zitadel/internal/api/grpc/user/v2/totp_integration_test.go

//go:build integration

package user_test

import (
	"context"
	"testing"
	"time"

	"github.com/pquerna/otp/totp"
	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"

	"github.com/zitadel/zitadel/internal/integration"
	object "github.com/zitadel/zitadel/pkg/grpc/object/v2beta"
	user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"
)

func TestServer_RegisterTOTP(t *testing.T) {
	userID := Tester.CreateHumanUser(CTX).GetUserId()
	Tester.RegisterUserPasskey(CTX, userID)
	_, sessionToken, _, _ := Tester.CreateVerifiedWebAuthNSession(t, CTX, userID)
	ctx := Tester.WithAuthorizationToken(CTX, sessionToken)

	type args struct {
		ctx context.Context
		req *user.RegisterTOTPRequest
	}
	tests := []struct {
		name    string
		args    args
		want    *user.RegisterTOTPResponse
		wantErr bool
	}{
		{
			name: "missing user id",
			args: args{
				ctx: ctx,
				req: &user.RegisterTOTPRequest{},
			},
			wantErr: true,
		},
		{
			name: "user mismatch",
			args: args{
				ctx: ctx,
				req: &user.RegisterTOTPRequest{
					UserId: "wrong",
				},
			},
			wantErr: true,
		},
		{
			name: "success",
			args: args{
				ctx: ctx,
				req: &user.RegisterTOTPRequest{
					UserId: userID,
				},
			},
			want: &user.RegisterTOTPResponse{
				Details: &object.Details{
					ResourceOwner: Tester.Organisation.ID,
				},
			},
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			got, err := Client.RegisterTOTP(tt.args.ctx, tt.args.req)
			if tt.wantErr {
				require.Error(t, err)
				return
			}
			require.NoError(t, err)
			require.NotNil(t, got)
			integration.AssertDetails(t, tt.want, got)
			assert.NotEmpty(t, got.GetUri())
			assert.NotEmpty(t, got.GetSecret())
		})
	}
}

func TestServer_VerifyTOTPRegistration(t *testing.T) {
	userID := Tester.CreateHumanUser(CTX).GetUserId()
	Tester.RegisterUserPasskey(CTX, userID)
	_, sessionToken, _, _ := Tester.CreateVerifiedWebAuthNSession(t, CTX, userID)
	ctx := Tester.WithAuthorizationToken(CTX, sessionToken)

	reg, err := Client.RegisterTOTP(ctx, &user.RegisterTOTPRequest{
		UserId: userID,
	})
	require.NoError(t, err)
	code, err := totp.GenerateCode(reg.Secret, time.Now())
	require.NoError(t, err)

	type args struct {
		ctx context.Context
		req *user.VerifyTOTPRegistrationRequest
	}
	tests := []struct {
		name    string
		args    args
		want    *user.VerifyTOTPRegistrationResponse
		wantErr bool
	}{
		{
			name: "user mismatch",
			args: args{
				ctx: ctx,
				req: &user.VerifyTOTPRegistrationRequest{
					UserId: "wrong",
				},
			},
			wantErr: true,
		},
		{
			name: "wrong code",
			args: args{
				ctx: ctx,
				req: &user.VerifyTOTPRegistrationRequest{
					UserId: userID,
					Code:   "123",
				},
			},
			wantErr: true,
		},
		{
			name: "success",
			args: args{
				ctx: ctx,
				req: &user.VerifyTOTPRegistrationRequest{
					UserId: userID,
					Code:   code,
				},
			},
			want: &user.VerifyTOTPRegistrationResponse{
				Details: &object.Details{
					ResourceOwner: Tester.Organisation.ResourceOwner,
				},
			},
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			got, err := Client.VerifyTOTPRegistration(tt.args.ctx, tt.args.req)
			if tt.wantErr {
				require.Error(t, err)
				return
			}
			require.NoError(t, err)
			require.NotNil(t, got)
			integration.AssertDetails(t, tt.want, got)
		})
	}
}
feat(v2): implement user register OTP (#6030) * feat(v2): implement user register OTP * feat(v2): implement user verify OTP * session: retry on permission denied 2023-06-20 10:36:21 +00:00			`//go:build integration`

