Skip to content

Commit

Permalink
Add test cases and modify test conf.
Browse files Browse the repository at this point in the history
  • Loading branch information
Ghost-in-a-Jar committed Oct 16, 2023
1 parent 7273a5a commit 2a2c607
Show file tree
Hide file tree
Showing 8 changed files with 254 additions and 101 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -75,9 +75,8 @@ trait DirectoryDAO {

def acceptTermsOfService(userId: WorkbenchUserId, tosVersion: String, samRequestContext: SamRequestContext): IO[Boolean]
def rejectTermsOfService(userId: WorkbenchUserId, tosVersion: String, samRequestContext: SamRequestContext): IO[Boolean]
def getLatestUserTos(userId: WorkbenchUserId, samRequestContext: SamRequestContext): IO[Option[SamUserTos]]
def getUserTos(userId: WorkbenchUserId, samRequestContext: SamRequestContext): IO[Option[SamUserTos]]
def getUserTos(userId: WorkbenchUserId, tosVersion: String, samRequestContext: SamRequestContext): IO[Option[SamUserTos]]

def createPetManagedIdentity(petManagedIdentity: PetManagedIdentity, samRequestContext: SamRequestContext): IO[PetManagedIdentity]
def loadPetManagedIdentity(petManagedIdentityId: PetManagedIdentityId, samRequestContext: SamRequestContext): IO[Option[PetManagedIdentity]]
def getUserFromPetManagedIdentity(petManagedIdentityObjectId: ManagedIdentityObjectId, samRequestContext: SamRequestContext): IO[Option[SamUser]]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -647,8 +647,9 @@ class PostgresDirectoryDAO(protected val writeDbRef: DbReference, protected val
}
}

override def getLatestUserTos(userId: WorkbenchUserId, samRequestContext: SamRequestContext): IO[Option[SamUserTos]] =
readOnlyTransaction("getLatestUserTos", samRequestContext) { implicit session =>
// When no tosVersion is specified, return the latest TosRecord for the user
override def getUserTos(userId: WorkbenchUserId, samRequestContext: SamRequestContext): IO[Option[SamUserTos]] =
readOnlyTransaction("getUserTos", samRequestContext) { implicit session =>
val tosTable = TosTable.syntax
val column = TosTable.column

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -47,12 +47,12 @@ class TosService(val directoryDao: DirectoryDAO, val tosConfig: TermsOfServiceCo

@Deprecated
def getTosDetails(samUser: SamUser, samRequestContext: SamRequestContext): IO[TermsOfServiceDetails] =
directoryDao.getLatestUserTos(samUser.id, samRequestContext).map { tos =>
directoryDao.getUserTos(samUser.id, samRequestContext).map { tos =>
TermsOfServiceDetails(isEnabled = true, tosConfig.isGracePeriodEnabled, tosConfig.version, tos.map(_.version))
}

def getTosComplianceStatus(samUser: SamUser, samRequestContext: SamRequestContext): IO[TermsOfServiceComplianceStatus] = for {
latestUserTos <- directoryDao.getLatestUserTos(samUser.id, samRequestContext)
latestUserTos <- directoryDao.getUserTos(samUser.id, samRequestContext)
previousUserTos <- directoryDao.getUserTos(samUser.id, tosConfig.rollingAcceptanceWindowPreviousTosVersion, samRequestContext)
userHasAcceptedLatestVersion = userHasAcceptedLatestTosVersion(latestUserTos)
permitsSystemUsage = tosAcceptancePermitsSystemUsage(samUser, latestUserTos, previousUserTos)
Expand All @@ -63,7 +63,14 @@ class TosService(val directoryDao: DirectoryDAO, val tosConfig: TermsOfServiceCo
private def tosAcceptancePermitsSystemUsage(user: SamUser, userTos: Option[SamUserTos], previousUserTos: Option[SamUserTos]): Boolean = {
val now = Instant.now()
val userIsServiceAccount = StandardSamUserDirectives.SAdomain.matches(user.email.value) // Service Account users do not need to accept ToS
val userIsPermitted = userTos.exists { tos =>

if (userIsServiceAccount) {
return true
}
if (userHasRejectedLatestTosVersion(userTos)) {
return false
}
userTos.exists { tos =>
val userHasAcceptedLatestVersion = userHasAcceptedLatestTosVersion(Option(tos))
val userCanUseSystemUnderGracePeriod = tosConfig.isGracePeriodEnabled && tos.action == TosTable.ACCEPT
val tosDisabled = !tosConfig.isTosEnabled
Expand All @@ -74,14 +81,18 @@ class TosService(val directoryDao: DirectoryDAO, val tosConfig: TermsOfServiceCo
userHasAcceptedLatestVersion || userInsideOfRollingAcceptanceWindow || userCanUseSystemUnderGracePeriod || tosDisabled

