Invite request api (#193)

* adjust MetaFields resq/res json

* marshal json before using POST request for docraptor

* Include ACL put object permissions

* include tab ids

* add full apache html, adjust dynamo wrappers

* update anchor string to v2.0

* remove view docusign button

* bucket file name convention to the new automated templates

* add project ID and signature type to retrieve s3 files

* use camel case for backend data

* pdf urls camel case

* adjust offsets for icla fields, include pdfURLs into save dynamo

* add pdfs URLs to template create service

* add s3 URL for backwards compatibility, get latest version of template by creation date

* change camel case for project template frontend

* remove console log

* typo

* correct function arguments for user.get_latest_signatures

* wip added Delete whitelist api

* Update CLA Check to include Github org whitelist

* add github auth with auto redirect

* load config properly

* Added delete and add whitelist apis

* added logic in add org whitelist method to handle duplicate entrys

* added get api for cla whitelist

* modified code to adhere to coding standards

* added github auth check to whitelist

* add selected field to github org response

* CLA-776 / CLA-777

* quick fix

* UI Fixes

* Update UI

* fix minor issues with cors and delete api

* added api to add approved users to company acl

* add company invites to dynamodb

* send email to company admins for corporate console access

* wip still needs end to end testing

* add company invites to serverless yml

* fix cors issues withCredentials

* added api to add approved users to company acl

* corrected typo in accesslist/handlers.go

* add comments for company invites python model

* add invite request endpoint and corporate link env var

* added invite api

* changed error message in GetPendingInviteRequests

* fixed new line placement and restructured cla-backend-go

* fixed typos

* add dynamo userPermissions model and use authorizer

* send invite request for cla managers

* use query instead of scan to load user by lfusername

* wip merging cla-764 with invite-list-api

* wip merge builds

* modified config/ssm.go

* placed AddUserToCompanyAccessList and GetEmailFromLFID in user package

* removed invile list folder

* added endpoint handler for SendInviteRequest

* use user name instead of lfusername for email

* refactored logic to service layer

* modified approval email template

* spacing for email template

* Initial duplicate company UI

* fixed GetPendingComapny method

* resolve conflict

* use company invites table

* resolve conflict

* add backend endpoints to UI, pending invites to display on Company page

* typo

* pending invites endpoint, css on grid

* refactored repo logic to repo layer

* refactored repo logic from service layer to repo layer

* added LFID to user struct

* add inviteId to request params, add add accept/decline endpoints to UI

* delete unused accesslist package

* Update Pending Invites UI

* add authorization headers on handlers

* add deletePendingInvite endpoint

* check duplicate ACLs before adding

* adjust UI for backend CompanyInvites endpoints

* adjust pending invites grid size

* removed duplicate path

* wip resolved PR changes

* modified branch to resolve PR requests

* resolved PR modification requests

* add Pending Invites insert to dynamodb when sending email requests

* request of access email alert when company already exists

* remove pending invites from companies

* adjust css

* delete pending invite request once accepted, include inviteID as parameter

* use deleteWithBody to pass inviteID

* Fix for Modal header

* add userLFID to the requestBody

* delete pending invite once its accepted

* show only signed signatures on View Signatures on PMC

* display Sign out from corporate console

* Remove second declaration of Repository interface in whitelist/service.go

Author: ninz

cla-backend-go/Gopkg.lock

@@ -18,17 +18,18 @@ type UserPermissioner interface {
 	GetUserAndProfilesByLFID(lfidUsername string) (user.CLAUser, error)
 	GetUserProjectIDs(userID string) ([]string, error)
 	GetClaManagerCorporateClaIDs(userID string) ([]string, error)
+	GetUserCompanyIDs(userID string) ([]string, error)
 }
 
 type Authorizer struct {
 	auth0Validator   Auth0Validator
 	userPermissioner UserPermissioner
 }
 
-func NewAuthorizer(auth0Validator Auth0Validator) Authorizer {
+func NewAuthorizer(auth0Validator Auth0Validator, userPermissioner UserPermissioner) Authorizer {
 	return Authorizer{
-		auth0Validator: auth0Validator,
-		//	userPermissioner: userPermissioner,
+		auth0Validator:   auth0Validator,
+		userPermissioner: userPermissioner,
 	}
 }
 
