Add api endpoint for setting user password to be handled by moocfi

.github/workflows/ci.yml

@@ -11,7 +11,7 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v2
-        with: 
+        with:
           submodules: false
       - name: Setup git submodules
         run: |
@@ -29,7 +29,7 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v2
-        with: 
+        with:
           submodules: false
       - name: Setup git submodules
         run: |
@@ -47,7 +47,7 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v2
-        with: 
+        with:
           submodules: false
       - name: Setup git submodules
         run: |
@@ -65,7 +65,7 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v2
-        with: 
+        with:
           submodules: false
       - name: Setup git submodules
         run: |
@@ -83,7 +83,7 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v2
-        with: 
+        with:
           submodules: false
       - name: Setup git submodules
         run: |
@@ -101,7 +101,7 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v2
-        with: 
+        with:
           submodules: false
       - name: Setup git submodules
         run: |
@@ -112,4 +112,4 @@ jobs:
       - name: Setup database & test env
         run: docker compose run web bin/rake db:create db:schema:load RAILS_ENV=test
       - name: Run spec_integration tests
-        run: docker compose run web bin/spec_integration
+        run: docker compose run web bin/spec_integration

app/controllers/api/v8/apidocs_controller.rb

@@ -62,6 +62,13 @@ class ApidocsController < ActionController::Base
           key :required, true
           key :type, :integer
         end
+        parameter :path_user_email do
+          key :name, :user_email
+          key :in, :path
+          key :description, "User's email"
+          key :required, true
+          key :type, :string
+        end
         parameter :path_exercise_id do
           key :name, :exercise_id
           key :in, :path

app/controllers/api/v8/users_controller.rb

@@ -56,6 +56,54 @@ class UsersController < Api::V8::BaseController
         end
       end
 
+      swagger_path '/api/v8/users/{user_id}/set_password_managed_by_courses_mooc_fi' do
+        operation :post do
+          key :description, 'Sets the boolean password_managed_by_courses_mooc_fi for the user with the given id to true.'
+          key :operationId, 'setPasswordManagedByCoursesMoocFi'
+          key :produces, ['application/json']
+          key :tags, ['user']
+          parameter '$ref': '#/parameters/user_id'
+          response 403, '$ref': '#/responses/error'
+          response 404, '$ref': '#/responses/error'
+          response 200 do
+            key :description, "status 'ok' and sets the boolean password_managed_by_courses_mooc_fi to true"
+            schema do
+              key :title, :status
+              key :required, [:status]
+              property :status, type: :string, example: 'Password managed by courses.mooc.fi set to true and password deleted.'
+            end
+          end
+        end
+      end
+
+      swagger_path '/api/v8/users/get_user_with_email?email={email}' do
+        operation :get do
+          key :description, "Returns the user's id as upstream_id, user's courses.mooc.fi-id as id, email, first name and last name by user email"
+          key :operationId, 'getUserInformationByEmail'
+          key :produces, ['application/json']
+          key :tags, ['user']
+          parameter '$ref': '#/parameters/user_email'
+          response 403, '$ref': '#/responses/error'
+          response 404, '$ref': '#/responses/error'
+          response 200 do
+            key :description, "User's courses.mooc.fi-id as id, email, first name, last name and id as upstream_id as json"
+            key :content, 'application/json'
+            schema do
+              key :title, :user
+              key :required, [:user]
+              key :type, :object
+              property :id, type: :string, description: "User's courses.mooc.fi user id", example: 'ABCD1234-5678-EFGH-IJ90-ABC123DEF456'
+              property :email, type: :string, description: 'User email', example: 'user@example.com'
+              property :first_name, type: :string, description: 'User first name', example: 'John'
+              property :last_name, type: :string, description: 'User last name', example: 'Doe'
+              property :upstream_id, type: :integer, description: "User's user id in TMC database", example: 123
+            end
+          end
+        end
+      end
+
+      skip_authorization_check only: %i[set_password_managed_by_courses_mooc_fi]
+
       def show
         unauthorize_guest! if current_user.guest?
         user = current_user
@@ -103,19 +151,13 @@ def create
         set_extra_data
 
         if BannedEmail.banned?(@user.email)
-          return render json: {
-            success: true,
-            message: 'User created.'
-          }
+          return render json: build_success_response(params[:include_id])
         end
 
         if @user.errors.empty? && @user.save
           # TODO: Whitelist origins
           UserMailer.email_confirmation(@user, params[:origin], params[:language]).deliver_now
-          render json: {
-            success: true,
-            message: 'User created.'
-          }
+          render json: build_success_response(params[:include_id])
         else
           errors = @user.errors
           errors[:username] = errors.delete(:login) if errors.key?(:login)
@@ -149,6 +191,65 @@ def update
         }, status: :bad_request
       end
 
