Move user find API to v2

This brings a rich new set of user properties we
Can read out. Have a look at the new `User` struct

Author: loafoe

iam/user.go

@@ -1,6 +1,42 @@
 package iam
 
-// User represents an IAM user resource
+import "time"
+
+// User represents a user profile in IAM
+type User struct {
+	PreferredLanguage string `json:"preferredLanguage"`
+	EmailAddress      string `json:"emailAddress"`
+	ID                string `json:"id"`
+	LoginID           string `json:"loginId"`
+	Name              struct {
+		Given  string `json:"given"`
+		Family string `json:"family"`
+	} `json:"name"`
+	ManagingOrganization string `json:"managingOrganization"`
+	PasswordStatus       struct {
+		PasswordExpiresOn time.Time `json:"passwordExpiresOn"`
+		PasswordChangedOn time.Time `json:"passwordChangedOn"`
+	} `json:"passwordStatus"`
+	Memberships []struct {
+		OrganizationID   string   `json:"organizationId"`
+		OrganizationName string   `json:"organizationName"`
+		Roles            []string `json:"roles"`
+		Groups           []string `json:"groups"`
+	} `json:"memberships"`
+	AccountStatus struct {
+		LastLoginTime          time.Time `json:"lastLoginTime"`
+		MfaStatus              string    `json:"mfaStatus"`
+		EmailVerified          bool      `json:"emailVerified"`
+		Disabled               bool      `json:"disabled"`
+		AccountLockedOn        time.Time `json:"accountLockedOn"`
+		AccountLockedUntil     time.Time `json:"accountLockedUntil"`
+		NumberOfInvalidAttempt int       `json:"numberOfInvalidAttempt"`
+		LastInvalidAttemptedOn time.Time `json:"lastInvalidAttemptedOn"`
+	} `json:"accountStatus"`
+	ConsentedApps []string `json:"consentedApps"`
+}
+
+// Person represents an IAM user resource
 type Person struct {
 	ID string `json:"id,omitempty" validate:"omitempty"`
 	// Pattern: ^((?![~`!#%^&*()+={}[\\]|/\\\\<>,;:\"'?])[\\S])*$

iam/users_service.go

@@ -1,7 +1,6 @@
 package iam
 
 import (
-	"encoding/json"
 	"fmt"
 	"net/http"
 
@@ -22,6 +21,8 @@ type GetUserOptions struct {
 	GroupID        *string `url:"groupId,omitempty"`
 	PageSize       *string `url:"pageSize,omitempty"`
 	PageNumber     *string `url:"pageNumber,omitempty"`
+	UserID         *string `url:"userId,omitempty"`
+	ProfileType    *string `url:"profileType,omitempty" enum:"membership|accountStatus|passwordStatus|consentedApps|all"`
 }
 
 // UsersService provides operations on IAM User resources
@@ -260,44 +261,27 @@ func (u *UsersService) GetUsers(opts *GetUserOptions, options ...OptionFunc) (*U
 }
 
 // GetUserByID looks up a user by UUID
-func (u *UsersService) GetUserByID(uuid string) (*Person, *Response, error) {
-	req, _ := u.client.NewRequest(IDM, "GET", "security/users/"+uuid, nil, nil)
-	var user interface{}
+func (u *UsersService) GetUserByID(uuid string) (*User, *Response, error) {
+	opt := &GetUserOptions{
+		UserID:      &uuid,
+		ProfileType: String("all"),
+	}
+	req, _ := u.client.NewRequest(IDM, "GET", "authorize/identity/User", opt, nil)
+	req.Header.Set("api-version", userAPIVersion)
+
+	var responseStruct struct {
+		Total int    `json:"total"`
+		Entry []User `json:"entry"`
+	}
 
-	resp, err := u.client.Do(req, &user)
+	resp, err := u.client.Do(req, &responseStruct)
 	if err != nil {
 		return nil, resp, err
 	}
-	m, err := json.Marshal(user)
-	if err != nil {
-		return nil, resp, fmt.Errorf("error parsing json response: %w", err)
+	if responseStruct.Total == 0 {
+		return nil, resp, ErrEmptyResults
 	}
-
-	jsonParsed, err := gabs.ParseJSON(m)
-	if err != nil {
-		return nil, resp, fmt.Errorf("Eror decoding JSON: %w", err)
-	}
-	if err = checkResponseCode200(jsonParsed); err != nil {
-		return nil, resp, &UserError{User: uuid, Err: err}
-	}
-	email, ok := jsonParsed.Path("exchange.loginId").Data().(string)
-	if !ok {
-		return nil, resp, fmt.Errorf("Invalid response")
-	}
-	r := jsonParsed.Path("exchange.profile")
-	first := r.Path("givenName").Data().(string)
-	last := r.Path("familyName").Data().(string)
-	disabled := r.Path("disabled").Data().(bool)
-	// TODO use Profile here
-	var foundUser Person
-	foundUser.Name.Family = last
-	foundUser.Name.Given = first
-	foundUser.Disabled = disabled
-	foundUser.Telecom = append(foundUser.Telecom, TelecomEntry{
-		System: "email",
-		Value:  email,
-	})
-	return &foundUser, resp, nil
+	return &responseStruct.Entry[0], resp, nil
 }
 