@@ -71,6 +72,13 @@ func (a Authorizer) SecurityAuth(token string, scopes []string) (*user.CLAUser,
 
 			user.ProjectIDs = projectIDs
 		case companyScope:
+			//TODO:  Get all companies for this user
+			companies, err := a.userPermissioner.GetUserCompanyIDs(user.UserID)
+			if err != nil {
+				return nil, err
+			}
+
+			user.CompanyIDs = companies
 		case adminScope:
 		}
 	}

cla-backend-go/auth/authorizer.go

@@ -7,14 +7,18 @@ import (
 	"net/url"
 	"os"
 
+	"github.com/LF-Engineering/cla-monorepo/cla-backend-go/auth"
+	"github.com/LF-Engineering/cla-monorepo/cla-backend-go/company"
 	"github.com/LF-Engineering/cla-monorepo/cla-backend-go/config"
 	"github.com/LF-Engineering/cla-monorepo/cla-backend-go/docraptor"
 	"github.com/LF-Engineering/cla-monorepo/cla-backend-go/gen/restapi"
 	"github.com/LF-Engineering/cla-monorepo/cla-backend-go/gen/restapi/operations"
 	"github.com/LF-Engineering/cla-monorepo/cla-backend-go/github"
 	"github.com/LF-Engineering/cla-monorepo/cla-backend-go/health"
 	"github.com/LF-Engineering/cla-monorepo/cla-backend-go/template"
+	"github.com/LF-Engineering/cla-monorepo/cla-backend-go/user"
 	"github.com/LF-Engineering/cla-monorepo/cla-backend-go/whitelist"
+
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/dynamodb"
@@ -106,43 +110,48 @@ func server() http.Handler {
 		logrus.Panic(err)
 	}
 
-	// auth0Validator, err := auth.NewAuth0Validator(
-	// 	configFile.Auth0.Domain,
-	// 	configFile.Auth0.ClientID,
-	// 	configFile.Auth0.UsernameClaim,
-	// 	configFile.Auth0.Algorithm)
-	// if err != nil {
-	// 	logrus.Panic(err)
-	// }
+	auth0Validator, err := auth.NewAuth0Validator(
+		configFile.Auth0.Domain,
+		configFile.Auth0.ClientID,
+		configFile.Auth0.UsernameClaim,
+		configFile.Auth0.Algorithm)
+	if err != nil {
+		logrus.Panic(err)
+	}
 
 	var (
-		// userRepo          = user.NewRepository(db)
 		// projectRepo       = project.NewRepository(db)
 		// contractGroupRepo = contractgroup.NewRepository(db)
+		userRepo      = user.NewDynamoRepository(awsSession, viper.GetString("STAGE"), configFile.SenderEmailAddress)
 		templateRepo  = template.NewRepository(awsSession, viper.GetString("STAGE"))
 		whitelistRepo = whitelist.NewRepository(awsSession, viper.GetString("STAGE"))
+		companyRepo   = company.NewRepository(awsSession, viper.GetString("STAGE"))
 	)
 
 	var (
 		healthService = health.New(GitHash, BuildStamp)
 		// projectService       = project.NewService(projectRepo)
 		//contractGroupService = contractgroup.NewService(contractGroupRepo)
 		// userService          = user.NewService(userRepo)
+
 		templateService  = template.NewService(viper.GetString("STAGE"), templateRepo, docraptorClient, awsSession)
 		whitelistService = whitelist.NewService(whitelistRepo, http.DefaultClient)
-		//authorizer = auth.NewAuthorizer(auth0Validator)
+		companyService   = company.NewService(companyRepo, awsSession, configFile.SenderEmailAddress, configFile.CorporateConsoleURL, userRepo)
+		authorizer       = auth.NewAuthorizer(auth0Validator, userRepo)
 	)
 
 	sessionStore, err := dynastore.New(dynastore.Path("/"), dynastore.HTTPOnly(), dynastore.TableName(configFile.SessionStoreTableName), dynastore.DynamoDB(dynamodb.New(awsSession)))
 	if err != nil {
 		log.Fatalln(err)
 	}
-
-	//api.OauthSecurityAuth = authorizer.SecurityAuth
+	api.OauthSecurityAuth = authorizer.SecurityAuth
 	health.Configure(api, healthService)
 	template.Configure(api, templateService)
 	github.Configure(api, configFile.Github.ClientID, configFile.Github.ClientSecret, sessionStore)
 	whitelist.Configure(api, whitelistService, sessionStore)
+
+	company.Configure(api, companyService)
+
 	// project.Configure(api, projectService)
 	// contractgroup.Configure(api, contractGroupService)
 

