Merge pull request #13149 from SORMAS-Foundation/#13080-Keycloak-username-modification-is-not-synced-by-sormas

#13080 keycloak username modification is not synced by sormas

Author: leventegal-she

sormas-api/src/main/java/de/symeda/sormas/api/i18n/Captions.java

@@ -2677,6 +2677,7 @@ public interface Captions {
 	String User_associatedOfficer = "User.associatedOfficer";
 	String User_community = "User.community";
 	String User_district = "User.district";
+	String User_externalId = "User.externalId";
 	String User_hasConsentedToGdpr = "User.hasConsentedToGdpr";
 	String User_healthFacility = "User.healthFacility";
 	String User_laboratory = "User.laboratory";

sormas-api/src/main/java/de/symeda/sormas/api/user/UserDto.java

@@ -67,6 +67,7 @@ public class UserDto extends EntityDto {
     public static final String LIMITED_DISEASES = "limitedDiseases";
 	public static final String LANGUAGE = "language";
 	public static final String HAS_CONSENTED_TO_GDPR = "hasConsentedToGdpr";
+	public static final String EXTERNAL_ID = "externalId";
 	public static final String JURISDICTION_LEVEL = "jurisdictionLevel";
 
 	private boolean active = true;
@@ -107,6 +108,8 @@ public class UserDto extends EntityDto {
 
 	private boolean hasConsentedToGdpr;
 
+	private String externalId;
+
 	private JurisdictionLevel jurisdictionLevel;
 
 	public static UserDto build() {
@@ -278,6 +281,14 @@ public void setHasConsentedToGdpr(boolean hasConsentedToGdpr) {
 		this.hasConsentedToGdpr = hasConsentedToGdpr;
 	}
 
+	public String getExternalId() {
+		return externalId;
+	}
+
+	public void setExternalId(String externalId) {
+		this.externalId = externalId;
+	}
+
 	public JurisdictionLevel getJurisdictionLevel() {
 		return jurisdictionLevel;
 	}

sormas-api/src/main/resources/captions.properties

@@ -2606,6 +2606,7 @@ User.uuid=UUID
 User.region=Region
 User.district=District
 User.community=Community
+User.externalId=External ID
 userRestrictDiseases=Restrict access to specific diseases
 # Vaccination
 vaccinationNewVaccination=New vaccination

sormas-backend/src/main/java/de/symeda/sormas/backend/user/KeycloakService.java

@@ -25,7 +25,6 @@
 import java.util.List;
 import java.util.Map;
 import java.util.Optional;
-import java.util.Set;
 import java.util.stream.Collectors;
 
 import javax.annotation.PostConstruct;
@@ -60,6 +59,7 @@
 import de.symeda.sormas.api.AuthProvider;
 import de.symeda.sormas.api.Language;
 import de.symeda.sormas.api.user.UserRight;
+import de.symeda.sormas.api.utils.DataHelper.Pair;
 import de.symeda.sormas.backend.common.ConfigFacadeEjb.ConfigFacadeEjbLocal;
 import de.symeda.sormas.backend.user.event.PasswordResetEvent;
 import de.symeda.sormas.backend.user.event.SyncUsersFromProviderEvent;
@@ -241,21 +241,32 @@ public void handleSyncUsersFromProviderEvent(@Observes SyncUsersFromProviderEven
 		}
 
 		List<User> existingUsers = syncUsersFromProviderEvent.getExistingUsers();
-		Map<String, User> existingUsersByUsername =
-			existingUsers.stream().collect(Collectors.toMap(user1 -> user1.getUserName().toLowerCase(), Functions.identity()));
+		Map<String, User> existingUsersByExternalId =
+			existingUsers.stream().collect(Collectors.toMap(User::getExternalId, Functions.identity(), (u1, u2) -> u1));
 		List<UserRepresentation> providerUsers = keycloak.get().realm(REALM_NAME).users().list();
-		List<User> syncedUsers = providerUsers.stream().map(user -> {
-			User sormasUser = existingUsersByUsername.get(user.getUsername().toLowerCase());
+		List<User> syncedUsers = providerUsers.stream().map(userRepresentation -> {
+			String userNameId = userRepresentation.getId();
+
+			User sormasUser = existingUsersByExternalId.get(userNameId);
 			if (sormasUser == null) {
-				sormasUser = new User();
+				sormasUser =
+					existingUsers.stream().filter(u -> u.getUserName().equals(userRepresentation.getUsername())).findFirst().orElse(new User());
 			}
-			updateUser(sormasUser, user);
+			updateUser(sormasUser, userRepresentation);
 
