Add creating user to a service class #32857
Conversation
Codecov Report
@@ Coverage Diff @@
## master #32857 +/- ##
=============================================
- Coverage 64.06% 47.88% -16.18%
=============================================
Files 1190 109 -1081
Lines 69047 10448 -58599
Branches 1271 1271
=============================================
- Hits 44234 5003 -39231
+ Misses 24443 5075 -19368
Partials 370 370
Continue to review full report at Codecov.
|
sharidas
force-pushed
the
move-createuser-toservice
branch
2 times, most recently
from
718bc05
to
77f025c
Compare
sharidas
changed the title
sharidas
force-pushed
the
move-createuser-toservice
branch
4 times, most recently
from
f9bc134
to
545c763
Compare
|
Ouch.. When I run the unit test individually, I don't get failure. Will re-check again and try to fix this. |
sharidas
force-pushed
the
move-createuser-toservice
branch
from
545c763
to
edceaa7
Compare
| * @param IAvatarManager $avatarManager | ||
| * @param EventDispatcherInterface $eventDispatcher | ||
| */ | ||
| public function __construct(IUserSession $userSession, IGroupManager $groupManager, |
There was a problem hiding this comment.
Having 14 dependencies in a class is a sympton of things made wrong. Is the class really that complex, or maybe the class can be splitted in two or more?
| */ | ||
| public function create($username, $password, array $groups= [], $email='') { | ||
| if ($email !== '' && !$this->mailer->validateMailAddress($email)) { | ||
| return new DataResponse( |
There was a problem hiding this comment.
A service implies that the code will be executed deep down the architecture, as such it shouldn't care about DataResponse nor translations because it will be handled somewhere on top (in a controller, command, or similar)
| $this->appManager = $appManager; | ||
| $this->avatarManager = $avatarManager; | ||
| $this->eventDispatcher = $eventDispatcher; | ||
| $this->isAdmin = $this->isAdmin(); |
There was a problem hiding this comment.
I'd rather move these checks out and leave only injected objects in the constructor. Moving them out should help with the tests because other methods should use the private isAdmin() method call instead of an attribute set here.
Consider to use caching if the check is heavy, but caching should be provided by the method.
| } | ||
|
|
||
| /** | ||
| * @param $username |
| $password = $this->secureRandom->generate(20); | ||
| } | ||
| } | ||
| $user = $this->userManager->createUser($username, $password); |
There was a problem hiding this comment.
If both password and email are empty, we still try to create the user with username and password. It seems wrong.
| ); | ||
| } | ||
|
|
||
| if ($user instanceof User) { |
There was a problem hiding this comment.
I'd prefer to use if ($user !== false). In fact, I'd rather have a if ($user === false) and include the error code there. We expect the user to be created.
|
|
||
| /** | ||
| * @param string $userId | ||
| * @param string $email |
There was a problem hiding this comment.
missing @throws \Exception (specially for a public method)
| return $this->groupManager->isAdmin($activeUser->getUID()); | ||
| } | ||
| // Check if it is triggered from command line | ||
| if (\OC::$CLI) { |
There was a problem hiding this comment.
Any chance to avoid this check? The service should work the same regardless of being executed by cli or not, plus this should be covered by unittests.
| * @param array $userGroups | ||
| * @return array | ||
| */ | ||
| public function formatUserForIndex(IUser $user, array $userGroups = null) { |
There was a problem hiding this comment.
Why this method is public when it's only called inside this class? Either make it private or include a comment explaining the expected scenarios where this method will be called from other classes.
| try { | ||
| $avatarAvailable = $this->avatarManager->getAvatar($user->getUID())->exists(); | ||
| } catch (\Exception $e) { | ||
| //No avatar yet |
There was a problem hiding this comment.
Log something here, even if it's just a debug message. If something goes wrong getting the avatar, this will be impossible to detect, debug and fix. Note that you're catching any exception even the NobodyExpectsTheSpanishInquisitionException that could happen uploading such file as avatar (it's a joke, but ilustrates why it's a bad idea swallowing exceptions like this)
|
I've just checked the |
sharidas
force-pushed
the
move-createuser-toservice
branch
from
edceaa7
to
821cd77
Compare
| * use one time. The new user has to reset it using the link | ||
| * from email. | ||
| */ | ||
| $event = new GenericEvent(); |
There was a problem hiding this comment.
