization,
+                                      String serviceProviderName,
+                                      String message,
+                                      String deepLink) {
+        Language language = Language.valueOf(preferredLanguage());
+        String title = String.format(subjects.get(language.name()).get("connectionRequest"),
+                serviceProviderName);
+        Map<String, Object> variables = new HashMap<>();
+        if (StringUtils.hasText(message)) {
+            variables.put("message", message.replaceAll("\n", "<br/>"));
+        }
+        variables.put("title", title);
+        variables.put("serviceProviderName", serviceProviderName);
+        variables.put("organization", organization);
+        variables.put("requester", requester);
+        variables.put("deepLink", String.format("%s/%s", clientUrl, deepLink));
+        if (!environment.equalsIgnoreCase("prod")) {
+            variables.put("environment", environment);
+        }
+        sendMail(String.format("connection_request_%s", language.name()),
+                title,
+                variables,
+                recipients.stream().map(user -> user.getEmail()).toList().toArray(new String[]{}));
+    }
+
+    @SneakyThrows
+    public void sendNewConnectionCreated(User institutionAdmin,
+                                         List<String> recipients,
+                                         String identityProviderName,
+                                         String serviceProviderName,
+                                         String serviceProviderEntityId) {
+        Language language = Language.valueOf(preferredLanguage());
+        String title = String.format(subjects.get(language.name()).get("newConnectionMade"),
+                serviceProviderName,
+                identityProviderName);
+        Map<String, Object> variables = new HashMap<>();
+        variables.put("title", title);
+        variables.put("identityProviderName", identityProviderName);
+        variables.put("serviceProviderName", serviceProviderName);
+        variables.put("serviceProviderEntityId", serviceProviderEntityId);
+        variables.put("institutionAdmin", institutionAdmin);
+        if (!environment.equalsIgnoreCase("prod")) {
+            variables.put("environment", environment);
+        }
+        sendMail(String.format("new_connection_made_%s", language.name()),
+                title,
+                variables,
+                recipients.toArray(new String[]{}));
+    }
+
     @SneakyThrows
     public void sendJoinRequestMail(JoinRequest joinRequest) {
         Language language = joinRequest.getLanguage();
@@ -140,7 +193,7 @@ public void sendFeedbackMail(User user, String message) {
         Map<String, Object> variables = new HashMap<>();
         variables.put("user", user);
         variables.put("title", "SURF Access feedback form");
-        String now =  LocalDate.now().format(DateTimeFormatter.ofPattern("dd-MM-yyyy"));
+        String now = LocalDate.now().format(DateTimeFormatter.ofPattern("dd-MM-yyyy"));
         variables.put("date", now);
         variables.put("message", message.replaceAll("\n", "<br/>"));
         if (!environment.equalsIgnoreCase("prod")) {

server/src/main/java/access/manage/DashBoardConnectionOption.java

@@ -0,0 +1,26 @@
+package access.manage;
+
+import lombok.Getter;
+
+import java.util.Arrays;
+
+public enum DashBoardConnectionOption {
+
+    connectWithInteraction("connect_with_interaction"),
+    connectWithoutInteractionWithEmail("connect_without_interaction_with_email"),
+    connectWithoutInteractionWithoutEmail("connect_without_interaction_without_email");
+
+    @Getter
+    private final String value;
+
+    DashBoardConnectionOption(String value) {
+        this.value = value;
+    }
+
+    public static DashBoardConnectionOption fromValue(String value) {
+        return Arrays.stream(DashBoardConnectionOption.values())
+                .filter(option -> option.value.equals(value))
+                .findFirst()
+                .orElseThrow(() -> new IllegalArgumentException("No coin:dashboard_connect_option enum constant with value: " + value));
+    }
+}

server/src/main/java/access/manage/ManageData.java

@@ -4,6 +4,7 @@
 
 import java.util.List;
 import java.util.Map;
+import java.util.regex.Pattern;
 
 @SuppressWarnings({"unchecked", "rawtypes"})
 public class ManageData {
@@ -19,6 +20,22 @@ public static Map<String, Object> getData(Map<String, Object> provider) {
         return (Map<String, Object>) provider.get("data");
     }
 
+    public static String getProviderName(Map<String, Object> provider) {
+        Map<String, Object> metaDataFields = getMetaDataFields(getData(provider));
+        return (String) metaDataFields.get("name:en");
+    }
+
+    public static List<String> contactPersons(Map<String, Object> provider) {
+        Pattern pattern = Pattern.compile("contacts:[0-9]:contactType");
+        List contactTypes = List.of("technical", "support", "administrative");
+        Map<String, Object> metaDataFields = getMetaDataFields(getData(provider));
+        return metaDataFields.keySet()
+                .stream()
+                .filter(key -> pattern.matcher(key).matches() && contactTypes.contains(metaDataFields.get(key)))
+                .map(key -> (String) metaDataFields.get(key.replace("contactType", "emailAddress")))
+                .toList();
+
+    }
 
     public static boolean isEmpty(Object object) {
         return switch (object) {

server/src/main/java/access/manage/RemoteManage.java

@@ -10,9 +10,7 @@
 import org.apache.commons.logging.LogFactory;
 import org.springframework.core.ParameterizedTypeReference;
 import org.springframework.core.io.ClassPathResource;
-import org.springframework.http.HttpEntity;
-import org.springframework.http.HttpMethod;
-import org.springframework.http.ResponseEntity;
+import org.springframework.http.*;
 import org.springframework.util.StringUtils;
 import org.springframework.web.client.ResponseErrorHandler;
 import org.springframework.web.client.RestTemplate;
@@ -77,11 +75,15 @@ public Map<String, Object> providerById(Connection connection) {
         return providerDetails(environment, protocol, manageIdentifier);
     }
 