 			return sormasUser;
 		}).collect(Collectors.toList());
 
-		Set<String> providerUserNames = providerUsers.stream().map(UserRepresentation::getUsername).collect(Collectors.toSet());
-		List<User> deletedUsers = existingUsers.stream().filter(user -> !providerUserNames.contains(user.getUserName())).collect(Collectors.toList());
+		List<Pair<String, String>> providerUserIdentifiers =
+			providerUsers.stream().map(ur -> Pair.createPair(ur.getId(), ur.getUsername())).collect(Collectors.toList());
+		List<User> deletedUsers = existingUsers.stream()
+			.filter(
+				u -> providerUserIdentifiers.stream()
+					.noneMatch(
+						ui -> StringUtils.isNotBlank(u.getExternalId())
+							? ui.getElement0().equals(u.getExternalId())
+							: ui.getElement1().equals(u.getUserName())))
+			.collect(Collectors.toList());
 
 		syncUsersFromProviderEvent.getCallback().accept(syncedUsers, deletedUsers);
 
@@ -307,6 +318,8 @@ private UserRepresentation createUserRepresentation(User user, String hashedPass
 	}
 
 	private void updateUser(User user, UserRepresentation userRepresentation) {
+		user.setUserName(userRepresentation.getUsername());
+		user.setExternalId(userRepresentation.getId());
 		user.setActive(userRepresentation.isEnabled());
 		user.setUserName(userRepresentation.getUsername());
 		user.setFirstName(userRepresentation.getFirstName());

sormas-backend/src/main/java/de/symeda/sormas/backend/user/User.java

@@ -136,6 +136,8 @@ public class User extends AbstractDomainObject {
 
 	private boolean hasConsentedToGdpr;
 
+	private String externalId;
+
 	@Column(nullable = false, length = CHARACTER_LIMIT_DEFAULT)
 	public String getUserName() {
 		return userName;
@@ -348,6 +350,15 @@ public void setHasConsentedToGdpr(boolean hasConsentedToGdpr) {
 		this.hasConsentedToGdpr = hasConsentedToGdpr;
 	}
 
+	@Column(length = CHARACTER_LIMIT_DEFAULT)
+	public String getExternalId() {
+		return externalId;
+	}
+
+	public void setExternalId(String externalId) {
+		this.externalId = externalId;
+	}
+
 	/**
 	 * Checks if the User possesses any of the specified userRoles
 	 */

sormas-backend/src/main/java/de/symeda/sormas/backend/user/UserFacadeEjb.java

@@ -230,6 +230,7 @@ public static UserDto toDto(User source) {
 		target.setLimitedDiseases(source.getLimitedDiseases());
 		target.setLanguage(source.getLanguage());
 		target.setHasConsentedToGdpr(source.isHasConsentedToGdpr());
+		target.setExternalId(source.getExternalId());
 
 		target.setUserRoles(source.getUserRoles().stream().map(UserRoleFacadeEjb::toReferenceDto).collect(Collectors.toSet()));
 		target.setJurisdictionLevel(source.getJurisdictionLevel());
@@ -864,6 +865,7 @@ private User fillOrBuildEntity(UserDto source, User target, boolean checkChangeD
 		target.setLimitedDiseases(source.getLimitedDiseases());
 		target.setLanguage(source.getLanguage());
 		target.setHasConsentedToGdpr(source.isHasConsentedToGdpr());
+		target.setExternalId(source.getExternalId());
 
 		fillEntityUserRoles(target, source);
 

sormas-backend/src/main/resources/sql/sormas_schema.sql

@@ -13242,4 +13242,11 @@ ALTER TABLE selfreports_history
 
 INSERT INTO schema_version (version_number, comment) VALUES (549, '#13083 Add a manual processing for self Reporting');
 
