2021-12-07 08:33:52 +01:00
package query
import (
2024-08-23 08:44:18 +02:00
"context"
2021-12-07 08:33:52 +01:00
"database/sql"
"database/sql/driver"
"errors"
"fmt"
"regexp"
"testing"
2024-08-23 08:44:18 +02:00
"github.com/stretchr/testify/require"
"github.com/zitadel/zitadel/internal/api/authz"
2022-04-27 01:01:45 +02:00
"github.com/zitadel/zitadel/internal/domain"
2021-12-07 08:33:52 +01:00
)
2024-08-23 08:44:18 +02:00
func TestUser_idpLinksCheckPermission ( t * testing . T ) {
type want struct {
links [ ] * IDPUserLink
}
type args struct {
user string
links * IDPUserLinks
}
tests := [ ] struct {
name string
args args
want want
permissions [ ] string
} {
{
"permissions for all users" ,
args {
"none" ,
& IDPUserLinks {
Links : [ ] * IDPUserLink {
{ UserID : "first" } , { UserID : "second" } , { UserID : "third" } ,
} ,
} ,
} ,
want {
links : [ ] * IDPUserLink {
{ UserID : "first" } , { UserID : "second" } , { UserID : "third" } ,
} ,
} ,
[ ] string { "first" , "second" , "third" } ,
} ,
{
"permissions for one user, first" ,
args {
"none" ,
& IDPUserLinks {
Links : [ ] * IDPUserLink {
{ UserID : "first" } , { UserID : "second" } , { UserID : "third" } ,
} ,
} ,
} ,
want {
links : [ ] * IDPUserLink {
{ UserID : "first" } ,
} ,
} ,
[ ] string { "first" } ,
} ,
{
"permissions for one user, second" ,
args {
"none" ,
& IDPUserLinks {
Links : [ ] * IDPUserLink {
{ UserID : "first" } , { UserID : "second" } , { UserID : "third" } ,
} ,
} ,
} ,
want {
links : [ ] * IDPUserLink {
{ UserID : "second" } ,
} ,
} ,
[ ] string { "second" } ,
} ,
{
"permissions for one user, third" ,
args {
"none" ,
& IDPUserLinks {
Links : [ ] * IDPUserLink {
{ UserID : "first" } , { UserID : "second" } , { UserID : "third" } ,
} ,
} ,
} ,
want {
links : [ ] * IDPUserLink {
{ UserID : "third" } ,
} ,
} ,
[ ] string { "third" } ,
} ,
{
"permissions for two users, first" ,
args {
"none" ,
& IDPUserLinks {
Links : [ ] * IDPUserLink {
{ UserID : "first" } , { UserID : "second" } , { UserID : "third" } ,
} ,
} ,
} ,
want {
links : [ ] * IDPUserLink {
{ UserID : "first" } , { UserID : "third" } ,
} ,
} ,
[ ] string { "first" , "third" } ,
} ,
{
"permissions for two users, second" ,
args {
"none" ,
& IDPUserLinks {
Links : [ ] * IDPUserLink {
{ UserID : "first" } , { UserID : "second" } , { UserID : "third" } ,
} ,
} ,
} ,
want {
links : [ ] * IDPUserLink {
{ UserID : "second" } , { UserID : "third" } ,
} ,
} ,
[ ] string { "second" , "third" } ,
} ,
{
"no permissions" ,
args {
"none" ,
& IDPUserLinks {
Links : [ ] * IDPUserLink {
{ UserID : "first" } , { UserID : "second" } , { UserID : "third" } ,
} ,
} ,
} ,
want {
links : [ ] * IDPUserLink { } ,
} ,
[ ] string { } ,
} ,
{
"no permissions, self" ,
args {
"second" ,
& IDPUserLinks {
Links : [ ] * IDPUserLink {
{ UserID : "first" } , { UserID : "second" } , { UserID : "third" } ,
} ,
} ,
} ,
want {
links : [ ] * IDPUserLink { { UserID : "second" } } ,
} ,
[ ] string { } ,
} ,
}
for _ , tt := range tests {
t . Run ( tt . name , func ( t * testing . T ) {
checkPermission := func ( ctx context . Context , permission , orgID , resourceID string ) ( err error ) {
for _ , perm := range tt . permissions {
if resourceID == perm {
return nil
}
}
return errors . New ( "failed" )
}
idpLinksCheckPermission ( authz . SetCtxData ( context . Background ( ) , authz . CtxData { UserID : tt . args . user } ) , tt . args . links , checkPermission )
require . Equal ( t , tt . want . links , tt . args . links . Links )
} )
}
}
2021-12-07 08:33:52 +01:00
var (
2022-11-30 17:01:17 +01:00
idpUserLinksQuery = regexp . QuoteMeta ( ` SELECT projections.idp_user_links3.idp_id, ` +
` projections.idp_user_links3.user_id, ` +
2024-04-10 17:46:30 +02:00
` projections.idp_templates6.name, ` +
2022-11-30 17:01:17 +01:00
` projections.idp_user_links3.external_user_id, ` +
` projections.idp_user_links3.display_name, ` +
