2021-11-26 06:57:05 +00:00
package query
import (
2024-09-17 11:34:14 +00:00
"context"
2021-11-26 06:57:05 +00:00
"database/sql"
"database/sql/driver"
"errors"
"fmt"
"regexp"
"testing"
"time"
2024-09-17 11:34:14 +00:00
sq "github.com/Masterminds/squirrel"
2022-08-31 07:52:43 +00:00
"github.com/zitadel/zitadel/internal/database"
2022-04-26 23:01:45 +00:00
"github.com/zitadel/zitadel/internal/domain"
2023-12-08 14:30:55 +00:00
"github.com/zitadel/zitadel/internal/zerrors"
2021-11-26 06:57:05 +00:00
)
var (
2024-09-17 11:34:14 +00:00
expectedAppQueryBase = ` SELECT projections.apps7.id, ` +
2024-04-05 09:35:49 +00:00
` projections.apps7.name, ` +
` projections.apps7.project_id, ` +
` projections.apps7.creation_date, ` +
` projections.apps7.change_date, ` +
` projections.apps7.resource_owner, ` +
` projections.apps7.state, ` +
` projections.apps7.sequence, ` +
2021-11-26 06:57:05 +00:00
// api config
2024-04-05 09:35:49 +00:00
` projections.apps7_api_configs.app_id, ` +
` projections.apps7_api_configs.client_id, ` +
` projections.apps7_api_configs.auth_method, ` +
2021-11-26 06:57:05 +00:00
// oidc config
2024-04-05 09:35:49 +00:00
` projections.apps7_oidc_configs.app_id, ` +
` projections.apps7_oidc_configs.version, ` +
` projections.apps7_oidc_configs.client_id, ` +
` projections.apps7_oidc_configs.redirect_uris, ` +
` projections.apps7_oidc_configs.response_types, ` +
` projections.apps7_oidc_configs.grant_types, ` +
` projections.apps7_oidc_configs.application_type, ` +
` projections.apps7_oidc_configs.auth_method_type, ` +
` projections.apps7_oidc_configs.post_logout_redirect_uris, ` +
` projections.apps7_oidc_configs.is_dev_mode, ` +
` projections.apps7_oidc_configs.access_token_type, ` +
` projections.apps7_oidc_configs.access_token_role_assertion, ` +
` projections.apps7_oidc_configs.id_token_role_assertion, ` +
` projections.apps7_oidc_configs.id_token_userinfo_assertion, ` +
` projections.apps7_oidc_configs.clock_skew, ` +
` projections.apps7_oidc_configs.additional_origins, ` +
` projections.apps7_oidc_configs.skip_native_app_success_page, ` +
2024-10-31 14:57:17 +00:00
` projections.apps7_oidc_configs.back_channel_logout_uri, ` +
2022-09-12 16:18:08 +00:00
//saml config
2024-04-05 09:35:49 +00:00
` projections.apps7_saml_configs.app_id, ` +
` projections.apps7_saml_configs.entity_id, ` +
` projections.apps7_saml_configs.metadata, ` +
` projections.apps7_saml_configs.metadata_url ` +
` FROM projections.apps7 ` +
` LEFT JOIN projections.apps7_api_configs ON projections.apps7.id = projections.apps7_api_configs.app_id AND projections.apps7.instance_id = projections.apps7_api_configs.instance_id ` +
` LEFT JOIN projections.apps7_oidc_configs ON projections.apps7.id = projections.apps7_oidc_configs.app_id AND projections.apps7.instance_id = projections.apps7_oidc_configs.instance_id ` +
2024-09-17 11:34:14 +00:00
` LEFT JOIN projections.apps7_saml_configs ON projections.apps7.id = projections.apps7_saml_configs.app_id AND projections.apps7.instance_id = projections.apps7_saml_configs.instance_id `
expectedAppQuery = regexp . QuoteMeta ( expectedAppQueryBase )
expectedActiveAppQuery = regexp . QuoteMeta ( expectedAppQueryBase +
` LEFT JOIN projections.projects4 ON projections.apps7.project_id = projections.projects4.id AND projections.apps7.instance_id = projections.projects4.instance_id ` +
` LEFT JOIN projections.orgs1 ON projections.apps7.resource_owner = projections.orgs1.id AND projections.apps7.instance_id = projections.orgs1.instance_id ` )
2024-04-05 09:35:49 +00:00
expectedAppsQuery = regexp . QuoteMeta ( ` SELECT projections.apps7.id, ` +
` projections.apps7.name, ` +
` projections.apps7.project_id, ` +
` projections.apps7.creation_date, ` +
` projections.apps7.change_date, ` +
` projections.apps7.resource_owner, ` +
` projections.apps7.state, ` +
` projections.apps7.sequence, ` +
2021-11-26 06:57:05 +00:00
// api config
2024-04-05 09:35:49 +00:00
` projections.apps7_api_configs.app_id, ` +
` projections.apps7_api_configs.client_id, ` +
` projections.apps7_api_configs.auth_method, ` +
2021-11-26 06:57:05 +00:00
// oidc config
2024-04-05 09:35:49 +00:00
` projections.apps7_oidc_configs.app_id, ` +
` projections.apps7_oidc_configs.version, ` +
` projections.apps7_oidc_configs.client_id, ` +
` projections.apps7_oidc_configs.redirect_uris, ` +
` projections.apps7_oidc_configs.response_types, ` +
` projections.apps7_oidc_configs.grant_types, ` +
` projections.apps7_oidc_configs.application_type, ` +
` projections.apps7_oidc_configs.auth_method_type, ` +
` projections.apps7_oidc_configs.post_logout_redirect_uris, ` +
` projections.apps7_oidc_configs.is_dev_mode, ` +
` projections.apps7_oidc_configs.access_token_type, ` +
` projections.apps7_oidc_configs.access_token_role_assertion, ` +
` projections.apps7_oidc_configs.id_token_role_assertion, ` +
` projections.apps7_oidc_configs.id_token_userinfo_assertion, ` +
` projections.apps7_oidc_configs.clock_skew, ` +
` projections.apps7_oidc_configs.additional_origins, ` +
` projections.apps7_oidc_configs.skip_native_app_success_page, ` +
2024-10-31 14:57:17 +00:00
` projections.apps7_oidc_configs.back_channel_logout_uri, ` +
2022-09-12 16:18:08 +00:00
//saml config
2024-04-05 09:35:49 +00:00
` projections.apps7_saml_configs.app_id, ` +
` projections.apps7_saml_configs.entity_id, ` +
` projections.apps7_saml_configs.metadata, ` +
` projections.apps7_saml_configs.metadata_url, ` +
2021-11-26 06:57:05 +00:00
` COUNT(*) OVER () ` +
2024-04-05 09:35:49 +00:00
` FROM projections.apps7 ` +
` LEFT JOIN projections.apps7_api_configs ON projections.apps7.id = projections.apps7_api_configs.app_id AND projections.apps7.instance_id = projections.apps7_api_configs.instance_id ` +
` LEFT JOIN projections.apps7_oidc_configs ON projections.apps7.id = projections.apps7_oidc_configs.app_id AND projections.apps7.instance_id = projections.apps7_oidc_configs.instance_id ` +
` LEFT JOIN projections.apps7_saml_configs ON projections.apps7.id = projections.apps7_saml_configs.app_id AND projections.apps7.instance_id = projections.apps7_saml_configs.instance_id ` +
2023-02-27 21:36:43 +00:00
` AS OF SYSTEM TIME '-1 ms' ` )
2024-04-05 09:35:49 +00:00
expectedAppIDsQuery = regexp . QuoteMeta ( ` SELECT projections.apps7_api_configs.client_id, ` +
` projections.apps7_oidc_configs.client_id ` +
` FROM projections.apps7 ` +
` LEFT JOIN projections.apps7_api_configs ON projections.apps7.id = projections.apps7_api_configs.app_id AND projections.apps7.instance_id = projections.apps7_api_configs.instance_id ` +
` LEFT JOIN projections.apps7_oidc_configs ON projections.apps7.id = projections.apps7_oidc_configs.app_id AND projections.apps7.instance_id = projections.apps7_oidc_configs.instance_id ` +
2023-02-27 21:36:43 +00:00
` AS OF SYSTEM TIME '-1 ms' ` )
2024-04-05 09:35:49 +00:00
expectedProjectIDByAppQuery = regexp . QuoteMeta ( ` SELECT projections.apps7.project_id ` +
` FROM projections.apps7 ` +
` LEFT JOIN projections.apps7_api_configs ON projections.apps7.id = projections.apps7_api_configs.app_id AND projections.apps7.instance_id = projections.apps7_api_configs.instance_id ` +
` LEFT JOIN projections.apps7_oidc_configs ON projections.apps7.id = projections.apps7_oidc_configs.app_id AND projections.apps7.instance_id = projections.apps7_oidc_configs.instance_id ` +
` LEFT JOIN projections.apps7_saml_configs ON projections.apps7.id = projections.apps7_saml_configs.app_id AND projections.apps7.instance_id = projections.apps7_saml_configs.instance_id ` +
2023-02-27 21:36:43 +00:00
` AS OF SYSTEM TIME '-1 ms' ` )
2023-11-20 15:21:08 +00:00
expectedProjectByAppQuery = regexp . QuoteMeta ( ` SELECT projections.projects4.id, ` +
` projections.projects4.creation_date, ` +
` projections.projects4.change_date, ` +
` projections.projects4.resource_owner, ` +
` projections.projects4.state, ` +
` projections.projects4.sequence, ` +
` projections.projects4.name, ` +
` projections.projects4.project_role_assertion, ` +
` projections.projects4.project_role_check, ` +
` projections.projects4.has_project_check, ` +
` projections.projects4.private_labeling_setting ` +
` FROM projections.projects4 ` +
2024-04-05 09:35:49 +00:00
` JOIN projections.apps7 ON projections.projects4.id = projections.apps7.project_id AND projections.projects4.instance_id = projections.apps7.instance_id ` +
` LEFT JOIN projections.apps7_api_configs ON projections.apps7.id = projections.apps7_api_configs.app_id AND projections.apps7.instance_id = projections.apps7_api_configs.instance_id ` +
` LEFT JOIN projections.apps7_oidc_configs ON projections.apps7.id = projections.apps7_oidc_configs.app_id AND projections.apps7.instance_id = projections.apps7_oidc_configs.instance_id ` +
