B-17150

CACI-MIlMOVE · Aug 11, 2023 · 0ccdad1 · 0ccdad1
1 parent bb2152d
commit 0ccdad1
Show file tree

Hide file tree

Showing 22 changed files with 218 additions and 219 deletions.
diff --git a/migrations/app/schema/20230807185455_alter_users_table.up.sql b/migrations/app/schema/20230807185455_alter_users_table.up.sql
@@ -1,3 +1,3 @@
 alter table users
 add column  okta_email text,
-add column okta_uuid UUID;
+add column okta_id varchar;
diff --git a/pkg/factory/shared_test.go b/pkg/factory/shared_test.go
@@ -94,13 +94,13 @@ func (suite *FactorySuite) TestMergeCustomization() {
 		// Under test:       mergeCustomization, which merges traits and customizations
 		// Set up:           Create a customization with a user email and a trait with a user email
 		// Expected outcome: Customization should override the trait email
-		uuidval := uuid.Must(uuid.NewV4())
+		uuidvalString := uuid.Must(uuid.NewV4()).String()
 		// RUN FUNCTION UNDER TEST
 		result := mergeCustomization(
 			[]Customization{
 				{
 					Model: models.User{
-						OktaUUID:  &uuidval,
+						OktaID:    uuidvalString,
 						OktaEmail: "[email protected]",
 					},
 					Type: &User, // ← User customization
@@ -187,10 +187,10 @@ func (suite *FactorySuite) TestMergeInterfaces() {
 			OktaEmail: "[email protected]",
 			Active:    true,
 		}
-		uuidNew := uuid.Must(uuid.NewV4())
+		uuidNew := uuid.Must(uuid.NewV4()).String()
 		user2 := models.User{
 			OktaEmail: "[email protected]",
-			OktaUUID:  &uuidNew,
+			OktaID:    uuidNew,
 		}
 
 		result := mergeInterfaces(user2, user1)
@@ -199,7 +199,7 @@ func (suite *FactorySuite) TestMergeInterfaces() {
 		suite.Equal(user1.OktaEmail, user.OktaEmail)
 		// All other fields set in interfaces should persist
 		suite.Equal(user1.Active, user.Active)
-		suite.Equal(user2.OktaUUID, user.OktaUUID)
+		suite.Equal(user2.OktaID, user.OktaID)
 	})
 
 	suite.Run("Check that mergeInterfaces doesn't change input models", func() {
@@ -208,15 +208,15 @@ func (suite *FactorySuite) TestMergeInterfaces() {
 		// Expected outcome: Caller models should not be affected
 		user1email := "[email protected]"
 		user2email := "[email protected]"
-		uuidNew := uuid.Must(uuid.NewV4())
+		uuidNew := uuid.Must(uuid.NewV4()).String()
 
 		user1 := models.User{
 			OktaEmail: user1email,
 			Active:    true,
 		}
 		user2 := models.User{
 			OktaEmail: user2email,
-			OktaUUID:  &uuidNew,
+			OktaID:    uuidNew,
 		}
 
 		mergeInterfaces(user2, user1)
@@ -228,7 +228,7 @@ func (suite *FactorySuite) TestMergeInterfaces() {
 		// user2 should be untouched
 		suite.Equal(user2email, user2.OktaEmail)
 		suite.False(user2.Active)
-		suite.Equal(uuidNew, *user2.OktaUUID)
+		suite.Equal(uuidNew, user2.OktaID)
 	})
 }
 
@@ -455,12 +455,12 @@ func (suite *FactorySuite) TestSetupCustomizations() {
 		// Set up:           Create a customization with a user email and a trait with a user email
 		// Expected outcome: Customization should override the trait email
 		//                   If an object exists and no customization, it should become a customization
-		uuidval := uuid.Must(uuid.NewV4())
+		uuidval := uuid.Must(uuid.NewV4()).String()
 		result := setupCustomizations(
 			[]Customization{
 				{
 					Model: models.User{
-						OktaUUID:  &uuidval,
+						OktaID:    uuidval,
 						OktaEmail: "[email protected]",
 					},
 				},

diff --git a/pkg/factory/user_factory.go b/pkg/factory/user_factory.go
@@ -30,9 +30,9 @@ func BuildUser(db *pop.Connection, customs []Customization, traits []Trait) mode
 	}
 