Any chance of using a custom event instead of a generic one? A custom event would be better because it can have a specific method to set the password we want to use, as well as document what exceptions are allowed to be thown from the event handler, if any.
There was a problem hiding this comment.
Added a new custom event. Let me know if this looks ok. As part of this change I made modification to password_policy app. Hence owncloud/password_policy#154, needs review too.
| throw new CannotCreateUserException($message); | ||
| } | ||
|
|
||
| if ($user instanceof User) { |
There was a problem hiding this comment.
It might be better to reverse the logic:
if ($user === null) {
throw new CannotCreateUserException(....);
}
There was a problem hiding this comment.
Updated as per the suggestion.
| return $this->groupManager->isAdmin($activeUser->getUID()); | ||
| } | ||
| // Check if it is triggered from command line | ||
| if (\OC::$CLI) { |
There was a problem hiding this comment.
any chance not to depend on this static variable?
There was a problem hiding this comment.
Removed the dependency with the static variable.
sharidas
force-pushed
the
move-createuser-toservice
branch
from
821cd77
to
5fb16a8
Compare
| * use one time. The new user has to reset it using the link | ||
| * from email. | ||
| */ | ||
| $passwordCreateEvent = new UserPasswordCreateEvent(UserPasswordCreateEvent::CREATE_PASSWORD, []); |
There was a problem hiding this comment.
We have to keep backwards compatibility. I don't think we have a migration path for these events yet, so it's better not to touch it.
My point is that we can't assume that the app will be updated, or even use the new event. The apps need to work anyway. If the app is still using the old GenericEvent it will likely crash.
The idea is fine, but the old event still needs to be thrown. Maybe @PVince81 can decide how and when we want to move this forward.
There was a problem hiding this comment.
I have reverted the code and brought back the GenericEvent.
| return $this->groupManager->isAdmin($activeUser->getUID()); | ||
| } | ||
| // Check if it is triggered from command line | ||
| $cli = \in_array(\php_sapi_name(), ['cli']); |
There was a problem hiding this comment.
The point of touching this was to make unittests easier. Even though the tests should mainly test public methods, all the code in the class should be covered by those unittests. Right now, this isn't possible because the php_sapi_name can't be mocked, which means that this method will never return false, and the corresponding code path won't be covered by unittests.
If you can't find a better solution, use the previous code (using the OC::$CLI) because we can change it inside the tests.
There was a problem hiding this comment.
I have moved php_sapi_name to a method so that it can be mocked.
sharidas
force-pushed
the
move-createuser-toservice
branch
from
5fb16a8
to
7036014
Compare
sharidasan
force-pushed
the
move-createuser-toservice
branch
3 times, most recently
from
d61b730
to
1b65bab
Compare
apps/provisioning_api/lib/Users.php
Outdated
| @@ -156,13 +164,27 @@ public function addUser() { | |||
| } | |||
|
|
|||
| try { | |||
| $newUser = $this->userManager->createUser($userId, $password); | |||
| $this->logger->info('Successful addUser call with userid: '.$userId, ['app' => 'ocs_api']); | |||
| $password = ($password === null) ? '' : $password; | |||
There was a problem hiding this comment.
this can be done above, as part of the initialization (where all the isset($_POST[...]) are)
| * @param string $username | ||
| * @param string $password can be empty string, else string for password | ||
| * @param string $email | ||
| * @return bool|\OCP\IUser when user is created else false |
There was a problem hiding this comment.
I still don't know when the boolean value is returned. You're either returning the created user object or throwing an exception. If the created user object is false, you're also throwing an exception.
apps/provisioning_api/lib/Users.php
Outdated
| $userAddedToGroups = ($groups === null) ? [null] : $groups; | ||
| $user = $this->createUserService->createUser($userId, $password, $emailAddress); | ||
| if ($user instanceof User) { | ||
| $newUser = $this->userManager->get($userId); |
There was a problem hiding this comment.
