fix: Show username in unprivileged search results (#2104)

* fix: Show username in unprivileged search results

`onPremisesSamAccountName` is a mandatory attribute according to the
spec. There's no harm in returning it in the search results also for
unprivileged users.

Fixes: #144

* adapt tests

* adapt tests

* adapt tests

---------

Co-authored-by: Viktor Scharf <v.scharf@opencloud.eu>

Author: rhafer

services/graph/pkg/service/v0/users.go

@@ -306,10 +306,11 @@ func (g Graph) GetUsers(w http.ResponseWriter, r *http.Request) {
 		finalUsers := make([]*libregraph.User, len(users))
 		for i, u := range users {
 			finalUsers[i] = &libregraph.User{
-				Id:          u.Id,
-				DisplayName: u.DisplayName,
-				UserType:    u.UserType,
-				Identities:  u.Identities,
+				Id:                       u.Id,
+				DisplayName:              u.DisplayName,
+				UserType:                 u.UserType,
+				Identities:               u.Identities,
+				OnPremisesSamAccountName: u.OnPremisesSamAccountName,
 			}
 
 			if g.config.API.ShowUserEmailInResults {

tests/acceptance/features/apiGraphUserGroup/getUser.feature

@@ -1351,6 +1351,7 @@ Feature: get users
               "required": [
                 "displayName",
                 "id",
+                "onPremisesSamAccountName",
                 "userType"
               ],
               "properties": {
@@ -1362,6 +1363,10 @@ Feature: get users
                   "type": "string",
                   "pattern": "^%user_id_pattern%$"
                 },
+                "onPremisesSamAccountName": {
+                  "type": "string",
+                  "const": "Alice"
+                },
                 "userType": {
                   "type": "string",
                   "const": "Member"
@@ -1456,6 +1461,7 @@ Feature: get users
               "required": [
                 "displayName",
                 "id",
+                "onPremisesSamAccountName",
                 "userType"
               ],
               "properties": {
@@ -1467,6 +1473,10 @@ Feature: get users
                   "type": "string",
                   "pattern": "^%user_id_pattern%$"
                 },
+                "onPremisesSamAccountName": {
+                  "type": "string",
+                  "const": "Alice"
+                },
                 "userType": {
                   "type": "string",
                   "const": "Member"
@@ -1501,6 +1511,7 @@ Feature: get users
               "required": [
                 "displayName",
                 "id",
+                "onPremisesSamAccountName",
                 "userType"
               ],
               "properties": {
@@ -1512,6 +1523,10 @@ Feature: get users
                   "type": "string",
                   "pattern": "^%user_id_pattern%$"
                 },
+                "onPremisesSamAccountName": {
+                  "type": "string",
+                  "const": "Alice"
+                },
                 "userType": {
                   "type": "string",
                   "const": "Member"
@@ -1530,7 +1545,6 @@ Feature: get users
       | displayName | Alice Hansen                 |
       | email       | another-alice@example.org    |
       | password    | containsCharacters(*:!;_+-&) |
-    And the administrator has assigned the role "Admin" to user "Alice" using the Graph API
     When user "Brian" searches for user "alice" using Graph API
     Then the HTTP status code should be "200"
     And the JSON data of the search response should not contain users email
@@ -1554,6 +1568,7 @@ Feature: get users
                   "required": [
                     "displayName",
                     "id",
+                    "onPremisesSamAccountName",
                     "userType"
                   ],
                   "properties": {
@@ -1565,6 +1580,10 @@ Feature: get users
                       "type": "string",
                       "pattern": "^%user_id_pattern%$"
                     },
+                    "onPremisesSamAccountName": {
+                      "type": "string",
+                      "const": "Alice"
+                    },
                     "userType": {
                       "type": "string",
                       "const": "Member"
@@ -1576,6 +1595,7 @@ Feature: get users
                   "required": [
                     "displayName",
                     "id",
+                    "onPremisesSamAccountName",
                     "userType"
                   ],
                   "properties": {
@@ -1587,11 +1607,13 @@ Feature: get users
                       "type": "string",
                       "pattern": "^%user_id_pattern%$"
                     },
+                    "onPremisesSamAccountName": {
+                      "type": "string",
+                      "const": "another-alice"
+                    },
                     "userType": {
                       "type": "string",
-                      "const": [
-                        "Admin"
-                      ]
+                      "const": "Member"
                     }
                   }
                 }

tests/acceptance/features/apiGraphUserGroup/searchUserIncludingEmail.feature

@@ -274,6 +274,7 @@ Feature: edit/search user including email
               "required": [
                 "displayName",
                 "id",
+                "onPremisesSamAccountName",
                 "mail",
                 "userType"
               ],
@@ -285,6 +286,9 @@ Feature: edit/search user including email
                   "type": "string",
                   "pattern": "^%user_id_pattern%$"
                 },
+                "onPremisesSamAccountName": {
+                  "const": "Alice"
+                },
                 "mail": {
                   "const": "alice@example.org"
                 },
@@ -366,6 +370,7 @@ Feature: edit/search user including email
               "required": [
                 "displayName",
                 "id",
+                "onPremisesSamAccountName",
                 "mail",
                 "userType"
               ],
@@ -377,6 +382,9 @@ Feature: edit/search user including email
                   "type": "string",
                   "pattern": "^%user_id_pattern%$"
                 },
+                "onPremisesSamAccountName": {
+                  "const": "Alice"
+                },
                 "mail": {
                   "const": "alice@example.org"
                 },
@@ -417,6 +425,7 @@ Feature: edit/search user including email
                   "required": [
                     "displayName",
                     "id",
+                    "onPremisesSamAccountName",
                     "mail",
                     "userType"
                   ],
@@ -428,6 +437,9 @@ Feature: edit/search user including email
                       "type": "string",
                       "pattern": "^%user_id_pattern%$"
                     },
+                    "onPremisesSamAccountName": {
+                      "const": "Alice"
+                    },
                     "mail": {
                       "const": "alice@example.org"
                     },
@@ -452,6 +464,9 @@ Feature: edit/search user including email
                       "type": "string",
                       "pattern": "^%user_id_pattern%$"
                     },
+                    "onPremisesSamAccountName": {
+                      "const": "another-alice"
+                    },
                     "mail": {
                       "const": "another-alice@example.org"
                     },

tests/acceptance/features/apiTenancy/mutltiTenancy.feature

@@ -45,7 +45,7 @@ Feature: Multi-tenancy
                   "pattern": "^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$"
                 },
                 "onPremisesSamAccountName": {
-                  "const": ""
+                  "const": "alice"
                 },
                 "userType": {
                   "const": "Member"