}
userIsPermitted || userIsServiceAccount
}

private def userHasAcceptedLatestTosVersion(userTos: Option[SamUserTos]): Boolean =
userTos.exists { tos =>
tos.version.contains(tosConfig.version) && tos.action == TosTable.ACCEPT
}

private def userHasRejectedLatestTosVersion(userTos: Option[SamUserTos]): Boolean =
userTos.exists { tos =>
tos.version.contains(tosConfig.version) && tos.action == TosTable.REJECT
}

private def userHasAcceptedPreviousTosVersion(previousUserTos: Option[SamUserTos]): Boolean =
previousUserTos.exists(tos => tos.action == TosTable.ACCEPT)
}
Expand Down
2 changes: 2 additions & 0 deletions src/test/resources/reference.conf
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,8 @@ termsOfService {
enabled = false
version = 1
url = "app.terra.bio/#terms-of-service"
rollingAcceptanceWindowExpirationDatetime = "2019-01-01T00:00:00Z"
rollingAcceptanceWindowPreviousTosVersion = 0
}

petServiceAccount {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@ import org.broadinstitute.dsde.workbench.sam.util.SamRequestContext
import org.broadinstitute.dsde.workbench.sam.{Generator, TestSupport}
import org.scalatest.concurrent.ScalaFutures

import java.time.Instant
import scala.concurrent.ExecutionContext

/** Created by dvoet on 7/14/17.
Expand All @@ -49,7 +50,7 @@ class TestSamRoutes(
userService,
statusService,
managedGroupService,
TermsOfServiceConfig(true, false, "0", "app.terra.bio/#terms-of-service"),
TermsOfServiceConfig(true, false, "1", "app.terra.bio/#terms-of-service", Instant.now(), "0"),
policyEvaluatorService,
tosService,
LiquibaseConfig("", false),
Expand Down Expand Up @@ -91,7 +92,7 @@ class TestSamTosEnabledRoutes(
userService,
statusService,
managedGroupService,
TermsOfServiceConfig(true, false, "0", "app.terra.bio/#terms-of-service"),
TermsOfServiceConfig(true, false, "1", "app.terra.bio/#terms-of-service", Instant.now(), "0"),
policyEvaluatorService,
tosService,
LiquibaseConfig("", false),
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -340,7 +340,14 @@ class MockDirectoryDAO(val groups: mutable.Map[WorkbenchGroupIdentity, Workbench
true
}

override def getLatestUserTos(userId: WorkbenchUserId, samRequestContext: SamRequestContext): IO[Option[SamUserTos]] =
override def getUserTos(userId: WorkbenchUserId, samRequestContext: SamRequestContext): IO[Option[SamUserTos]] =
loadUser(userId, samRequestContext).map {
case None => None
case Some(_) =>
userTos.get(userId)
}

override def getUserTos(userId: WorkbenchUserId, tosVersion: String, samRequestContext: SamRequestContext): IO[Option[SamUserTos]] =
loadUser(userId, samRequestContext).map {
case None => None
case Some(_) =>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -1486,7 +1486,7 @@ class PostgresDirectoryDAOSpec extends RetryableAnyFreeSpec with Matchers with B
dao.acceptTermsOfService(defaultUser.id, tosConfig.version, samRequestContext).unsafeRunSync() shouldBe true

// Assert
val userTos = dao.getLatestUserTos(defaultUser.id, samRequestContext).unsafeRunSync()
val userTos = dao.getUserTos(defaultUser.id, samRequestContext).unsafeRunSync()
userTos should not be empty
userTos.get.createdAt should beAround(Instant.now())
userTos.get.action shouldBe TosTable.ACCEPT
Expand All @@ -1501,7 +1501,7 @@ class PostgresDirectoryDAOSpec extends RetryableAnyFreeSpec with Matchers with B
dao.acceptTermsOfService(defaultUser.id, "2", samRequestContext).unsafeRunSync() shouldBe true

// Assert
val userTos = dao.getLatestUserTos(defaultUser.id, samRequestContext).unsafeRunSync()
val userTos = dao.getUserTos(defaultUser.id, samRequestContext).unsafeRunSync()
userTos should not be empty
userTos.get.createdAt should beAround(Instant.now())
userTos.get.action shouldBe TosTable.ACCEPT
Expand All @@ -1516,7 +1516,7 @@ class PostgresDirectoryDAOSpec extends RetryableAnyFreeSpec with Matchers with B
dao.rejectTermsOfService(user.id, tosConfig.version, samRequestContext).unsafeRunSync() shouldBe true

// Assert
val userTos = dao.getLatestUserTos(user.id, samRequestContext).unsafeRunSync()
val userTos = dao.getUserTos(user.id, samRequestContext).unsafeRunSync()
userTos should not be empty
userTos.get.createdAt should beAround(Instant.now())
userTos.get.action shouldBe TosTable.REJECT
Expand All @@ -1530,7 +1530,7 @@ class PostgresDirectoryDAOSpec extends RetryableAnyFreeSpec with Matchers with B
dao.rejectTermsOfService(user.id, tosConfig.version, samRequestContext).unsafeRunSync() shouldBe true

// Assert
val userTos = dao.getLatestUserTos(user.id, samRequestContext).unsafeRunSync()
val userTos = dao.getUserTos(user.id, samRequestContext).unsafeRunSync()
userTos should not be empty
userTos.get.createdAt should beAround(Instant.now())
userTos.get.action shouldBe TosTable.REJECT
Expand All @@ -1544,7 +1544,7 @@ class PostgresDirectoryDAOSpec extends RetryableAnyFreeSpec with Matchers with B
dao.createUser(user, samRequestContext).unsafeRunSync()

// Assert
val userTos = dao.getLatestUserTos(user.id, samRequestContext).unsafeRunSync()
val userTos = dao.getUserTos(user.id, samRequestContext).unsafeRunSync()
userTos should be(None)
}
}
Expand Down
Loading

0 comments on commit 2a2c607

Please sign in to comment.