pulibrary / tigerdata-app / 06b0f8db-74af-434e-aad6-240c4e008165

coverage: 91.229% (+0.2%) from 91.075%
06b0f8db-74af-434e-aad6-240c4e008165

Pull #2164

circleci

web-flow 
Merge branch 'main' into access-denied-data-users-bug
Pull Request #2164: Fixes bug in check for user_has_access for data users

1 of 1 new or added line in 1 file covered. (100.0%)

590 existing lines in 23 files now uncovered.

2850 of 3124 relevant lines covered (91.23%)

542.1 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

100.0
/app/services/princeton_users.rb
1 
# frozen_string_literal: true
UNCOV
2 
class PrincetonUsers
2
UNCOV
3 
  CHARS_AND_NUMS =  ('a'..'z').to_a + (0..9).to_a + ['-']
2
4 









5



  # `cbentler` and `az3007` are required because they come as data manager and data sponsor










6



  # in the default project in the Mediaflux in our Docker image.











UNCOV

7



  RDSS_DEVELOPERS = %w[bs3097 jrg5 cac9 hc8719 rl3667 kl37 pp9425 jh6441 cbentler az3007].freeze




2





8













UNCOV

9



  class << self




2





10












11












12



    # Returns a list of Users that match the given query











UNCOV

13



    def user_list_query(query)




2






UNCOV

14



      tokens = query.downcase.strip.split(/[^a-zA-Z\d]/).compact_blank




39






UNCOV

15



      return [] if tokens.count == 0




39






UNCOV

16



      if (tokens.count == 1)




38





17



        # if I have a single token I might be trying a uid search, so put all the uid matches at the top











UNCOV

18



        uid_query(tokens[0]) | name_query(tokens)




22






UNCOV

19



      else











UNCOV

20



        name_query(tokens)




16






UNCOV

21



      end.map{|user| { uid: user.uid, name: user.display_name, display_name: user.display_name_safe } }




40






UNCOV

22



    end










23













UNCOV

24



    def uid_query(token)




2






UNCOV

25



      order_sql = User.sanitize_sql_for_order("LENGTH(uid)-LENGTH('#{token}')")




22






UNCOV

26



      search_token = User.sanitize_sql_like(token)+'%'




22






UNCOV

27



      User.where("(uid like ?)",search_token).order(Arel.sql(order_sql)).order(:uid)




22






UNCOV

28



    end










29













UNCOV

30



    def name_query(tokens)




2






UNCOV

31



      tokens.inject(User.all) do |partial_query, token|




38






UNCOV

32



        search_token = '%'+User.sanitize_sql_like(token)+'%'




65






UNCOV

33



        partial_query.where("(LOWER(display_name) like ?) OR (LOWER(uid) like ?)", search_token, search_token)




65






UNCOV

34



      end.order(:given_name).order(:family_name)











UNCOV

35



    end










36













UNCOV

37



    def load_rdss_developers




2






UNCOV

38



      RDSS_DEVELOPERS.each do |netid|




2






UNCOV

39



        create_user_from_ldap_by_uid(netid)




11






UNCOV

40



        rescue TigerData::LdapError











UNCOV

41



        raise TigerData::LdapError, "Unable to create user from LDAP. Are you connected to VPN?"




1






UNCOV

42



      end











UNCOV

43



    end










44












45



    # Creates users from LDAP data, starting with the given uid prefix.











UNCOV

46



    def create_users_from_ldap(current_uid_start: "", ldap_connection: default_ldap_connection)




2






UNCOV

47



      CHARS_AND_NUMS.each do |char|




5






UNCOV

48



        filter =(~ Net::LDAP::Filter.eq( "pustatus", "guest" )) & Net::LDAP::Filter.eq("uid", "#{current_uid_start}#{char}*")




185






UNCOV

49



        people = ldap_connection.search(filter:, attributes: [:pudisplayname, :givenname, :sn, :uid, :edupersonprincipalname]);




