use PersonReferrer instead of string

src/core/ldap/domain/ldap-client.service.spec.ts

@@ -18,7 +18,7 @@ import { Person } from '../../../modules/person/domain/person.js';
 import { createMock, DeepMocked } from '@golevelup/ts-jest';
 import { LdapClient } from './ldap-client.js';
 import { Attribute, Change, Client, Entry, SearchResult } from 'ldapts';
-import { PersonID } from '../../../shared/types/aggregate-ids.types.js';
+import { PersonID, PersonReferrer } from '../../../shared/types/aggregate-ids.types.js';
 import { LdapSearchError } from '../error/ldap-search.error.js';
 import { LdapEntityType } from './ldap.types.js';
 import { ClassLogger } from '../../logging/class-logger.js';
@@ -140,8 +140,8 @@ describe('LDAP Client Service', () => {
         expect(em).toBeDefined();
     });
     describe('updateMemberDnInGroups', () => {
-        const fakeOldReferrer: string = 'old-user';
-        const fakeNewReferrer: string = 'new-user';
+        const fakeOldReferrer: PersonReferrer = 'old-user';
+        const fakeNewReferrer: PersonReferrer = 'new-user';
         const fakeOldReferrerUid: string = `uid=${fakeOldReferrer},ou=users,${mockLdapInstanceConfig.BASE_DN}`;
         const fakeNewReferrerUid: string = `uid=${fakeNewReferrer},ou=users,${mockLdapInstanceConfig.BASE_DN}`;
         const fakeGroupDn: string = 'cn=lehrer-group,' + mockLdapInstanceConfig.BASE_DN;
@@ -478,7 +478,7 @@ describe('LDAP Client Service', () => {
     });
 
     describe('addPersonToGroup', () => {
-        const fakeReferrer: string = 'test-user';
+        const fakeReferrer: PersonReferrer = 'test-user';
         const fakeSchoolReferrer: string = '123';
         const fakeLehrerUid: string = `uid=${fakeReferrer},ou=oeffentlicheSchulen,${mockLdapInstanceConfig.BASE_DN}`;
         const fakeGroupId: string = `lehrer-${fakeSchoolReferrer}`;
@@ -904,7 +904,7 @@ describe('LDAP Client Service', () => {
             });
 
             it('should log an error and return the failed result if addPersonToGroup fails', async () => {
-                const referrer: string = 'test-user';
+                const referrer: PersonReferrer = 'test-user';
                 const schulId: string = '123';
                 const expectedGroupId: string = `lehrer-${schulId}`;
                 const errorMessage: string = `LDAP: Failed to add lehrer ${referrer} to group ${expectedGroupId}`;
@@ -1159,7 +1159,7 @@ describe('LDAP Client Service', () => {
             });
             describe('when modifying', () => {
                 it('Should Update LDAP When called with Attributes', async () => {
-                    const oldReferrer: string = faker.internet.userName();
+                    const oldReferrer: PersonReferrer = faker.internet.userName();
                     const newGivenName: string = faker.person.firstName();
                     const newSn: string = faker.person.lastName();
                     const newUid: string = faker.string.alphanumeric(6);
@@ -1211,7 +1211,7 @@ describe('LDAP Client Service', () => {
                 });
 
                 it('should return error if updateMemberDnInGroups fails', async () => {
-                    const oldReferrer: string = faker.internet.userName();
+                    const oldReferrer: PersonReferrer = faker.internet.userName();
                     const newUid: string = faker.string.alphanumeric(6);
 
                     jest.spyOn(ldapClientService, 'updateMemberDnInGroups').mockResolvedValueOnce({
@@ -1897,7 +1897,7 @@ describe('LDAP Client Service', () => {
     describe('createNewLehrerUidFromOldUid', () => {
         it('should replace the old uid with the new referrer and join the DN parts with commas', () => {
             const oldUid: string = 'uid=oldUser,ou=users,dc=example,dc=com';
-            const newReferrer: string = 'newUser';
+            const newReferrer: PersonReferrer = 'newUser';
 
             const result: string = ldapClientService.createNewLehrerUidFromOldUid(oldUid, newReferrer);
 
