2023-07-06 06:38:13 +00:00
|
|
|
//go:build integration
|
|
|
|
|
|
|
|
package handlers_test
|
|
|
|
|
|
|
|
import (
|
|
|
|
"bytes"
|
|
|
|
"encoding/json"
|
2024-06-12 04:49:14 +00:00
|
|
|
"net/url"
|
2023-07-06 06:38:13 +00:00
|
|
|
"testing"
|
|
|
|
"time"
|
|
|
|
|
2024-06-12 04:49:14 +00:00
|
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"github.com/zitadel/oidc/v3/pkg/client/rp"
|
|
|
|
"github.com/zitadel/oidc/v3/pkg/oidc"
|
|
|
|
|
|
|
|
"github.com/zitadel/zitadel/internal/integration"
|
2024-09-06 12:47:57 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/integration/sink"
|
2024-06-12 04:49:14 +00:00
|
|
|
"github.com/zitadel/zitadel/pkg/grpc/app"
|
2023-07-06 06:38:13 +00:00
|
|
|
"github.com/zitadel/zitadel/pkg/grpc/management"
|
2024-06-12 04:49:14 +00:00
|
|
|
"github.com/zitadel/zitadel/pkg/grpc/object"
|
2024-07-26 20:39:55 +00:00
|
|
|
oidc_v2 "github.com/zitadel/zitadel/pkg/grpc/oidc/v2"
|
2024-06-12 04:49:14 +00:00
|
|
|
"github.com/zitadel/zitadel/pkg/grpc/project"
|
2023-07-06 06:38:13 +00:00
|
|
|
"github.com/zitadel/zitadel/pkg/grpc/system"
|
|
|
|
)
|
|
|
|
|
|
|
|
func TestServer_TelemetryPushMilestones(t *testing.T) {
|
2024-09-06 12:47:57 +00:00
|
|
|
sub := sink.Subscribe(CTX, sink.ChannelMilestone)
|
|
|
|
defer sub.Close()
|
2024-06-12 04:49:14 +00:00
|
|
|
|
2024-09-06 12:47:57 +00:00
|
|
|
instance := integration.NewInstance(CTX)
|
|
|
|
iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
|
|
|
|
t.Log("testing against instance with primary domain", instance.Domain)
|
|
|
|
awaitMilestone(t, sub, instance.Domain, "InstanceCreated")
|
|
|
|
|
|
|
|
projectAdded, err := instance.Client.Mgmt.AddProject(iamOwnerCtx, &management.AddProjectRequest{Name: "integration"})
|
2024-06-12 04:49:14 +00:00
|
|
|
require.NoError(t, err)
|
2024-09-06 12:47:57 +00:00
|
|
|
awaitMilestone(t, sub, instance.Domain, "ProjectCreated")
|
2024-06-12 04:49:14 +00:00
|
|
|
|
|
|
|
redirectURI := "http://localhost:8888"
|
2024-09-06 12:47:57 +00:00
|
|
|
application, err := instance.Client.Mgmt.AddOIDCApp(iamOwnerCtx, &management.AddOIDCAppRequest{
|
2024-06-12 04:49:14 +00:00
|
|
|
ProjectId: projectAdded.GetId(),
|
|
|
|
Name: "integration",
|
|
|
|
RedirectUris: []string{redirectURI},
|
|
|
|
ResponseTypes: []app.OIDCResponseType{app.OIDCResponseType_OIDC_RESPONSE_TYPE_CODE},
|
|
|
|
GrantTypes: []app.OIDCGrantType{app.OIDCGrantType_OIDC_GRANT_TYPE_AUTHORIZATION_CODE},
|
|
|
|
AppType: app.OIDCAppType_OIDC_APP_TYPE_WEB,
|
|
|
|
AuthMethodType: app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_NONE,
|
|
|
|
DevMode: true,
|
|
|
|
AccessTokenType: app.OIDCTokenType_OIDC_TOKEN_TYPE_JWT,
|
|
|
|
})
|
|
|
|
require.NoError(t, err)
|
2024-09-06 12:47:57 +00:00
|
|
|
awaitMilestone(t, sub, instance.Domain, "ApplicationCreated")
|
2024-06-12 04:49:14 +00:00
|
|
|
|
|
|
|
// create the session to be used for the authN of the clients
|
2024-09-06 12:47:57 +00:00
|
|
|
sessionID, sessionToken, _, _ := instance.CreatePasswordSession(t, iamOwnerCtx, instance.AdminUserID, "Password1!")
