Finish User Management implementation: connect to the real UM

[jbonnet]

The GK API still needs to be connected to the UM, namely to extract and validate the user token

[jbonnet]

Token is fetched from the UM module when the user logs in. Extraction and validation of this token is still to do.

[jbonnet]

Hi, @srodriguezOPT, @mzacharioudakis PR #573 adds user creation (POST) and query (GET by uuid and all) to the code base. Could you please test them from the GUI/BSS?

Thanks

[santiagordguez]

@jbonnet , tested user creation from BSS in int3 environment (bss deployed with userManagement flag = true):

POST https://sp.int3.sonata-nfv.eu/api/v2/users Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6InNvbmF0YSIsImFkbWluIjp0cnVlfQ.AdgPchW4kBolbrVPn8YlrNIOx8XqcHcO_bCR2gclGyo Request Payload: {username: "test1", password: "test", first_name: "test1", last_name: "test1", email: "mail@mail.com", user_type: "customer"}

Response: {"error":{"code":400,"message":"Error creating user {:username=>"test1", :first_name=>"test1", :last_name=>"test1", :email=>"mail@mail.com", :credentials=>[{:type=>"password", :value=>"test"}], :attributes=>{:userType=>["customer"]}}"}}

[jbonnet]

Hey, @srodriguezOPT I think that this issue is already solved, can you please confirm that? Thanks,

[santiagordguez]

Hi @jbonnet

No, is still failing... :(

[jbonnet]

@dang03 We need your help here: creation of users in INT3 is failling $ curl -H "Content-Type: application/json" -d '{"username": "test567", "password":"test2", "firstName": "firstName", "lastName": "lastName", "email": "mail4@mail.com", "phone_number":654654654,"user_type":"customer"}' localhost:5000/api/v2/users {"error":{"code":400,"message":"Error creating user {:username=>\"test567\", :firstName=>\"firstName\", :lastName=>\"lastName\", :email=>\"mail4@mail.com\", :credentials=>[{:type=>\"password\", :value=>\"test2\"}], :attributes=>{:userType=>[\"customer\"], :phone_number=>[654654654]}}"}}

Thanks,

[dang03]

@jbonnet I see this error in the logs:

Registration message com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "first_name" (class org.keycloak.representations.idm.UserRepresentation), not marked as ignorable (24 known properties: "disableableCredentialTypes", "federatedIdentities", "enabled", "lastName", "emailVerified", "clientConsents", "self", "socialLinks", "applicationRoles", "createdTimestamp", "groups", "username", "attributes", "id", "firstName", "email", "federationLink", "serviceAccountClientId", "requiredActions", "origin", "realmRoles", "clientRoles", "totp", "credentials"])
 at [Source: io.undertow.servlet.spec.ServletInputStreamImpl@7d19bc53; line: 1, column: 37] (through reference chain: org.keycloak.representations.idm.UserRepresentation["first_name"])

The field first_name is unrecognized by the UM... but I see firstName in the curl request. Is somehow the GK API introducing/replacing this field in the request between the GK API and the UM?

[jbonnet]

Yes, The GK API is playing an adaptor role between the GK API’s clients and the UM… That one (first_name -> firstName) is not currently being done, check here. I’ll work on it.

On 2 May 2017, at 13:29, Daniel notifications@github.com wrote:

@jbonnet https://github.com/jbonnet I see this error in the logs:

Registration message com.fasterxml.jackson.databind.exc.UnrecognizedPropertyException: Unrecognized field "first_name" (class org.keycloak.representations.idm.UserRepresentation), not marked as ignorable (24 known properties: "disableableCredentialTypes", "federatedIdentities", "enabled", "lastName", "emailVerified", "clientConsents", "self", "socialLinks", "applicationRoles", "createdTimestamp", "groups", "username", "attributes", "id", "firstName", "email", "federationLink", "serviceAccountClientId", "requiredActions", "origin", "realmRoles", "clientRoles", "totp", "credentials"]) at [Source: io.undertow.servlet.spec.ServletInputStreamImpl@7d19bc53; line: 1, column: 37] (through reference chain: org.keycloak.representations.idm.UserRepresentation["first_name"]) The field first_name is unrecognized by the UM... but I see firstName in the curl request. Is somehow the GK API introducing/replacing this field in the request between the GK API and the UM?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/sonata-nfv/son-gkeeper/issues/477#issuecomment-298621295, or mute the thread https://github.com/notifications/unsubscribe-auth/AAAuQ4UPgXKTO9MVRzHwSWNqAX5-qEb2ks5r1yGhgaJpZM4MtI3H.

[jbonnet]

@dang03 Made some changes on the first_name->firstName and last_name->lastName (for now just locally), can you please check the logs again? Are those logs available? Same error...

[jbonnet]

Wait... I misread your previous comment: I was already passing firstName and lastName... are these what the UM expects?

