update identity BB profile data parsing, add IdentityBBProfileFields to ApplicationOrganization model

Author: roberlander2

.secrets.baseline

@@ -316,7 +316,7 @@
         "filename": "driver\\web\\docs\\gen\\gen_types.go",
         "hashed_secret": "c9739eab2dfa093cc0e450bf0ea81a43ae67b581",
         "is_verified": false,
-        "line_number": 1875
+        "line_number": 1876
       }
     ],
     "driver\\web\\docs\\resources\\admin\\auth\\login.yaml": [
@@ -347,5 +347,5 @@
       }
     ]
   },
-  "generated_at": "2024-11-25T23:02:14Z"
+  "generated_at": "2024-11-27T23:13:12Z"
 }

core/auth/auth.go

@@ -480,7 +480,7 @@ func (a *Auth) applyOrgSignUpExternal(context storage.TransactionContext, authTy
 
 	var identityBBProfile *model.Profile
 	if identityProviderSetting.IdentityBBBaseURL != "" {
-		identityBBProfile, err = a.identityBB.GetUserProfile(identityProviderSetting.IdentityBBBaseURL, externalUser, externalCreds, l)
+		identityBBProfile, err = a.identityBB.GetUserProfile(identityProviderSetting.IdentityBBBaseURL, externalUser, externalCreds, identityProviderSetting.IdentityBBProfileFields, l)
 		if err != nil {
 			l.WarnError(logutils.MessageAction(logutils.StatusError, "syncing", "identity bb data", nil), err)
 		}
@@ -644,7 +644,7 @@ func (a *Auth) updateExternalUserIfNeeded(accountAuthType model.AccountAuthType,
 
 	var identityBBProfile *model.Profile
 	if identityProviderSetting.IdentityBBBaseURL != "" {
-		identityBBProfile, err = a.identityBB.GetUserProfile(identityProviderSetting.IdentityBBBaseURL, externalUser, externalCreds, l)
+		identityBBProfile, err = a.identityBB.GetUserProfile(identityProviderSetting.IdentityBBBaseURL, externalUser, externalCreds, identityProviderSetting.IdentityBBProfileFields, l)
 		if err != nil {
 			l.WarnError(logutils.MessageAction(logutils.StatusError, "syncing", "identity bb data", nil), err)
 		}

core/auth/interfaces.go

@@ -607,7 +607,7 @@ type ProfileBuildingBlock interface {
 
 // IdentityBuildingBlock is used by auth to communicate with the identity building block.
 type IdentityBuildingBlock interface {
-	GetUserProfile(baseURL string, externalUser model.ExternalSystemUser, externalAccessToken string, l *logs.Log) (*model.Profile, error)
+	GetUserProfile(baseURL string, externalUser model.ExternalSystemUser, externalAccessToken string, profileFields map[string]string, l *logs.Log) (*model.Profile, error)
 }
 
 // Emailer is used by core to send emails

core/model/application.go

@@ -384,8 +384,9 @@ type IdentityProviderSetting struct {
 
 	UserSpecificFields []string `bson:"user_specific_fields"`
 
-	AlwaysSyncProfile bool   `bson:"always_sync_profile"` // if true, profile data will be overwritten with data from external user on each login/refresh
-	IdentityBBBaseURL string `bson:"identity_bb_base_url"`
+	AlwaysSyncProfile       bool              `bson:"always_sync_profile"` // if true, profile data will be overwritten with data from external user on each login/refresh
+	IdentityBBBaseURL       string            `bson:"identity_bb_base_url"`
+	IdentityBBProfileFields map[string]string `bson:"identity_bb_profile_fields"` // a map from paths into the data returned by the Identity BB to keys in Profile.UnstructuredProperties
 
 	Roles  map[string]string `bson:"roles"`  //map[identity_provider_role]app_role_id
 	Groups map[string]string `bson:"groups"` //map[identity_provider_group]app_group_id

core/model/user.go

@@ -19,7 +19,6 @@ import (
 	"fmt"
 	"reflect"
 	"sort"
-	"strings"
 	"time"
 
 	"github.com/rokwire/logging-library-go/v2/errors"
@@ -89,37 +88,22 @@ type Privacy struct {
 }
 
 // GetFieldVisibility determines the privacy setting for the account data at path
-func (p *Privacy) GetFieldVisibility(path string, visibilityMap map[string]interface{}) (string, error) {
-	if len(visibilityMap) == 0 {
-		if len(p.FieldVisibility) == 0 {
-			return VisibilityPrivate, nil
-		}
-		visibilityMap = p.FieldVisibility
-	}
-
-	splitPath := strings.Split(path, ".")
-	var err error
-	visibilityEntry, ok := visibilityMap[splitPath[0]]
-	if !ok {
+func (p *Privacy) GetFieldVisibility(path string) (string, error) {
+	visibilityEntry := utils.GetMapEntryFromPath(p.FieldVisibility, path)
+	if visibilityEntry == nil {
 		return VisibilityPrivate, nil
 	}
+
 	visibility, ok := visibilityEntry.(string)
 	if !ok {
-		insideMap, ok := visibilityEntry.(map[string]interface{})
-		if !ok {
-			return "", errors.ErrorData(logutils.StatusInvalid, "privacy field visibility", nil)
-		}
-		visibility, err = p.GetFieldVisibility(strings.Join(splitPath[1:], "."), insideMap)
-		if err != nil {
-			return "", errors.WrapErrorAction(logutils.ActionGet, "account field visibility", &logutils.FieldArgs{"path": path}, err)
-		}
+		return "", errors.ErrorData(logutils.StatusInvalid, "privacy field visibility", &logutils.FieldArgs{"path": path})
 	}
 	return visibility, nil
 }
 
 // IsFieldVisible determines whether the account data at path should be visible to the requesting user
 func (p *Privacy) IsFieldVisible(path string, isConnection bool) (bool, error) {
-	visibility, err := p.GetFieldVisibility(path, nil)
+	visibility, err := p.GetFieldVisibility(path)
 	if err != nil {
 		return false, errors.WrapErrorAction(logutils.ActionGet, "account field visibility", &logutils.FieldArgs{"path": path}, err)
 	}
@@ -781,7 +765,7 @@ func (p Profile) Merge(src Profile) Profile {
 }
 
 // ProfileFromMap parses a map and converts it into a Profile struct
-func ProfileFromMap(profileMap map[string]interface{}) Profile {
+func ProfileFromMap(profileMap map[string]interface{}, profileFields map[string]string) Profile {
 	profile := Profile{UnstructuredProperties: make(map[string]interface{})}
 	for key, val := range profileMap {
 		if key == "first_name" {
@@ -828,6 +812,12 @@ func ProfileFromMap(profileMap map[string]interface{}) Profile {
 			profile.UnstructuredProperties[key] = val
 		}
 	}
+
+	for path, profileKey := range profileFields {
+		if value := utils.GetMapEntryFromPath(profileMap, path); value != nil {
+			profile.UnstructuredProperties[profileKey] = value
+		}
+	}
 	return profile
 }
 

driven/identitybb/adapter.go

@@ -35,7 +35,7 @@ type Adapter struct {
 }
 
 // GetUserProfile gets user profile info for the provided user credentials
-func (a *Adapter) GetUserProfile(baseURL string, externalUser model.ExternalSystemUser, externalAccessToken string, l *logs.Log) (*model.Profile, error) {
+func (a *Adapter) GetUserProfile(baseURL string, externalUser model.ExternalSystemUser, externalAccessToken string, profileFields map[string]string, l *logs.Log) (*model.Profile, error) {
 	if baseURL == "" || externalAccessToken == "" {
 		return nil, errors.ErrorData(logutils.StatusMissing, "base url", nil)
 	}
@@ -80,7 +80,7 @@ func (a *Adapter) GetUserProfile(baseURL string, externalUser model.ExternalSyst
 		return nil, errors.WrapErrorAction(logutils.ActionUnmarshal, logutils.TypeResponseBody, nil, err)
 	}
 
-	profile := model.ProfileFromMap(profileData)
+	profile := model.ProfileFromMap(profileData, profileFields)
 
 	return &profile, nil
 }

driver/web/conversions_application.go

@@ -418,6 +418,10 @@ func identityProviderSettingFromDef(item *Def.IdentityProviderSettings) *model.I
 	if item.IdentityBbBaseUrl != nil {
 		identityBBBaseURL = *item.IdentityBbBaseUrl
 	}
+	var identityBBProfileFields map[string]string
+	if item.IdentityBbProfileFields != nil {
+		identityBBProfileFields = *item.IdentityBbProfileFields
+	}
 
 	var adminAppAccessRoles []string
 	if item.AdminAppAccessRoles != nil {
@@ -427,8 +431,8 @@ func identityProviderSettingFromDef(item *Def.IdentityProviderSettings) *model.I
 	return &model.IdentityProviderSetting{IdentityProviderID: item.IdentityProviderId, UserIdentifierField: item.UserIdentifierField,
 		ExternalIDFields: externalIDFields, FirstNameField: firstNameField, MiddleNameField: middleNameField,
 		LastNameField: lastNameField, EmailField: emailField, FerpaField: ferpaField, RolesField: rolesField, GroupsField: groupsField,
-		UserSpecificFields: userSpecificFields, Roles: roles, Groups: groups,
-		AlwaysSyncProfile: alwaysSyncProfile, IdentityBBBaseURL: identityBBBaseURL, AdminAppAccessRoles: adminAppAccessRoles}
+		UserSpecificFields: userSpecificFields, Roles: roles, Groups: groups, AlwaysSyncProfile: alwaysSyncProfile,
+		IdentityBBBaseURL: identityBBBaseURL, IdentityBBProfileFields: identityBBProfileFields, AdminAppAccessRoles: adminAppAccessRoles}
 }
 
 func identityProviderSettingsToDef(items []model.IdentityProviderSetting) []Def.IdentityProviderSettings {

driver/web/docs/gen/def.yaml

@@ -6377,6 +6377,11 @@ components:
           type: boolean
         identity_bb_base_url:
           type: string
+        identity_bb_profile_fields:
+          type: object
+          additionalProperties:
+            type: string
+          nullable: true
         admin_app_access_roles:
           type: array
           items:

driver/web/docs/gen/gen_types.go

@@ -42,9 +42,14 @@ properties:
       type: string
     nullable: true
   always_sync_profile:
-    type: boolean 
+    type: boolean
   identity_bb_base_url:
     type: string
+  identity_bb_profile_fields:
+    type: object
+    additionalProperties:
+      type: string
+    nullable: true
   admin_app_access_roles:
     type: array
     items:

driver/web/docs/schemas/application/IdentityProviderSettings.yaml

@@ -227,6 +227,28 @@ func GetPrintableString(v *string, defaultVal string) string {
 	return defaultVal
 }
 
+// GetMapEntryFromPath returns the data entry corresponding to path, a period-separated string
+func GetMapEntryFromPath(data map[string]interface{}, path string) interface{} {
+	if len(data) == 0 {
+		return nil
+	}
+
+	splitPath := strings.Split(path, ".")
+	entry, ok := data[splitPath[0]]
+	if !ok {
+		return nil
+	}
+	if len(splitPath) == 1 {
+		return entry
+	}
+
+	entryData, ok := entry.(map[string]interface{})
+	if !ok {
+		return nil
+	}
+	return GetMapEntryFromPath(entryData, strings.Join(splitPath[1:], "."))
+}
+
 // StartTimer starts a timer with the given name, period, and function to call when the timer goes off
 func StartTimer(timer *time.Timer, timerDone chan bool, period time.Duration, periodicFunc func(), name string, logger *logs.Logger) {
 	if logger != nil {