 	// create user
-	oktaUUID := uuid.Must(uuid.NewV4())
+	OktaID := uuid.Must(uuid.NewV4()).String()
 	user := models.User{
-		OktaUUID:  &oktaUUID,
+		OktaID:    OktaID,
 		OktaEmail: "[email protected]",
 		Active:    false,
 	}

diff --git a/pkg/handlers/authentication/auth.go b/pkg/handlers/authentication/auth.go
@@ -811,7 +811,7 @@ func authorizeUser(ctx context.Context, appCtx appcontext.AppContext, openIDUser
 	if err == nil {
 		// In this case, we found an existing user associated with the
 		// unique login.gov UUID (aka OID_User, aka openIDUser.UserID,
-		// aka models.User.okta_uuid)
+		// aka models.User.okta_id)
 		appCtx.Logger().Info("Known user: found by login.gov OID_User, checking authorization", zap.String("OID_User", openIDUser.UserID), zap.String("OID_Email", openIDUser.Email), zap.String("user.id", userIdentity.ID.String()), zap.String("user.okta_email", userIdentity.Email))
 		result := AuthorizeKnownUser(ctx, appCtx, userIdentity, sessionManager)
 		appCtx.Logger().Info("Known user authorization",
@@ -822,7 +822,7 @@ func authorizeUser(ctx context.Context, appCtx appcontext.AppContext, openIDUser
 	} else if err == models.ErrFetchNotFound { // Never heard of them
 		// so far In this case, we can't find an existing user
 		// associated with the unique login.gov UUID (aka OID_User,
-		// aka openIDUser.UserID, aka models.User.okta_uuid).
+		// aka openIDUser.UserID, aka models.User.okta_id).
 		// The authorizeUnknownUser method tries to find a user record
 		// with a matching email address
 		appCtx.Logger().Info("Unknown user: not found by login.gov OID_User, associating email and checking authorization", zap.String("OID_User", openIDUser.UserID), zap.String("OID_Email", openIDUser.Email))
@@ -1054,13 +1054,13 @@ func authorizeUnknownUser(ctx context.Context, appCtx appcontext.AppContext, ope
 		}
 		appCtx.Session().ServiceMemberID = newServiceMember.ID
 	} else {
-		// If in Office App or Admin App with valid user - update user's OktaUUID
+		// If in Office App or Admin App with valid user - update user's OktaID
 		appCtx.Logger().Error("Authorization associating login.gov UUID with user",
 			zap.String("OID_User", openIDUser.UserID),
 			zap.String("OID_Email", openIDUser.Email),
 			zap.String("user.id", user.ID.String()),
 		)
-		err = models.UpdateUserOktaUUID(appCtx.DB(), user, openIDUser.UserID)
+		err = models.UpdateUserOktaID(appCtx.DB(), user, openIDUser.UserID)
 	}
 
 	if err != nil {

diff --git a/pkg/handlers/authentication/auth_test.go b/pkg/handlers/authentication/auth_test.go
@@ -114,10 +114,10 @@ func (suite *AuthSuite) TestGenerateNonce() {
 }
 
 func (suite *AuthSuite) TestAuthorizationLogoutHandler() {
-	oktaUUID, _ := uuid.FromString("2400c3c5-019d-4031-9c27-8a553e022297")
+	OktaID := "2400c3c5-019d-4031-9c27-8a553e022297"
 
 	user := models.User{
-		OktaUUID:  &oktaUUID,
+		OktaID:    OktaID,
 		OktaEmail: "[email protected]",
 		Active:    true,
 	}
@@ -183,9 +183,9 @@ func (suite *AuthSuite) TestAuthorizationLogoutHandler() {
 
 func (suite *AuthSuite) TestRequireAuthMiddleware() {
 	// Given: a logged in user
-	oktaUUID, _ := uuid.FromString("2400c3c5-019d-4031-9c27-8a553e022297")
+	OktaID := ("2400c3c5-019d-4031-9c27-8a553e022297")
 	user := models.User{
-		OktaUUID:  &oktaUUID,
+		OktaID:    OktaID,
 		OktaEmail: "[email protected]",
 		Active:    true,
 	}
@@ -341,7 +341,7 @@ func (suite *AuthSuite) TestRequirePermissionsMiddlewareAuthorized() {
 	// TOO users have the proper permissions for our test - update.shipment
 	tooOfficeUser := factory.BuildOfficeUserWithRoles(suite.DB(), nil, []roles.RoleType{roles.RoleTypeTOO})
 