 func checkResponseCode200(json *gabs.Container) error {
@@ -317,32 +301,14 @@ func checkResponseCode200(json *gabs.Container) error {
 
 // GetUserIDByLoginID looks up the UUID of a user by LoginID (email address)
 func (u *UsersService) GetUserIDByLoginID(loginID string) (string, *Response, error) {
-	req, _ := u.client.NewRequest(IDM, "GET", "security/users?loginId="+loginID, nil, nil)
-	var d interface{}
-
-	resp, err := u.client.Do(req, &d)
+	user, resp, err := u.GetUserByID(loginID)
 	if err != nil {
 		return "", resp, err
 	}
-	m, err := json.Marshal(d)
-	if err != nil {
-		return "", resp, fmt.Errorf("error parsing json response: %w", err)
-	}
-	jsonParsed, err := gabs.ParseJSON(m)
-	if err != nil {
-		return "", resp, fmt.Errorf("Eror decoding JSON: %w", err)
-	}
-	if err = checkResponseCode200(jsonParsed); err != nil {
-		return "", resp, &UserError{User: loginID, Err: err}
+	if user == nil {
+		return "", resp, ErrEmptyResults
 	}
-
-	r := jsonParsed.Path("exchange.users").Index(0)
-	userUUID, ok := r.Path("userUUID").Data().(string)
-	if !ok {
-		return "", resp, fmt.Errorf("lookup failed")
-	}
-	return userUUID, resp, nil
-
+	return user.ID, resp, nil
 }
 
 // SetMFA activate Multi-Factor-Authentication for the given UUID. See also SetMFAByLoginID.

iam/users_service_test.go

@@ -190,32 +190,77 @@ func TestGetUsers(t *testing.T) {
 	assert.True(t, list.HasNextPage)
 }
 
-func userIDByLoginIDHandler(t *testing.T, loginID, userUUID string) func(http.ResponseWriter, *http.Request) {
+func userIDByLoginIDHandler(t *testing.T, loginID, email, userUUID string) func(http.ResponseWriter, *http.Request) {
 	return func(w http.ResponseWriter, r *http.Request) {
 		if r.Method != "GET" {
 			t.Errorf("Expected ‘GET’ request, got ‘%s’", r.Method)
 		}
 		w.Header().Set("Content-Type", "application/json")
 		w.WriteHeader(http.StatusOK)
+		userId := r.URL.Query().Get("userId")
 
-		if r.URL.Query().Get("loginId") != loginID {
+		if !(userId == loginID || userId == userUUID) {
 			_, _ = io.WriteString(w, `{
-				"responseCode": "4010",
-				"responseMessage": "User does not exist"
+				"total": 0,
+				"entry": []
 			}`)
 			return
 		}
 		_, _ = io.WriteString(w, `{
-			"exchange": {
-				"users": [
-					{
-						"userUUID": "`+userUUID+`"
-					}
-				]
-			},
-			"responseCode": "200",
-			"responseMessage": "Success"
-		}`)
+  "total": 1,
+  "entry": [
+    {
+      "preferredLanguage": "en-US",
+      "loginId": "`+loginID+`",
+      "emailAddress": "`+email+`",
+      "id": "`+userUUID+`",
+      "managingOrganization": "c29cdb88-7cda-4fc1-af8b-ee5947659958",
+      "name": {
+        "given": "Ron",
+        "family": "Swanson"
+      },
+      "memberships": [
+        {
+          "organizationId": "c29cdb88-7cda-4fc1-af8b-ee5947659958",
+          "organizationName": "Pawnee",
+          "roles": [
+            "ANALYZE",
+            "S3CREDSADMINROLE",
+            "ADMIN"
+          ],
+          "groups": [
+            "S3CredsAdminGroup",
+            "AdminGroup"
+          ]
+        },
+        {
+          "organizationId": "d4be75cc-e81b-4d7d-b034-baf6f3f10792",
+          "organizationName": "Eagleton",
+          "roles": [
+            "LOGUSER"
+          ],
+          "groups": [
+            "LogUserGroup"
+          ]
+        }
+      ],
+      "passwordStatus": {
+        "passwordExpiresOn": "2022-02-04T10:07:55Z",
+        "passwordChangedOn": "2020-02-15T10:07:55Z"
+      },
+      "accountStatus": {
+        "mfaStatus": "NOTREQUIRED",
+        "lastLoginTime": "2020-05-09T12:27:41Z",
+        "emailVerified": true,
+        "numberOfInvalidAttempt": 0,
+        "disabled": false
+      },
+      "consentedApps": [
+        "default default default"
+      ]
+    }
+  ]
+}`)
 	}
 }
 
