authz: skip identities missing required fields

CERNDocumentServer · Oct 15, 2024 · 661154e · 661154e
1 parent 057e55e
commit 661154e
Show file tree

Hide file tree

Showing 5 changed files with 44 additions and 21 deletions.
diff --git a/invenio_cern_sync/authz/serializer.py b/invenio_cern_sync/authz/serializer.py
@@ -43,4 +43,8 @@ def serialize_cern_identity(cern_identity):
 def serialize_cern_identities(cern_identities):
     """Serialize CERN identities to Invenio users."""
     for cern_identity in cern_identities:
-        yield serialize_cern_identity(cern_identity)
+        try:
+            yield serialize_cern_identity(cern_identity)
+        except InvalidCERNIdentity as e:
+            current_app.logger.warning(str(e) + " Skipping this identity...")
+            continue
diff --git a/invenio_cern_sync/errors.py b/invenio_cern_sync/errors.py
@@ -13,7 +13,7 @@ class InvalidLdapUser(Exception):
 
     def __init__(self, key, employee_id):
         """Constructor."""
-        msg = f"Missing {key} field or invalid value for employeeID {employee_id}."
+        msg = f"Missing `{key}` field or invalid value for employeeID `{employee_id}`."
         super().__init__(msg)
 
 
@@ -22,7 +22,7 @@ class InvalidCERNIdentity(Exception):
 
     def __init__(self, key, personId):
         """Constructor."""
-        msg = f"Missing {key} field or invalid value for personId {personId}."
+        msg = f"Missing `{key}` field or invalid value for personId `{personId}`."
         super().__init__(msg)
 
 

diff --git a/invenio_cern_sync/ldap/serializer.py b/invenio_cern_sync/ldap/serializer.py
@@ -10,7 +10,7 @@
 from flask import current_app
 
 from ..errors import InvalidLdapUser
-from ..utils import first_or_default, first_or_raise
+from ..utils import first_or_raise
 
 
 def serialize_ldap_user(ldap_user, userprofile_mapper=None, extra_data_mapper=None):
@@ -48,4 +48,8 @@ def serialize_ldap_user(ldap_user, userprofile_mapper=None, extra_data_mapper=No
 def serialize_ldap_users(ldap_users):
     """Serialize LDAP users to Invenio users."""
     for ldap_user in ldap_users:
-        yield serialize_ldap_user(ldap_user)
+        try:
+            yield serialize_ldap_user(ldap_user)
+        except InvalidLdapUser as e:
+            current_app.logger.warning(str(e) + " Skipping this account...")
+            continue
diff --git a/tests/test_authz_serializer.py b/tests/test_authz_serializer.py
@@ -8,17 +8,30 @@
 """Invenio-CERN-sync CERN test serializer."""
 
 
+from copy import deepcopy
+from unittest.mock import MagicMock, patch
+
 import pytest
 
 from invenio_cern_sync.authz.serializer import serialize_cern_identities
 from invenio_cern_sync.errors import InvalidCERNIdentity
 
 
-def test_missing_person_id(app, cern_identities):
-    cern_identity = cern_identities[0]
-    del cern_identity["personId"]
-    with pytest.raises(InvalidCERNIdentity):
-        next(serialize_cern_identities([cern_identity]))
+@pytest.mark.parametrize("missing_field", ["personId", "primaryAccountEmail", "upn"])
+@patch("invenio_cern_sync.authz.serializer.current_app")
+def test_missing_required_fields(mock_app, app, cern_identities, missing_field):
+    """Test missing required fields."""
+    mock_logger = MagicMock()
+    mock_app.logger = mock_logger
+
+    cern_identity = deepcopy(cern_identities[0])
+    del cern_identity[missing_field]
+
+    person_id = "12340" if missing_field != "personId" else "unknown"
+    excp = InvalidCERNIdentity(missing_field, person_id)
+
+    list(serialize_cern_identities([cern_identity]))
+    mock_logger.warning.assert_any_call(f"{str(excp)} Skipping this identity...")
 
 
 def test_serialize(app, cern_identities):

diff --git a/tests/test_ldap_serializer.py b/tests/test_ldap_serializer.py
@@ -8,6 +8,7 @@
 """Tests users serializers."""
 
 from copy import deepcopy
+from unittest.mock import MagicMock, patch
 
 import pytest
 
@@ -79,25 +80,26 @@ def test_serialize_alternative_mappers(app, monkeypatch, ldap_users):
         "employeeID",
         "mail",
         "cn",
-        "uidNumber",
     ],
 )
-def test_serialize_invalid_ldap_users(app, missing_field):
+@patch("invenio_cern_sync.ldap.serializer.current_app")
+def test_serialize_invalid_ldap_users(mock_app, app, missing_field):
     """Test serialization of invalid LDAP user."""
+    mock_logger = MagicMock()
+    mock_app.logger = mock_logger
+
     required_fields = {
         "employeeID": [b"12340"],
         "mail": [b"[email protected]"],
         "cn": [b"jdoe0"],
-        "uidNumber": [b"222220"],
     }
-    employeeID = "12340" if missing_field != "employeeID" else "unknown"
-    error_msg = (
-        f"Missing {missing_field} field or invalid value for employeeID {employeeID}"
-    )
-    with pytest.raises(InvalidLdapUser, match=error_msg):
-        without_missing_field = deepcopy(required_fields)
-        del without_missing_field[missing_field]
-        next(serialize_ldap_users([without_missing_field]))
+    employee_id = "12340" if missing_field != "employeeID" else "unknown"
+    excp = InvalidLdapUser(missing_field, employee_id)
+
+    without_missing_field = deepcopy(required_fields)
+    del without_missing_field[missing_field]
+    list(serialize_ldap_users([without_missing_field]))
+    mock_logger.warning.assert_any_call(f"{str(excp)} Skipping this account...")
 
 
 def test_serialize_ldap_users_missing_optional_fields(app):