Merge pull request #154 from lvhuichao/develop

1. remove user in enterprise mode

Author: hanshuai

server/openblocks-domain/src/main/java/com/openblocks/domain/user/model/Connection.java

@@ -29,7 +29,7 @@ public class Connection {
     private static final long serialVersionUID = -9218373922209100577L;
 
     @NotEmpty
-    private final String source;
+    private String source;
 
     @NotEmpty
     @JsonProperty(access = JsonProperty.Access.WRITE_ONLY)

server/openblocks-domain/src/main/java/com/openblocks/domain/user/model/User.java

@@ -8,6 +8,7 @@
 import java.util.Set;
 import java.util.function.Supplier;
 
+import org.apache.commons.collections4.SetUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.data.annotation.Transient;
 import org.springframework.data.mongodb.core.mapping.Document;
@@ -98,4 +99,12 @@ public void set(String orgId, TransformedUserInfo transformedUserInfo) {
     public record TransformedUserInfo(long updateTime, Map<String, Object> extra) {
 
     }
+
+    public void markAsDeleted() {
+        this.setState(UserState.DELETED);
+        this.setIsEnabled(false);
+        SetUtils.emptyIfNull(this.getConnections())
+                .forEach(connection -> connection.setSource(
+                        connection.getSource() + "(User deleted at " + System.currentTimeMillis() / 1000 + ")"));
+    }
 }

server/openblocks-domain/src/main/java/com/openblocks/domain/user/model/UserState.java

@@ -1,5 +1,6 @@
 package com.openblocks.domain.user.model;
 
 public enum UserState {
-    NEW, INVITED, ACTIVATED
+    NEW, INVITED, ACTIVATED,
+    DELETED// User can only be deleted in enterprise mode.
 }

server/openblocks-domain/src/main/java/com/openblocks/domain/user/service/UserService.java

@@ -48,5 +48,7 @@ public interface UserService {
     Mono<Boolean> setPassword(String userId, String password);
 
     Mono<CurrentUser> buildCurrentUser(User user, boolean withoutDynamicGroups);
+
+    Mono<Boolean> markUserDeletedAndInvalidConnectionsAtEnterpriseMode(String userId);
 }
 

server/openblocks-domain/src/main/java/com/openblocks/domain/user/service/UserServiceImpl.java

@@ -8,7 +8,6 @@
 import static com.openblocks.sdk.util.ExceptionUtils.ofException;
 
 import java.util.Collection;
-import java.util.Collections;
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
@@ -28,7 +27,6 @@
 import org.springframework.web.server.ServerWebExchange;
 
 import com.google.common.collect.ImmutableSet;
-import com.google.common.collect.Maps;
 import com.openblocks.domain.asset.model.Asset;
 import com.openblocks.domain.asset.service.AssetService;
 import com.openblocks.domain.encryption.EncryptionService;
@@ -45,10 +43,12 @@
 import com.openblocks.domain.user.model.UserState;
 import com.openblocks.domain.user.repository.UserRepository;
 import com.openblocks.infra.mongo.MongoUpsertHelper;
+import com.openblocks.sdk.config.CommonConfig;
 import com.openblocks.sdk.config.dynamic.Conf;
 import com.openblocks.sdk.config.dynamic.ConfigCenter;
 import com.openblocks.sdk.constants.AuthSourceConstants;
 import com.openblocks.sdk.constants.FieldName;
+import com.openblocks.sdk.constants.WorkspaceMode;
 import com.openblocks.sdk.exception.BizError;
 import com.openblocks.sdk.exception.BizException;
 import com.openblocks.sdk.util.LocaleUtils;
@@ -77,6 +77,8 @@ public class UserServiceImpl implements UserService {
     private OrgMemberService orgMemberService;
     @Autowired
     private GroupService groupService;
+    @Autowired
+    private CommonConfig commonConfig;
 
     private Conf<Integer> avatarMaxSizeInKb;
 
@@ -281,6 +283,21 @@ public Mono<CurrentUser> buildCurrentUser(User user, boolean withoutDynamicGroup
         });
     }
 
