feat(technicaluser): new parameters for api expansion for technical u…

…ser data added (#997)

Refs: #976
Co-authored-by: Phil Schneider <info@philschneider.de>
Reviewed-by: Phil Schneider <info@philschneider.de>

src/administration/Administration.Service/BusinessLogic/ServiceAccountBusinessLogic.cs

@@ -162,9 +162,11 @@ public async Task<ServiceAccountConnectorOfferData> GetOwnCompanyServiceAccountD
 
         IamClientAuthMethod? iamClientAuthMethod;
         string? secret;
+        var authServiceUrl = _settings.AuthServiceUrl;
 
         if (result.DimServiceAccountData != null)
         {
+            authServiceUrl = result.DimServiceAccountData.AuthenticationServiceUrl;
             iamClientAuthMethod = IamClientAuthMethod.SECRET;
             var cryptoHelper = _settings.EncryptionConfigs.GetCryptoHelper(_settings.EncryptionConfigIndex);
             secret = cryptoHelper.Decrypt(
@@ -192,6 +194,8 @@ public async Task<ServiceAccountConnectorOfferData> GetOwnCompanyServiceAccountD
             iamClientAuthMethod,
             result.UserRoleDatas,
             result.CompanyServiceAccountTypeId,
+            result.CompanyServiceAccountKindId,
+            authServiceUrl,
             result.Status,
             secret,
             result.ConnectorData,

src/administration/Administration.Service/BusinessLogic/ServiceAccountSettings.cs

@@ -40,6 +40,9 @@ public class ServiceAccountSettings
     [Required]
     [DistinctValues("x => x.Index")]
     public IEnumerable<EncryptionModeConfig> EncryptionConfigs { get; set; } = null!;
+
+    [Required]
+    public string AuthServiceUrl { get; set; } = null!;
 }
 
 public static class ServiceAccountSettingsExtensions

src/administration/Administration.Service/Models/ServiceAccountConnectorOfferData.cs

@@ -33,6 +33,8 @@ public record ServiceAccountConnectorOfferData(
     [property: JsonPropertyName("authenticationType")] IamClientAuthMethod? IamClientAuthMethod,
     [property: JsonPropertyName("roles")] IEnumerable<UserRoleData> UserRoleDatas,
     [property: JsonPropertyName("companyServiceAccountTypeId")] CompanyServiceAccountTypeId CompanyServiceAccountTypeId,
+    [property: JsonPropertyName("usertype")] CompanyServiceAccountKindId CompanyServiceAccountKindId,
+    [property: JsonPropertyName("authenticationServiceUrl")] string AuthenticationServiceUrl,
     [property: JsonPropertyName("status")] UserStatusId UserStatusId,
     [property: JsonPropertyName("secret")] string? Secret,
     [property: JsonPropertyName("connector")] ConnectorResponseData? Connector,

src/administration/Administration.Service/appsettings.json

@@ -248,7 +248,8 @@
   "ServiceAccount": {
     "ClientId": "",
     "EncryptionConfigIndex": 0,
-    "EncryptionConfigs": []
+    "EncryptionConfigs": [],
+    "AuthServiceUrl": ""
   },
   "Connectors": {
     "MaxPageSize": 20,

src/portalbackend/PortalBackend.DBAccess/Models/CompanyServiceAccountDetailedData.cs

@@ -30,6 +30,7 @@ public record CompanyServiceAccountDetailedData(
     UserStatusId Status,
     IEnumerable<UserRoleData> UserRoleDatas,
     CompanyServiceAccountTypeId CompanyServiceAccountTypeId,
+    CompanyServiceAccountKindId CompanyServiceAccountKindId,
     ConnectorResponseData? ConnectorData,
     OfferResponseData? OfferSubscriptionData,
     CompanyLastEditorData? CompanyLastEditorData,
@@ -42,6 +43,7 @@ public record OfferResponseData(Guid Id, OfferTypeId Type, string? Name, Guid? S
 public record CompanyLastEditorData(string? Name, string CompanyName);
 
 public record DimServiceAccountData(
+    string AuthenticationServiceUrl,
     byte[] ClientSecret,
     byte[]? InitializationVector,
     int EncryptionMode

src/portalbackend/PortalBackend.DBAccess/Repositories/ServiceAccountRepository.cs