@@ -1906,7 +1906,7 @@ describe('LDAP Client Service', () => {
 
         it('should handle a DN with only a uid component', () => {
             const oldUid: string = 'uid=oldUser';
-            const newReferrer: string = 'newUser';
+            const newReferrer: PersonReferrer = 'newUser';
 
             const result: string = ldapClientService.createNewLehrerUidFromOldUid(oldUid, newReferrer);
 
@@ -1915,7 +1915,7 @@ describe('LDAP Client Service', () => {
 
         it('should handle an empty DN string', () => {
             const oldUid: string = '';
-            const newReferrer: string = 'newUser';
+            const newReferrer: PersonReferrer = 'newUser';
 
             const result: string = ldapClientService.createNewLehrerUidFromOldUid(oldUid, newReferrer);
 

src/core/ldap/domain/ldap-client.service.ts

@@ -108,7 +108,7 @@ export class LdapClientService {
         };
     }
 
-    public getLehrerUid(referrer: string, rootName: string): string {
+    public getLehrerUid(referrer: PersonReferrer, rootName: string): string {
         return `uid=${referrer},ou=${rootName},${this.ldapInstanceConfig.BASE_DN}`;
     }
 
@@ -126,7 +126,7 @@ export class LdapClientService {
         schulId: string,
         mail?: string, //Wird hier erstmal seperat mit reingegeben bis die Umstellung auf primary/alternative erfolgt
     ): Promise<Result<PersonData>> {
-        const referrer: string | undefined = person.referrer;
+        const referrer: PersonReferrer | undefined = person.referrer;
         if (!referrer) {
             return {
                 ok: false,
@@ -194,7 +194,7 @@ export class LdapClientService {
         });
     }
 
-    public async isLehrerExisting(referrer: string, domain: string): Promise<Result<boolean>> {
+    public async isLehrerExisting(referrer: PersonReferrer, domain: string): Promise<Result<boolean>> {
         const rootName: Result<string> = this.getRootNameOrError(domain);
         if (!rootName.ok) return rootName;
 
@@ -218,10 +218,10 @@ export class LdapClientService {
     }
 
     public async modifyPersonAttributes(
-        oldReferrer: string,
+        oldReferrer: PersonReferrer,
         newGivenName?: string,
         newSn?: string,
-        newReferrer?: string,
+        newReferrer?: PersonReferrer,
     ): Promise<Result<string>> {
         return this.mutex.runExclusive(async () => {
             this.logger.info('LDAP: modifyPersonAttributes');
@@ -309,15 +309,15 @@ export class LdapClientService {
         });
     }
 
-    public createNewLehrerUidFromOldUid(oldUid: string, newReferrer: string): string {
+    public createNewLehrerUidFromOldUid(oldUid: string, newReferrer: PersonReferrer): string {
         const splitted: string[] = oldUid.split(',');
         splitted[0] = `uid=${newReferrer}`;
         return splitted.join(',');
     }
 
     public async updateMemberDnInGroups(
-        oldReferrer: string,
-        newReferrer: string,
+        oldReferrer: PersonReferrer,
+        newReferrer: PersonReferrer,
         oldUid: string,
         client: Client,
     ): Promise<Result<string>> {
@@ -391,7 +391,7 @@ export class LdapClientService {
         return { ok: true, value: `Updated member data for ${groupEntries.length} groups.` };
     }
 
-    public async deleteLehrerByReferrer(referrer: string): Promise<Result<string>> {
+    public async deleteLehrerByReferrer(referrer: PersonReferrer): Promise<Result<string>> {
         return this.mutex.runExclusive(async () => {
             this.logger.info('LDAP: deleteLehrer by referrer');
             const client: Client = this.ldapClient.getClient();
@@ -464,7 +464,6 @@ export class LdapClientService {
         newEmailAddress: string,
     ): Promise<Result<PersonID>> {
         // Converted to avoid PersonRepository-ref, UEM-password-generation
-        //const referrer: string | undefined = await this.getPersonReferrerOrUndefined(personId);
         return this.mutex.runExclusive(async () => {
             this.logger.info('LDAP: changeEmailAddress');
             const splitted: string[] = newEmailAddress.split('@');
@@ -632,7 +631,7 @@ export class LdapClientService {
     }
 
     public async removePersonFromGroup(
-        referrer: string,
+        referrer: PersonReferrer,
         schoolReferrer: string,
         lehrerUid: string,
     ): Promise<Result<boolean>> {
@@ -709,7 +708,6 @@ export class LdapClientService {
 
     public async changeUserPasswordByPersonId(personId: PersonID, referrer: PersonReferrer): Promise<Result<PersonID>> {
         // Converted to avoid PersonRepository-ref, UEM-password-generation
-        //const referrer: string | undefined = await this.getPersonReferrerOrUndefined(personId);
         const userPassword: string = generatePassword();
 
         return this.mutex.runExclusive(async () => {

src/modules/ox/domain/ox-event-handler.spec.ts

@@ -746,7 +746,7 @@ describe('OxEventHandler', () => {
         let personId: PersonID;
         let event: EmailAddressChangedEvent;
         let person: Person<true>;
-        let referrer: string;
+        let referrer: PersonReferrer;
         let email: string;
         let oxUserId: string;
         let oxUserName: string;

src/modules/person/persistence/person.repository.ts

@@ -12,7 +12,7 @@ import {
     MissingPermissionsError,
 } from '../../../shared/error/index.js';
 import { ScopeOperator, ScopeOrder } from '../../../shared/persistence/scope.enums.js';
-import { PersonID } from '../../../shared/types/aggregate-ids.types.js';
+import { PersonID, PersonReferrer } from '../../../shared/types/aggregate-ids.types.js';
 import { PermittedOrgas, PersonPermissions } from '../../authentication/domain/person-permissions.js';
 import { KeycloakUserService, PersonHasNoKeycloakId, User } from '../../keycloak-administration/index.js';
 import { RollenMerkmal, RollenSystemRecht } from '../../rolle/domain/rolle.enums.js';
@@ -333,7 +333,6 @@ export class PersonRepository {
                 familienname: person.familienname,
                 vorname: person.vorname,
                 email: person.email,
-                referrer: person.referrer,
             },
             [],
             removedPersonenkontexts,
@@ -443,7 +442,7 @@ export class PersonRepository {
     }
 
     public async update(person: Person<true>): Promise<Person<true> | DomainError> {
-        let oldReferrer: string | undefined = '';
+        let oldReferrer: PersonReferrer | undefined = '';
         const personEntity: Loaded<PersonEntity> = await this.em.findOneOrFail(PersonEntity, person.id);
         const isPersonRenamedEventNecessary: boolean = this.hasChangedNames(personEntity, person);
         if (person.newPassword) {

src/modules/personenkontext/domain/personenkontext.factory.ts

@@ -1,5 +1,5 @@
 import { Injectable } from '@nestjs/common';
-import { OrganisationID, PersonID, RolleID } from '../../../shared/types/aggregate-ids.types.js';
+import { OrganisationID, PersonID, PersonReferrer, RolleID } from '../../../shared/types/aggregate-ids.types.js';
 import { Personenkontext } from './personenkontext.js';
 import { RolleRepo } from '../../rolle/repo/rolle.repo.js';
 import { PersonRepository } from '../../person/persistence/person.repository.js';
@@ -22,7 +22,7 @@ export class PersonenkontextFactory {
         personId: PersonID,
         organisationId: OrganisationID,
         rolleId: RolleID,
-        referrer?: string,
+        referrer?: PersonReferrer,
         mandant?: string,
         personenstatus?: Personenstatus,
         jahrgangsstufe?: Jahrgangsstufe,
@@ -55,7 +55,7 @@ export class PersonenkontextFactory {
         personId: PersonID,
         organisationId: OrganisationID,
         rolleId: RolleID,
-        referrer: string | undefined = undefined,
+        referrer: PersonReferrer | undefined = undefined,
         mandant: string | undefined = undefined,
         personenstatus: Personenstatus | undefined = undefined,
         jahrgangsstufe: Jahrgangsstufe | undefined = undefined,