This seems pointless. You should already have the instance from the createUser call.
| } | ||
|
|
||
| /** | ||
| * Add user to the groups |
There was a problem hiding this comment.
Just reading this I assume that, if for whatever reason the user can't be added to a group (It's an LDAP group, or there is a problem saving the data), the function will return false. This isn't true because the function will return true as long as the user is added to just one group.
There is also no clarification about what happens if the user isn't added to a group: should the code ignore it? should remove the assignment to previous groups and abort?
Clarify the expected behaviour and fix whatever is needed.
There was a problem hiding this comment.
Updated the doc. Let me know if this sounds reasonable.
apps/provisioning_api/lib/Users.php
Outdated
|
|
||
| if (\is_array($groups)) { | ||
| $result = $this->createUserService->addUserToGroups($user, $userAddedToGroups); | ||
| if ($result === false) { | ||
| $this->logger->error("User $userId could not be added to groups"); |
There was a problem hiding this comment.
It might be nice to know what are those groups
There was a problem hiding this comment.
With the latest change, the user should be able to know about the groups which are not added.
core/Command/User/Add.php
Outdated
| } | ||
| } else { | ||
| $output->writeln("<error>Interactive input or --password-from-env is needed for entering a password!</error>"); | ||
| return 1; |
There was a problem hiding this comment.
Try to return different values for each error type. This will help to identify what happened if these commands are used in a script.
core/routes.php
Outdated
| ['name' => 'user#setPassword', 'url' => '/setpassword/{token}/{userId}', 'verb' => 'POST'], | ||
| ['name' => 'user#resendToken', 'url' => '/resend/token/{userId}', 'verb' => 'POST'], | ||
| ['name' => 'user#setPasswordForm', 'url' => '/setpassword/form/{token}/{userId}', 'verb' => 'GET'], | ||
| ['name' => 'avatar#getAvatar', 'url' => '/avatar/{userId}/{size}', 'verb' => 'GET'], |
| public function addUserToGroups(IUser $user, array $groups= []) { | ||
| $currentUser = $this->userSession->getUser(); | ||
| if (!$this->isAdmin($currentUser)) { | ||
| if (!empty($groups)) { |
There was a problem hiding this comment.
You might want to add a comment to explain what you're doing here, or extract this piece to another function. The code seems big, and I'm pretty sure you aren't add users to groups here.
It's fine to have some setup or preparation, but if it's too big it might be confusing.
| if (!empty($groups)) { | ||
| foreach ($groups as $key => $group) { | ||
| $groupObject = $this->groupManager->get($group); | ||
| if ($groupObject === null) { |
There was a problem hiding this comment.
if ($groupObject === null || !$this->isSubadminOfGroup($currentUser, $groupObject))
In fact, you can move the check for null inside the isSubadminOfGroup function to simplify this piece.
| return $this->groupManager->isAdmin($currentUser->getUID()); | ||
| } | ||
| // Check if it is triggered from command line | ||
| $cli = \OC::$CLI; |
There was a problem hiding this comment.
just return \OC::$CLI. It's more straightforward
sharidasan
force-pushed
the
move-createuser-toservice
branch
3 times, most recently
from
aded134
to
a1ce6f6
Compare
apps/provisioning_api/lib/Users.php
Outdated
| $user = $this->userSession->getUser(); | ||
| $isAdmin = $this->groupManager->isAdmin($user->getUID()); | ||
| $subAdminManager = $this->groupManager->getSubAdmin(); | ||
| $password = ($password === null) ? '' : $password; |
There was a problem hiding this comment.
move it upper, line 135. Initialize the same way you're doing with the emailAddress.
apps/provisioning_api/lib/Users.php
Outdated
| @@ -156,13 +165,28 @@ public function addUser() { | |||
| } | |||
|
|
|||
| try { | |||
| $newUser = $this->userManager->createUser($userId, $password); | |||
| $this->logger->info('Successful addUser call with userid: '.$userId, ['app' => 'ocs_api']); | |||
| $groups = ($groups === null) ? [null] : $groups; | |||
There was a problem hiding this comment.
is this needed? any more clear way to do it?
apps/provisioning_api/lib/Users.php
Outdated
| $this->logger->info('Successful addUser call with userid: '.$userId, ['app' => 'ocs_api']); | ||
| $groups = ($groups === null) ? [null] : $groups; | ||
| $newUser = $this->createUserService->createUser($userId, $password, $emailAddress); | ||
| if ($newUser instanceof User) { |
There was a problem hiding this comment.