@@ -146,6 +146,7 @@ public void AttachAndModifyCompanyServiceAccount(
                         userRole.Offer!.AppInstances.First().IamClient!.ClientClientId,
                         userRole.UserRoleText)),
                 x.ServiceAccount.CompanyServiceAccountTypeId,
+                x.ServiceAccount.CompanyServiceAccountKindId,
                 x.Connector == null
                     ? null
                     : new ConnectorResponseData(
@@ -168,6 +169,7 @@ public void AttachAndModifyCompanyServiceAccount(
                 x.ServiceAccount.DimCompanyServiceAccount == null
                     ? null
                     : new DimServiceAccountData(
+                        x.DimCompanyServiceAccount!.AuthenticationServiceUrl,
                         x.DimCompanyServiceAccount!.ClientSecret,
                         x.DimCompanyServiceAccount.InitializationVector,
                         x.DimCompanyServiceAccount.EncryptionMode)))

tests/administration/Administration.Service.Tests/BusinessLogic/ServiceAccountBusinessLogicTests.cs

@@ -100,6 +100,7 @@ public ServiceAccountBusinessLogicTests()
 
         _options = Options.Create(new ServiceAccountSettings
         {
+            AuthServiceUrl = "https://auth.test/auth",
             ClientId = ClientId,
             EncryptionConfigIndex = 1,
             EncryptionConfigs = new[] { new EncryptionModeConfig() { Index = 1, EncryptionKey = Convert.ToHexString(encryptionKey), CipherMode = System.Security.Cryptography.CipherMode.CBC, PaddingMode = System.Security.Cryptography.PaddingMode.PKCS7 } },
@@ -238,6 +239,54 @@ public async Task GetOwnCompanyServiceAccountDetailsAsync_WithValidInputAndDimCo
         A.CallTo(() => _provisioningManager.GetCentralClientAuthDataAsync(A<string>._)).MustNotHaveHappened();
     }
 
+    [Fact]
+    public async Task GetOwnCompanyServiceAccountDetailsAsync_WithValidUserTypeInternal_AuthenticationUrl()
+    {
+        // Arrange
+        SetupGetOwnComapnyServiceAccountInternalType();
+        var sut = new ServiceAccountBusinessLogic(_provisioningManager, _portalRepositories, _options, null!, _identityService, _serviceAccountManagement);
+
+        // Act
+        var result = await sut.GetOwnCompanyServiceAccountDetailsAsync(ValidServiceAccountId);
+
+        // Assert
+        result.Should().NotBeNull();
+        result.CompanyServiceAccountKindId.Should().Be(CompanyServiceAccountKindId.INTERNAL);
+        result.AuthenticationServiceUrl.Should().Be("https://auth.test/auth");
+    }
+
+    [Fact]
+    public async Task GetOwnCompanyServiceAccountDetailsAsync_WithValidUserTypeExternal_AuthenticationUrl()
+    {
+        // Arrange  
+        SetupGetOwnComapnyServiceAccountExternalType();
+        var sut = new ServiceAccountBusinessLogic(_provisioningManager, _portalRepositories, _options, null!, _identityService, _serviceAccountManagement);
+
+        // Act
+        var result = await sut.GetOwnCompanyServiceAccountDetailsAsync(ValidServiceAccountId);
+
+        // Assert
+        result.Should().NotBeNull();
+        result.CompanyServiceAccountKindId.Should().Be(CompanyServiceAccountKindId.EXTERNAL);
+        result.AuthenticationServiceUrl.Should().Be("https://test.org/auth");
+    }
+
+    [Fact]
+    public async Task GetOwnCompanyServiceAccountDetailsAsync_WithInValidUserTypeInternal_AuthenticationUrl()
+    {
+        // Arrange       
+        SetupGetOwnCompanyServiceAccountDetails();
+        var sut = new ServiceAccountBusinessLogic(_provisioningManager, _portalRepositories, _options, null!, _identityService, _serviceAccountManagement);
+
+        // Act
+        var result = await sut.GetOwnCompanyServiceAccountDetailsAsync(ValidServiceAccountId);
+
+        // Assert
+        result.Should().NotBeNull();
+        result.CompanyServiceAccountKindId.Should().NotBe(CompanyServiceAccountKindId.INTERNAL);
+        result.AuthenticationServiceUrl.Should().NotBe("https://auth.test/auth");
+    }
+
     [Fact]
     public async Task GetOwnCompanyServiceAccountDetailsAsync_WithInvalidCompany_NotFoundException()
     {
@@ -790,21 +839,16 @@ private void SetupUpdateOwnCompanyServiceAccountDetails()
 