cla-backend-go/cmd/server.go

@@ -0,0 +1,67 @@
+package company
+
+import (
+	"github.com/LF-Engineering/cla-monorepo/cla-backend-go/gen/models"
+	"github.com/LF-Engineering/cla-monorepo/cla-backend-go/gen/restapi/operations"
+	"github.com/LF-Engineering/cla-monorepo/cla-backend-go/user"
+
+	"github.com/go-openapi/runtime/middleware"
+)
+
+func Configure(api *operations.ClaAPI, service service) {
+
+	api.AddUsertoCompanyAccessListHandler = operations.AddUsertoCompanyAccessListHandlerFunc(func(params operations.AddUsertoCompanyAccessListParams, claUser *user.CLAUser) middleware.Responder {
+		err := service.AddUserToCompanyAccessList(params.CompanyID, params.User.InviteID, params.User.UserLFID)
+		if err != nil {
+			return operations.NewAddGithubOrganizationFromClaBadRequest()
+		}
+
+		return operations.NewAddUsertoCompanyAccessListOK()
+	})
+
+	api.GetPendingInviteRequestsHandler = operations.GetPendingInviteRequestsHandlerFunc(func(params operations.GetPendingInviteRequestsParams, claUser *user.CLAUser) middleware.Responder {
+		result, err := service.GetPendingCompanyInviteRequests(params.CompanyID)
+		if err != nil {
+			return operations.NewGetPendingInviteRequestsBadRequest().WithPayload(errorResponse(err))
+		}
+
+		return operations.NewGetPendingInviteRequestsOK().WithPayload(result)
+	})
+
+	api.SendInviteRequestHandler = operations.SendInviteRequestHandlerFunc(func(params operations.SendInviteRequestParams, claUser *user.CLAUser) middleware.Responder {
+
+		err := service.SendRequestAccessEmail(params.CompanyID, claUser)
+		if err != nil {
+			return operations.NewSendInviteRequestBadRequest().WithPayload(errorResponse(err))
+		}
+		return operations.NewSendInviteRequestOK()
+	})
+
+	api.DeletePendingInviteHandler = operations.DeletePendingInviteHandlerFunc(func(params operations.DeletePendingInviteParams, claUser *user.CLAUser) middleware.Responder {
+		err := service.DeletePendingCompanyInviteRequest(params.User.InviteID)
+		if err != nil {
+			return operations.NewDeletePendingInviteBadRequest().WithPayload(errorResponse(err))
+		}
+
+		return operations.NewDeletePendingInviteOK()
+	})
+
+}
+
+type codedResponse interface {
+	Code() string
+}
+
+func errorResponse(err error) *models.ErrorResponse {
+	code := ""
+	if e, ok := err.(codedResponse); ok {
+		code = e.Code()
+	}
+
+	e := models.ErrorResponse{
+		Code:    code,
+		Message: err.Error(),
+	}
+
+	return &e
+}

