Merge pull request #22 from rootcodelabs/User-authority-data

user-authority: User changes and API Authorization flows

DSL/Liquibase/changelog/classifier-script-v1-user-management.sql

@@ -29,4 +29,13 @@ CREATE TABLE public."user_authority" (
     authority_name VARCHAR[] NOT NULL,
     created TIMESTAMP WITH TIME ZONE DEFAULT CURRENT_TIMESTAMP,
     CONSTRAINT user_authority_pkey PRIMARY KEY (id)
-);
+);
+
+-- changeset kalsara Magamage:classifier-script-v1-changeset3
+
+INSERT INTO public."user" (login,password_hash,first_name,last_name,id_code,display_name,status,csa_title,csa_email)
+VALUES ('EE30303039914','ok','classifier','test','EE30303039914','classifier','active','Title','classifier.doe@example.com');
+
+INSERT INTO public."user_authority" ( user_id, authority_name)
+VALUES ('EE30303039914', ARRAY['ROLE_ADMINISTRATOR', 'ROLE_MODEL_TRAINER'] );
+

DSL/Resql/get-platform-integration-status.sql

@@ -1,3 +1,3 @@
-SELECT is_connect
+SELECT is_connect, subscription_id
 FROM integration_status
 WHERE platform=:platform::platform;

DSL/Ruuter.private/DSL/GET/.guard

@@ -24,5 +24,5 @@ guard_success:
 
 guard_fail:
   return: "unauthorized"
-  status: 200
+  status: 400
   next: end

DSL/Ruuter.private/DSL/GET/classifier/integration/outlook/token.yml

@@ -14,10 +14,11 @@ get_refresh_token:
     body:
       platform: 'OUTLOOK'
   result: res
+  next: set_refresh_token
 
 set_refresh_token:
   assign:
-    refresh_token: "[#OUTLOOK_REFRESH_KEY]" #${res.response.body.token}
+    refresh_token: ${res.response.body[0].token}
   next: check_refresh_token
 
 check_refresh_token:
@@ -26,6 +27,8 @@ check_refresh_token:
       next: get_access_token
   next: return_not_found
 
+#not supported for internal requests
+
 get_access_token:
   call: http.post
   args:
@@ -49,4 +52,4 @@ return_result:
 return_not_found:
   status: 404
   return: "refresh token not found"
-  next: end
+  next: end

DSL/Ruuter.private/DSL/POST/.guard

@@ -24,5 +24,5 @@ guard_success:
 
 guard_fail:
   return: "unauthorized"
-  status: 200
+  status: 400
   next: end

DSL/Ruuter.private/DSL/POST/classifier/integration/outlook/label.yml

@@ -14,6 +14,10 @@ declaration:
       - field: folderId
         type: string
         description: "Body field 'folderId'"
+    headers:
+      - field: cookie
+        type: string
+        description: "Cookie field"
 
 extract_request_data:
   assign:
@@ -31,6 +35,8 @@ get_token_info:
   call: http.get
   args:
     url: "[#CLASSIFIER_RUUTER_PRIVATE]/classifier/integration/outlook/token"
+    headers:
+      cookie: ${incoming.headers.cookie}
   result: res
   next: assign_access_token
 

DSL/Ruuter.private/DSL/POST/classifier/integration/outlook/subscribe.yml

@@ -11,10 +11,14 @@ declaration:
       - field: is_connect
         type: boolean
         description: "Body field 'isConnect'"
+    headers:
+      - field: cookie
+        type: string
+        description: "Cookie field"
 
 extract_request_data:
   assign:
-    is_connect: ${incoming.body.isConnect}
+    is_connect: ${incoming.body.is_connect}
   next: get_platform_integration_status
 
 get_platform_integration_status:
@@ -28,8 +32,8 @@ get_platform_integration_status:
 
 assign_db_platform_integration_data:
   assign:
-    db_platform_status: ${res.response.body.is_connect}
-    subscription_id: ${res.response.body.subscription_id}
+    db_platform_status: ${res.response.body[0].isConnect}
+    subscription_id: ${res.response.body[0].subscriptionId}
   next: validate_request
 
 validate_request:
@@ -41,7 +45,7 @@ validate_request:
 get_token_info:
   call: http.get
   args:
-    url: "[#CLASSIFIER_RUUTER_PRIVATE]/classifier/integration/outlook/token"
+    url: "[#CLASSIFIER_RUUTER_PRIVATE_INTERNAL]/internal/xyz"
   result: res
   next: assign_access_token
 
@@ -52,7 +56,7 @@ assign_access_token:
 
 check_integration_type:
   switch:
-    - condition: ${is_connect === true && subscription_id == null}
+    - condition: ${is_connect === true && subscription_id === null}
       next: subscribe_outlook
     - condition: ${is_connect === false && subscription_id !== null}
       next: unsubscribe_outlook
@@ -66,10 +70,10 @@ subscribe_outlook:
       Authorization: ${'Bearer ' + access_token}
     body:
       changeType: "created,updated"
-      notificationUrl: "[#CLASSIFIER_RUUTER_PRIVATE]/classifier/integration/outlook/accept"
+      notificationUrl: "https://f789-111-223-191-66.ngrok-free.app/classifier/integration/outlook/accept"
       resource: "me/mailFolders('inbox')/messages"
-      expirationDateTime: "2024-07-02T21:10:45.9356913Z"
-      clientState: "state"
+      expirationDateTime: "2024-07-06T21:10:45.9356913Z"
+      clientState: "secretClientValue"
   result: res_subscribe
   next: check_subscribe_response
 
