From b7956bc6a875dd36fba56207bd5a711c5ef93257 Mon Sep 17 00:00:00 2001 From: elisa lee Date: Wed, 14 Aug 2024 16:25:10 -0500 Subject: [PATCH] Fetch group info for users from DB when oktaMigrationEnabled is true --- .../AccountRequestController.java | 24 +++- .../db/repository/ApiUserRepository.java | 36 ++++++ .../idp/repository/DemoOktaRepository.java | 6 + .../idp/repository/LiveOktaRepository.java | 7 ++ .../idp/repository/OktaRepository.java | 2 + .../simplereport/service/ApiUserService.java | 61 +++++++--- .../service/DbAuthorizationService.java | 58 ++++++++++ .../service/OrganizationService.java | 76 +++++++++---- .../api/AccountRequestControllerTest.java | 52 ++++++++- .../db/repository/BaseRepositoryTest.java | 2 + .../repository/DemoOktaRepositoryTest.java | 8 ++ .../repository/LiveOktaRepositoryTest.java | 46 ++++++++ .../service/ApiUserServiceTest.java | 29 ++++- .../service/DbAuthorizationServiceTest.java | 95 ++++++++++++++++ .../service/OrganizationServiceTest.java | 105 +++++++++++++++++- .../test_util/TestDataFactory.java | 7 ++ 16 files changed, 567 insertions(+), 47 deletions(-) create mode 100644 backend/src/main/java/gov/cdc/usds/simplereport/service/DbAuthorizationService.java create mode 100644 backend/src/test/java/gov/cdc/usds/simplereport/service/DbAuthorizationServiceTest.java diff --git a/backend/src/main/java/gov/cdc/usds/simplereport/api/accountrequest/AccountRequestController.java b/backend/src/main/java/gov/cdc/usds/simplereport/api/accountrequest/AccountRequestController.java index 2813bc370a..4bc6343811 100644 --- a/backend/src/main/java/gov/cdc/usds/simplereport/api/accountrequest/AccountRequestController.java +++ b/backend/src/main/java/gov/cdc/usds/simplereport/api/accountrequest/AccountRequestController.java @@ -12,11 +12,14 @@ import gov.cdc.usds.simplereport.api.model.accountrequest.WaitlistRequest; import gov.cdc.usds.simplereport.api.model.errors.BadRequestException; import gov.cdc.usds.simplereport.api.model.errors.IllegalGraphqlArgumentException; +import gov.cdc.usds.simplereport.config.FeatureFlagsConfig; +import gov.cdc.usds.simplereport.db.model.ApiUser; import gov.cdc.usds.simplereport.db.model.Organization; import gov.cdc.usds.simplereport.db.model.OrganizationQueueItem; import gov.cdc.usds.simplereport.idp.repository.OktaRepository; import gov.cdc.usds.simplereport.properties.SendGridProperties; import gov.cdc.usds.simplereport.service.ApiUserService; +import gov.cdc.usds.simplereport.service.DbAuthorizationService; import gov.cdc.usds.simplereport.service.OrganizationQueueService; import gov.cdc.usds.simplereport.service.OrganizationService; import gov.cdc.usds.simplereport.service.email.EmailService; @@ -27,6 +30,7 @@ import java.util.List; import java.util.Optional; import java.util.function.Predicate; +import java.util.stream.Collectors; import lombok.RequiredArgsConstructor; import lombok.extern.slf4j.Slf4j; import org.owasp.encoder.Encode; @@ -50,7 +54,9 @@ public class AccountRequestController { private final OrganizationService _os; private final OrganizationQueueService _oqs; private final ApiUserService _aus; + private final DbAuthorizationService _das; private final EmailService _es; + private final FeatureFlagsConfig _ffc; private final SendGridProperties sendGridProperties; private final ObjectMapper objectMapper = new ObjectMapper(); private final OktaRepository _oktaRepo; @@ -136,8 +142,9 @@ private String checkForDuplicateOrg(String organizationName, String state, Strin Optional duplicateOrg = potentialDuplicates.stream().filter(o -> o.getExternalId().startsWith(state)).findFirst(); if (duplicateOrg.isPresent()) { - if (_oktaRepo.fetchAdminUserEmail(duplicateOrg.get()).stream() - .anyMatch(Predicate.isEqual(email))) { + List adminUserEmails = getOrgAdminUserEmails(duplicateOrg.get()); + + if (adminUserEmails.stream().anyMatch(Predicate.isEqual(email))) { // Special toasts are shown to admin users trying to re-register their org. String message = duplicateOrg.get().getIdentityVerified() @@ -156,6 +163,19 @@ private String checkForDuplicateOrg(String organizationName, String state, Strin return String.join("-", organizationName, state); } + private List getOrgAdminUserEmails(Organization org) { + List adminUserEmails; + if (_ffc.isOktaMigrationEnabled()) { + adminUserEmails = + _das.getOrgAdminUsers(org).stream() + .map(ApiUser::getLoginEmail) + .collect(Collectors.toList()); + } else { + adminUserEmails = _oktaRepo.fetchAdminUserEmail(org); + } + return adminUserEmails; + } + private void logOrganizationAccountRequest(@RequestBody @Valid OrganizationAccountRequest request) throws JsonProcessingException { if (log.isInfoEnabled()) { diff --git a/backend/src/main/java/gov/cdc/usds/simplereport/db/repository/ApiUserRepository.java b/backend/src/main/java/gov/cdc/usds/simplereport/db/repository/ApiUserRepository.java index b46c7167b6..f1528bbce5 100644 --- a/backend/src/main/java/gov/cdc/usds/simplereport/db/repository/ApiUserRepository.java +++ b/backend/src/main/java/gov/cdc/usds/simplereport/db/repository/ApiUserRepository.java @@ -1,6 +1,9 @@ package gov.cdc.usds.simplereport.db.repository; +import gov.cdc.usds.simplereport.config.authorization.OrganizationRole; import gov.cdc.usds.simplereport.db.model.ApiUser; +import gov.cdc.usds.simplereport.db.model.Facility; +import gov.cdc.usds.simplereport.db.model.Organization; import java.util.Collection; import java.util.List; import java.util.Optional; @@ -30,4 +33,37 @@ public interface ApiUserRepository extends EternalSystemManagedEntityRepository< @Query(BASE_QUERY + " and loginEmail IN :emails" + NAME_ORDER) List findAllByLoginEmailInOrderByName(Collection emails); + + String API_USER_ROLE_LEFT_JOIN = " LEFT JOIN api_user_role aur ON aur.apiUser = e"; + String BY_ORG_AND_UNDELETED_USER = " WHERE