` LEFT JOIN projections.apps7_saml_configs ON projections.apps7.id = projections.apps7_saml_configs.app_id AND projections.apps7.instance_id = projections.apps7_saml_configs.instance_id ` +
2023-02-27 21:36:43 +00:00
` AS OF SYSTEM TIME '-1 ms' ` )
2021-11-26 06:57:05 +00:00
2023-10-19 10:19:10 +00:00
appCols = database . TextArray [ string ] {
2021-11-26 06:57:05 +00:00
"id" ,
"name" ,
"project_id" ,
"creation_date" ,
"change_date" ,
"resource_owner" ,
"state" ,
"sequence" ,
// api config
"app_id" ,
"client_id" ,
"auth_method" ,
// oidc config
"app_id" ,
"version" ,
"client_id" ,
"redirect_uris" ,
"response_types" ,
"grant_types" ,
"application_type" ,
"auth_method_type" ,
"post_logout_redirect_uris" ,
"is_dev_mode" ,
"access_token_type" ,
"access_token_role_assertion" ,
"id_token_role_assertion" ,
"id_token_userinfo_assertion" ,
"clock_skew" ,
"additional_origins" ,
2023-04-11 15:07:32 +00:00
"skip_native_app_success_page" ,
2024-10-31 14:57:17 +00:00
"back_channel_logout_uri" ,
2022-09-12 16:18:08 +00:00
//saml config
"app_id" ,
"entity_id" ,
"metadata" ,
"metadata_url" ,
2021-11-26 06:57:05 +00:00
}
appsCols = append ( appCols , "count" )
)
func Test_AppsPrepare ( t * testing . T ) {
type want struct {
sqlExpectations sqlExpectation
err checkErr
}
tests := [ ] struct {
name string
prepare interface { }
want want
object interface { }
} {
{
name : "prepareAppsQuery no result" ,
prepare : prepareAppsQuery ,
want : want {
sqlExpectations : mockQueries (
expectedAppsQuery ,
nil ,
nil ,
) ,
} ,
object : & Apps { Apps : [ ] * App { } } ,
} ,
{
name : "prepareAppsQuery only app" ,
prepare : prepareAppsQuery ,
want : want {
sqlExpectations : mockQueries (
expectedAppsQuery ,
appsCols ,
[ ] [ ] driver . Value {
{
"app-id" ,
"app-name" ,
"project-id" ,
testNow ,
testNow ,
"ro" ,
domain . AppStateActive ,
uint64 ( 20211109 ) ,
// api config
nil ,
nil ,
nil ,
// oidc config
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
2023-04-11 15:07:32 +00:00
nil ,
2024-10-31 14:57:17 +00:00
nil ,
2022-09-12 16:18:08 +00:00
// saml config
nil ,
nil ,
nil ,
nil ,
2021-11-26 06:57:05 +00:00
} ,
} ,
) ,
} ,
object : & Apps {
SearchResponse : SearchResponse {
Count : 1 ,
} ,
Apps : [ ] * App {
{
ID : "app-id" ,
CreationDate : testNow ,
ChangeDate : testNow ,
ResourceOwner : "ro" ,
State : domain . AppStateActive ,
Sequence : 20211109 ,
Name : "app-name" ,
ProjectID : "project-id" ,
} ,
} ,
} ,
} ,
{
name : "prepareAppsQuery api app" ,
prepare : prepareAppsQuery ,
want : want {
sqlExpectations : mockQueries (
expectedAppsQuery ,
appsCols ,
[ ] [ ] driver . Value {
{
"app-id" ,
"app-name" ,
"project-id" ,
testNow ,
testNow ,
"ro" ,
domain . AppStateActive ,
uint64 ( 20211109 ) ,
// api config
"app-id" ,
"api-client-id" ,
domain . APIAuthMethodTypePrivateKeyJWT ,
// oidc config
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
2023-04-11 15:07:32 +00:00
nil ,
2024-10-31 14:57:17 +00:00
nil ,
2022-09-12 16:18:08 +00:00
// saml config
nil ,
nil ,
nil ,
nil ,
2021-11-26 06:57:05 +00:00
} ,
} ,
) ,
} ,
object : & Apps {
SearchResponse : SearchResponse {
Count : 1 ,
} ,
Apps : [ ] * App {
{
ID : "app-id" ,
CreationDate : testNow ,
ChangeDate : testNow ,
ResourceOwner : "ro" ,
State : domain . AppStateActive ,
Sequence : 20211109 ,
Name : "app-name" ,
ProjectID : "project-id" ,
APIConfig : & APIApp {
ClientID : "api-client-id" ,
AuthMethodType : domain . APIAuthMethodTypePrivateKeyJWT ,
} ,
} ,
} ,
} ,
2022-09-12 16:18:08 +00:00
} , {
name : "prepareAppsQuery saml app" ,
prepare : prepareAppsQuery ,
want : want {
sqlExpectations : mockQueries (
expectedAppsQuery ,
appsCols ,
[ ] [ ] driver . Value {
{
"app-id" ,
"app-name" ,
"project-id" ,
testNow ,
testNow ,
"ro" ,
domain . AppStateActive ,
uint64 ( 20211109 ) ,
// api config
nil ,
nil ,
nil ,
// oidc config
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
2023-04-11 15:07:32 +00:00
nil ,
2024-10-31 14:57:17 +00:00
nil ,
2022-09-12 16:18:08 +00:00
// saml config
"app-id" ,
"https://test.com/saml/metadata" ,
[ ] byte ( "<?xml version=\"1.0\"?>\n<md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\"\n validUntil=\"2022-08-26T14:08:16Z\"\n cacheDuration=\"PT604800S\"\n entityID=\"https://test.com/saml/metadata\">\n <md:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>\n <md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n Location=\"https://test.com/saml/acs\"\n index=\"1\" />\n \n </md:SPSSODescriptor>\n</md:EntityDescriptor>" ) ,
"https://test.com/saml/metadata" ,
} ,
} ,
) ,
} ,
object : & Apps {
SearchResponse : SearchResponse {
Count : 1 ,
} ,
Apps : [ ] * App {
{
ID : "app-id" ,
CreationDate : testNow ,
ChangeDate : testNow ,
ResourceOwner : "ro" ,
State : domain . AppStateActive ,
Sequence : 20211109 ,
Name : "app-name" ,
ProjectID : "project-id" ,
SAMLConfig : & SAMLApp {
Metadata : [ ] byte ( "<?xml version=\"1.0\"?>\n<md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\"\n validUntil=\"2022-08-26T14:08:16Z\"\n cacheDuration=\"PT604800S\"\n entityID=\"https://test.com/saml/metadata\">\n <md:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>\n <md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n Location=\"https://test.com/saml/acs\"\n index=\"1\" />\n \n </md:SPSSODescriptor>\n</md:EntityDescriptor>" ) ,
MetadataURL : "https://test.com/saml/metadata" ,
EntityID : "https://test.com/saml/metadata" ,
} ,
} ,
} ,
} ,
2021-11-26 06:57:05 +00:00
} ,
{
name : "prepareAppsQuery oidc app" ,
prepare : prepareAppsQuery ,
want : want {
sqlExpectations : mockQueries (
expectedAppsQuery ,
appsCols ,
[ ] [ ] driver . Value {
{
"app-id" ,
"app-name" ,
"project-id" ,
testNow ,
testNow ,
"ro" ,
domain . AppStateActive ,
uint64 ( 20211109 ) ,
// api config
nil ,
nil ,
nil ,
// oidc config
"app-id" ,
domain . OIDCVersionV1 ,
"oidc-client-id" ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "https://redirect.to/me" } ,
2024-03-27 13:48:22 +00:00
database . NumberArray [ domain . OIDCResponseType ] { domain . OIDCResponseTypeIDTokenToken } ,
database . NumberArray [ domain . OIDCGrantType ] { domain . OIDCGrantTypeImplicit } ,
2021-11-26 06:57:05 +00:00
domain . OIDCApplicationTypeUserAgent ,
domain . OIDCAuthMethodTypeNone ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "post.logout.ch" } ,
2021-11-26 06:57:05 +00:00
true ,
domain . OIDCTokenTypeJWT ,
true ,
true ,
true ,
1 * time . Second ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "additional.origin" } ,
2023-04-11 15:07:32 +00:00
false ,
2024-10-31 14:57:17 +00:00
"back.channel.logout.ch" ,
2022-09-12 16:18:08 +00:00
// saml config
nil ,
nil ,
nil ,
nil ,
2021-11-26 06:57:05 +00:00
} ,
} ,
) ,
} ,
object : & Apps {
SearchResponse : SearchResponse {
Count : 1 ,
} ,
Apps : [ ] * App {
{
ID : "app-id" ,
CreationDate : testNow ,
ChangeDate : testNow ,
ResourceOwner : "ro" ,
State : domain . AppStateActive ,
Sequence : 20211109 ,
Name : "app-name" ,
ProjectID : "project-id" ,
OIDCConfig : & OIDCApp {
2023-04-11 15:07:32 +00:00
Version : domain . OIDCVersionV1 ,
ClientID : "oidc-client-id" ,
2023-10-19 10:19:10 +00:00
RedirectURIs : database . TextArray [ string ] { "https://redirect.to/me" } ,
2024-03-27 13:48:22 +00:00
ResponseTypes : database . NumberArray [ domain . OIDCResponseType ] { domain . OIDCResponseTypeIDTokenToken } ,
GrantTypes : database . NumberArray [ domain . OIDCGrantType ] { domain . OIDCGrantTypeImplicit } ,
2023-04-11 15:07:32 +00:00
AppType : domain . OIDCApplicationTypeUserAgent ,
AuthMethodType : domain . OIDCAuthMethodTypeNone ,
2023-10-19 10:19:10 +00:00
PostLogoutRedirectURIs : database . TextArray [ string ] { "post.logout.ch" } ,
2023-04-11 15:07:32 +00:00
IsDevMode : true ,
AccessTokenType : domain . OIDCTokenTypeJWT ,
AssertAccessTokenRole : true ,
AssertIDTokenRole : true ,
AssertIDTokenUserinfo : true ,
ClockSkew : 1 * time . Second ,
2023-10-19 10:19:10 +00:00
AdditionalOrigins : database . TextArray [ string ] { "additional.origin" } ,
2023-04-11 15:07:32 +00:00
ComplianceProblems : nil ,
2023-10-19 10:19:10 +00:00
AllowedOrigins : database . TextArray [ string ] { "https://redirect.to" , "additional.origin" } ,
2023-04-11 15:07:32 +00:00
SkipNativeAppSuccessPage : false ,
2024-10-31 14:57:17 +00:00
BackChannelLogoutURI : "back.channel.logout.ch" ,
2021-11-26 06:57:05 +00:00
} ,
} ,
} ,
} ,
} ,
{
name : "prepareAppsQuery oidc app AssertIDTokenUserinfo active" ,
prepare : prepareAppsQuery ,
want : want {
sqlExpectations : mockQueries (
expectedAppsQuery ,
appsCols ,
[ ] [ ] driver . Value {
{
"app-id" ,
"app-name" ,
"project-id" ,
testNow ,
testNow ,
"ro" ,
domain . AppStateActive ,
uint64 ( 20211109 ) ,
// api config
nil ,
nil ,
nil ,
// oidc config
"app-id" ,
domain . OIDCVersionV1 ,
"oidc-client-id" ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "https://redirect.to/me" } ,
2024-03-27 13:48:22 +00:00