2024-04-10 17:46:30 +02:00
` projections.idp_templates6.type, ` +
2022-11-30 17:01:17 +01:00
` projections.idp_user_links3.resource_owner, ` +
2021-12-07 08:33:52 +01:00
` COUNT(*) OVER () ` +
2022-11-30 17:01:17 +01:00
` FROM projections.idp_user_links3 ` +
2024-04-10 17:46:30 +02:00
` LEFT JOIN projections.idp_templates6 ON projections.idp_user_links3.idp_id = projections.idp_templates6.id AND projections.idp_user_links3.instance_id = projections.idp_templates6.instance_id ` +
2023-02-27 22:36:43 +01:00
` AS OF SYSTEM TIME '-1 ms' ` )
2021-12-08 14:49:19 +01:00
idpUserLinksCols = [ ] string {
2021-12-07 08:33:52 +01:00
"idp_id" ,
"user_id" ,
"name" ,
"external_user_id" ,
"display_name" ,
"type" ,
2022-01-13 08:58:14 +01:00
"resource_owner" ,
2021-12-07 08:33:52 +01:00
"count" ,
}
)
2021-12-08 14:49:19 +01:00
func Test_IDPUserLinkPrepares ( t * testing . T ) {
2021-12-07 08:33:52 +01:00
type want struct {
sqlExpectations sqlExpectation
err checkErr
}
tests := [ ] struct {
name string
prepare interface { }
want want
object interface { }
} {
{
name : "prepareIDPsQuery found" ,
2021-12-08 14:49:19 +01:00
prepare : prepareIDPUserLinksQuery ,
2021-12-07 08:33:52 +01:00
want : want {
sqlExpectations : mockQueries (
2021-12-08 14:49:19 +01:00
idpUserLinksQuery ,
idpUserLinksCols ,
2021-12-07 08:33:52 +01:00
[ ] [ ] driver . Value {
{
"idp-id" ,
"user-id" ,
"idp-name" ,
"external-user-id" ,
"display-name" ,
2023-02-28 21:20:58 +01:00
domain . IDPTypeJWT ,
2022-01-13 08:58:14 +01:00
"ro" ,
2021-12-07 08:33:52 +01:00
} ,
} ,
) ,
} ,
2021-12-08 14:49:19 +01:00
object : & IDPUserLinks {
2021-12-07 08:33:52 +01:00
SearchResponse : SearchResponse {
Count : 1 ,
} ,
2021-12-08 14:49:19 +01:00
Links : [ ] * IDPUserLink {
2021-12-07 08:33:52 +01:00
{
IDPID : "idp-id" ,
UserID : "user-id" ,
IDPName : "idp-name" ,
ProvidedUserID : "external-user-id" ,
ProvidedUsername : "display-name" ,
2023-02-28 21:20:58 +01:00
IDPType : domain . IDPTypeJWT ,
2022-01-13 08:58:14 +01:00
ResourceOwner : "ro" ,
2021-12-07 08:33:52 +01:00
} ,
} ,
} ,
} ,
{
name : "prepareIDPsQuery no idp" ,
2021-12-08 14:49:19 +01:00
prepare : prepareIDPUserLinksQuery ,
2021-12-07 08:33:52 +01:00
want : want {
sqlExpectations : mockQueries (
2021-12-08 14:49:19 +01:00
idpUserLinksQuery ,
idpUserLinksCols ,
2021-12-07 08:33:52 +01:00
[ ] [ ] driver . Value {
{
"idp-id" ,
"user-id" ,
nil ,
"external-user-id" ,
"display-name" ,
nil ,
2022-01-13 08:58:14 +01:00
"ro" ,
2021-12-07 08:33:52 +01:00
} ,
} ,
) ,
} ,
2021-12-08 14:49:19 +01:00
object : & IDPUserLinks {
2021-12-07 08:33:52 +01:00
SearchResponse : SearchResponse {
Count : 1 ,
} ,
2021-12-08 14:49:19 +01:00
Links : [ ] * IDPUserLink {
2021-12-07 08:33:52 +01:00
{
IDPID : "idp-id" ,
UserID : "user-id" ,
IDPName : "" ,
ProvidedUserID : "external-user-id" ,
ProvidedUsername : "display-name" ,
2023-02-28 21:20:58 +01:00
IDPType : domain . IDPTypeUnspecified ,
2022-01-13 08:58:14 +01:00
ResourceOwner : "ro" ,
2021-12-07 08:33:52 +01:00
} ,
} ,
} ,
} ,
{
name : "prepareIDPsQuery sql err" ,
2021-12-08 14:49:19 +01:00
prepare : prepareIDPUserLinksQuery ,
2021-12-07 08:33:52 +01:00
want : want {
sqlExpectations : mockQueryErr (
2021-12-08 14:49:19 +01:00
idpUserLinksQuery ,
2021-12-07 08:33:52 +01:00
sql . ErrConnDone ,
) ,
err : func ( err error ) ( error , bool ) {
if ! errors . Is ( err , sql . ErrConnDone ) {
return fmt . Errorf ( "err should be sql.ErrConnDone got: %w" , err ) , false
}
return nil , true
} ,
} ,
2023-08-22 12:49:22 +02:00
object : ( * IDPUserLinks ) ( nil ) ,
2021-12-07 08:33:52 +01:00
} ,
}
for _ , tt := range tests {
t . Run ( tt . name , func ( t * testing . T ) {
2023-02-27 22:36:43 +01:00
assertPrepare ( t , tt . prepare , tt . object , tt . want . sqlExpectations , tt . want . err , defaultPrepareArgs ... )
2021-12-07 08:33:52 +01:00
} )
}
}