TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-01-10 12:53:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: clean up create user v3

Browse Source
This commit is contained in:
Stefan Benz 2024-09-25 17:34:41 +02:00
parent 48a262d78c
commit 0e21372b2e
No known key found for this signature in database
GPG Key ID: 071AA751ED4F9D31
9 changed files with 1090 additions and 1251 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

196
internal/command/user_v3.go
View File

@ -1,24 +1,21 @@
package command package command
import ( import (
"bytes"
"context" "context"
"encoding/json" "encoding/json"
"github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/authz"
"github.com/zitadel/zitadel/internal/domain" "github.com/zitadel/zitadel/internal/domain"
domain_schema "github.com/zitadel/zitadel/internal/domain/schema" domain_schema "github.com/zitadel/zitadel/internal/domain/schema"
"github.com/zitadel/zitadel/internal/repository/user/schemauser"
"github.com/zitadel/zitadel/internal/zerrors" "github.com/zitadel/zitadel/internal/zerrors"
) )
type CreateSchemaUser struct { type CreateSchemaUser struct {
SchemaID string
schemaRevision uint64
ResourceOwner string ResourceOwner string
ID string ID string
Data json.RawMessage
SchemaID string
Data json.RawMessage
Email *Email Email *Email
ReturnCodeEmail *string ReturnCodeEmail *string
@ -26,7 +23,7 @@ type CreateSchemaUser struct {
ReturnCodePhone *string ReturnCodePhone *string
} }
func (s *CreateSchemaUser) Valid(ctx context.Context, c *Commands) (err error) { func (s *CreateSchemaUser) Valid() (err error) {
if s.ResourceOwner == "" { if s.ResourceOwner == "" {
return zerrors.ThrowInvalidArgument(nil, "COMMAND-urEJKa1tJM", "Errors.ResourceOwnerMissing") return zerrors.ThrowInvalidArgument(nil, "COMMAND-urEJKa1tJM", "Errors.ResourceOwnerMissing")
} }
@ -34,42 +31,6 @@ func (s *CreateSchemaUser) Valid(ctx context.Context, c *Commands) (err error) {
return zerrors.ThrowInvalidArgument(nil, "COMMAND-TFo06JgnF2", "Errors.UserSchema.ID.Missing") return zerrors.ThrowInvalidArgument(nil, "COMMAND-TFo06JgnF2", "Errors.UserSchema.ID.Missing")
} }
schemaWriteModel, err := c.getSchemaWriteModelByID(ctx, "", s.SchemaID)
if err != nil {
return err
}
if !schemaWriteModel.Exists() {
return zerrors.ThrowPreconditionFailed(nil, "COMMAND-N9QOuN4F7o", "Errors.UserSchema.NotExists")
}
s.schemaRevision = schemaWriteModel.SchemaRevision
if s.ID == "" {
s.ID, err = c.idGenerator.Next()
if err != nil {
return err
}
}
// get role for permission check in schema through extension
role, err := c.getSchemaRoleForWrite(ctx, s.ResourceOwner, s.ID)
if err != nil {
return err
}
schema, err := domain_schema.NewSchema(role, bytes.NewReader(schemaWriteModel.Schema))
if err != nil {
return err
}
var v interface{}
if err := json.Unmarshal(s.Data, &v); err != nil {
return zerrors.ThrowInvalidArgument(nil, "COMMAND-7o3ZGxtXUz", "Errors.User.Invalid")
}
if err := schema.Validate(v); err != nil {
return zerrors.ThrowPreconditionFailed(nil, "COMMAND-SlKXqLSeL6", "Errors.UserSchema.Data.Invalid")
}
if s.Email != nil && s.Email.Address != "" { if s.Email != nil && s.Email.Address != "" {
if err := s.Email.Validate(); err != nil { if err := s.Email.Validate(); err != nil {
return err return err
@ -95,19 +56,30 @@ func (c *Commands) getSchemaRoleForWrite(ctx context.Context, resourceOwner, use
return domain_schema.RoleOwner, nil return domain_schema.RoleOwner, nil
} }
func (c *Commands) CreateSchemaUser(ctx context.Context, user *CreateSchemaUser) (*domain.ObjectDetails, error) { func (c *Commands) CreateSchemaUser(ctx context.Context, user *CreateSchemaUser) (_ *domain.ObjectDetails, err error) {
if err := user.Valid(ctx, c); err != nil { if err := user.Valid(); err != nil {
return nil, err return nil, err
} }
writeModel, err := c.getSchemaUserExists(ctx, user.ResourceOwner, user.ID) if user.ID == "" {
user.ID, err = c.idGenerator.Next()
if err != nil {
return nil, err
}
}
writeModel, err := c.getSchemaUserWMForState(ctx, user.ResourceOwner, user.ID)
if err != nil {
return nil, err
}
schemaWriteModel, err := existingSchema(ctx, c, "", user.SchemaID)
if err != nil { if err != nil {
return nil, err return nil, err
} }
events, codeEmail, codePhone, err := writeModel.NewCreated(ctx, events, codeEmail, codePhone, err := writeModel.NewCreated(ctx,
user.SchemaID, schemaWriteModel,
user.schemaRevision,
user.Data, user.Data,
user.Email, user.Email,
user.Phone, user.Phone,
@ -131,7 +103,7 @@ func (c *Commands) DeleteSchemaUser(ctx context.Context, resourceOwner, id strin
if id == "" { if id == "" {
return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-Vs4wJCME7T", "Errors.IDMissing") return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-Vs4wJCME7T", "Errors.IDMissing")
} }
writeModel, err := c.getSchemaUserExists(ctx, resourceOwner, id) writeModel, err := c.getSchemaUserWMForState(ctx, resourceOwner, id)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -187,7 +159,7 @@ func (c *Commands) ChangeSchemaUser(ctx context.Context, user *ChangeSchemaUser)
return nil, err return nil, err
} }
writeModel, err := c.getSchemaUserWriteModelByID(ctx, user.ResourceOwner, user.ID) writeModel, err := c.getSchemaUserWMByID(ctx, user.ResourceOwner, user.ID)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -202,13 +174,10 @@ func (c *Commands) ChangeSchemaUser(ctx context.Context, user *ChangeSchemaUser)
var schemaWM *UserSchemaWriteModel var schemaWM *UserSchemaWriteModel
if user.SchemaUser != nil { if user.SchemaUser != nil {
schemaWriteModel, err := c.getSchemaWriteModelByID(ctx, "", schemaID) schemaWriteModel, err := existingSchema(ctx, c, "", schemaID)
if err != nil { if err != nil {
return nil, err return nil, err
} }
if !schemaWriteModel.Exists() {
return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-VLDTtxT3If", "Errors.UserSchema.NotExists")
