credentials.totpSecret as array and update credentials scenario test (#186)

Co-authored-by: Michael Hoennig <michael@hoennig.de>
Reviewed-on: https://dev.hostsharing.net/hostsharing/hs.hsadmin.ng/pulls/186
Reviewed-by: Marc Sandlus <marc.sandlus@hostsharing.net>

src/main/java/net/hostsharing/hsadminng/hs/accounts/HsCredentialsController.java

@@ -8,6 +8,7 @@ import java.util.function.BiConsumer;
 
 import io.micrometer.core.annotation.Timed;
 import io.swagger.v3.oas.annotations.security.SecurityRequirement;
+import net.hostsharing.hsadminng.accounts.generated.api.v1.model.ContextResource;
 import net.hostsharing.hsadminng.config.MessageTranslator;
 import net.hostsharing.hsadminng.context.Context;
 import net.hostsharing.hsadminng.accounts.generated.api.v1.api.CredentialsApi;
@@ -67,12 +68,12 @@ public class HsCredentialsController implements CredentialsApi {
             final UUID credentialsUuid) {
         context.assumeRoles(assumedRoles);
 
-        final var credentials = credentialsRepo.findByUuid(credentialsUuid);
-        if (credentials.isEmpty()) {
+        final var credentialsEntity = credentialsRepo.findByUuid(credentialsUuid);
+        if (credentialsEntity.isEmpty()) {
             return ResponseEntity.notFound().build();
         }
         final var result = mapper.map(
-                credentials.get(), CredentialsResource.class, ENTITY_TO_RESOURCE_POSTMAPPER);
+                credentialsEntity.get(), CredentialsResource.class, ENTITY_TO_RESOURCE_POSTMAPPER);
         return ResponseEntity.ok(result);
     }
 
@@ -192,6 +193,7 @@ public class HsCredentialsController implements CredentialsApi {
                         mapper.map(person, HsOfficePersonResource.class)
                 )
         );
+        resource.setContexts(mapper.mapList(entity.getLoginContexts().stream().toList(), ContextResource.class));
     };
 
     final BiConsumer<CredentialsInsertResource, HsCredentialsEntity> RESOURCE_TO_ENTITY_POSTMAPPER = (resource, entity) -> {

src/main/java/net/hostsharing/hsadminng/hs/accounts/HsCredentialsEntity.java

@@ -11,6 +11,7 @@ import net.hostsharing.hsadminng.repr.Stringifyable;
 
 import java.time.LocalDateTime;
 import java.util.HashSet;
+import java.util.List;
 import java.util.Set;
 import java.util.UUID;
 
@@ -30,7 +31,7 @@ public class HsCredentialsEntity implements BaseEntity<HsCredentialsEntity>, Str
     protected static Stringify<HsCredentialsEntity> stringify = stringify(HsCredentialsEntity.class, "credentials")
             .withProp(HsCredentialsEntity::isActive)
             .withProp(HsCredentialsEntity::getEmailAddress)
-            .withProp(HsCredentialsEntity::getTotpSecret)
+            .withProp(HsCredentialsEntity::getTotpSecrets)
             .withProp(HsCredentialsEntity::getPhonePassword)
             .withProp(HsCredentialsEntity::getSmsNumber)
             .quotedValues(false);
@@ -66,7 +67,7 @@ public class HsCredentialsEntity implements BaseEntity<HsCredentialsEntity>, Str
     private String onboardingToken;
 
     @Column
-    private String totpSecret;
+    private List<String> totpSecrets;
 
     @Column
     private String phonePassword;
@@ -106,4 +107,5 @@ public class HsCredentialsEntity implements BaseEntity<HsCredentialsEntity>, Str
     public String toString() {
         return stringify.apply(this);
     }
+
 }

src/main/java/net/hostsharing/hsadminng/hs/accounts/HsCredentialsEntityPatcher.java

@@ -4,6 +4,7 @@ import net.hostsharing.hsadminng.accounts.generated.api.v1.model.CredentialsPatc
 import net.hostsharing.hsadminng.mapper.EntityPatcher;
 import net.hostsharing.hsadminng.mapper.OptionalFromJson;
 
