Ensure deprovisioning non existing identities is handled gracefully

johanib · johanib · commit 0a9a75b36707 · 2025-12-11T15:39:56.000+01:00
This adds test coverage for the logging of a notice when a non-existing
identity is deprovisioned.
diff --git a/src/Surfnet/Stepup/Tests/Helper/UserDataFormatterTest.php b/src/Surfnet/Stepup/Tests/Helper/UserDataFormatterTest.php
@@ -57,9 +57,7 @@ public function test_errors_are_included_in_output(): void
                 ['name' => 'name1', 'value' => 'some-value-1'],
             ],
             'name' => 'Stepup-Middleware',
-            'message' => [
-                'The application is teetering on the edge of catastrophe!',
-            ],
+            'message' => ['The application is teetering on the edge of catastrophe!'],
         ];
 
         $inputData = [
@@ -74,4 +72,29 @@ public function test_errors_are_included_in_output(): void
             ),
         );
     }
+
+    public function test_multiple_errors_result_in_one_errormessage(): void
+    {
+        $formatter = new UserDataFormatter('Stepup-Middleware');
+        $expected = [
+            'status' => 'FAILED',
+            'data' => [
+                ['name' => 'name1', 'value' => 'some-value-1'],
+            ],
+            'name' => 'Stepup-Middleware',
+            'message' => ['The application is teetering on the edge of catastrophe!', 'This and that is wrong.']
+        ];
+
+        $inputData = [
+            'foobar-name1' => 'some-value-1',
+        ];
+
+        $this->assertEquals(
+            $expected,
+            $formatter->format(
+                $inputData,
+                ['The application is teetering on the edge of catastrophe!', 'This and that is wrong.'],
+            ),
+        );
+    }
 }
diff --git a/src/Surfnet/StepupMiddleware/ApiBundle/Tests/Service/DeprovisionServiceTest.php b/src/Surfnet/StepupMiddleware/ApiBundle/Tests/Service/DeprovisionServiceTest.php
@@ -62,7 +62,7 @@ protected function setUp(): void
 
         $logger = m::mock(LoggerInterface::class);
         $logger->shouldIgnoreMissing(); // Not going to verify every log message at this point
-        $this->deprovisionService = new DeprovisionService($this->pipeline, $this->eventRepo, $this->apiRepo, $logger, $this->sraaRepo, $this->raListingRepo);
+        $this->deprovisionService = $this->buildDeprovisionService($logger);
     }
 
     public function test_it_can_be_created(): void
@@ -112,6 +112,50 @@ public function test_deprovision_does_not_deprovision_when_user_is_not_found():
         $this->deprovisionService->deprovision('urn:collab:person:example.com:maynard_keenan');
     }
 
+    #[Group('api-bundle')]
+    public function test_deprovision_logs_unknown_identity_when_not_found(): void
+    {
+        $logger = m::mock(LoggerInterface::class);
+        $logger->shouldReceive('debug')->once();
+        $logger->shouldReceive('notice')
+            ->once()
+            ->with(m::on(static fn(string $message): bool => str_contains($message, 'was not found')));
+
+        $deprovisionService = $this->buildDeprovisionService($logger);
+
+        $this->apiRepo
+            ->shouldReceive('findOneByNameId')
+            ->with('urn:collab:person:example.com:unknown_user')
+            ->once()
+            ->andReturnNull();
+
+        $this->pipeline->shouldNotReceive('process');
+
+        $deprovisionService->deprovision('urn:collab:person:example.com:unknown_user');
+    }
+
+    #[Group('api-bundle')]
+    public function test_read_user_data_returns_empty_array_for_unknown_identity(): void
+    {
+        $logger = m::mock(LoggerInterface::class);
+        $logger->shouldReceive('debug')->once();
+        $logger->shouldReceive('notice')
+            ->once()
+            ->with(m::on(static fn(string $message): bool => str_contains($message, 'was not found')));
+
+        $deprovisionService = $this->buildDeprovisionService($logger);
+
+        $this->apiRepo
+            ->shouldReceive('findOneByNameId')
+            ->with('urn:collab:person:example.com:unknown_user')
+            ->once()
+            ->andReturnNull();
+
+        $result = $deprovisionService->readUserData('urn:collab:person:example.com:unknown_user');
+
+        $this->assertEmpty($result);
+    }
+
     public function test_deprovision_method_performs_the_right_to_be_forgotten_command(): void
     {
         $identity = m::mock(Identity::class);
@@ -162,4 +206,16 @@ public function test_is_allowed_to_deprovision_user(): void
 
         $this->deprovisionService->assertIsAllowed($nameId);
     }
+
+    private function buildDeprovisionService(LoggerInterface $logger): DeprovisionService
+    {
+        return new DeprovisionService(
+            $this->pipeline,
+            $this->eventRepo,
+            $this->apiRepo,
+            $logger,
+            $this->sraaRepo,
+            $this->raListingRepo
+        );
+    }
 }
