bugfix(n2n): make identityprovider-owner mandatory (#261)

make idp owner mandatory
adjust seeding data and idp owner data-migration.
add company_identity_provider constraint for own and shared idps

---------

Refs: CPLP-3152
Co-authored-by: Phil Schneider <info@philschneider.de>
Reviewed-by: Phil Schneider <info@philschneider.de>

src/administration/Administration.Service/BusinessLogic/IdentityProviderBusinessLogic.cs

@@ -135,13 +135,7 @@ private async ValueTask<IdentityProviderDetails> CreateOwnCompanyIdentityProvide
         }
 
         var alias = await _provisioningManager.CreateOwnIdpAsync(displayName ?? result.CompanyName, result.CompanyName, protocol).ConfigureAwait(false);
-        var identityProviderId = identityProviderRepository.CreateIdentityProvider(identityProviderCategory, typeId, idp =>
-        {
-            if (typeId == IdentityProviderTypeId.MANAGED)
-            {
-                idp.OwnerId = companyId;
-            }
-        }).Id;
+        var identityProviderId = identityProviderRepository.CreateIdentityProvider(identityProviderCategory, typeId, companyId, null).Id;
         if (typeId == IdentityProviderTypeId.OWN)
         {
             identityProviderRepository.CreateCompanyIdentityProvider(companyId, identityProviderId);
@@ -219,10 +213,10 @@ public async ValueTask<IdentityProviderDetails> SetOwnCompanyIdentityProviderSta
         {
             throw new NotFoundException($"identityProvider {identityProviderId} does not exist");
         }
-        var (isOwnOrOwner, alias, identityProviderCategory, identityProviderTypeId, companyIdAliase) = result;
-        if (!isOwnOrOwner)
+        var (isOwner, alias, identityProviderCategory, identityProviderTypeId, companyIdAliase) = result;
+        if (!isOwner)
         {
-            throw new ConflictException($"identityProvider {identityProviderId} is not associated with company {companyId}");
+            throw new ForbiddenException($"company {companyId} is not the owner of identityProvider {identityProviderId}");
         }
         if (alias == null)
         {
@@ -268,8 +262,8 @@ public async ValueTask<IdentityProviderDetails> UpdateOwnCompanyIdentityProvider
         {
             throw new NotFoundException($"identityProvider {identityProviderId} does not exist");
         }
-        var (isOwnOrOwner, alias, identityProviderCategory, identityProviderTypeId, _) = result;
-        if (!isOwnOrOwner)
+        var (isOwner, alias, identityProviderCategory, identityProviderTypeId, _) = result;
+        if (!isOwner)
         {
             throw new ForbiddenException($"User not allowed to run the change for identity provider {identityProviderId}");
         }
@@ -357,7 +351,7 @@ public async ValueTask DeleteCompanyIdentityProviderAsync(Guid identityProviderI
             }
             await _provisioningManager.DeleteCentralIdentityProviderAsync(alias).ConfigureAwait(false);
         }
-        _portalRepositories.Remove(_portalRepositories.Attach(new IdentityProvider(identityProviderId, default, default, default)));
+        _portalRepositories.Remove(_portalRepositories.Attach(new IdentityProvider(identityProviderId, default, default, default, default)));
 
         await _portalRepositories.SaveAsync().ConfigureAwait(false);
     }
@@ -369,10 +363,10 @@ public async ValueTask DeleteCompanyIdentityProviderAsync(Guid identityProviderI
         {
             throw new NotFoundException($"identityProvider {identityProviderId} does not exist");
         }
-        var (isOwnOrOwner, alias, _, typeId, aliase) = result;
-        if (!isOwnOrOwner)
+        var (isOwner, alias, _, typeId, aliase) = result;
+        if (!isOwner)
         {
-            throw new ConflictException($"identityProvider {identityProviderId} is not associated with company {companyId}");
+            throw new ForbiddenException($"company {companyId} is not the owner of identityProvider {identityProviderId}");
         }
 
         if (typeId == IdentityProviderTypeId.MANAGED)

src/administration/Administration.Service/BusinessLogic/InvitationBusinessLogic.cs

