fix(agent): wrong user profile in enrollment

Signed-off-by: Thierry Bugier <tbugier@teclib.com>

inc/agent.class.php

@@ -1053,7 +1053,7 @@ protected static function checkChallengeCombinations($authFactors) {
     * @return array|bool
     */
    protected function enrollByInvitationToken($input) {
-      global $LOADED_PLUGINS;
+      global $LOADED_PLUGINS, $DB;
 
       $invitationToken  = isset($input['_invitation_token']) ? $input['_invitation_token'] : null;
       $email            = isset($input['_email']) ? $input['_email'] : null;
@@ -1306,6 +1306,14 @@ protected function enrollByInvitationToken($input) {
          return false;
       }
 
+      // Awful hack because the current user profile does not
+      // have more rights than the profile of the agent.
+      // @see User::post_addItem
+      $profileId = $config['agent_profiles_id'];
+      $agentUserId = $agentAccount->getID();
+      $DB->query("UPDATE `glpi_profiles_users` SET `profiles_id` = '$profileId'
+                  WHERE `users_id` = '$agentUserId'");
+
       $agentToken = User::getToken($agentAccount->getID(), 'api_token');
       if ($agentToken === false) {
          $event = __('Cannot create the API token for the agent', 'flyvemdm');

tests/suite-install/Config.php

@@ -92,6 +92,16 @@ public function testInstallPlugin() {
          'mqtt_broker_internal_address' => '127.0.0.1',
       ]);
 
+      $config = \Config::getConfigurationValues('flyvemdm');
+
+      // Test an agent's user profile exists
+      $this->integer((int) $config['agent_profiles_id'])->isGreaterThan(0);
+      $agentProfileId = $config['agent_profiles_id'];
+      $profile = new \Profile();
+      $profile->getFromDB($agentProfileId);
+      $this->boolean($profile->isNewItem())->isFalse();
+      $this->string($profile->getField('name'))->isEqualTo('Flyve MDM device agent users');
+
       // Force the MQTT backend's credentials
       // Useful to force the credientials to be the same as a development database
       // and not force broker's reconfiguration when launching tests on the test-dedicates DB
@@ -117,7 +127,7 @@ public function testInstallPlugin() {
    }
 
    /**
-    * Configure GLPI to isntall the plugin
+    * Configure GLPI to install the plugin
     */
    private function configureGLPI() {
       global $CFG_GLPI;

tests/suite-integration/PluginFlyvemdmAgent.php

@@ -106,6 +106,8 @@ public function testDeviceCountLimit() {
     * @tags testEnrollAgent
     */
    public function testEnrollAgent() {
+      global $DB;
+
       // Set a computer type
       $computerTypeId = 3;
       \Config::setConfigurationValues('flyvemdm', ['computertypes_id' => $computerTypeId]);
@@ -241,6 +243,26 @@ public function testEnrollAgent() {
       // Test the agent user does not have a password
       $this->boolean(empty($agentUser->getField('password')))->isTrue();
 
+      // Test the agent's user has the expected DEFAULT profile
+      $config = \Config::getConfigurationValues('flyvemdm', ['agent_profiles_id']);
+      $this->integer((int) $agentUser->getField('profiles_id'))->isEqualTo($config['agent_profiles_id']);
+
+      // Test the agent's user has the expected profile
+      $iterator = $DB->request([
+         'FROM'  => \Profile_User::getTable(),
+         'WHERE' => [
+            \User::getForeignKeyField() => $agentUser->getID(),
+         ],
+      ]);
+      $this->integer($iterator->count())->isEqualTo(1);
+      // We know that only 1 row wil be found, then the following must succeed
+      $profileUser = new \Profile_User();
+      $profileUser->getFromDBByCrit([
+         \User::getForeignKeyField() => $agentUser->getID(),
+      ]);
+      $this->boolean($profileUser->isNewItem())->isFalse();
+      $this->integer((int) $profileUser->getField('profiles_id'))->isEqualTo($config['agent_profiles_id']);
+
       // Test the agent user has an api token
       $this->string($agentUser->getField('api_token'))->isNotEmpty();