Add global setting for default services, enable for preconfirmed accounts

Co-authored-by: Greg Karékinian <greg@karekinian.com>
2024-03-28 17:19:29 +04:00 · 2024-03-28 17:19:29 +04:00 · 80e69df75c
parent 02af69b055
commit 80e69df75c
6 changed files with 83 additions and 15 deletions
--- a/app/jobs/create_ldap_user_job.rb
+++ b/app/jobs/create_ldap_user_job.rb
@ -1,7 +1,7 @@
 class CreateLdapUserJob < ApplicationJob
  queue_as :default

-  def perform(username, domain, email, hashed_pw)
+  def perform(username:, domain:, email:, hashed_pw:, confirmed: false)
    dn = "cn=#{username},ou=#{domain},cn=users,dc=kosmos,dc=org"
    attr = {
      objectclass: ["top", "account", "person", "extensibleObject"],
@ -12,6 +12,10 @@ class CreateLdapUserJob < ApplicationJob
      userPassword: hashed_pw
    }

+    if confirmed
+      attr[:serviceEnabled] = Setting.default_services
+    end
+
    ldap_client.add(dn: dn, attributes: attr)
  end

--- a/app/models/setting.rb
+++ b/app/models/setting.rb
@ -206,4 +206,9 @@ class Setting < RailsSettings::Base
  #
  # field :email_imap_port, type: :string,
  #   default: ENV["EMAIL_IMAP_PORT"].presence || 993
+
+  def self.default_services
+    # TODO Make configurable from respective service settings page
+    %w[ discourse gitea mediawiki xmpp ]
+  end
 end
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -93,9 +93,7 @@ class User < ApplicationRecord
      LdapManager::UpdateEmail.call(dn: self.dn, address: self.email)
    else
      # E-Mail from signup confirmed (i.e. account activation)
-
-      # TODO Make configurable, only activate globally enabled services
-      enable_service %w[ discourse gitea mediawiki xmpp ]
+      enable_default_services

      # TODO enable in development when we have easy setup of ejabberd etc.
      return if Rails.env.development? || !Setting.ejabberd_enabled?
@ -141,6 +139,10 @@ class User < ApplicationRecord
    self.errors[attribute_name].blank?
  end

+  def enable_default_services
+    enable_service Setting.default_services
+  end
+
  def ln_create_invoice(payload)
    lndhub = Lndhub.new
    lndhub.authenticate self
--- a/app/services/create_account.rb
+++ b/app/services/create_account.rb
@ -35,11 +35,15 @@ class CreateAccount < ApplicationService
    @invitation.update! invited_user_id: user_id, used_at: DateTime.now
  end

-  # TODO move to confirmation
-  # (and/or add email_confirmed to entry and use in login filter)
  def add_ldap_document
    hashed_pw = Devise.ldap_auth_password_builder.call(@password)
-    CreateLdapUserJob.perform_later(@username, @domain, @email, hashed_pw)
+    CreateLdapUserJob.perform_later(
+      username: @username,
+      domain: @domain,
+      email: @email,
+      hashed_pw: hashed_pw,
+      confirmed: @confirmed
+    )
  end

  def create_lndhub_account(user)
--- a/spec/jobs/create_ldap_user_job_spec.rb
+++ b/spec/jobs/create_ldap_user_job_spec.rb
@ -3,12 +3,24 @@ require 'rails_helper'
 RSpec.describe CreateLdapUserJob, type: :job do
  let(:ldap_client_mock) { instance_double(Net::LDAP) }

-  subject(:job) {
+  before do
    allow_any_instance_of(described_class).to receive(:ldap_client).and_return(ldap_client_mock)
+  end

+  subject(:job) {
    described_class.perform_later(
-      'halfinney', 'kosmos.org', 'halfinney@example.com',
-      'remember-remember-the-5th-of-november'
+      username: 'halfinney', domain: 'kosmos.org',
+      email: 'halfinney@example.com',
+      hashed_pw: 'remember-remember-the-5th-of-november'
+    )
+  }
+
+  subject(:job_for_preconfirmed_account) {
+    described_class.perform_later(
+      username: 'halfinney', domain: 'kosmos.org',
+      email: 'halfinney@example.com',
+      hashed_pw: 'remember-remember-the-5th-of-november',
+      confirmed: true
    )
  }

@ -30,6 +42,26 @@ RSpec.describe CreateLdapUserJob, type: :job do
    )
  end

+  it "adds default services for pre-confirmed accounts" do
+    allow(ldap_client_mock).to receive(:add) # spy on mock
+    allow(Setting).to receive(:default_services).and_return(["xmpp", "discourse"])
+
+    perform_enqueued_jobs { job_for_preconfirmed_account }
+
+    expect(ldap_client_mock).to have_received(:add).with(
+      dn: "cn=halfinney,ou=kosmos.org,cn=users,dc=kosmos,dc=org",
+      attributes: {
+        objectclass: ["top", "account", "person", "extensibleObject"],
+        cn: "halfinney",
+        sn: "halfinney",
+        uid: "halfinney",
+        mail: "halfinney@example.com",
+        serviceEnabled: ["xmpp", "discourse"],
+        userPassword: "remember-remember-the-5th-of-november"
+      }
+    )
+  end
+
  after do
    clear_enqueued_jobs
    clear_performed_jobs
--- a/spec/services/create_account_spec.rb
+++ b/spec/services/create_account_spec.rb
@ -53,11 +53,32 @@ RSpec.describe CreateAccount, type: :model do

      expect(enqueued_jobs.size).to eq(1)

-      args = enqueued_jobs.first['arguments']
-      expect(args[0]).to eq('halfinney')
-      expect(args[1]).to eq('kosmos.org')
-      expect(args[2]).to eq('halfinney@example.com')
-      expect(args[3]).to match(/^{SSHA512}.{171}=/)
+      args = enqueued_jobs.first['arguments'][0]
+      expect(args["username"]).to eq('halfinney')
+      expect(args["domain"]).to eq('kosmos.org')
+      expect(args["email"]).to eq('halfinney@example.com')
+      expect(args["hashed_pw"]).to match(/^{SSHA512}.{171}=/)
+    end
+
+    after do
+      clear_enqueued_jobs
+    end
+  end
+
+  describe "#add_ldap_document for pre-confirmed account" do
+    include ActiveJob::TestHelper
+
+    let(:service) { CreateAccount.new(account: {
+      username: 'halfinney',
+      email: 'halfinney@example.com',
+      password: 'remember-remember-the-5th-of-november',
+      confirmed: true
+    })}
+
+    it "enqueues a job to create the LDAP user document" do
+      service.send(:add_ldap_document)
+      args = enqueued_jobs.first['arguments'][0]
+      expect(args["confirmed"]).to be(true)
    end

    after do