}
schemaWM = schemaWriteModel schemaWM = schemaWriteModel
} }
@ -234,107 +203,7 @@ func (c *Commands) ChangeSchemaUser(ctx context.Context, user *ChangeSchemaUser)
return c.pushAppendAndReduceDetails(ctx, writeModel, events...) return c.pushAppendAndReduceDetails(ctx, writeModel, events...)
} }
func (c *Commands) checkPermissionUpdateUserState(ctx context.Context, resourceOwner, userID string) error { func (c *Commands) getSchemaUserWMByID(ctx context.Context, resourceOwner, id string) (*UserV3WriteModel, error) {
return c.checkPermission(ctx, domain.PermissionUserWrite, resourceOwner, userID)
}
func (c *Commands) LockSchemaUser(ctx context.Context, resourceOwner, id string) (*domain.ObjectDetails, error) {
if id == "" {
return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-Eu8I2VAfjF", "Errors.IDMissing")
}
writeModel, err := c.getSchemaUserExists(ctx, resourceOwner, id)
if err != nil {
return nil, err
}
if !writeModel.Exists() || writeModel.Locked {
return nil, zerrors.ThrowNotFound(nil, "COMMAND-G4LOrnjY7q", "Errors.User.NotFound")
}
if err := c.checkPermissionUpdateUserState(ctx, writeModel.ResourceOwner, writeModel.AggregateID); err != nil {
return nil, err
}
if err := c.pushAppendAndReduce(ctx, writeModel,
schemauser.NewLockedEvent(ctx, UserV3AggregateFromWriteModel(&writeModel.WriteModel)),
); err != nil {
return nil, err
}
return writeModelToObjectDetails(&writeModel.WriteModel), nil
}
func (c *Commands) UnlockSchemaUser(ctx context.Context, resourceOwner, id string) (*domain.ObjectDetails, error) {
if id == "" {
return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-krXtYscQZh", "Errors.IDMissing")
}
writeModel, err := c.getSchemaUserExists(ctx, resourceOwner, id)
if err != nil {
return nil, err
}
if !writeModel.Exists() || !writeModel.Locked {
return nil, zerrors.ThrowNotFound(nil, "COMMAND-gpBv46Lh9m", "Errors.User.NotFound")
}
if err := c.checkPermissionUpdateUserState(ctx, writeModel.ResourceOwner, writeModel.AggregateID); err != nil {
return nil, err
}
if err := c.pushAppendAndReduce(ctx, writeModel,
schemauser.NewUnlockedEvent(ctx, UserV3AggregateFromWriteModel(&writeModel.WriteModel)),
); err != nil {
return nil, err
}
return writeModelToObjectDetails(&writeModel.WriteModel), nil
}
func (c *Commands) DeactivateSchemaUser(ctx context.Context, resourceOwner, id string) (*domain.ObjectDetails, error) {
if id == "" {
return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-pjJhge86ZV", "Errors.IDMissing")
}
writeModel, err := c.getSchemaUserExists(ctx, resourceOwner, id)
if err != nil {
return nil, err
}
if writeModel.State != domain.UserStateActive {
return nil, zerrors.ThrowNotFound(nil, "COMMAND-Ob6lR5iFTe", "Errors.User.NotFound")
}
if err := c.checkPermissionUpdateUserState(ctx, writeModel.ResourceOwner, writeModel.AggregateID); err != nil {
return nil, err
}
if err := c.pushAppendAndReduce(ctx, writeModel,
schemauser.NewDeactivatedEvent(ctx, UserV3AggregateFromWriteModel(&writeModel.WriteModel)),
); err != nil {
return nil, err
}
return writeModelToObjectDetails(&writeModel.WriteModel), nil
}
func (c *Commands) ActivateSchemaUser(ctx context.Context, resourceOwner, id string) (*domain.ObjectDetails, error) {
if id == "" {
return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-17XupGvxBJ", "Errors.IDMissing")
}
writeModel, err := c.getSchemaUserExists(ctx, resourceOwner, id)
if err != nil {
return nil, err
}
if writeModel.State != domain.UserStateInactive {
return nil, zerrors.ThrowNotFound(nil, "COMMAND-rQjbBr4J3j", "Errors.User.NotFound")
}
if err := c.checkPermissionUpdateUserState(ctx, writeModel.ResourceOwner, writeModel.AggregateID); err != nil {
return nil, err
}
if err := c.pushAppendAndReduce(ctx, writeModel,
schemauser.NewActivatedEvent(ctx, UserV3AggregateFromWriteModel(&writeModel.WriteModel)),
); err != nil {
return nil, err
}
return writeModelToObjectDetails(&writeModel.WriteModel), nil
}
func (c *Commands) getSchemaUserExists(ctx context.Context, resourceOwner, id string) (*UserV3WriteModel, error) {
writeModel := NewExistsUserV3WriteModel(resourceOwner, id, c.checkPermission)
if err := c.eventstore.FilterToQueryReducer(ctx, writeModel); err != nil {
return nil, err
}
return writeModel, nil
}
func (c *Commands) getSchemaUserWriteModelByID(ctx context.Context, resourceOwner, id string) (*UserV3WriteModel, error) {
writeModel := NewUserV3WriteModel(resourceOwner, id, c.checkPermission) writeModel := NewUserV3WriteModel(resourceOwner, id, c.checkPermission)
if err := c.eventstore.FilterToQueryReducer(ctx, writeModel); err != nil { if err := c.eventstore.FilterToQueryReducer(ctx, writeModel); err != nil {
return nil, err return nil, err
@ -342,18 +211,13 @@ func (c *Commands) getSchemaUserWriteModelByID(ctx context.Context, resourceOwne
return writeModel, nil return writeModel, nil
} }
func (c *Commands) getSchemaUserEmailWriteModelByID(ctx context.Context, resourceOwner, id string) (*UserV3WriteModel, error) { func existingSchema(ctx context.Context, c *Commands, resourceOwner, id string) (*UserSchemaWriteModel, error) {
writeModel := NewUserV3EmailWriteModel(resourceOwner, id, c.checkPermission) writeModel, err := c.getSchemaWriteModelByID(ctx, resourceOwner, id)
if err := c.eventstore.FilterToQueryReducer(ctx, writeModel); err != nil { if err != nil {
return nil, err
}
return writeModel, nil
}
func (c *Commands) getSchemaUserPhoneWriteModelByID(ctx context.Context, resourceOwner, id string) (*UserV3WriteModel, error) {
writeModel := NewUserV3PhoneWriteModel(resourceOwner, id, c.checkPermission)
if err := c.eventstore.FilterToQueryReducer(ctx, writeModel); err != nil {
return nil, err return nil, err
} }
if !writeModel.Exists() {
return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-VLDTtxT3If", "Errors.UserSchema.NotExists")
}
return writeModel, nil return writeModel, nil
} }

