TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-12 19:14:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
236930f109
zitadel/internal/command/restrictions_test.go

190 lines
4.9 KiB
Go
Raw Normal View History

feat: option to disallow public org registration (#6917) * feat: return 404 or 409 if org reg disallowed * fix: system limit permissions * feat: add iam limits api * feat: disallow public org registrations on default instance * add integration test * test: integration * fix test * docs: describe public org registrations * avoid updating docs deps * fix system limits integration test * silence integration tests * fix linting * ignore strange linter complaints * review * improve reset properties naming * redefine the api * use restrictions aggregate * test query * simplify and test projection * test commands * fix unit tests * move integration test * support restrictions on default instance * also test GetRestrictions * self review * lint * abstract away resource owner * fix tests * lint
2023-11-22 09:29:38 +00:00
package command
import (
"context"
"testing"
"github.com/muhlemmer/gu"
"github.com/stretchr/testify/assert"
"github.com/zitadel/zitadel/internal/api/authz"
"github.com/zitadel/zitadel/internal/domain"
zitadel_errs "github.com/zitadel/zitadel/internal/errors"
"github.com/zitadel/zitadel/internal/eventstore"
"github.com/zitadel/zitadel/internal/id"
id_mock "github.com/zitadel/zitadel/internal/id/mock"
"github.com/zitadel/zitadel/internal/repository/restrictions"
)
func TestSetRestrictions(t *testing.T) {
type fields func(*testing.T) (*eventstore.Eventstore, id.Generator)
type args struct {
ctx context.Context
setRestrictions *SetRestrictions
}
type res struct {
want *domain.ObjectDetails
err func(error) bool
}
tests := []struct {
name string
fields fields
args args
res res
}{
{
name: "set new restrictions",
fields: func(*testing.T) (*eventstore.Eventstore, id.Generator) {
return eventstoreExpect(
t,
expectFilter(),
expectPush(
eventFromEventPusherWithInstanceID(
"instance1",
restrictions.NewSetEvent(
eventstore.NewBaseEventForPush(
context.Background(),
&restrictions.NewAggregate("restrictions1", "instance1", "instance1").Aggregate,
restrictions.SetEventType,
),
restrictions.ChangePublicOrgRegistrations(true),
),
),
),
),
id_mock.NewIDGeneratorExpectIDs(t, "restrictions1")
},
args: args{
ctx: authz.WithInstanceID(context.Background(), "instance1"),
setRestrictions: &SetRestrictions{
DisallowPublicOrgRegistration: gu.Ptr(true),
},
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "instance1",
},
},
},
{
name: "change restrictions",
fields: func(*testing.T) (*eventstore.Eventstore, id.Generator) {
return eventstoreExpect(
t,
expectFilter(
eventFromEventPusher(
restrictions.NewSetEvent(
eventstore.NewBaseEventForPush(
context.Background(),
&restrictions.NewAggregate("restrictions1", "instance1", "instance1").Aggregate,
restrictions.SetEventType,
),
restrictions.ChangePublicOrgRegistrations(true),
),
),
),
expectPush(
eventFromEventPusherWithInstanceID(
"instance1",
restrictions.NewSetEvent(
eventstore.NewBaseEventForPush(
context.Background(),
&restrictions.NewAggregate("restrictions1", "instance1", "instance1").Aggregate,
restrictions.SetEventType,
),
restrictions.ChangePublicOrgRegistrations(false),
),
),
),
),
nil
},
args: args{
ctx: authz.WithInstanceID(context.Background(), "instance1"),
setRestrictions: &SetRestrictions{
DisallowPublicOrgRegistration: gu.Ptr(false),
},
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "instance1",
},
},
},
{
name: "set restrictions idempotency",
fields: func(*testing.T) (*eventstore.Eventstore, id.Generator) {
return eventstoreExpect(
t,
expectFilter(
eventFromEventPusher(
restrictions.NewSetEvent(
eventstore.NewBaseEventForPush(
context.Background(),
&restrictions.NewAggregate("restrictions1", "instance1", "instance1").Aggregate,
restrictions.SetEventType,
),
restrictions.ChangePublicOrgRegistrations(true),
),
),
),
),
nil
},
args: args{
ctx: authz.WithInstanceID(context.Background(), "instance1"),
setRestrictions: &SetRestrictions{
DisallowPublicOrgRegistration: gu.Ptr(true),
},
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "instance1",
},
},
},
{
name: "no restrictions defined",
fields: func(*testing.T) (*eventstore.Eventstore, id.Generator) {
return eventstoreExpect(t,
expectFilter(
eventFromEventPusher(
restrictions.NewSetEvent(
eventstore.NewBaseEventForPush(
context.Background(),
&restrictions.NewAggregate("restrictions1", "instance1", "instance1").Aggregate,
restrictions.SetEventType,
),
restrictions.ChangePublicOrgRegistrations(true),
),
),
),
), nil
},
args: args{
ctx: authz.WithInstanceID(context.Background(), "instance1"),
setRestrictions: &SetRestrictions{},
},
res: res{
err: zitadel_errs.IsErrorInvalidArgument,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
r := new(Commands)
r.eventstore, r.idGenerator = tt.fields(t)
got, err := r.SetInstanceRestrictions(tt.args.ctx, tt.args.setRestrictions)
if tt.res.err == nil {
assert.NoError(t, err)
}
if tt.res.err != nil && !tt.res.err(err) {
t.Errorf("got wrong err: %v ", err)
}
if tt.res.err == nil {
assert.Equal(t, tt.res.want, got)
}
})
}
}
Reference in New Issue Copy Permalink