Merge pull request #308 from bcgov/feature/activationFix

Fix for activation codes
bcgov · Dec 1, 2023 · 29e88bd · 29e88bd
2 parents 7bfdea2 + 244f2fc
commit 29e88bd
Show file tree

Hide file tree

Showing 2 changed files with 29 additions and 0 deletions.
diff --git a/api/src/main/java/ca/bc/gov/educ/api/edx/service/v1/EdxUsersService.java b/api/src/main/java/ca/bc/gov/educ/api/edx/service/v1/EdxUsersService.java
@@ -388,6 +388,7 @@ public EdxUserEntity activateEdxUser(EdxActivateUser edxActivateUser) {
     } else {
       activationCodes = edxActivationCodeRepository.findEdxActivationCodeByActivationCodeInAndDistrictID(acCodes, edxActivateUser.getDistrictID());
     }
+    validateIncomingActivationCodeTypes(edxActivateUser, activationCodes);
     if (!CollectionUtils.isEmpty(activationCodes) && activationCodes.size() == 2) {
       EdxActivationCodeEntity userCodeEntity = validateExpiryAndSetEdxUserIdForPersonalActivationCode(edxActivateUser, activationCodes);
 
@@ -398,6 +399,16 @@ public EdxUserEntity activateEdxUser(EdxActivateUser edxActivateUser) {
     }
   }
 
+  private void validateIncomingActivationCodeTypes(EdxActivateUser user, List<EdxActivationCodeEntity> activationCodes){
+    for (val activationCode : activationCodes) {
+      if((activationCode.getIsPrimary() && !activationCode.getActivationCode().equalsIgnoreCase(user.getPrimaryEdxCode())) ||
+              (!activationCode.getIsPrimary() && !activationCode.getActivationCode().equalsIgnoreCase(user.getPersonalActivationCode()))){
+        ApiError error = ApiError.builder().timestamp(LocalDateTime.now()).message("Invalid code provided.").status(BAD_REQUEST).build();
+        throw new InvalidPayloadException(error);
+      }
+    }
+  }
+
   private EdxActivationCodeEntity validateExpiryAndSetEdxUserIdForPersonalActivationCode(EdxActivateUser edxActivateUser, List<EdxActivationCodeEntity> activationCodes) {
     EdxActivationCodeEntity userCodeEntity = null;
     for (val activationCode : activationCodes) {

diff --git a/api/src/test/java/ca/bc/gov/educ/api/edx/controller/EdxUsersControllerTest.java b/api/src/test/java/ca/bc/gov/educ/api/edx/controller/EdxUsersControllerTest.java
@@ -1100,7 +1100,25 @@ void testEdxActivateUsers_GivenValidInput_UserIsCreated_WithOkStatusResponse() t
       .andExpect(jsonPath("$.edxUserSchools.[0].edxUserSchoolRoles", hasSize(1)))
       .andExpect(jsonPath("$.edxUserSchools[0].edxUserSchoolRoles[0].edxUserSchoolRoleID", is(notNullValue())))
       .andDo(print()).andExpect(status().isCreated());
+  }
 
+  @Test
+  void testEdxActivateUsers_GivenValidInput_UserIsCreated_WithBadRequestResponse() throws Exception {
+    UUID validationCode = UUID.randomUUID();
+    UUID schoolID = UUID.randomUUID();
+    this.createActivationCodeTableDataForSchoolUser(this.edxActivationCodeRepository, this.edxPermissionRepository, this.edxRoleRepository, this.edxActivationRoleRepository, true,validationCode, 2, schoolID);
+    EdxActivateUser edxActivateUser = new EdxActivateUser();
+    edxActivateUser.setSchoolID(schoolID);
+    edxActivateUser.setPersonalActivationCode("ABCDE");
+    edxActivateUser.setPrimaryEdxCode("WXYZ");
+    edxActivateUser.setDigitalId(UUID.randomUUID().toString());
+    String activateUserJson = getJsonString(edxActivateUser);
+    val resultActions = this.mockMvc.perform(post(URL.BASE_URL_USERS + "/activation")
+            .contentType(MediaType.APPLICATION_JSON)
+            .content(activateUserJson)
+            .accept(MediaType.APPLICATION_JSON)
+            .with(jwt().jwt((jwt) -> jwt.claim("scope", "ACTIVATE_EDX_USER"))));
+    resultActions.andDo(print()).andExpect(status().isBadRequest());
   }
 
   @Test