Skip to content

Commit

Permalink
[PM-15957] Fix: Domain Claim fails to enable Single Organization Poli…
Browse files Browse the repository at this point in the history 
…cy, sends no emails and Revokes all users (#5147)

* Add JSON-based stored procedure for updating account revision dates and modify existing procedure to use it

* Refactor SingleOrgPolicyValidator to revoke only non-compliant organization users and update related tests
  • Loading branch information
@r-tome
r-tome authored Dec 17, 2024
1 parent 1648809 commit b75c63c
Show file tree
Hide file tree
Showing 5 changed files with 140 additions and 8 deletions.
11 changes: 9 additions & 2 deletions ...e/AdminConsole/OrganizationFeatures/Policies/PolicyValidators/SingleOrgPolicyValidator.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,15 +97,22 @@ private async Task RevokeNonCompliantUsersAsync(Guid organizationId, IActingUser
return;
}

var allRevocableUserOrgs = await _organizationUserRepository.GetManyByManyUsersAsync(
currentActiveRevocableOrganizationUsers.Select(ou => ou.UserId!.Value));
var usersToRevoke = currentActiveRevocableOrganizationUsers.Where(ou =>
allRevocableUserOrgs.Any(uo => uo.UserId == ou.UserId &&
uo.OrganizationId != organizationId &&
uo.Status != OrganizationUserStatusType.Invited)).ToList();

var commandResult = await _revokeNonCompliantOrganizationUserCommand.RevokeNonCompliantOrganizationUsersAsync(
new RevokeOrganizationUsersRequest(organizationId, currentActiveRevocableOrganizationUsers, performedBy));
new RevokeOrganizationUsersRequest(organizationId, usersToRevoke, performedBy));

if (commandResult.HasErrors)
{
throw new BadRequestException(string.Join(", ", commandResult.ErrorMessages));
}

await Task.WhenAll(currentActiveRevocableOrganizationUsers.Select(x =>
await Task.WhenAll(usersToRevoke.Select(x =>
_mailService.SendOrganizationUserRevokedForPolicySingleOrgEmailAsync(organization.DisplayName(), x.Email)));
}

Expand Down
2 changes: 1 addition & 1 deletion src/Sql/dbo/Stored Procedures/OrganizationUser_SetStatusForUsersById.sql
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,6 @@ BEGIN
SET [Status] = @Status
WHERE [Id] IN (SELECT Id from @ParsedIds)

EXEC [dbo].[User_BumpAccountRevisionDateByOrganizationUserIds] @OrganizationUserIds
EXEC [dbo].[User_BumpAccountRevisionDateByOrganizationUserIdsJson] @OrganizationUserIds
END

33 changes: 33 additions & 0 deletions src/Sql/dbo/Stored Procedures/User_BumpAccountRevisionDateByOrganizationUserIdsJson.sql
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
CREATE PROCEDURE [dbo].[User_BumpAccountRevisionDateByOrganizationUserIdsJson]
@OrganizationUserIds NVARCHAR(MAX)
AS
BEGIN
SET NOCOUNT ON

CREATE TABLE #UserIds
(
UserId UNIQUEIDENTIFIER NOT NULL
);

INSERT INTO #UserIds (UserId)
SELECT
OU.UserId
FROM
[dbo].[OrganizationUser] OU
INNER JOIN
(SELECT [value] as Id FROM OPENJSON(@OrganizationUserIds)) AS OUIds
ON OUIds.Id = OU.Id
WHERE
OU.[Status] = 2 -- Confirmed

UPDATE
U
SET
U.[AccountRevisionDate] = GETUTCDATE()
FROM
[dbo].[User] U
INNER JOIN
#UserIds ON U.[Id] = #UserIds.[UserId]