aur.organization = :org AND e.isDeleted = false"; + String JOINED_NAME_ORDER = + " order by e.nameInfo.lastName, e.nameInfo.firstName, e.nameInfo.middleName, e.internalId"; + + @Query( + value = + "from #{#entityName} e" + + API_USER_ROLE_LEFT_JOIN + + BY_ORG_AND_UNDELETED_USER + + JOINED_NAME_ORDER) + List findAllByOrganization(Organization org); + + @Query( + value = + "from #{#entityName} e" + + API_USER_ROLE_LEFT_JOIN + + BY_ORG_AND_UNDELETED_USER + + " AND aur.role = :role" + + JOINED_NAME_ORDER) + List findAllByOrganizationAndRole(Organization org, OrganizationRole role); + + @Query( + value = + "from #{#entityName} e" + + API_USER_ROLE_LEFT_JOIN + + " LEFT JOIN api_user_facility auf ON auf.apiUser = e" + + " WHERE auf.facility = :facility" + + " AND e.isDeleted = false" + + " AND (aur.role = 'USER' OR aur.role = 'ENTRY_ONLY')" + + " GROUP BY e") + List findAllBySingleFacilityAccess(Facility facility); } diff --git a/backend/src/main/java/gov/cdc/usds/simplereport/idp/repository/DemoOktaRepository.java b/backend/src/main/java/gov/cdc/usds/simplereport/idp/repository/DemoOktaRepository.java index 9cafca9de3..c0acd16cf6 100644 --- a/backend/src/main/java/gov/cdc/usds/simplereport/idp/repository/DemoOktaRepository.java +++ b/backend/src/main/java/gov/cdc/usds/simplereport/idp/repository/DemoOktaRepository.java @@ -285,6 +285,12 @@ public void activateOrganization(Organization org) { inactiveUsernames.removeAll(orgUsernamesMap.get(org.getExternalId())); } + @Override + public String activateUser(String username) { + inactiveUsernames.remove(username); + return "activationToken"; + } + // this method means nothing in a demo env public String activateOrganizationWithSingleUser(Organization org) { activateOrganization(org); diff --git a/backend/src/main/java/gov/cdc/usds/simplereport/idp/repository/LiveOktaRepository.java b/backend/src/main/java/gov/cdc/usds/simplereport/idp/repository/LiveOktaRepository.java index 113c2c9faa..30aca444e9 100644 --- a/backend/src/main/java/gov/cdc/usds/simplereport/idp/repository/LiveOktaRepository.java +++ b/backend/src/main/java/gov/cdc/usds/simplereport/idp/repository/LiveOktaRepository.java @@ -575,6 +575,13 @@ private String activateUser(User user) { } } + @Override + public String activateUser(String username) { + User oktaUser = + getUserOrThrowError(username, "Cannot activate Okta user with unrecognized username"); + return activateUser(oktaUser); + } + @Override public void activateOrganization(Organization org) { var users = getOrgAdminUsers(org); diff --git a/backend/src/main/java/gov/cdc/usds/simplereport/idp/repository/OktaRepository.java b/backend/src/main/java/gov/cdc/usds/simplereport/idp/repository/OktaRepository.java index 4bad4ea474..4eab17d804 100644 --- a/backend/src/main/java/gov/cdc/usds/simplereport/idp/repository/OktaRepository.java +++ b/backend/src/main/java/gov/cdc/usds/simplereport/idp/repository/OktaRepository.java @@ -71,6 +71,8 @@ List updateUserPrivilegesAndGroupAccess( void activateOrganization(Organization org); + String activateUser(String username); + String activateOrganizationWithSingleUser(Organization org); List fetchAdminUserEmail(Organization org); diff --git a/backend/src/main/java/gov/cdc/usds/simplereport/service/ApiUserService.java b/backend/src/main/java/gov/cdc/usds/simplereport/service/ApiUserService.java index 2348e6f7f4..165057ec56 100644 --- a/backend/src/main/java/gov/cdc/usds/simplereport/service/ApiUserService.java +++ b/backend/src/main/java/gov/cdc/usds/simplereport/service/ApiUserService.java @@ -76,6 +76,8 @@ public class ApiUserService { @Autowired private ApiUserContextHolder _apiUserContextHolder; + @Autowired private DbAuthorizationService _dbAuthService; + @Autowired private DbOrgRoleClaimsService _dbOrgRoleClaimsService; @Autowired private FeatureFlagsConfig _featureFlagsConfig; @@ -146,11 +148,9 @@ private UserInfo reprovisionUser( throw new ConflictingUserException(); } - OrganizationRoleClaims claims = - _oktaRepo - .getOrganizationRoleClaimsForUser(apiUser.getLoginEmail()) - .orElseThrow(MisconfiguredUserException::new); - if (!org.getExternalId().equals(claims.getOrganizationExternalId())) { + String currentOrgExternalId = getOrgExternalId(apiUser); + + if (!org.getExternalId().equals(currentOrgExternalId)) { throw new ConflictingUserException(); } @@ -160,20 +160,22 @@ private UserInfo reprovisionUser( Set roles = getOrganizationRoles(role, accessAllFacilities); Set facilitiesFound = getFacilitiesToGiveAccess(org, roles, facilities); - Optional oktaClaims = - _oktaRepo.updateUserPrivileges(apiUser.getLoginEmail(), org, facilitiesFound, roles); - Optional orgRoles = oktaClaims.map(c -> _orgService.getOrganizationRoles(c)); + Optional updatedOrgRoles; apiUser.setNameInfo(name); apiUser.setIsDeleted(false); apiUser.setFacilities(facilitiesFound); apiUser.setRoles(roles, org); + Optional oktaClaims = + _oktaRepo.updateUserPrivileges(apiUser.getLoginEmail(), org, facilitiesFound, roles); + updatedOrgRoles = oktaClaims.map(c -> _orgService.getOrganizationRoles(c)); + if (_featureFlagsConfig.isOktaMigrationEnabled()) { - orgRoles = Optional.ofNullable(getOrgRolesFromDB(apiUser)); + updatedOrgRoles = Optional.ofNullable(getOrgRolesFromDB(apiUser)); } - UserInfo user = new UserInfo(apiUser, orgRoles, false); + UserInfo user = new UserInfo(apiUser, updatedOrgRoles, false); log.info( "User with id={} re-provisioned by user with id={}", @@ -247,14 +249,11 @@ public UserInfo updateUserPrivileges( UUID userId, boolean accessAllFacilities, Set facilities, Role role) { ApiUser apiUser = getApiUser(userId); String username = apiUser.getLoginEmail(); - OrganizationRoleClaims orgClaims = - _oktaRepo - .getOrganizationRoleClaimsForUser(username) - .orElseThrow(MisconfiguredUserException::new); - Organization org = _orgService.getOrganization(orgClaims.getOrganizationExternalId()); + + String orgExternalId = getOrgExternalId(apiUser); + Organization org = _orgService.getOrganization(orgExternalId); Set roles = getOrganizationRoles(role, accessAllFacilities); Set facilitiesFound = getFacilitiesToGiveAccess(org, roles, facilities); - Optional newOrgClaims = _oktaRepo.updateUserPrivileges(username, org, facilitiesFound, roles); Optional orgRoles = @@ -597,10 +596,17 @@ public UserInfo getCurrentUserInfo() { @AuthorizationConfiguration.RequirePermissionManageUsers public List getUsersInCurrentOrg() { Organization org = _orgService.getCurrentOrganization(); - final Set orgUserEmails = _oktaRepo.getAllUsersForOrganization(org); - return _apiUserRepo.findAllByLoginEmailInOrderByName(orgUserEmails); + List usersInOrg; + if (_featureFlagsConfig.isOktaMigrationEnabled()) { + usersInOrg = _dbAuthService.getUsersInOrganization(org); + } else { + final Set orgUserEmails = _oktaRepo.getAllUsersForOrganization(org); + usersInOrg = _apiUserRepo.findAllByLoginEmailInOrderByName(orgUserEmails); + } + return usersInOrg; } + // To be addressed in #8108 @AuthorizationConfiguration.RequirePermissionManageUsers public List getUsersAndStatusInCurrentOrg() { Organization org = _orgService.getCurrentOrganization(); @@ -829,4 +835,23 @@ private OrganizationRoles getOrgRolesFromDB(ApiUser apiUser) { _dbOrgRoleClaimsService.getOrganizationRoleClaims(apiUser); return _orgService.getOrganizationRoles(orgRoleClaims); } + + private String getOrgExternalId(ApiUser apiUser) { + String orgExternalId; + if (_featureFlagsConfig.isOktaMigrationEnabled()) { + Optional org = apiUser.getOrganizations().stream().findFirst(); + if (org.isPresent()) { + orgExternalId = org.get().getExternalId(); + } else { + throw new MisconfiguredUserException(); + } + } else { + OrganizationRoleClaims claims = + _oktaRepo + .getOrganizationRoleClaimsForUser(apiUser.getLoginEmail()) + .orElseThrow(MisconfiguredUserException::new); + orgExternalId = claims.getOrganizationExternalId(); + } + return orgExternalId; + } } diff --git a/backend/src/main/java/gov/cdc/usds/simplereport/service/DbAuthorizationService.java b/backend/src/main/java/gov/cdc/usds/simplereport/service/DbAuthorizationService.java new file mode 100644 index 0000000000..7746ff1223 --- /dev/null +++ b/backend/src/main/java/gov/cdc/usds/simplereport/service/DbAuthorizationService.java @@ -0,0 +1,58 @@ +package gov.cdc.usds.simplereport.service; + +import gov.cdc.usds.simplereport.config.AuthorizationConfiguration; +import gov.cdc.usds.simplereport.config.authorization.OrganizationRole; +import gov.cdc.usds.simplereport.db.model.ApiUser; +import gov.cdc.usds.simplereport.db.model.Facility; +import gov.cdc.usds.simplereport.db.model.Organization; +import gov.cdc.usds.simplereport.db.repository.ApiUserRepository; +import java.util.List; +import java.util.stream.Collectors; +import lombok.RequiredArgsConstructor; +import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Component; + +@Component +@Slf4j +@RequiredArgsConstructor +public class DbAuthorizationService { + private final ApiUserRepository _userRepo; + + /** + * Fetches a list of ApiUsers that belong to an Organization sorted by last name, first name, and + * middle name + * + * @param org - Organization + * @return List of ApiUsers that belong to the org + */ + @AuthorizationConfiguration.RequirePermissionManageUsers + public List getUsersInOrganization(Organization org) { + return _userRepo.findAllByOrganization(org); + } + + /** + * Fetches a list of ApiUsers that belong to an Organization and has the ADMIN role, sorted by + * last name, first name, and middle name + * + * @param org - Organization + * @return List of ApiUsers with ADMIN role in the org + */ + public List getOrgAdminUsers(Organization org) { + return _userRepo.findAllByOrganizationAndRole(org, OrganizationRole.ADMIN); + } + + /** + * Fetches a count of ApiUsers that have permission to access the one defined facility and do not + * have the ALL_FACILITIES and/or ADMIN roles + * + * @param facility - Facility to get count for + * @return Integer - count of ApiUsers + */ + public Integer getUserWithSingleFacilityAccessCount(Facility facility) { + List users = _userRepo.findAllBySingleFacilityAccess(facility); + return users.stream() + .filter(user -> user.getFacilities().size() <= 1) + .collect(Collectors.toList()) + .size(); + } +} diff --git a/backend/src/main/java/gov/cdc/usds/simplereport/service/OrganizationService.java b/backend/src/main/java/gov/cdc/usds/simplereport/service/OrganizationService.java index 07f1f6e36a..ea924766bd 100644 --- a/backend/src/main/java/gov/cdc/usds/simplereport/service/OrganizationService.java +++ b/backend/src/main/java/gov/cdc/usds/simplereport/service/OrganizationService.java @@ -6,6 +6,7 @@ import gov.cdc.usds.simplereport.api.model.errors.MisconfiguredUserException; import gov.cdc.usds.simplereport.api.model.errors.NonexistentOrgException; import gov.cdc.usds.simplereport.config.AuthorizationConfiguration; +import gov.cdc.usds.simplereport.config.FeatureFlagsConfig; import gov.cdc.usds.simplereport.config.authorization.OrganizationRoleClaims; import gov.cdc.usds.simplereport.db.model.ApiUser; import gov.cdc.usds.simplereport.db.model.DeviceType; @@ -53,14 +54,16 @@ public class OrganizationService { private final OrganizationRepository organizationRepository; private final FacilityRepository facilityRepository; private final ProviderRepository providerRepository; - private final AuthorizationService authorizationService; private final PersonRepository personRepository; private final OktaRepository oktaRepository; private final CurrentOrganizationRolesContextHolder organizationRolesContext; private final OrderingProviderRequiredValidator orderingProviderValidator; + private final