This check doesn't seem to be needed.
| * | ||
| * @param IUser $user | ||
| * @param array $groups contains array of group names | ||
| * @return array with bool, true if user is added to groups, else false, and array of groups failed to add user |
There was a problem hiding this comment.
It's better to return just the list of groups that weren't added. We can assume that if the returned list is empty, the user has been added to all the groups correctly.
apps/provisioning_api/lib/Users.php
Outdated
| if ($result === false) { | ||
| $failedGroups = \implode(',', $failedGroups); | ||
| $this->logger->error("User $userId could not be added to groups " . $failedGroups); | ||
| } | ||
| foreach ($groups as $group) { |
There was a problem hiding this comment.
this seems to be duplicated. The user should have been added to the groups with the addUserToGroups
core/Command/User/Add.php
Outdated
| return 7; | ||
| } else { | ||
| foreach ($groupInput as $groupName) { | ||
| if ($this->groupManager->isInGroup($uid, $groupName)) { |
There was a problem hiding this comment.
Knowing the groups that have failed, you should know what are the ones that succeeded, no need to ask the groupManager.
| * @param array $groups contains group names | ||
| * @return array | ||
| */ | ||
| private function setUpGroupsForUser(IUser $currentUser, $groups) { |
There was a problem hiding this comment.
I don't think the name reflects what the function does. I don't get what this function is for.... assuming that the currentUser is a subadmin, make sure the $groups fall into the groups controlled by the subadmin? If this is it, we might need to have a look at this because this seems quite complex for that.
| * | ||
| * @param IUser $user | ||
| * @param array $groups contains array of group names | ||
| * @return array with bool, true if user is added to groups or if no groups are there, else false, and array of groups failed to add user |
There was a problem hiding this comment.
if feels better if you just return the list of failed groups. If the list is empty, the user has been added to all the groups, so no need to return the boolean.
| $userAddedToGroup = false; | ||
| if (\count($groups) >= 1) { | ||
| foreach ($groups as $groupName) { | ||
| if ($groupName !== null) { |
There was a problem hiding this comment.
Any reason to check for null here? I expect the list not to contain any null, otherwise we'll likely be doing something wrong somewhere.
There was a problem hiding this comment.
This null check comes from https://github.com/owncloud/core/pull/32857/files#r227814464
| if (empty($groupObject)) { | ||
| $groupObject = $this->groupManager->createGroup($groupName); | ||
| } | ||
| $groupObject->addUser($user); |
There was a problem hiding this comment.
I think the addUser doesn't return anything, so we don't know whether the user has been effectively added to the group or not (it doesn't throw any "known" exception as far as I know). It might be interesting to add a parameter to indicate whether we should explicitly check here if the user has been added or not.
sharidasan
force-pushed
the
move-createuser-toservice
branch
from
a1ce6f6
to
0307c4b
Compare
|
|
sharidasan
force-pushed
the
move-createuser-toservice
branch
5 times, most recently
from
ca3a5bd
to
4791191
Compare
Moving creation of user to a service class. Signed-off-by: Sujith H <sharidasan@owncloud.com>
apps/provisioning_api/lib/Users.php
Outdated
| @@ -126,7 +133,9 @@ public function getUsers() { | |||
| public function addUser() { | |||
| $userId = isset($_POST['userid']) ? $_POST['userid'] : null; | |||
| $password = isset($_POST['password']) ? $_POST['password'] : null; | |||
| $password = ($password === null) ? '' : $password; | |||
There was a problem hiding this comment.
This isn't needed.
$password = isset($_POST['password']) ? $_POST['password'] : ''
apps/provisioning_api/lib/Users.php
Outdated
| @@ -156,13 +165,15 @@ public function addUser() { | |||
| } | |||
|
|
|||
| try { | |||
| $newUser = $this->userManager->createUser($userId, $password); | |||
| $groups = ($groups === null) ? [] : $groups; | |||
There was a problem hiding this comment.