@@ -83,7 +83,7 @@ private async Task ExecuteInvitationInternalAsync(CompanyInvitationData invitati
         var company = _portalRepositories.GetInstance<ICompanyRepository>().CreateCompany(invitationData.organisationName);
 
         var identityProviderRepository = _portalRepositories.GetInstance<IIdentityProviderRepository>();
-        var identityProvider = identityProviderRepository.CreateIdentityProvider(IdentityProviderCategoryId.KEYCLOAK_OIDC, IdentityProviderTypeId.SHARED, null);
+        var identityProvider = identityProviderRepository.CreateIdentityProvider(IdentityProviderCategoryId.KEYCLOAK_OIDC, IdentityProviderTypeId.SHARED, company.Id, null);
         identityProvider.Companies.Add(company);
         identityProviderRepository.CreateIamIdentityProvider(identityProvider.Id, idpName);
 

src/portalbackend/PortalBackend.DBAccess/Repositories/IIdentityProviderRepository.cs

@@ -28,13 +28,13 @@ namespace Org.Eclipse.TractusX.Portal.Backend.PortalBackend.DBAccess.Repositorie
 /// </summary>
 public interface IIdentityProviderRepository
 {
-    IdentityProvider CreateIdentityProvider(IdentityProviderCategoryId identityProviderCategory, IdentityProviderTypeId identityProviderTypeId, Action<IdentityProvider>? setOptionalFields);
+    IdentityProvider CreateIdentityProvider(IdentityProviderCategoryId identityProviderCategory, IdentityProviderTypeId identityProviderTypeId, Guid owner, Action<IdentityProvider>? setOptionalFields);
     IamIdentityProvider CreateIamIdentityProvider(Guid identityProviderId, string idpAlias);
     CompanyIdentityProvider CreateCompanyIdentityProvider(Guid companyId, Guid identityProviderId);
     Task<string?> GetSharedIdentityProviderIamAliasDataUntrackedAsync(Guid companyId);
     Task<IdpUser?> GetIdpCategoryIdByUserIdAsync(Guid companyUserId, Guid userCompanyId);
     Task<(string? Alias, IdentityProviderCategoryId IamIdentityProviderCategory, bool IsOwnOrOwnerCompany, IdentityProviderTypeId TypeId)> GetOwnCompanyIdentityProviderAliasUntrackedAsync(Guid identityProviderId, Guid companyId);
-    Task<(bool IsOwnOrOwner, string? Alias, IdentityProviderCategoryId IdentityProviderCategory, IdentityProviderTypeId IdentityProviderTypeId, IEnumerable<(Guid CompanyId, IEnumerable<string> Aliase)>? CompanyIdAliase)> GetOwnCompanyIdentityProviderUpdateDataUntrackedAsync(Guid identityProviderId, Guid companyId, bool queryAliase);
+    Task<(bool IsOwner, string? Alias, IdentityProviderCategoryId IdentityProviderCategory, IdentityProviderTypeId IdentityProviderTypeId, IEnumerable<(Guid CompanyId, IEnumerable<string> Aliase)>? CompanyIdAliase)> GetOwnCompanyIdentityProviderUpdateDataUntrackedAsync(Guid identityProviderId, Guid companyId, bool queryAliase);
     IAsyncEnumerable<(Guid IdentityProviderId, IdentityProviderCategoryId CategoryId, string Alias, IdentityProviderTypeId TypeId)> GetCompanyIdentityProviderCategoryDataUntracked(Guid companyId);
     IAsyncEnumerable<(Guid IdentityProviderId, string Alias)> GetOwnCompanyIdentityProviderAliasDataUntracked(Guid companyId, IEnumerable<Guid> identityProviderIds);
     Task<(string? UserEntityId, string? Alias, bool IsSameCompany)> GetIamUserIsOwnCompanyIdentityProviderAliasAsync(Guid companyUserId, Guid identityProviderId, Guid companyId);

src/portalbackend/PortalBackend.DBAccess/Repositories/IdentityProviderRepository.cs