AuthorizationService authorizationService; + private final DbAuthorizationService dbAuthorizationService; private final PatientSelfRegistrationLinkService patientSelfRegistrationLinkService; private final DeviceTypeRepository deviceTypeRepository; private final EmailService emailService; + private final FeatureFlagsConfig featureFlagsConfig; public void resetOrganizationRolesContext() { organizationRolesContext.reset(); @@ -346,7 +349,14 @@ public boolean setIdentityVerified(String externalId, boolean verified) { org.setIdentityVerified(verified); boolean newStatus = organizationRepository.save(org).getIdentityVerified(); if (oldStatus == false && newStatus == true) { - oktaRepository.activateOrganization(org); + if (featureFlagsConfig.isOktaMigrationEnabled()) { + List orgAdmins = dbAuthorizationService.getOrgAdminUsers(org); + for (ApiUser orgAdmin : orgAdmins) { + oktaRepository.activateUser(orgAdmin.getLoginEmail()); + } + } else { + oktaRepository.activateOrganization(org); + } } return newStatus; } @@ -364,7 +374,19 @@ public String verifyOrganizationNoPermissions(String externalId) { } org.setIdentityVerified(true); organizationRepository.save(org); - return oktaRepository.activateOrganizationWithSingleUser(org); + if (featureFlagsConfig.isOktaMigrationEnabled()) { + Optional orgAdmin = + dbAuthorizationService.getOrgAdminUsers(org).stream().findFirst(); + + if (orgAdmin.isPresent()) { + String orgAdminEmail = orgAdmin.get().getLoginEmail(); + return oktaRepository.activateUser(orgAdminEmail); + } else { + throw new IllegalStateException("Organization does not have any org admins."); + } + } else { + return oktaRepository.activateOrganizationWithSingleUser(org); + } } private Facility createFacilityNoPermissions( @@ -469,8 +491,15 @@ public FacilityStats getFacilityStats(@Argument UUID facilityId) { this.getFacilityById(facilityId) .orElseThrow(() -> new IllegalGraphqlArgumentException("Facility not found.")); + Integer userWithSingleFacilityAccess; + if (featureFlagsConfig.isOktaMigrationEnabled()) { + userWithSingleFacilityAccess = + dbAuthorizationService.getUserWithSingleFacilityAccessCount(facility); + } else { + userWithSingleFacilityAccess = this.oktaRepository.getUsersInSingleFacility(facility); + } return FacilityStats.builder() - .usersSingleAccessCount(this.oktaRepository.getUsersInSingleFacility(facility)) + .usersSingleAccessCount(userWithSingleFacilityAccess) .patientsSingleAccessCount( this.personRepository.countByFacilityAndIsDeleted(facility, false)) .build(); @@ -487,21 +516,30 @@ private List getOrgAdminUsers(UUID orgId) { log.warn(String.format("Organization with internal id %s not found", orgId)); return List.of(); } - List adminUserEmails = oktaRepository.fetchAdminUserEmail(org); - return adminUserEmails.stream() - .map( - adminUserEmail -> { - Optional foundUser = apiUserRepository.findByLoginEmail(adminUserEmail); - if (foundUser.isEmpty()) { - log.warn( - "Query for admin users in organization " - + org.getInternalId() - + " found a user in Okta but not in the database. Skipping..."); - } - return foundUser.orElse(null); - }) - .filter(Objects::nonNull) - .collect(Collectors.toList()); + List adminUsers; + + if (featureFlagsConfig.isOktaMigrationEnabled()) { + adminUsers = dbAuthorizationService.getOrgAdminUsers(org); + } else { + List adminUserEmails = oktaRepository.fetchAdminUserEmail(org); + adminUsers = + adminUserEmails.stream() + .map( + adminUserEmail -> { + Optional foundUser = + apiUserRepository.findByLoginEmail(adminUserEmail); + if (foundUser.isEmpty()) { + log.warn( + "Query for admin users in organization " + + org.getInternalId() + + " found a user in Okta but not in the database. Skipping..."); + } + return foundUser.orElse(null); + }) + .filter(Objects::nonNull) + .collect(Collectors.toList()); + } + return adminUsers; } private List getOrgAdminUserEmails(UUID orgId) { diff --git a/backend/src/test/java/gov/cdc/usds/simplereport/api/AccountRequestControllerTest.java b/backend/src/test/java/gov/cdc/usds/simplereport/api/AccountRequestControllerTest.java index 35d6cc94b5..919e59d927 100644 --- a/backend/src/test/java/gov/cdc/usds/simplereport/api/AccountRequestControllerTest.java +++ b/backend/src/test/java/gov/cdc/usds/simplereport/api/AccountRequestControllerTest.java @@ -19,10 +19,13 @@ import com.sendgrid.helpers.mail.Mail; import gov.cdc.usds.simplereport.api.accountrequest.AccountRequestController; import gov.cdc.usds.simplereport.api.model.TemplateVariablesProvider; +import gov.cdc.usds.simplereport.config.FeatureFlagsConfig; +import gov.cdc.usds.simplereport.db.model.ApiUser; import gov.cdc.usds.simplereport.db.model.Organization; import gov.cdc.usds.simplereport.db.model.OrganizationQueueItem; import gov.cdc.usds.simplereport.idp.repository.DemoOktaRepository; import gov.cdc.usds.simplereport.service.ApiUserService; +import gov.cdc.usds.simplereport.service.DbAuthorizationService; import gov.cdc.usds.simplereport.service.OrganizationQueueService; import gov.cdc.usds.simplereport.service.OrganizationService; import gov.cdc.usds.simplereport.service.email.EmailProvider; @@ -57,6 +60,8 @@ class AccountRequestControllerTest extends BaseFullStackTest { @MockBean private DemoOktaRepository _oktaRepo; @MockBean private OrganizationService _orgService; @MockBean private OrganizationQueueService _orgQueueService; + @MockBean private DbAuthorizationService _dbAuthService; + @MockBean private FeatureFlagsConfig _featureFlagsConfig; @Captor private ArgumentCaptor contentCaptor; @Captor private ArgumentCaptor mail; @@ -370,8 +375,10 @@ void submitOrganizationAccountRequestAddToQueue_duplicateOrgInSameStateDifferent } @Test - @DisplayName("Duplicate org with admin re-signing up fails") - void submitOrganizationAccountRequestAddToQueue_duplicateOrgWithAdmin_failure() throws