-	identity, err := models.FetchUserIdentity(suite.DB(), tooOfficeUser.User.OktaUUID.String())
+	identity, err := models.FetchUserIdentity(suite.DB(), tooOfficeUser.User.OktaID)
 
 	suite.NoError(err)
 
@@ -383,7 +383,7 @@ func (suite *AuthSuite) TestRequirePermissionsMiddlewareUnauthorized() {
 	// QAECSR users will be denied access as they lack the proper permissions for our test - update.shipment
 	qaeCsrOfficeUser := factory.BuildOfficeUserWithRoles(suite.DB(), nil, []roles.RoleType{roles.RoleTypeQaeCsr})
 
-	identity, err := models.FetchUserIdentity(suite.DB(), qaeCsrOfficeUser.User.OktaUUID.String())
+	identity, err := models.FetchUserIdentity(suite.DB(), qaeCsrOfficeUser.User.OktaID)
 
 	suite.NoError(err)
 
@@ -437,9 +437,9 @@ func (suite *AuthSuite) TestIsLoggedInWhenNoUserLoggedIn() {
 }
 
 func (suite *AuthSuite) TestIsLoggedInWhenUserLoggedIn() {
-	oktaUUID, _ := uuid.FromString("2400c3c5-019d-4031-9c27-8a553e022297")
+	OktaID := "2400c3c5-019d-4031-9c27-8a553e022297"
 	user := models.User{
-		OktaUUID:  &oktaUUID,
+		OktaID:    OktaID,
 		OktaEmail: "[email protected]",
 		Active:    true,
 	}
@@ -487,9 +487,9 @@ func (suite *AuthSuite) TestRequireAuthMiddlewareUnauthorized() {
 
 func (suite *AuthSuite) TestRequireAdminAuthMiddleware() {
 	// Given: a logged in user
-	oktaUUID, _ := uuid.FromString("2400c3c5-019d-4031-9c27-8a553e022297")
+	OktaID := "2400c3c5-019d-4031-9c27-8a553e022297"
 	user := models.User{
-		OktaUUID:  &oktaUUID,
+		OktaID:    OktaID,
 		OktaEmail: "[email protected]",
 		Active:    true,
 	}
@@ -563,7 +563,7 @@ func (suite *AuthSuite) TestAuthKnownSingleRoleOffice() {
 	officeUser := factory.BuildOfficeUserWithRoles(suite.DB(), factory.GetTraitActiveOfficeUser(),
 		[]roles.RoleType{roles.RoleTypeTIO})
 
-	userIdentity, err := models.FetchUserIdentity(suite.DB(), officeUser.User.OktaUUID.String())
+	userIdentity, err := models.FetchUserIdentity(suite.DB(), officeUser.User.OktaID)
 	suite.Assert().NoError(err)
 
 	handlerConfig := suite.HandlerConfig()
@@ -623,10 +623,10 @@ func (suite *AuthSuite) TestAuthorizeDeactivateOfficeUser() {
 
 func (suite *AuthSuite) TestRedirectoktaErrorMsg() {
 	officeUserID := uuid.Must(uuid.NewV4())
-	oktaUUID, _ := uuid.FromString("2400c3c5-019d-4031-9c27-8a553e022297")
+	OktaID := ("2400c3c5-019d-4031-9c27-8a553e022297")
 
 	user := models.User{
-		OktaUUID:  &oktaUUID,
+		OktaID:    OktaID,
 		OktaEmail: "[email protected]",
 		Active:    true,
 	}
@@ -786,7 +786,7 @@ func (suite *AuthSuite) TestRedirectFromoktaForValidUser() {
 		StubName:  officeProviderName,
 		StubToken: "stubToken",
 		StubUser: goth.User{
-			UserID: tioOfficeUser.User.OktaUUID.String(),
+			UserID: tioOfficeUser.User.OktaID,
 			Email:  tioOfficeUser.Email,
 		},
 	}
@@ -846,7 +846,7 @@ func (suite *AuthSuite) TestRedirectFromLoginGovForInvalidUser() {
 		StubName:  officeProviderName,
 		StubToken: "stubToken",
 		StubUser: goth.User{
-			UserID: tioOfficeUser.User.OktaUUID.String(),
+			UserID: tioOfficeUser.User.OktaID,
 			Email:  tioOfficeUser.Email,
 		},
 	}
@@ -872,10 +872,10 @@ func (suite *AuthSuite) TestAuthKnownSingleRoleAdmin() {
 	adminUserID := uuid.Must(uuid.NewV4())
 	officeUserID := uuid.Must(uuid.NewV4())
 	var adminUserRole models.AdminRole = "SYSTEM_ADMIN"
-	oktaUUID, _ := uuid.FromString("2400c3c5-019d-4031-9c27-8a553e022297")
+	OktaID := ("2400c3c5-019d-4031-9c27-8a553e022297")
 