14
internal/command/user_v3_email.go
View File

@ -40,7 +40,7 @@ func (c *Commands) ChangeSchemaUserEmail(ctx context.Context, user *ChangeSchema
return nil, err return nil, err
} }
writeModel, err := c.getSchemaUserEmailWriteModelByID(ctx, user.ResourceOwner, user.ID) writeModel, err := c.getSchemaUserWMForEmail(ctx, user.ResourceOwner, user.ID)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -64,7 +64,7 @@ func (c *Commands) VerifySchemaUserEmail(ctx context.Context, resourceOwner, id,
if id == "" { if id == "" {
return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-y3n4Sdu8j5", "Errors.IDMissing") return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-y3n4Sdu8j5", "Errors.IDMissing")
} }
writeModel, err := c.getSchemaUserEmailWriteModelByID(ctx, resourceOwner, id) writeModel, err := c.getSchemaUserWMForEmail(ctx, resourceOwner, id)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -93,7 +93,7 @@ func (c *Commands) ResendSchemaUserEmailCode(ctx context.Context, user *ResendSc
if user.ID == "" { if user.ID == "" {
return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-KvPc5o9GeJ", "Errors.IDMissing") return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-KvPc5o9GeJ", "Errors.IDMissing")
} }
writeModel, err := c.getSchemaUserEmailWriteModelByID(ctx, user.ResourceOwner, user.ID) writeModel, err := c.getSchemaUserWMForEmail(ctx, user.ResourceOwner, user.ID)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -113,3 +113,11 @@ func (c *Commands) ResendSchemaUserEmailCode(ctx context.Context, user *ResendSc
} }
return c.pushAppendAndReduceDetails(ctx, writeModel, events...) return c.pushAppendAndReduceDetails(ctx, writeModel, events...)
} }
func (c *Commands) getSchemaUserWMForEmail(ctx context.Context, resourceOwner, id string) (*UserV3WriteModel, error) {
writeModel := NewUserV3EmailWriteModel(resourceOwner, id, c.checkPermission)
if err := c.eventstore.FilterToQueryReducer(ctx, writeModel); err != nil {
return nil, err
}
return writeModel, nil
}

