From f7b41e437a2b9a1a8f51e59e24d0979480db66ad Mon Sep 17 00:00:00 2001
From: guillaume-peoch-sonarsource <guillaume.peoch@sonarsource.com>
Date: Mon, 18 Dec 2023 11:26:10 +0100
Subject: [PATCH] SONAR-21247 Add button to trigger the sync

---
 .../auth/bitbucket/BitbucketSettings.java     |  2 +-
 .../org/sonar/auth/github/GitHubSettings.java |  2 +-
 .../org/sonar/auth/gitlab/GitLabSettings.java | 10 +--
 .../src/main/js/api/gitlab-provisioning.ts    |  4 ++
 .../GitLabAuthenticationTab.tsx               | 64 +++++++++----------
 .../main/js/helpers/mocks/definitions-list.ts | 10 +--
 .../src/main/js/queries/group-memberships.ts  |  2 -
 .../js/queries/identity-provider/gitlab.ts    | 23 ++++++-
 server/sonar-web/src/main/js/queries/users.ts |  1 -
 .../resources/org/sonar/l10n/core.properties  | 13 ++--
 10 files changed, 78 insertions(+), 53 deletions(-)

diff --git a/server/sonar-auth-bitbucket/src/main/java/org/sonar/auth/bitbucket/BitbucketSettings.java b/server/sonar-auth-bitbucket/src/main/java/org/sonar/auth/bitbucket/BitbucketSettings.java
index 7c7ed7675b3..3568e070be6 100755
--- a/server/sonar-auth-bitbucket/src/main/java/org/sonar/auth/bitbucket/BitbucketSettings.java
+++ b/server/sonar-auth-bitbucket/src/main/java/org/sonar/auth/bitbucket/BitbucketSettings.java
@@ -105,7 +105,7 @@ public class BitbucketSettings {
         .build(),
       PropertyDefinition.builder(ALLOW_USERS_TO_SIGN_UP)
         .name("Allow users to sign up")
-        .description("Allow new users to authenticate. When set to 'false', only existing users will be able to authenticate.")
+        .description("Allow new users to authenticate. When set to disabled, only existing users will be able to authenticate.")
         .category(CATEGORY)
         .subCategory(SUBCATEGORY)
         .type(PropertyType.BOOLEAN)
diff --git a/server/sonar-auth-github/src/main/java/org/sonar/auth/github/GitHubSettings.java b/server/sonar-auth-github/src/main/java/org/sonar/auth/github/GitHubSettings.java
index cd7790371f6..5a50ee8980d 100644
--- a/server/sonar-auth-github/src/main/java/org/sonar/auth/github/GitHubSettings.java
+++ b/server/sonar-auth-github/src/main/java/org/sonar/auth/github/GitHubSettings.java
@@ -227,7 +227,7 @@ public class GitHubSettings implements DevOpsPlatformSettings {
         .build(),
       PropertyDefinition.builder(ALLOW_USERS_TO_SIGN_UP)
         .name("Allow users to sign up")
-        .description("Allow new users to authenticate. When set to 'false', only existing users will be able to authenticate to the server.")
+        .description("Allow new users to authenticate. When set to disabled, only existing users will be able to authenticate to the server.")
         .category(CATEGORY)
         .subCategory(SUBCATEGORY)
         .type(BOOLEAN)
diff --git a/server/sonar-auth-gitlab/src/main/java/org/sonar/auth/gitlab/GitLabSettings.java b/server/sonar-auth-gitlab/src/main/java/org/sonar/auth/gitlab/GitLabSettings.java
index ff9ea68ee67..4d92bab2290 100644
--- a/server/sonar-auth-gitlab/src/main/java/org/sonar/auth/gitlab/GitLabSettings.java
+++ b/server/sonar-auth-gitlab/src/main/java/org/sonar/auth/gitlab/GitLabSettings.java
@@ -147,7 +147,7 @@ public class GitLabSettings implements DevOpsPlatformSettings {
         .build(),
       PropertyDefinition.builder(GITLAB_AUTH_ALLOW_USERS_TO_SIGNUP)
         .name("Allow users to sign up")
-        .description("Allow new users to authenticate. When set to 'false', only existing users will be able to authenticate to the server.")
+        .description("Allow new users to authenticate. When set to disabled, only existing users will be able to authenticate to the server.")
         .category(CATEGORY)
         .subCategory(SUBCATEGORY)
         .type(BOOLEAN)
@@ -158,7 +158,7 @@ public class GitLabSettings implements DevOpsPlatformSettings {
