Skip to content

Add api endpoint for setting user password to be handled by moocfi #589

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 20 commits into
base: master
Choose a base branch
from
Open

Add api endpoint for setting user password to be handled by moocfi #589

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
20 commits
Select commit Hold shift + click to select a range
b25a155
Add api endpoint for setting user password to be handled by moocfi
Redande Jul 10, 2025
28d495e
Validate request payload
Redande Jul 10, 2025
7a0ee92
Lessen code complexity for codeclimate
Redande Jul 10, 2025
17105ed
Further lessen code complexity
Redande Jul 10, 2025
e8e9296
Fix model spec
Redande Jul 10, 2025
c700924
Prune docker before spec_models
Redande Jul 11, 2025
a016ffd
Revert docker pruning before spec_models
Redande Jul 11, 2025
4940b77
Specify courses.mooc.fi, delete password details from db
Redande Jul 12, 2025
7f192b6
Add migration file, fix rubocop error
Redande Jul 12, 2025
d71bdd8
Update factorybot user for specs
Redande Jul 12, 2025
968b875
Don't call @user.save twice
Redande Jul 13, 2025
ce1f10a
Authenticate via courses.mooc.fi if boolean true
Redande Jul 15, 2025
e0cdbae
Use rest-client for authentication request
Redande Jul 22, 2025
a900bc5
Update password through courses if boolean is set
Redande Jul 22, 2025
0286f75
Add courses.mooc.fi user id to users-table
Redande Jul 23, 2025
cc333a4
User courses.mooc.fi user id instead of email
Redande Jul 23, 2025
0794e94
Add courses.mooc.fi user id when moving password management
Redande Jul 23, 2025
9f486e5
Authorize requests to courses.mooc.fi
Redande Jul 28, 2025
a38d633
Add enpoint for getting user details by email
Redande Aug 26, 2025
3e86cc4
Remove unnecessary logging
Redande Aug 26, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 7 additions & 7 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v2
with:
with:
submodules: false
- name: Setup git submodules
run: |
Expand All @@ -29,7 +29,7 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v2
with:
with:
submodules: false
- name: Setup git submodules
run: |
Expand All @@ -47,7 +47,7 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v2
with:
with:
submodules: false
- name: Setup git submodules
run: |
Expand All @@ -65,7 +65,7 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v2
with:
with:
submodules: false
- name: Setup git submodules
run: |
Expand All @@ -83,7 +83,7 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v2
with:
with:
submodules: false
- name: Setup git submodules
run: |
Expand All @@ -101,7 +101,7 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v2
with:
with:
submodules: false
- name: Setup git submodules
run: |
Expand All @@ -112,4 +112,4 @@ jobs:
- name: Setup database & test env
run: docker compose run web bin/rake db:create db:schema:load RAILS_ENV=test
- name: Run spec_integration tests
run: docker compose run web bin/spec_integration
run: docker compose run web bin/spec_integration
7 changes: 7 additions & 0 deletions app/controllers/api/v8/apidocs_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,13 @@ class ApidocsController < ActionController::Base
key :required, true
key :type, :integer
end
parameter :path_user_email do
key :name, :user_email
key :in, :path
key :description, "User's email"
key :required, true
key :type, :string
end
parameter :path_exercise_id do
key :name, :exercise_id
key :in, :path
Expand Down
110 changes: 102 additions & 8 deletions app/controllers/api/v8/users_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,54 @@ class UsersController < Api::V8::BaseController
end
end

swagger_path '/api/v8/users/{user_id}/set_password_managed_by_courses_mooc_fi' do
operation :post do
key :description, 'Sets the boolean password_managed_by_courses_mooc_fi for the user with the given id to true.'
key :operationId, 'setPasswordManagedByCoursesMoocFi'
key :produces, ['application/json']
key :tags, ['user']
parameter '$ref': '#/parameters/user_id'
response 403, '$ref': '#/responses/error'
response 404, '$ref': '#/responses/error'
response 200 do
key :description, "status 'ok' and sets the boolean password_managed_by_courses_mooc_fi to true"
schema do
key :title, :status
key :required, [:status]
property :status, type: :string, example: 'Password managed by courses.mooc.fi set to true and password deleted.'
end
end
end
end