Move this above, as part of the initiailization. Also do the same as with the password. Also make sure the variable is always an array.
apps/provisioning_api/lib/Users.php
Outdated
| @@ -156,13 +165,15 @@ public function addUser() { | |||
| } | |||
|
|
|||
| try { | |||
| $newUser = $this->userManager->createUser($userId, $password); | |||
| $groups = ($groups === null) ? [] : $groups; | |||
| $newUser = $this->createUserService->createUser($userId, $password, $emailAddress); | |||
| $this->logger->info('Successful addUser call with userid: '.$userId, ['app' => 'ocs_api']); | |||
|
|
|||
| if (\is_array($groups)) { | |||
There was a problem hiding this comment.
we should try to remove this check by making sure this will always be an array.
There was a problem hiding this comment.
Removed the check. And one round of manual testing it was working. Will re-check again.
core/Command/User/Add.php
Outdated
| $failedGroups = $this->createUserService->addUserToGroups($newUser, $groupInput); | ||
| if (\count($failedGroups) > 0) { | ||
| $failedGroups = \implode(',', $failedGroups); | ||
| $output->writeln('<warning>Unable to add user: ' . $uid . ' to groups ' . $failedGroups . '.</warning>'); |
There was a problem hiding this comment.
try to use string interpolation as much as possible.
There was a problem hiding this comment.
Mostly done. Need to re-check again.
core/Command/User/Add.php
Outdated
| return 7; | ||
| } else { | ||
| foreach ($groupInput as $groupName) { | ||
| if ($this->groupManager->isInGroup($uid, $groupName)) { |
There was a problem hiding this comment.
This check is already done in the addUserToGroups, no need to duplicate.
| // init some group shares. | ||
| Filesystem::init($user->getUID(), ''); | ||
| } | ||
| $newUser = $this->createUserService->createUser($uid, $password, $email); |
There was a problem hiding this comment.
double-check if there is any difference with the code added above. Move the code to a private function if possible to avoid the duplication.
| public function addUserToGroups(IUser $user, array $groups= [], $checkInGroup = true) { | ||
| $failedToAdd = []; | ||
|
|
||
| if (\count($groups) >= 1) { |
There was a problem hiding this comment.
This shouldn't be needed. The loop won't be executed if the array is empty.
|
|
||
| if (\count($groups) >= 1) { | ||
| foreach ($groups as $groupName) { | ||
| if ($groupName !== '') { |
| if ($checkInGroup && !$this->groupManager->isInGroup($user->getUID(), $groupName)) { | ||
| $failedToAdd[] = $groupName; | ||
| } else { | ||
| $this->logger->info('Added userid ' . $user->getUID() . ' to group ' . $groupObject->getGID()); |
There was a problem hiding this comment.
I'd prefer to remove this log because it might be inaccurate, at least with the current code. If the checkInGroup is false, the user might be be added but we'll show a log stating that the user has been added. This will be very troublesome to debug.
Update the provisioning api for new user registration with email. Signed-off-by: Sujith H <sharidasan@owncloud.com>
sharidasan
force-pushed
the
move-createuser-toservice
branch
from
4791191
to
2c8c0b5
Compare
|
outdated -> close |
|
Reopening this PR again. |
|
@sharidas This PR seems very outdated. Wouldn't it be better to start from scratch? |
|
As discussed in #35777 the master branch will from now on hold the ownCloud 10 codebase. This PR targetted ownCloud 11 which is postponed to a far distant future. Because of that I'm closing this PR and kindly ask you to re-submit this PR in a few days. Thanks a lot for your patience |
Moving creation of user to a service class.
Signed-off-by: Sujith H sharidasan@owncloud.com
Description
Add the create user to a service class. It is moved from user_management apps UsersController.
Related Issue
Motivation and Context
Add the create user to a service class. It is moved from user_management apps UsersController. This will help us in integrating the change with the
user:addcommand support creating users with username and email address.How Has This Been Tested?
Screenshots (if appropriate):
Types of changes
Checklist:
Open tasks: