indigo-iam · Sae126V · Mar 9, 2026 · Mar 9, 2026
diff --git a/iam-login-service/src/main/java/it/infn/mw/iam/config/TaskConfig.java b/iam-login-service/src/main/java/it/infn/mw/iam/config/TaskConfig.java
@@ -41,6 +41,7 @@
 import it.infn.mw.iam.notification.NotificationDeliveryTask;
 import it.infn.mw.iam.notification.service.NotificationStoreService;
 import it.infn.mw.iam.persistence.repository.client.IamClientRepository;
+import it.infn.mw.iam.core.web.group.GroupRequestReminderTask;
 
 @Configuration
 @EnableScheduling
@@ -66,6 +67,7 @@ public class TaskConfig implements SchedulingConfigurer {
   private IamClientRepository clientRepo;
   private ClientService clientService;
   private GarbageCollector garbageCollector;
+  private GroupRequestReminderTask groupRequestReminderTask;
 
   @Value("${notification.disable}")
   boolean notificationDisabled;
@@ -77,7 +79,8 @@ public TaskConfig(NotificationStoreService notificationStoreService,
       NotificationDeliveryTask deliveryTask, LifecycleProperties lifecycleProperties,
       ExpiredAccountsHandler expiredAccountsHandler, AupReminderTask aupReminderTask,
       ExecutorService taskScheduler, IamClientRepository clientRepo, ClientService clientService,
-      GarbageCollector garbageCollector) {
+      GarbageCollector garbageCollector, GroupRequestReminderTask groupRequestReminderTask
+    ) {
 
     this.notificationStoreService = notificationStoreService;
     this.deliveryTask = deliveryTask;
@@ -88,6 +91,8 @@ public TaskConfig(NotificationStoreService notificationStoreService,
     this.clientRepo = clientRepo;
     this.clientService = clientService;
     this.garbageCollector = garbageCollector;
+    this.groupRequestReminderTask = groupRequestReminderTask;
+
   }
 
   @Scheduled(fixedRateString = "${task.wellKnownCacheCleanupPeriodSecs:300}",
@@ -132,6 +137,13 @@ public void scheduledAupRemindersTask() {
     aupReminderTask.sendAupReminders();
   }
 
+  @Scheduled(fixedRateString = "${task.groupRequestReminderPeriodSecs:86400}",
+      timeUnit = TimeUnit.SECONDS, initialDelay = TEN_MINUTES_MSEC)
+  public void scheduledGroupRequestRemindersTask() {
+
+    groupRequestReminderTask.sendReminders();
+  }
+
   @Scheduled(fixedDelay = ONE_DAY_MSEC, initialDelay = TEN_MINUTES_MSEC)
   public void disableExpiredClients() {
     List<ClientDetailsEntity> clients = clientRepo.findActiveClientsExpiredBefore(new Date());

diff --git a/iam-login-service/src/main/java/it/infn/mw/iam/core/web/group/GroupRequestReminderTask.java b/iam-login-service/src/main/java/it/infn/mw/iam/core/web/group/GroupRequestReminderTask.java
@@ -0,0 +1,150 @@
+/**
+ * Copyright (c) Istituto Nazionale di Fisica Nucleare (INFN). 2016-2021
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package it.infn.mw.iam.core.web.group;
+
+import java.time.LocalDate;
+import java.time.ZoneId;
+import java.util.ArrayList;
+import java.util.Date;
+import java.util.List;
+import java.util.Map;
+import java.util.stream.Collectors;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+
+import it.infn.mw.iam.core.IamGroupRequestStatus;
+import it.infn.mw.iam.core.oidc.EntityConfigurationBuilder;
+import it.infn.mw.iam.notification.NotificationFactory;
+import it.infn.mw.iam.persistence.model.IamGroup;
+import it.infn.mw.iam.persistence.model.IamGroupRequest;
+import it.infn.mw.iam.persistence.repository.IamEmailNotificationRepository;
+import it.infn.mw.iam.persistence.repository.IamGroupRequestRepository;
+import it.infn.mw.iam.notification.service.resolver.AddressResolutionService;
+import it.infn.mw.iam.notification.service.resolver.AdminNotificationDeliveryStrategy;
+
+@Component
+public class GroupRequestReminderTask {
+
+  private static final Logger LOG = LoggerFactory.getLogger(GroupRequestReminderTask.class);
+
+  private static final String GM_AUDIENCE_PREFIX = "gm:";
+
+  @Value("${group-request-reminder.enabled:false}")
+  private boolean enabled;
+
+  @Value("${group-request-reminder.days:5}")
+  private int windowDays;
+
+  @Value("${group-request-reminder.repeat-interval-days:2}")
+  private int repeatIntervalDays;
+
+  @Value("${group-request-reminder.notify-admins:false}")
+  private boolean notifyAdmins;
+
+  private final IamGroupRequestRepository groupRequestRepo;
+  private final NotificationFactory notificationFactory;
+  private final IamEmailNotificationRepository emailNotificationRepo;
+  private final AddressResolutionService addressResolutionService;
+  private final AdminNotificationDeliveryStrategy adminDeliveryStrategy;
+
+  public GroupRequestReminderTask(
+    IamGroupRequestRepository groupRequestRepo,
+    NotificationFactory notificationFactory,
+    IamEmailNotificationRepository emailNotificationRepo,
+    AddressResolutionService addressResolutionService,
+    AdminNotificationDeliveryStrategy adminDeliveryStrategy
+   ) {
+    this.groupRequestRepo = groupRequestRepo;
+    this.notificationFactory = notificationFactory;
+    this.emailNotificationRepo = emailNotificationRepo;
+    this.addressResolutionService = addressResolutionService;
+    this.adminDeliveryStrategy = adminDeliveryStrategy;
+  }
+
+  public void sendReminders() {
+
+    if (!enabled) {
+      return;
+    }
+
+    Date cutoffDate = toDate(LocalDate.now().minusDays(windowDays));
+    Date sinceDate = toDate(LocalDate.now().minusDays(repeatIntervalDays));
+
+    List<IamGroupRequest> pendingRequests =
+        groupRequestRepo.findPendingRequestsOlderThan(IamGroupRequestStatus.PENDING, cutoffDate);
+
+    if (pendingRequests.isEmpty()) {
+      LOG.debug("No pending group requests older than {} days", windowDays);
+      return;
+    }
+
+    Map<IamGroup, List<IamGroupRequest>> requestsByGroup = pendingRequests.stream()
+        .collect(Collectors.groupingBy(IamGroupRequest::getGroup));
+
+    LOG.info("Found {} pending group request(s) across {} group(s) older than {} days",
+        pendingRequests.size(), requestsByGroup.size(), windowDays);
+
+    for (Map.Entry<IamGroup, List<IamGroupRequest>> entry : requestsByGroup.entrySet()) {
+      IamGroup group = entry.getKey();
+      List<IamGroupRequest> requests = entry.getValue();
+
+      String subjectPattern = "%group " + group.getName() + "%";
+
+      if (emailNotificationRepo.countGroupMembershipReminders(subjectPattern, sinceDate) > 0) {
+        LOG.debug("Reminder already sent within last {} day(s) for group {}", repeatIntervalDays,
+            group.getName());
+        continue;
+      }
+
+      List<String> recipients = resolveRecipients(group);
+
+      if (recipients.isEmpty()) {
+        LOG.warn("No recipients found for group {} reminder, skipping", group.getName());
+        continue;
+      }
+
+      notificationFactory.createGroupMembershipReminderMessage(group, requests, recipients);
+      LOG.info("Sent reminder for group {} with {} pending request(s) to {} recipient(s)",
+          group.getName(), requests.size(), recipients.size());
+    }
+  }
+
+  private List<String> resolveRecipients(IamGroup group) {
+    List<String> gmAddresses = addressResolutionService
+        .resolveAddressesForAudience(GM_AUDIENCE_PREFIX + group.getUuid());
+
+    if (gmAddresses.isEmpty()) {
+      LOG.debug("No group managers for the group {}, falling back to admins", group.getName());
+      return adminDeliveryStrategy.resolveAdminEmailAddresses();
+    }
+
+    if (notifyAdmins) {
+      List<String> combinedAddress = new ArrayList<>(gmAddresses);
+      combinedAddress.addAll(adminDeliveryStrategy.resolveAdminEmailAddresses());
+      return combinedAddress;
+    }
+
+    return gmAddresses;
+  }
+
+  private Date toDate(LocalDate localDate) {
+    return Date.from(localDate.atStartOfDay(ZoneId.systemDefault()).toInstant());
+  }
+}
diff --git a/iam-login-service/src/main/java/it/infn/mw/iam/notification/NotificationFactory.java b/iam-login-service/src/main/java/it/infn/mw/iam/notification/NotificationFactory.java
@@ -26,6 +26,7 @@
 import it.infn.mw.iam.persistence.model.IamGroupRequest;
 import it.infn.mw.iam.persistence.model.IamRegistrationRequest;
 import it.infn.mw.iam.persistence.model.IamX509Certificate;
+import it.infn.mw.iam.persistence.model.IamGroup;
 
 public interface NotificationFactory {
 
@@ -46,6 +47,9 @@ IamEmailNotification createRequestRejectedMessage(IamRegistrationRequest request
 
   IamEmailNotification createGroupMembershipRejectedMessage(IamGroupRequest groupRequest);
 
+  IamEmailNotification createGroupMembershipReminderMessage(IamGroup group,
+      List<IamGroupRequest> pendingRequests, List<String> recipients);
+
   IamEmailNotification createClientStatusChangedMessageFor(ClientDetailsEntity client,
       List<IamAccount> accounts);
 

diff --git a/...login-service/src/main/java/it/infn/mw/iam/notification/TransientNotificationFactory.java b/...login-service/src/main/java/it/infn/mw/iam/notification/TransientNotificationFactory.java
@@ -18,9 +18,11 @@
 import static java.util.Arrays.asList;
 
 import java.io.IOException;
+import java.text.SimpleDateFormat;
 import java.time.LocalDate;
 import java.time.ZoneId;
 import java.time.temporal.ChronoUnit;
+import java.util.ArrayList;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
@@ -53,6 +55,7 @@
 import it.infn.mw.iam.persistence.model.IamNotificationReceiver;
 import it.infn.mw.iam.persistence.model.IamRegistrationRequest;
 import it.infn.mw.iam.persistence.model.IamX509Certificate;
+import it.infn.mw.iam.persistence.model.IamGroup;
 
 public class TransientNotificationFactory implements NotificationFactory {
 
@@ -159,9 +162,9 @@
    model.put("name", name);
    model.put(USERNAME_FIELD, username);
    model.put("email", email);
    model.put("indigoDashboardUrl", String.format("%s/dashboard#!/requests", baseUrl));
    model.put(ORGANISATION_NAME, organisationName);
    model.put("notes", request.getNotes());

    return createMessage("adminHandleRequest.ftl", model, IamNotificationType.CONFIRMATION,
        properties.getSubject().get("adminHandleRequest"),
@@ -258,6 +261,38 @@
     return notification;
   }
 
+  @Override
+  public IamEmailNotification createGroupMembershipReminderMessage(IamGroup group,
+      List<IamGroupRequest> pendingRequests, List<String> recipients) {
+    String groupName = group.getName();
+    SimpleDateFormat dateFormat = new SimpleDateFormat("dd MMM yyyy");
+
+    List<Map<String, Object>> pendingUsers = new ArrayList<>();
+    for (IamGroupRequest request : pendingRequests) {
+      Map<String, Object> entry = new HashMap<>();
+      entry.put("name", request.getAccount().getUserInfo().getName());
+      entry.put(USERNAME_FIELD, request.getAccount().getUsername());
+      entry.put("notes", request.getNotes());
+      entry.put("requestDate", dateFormat.format(request.getCreationTime()));
+      pendingUsers.add(entry);
+    }
+
+    Map<String, Object> model = new HashMap<>();
+    model.put(GROUPNAME_FIELD, groupName);
+    model.put("pendingUsers", pendingUsers);
+    model.put("requestCount", pendingRequests.size());
+    model.put("indigoDashboardUrl", String.format("%s/dashboard#!/requests", baseUrl));
+    model.put(ORGANISATION_NAME, organisationName);
+
+    String subject = String.format("Reminder: %d pending membership request(s) for group %s",
+        pendingRequests.size(), groupName);
+
+    LOG.debug("Create group membership reminder for group {} with {} pending request(s)",
+        groupName, pendingRequests.size());
+    return createMessage("groupMembershipReminder.ftl", model,
+        IamNotificationType.GROUP_MEMBERSHIP_REMINDER, subject, recipients);
+  }
+
   @Override
   public IamEmailNotification createClientStatusChangedMessageFor(ClientDetailsEntity client,
       List<IamAccount> accounts) {

diff --git a/iam-login-service/src/main/resources/application.yml b/iam-login-service/src/main/resources/application.yml
@@ -222,6 +222,13 @@ task:
   approvalCleanupPeriodMsec: ${IAM_APPROVAL_CLEANUP_PERIOD_MSEC:300000}
   deviceCodeCleanupPeriodMsec: ${IAM_DEVICE_CODE_CLEANUP_PERIOD_MSEC:300000}
   wellKnownCacheCleanupPeriodSecs: ${IAM_WELL_KNOWN_CACHE_CLEANUP_PERIOD_SECS:300}
+  groupRequestReminderPeriodSecs: ${IAM_GROUP_REQUEST_REMINDER_PERIOD_SECS:86400}
+
+group-request-reminder:
+  enabled: ${IAM_GROUP_REQUEST_REMINDER_ENABLED:false}
+  days: ${IAM_GROUP_REQUEST_REMINDER_DAYS:5}
+  repeat-interval-days: ${IAM_GROUP_REQUEST_REMINDER_REPEAT_INTERVAL_DAYS:2}
+  notify-admins: ${IAM_GROUP_REQUEST_REMINDER_NOTIFY_ADMINS:false}
 
 client-registration:
   allow-for: ${IAM_CLIENT_REGISTRATION_ALLOW_FOR:ANYONE}

diff --git a/iam-login-service/src/main/resources/email-templates/groupMembershipReminder.ftl b/iam-login-service/src/main/resources/email-templates/groupMembershipReminder.ftl
@@ -0,0 +1,17 @@
+Dear Group Manager,
+
+there are ${requestCount} pending membership request(s) for group ${groupName} awaiting your action:
+
+<#list pendingUsers as user>
+  Name: ${user.name}
+  Username: ${user.username}
+  Requested on: ${user.requestDate}
+  Notes: ${user.notes}
+
+</#list>
+You can approve or reject these requests by following the link below:
+
+${indigoDashboardUrl}
+
+
+The ${organisationName} registration service