zitadel/internal/command/user_v2_u2f_test.go

237 lines
6.0 KiB
Go
Raw Normal View History

2023-06-15 07:32:40 +02:00
package command
import (
"io"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"golang.org/x/text/language"
"github.com/zitadel/zitadel/internal/api/authz"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/eventstore"
"github.com/zitadel/zitadel/internal/id"
id_mock "github.com/zitadel/zitadel/internal/id/mock"
"github.com/zitadel/zitadel/internal/repository/org"
"github.com/zitadel/zitadel/internal/repository/user"
webauthn_helper "github.com/zitadel/zitadel/internal/webauthn"
"github.com/zitadel/zitadel/internal/zerrors"
2023-06-15 07:32:40 +02:00
)
func TestCommands_RegisterUserU2F(t *testing.T) {
ctx := authz.NewMockContextWithPermissions("instance1", "org1", "user1", nil)
ctx = authz.WithRequestedDomain(ctx, "example.com")
webauthnConfig := &webauthn_helper.Config{
DisplayName: "test",
ExternalSecure: true,
}
userAgg := &user.NewAggregate("user1", "org1").Aggregate
type fields struct {
eventstore func(t *testing.T) *eventstore.Eventstore
idGenerator id.Generator
permissionCheck domain.PermissionCheck
2023-06-15 07:32:40 +02:00
}
type args struct {
userID string
resourceOwner string
rpID string
2023-06-15 07:32:40 +02:00
}
tests := []struct {
name string
fields fields
args args
want *domain.WebAuthNRegistrationDetails
wantErr error
}{
{
name: "get human passwordless error",
fields: fields{
eventstore: expectEventstore(
expectFilterError(io.ErrClosedPipe),
),
},
2023-06-15 07:32:40 +02:00
args: args{
userID: "user1",
2023-06-15 07:32:40 +02:00
resourceOwner: "org1",
},
wantErr: io.ErrClosedPipe,
2023-06-15 07:32:40 +02:00
},
{
name: "other user, no permission",
2023-06-15 07:32:40 +02:00
fields: fields{
eventstore: expectEventstore(
expectFilter(),
expectFilter(eventFromEventPusher(
user.NewHumanAddedEvent(ctx,
userAgg,
"username",
"firstname",
"lastname",
"nickname",
"displayname",
language.German,
domain.GenderUnspecified,
"email@test.ch",
true,
),
)),
2023-06-15 07:32:40 +02:00
),
permissionCheck: newMockPermissionCheckNotAllowed(),
2023-06-15 07:32:40 +02:00
},
args: args{
userID: "foo",
2023-06-15 07:32:40 +02:00
resourceOwner: "org1",
},
wantErr: zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"),
2023-06-15 07:32:40 +02:00
},
{
name: "id generator error",
fields: fields{
eventstore: expectEventstore(
2023-06-15 07:32:40 +02:00
expectFilter(), // getHumanPasswordlessTokens
expectFilter(eventFromEventPusher(
user.NewHumanAddedEvent(ctx,
userAgg,
"username",
"firstname",
"lastname",
"nickname",
"displayname",
language.German,
domain.GenderUnspecified,
"email@test.ch",
true,
),
)),
expectFilter(eventFromEventPusher(
org.NewOrgAddedEvent(ctx,
&org.NewAggregate("org1").Aggregate,
"org1",
),
)),
expectFilter(eventFromEventPusher(
org.NewDomainPolicyAddedEvent(ctx,
&org.NewAggregate("org1").Aggregate,
false, false, false,
),
)),
),
idGenerator: id_mock.NewIDGeneratorExpectError(t, io.ErrClosedPipe),
},
args: args{
userID: "user1",
resourceOwner: "org1",
},
wantErr: io.ErrClosedPipe,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
c := &Commands{
eventstore: tt.fields.eventstore(t),
idGenerator: tt.fields.idGenerator,
checkPermission: tt.fields.permissionCheck,
webauthnConfig: webauthnConfig,
2023-06-15 07:32:40 +02:00
}
_, err := c.RegisterUserU2F(ctx, tt.args.userID, tt.args.resourceOwner, tt.args.rpID)
2023-06-15 07:32:40 +02:00
require.ErrorIs(t, err, tt.wantErr)
// successful case can't be tested due to random challenge.
})
}
}
func TestCommands_pushUserU2F(t *testing.T) {
ctx := authz.WithRequestedDomain(authz.NewMockContext("instance1", "org1", "user1"), "example.com")
2023-06-15 07:32:40 +02:00
webauthnConfig := &webauthn_helper.Config{
DisplayName: "test",
ExternalSecure: true,
}
userAgg := &user.NewAggregate("user1", "org1").Aggregate
prep := []expect{
expectFilter(), // getHumanU2FTokens
expectFilter(eventFromEventPusher(
user.NewHumanAddedEvent(ctx,
userAgg,
"username",
"firstname",
"lastname",
"nickname",
"displayname",
language.German,
domain.GenderUnspecified,
"email@test.ch",
true,
),
)),
expectFilter(eventFromEventPusher(
org.NewOrgAddedEvent(ctx,
&org.NewAggregate("org1").Aggregate,
"org1",
),
)),
expectFilter(eventFromEventPusher(
org.NewDomainPolicyAddedEvent(ctx,
&org.NewAggregate("org1").Aggregate,
false, false, false,
),
)),
expectFilter(eventFromEventPusher(
user.NewHumanWebAuthNAddedEvent(eventstore.NewBaseEventForPush(
ctx, &org.NewAggregate("org1").Aggregate, user.HumanPasswordlessTokenAddedType,
), "111", "challenge", "rpID"),
2023-06-15 07:32:40 +02:00
)),
}
tests := []struct {
name string
expectPush func(challenge string) expect
wantErr error
}{
{
name: "push error",
expectPush: func(challenge string) expect {
return expectPushFailed(io.ErrClosedPipe,
2023-06-15 07:32:40 +02:00
user.NewHumanU2FAddedEvent(ctx,
userAgg, "123", challenge, "rpID",
2023-06-15 07:32:40 +02:00
),
)
2023-06-15 07:32:40 +02:00
},
wantErr: io.ErrClosedPipe,
},
{
name: "success",
expectPush: func(challenge string) expect {
return expectPush(
2023-06-15 07:32:40 +02:00
user.NewHumanU2FAddedEvent(ctx,
userAgg, "123", challenge, "rpID",
2023-06-15 07:32:40 +02:00
),
)
2023-06-15 07:32:40 +02:00
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
c := &Commands{
eventstore: eventstoreExpect(t, prep...),
webauthnConfig: webauthnConfig,
idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "123"),
}
wm, userAgg, webAuthN, err := c.createUserPasskey(ctx, "user1", "org1", "rpID", domain.AuthenticatorAttachmentCrossPlattform)
2023-06-15 07:32:40 +02:00
require.NoError(t, err)
c.eventstore = eventstoreExpect(t, tt.expectPush(webAuthN.Challenge))
got, err := c.pushUserU2F(ctx, wm, userAgg, webAuthN)
require.ErrorIs(t, err, tt.wantErr)
if tt.wantErr == nil {
assert.NotEmpty(t, got.PublicKeyCredentialCreationOptions)
assert.Equal(t, "123", got.ID)
assert.Equal(t, "org1", got.ObjectDetails.ResourceOwner)
}
})
}
}