+import java.util.Optional;
 
 public class HsCredentialsEntityPatcher implements EntityPatcher<CredentialsPatchResource> {
 
@@ -22,8 +23,8 @@ public class HsCredentialsEntityPatcher implements EntityPatcher<CredentialsPatc
         }
         OptionalFromJson.of(resource.getEmailAddress())
                 .ifPresent(entity::setEmailAddress);
-        OptionalFromJson.of(resource.getTotpSecret())
-                .ifPresent(entity::setTotpSecret);
+        Optional.ofNullable(resource.getTotpSecrets())
+                .ifPresent(entity::setTotpSecrets);
         OptionalFromJson.of(resource.getSmsNumber())
                 .ifPresent(entity::setSmsNumber);
         OptionalFromJson.of(resource.getPhonePassword())

src/main/resources/api-definition/accounts/credentials-schemas.yaml

@@ -14,9 +14,11 @@ components:
                 nickname:
                     type: string
                     pattern: '^[a-z][a-z0-9]{1,8}-[a-z0-9]{1,10}$' # TODO.spec: pattern for login nickname
-                totpSecret:
-                    type: string
-                telephonePassword:
+                totpSecrets:
+                    type: array
+                    items:
+                        type: string
+                phonePassword:
                     type: string
                 emailAddress:
                     type: string
@@ -46,9 +48,10 @@ components:
         CredentialsPatch:
             type: object
             properties:
-                totpSecret:
-                    type: string
-                    nullable: true
+                totpSecrets:
+                    type: array
+                    items:
+                        type: string
                 phonePassword:
                     type: string
                     nullable: true
@@ -75,9 +78,11 @@ components:
                 nickname:
                     type: string
                     pattern: '^[a-z][a-z0-9]{1,8}-[a-z0-9]{1,10}$' # TODO.spec: pattern for login nickname
-                totpSecret:
-                    type: string
-                telephonePassword:
+                totpSecrets:
+                    type: array
+                    items:
+                        type: string
+                phonePassword:
                     type: string
                 emailAddress:
                     type: string

src/main/resources/db/changelog/9-hs-global/950-accounts/9510-hs-accounts.sql

@@ -18,7 +18,7 @@ create table hs_accounts.credentials
     global_gid       int unique,     -- w/o
     onboarding_token text,           -- w/o, but can be set to null to invalidate
 
-    totp_secret      text,
+    totp_secrets     text[],
     phone_password   text,
     email_address    text,
     sms_number       text

src/main/resources/db/changelog/9-hs-global/950-accounts/9519-hs-accounts-test-data.sql

@@ -51,9 +51,9 @@ begin
 --     call rbac.grantRoleToRole(hs_accounts.context_REFERRER(context_MATRIX_internal), rbac.global_ADMIN());
 
     -- Add test credentials (linking to assumed rbac.subject UUIDs)
-    INSERT INTO hs_accounts.credentials (uuid, version, person_uuid, active, global_uid, global_gid, onboarding_token, totp_secret, phone_password, email_address, sms_number) VALUES
-        ( superuserAlexSubjectUuid, 0, personAlexUuid, true, 1001, 1001, 'token-abc', 'otp-secret-1', 'phone-pw-1', 'alex@example.com', '111-222-3333'),
-        ( superuserFranSubjectUuid, 0, personFranUuid, true, 1002, 1002, 'token-def', 'otp-secret-2', 'phone-pw-2', 'fran@example.com', '444-555-6666');
+    INSERT INTO hs_accounts.credentials (uuid, version, person_uuid, active, global_uid, global_gid, onboarding_token, totp_secrets, phone_password, email_address, sms_number) VALUES
+        ( superuserAlexSubjectUuid, 0, personAlexUuid, true, 1001, 1001, 'token-abc', ARRAY['otp-secret-1a', 'otp-secret-1b'], 'phone-pw-1', 'alex@example.com', '111-222-3333'),
+        ( superuserFranSubjectUuid, 0, personFranUuid, true, 1002, 1002, 'token-def', ARRAY['otp-secret-2'], 'phone-pw-2', 'fran@example.com', '444-555-6666');
 
     -- Map credentials to contexts
     INSERT INTO hs_accounts.context_mapping (credentials_uuid, context_uuid) VALUES