			`package user_test`

			`import (`
			`"context"`
			`"testing"`
chore(user/v2): solve test TODO that depended on session tokens (#6973) Closes #6022, Co-authored-by: Livio Spring <livio.a@gmail.com> 2023-12-05 15:28:17 +00:00			`"time"`
feat(v2): implement user register OTP (#6030) * feat(v2): implement user register OTP * feat(v2): implement user verify OTP * session: retry on permission denied 2023-06-20 10:36:21 +00:00
chore(user/v2): solve test TODO that depended on session tokens (#6973) Closes #6022, Co-authored-by: Livio Spring <livio.a@gmail.com> 2023-12-05 15:28:17 +00:00			`"github.com/pquerna/otp/totp"`
feat(v2): implement user register OTP (#6030) * feat(v2): implement user register OTP * feat(v2): implement user verify OTP * session: retry on permission denied 2023-06-20 10:36:21 +00:00			`"github.com/stretchr/testify/assert"`
			`"github.com/stretchr/testify/require"`

			`"github.com/zitadel/zitadel/internal/integration"`
chore(user/v2): solve test TODO that depended on session tokens (#6973) Closes #6022, Co-authored-by: Livio Spring <livio.a@gmail.com> 2023-12-05 15:28:17 +00:00			`object "github.com/zitadel/zitadel/pkg/grpc/object/v2beta"`
feat(api): move resource apis to beta (#6530) Moves UserService, SessionService, SettingsService and OIDCService to beta state. This includes gRPC and HTTP path changes. 2023-09-13 12:43:01 +00:00			`user "github.com/zitadel/zitadel/pkg/grpc/user/v2beta"`
feat(v2): implement user register OTP (#6030) * feat(v2): implement user register OTP * feat(v2): implement user verify OTP * session: retry on permission denied 2023-06-20 10:36:21 +00:00			`)`

fix: rename OTP to TOTP in v2 alpha user api This change renames the v2 user OTP registration endpoints and objects to TOTP. Also the v2 related code paths have been renamed to TOTP. This change was discussed during the sprint review. 2023-06-22 10:06:32 +00:00			`func TestServer_RegisterTOTP(t *testing.T) {`
chore(user/v2): solve test TODO that depended on session tokens (#6973) Closes #6022, Co-authored-by: Livio Spring <livio.a@gmail.com> 2023-12-05 15:28:17 +00:00			`userID := Tester.CreateHumanUser(CTX).GetUserId()`
			`Tester.RegisterUserPasskey(CTX, userID)`
			`_, sessionToken, _, _ := Tester.CreateVerifiedWebAuthNSession(t, CTX, userID)`
			`ctx := Tester.WithAuthorizationToken(CTX, sessionToken)`
feat(v2): implement user register OTP (#6030) * feat(v2): implement user register OTP * feat(v2): implement user verify OTP * session: retry on permission denied 2023-06-20 10:36:21 +00:00
			`type args struct {`
			`ctx context.Context`
fix: rename OTP to TOTP in v2 alpha user api This change renames the v2 user OTP registration endpoints and objects to TOTP. Also the v2 related code paths have been renamed to TOTP. This change was discussed during the sprint review. 2023-06-22 10:06:32 +00:00			`req *user.RegisterTOTPRequest`
feat(v2): implement user register OTP (#6030) * feat(v2): implement user register OTP * feat(v2): implement user verify OTP * session: retry on permission denied 2023-06-20 10:36:21 +00:00			`}`
			`tests := []struct {`
			`name string`
			`args args`
fix: rename OTP to TOTP in v2 alpha user api This change renames the v2 user OTP registration endpoints and objects to TOTP. Also the v2 related code paths have been renamed to TOTP. This change was discussed during the sprint review. 2023-06-22 10:06:32 +00:00			`want *user.RegisterTOTPResponse`
feat(v2): implement user register OTP (#6030) * feat(v2): implement user register OTP * feat(v2): implement user verify OTP * session: retry on permission denied 2023-06-20 10:36:21 +00:00			`wantErr bool`
			`}{`
			`{`
			`name: "missing user id",`
			`args: args{`
chore(user/v2): solve test TODO that depended on session tokens (#6973) Closes #6022, Co-authored-by: Livio Spring <livio.a@gmail.com> 2023-12-05 15:28:17 +00:00			`ctx: ctx,`
fix: rename OTP to TOTP in v2 alpha user api This change renames the v2 user OTP registration endpoints and objects to TOTP. Also the v2 related code paths have been renamed to TOTP. This change was discussed during the sprint review. 2023-06-22 10:06:32 +00:00			`req: &user.RegisterTOTPRequest{},`
feat(v2): implement user register OTP (#6030) * feat(v2): implement user register OTP * feat(v2): implement user verify OTP * session: retry on permission denied 2023-06-20 10:36:21 +00:00			`},`
			`wantErr: true,`
			`},`
			`{`
			`name: "user mismatch",`
			`args: args{`
chore(user/v2): solve test TODO that depended on session tokens (#6973) Closes #6022, Co-authored-by: Livio Spring <livio.a@gmail.com> 2023-12-05 15:28:17 +00:00			`ctx: ctx,`
fix: rename OTP to TOTP in v2 alpha user api This change renames the v2 user OTP registration endpoints and objects to TOTP. Also the v2 related code paths have been renamed to TOTP. This change was discussed during the sprint review. 2023-06-22 10:06:32 +00:00			`req: &user.RegisterTOTPRequest{`
feat(v2): implement user register OTP (#6030) * feat(v2): implement user register OTP * feat(v2): implement user verify OTP * session: retry on permission denied 2023-06-20 10:36:21 +00:00			`UserId: "wrong",`
			`},`
			`},`
			`wantErr: true,`
			`},`
			`{`
chore(user/v2): solve test TODO that depended on session tokens (#6973) Closes #6022, Co-authored-by: Livio Spring <livio.a@gmail.com> 2023-12-05 15:28:17 +00:00			`name: "success",`
feat(v2): implement user register OTP (#6030) * feat(v2): implement user register OTP * feat(v2): implement user verify OTP * session: retry on permission denied 2023-06-20 10:36:21 +00:00			`args: args{`
chore(user/v2): solve test TODO that depended on session tokens (#6973) Closes #6022, Co-authored-by: Livio Spring <livio.a@gmail.com> 2023-12-05 15:28:17 +00:00			`ctx: ctx,`
fix: rename OTP to TOTP in v2 alpha user api This change renames the v2 user OTP registration endpoints and objects to TOTP. Also the v2 related code paths have been renamed to TOTP. This change was discussed during the sprint review. 2023-06-22 10:06:32 +00:00			`req: &user.RegisterTOTPRequest{`
feat(v2): implement user register OTP (#6030) * feat(v2): implement user register OTP * feat(v2): implement user verify OTP * session: retry on permission denied 2023-06-20 10:36:21 +00:00			`UserId: userID,`
			`},`
			`},`
fix: rename OTP to TOTP in v2 alpha user api This change renames the v2 user OTP registration endpoints and objects to TOTP. Also the v2 related code paths have been renamed to TOTP. This change was discussed during the sprint review. 2023-06-22 10:06:32 +00:00			`want: &user.RegisterTOTPResponse{`
feat(v2): implement user register OTP (#6030) * feat(v2): implement user register OTP * feat(v2): implement user verify OTP * session: retry on permission denied 2023-06-20 10:36:21 +00:00			`Details: &object.Details{`
			`ResourceOwner: Tester.Organisation.ID,`
			`},`
			`},`
			`},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
fix: rename OTP to TOTP in v2 alpha user api This change renames the v2 user OTP registration endpoints and objects to TOTP. Also the v2 related code paths have been renamed to TOTP. This change was discussed during the sprint review. 2023-06-22 10:06:32 +00:00			`got, err := Client.RegisterTOTP(tt.args.ctx, tt.args.req)`
feat(v2): implement user register OTP (#6030) * feat(v2): implement user register OTP * feat(v2): implement user verify OTP * session: retry on permission denied 2023-06-20 10:36:21 +00:00			`if tt.wantErr {`
			`require.Error(t, err)`
			`return`
			`}`
			`require.NoError(t, err)`
			`require.NotNil(t, got)`
			`integration.AssertDetails(t, tt.want, got)`
			`assert.NotEmpty(t, got.GetUri())`
			`assert.NotEmpty(t, got.GetSecret())`
			`})`
			`}`
			`}`

fix: rename OTP to TOTP in v2 alpha user api This change renames the v2 user OTP registration endpoints and objects to TOTP. Also the v2 related code paths have been renamed to TOTP. This change was discussed during the sprint review. 2023-06-22 10:06:32 +00:00			`func TestServer_VerifyTOTPRegistration(t *testing.T) {`
feat(v2): implement user register OTP (#6030) * feat(v2): implement user register OTP * feat(v2): implement user verify OTP * session: retry on permission denied 2023-06-20 10:36:21 +00:00			`userID := Tester.CreateHumanUser(CTX).GetUserId()`
chore(user/v2): solve test TODO that depended on session tokens (#6973) Closes #6022, Co-authored-by: Livio Spring <livio.a@gmail.com> 2023-12-05 15:28:17 +00:00			`Tester.RegisterUserPasskey(CTX, userID)`
			`_, sessionToken, _, _ := Tester.CreateVerifiedWebAuthNSession(t, CTX, userID)`
			`ctx := Tester.WithAuthorizationToken(CTX, sessionToken)`
feat(v2): implement user register OTP (#6030) * feat(v2): implement user register OTP * feat(v2): implement user verify OTP * session: retry on permission denied 2023-06-20 10:36:21 +00:00
chore(user/v2): solve test TODO that depended on session tokens (#6973) Closes #6022, Co-authored-by: Livio Spring <livio.a@gmail.com> 2023-12-05 15:28:17 +00:00			`reg, err := Client.RegisterTOTP(ctx, &user.RegisterTOTPRequest{`
feat(v2): implement user register OTP (#6030) * feat(v2): implement user register OTP * feat(v2): implement user verify OTP * session: retry on permission denied 2023-06-20 10:36:21 +00:00			`UserId: userID,`
			`})`
			`require.NoError(t, err)`
			`code, err := totp.GenerateCode(reg.Secret, time.Now())`
			`require.NoError(t, err)`

			`type args struct {`
			`ctx context.Context`
fix: rename OTP to TOTP in v2 alpha user api This change renames the v2 user OTP registration endpoints and objects to TOTP. Also the v2 related code paths have been renamed to TOTP. This change was discussed during the sprint review. 2023-06-22 10:06:32 +00:00			`req *user.VerifyTOTPRegistrationRequest`
feat(v2): implement user register OTP (#6030) * feat(v2): implement user register OTP * feat(v2): implement user verify OTP * session: retry on permission denied 2023-06-20 10:36:21 +00:00			`}`
			`tests := []struct {`
			`name string`
			`args args`
fix: rename OTP to TOTP in v2 alpha user api This change renames the v2 user OTP registration endpoints and objects to TOTP. Also the v2 related code paths have been renamed to TOTP. This change was discussed during the sprint review. 2023-06-22 10:06:32 +00:00			`want *user.VerifyTOTPRegistrationResponse`
feat(v2): implement user register OTP (#6030) * feat(v2): implement user register OTP * feat(v2): implement user verify OTP * session: retry on permission denied 2023-06-20 10:36:21 +00:00			`wantErr bool`
			`}{`
			`{`
			`name: "user mismatch",`
			`args: args{`
chore(user/v2): solve test TODO that depended on session tokens (#6973) Closes #6022, Co-authored-by: Livio Spring <livio.a@gmail.com> 2023-12-05 15:28:17 +00:00			`ctx: ctx,`
fix: rename OTP to TOTP in v2 alpha user api This change renames the v2 user OTP registration endpoints and objects to TOTP. Also the v2 related code paths have been renamed to TOTP. This change was discussed during the sprint review. 2023-06-22 10:06:32 +00:00			`req: &user.VerifyTOTPRegistrationRequest{`
feat(v2): implement user register OTP (#6030) * feat(v2): implement user register OTP * feat(v2): implement user verify OTP * session: retry on permission denied 2023-06-20 10:36:21 +00:00			`UserId: "wrong",`
			`},`
			`},`
			`wantErr: true,`
			`},`
			`{`
			`name: "wrong code",`
			`args: args{`
chore(user/v2): solve test TODO that depended on session tokens (#6973) Closes #6022, Co-authored-by: Livio Spring <livio.a@gmail.com> 2023-12-05 15:28:17 +00:00			`ctx: ctx,`
fix: rename OTP to TOTP in v2 alpha user api This change renames the v2 user OTP registration endpoints and objects to TOTP. Also the v2 related code paths have been renamed to TOTP. This change was discussed during the sprint review. 2023-06-22 10:06:32 +00:00			`req: &user.VerifyTOTPRegistrationRequest{`
feat(v2): implement user register OTP (#6030) * feat(v2): implement user register OTP * feat(v2): implement user verify OTP * session: retry on permission denied 2023-06-20 10:36:21 +00:00			`UserId: userID,`
			`Code: "123",`
			`},`
			`},`
			`wantErr: true,`
			`},`
			`{`
			`name: "success",`
			`args: args{`
chore(user/v2): solve test TODO that depended on session tokens (#6973) Closes #6022, Co-authored-by: Livio Spring <livio.a@gmail.com> 2023-12-05 15:28:17 +00:00			`ctx: ctx,`
fix: rename OTP to TOTP in v2 alpha user api This change renames the v2 user OTP registration endpoints and objects to TOTP. Also the v2 related code paths have been renamed to TOTP. This change was discussed during the sprint review. 2023-06-22 10:06:32 +00:00			`req: &user.VerifyTOTPRegistrationRequest{`
feat(v2): implement user register OTP (#6030) * feat(v2): implement user register OTP * feat(v2): implement user verify OTP * session: retry on permission denied 2023-06-20 10:36:21 +00:00			`UserId: userID,`
			`Code: code,`
			`},`
			`},`
fix: rename OTP to TOTP in v2 alpha user api This change renames the v2 user OTP registration endpoints and objects to TOTP. Also the v2 related code paths have been renamed to TOTP. This change was discussed during the sprint review. 2023-06-22 10:06:32 +00:00			`want: &user.VerifyTOTPRegistrationResponse{`
feat(v2): implement user register OTP (#6030) * feat(v2): implement user register OTP * feat(v2): implement user verify OTP * session: retry on permission denied 2023-06-20 10:36:21 +00:00			`Details: &object.Details{`
			`ResourceOwner: Tester.Organisation.ResourceOwner,`
			`},`
			`},`
			`},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
fix: rename OTP to TOTP in v2 alpha user api This change renames the v2 user OTP registration endpoints and objects to TOTP. Also the v2 related code paths have been renamed to TOTP. This change was discussed during the sprint review. 2023-06-22 10:06:32 +00:00			`got, err := Client.VerifyTOTPRegistration(tt.args.ctx, tt.args.req)`
feat(v2): implement user register OTP (#6030) * feat(v2): implement user register OTP * feat(v2): implement user verify OTP * session: retry on permission denied 2023-06-20 10:36:21 +00:00			`if tt.wantErr {`
			`require.Error(t, err)`
			`return`
			`}`
			`require.NoError(t, err)`
			`require.NotNil(t, got)`
			`integration.AssertDetails(t, tt.want, got)`
			`})`
			`}`
			`}`