swagger_path '/api/v8/users/get_user_with_email?email={email}' do
operation :get do
key :description, "Returns the user's id as upstream_id, user's courses.mooc.fi-id as id, email, first name and last name by user email"
key :operationId, 'getUserInformationByEmail'
key :produces, ['application/json']
key :tags, ['user']
parameter '$ref': '#/parameters/user_email'
response 403, '$ref': '#/responses/error'
response 404, '$ref': '#/responses/error'
response 200 do
key :description, "User's courses.mooc.fi-id as id, email, first name, last name and id as upstream_id as json"
key :content, 'application/json'
schema do
key :title, :user
key :required, [:user]
key :type, :object
property :id, type: :string, description: "User's courses.mooc.fi user id", example: 'ABCD1234-5678-EFGH-IJ90-ABC123DEF456'
property :email, type: :string, description: 'User email', example: '[email protected]'
property :first_name, type: :string, description: 'User first name', example: 'John'
property :last_name, type: :string, description: 'User last name', example: 'Doe'
property :upstream_id, type: :integer, description: "User's user id in TMC database", example: 123
end
end
end
end

skip_authorization_check only: %i[set_password_managed_by_courses_mooc_fi]

def show
unauthorize_guest! if current_user.guest?
user = current_user
Expand Down Expand Up @@ -103,19 +151,13 @@ def create
set_extra_data

if BannedEmail.banned?(@user.email)
return render json: {
success: true,
message: 'User created.'
}
return render json: build_success_response(params[:include_id])
end

if @user.errors.empty? && @user.save
# TODO: Whitelist origins
UserMailer.email_confirmation(@user, params[:origin], params[:language]).deliver_now
render json: {
success: true,
message: 'User created.'
}
render json: build_success_response(params[:include_id])
else
errors = @user.errors
errors[:username] = errors.delete(:login) if errors.key?(:login)
Expand Down Expand Up @@ -149,6 +191,43 @@ def update
}, status: :bad_request
end

def set_password_managed_by_courses_mooc_fi
only_admins!

User.transaction do
user = User.find_by!(id: params[:id])
user.password_managed_by_courses_mooc_fi = true
user.password_hash = nil
user.salt = nil
user.argon_hash = nil
user.courses_mooc_fi_user_id = params[:courses_mooc_fi_user_id]
raise ActiveRecord::Rollback if !user.errors.empty? || !user.save
return render json: {
status: 'Password managed by courses.mooc.fi set to true and password deleted.'
}
end
render json: {
errors: @user.errors
}, status: :bad_request
end

def get_user_with_email
unauthorize_guest! if current_user.guest?

user = User.find_by!(email: params[:email])
authorize! :read, user

name = UserFieldValue.where(user_id: user.id, field_name: ['first_name', 'last_name']).pluck(:field_name, :value).to_h

render json: {
id: user.courses_mooc_fi_user_id,
email: user.email,
first_name: name['first_name'],
last_name: name['last_name'],
upstream_id: user.id,
}
end

private
def set_email
user_params = params[:user]
Expand Down Expand Up @@ -189,6 +268,10 @@ def set_password
end

def maybe_update_password
if @user.password_managed_by_courses_mooc_fi && @user.courses_mooc_fi_user_id.present?
return @user.update_password_via_courses_mooc_fi(@user.courses_mooc_fi_user_id, user_params[:old_password], user_params[:password])
end

if params[:old_password].present? && params[:password].present?
if [email protected]_password?(params[:old_password])
@user.errors.add(:old_password, 'incorrect')
Expand Down Expand Up @@ -229,6 +312,17 @@ def set_extra_data(eager_save = false)
datum.save! if eager_save
end
end

def build_success_response(include_id = false)
response = {
success: true,
message: 'User created.',
}
if include_id
response[:id] = @user.id
end
response
end
end
end
end
4 changes: 4 additions & 0 deletions app/controllers/settings_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,6 +86,10 @@ def set_email
end

def maybe_update_password(user, user_params)
if user.password_managed_by_courses_mooc_fi && user.courses_mooc_fi_user_id.present?
return user.update_password_via_courses_mooc_fi(user.courses_mooc_fi_user_id, user_params[:old_password], user_params[:password])
end

if user_params[:old_password].present? || user_params[:password].present?
if !user.has_password?(user_params[:old_password])
user.errors.add(:old_password, 'incorrect')
Expand Down
4 changes: 4 additions & 0 deletions app/controllers/users_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -179,6 +179,10 @@ def set_password
end

def maybe_update_password(user, user_params)
if user.password_managed_by_courses_mooc_fi && user.courses_mooc_fi_user_id.present?
return user.update_password_via_courses_mooc_fi(user.courses_mooc_fi_user_id, user_params[:old_password], user_params[:password])
end

