feat: specialize ELI User Authorization (#1331)

Co-authored-by: Gergely Nyiri <gergely.nyiri@eli-alps.hu>

Author: gnyiri

apps/backend/src/auth/ELIUserAuthorization.ts

@@ -0,0 +1,11 @@
+import { ValidUserInfo } from '@user-office-software/openid/lib/model/ValidUserInfo';
+import { injectable } from 'tsyringe';
+
+import { OAuthAuthorization } from './OAuthAuthorization';
+
+@injectable()
+export class ELIUserAuthorization extends OAuthAuthorization {
+  protected getUniqueId(user: ValidUserInfo) {
+    return user.unique_id as string;
+  }
+}

apps/backend/src/auth/OAuthAuthorization.ts

@@ -1,5 +1,5 @@
-import 'reflect-metadata';
 import { env } from 'process';
+import 'reflect-metadata';
 
 import { logger } from '@user-office-software/duo-logger';
 import { OpenIdClient } from '@user-office-software/openid';
@@ -128,9 +128,9 @@ export class OAuthAuthorization extends UserAuthorization {
   ): Promise<User> {
     const client = await OpenIdClient.getInstance();
     const institution = await this.getOrCreateUserInstitution(userInfo);
-    const userWithOAuthSubMatch = await this.userDataSource.getByOIDCSub(
-      userInfo.sub
-    );
+    const userId = this.getUniqueId(userInfo);
+    const userWithOAuthSubMatch =
+      await this.userDataSource.getByOIDCSub(userId);
 
     const userWithEmailMatch = await this.userDataSource.getByEmail(
       userInfo.email
@@ -146,7 +146,7 @@ export class OAuthAuthorization extends UserAuthorization {
         lastname: userInfo.family_name,
         oauthIssuer: client.issuer.metadata.issuer,
         oauthRefreshToken: tokenSet.refresh_token ?? '',
-        oidcSub: userInfo.sub,
+        oidcSub: userId,
         institutionId: institution?.id ?? user.institutionId,
         preferredname: userInfo.preferred_username,
         user_title: userInfo.title as string,
@@ -159,7 +159,7 @@ export class OAuthAuthorization extends UserAuthorization {
         userInfo.given_name,
         userInfo.family_name,
         userInfo.preferred_username ?? '',
-        userInfo.sub,
+        userId,
         tokenSet.refresh_token ?? '',
         client.issuer.metadata.issuer,
         institution?.id ?? 1,

apps/backend/src/auth/UserAuthorization.ts

@@ -1,4 +1,6 @@
 import 'reflect-metadata';
+
+import { ValidUserInfo } from '@user-office-software/openid/lib/model/ValidUserInfo';
 import { container } from 'tsyringe';
 
 import { Tokens } from '../config/Tokens';
@@ -33,6 +35,10 @@ export abstract class UserAuthorization {
     Tokens.AdminDataSource
   );
 
+  protected getUniqueId(user: ValidUserInfo) {
+    return user.sub;
+  }
+
   isUserOfficer(agent: UserWithRole | null) {
     return agent?.currentRole?.shortCode === Roles.USER_OFFICER;
   }

apps/backend/src/config/dependencyConfigELI.ts

@@ -1,7 +1,7 @@
 import 'reflect-metadata';
 
 import { DataAccessUsersAuthorization } from '../auth/DataAccessUsersAuthorization';
-import { OAuthAuthorization } from '../auth/OAuthAuthorization';
+import { ELIUserAuthorization } from '../auth/ELIUserAuthorization';
 import { ProposalAuthorization } from '../auth/ProposalAuthorization';
 import { VisitAuthorization } from '../auth/VisitAuthorization';
 import { VisitRegistrationAuthorization } from '../auth/VisitRegistrationAuthorization';
@@ -117,7 +117,7 @@ mapClass(Tokens.StatusDataSource, PostgresStatusDataSource);
 mapClass(Tokens.TagDataSource, PostgresTagDataSource);
 
 mapClass(Tokens.ExperimentDataSource, PostgresExperimentDataSource);
-mapClass(Tokens.UserAuthorization, OAuthAuthorization);
+mapClass(Tokens.UserAuthorization, ELIUserAuthorization);
 mapClass(Tokens.ProposalAuthorization, ProposalAuthorization);
 mapClass(Tokens.DataAccessUsersAuthorization, DataAccessUsersAuthorization);