9
internal/command/user_v3_model.go
View File

@ -217,8 +217,7 @@ func (wm *UserV3WriteModel) Query() *eventstore.SearchQueryBuilder {
func (wm *UserV3WriteModel) NewCreated( func (wm *UserV3WriteModel) NewCreated(
ctx context.Context, ctx context.Context,
schemaID string, schemaWM *UserSchemaWriteModel,
schemaRevision uint64,
data json.RawMessage, data json.RawMessage,
email *Email, email *Email,
phone *Phone, phone *Phone,
@ -230,9 +229,13 @@ func (wm *UserV3WriteModel) NewCreated(
if wm.Exists() { if wm.Exists() {
return nil, "", "", zerrors.ThrowPreconditionFailed(nil, "COMMAND-Nn8CRVlkeZ", "Errors.User.AlreadyExists") return nil, "", "", zerrors.ThrowPreconditionFailed(nil, "COMMAND-Nn8CRVlkeZ", "Errors.User.AlreadyExists")
} }
schemaID, schemaRevision, err := wm.validateData(ctx, data, schemaWM)
if err != nil {
return nil, "", "", err
}
events := []eventstore.Command{ events := []eventstore.Command{
schemauser.NewCreatedEvent(ctx, schemauser.NewCreatedEvent(ctx,
UserV3AggregateFromWriteModel(&wm.WriteModel), UserV3AggregateFromWriteModel(wm.GetWriteModel()),
schemaID, schemaRevision, data, schemaID, schemaRevision, data,
), ),
} }

2
internal/command/user_v3_password.go
View File

@ -61,7 +61,7 @@ func (c *Commands) SetSchemaUserPassword(ctx context.Context, user *SetSchemaUse
resourceOwner := existing.ResourceOwner resourceOwner := existing.ResourceOwner
// when no password was set yet // when no password was set yet
if existing.EncodedHash == "" { if existing.EncodedHash == "" {
existingUser, err := c.getSchemaUserExists(ctx, user.ResourceOwner, user.UserID) existingUser, err := c.getSchemaUserWMForState(ctx, user.ResourceOwner, user.UserID)
if err != nil { if err != nil {
return nil, err return nil, err
} }

14
internal/command/user_v3_phone.go
View File

@ -34,7 +34,7 @@ func (c *Commands) ChangeSchemaUserPhone(ctx context.Context, user *ChangeSchema
return nil, err return nil, err
} }
writeModel, err := c.getSchemaUserPhoneWriteModelByID(ctx, user.ResourceOwner, user.ID) writeModel, err := c.getSchemaUserWMForPhone(ctx, user.ResourceOwner, user.ID)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -58,7 +58,7 @@ func (c *Commands) VerifySchemaUserPhone(ctx context.Context, resourceOwner, id,
if id == "" { if id == "" {
return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-R4LKY44Ke3", "Errors.IDMissing") return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-R4LKY44Ke3", "Errors.IDMissing")
} }
writeModel, err := c.getSchemaUserPhoneWriteModelByID(ctx, resourceOwner, id) writeModel, err := c.getSchemaUserWMForPhone(ctx, resourceOwner, id)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -86,7 +86,7 @@ func (c *Commands) ResendSchemaUserPhoneCode(ctx context.Context, user *ResendSc
if user.ID == "" { if user.ID == "" {
return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-zmxIFR2nMo", "Errors.IDMissing") return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-zmxIFR2nMo", "Errors.IDMissing")
} }
writeModel, err := c.getSchemaUserPhoneWriteModelByID(ctx, user.ResourceOwner, user.ID) writeModel, err := c.getSchemaUserWMForPhone(ctx, user.ResourceOwner, user.ID)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -105,3 +105,11 @@ func (c *Commands) ResendSchemaUserPhoneCode(ctx context.Context, user *ResendSc
} }
return c.pushAppendAndReduceDetails(ctx, writeModel, events...) return c.pushAppendAndReduceDetails(ctx, writeModel, events...)
} }
func (c *Commands) getSchemaUserWMForPhone(ctx context.Context, resourceOwner, id string) (*UserV3WriteModel, error) {
writeModel := NewUserV3PhoneWriteModel(resourceOwner, id, c.checkPermission)
if err := c.eventstore.FilterToQueryReducer(ctx, writeModel); err != nil {
return nil, err
}
return writeModel, nil
}

