diff --git a/notifications_routing/authorization_service.py b/notifications_routing/authorization_service.py
index f6f4bde864f55f4b12331b9c9bc28c58461f78fa..465c4a6bca1891659f998ea5268cda9e5a8a9899 100644
--- a/notifications_routing/authorization_service.py
+++ b/notifications_routing/authorization_service.py
@@ -67,7 +67,7 @@ def _prepare_user(member: Dict[str, str]) -> Optional[Dict[str, str]]:
return {DataSource.USERNAME: member["unconfirmedEmail"], DataSource.EMAIL: member["unconfirmedEmail"]}
# always respect "activeUser"
- # activeUser field is omitted in Application and Service types
+ # activeUser field is omitted in Application and Service types and Person type from external sources
if "activeUser" in member and member["activeUser"] is False:
if member["externalEmail"]:
return {DataSource.USERNAME: member["upn"], DataSource.EMAIL: member["externalEmail"]}
diff --git a/notifications_routing/config.py b/notifications_routing/config.py
index 086da2de12370a82fcf8f6f8b1ad038358f9a26c..e0860288144cd05677e0c34a6ec44a813d045bd7 100644
--- a/notifications_routing/config.py
+++ b/notifications_routing/config.py
@@ -34,7 +34,7 @@ class Config:
CERN_GROUP_QUERY = os.getenv(
"CERN_GROUP_QUERY",
"memberidentities/precomputed?field=upn&field=primaryAccountEmail"
- "&field=unconfirmed&field=unconfirmedEmail&field=type&field=externalEmail&field=activeUser",
+ "&field=unconfirmed&field=unconfirmedEmail&field=type&field=externalEmail&field=activeUser&field=source",
)
# DB
diff --git a/tests/unit/test_authorization_service.py b/tests/unit/test_authorization_service.py
index ab3e245e14ba239f3e78932f67c0ee3fb8d35606..58c856135a17e6c0e4eba4cd8fc307085b4e1c4c 100644
--- a/tests/unit/test_authorization_service.py
+++ b/tests/unit/test_authorization_service.py
@@ -25,7 +25,7 @@ class MockResponse:
@pytest.fixture(scope="function")
-def auth_user_1():
+def auth_user():
"""Auth user dict."""
return {
"primaryAccountEmail": "user1@cern.ch",
@@ -35,35 +35,40 @@ def auth_user_1():
"externalEmail": None,
"type": "Person",
"activeUser": True,
+ "source": "cern",
}
@pytest.fixture(scope="function")
-def auth_user_2():
+def auth_user_external():
"""Auth user dict."""
return {
- "primaryAccountEmail": "user2@cern.ch",
- "upn": "user2",
+ "primaryAccountEmail": "external@usc.es",
+ "upn": "external@1234567890",
"unconfirmed": False,
"unconfirmedEmail": None,
"externalEmail": None,
"type": "Person",
- "activeUser": True,
+ # external user don't have activeUser
+ # "activeUser": None
+ "source": "edugain",
}
@pytest.fixture(scope="function")
-def auth_user_data_inconsistent():
+def auth_user_external_unconfirmed():
"""Auth user dict."""
return {
- "primaryAccountEmail": "inconsistent@cern.ch",
- "upn": "inconsistent",
- "unconfirmed": False,
- "unconfirmedEmail": None,
- "type": "Person",
"externalEmail": None,
- # some times data is not consistent and activeUser is not filled
- # "activeUser": True
+ "primaryAccountEmail": None,
+ "type": "Person",
+ "upn": None,
+ # unconfirmed, external users have source null
+ "source": None,
+ "unconfirmed": True,
+ "unconfirmedEmail": "external-unconfirmed@hotmail.fr",
+ # external user don't have activeUser
+ # "activeUser": None
}
@@ -78,19 +83,7 @@ def auth_user_data_inconsistent_error():
"type": "Person",
"externalEmail": None,
"activeUser": True,
- }
-
-
-@pytest.fixture(scope="function")
-def auth_group_user_unconfirmed():
- """Auth user dict."""
