chore: Migrate authentication to new tables (#1929)

This work provides a foundation for a more pluggable authentication system such as the one outlined in #1317. closes #1317
2021-03-09 12:22:08 -08:00
parent ab7b16bbb9
commit ed2a42ac27
35 changed files with 1280 additions and 297 deletions
--- a/server/scripts/20210226232041-migrate-authentication.js
+++ b/server/scripts/20210226232041-migrate-authentication.js
@ -0,0 +1,102 @@
+// @flow
+import "./bootstrap";
+import debug from "debug";
+import {
+  Team,
+  User,
+  AuthenticationProvider,
+  UserAuthentication,
+} from "../models";
+import { Op } from "../sequelize";
+
+const log = debug("server");
+const cache = {};
+let page = 0;
+let limit = 100;
+
+export default async function main(exit = false) {
+  const work = async (page: number) => {
+    log(`Migrating authentication data… page ${page}`);
+
+    const users = await User.findAll({
+      limit,
+      offset: page * limit,
+      paranoid: false,
+      order: [["createdAt", "ASC"]],
+      where: {
+        serviceId: {
+          [Op.ne]: "email",
+        },
+      },
+      include: [
+        {
+          model: Team,
+          as: "team",
+          required: true,
+          paranoid: false,
+        },
+      ],
+    });
+
+    for (const user of users) {
+      const provider = user.service;
+      const providerId = user.team[`${provider}Id`];
+      if (!providerId) {
+        console.error(
+          `user ${user.id} has serviceId ${user.serviceId}, but team ${provider}Id missing`
+        );
+        continue;
+      }
+      if (providerId.startsWith("transferred")) {
+        console.log(
+          `skipping previously transferred ${user.team.name} (${user.team.id})`
+        );
+        continue;
+      }
+
+      let authenticationProviderId = cache[providerId];
+      if (!authenticationProviderId) {
+        const [
+          authenticationProvider,
+        ] = await AuthenticationProvider.findOrCreate({
+          where: {
+            name: provider,
+            providerId,
+            teamId: user.teamId,
+          },
+        });
+
+        cache[providerId] = authenticationProviderId =
+          authenticationProvider.id;
+      }
+
+      try {
+        await UserAuthentication.create({
+          authenticationProviderId,
+          providerId: user.serviceId,
+          teamId: user.teamId,
+          userId: user.id,
+        });
+      } catch (err) {
+        console.error(
+          `serviceId ${user.serviceId} exists, for user ${user.id}`
+        );
+        continue;
+      }
+    }
+
+    return users.length === limit ? work(page + 1) : undefined;
+  };
+
+  await work(page);
+
+  if (exit) {
+    log("Migration complete");
+    process.exit(0);
+  }
+}
+
+// In the test suite we import the script rather than run via node CLI
+if (process.env.NODE_ENV !== "test") {
+  main(true);
+}
--- a/server/scripts/20210226232041-migrate-authentication.test.js
+++ b/server/scripts/20210226232041-migrate-authentication.test.js
@ -0,0 +1,152 @@
+// @flow
+import {
+  User,
+  Team,
+  UserAuthentication,
+  AuthenticationProvider,
+} from "../models";
+import { flushdb } from "../test/support";
+import script from "./20210226232041-migrate-authentication";
+
+beforeEach(() => flushdb());
+
+describe("#work", () => {
+  it("should create authentication record for users", async () => {
+    const team = await Team.create({
+      name: `Test`,
+      slackId: "T123",
+    });
+    const user = await User.create({
+      email: `test@example.com`,
+      name: `Test`,
+      serviceId: "U123",
+      teamId: team.id,
+    });
+
+    await script();
+
+    const authProvider = await AuthenticationProvider.findOne({
+      where: {
+        providerId: "T123",
+      },
+    });
+
+    const auth = await UserAuthentication.findOne({
+      where: {
+        providerId: "U123",
+      },
+    });
+    expect(authProvider.name).toEqual("slack");
+    expect(auth.userId).toEqual(user.id);
+  });
+
+  it("should create authentication record for deleted users", async () => {
+    const team = await Team.create({
+      name: `Test`,
+      googleId: "domain.com",
+    });
+    const user = await User.create({
+      email: `test1@example.com`,
+      name: `Test`,
+      service: "google",
+      serviceId: "123456789",
+      teamId: team.id,
+      deletedAt: new Date(),
+    });
+
+    await script();
+
+    const authProvider = await AuthenticationProvider.findOne({
+      where: {
+        providerId: "domain.com",
+      },
+    });
+
+    const auth = await UserAuthentication.findOne({
+      where: {
+        providerId: "123456789",
+      },
+    });
+    expect(authProvider.name).toEqual("google");
+    expect(auth.userId).toEqual(user.id);
+  });
+
+  it("should create authentication record for suspended users", async () => {
+    const team = await Team.create({
+      name: `Test`,
+      googleId: "example.com",
+    });
+    const user = await User.create({
+      email: `test1@example.com`,
+      name: `Test`,
+      service: "google",
+      serviceId: "123456789",
+      teamId: team.id,
+      suspendedAt: new Date(),
+    });
+
+    await script();
+
+    const authProvider = await AuthenticationProvider.findOne({
+      where: {
+        providerId: "example.com",
+      },
+    });
+
+    const auth = await UserAuthentication.findOne({
+      where: {
+        providerId: "123456789",
+      },
+    });
+    expect(authProvider.name).toEqual("google");
+    expect(auth.userId).toEqual(user.id);
+  });
+
+  it("should create correct authentication record when team has both slackId and googleId", async () => {
+    const team = await Team.create({
+      name: `Test`,
+      slackId: "T456",
+      googleId: "example.com",
+    });
+    const user = await User.create({
+      email: `test1@example.com`,
+      name: `Test`,
+      service: "slack",
+      serviceId: "U456",
+      teamId: team.id,
+    });
+
+    await script();
+
+    const authProvider = await AuthenticationProvider.findOne({
+      where: {
+        providerId: "T456",
+      },
+    });
+
+    const auth = await UserAuthentication.findOne({
+      where: {
+        providerId: "U456",
+      },
+    });
+    expect(authProvider.name).toEqual("slack");
+    expect(auth.userId).toEqual(user.id);
+  });
+
+  it("should skip invited users", async () => {
+    const team = await Team.create({
+      name: `Test`,
+      slackId: "T789",
+    });
+    await User.create({
+      email: `test2@example.com`,
+      name: `Test`,
+      teamId: team.id,
+    });
+
+    await script();
+
+    const count = await UserAuthentication.count();
+    expect(count).toEqual(0);
+  });
+});
--- a/server/scripts/bootstrap.js
+++ b/server/scripts/bootstrap.js
@ -0,0 +1,6 @@
+// @flow
+if (process.env.NODE_ENV !== "test") {
+  require("dotenv").config({ silent: true });
+}
+
+process.env.SINGLE_RUN = true;