109
internal/command/user_v3_state.go Normal file
View File

@ -0,0 +1,109 @@
package command
import (
"context"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/repository/user/schemauser"
"github.com/zitadel/zitadel/internal/zerrors"
)
func (c *Commands) LockSchemaUser(ctx context.Context, resourceOwner, id string) (*domain.ObjectDetails, error) {
if id == "" {
return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-Eu8I2VAfjF", "Errors.IDMissing")
}
writeModel, err := c.getSchemaUserWMForState(ctx, resourceOwner, id)
if err != nil {
return nil, err
}
if !writeModel.Exists() || writeModel.Locked {
return nil, zerrors.ThrowNotFound(nil, "COMMAND-G4LOrnjY7q", "Errors.User.NotFound")
}
if err := c.checkPermissionUpdateUserState(ctx, writeModel.ResourceOwner, writeModel.AggregateID); err != nil {
return nil, err
}
if err := c.pushAppendAndReduce(ctx, writeModel,
schemauser.NewLockedEvent(ctx, UserV3AggregateFromWriteModel(&writeModel.WriteModel)),
); err != nil {
return nil, err
}
return writeModelToObjectDetails(&writeModel.WriteModel), nil
}
func (c *Commands) UnlockSchemaUser(ctx context.Context, resourceOwner, id string) (*domain.ObjectDetails, error) {
if id == "" {
return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-krXtYscQZh", "Errors.IDMissing")
}
writeModel, err := c.getSchemaUserWMForState(ctx, resourceOwner, id)
if err != nil {
return nil, err
}
if !writeModel.Exists() || !writeModel.Locked {
return nil, zerrors.ThrowNotFound(nil, "COMMAND-gpBv46Lh9m", "Errors.User.NotFound")
}
if err := c.checkPermissionUpdateUserState(ctx, writeModel.ResourceOwner, writeModel.AggregateID); err != nil {
return nil, err
}
if err := c.pushAppendAndReduce(ctx, writeModel,
schemauser.NewUnlockedEvent(ctx, UserV3AggregateFromWriteModel(&writeModel.WriteModel)),
); err != nil {
return nil, err
}
return writeModelToObjectDetails(&writeModel.WriteModel), nil
}
func (c *Commands) DeactivateSchemaUser(ctx context.Context, resourceOwner, id string) (*domain.ObjectDetails, error) {
if id == "" {
return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-pjJhge86ZV", "Errors.IDMissing")
}
writeModel, err := c.getSchemaUserWMForState(ctx, resourceOwner, id)
if err != nil {
return nil, err
}
if writeModel.State != domain.UserStateActive {
return nil, zerrors.ThrowNotFound(nil, "COMMAND-Ob6lR5iFTe", "Errors.User.NotFound")
}
if err := c.checkPermissionUpdateUserState(ctx, writeModel.ResourceOwner, writeModel.AggregateID); err != nil {
return nil, err
}
if err := c.pushAppendAndReduce(ctx, writeModel,
schemauser.NewDeactivatedEvent(ctx, UserV3AggregateFromWriteModel(&writeModel.WriteModel)),
); err != nil {
return nil, err
}
return writeModelToObjectDetails(&writeModel.WriteModel), nil
}
func (c *Commands) ActivateSchemaUser(ctx context.Context, resourceOwner, id string) (*domain.ObjectDetails, error) {
if id == "" {
return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-17XupGvxBJ", "Errors.IDMissing")
}
writeModel, err := c.getSchemaUserWMForState(ctx, resourceOwner, id)
if err != nil {
return nil, err
}
if writeModel.State != domain.UserStateInactive {
return nil, zerrors.ThrowNotFound(nil, "COMMAND-rQjbBr4J3j", "Errors.User.NotFound")
}
if err := c.checkPermissionUpdateUserState(ctx, writeModel.ResourceOwner, writeModel.AggregateID); err != nil {
return nil, err
}
if err := c.pushAppendAndReduce(ctx, writeModel,
schemauser.NewActivatedEvent(ctx, UserV3AggregateFromWriteModel(&writeModel.WriteModel)),
); err != nil {
return nil, err
}
return writeModelToObjectDetails(&writeModel.WriteModel), nil
}
func (c *Commands) checkPermissionUpdateUserState(ctx context.Context, resourceOwner, userID string) error {
return c.checkPermission(ctx, domain.PermissionUserWrite, resourceOwner, userID)
}
func (c *Commands) getSchemaUserWMForState(ctx context.Context, resourceOwner, id string) (*UserV3WriteModel, error) {
writeModel := NewExistsUserV3WriteModel(resourceOwner, id, c.checkPermission)
if err := c.eventstore.FilterToQueryReducer(ctx, writeModel); err != nil {
return nil, err
}
return writeModel, nil
}