|
2024-06-12 04:49:14 +00:00
|
|
|
|
2024-09-06 12:47:57 +00:00
|
|
|
console := consoleOIDCConfig(t, instance)
|
|
|
|
loginToClient(t, instance, console.GetClientId(), console.GetRedirectUris()[0], sessionID, sessionToken)
|
|
|
|
awaitMilestone(t, sub, instance.Domain, "AuthenticationSucceededOnInstance")
|
2024-06-12 04:49:14 +00:00
|
|
|
|
|
|
|
// make sure the client has been projected
|
|
|
|
require.EventuallyWithT(t, func(collectT *assert.CollectT) {
|
2024-09-06 12:47:57 +00:00
|
|
|
_, err := instance.Client.Mgmt.GetAppByID(iamOwnerCtx, &management.GetAppByIDRequest{
|
2024-06-12 04:49:14 +00:00
|
|
|
ProjectId: projectAdded.GetId(),
|
|
|
|
AppId: application.GetAppId(),
|
|
|
|
})
|
|
|
|
assert.NoError(collectT, err)
|
2024-09-06 12:47:57 +00:00
|
|
|
}, time.Minute, time.Second, "app not found")
|
|
|
|
loginToClient(t, instance, application.GetClientId(), redirectURI, sessionID, sessionToken)
|
|
|
|
awaitMilestone(t, sub, instance.Domain, "AuthenticationSucceededOnApplication")
|
2024-06-12 04:49:14 +00:00
|
|
|
|
2024-09-06 12:47:57 +00:00
|
|
|
_, err = integration.SystemClient().RemoveInstance(CTX, &system.RemoveInstanceRequest{InstanceId: instance.ID()})
|
2024-06-12 04:49:14 +00:00
|
|
|
require.NoError(t, err)
|
2024-09-06 12:47:57 +00:00
|
|
|
awaitMilestone(t, sub, instance.Domain, "InstanceDeleted")
|
2023-07-06 06:38:13 +00:00
|
|
|
}
|
|
|
|
|
2024-09-06 12:47:57 +00:00
|
|
|
func loginToClient(t *testing.T, instance *integration.Instance, clientID, redirectURI, sessionID, sessionToken string) {
|
|
|
|
iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
|
|
|
|
|
|
|
|
authRequestID, err := instance.CreateOIDCAuthRequestWithDomain(iamOwnerCtx, instance.Domain, clientID, instance.Users.Get(integration.UserTypeIAMOwner).ID, redirectURI, "openid")
|
2024-06-12 04:49:14 +00:00
|
|
|
require.NoError(t, err)
|
2024-09-06 12:47:57 +00:00
|
|
|
callback, err := instance.Client.OIDCv2.CreateCallback(iamOwnerCtx, &oidc_v2.CreateCallbackRequest{
|
2024-06-12 04:49:14 +00:00
|
|
|
AuthRequestId: authRequestID,
|
|
|
|
CallbackKind: &oidc_v2.CreateCallbackRequest_Session{Session: &oidc_v2.Session{
|
|
|
|
SessionId: sessionID,
|
|
|
|
SessionToken: sessionToken,
|
|
|
|
}},
|
|
|
|
})
|
|
|
|
require.NoError(t, err)
|
2024-09-06 12:47:57 +00:00
|
|
|
provider, err := instance.CreateRelyingPartyForDomain(iamOwnerCtx, instance.Domain, clientID, redirectURI)
|
2024-06-12 04:49:14 +00:00
|
|
|
require.NoError(t, err)
|
|
|
|
callbackURL, err := url.Parse(callback.GetCallbackUrl())
|
|
|
|
require.NoError(t, err)
|
|
|
|
code := callbackURL.Query().Get("code")
|
|
|
|
_, err = rp.CodeExchange[*oidc.IDTokenClaims](iamOwnerCtx, code, provider, rp.WithCodeVerifier(integration.CodeVerifier))
|
|
|
|
require.NoError(t, err)
|
|
|
|
}
|
|
|
|
|
2024-09-06 12:47:57 +00:00
|
|
|
func consoleOIDCConfig(t *testing.T, instance *integration.Instance) *app.OIDCConfig {
|
|
|
|
iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
|
|
|
|
|
|
|
|
projects, err := instance.Client.Mgmt.ListProjects(iamOwnerCtx, &management.ListProjectsRequest{
|
2024-06-12 04:49:14 +00:00
|
|
|
Queries: []*project.ProjectQuery{
|
|
|
|
{
|
|
|
|
Query: &project.ProjectQuery_NameQuery{
|
|
|
|
NameQuery: &project.ProjectNameQuery{
|
|
|
|
Name: "ZITADEL",
|
|
|
|
Method: object.TextQueryMethod_TEXT_QUERY_METHOD_EQUALS,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
})
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.Len(t, projects.GetResult(), 1)
|
2024-09-06 12:47:57 +00:00
|
|
|
apps, err := instance.Client.Mgmt.ListApps(iamOwnerCtx, &management.ListAppsRequest{
|
2024-06-12 04:49:14 +00:00
|
|
|
ProjectId: projects.GetResult()[0].GetId(),
|
|
|
|
Queries: []*app.AppQuery{
|
|
|
|
{
|
|
|
|
Query: &app.AppQuery_NameQuery{
|
|
|
|
NameQuery: &app.AppNameQuery{
|
|
|
|
Name: "Console",
|
|
|
|
Method: object.TextQueryMethod_TEXT_QUERY_METHOD_EQUALS,
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
},
|
|
|
|
})
|
|
|
|
require.NoError(t, err)
|
|
|
|
require.Len(t, apps.GetResult(), 1)
|
|
|
|
return apps.GetResult()[0].GetOidcConfig()
|
|
|
|
}
|
|
|
|
|
2024-09-06 12:47:57 +00:00
|
|
|
func awaitMilestone(t *testing.T, sub *sink.Subscription, primaryDomain, expectMilestoneType string) {
|
2023-07-06 06:38:13 +00:00
|
|
|
for {
|
|
|
|
select {
|
2024-09-06 12:47:57 +00:00
|
|
|
case req := <-sub.Recv():
|
2023-07-06 06:38:13 +00:00
|
|
|
plain := new(bytes.Buffer)
|
2024-09-06 12:47:57 +00:00
|
|
|
if err := json.Indent(plain, req.Body, "", " "); err != nil {
|
2023-07-06 06:38:13 +00:00
|
|
|
t.Fatal(err)
|
|
|
|
}
|
|
|
|
t.Log("received milestone", plain.String())
|
|
|
|
milestone := struct {
|
2023-07-06 17:31:08 +00:00
|
|
|
Type string `json:"type"`
|
|
|
|
PrimaryDomain string `json:"primaryDomain"`
|
2023-07-06 06:38:13 +00:00
|
|
|
}{}
|
2024-09-06 12:47:57 +00:00
|
|
|
if err := json.Unmarshal(req.Body, &milestone); err != nil {
|
2023-07-06 06:38:13 +00:00
|
|
|
t.Error(err)
|
|
|
|
}
|
|
|
|
if milestone.Type == expectMilestoneType && milestone.PrimaryDomain == primaryDomain {
|
|
|
|
return
|
|
|
|
}
|
2024-09-06 12:47:57 +00:00
|
|
|
case <-time.After(2 * time.Minute): // why does it take so long to get a milestone !?
|
2023-07-06 06:38:13 +00:00
|
|
|
t.Fatalf("timed out waiting for milestone %s in domain %s", expectMilestoneType, primaryDomain)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|