TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-12 02:54:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: cleanup command/crypto (#5883)

Browse Source 
* chore: cleanup command/crypto

* cleanup unused function mockEmailCode
This commit is contained in:
Tim Möhlmann 2023-07-10 11:07:10 +03:00 committed by GitHub
parent 40a073fd33
commit 112f672266
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 70 additions and 162 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
internal/command/command.go
View File

@ -110,7 +110,7 @@ func StartCommands(
webauthnConfig: webAuthN, webauthnConfig: webAuthN,
httpClient: httpClient, httpClient: httpClient,
checkPermission: permissionCheck, checkPermission: permissionCheck,
newCode: newCryptoCodeWithExpiry, newCode: newCryptoCode,
sessionTokenCreator: sessionTokenCreator(idGenerator, sessionAlg), sessionTokenCreator: sessionTokenCreator(idGenerator, sessionAlg),
sessionTokenVerifier: sessionTokenVerifier, sessionTokenVerifier: sessionTokenVerifier,
} }

16
internal/command/crypto.go
View File

@ -10,15 +10,15 @@ import (
"github.com/zitadel/zitadel/internal/errors" "github.com/zitadel/zitadel/internal/errors"
) )
type cryptoCodeFunc func(ctx context.Context, filter preparation.FilterToQueryReducer, typ domain.SecretGeneratorType, alg crypto.Crypto) (*CryptoCodeWithExpiry, error) type cryptoCodeFunc func(ctx context.Context, filter preparation.FilterToQueryReducer, typ domain.SecretGeneratorType, alg crypto.Crypto) (*CryptoCode, error)
type CryptoCodeWithExpiry struct { type CryptoCode struct {
Crypted *crypto.CryptoValue Crypted *crypto.CryptoValue
Plain string Plain string
Expiry time.Duration Expiry time.Duration
} }
func newCryptoCodeWithExpiry(ctx context.Context, filter preparation.FilterToQueryReducer, typ domain.SecretGeneratorType, alg crypto.Crypto) (*CryptoCodeWithExpiry, error) { func newCryptoCode(ctx context.Context, filter preparation.FilterToQueryReducer, typ domain.SecretGeneratorType, alg crypto.Crypto) (*CryptoCode, error) {
gen, config, err := secretGenerator(ctx, filter, typ, alg) gen, config, err := secretGenerator(ctx, filter, typ, alg)
if err != nil { if err != nil {
return nil, err return nil, err
@ -27,7 +27,7 @@ func newCryptoCodeWithExpiry(ctx context.Context, filter preparation.FilterToQue
if err != nil { if err != nil {
return nil, err return nil, err
} }
return &CryptoCodeWithExpiry{ return &CryptoCode{
Crypted: crypted, Crypted: crypted,
Plain: plain, Plain: plain,
Expiry: config.Expiry, Expiry: config.Expiry,
@ -42,14 +42,6 @@ func verifyCryptoCode(ctx context.Context, filter preparation.FilterToQueryReduc
return crypto.VerifyCode(creation, expiry, crypted, plain, gen) return crypto.VerifyCode(creation, expiry, crypted, plain, gen)
} }
func newCryptoCodeWithPlain(ctx context.Context, filter preparation.FilterToQueryReducer, typ domain.SecretGeneratorType, alg crypto.Crypto) (value *crypto.CryptoValue, plain string, err error) {
gen, _, err := secretGenerator(ctx, filter, typ, alg)
if err != nil {
return nil, "", err
}
return crypto.NewCode(gen)
}
func secretGenerator(ctx context.Context, filter preparation.FilterToQueryReducer, typ domain.SecretGeneratorType, alg crypto.Crypto) (crypto.Generator, *crypto.GeneratorConfig, error) { func secretGenerator(ctx context.Context, filter preparation.FilterToQueryReducer, typ domain.SecretGeneratorType, alg crypto.Crypto) (crypto.Generator, *crypto.GeneratorConfig, error) {
config, err := secretGeneratorConfig(ctx, filter, typ) config, err := secretGeneratorConfig(ctx, filter, typ)
if err != nil { if err != nil {