if user_params[:old_password].present? || user_params[:password].present?
if !user.has_password?(user_params[:old_password])
user.errors.add(:old_password, 'incorrect')
Expand Down
66 changes: 66 additions & 0 deletions app/models/user.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,7 @@
# frozen_string_literal: true

require 'rest-client'

class User < ApplicationRecord
include Comparable
include Gravtastic
Expand Down Expand Up @@ -146,9 +148,73 @@ def self.authenticate(login, submitted_password)
user = find_by(login: login)
user ||= find_by('lower(email) = ?', login.downcase)
return nil if user.nil?
user if user.password_managed_by_courses_mooc_fi && user.courses_mooc_fi_user_id.present? && authenticate_via_courses_mooc_fi(user.courses_mooc_fi_user_id, submitted_password)
user if user.has_password?(submitted_password)
end

def authenticate_via_courses_mooc_fi(courses_mooc_fi_user_id, submitted_password)
auth_url = SiteSetting.value('courses_mooc_fi_auth_url')
response = RestClient.post(
auth_url,
{
user_id: courses_mooc_fi_user_id,
password: submitted_password,
}.to_json,
{
content_type: :json,
accept: :json,
Authorization: Rails.application.secrets.tmc_server_secret_for_communicating_to_secret_project,
}
)

data = JSON.parse(response.body)
unless data['authenticated'] == true
raise "Authentication via courses.mooc.fi failed for #{email}"
end

true
rescue RestClient::Unauthorized, RestClient::Forbidden
raise "Authentication rejected by courses.mooc.fi for #{email}"
rescue RestClient::ExceptionWithResponse => e
Rails.logger.error("Authentication via courses.mooc.fi error: #{e.response}")
raise "Authentication via courses.mooc.fi failed: #{e.message}"
rescue => e
Rails.logger.error("Unexpected error during authentication via courses.mooc.fi: #{e.message}")
raise "Unexpected error while authenticating via courses.mooc.fi: #{e.message}"
end

def update_password_via_courses_mooc_fi(courses_mooc_fi_user_id, old_password, new_password)
update_url = SiteSetting.value('courses_mooc_fi_update_password_url')

response = RestClient.put(
update_url,
{
user_id: courses_mooc_fi_user_id,
old_password: old_password,
new_password: new_password,
}.to_json,
{
content_type: :json,
accept: :json,
Authorization: Rails.application.secrets.tmc_server_secret_for_communicating_to_secret_project,
}
)

data = JSON.parse(response.body)

unless data['updated'] == true
raise "Updating password via courses.mooc.fi failed for user with courses.mooc.fi-user-id #{courses_mooc_fi_user_id}"
end

true
rescue RestClient::ExceptionWithResponse => e
Rails.logger.error("Updating password via courses.mooc.fi failed for user with courses.mooc.fi-user-id #{courses_mooc_fi_user_id}: #{e.response}")
false
rescue => e
Rails.logger.error("Unexpected error updating password via courses.mooc.fi for user with courses.mooc.fi-user-id #{courses_mooc_fi_user_id}: #{e.message}")
false
end

def password_reset_key
action_tokens.find { |t| t.action == 'reset_password' }
end
Expand Down
2 changes: 2 additions & 0 deletions config/routes.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,6 +59,8 @@
resources :request_deletion, only: [:create], module: :users
resources :assistantships, module: :users, only: :index
resources :teacherships, module: :users, only: :index
post :set_password_managed_by_courses_mooc_fi, on: :member
get :get_user_with_email, on: :collection
end

resources :user_app_datum, only: [:index]
Expand Down
5 changes: 5 additions & 0 deletions db/migrate/20250711214850_add_password_managed_by_courses_mooc_fi_to_users.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
class AddPasswordManagedByCoursesMoocFiToUsers < ActiveRecord::Migration[7.1]
def change
add_column :users, :password_managed_by_courses_mooc_fi, :boolean, default: false, null: false
end
end
6 changes: 6 additions & 0 deletions db/migrate/20250723122117_add_courses_mooc_fi_user_id_to_users.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
class AddCoursesMoocFiUserIdToUsers < ActiveRecord::Migration[7.1]
def change
add_column :users, :courses_mooc_fi_user_id, :string
add_index :users, :courses_mooc_fi_user_id, unique: true
end
end
Loading