Add User HTTP Endpoint to the Management service (#303)

Exposes endpoint under "/users/" that returns information on users. Calls IDP manager to get information not stored locally (email, name), which in the case of the managed version is auth0.
2026-04-18 08:16:39 +00:00 · 2022-05-05 08:58:34 +02:00
parent 219888254e
commit c7e5e5c7c9
11 changed files with 437 additions and 19 deletions
--- a/management/server/http/handler/users.go
+++ b/management/server/http/handler/users.go
@@ -0,0 +1,63 @@
+package handler
+
+import (
+	"fmt"
+	"net/http"
+
+	log "github.com/sirupsen/logrus"
+
+	"github.com/netbirdio/netbird/management/server"
+	"github.com/netbirdio/netbird/management/server/jwtclaims"
+)
+
+type UserHandler struct {
+	accountManager server.AccountManager
+	authAudience   string
+	jwtExtractor   jwtclaims.ClaimsExtractor
+}
+
+type UserResponse struct {
+	Email string
+	Role  string
+}
+
+func NewUserHandler(accountManager server.AccountManager, authAudience string) *UserHandler {
+	return &UserHandler{
+		accountManager: accountManager,
+		authAudience:   authAudience,
+		jwtExtractor:   *jwtclaims.NewClaimsExtractor(nil),
+	}
+}
+
+func (u *UserHandler) getAccountId(r *http.Request) (*server.Account, error) {
+	jwtClaims := u.jwtExtractor.ExtractClaimsFromRequestContext(r, u.authAudience)
+
+	account, err := u.accountManager.GetAccountWithAuthorizationClaims(jwtClaims)
+	if err != nil {
+		return nil, fmt.Errorf("failed getting account of a user %s: %v", jwtClaims.UserId, err)
+	}
+
+	return account, nil
+}
+
+// GetUsers returns a list of users of the account this user belongs to.
+// It also gathers additional user data (like email and name) from the IDP manager.
+func (u *UserHandler) GetUsers(w http.ResponseWriter, r *http.Request) {
+	if r.Method != http.MethodGet {
+		http.Error(w, "", http.StatusBadRequest)
+	}
+
+	account, err := u.getAccountId(r)
+	if err != nil {
+		log.Error(err)
+	}
+
+	data, err := u.accountManager.GetUsersFromAccount(account.Id)
+	if err != nil {
+		log.Error(err)
+		http.Redirect(w, r, "/", http.StatusInternalServerError)
+		return
+	}
+
+	writeJSONObject(w, data)
+}
--- a/management/server/http/handler/users_test.go
+++ b/management/server/http/handler/users_test.go
@@ -0,0 +1,106 @@
+package handler
+
+import (
+	"encoding/json"
+	"io"
+	"net/http"
+	"net/http/httptest"
+	"testing"
+
+	"github.com/magiconair/properties/assert"
+	"github.com/netbirdio/netbird/management/server"
+	"github.com/netbirdio/netbird/management/server/jwtclaims"
+	"github.com/netbirdio/netbird/management/server/mock_server"
+)
+
+func initUsers(user ...*server.User) *UserHandler {
+	return &UserHandler{
+		accountManager: &mock_server.MockAccountManager{
+			GetAccountWithAuthorizationClaimsFunc: func(claims jwtclaims.AuthorizationClaims) (*server.Account, error) {
+				users := make(map[string]*server.User, 0)
+				for _, u := range user {
+					users[u.Id] = u
+				}
+				return &server.Account{
+					Id:     "12345",
+					Domain: "netbird.io",
+					Users:  users,
+				}, nil
+			},
+			GetUsersFromAccountFunc: func(accountID string) ([]*server.UserInfo, error) {
+				users := make([]*server.UserInfo, 0)
+				for _, v := range user {
+					users = append(users, &server.UserInfo{
+						ID:    v.Id,
+						Role:  string(v.Role),
+						Name:  "",
+						Email: "",
+					})
+				}
+				return users, nil
+			},
+		},
+		authAudience: "",
+		jwtExtractor: jwtclaims.ClaimsExtractor{
+			ExtractClaimsFromRequestContext: func(r *http.Request, authAudiance string) jwtclaims.AuthorizationClaims {
+				return jwtclaims.AuthorizationClaims{
+					UserId:    "test_user",
+					Domain:    "hotmail.com",
+					AccountId: "test_id",
+				}
+			},
+		},
+	}
+}
+
+func TestGetUsers(t *testing.T) {
+	users := []*server.User{{Id: "1", Role: "admin"}, {Id: "2", Role: "user"}, {Id: "3", Role: "user"}}
+	userHandler := initUsers(users...)
+
+	var tt = []struct {
+		name           string
+		expectedStatus int
+		requestType    string
+		requestPath    string
+		requestBody    io.Reader
+		expectedResult []*server.User
+	}{
+		{name: "GetAllUsers", requestType: http.MethodGet, requestPath: "/api/users/", expectedStatus: http.StatusOK, expectedResult: users},
+		{name: "WrongRequestMethod", requestType: http.MethodPost, requestPath: "/api/users/", expectedStatus: http.StatusBadRequest},
+	}
+
+	for _, tc := range tt {
+		t.Run(tc.name, func(t *testing.T) {
+			req := httptest.NewRequest(tc.requestType, tc.requestPath, nil)
+			rr := httptest.NewRecorder()
+
+			userHandler.GetUsers(rr, req)
+
+			res := rr.Result()
+			defer res.Body.Close()
+
+			if status := rr.Code; status != tc.expectedStatus {
+				t.Fatalf("handler returned wrong status code: got %v want %v",
+					status, http.StatusOK)
+			}
+
+			content, err := io.ReadAll(res.Body)
+			if err != nil {
+				t.Fatal(err)
+			}
+
+			respBody := []*server.UserInfo{}
+			err = json.Unmarshal(content, &respBody)
+			if err != nil {
+				t.Fatalf("Sent content is not in correct json format; %v", err)
+			}
+
+			if tc.expectedResult != nil {
+				for i, resp := range respBody {
+					assert.Equal(t, resp.ID, tc.expectedResult[i].Id)
+					assert.Equal(t, string(resp.Role), string(tc.expectedResult[i].Role))
+				}
+			}
+		})
+	}
+}