src/modules/personenkontext/domain/personenkontext.ts

@@ -1,7 +1,7 @@
 import { DomainError } from '../../../shared/error/domain.error.js';
 import { EntityNotFoundError } from '../../../shared/error/entity-not-found.error.js';
 import { MissingPermissionsError } from '../../../shared/error/missing-permissions.error.js';
-import { OrganisationID, PersonID, RolleID } from '../../../shared/types/index.js';
+import { OrganisationID, PersonID, PersonReferrer, RolleID } from '../../../shared/types/index.js';
 import { PersonPermissions } from '../../authentication/domain/person-permissions.js';
 import { Organisation } from '../../organisation/domain/organisation.js';
 import { OrganisationRepository } from '../../organisation/persistence/organisation.repository.js';
@@ -40,7 +40,7 @@ export class Personenkontext<WasPersisted extends boolean> {
         public readonly organisationId: OrganisationID,
         public readonly rolleId: RolleID,
         // new
-        public readonly referrer: string | undefined,
+        public readonly referrer: PersonReferrer | undefined,
         public readonly mandant: string | undefined,
         public readonly personenstatus: Personenstatus | undefined,
         public readonly jahrgangsstufe: Jahrgangsstufe | undefined,
@@ -61,7 +61,7 @@ export class Personenkontext<WasPersisted extends boolean> {
         organisationId: OrganisationID,
         rolleId: RolleID,
         // new params
-        referrer: string | undefined = undefined,
+        referrer: PersonReferrer | undefined = undefined,
         mandant: string | undefined = undefined,
         personenstatus: Personenstatus | undefined = undefined,
         jahrgangsstufe: Jahrgangsstufe | undefined = undefined,
@@ -100,7 +100,7 @@ export class Personenkontext<WasPersisted extends boolean> {
         organisationId: OrganisationID,
         rolleId: RolleID,
         // new fields
-        referrer: string | undefined = undefined,
+        referrer: PersonReferrer | undefined = undefined,
         mandant: string | undefined = undefined,
         personenstatus: Personenstatus | undefined = undefined,
         jahrgangsstufe: Jahrgangsstufe | undefined = undefined,

src/modules/privacy-idea-administration/privacy-idea-administration-event-handler.spec.ts

@@ -8,6 +8,7 @@ import { ConfigTestModule, LoggingTestModule } from '../../../test/utils/index.j
 import { PersonDeletedEvent } from '../../shared/events/person-deleted.event.js';
 import { ResetTokenResponse, PrivacyIdeaToken } from './privacy-idea-api.types.js';
 import { TokenResetError } from './api/error/token-reset.error.js';
+import { PersonReferrer } from '../../shared/types/aggregate-ids.types.js';
 
 export const mockPrivacyIdeaToken: PrivacyIdeaToken = {
     active: true,
@@ -74,7 +75,7 @@ describe('PrivacyIdeaAdministration Event Handler', () => {
 
     describe('handlePersonDeletedEvent', () => {
         let personId: string;
-        let referrer: string;
+        let referrer: PersonReferrer;
         let emailAddress: string;
         let event: PersonDeletedEvent;
         let mockResetTokenResponse: ResetTokenResponse;

src/modules/privacy-idea-administration/privacy-idea-administration.controller.ts

@@ -41,6 +41,7 @@ import { TokenInitBodyParams } from './token-init.body.params.js';
 import { TokenStateResponse } from './token-state.response.js';
 import { TokenVerifyBodyParams } from './token-verify.params.js';
 import { ClassLogger } from '../../core/logging/class-logger.js';
+import { PersonReferrer } from '../../shared/types/aggregate-ids.types.js';
 
