[#175227073] Allow updating ADB2C User and introduce Token Name management on Create/Update operations

[AleDore]

This PR is intended to manage ADB2C custom attribute Token Name, in order to allow existing CreateUser and the brand new UpdateUser to manage this custom attribute.

[pagopa-github-bot]

Affected stories

• 🌟 #175227073: Come ADM, vorrei poter settare l' attributo Token Name all' interno degli attributi custom di B2C programmaticamente.

Generated by 🚫 dangerJS

[francescopersico]

When you update a user, setting a different token_name, what happens to already created service? The token_name in the services remains the old one. Can it be a problem?

[gunzip]

The ratio here is that attributes on user account are default values for newly create services, so I think it's not a problem if the old services maintain the old token name (it must be documented)

[AleDore]

When you update a user, setting a different token_name, what happens to already created service? The token_name in the services remains the old one. Can it be a problem?

Since this operation will be performed only by administrators, I think it will be used only for newly accounts or on existing ones, that will be enabled after the test's phase. It shouldn't be a problem if old services maintain the old token name.

[balanza]

Should we decode userPayload? It's an input, it can be anything

[AleDore]

Yep, userPayload is validated here

[balanza]

sorry didn't see that

[AleDore]

Can we merge this? @francescopersico @gunzip ?

[AleDore]

I' ve checked that on updateUser operation, we expect first_name and last_name in the userPayload, but I think that the only information we have about the user to update is email isn't it? cc: @gunzip @francescopersico

[gunzip]

I think updateUser should work in the same way as the other update methods (ie. UpdateService), retrieving the old user properties and merging the overridden values, what about it?

[AleDore]

I think updateUser should work in the same way as the other update methods (ie. UpdateService), retrieving the old user properties and merging the overridden values, what about it?

Nope because graph API expect a payload containing only the attributes to be updated (so other attributes are not overwritten if not present ), but the question is: Do we always have informations about first_name and last_name while performing UpdateUser operation ? I think that the only information we got in that case is the email associated with the B2C account, so first_name and last_name should be optional in the userPayload used for Update. What do you think?

[gunzip]

that's right, maybe you can use t.partial(User)for the decoder

[AleDore]

that's right, maybe you can use t.partial(User)for the decoder

Maybe we can define a payload for UpdateUser that has all possible attributes optional.

[gunzip]

why this mapping here? can't we just return the exact values ?
first_name -> first_name, last_name -> last_name

[AleDore]

UserCreated has first_name and last_name as required fields. Since userPayload has the same optional attributes, we can map over user attributes as a fallback option.

[balanza]

we can make it shorter like

first_name: userPayload.first_name || user.givenName

less cognitive load imho

[gunzip]

why do we need the fallback? moreover, it prevent the caller to check if the values are undefined

[AleDore]

why do we need the fallback? moreover, it prevent the caller to check if the values are undefined

Because if the caller doesn't provide first_name or last_name (namely it doesn't want to update first_name or last_name), we must provide the same attributes on UserCreated response because they are required. I think that B2C user always has this attributes ('cause createUser expects them in the request payload as required fields)

[gunzip]

fallback is not a good idea (it's an arbitrary mapping just to fill value to satisfy the decoder). if we must return these values then they must be retrieved from the original user record otherwise we should relax the constraints on these fields

[AleDore]

Ok let's create a UserUpdated instead of UserCreated definition that allows direct mapping from userPayload

[balanza]

we can make it shorter like

first_name: userPayload.first_name || user.givenName

less cognitive load imho

[balanza]

Instead of this manual cast, should we use a codec?

[balanza]

what about

Suggested change

	).chain(updateUserResponse =>
	UserCreated.decode({
	email,
	first_name: userPayload.first_name || user.givenName,
	id: updateUserResponse.objectId,
	last_name: userPayload.last_name || user.surname,
	token_name: userPayload.token_name
	}).fold(errs => fromLeft(toError(errs)), usr => taskEither.of(usr))
	).chain(updateUserResponse =>
	fromEither(UserCreated.decode({
	email,
	first_name: userPayload.first_name || user.givenName,
	id: updateUserResponse.objectId,
	last_name: userPayload.last_name || user.surname,
	token_name: userPayload.token_name
	})).mapLeft(toError)

[balanza]

If you accept that suggestion you'll need this, too

Suggested change

	import { fromLeft } from "fp-ts/lib/TaskEither";
	import { taskEither, TaskEither, tryCatch } from "fp-ts/lib/TaskEither";
	import { fromEither, taskEither, TaskEither, tryCatch } from "fp-ts/lib/TaskEither";

[AleDore]

My bad, you' re right 😄

[codecov-io]

Codecov Report

Merging #92 into master will decrease coverage by 0.97%.
The diff coverage is 69.64%.

@@            Coverage Diff             @@
##           master      #92      +/-   ##
==========================================
- Coverage   83.94%   82.96%   -0.98%     
==========================================
  Files          44       48       +4     
  Lines        1489     1603     +114     
  Branches      124      128       +4     
==========================================
+ Hits         1250     1330      +80     
- Misses        234      268      +34     
  Partials        5        5              

Impacted Files	Coverage Δ
utils/healthcheck.ts	41.02% <41.02%> (ø)
CreateUser/handler.ts	87.17% <75.00%> (+0.33%)	⬆️
utils/config.ts	75.00% <75.00%> (ø)
Info/handler.ts	83.33% <85.71%> (ø)
UpdateUser/handler.ts	89.13% <89.13%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 33442c2...c56eee6. Read the comment docs.

[balanza]

no need to import twice

Suggested change

	import { fromEither } from "fp-ts/lib/TaskEither";
	import { TaskEither, tryCatch } from "fp-ts/lib/TaskEither";
	import { fromEither, TaskEither, tryCatch } from "fp-ts/lib/TaskEither";

[AleDore]

It' s so strange that lint doesn't report a non grouped import 😄

[AleDore]

Can we merge this? @balanza @BurnedMarshal

[BurnedMarshal]

Could be this mockUsersUpdate?

[AleDore]

Fixed in 2948303

[BurnedMarshal]

Can we relate the behaviour of this test with the test conditions?
For example

Suggested change

	expect(response.kind).toEqual("IResponseErrorInternal");
	expect(mockUsersCreate).toBeCalledTimes(1);
	expect(response).toEqual({
	apply: expect.any(Function),
	detail: expectedError,
	kind: "IResponseErrorInternal"
	});

[AleDore]

Fixed in 2948303

[BurnedMarshal]

lgtm