Conversation
|
@phil-davis Now you can add the acceptance tests to this branch. This is a breaking change for the next minor version. |
micbar
changed the title
|
@micbar @DeepDiver1975 , I have added acceptance tests for checking the cases when there are not any external user backends. Some status codes seem out of place. Please have a look |
micbar
changed the title
@micbar @DeepDiver1975 please have a look at the added acceptance test scenarios and see if any of the failure codes need to be adjusted/made more consistent. |
|
@dpakach I don't think we ever sorted out how to add a "happy path" acceptance test for this in the We really need to have a "happy path" test passing somewhere. |
@phil-davis I tried doing that but could not make work. Either there is some problem in my configuration or some bug. I had created the issue #36312. |
I'm not that deep into the acceptance tests these days - I see you as the lead dev on these topic @phil-davis . Regarding the tests not working properly I cannot add more then I did on #36312 |
NP - I will look with @dpakach and our guys |
phil-davis
force-pushed
the
feature/user-sync-2
branch
from
27e40ae to
4bd54cc
Compare
Codecov Report
@@ Coverage Diff @@
## master #36428 +/- ##
============================================
- Coverage 64.68% 64.67% -0.01%
- Complexity 19071 19106 +35
============================================
Files 1268 1269 +1
Lines 74516 74723 +207
Branches 1311 1320 +9
============================================
+ Hits 48201 48329 +128
- Misses 25929 26006 +77
- Partials 386 388 +2
Continue to review full report at Codecov.
|
|
Feel free to fix right away, Phil |
phil-davis
force-pushed
the
feature/user-sync-2
branch
from
4bd54cc to
548d43a
Compare
|
Note: I rebased just now so that we have this on top of the latest master. |
@micbar I have lots to do, and I do not see easily how to fix/catch this
Strangely, I do not see other examples of places where it is currently being caught. Some developer will know what to do in 5 minutes (maybe)? |
|
Thanks @sharidas . Let us see what CI says. |
|
@phil-davis @skshetry The response Code is now 403 Forbidden. |
I suspect that this will be a more general fix that might catch other places where we test sending an API request to an admin-only endpoint, but with only authentication of an ordinary user. Probably the status codes will now be better. There might be some test expectations to adjust (improve) when we see the CI result. |
sharidas
force-pushed
the
feature/user-sync-2
branch
4 times, most recently
from
8589764 to
3696eca
Compare
phil-davis
force-pushed
the
feature/user-sync-2
branch
from
3696eca to
a9fc898
Compare
|
I rebased just now to make sure this is up-to-date and passing. |
Fix the status code for non admin access Signed-off-by: Sujith H <sharidasan@owncloud.com>
phil-davis
force-pushed
the
feature/user-sync-2
branch
from
a9fc898 to
2a11200
Compare
phil-davis
left a comment
phil-davis
left a comment
There was a problem hiding this comment.
Tests are OK here, as far as they go.
We will need to work out a way to do a manual test of this with LDAP set-up, because I never managed to get the user_ldap CI setup to successfully do a user sync through this API.
Someone else needs to approve the actual code.
VicDeo
left a comment
VicDeo
left a comment
There was a problem hiding this comment.
Looks good, just some minor changes
lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
Outdated
Show resolved
Hide resolved
| */ | ||
| public function syncUser($userId): Result { | ||
| foreach ($this->userManager->getBackends() as $backEnd) { | ||
| $users = $backEnd->getUsers($userId, 2); |
There was a problem hiding this comment.
If I remember correctly, we had already problems if there are users with the similar name. What if we have "Scott", "Scotty", "Scott_A"... and we want to sync "Scott"? Even if we have only one "Scott" in the system, I think the method will return an error.
There was a problem hiding this comment.
You mean it will throw an exception? Or return an empty value?
| if ($exception instanceof NotLoggedInException) { | ||
| return $controller->buildResponse(new Result(null, API::RESPOND_UNAUTHORISED, 'Unauthorised')); | ||
| } elseif ($exception instanceof NotAdminException) { | ||
| return $controller->buildResponse(new Result(null, $exception->getCode(), $exception->getMessage())); |
There was a problem hiding this comment.
The exception doesn't explicitly says that the error code should be an HTTP code, and it doesn't guarantee it. We should at least include a comment saying that we expect an HTTP code as the error code of the exception.
There was a problem hiding this comment.
The docblock of the parent method mentions that the return value is a http Response object. Isn't that sufficient?
There was a problem hiding this comment.
NotAdminException has a code Http::STATUS_FORBIDDEN so it looks ok from my side...
https://github.com/owncloud/core/blob/master/lib/private/AppFramework/Middleware/Security/Exceptions/NotAdminException.php#L37
|
Note: acceptance test added in owncloud/user_ldap#562 |
7 participants
Description
External user provisioning system need an http api to trigger user-sync for a specific user.
Authorization
The http API can only be executed by a user with admin priviledges. Suggestion is to create a technical user who is in the admin group
Route
Response
Related Issue
How Has This Been Tested?
Screenshots (if appropriate):
Types of changes
Checklist:
Open tasks: