PurgeIdentityService.java
/*
* Copyright (c) 2002-2024, City of Paris
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* 1. Redistributions of source code must retain the above copyright notice
* and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright notice
* and the following disclaimer in the documentation and/or other materials
* provided with the distribution.
*
* 3. Neither the name of 'Mairie de Paris' nor 'Lutece' nor the names of its
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
* License 1.0
*/
package fr.paris.lutece.plugins.identitystore.service;
import static fr.paris.lutece.plugins.identitystore.service.identity.IdentityService.UPDATE_IDENTITY_EVENT_CODE;
import java.sql.Date;
import java.sql.Timestamp;
import java.time.Instant;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.time.ZonedDateTime;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import fr.paris.lutece.plugins.grubusiness.business.demand.DemandType;
import fr.paris.lutece.plugins.grubusiness.business.web.rs.DemandDisplay;
import fr.paris.lutece.plugins.grubusiness.business.web.rs.DemandResult;
import fr.paris.lutece.plugins.grubusiness.business.web.rs.EnumGenericStatus;
import fr.paris.lutece.plugins.identitystore.business.contract.ServiceContract;
import fr.paris.lutece.plugins.identitystore.business.identity.Identity;
import fr.paris.lutece.plugins.identitystore.business.identity.IdentityHome;
import fr.paris.lutece.plugins.identitystore.service.contract.ServiceContractService;
import fr.paris.lutece.plugins.identitystore.service.identity.IdentityService;
import fr.paris.lutece.plugins.identitystore.service.listeners.IdentityStoreNotifyListenerService;
import fr.paris.lutece.plugins.identitystore.service.user.InternalUserService;
import fr.paris.lutece.plugins.identitystore.v3.web.rs.dto.common.AuthorType;
import fr.paris.lutece.plugins.identitystore.v3.web.rs.dto.common.RequestAuthor;
import fr.paris.lutece.plugins.identitystore.v3.web.rs.dto.common.ResponseStatusType;
import fr.paris.lutece.plugins.identitystore.v3.web.rs.dto.history.IdentityChangeType;
import fr.paris.lutece.plugins.identitystore.web.exception.ClientAuthorizationException;
import fr.paris.lutece.plugins.notificationstore.v1.web.service.NotificationStoreService;
import fr.paris.lutece.portal.service.security.AccessLogService;
import fr.paris.lutece.portal.service.security.AccessLoggerConstants;
import fr.paris.lutece.portal.service.spring.SpringContextService;
import fr.paris.lutece.portal.service.util.AppLogService;
import fr.paris.lutece.portal.service.util.AppPropertiesService;
public final class PurgeIdentityService
{
public static final String KEY_INFOS_ARE_MISSING = "isInfosAreMissing";
public static final String KEY_AT_LEAST_ONE_CS_FOUND = "isAtLeastOneServiceContractFound";
private static PurgeIdentityService _instance;
private final NotificationStoreService _notificationStoreService = SpringContextService.getBean( "notificationStore.notificationStoreService" );
private final IdentityStoreNotifyListenerService _identityStoreNotifyListenerService = IdentityStoreNotifyListenerService.instance( );
public static PurgeIdentityService getInstance( )
{
if ( _instance == null )
{
_instance = new PurgeIdentityService( );
}
return _instance;
}
/**
* purge identities
*
* @return log {@link StringBuilder}
*/
public String purge( final RequestAuthor daemonAuthor, final String daemonClientCode, final List<String> excludedAppCodes, final int batchLimit )
{
final StringBuilder msg = new StringBuilder( );
final boolean isDryRun = AppPropertiesService.getPropertyBoolean ( "daemon.purgeIdentityDaemon.dryRun", false );
final int nMaxCguRetentionPeridodInMonths = AppPropertiesService.getPropertyInt( "daemon.purgeIdentityDaemon.maxCguRetentionPeridodInMonths", 120 );
// search identities with a passed peremption date, not merged to a primary identity, and not associated to a MonParis account
final List<Identity> expiredIdentities = IdentityHome.findExpiredNotMergedAndNotConnectedIdentities(
batchLimit, AppPropertiesService.getPropertyBoolean ( "daemon.purgeIdentityDaemon.withGuidOnly", true) );
final Timestamp now = Timestamp.from( Instant.now( ) );
final Timestamp olderCguRetentionDate = Timestamp.valueOf ( now.toLocalDateTime ( ).minusMonths ( nMaxCguRetentionPeridodInMonths ) );
msg.append( expiredIdentities.size( ) ).append( " expired identities found" ).append( "\n" );
for ( final Identity expiredIdentity : expiredIdentities )
{
try
{
final List<Identity> mergedIdentities = IdentityHome.findMergedIdentities( expiredIdentity.getId( ) );
// Get Demands notifications associated to each identity or its merged ones
DemandResult demandResult = _notificationStoreService.getListDemand( expiredIdentity.getCustomerId( ), null, null, null, null );
final List<DemandDisplay> demandDisplayList = demandResult.getListDemandDisplay() == null ? new ArrayList<>() : new ArrayList<>(demandResult.getListDemandDisplay());
for ( final Identity mergedIdentity : mergedIdentities )
{
final DemandResult mergedDemands = _notificationStoreService.getListDemand( mergedIdentity.getCustomerId( ), null, null, null, null );
if ( mergedDemands.getListDemandDisplay( ) != null )
{
demandDisplayList.addAll( mergedDemands.getListDemandDisplay( ) );
}
}
Map<String,Boolean> indicators = new HashMap<>( );
indicators.put( KEY_AT_LEAST_ONE_CS_FOUND, false);
indicators.put( KEY_INFOS_ARE_MISSING, false);
// Calculate the new expiration date (date of demand last update + CGUs term)
Timestamp demandExpirationDateMAX = expiredIdentity.getExpirationDate( );
for ( final DemandDisplay demand : demandDisplayList )
{
final Timestamp expirationDateFromDemand = checkExpirationDateByDemand( demand,
indicators, excludedAppCodes, msg, _notificationStoreService );
// keep the max expiration date
if ( expirationDateFromDemand != null && demandExpirationDateMAX.before( expirationDateFromDemand ) )
{
demandExpirationDateMAX = expirationDateFromDemand;
}
}
// check if expiredIdentity should be preserved or can be deleted
if ( demandExpirationDateMAX.after( now ) )
{
// expiration date calculated from most recent demand is later than today
// => update the expiration date of expiredIdentity : it will be deleted later
expiredIdentity.setExpirationDate( demandExpirationDateMAX );
IdentityHome.update( expiredIdentity );
// re-index and add history
IdentityStoreNotifyListenerService.instance( ).notifyListenersIdentityChange( IdentityChangeType.UPDATE, expiredIdentity,
"EXPIRATION_POSTPONED", StringUtils.EMPTY, daemonAuthor, daemonClientCode, Collections.emptyMap( ) );
AccessLogService.getInstance( ).info( AccessLoggerConstants.EVENT_TYPE_MODIFY, UPDATE_IDENTITY_EVENT_CODE,
InternalUserService.getInstance( ).getApiUser( daemonAuthor, daemonClientCode ), null, "PURGE_DAEMON" );
msg.append( "Identity expiration date updated : [" ).append( expiredIdentity.getCustomerId( ) ).append( "]" ).append( "\n" );
}
else if ( indicators.get( KEY_INFOS_ARE_MISSING ) && demandExpirationDateMAX.after( olderCguRetentionDate ) )
{
// if infos are missing (but the maximum CGU retention period has not been reached)
if ( !indicators.get( KEY_AT_LEAST_ONE_CS_FOUND ) )
{
msg.append ( "No service contact found for identity [").append( expiredIdentity.getCustomerId( ) ).append ( "]\n");
}
// not enough infos to delete identity
msg.append( "Unsufficient infos to delete [" ).append( expiredIdentity.getCustomerId( ) ).append( "]" ).append( "\n" );
// Notify listeners
_identityStoreNotifyListenerService.notifyListenersIdentityChange(IdentityChangeType.DELETION_ATTEMPT_FAILED, expiredIdentity,
ResponseStatusType.UNAUTHORIZED.name(),ResponseStatusType.UNAUTHORIZED.name(),
new RequestAuthor ("DAEMON", AuthorType.application.name ( ) ), "DAEMON", null);
}
else if ( isDryRun )
{
// Dry run : test mode only (no deletion)
msg.append( "(Dry run) should Detete Identity [" ).append( expiredIdentity.getCustomerId( ) ).append( "]" ).append( "\n" );