cla-backend-go/company/handlers.go

@@ -0,0 +1,179 @@
+package company
+
+import (
+	"fmt"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/dynamodb"
+	"github.com/aws/aws-sdk-go/service/dynamodb/dynamodbattribute"
+	"github.com/gofrs/uuid"
+)
+
+type Repository interface {
+	GetPendingCompanyInviteRequests(companyID string) ([]CompanyInvite, error)
+	GetCompany(CompanyID string) (Company, error)
+	DeletePendingCompanyInviteRequest(InviteID string) error
+	AddPendingCompanyInviteRequest(companyID string, userID string) error
+	UpdateCompanyAccessList(companyID string, companyACL []string) error
+}
+
+type repository struct {
+	stage          string
+	dynamoDBClient *dynamodb.DynamoDB
+}
+
+type Company struct {
+	CompanyID   string   `dynamodbav:"company_id"`
+	CompanyName string   `dynamodbav:"company_name"`
+	CompanyACL  []string `dynamodbav:"company_acl"`
+}
+
+type CompanyInvite struct {
+	CompanyInviteID    string `dynamodbav:"company_invite_id"`
+	RequestedCompanyID string `dynamodbav:"requested_company_id"`
+	UserID             string `dynamodbav:"user_id"`
+}
+
+func NewRepository(awsSession *session.Session, stage string) repository {
+	return repository{
+		stage:          stage,
+		dynamoDBClient: dynamodb.New(awsSession),
+	}
+}
+
+func (repo repository) GetCompany(CompanyID string) (Company, error) {
+	tableName := fmt.Sprintf("cla-%s-companies", repo.stage)
+	companyTableData, err := repo.dynamoDBClient.GetItem(&dynamodb.GetItemInput{
+		TableName: aws.String(tableName),
+		Key: map[string]*dynamodb.AttributeValue{
+			"company_id": {
+				S: aws.String(CompanyID),
+			},
+		},
+	})
+	if err != nil {
+		fmt.Println(err.Error())
+		return Company{}, err
+	}
+
+	company := Company{}
+	err = dynamodbattribute.UnmarshalMap(companyTableData.Item, &company)
+	if err != nil {
+		fmt.Println(err.Error())
+		return Company{}, err
+	}
+
+	return company, nil
+}
+
+func (repo repository) GetPendingCompanyInviteRequests(companyID string) ([]CompanyInvite, error) {
+	tableName := fmt.Sprintf("cla-%s-company-invites", repo.stage)
+	input := &dynamodb.QueryInput{
+		KeyConditions: map[string]*dynamodb.Condition{
+			"requested_company_id": {
+				ComparisonOperator: aws.String("EQ"),
+				AttributeValueList: []*dynamodb.AttributeValue{
+					{
+						S: aws.String(companyID),
+					},
+				},
+			},
+		},
+		TableName: aws.String(tableName),
+		IndexName: aws.String("requested-company-index"),
+	}
+	companyInviteAV, err := repo.dynamoDBClient.Query(input)
+	if err != nil {
+		fmt.Println("Unable to retrieve data from Company-Invites table", err)
+		return nil, err
+	}
+
+	companyInvites := []CompanyInvite{}
+	err = dynamodbattribute.UnmarshalListOfMaps(companyInviteAV.Items, &companyInvites)
+	if err != nil {
+		fmt.Println(err.Error())
+		return nil, err
+	}
+
+	return companyInvites, nil
+}
+
+func (repo repository) DeletePendingCompanyInviteRequest(inviteID string) error {
+	tableName := fmt.Sprintf("cla-%s-company-invites", repo.stage)
+	input := &dynamodb.DeleteItemInput{
+		Key: map[string]*dynamodb.AttributeValue{
+			"company_invite_id": {
+				S: aws.String(inviteID),
+			},
+		},
+		TableName: aws.String(tableName),
+	}
+
+	_, err := repo.dynamoDBClient.DeleteItem(input)
+	if err != nil {
+		fmt.Println("Unable to delete Company Invite Request", err)
+		return err
+	}
+
+	return nil
+}
+
+func (repo repository) AddPendingCompanyInviteRequest(companyID string, userID string) error {
+	companyInviteID, err := uuid.NewV4()
+	if err != nil {
+		fmt.Println("Unable to generate a UUID for a pending invite", err)
+		return err
+	}
+
+	input := &dynamodb.PutItemInput{
+		Item: map[string]*dynamodb.AttributeValue{
+			"company_invite_id": {
+				S: aws.String(companyInviteID.String()),
+			},
+			"requested_company_id": {
+				S: aws.String(companyID),
+			},
+			"user_id": {
+				S: aws.String(userID),
+			},
+		},
+		TableName: aws.String(fmt.Sprintf("cla-%s-company-invites", repo.stage)),
+	}
+
+	_, err = repo.dynamoDBClient.PutItem(input)
+	if err != nil {
+		fmt.Println("Unable to create a new pending invite", err)
+	}
+
+	return nil
+}
+
+func (repo repository) UpdateCompanyAccessList(companyID string, companyACL []string) error {
+	tableName := fmt.Sprintf("cla-%s-companies", repo.stage)
+	input := &dynamodb.UpdateItemInput{
+		ExpressionAttributeNames: map[string]*string{
+			"#S": aws.String("company_acl"),
+		},
+		ExpressionAttributeValues: map[string]*dynamodb.AttributeValue{
+			":s": {
+				SS: aws.StringSlice(companyACL),
+			},
+		},
+		TableName: aws.String(tableName),
+		Key: map[string]*dynamodb.AttributeValue{
+			"company_id": {
+				S: aws.String(companyID),
+			},
+		},
+		UpdateExpression: aws.String("SET #S = :s"),
+	}
+
+	_, err := repo.dynamoDBClient.UpdateItem(input)
+	if err != nil {
+		fmt.Println("Error updating Company Access List:", err)
+		return err
+	}
+
+	return nil
+}