+    /**
+     * In enterprise mode, user can be deleted and then related connections should be released here by appending a timestamp after the source field.
+     */
+    @Override
+    public Mono<Boolean> markUserDeletedAndInvalidConnectionsAtEnterpriseMode(String userId) {
+        if (commonConfig.getWorkspace().getMode() == WorkspaceMode.SAAS) {
+            return Mono.just(false);
+        }
+        return repository.findById(userId)
+                .flatMap(user -> {
+                    user.markAsDeleted();
+                    return mongoUpsertHelper.updateById(user, userId);
+                });
+    }
+
     protected Map<String, Object> getCurrentUserExtra(User user, String orgId) {
         return Optional.ofNullable(user.getOrgTransformedUserInfo())
                 .map(orgTransformedUserInfo -> orgTransformedUserInfo.get(orgId))

server/openblocks-sdk/src/main/java/com/openblocks/sdk/constants/GlobalContext.java

@@ -3,7 +3,6 @@
 public class GlobalContext {
 
     public static final String VISITOR_ID = "visitorId";
-    public static final String VISITOR = "visitor";
     public static final String VISITOR_TOKEN = "visitorToken";
 
     public static final String SYSTEM_USER_ID = "SYSTEM";

server/openblocks-sdk/src/main/java/com/openblocks/sdk/util/JsonUtils.java

@@ -60,6 +60,14 @@ public static <T> T fromJson(String obj, Class<T> tClass) {
         }
     }
 
+    public static <T> T fromJsonQuietly(String obj, Class<T> tClass) {
+        try {
+            return objectMapper.readValue(obj, tClass);
+        } catch (JsonProcessingException e) {
+            return null;
+        }
+    }
+
     public static List<Object> fromJsonList(String obj) {
         return fromJsonList(obj, Object.class);
     }

server/openblocks-server/src/main/java/com/openblocks/api/framework/filter/GlobalContextFilter.java

@@ -8,7 +8,6 @@
 import static com.openblocks.sdk.constants.GlobalContext.REQUEST_ID_LOG;
 import static com.openblocks.sdk.constants.GlobalContext.REQUEST_METHOD;
 import static com.openblocks.sdk.constants.GlobalContext.REQUEST_PATH;
-import static com.openblocks.sdk.constants.GlobalContext.VISITOR;
 import static com.openblocks.sdk.constants.GlobalContext.VISITOR_ID;
 import static com.openblocks.sdk.constants.GlobalContext.VISITOR_TOKEN;
 import static java.util.Optional.ofNullable;
@@ -33,7 +32,6 @@
 import com.openblocks.api.framework.service.GlobalContextService;
 import com.openblocks.api.home.SessionUserService;
 import com.openblocks.domain.organization.service.OrgMemberService;
-import com.openblocks.domain.user.service.UserService;
 import com.openblocks.infra.serverlog.ServerLog;
 import com.openblocks.infra.serverlog.ServerLogService;
 import com.openblocks.infra.util.NetworkUtils;
@@ -60,9 +58,6 @@ public class GlobalContextFilter implements WebFilter, Ordered {
     @Autowired
     private ServerLogService serverLogService;
 
-    @Autowired
-    private UserService userService;
-
     @Autowired
     private GlobalContextService globalContextService;
 
@@ -105,9 +100,6 @@ private Map<String, Object> buildContextMap(ServerWebExchange serverWebExchange,
                 .filter(x -> x.getKey().startsWith(MDC_HEADER_PREFIX))
                 .collect(toMap(v -> v.getKey().substring((MDC_HEADER_PREFIX.length())), Map.Entry::getValue));
         contextMap.put(VISITOR_ID, visitorId);
-        if (!isAnonymousUser(visitorId)) {
-            contextMap.put(VISITOR, userService.findById(visitorId).cache());
-        }
         contextMap.put(CLIENT_IP, NetworkUtils.getRemoteIp(serverWebExchange));
         contextMap.put(REQUEST_ID_LOG, getOrCreateRequestId(request));
         contextMap.put(REQUEST_PATH, request.getPath().pathWithinApplication().value());

server/openblocks-server/src/main/java/com/openblocks/api/home/SessionUserServiceImpl.java

@@ -1,31 +1,28 @@
 package com.openblocks.api.home;
 
 import static com.openblocks.sdk.constants.GlobalContext.CURRENT_ORG_MEMBER;
-import static com.openblocks.sdk.constants.GlobalContext.VISITOR;
 import static com.openblocks.sdk.exception.BizError.UNABLE_TO_FIND_VALID_ORG;
 import static com.openblocks.sdk.util.ExceptionUtils.deferredError;
-import static com.openblocks.sdk.util.JsonUtils.fromJson;
-import static com.openblocks.sdk.util.JsonUtils.toJson;
+import static com.openblocks.sdk.util.JsonUtils.fromJsonQuietly;
 
 import java.time.Duration;
+import java.util.Objects;
 
