Merge pull request #4978 from linuxfoundation/unicron-4973-use-primary-email-in-gh-gl-to-docusign

Unicron 4973 use primary email in gh gl to docusign

Author: lukaszgryglicki

cla-backend-go/v2/sign/handlers.go

@@ -24,6 +24,7 @@ import (
 	"github.com/linuxfoundation/easycla/cla-backend-go/gen/v2/restapi/operations/sign"
 	"github.com/linuxfoundation/easycla/cla-backend-go/utils"
 	"github.com/linuxfoundation/easycla/cla-backend-go/v2/organization-service/client/organizations"
+	user_service "github.com/linuxfoundation/easycla/cla-backend-go/v2/user-service"
 
 	"github.com/go-openapi/runtime"
 )
@@ -77,6 +78,8 @@ func CCLADocusignMiddleware(next http.Handler) http.Handler {
 }
 
 // Configure API call
+//
+//nolint:gocyclo
 func Configure(api *operations.EasyclaAPI, service Service, userService users.Service) {
 	// Retrieve a list of available templates
 	api.SignClearCachesHandler = sign.ClearCachesHandlerFunc(
@@ -180,12 +183,36 @@ func Configure(api *operations.EasyclaAPI, service Service, userService users.Se
 				if userErr != nil {
 					return sign.NewRequestIndividualSignatureBadRequest().WithPayload(errorResponse(reqId, userErr))
 				}
-				if len(user.Emails) == 0 {
+				if user == nil {
+					msg := fmt.Sprintf("user not found: %s", *params.Input.UserID)
+					log.WithFields(f).Warn(msg)
+					return sign.NewRequestIndividualSignatureBadRequest().WithPayload(errorResponse(reqId, errors.New(msg)))
+				}
+				userServiceClient := user_service.GetClient()
+				if userServiceClient != nil && userServiceClient.IsConfigured() && user.LfUsername != "" {
+					platformUser, platformUserErr := userServiceClient.GetUserByUsername(user.LfUsername)
+					if platformUserErr != nil {
+						log.WithFields(f).WithError(platformUserErr).Warn("unable to fetch platform user for primary email lookup")
+					} else if platformUser != nil {
+						for _, email := range platformUser.Emails {
+							if email != nil && email.IsPrimary != nil && *email.IsPrimary && email.EmailAddress != nil && *email.EmailAddress != "" {
+								preferredEmail = *email.EmailAddress
+								break
+							}
+						}
+					}
+				}
+
+				if preferredEmail == "" && len(user.Emails) > 0 {
+					preferredEmail = user.Emails[0]
+				}
+
+				if preferredEmail == "" {
 					msg := "no emails found"
 					log.WithFields(f).Warn(msg)
 					return sign.NewRequestIndividualSignatureBadRequest().WithPayload(errorResponse(reqId, errors.New(msg)))
 				}
-				preferredEmail = user.Emails[0]
+
 				log.WithFields(f).Debug("requesting individual signature for github/gitlab")
 				resp, err = service.RequestIndividualSignature(ctx, params.Input, preferredEmail)
 			} else if strings.ToLower(params.Input.ReturnURLType) == "gerrit" {

cla-backend-go/v2/user-service/client.go

@@ -61,6 +61,11 @@ func GetClient() *Client {
 	return userServiceClient
 }
 
+// IsConfigured reports whether the user-service client has a usable API gateway URL.
+func (usc *Client) IsConfigured() bool {
+	return usc != nil && strings.TrimSpace(usc.apiGwURL) != ""
+}
+
 // GetUsersByUsernames search users by lf username
 func (usc *Client) GetUsersByUsernames(lfUsernames []string) ([]*models.User, error) {
 	f := logrus.Fields{

cla-backend/cla/controllers/signing.py

@@ -42,18 +42,42 @@ def request_individual_signature(project_id, user_id, return_url_type, return_ur
             github = get_repository_service("github")
             primary_user_email = github.get_primary_user_email(request)
         elif return_url_type.lower() == "gitlab":
+            primary_user_email = None
+
             try:
                 cla.log.debug(f"Fetching user details for: {user_id}")
                 user = User()
                 user.load(user_id)
             except DoesNotExist as err:
                 cla.log.warning('Individual Signature - user ID was NOT found for: {}'.format(user_id))
                 return {'errors': {'user_id': str(err)}}
-            primary_user_email = user.get_user_email()
+
+            lf_username = user.get_lf_username()
+            if lf_username:
+                try:
+                    platform_users = UserService.get_users_by_username(lf_username) or []
+                except Exception as err:
+                    cla.log.warning(
+                        f'Individual Signature - unable to fetch platform user by username: {lf_username}, error: {err}'
+                    )
+                    platform_users = []
+
+                for platform_user in platform_users:
+                    if not platform_user:
+                        continue
+                    for email in (platform_user.get('Emails') or []):
+                        if email and email.get('IsPrimary') and email.get('EmailAddress'):
+                            primary_user_email = email.get('EmailAddress')
+                            break
+                    if primary_user_email:
+                        break
+
+            if not primary_user_email:
+                primary_user_email = next(iter(user.get_user_emails() or []), None)
+
         return signing_service.request_individual_signature(str(project_id), str(user_id), return_url, return_url_type,
                                                             preferred_email=primary_user_email)
 