8
internal/command/crypto_test.go
View File

@ -19,8 +19,8 @@ import (
) )
func mockCode(code string, exp time.Duration) cryptoCodeFunc { func mockCode(code string, exp time.Duration) cryptoCodeFunc {
return func(ctx context.Context, filter preparation.FilterToQueryReducer, _ domain.SecretGeneratorType, alg crypto.Crypto) (*CryptoCodeWithExpiry, error) { return func(ctx context.Context, filter preparation.FilterToQueryReducer, _ domain.SecretGeneratorType, alg crypto.Crypto) (*CryptoCode, error) {
return &CryptoCodeWithExpiry{ return &CryptoCode{
Crypted: &crypto.CryptoValue{ Crypted: &crypto.CryptoValue{
CryptoType: crypto.TypeEncryption, CryptoType: crypto.TypeEncryption,
Algorithm: "enc", Algorithm: "enc",
@ -89,7 +89,7 @@ func Test_newCryptoCode(t *testing.T) {
} }
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {
got, err := newCryptoCodeWithExpiry(context.Background(), tt.eventstore.Filter, tt.args.typ, tt.args.alg) got, err := newCryptoCode(context.Background(), tt.eventstore.Filter, tt.args.typ, tt.args.alg)
require.ErrorIs(t, err, tt.wantErr) require.ErrorIs(t, err, tt.wantErr)
if tt.wantErr == nil { if tt.wantErr == nil {
require.NotNil(t, got) require.NotNil(t, got)
@ -105,7 +105,7 @@ func Test_verifyCryptoCode(t *testing.T) {
es := eventstoreExpect(t, expectFilter( es := eventstoreExpect(t, expectFilter(
eventFromEventPusher(testSecretGeneratorAddedEvent(domain.SecretGeneratorTypeVerifyEmailCode)), eventFromEventPusher(testSecretGeneratorAddedEvent(domain.SecretGeneratorTypeVerifyEmailCode)),
)) ))
code, err := newCryptoCodeWithExpiry(context.Background(), es.Filter, domain.SecretGeneratorTypeVerifyEmailCode, crypto.CreateMockHashAlg(gomock.NewController(t))) code, err := newCryptoCode(context.Background(), es.Filter, domain.SecretGeneratorTypeVerifyEmailCode, crypto.CreateMockHashAlg(gomock.NewController(t)))
require.NoError(t, err) require.NoError(t, err)
type args struct { type args struct {

2
internal/command/email.go
View File

@ -23,6 +23,6 @@ func (e *Email) Validate() error {
return e.Address.Validate() return e.Address.Validate()
} }
func (c *Commands) newEmailCode(ctx context.Context, filter preparation.FilterToQueryReducer, alg crypto.EncryptionAlgorithm) (*CryptoCodeWithExpiry, error) { func (c *Commands) newEmailCode(ctx context.Context, filter preparation.FilterToQueryReducer, alg crypto.EncryptionAlgorithm) (*CryptoCode, error) {
return c.newCode(ctx, filter, domain.SecretGeneratorTypeVerifyEmailCode, alg) return c.newCode(ctx, filter, domain.SecretGeneratorTypeVerifyEmailCode, alg)
} }

4
internal/command/phone.go
View File

@ -13,6 +13,6 @@ type Phone struct {
Verified bool Verified bool
} }
func newPhoneCode(ctx context.Context, filter preparation.FilterToQueryReducer, alg crypto.EncryptionAlgorithm) (*CryptoCodeWithExpiry, error) { func (c *Commands) newPhoneCode(ctx context.Context, filter preparation.FilterToQueryReducer, alg crypto.EncryptionAlgorithm) (*CryptoCode, error) {
return newCryptoCodeWithExpiry(ctx, filter, domain.SecretGeneratorTypeVerifyPhoneCode, alg) return c.newCode(ctx, filter, domain.SecretGeneratorTypeVerifyPhoneCode, alg)
} }

4
internal/command/project_application.go
View File

@ -16,8 +16,8 @@ type AddApp struct {
Name string Name string
} }
func newAppClientSecret(ctx context.Context, filter preparation.FilterToQueryReducer, alg crypto.HashAlgorithm) (value *crypto.CryptoValue, plain string, err error) { func (c *Commands) newAppClientSecret(ctx context.Context, filter preparation.FilterToQueryReducer, alg crypto.HashAlgorithm) (*CryptoCode, error) {
return newCryptoCodeWithPlain(ctx, filter, domain.SecretGeneratorTypeAppSecret, alg) return c.newCode(ctx, filter, domain.SecretGeneratorTypeAppSecret, alg)
} }
func (c *Commands) ChangeApplication(ctx context.Context, projectID string, appChange domain.Application, resourceOwner string) (*domain.ObjectDetails, error) { func (c *Commands) ChangeApplication(ctx context.Context, projectID string, appChange domain.Application, resourceOwner string) (*domain.ObjectDetails, error) {

3
internal/command/project_application_api.go
View File

@ -44,10 +44,11 @@ func (c *Commands) AddAPIAppCommand(app *addAPIApp, clientSecretAlg crypto.HashA
} }
if app.AuthMethodType == domain.APIAuthMethodTypeBasic { if app.AuthMethodType == domain.APIAuthMethodTypeBasic {
app.ClientSecret, app.ClientSecretPlain, err = newAppClientSecret(ctx, filter, clientSecretAlg) code, err := c.newAppClientSecret(ctx, filter, clientSecretAlg)
if err != nil { if err != nil {
return nil, err return nil, err
} }
app.ClientSecret, app.ClientSecretPlain = code.Crypted, code.Plain
} }
return []eventstore.Command{ return []eventstore.Command{

3
internal/command/project_application_oidc.go
View File

@ -77,10 +77,11 @@ func (c *Commands) AddOIDCAppCommand(app *addOIDCApp, clientSecretAlg crypto.Has
} }
if app.AuthMethodType == domain.OIDCAuthMethodTypeBasic || app.AuthMethodType == domain.OIDCAuthMethodTypePost { if app.AuthMethodType == domain.OIDCAuthMethodTypeBasic || app.AuthMethodType == domain.OIDCAuthMethodTypePost {
app.ClientSecret, app.ClientSecretPlain, err = newAppClientSecret(ctx, filter, clientSecretAlg) code, err := c.newAppClientSecret(ctx, filter, clientSecretAlg)
if err != nil { if err != nil {
return nil, err return nil, err
} }
app.ClientSecret, app.ClientSecretPlain = code.Crypted, code.Plain
} }
return []eventstore.Command{ return []eventstore.Command{

4
internal/command/user.go
View File

@ -439,8 +439,8 @@ func ExistsUser(ctx context.Context, filter preparation.FilterToQueryReducer, id
return exists, nil return exists, nil
} }
func newUserInitCode(ctx context.Context, filter preparation.FilterToQueryReducer, alg crypto.EncryptionAlgorithm) (*CryptoCodeWithExpiry, error) { func (c *Commands) newUserInitCode(ctx context.Context, filter preparation.FilterToQueryReducer, alg crypto.EncryptionAlgorithm) (*CryptoCode, error) {
return newCryptoCodeWithExpiry(ctx, filter, domain.SecretGeneratorTypeInitCode, alg) return c.newCode(ctx, filter, domain.SecretGeneratorTypeInitCode, alg)
} }
func userWriteModelByID(ctx context.Context, filter preparation.FilterToQueryReducer, userID, resourceOwner string) (*UserWriteModel, error) { func userWriteModelByID(ctx context.Context, filter preparation.FilterToQueryReducer, userID, resourceOwner string) (*UserWriteModel, error) {

4
internal/command/user_human.go
View File

@ -258,7 +258,7 @@ func (c *Commands) addHumanCommandEmail(ctx context.Context, filter preparation.
// email not verified or // email not verified or
// user not registered and password set // user not registered and password set
if allowInitMail && human.shouldAddInitCode() { if allowInitMail && human.shouldAddInitCode() {
initCode, err := newUserInitCode(ctx, filter, codeAlg) initCode, err := c.newUserInitCode(ctx, filter, codeAlg)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -292,7 +292,7 @@ func (c *Commands) addHumanCommandPhone(ctx context.Context, filter preparation.
if human.Phone.Verified { if human.Phone.Verified {
return append(cmds, user.NewHumanPhoneVerifiedEvent(ctx, &a.Aggregate)), nil return append(cmds, user.NewHumanPhoneVerifiedEvent(ctx, &a.Aggregate)), nil
} }
phoneCode, err := newPhoneCode(ctx, filter, codeAlg) phoneCode, err := c.newPhoneCode(ctx, filter, codeAlg)
if err != nil { if err != nil {
return nil, err return nil, err
} }