Exception { + @DisplayName("OktaMigrationEnabled false - Duplicate org with admin re-signing up fails") + void + submitOrganizationAccountRequestAddToQueue_duplicateOrgWithAdmin_withOktaMigrationDisabled_failure() + throws Exception { // given mockVerifiedOrganization("Central Schools", "AZ", "mlopez@mailinator.com"); @@ -396,6 +403,44 @@ void submitOrganizationAccountRequestAddToQueue_duplicateOrgWithAdmin_failure() // then MvcResult result = this._mockMvc.perform(duplicateBuilder).andReturn(); + verify(_dbAuthService, times(0)).getOrgAdminUsers(any()); + assertThat(result.getResponse().getStatus()).isEqualTo(400); + assertThat(result.getResponse().getContentAsString()) + .contains( + "Duplicate organization with admin user who has completed identity verification."); + } + + @Test + @DisplayName("OktaMigrationEnabled true - Duplicate org with admin re-signing up fails") + void + submitOrganizationAccountRequestAddToQueue_duplicateOrgWithAdmin_withOktaMigrationEnabled_failure() + throws Exception { + // given + when(_featureFlagsConfig.isOktaMigrationEnabled()).thenReturn(true); + mockVerifiedOrganization("Central Schools", "AZ", "mlopez@mailinator.com"); + + // when + String duplicateRequestBody = + createAccountRequest( + "Central Schools", + "AZ", + "k12", + "Mary", + "", + "Lopez", + "mlopez@mailinator.com", + "+1 (969) 768-2863"); + + MockHttpServletRequestBuilder duplicateBuilder = + post(ResourceLinks.ACCOUNT_REQUEST_ORGANIZATION_ADD_TO_QUEUE) + .contentType(MediaType.APPLICATION_JSON_VALUE) + .accept(MediaType.APPLICATION_JSON) + .characterEncoding("UTF-8") + .content(duplicateRequestBody); + + // then + MvcResult result = this._mockMvc.perform(duplicateBuilder).andReturn(); + verify(_dbAuthService, times(1)).getOrgAdminUsers(any()); assertThat(result.getResponse().getStatus()).isEqualTo(400); assertThat(result.getResponse().getContentAsString()) .contains( @@ -459,12 +504,15 @@ private void mockVerifiedOrganization(String orgName, String state, String email String generatedExternalId = String.format("%s-%s-%s", state, orgNameNoSpaces, UUID.randomUUID()); Organization org = mock(Organization.class); + ApiUser user = mock(ApiUser.class); + when(user.getLoginEmail()).thenReturn(email); when(org.getExternalId()).thenReturn(generatedExternalId); when(org.getIdentityVerified()).thenReturn(true); when(_orgService.getOrganizationsByName(argThat(equalToIgnoringCase(orgName)))) .thenReturn(List.of(org)); when(_oktaRepo.fetchAdminUserEmail(org)).thenReturn(List.of(email)); + when(_dbAuthService.getOrgAdminUsers(org)).thenReturn(List.of(user)); } private void mockVerifiedDefaultOrganization() throws Exception { diff --git a/backend/src/test/java/gov/cdc/usds/simplereport/db/repository/BaseRepositoryTest.java b/backend/src/test/java/gov/cdc/usds/simplereport/db/repository/BaseRepositoryTest.java index fa1614dc1f..6526ef5346 100644 --- a/backend/src/test/java/gov/cdc/usds/simplereport/db/repository/BaseRepositoryTest.java +++ b/backend/src/test/java/gov/cdc/usds/simplereport/db/repository/BaseRepositoryTest.java @@ -1,6 +1,7 @@ package gov.cdc.usds.simplereport.db.repository; import gov.cdc.usds.simplereport.config.DataSourceConfiguration; +import gov.cdc.usds.simplereport.service.DbAuthorizationService; import gov.cdc.usds.simplereport.service.DbOrgRoleClaimsService; import gov.cdc.usds.simplereport.service.OrganizationInitializingService; import gov.cdc.usds.simplereport.test_util.DbTruncator; @@ -26,6 +27,7 @@ @AutoConfigureTestDatabase(replace = Replace.NONE) @Import({ SliceTestConfiguration.class, + DbAuthorizationService.class, DbOrgRoleClaimsService.class, DbTruncator.class, DataSourceConfiguration.class, diff --git a/backend/src/test/java/gov/cdc/usds/simplereport/idp/repository/DemoOktaRepositoryTest.java b/backend/src/test/java/gov/cdc/usds/simplereport/idp/repository/DemoOktaRepositoryTest.java index f4bfc020ee..975c8b243d 100644 --- a/backend/src/test/java/gov/cdc/usds/simplereport/idp/repository/DemoOktaRepositoryTest.java +++ b/backend/src/test/java/gov/cdc/usds/simplereport/idp/repository/DemoOktaRepositoryTest.java @@ -382,6 +382,14 @@ void getAllUsersForOrganization() { .matches(_repo.getOrganizationRoleClaimsForUser(DIANE.getUsername()).get())); } + @Test + void activateUser() { + _repo.createUser(AMOS, ABC, Set.of(ABC_1), Set.of(OrganizationRole.USER), false); + String activatedUserResponse = _repo.activateUser(AMOS.getUsername()); + assertEquals(UserStatus.ACTIVE, _repo.getUserStatus(AMOS.getUsername())); + assertEquals("activationToken", activatedUserResponse); + } + @Test void deactivateUser() { _repo.createUser(AMOS, ABC, Set.of(ABC_1), Set.of(OrganizationRole.USER), true); diff --git a/backend/src/test/java/gov/cdc/usds/simplereport/idp/repository/LiveOktaRepositoryTest.java b/backend/src/test/java/gov/cdc/usds/simplereport/idp/repository/LiveOktaRepositoryTest.java index 5942185b81..083329b403 100644 --- a/backend/src/test/java/gov/cdc/usds/simplereport/idp/repository/LiveOktaRepositoryTest.java +++ b/backend/src/test/java/gov/cdc/usds/simplereport/idp/repository/LiveOktaRepositoryTest.java @@ -28,6 +28,7 @@ import com.okta.sdk.resource.model.GroupType; import com.okta.sdk.resource.model.UpdateUserRequest; import com.okta.sdk.resource.model.User; +import com.okta.sdk.resource.model.UserActivationToken; import com.okta.sdk.resource.model.UserProfile; import com.okta.sdk.resource.model.UserStatus; import com.okta.sdk.resource.user.UserBuilder; @@ -954,6 +955,51 @@ void getUserStatus_illegalGraphqlArgumentException_whenNoUsersFound() { "Cannot retrieve Okta user's status with unrecognized username", caught.getMessage()); } + @Test + void activateUser_provisioned_success() { + String username = "fraud@example.com"; + String mockId = "1234"; + String mockToken = "MOCK TOKEN"; + User mockUser = mock(User.class); + UserActivationToken mockUserActivationToken = mock(UserActivationToken.class); + + when(userApi.getUser(username)).thenReturn(mockUser); + when(mockUser.getStatus()).thenReturn(UserStatus.PROVISIONED); + when(mockUser.getId()).thenReturn(mockId); + when(userApi.reactivateUser(mockId, true)).thenReturn(mockUserActivationToken); + when(mockUserActivationToken.getActivationToken()).thenReturn(mockToken); + + String activateUserResponse = _repo.activateUser(username); + assertEquals(activateUserResponse, mockToken); + } + + @Test + void activateUser_staged_success() { + String username = "fraud@example.com"; + String mockId = "1234"; + String mockToken = "MOCK TOKEN"; + User mockUser = mock(User.class); + UserActivationToken mockUserActivationToken = mock(UserActivationToken.class); + + when(userApi.getUser(username)).thenReturn(mockUser); + when(mockUser.getStatus()).thenReturn(UserStatus.STAGED); + when(mockUser.getId()).thenReturn(mockId); + when(userApi.activateUser(mockId, true)).thenReturn(mockUserActivationToken); + when(mockUserActivationToken.getActivationToken()).thenReturn(mockToken); + + String activateUserResponse = _repo.activateUser(username); + assertEquals(activateUserResponse, mockToken); + } + + @Test + void activateUser_noUserFound_throwsException() { + String username = "fraud@example.com"; + + when(userApi.getUser(username)).thenThrow(new ApiException()); + + assertThrows(IllegalGraphqlArgumentException.class, () -> _repo.activateUser(username)); + } + @Test void reactivateUser() { var username = "fraud@example.com"; diff --git a/backend/src/test/java/gov/cdc/usds/simplereport/service/ApiUserServiceTest.java b/backend/src/test/java/gov/cdc/usds/simplereport/service/ApiUserServiceTest.java index c15fa18d1b..033705c6c1 100644 --- a/backend/src/test/java/gov/cdc/usds/simplereport/service/ApiUserServiceTest.java +++ b/backend/src/test/java/gov/cdc/usds/simplereport/service/ApiUserServiceTest.java @@ -77,7 +77,7 @@ void cleanup() { // no-security and no-okta-mgmt profiles @Test @WithSimpleReportOrgAdminUser - void getUsersInCurrentOrg_adminUser_success() { + void getUsersInCurrentOrg_withAdminUser_withOktaMigrationDisabled_success() { initSampleData(); List users = _service.getUsersInCurrentOrg(); assertEquals(6, users.size()); @@ -93,6 +93,33 @@ void getUsersInCurrentOrg_adminUser_success() { assertEquals("Reynolds", users.get(4).getNameInfo().getLastName()); assertEquals("allfacilities@example.com", users.get(5).getLoginEmail()); assertEquals("Williams", users.get(5).getNameInfo().getLastName()); + + Organization currentOrg = _organizationService.getCurrentOrganization(); + verify(_oktaRepo, times(1)).getAllUsersForOrganization(currentOrg); + } + + @Test + @WithSimpleReportOrgAdminUser + void getUsersInCurrentOrg_withAdminUser_withOktaMigrationEnabled_success() { + initSampleData(); + when(_featureFlagsConfig.isOktaMigrationEnabled()).thenReturn(true); + + List users = _service.getUsersInCurrentOrg(); + assertEquals(6, users.size()); + assertEquals("admin@example.com", users.get(0).getLoginEmail()); + assertEquals("Andrews", users.get(0).getNameInfo().getLastName()); + assertEquals("bobbity@example.com", users.get(1).getLoginEmail()); + assertEquals("Bobberoo", users.get(1).getNameInfo().getLastName()); + assertEquals("invalid@example.com", users.get(2).getLoginEmail()); + assertEquals("Irwin", users.get(2).getNameInfo().getLastName()); + assertEquals("nobody@example.com", users.get(3).getLoginEmail()); + assertEquals("Nixon", users.get(3).getNameInfo().getLastName()); + assertEquals("notruby@example.com", users.get(4).getLoginEmail()); + assertEquals("Reynolds", users.get(4).getNameInfo().getLastName()); + assertEquals("allfacilities@example.com", users.get(5).getLoginEmail()); + assertEquals("Williams", users.get(5).getNameInfo().getLastName()); + + verify(_oktaRepo, times(0)).getAllUsersForOrganization(any()); } @Test diff --git a/backend/src/test/java/gov/cdc/usds/simplereport/service/DbAuthorizationServiceTest.java b/backend/src/test/java/gov/cdc/usds/simplereport/service/DbAuthorizationServiceTest.java new file mode 100644 index 0000000000..20bda3ba72 --- /dev/null +++ b/backend/src/test/java/gov/cdc/usds/simplereport/service/DbAuthorizationServiceTest.java @@ -0,0 +1,95 @@ +package gov.cdc.usds.simplereport.service; + +import static gov.cdc.usds.simplereport.test_util.TestUserIdentities.DEFAULT_ORGANIZATION; +import static gov.cdc.usds.simplereport.test_util.TestUserIdentities.ORG_ADMIN_USER; +import static gov.cdc.usds.simplereport.test_util.TestUserIdentities.SITE_ADMIN_USER_WITH_ORG; +import static org.junit.jupiter.api.Assertions.assertEquals; + +import gov.cdc.usds.simplereport.api.model.Role; +import gov.cdc.usds.simplereport.config.authorization.OrganizationRole; +import gov.cdc.usds.simplereport.db.model.ApiUser; +import gov.cdc.usds.simplereport.db.model.Facility; +import gov.cdc.usds.simplereport.db.model.Organization; +import gov.cdc.usds.simplereport.db.repository.FacilityRepository; +import gov.cdc.usds.simplereport.service.model.UserInfo; +import gov.cdc.usds.simplereport.test_util.SliceTestConfiguration; +import java.util.List; +import java.util.Set; +import org.junit.jupiter.api.BeforeEach; +import org.junit.jupiter.api.Test; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.TestPropertySource; + +@TestPropertySource(properties = {"spring.jpa.properties.hibernate.enable_lazy_load_no_trans=true"}) +class DbAuthorizationServiceTest extends BaseServiceTest { + @Autowired ApiUserService _userService; + @Autowired FacilityRepository _facilityRepo; + @Autowired OrganizationService _orgService; + + @BeforeEach + void setupData() { + initSampleData(); + } + + @Test + @SliceTestConfiguration.WithSimpleReportOrgAdminUser + void getUsersInOrganization_success() { + Organization