+-- 2024-09-24 #13080 Keycloak username modification is not synced by sormas
+
+ALTER TABLE users ADD COLUMN externalid text;
+ALTER TABLE users_history ADD COLUMN externalid text;
+
+INSERT INTO schema_version (version_number, comment) VALUES (550, '#13080 Keycloak username modification is not synced by sormas');
+
 -- *** Insert new sql commands BEFORE this line. Remember to always consider _history tables. ***

sormas-ui/src/main/java/de/symeda/sormas/ui/user/UserEditForm.java

@@ -94,7 +94,7 @@ public class UserEditForm extends AbstractEditForm<UserDto> {
 
 	//@formatter:off
     private static final String HTML_LAYOUT =
-            loc(UserDto.UUID) +
+                    fluidRowLocs(UserDto.UUID, UserDto.EXTERNAL_ID) +
                     loc(PERSON_DATA_HEADING_LOC) +
                     fluidRowLocs(UserDto.FIRST_NAME, UserDto.LAST_NAME) +
                     fluidRowLocs(UserDto.USER_EMAIL, UserDto.PHONE) +
@@ -135,7 +135,10 @@ protected void addFields() {
 
         TextField uuid = addField(UserDto.UUID, TextField.class);
         uuid.setReadOnly(true);
-        
+
+        TextField externalId = addField(UserDto.EXTERNAL_ID, TextField.class);
+        externalId.setReadOnly(true);
+
         Label personDataHeadingLabel = new Label(I18nProperties.getString(Strings.headingPersonData));
         personDataHeadingLabel.addStyleName(H3);
         getContent().addComponent(personDataHeadingLabel, PERSON_DATA_HEADING_LOC);

sormas-ui/src/main/java/de/symeda/sormas/ui/user/UserGrid.java

@@ -17,14 +17,18 @@
  *******************************************************************************/
 package de.symeda.sormas.ui.user;
 
+import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collection;
+import java.util.List;
 import java.util.Set;
 import java.util.concurrent.atomic.AtomicBoolean;
 
 import com.vaadin.icons.VaadinIcons;
 import com.vaadin.ui.renderers.HtmlRenderer;
 import com.vaadin.ui.renderers.TextRenderer;
 
+import de.symeda.sormas.api.AuthProvider;
 import de.symeda.sormas.api.FacadeProvider;
 import de.symeda.sormas.api.i18n.I18nProperties;
 import de.symeda.sormas.api.user.UserCriteria;
@@ -60,7 +64,8 @@ public UserGrid() {
 
 		addEditColumn(e -> ControllerProvider.getUserController().edit(e));
 
-		setColumns(
+		List<String> columns = new ArrayList(
+			Arrays.asList(
 			ACTION_BTN_ID,
 			UserDto.UUID,
 			UserDto.ACTIVE,
@@ -70,7 +75,13 @@ public UserGrid() {
 			UserDto.USER_EMAIL,
 			UserDto.ADDRESS,
 			UserDto.DISTRICT,
-			UserDto.HEALTH_FACILITY);
+			UserDto.HEALTH_FACILITY));
+
+		if (!AuthProvider.SORMAS.equalsIgnoreCase(FacadeProvider.getConfigFacade().getAuthenticationProvider())) {
+			columns.add(UserDto.EXTERNAL_ID);
+		}
+
+		setColumns(columns);
 
 		((Column<UserDto, String>) getColumn(UserDto.UUID)).setRenderer(new UuidRenderer());
 		Column<UserDto, Set<UserRoleDto>> userRolesColumn = ((Column<UserDto, Set<UserRoleDto>>) getColumn(UserDto.USER_ROLES));