149
internal/command/user_human_test.go
View File

@ -20,14 +20,13 @@ import (
"github.com/zitadel/zitadel/internal/eventstore/v1/models" "github.com/zitadel/zitadel/internal/eventstore/v1/models"
"github.com/zitadel/zitadel/internal/id" "github.com/zitadel/zitadel/internal/id"
id_mock "github.com/zitadel/zitadel/internal/id/mock" id_mock "github.com/zitadel/zitadel/internal/id/mock"
"github.com/zitadel/zitadel/internal/repository/instance"
"github.com/zitadel/zitadel/internal/repository/org" "github.com/zitadel/zitadel/internal/repository/org"
"github.com/zitadel/zitadel/internal/repository/user" "github.com/zitadel/zitadel/internal/repository/user"
) )
func TestCommandSide_AddHuman(t *testing.T) { func TestCommandSide_AddHuman(t *testing.T) {
type fields struct { type fields struct {
eventstore *eventstore.Eventstore eventstore func(t *testing.T) *eventstore.Eventstore
idGenerator id.Generator idGenerator id.Generator
userPasswordAlg crypto.HashAlgorithm userPasswordAlg crypto.HashAlgorithm
codeAlg crypto.EncryptionAlgorithm codeAlg crypto.EncryptionAlgorithm
@ -48,7 +47,6 @@ func TestCommandSide_AddHuman(t *testing.T) {
} }
userAgg := user.NewAggregate("user1", "org1") userAgg := user.NewAggregate("user1", "org1")
instanceAgg := instance.NewAggregate("instance")
tests := []struct { tests := []struct {
name string name string
@ -59,9 +57,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
{ {
name: "orgid missing, invalid argument error", name: "orgid missing, invalid argument error",
fields: fields{ fields: fields{
eventstore: eventstoreExpect( eventstore: expectEventstore(),
t,
),
}, },
args: args{ args: args{
ctx: context.Background(), ctx: context.Background(),
@ -85,9 +81,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
{ {
name: "user invalid, invalid argument error", name: "user invalid, invalid argument error",
fields: fields{ fields: fields{
eventstore: eventstoreExpect( eventstore: expectEventstore(),
t,
),
}, },
args: args{ args: args{
ctx: context.Background(), ctx: context.Background(),
@ -107,8 +101,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
{ {
name: "with id, already exists, precondition error", name: "with id, already exists, precondition error",
fields: fields{ fields: fields{
eventstore: eventstoreExpect( eventstore: expectEventstore(
t,
expectFilter( expectFilter(
eventFromEventPusher( eventFromEventPusher(
newAddHumanEvent("password", true, ""), newAddHumanEvent("password", true, ""),
@ -141,8 +134,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
name: "domain policy not found, precondition error", name: "domain policy not found, precondition error",
fields: fields{ fields: fields{
idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"),
eventstore: eventstoreExpect( eventstore: expectEventstore(
t,
expectFilter(), expectFilter(),
expectFilter(), expectFilter(),
expectFilter(), expectFilter(),
@ -172,8 +164,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
name: "password policy not found, precondition error", name: "password policy not found, precondition error",
fields: fields{ fields: fields{
idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"),
eventstore: eventstoreExpect( eventstore: expectEventstore(
t,
expectFilter(), expectFilter(),
expectFilter( expectFilter(
eventFromEventPusher( eventFromEventPusher(
@ -214,8 +205,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
{ {
name: "add human (with initial code), ok", name: "add human (with initial code), ok",
fields: fields{ fields: fields{
eventstore: eventstoreExpect( eventstore: expectEventstore(
t,
expectFilter(), expectFilter(),
expectFilter( expectFilter(
eventFromEventPusher( eventFromEventPusher(
@ -227,21 +217,6 @@ func TestCommandSide_AddHuman(t *testing.T) {
), ),
), ),
), ),
expectFilter(
eventFromEventPusher(
instance.NewSecretGeneratorAddedEvent(
context.Background(),
&instanceAgg.Aggregate,
domain.SecretGeneratorTypeInitCode,
0,
1*time.Hour,
true,
true,
true,
true,
),
),
),
expectPush( expectPush(
[]*repository.Event{ []*repository.Event{
eventFromEventPusher( eventFromEventPusher(
@ -265,7 +240,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
CryptoType: crypto.TypeEncryption, CryptoType: crypto.TypeEncryption,
Algorithm: "enc", Algorithm: "enc",
KeyID: "id", KeyID: "id",
Crypted: []byte(""), Crypted: []byte("userinit"),
}, },
time.Hour*1, time.Hour*1,
), ),
@ -276,6 +251,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
), ),
idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"),
codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
newCode: mockCode("userinit", time.Hour),
}, },
args: args{ args: args{
ctx: context.Background(), ctx: context.Background(),
@ -304,8 +280,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
{ {
name: "add human (with password and initial code), ok", name: "add human (with password and initial code), ok",
fields: fields{ fields: fields{
eventstore: eventstoreExpect( eventstore: expectEventstore(
t,
expectFilter(), expectFilter(),
expectFilter( expectFilter(
eventFromEventPusher( eventFromEventPusher(
@ -329,21 +304,6 @@ func TestCommandSide_AddHuman(t *testing.T) {
), ),
), ),
), ),
expectFilter(
eventFromEventPusher(
instance.NewSecretGeneratorAddedEvent(
context.Background(),
&instanceAgg.Aggregate,
domain.SecretGeneratorTypeInitCode,
0,
1*time.Hour,
true,
true,
true,
true,
),
),
),
expectPush( expectPush(
[]*repository.Event{ []*repository.Event{
eventFromEventPusher( eventFromEventPusher(
@ -356,7 +316,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
CryptoType: crypto.TypeEncryption, CryptoType: crypto.TypeEncryption,
Algorithm: "enc", Algorithm: "enc",
KeyID: "id", KeyID: "id",
Crypted: []byte(""), Crypted: []byte("userinit"),
}, },
1*time.Hour, 1*time.Hour,
), ),
@ -368,6 +328,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"),
userPasswordAlg: crypto.CreateMockHashAlg(gomock.NewController(t)), userPasswordAlg: crypto.CreateMockHashAlg(gomock.NewController(t)),
codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
newCode: mockCode("userinit", time.Hour),
}, },
args: args{ args: args{
ctx: context.Background(), ctx: context.Background(),
@ -395,8 +356,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
{ {
name: "add human (with password and email code custom template), ok", name: "add human (with password and email code custom template), ok",
fields: fields{ fields: fields{
eventstore: eventstoreExpect( eventstore: expectEventstore(
t,
expectFilter(), expectFilter(),
expectFilter( expectFilter(
eventFromEventPusher( eventFromEventPusher(
@ -475,8 +435,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
{ {
name: "add human (with password and return email code), ok", name: "add human (with password and return email code), ok",
fields: fields{ fields: fields{
eventstore: eventstoreExpect( eventstore: expectEventstore(
t,
expectFilter(), expectFilter(),
expectFilter( expectFilter(
eventFromEventPusher( eventFromEventPusher(
@ -556,8 +515,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
{ {
name: "add human email verified, ok", name: "add human email verified, ok",
fields: fields{ fields: fields{
eventstore: eventstoreExpect( eventstore: expectEventstore(
t,
expectFilter(), expectFilter(),
expectFilter( expectFilter(
eventFromEventPusher( eventFromEventPusher(
@ -626,8 +584,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
{ {
name: "add human email verified, trim spaces, ok", name: "add human email verified, trim spaces, ok",
fields: fields{ fields: fields{
eventstore: eventstoreExpect( eventstore: expectEventstore(
t,
expectFilter(), expectFilter(),
expectFilter( expectFilter(
eventFromEventPusher( eventFromEventPusher(
@ -696,8 +653,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
{ {
name: "add human, email verified, userLoginMustBeDomain false, ok", name: "add human, email verified, userLoginMustBeDomain false, ok",
fields: fields{ fields: fields{
eventstore: eventstoreExpect( eventstore: expectEventstore(
t,
expectFilter(), expectFilter(),
expectFilter( expectFilter(
eventFromEventPusher( eventFromEventPusher(
@ -766,8 +722,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
{ {
name: "add human claimed domain, userLoginMustBeDomain false, error", name: "add human claimed domain, userLoginMustBeDomain false, error",
fields: fields{ fields: fields{
eventstore: eventstoreExpect( eventstore: expectEventstore(
t,
expectFilter(), expectFilter(),
expectFilter( expectFilter(
eventFromEventPusher( eventFromEventPusher(
@ -819,8 +774,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
{ {
name: "add human domain, userLoginMustBeDomain false, ok", name: "add human domain, userLoginMustBeDomain false, ok",
fields: fields{ fields: fields{
eventstore: eventstoreExpect( eventstore: expectEventstore(
t,
expectFilter(), expectFilter(),
expectFilter( expectFilter(
eventFromEventPusher( eventFromEventPusher(
@ -918,8 +872,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
{ {
name: "add human (with phone), ok", name: "add human (with phone), ok",
fields: fields{ fields: fields{
eventstore: eventstoreExpect( eventstore: expectEventstore(
t,
expectFilter(), expectFilter(),
expectFilter( expectFilter(
eventFromEventPusher( eventFromEventPusher(
@ -943,21 +896,6 @@ func TestCommandSide_AddHuman(t *testing.T) {
), ),
), ),
), ),
expectFilter(
eventFromEventPusher(
instance.NewSecretGeneratorAddedEvent(
context.Background(),
&instanceAgg.Aggregate,
domain.SecretGeneratorTypeVerifyPhoneCode,
0,
1*time.Hour,
true,
true,
true,
true,
),
),
),
expectPush( expectPush(
[]*repository.Event{ []*repository.Event{
eventFromEventPusher( eventFromEventPusher(
@ -976,7 +914,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
CryptoType: crypto.TypeEncryption, CryptoType: crypto.TypeEncryption,
Algorithm: "enc", Algorithm: "enc",
KeyID: "id", KeyID: "id",
Crypted: []byte(""), Crypted: []byte("phonecode"),
}, },
time.Hour*1)), time.Hour*1)),
}, },
@ -986,6 +924,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"),
userPasswordAlg: crypto.CreateMockHashAlg(gomock.NewController(t)), userPasswordAlg: crypto.CreateMockHashAlg(gomock.NewController(t)),
codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
newCode: mockCode("phonecode", time.Hour),
}, },
args: args{ args: args{
ctx: context.Background(), ctx: context.Background(),
@ -1017,8 +956,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
{ {
name: "add human (with verified phone), ok", name: "add human (with verified phone), ok",
fields: fields{ fields: fields{
eventstore: eventstoreExpect( eventstore: expectEventstore(
t,
expectFilter(), expectFilter(),
expectFilter( expectFilter(
eventFromEventPusher( eventFromEventPusher(
@ -1030,21 +968,6 @@ func TestCommandSide_AddHuman(t *testing.T) {
), ),
), ),
), ),
expectFilter(
eventFromEventPusher(
instance.NewSecretGeneratorAddedEvent(
context.Background(),
&instanceAgg.Aggregate,
domain.SecretGeneratorTypeInitCode,
0,
1*time.Hour,
true,
true,
true,
true,
),
),
),
expectPush( expectPush(
[]*repository.Event{ []*repository.Event{
eventFromEventPusher( eventFromEventPusher(
@ -1058,7 +981,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
CryptoType: crypto.TypeEncryption, CryptoType: crypto.TypeEncryption,
Algorithm: "enc", Algorithm: "enc",
KeyID: "id", KeyID: "id",
Crypted: []byte(""), Crypted: []byte("userinit"),
}, },
1*time.Hour, 1*time.Hour,
), ),
@ -1075,6 +998,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
), ),
idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"),
codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
newCode: mockCode("userinit", time.Hour),
}, },
args: args{ args: args{
ctx: context.Background(), ctx: context.Background(),
@ -1105,8 +1029,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
{ {
name: "add human with metadata, ok", name: "add human with metadata, ok",
fields: fields{ fields: fields{
eventstore: eventstoreExpect( eventstore: expectEventstore(
t,
expectFilter(), expectFilter(),
expectFilter( expectFilter(
eventFromEventPusher( eventFromEventPusher(
@ -1118,21 +1041,6 @@ func TestCommandSide_AddHuman(t *testing.T) {
), ),
), ),
), ),
expectFilter(
eventFromEventPusher(
instance.NewSecretGeneratorAddedEvent(
context.Background(),
&instanceAgg.Aggregate,
domain.SecretGeneratorTypeInitCode,
0,
1*time.Hour,
true,
true,
true,
true,
),
),
),
expectPush( expectPush(
[]*repository.Event{ []*repository.Event{
eventFromEventPusher( eventFromEventPusher(
@ -1146,7 +1054,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
CryptoType: crypto.TypeEncryption, CryptoType: crypto.TypeEncryption,
Algorithm: "enc", Algorithm: "enc",
KeyID: "id", KeyID: "id",
Crypted: []byte(""), Crypted: []byte("userinit"),
}, },
1*time.Hour, 1*time.Hour,
), ),
@ -1165,6 +1073,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
), ),
idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"),
codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
newCode: mockCode("userinit", time.Hour),
}, },
args: args{ args: args{
ctx: context.Background(), ctx: context.Background(),
@ -1198,7 +1107,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {
r := &Commands{ r := &Commands{
eventstore: tt.fields.eventstore, eventstore: tt.fields.eventstore(t),
userPasswordAlg: tt.fields.userPasswordAlg, userPasswordAlg: tt.fields.userPasswordAlg,
userEncryption: tt.fields.codeAlg, userEncryption: tt.fields.codeAlg,
idGenerator: tt.fields.idGenerator, idGenerator: tt.fields.idGenerator,