database . NumberArray [ domain . OIDCResponseType ] { domain . OIDCResponseTypeIDTokenToken } ,
database . NumberArray [ domain . OIDCGrantType ] { domain . OIDCGrantTypeImplicit } ,
2021-11-26 06:57:05 +00:00
domain . OIDCApplicationTypeUserAgent ,
domain . OIDCAuthMethodTypeNone ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "post.logout.ch" } ,
2021-11-26 06:57:05 +00:00
false ,
domain . OIDCTokenTypeJWT ,
false ,
false ,
true ,
1 * time . Second ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "additional.origin" } ,
2023-04-11 15:07:32 +00:00
false ,
2024-10-31 14:57:17 +00:00
"back.channel.logout.ch" ,
2022-09-12 16:18:08 +00:00
// saml config
nil ,
nil ,
nil ,
nil ,
2021-11-26 06:57:05 +00:00
} ,
} ,
) ,
} ,
object : & Apps {
SearchResponse : SearchResponse {
Count : 1 ,
} ,
Apps : [ ] * App {
{
ID : "app-id" ,
CreationDate : testNow ,
ChangeDate : testNow ,
ResourceOwner : "ro" ,
State : domain . AppStateActive ,
Sequence : 20211109 ,
Name : "app-name" ,
ProjectID : "project-id" ,
OIDCConfig : & OIDCApp {
2023-04-11 15:07:32 +00:00
Version : domain . OIDCVersionV1 ,
ClientID : "oidc-client-id" ,
2023-10-19 10:19:10 +00:00
RedirectURIs : database . TextArray [ string ] { "https://redirect.to/me" } ,
2024-03-27 13:48:22 +00:00
ResponseTypes : database . NumberArray [ domain . OIDCResponseType ] { domain . OIDCResponseTypeIDTokenToken } ,
GrantTypes : database . NumberArray [ domain . OIDCGrantType ] { domain . OIDCGrantTypeImplicit } ,
2023-04-11 15:07:32 +00:00
AppType : domain . OIDCApplicationTypeUserAgent ,
AuthMethodType : domain . OIDCAuthMethodTypeNone ,
2023-10-19 10:19:10 +00:00
PostLogoutRedirectURIs : database . TextArray [ string ] { "post.logout.ch" } ,
2023-04-11 15:07:32 +00:00
IsDevMode : false ,
AccessTokenType : domain . OIDCTokenTypeJWT ,
AssertAccessTokenRole : false ,
AssertIDTokenRole : false ,
AssertIDTokenUserinfo : true ,
ClockSkew : 1 * time . Second ,
2023-10-19 10:19:10 +00:00
AdditionalOrigins : database . TextArray [ string ] { "additional.origin" } ,
2023-04-11 15:07:32 +00:00
ComplianceProblems : nil ,
2023-10-19 10:19:10 +00:00
AllowedOrigins : database . TextArray [ string ] { "https://redirect.to" , "additional.origin" } ,
2023-04-11 15:07:32 +00:00
SkipNativeAppSuccessPage : false ,
2024-10-31 14:57:17 +00:00
BackChannelLogoutURI : "back.channel.logout.ch" ,
2021-11-26 06:57:05 +00:00
} ,
} ,
} ,
} ,
} ,
{
name : "prepareAppsQuery oidc app AssertIDTokenRole active" ,
prepare : prepareAppsQuery ,
want : want {
sqlExpectations : mockQueries (
expectedAppsQuery ,
appsCols ,
[ ] [ ] driver . Value {
{
"app-id" ,
"app-name" ,
"project-id" ,
testNow ,
testNow ,
"ro" ,
domain . AppStateActive ,
uint64 ( 20211109 ) ,
// api config
nil ,
nil ,
nil ,
// oidc config
"app-id" ,
domain . OIDCVersionV1 ,
"oidc-client-id" ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "https://redirect.to/me" } ,
2024-03-27 13:48:22 +00:00
database . NumberArray [ domain . OIDCResponseType ] { domain . OIDCResponseTypeIDTokenToken } ,
database . NumberArray [ domain . OIDCGrantType ] { domain . OIDCGrantTypeImplicit } ,
2021-11-26 06:57:05 +00:00
domain . OIDCApplicationTypeUserAgent ,
domain . OIDCAuthMethodTypeNone ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "post.logout.ch" } ,
2021-11-26 06:57:05 +00:00
true ,
domain . OIDCTokenTypeJWT ,
true ,
false ,
true ,
1 * time . Second ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "additional.origin" } ,
2023-04-11 15:07:32 +00:00
false ,
2024-10-31 14:57:17 +00:00
"back.channel.logout.ch" ,
2022-09-12 16:18:08 +00:00
// saml config
nil ,
nil ,
nil ,
nil ,
2021-11-26 06:57:05 +00:00
} ,
} ,
) ,
} ,
object : & Apps {
SearchResponse : SearchResponse {
Count : 1 ,
} ,
Apps : [ ] * App {
{
ID : "app-id" ,
CreationDate : testNow ,
ChangeDate : testNow ,
ResourceOwner : "ro" ,
State : domain . AppStateActive ,
Sequence : 20211109 ,
Name : "app-name" ,
ProjectID : "project-id" ,
OIDCConfig : & OIDCApp {
2023-04-11 15:07:32 +00:00
Version : domain . OIDCVersionV1 ,
ClientID : "oidc-client-id" ,
2023-10-19 10:19:10 +00:00
RedirectURIs : database . TextArray [ string ] { "https://redirect.to/me" } ,
2024-03-27 13:48:22 +00:00
ResponseTypes : database . NumberArray [ domain . OIDCResponseType ] { domain . OIDCResponseTypeIDTokenToken } ,
GrantTypes : database . NumberArray [ domain . OIDCGrantType ] { domain . OIDCGrantTypeImplicit } ,
2023-04-11 15:07:32 +00:00
AppType : domain . OIDCApplicationTypeUserAgent ,
AuthMethodType : domain . OIDCAuthMethodTypeNone ,
2023-10-19 10:19:10 +00:00
PostLogoutRedirectURIs : database . TextArray [ string ] { "post.logout.ch" } ,
2023-04-11 15:07:32 +00:00
IsDevMode : true ,
AccessTokenType : domain . OIDCTokenTypeJWT ,
AssertAccessTokenRole : true ,
AssertIDTokenRole : false ,
AssertIDTokenUserinfo : true ,
ClockSkew : 1 * time . Second ,
2023-10-19 10:19:10 +00:00
AdditionalOrigins : database . TextArray [ string ] { "additional.origin" } ,
2023-04-11 15:07:32 +00:00
ComplianceProblems : nil ,
2023-10-19 10:19:10 +00:00
AllowedOrigins : database . TextArray [ string ] { "https://redirect.to" , "additional.origin" } ,
2023-04-11 15:07:32 +00:00
SkipNativeAppSuccessPage : false ,
2024-10-31 14:57:17 +00:00
BackChannelLogoutURI : "back.channel.logout.ch" ,
2021-11-26 06:57:05 +00:00
} ,
} ,
} ,
} ,
} ,
{
name : "prepareAppsQuery oidc app AssertAccessTokenRole active" ,
prepare : prepareAppsQuery ,
want : want {
sqlExpectations : mockQueries (
expectedAppsQuery ,
appsCols ,
[ ] [ ] driver . Value {
{
"app-id" ,
"app-name" ,
"project-id" ,
testNow ,
testNow ,
"ro" ,
domain . AppStateActive ,
uint64 ( 20211109 ) ,
// api config
nil ,
nil ,
nil ,
// oidc config
"app-id" ,
domain . OIDCVersionV1 ,
"oidc-client-id" ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "https://redirect.to/me" } ,
2024-03-27 13:48:22 +00:00
database . NumberArray [ domain . OIDCResponseType ] { domain . OIDCResponseTypeIDTokenToken } ,
database . NumberArray [ domain . OIDCGrantType ] { domain . OIDCGrantTypeImplicit } ,
2021-11-26 06:57:05 +00:00
domain . OIDCApplicationTypeUserAgent ,
domain . OIDCAuthMethodTypeNone ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "post.logout.ch" } ,
2021-11-26 06:57:05 +00:00
false ,
domain . OIDCTokenTypeJWT ,
false ,
true ,
true ,
1 * time . Second ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "additional.origin" } ,
2023-04-11 15:07:32 +00:00
false ,
2024-10-31 14:57:17 +00:00
"back.channel.logout.ch" ,
2022-09-12 16:18:08 +00:00
// saml config
nil ,
nil ,
nil ,
nil ,
2021-11-26 06:57:05 +00:00
} ,
} ,
) ,
} ,
object : & Apps {
SearchResponse : SearchResponse {
Count : 1 ,
} ,
Apps : [ ] * App {
{
ID : "app-id" ,
CreationDate : testNow ,
ChangeDate : testNow ,
ResourceOwner : "ro" ,
State : domain . AppStateActive ,
Sequence : 20211109 ,
Name : "app-name" ,
ProjectID : "project-id" ,
OIDCConfig : & OIDCApp {
2023-04-11 15:07:32 +00:00
Version : domain . OIDCVersionV1 ,
ClientID : "oidc-client-id" ,
2023-10-19 10:19:10 +00:00
RedirectURIs : database . TextArray [ string ] { "https://redirect.to/me" } ,
2024-03-27 13:48:22 +00:00
ResponseTypes : database . NumberArray [ domain . OIDCResponseType ] { domain . OIDCResponseTypeIDTokenToken } ,
GrantTypes : database . NumberArray [ domain . OIDCGrantType ] { domain . OIDCGrantTypeImplicit } ,
2023-04-11 15:07:32 +00:00
AppType : domain . OIDCApplicationTypeUserAgent ,
AuthMethodType : domain . OIDCAuthMethodTypeNone ,
2023-10-19 10:19:10 +00:00
PostLogoutRedirectURIs : database . TextArray [ string ] { "post.logout.ch" } ,
2023-04-11 15:07:32 +00:00
IsDevMode : false ,
AccessTokenType : domain . OIDCTokenTypeJWT ,
AssertAccessTokenRole : false ,
AssertIDTokenRole : true ,
AssertIDTokenUserinfo : true ,
ClockSkew : 1 * time . Second ,
2023-10-19 10:19:10 +00:00
AdditionalOrigins : database . TextArray [ string ] { "additional.origin" } ,
2023-04-11 15:07:32 +00:00
ComplianceProblems : nil ,
2023-10-19 10:19:10 +00:00
AllowedOrigins : database . TextArray [ string ] { "https://redirect.to" , "additional.origin" } ,
2023-04-11 15:07:32 +00:00
SkipNativeAppSuccessPage : false ,
2024-10-31 14:57:17 +00:00
BackChannelLogoutURI : "back.channel.logout.ch" ,
2021-11-26 06:57:05 +00:00
} ,
} ,
} ,
} ,
} ,
{
name : "prepareAppsQuery oidc app IsDevMode active" ,
prepare : prepareAppsQuery ,
want : want {
sqlExpectations : mockQueries (
expectedAppsQuery ,
appsCols ,
[ ] [ ] driver . Value {
{
"app-id" ,
"app-name" ,
"project-id" ,
testNow ,
testNow ,
"ro" ,
domain . AppStateActive ,
uint64 ( 20211109 ) ,
// api config
nil ,
nil ,
nil ,
// oidc config
"app-id" ,
domain . OIDCVersionV1 ,
"oidc-client-id" ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "https://redirect.to/me" } ,
2024-03-27 13:48:22 +00:00
database . NumberArray [ domain . OIDCResponseType ] { domain . OIDCResponseTypeIDTokenToken } ,
database . NumberArray [ domain . OIDCGrantType ] { domain . OIDCGrantTypeImplicit } ,
2021-11-26 06:57:05 +00:00
domain . OIDCApplicationTypeUserAgent ,
domain . OIDCAuthMethodTypeNone ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "post.logout.ch" } ,
2021-11-26 06:57:05 +00:00
false ,
domain . OIDCTokenTypeJWT ,
true ,
true ,
true ,
1 * time . Second ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "additional.origin" } ,
2023-04-11 15:07:32 +00:00
false ,
2024-10-31 14:57:17 +00:00
"back.channel.logout.ch" ,
2022-09-12 16:18:08 +00:00
// saml config
nil ,
nil ,
nil ,
nil ,
2021-11-26 06:57:05 +00:00
} ,
} ,
) ,
} ,
object : & Apps {
SearchResponse : SearchResponse {
Count : 1 ,
} ,
Apps : [ ] * App {
{
ID : "app-id" ,
CreationDate : testNow ,
ChangeDate : testNow ,
ResourceOwner : "ro" ,
State : domain . AppStateActive ,
Sequence : 20211109 ,
Name : "app-name" ,
ProjectID : "project-id" ,
OIDCConfig : & OIDCApp {
2023-04-11 15:07:32 +00:00
Version : domain . OIDCVersionV1 ,
ClientID : "oidc-client-id" ,
2023-10-19 10:19:10 +00:00
RedirectURIs : database . TextArray [ string ] { "https://redirect.to/me" } ,
2024-03-27 13:48:22 +00:00
ResponseTypes : database . NumberArray [ domain . OIDCResponseType ] { domain . OIDCResponseTypeIDTokenToken } ,
GrantTypes : database . NumberArray [ domain . OIDCGrantType ] { domain . OIDCGrantTypeImplicit } ,
2023-04-11 15:07:32 +00:00
AppType : domain . OIDCApplicationTypeUserAgent ,
AuthMethodType : domain . OIDCAuthMethodTypeNone ,
2023-10-19 10:19:10 +00:00
PostLogoutRedirectURIs : database . TextArray [ string ] { "post.logout.ch" } ,
2023-04-11 15:07:32 +00:00
IsDevMode : false ,
AccessTokenType : domain . OIDCTokenTypeJWT ,
AssertAccessTokenRole : true ,
AssertIDTokenRole : true ,
AssertIDTokenUserinfo : true ,
ClockSkew : 1 * time . Second ,
2023-10-19 10:19:10 +00:00
AdditionalOrigins : database . TextArray [ string ] { "additional.origin" } ,
2023-04-11 15:07:32 +00:00
ComplianceProblems : nil ,
2023-10-19 10:19:10 +00:00
AllowedOrigins : database . TextArray [ string ] { "https://redirect.to" , "additional.origin" } ,
2023-04-11 15:07:32 +00:00
SkipNativeAppSuccessPage : false ,
2024-10-31 14:57:17 +00:00
BackChannelLogoutURI : "back.channel.logout.ch" ,
2023-04-11 15:07:32 +00:00
} ,
} ,
} ,
} ,
} ,
{
name : "prepareAppsQuery oidc app native success page skip" ,
prepare : prepareAppsQuery ,
want : want {
sqlExpectations : mockQueries (
expectedAppsQuery ,
appsCols ,
[ ] [ ] driver . Value {
{
"app-id" ,
"app-name" ,
"project-id" ,
testNow ,
testNow ,
"ro" ,
domain . AppStateActive ,
uint64 ( 20211109 ) ,
// api config
nil ,
nil ,
nil ,
// oidc config
"app-id" ,
domain . OIDCVersionV1 ,
"oidc-client-id" ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "https://redirect.to/me" } ,
2024-03-27 13:48:22 +00:00
database . NumberArray [ domain . OIDCResponseType ] { domain . OIDCResponseTypeIDTokenToken } ,
database . NumberArray [ domain . OIDCGrantType ] { domain . OIDCGrantTypeImplicit } ,
2023-04-11 15:07:32 +00:00
domain . OIDCApplicationTypeNative ,
domain . OIDCAuthMethodTypeNone ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "post.logout.ch" } ,
2023-04-11 15:07:32 +00:00
false ,
domain . OIDCTokenTypeJWT ,
false ,
false ,
true ,
1 * time . Second ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "additional.origin" } ,
2023-04-11 15:07:32 +00:00
true ,
2024-10-31 14:57:17 +00:00
"back.channel.logout.ch" ,
2023-04-11 15:07:32 +00:00
// saml config
nil ,
nil ,
nil ,
nil ,
} ,
} ,
) ,
} ,
object : & Apps {
SearchResponse : SearchResponse {
Count : 1 ,
} ,
Apps : [ ] * App {
{
ID : "app-id" ,
CreationDate : testNow ,
ChangeDate : testNow ,
ResourceOwner : "ro" ,
State : domain . AppStateActive ,
Sequence : 20211109 ,
Name : "app-name" ,
ProjectID : "project-id" ,
OIDCConfig : & OIDCApp {
Version : domain . OIDCVersionV1 ,
ClientID : "oidc-client-id" ,
2023-10-19 10:19:10 +00:00
RedirectURIs : database . TextArray [ string ] { "https://redirect.to/me" } ,
2024-03-27 13:48:22 +00:00
ResponseTypes : database . NumberArray [ domain . OIDCResponseType ] { domain . OIDCResponseTypeIDTokenToken } ,
GrantTypes : database . NumberArray [ domain . OIDCGrantType ] { domain . OIDCGrantTypeImplicit } ,
2023-04-11 15:07:32 +00:00
AppType : domain . OIDCApplicationTypeNative ,
AuthMethodType : domain . OIDCAuthMethodTypeNone ,
2023-10-19 10:19:10 +00:00
PostLogoutRedirectURIs : database . TextArray [ string ] { "post.logout.ch" } ,
2023-04-11 15:07:32 +00:00
IsDevMode : false ,
AccessTokenType : domain . OIDCTokenTypeJWT ,
AssertAccessTokenRole : false ,
AssertIDTokenRole : false ,
AssertIDTokenUserinfo : true ,
ClockSkew : 1 * time . Second ,
2023-10-19 10:19:10 +00:00
AdditionalOrigins : database . TextArray [ string ] { "additional.origin" } ,
2023-04-11 15:07:32 +00:00
ComplianceProblems : nil ,
2023-10-19 10:19:10 +00:00
AllowedOrigins : database . TextArray [ string ] { "https://redirect.to" , "additional.origin" } ,
2023-04-11 15:07:32 +00:00
SkipNativeAppSuccessPage : true ,
2024-10-31 14:57:17 +00:00
BackChannelLogoutURI : "back.channel.logout.ch" ,
2021-11-26 06:57:05 +00:00
} ,
} ,
} ,
} ,
} ,
{
name : "prepareAppsQuery multiple result" ,
prepare : prepareAppsQuery ,
want : want {
sqlExpectations : mockQueries (
expectedAppsQuery ,
appsCols ,
[ ] [ ] driver . Value {
{
"oidc-app-id" ,
"app-name" ,
"project-id" ,
testNow ,
testNow ,
"ro" ,
domain . AppStateActive ,
uint64 ( 20211109 ) ,
// api config
nil ,
nil ,
nil ,
// oidc config
"oidc-app-id" ,
domain . OIDCVersionV1 ,
"oidc-client-id" ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "https://redirect.to/me" } ,
2024-03-27 13:48:22 +00:00
database . NumberArray [ domain . OIDCResponseType ] { domain . OIDCResponseTypeIDTokenToken } ,
database . NumberArray [ domain . OIDCGrantType ] { domain . OIDCGrantTypeImplicit } ,
2021-11-26 06:57:05 +00:00
domain . OIDCApplicationTypeUserAgent ,
domain . OIDCAuthMethodTypeNone ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "post.logout.ch" } ,
2021-11-26 06:57:05 +00:00
true ,
domain . OIDCTokenTypeJWT ,
true ,
true ,
true ,
1 * time . Second ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "additional.origin" } ,
2023-04-11 15:07:32 +00:00
false ,
2024-10-31 14:57:17 +00:00
"back.channel.logout.ch" ,
2022-09-12 16:18:08 +00:00
// saml config
nil ,
nil ,
nil ,
nil ,
2021-11-26 06:57:05 +00:00
} ,
{
"api-app-id" ,
"app-name" ,
"project-id" ,
testNow ,
testNow ,
"ro" ,
domain . AppStateActive ,
uint64 ( 20211109 ) ,
// api config
"api-app-id" ,
"api-client-id" ,
domain . APIAuthMethodTypePrivateKeyJWT ,
// oidc config
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
2023-04-11 15:07:32 +00:00
nil ,
2024-10-31 14:57:17 +00:00
nil ,
2022-09-12 16:18:08 +00:00
// saml config
nil ,
nil ,
nil ,
nil ,
} ,
{
"saml-app-id" ,
"app-name" ,
"project-id" ,
testNow ,
testNow ,
"ro" ,
domain . AppStateActive ,
uint64 ( 20211109 ) ,
// api config
nil ,
nil ,
nil ,
// oidc config
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
2023-04-11 15:07:32 +00:00
nil ,
2024-10-31 14:57:17 +00:00
nil ,
2022-09-12 16:18:08 +00:00
// saml config
"saml-app-id" ,
"https://test.com/saml/metadata" ,
[ ] byte ( "<?xml version=\"1.0\"?>\n<md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\"\n validUntil=\"2022-08-26T14:08:16Z\"\n cacheDuration=\"PT604800S\"\n entityID=\"https://test.com/saml/metadata\">\n <md:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>\n <md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n Location=\"https://test.com/saml/acs\"\n index=\"1\" />\n \n </md:SPSSODescriptor>\n</md:EntityDescriptor>" ) ,
"https://test.com/saml/metadata" ,
2021-11-26 06:57:05 +00:00
} ,
} ,
) ,
} ,
object : & Apps {
SearchResponse : SearchResponse {
2022-09-12 16:18:08 +00:00
Count : 3 ,
2021-11-26 06:57:05 +00:00
} ,
Apps : [ ] * App {
{
ID : "oidc-app-id" ,
CreationDate : testNow ,
ChangeDate : testNow ,
ResourceOwner : "ro" ,
State : domain . AppStateActive ,
Sequence : 20211109 ,
Name : "app-name" ,
ProjectID : "project-id" ,
OIDCConfig : & OIDCApp {
2023-04-11 15:07:32 +00:00
Version : domain . OIDCVersionV1 ,
ClientID : "oidc-client-id" ,
2023-10-19 10:19:10 +00:00
RedirectURIs : database . TextArray [ string ] { "https://redirect.to/me" } ,
2024-03-27 13:48:22 +00:00
ResponseTypes : database . NumberArray [ domain . OIDCResponseType ] { domain . OIDCResponseTypeIDTokenToken } ,
GrantTypes : database . NumberArray [ domain . OIDCGrantType ] { domain . OIDCGrantTypeImplicit } ,
2023-04-11 15:07:32 +00:00
AppType : domain . OIDCApplicationTypeUserAgent ,
AuthMethodType : domain . OIDCAuthMethodTypeNone ,
2023-10-19 10:19:10 +00:00
PostLogoutRedirectURIs : database . TextArray [ string ] { "post.logout.ch" } ,
2023-04-11 15:07:32 +00:00
IsDevMode : true ,
AccessTokenType : domain . OIDCTokenTypeJWT ,
AssertAccessTokenRole : true ,
AssertIDTokenRole : true ,
AssertIDTokenUserinfo : true ,
ClockSkew : 1 * time . Second ,
2023-10-19 10:19:10 +00:00
AdditionalOrigins : database . TextArray [ string ] { "additional.origin" } ,
2023-04-11 15:07:32 +00:00
ComplianceProblems : nil ,
2023-10-19 10:19:10 +00:00
AllowedOrigins : database . TextArray [ string ] { "https://redirect.to" , "additional.origin" } ,
2023-04-11 15:07:32 +00:00
SkipNativeAppSuccessPage : false ,
2024-10-31 14:57:17 +00:00
BackChannelLogoutURI : "back.channel.logout.ch" ,
2021-11-26 06:57:05 +00:00
} ,
} ,
{
ID : "api-app-id" ,
CreationDate : testNow ,
ChangeDate : testNow ,
ResourceOwner : "ro" ,
State : domain . AppStateActive ,
Sequence : 20211109 ,
Name : "app-name" ,
ProjectID : "project-id" ,
APIConfig : & APIApp {
ClientID : "api-client-id" ,
AuthMethodType : domain . APIAuthMethodTypePrivateKeyJWT ,
} ,
} ,
2022-09-12 16:18:08 +00:00
{
ID : "saml-app-id" ,
CreationDate : testNow ,
ChangeDate : testNow ,
ResourceOwner : "ro" ,
State : domain . AppStateActive ,
Sequence : 20211109 ,
Name : "app-name" ,
ProjectID : "project-id" ,
SAMLConfig : & SAMLApp {
Metadata : [ ] byte ( "<?xml version=\"1.0\"?>\n<md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\"\n validUntil=\"2022-08-26T14:08:16Z\"\n cacheDuration=\"PT604800S\"\n entityID=\"https://test.com/saml/metadata\">\n <md:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>\n <md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n Location=\"https://test.com/saml/acs\"\n index=\"1\" />\n \n </md:SPSSODescriptor>\n</md:EntityDescriptor>" ) ,
MetadataURL : "https://test.com/saml/metadata" ,
EntityID : "https://test.com/saml/metadata" ,
} ,
} ,
2021-11-26 06:57:05 +00:00
} ,
} ,
} ,
{
name : "prepareAppsQuery sql err" ,
prepare : prepareAppsQuery ,
want : want {
sqlExpectations : mockQueryErr (
expectedAppsQuery ,
sql . ErrConnDone ,
) ,
err : func ( err error ) ( error , bool ) {
if ! errors . Is ( err , sql . ErrConnDone ) {
return fmt . Errorf ( "err should be sql.ErrConnDone got: %w" , err ) , false
}
return nil , true
} ,
} ,
2023-08-22 12:49:02 +00:00
object : ( * App ) ( nil ) ,
2021-11-26 06:57:05 +00:00
} ,
}
for _ , tt := range tests {
t . Run ( tt . name , func ( t * testing . T ) {
2024-03-27 13:48:22 +00:00
if tt . name == "prepareAppsQuery oidc app" {
_ = tt . name
}
2023-02-27 21:36:43 +00:00
assertPrepare ( t , tt . prepare , tt . object , tt . want . sqlExpectations , tt . want . err , defaultPrepareArgs ... )
2021-11-26 06:57:05 +00:00
} )
}
}
func Test_AppPrepare ( t * testing . T ) {
type want struct {
sqlExpectations sqlExpectation
err checkErr
}
tests := [ ] struct {
name string
prepare interface { }
want want
object interface { }
} {
{
2024-09-17 11:34:14 +00:00
name : "prepareAppQuery no result" ,
prepare : func ( ctx context . Context , db prepareDatabase ) ( sq . SelectBuilder , func ( * sql . Row ) ( * App , error ) ) {
return prepareAppQuery ( ctx , db , false )
} ,
2021-11-26 06:57:05 +00:00
want : want {
2023-08-22 12:49:02 +00:00
sqlExpectations : mockQueriesScanErr (
2021-11-26 06:57:05 +00:00
expectedAppQuery ,
nil ,
nil ,
) ,
err : func ( err error ) ( error , bool ) {
2023-12-08 14:30:55 +00:00
if ! zerrors . IsNotFound ( err ) {
2021-11-26 06:57:05 +00:00
return fmt . Errorf ( "err should be zitadel.NotFoundError got: %w" , err ) , false
}
return nil , true
} ,
} ,
object : ( * App ) ( nil ) ,
} ,
{
2024-09-17 11:34:14 +00:00
name : "prepareAppQuery found" ,
prepare : func ( ctx context . Context , db prepareDatabase ) ( sq . SelectBuilder , func ( * sql . Row ) ( * App , error ) ) {
return prepareAppQuery ( ctx , db , false )
} ,
2021-11-26 06:57:05 +00:00
want : want {
sqlExpectations : mockQuery (
expectedAppQuery ,
appCols ,
[ ] driver . Value {
"app-id" ,
"app-name" ,
"project-id" ,
testNow ,
testNow ,
"ro" ,
domain . AppStateActive ,
uint64 ( 20211109 ) ,
// api config
nil ,
nil ,
nil ,
// oidc config
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
2023-04-11 15:07:32 +00:00
nil ,
2024-10-31 14:57:17 +00:00
nil ,
2022-09-12 16:18:08 +00:00
// saml config
nil ,
nil ,
nil ,
nil ,
2021-11-26 06:57:05 +00:00
} ,
) ,
} ,
object : & App {
ID : "app-id" ,
CreationDate : testNow ,
ChangeDate : testNow ,
ResourceOwner : "ro" ,
State : domain . AppStateActive ,
Sequence : 20211109 ,
Name : "app-name" ,
ProjectID : "project-id" ,
} ,
} ,
{
2024-09-17 11:34:14 +00:00
name : "prepareAppQuery api app" ,
prepare : func ( ctx context . Context , db prepareDatabase ) ( sq . SelectBuilder , func ( * sql . Row ) ( * App , error ) ) {
return prepareAppQuery ( ctx , db , false )
} ,
2021-11-26 06:57:05 +00:00
want : want {
sqlExpectations : mockQueries (
expectedAppQuery ,
appCols ,
[ ] [ ] driver . Value {
{
"app-id" ,
"app-name" ,
"project-id" ,
testNow ,
testNow ,
"ro" ,
domain . AppStateActive ,
uint64 ( 20211109 ) ,
// api config
"app-id" ,
"api-client-id" ,
domain . APIAuthMethodTypePrivateKeyJWT ,
// oidc config
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
2023-04-11 15:07:32 +00:00
nil ,
2024-10-31 14:57:17 +00:00
nil ,
2022-09-12 16:18:08 +00:00
// saml config
nil ,
nil ,
nil ,
nil ,
2021-11-26 06:57:05 +00:00
} ,
} ,
) ,
} ,
object : & App {
ID : "app-id" ,
CreationDate : testNow ,
ChangeDate : testNow ,
ResourceOwner : "ro" ,
State : domain . AppStateActive ,
Sequence : 20211109 ,
Name : "app-name" ,
ProjectID : "project-id" ,
APIConfig : & APIApp {
ClientID : "api-client-id" ,
AuthMethodType : domain . APIAuthMethodTypePrivateKeyJWT ,
} ,
} ,
} ,
{
2024-09-17 11:34:14 +00:00
name : "prepareAppQuery oidc app" ,
prepare : func ( ctx context . Context , db prepareDatabase ) ( sq . SelectBuilder , func ( * sql . Row ) ( * App , error ) ) {
return prepareAppQuery ( ctx , db , false )
} ,
2021-11-26 06:57:05 +00:00
want : want {
sqlExpectations : mockQueries (
expectedAppQuery ,
appCols ,
[ ] [ ] driver . Value {
{
"app-id" ,
"app-name" ,
"project-id" ,
testNow ,
testNow ,
"ro" ,
domain . AppStateActive ,
uint64 ( 20211109 ) ,
// api config
nil ,
nil ,
nil ,
// oidc config
"app-id" ,
domain . OIDCVersionV1 ,
"oidc-client-id" ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "https://redirect.to/me" } ,
2024-03-27 13:48:22 +00:00
database . NumberArray [ domain . OIDCResponseType ] { domain . OIDCResponseTypeIDTokenToken } ,
database . NumberArray [ domain . OIDCGrantType ] { domain . OIDCGrantTypeImplicit } ,
2021-11-26 06:57:05 +00:00
domain . OIDCApplicationTypeUserAgent ,
domain . OIDCAuthMethodTypeNone ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "post.logout.ch" } ,
2021-11-26 06:57:05 +00:00
true ,
domain . OIDCTokenTypeJWT ,
true ,
true ,
true ,
1 * time . Second ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "additional.origin" } ,
2023-04-11 15:07:32 +00:00
false ,
2024-10-31 14:57:17 +00:00
"back.channel.logout.ch" ,
2022-09-12 16:18:08 +00:00
// saml config
nil ,
nil ,
nil ,
nil ,
2021-11-26 06:57:05 +00:00
} ,
} ,
) ,
} ,
object : & App {
ID : "app-id" ,
CreationDate : testNow ,
ChangeDate : testNow ,
ResourceOwner : "ro" ,
State : domain . AppStateActive ,
Sequence : 20211109 ,
Name : "app-name" ,
ProjectID : "project-id" ,
OIDCConfig : & OIDCApp {
2023-04-11 15:07:32 +00:00
Version : domain . OIDCVersionV1 ,
ClientID : "oidc-client-id" ,
2023-10-19 10:19:10 +00:00
RedirectURIs : database . TextArray [ string ] { "https://redirect.to/me" } ,
2024-03-27 13:48:22 +00:00
ResponseTypes : database . NumberArray [ domain . OIDCResponseType ] { domain . OIDCResponseTypeIDTokenToken } ,
GrantTypes : database . NumberArray [ domain . OIDCGrantType ] { domain . OIDCGrantTypeImplicit } ,
2023-04-11 15:07:32 +00:00
AppType : domain . OIDCApplicationTypeUserAgent ,
AuthMethodType : domain . OIDCAuthMethodTypeNone ,
2023-10-19 10:19:10 +00:00
PostLogoutRedirectURIs : database . TextArray [ string ] { "post.logout.ch" } ,
2023-04-11 15:07:32 +00:00
IsDevMode : true ,
AccessTokenType : domain . OIDCTokenTypeJWT ,
AssertAccessTokenRole : true ,
AssertIDTokenRole : true ,
AssertIDTokenUserinfo : true ,
ClockSkew : 1 * time . Second ,
2023-10-19 10:19:10 +00:00
AdditionalOrigins : database . TextArray [ string ] { "additional.origin" } ,
2023-04-11 15:07:32 +00:00
ComplianceProblems : nil ,
2023-10-19 10:19:10 +00:00
AllowedOrigins : database . TextArray [ string ] { "https://redirect.to" , "additional.origin" } ,
2023-04-11 15:07:32 +00:00
SkipNativeAppSuccessPage : false ,
2024-10-31 14:57:17 +00:00
BackChannelLogoutURI : "back.channel.logout.ch" ,
2021-11-26 06:57:05 +00:00
} ,
} ,
2024-09-17 11:34:14 +00:00
} ,
{
name : "prepareAppQuery oidc app active only" ,
prepare : func ( ctx context . Context , db prepareDatabase ) ( sq . SelectBuilder , func ( * sql . Row ) ( * App , error ) ) {
return prepareAppQuery ( ctx , db , true )
} ,
want : want {
sqlExpectations : mockQueries (
expectedActiveAppQuery ,
appCols ,
[ ] [ ] driver . Value {
{
"app-id" ,
"app-name" ,
"project-id" ,
testNow ,
testNow ,
"ro" ,
domain . AppStateActive ,
uint64 ( 20211109 ) ,
// api config
nil ,
nil ,
nil ,
// oidc config
"app-id" ,
domain . OIDCVersionV1 ,
"oidc-client-id" ,
database . TextArray [ string ] { "https://redirect.to/me" } ,
database . NumberArray [ domain . OIDCResponseType ] { domain . OIDCResponseTypeIDTokenToken } ,
database . NumberArray [ domain . OIDCGrantType ] { domain . OIDCGrantTypeImplicit } ,
domain . OIDCApplicationTypeUserAgent ,
domain . OIDCAuthMethodTypeNone ,
database . TextArray [ string ] { "post.logout.ch" } ,
true ,
domain . OIDCTokenTypeJWT ,
true ,
true ,
true ,
1 * time . Second ,
database . TextArray [ string ] { "additional.origin" } ,
false ,
2024-10-31 14:57:17 +00:00
"back.channel.logout.ch" ,
2024-09-17 11:34:14 +00:00
// saml config
nil ,
nil ,
nil ,
nil ,
} ,
} ,
) ,
} ,
object : & App {
ID : "app-id" ,
CreationDate : testNow ,
ChangeDate : testNow ,
ResourceOwner : "ro" ,
State : domain . AppStateActive ,
Sequence : 20211109 ,
Name : "app-name" ,
ProjectID : "project-id" ,
OIDCConfig : & OIDCApp {
Version : domain . OIDCVersionV1 ,
ClientID : "oidc-client-id" ,
RedirectURIs : database . TextArray [ string ] { "https://redirect.to/me" } ,
ResponseTypes : database . NumberArray [ domain . OIDCResponseType ] { domain . OIDCResponseTypeIDTokenToken } ,
GrantTypes : database . NumberArray [ domain . OIDCGrantType ] { domain . OIDCGrantTypeImplicit } ,
AppType : domain . OIDCApplicationTypeUserAgent ,
AuthMethodType : domain . OIDCAuthMethodTypeNone ,
PostLogoutRedirectURIs : database . TextArray [ string ] { "post.logout.ch" } ,
IsDevMode : true ,
AccessTokenType : domain . OIDCTokenTypeJWT ,
AssertAccessTokenRole : true ,
AssertIDTokenRole : true ,
AssertIDTokenUserinfo : true ,
ClockSkew : 1 * time . Second ,
AdditionalOrigins : database . TextArray [ string ] { "additional.origin" } ,
ComplianceProblems : nil ,
AllowedOrigins : database . TextArray [ string ] { "https://redirect.to" , "additional.origin" } ,
SkipNativeAppSuccessPage : false ,
2024-10-31 14:57:17 +00:00
BackChannelLogoutURI : "back.channel.logout.ch" ,
2024-09-17 11:34:14 +00:00
} ,
} ,
} ,
{
name : "prepareAppQuery saml app" ,
prepare : func ( ctx context . Context , db prepareDatabase ) ( sq . SelectBuilder , func ( * sql . Row ) ( * App , error ) ) {
return prepareAppQuery ( ctx , db , false )
} ,
2022-09-12 16:18:08 +00:00
want : want {
sqlExpectations : mockQueries (
expectedAppQuery ,
appCols ,
[ ] [ ] driver . Value {
{
"app-id" ,
"app-name" ,
"project-id" ,
testNow ,
testNow ,
"ro" ,
domain . AppStateActive ,
uint64 ( 20211109 ) ,
// api config
nil ,
nil ,
nil ,
// oidc config
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
nil ,
2023-04-11 15:07:32 +00:00
nil ,
2024-10-31 14:57:17 +00:00
nil ,
2022-09-12 16:18:08 +00:00
// saml config
"app-id" ,
"https://test.com/saml/metadata" ,
[ ] byte ( "<?xml version=\"1.0\"?>\n<md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\"\n validUntil=\"2022-08-26T14:08:16Z\"\n cacheDuration=\"PT604800S\"\n entityID=\"https://test.com/saml/metadata\">\n <md:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>\n <md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n Location=\"https://test.com/saml/acs\"\n index=\"1\" />\n \n </md:SPSSODescriptor>\n</md:EntityDescriptor>" ) ,
"https://test.com/saml/metadata" ,
} ,
} ,
) ,
} ,
object : & App {
ID : "app-id" ,
CreationDate : testNow ,
ChangeDate : testNow ,
ResourceOwner : "ro" ,
State : domain . AppStateActive ,
Sequence : 20211109 ,
Name : "app-name" ,
ProjectID : "project-id" ,
SAMLConfig : & SAMLApp {
Metadata : [ ] byte ( "<?xml version=\"1.0\"?>\n<md:EntityDescriptor xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\"\n validUntil=\"2022-08-26T14:08:16Z\"\n cacheDuration=\"PT604800S\"\n entityID=\"https://test.com/saml/metadata\">\n <md:SPSSODescriptor AuthnRequestsSigned=\"false\" WantAssertionsSigned=\"false\" protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\">\n <md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat>\n <md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\"\n Location=\"https://test.com/saml/acs\"\n index=\"1\" />\n \n </md:SPSSODescriptor>\n</md:EntityDescriptor>" ) ,
MetadataURL : "https://test.com/saml/metadata" ,
EntityID : "https://test.com/saml/metadata" ,
} ,
} ,
2021-11-26 06:57:05 +00:00
} ,
{
2024-09-17 11:34:14 +00:00
name : "prepareAppQuery oidc app IsDevMode inactive" ,
prepare : func ( ctx context . Context , db prepareDatabase ) ( sq . SelectBuilder , func ( * sql . Row ) ( * App , error ) ) {
return prepareAppQuery ( ctx , db , false )
} ,
2021-11-26 06:57:05 +00:00
want : want {
sqlExpectations : mockQueries (
expectedAppQuery ,
appCols ,
[ ] [ ] driver . Value {
{
"app-id" ,
"app-name" ,
"project-id" ,
testNow ,
testNow ,
"ro" ,
domain . AppStateActive ,
uint64 ( 20211109 ) ,
// api config
nil ,
nil ,
nil ,
// oidc config
"app-id" ,
domain . OIDCVersionV1 ,
"oidc-client-id" ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "https://redirect.to/me" } ,
2024-03-27 13:48:22 +00:00
database . NumberArray [ domain . OIDCResponseType ] { domain . OIDCResponseTypeIDTokenToken } ,
database . NumberArray [ domain . OIDCGrantType ] { domain . OIDCGrantTypeImplicit } ,
2021-11-26 06:57:05 +00:00
domain . OIDCApplicationTypeUserAgent ,
domain . OIDCAuthMethodTypeNone ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "post.logout.ch" } ,
2021-11-26 06:57:05 +00:00
false ,
domain . OIDCTokenTypeJWT ,
true ,
true ,
true ,
1 * time . Second ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "additional.origin" } ,
2023-04-11 15:07:32 +00:00
false ,
2024-10-31 14:57:17 +00:00
"back.channel.logout.ch" ,
2022-09-12 16:18:08 +00:00
// saml config
nil ,
nil ,
nil ,
nil ,
2021-11-26 06:57:05 +00:00
} ,
} ,
) ,
} ,
object : & App {
ID : "app-id" ,
CreationDate : testNow ,
ChangeDate : testNow ,
ResourceOwner : "ro" ,
State : domain . AppStateActive ,
Sequence : 20211109 ,
Name : "app-name" ,
ProjectID : "project-id" ,
OIDCConfig : & OIDCApp {
2023-04-11 15:07:32 +00:00
Version : domain . OIDCVersionV1 ,
ClientID : "oidc-client-id" ,
2023-10-19 10:19:10 +00:00
RedirectURIs : database . TextArray [ string ] { "https://redirect.to/me" } ,
2024-03-27 13:48:22 +00:00
ResponseTypes : database . NumberArray [ domain . OIDCResponseType ] { domain . OIDCResponseTypeIDTokenToken } ,
GrantTypes : database . NumberArray [ domain . OIDCGrantType ] { domain . OIDCGrantTypeImplicit } ,
2023-04-11 15:07:32 +00:00
AppType : domain . OIDCApplicationTypeUserAgent ,
AuthMethodType : domain . OIDCAuthMethodTypeNone ,
2023-10-19 10:19:10 +00:00
PostLogoutRedirectURIs : database . TextArray [ string ] { "post.logout.ch" } ,
2023-04-11 15:07:32 +00:00
IsDevMode : false ,
AccessTokenType : domain . OIDCTokenTypeJWT ,
AssertAccessTokenRole : true ,
AssertIDTokenRole : true ,
AssertIDTokenUserinfo : true ,
ClockSkew : 1 * time . Second ,
2023-10-19 10:19:10 +00:00
AdditionalOrigins : database . TextArray [ string ] { "additional.origin" } ,
2023-04-11 15:07:32 +00:00
ComplianceProblems : nil ,
2023-10-19 10:19:10 +00:00
AllowedOrigins : database . TextArray [ string ] { "https://redirect.to" , "additional.origin" } ,
2023-04-11 15:07:32 +00:00
SkipNativeAppSuccessPage : false ,
2024-10-31 14:57:17 +00:00
BackChannelLogoutURI : "back.channel.logout.ch" ,
2021-11-26 06:57:05 +00:00
} ,
} ,
} ,
{
2024-09-17 11:34:14 +00:00
name : "prepareAppQuery oidc app AssertAccessTokenRole inactive" ,
prepare : func ( ctx context . Context , db prepareDatabase ) ( sq . SelectBuilder , func ( * sql . Row ) ( * App , error ) ) {
return prepareAppQuery ( ctx , db , false )
} ,
2021-11-26 06:57:05 +00:00
want : want {
sqlExpectations : mockQueries (
expectedAppQuery ,
appCols ,
[ ] [ ] driver . Value {
{
"app-id" ,
"app-name" ,
"project-id" ,
testNow ,
testNow ,
"ro" ,
domain . AppStateActive ,
uint64 ( 20211109 ) ,
// api config
nil ,
nil ,
nil ,
// oidc config
"app-id" ,
domain . OIDCVersionV1 ,
"oidc-client-id" ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "https://redirect.to/me" } ,
2024-03-27 13:48:22 +00:00
database . NumberArray [ domain . OIDCResponseType ] { domain . OIDCResponseTypeIDTokenToken } ,
database . NumberArray [ domain . OIDCGrantType ] { domain . OIDCGrantTypeImplicit } ,
2021-11-26 06:57:05 +00:00
domain . OIDCApplicationTypeUserAgent ,
domain . OIDCAuthMethodTypeNone ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "post.logout.ch" } ,
2021-11-26 06:57:05 +00:00
true ,
domain . OIDCTokenTypeJWT ,
false ,
true ,
true ,
1 * time . Second ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "additional.origin" } ,
2023-04-11 15:07:32 +00:00
false ,
2024-10-31 14:57:17 +00:00
"back.channel.logout.ch" ,
2022-09-12 16:18:08 +00:00
// saml config
nil ,
nil ,
nil ,
nil ,
2021-11-26 06:57:05 +00:00
} ,
} ,
) ,
} ,
object : & App {
ID : "app-id" ,
CreationDate : testNow ,
ChangeDate : testNow ,
ResourceOwner : "ro" ,
State : domain . AppStateActive ,
Sequence : 20211109 ,
Name : "app-name" ,
ProjectID : "project-id" ,
OIDCConfig : & OIDCApp {
2023-04-11 15:07:32 +00:00
Version : domain . OIDCVersionV1 ,
ClientID : "oidc-client-id" ,
2023-10-19 10:19:10 +00:00
RedirectURIs : database . TextArray [ string ] { "https://redirect.to/me" } ,
2024-03-27 13:48:22 +00:00
ResponseTypes : database . NumberArray [ domain . OIDCResponseType ] { domain . OIDCResponseTypeIDTokenToken } ,
GrantTypes : database . NumberArray [ domain . OIDCGrantType ] { domain . OIDCGrantTypeImplicit } ,
2023-04-11 15:07:32 +00:00
AppType : domain . OIDCApplicationTypeUserAgent ,
AuthMethodType : domain . OIDCAuthMethodTypeNone ,
2023-10-19 10:19:10 +00:00
PostLogoutRedirectURIs : database . TextArray [ string ] { "post.logout.ch" } ,
2023-04-11 15:07:32 +00:00
IsDevMode : true ,
AccessTokenType : domain . OIDCTokenTypeJWT ,
AssertAccessTokenRole : false ,
AssertIDTokenRole : true ,
AssertIDTokenUserinfo : true ,
ClockSkew : 1 * time . Second ,
2023-10-19 10:19:10 +00:00
AdditionalOrigins : database . TextArray [ string ] { "additional.origin" } ,
2023-04-11 15:07:32 +00:00
ComplianceProblems : nil ,
2023-10-19 10:19:10 +00:00
AllowedOrigins : database . TextArray [ string ] { "https://redirect.to" , "additional.origin" } ,
2023-04-11 15:07:32 +00:00
SkipNativeAppSuccessPage : false ,
2024-10-31 14:57:17 +00:00
BackChannelLogoutURI : "back.channel.logout.ch" ,
2021-11-26 06:57:05 +00:00
} ,
} ,
} ,
{
2024-09-17 11:34:14 +00:00
name : "prepareAppQuery oidc app AssertIDTokenRole inactive" ,
prepare : func ( ctx context . Context , db prepareDatabase ) ( sq . SelectBuilder , func ( * sql . Row ) ( * App , error ) ) {
return prepareAppQuery ( ctx , db , false )
} ,
2021-11-26 06:57:05 +00:00
want : want {
sqlExpectations : mockQueries (
expectedAppQuery ,
appCols ,
[ ] [ ] driver . Value {
{
"app-id" ,
"app-name" ,
"project-id" ,
testNow ,
testNow ,
"ro" ,
domain . AppStateActive ,
uint64 ( 20211109 ) ,
// api config
nil ,
nil ,
nil ,
// oidc config
"app-id" ,
domain . OIDCVersionV1 ,
"oidc-client-id" ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "https://redirect.to/me" } ,
2024-03-27 13:48:22 +00:00
database . NumberArray [ domain . OIDCResponseType ] { domain . OIDCResponseTypeIDTokenToken } ,
database . NumberArray [ domain . OIDCGrantType ] { domain . OIDCGrantTypeImplicit } ,
2021-11-26 06:57:05 +00:00
domain . OIDCApplicationTypeUserAgent ,
domain . OIDCAuthMethodTypeNone ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "post.logout.ch" } ,
2021-11-26 06:57:05 +00:00
true ,
domain . OIDCTokenTypeJWT ,
true ,
false ,
true ,
1 * time . Second ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "additional.origin" } ,
2023-04-11 15:07:32 +00:00
false ,
2024-10-31 14:57:17 +00:00
"back.channel.logout.ch" ,
2022-09-12 16:18:08 +00:00
// saml config
nil ,
nil ,
nil ,
nil ,
2021-11-26 06:57:05 +00:00
} ,
} ,
) ,
} ,
object : & App {
ID : "app-id" ,
CreationDate : testNow ,
ChangeDate : testNow ,
ResourceOwner : "ro" ,
State : domain . AppStateActive ,
Sequence : 20211109 ,
Name : "app-name" ,
ProjectID : "project-id" ,
OIDCConfig : & OIDCApp {
2023-04-11 15:07:32 +00:00
Version : domain . OIDCVersionV1 ,
ClientID : "oidc-client-id" ,
2023-10-19 10:19:10 +00:00
RedirectURIs : database . TextArray [ string ] { "https://redirect.to/me" } ,
2024-03-27 13:48:22 +00:00
ResponseTypes : database . NumberArray [ domain . OIDCResponseType ] { domain . OIDCResponseTypeIDTokenToken } ,
GrantTypes : database . NumberArray [ domain . OIDCGrantType ] { domain . OIDCGrantTypeImplicit } ,
2023-04-11 15:07:32 +00:00
AppType : domain . OIDCApplicationTypeUserAgent ,
AuthMethodType : domain . OIDCAuthMethodTypeNone ,
2023-10-19 10:19:10 +00:00
PostLogoutRedirectURIs : database . TextArray [ string ] { "post.logout.ch" } ,
2023-04-11 15:07:32 +00:00
IsDevMode : true ,
AccessTokenType : domain . OIDCTokenTypeJWT ,
AssertAccessTokenRole : true ,
AssertIDTokenRole : false ,
AssertIDTokenUserinfo : true ,
ClockSkew : 1 * time . Second ,
2023-10-19 10:19:10 +00:00
AdditionalOrigins : database . TextArray [ string ] { "additional.origin" } ,
2023-04-11 15:07:32 +00:00
ComplianceProblems : nil ,
2023-10-19 10:19:10 +00:00
AllowedOrigins : database . TextArray [ string ] { "https://redirect.to" , "additional.origin" } ,
2023-04-11 15:07:32 +00:00
SkipNativeAppSuccessPage : false ,
2024-10-31 14:57:17 +00:00
BackChannelLogoutURI : "back.channel.logout.ch" ,
2021-11-26 06:57:05 +00:00
} ,
} ,
} ,
{
2024-09-17 11:34:14 +00:00
name : "prepareAppQuery oidc app AssertIDTokenUserinfo inactive" ,
prepare : func ( ctx context . Context , db prepareDatabase ) ( sq . SelectBuilder , func ( * sql . Row ) ( * App , error ) ) {
return prepareAppQuery ( ctx , db , false )
} ,
2021-11-26 06:57:05 +00:00
want : want {
sqlExpectations : mockQueries (
expectedAppQuery ,
appCols ,
[ ] [ ] driver . Value {
{
"app-id" ,
"app-name" ,
"project-id" ,
testNow ,
testNow ,
"ro" ,
domain . AppStateActive ,
uint64 ( 20211109 ) ,
// api config
nil ,
nil ,
nil ,
// oidc config
"app-id" ,
domain . OIDCVersionV1 ,
"oidc-client-id" ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "https://redirect.to/me" } ,
2024-03-27 13:48:22 +00:00
database . NumberArray [ domain . OIDCResponseType ] { domain . OIDCResponseTypeIDTokenToken } ,
database . NumberArray [ domain . OIDCGrantType ] { domain . OIDCGrantTypeImplicit } ,
2021-11-26 06:57:05 +00:00
domain . OIDCApplicationTypeUserAgent ,
domain . OIDCAuthMethodTypeNone ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "post.logout.ch" } ,
2021-11-26 06:57:05 +00:00
true ,
domain . OIDCTokenTypeJWT ,
true ,
true ,
false ,
1 * time . Second ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "additional.origin" } ,
2023-04-11 15:07:32 +00:00
false ,
2024-10-31 14:57:17 +00:00
"back.channel.logout.ch" ,
2022-09-12 16:18:08 +00:00
// saml config
nil ,
nil ,
nil ,
nil ,
2021-11-26 06:57:05 +00:00
} ,
} ,
) ,
} ,
object : & App {
ID : "app-id" ,
CreationDate : testNow ,
ChangeDate : testNow ,
ResourceOwner : "ro" ,
State : domain . AppStateActive ,
Sequence : 20211109 ,
Name : "app-name" ,
ProjectID : "project-id" ,
OIDCConfig : & OIDCApp {
2023-04-11 15:07:32 +00:00
Version : domain . OIDCVersionV1 ,
ClientID : "oidc-client-id" ,
2023-10-19 10:19:10 +00:00
RedirectURIs : database . TextArray [ string ] { "https://redirect.to/me" } ,
2024-03-27 13:48:22 +00:00
ResponseTypes : database . NumberArray [ domain . OIDCResponseType ] { domain . OIDCResponseTypeIDTokenToken } ,
GrantTypes : database . NumberArray [ domain . OIDCGrantType ] { domain . OIDCGrantTypeImplicit } ,
2023-04-11 15:07:32 +00:00
AppType : domain . OIDCApplicationTypeUserAgent ,
AuthMethodType : domain . OIDCAuthMethodTypeNone ,
2023-10-19 10:19:10 +00:00
PostLogoutRedirectURIs : database . TextArray [ string ] { "post.logout.ch" } ,
2023-04-11 15:07:32 +00:00
IsDevMode : true ,
AccessTokenType : domain . OIDCTokenTypeJWT ,
AssertAccessTokenRole : true ,
AssertIDTokenRole : true ,
AssertIDTokenUserinfo : false ,
ClockSkew : 1 * time . Second ,
2023-10-19 10:19:10 +00:00
AdditionalOrigins : database . TextArray [ string ] { "additional.origin" } ,
2023-04-11 15:07:32 +00:00
ComplianceProblems : nil ,
2023-10-19 10:19:10 +00:00
AllowedOrigins : database . TextArray [ string ] { "https://redirect.to" , "additional.origin" } ,
2023-04-11 15:07:32 +00:00
SkipNativeAppSuccessPage : false ,
2024-10-31 14:57:17 +00:00
BackChannelLogoutURI : "back.channel.logout.ch" ,
2021-11-26 06:57:05 +00:00
} ,
} ,
} ,
{
2024-09-17 11:34:14 +00:00
name : "prepareAppQuery sql err" ,
prepare : func ( ctx context . Context , db prepareDatabase ) ( sq . SelectBuilder , func ( * sql . Row ) ( * App , error ) ) {
return prepareAppQuery ( ctx , db , false )
} ,
2021-11-26 06:57:05 +00:00
want : want {
sqlExpectations : mockQueryErr (
expectedAppQuery ,
sql . ErrConnDone ,
) ,
err : func ( err error ) ( error , bool ) {
if ! errors . Is ( err , sql . ErrConnDone ) {
return fmt . Errorf ( "err should be sql.ErrConnDone got: %w" , err ) , false
}
return nil , true
} ,
} ,
2023-08-22 12:49:02 +00:00
object : ( * App ) ( nil ) ,
2021-11-26 06:57:05 +00:00
} ,
}
for _ , tt := range tests {
t . Run ( tt . name , func ( t * testing . T ) {
2023-02-27 21:36:43 +00:00