@@ -41,12 +41,13 @@ public IdentityProviderRepository(PortalDbContext portalDbContext)
     }
 
     /// <inheritdoc/>
-    public IdentityProvider CreateIdentityProvider(IdentityProviderCategoryId identityProviderCategory, IdentityProviderTypeId identityProviderTypeId, Action<IdentityProvider>? setOptionalFields)
+    public IdentityProvider CreateIdentityProvider(IdentityProviderCategoryId identityProviderCategory, IdentityProviderTypeId identityProviderTypeId, Guid owner, Action<IdentityProvider>? setOptionalFields)
     {
         var idp = new IdentityProvider(
             Guid.NewGuid(),
             identityProviderCategory,
             identityProviderTypeId,
+            owner,
             DateTimeOffset.UtcNow);
         setOptionalFields?.Invoke(idp);
         return _context.IdentityProviders
@@ -100,12 +101,12 @@ public IamIdentityProvider CreateIamIdentityProvider(Guid identityProviderId, st
                     identityProvider.IdentityProviderTypeId))
             .SingleOrDefaultAsync();
 
-    public Task<(bool IsOwnOrOwner, string? Alias, IdentityProviderCategoryId IdentityProviderCategory, IdentityProviderTypeId IdentityProviderTypeId, IEnumerable<(Guid CompanyId, IEnumerable<string> Aliase)>? CompanyIdAliase)> GetOwnCompanyIdentityProviderUpdateDataUntrackedAsync(Guid identityProviderId, Guid companyId, bool queryAliase) =>
+    public Task<(bool IsOwner, string? Alias, IdentityProviderCategoryId IdentityProviderCategory, IdentityProviderTypeId IdentityProviderTypeId, IEnumerable<(Guid CompanyId, IEnumerable<string> Aliase)>? CompanyIdAliase)> GetOwnCompanyIdentityProviderUpdateDataUntrackedAsync(Guid identityProviderId, Guid companyId, bool queryAliase) =>
         _context.IdentityProviders
             .Where(identityProvider => identityProvider.Id == identityProviderId)
             .Select(identityProvider =>
                 new ValueTuple<bool, string?, IdentityProviderCategoryId, IdentityProviderTypeId, IEnumerable<(Guid, IEnumerable<string>)>?>(
-                    identityProvider.Owner == null && identityProvider.Companies.Any(c => c.Id == companyId) && identityProvider.Companies.Count == 1 || identityProvider.OwnerId == companyId,
+                    identityProvider.OwnerId == companyId,
                     identityProvider.IamIdentityProvider!.IamIdpAlias,
                     identityProvider.IdentityProviderCategoryId,
                     identityProvider.IdentityProviderTypeId,
@@ -118,7 +119,7 @@ public IamIdentityProvider CreateIamIdentityProvider(Guid identityProviderId, st
     public IAsyncEnumerable<(Guid IdentityProviderId, IdentityProviderCategoryId CategoryId, string Alias, IdentityProviderTypeId TypeId)> GetCompanyIdentityProviderCategoryDataUntracked(Guid companyId) =>
         _context.IdentityProviders
             .AsNoTracking()
-            .Where(identityProvider => identityProvider.OwnerId == companyId || identityProvider.Companies.Any(company => company.Id == companyId) && identityProvider.OwnerId == null)
+            .Where(identityProvider => identityProvider.OwnerId == companyId || identityProvider.Companies.Any(company => company.Id == companyId))
             .Select(identityProvider => new ValueTuple<Guid, IdentityProviderCategoryId, string, IdentityProviderTypeId>(
                 identityProvider.Id,
                 identityProvider.IdentityProviderCategoryId,