 	user := models.User{
-		OktaUUID:  &oktaUUID,
+		OktaID:    OktaID,
 		OktaEmail: "[email protected]",
 		Active:    true,
 	}
@@ -1017,9 +1017,9 @@ func (suite *AuthSuite) TestAuthUnknownServiceMember() {
 	// Verify session contains UserID that points to the newly-created user
 	suite.Equal(foundUser.ID, session.UserID)
 
-	// Verify user's OktaEmail and OktaUUID match the values passed in
+	// Verify user's OktaEmail and OktaID match the values passed in
 	suite.Equal(user.Email, foundUser.OktaEmail)
-	suite.Equal(user.UserID, foundUser.OktaUUID.String())
+	suite.Equal(user.UserID, foundUser.OktaID)
 
 	// Verify that the user's CurrentMilSessionID is not empty. The value is
 	// generated randomly, so we can't test for a specific string. Any string
@@ -1319,12 +1319,12 @@ func (suite *AuthSuite) TestAuthorizeKnownUserAdminNotFound() {
 	appnames := handlerConfig.AppNames()
 	// user exists in the DB, but not as an admin user
 	fakeToken := "some_token"
-	oktaUUID := uuid.Must(uuid.NewV4())
+	OktaID := "000"
 	userID := uuid.Must(uuid.NewV4())
 	serviceMemberID := uuid.Must(uuid.NewV4())
 
 	user := models.User{
-		OktaUUID:  &oktaUUID,
+		OktaID:    OktaID,
 		OktaEmail: "[email protected]",
 		Active:    true,
 		ID:        userID,

diff --git a/pkg/handlers/authentication/devlocal.go b/pkg/handlers/authentication/devlocal.go
@@ -395,7 +395,7 @@ func (h CreateAndLoginUserHandler) ServeHTTP(w http.ResponseWriter, r *http.Requ
 // createUser creates a user
 func createUser(h devlocalAuthHandler, w http.ResponseWriter, r *http.Request) (*models.User, string) {
 	appCtx := h.HandlerConfig.AppContextFromRequest(r)
-	id := uuid.Must(uuid.NewV4())
+	id := uuid.Must(uuid.NewV4()).String()
 
 	// Set up some defaults that we can pass in from a form
 	firstName := r.PostFormValue("firstName")
@@ -434,7 +434,7 @@ func createUser(h devlocalAuthHandler, w http.ResponseWriter, r *http.Request) (
 
 	// Create the User (which is the basis of all Service Members)
 	user := models.User{
-		OktaUUID:  &id,
+		OktaID:    id,
 		OktaEmail: email,
 		Active:    true,
 	}
@@ -928,11 +928,11 @@ func createSession(h devlocalAuthHandler, user *models.User, userType string, _
 		session = &auth.Session{}
 	}
 
-	lgUUID := user.OktaUUID.String()
+	lgUUID := user.OktaID
 	userIdentity, err := models.FetchUserIdentity(appCtx.DB(), lgUUID)
 
 	if err != nil {
-		return nil, errors.Wrapf(err, "Unable to fetch user identity from OktaUUID %s", lgUUID)
+		return nil, errors.Wrapf(err, "Unable to fetch user identity from OktaID %s", lgUUID)
 	}
 
 	session.Roles = append(session.Roles, userIdentity.Roles...)

diff --git a/pkg/handlers/internalapi/duty_locations_test.go b/pkg/handlers/internalapi/duty_locations_test.go
@@ -16,9 +16,9 @@ func (suite *HandlerSuite) TestSearchDutyLocationHandler() {
 	t := suite.T()
 
 	// Need a logged in user
-	lgu := uuid.Must(uuid.NewV4())
+	lgu := uuid.Must(uuid.NewV4()).String()
 	user := models.User{
-		OktaUUID:  &lgu,
+		OktaID:    lgu,
 		OktaEmail: "[email protected]",
 	}
 	suite.MustSave(&user)

diff --git a/pkg/handlers/internalapi/signed_certifications_test.go b/pkg/handlers/internalapi/signed_certifications_test.go
@@ -14,7 +14,6 @@ import (
 	"time"
 