}
else
{
// if the updated peremption date still passed, delete the identity (and children as merged identities,
// suspicious, attributes and attributes history, etc ...) EXCEPT the identity history
IdentityService.instance( ).delete( expiredIdentity.getCustomerId( ) );
msg.append( "Detete Identity [" ).append( expiredIdentity.getCustomerId( ) ).append( "]" ).append( "\n" );
// delete notifications
_notificationStoreService.deleteNotificationByCuid( expiredIdentity.getCustomerId( ) );
msg.append( "Notifications deleted for main identity [" ).append( expiredIdentity.getCustomerId( ) ).append( "]" ).append( "\n" );
for ( final Identity mergedIdentity : mergedIdentities )
{
_notificationStoreService.deleteNotificationByCuid( mergedIdentity.getCustomerId( ) );
msg.append( "Notifications deleted for merged identity [" ).append( mergedIdentity.getCustomerId( ) ).append( "]" ).append( "\n" );
}
}
}
catch( final Exception e )
{
msg.append( "Daemon execution error for identity : " ).append( expiredIdentity.getCustomerId( ) ).append( " :: " ).append( e.getMessage( ) )
.append( "\n" );
return msg.toString( );
}
}
// return message for daemons
return msg.toString( );
}
/**
* get app code
*
* @param strTypeId
* the type id
* @return the app code
*/
public static String getAppCodeFromDemandTypeId( final String strTypeId, NotificationStoreService notificationStoreService )
{
DemandType demandType = notificationStoreService.getDemandType( strTypeId );
if ( demandType != null )
{
return demandType.getAppCode( );
}
return null;
}
/**
* check Expiration Date By Demand
*
* @param demand
* @param isAtLeastOneServiceContractFound
* @param isInfosAreMissing
* @param excludedAppCodes
* @param msg
* @return
* @throws ClientAuthorizationException
*/
public static Timestamp checkExpirationDateByDemand( DemandDisplay demand,
Map<String,Boolean> indicators, List<String> excludedAppCodes, StringBuilder msg,
NotificationStoreService notificationStoreService) throws ClientAuthorizationException
{
// ignore canceled demands
if (demand.getDemand().getStatusId() == EnumGenericStatus.CANCELED.getStatusId()) {
return null;
}
final String appCode = getAppCodeFromDemandTypeId( demand.getDemand( ).getTypeId( ), notificationStoreService );
if ( appCode == null )
{
msg.append( "Unknown AppCode for demand_type_id : ")
.append ( (demand.getDemand( ).getTypeId( )!=null?demand.getDemand( ).getTypeId( ):"") )
.append ( "\n" );
AppLogService.info( "CheckExpirationDate / Unknown AppCode for demand_type_id : "
+ (demand.getDemand( ).getTypeId( )!=null?demand.getDemand( ).getTypeId( ):"") );
indicators.put( KEY_INFOS_ARE_MISSING, true);
}
if ( appCode!=null && !excludedAppCodes.contains( appCode.toUpperCase( ) ) )
{
final List<String> clientCodeList = ServiceContractService.instance( ).getClientCodesFromAppCode( appCode.toUpperCase( ) );
int nbMonthsCGUsMAX = 0;
for ( final String clientCode : clientCodeList )
{
// if there is more than one client code for the app_code, keep the max value of cgus
Timestamp tscreate = new Timestamp( demand.getDemand( ).getCreationDate( ) );
Date demandCreationDate = Date.valueOf( tscreate.toLocalDateTime( ).toLocalDate( ) );
ServiceContract sc = ServiceContractService.instance( ).getActiveServiceContractAtSpecificDate( clientCode, demandCreationDate );
if ( sc == null )
{
sc = ServiceContractService.instance( ).getActiveServiceContract( clientCode );
}
if ( sc != null )
{
indicators.put( KEY_AT_LEAST_ONE_CS_FOUND, true);
if ( sc.getDataRetentionPeriodInMonths( ) > nbMonthsCGUsMAX )
{
nbMonthsCGUsMAX = sc.getDataRetentionPeriodInMonths( );
}
}
else
{
indicators.put( KEY_INFOS_ARE_MISSING, true);
}
}
final ZonedDateTime demandDate = ZonedDateTime.ofInstant( Instant.ofEpochMilli( demand.getDemand( ).getModifyDate( ) ),
ZoneId.systemDefault( ) );
final Timestamp expirationDateFromDemand = Timestamp.from( demandDate.plusMonths( nbMonthsCGUsMAX ).toInstant( ) );
return expirationDateFromDemand;
}
return null;
}
}