-    private Map providerDetails(Environment environment, EntityType protocol, String manageIdentifier) {
+    private Map<String, Object> providerDetails(Environment environment, EntityType protocol, String manageIdentifier) {
         String url = environmentUrl(environment);
         String queryUrl = String.format("%s/manage/api/internal/metadata/%s/%s", url, protocol.name(), manageIdentifier);
         RestTemplate restTemplate = environmentRestTemplate(environment);
-        return restTemplate.getForEntity(queryUrl, Map.class).getBody();
+        ResponseEntity<Map> responseEntity = restTemplate.getForEntity(queryUrl, Map.class);
+        if (responseEntity.getStatusCode().equals(HttpStatus.OK)) {
+            return sanitizeProvider(responseEntity.getBody());
+        }
+        return responseEntity.getBody();
     }
 
     public Map<String, Object> providerById(EntityType entityType, String manageIdentifier, Environment environment) {

server/src/main/java/access/model/ConnectionRequest.java

@@ -12,5 +12,6 @@ public class ConnectionRequest implements Serializable {
     private String applicationManageIdentifier;
     private EntityType entityType;
     private String idpManageIdentifier;
+    private String message;
 
 }

server/src/main/java/access/repository/UserRepository.java

@@ -8,6 +8,7 @@
 import org.springframework.data.jpa.repository.Query;
 import org.springframework.stereotype.Repository;
 
+import java.util.List;
 import java.util.Map;
 import java.util.Optional;
 
@@ -22,6 +23,8 @@ public interface UserRepository extends JpaRepository<User, Long> {//, QueryRewr
 
     Optional<User> findBySubIgnoreCase(String sub);
 
+    List<User> findBySuperUser(boolean isSuperUser);
+
     @Query(value = """
              SELECT u.id, u.name, u.email, u.schac_home_organization, u.super_user, u.institution_admin,
                 u.created_at as createdAt, u.last_activity as lastActivity

server/src/main/resources/application.yml

@@ -74,12 +74,19 @@ lifecycle:
   password: secret
 
 jira:
-  enabled: false
-  base-url: "http://localhost:8081"
-  user-name: "test-beheer-rpc"
+#  enabled: false
+#  base-url: "http://localhost:8081"
+#  user-name: "test-beheer-rpc"
+#  project-key: CXT
+#  environment: test
+#  api-key: secret
+  enabled: true
+  base-url: https://sd-jira-staging.surf.nl/jira/rest/api/2
+  user-name: test-beheer-rpc
   project-key: CXT
   environment: test
-  api-key: secret
+  api-key: ODU1NzA3MDk3ODg5Onogb+ahwgLPgM7CLU0h1oqVSfEb
+
   # Timeout in milliseconds
   connection-timeout: 60_000
 

server/src/main/resources/templates/connection_request_en.html

@@ -0,0 +1,43 @@
+<!DOCTYPE html>
+<html>
+<head>
+    <title>{{title}}</title>
+</head>
+<body>
+<div class="main" style="font-family: Helvetica, Arial, sans-serif;line-height: 18px;font-size: 16px;color: #353535;">
+    <div class="header" style="background-color: #0077C8;padding:10px 40px;">
+        {{> logo-surf.svg}}
+        <span style="display: inline-block;color:white;margin-left: 10px;font-size: 18px;">Access</span>
+    </div>
+    <div class="head" style="padding: 30px 40px 20px 40px;">
+        {{#environment}}
+        <p style="font-weight: bold;margin: 0; padding: 20px 5px; background-color: #f1f19b;">
+            This mail is from the {{environment}} environment
+        </p>
+        {{/environment}}
+        <p class="title" style="">Hello,</p>
+
+        <p><strong>{{requester.name}}</strong>
+            has requested to connect service {{serviceProviderName} to your organization {{organization.name}}.</p>
+
+        {{#message}}
+        <p style="margin: 20px 0 0 0;">Personal message from {{invitation.invitee.name}}</p>
+        <div class="head" style="background-color: #f5f5f5;padding: 20px;margin:5px 0 15px 0;font-style: italic;">
+            <p style="margin: 0;">
+                {{{message}}}
+            </p>
+        </div>
+        {{/message}}
+
+        <div style="display: flex;">
+            <a class="button" href="{{{ deepLink }}}"
+               style="border-radius: 4px;color: white;display: flex;width: 300px;background-color: #0077c8;text-decoration: none;margin: 15px auto;cursor:pointer;padding: 14px 26px;">
+                <span style="color: white;margin: auto 0 auto 25px;">Click to open {{serviceProviderName}} in Access</span>
+            </a>
+        </div>
+    </div>
+    {{> footer_en.html}}
+
+</div>
+</body>
+</html>

server/src/main/resources/templates/connection_request_en.txt

@@ -0,0 +1,8 @@
+{{requester.name}}</strong>
+            has requested to connect service {{serviceProviderName} to your organization {{organization.name}}
+
+Visit service:
+
+{{{ deepLink }}}
+
+{{> footer_en.txt}}