feat(auth-admin): Create paper delegation (#15992)

* created new admin module for paper delegations and get route

* field resolver DelegationAdminModel

* lookup for delegations with detailed view

* Cleanup and rest and graphql for DeleteDelegation

* small cleanup

* chore: nx format:write update dirty files

* move delegationAdmin service to admin-api from delegation-api

* adds getTicket function to Zendesk service

Fetches Zendesk ticket by id

* Adds create delegation route

Form for creating delegation, wip form action

* chore: nx format:write update dirty files

* fix config value

* chore: charts update dirty files

* fix api build issues

* wip gql for create delegation

* fix pr comments

* delegation reference id added

* added back the spec files

* validate form data and show error messages

* fix get tests

* chore: nx format:write update dirty files

* test for delete

* post method to create delegation between two national id's

* zendesk integration complete

* remove console log

* merged with main

* chore: charts update dirty files

* chore: nx format:write update dirty files

* adds CreateDelegationConfirm modal and prefills Create form with values from search params

* chore: nx format:write update dirty files

* use identity resolver

fixes in response to comments

* chore: nx format:write update dirty files

* created delegation-delegation-type.model.ts and updated findAllScopesTo in delegation-scope.service.ts

* fix broken tests

* tests for findAllScopesTo

* added validTo to delegationDelegationType

* set general mandate as type in ids select account prompt

* Get general mandate to delegations-to on service-portal

* remove duplicate case

* small refactor

* chore: nx format:write update dirty files

* Mask nationalId in url

* format national id

* fix tests after merge with main

* chore: nx format:write update dirty files

* fix duplicate referenceId's

* fix import

* remove console log and unused variables

* chore: nx format:write update dirty files

* move general mandate tests to new file

* add zendesk validation

* feat(auth-admin): Delete delegation UI (#16073)

* Changes includeArchived from Param to Query

Fixes openapi.yaml error

* adds Oauth2 to openApi document builder

* validates Zendesk ticket when creating delegation

* Adds delete button to delegation access card and call delete mutation

* chore: nx format:write update dirty files

* add referenceId to delegation query

---------

Co-authored-by: andes-it <[email protected]>

* feat(auth-admin): Create paper delegation zendesk integration (#16074)

* Changes includeArchived from Param to Query

Fixes openapi.yaml error

* adds Oauth2 to openApi document builder

* validates Zendesk ticket when creating delegation

* chore: nx format:write update dirty files

---------

Co-authored-by: andes-it <[email protected]>

* connect changes and modify incoming delegations for new ddt table

* fix comments from PR

* fix pr comment

* chore: nx format:write update dirty files

* chore: nx format:write update dirty files

* fix pr comment

* add tests for create

* fix pr comments

* simplify var names

* chore: nx format:write update dirty files

* add index for general mandate

* fix pr comments

* fix pr comments

---------

Co-authored-by: andes-it <[email protected]>
Co-authored-by: Magnea Rún Vignisdóttir <[email protected]>
Co-authored-by: kodiakhq[bot] <49736102+kodiakhq[bot]@users.noreply.github.com>

apps/services/auth/admin-api/src/app/v2/clients/me-clients.controller.ts

@@ -7,6 +7,7 @@ import {
   Post,
   UseGuards,
   Delete,
+  Query,
 } from '@nestjs/common'
 import { ApiSecurity, ApiTags } from '@nestjs/swagger'
 
@@ -74,7 +75,7 @@ export class MeClientsController {
     @CurrentUser() user: User,
     @Param('tenantId') tenantId: string,
     @Param('clientId') clientId: string,
-    @Param('includeArchived') includeArchived?: boolean,
+    @Query('includeArchived') includeArchived?: boolean,
   ): Promise<AdminClientDto> {
     return this.clientsService.findByTenantIdAndClientId(
       tenantId,

apps/services/auth/admin-api/src/app/v2/delegations/delegation-admin.controller.ts

@@ -1,9 +1,11 @@
 import {
+  Body,
   Controller,
   Delete,
   Get,
   Headers,
   Param,
+  Post,
   UseGuards,
 } from '@nestjs/common'
 import { ApiTags } from '@nestjs/swagger'
@@ -16,8 +18,10 @@ import {
   User,
 } from '@island.is/auth-nest-tools'
 import {
+  CreatePaperDelegationDto,
   DelegationAdminCustomDto,
   DelegationAdminCustomService,
+  DelegationDTO,
 } from '@island.is/auth-api-lib'
 import { Documentation } from '@island.is/nest/swagger'
 import { Audit, AuditService } from '@island.is/nest/audit'
@@ -65,6 +69,28 @@ export class DelegationAdminController {
     )
   }
 
+  @Post()
+  @Scopes(DelegationAdminScopes.admin)
+  @Documentation({
+    response: { status: 201, type: DelegationDTO },
+  })
+  create(
+    @CurrentUser() user: User,
+    @Body() delegation: CreatePaperDelegationDto,
+  ): Promise<DelegationDTO> {
+    return this.auditService.auditPromise(
+      {
+        auth: user,
+        namespace,
+        action: 'create',
+        resources: (result) => {
+          return result?.id ?? undefined
+        },
+      },
+      this.delegationAdminService.createDelegation(user, delegation),
+    )
+  }
+
   @Delete(':delegationId')
   @Scopes(DelegationAdminScopes.admin)
   @Documentation({

apps/services/auth/admin-api/src/app/v2/delegations/test/delegation-admin.auth.spec.ts

@@ -0,0 +1,135 @@
+import request from 'supertest'
+
+import {
+  getRequestMethod,
+  setupApp,
+  setupAppWithoutAuth,
+  TestApp,
+  TestEndpointOptions,
+} from '@island.is/testing/nest'
+import { User } from '@island.is/auth-nest-tools'
+import { FixtureFactory } from '@island.is/services/auth/testing'
+import { createCurrentUser } from '@island.is/testing/fixtures'
+import { DelegationAdminScopes } from '@island.is/auth/scopes'
+import { SequelizeConfigService } from '@island.is/auth-api-lib'
+
+import { AppModule } from '../../../app.module'
+
+describe('withoutAuth and permissions', () => {
+  async function formatUrl(app: TestApp, endpoint: string, user?: User) {
+    if (!endpoint.includes(':delegation')) {
+      return endpoint
+    }
+    const factory = new FixtureFactory(app)
+    const domain = await factory.createDomain({
+      name: 'd1',
+      apiScopes: [{ name: 's1' }],
+    })
+    const delegation = await factory.createCustomDelegation({
+      fromNationalId: user?.nationalId,
+      domainName: domain.name,
+      scopes: [{ scopeName: 's1' }],
+    })
+    return endpoint.replace(':delegation', encodeURIComponent(delegation.id))
+  }
+
+  it.each`
+    method      | endpoint
+    ${'GET'}    | ${'/delegation-admin'}
+    ${'DELETE'} | ${'/delegation-admin/:delegation'}
+  `(
+    '$method $endpoint should return 401 when user is not authenticated',
+    async ({ method, endpoint }) => {
+      // Arrange
+      const app = await setupAppWithoutAuth({
+        AppModule,
+        SequelizeConfigService,
+        dbType: 'postgres',
+      })
+      const server = request(app.getHttpServer())
+      const url = await formatUrl(app, endpoint)
+
+      // Act
+      const res = await getRequestMethod(server, method)(url)
+
+      // Assert
+      expect(res.status).toEqual(401)
+      expect(res.body).toMatchObject({
+        status: 401,
+        type: 'https://httpstatuses.org/401',
+        title: 'Unauthorized',
+      })
+    },
+  )
+
+  it.each`
+    method      | endpoint
+    ${'GET'}    | ${'/delegation-admin'}
+    ${'DELETE'} | ${'/delegation-admin/:delegation'}
+  `(
+    '$method $endpoint should return 403 Forbidden when user does not have the correct scope',
+    async ({ method, endpoint }: TestEndpointOptions) => {
+      // Arrange
+      const user = createCurrentUser()
+      const app = await setupApp({
+        AppModule,
+        SequelizeConfigService,
+        user,
+        dbType: 'postgres',
+      })
+      const server = request(app.getHttpServer())
+      const url = await formatUrl(app, endpoint, user)
+
+      // Act
+      const res = await getRequestMethod(server, method)(url)
+
+      // Assert
+      expect(res.status).toEqual(403)
+      expect(res.body).toMatchObject({
+        status: 403,
+        type: 'https://httpstatuses.org/403',
+        title: 'Forbidden',
+        detail: 'Forbidden resource',
+      })
+
+      // CleanUp
+      app.cleanUp()
+    },
+  )
+
+  it.each`
+    method      | endpoint
+    ${'DELETE'} | ${'/delegation-admin/:delegation'}
+  `(
+    '$method $endpoint should return 403 Forbidden when user does not have the admin scope',
+    async ({ method, endpoint }: TestEndpointOptions) => {
+      // Arrange
+      const user = createCurrentUser({
+        scope: [DelegationAdminScopes.read],
+      })
+      const app = await setupApp({
+        AppModule,
+        SequelizeConfigService,
+        user,
+        dbType: 'postgres',
+      })
+      const server = request(app.getHttpServer())
+      const url = await formatUrl(app, endpoint, user)
+
+      // Act
+      const res = await getRequestMethod(server, method)(url)
+
+      // Assert
+      expect(res.status).toEqual(403)
+      expect(res.body).toMatchObject({
+        status: 403,
+        type: 'https://httpstatuses.org/403',
+        title: 'Forbidden',
+        detail: 'Forbidden resource',
+      })
+
+      // CleanUp
+      app.cleanUp()
+    },
+  )
+})