- return {
- "externalEmail": None,
- "primaryAccountEmail": None,
- "type": "Person",
- "upn": None,
- "unconfirmed": True,
- "unconfirmedEmail": "unconfirmed@hotmail.fr",
+ "source": None,
}
@@ -104,6 +97,9 @@ def auth_group_user_application():
"unconfirmedEmail": None,
"type": "Application",
"externalEmail": None,
+ "source": None
+ # Application type don't have activeUser field
+ # "activeUser": None
}
@@ -117,6 +113,9 @@ def auth_group_user_service():
"unconfirmedEmail": None,
"type": "Service",
"externalEmail": None,
+ "source": "cern",
+ # Service type don't have activeUser field
+ # "activeUser": None
}
@@ -131,6 +130,7 @@ def auth_group_user_inactive_1():
"unconfirmed": False,
"unconfirmedEmail": None,
"activeUser": False,
+ "source": "cern",
}
@@ -145,6 +145,7 @@ def auth_group_user_inactive_2():
"unconfirmed": False,
"unconfirmedEmail": None,
"activeUser": False,
+ "source": "cern",
}
@@ -158,6 +159,9 @@ def auth_group_user_secondary():
"upn": "secondary",
"unconfirmed": False,
"unconfirmedEmail": None,
+ "source": "cern",
+ # secondary type don't have activeUser field
+ # "activeUser": None
}
@@ -169,15 +173,14 @@ def test_process_users(
mock_get,
mock_get_token,
appctx,
- auth_user_1,
- auth_user_2,
- auth_user_data_inconsistent,
+ auth_user,
+ auth_user_external,
+ auth_user_external_unconfirmed,
auth_group_user_inactive_1,
auth_group_user_inactive_2,
auth_group_user_service,
auth_group_user_application,
auth_group_user_secondary,
- auth_group_user_unconfirmed,
auth_user_data_inconsistent_error,
):
"""Test process users for normal."""
@@ -187,31 +190,29 @@ def test_process_users(
{
"pagination": {"next": "/next/url/page"},
"data": [
- auth_user_1,
- auth_user_2,
- auth_user_data_inconsistent,
+ auth_user,
+ auth_user_external,
+ auth_user_external_unconfirmed,
auth_group_user_inactive_1,
auth_group_user_inactive_2, # should be ignored, email is not extractable
auth_group_user_service,
auth_group_user_application, # should be ignore
- auth_group_user_secondary,
- auth_user_data_inconsistent_error,
+ auth_user_data_inconsistent_error, # log error
],
},
200,
),
- MockResponse({"pagination": {"next": None}, "data": [auth_group_user_unconfirmed]}, 200),
+ MockResponse({"pagination": {"next": None}, "data": [auth_group_user_secondary]}, 200),
]
result = get_group_users_api("group_id")
assert result == [
{"username": "user1", "email": "user1@cern.ch"},
- {"username": "user2", "email": "user2@cern.ch"},
- {"username": "inconsistent", "email": "inconsistent@cern.ch"},
+ {"username": "external@1234567890", "email": "external@usc.es"},
+ {"username": "external-unconfirmed@hotmail.fr", "email": "external-unconfirmed@hotmail.fr"},
{"username": "inactive1", "email": "external@aol.com"},
{"username": "service", "email": "service-email@cern.ch"},
{"username": "secondary", "email": "secondary@cern.ch"},
- {"username": "unconfirmed@hotmail.fr", "email": "unconfirmed@hotmail.fr"},
]
mock_logging_error.assert_called_once()
@@ -219,7 +220,7 @@ def test_process_users(
expected_first_call_url = (
"https://authorization-service-api.web.cern.ch"
"/api/v1.0/Group/group_id/memberidentities/precomputed?field=upn&field=primaryAccountEmail"
- "&field=unconfirmed&field=unconfirmedEmail&field=type&field=externalEmail&field=activeUser"
+ "&field=unconfirmed&field=unconfirmedEmail&field=type&field=externalEmail&field=activeUser&field=source"
)
expected_headers = {"Authorization": "Bearer jwt"}
mock_get.assert_has_calls(