-
 def request_corporate_signature(auth_user,
                                 project_id: str,
                                 company_id: str,

tests/functional/cypress/e2e/v2/signatures.cy.ts

@@ -5,6 +5,15 @@ import { validate_200_Status, validate_expected_status, getAPIBaseURL } from '..
 
 describe('To Validate & test Signature APIs via API call (V2)', function () {
   const claEndpoint = getAPIBaseURL('v2');
+  const environment = Cypress.env('CYPRESS_ENV');
+
+  let appConfig: any = {};
+  if (environment === 'dev') {
+    appConfig = require('../../appConfig/config.dev.ts').appConfig;
+  } else if (environment === 'production') {
+    appConfig = require('../../appConfig/config.production.ts').appConfig;
+  }
+
   let allowFail: boolean = !(Cypress.env('ALLOW_FAIL') === 1);
   const timeout = 180000;
 
@@ -41,6 +50,38 @@ describe('To Validate & test Signature APIs via API call (V2)', function () {
     });
   });
 
+  describe('Configured request-individual-signature coverage', function () {
+    before(function () {
+      if (!appConfig.projectID || !appConfig.user_id) {
+        this.skip();
+        return;
+      }
+    });
+
+    it('POST /request-individual-signature - Request GitLab individual signature (No authentication required)', function () {
+      const requestData = {
+        project_id: appConfig.projectID,
+        user_id: appConfig.user_id,
+        return_url_type: 'Gitlab',
+        return_url: 'https://gitlab.com/test/repo/-/merge_requests/1',
+      };
+
+      cy.request({
+        method: 'POST',
+        url: `${claEndpoint}request-individual-signature`,
+        timeout: timeout,
+        failOnStatusCode: allowFail,
+        body: requestData,
+      }).then((response) => {
+        return cy.logJson('POST /request-individual-signature (GitLab) response', response).then(() => {
+          validate_200_Status(response);
+          expect(response.body).to.be.an('object');
+          // V2 API can return signature data or error object - both are valid
+        });
+      });
+    });
+  });
+
   it('POST /request-employee-signature - Request employee signature (No authentication required)', function () {
     const requestData = {
       project_id: validProjectID,

tests/functional/cypress/e2e/v4/signatures.cy.ts

@@ -15,7 +15,7 @@ describe('To Validate & get list of signatures of ClaGroups via API call', funct
   const environment = Cypress.env('CYPRESS_ENV');
 
   // Import the appropriate configuration based on the environment
-  let appConfig;
+  let appConfig: any = {};
   if (environment === 'dev') {
     appConfig = require('../../appConfig/config.dev.ts').appConfig;
   } else if (environment === 'production') {
@@ -50,7 +50,58 @@ describe('To Validate & get list of signatures of ClaGroups via API call', funct
   let bearerToken: string = null;
   const timeout = 180000;
 
-  before(() => {
+  it('POST /request-individual-signature - Request GitHub individual signature (Go v4 path)', function () {
+
+    const requestData = {
+      project_id: appConfig.projectID,
+      user_id: appConfig.user_id,
+      return_url_type: 'Github',
+      return_url: 'https://github.com/test/repo/pull/1',
+    };
+
+    cy.request({
+      method: 'POST',
+      url: `${claEndpoint}request-individual-signature`,
+      timeout: timeout,
+      failOnStatusCode: allowFail,
+      body: requestData,
+    }).then((response) => {
+      return cy.logJson('POST /request-individual-signature (GitHub, v4) response', response).then(() => {
+        validate_200_Status(response);
+        expect(response.body).to.be.an('object');
+      });
+    });
+  });
+
+  it('POST /request-individual-signature - Request GitLab individual signature (Go v4 path)', function () {
+
+    const requestData = {
+      project_id: appConfig.projectID,
+      user_id: appConfig.user_id,
+      return_url_type: 'Gitlab',
+      return_url: 'https://gitlab.com/test/repo/-/merge_requests/1',
+    };
+
+    cy.request({
+      method: 'POST',
+      url: `${claEndpoint}request-individual-signature`,
+      timeout: timeout,
+      failOnStatusCode: allowFail,
+      body: requestData,
+    }).then((response) => {
+      return cy.logJson('POST /request-individual-signature (GitLab, v4) response', response).then(() => {
+        validate_200_Status(response);
+        expect(response.body).to.be.an('object');
+      });
+    });
+  });
+
+  before(function () {
+    if (!appConfig.projectID || !appConfig.user_id) {
+      this.skip();
+      return;
+    }
+
     if (bearerToken == null) {
       getTokenKey(bearerToken);
       cy.window().then((win) => {