assertPrepare ( t , tt . prepare , tt . object , tt . want . sqlExpectations , tt . want . err , defaultPrepareArgs ... )
2021-11-26 06:57:05 +00:00
} )
}
}
func Test_AppIDsPrepare ( t * testing . T ) {
type want struct {
sqlExpectations sqlExpectation
err checkErr
}
tests := [ ] struct {
name string
prepare interface { }
want want
object interface { }
} {
{
2021-12-03 13:24:29 +00:00
name : "prepareClientIDsQuery no result" ,
prepare : prepareClientIDsQuery ,
2021-11-26 06:57:05 +00:00
want : want {
sqlExpectations : mockQueries (
expectedAppIDsQuery ,
nil ,
nil ,
) ,
} ,
object : [ ] string { } ,
} ,
{
2021-12-03 13:24:29 +00:00
name : "prepareClientIDsQuery one result" ,
prepare : prepareClientIDsQuery ,
2021-11-26 06:57:05 +00:00
want : want {
sqlExpectations : mockQueries (
expectedAppIDsQuery ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "client_id" , "client_id" } ,
2021-11-26 06:57:05 +00:00
[ ] [ ] driver . Value {
{
"app-id" ,
2021-12-03 13:24:29 +00:00
nil ,
2021-11-26 06:57:05 +00:00
} ,
} ,
) ,
} ,
object : [ ] string { "app-id" } ,
} ,
{
2021-12-03 13:24:29 +00:00
name : "prepareClientIDsQuery multiple result" ,
prepare : prepareClientIDsQuery ,
2021-11-26 06:57:05 +00:00
want : want {
sqlExpectations : mockQueries (
expectedAppIDsQuery ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "client_id" , "client_id" } ,
2021-11-26 06:57:05 +00:00
[ ] [ ] driver . Value {
{
2021-12-03 13:24:29 +00:00
nil ,
2021-11-26 06:57:05 +00:00
"oidc-app-id" ,
} ,
{
"api-app-id" ,
2021-12-03 13:24:29 +00:00
nil ,
2021-11-26 06:57:05 +00:00
} ,
} ,
) ,
} ,
object : [ ] string { "oidc-app-id" , "api-app-id" } ,
} ,
{
2021-12-03 13:24:29 +00:00
name : "prepareClientIDsQuery sql err" ,
prepare : prepareClientIDsQuery ,
2021-11-26 06:57:05 +00:00
want : want {
sqlExpectations : mockQueryErr (
expectedAppIDsQuery ,
sql . ErrConnDone ,
) ,
err : func ( err error ) ( error , bool ) {
if ! errors . Is ( err , sql . ErrConnDone ) {
return fmt . Errorf ( "err should be sql.ErrConnDone got: %w" , err ) , false
}
return nil , true
} ,
} ,
2023-08-22 12:49:02 +00:00
object : ( * App ) ( nil ) ,
2021-11-26 06:57:05 +00:00
} ,
}
for _ , tt := range tests {
t . Run ( tt . name , func ( t * testing . T ) {
2023-02-27 21:36:43 +00:00
assertPrepare ( t , tt . prepare , tt . object , tt . want . sqlExpectations , tt . want . err , defaultPrepareArgs ... )
2021-11-26 06:57:05 +00:00
} )
}
}
func Test_ProjectIDByAppPrepare ( t * testing . T ) {
type want struct {
sqlExpectations sqlExpectation
err checkErr
}
tests := [ ] struct {
name string
prepare interface { }
want want
object interface { }
} {
{
name : "prepareProjectIDByAppQuery no result" ,
prepare : prepareProjectIDByAppQuery ,
want : want {
2023-08-22 12:49:02 +00:00
sqlExpectations : mockQueriesScanErr (
2021-11-26 06:57:05 +00:00
expectedProjectIDByAppQuery ,
nil ,
nil ,
) ,
err : func ( err error ) ( error , bool ) {
2023-12-08 14:30:55 +00:00
if ! zerrors . IsNotFound ( err ) {
2021-11-26 06:57:05 +00:00
return fmt . Errorf ( "err should be zitadel.NotFoundError got: %w" , err ) , false
}
return nil , true
} ,
} ,
object : "" ,
} ,
{
name : "prepareProjectIDByAppQuery one result" ,
prepare : prepareProjectIDByAppQuery ,
want : want {
sqlExpectations : mockQuery (
expectedProjectIDByAppQuery ,
2023-10-19 10:19:10 +00:00
database . TextArray [ string ] { "project_id" } ,
2021-11-26 06:57:05 +00:00
[ ] driver . Value { "project-id" } ,
) ,
} ,
object : "project-id" ,
} ,
{
name : "prepareProjectIDByAppQuery sql err" ,
prepare : prepareProjectIDByAppQuery ,
want : want {
sqlExpectations : mockQueryErr (
expectedProjectIDByAppQuery ,
sql . ErrConnDone ,
) ,
err : func ( err error ) ( error , bool ) {
if ! errors . Is ( err , sql . ErrConnDone ) {
return fmt . Errorf ( "err should be sql.ErrConnDone got: %w" , err ) , false
}
return nil , true
} ,
} ,
2023-08-22 12:49:02 +00:00
object : "" ,
2021-11-26 06:57:05 +00:00
} ,
}
for _ , tt := range tests {
t . Run ( tt . name , func ( t * testing . T ) {
2023-02-27 21:36:43 +00:00
assertPrepare ( t , tt . prepare , tt . object , tt . want . sqlExpectations , tt . want . err , defaultPrepareArgs ... )
2021-11-26 06:57:05 +00:00
} )
}
}
func Test_ProjectByAppPrepare ( t * testing . T ) {
type want struct {
sqlExpectations sqlExpectation
err checkErr
}
tests := [ ] struct {
name string
prepare interface { }
want want
object interface { }
} {
{
name : "prepareProjectByAppQuery no result" ,
prepare : prepareProjectByAppQuery ,
want : want {
2023-08-22 12:49:02 +00:00
sqlExpectations : mockQueriesScanErr (
2021-11-26 06:57:05 +00:00
expectedProjectByAppQuery ,
nil ,
nil ,
) ,
err : func ( err error ) ( error , bool ) {
2023-12-08 14:30:55 +00:00
if ! zerrors . IsNotFound ( err ) {
2021-11-26 06:57:05 +00:00
return fmt . Errorf ( "err should be zitadel.NotFoundError got: %w" , err ) , false
}
return nil , true
} ,
} ,
object : ( * Project ) ( nil ) ,
} ,
{
name : "prepareProjectByAppQuery found" ,
prepare : prepareProjectByAppQuery ,
want : want {
sqlExpectations : mockQuery (
expectedProjectByAppQuery ,
projectCols ,
[ ] driver . Value {
"project-id" ,
testNow ,
testNow ,
"ro" ,
domain . ProjectStateInactive ,
uint64 ( 20211109 ) ,
"project-name" ,
true ,
true ,
true ,
domain . PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy ,
} ,
) ,
} ,
object : & Project {
ID : "project-id" ,
CreationDate : testNow ,
ChangeDate : testNow ,
ResourceOwner : "ro" ,
Sequence : 20211109 ,
Name : "project-name" ,
State : domain . ProjectStateInactive ,
ProjectRoleAssertion : true ,
ProjectRoleCheck : true ,
HasProjectCheck : true ,
PrivateLabelingSetting : domain . PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy ,
} ,
} ,
{
name : "prepareProjectByAppQuery found" ,
prepare : prepareProjectByAppQuery ,
want : want {
sqlExpectations : mockQuery (
expectedProjectByAppQuery ,
projectCols ,
[ ] driver . Value {
"project-id" ,
testNow ,
testNow ,
"ro" ,
domain . ProjectStateInactive ,
uint64 ( 20211109 ) ,
"project-name" ,
false ,
true ,
true ,
domain . PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy ,
} ,
) ,
} ,
object : & Project {
ID : "project-id" ,
CreationDate : testNow ,
ChangeDate : testNow ,
ResourceOwner : "ro" ,
Sequence : 20211109 ,
Name : "project-name" ,
State : domain . ProjectStateInactive ,
ProjectRoleAssertion : false ,
ProjectRoleCheck : true ,
HasProjectCheck : true ,
PrivateLabelingSetting : domain . PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy ,
} ,
} ,
{
name : "prepareProjectByAppQuery found" ,
prepare : prepareProjectByAppQuery ,
want : want {
sqlExpectations : mockQuery (
expectedProjectByAppQuery ,
projectCols ,
[ ] driver . Value {
"project-id" ,
testNow ,
testNow ,
"ro" ,
domain . ProjectStateInactive ,
uint64 ( 20211109 ) ,
"project-name" ,
true ,
false ,
true ,
domain . PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy ,
} ,
) ,
} ,
object : & Project {
ID : "project-id" ,
CreationDate : testNow ,
ChangeDate : testNow ,
ResourceOwner : "ro" ,
Sequence : 20211109 ,
Name : "project-name" ,
State : domain . ProjectStateInactive ,
ProjectRoleAssertion : true ,
ProjectRoleCheck : false ,
HasProjectCheck : true ,
PrivateLabelingSetting : domain . PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy ,
} ,
} ,
{
name : "prepareProjectByAppQuery found" ,
prepare : prepareProjectByAppQuery ,
want : want {
sqlExpectations : mockQuery (
expectedProjectByAppQuery ,
projectCols ,
[ ] driver . Value {
"project-id" ,
testNow ,
testNow ,
"ro" ,
domain . ProjectStateInactive ,
uint64 ( 20211109 ) ,
"project-name" ,
true ,
true ,
false ,
domain . PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy ,
} ,
) ,
} ,
object : & Project {
ID : "project-id" ,
CreationDate : testNow ,
ChangeDate : testNow ,
ResourceOwner : "ro" ,
Sequence : 20211109 ,
Name : "project-name" ,
State : domain . ProjectStateInactive ,
ProjectRoleAssertion : true ,
ProjectRoleCheck : true ,
HasProjectCheck : false ,
PrivateLabelingSetting : domain . PrivateLabelingSettingAllowLoginUserResourceOwnerPolicy ,
} ,
} ,
{
name : "prepareProjectByAppQuery sql err" ,
prepare : prepareProjectByAppQuery ,
want : want {
sqlExpectations : mockQueryErr (
expectedProjectByAppQuery ,
sql . ErrConnDone ,
) ,
err : func ( err error ) ( error , bool ) {
if ! errors . Is ( err , sql . ErrConnDone ) {
return fmt . Errorf ( "err should be sql.ErrConnDone got: %w" , err ) , false
}
return nil , true
} ,
} ,
2023-08-22 12:49:02 +00:00
object : ( * Project ) ( nil ) ,
2021-11-26 06:57:05 +00:00
} ,
}
for _ , tt := range tests {
t . Run ( tt . name , func ( t * testing . T ) {
2023-02-27 21:36:43 +00:00
assertPrepare ( t , tt . prepare , tt . object , tt . want . sqlExpectations , tt . want . err , defaultPrepareArgs ... )
2021-11-26 06:57:05 +00:00
} )
}
}