ucb_rails_user 4.1.0 → 4.1.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 69d322a97e81f8ca73eeaf2ed27dda97091f9cb60adca63840880c40098cc835
-  data.tar.gz: 9ee6320543f525fe409fe221ab4462c118be3cd72ed08b248661057eae882767
+  metadata.gz: a2d32568b7c7c44c29b420b560c94db14a5cef2150e40e69b535cc9fad3b6714
+  data.tar.gz: 7325bbb7ee1f6cd3ea3a04c7f38411d5e75551c31022260ba454d22769c60d2d
 SHA512:
-  metadata.gz: b4ee1dc80e260cedd5e5cfbcb7c7de1cb493a158225926ab586bd8dbfa33ac86ca9f1dbfc213da91b11128fa59a15663a68aedca5a4aa8a118f748484afd99db
-  data.tar.gz: 54a0492f88ea47ca8a6d09a72408e046bf945618a8ad2967fdf675ed52ff89ab49f4a884dcc91805785f30eb533ddc3d257beabe8eacb8c40c243d2ba89f4c54
+  metadata.gz: efb9dd7b036a5de8251cab4068172cea5fdcce1db57be780d0e70111d90b634dc591a09fadc8b81206a6005f6d2b4a59cc63b31d729716abfc3a396492567b82
+  data.tar.gz: 7f0beaa12b968857a56c1c6a8966c51a77447f975c88494c5e6c4022d5ad712b7be085c91c6a0ab267d3d454de9cfd38b5f979c61becc2c3812d2853dfb224d7

data/app/models/ucb_rails_user/ldap_person/entry.rb

@@ -14,6 +14,7 @@ module UcbRailsUser::LdapPerson
     attribute :first_name
     attribute :last_name
     attribute :email
+    attribute :alternate_email
     attribute :phone
     attribute :departments
     attribute :affiliations
@@ -40,19 +41,23 @@ module UcbRailsUser::LdapPerson
     class << self
 
       def new_from_ldap_entry(ldap_entry)
+        # the to_s calls are because the underlying LDAP library sometimes returns strings as instances
+        # of Net::BER::BerIdentifiedString rather than String, and the Oracle DB library doesn't play
+        # nicely with those (postgres and sqlite work fine)
         new(
-          :uid => ldap_entry.uid,
-          :calnet_id => ldap_entry.berkeleyedukerberosprincipalstring.first,
-          :employee_id => ldap_entry.attributes[:berkeleyeduucpathid]&.first,
-          :student_id => ldap_entry.berkeleyedustuid,
-          :first_name => ldap_entry.givenname.first,
-          :last_name => ldap_entry.sn.first,
-          :email => ldap_entry.mail.first,
-          :phone => ldap_entry.phone,
-          :departments => ldap_entry.berkeleyeduunithrdeptname,
-          :affiliations => ldap_entry.berkeleyeduaffiliations,
-          :affiliate_id => ldap_entry.berkeleyeduaffid.first,
-          :inactive => ldap_entry.expired? || false
+          uid: ldap_entry.uid&.to_s,
+          calnet_id: ldap_entry.berkeleyedukerberosprincipalstring.first&.to_s,
+          employee_id: ldap_entry.attributes[:berkeleyeduucpathid]&.first&.to_s,
+          student_id: ldap_entry.berkeleyedustuid&.to_s,
+          first_name: ldap_entry.givenname.first&.to_s,
+          last_name: ldap_entry.sn.first&.to_s,
+          email: ldap_entry.mail.first&.to_s,
+          alternate_email: ldap_entry.attributes[:berkeleyeduofficialemail]&.first&.to_s,
+          phone: ldap_entry.phone&.to_s,
+          departments: ldap_entry.berkeleyeduunithrdeptname&.to_s,
+          affiliations: ldap_entry.berkeleyeduaffiliations&.map(&:to_s),
+          affiliate_id: ldap_entry.berkeleyeduaffid.first&.to_s,
+          inactive: ldap_entry.expired? || false
         )
       end
 

data/app/models/ucb_rails_user/user_session_manager/in_people_ou_add_to_users_table.rb

@@ -8,6 +8,9 @@ module UcbRailsUser
 
         if people_ou_entry.present?
           UcbRailsUser::UserLdapService.create_or_update_user_from_entry(people_ou_entry).tap do |user|
+            if missing_or_invalid_email?(user)
+              user.update(email: people_ou_entry.alternate_email) if people_ou_entry.alternate_email.present?
+            end
             user.touch(:last_login_at)
           end
         else
@@ -15,6 +18,12 @@ module UcbRailsUser
         end
       end
 