 	"github.com/go-openapi/strfmt"
-	"github.com/gofrs/uuid"
 
 	"github.com/transcom/mymove/pkg/factory"
 	certop "github.com/transcom/mymove/pkg/gen/internalapi/internaloperations/certification"
@@ -65,9 +64,9 @@ func (suite *HandlerSuite) TestCreateSignedCertificationHandler() {
 func (suite *HandlerSuite) TestCreateSignedCertificationHandlerMismatchedUser() {
 	t := suite.T()
 
-	userUUID2, _ := uuid.FromString("3511d4d6-019d-4031-9c27-8a553e055543")
+	userUUID2 := "3511d4d6-019d-4031-9c27-8a553e055543"
 	user2 := models.User{
-		OktaUUID:  &userUUID2,
+		OktaID:    userUUID2,
 		OktaEmail: "[email protected]",
 	}
 	suite.MustSave(&user2)
@@ -194,9 +193,9 @@ func (suite *HandlerSuite) TestIndexSignedCertificationHandlerMismatchedUser() {
 			},
 		},
 	}, nil)
-	userUUID2, _ := uuid.FromString("3511d4d6-019d-4031-9c27-8a553e055543")
+	userUUID2 := "3511d4d6-019d-4031-9c27-8a553e055543"
 	unauthorizedUser := models.User{
-		OktaUUID:  &userUUID2,
+		OktaID:    userUUID2,
 		OktaEmail: "[email protected]",
 	}
 	params := certop.IndexSignedCertificationParams{

diff --git a/pkg/handlers/routing/base_routing_suite.go b/pkg/handlers/routing/base_routing_suite.go
@@ -154,9 +154,9 @@ func (suite *BaseRoutingSuite) setupRequestSession(req *http.Request, user model
 		Hostname:        hostname,
 	}
 
-	suite.FatalNotNil(user.OktaUUID)
-	suite.FatalFalse(user.OktaUUID.IsNil())
-	userIdentity, err := models.FetchUserIdentity(suite.DB(), user.OktaUUID.String())
+	suite.FatalNotNil(user.OktaID)
+	suite.NotNil(user.OktaID)
+	userIdentity, err := models.FetchUserIdentity(suite.DB(), user.OktaID)
 	suite.FatalNoError(err)
 
 	// use AuthorizeKnownUser which also sets up various things in the

diff --git a/pkg/migrate/SplitStatements_test.go b/pkg/migrate/SplitStatements_test.go
@@ -189,7 +189,7 @@ func (suite *MigrateSuite) TestSplitStatementsCopyFromStdinTrailingEmptyColumns(
 	// We're using a string for this test case instead of a file so the trailing whitespace doesn't accidentally get trimmed off by
 	// an aggressive text editor.
 	originalStatements := []string{
-		"COPY public.users (id, okta_uuid, okta_email, created_at, updated_at, active, current_mil_session_id, current_admin_session_id, current_office_session_id) FROM stdin;",
+		"COPY public.users (id, okta_id, okta_email, created_at, updated_at, active, current_mil_session_id, current_admin_session_id, current_office_session_id) FROM stdin;",
 		"00000000-0000-0000-0000-000000000000\t\\N\t[email protected]\t2021-05-12\t20:09:04.701587\t2021-05-12\t20:09:04.701587\tt\t\t\t",
 		"11111111-1111-1111-1111-111111111111\t\\N\t[email protected]\t2021-05-12\t20:09:04.701587\t2021-05-12\t20:09:04.701587\tt\t\t\t",
 		"\\.",

diff --git a/pkg/models/client_cert_test.go b/pkg/models/client_cert_test.go
@@ -9,10 +9,10 @@ import (
 )
 
 func (suite *ModelSuite) Test_FetchClientCert() {
-	loginGovUUID := uuid.Must(uuid.NewV4())
+	oktaID := uuid.Must(uuid.NewV4()).String()
 	userForClientCert := models.User{
 		ID:        uuid.Must(uuid.NewV4()),
-		OktaUUID:  &loginGovUUID,
+		OktaID:    oktaID,
 		OktaEmail: "[email protected]",
 		Active:    true,
 	}