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.redis.core.ReactiveRedisTemplate;
 import org.springframework.data.redis.core.ReactiveValueOperations;
-import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.ReactiveSecurityContextHolder;
 import org.springframework.stereotype.Service;
 
 import com.openblocks.domain.organization.model.OrgMember;
 import com.openblocks.domain.organization.service.OrgMemberService;
 import com.openblocks.domain.user.model.User;
+import com.openblocks.domain.user.model.UserState;
 import com.openblocks.domain.user.service.UserService;
-import com.openblocks.infra.annotation.NonEmptyMono;
 
 import lombok.extern.slf4j.Slf4j;
 import reactor.core.publisher.Mono;
-import reactor.core.scheduler.Schedulers;
 
 @Slf4j
 @Service
@@ -42,7 +39,7 @@ public class SessionUserServiceImpl implements SessionUserService {
     @SuppressWarnings("ReactiveStreamsNullableInLambdaInTransform")
     @Override
     public Mono<String> getVisitorId() {
-        return getVisitorFromSecurityContext()
+        return getVisitor()
                 .map(User::getId);
     }
 
@@ -51,13 +48,8 @@ public Mono<String> getVisitorId() {
      */
     @Override
     public Mono<User> getVisitor() {
-        return Mono.deferContextual(contextView -> getVisitorFromSecurityContext()
-                .flatMap(it -> {
-                    if (it.isAnonymous()) {
-                        return Mono.just(it);
-                    }
-                    return contextView.get(VISITOR);
-                }));
+        return ReactiveSecurityContextHolder.getContext()
+                .map(securityContext -> (User) securityContext.getAuthentication().getPrincipal());
     }
 
     /**
@@ -83,25 +75,16 @@ public Mono<OrgMember> getVisitorOrgMember() {
                 .switchIfEmpty(deferredError(UNABLE_TO_FIND_VALID_ORG, "UNABLE_TO_FIND_VALID_ORG"));
     }
 
-    @NonEmptyMono
-    private Mono<User> getVisitorFromSecurityContext() {
-        return ReactiveSecurityContextHolder.getContext()
-                .flatMap(securityContext -> {
-                    Authentication authentication = securityContext.getAuthentication();
-                    return Mono.just((User) authentication.getPrincipal());
-                });
-    }
-
     @Override
     public Mono<Boolean> isAnonymousUser() {
-        return getVisitorFromSecurityContext()
+        return getVisitor()
                 .map(User::isAnonymous);
     }
 
     @Override
-    public Mono<Void> saveUserSession(String sessionId, User user) {
+    public Mono<Void> saveUserSession(String token, User user) {
         ReactiveValueOperations<String, String> ops = getRedisOps();
-        return ops.set(sessionId, toJson(user), Duration.ofDays(7))
+        return ops.set(token, Objects.requireNonNull(user.getId()), Duration.ofDays(7))
                 .then();
     }
 
@@ -115,12 +98,12 @@ public Mono<Void> extendValidity(String token) {
     }
 
     @Override
-    public Mono<Void> removeUserSession(String sessionId) {
-        if (StringUtils.isBlank(sessionId)) {
+    public Mono<Void> removeUserSession(String token) {
+        if (StringUtils.isBlank(token)) {
             return Mono.empty();
         }
         ReactiveValueOperations<String, String> ops = getRedisOps();
-        return ops.delete(sessionId)
+        return ops.delete(token)
                 .then();
     }
 
@@ -130,21 +113,19 @@ public Mono<User> resolveSessionUserFromCookie(String token) {
             return Mono.empty();
         }
         return getRedisOps().get(token)
-                .flatMap(it -> {
-                    User user = fromJson(it, User.class);
+                .flatMap(value -> {
+                    User user = fromJsonQuietly(value, User.class);
                     if (user == null) {
-                        return Mono.empty();
+                        return userService.findById(value);
                     }
-                    return Mono.just(user);
+                    // some compatible code
+                    return userService.findById(user.getId());
                 })
-                .subscribeOn(Schedulers.boundedElastic());
+                .filter(user -> user.getState() != UserState.DELETED);
     }
 
