Enabled override of email-domains via config (#754)

* Enabled override of email-domains via config * adjust rootName comparision in LDAP --------- Co-authored-by: DPDS93CT <[email protected]>
dBildungsplattform · Nov 14, 2024 · cc6f0ce · cc6f0ce
1 parent a67271f
commit cc6f0ce
Show file tree

Hide file tree

Showing 4 changed files with 66 additions and 6 deletions.
diff --git a/src/core/ldap/domain/ldap-client.service.spec.ts b/src/core/ldap/domain/ldap-client.service.spec.ts
@@ -28,6 +28,7 @@ import { LdapEmailAddressError } from '../error/ldap-email-address.error.js';
 import { LdapCreateLehrerError } from '../error/ldap-create-lehrer.error.js';
 import { LdapModifyEmailError } from '../error/ldap-modify-email.error.js';
 import { PersonRepository } from '../../../modules/person/persistence/person.repository.js';
+import { LdapInstanceConfig } from '../ldap-instance-config.js';
 
 describe('LDAP Client Service', () => {
     let app: INestApplication;
@@ -40,6 +41,7 @@ describe('LDAP Client Service', () => {
     let eventServiceMock: DeepMocked<EventService>;
     let clientMock: DeepMocked<Client>;
     let personRepoMock: DeepMocked<PersonRepository>;
+    let instanceConfig: LdapInstanceConfig;
 
     let person: Person<true>;
     let personWithoutReferrer: Person<true>;
@@ -79,6 +81,7 @@ describe('LDAP Client Service', () => {
         eventServiceMock = module.get(EventService);
         clientMock = createMock<Client>();
         personRepoMock = module.get(PersonRepository);
+        instanceConfig = module.get(LdapInstanceConfig);
 
         person = Person.construct(
             faker.string.uuid(),
@@ -140,6 +143,41 @@ describe('LDAP Client Service', () => {
 
             expect(result.error).toBeInstanceOf(LdapEmailDomainError);
         });
+
+        it('when emailDomain is one that is explicitly set in config but neither schule-sh.de nor ersatzschule-sh.de it should go through', async () => {
+            ldapClientMock.getClient.mockImplementation(() => {
+                clientMock.bind.mockResolvedValue();
+                clientMock.add.mockResolvedValueOnce();
+                clientMock.search.mockResolvedValueOnce(
+                    createMock<SearchResult>({ searchEntries: [createMock<Entry>()] }),
+                );
+                return clientMock;
+            });
+
+            instanceConfig.OEFFENTLICHE_SCHULEN_DOMAIN = 'weird-domain.ina.foreign.country.co.uk';
+            instanceConfig.ERSATZSCHULEN_DOMAIN = 'normaldomain.co.jp';
+
+            const resultOeffentlich: Result<boolean> = await ldapClientService.isLehrerExisting(
+                'user123',
+                'weird-domain.ina.foreign.country.co.uk',
+            );
+
+            const resultErsatz: Result<boolean> = await ldapClientService.isLehrerExisting(
+                'user123',
+                'normaldomain.co.jp',
+            );
+            const resultOldDefault: Result<boolean> = await ldapClientService.isLehrerExisting(
+                'user123',
+                'schule-sh.de',
+            );
+
+            instanceConfig.OEFFENTLICHE_SCHULEN_DOMAIN = undefined;
+            instanceConfig.ERSATZSCHULEN_DOMAIN = undefined;
+
+            expect(resultOeffentlich.ok).toBeTruthy();
+            expect(resultErsatz.ok).toBeTruthy();
+            expect(resultOldDefault.ok).toBeTruthy();
+        });
     });
 
     describe('isLehrerExisting', () => {

diff --git a/src/core/ldap/domain/ldap-client.service.ts b/src/core/ldap/domain/ldap-client.service.ts
@@ -27,9 +27,9 @@ export type PersonData = {
 
 @Injectable()
 export class LdapClientService {
-    public static readonly OEFFENTLICHE_SCHULEN_DOMAIN: string = 'schule-sh.de';
+    public static readonly OEFFENTLICHE_SCHULEN_DOMAIN_DEFAULT: string = 'schule-sh.de';
 
-    public static readonly ERSATZ_SCHULEN_DOMAIN: string = 'ersatzschule-sh.de';
+    public static readonly ERSATZ_SCHULEN_DOMAIN_DEFAULT: string = 'ersatzschule-sh.de';
 
     public static readonly OEFFENTLICHE_SCHULEN_OU: string = 'oeffentlicheSchulen';
 
@@ -80,12 +80,18 @@ export class LdapClientService {
     }
 
     private getRootName(emailDomain: string): Result<string, LdapEmailDomainError> {
-        if (emailDomain === LdapClientService.ERSATZ_SCHULEN_DOMAIN)
+        if (
+            emailDomain === this.ldapInstanceConfig.ERSATZSCHULEN_DOMAIN ||
+            emailDomain === LdapClientService.ERSATZ_SCHULEN_DOMAIN_DEFAULT
+        )
             return {
                 ok: true,
                 value: LdapClientService.ERSATZ_SCHULEN_OU,
             };
-        if (emailDomain === LdapClientService.OEFFENTLICHE_SCHULEN_DOMAIN)
+        if (
+            emailDomain === this.ldapInstanceConfig.OEFFENTLICHE_SCHULEN_DOMAIN ||
+            emailDomain === LdapClientService.OEFFENTLICHE_SCHULEN_DOMAIN_DEFAULT
+        )
             return {
                 ok: true,
                 value: LdapClientService.OEFFENTLICHE_SCHULEN_OU,

diff --git a/src/core/ldap/ldap-instance-config.ts b/src/core/ldap/ldap-instance-config.ts
@@ -9,6 +9,8 @@ export class LdapInstanceConfig implements LdapConfig {
         public URL: string,
         public BIND_DN: string,
         public ADMIN_PASSWORD: string,
+        public OEFFENTLICHE_SCHULEN_DOMAIN?: string,
+        public ERSATZSCHULEN_DOMAIN?: string,
     ) {}
 
     public static fromConfigService(): Provider {
@@ -17,7 +19,13 @@ export class LdapInstanceConfig implements LdapConfig {
             useFactory: (configService: ConfigService<ServerConfig>): LdapInstanceConfig => {
                 const ldapConfig: LdapConfig = configService.getOrThrow<LdapConfig>('LDAP');
 
-                return new LdapInstanceConfig(ldapConfig.URL, ldapConfig.BIND_DN, ldapConfig.ADMIN_PASSWORD);
+                return new LdapInstanceConfig(
+                    ldapConfig.URL,
+                    ldapConfig.BIND_DN,
+                    ldapConfig.ADMIN_PASSWORD,
+                    ldapConfig.OEFFENTLICHE_SCHULEN_DOMAIN,
+                    ldapConfig.ERSATZSCHULEN_DOMAIN,
+                );
             },
             inject: [ConfigService],
         };

diff --git a/src/shared/config/ldap.config.ts b/src/shared/config/ldap.config.ts
@@ -1,4 +1,4 @@
-import { IsNotEmpty, IsString } from 'class-validator';
+import { IsNotEmpty, IsOptional, IsString } from 'class-validator';
 
 export class LdapConfig {
     @IsString()
@@ -12,4 +12,12 @@ export class LdapConfig {
     @IsString()
     @IsNotEmpty()
     public readonly ADMIN_PASSWORD!: string;
+
+    @IsString()
+    @IsOptional()
+    public readonly OEFFENTLICHE_SCHULEN_DOMAIN?: string;
+
+    @IsString()
+    @IsOptional()
+    public readonly ERSATZSCHULEN_DOMAIN?: string;
 }