         .deprecatedKey("sonar.auth.gitlab.sync_user_groups")
         .name("Synchronize user groups")
         .description("For each GitLab group they belong to, the user will be associated to a group with the same name (if it exists) in SonarQube." +
-          " If enabled, the GitLab Oauth2 application will need to provide the api scope.")
+          " If enabled, the GitLab OAuth 2 application will need to provide the api scope.")
         .category(CATEGORY)
         .subCategory(SUBCATEGORY)
         .type(PropertyType.BOOLEAN)
@@ -167,7 +167,8 @@ public class GitLabSettings implements DevOpsPlatformSettings {
         .build(),
       PropertyDefinition.builder(GITLAB_AUTH_PROVISIONING_TOKEN)
         .name("Provisioning token")
-        .description("Token used for provisioning users. Both a group or a personal access token can be used as soon as it has visibility on desired groups.")
+        .description("Token used for user provisioning." +
+          " You can either use a group or a personal access token, as long as it has visibility on the groups that need to be imported.")
         .category(CATEGORY)
         .subCategory(SUBCATEGORY)
         .type(PASSWORD)
@@ -175,7 +176,8 @@ public class GitLabSettings implements DevOpsPlatformSettings {
         .build(),
       PropertyDefinition.builder(GITLAB_AUTH_PROVISIONING_GROUPS)
         .name("Groups")
-        .description("Only members of these groups (and sub-groups) will be provisioned. Please enter the group slug as it appears in GitLab URL, for instance `my-gitlab-group`.")
+        .description("Only members of these groups (and sub-groups) will be provisioned." +
+          " Please enter the group slug as it appears in the GitLab URL, for instance `my-gitlab-group`.")
         .multiValues(true)
         .category(CATEGORY)
         .subCategory(SUBCATEGORY)
diff --git a/server/sonar-web/src/main/js/api/gitlab-provisioning.ts b/server/sonar-web/src/main/js/api/gitlab-provisioning.ts
index d4f3d856928..81b3549076e 100644
--- a/server/sonar-web/src/main/js/api/gitlab-provisioning.ts
+++ b/server/sonar-web/src/main/js/api/gitlab-provisioning.ts
@@ -59,3 +59,7 @@ export function updateGitLabConfiguration(
 export function deleteGitLabConfiguration(id: string): Promise<void> {
   return axios.delete(`${GITLAB_CONFIGURATIONS}/${id}`);
 }
+
+export function syncNowGitLabProvisioning(): Promise<void> {
+  return axios.post('/api/v2/dop-translation/gitlab-synchronization-runs');
+}
diff --git a/server/sonar-web/src/main/js/apps/settings/components/authentication/GitLabAuthenticationTab.tsx b/server/sonar-web/src/main/js/apps/settings/components/authentication/GitLabAuthenticationTab.tsx
index 832702ddd33..95852b9f325 100644
--- a/server/sonar-web/src/main/js/apps/settings/components/authentication/GitLabAuthenticationTab.tsx
+++ b/server/sonar-web/src/main/js/apps/settings/components/authentication/GitLabAuthenticationTab.tsx
@@ -36,6 +36,7 @@ import { useIdentityProviderQuery } from '../../../../queries/identity-provider/
 import {
   useDeleteGitLabConfigurationMutation,
   useGitLabConfigurationsQuery,
+  useSyncWithGitLabNow,
   useUpdateGitLabConfigurationMutation,
 } from '../../../../queries/identity-provider/gitlab';
 import { AlmKeys } from '../../../../types/alm-settings';
@@ -91,6 +92,8 @@ export default function GitLabAuthenticationTab() {
   const { data: list, isLoading: isLoadingList } = useGitLabConfigurationsQuery();
   const configuration = list?.gitlabConfigurations[0];
 
+  const { canSyncNow, synchronizeNow } = useSyncWithGitLabNow();
+
   const { mutate: updateConfig, isLoading: isUpdating } = useUpdateGitLabConfigurationMutation();
   const { mutate: deleteConfig, isLoading: isDeleting } = useDeleteGitLabConfigurationMutation();
 
@@ -282,20 +285,15 @@ export default function GitLabAuthenticationTab() {
                       <FormattedMessage id="settings.authentication.gitlab.provisioning_at_login.description" />
                     </p>
                     <p className="spacer-bottom">
-                      <FormattedMessage
-                        id="settings.authentication.gitlab.description.doc"
-                        values={{
-                          documentation: (
-                            <DocLink
-                              to={`/instance-administration/authentication/${
-                                DOCUMENTATION_LINK_SUFFIXES[AlmKeys.GitLab]
-                              }/`}
-                            >
-                              {translate('documentation')}
-                            </DocLink>
-                          ),
-                        }}
-                      />
+                      <DocLink
+                        to={`/instance-administration/authentication/${
+                          DOCUMENTATION_LINK_SUFFIXES[AlmKeys.GitLab]
+                        }/#choosing-the-provisioning-method`}
+                      >
+                        {translate(
+                          `settings.authentication.gitlab.description.${ProvisioningType.jit}.learn_more`,
+                        )}
+                      </DocLink>
                     </p>
                     {provisioningType === ProvisioningType.jit &&
                       allowUsersToSignUpDefinition !== undefined && (
@@ -338,31 +336,33 @@ export default function GitLabAuthenticationTab() {
                           )}
                         </p>
                         <p className="spacer-bottom">
-                          <FormattedMessage
-                            id="settings.authentication.gitlab.description.doc"
-                            values={{
-                              documentation: (
-                                <DocLink
-                                  to={`/instance-administration/authentication/${
-                                    DOCUMENTATION_LINK_SUFFIXES[AlmKeys.GitLab]
-                                  }/`}
-                                >
-                                  {translate('documentation')}
-                                </DocLink>
-                              ),
-                            }}
-                          />
+                          <DocLink
+                            to={`/instance-administration/authentication/${
+                              DOCUMENTATION_LINK_SUFFIXES[AlmKeys.GitLab]
+                            }/#choosing-the-provisioning-method`}
+                          >
+                            {translate(
+                              `settings.authentication.gitlab.description.${ProvisioningType.auto}.learn_more`,
+                            )}
+                          </DocLink>
                         </p>
 
                         {configuration?.synchronizationType === ProvisioningType.auto && (
-                          <>
-                            <GitLabSynchronisationWarning />
-                            <hr className="spacer-top" />
-                          </>
+                          <GitLabSynchronisationWarning />
                         )}
 
                         {provisioningType === ProvisioningType.auto && (
                           <>
+                            <div className="sw-flex sw-flex-1 spacer-bottom">
+                              <Button
+                                className="spacer-top width-30"
+                                onClick={synchronizeNow}
+                                disabled={!canSyncNow}
+                              >
+                                {translate('settings.authentication.github.synchronize_now')}
+                              </Button>
+                            </div>
+                            <hr />
                             <AuthenticationFormField
                               settingValue={provisioningToken}
                               key={tokenKey}
diff --git a/server/sonar-web/src/main/js/helpers/mocks/definitions-list.ts b/server/sonar-web/src/main/js/helpers/mocks/definitions-list.ts
index 05a75dff539..9ccb10840a0 100644
--- a/server/sonar-web/src/main/js/helpers/mocks/definitions-list.ts
+++ b/server/sonar-web/src/main/js/helpers/mocks/definitions-list.ts
@@ -202,7 +202,7 @@ export const definitions: ExtendedSettingDefinition[] = [
     key: 'sonar.auth.bitbucket.allowUsersToSignUp',
     name: 'Allow users to sign up',
     description:
-      "Allow new users to authenticate. When set to 'false', only existing users will be able to authenticate.",
+      'Allow new users to authenticate. When set to disabled, only existing users will be able to authenticate.',
     type: SettingType.BOOLEAN,
     category: 'authentication',
     subCategory: 'bitbucket',
@@ -214,7 +214,7 @@ export const definitions: ExtendedSettingDefinition[] = [
     key: 'sonar.auth.github.allowUsersToSignUp',
     name: 'Allow users to sign up',
     description:
-      "Allow new users to authenticate. When set to 'false', only existing users will be able to authenticate to the server.",
+      'Allow new users to authenticate. When set to disabled, only existing users will be able to authenticate to the server.',
     type: SettingType.BOOLEAN,
     category: 'authentication',
     subCategory: 'github',
@@ -246,7 +246,7 @@ export const definitions: ExtendedSettingDefinition[] = [
     key: 'sonar.auth.gitlab.allowUsersToSignUp',
     name: 'Allow users to sign up',
     description:
-      "Allow new users to authenticate. When set to 'false', only existing users will be able to authenticate to the server.",
+      'Allow new users to authenticate. When set to disabled, only existing users will be able to authenticate to the server.',
     type: SettingType.BOOLEAN,
     category: 'authentication',
     subCategory: 'gitlab',
@@ -258,7 +258,7 @@ export const definitions: ExtendedSettingDefinition[] = [
     key: 'provisioning.gitlab.token.secured',
     name: 'Provisioning token',
     description:
-      'Token used for provisioning users. Both a group or a personal access token can be used as soon as it has visibility on desired groups.',
+      'Token used for user provisioning. You can either use a group or a personal access token, as long as it has visibility on the groups that need to be imported.',
     type: SettingType.PASSWORD,
     category: 'authentication',
     subCategory: 'gitlab',
@@ -323,7 +323,7 @@ export const definitions: ExtendedSettingDefinition[] = [
     key: 'sonar.auth.gitlab.groupsSync',
     name: 'Synchronize user groups',
     description:
-      'For each GitLab group they belong to, the user will be associated to a group with the same name (if it exists) in SonarQube. If enabled, the GitLab Oauth2 application will need to provide the api scope.',
+      'For each GitLab group they belong to, the user will be associated to a group with the same name (if it exists) in SonarQube. If enabled, the GitLab OAuth 2 application will need to provide the api scope.',
     type: SettingType.BOOLEAN,
     category: 'authentication',
     subCategory: 'gitlab',
diff --git a/server/sonar-web/src/main/js/queries/group-memberships.ts b/server/sonar-web/src/main/js/queries/group-memberships.ts
index 664a949841b..5cdf3efcb40 100644
--- a/server/sonar-web/src/main/js/queries/group-memberships.ts
+++ b/server/sonar-web/src/main/js/queries/group-memberships.ts
@@ -30,7 +30,6 @@ import { translateWithParameters } from '../helpers/l10n';
 import { getNextPageParam, getPreviousPageParam } from '../helpers/react-query';
 import { RestUserDetailed } from '../types/users';
 
-const STALE_TIME = 4 * 60 * 1000;
 const DOMAIN = 'group-memberships';
 const GROUP_SUB_DOMAIN = 'users-of-group';
 
@@ -84,7 +83,6 @@ export function useGroupMembersCountQuery(groupId: string) {
   return useQuery({
     queryKey: [DOMAIN, GROUP_SUB_DOMAIN, 'count', groupId],
     queryFn: () => getGroupMemberships({ groupId, pageSize: 0 }).then((r) => r.page.total),
-    staleTime: STALE_TIME,
   });
 }
 
diff --git a/server/sonar-web/src/main/js/queries/identity-provider/gitlab.ts b/server/sonar-web/src/main/js/queries/identity-provider/gitlab.ts
index 8368d986e5a..353581ab6aa 100644
--- a/server/sonar-web/src/main/js/queries/identity-provider/gitlab.ts
+++ b/server/sonar-web/src/main/js/queries/identity-provider/gitlab.ts
@@ -24,9 +24,10 @@ import {
   createGitLabConfiguration,
   deleteGitLabConfiguration,
   fetchGitLabConfigurations,
+  syncNowGitLabProvisioning,
   updateGitLabConfiguration,
 } from '../../api/gitlab-provisioning';
-import { AlmSyncStatus } from '../../types/provisioning';
+import { AlmSyncStatus, ProvisioningType } from '../../types/provisioning';
 import { TaskStatuses, TaskTypes } from '../../types/tasks';
 
 export function useGitLabConfigurationsQuery() {
@@ -152,3 +153,23 @@ export function useGitLabSyncStatusQuery() {
     },
   );
 }
+
+export function useSyncWithGitLabNow() {
+  const queryClient = useQueryClient();
+  const { data: syncStatus } = useGitLabSyncStatusQuery();
+  const { data: gitlabConfigurations } = useGitLabConfigurationsQuery();
+  const autoProvisioningEnabled = gitlabConfigurations?.gitlabConfigurations.some(
+    (configuration) =>
+      configuration.enabled && configuration.synchronizationType === ProvisioningType.auto,
+  );
+  const mutation = useMutation(syncNowGitLabProvisioning, {
+    onSuccess: () => {
+      queryClient.invalidateQueries(['identity_provider', 'gitlab_sync']);
+    },
+  });
+
+  return {
+    synchronizeNow: mutation.mutate,
+    canSyncNow: autoProvisioningEnabled && !syncStatus?.nextSync && !mutation.isLoading,
+  };
+}
diff --git a/server/sonar-web/src/main/js/queries/users.ts b/server/sonar-web/src/main/js/queries/users.ts
index 6c693e83d02..f1fe0a05ef4 100644
--- a/server/sonar-web/src/main/js/queries/users.ts
+++ b/server/sonar-web/src/main/js/queries/users.ts
@@ -59,7 +59,6 @@ export function useUserGroupsCountQuery(login: string) {
   return useQuery({
     queryKey: ['user', login, 'groups', 'total'],
     queryFn: () => getUserGroups({ login, ps: 1 }).then((r) => r.paging.total),
-    staleTime: STALE_TIME,
   });
 }
 
diff --git a/sonar-core/src/main/resources/org/sonar/l10n/core.properties b/sonar-core/src/main/resources/org/sonar/l10n/core.properties
index a99a9a94c1d..b5d927e23cd 100644
--- a/sonar-core/src/main/resources/org/sonar/l10n/core.properties
+++ b/sonar-core/src/main/resources/org/sonar/l10n/core.properties
@@ -1498,7 +1498,7 @@ settings.authentication.title=Authentication
 settings.authentication.custom_message_information=You can define a custom log-in message to appear on the log-in page to help your users authenticate. The relevant settings are available under the {link} section.
 settings.authentication.custom_message_information.link=General
 settings.authentication.description=The following settings allow you to delegate authentication via SAML, or any of the following DevOps Platforms: GitHub, GitLab, and Bitbucket.
-settings.authentication.help=If you need help setting up authentication, read our dedicated {link}.
+settings.authentication.help=For details on how to set up authentication, check out the {link}.
 settings.authentication.legacy_help.github=Compatibility with GitHub OAuth App is deprecated and will be removed in a future release. Please check out the {link} for information on how to update your configuration.
 settings.authentication.help.link=documentation
 settings.authentication.form.create=Create configuration
@@ -1589,16 +1589,17 @@ settings.authentication.gitlab.form.url.description=URL to access GitLab.
 settings.authentication.gitlab.form.secret.name=Secret
 settings.authentication.gitlab.form.secret.description=Secret provided by GitLab when registering the application.
 settings.authentication.gitlab.form.synchronizeGroups.name=Synchronize user groups
-settings.authentication.gitlab.form.synchronizeGroups.description=For each GitLab group they belong to, the user will be associated to a group with the same name (if it exists) in SonarQube. If enabled, the GitLab Oauth2 application will need to provide the api scope.
+settings.authentication.gitlab.form.synchronizeGroups.description=For each GitLab group they belong to, the user will be associated to a group with the same name (if it exists) in SonarQube. If enabled, the GitLab OAuth 2 application will need to provide the api scope.
 settings.authentication.gitlab.form.provisioningGroups.name=Groups
-settings.authentication.gitlab.form.provisioningGroups.description=Only members of these groups (and sub-groups) will be provisioned. Please enter the group slug as it appears in GitLab URL, for instance `my-gitlab-group`.
+settings.authentication.gitlab.form.provisioningGroups.description=Only members of these groups (and sub-groups) will be provisioned. Please enter the group slug as it appears in the GitLab URL, for instance `my-gitlab-group`.
 settings.authentication.gitlab.form.allowUsersToSignUp.name=Allow users to sign up
-settings.authentication.gitlab.form.allowUsersToSignUp.description=Allow new users to authenticate. When set to 'false', only existing users will be able to authenticate to the server.
+settings.authentication.gitlab.form.allowUsersToSignUp.description=Allow new users to authenticate. When set to disabled, only existing users will be able to authenticate to the server.
 settings.authentication.gitlab.form.provisioningToken.name=Provisioning token
-settings.authentication.gitlab.form.provisioningToken.description=Token used for provisioning users. Both a group or a personal access token can be used as soon as it has visibility on desired groups.
+settings.authentication.gitlab.form.provisioningToken.description=Token used for user provisioning. You can either use a group or a personal access token, as long as it has visibility on the groups that need to be imported.
 settings.authentication.gitlab.provisioning_at_login=Just-in-Time user provisioning (default)
 settings.authentication.gitlab.provisioning_at_login.description=Users are synchronized only when users log in to SonarQube.
-settings.authentication.gitlab.description.doc=For more details, see {documentation}.
+settings.authentication.gitlab.description.JIT.learn_more=Learn more about Just-in-Time provisioning with GitLab
+settings.authentication.gitlab.description.AUTO_PROVISIONING.learn_more=Learn more about automatic provisioning with GitLab
 settings.authentication.gitlab.confirm.AUTO_PROVISIONING=Switch to automatic provisioning
 settings.authentication.gitlab.confirm.JIT=Switch to Just-in-Time provisioning
 settings.authentication.gitlab.confirm.AUTO_PROVISIONING.description=Once you transition to automatic provisioning users and groups on GitLab projects will be inherited from GitLab. You will no longer have the ability to edit them within SonarQube. Do you want to proceed with this change?
-- 
2.39.5