Fix: token exchange to filter only for ACTIVE products (#423)

Co-authored-by: Manuel Rafeli <[email protected]> Co-authored-by: andrea-putzu <[email protected]>
pagopa · Apr 24, 2024 · 94d363c · 94d363c
1 parent ed44ad2
commit 94d363c
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 3 deletions.
diff --git a/web/src/main/java/it/pagopa/selfcare/dashboard/web/security/ExchangeTokenServiceV2.java b/web/src/main/java/it/pagopa/selfcare/dashboard/web/security/ExchangeTokenServiceV2.java
@@ -12,6 +12,7 @@
 import it.pagopa.selfcare.dashboard.connector.api.ProductsConnector;
 import it.pagopa.selfcare.dashboard.connector.api.UserApiConnector;
 import it.pagopa.selfcare.dashboard.connector.model.groups.UserGroupInfo;
+import it.pagopa.selfcare.dashboard.connector.model.institution.RelationshipState;
 import it.pagopa.selfcare.dashboard.connector.model.product.Product;
 import it.pagopa.selfcare.dashboard.connector.model.user.OnboardedProduct;
 import it.pagopa.selfcare.dashboard.connector.model.user.User;
@@ -213,6 +214,7 @@ private Map<String, ProductGrantedAuthority> retrieveProductsFromInstitutionAndU
         userInstitution
                 .getProducts()
                 .stream()
+                .filter(product -> product.getStatus().equals(RelationshipState.ACTIVE))
                 .collect(groupingBy(OnboardedProduct::getProductId))
                 .forEach((key, value) -> map.put(key, new ProductGrantedAuthority(
                         value.get(0).getRole(),

diff --git a/web/src/test/java/it/pagopa/selfcare/dashboard/web/security/ExchangeTokenServiceV2Test.java b/web/src/test/java/it/pagopa/selfcare/dashboard/web/security/ExchangeTokenServiceV2Test.java
@@ -253,9 +253,17 @@ void exchange_noSessionTokenClaims() throws Exception {
         onboardedProduct.setRole(MANAGER);
         onboardedProduct.setProductId(productId);
         onboardedProduct.setProductRole("productRole");
+        onboardedProduct.setStatus(RelationshipState.ACTIVE);
+
+        OnboardedProduct onboardedProduct2 = new OnboardedProduct();
+        onboardedProduct2.setRole(MANAGER);
+        onboardedProduct2.setProductId(productId);
+        onboardedProduct2.setProductRole("productRole");
+        onboardedProduct2.setStatus(RelationshipState.DELETED);
+
 
         UserInstitution userInstitution = new UserInstitution();
-        userInstitution.setProducts(List.of(onboardedProduct));
+        userInstitution.setProducts(List.of(onboardedProduct, onboardedProduct2));
 
         UserApiConnector userApiConnector = mock(UserApiConnector.class);
         when(userApiConnector.getProducts(anyString(), anyString())).thenReturn(userInstitution);
@@ -296,6 +304,7 @@ void exchange_noInstitutionInfo() throws Exception {
         onboardedProduct.setRole(MANAGER);
         onboardedProduct.setProductId(productId);
         onboardedProduct.setProductRole("productRole");
+        onboardedProduct.setStatus(RelationshipState.ACTIVE);
 
         UserInstitution userInstitution = new UserInstitution();
         userInstitution.setProducts(List.of(onboardedProduct));
@@ -390,10 +399,29 @@ void exchange_nullGroupInfo(PrivateKey privateKey) throws Exception {
         OnboardedProduct onboardedProduct = new OnboardedProduct();
         onboardedProduct.setRole(MANAGER);
         onboardedProduct.setProductId(productId);
+        onboardedProduct.setStatus(RelationshipState.ACTIVE);
         onboardedProduct.setProductRole("productRole");
 
+        OnboardedProduct onboardedProduct2 = new OnboardedProduct();
+        onboardedProduct2.setRole(MANAGER);
+        onboardedProduct2.setProductId(productId);
+        onboardedProduct2.setStatus(RelationshipState.ACTIVE);
+        onboardedProduct2.setProductRole("productRole2");
+
+        OnboardedProduct onboardedProduct3 = new OnboardedProduct();
+        onboardedProduct3.setRole(MANAGER);
+        onboardedProduct3.setProductId(productId);
+        onboardedProduct3.setStatus(RelationshipState.DELETED);
+        onboardedProduct3.setProductRole("productRole3");
+
+        OnboardedProduct onboardedProduct4 = new OnboardedProduct();
+        onboardedProduct4.setRole(MANAGER);
+        onboardedProduct4.setProductId(productId);
+        onboardedProduct4.setStatus(RelationshipState.DELETED);
+        onboardedProduct4.setProductRole("productRole4");
+
         UserInstitution userInstitution = new UserInstitution();
-        userInstitution.setProducts(List.of(onboardedProduct));
+        userInstitution.setProducts(List.of(onboardedProduct, onboardedProduct2));
 
         UserApiConnector userApiConnector = mock(UserApiConnector.class);
         when(userApiConnector.getProducts(anyString(), anyString())).thenReturn(userInstitution);
@@ -429,7 +457,7 @@ void exchange_nullGroupInfo(PrivateKey privateKey) throws Exception {
         assertEquals(institutionId, institution.getId());
         assertEquals(institutionInfo.getTaxCode(), institution.getTaxCode());
         assertNotNull(institution.getRoles());
-        assertEquals(1, institution.getRoles().size());
+        assertEquals(2, institution.getRoles().size());
         assertFalse(exchangedClaims.containsKey("groups"));
         verify(jwtServiceMock, times(1))
                 .getClaims(any());
@@ -521,6 +549,13 @@ void exchange_ok(PrivateKey privateKey) throws Exception {
         onboardedProduct.setRole(MANAGER);
         onboardedProduct.setProductId(productId);
         onboardedProduct.setProductRole(productRole);
+        onboardedProduct.setStatus(RelationshipState.ACTIVE);
+
+        OnboardedProduct onboardedProduct2 = new OnboardedProduct();
+        onboardedProduct2.setRole(MANAGER);
+        onboardedProduct2.setProductId(productId);
+        onboardedProduct2.setProductRole(productRole+"2");
+        onboardedProduct2.setStatus(RelationshipState.DELETED);
 
 
         OnboardedProduct onboardedProduct2 = new OnboardedProduct();
@@ -644,6 +679,7 @@ void billingExchange_noSessionTokenClaims() throws Exception {
         OnboardedProduct onboardedProduct = new OnboardedProduct();
         onboardedProduct.setRole(MANAGER);
         onboardedProduct.setProductId(productId);
+        onboardedProduct.setStatus(RelationshipState.ACTIVE);
         onboardedProduct.setProductRole("productRole");
 
         UserInstitution userInstitution = new UserInstitution();
@@ -682,6 +718,7 @@ void billingExchange_noInstitutionInfo() throws Exception {
         OnboardedProduct onboardedProduct = new OnboardedProduct();
         onboardedProduct.setRole(MANAGER);
         onboardedProduct.setProductId(productId);
+        onboardedProduct.setStatus(RelationshipState.ACTIVE);
         onboardedProduct.setProductRole("productRole");
 
         UserInstitution userInstitution = new UserInstitution();