org = _orgService.getOrganization(DEFAULT_ORGANIZATION); + List users = _service.getUsersInOrganization(org); + assertEquals(6, users.size()); + assertEquals("admin@example.com", users.get(0).getLoginEmail()); + assertEquals("Andrews", users.get(0).getNameInfo().getLastName()); + assertEquals("bobbity@example.com", users.get(1).getLoginEmail()); + assertEquals("Bobberoo", users.get(1).getNameInfo().getLastName()); + assertEquals("invalid@example.com", users.get(2).getLoginEmail()); + assertEquals("Irwin", users.get(2).getNameInfo().getLastName()); + assertEquals("nobody@example.com", users.get(3).getLoginEmail()); + assertEquals("Nixon", users.get(3).getNameInfo().getLastName()); + assertEquals("notruby@example.com", users.get(4).getLoginEmail()); + assertEquals("Reynolds", users.get(4).getNameInfo().getLastName()); + assertEquals("allfacilities@example.com", users.get(5).getLoginEmail()); + assertEquals("Williams", users.get(5).getNameInfo().getLastName()); + } + + @Test + @SliceTestConfiguration.WithSimpleReportOrgAdminUser + void getOrgAdminUsers_success() { + Organization org = _orgService.getOrganization(DEFAULT_ORGANIZATION); + List users = _service.getOrgAdminUsers(org); + assertEquals(2, users.size()); + assertEquals(ORG_ADMIN_USER, users.get(0).getLoginEmail()); + assertEquals("Andrews", users.get(0).getNameInfo().getLastName()); + assertEquals(Set.of(OrganizationRole.ADMIN), users.get(0).getRoles()); + assertEquals(SITE_ADMIN_USER_WITH_ORG, users.get(1).getLoginEmail()); + assertEquals("Reynolds", users.get(1).getNameInfo().getLastName()); + } + + @Test + @SliceTestConfiguration.WithSimpleReportSiteAdminUser + void getUserWithSingleFacilityAccessCount_success() { + Organization org = _dataFactory.saveOrganization("ABC org", "k12", "ABC_ORG", true); + Facility fac1 = _dataFactory.createValidFacility(org, "BCD Facility"); + Facility fac2 = _dataFactory.createValidFacility(org, "CDE Facility"); + _dataFactory.createValidApiUser("user1@example.com", org, Role.ADMIN, Set.of()); + _dataFactory.createValidApiUser("user2@example.com", org, Role.ENTRY_ONLY, Set.of(fac1)); + _dataFactory.createValidApiUser("user3@example.com", org, Role.USER, Set.of(fac1, fac2)); + UserInfo user4 = + _dataFactory.createValidApiUser("user4@example.com", org, Role.USER, Set.of(fac1)); + UserInfo user5 = + _dataFactory.createValidApiUser("user5@example.com", org, Role.USER, Set.of(fac1)); + + // ADMIN not counted + Integer firstCount = _service.getUserWithSingleFacilityAccessCount(fac1); + assertEquals(3, firstCount); + + // DELETED user not counted + _userService.setIsDeleted(user4.getInternalId(), true); + Integer secondCount = _service.getUserWithSingleFacilityAccessCount(fac1); + assertEquals(2, secondCount); + + // ALL_FACILITIES user not counted + _userService.updateUserPrivileges(user5.getInternalId(), true, Set.of(), Role.USER); + Integer thirdCount = _service.getUserWithSingleFacilityAccessCount(fac1); + assertEquals(1, thirdCount); + } +} diff --git a/backend/src/test/java/gov/cdc/usds/simplereport/service/OrganizationServiceTest.java b/backend/src/test/java/gov/cdc/usds/simplereport/service/OrganizationServiceTest.java index ca4d93ab56..0df5e55dca 100644 --- a/backend/src/test/java/gov/cdc/usds/simplereport/service/OrganizationServiceTest.java +++ b/backend/src/test/java/gov/cdc/usds/simplereport/service/OrganizationServiceTest.java @@ -19,6 +19,7 @@ import gov.cdc.usds.simplereport.api.model.Role; import gov.cdc.usds.simplereport.api.model.errors.IllegalGraphqlArgumentException; import gov.cdc.usds.simplereport.api.model.errors.OrderingProviderRequiredException; +import gov.cdc.usds.simplereport.config.FeatureFlagsConfig; import gov.cdc.usds.simplereport.config.simplereport.DemoUserConfiguration; import gov.cdc.usds.simplereport.db.model.DeviceType; import gov.cdc.usds.simplereport.db.model.Facility; @@ -52,6 +53,7 @@ import org.junit.jupiter.api.Nested; import org.junit.jupiter.api.Test; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.mock.mockito.MockBean; import org.springframework.boot.test.mock.mockito.SpyBean; import org.springframework.scheduling.annotation.EnableAsync; import org.springframework.security.access.AccessDeniedException; @@ -70,6 +72,8 @@ class OrganizationServiceTest extends BaseServiceTest { @Autowired ApiUserRepository _apiUserRepo; @Autowired private DemoUserConfiguration userConfiguration; @Autowired @SpyBean private EmailService emailService; + @Autowired @SpyBean private DbAuthorizationService dbAuthorizationService; + @Autowired @MockBean private FeatureFlagsConfig featureFlagsConfig; @BeforeEach void setupData() { @@ -328,10 +332,44 @@ void adminUpdateOrganization_not_allowed() { } @Test - void verifyOrganizationNoPermissions_noUser_success() { + void verifyOrganizationNoPermissions_noUser_withOktaMigrationDisabled_success() { Organization org = testDataFactory.saveUnverifiedOrganization(); _service.verifyOrganizationNoPermissions(org.getExternalId()); + org = _service.getOrganization(org.getExternalId()); + + verify(dbAuthorizationService, times(0)).getOrgAdminUsers(org); + verify(oktaRepository, times(1)).activateOrganizationWithSingleUser(org); + assertTrue(org.getIdentityVerified()); + } + + @Test + @WithSimpleReportSiteAdminUser + void verifyOrganizationNoPermissions_noUser_withOktaMigrationEnabled_throws() { + when(featureFlagsConfig.isOktaMigrationEnabled()).thenReturn(true); + Organization org = testDataFactory.saveUnverifiedOrganization(); + String orgExternalId = org.getExternalId(); + + IllegalStateException e = + assertThrows( + IllegalStateException.class, + () -> _service.verifyOrganizationNoPermissions(orgExternalId)); + assertEquals("Organization does not have any org admins.", e.getMessage()); + verify(dbAuthorizationService, times(1)).getOrgAdminUsers(org); + verify(oktaRepository, times(0)).activateOrganizationWithSingleUser(org); + } + + @Test + @WithSimpleReportSiteAdminUser + void verifyOrganizationNoPermissions_withUsers_withOktaMigrationEnabled_success() { + when(featureFlagsConfig.isOktaMigrationEnabled()).thenReturn(true); + Organization org = testDataFactory.saveUnverifiedOrganizationWithUser("fake@example.com"); + + _service.verifyOrganizationNoPermissions(org.getExternalId()); + verify(dbAuthorizationService, times(1)).getOrgAdminUsers(org); + verify(oktaRepository, times(1)).activateUser("fake@example.com"); + verify(oktaRepository, times(0)).activateOrganizationWithSingleUser(org); + org = _service.getOrganization(org.getExternalId()); assertTrue(org.getIdentityVerified()); } @@ -348,6 +386,31 @@ void verifyOrganizationNoPermissions_orgAlreadyVerified_failure() { assertEquals("Organization is already verified.", e.getMessage()); } + @Test + @WithSimpleReportSiteAdminUser + void setIdentityVerified_withOktaMigrationDisabled_success() { + when(featureFlagsConfig.isOktaMigrationEnabled()).thenReturn(false); + Organization unverifiedOrg = testDataFactory.saveUnverifiedOrganization(); + + boolean status = _service.setIdentityVerified(unverifiedOrg.getExternalId(), true); + verify(dbAuthorizationService, times(0)).getOrgAdminUsers(unverifiedOrg); + verify(oktaRepository, times(1)).activateOrganization(unverifiedOrg); + assertTrue(status); + } + + @Test + @WithSimpleReportSiteAdminUser + void setIdentityVerified_withOktaMigrationEnabled_success() { + when(featureFlagsConfig.isOktaMigrationEnabled()).thenReturn(true); + Organization unverifiedOrg = + testDataFactory.saveUnverifiedOrganizationWithUser("fake@example.com"); + + boolean status = _service.setIdentityVerified(unverifiedOrg.getExternalId(), true); + verify(dbAuthorizationService, times(1)).getOrgAdminUsers(unverifiedOrg); + verify(oktaRepository, times(0)).activateOrganization(unverifiedOrg); + assertTrue(status); + } + @Test @WithSimpleReportStandardUser void getPermissibleOrgId_allowsAccessToCurrentOrg() { @@ -393,17 +456,35 @@ void getFacilityStats_facilityNotFoundError() { @Test @WithSimpleReportSiteAdminUser - void getFacilityStats_success() { + void getFacilityStats_withOktaMigrationDisabled_success() { UUID facilityId = UUID.randomUUID(); Facility mockFacility = mock(Facility.class); doReturn(Optional.of(mockFacility)).when(this.facilityRepository).findById(facilityId); doReturn(2).when(oktaRepository).getUsersInSingleFacility(mockFacility); doReturn(1).when(personRepository).countByFacilityAndIsDeleted(mockFacility, false); FacilityStats stats = _service.getFacilityStats(facilityId); + + verify(dbAuthorizationService, times(0)).getUserWithSingleFacilityAccessCount(mockFacility); assertEquals(2, stats.getUsersSingleAccessCount()); assertEquals(1, stats.getPatientsSingleAccessCount()); } + @Test + @WithSimpleReportSiteAdminUser + void getFacilityStats_withOktaMigrationEnabled_success() { + when(featureFlagsConfig.isOktaMigrationEnabled()).thenReturn(true); + UUID facilityId = UUID.randomUUID(); + Facility mockFacility = mock(Facility.class); + doReturn(Optional.of(mockFacility)).when(this.facilityRepository).findById(facilityId); + doReturn(4).when(dbAuthorizationService).getUserWithSingleFacilityAccessCount(mockFacility); + doReturn(2).when(personRepository).countByFacilityAndIsDeleted(mockFacility, false); + FacilityStats stats = _service.getFacilityStats(facilityId); + + verify(oktaRepository, times(0)).getUsersInSingleFacility(mockFacility); + assertEquals(4, stats.getUsersSingleAccessCount()); + assertEquals(2, stats.getPatientsSingleAccessCount()); + } + @Nested @DisplayName("When updating a facility") class UpdateFacilityTest { @@ -512,9 +593,7 @@ void getOrgAdminUserIds_skipsUser_forNonExistentUserInOrg() { assertThat(adminIds).isEqualTo(expectedIds); } - @Test - @WithSimpleReportSiteAdminUser - void sendOrgAdminEmailCSVAsync_success() throws ExecutionException, InterruptedException { + private void sendOrgAdminEmailCSVAsyncTest() throws ExecutionException, InterruptedException { setupDataByFacility(); String type = "facilities"; reset(emailService); @@ -545,6 +624,22 @@ void sendOrgAdminEmailCSVAsync_success() throws ExecutionException, InterruptedE reset(emailService); } + @Test + @WithSimpleReportSiteAdminUser + void sendOrgAdminEmailCSVAsync_withOktaMigrationDisabled_success() + throws ExecutionException, InterruptedException { + when(featureFlagsConfig.isOktaMigrationEnabled()).thenReturn(false); + sendOrgAdminEmailCSVAsyncTest(); + } + + @Test + @WithSimpleReportSiteAdminUser + void sendOrgAdminEmailCSVAsync_withOktaMigrationEnabled_success() + throws ExecutionException, InterruptedException { + when(featureFlagsConfig.isOktaMigrationEnabled()).thenReturn(true); + sendOrgAdminEmailCSVAsyncTest(); + } + @Test @WithSimpleReportStandardUser void sendOrgAdminEmailCSV_accessDeniedException() { diff --git a/backend/src/test/java/gov/cdc/usds/simplereport/test_util/TestDataFactory.java b/backend/src/test/java/gov/cdc/usds/simplereport/test_util/TestDataFactory.java index 067d03c185..ef672349bb 100644 --- a/backend/src/test/java/gov/cdc/usds/simplereport/test_util/TestDataFactory.java +++ b/backend/src/test/java/gov/cdc/usds/simplereport/test_util/TestDataFactory.java @@ -152,6 +152,13 @@ public Organization saveUnverifiedOrganization() { return saveOrganization(TestDataBuilder.createUnverifiedOrganization()); } + public Organization saveUnverifiedOrganizationWithUser(String adminUsername) { + Organization org = saveOrganization(TestDataBuilder.createUnverifiedOrganization()); + createValidFacility(org); + createValidApiUser(adminUsername, org, Role.ADMIN); + return org; + } + public UserInfo createValidApiUser(String username, Organization org) { return createValidApiUser(username, org, Role.USER); }