857
internal/command/user_v3_state_test.go Normal file
View File

@ -0,0 +1,857 @@
package command
import (
"context"
"encoding/json"
"errors"
"testing"
"github.com/stretchr/testify/assert"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/eventstore"
"github.com/zitadel/zitadel/internal/repository/user/schemauser"
"github.com/zitadel/zitadel/internal/zerrors"
)
func TestCommandSide_LockSchemaUser(t *testing.T) {
type fields struct {
eventstore func(*testing.T) *eventstore.Eventstore
checkPermission domain.PermissionCheck
}
type (
args struct {
ctx context.Context
orgID string
userID string
}
)
type res struct {
want *domain.ObjectDetails
err func(error) bool
}
tests := []struct {
name string
fields fields
args args
res res
}{
{
name: "userid missing, invalid argument error",
fields: fields{
eventstore: expectEventstore(),
checkPermission: newMockPermissionCheckAllowed(),
},
args: args{
ctx: context.Background(),
userID: "",
},
res: res{
err: func(err error) bool {
return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "COMMAND-Eu8I2VAfjF", "Errors.IDMissing"))
},
},
},
{
name: "user not existing, not found error",
fields: fields{
eventstore: expectEventstore(
expectFilter(),
),
checkPermission: newMockPermissionCheckAllowed(),
},
args: args{
ctx: context.Background(),
userID: "user1",
},
res: res{
err: func(err error) bool {
return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-G4LOrnjY7q", "Errors.User.NotFound"))
},
},
},
{
name: "user removed, not found error",
fields: fields{
eventstore: expectEventstore(
expectFilter(
eventFromEventPusher(
schemauser.NewCreatedEvent(context.Background(),
&schemauser.NewAggregate("user1", "org1").Aggregate,
"schema",
1,
json.RawMessage(`{
"name": "user"
}`),
),
),
eventFromEventPusher(
schemauser.NewDeletedEvent(context.Background(),
&schemauser.NewAggregate("user1", "org1").Aggregate,
),
),
),
),
checkPermission: newMockPermissionCheckAllowed(),
},
args: args{
ctx: context.Background(),
userID: "user1",
},
res: res{
err: func(err error) bool {
return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-G4LOrnjY7q", "Errors.User.NotFound"))
},
},
},
{
name: "user locked, precondition error",
fields: fields{
eventstore: expectEventstore(
expectFilter(
eventFromEventPusher(
schemauser.NewCreatedEvent(context.Background(),
&schemauser.NewAggregate("user1", "org1").Aggregate,
"schema",
1,
json.RawMessage(`{
"name": "user"
}`),
),
),
eventFromEventPusher(
schemauser.NewLockedEvent(context.Background(),
&schemauser.NewAggregate("user1", "org1").Aggregate,
),
),
),
),
checkPermission: newMockPermissionCheckAllowed(),
},
args: args{
ctx: context.Background(),
userID: "user1",
},
res: res{
err: func(err error) bool {
return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-G4LOrnjY7q", "Errors.User.NotFound"))
},
},
},
{
name: "lock user, ok",
fields: fields{
eventstore: expectEventstore(
expectFilter(
eventFromEventPusher(
schemauser.NewCreatedEvent(context.Background(),
&schemauser.NewAggregate("user1", "org1").Aggregate,
"schema",
1,
json.RawMessage(`{
"name": "user"
}`),
),
),
),
expectPush(
schemauser.NewLockedEvent(context.Background(),
&schemauser.NewAggregate("user1", "org1").Aggregate,
),
),
),
checkPermission: newMockPermissionCheckAllowed(),
},
args: args{
ctx: context.Background(),
userID: "user1",
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "org1",
},
},
},
{
name: "lock user, no permission",
fields: fields{
eventstore: expectEventstore(
expectFilter(
eventFromEventPusher(
schemauser.NewCreatedEvent(context.Background(),
&schemauser.NewAggregate("user1", "org1").Aggregate,
"schema",
1,
json.RawMessage(`{
"name": "user"
}`),
),
),
),
),
checkPermission: newMockPermissionCheckNotAllowed(),
},
args: args{
ctx: context.Background(),
userID: "user1",
},
res: res{
err: func(err error) bool {
return errors.Is(err, zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"))
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
r := &Commands{
eventstore: tt.fields.eventstore(t),
checkPermission: tt.fields.checkPermission,
}
got, err := r.LockSchemaUser(tt.args.ctx, tt.args.orgID, tt.args.userID)
if tt.res.err == nil {
assert.NoError(t, err)
}
if tt.res.err != nil && !tt.res.err(err) {
t.Errorf("got wrong err: %v ", err)
}
if tt.res.err == nil {
assertObjectDetails(t, tt.res.want, got)
}
})
}
}
func TestCommandSide_UnlockSchemaUser(t *testing.T) {
type fields struct {
eventstore func(*testing.T) *eventstore.Eventstore
checkPermission domain.PermissionCheck
}
type (
args struct {
ctx context.Context
orgID string
userID string
}
)
type res struct {
want *domain.ObjectDetails
err func(error) bool
}
tests := []struct {
name string
fields fields
args args
res res
}{
{
name: "userid missing, invalid argument error",
fields: fields{
eventstore: expectEventstore(),
checkPermission: newMockPermissionCheckAllowed(),
},
args: args{
ctx: context.Background(),
userID: "",
},
res: res{
err: func(err error) bool {
return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "COMMAND-krXtYscQZh", "Errors.IDMissing"))
},
},
},
{
name: "user not existing, not found error",
fields: fields{
eventstore: expectEventstore(
expectFilter(),
),
checkPermission: newMockPermissionCheckAllowed(),
},
args: args{
ctx: context.Background(),
userID: "user1",
},
res: res{
err: func(err error) bool {
return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-gpBv46Lh9m", "Errors.User.NotFound"))
},
},
},
{
name: "user removed, not found error",
fields: fields{
eventstore: expectEventstore(
expectFilter(
eventFromEventPusher(
schemauser.NewCreatedEvent(context.Background(),
&schemauser.NewAggregate("user1", "org1").Aggregate,
"schema",
1,
json.RawMessage(`{
"name": "user"
}`),
),
),
eventFromEventPusher(