185






UNCOV

50



        if ldap_connection.get_operation_result.message == "Success"




185






UNCOV

51



          people.each{|person| user_from_ldap(person)}




188






UNCOV

52



        else











UNCOV

53



          create_users_from_ldap(current_uid_start: "#{current_uid_start}#{char}", ldap_connection:)




1






UNCOV

54



        end











UNCOV

55



      end











UNCOV

56



    end










57













UNCOV

58



    def create_user_from_ldap_by_uid(uid, ldap_connection: default_ldap_connection)




2






UNCOV

59



      filter = Net::LDAP::Filter.eq('uid', uid)




10






UNCOV

60



      person = ldap_connection.search(filter:, attributes: [:pudisplayname, :givenname, :sn, :uid, :edupersonprincipalname]);




10






UNCOV

61



      raise TigerData::LdapError, "More than one user matches supplied uid: #{uid}" if person.length > 1




10






UNCOV

62



      raise TigerData::LdapError, "No user with uid #{uid} found" if person.empty?




10






UNCOV

63



      user_from_ldap(person.first)




10






UNCOV

64



    end










65












66



  # Creates or updates a User from an LDAP entry.










67



  # @param ldap_person [Net::LDAP::Entry] an LDAP entry representing a person










68



  # @return [User, nil] the created or updated User, or nil if the LDAP entry is missing a edupersonprincipalname











UNCOV

69



    def user_from_ldap(ldap_person)




2






UNCOV

70



      return if check_for_malformed_ldap_entries(ldap_person)




18






UNCOV

71



      uid = ldap_person[:uid].first.downcase




15






UNCOV

72



      current_entries = User.where(uid:)




15






UNCOV

73



      if current_entries.empty?




15






UNCOV

74



        User.create(uid: , display_name: ldap_person[:pudisplayname].first,




14






UNCOV

75



                    family_name: ldap_person[:sn].first, given_name: ldap_person[:givenname].first,











UNCOV

76



                    email: ldap_person[:edupersonprincipalname].first, provider: "cas")











UNCOV

77



      else











UNCOV

78



        user = current_entries.first




1






UNCOV

79



        if user.display_name.blank?




1






UNCOV

80



          user.display_name = ldap_person[:pudisplayname].first




1






UNCOV

81



          user.family_name = ldap_person[:sn].first




1






UNCOV

82



          user.given_name = ldap_person[:givenname].first




1






UNCOV

83



          user.provider = "cas"




1






UNCOV

84



          user.save




1






UNCOV

85



        end











UNCOV

86



        user




1






UNCOV

87



      end











UNCOV

88



    end










89












90



    # If any required LDAP fields are missing, return true










91



    # @param ldap_person [Net::LDAP::Entry] an LDAP entry representing a person










92



    # @return [Boolean] true if the LDAP entry is missing required fields, false otherwise











UNCOV

93



    def check_for_malformed_ldap_entries(ldap_person)




2






UNCOV

94



      uid_blank = ldap_person[:uid].blank?




19






UNCOV

95



      edupersonprincipalname_blank = ldap_person[:edupersonprincipalname].blank?




19






UNCOV

96



      malformed = uid_blank || edupersonprincipalname_blank




19






UNCOV

97



      malformed




19






UNCOV

98



    end










99













UNCOV

100



    def default_ldap_connection




2






UNCOV

101



      @default_ldap_connection ||= Net::LDAP.new host: "ldap.princeton.edu", base: "o=Princeton University,c=US", port: 636,




11






UNCOV

102



                                                  encryption: {











UNCOV

103



                                                    method: :simple_tls,











UNCOV

104



                                                    tls_options: OpenSSL::SSL::SSLContext::DEFAULT_PARAMS











UNCOV

105



                                                  }











UNCOV

106



    end











UNCOV

107



  end











UNCOV

108



end
























    

  • 

    •