+      def destroy
+        unauthorize_guest! if current_user.guest?
+
+        user = User.find(params[:id])
+        authorize! :destroy, user
+
+        if user.destroy
+          RecentlyChangedUserDetail.where(username: user.login).delete_all
+          RecentlyChangedUserDetail.deleted.create!(
+            new_value: true,
+            email: user.email,
+            username: user.login,
+            user_id: user.id
+          )
+          Doorkeeper::AccessToken.where(resource_owner_id: user.id).delete_all
+
+          render json: { success: true, message: 'User deleted.' }
+        else
+          render json: { success: false, errors: user.errors }, status: :bad_request
+        end
+      end
+
+      def set_password_managed_by_courses_mooc_fi
+        only_admins!
+
+        User.transaction do
+          user = User.find_by!(id: params[:id])
+          user.password_managed_by_courses_mooc_fi = true
+          user.password_hash = nil
+          user.salt = nil
+          user.argon_hash = nil
+          user.courses_mooc_fi_user_id = params[:courses_mooc_fi_user_id]
+          raise ActiveRecord::Rollback if !user.errors.empty? || !user.save
+          return render json: {
+            status: 'Password managed by courses.mooc.fi set to true and password deleted.'
+          }
+        end
+        render json: {
+          errors: @user.errors
+        }, status: :bad_request
+      end
+
+      def get_user_with_email
+        unauthorize_guest! if current_user.guest?
+
+        user = User.find_by!(email: params[:email])
+        authorize! :read, user
+
+        name = UserFieldValue.where(user_id: user.id, field_name: ['first_name', 'last_name']).pluck(:field_name, :value).to_h
+
+        render json: {
+          id: user.courses_mooc_fi_user_id,
+          email: user.email,
+          first_name: name['first_name'],
+          last_name: name['last_name'],
+          upstream_id: user.id,
+        }
+      end
+
       private
         def set_email
           user_params = params[:user]
@@ -189,6 +290,10 @@ def set_password
         end
 
         def maybe_update_password
+          if @user.password_managed_by_courses_mooc_fi && @user.courses_mooc_fi_user_id.present?
+            return @user.update_password_via_courses_mooc_fi(@user.courses_mooc_fi_user_id, user_params[:old_password], user_params[:password])
+          end
+
           if params[:old_password].present? && params[:password].present?
             if !@user.has_password?(params[:old_password])
               @user.errors.add(:old_password, 'incorrect')
@@ -229,6 +334,17 @@ def set_extra_data(eager_save = false)
             datum.save! if eager_save
           end
         end
+
+        def build_success_response(include_id = false)
+          response = {
+            success: true,
+            message: 'User created.',
+          }
+          if include_id
+            response[:id] = @user.id
+          end
+          response
+        end
     end
   end
 end

app/controllers/password_reset_keys_controller.rb

@@ -39,18 +39,29 @@ def destroy
       return render action: :show, status: :forbidden
     end
 
-    @user.password = params[:password]
-    if @user.save
-      @key.destroy
-      flash[:success] = 'Your password has been reset.'
-      redirect_to root_path
+    if @user.password_managed_by_courses_mooc_fi
+      success = @user.update_password_via_courses_mooc_fi(nil, params[:password])
+      if success
+        @key.destroy
+        flash[:success] = 'Your password has been reset.'
+        redirect_to root_path
+      else
+        'Failed to reset password.'
+      end
     else
-      flash.now[:alert] = if @user.errors[:password]
-        'Password ' + @user.errors[:password].join(', ')
+      @user.password = params[:password]
+      if @user.save
+        @key.destroy
+        flash[:success] = 'Your password has been reset.'
+        redirect_to root_path
       else
-        'Failed to set password'
+        flash.now[:alert] = if @user.errors[:password]
+          'Password ' + @user.errors[:password].join(', ')
+        else
+          'Failed to set password'
+        end
+        render action: :show, status: :forbidden
       end
-      render action: :show, status: :forbidden
     end
   end
 

app/controllers/settings_controller.rb

@@ -86,6 +86,10 @@ def set_email
     end
 
     def maybe_update_password(user, user_params)
+      if user.password_managed_by_courses_mooc_fi && user.courses_mooc_fi_user_id.present?
+        return user.update_password_via_courses_mooc_fi(user.courses_mooc_fi_user_id, user_params[:old_password], user_params[:password])
+      end
+
       if user_params[:old_password].present? || user_params[:password].present?
         if !user.has_password?(user_params[:old_password])
           user.errors.add(:old_password, 'incorrect')

app/controllers/users_controller.rb

@@ -179,6 +179,10 @@ def set_password
     end
 
     def maybe_update_password(user, user_params)
+      if user.password_managed_by_courses_mooc_fi && user.courses_mooc_fi_user_id.present?
+        return user.update_password_via_courses_mooc_fi(user.courses_mooc_fi_user_id, user_params[:old_password], user_params[:password])
+      end
+
       if user_params[:old_password].present? || user_params[:password].present?
         if !user.has_password?(user_params[:old_password])
           user.errors.add(:old_password, 'incorrect')