@@ -84,15 +88,15 @@ set_subscription_data:
   args:
     url: "[#CLASSIFIER_RESQL]/connect-platform"
     body:
-      id: ${res_subscribe.response.id}
+      id: ${res_subscribe.response.body.id}
       platform: 'OUTLOOK'
   result: set_status_res
   next: check_db_status
 
 unsubscribe_outlook:
   call: http.delete
   args:
-    url: "https://graph.microsoft.com/v1.0/subscriptions/${res_data.response.subscriptionId}"
+    url: "https://graph.microsoft.com/v1.0/subscriptions/${subscription_id}"
     headers:
       Authorization: ${'Bearer ' + access_token}
   result: res_unsubscribe

DSL/Ruuter.private/DSL/POST/classifier/integration/toggle-platform.yml

@@ -14,11 +14,16 @@ declaration:
       - field: platform
         type: string
         description: "Body field 'platform'"
+    headers:
+      - field: cookie
+        type: string
+        description: "Cookie field"
 
 extract_request_data:
   assign:
     operation: ${incoming.body.operation}
     platform: ${incoming.body.platform}
+    cookie: ${incoming.headers.cookie}
   next: check_operation
 
 check_operation:
@@ -43,25 +48,25 @@ check_platform:
   switch:
     - condition: ${platform === 'jira'}
       next: assign_jira_url
-    - condition: ${operation === 'outlook'}
+    - condition: ${platform === 'outlook'}
       next: assign_outlook_url
-    - condition: ${operation === 'pinal'}
+    - condition: ${platform === 'pinal'}
       next: assign_pinal_url
   next: platform_not_support
 
 assign_jira_url:
   assign:
-    url: "jira/cloud/toggle-subscription"
+    url: "jira/cloud/subscribe"
   next: route_to_platform
 
 assign_outlook_url:
   assign:
-    url: "outlook/toggle-subscription"
+    url: "outlook/subscribe"
   next: route_to_platform
 
 assign_pinal_url:
   assign:
-    url: "pinal/toggle-subscription"
+    url: "pinal/subscribe"
   next: route_to_platform
 
 route_to_platform:
@@ -70,6 +75,7 @@ route_to_platform:
     url: "[#CLASSIFIER_RUUTER_PRIVATE]/classifier/integration/${url}"
     headers:
       type: json
+      cookie: ${cookie}
     body:
       is_connect: ${is_connect}
   result: res

DSL/Ruuter.private/DSL/TEMPLATES/check-user-authority.yml

@@ -31,7 +31,7 @@ check_cookie_info_response:
 
 check_user_authority:
   switch:
-    - condition: ${res.response.body.authorities.includes("ROLE_ADMINISTRATOR") || res.response.body.authorities.includes("ROLE_ANALYST")}
+    - condition: ${res.response.body.authorities.includes("ROLE_ADMINISTRATOR") || res.response.body.authorities.includes("ROLE_MODEL_TRAINER")}
       next: return_authorized
   next: return_unauthorized
 

DSL/Ruuter.public/DSL/POST/auth/login.yml

@@ -5,26 +5,16 @@ declaration:
   method: post
   accepts: json
   returns: json
-  namespace: backoffice
+  namespace: classifier
   allowlist:
     body:
       - field: login
         type: string
         description: "Body field 'login'"
       - field: password
-        type: stringDSL/Ruuter.public/DSL/POST/login.yml
+        type: string
         description: "Body field 'password'"
 
-getIsPasswordAuthEnabled:
-  assign:
-    isPasswordAuthEnabled: "[#PASSWORD_AUTH_ENABLED]"
-
-checkPasswordLoginEnabled:
-  switch:
-    - condition: ${isPasswordAuthEnabled === true || isPasswordAuthEnabled.toLowerCase() === "true"}
-      next: extractRequestData
-  next: return_password_login_disabled
-
 extractRequestData:
   assign:
     login: ${incoming.body.login}
@@ -34,7 +24,7 @@ extractRequestData:
 getUserWithRole:
   call: http.post
   args:
-    url: "[#CHATBOT_RESQL]/get-user-with-roles"
+    url: "[#CLASSIFIER_RESQL]/get-user-with-roles"
     body:
       login: ${login}
       password: ${password}
@@ -50,7 +40,7 @@ check_user_result:
 get_session_length:
   call: http.post
   args:
-    url: "[#CHATBOT_RESQL]/get-configuration"
+    url: "[#CLASSIFIER_RESQL]/get-configuration"
     body:
       key: "session_length"
   result: session_result
@@ -59,7 +49,7 @@ get_session_length:
 generate_cookie:
   call: http.post
   args:
-    url: "[#CHATBOT_TIM]/jwt/custom-jwt-generate"
+    url: "[#CLASSIFIER_TIM]/jwt/custom-jwt-generate"
     body:
       JWTName: "customJwtCookie"
       expirationInMinutes: ${session_result.response.body[0]?.value ?? '120'}
@@ -75,18 +65,6 @@ assign_cookie:
       Secure: true
       HttpOnly: true
       SameSite: "Lax"
-  next: setCustomerSupportAgentAway
-
-setCustomerSupportAgentAway:
-  call: http.post
-  args:
-    url: "[#CHATBOT_RESQL]/set-customer-support-status"
-    body:
-      active: false
-      userIdCode: ${login}
-      created: ${new Date().toISOString()}
-      status: "offline"
-  result: setCustomerSupportAgentAwayResult
   next: return_value
 
 return_value:
@@ -99,8 +77,3 @@ return_user_not_found:
   status: 400
   return: "User Not Found"
   next: end
-
-return_password_login_disabled:
-  status: 400
-  return: "Password login is disabled"
-  next: end