@@ -224,8 +269,9 @@ func TestGetUserIDByLoginID(t *testing.T) {
 	defer teardown()
 
 	userUUID := "f5fe538f-c3b5-4454-8774-cd3789f59b9f"
-	loginID := "foo@bar.com"
-	muxIDM.HandleFunc("/security/users", userIDByLoginIDHandler(t, loginID, userUUID))
+	loginID := "ron"
+	email := "foo@bar.com"
+	muxIDM.HandleFunc("/authorize/identity/User", userIDByLoginIDHandler(t, loginID, email, userUUID))
 
 	uuid, resp, err := client.Users.GetUserIDByLoginID(loginID)
 	if !assert.NotNil(t, resp) {
@@ -241,31 +287,10 @@ func TestGetUserByID(t *testing.T) {
 	defer teardown()
 
 	userUUID := "44d20214-7879-4e35-923d-f9d4e01c9746"
+	loginID := "ron"
+	email := "foo@bar.com"
 
-	muxIDM.HandleFunc("/security/users/"+userUUID, func(w http.ResponseWriter, r *http.Request) {
-		if r.Method != "GET" {
-			t.Errorf("Expected ‘GET’ request, got ‘%s’", r.Method)
-		}
-
-		w.Header().Set("Content-Type", "application/json")
-		w.WriteHeader(http.StatusOK)
-		_, _ = io.WriteString(w, `{
-			"exchange": {
-				"loginId": "john.doe@domain.com",
-				"profile": {
-					"contact": {
-						"emailAddress": "john.doe@domain.com"
-					},
-					"givenName": "John",
-					"familyName": "Doe",
-					"addresses": [],
-					"disabled": false
-				}
-			},
-			"responseCode": "200",
-			"responseMessage": "Success"
-		}`)
-	})
+	muxIDM.HandleFunc("/authorize/identity/User", userIDByLoginIDHandler(t, loginID, email, userUUID))
 
 	foundUser, resp, err := client.Users.GetUserByID(userUUID)
 	if !assert.NotNil(t, resp) {
@@ -276,11 +301,8 @@ func TestGetUserByID(t *testing.T) {
 	}
 	assert.Nil(t, err)
 	assert.Equal(t, http.StatusOK, resp.StatusCode)
-	if !assert.NotEqual(t, 0, len(foundUser.Telecom)) {
-		return
-	}
-	assert.Equal(t, "john.doe@domain.com", foundUser.Telecom[0].Value)
-	assert.Equal(t, "Doe", foundUser.Name.Family)
+	assert.Equal(t, email, foundUser.EmailAddress)
+	assert.Equal(t, "Swanson", foundUser.Name.Family)
 }
 
 func TestUserActions(t *testing.T) {
@@ -296,8 +318,9 @@ func TestUserActions(t *testing.T) {
 	muxIDM.HandleFunc("/authorize/identity/User/$recover-password",
 		actionRequestHandler(t, "recoverPassword", "TODO: fix", http.StatusOK))
 	userUUID := "f5fe538f-c3b5-4454-8774-cd3789f59b9f"
-	loginID := "foo@bar.com"
-	muxIDM.HandleFunc("/security/users", userIDByLoginIDHandler(t, loginID, userUUID))
+	loginID := "ron"
+	email := "foo@bar.com"
+	muxIDM.HandleFunc("/authorize/identity/User", userIDByLoginIDHandler(t, loginID, email, userUUID))
 	muxIDM.HandleFunc("/authorize/identity/User/"+userUUID+"/$mfa",
 		actionRequestHandler(t, "setMFA", "TODO: fix", http.StatusAccepted))
 	muxIDM.HandleFunc("/authorize/identity/User/"+userUUID+"/$unlock",
@@ -340,9 +363,8 @@ func TestUserActions(t *testing.T) {
 		return
 	}
 	assert.Nil(t, err)
-	assert.True(t, ok)
-	assert.Equal(t, http.StatusOK, resp.StatusCode)
 	assert.Equal(t, userUUID, uuid)
+	assert.Equal(t, http.StatusOK, resp.StatusCode)
 
 	ok, resp, err = client.Users.SetMFAByLoginID(loginID, true)
 	if !assert.NotNil(t, resp) {