+      private
+
+      def missing_or_invalid_email?(user)
+        user&.email.blank? || (user.email =~ URI::MailTo::EMAIL_REGEXP).nil?
+      end
+
     end
 
   end

data/app/models/ucb_rails_user/user_uc_path_service.rb

@@ -4,20 +4,38 @@ class UcbRailsUser::UserUcPathService
 
   class << self
 
+    def create_or_update_user_from_employee_id(employee_id)
+      ucpath_entry = ucpath_client.fetch_employee_data_with_employee_id(employee_id)
+      return nil unless ucpath_entry.present?
+      user = User.find_or_initialize_by(employee_id: employee_id)
+      update_user_record_from_ucpath_entry!(user, ucpath_entry)
+    end
+
     def create_or_update_user_from_ldap_uid(ldap_uid)
-      ucpath_entry = ucpath_client.fetch_employee_data(ldap_uid)
+      ucpath_entry = ucpath_client.fetch_employee_data_with_ldap_uid(ldap_uid)
       return nil unless ucpath_entry.present?
+      user = User.find_or_initialize_by(ldap_uid: ldap_uid)
+      update_user_record_from_ucpath_entry!(user, ucpath_entry)
+    end
 
-      User.find_or_initialize_by(ldap_uid: ldap_uid).tap do |user|
+    def ucpath_client
+      UcPathClient.new
+    end
+
+    def update_user_record_from_ucpath_entry!(user, ucpath_entry)
+      user.tap do |u|
         name_entry = parse_name(ucpath_entry)
-        user.first_name = name_entry["givenName"]
-        user.last_name = name_entry["familyName"]
-        user.employee_id = ucpath_entry["identifiers"]&.detect do |id|
+        u.first_name = name_entry["givenName"]
+        u.last_name = name_entry["familyName"]
+        u.employee_id ||= ucpath_entry["identifiers"]&.detect do |id|
           id["type"] == "hr-employee-id"
         end&.fetch("id")
-        user.email = parse_email(ucpath_entry)
-        user.inactive_flag = false # any way to pull this from the API?
-        user.save!
+        u.ldap_uid ||= ucpath_entry["identifiers"]&.detect do |id|
+          id["type"] == "campus-uid"
+        end&.fetch("id")
+        u.email = parse_email(ucpath_entry)
+        u.inactive_flag = false # any way to pull this from the API?
+        u.save!
       end
     end
 
@@ -42,32 +60,38 @@ class UcbRailsUser::UserUcPathService
       email_entry&.fetch("emailAddress")
     end
 
-    def ucpath_client
-      UcPathClient.new
-    end
-
   end
 
   class UcPathClient
     attr_reader :app_id, :app_key, :endpoint
 
     def initialize
-      credentials =
-        Rails.application.credentials.ucpath || Rails.application.credentials.hcm
-      @app_id  = credentials&.fetch(:app_id)
-      @app_key = credentials&.fetch(:app_key)
-      @endpoint = credentials&.fetch(:endpoint)
+      base_credentials =
+        Rails.application.credentials.ucpath&.with_indifferent_access ||
+        Rails.application.credentials.hcm&.with_indifferent_access ||
+        Rails.application.credentials.fetch(:"ucb-hcm", {})&.with_indifferent_access
+      env_credentials = base_credentials&.fetch(Rails.env, {})
+      @app_id  = env_credentials&.fetch(:app_id, nil) || base_credentials&.fetch(:app_id, nil)
+      @app_key = env_credentials&.fetch(:app_key, nil) || base_credentials&.fetch(:app_key, nil)
+      @endpoint = env_credentials&.fetch(:endpoint, nil) || base_credentials&.fetch(:endpoint, nil)
     end
 
-    def fetch_employee_data(ldap_uid)
+    def fetch_employee_data_with_ldap_uid(ldap_uid)
+      fetch_employee_data(ldap_uid, "campus-uid")
+    end
+
+    def fetch_employee_data_with_employee_id(employee_id)
+      fetch_employee_data(employee_id, "hr-employee-id")
+    end
+
+    def fetch_employee_data(id, id_type)
       if [app_id, app_key, endpoint].any?(&:blank?)
         Rails.logger.warn missing_api_values_message
         return nil
       end
-
       response =
-        Faraday.get("#{endpoint}/employees/#{ldap_uid}") do |req|
-          req.params["id-type"] = "campus-uid"
+        Faraday.get("#{endpoint}/employees/#{id}") do |req|
+          req.params["id-type"] = id_type
           req.headers["Accept"] = "application/json"
           req.headers["app_id"] = app_id
           req.headers["app_key"] = app_key

data/lib/ucb_rails_user/version.rb

@@ -1,3 +1,3 @@
 module UcbRailsUser
-  VERSION = '4.1.0'
+  VERSION = '4.1.2'
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: ucb_rails_user
 version: !ruby/object:Gem::Version
-  version: 4.1.0
+  version: 4.1.2
 platform: ruby
 authors:
 - Steve Downey
@@ -11,7 +11,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-05-20 00:00:00.000000000 Z
+date: 2022-10-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -107,16 +107,22 @@ dependencies:
   name: omniauth
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.8'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "~>"
+    - - ">="
       - !ruby/object:Gem::Version
         version: '1.8'
+    - - "<"
+      - !ruby/object:Gem::Version
+        version: '3.0'
 - !ruby/object:Gem::Dependency
   name: omniauth-cas
   requirement: !ruby/object:Gem::Requirement
@@ -386,7 +392,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.3.7
 signing_key:
 specification_version: 4
 summary: Rails engine for UCB user accounts