[dang03]

Yes, UM expects firstName and lastName, but somehow first_name is added in the message between GK API and UM. I don't see any error for lastName. I'll check logs again

[dang03]

What error code do you receive, because I also see this error: POST /api/v1/api/v1/register/user HTTP/1.1" 404 18 0.0005 The /api/v1 is added twice to the URL

[jbonnet]

Ok, fixed the double /api/v1. I get a 400: $ curl -H "Content-Type: application/json" -d '{"username": "test567", "password":"test2", "first_name": "firstName", "last_name": "lastName", "email": "mail4@mail.com", "phone_number":"654654654","user_type":"customer"}' localhost:5000/api/v2/users

{"error":{"code":400,"message":"Error creating user {:username=>\"test567\", :email=>\"mail4@mail.com\", :firstName=>\"firstName\", :lastName=>\"lastName\", :credentials=>[{:type=>\"password\", :value=>\"test2\"}], :attributes=>{:userType=>[\"customer\"], :phone_number=>[\"654654654\"]}}"}}

[dang03]

wow it's weird, the logs show that the user was successfully registered: New user test567 has been registered 10.230.1.57 - - [02/May/2017:13:01:25 +0000] "POST /api/v1/register/user HTTP/1.1" 201 70 0.2432 The UM returns a 201, how can the 400 appear?

If I check registered users, test567 is there indeed: sp.int3.sonata-nfv.eu:5600/api/v1/users?

[jbonnet]

Ok, but that might have been an old try, directly accessing the UM's API.. test569 and test570, using the GK API, failed with 400: $ curl -H "Content-Type: application/json" -d '{"username": "test570", "password":"test2", "first_name": "firstName", "last_name": "lastName", "email": "mail4@mail.com", "phone_number":"654654654","user_type":"customer"}' localhost:5000/api/v2/users {"error":{"code":400,"message":"Error creating user {:username=>\"test570\", :email=>\"mail4@mail.com\", :firstName=>\"firstName\", :lastName=>\"lastName\", :credentials=>[{:type=>\"password\", :value=>\"test2\"}], :attributes=>{:userType=>[\"customer\"], :phone_number=>[\"654654654\"]}}"}}

[jbonnet]

Ok, UM's validating for uniq emails as well: ... D, [2017-05-02T14:18:19.446917 #17516] DEBUG -- GtkApi::ManagerService#postCurb: response body={"errorMessage":"User exists with same email"} ...

[jbonnet]

Ok, @dang03, looks like it's solved: $ curl -H "Content-Type: application/json" -d '{"username": "test572", "password":"test2", "first_name": "firstName", "last_name": "lastName", "email": "test572@mail.com", "phone_number":"654654654","user_type":"customer"}' localhost:5000/api/v2/users {"username":"test572","uuid":"8cab9533-096b-4606-aaf8-6f31bf43b8ff"}

[jbonnet]

@srodriguezOPT Can you please retry creating a user?

[santiagordguez]

@jbonnet , It fails. The GK's response is: {"error":{"code":400,"message":"Error creating user {:username=>\"sonata1\", :email=>\"mail@mail.com\", :firstName=>\"sonata\", :lastName=>\"sonata\", :credentials=>[{:type=>\"password\", :value=>\"test1\"}], :attributes=>{:userType=>[\"customer\"]}}"}}

[dang03]

@srodriguezOPT @jbonnet I think I know whats happening, when the integration test int-17-usr-management is triggered it breaks the user management module as it needs time to deploy and a registration request is directly sent while it is not ready. Let me check if I can solve this.

[jbonnet]

@srodriguezOPT please do not repeat the email, it is a restriction in the UM.

[santiagordguez]

@jbonnet really? ok, with a new email it generates the user but:

• can the gk send an error message to the bss that describes the error?
• the integration test always test the same user-password-email_account. @dang03 , Is there a way to delete the user before the test?

[dang03]

Deployment issues fixed. You can try now.

[dang03]

@srodriguezOPT yes, there's an API to remove an user, but what is the issue? When you trigger the integration test, the dockers are removed so the UM starts fresh again.

If you register two different users with the same email you will get an error (duplicated email)

[santiagordguez]

@jbonnet really? ok, with a new email it generates the user but:

• can the gk send an error message to the bss that describes the error?
• the integration test always test the same user-password-email_account. @dang03 , Is there a way to delete the user before the test?

[dang03]

If you really need to delete the user, the User Management API is:

DELETE 
/api/v1/users?username="username"
/api/v1/users?id="id"

Example:

 DELETE  
 url = URI("http://<address>:<port>/api/v1/users?username=user01")  

Response: 204 No Content

[santiagordguez]

@dang03 : if the deployment.sh creates a fresh UM there is no problem, even with the same user data, but the test is still failing

and the error message (GK->BSS) only says: "Error creating user..."

[dang03]

@srodriguezOPT yes, I see the tests fails again. If you check the UM logs (http://sp.int3.sonata-nfv.eu:5600/admin/log) you can see that a registration requests fails because the UM is not ready until [2017-05-02T14:39:13.181138 #1] DEBUG -- : Adapter: exit POST /config with secret and access_token configured. We need to assure that no requests are sent before that point. About the GK->BSS error, I don't see any error in the UM logs...

[jbonnet]

@srodriguezOPT , @dang03 Can we close this issue?

[santiagordguez]

@jbonnet , it seems that latest @dang03's modifications are working properly

[dang03]

Hi, as registration and login operations are properly working between GK API and UM (and BSS as external component), we can assume that the goal of this issue is achieved. We can close this issue.