schemauser.NewDeletedEvent(context.Background(),
&schemauser.NewAggregate("user1", "org1").Aggregate,
),
),
),
),
checkPermission: newMockPermissionCheckAllowed(),
},
args: args{
ctx: context.Background(),
userID: "user1",
},
res: res{
err: func(err error) bool {
return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-gpBv46Lh9m", "Errors.User.NotFound"))
},
},
},
{
name: "user not locked, precondition error",
fields: fields{
eventstore: expectEventstore(
expectFilter(
eventFromEventPusher(
schemauser.NewCreatedEvent(context.Background(),
&schemauser.NewAggregate("user1", "org1").Aggregate,
"schema",
1,
json.RawMessage(`{
"name": "user"
}`),
),
),
),
),
checkPermission: newMockPermissionCheckAllowed(),
},
args: args{
ctx: context.Background(),
userID: "user1",
},
res: res{
err: func(err error) bool {
return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-gpBv46Lh9m", "Errors.User.NotFound"))
},
},
},
{
name: "unlock user, ok",
fields: fields{
eventstore: expectEventstore(
expectFilter(
eventFromEventPusher(
schemauser.NewCreatedEvent(context.Background(),
&schemauser.NewAggregate("user1", "org1").Aggregate,
"schema",
1,
json.RawMessage(`{
"name": "user"
}`),
),
),
eventFromEventPusher(
schemauser.NewLockedEvent(context.Background(),
&schemauser.NewAggregate("user1", "org1").Aggregate,
),
),
),
expectPush(
schemauser.NewUnlockedEvent(context.Background(),
&schemauser.NewAggregate("user1", "org1").Aggregate,
),
),
),
checkPermission: newMockPermissionCheckAllowed(),
},
args: args{
ctx: context.Background(),
userID: "user1",
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "org1",
},
},
},
{
name: "unlock user, no permission",
fields: fields{
eventstore: expectEventstore(
expectFilter(
eventFromEventPusher(
schemauser.NewCreatedEvent(context.Background(),
&schemauser.NewAggregate("user1", "org1").Aggregate,
"schema",
1,
json.RawMessage(`{
"name": "user"
}`),
),
),
eventFromEventPusher(
schemauser.NewLockedEvent(context.Background(),
&schemauser.NewAggregate("user1", "org1").Aggregate,
),
),
),
),
checkPermission: newMockPermissionCheckNotAllowed(),
},
args: args{
ctx: context.Background(),
userID: "user1",
},
res: res{
err: func(err error) bool {
return errors.Is(err, zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"))
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
r := &Commands{
eventstore: tt.fields.eventstore(t),
checkPermission: tt.fields.checkPermission,
}
got, err := r.UnlockSchemaUser(tt.args.ctx, tt.args.orgID, tt.args.userID)
if tt.res.err == nil {
assert.NoError(t, err)
}
if tt.res.err != nil && !tt.res.err(err) {
t.Errorf("got wrong err: %v ", err)
}
if tt.res.err == nil {
assertObjectDetails(t, tt.res.want, got)
}
})
}
}
func TestCommandSide_DeactivateSchemaUser(t *testing.T) {
type fields struct {
eventstore func(*testing.T) *eventstore.Eventstore
checkPermission domain.PermissionCheck
}
type (
args struct {
ctx context.Context
orgID string
userID string
}
)
type res struct {
want *domain.ObjectDetails
err func(error) bool
}
tests := []struct {
name string
fields fields
args args
res res
}{
{
name: "userid missing, invalid argument error",
fields: fields{
eventstore: expectEventstore(),
checkPermission: newMockPermissionCheckAllowed(),
},
args: args{
ctx: context.Background(),
userID: "",
},
res: res{
err: func(err error) bool {
return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "COMMAND-pjJhge86ZV", "Errors.IDMissing"))
},
},
},
{
name: "user not existing, not found error",
fields: fields{
eventstore: expectEventstore(
expectFilter(),
),
checkPermission: newMockPermissionCheckAllowed(),
},
args: args{
ctx: context.Background(),
userID: "user1",
},
res: res{
err: func(err error) bool {
return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-Ob6lR5iFTe", "Errors.User.NotFound"))
},
},
},
{
name: "user removed, not found error",
fields: fields{
eventstore: expectEventstore(
expectFilter(
eventFromEventPusher(
schemauser.NewCreatedEvent(context.Background(),
&schemauser.NewAggregate("user1", "org1").Aggregate,
"schema",
1,
json.RawMessage(`{
"name": "user"
}`),
),
),
eventFromEventPusher(
schemauser.NewDeletedEvent(context.Background(),
&schemauser.NewAggregate("user1", "org1").Aggregate,
),
),
),
),
checkPermission: newMockPermissionCheckAllowed(),
},
args: args{
ctx: context.Background(),
userID: "user1",
},
res: res{
err: func(err error) bool {
return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-Ob6lR5iFTe", "Errors.User.NotFound"))
},
},
},
{
name: "user not active, precondition error",
fields: fields{
eventstore: expectEventstore(
expectFilter(
eventFromEventPusher(
schemauser.NewCreatedEvent(context.Background(),
&schemauser.NewAggregate("user1", "org1").Aggregate,
"schema",
1,
json.RawMessage(`{
"name": "user"
}`),
),
),
eventFromEventPusher(
schemauser.NewDeactivatedEvent(context.Background(),
&schemauser.NewAggregate("user1", "org1").Aggregate,
),
),
),
),
checkPermission: newMockPermissionCheckAllowed(),
},
args: args{
ctx: context.Background(),
userID: "user1",
},
res: res{
err: func(err error) bool {
return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-Ob6lR5iFTe", "Errors.User.NotFound"))
},
},
},
{
name: "deactivate user, ok",
fields: fields{
eventstore: expectEventstore(
expectFilter(
eventFromEventPusher(
schemauser.NewCreatedEvent(context.Background(),
&schemauser.NewAggregate("user1", "org1").Aggregate,
"schema",
1,
json.RawMessage(`{
"name": "user"
}`),
),
),
),
expectPush(
schemauser.NewDeactivatedEvent(context.Background(),
&schemauser.NewAggregate("user1", "org1").Aggregate,
),
),
),
checkPermission: newMockPermissionCheckAllowed(),
},
args: args{
ctx: context.Background(),
userID: "user1",
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "org1",
},
},
},
{
name: "deactivate user, no permission",