     private void SetupGetOwnCompanyServiceAccount()
     {
-        var data = _fixture.Build<CompanyServiceAccountDetailedData>()
-            .With(x => x.Status, UserStatusId.ACTIVE)
-            .With(x => x.DimServiceAccountData, default(DimServiceAccountData?))
-            .Create();
-
-        var cryptoConfig = _options.Value.EncryptionConfigs.Single(x => x.Index == _options.Value.EncryptionConfigIndex);
-        var (secret, initializationVector) = CryptoHelper.Encrypt("test", Convert.FromHexString(cryptoConfig.EncryptionKey), cryptoConfig.CipherMode, cryptoConfig.PaddingMode);
+        var cryptoHelper = _options.Value.EncryptionConfigs.GetCryptoHelper(_options.Value.EncryptionConfigIndex);
+        var (secret, initializationVector) = cryptoHelper.Encrypt("test");
 
-        var dimServiceAccountData = new DimServiceAccountData(secret, initializationVector, _options.Value.EncryptionConfigIndex);
+        var dimServiceAccountData = new DimServiceAccountData("https://example.org/auth", secret, initializationVector, _options.Value.EncryptionConfigIndex);
         var dataWithDim = _fixture.Build<CompanyServiceAccountDetailedData>()
             .With(x => x.DimServiceAccountData, dimServiceAccountData)
             .Create();
 
         A.CallTo(() => _serviceAccountRepository.GetOwnCompanyServiceAccountDetailedDataUntrackedAsync(ValidServiceAccountId, ValidCompanyId))
-            .Returns(data);
+            .Returns(dataWithDim);
         A.CallTo(() => _serviceAccountRepository.GetOwnCompanyServiceAccountDetailedDataUntrackedAsync(ValidServiceAccountWithDimDataId, ValidCompanyId))
             .Returns(dataWithDim);
         A.CallTo(() => _serviceAccountRepository.GetOwnCompanyServiceAccountDetailedDataUntrackedAsync(
@@ -814,6 +858,35 @@ private void SetupGetOwnCompanyServiceAccount()
             .Returns<CompanyServiceAccountDetailedData?>(null);
     }
 
+    private void SetupGetOwnComapnyServiceAccountInternalType()
+    {
+        var data = _fixture.Build<CompanyServiceAccountDetailedData>()
+            .With(x => x.Status, UserStatusId.ACTIVE)
+            .With(x => x.CompanyServiceAccountKindId, CompanyServiceAccountKindId.INTERNAL)
+            .With(x => x.DimServiceAccountData, default(DimServiceAccountData?))
+            .Create();
+
+        A.CallTo(() => _serviceAccountRepository.GetOwnCompanyServiceAccountDetailedDataUntrackedAsync(ValidServiceAccountId, ValidCompanyId))
+        .Returns(data);
+    }
+
+    private void SetupGetOwnComapnyServiceAccountExternalType()
+    {
+        var cryptoHelper = _options.Value.EncryptionConfigs.GetCryptoHelper(_options.Value.EncryptionConfigIndex);
+        var (secret, initializationVector) = cryptoHelper.Encrypt("test");
+
+        var dimServiceAccountData = new DimServiceAccountData("https://test.org/auth", secret, initializationVector, _options.Value.EncryptionConfigIndex);
+
+        var externalData = _fixture.Build<CompanyServiceAccountDetailedData>()
+            .With(x => x.Status, UserStatusId.ACTIVE)
+            .With(x => x.CompanyServiceAccountKindId, CompanyServiceAccountKindId.EXTERNAL)
+            .With(x => x.DimServiceAccountData, dimServiceAccountData)
+            .Create();
+
+        A.CallTo(() => _serviceAccountRepository.GetOwnCompanyServiceAccountDetailedDataUntrackedAsync(ValidServiceAccountId, ValidCompanyId))
+        .Returns(externalData);
+    }
+
     private void SetupDeleteOwnCompanyServiceAccount(Connector? connector = null, Identity? identity = null, Guid? processId = null)
     {
         var serviceAccount = new CompanyServiceAccount(Guid.NewGuid(), Guid.NewGuid(), "test-sa", "test", CompanyServiceAccountTypeId.OWN, CompanyServiceAccountKindId.INTERNAL);

tests/administration/Administration.Service.Tests/appsettings.IntegrationTests.json

@@ -245,7 +245,8 @@
         "CipherMode": "CBC",
         "PaddingMode": "PKCS7"
       }
-    ]
+    ],
+    "AuthServiceUrl": "https://auth.test/auth"
   },
   "Connectors": {
     "MaxPageSize": 20,