DROP TABLE #UserIds
END
38 changes: 33 additions & 5 deletions ...inConsole/OrganizationFeatures/Policies/PolicyValidators/SingleOrgPolicyValidatorTests.cs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,7 @@ public async Task OnSaveSideEffectsAsync_RevokesNonCompliantUsers(

var compliantUser1 = new OrganizationUserUserDetails
{
Id = Guid.NewGuid(),
OrganizationId = organization.Id,
Type = OrganizationUserType.User,
Status = OrganizationUserStatusType.Confirmed,
Expand All @@ -84,6 +85,7 @@ public async Task OnSaveSideEffectsAsync_RevokesNonCompliantUsers(

var compliantUser2 = new OrganizationUserUserDetails
{
Id = Guid.NewGuid(),
OrganizationId = organization.Id,
Type = OrganizationUserType.User,
Status = OrganizationUserStatusType.Confirmed,
Expand All @@ -93,6 +95,7 @@ public async Task OnSaveSideEffectsAsync_RevokesNonCompliantUsers(

var nonCompliantUser = new OrganizationUserUserDetails
{
Id = Guid.NewGuid(),
OrganizationId = organization.Id,
Type = OrganizationUserType.User,
Status = OrganizationUserStatusType.Confirmed,
Expand All @@ -106,6 +109,7 @@ public async Task OnSaveSideEffectsAsync_RevokesNonCompliantUsers(

var otherOrganizationUser = new OrganizationUser
{
Id = Guid.NewGuid(),
OrganizationId = new Guid(),
UserId = nonCompliantUserId,
Status = OrganizationUserStatusType.Confirmed
Expand All @@ -129,11 +133,20 @@ public async Task OnSaveSideEffectsAsync_RevokesNonCompliantUsers(

await sutProvider.GetDependency<IRevokeNonCompliantOrganizationUserCommand>()
.Received(1)
.RevokeNonCompliantOrganizationUsersAsync(Arg.Any<RevokeOrganizationUsersRequest>());
.RevokeNonCompliantOrganizationUsersAsync(
Arg.Is<RevokeOrganizationUsersRequest>(r =>
r.OrganizationId == organization.Id &&
r.OrganizationUsers.Count() == 1 &&
r.OrganizationUsers.First().Id == nonCompliantUser.Id));
await sutProvider.GetDependency<IMailService>()
.DidNotReceive()
.SendOrganizationUserRevokedForPolicySingleOrgEmailAsync(organization.DisplayName(), compliantUser1.Email);
await sutProvider.GetDependency<IMailService>()
.DidNotReceive()
.SendOrganizationUserRevokedForPolicySingleOrgEmailAsync(organization.DisplayName(), compliantUser2.Email);
await sutProvider.GetDependency<IMailService>()
.Received(1)
.SendOrganizationUserRevokedForPolicySingleOrgEmailAsync(organization.DisplayName(),
"[email protected]");
.SendOrganizationUserRevokedForPolicySingleOrgEmailAsync(organization.DisplayName(), nonCompliantUser.Email);
}

[Theory, BitAutoData]
Expand All @@ -148,6 +161,7 @@ public async Task OnSaveSideEffectsAsync_RemovesNonCompliantUsers(

var compliantUser1 = new OrganizationUserUserDetails
{
Id = Guid.NewGuid(),
OrganizationId = organization.Id,
Type = OrganizationUserType.User,
Status = OrganizationUserStatusType.Confirmed,
Expand All @@ -157,6 +171,7 @@ public async Task OnSaveSideEffectsAsync_RemovesNonCompliantUsers(

var compliantUser2 = new OrganizationUserUserDetails
{
Id = Guid.NewGuid(),
OrganizationId = organization.Id,
Type = OrganizationUserType.User,
Status = OrganizationUserStatusType.Confirmed,
Expand All @@ -166,6 +181,7 @@ public async Task OnSaveSideEffectsAsync_RemovesNonCompliantUsers(

var nonCompliantUser = new OrganizationUserUserDetails
{
Id = Guid.NewGuid(),
OrganizationId = organization.Id,
Type = OrganizationUserType.User,
Status = OrganizationUserStatusType.Confirmed,
Expand All @@ -179,6 +195,7 @@ public async Task OnSaveSideEffectsAsync_RemovesNonCompliantUsers(

var otherOrganizationUser = new OrganizationUser
{
Id = Guid.NewGuid(),
OrganizationId = new Guid(),
UserId = nonCompliantUserId,
Status = OrganizationUserStatusType.Confirmed
Expand All @@ -200,13 +217,24 @@ public async Task OnSaveSideEffectsAsync_RemovesNonCompliantUsers(

await sutProvider.Sut.OnSaveSideEffectsAsync(policyUpdate, policy);

await sutProvider.GetDependency<IRemoveOrganizationUserCommand>()
.DidNotReceive()
.RemoveUserAsync(policyUpdate.OrganizationId, compliantUser1.Id, savingUserId);
await sutProvider.GetDependency<IRemoveOrganizationUserCommand>()
.DidNotReceive()
.RemoveUserAsync(policyUpdate.OrganizationId, compliantUser2.Id, savingUserId);
await sutProvider.GetDependency<IRemoveOrganizationUserCommand>()
.Received(1)
.RemoveUserAsync(policyUpdate.OrganizationId, nonCompliantUser.Id, savingUserId);
await sutProvider.GetDependency<IMailService>()
.DidNotReceive()
.SendOrganizationUserRemovedForPolicySingleOrgEmailAsync(organization.DisplayName(), compliantUser1.Email);
await sutProvider.GetDependency<IMailService>()
.DidNotReceive()
.SendOrganizationUserRemovedForPolicySingleOrgEmailAsync(organization.DisplayName(), compliantUser2.Email);
await sutProvider.GetDependency<IMailService>()
.Received(1)
.SendOrganizationUserRemovedForPolicySingleOrgEmailAsync(organization.DisplayName(),
"[email protected]");
.SendOrganizationUserRemovedForPolicySingleOrgEmailAsync(organization.DisplayName(), nonCompliantUser.Email);
}

[Theory, BitAutoData]
Expand Down
64 changes: 64 additions & 0 deletions util/Migrator/DbScripts/2024-12-11-00_BumpAccountRevisionDateJsonIds.sql
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,64 @@
CREATE OR ALTER PROCEDURE [dbo].[User_BumpAccountRevisionDateByOrganizationUserIdsJson]
@OrganizationUserIds NVARCHAR(MAX)
AS
BEGIN
SET NOCOUNT ON

CREATE TABLE #UserIds
(
UserId UNIQUEIDENTIFIER NOT NULL
);

INSERT INTO #UserIds (UserId)
SELECT
OU.UserId
FROM
[dbo].[OrganizationUser] OU
INNER JOIN
(SELECT [value] as Id FROM OPENJSON(@OrganizationUserIds)) AS OUIds
ON OUIds.Id = OU.Id
WHERE
OU.[Status] = 2 -- Confirmed

UPDATE
U
SET
U.[AccountRevisionDate] = GETUTCDATE()
FROM
[dbo].[User] U
INNER JOIN
#UserIds ON U.[Id] = #UserIds.[UserId]

DROP TABLE #UserIds
END
GO

CREATE OR ALTER PROCEDURE [dbo].[OrganizationUser_SetStatusForUsersById]
@OrganizationUserIds AS NVARCHAR(MAX),
@Status SMALLINT
AS
BEGIN
SET NOCOUNT ON

-- Declare a table variable to hold the parsed JSON data
DECLARE @ParsedIds TABLE (Id UNIQUEIDENTIFIER);

-- Parse the JSON input into the table variable
INSERT INTO @ParsedIds (Id)
SELECT value
FROM OPENJSON(@OrganizationUserIds);

-- Check if the input table is empty
IF (SELECT COUNT(1) FROM @ParsedIds) < 1
BEGIN
RETURN(-1);
END

UPDATE
[dbo].[OrganizationUser]
SET [Status] = @Status
WHERE [Id] IN (SELECT Id from @ParsedIds)

EXEC [dbo].[User_BumpAccountRevisionDateByOrganizationUserIdsJson] @OrganizationUserIds
END
GO

0 comments on commit b75c63c

Please sign in to comment.