 @UseFilters(new PrivacyIdeaAdministrationExceptionFilter())
 @ApiTags('2FA')
@@ -66,7 +67,7 @@ export class PrivacyIdeaAdministrationController {
         @Body() params: TokenInitBodyParams,
         @Permissions() permissions: PersonPermissions,
     ): Promise<string> {
-        const referrer: string = await this.getReferrerIfAllowedOrSelf(params.personId, permissions);
+        const referrer: PersonReferrer = await this.getReferrerIfAllowedOrSelf(params.personId, permissions);
         const selfService: boolean = params.personId === permissions.personFields.id;
 
         return this.privacyIdeaAdministrationService.initializeSoftwareToken(referrer, selfService);
@@ -84,7 +85,7 @@ export class PrivacyIdeaAdministrationController {
         @Query('personId') personId: string,
         @Permissions() permissions: PersonPermissions,
     ): Promise<TokenStateResponse> {
-        const referrer: string = await this.getReferrerIfAllowedOrSelf(personId, permissions);
+        const referrer: PersonReferrer = await this.getReferrerIfAllowedOrSelf(personId, permissions);
         const piToken: PrivacyIdeaToken | undefined =
             await this.privacyIdeaAdministrationService.getTwoAuthState(referrer);
         return new TokenStateResponse(piToken);
@@ -103,7 +104,7 @@ export class PrivacyIdeaAdministrationController {
         @Query('personId') personId: string,
         @Permissions() permissions: PersonPermissions,
     ): Promise<boolean> {
-        const referrer: string = await this.getReferrerIfAllowed(personId, permissions);
+        const referrer: PersonReferrer = await this.getReferrerIfAllowed(personId, permissions);
         try {
             const response: ResetTokenResponse = await this.privacyIdeaAdministrationService.resetToken(referrer);
             return response.result.status;
@@ -134,7 +135,7 @@ export class PrivacyIdeaAdministrationController {
         @Body() params: AssignHardwareTokenBodyParams,
         @Permissions() permissions: PersonPermissions,
     ): Promise<AssignHardwareTokenResponse | undefined> {
-        const referrer: string = await this.getReferrerIfAllowed(params.userId, permissions);
+        const referrer: PersonReferrer = await this.getReferrerIfAllowed(params.userId, permissions);
         try {
             const result: AssignTokenResponse = await this.privacyIdeaAdministrationService.assignHardwareToken(
                 params.serial,
@@ -174,7 +175,7 @@ export class PrivacyIdeaAdministrationController {
         @Body() params: TokenVerifyBodyParams,
         @Permissions() permissions: PersonPermissions,
     ): Promise<void> {
-        const referrer: string = await this.getReferrerIfAllowedOrSelf(params.personId, permissions);
+        const referrer: PersonReferrer = await this.getReferrerIfAllowedOrSelf(params.personId, permissions);
         try {
             await this.privacyIdeaAdministrationService.verifyTokenEnrollment(referrer, params.otp);
             this.logger.info(
@@ -224,7 +225,10 @@ export class PrivacyIdeaAdministrationController {
         return personResult.value.referrer;
     }
 
-    private async getReferrerIfAllowedOrSelf(personId: string, permissions: PersonPermissions): Promise<string> {
+    private async getReferrerIfAllowedOrSelf(
+        personId: string,
+        permissions: PersonPermissions,
+    ): Promise<PersonReferrer> {
         if (personId === permissions.personFields.id) {
             const person: Option<Person<true>> = await this.personRepository.findById(personId);
             if (!person?.referrer) {

src/modules/privacy-idea-administration/privacy-idea-administration.service.spec.ts

@@ -29,6 +29,7 @@ import { DeleteUserError } from './api/error/delete-user.error.js';
 import { SoftwareTokenInitializationError } from './api/error/software-token-initialization.error.js';
 import { TokenStateError } from './api/error/token-state.error.js';
 import { PIUnavailableError } from './api/error/pi-unavailable.error.js';
+import { PersonReferrer } from '../../shared/types/aggregate-ids.types.js';
 
 const mockErrorMsg: string = `Mock error`;
 
@@ -916,7 +917,7 @@ describe(`PrivacyIdeaAdministrationService`, () => {
     });
 
     describe('deleteUser', () => {
-        const referrer: string = faker.string.alpha();
+        const referrer: PersonReferrer = faker.string.alpha();
         let mockJWTToken: string;
         beforeEach(() => {
             mockJWTToken = faker.string.alpha();