-
     private ReactiveValueOperations<String, String> getRedisOps() {
         return reactiveTemplate.opsForValue();
     }
-
-
 }
 

server/openblocks-server/src/main/java/com/openblocks/api/usermanagement/OrgApiServiceImpl.java

@@ -212,18 +212,19 @@ public Mono<Boolean> uploadLogo(String orgId, Mono<Part> fileMono) {
                 .flatMap(file -> organizationService.uploadLogo(orgId, file));
     }
 
+    /**
+     * Remove the specified user from the organization, and if in enterprise mode, mark the user deleted.
+     */
     @Override
     public Mono<Boolean> removeUserFromOrg(String orgId, String userId) {
         return checkVisitorAdminRole(orgId)
-                .then(orgMemberService.removeMember(orgId, userId)
-                        .handle((result, sink) -> {
-                            if (result) {
-                                applicationContext.publishEvent(new OrgMemberLeftEvent(orgId, userId));
-                                sink.next(true);
-                                return;
-                            }
-                            sink.next(false);
-                        }));
+                .then(orgMemberService.removeMember(orgId, userId))
+                .doOnNext(result -> {
+                    if (result) {
+                        applicationContext.publishEvent(new OrgMemberLeftEvent(orgId, userId));
+                    }
+                })
+                .delayUntil(__ -> userService.markUserDeletedAndInvalidConnectionsAtEnterpriseMode(userId));
     }
 
     @Override

server/openblocks-server/src/main/java/com/openblocks/runner/eventlistener/OrgAndGroupEventListener.java

@@ -2,7 +2,7 @@
 
 import static com.openblocks.sdk.util.JsonUtils.toJson;
 
-import java.time.Duration;
+import java.util.List;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
 
@@ -22,7 +22,6 @@
 import com.openblocks.domain.permission.service.ResourcePermissionService;
 
 import lombok.extern.slf4j.Slf4j;
-import reactor.core.publisher.Flux;
 import reactor.core.publisher.Mono;
 import reactor.core.scheduler.Scheduler;
 import reactor.core.scheduler.Schedulers;
@@ -74,23 +73,25 @@ public void onOrgDeleted(OrgDeletedEvent event) {
     public void onUserLeaveOrg(OrgMemberLeftEvent orgMemberLeftEvent) {
         String orgId = orgMemberLeftEvent.getOrgId();
         String userId = orgMemberLeftEvent.getUserId();
-        Flux<Boolean> removeGroupMember = groupService.getByOrgId(orgId)
-                .delayElements(Duration.ofMillis(100))
+        Mono<List<Boolean>> removeGroupMember = groupService.getByOrgId(orgId)
                 .flatMap(group -> groupMemberService.removeMember(group.getId(), userId))
+                .collectList()
                 .retry(3)
                 .subscribeOn(orgEventScheduler);
 
-        Flux<Boolean> removeAppPermissions = applicationService.findByOrganizationIdWithoutDsl(orgId)
+        Mono<List<Boolean>> removeAppPermissions = applicationService.findByOrganizationIdWithoutDsl(orgId)
                 .flatMap(application -> resourcePermissionService.removeUserApplicationPermission(application.getId(), userId))
+                .collectList()
                 .retry(3)
                 .subscribeOn(orgEventScheduler);
 
-        Flux<Boolean> removeDatasourcePermissions = datasourceService.getByOrgId(orgId)
+        Mono<List<Boolean>> removeDatasourcePermissions = datasourceService.getByOrgId(orgId)
                 .flatMap(datasource -> resourcePermissionService.removeUserDatasourcePermission(datasource.getId(), userId))
+                .collectList()
                 .retry(3)
                 .subscribeOn(orgEventScheduler);
 
-        Flux.zip(removeGroupMember, removeAppPermissions, removeDatasourcePermissions)
+        Mono.zip(removeGroupMember, removeAppPermissions, removeDatasourcePermissions)
                 .subscribe();
     }
 

server/openblocks-server/src/main/resources/application-openblocks.yml

@@ -35,7 +35,7 @@ common:
   security:
     cors-allowed-domains:
       - '*'
-  version: 1.1.1
+  version: 1.1.2
   block-hound-enable: false
 
 material:

server/openblocks-server/src/main/resources/selfhost/ce/application.yml

@@ -26,7 +26,7 @@ common:
   domain:
     default-value: openblocks.dev
   cloud: false
-  version: 1.1.1
+  version: 1.1.2
   block-hound-enable: false
 
 material: