zitadel/internal/command/user_v3_publickey_test.go

package command

import (
	"context"
	"errors"
	"testing"
	"time"

	"github.com/stretchr/testify/assert"

	"github.com/zitadel/zitadel/internal/api/authz"
	"github.com/zitadel/zitadel/internal/domain"
	"github.com/zitadel/zitadel/internal/eventstore"
	"github.com/zitadel/zitadel/internal/id"
	"github.com/zitadel/zitadel/internal/id/mock"
	"github.com/zitadel/zitadel/internal/repository/user/authenticator"
	"github.com/zitadel/zitadel/internal/zerrors"
)

func filterPublicKeyExisting() expect {
	return expectFilter(
		eventFromEventPusher(
			authenticator.NewPublicKeyCreatedEvent(
				context.Background(),
				&authenticator.NewAggregate("pk1", "org1").Aggregate,
				"user1",
				time.Time{},
				[]byte("something"),
			),
		),
	)
}

func TestCommands_AddPublicKey(t *testing.T) {
	type fields struct {
		eventstore      func(t *testing.T) *eventstore.Eventstore
		idGenerator     id.Generator
		checkPermission domain.PermissionCheck
	}
	type args struct {
		ctx  context.Context
		user *AddPublicKey
	}
	type res struct {
		details *domain.ObjectDetails
		err     func(error) bool
	}
	tests := []struct {
		name   string
		fields fields
		args   args
		res    res
	}{
		{
			"no userID, error",
			fields{
				eventstore:      expectEventstore(),
				checkPermission: newMockPermissionCheckAllowed(),
			},
			args{
				ctx:  authz.NewMockContext("instanceID", "", ""),
				user: &AddPublicKey{},
			},
			res{
				err: func(err error) bool {
					return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "COMMAND-14sGR7lTaj", "Errors.IDMissing"))
				},
			},
		},
		{
			"user not existing, error",
			fields{
				eventstore: expectEventstore(
					expectFilter(),
				),
				checkPermission: newMockPermissionCheckAllowed(),
			},
			args{
				ctx: authz.NewMockContext("instanceID", "", ""),
				user: &AddPublicKey{
					UserID: "notexisting",
				},
			},
			res{
				err: func(err error) bool {
					return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-syHyCsGmvM", "Errors.User.NotFound"))
				},
			},
		},
		{
			"no permission, error",
			fields{
				eventstore: expectEventstore(
					filterSchemaUserExisting(),
					filterSchemaExisting(),
					expectFilter(),
				),
				checkPermission: newMockPermissionCheckNotAllowed(),
				idGenerator:     mock.ExpectID(t, "pk1"),
			},
			args{
				ctx: authz.NewMockContext("instanceID", "", ""),
				user: &AddPublicKey{
					UserID: "user1",
					PublicKey: &PublicKey{
						PublicKey: []byte("something"),
					},
				},
			},
			res{
				err: func(err error) bool {
					return errors.Is(err, zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"))
				},
			},
		},
		{
			"userschema not existing, error",
			fields{
				eventstore: expectEventstore(
					filterSchemaUserExisting(),
					expectFilter(),
				),
				checkPermission: newMockPermissionCheckAllowed(),
			},
			args{
				ctx: authz.NewMockContext("instanceID", "", ""),
				user: &AddPublicKey{
					UserID: "user1",
				},
			},
			res{
				err: func(err error) bool {
					return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-VLDTtxT3If", "Errors.UserSchema.NotExists"))
				},
			},
		},
		{
			"publickey added, ok",
			fields{
				eventstore: expectEventstore(
					filterSchemaUserExisting(),
					filterSchemaExisting(),
					expectFilter(),
					expectPush(
						authenticator.NewPublicKeyCreatedEvent(
							context.Background(),
							&authenticator.NewAggregate("pk1", "org1").Aggregate,
							"user1",
							time.Time{},
							[]byte("something"),
						),
					),
				),
				checkPermission: newMockPermissionCheckAllowed(),
				idGenerator:     mock.ExpectID(t, "pk1"),
			},
			args{
				ctx: authz.NewMockContext("instanceID", "", ""),
				user: &AddPublicKey{
					UserID: "user1",
					PublicKey: &PublicKey{
						PublicKey: []byte("something"),
					},
				},
			},
			res{
				details: &domain.ObjectDetails{
					ResourceOwner: "org1",
				},
			},
		},
		{
			"publickey added, expirationdate, ok",
			fields{
				eventstore: expectEventstore(
					filterSchemaUserExisting(),
					filterSchemaExisting(),
					expectFilter(),
					expectPush(
						authenticator.NewPublicKeyCreatedEvent(
							context.Background(),
							&authenticator.NewAggregate("pk1", "org1").Aggregate,
							"user1",
							time.Date(2024, time.January, 1, 1, 1, 1, 1, time.UTC),
							[]byte("something"),
						),
					),
				),
				checkPermission: newMockPermissionCheckAllowed(),
				idGenerator:     mock.ExpectID(t, "pk1"),
			},
			args{
				ctx: authz.NewMockContext("instanceID", "", ""),
				user: &AddPublicKey{
					UserID: "user1",
					PublicKey: &PublicKey{
						PublicKey:      []byte("something"),
						ExpirationDate: time.Date(2024, time.January, 1, 1, 1, 1, 1, time.UTC),
					},
				},
			},
			res{
				details: &domain.ObjectDetails{
					ResourceOwner: "org1",
				},
			},
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			c := &Commands{
				eventstore:      tt.fields.eventstore(t),
				idGenerator:     tt.fields.idGenerator,
				checkPermission: tt.fields.checkPermission,
			}
			details, err := c.AddPublicKey(tt.args.ctx, tt.args.user)
			if tt.res.err == nil {
				assert.NoError(t, err)
			}
			if tt.res.err != nil && !tt.res.err(err) {
				t.Errorf("got wrong err: %v ", err)
			}
			if tt.res.err == nil {
				assertObjectDetails(t, tt.res.details, details)
			}
		})
	}
}

func TestCommands_DeletePublicKey(t *testing.T) {
	type fields struct {
		eventstore      func(t *testing.T) *eventstore.Eventstore
		checkPermission domain.PermissionCheck
	}
	type args struct {
		ctx           context.Context
		resourceOwner string
		userID        string
		id            string
	}
	type res struct {
		details *domain.ObjectDetails
		err     func(error) bool
	}
	tests := []struct {
		name   string
		fields fields
		args   args
		res    res
	}{
		{
			"no userID, error",
			fields{
				eventstore:      expectEventstore(),
				checkPermission: newMockPermissionCheckAllowed(),
			},
			args{
				ctx: authz.NewMockContext("instanceID", "", ""),
				id:  "",
			},
			res{
				err: func(err error) bool {
					return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "COMMAND-hzqeAXW1qP", "Errors.IDMissing"))
				},
			},
		},
		{
			"no ID, error",
			fields{
				eventstore:      expectEventstore(),
				checkPermission: newMockPermissionCheckAllowed(),
			},
			args{
				ctx:    authz.NewMockContext("instanceID", "", ""),
				userID: "user1",
				id:     "",
			},
			res{
				err: func(err error) bool {
					return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "COMMAND-BNNYJz6Yxt", "Errors.IDMissing"))
				},
			},
		},
		{
			"pk not existing, error",
			fields{
				eventstore: expectEventstore(
					expectFilter(),
				),
				checkPermission: newMockPermissionCheckAllowed(),
			},
			args{
				ctx:    authz.NewMockContext("instanceID", "", ""),
				userID: "user1",
				id:     "notexisting",
			},
			res{
				err: func(err error) bool {
					return errors.Is(err, zerrors.ThrowNotFound(nil, "TODO", "TODO"))
				},
			},
		},
		{
			"pk already removed, error",
			fields{
				eventstore: expectEventstore(
					expectFilter(
						eventFromEventPusher(
							authenticator.NewPublicKeyCreatedEvent(
								context.Background(),
								&authenticator.NewAggregate("pk1", "org1").Aggregate,
								"user1",
								time.Time{},
								[]byte("something"),
							),
						),
						eventFromEventPusher(
							authenticator.NewPublicKeyDeletedEvent(
								context.Background(),
								&authenticator.NewAggregate("pk1", "org1").Aggregate,
							),
						),
					),
				),
				checkPermission: newMockPermissionCheckAllowed(),
			},
			args{
				ctx:    authz.NewMockContext("instanceID", "", ""),
				userID: "user1",
				id:     "notexisting",
			},
			res{
				err: func(err error) bool {
					return errors.Is(err, zerrors.ThrowNotFound(nil, "TODO", "TODO"))
				},
			},
		},
		{
			"no permission, error",
			fields{
				eventstore: expectEventstore(
					filterPublicKeyExisting(),
				),
				checkPermission: newMockPermissionCheckNotAllowed(),
			},
			args{
				ctx:    authz.NewMockContext("instanceID", "", ""),
				userID: "user1",
				id:     "pk1",
			},
			res{
				err: func(err error) bool {
					return errors.Is(err, zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"))
				},
			},
		},
		{
			"pk removed, ok",
			fields{
				eventstore: expectEventstore(
					filterPublicKeyExisting(),
					expectPush(
						authenticator.NewPublicKeyDeletedEvent(
							context.Background(),
							&authenticator.NewAggregate("pk1", "org1").Aggregate,
						),
					),
				),
				checkPermission: newMockPermissionCheckAllowed(),
			},
			args{
				ctx:    authz.NewMockContext("instanceID", "", ""),
				userID: "user1",
				id:     "pk1",
			},
			res{
				details: &domain.ObjectDetails{
					ResourceOwner: "org1",
				},
			},
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			c := &Commands{
				eventstore:      tt.fields.eventstore(t),
				checkPermission: tt.fields.checkPermission,
			}
			details, err := c.DeletePublicKey(tt.args.ctx, tt.args.resourceOwner, tt.args.userID, tt.args.id)
			if tt.res.err == nil {
				assert.NoError(t, err)
			}
			if tt.res.err != nil && !tt.res.err(err) {
				t.Errorf("got wrong err: %v ", err)
			}
			if tt.res.err == nil {
				assertObjectDetails(t, tt.res.details, details)
			}
		})
	}
}
fix: add publickey endpoints 2024-09-26 19:15:03 +02:00			`package command`

			`import (`
			`"context"`
			`"errors"`
			`"testing"`
			`"time"`

			`"github.com/stretchr/testify/assert"`

			`"github.com/zitadel/zitadel/internal/api/authz"`
			`"github.com/zitadel/zitadel/internal/domain"`
			`"github.com/zitadel/zitadel/internal/eventstore"`
			`"github.com/zitadel/zitadel/internal/id"`
			`"github.com/zitadel/zitadel/internal/id/mock"`
			`"github.com/zitadel/zitadel/internal/repository/user/authenticator"`
			`"github.com/zitadel/zitadel/internal/zerrors"`
			`)`

			`func filterPublicKeyExisting() expect {`
			`return expectFilter(`
			`eventFromEventPusher(`
			`authenticator.NewPublicKeyCreatedEvent(`
			`context.Background(),`
			`&authenticator.NewAggregate("pk1", "org1").Aggregate,`
			`"user1",`
			`time.Time{},`
			`[]byte("something"),`
			`),`
			`),`
			`)`
			`}`

			`func TestCommands_AddPublicKey(t *testing.T) {`
			`type fields struct {`
			`eventstore func(t testing.T) eventstore.Eventstore`
			`idGenerator id.Generator`
			`checkPermission domain.PermissionCheck`
			`}`
			`type args struct {`
			`ctx context.Context`
			`user *AddPublicKey`
			`}`
			`type res struct {`
			`details *domain.ObjectDetails`
			`err func(error) bool`
			`}`
			`tests := []struct {`
			`name string`
			`fields fields`
			`args args`
			`res res`
			`}{`
			`{`
			`"no userID, error",`
			`fields{`
			`eventstore: expectEventstore(),`
			`checkPermission: newMockPermissionCheckAllowed(),`
			`},`
			`args{`
			`ctx: authz.NewMockContext("instanceID", "", ""),`
			`user: &AddPublicKey{},`
			`},`
			`res{`
			`err: func(err error) bool {`
			`return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "COMMAND-14sGR7lTaj", "Errors.IDMissing"))`
			`},`
			`},`
			`},`
			`{`
			`"user not existing, error",`
			`fields{`
			`eventstore: expectEventstore(`
			`expectFilter(),`
			`),`
			`checkPermission: newMockPermissionCheckAllowed(),`
			`},`
			`args{`
			`ctx: authz.NewMockContext("instanceID", "", ""),`
			`user: &AddPublicKey{`
			`UserID: "notexisting",`
			`},`
			`},`
			`res{`
			`err: func(err error) bool {`
			`return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-syHyCsGmvM", "Errors.User.NotFound"))`
			`},`
			`},`
			`},`
			`{`
			`"no permission, error",`
			`fields{`
			`eventstore: expectEventstore(`
			`filterSchemaUserExisting(),`
			`filterSchemaExisting(),`
			`expectFilter(),`
			`),`
			`checkPermission: newMockPermissionCheckNotAllowed(),`
			`idGenerator: mock.ExpectID(t, "pk1"),`
			`},`
			`args{`
			`ctx: authz.NewMockContext("instanceID", "", ""),`
			`user: &AddPublicKey{`
fix: add authenticators to user v3 endpoints 2024-09-27 17:52:18 +02:00			`UserID: "user1",`
			`PublicKey: &PublicKey{`
			`PublicKey: []byte("something"),`
			`},`
fix: add publickey endpoints 2024-09-26 19:15:03 +02:00			`},`
			`},`
			`res{`
			`err: func(err error) bool {`
			`return errors.Is(err, zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"))`
			`},`
			`},`
			`},`
			`{`
			`"userschema not existing, error",`
			`fields{`
			`eventstore: expectEventstore(`
			`filterSchemaUserExisting(),`
			`expectFilter(),`
			`),`
			`checkPermission: newMockPermissionCheckAllowed(),`
			`},`
			`args{`
			`ctx: authz.NewMockContext("instanceID", "", ""),`
			`user: &AddPublicKey{`
			`UserID: "user1",`
			`},`
			`},`
			`res{`
			`err: func(err error) bool {`
			`return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-VLDTtxT3If", "Errors.UserSchema.NotExists"))`
			`},`
			`},`
			`},`
			`{`
			`"publickey added, ok",`
			`fields{`
			`eventstore: expectEventstore(`
			`filterSchemaUserExisting(),`
			`filterSchemaExisting(),`
			`expectFilter(),`
			`expectPush(`
			`authenticator.NewPublicKeyCreatedEvent(`
			`context.Background(),`
			`&authenticator.NewAggregate("pk1", "org1").Aggregate,`
			`"user1",`
			`time.Time{},`
			`[]byte("something"),`
			`),`
			`),`
			`),`
			`checkPermission: newMockPermissionCheckAllowed(),`
			`idGenerator: mock.ExpectID(t, "pk1"),`
			`},`
			`args{`
			`ctx: authz.NewMockContext("instanceID", "", ""),`
			`user: &AddPublicKey{`
fix: add authenticators to user v3 endpoints 2024-09-27 17:52:18 +02:00			`UserID: "user1",`
			`PublicKey: &PublicKey{`
			`PublicKey: []byte("something"),`
			`},`
fix: add publickey endpoints 2024-09-26 19:15:03 +02:00			`},`
			`},`
			`res{`
			`details: &domain.ObjectDetails{`
			`ResourceOwner: "org1",`
			`},`
			`},`
			`},`
			`{`
			`"publickey added, expirationdate, ok",`
			`fields{`
			`eventstore: expectEventstore(`
			`filterSchemaUserExisting(),`
			`filterSchemaExisting(),`
			`expectFilter(),`
			`expectPush(`
			`authenticator.NewPublicKeyCreatedEvent(`
			`context.Background(),`
			`&authenticator.NewAggregate("pk1", "org1").Aggregate,`
			`"user1",`
			`time.Date(2024, time.January, 1, 1, 1, 1, 1, time.UTC),`
			`[]byte("something"),`
			`),`
			`),`
			`),`
			`checkPermission: newMockPermissionCheckAllowed(),`
			`idGenerator: mock.ExpectID(t, "pk1"),`
			`},`
			`args{`
			`ctx: authz.NewMockContext("instanceID", "", ""),`
			`user: &AddPublicKey{`
fix: add authenticators to user v3 endpoints 2024-09-27 17:52:18 +02:00			`UserID: "user1",`
			`PublicKey: &PublicKey{`
			`PublicKey: []byte("something"),`
			`ExpirationDate: time.Date(2024, time.January, 1, 1, 1, 1, 1, time.UTC),`
			`},`
fix: add publickey endpoints 2024-09-26 19:15:03 +02:00			`},`
			`},`
			`res{`
			`details: &domain.ObjectDetails{`
			`ResourceOwner: "org1",`
			`},`
			`},`
			`},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
			`c := &Commands{`
			`eventstore: tt.fields.eventstore(t),`
			`idGenerator: tt.fields.idGenerator,`
			`checkPermission: tt.fields.checkPermission,`
			`}`
			`details, err := c.AddPublicKey(tt.args.ctx, tt.args.user)`
			`if tt.res.err == nil {`
			`assert.NoError(t, err)`
			`}`
			`if tt.res.err != nil && !tt.res.err(err) {`
			`t.Errorf("got wrong err: %v ", err)`
			`}`
			`if tt.res.err == nil {`
			`assertObjectDetails(t, tt.res.details, details)`
			`}`
			`})`
			`}`
			`}`

			`func TestCommands_DeletePublicKey(t *testing.T) {`
			`type fields struct {`
			`eventstore func(t testing.T) eventstore.Eventstore`
			`checkPermission domain.PermissionCheck`
			`}`
			`type args struct {`
			`ctx context.Context`
			`resourceOwner string`
			`userID string`
			`id string`
			`}`
			`type res struct {`
			`details *domain.ObjectDetails`
			`err func(error) bool`
			`}`
			`tests := []struct {`
			`name string`
			`fields fields`
			`args args`
			`res res`
			`}{`
			`{`
			`"no userID, error",`
			`fields{`
			`eventstore: expectEventstore(),`
			`checkPermission: newMockPermissionCheckAllowed(),`
			`},`
			`args{`
			`ctx: authz.NewMockContext("instanceID", "", ""),`
			`id: "",`
			`},`
			`res{`
			`err: func(err error) bool {`
			`return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "COMMAND-hzqeAXW1qP", "Errors.IDMissing"))`
			`},`
			`},`
			`},`
			`{`
			`"no ID, error",`
			`fields{`
			`eventstore: expectEventstore(),`
			`checkPermission: newMockPermissionCheckAllowed(),`
			`},`
			`args{`
			`ctx: authz.NewMockContext("instanceID", "", ""),`
			`userID: "user1",`
			`id: "",`
			`},`
			`res{`
			`err: func(err error) bool {`
			`return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "COMMAND-BNNYJz6Yxt", "Errors.IDMissing"))`
			`},`
			`},`
			`},`
			`{`
			`"pk not existing, error",`
			`fields{`
			`eventstore: expectEventstore(`
			`expectFilter(),`
			`),`
			`checkPermission: newMockPermissionCheckAllowed(),`
			`},`
			`args{`
			`ctx: authz.NewMockContext("instanceID", "", ""),`
			`userID: "user1",`
			`id: "notexisting",`
			`},`
			`res{`
			`err: func(err error) bool {`
			`return errors.Is(err, zerrors.ThrowNotFound(nil, "TODO", "TODO"))`
			`},`
			`},`
			`},`
			`{`
			`"pk already removed, error",`
			`fields{`
			`eventstore: expectEventstore(`
			`expectFilter(`
			`eventFromEventPusher(`
			`authenticator.NewPublicKeyCreatedEvent(`
			`context.Background(),`
			`&authenticator.NewAggregate("pk1", "org1").Aggregate,`
			`"user1",`
			`time.Time{},`
			`[]byte("something"),`
			`),`
			`),`
			`eventFromEventPusher(`
			`authenticator.NewPublicKeyDeletedEvent(`
			`context.Background(),`
			`&authenticator.NewAggregate("pk1", "org1").Aggregate,`
			`),`
			`),`
			`),`
			`),`
			`checkPermission: newMockPermissionCheckAllowed(),`
			`},`
			`args{`
			`ctx: authz.NewMockContext("instanceID", "", ""),`
			`userID: "user1",`
			`id: "notexisting",`
			`},`
			`res{`
			`err: func(err error) bool {`
			`return errors.Is(err, zerrors.ThrowNotFound(nil, "TODO", "TODO"))`
			`},`
			`},`
			`},`
			`{`
			`"no permission, error",`
			`fields{`
			`eventstore: expectEventstore(`
			`filterPublicKeyExisting(),`
			`),`
			`checkPermission: newMockPermissionCheckNotAllowed(),`
			`},`
			`args{`
			`ctx: authz.NewMockContext("instanceID", "", ""),`
			`userID: "user1",`
			`id: "pk1",`
			`},`
			`res{`
			`err: func(err error) bool {`
			`return errors.Is(err, zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"))`
			`},`
			`},`
			`},`
			`{`
			`"pk removed, ok",`
			`fields{`
			`eventstore: expectEventstore(`
			`filterPublicKeyExisting(),`
			`expectPush(`
			`authenticator.NewPublicKeyDeletedEvent(`
			`context.Background(),`
			`&authenticator.NewAggregate("pk1", "org1").Aggregate,`
			`),`
			`),`
			`),`
			`checkPermission: newMockPermissionCheckAllowed(),`
			`},`
			`args{`
			`ctx: authz.NewMockContext("instanceID", "", ""),`
			`userID: "user1",`
			`id: "pk1",`
			`},`
			`res{`
			`details: &domain.ObjectDetails{`
			`ResourceOwner: "org1",`
			`},`
			`},`
			`},`
			`}`
			`for _, tt := range tests {`
			`t.Run(tt.name, func(t *testing.T) {`
			`c := &Commands{`
			`eventstore: tt.fields.eventstore(t),`
			`checkPermission: tt.fields.checkPermission,`
			`}`
			`details, err := c.DeletePublicKey(tt.args.ctx, tt.args.resourceOwner, tt.args.userID, tt.args.id)`
			`if tt.res.err == nil {`
			`assert.NoError(t, err)`
			`}`
			`if tt.res.err != nil && !tt.res.err(err) {`
			`t.Errorf("got wrong err: %v ", err)`
			`}`
			`if tt.res.err == nil {`
			`assertObjectDetails(t, tt.res.details, details)`
			`}`
			`})`
			`}`
			`}`