fields: fields{
eventstore: expectEventstore(
expectFilter(
eventFromEventPusher(
schemauser.NewCreatedEvent(context.Background(),
&schemauser.NewAggregate("user1", "org1").Aggregate,
"schema",
1,
json.RawMessage(`{
"name": "user"
}`),
),
),
),
),
checkPermission: newMockPermissionCheckNotAllowed(),
},
args: args{
ctx: context.Background(),
userID: "user1",
},
res: res{
err: func(err error) bool {
return errors.Is(err, zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"))
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
r := &Commands{
eventstore: tt.fields.eventstore(t),
checkPermission: tt.fields.checkPermission,
}
got, err := r.DeactivateSchemaUser(tt.args.ctx, tt.args.orgID, tt.args.userID)
if tt.res.err == nil {
assert.NoError(t, err)
}
if tt.res.err != nil && !tt.res.err(err) {
t.Errorf("got wrong err: %v ", err)
}
if tt.res.err == nil {
assertObjectDetails(t, tt.res.want, got)
}
})
}
}
func TestCommandSide_ReactivateSchemaUser(t *testing.T) {
type fields struct {
eventstore func(*testing.T) *eventstore.Eventstore
checkPermission domain.PermissionCheck
}
type (
args struct {
ctx context.Context
orgID string
userID string
}
)
type res struct {
want *domain.ObjectDetails
err func(error) bool
}
tests := []struct {
name string
fields fields
args args
res res
}{
{
name: "userid missing, invalid argument error",
fields: fields{
eventstore: expectEventstore(),
checkPermission: newMockPermissionCheckAllowed(),
},
args: args{
ctx: context.Background(),
userID: "",
},
res: res{
err: func(err error) bool {
return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "COMMAND-17XupGvxBJ", "Errors.IDMissing"))
},
},
},
{
name: "user not existing, not found error",
fields: fields{
eventstore: expectEventstore(
expectFilter(),
),
checkPermission: newMockPermissionCheckAllowed(),
},
args: args{
ctx: context.Background(),
userID: "user1",
},
res: res{
err: func(err error) bool {
return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-rQjbBr4J3j", "Errors.User.NotFound"))
},
},
},
{
name: "user removed, not found error",
fields: fields{
eventstore: expectEventstore(
expectFilter(
eventFromEventPusher(
schemauser.NewCreatedEvent(context.Background(),
&schemauser.NewAggregate("user1", "org1").Aggregate,
"schema",
1,
json.RawMessage(`{
"name": "user"
}`),
),
),
eventFromEventPusher(
schemauser.NewDeletedEvent(context.Background(),
&schemauser.NewAggregate("user1", "org1").Aggregate,
),
),
),
),
checkPermission: newMockPermissionCheckAllowed(),
},
args: args{
ctx: context.Background(),
userID: "user1",
},
res: res{
err: func(err error) bool {
return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-rQjbBr4J3j", "Errors.User.NotFound"))
},
},
},
{
name: "user not inactive, precondition error",
fields: fields{
eventstore: expectEventstore(
expectFilter(
eventFromEventPusher(
schemauser.NewCreatedEvent(context.Background(),
&schemauser.NewAggregate("user1", "org1").Aggregate,
"schema",
1,
json.RawMessage(`{
"name": "user"
}`),
),
),
),
),
checkPermission: newMockPermissionCheckAllowed(),
},
args: args{
ctx: context.Background(),
userID: "user1",
},
res: res{
err: func(err error) bool {
return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-rQjbBr4J3j", "Errors.User.NotFound"))
},
},
},
{
name: "activate user, ok",
fields: fields{
eventstore: expectEventstore(
expectFilter(
eventFromEventPusher(
schemauser.NewCreatedEvent(context.Background(),
&schemauser.NewAggregate("user1", "org1").Aggregate,
"schema",
1,
json.RawMessage(`{
"name": "user"
}`),
),
),
eventFromEventPusher(
schemauser.NewDeactivatedEvent(context.Background(),
&schemauser.NewAggregate("user1", "org1").Aggregate,
),
),
),
expectPush(
schemauser.NewActivatedEvent(context.Background(),
&schemauser.NewAggregate("user1", "org1").Aggregate,
),
),
),
checkPermission: newMockPermissionCheckAllowed(),
},
args: args{
ctx: context.Background(),
userID: "user1",
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "org1",
},
},
},
{
name: "activate user, no permission",
fields: fields{
eventstore: expectEventstore(
expectFilter(
eventFromEventPusher(
schemauser.NewCreatedEvent(context.Background(),
&schemauser.NewAggregate("user1", "org1").Aggregate,
"schema",
1,
json.RawMessage(`{
"name": "user"
}`),
),
),
eventFromEventPusher(
schemauser.NewDeactivatedEvent(context.Background(),
&schemauser.NewAggregate("user1", "org1").Aggregate,
),
),
),
),
checkPermission: newMockPermissionCheckNotAllowed(),
},
args: args{
ctx: context.Background(),
userID: "user1",
},
res: res{
err: func(err error) bool {
return errors.Is(err, zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"))
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
r := &Commands{
eventstore: tt.fields.eventstore(t),
checkPermission: tt.fields.checkPermission,
}
got, err := r.ActivateSchemaUser(tt.args.ctx, tt.args.orgID, tt.args.userID)
if tt.res.err == nil {
assert.NoError(t, err)
}
if tt.res.err != nil && !tt.res.err(err) {
t.Errorf("got wrong err: %v ", err)
}
if tt.res.err == nil {
assertObjectDetails(t, tt.res.want, got)
}
})
}
}

1138
internal/command/user_v3_test.go
View File

File diff suppressed because it is too large Load Diff

2
internal/command/user_v3_username.go
View File

@ -82,7 +82,7 @@ func existingSchemaUserWithPermission(ctx context.Context, c *Commands, resource
if userID == "" { if userID == "" {
return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-aS3Vz5t6BS", "Errors.IDMissing") return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-aS3Vz5t6BS", "Errors.IDMissing")
} }
existingUser, err := c.getSchemaUserExists(ctx, resourceOwner, userID) existingUser, err := c.getSchemaUserWMForState(ctx, resourceOwner, userID)
if err != nil { if err != nil {
return nil, err return nil, err
} }