7
internal/command/user_v2_passkey.go
View File

@ -7,6 +7,7 @@ import (
"github.com/zitadel/logging" "github.com/zitadel/logging"
"github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/api/authz"
"github.com/zitadel/zitadel/internal/command/preparation"
"github.com/zitadel/zitadel/internal/crypto" "github.com/zitadel/zitadel/internal/crypto"
"github.com/zitadel/zitadel/internal/domain" "github.com/zitadel/zitadel/internal/domain"
caos_errs "github.com/zitadel/zitadel/internal/errors" caos_errs "github.com/zitadel/zitadel/internal/errors"
@ -132,7 +133,7 @@ func (c *Commands) addUserPasskeyCode(ctx context.Context, userID, resourceOwner
if err != nil { if err != nil {
return nil, err return nil, err
} }
code, err := c.newCode(ctx, c.eventstore.Filter, domain.SecretGeneratorTypePasswordlessInitCode, alg) code, err := c.newPasskeyCode(ctx, c.eventstore.Filter, alg)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -154,3 +155,7 @@ func (c *Commands) addUserPasskeyCode(ctx context.Context, userID, resourceOwner
Code: code.Plain, Code: code.Plain,
}, nil }, nil
} }
func (c *Commands) newPasskeyCode(ctx context.Context, filter preparation.FilterToQueryReducer, alg crypto.EncryptionAlgorithm) (*CryptoCode, error) {
return c.newCode(ctx, filter, domain.SecretGeneratorTypePasswordlessInitCode, alg)
}

26
internal/command/user_v2_passkey_test.go
View File

@ -139,7 +139,7 @@ func TestCommands_RegisterUserPasskeyWithCode(t *testing.T) {
es := eventstoreExpect(t, es := eventstoreExpect(t,
expectFilter(eventFromEventPusher(testSecretGeneratorAddedEvent(domain.SecretGeneratorTypePasswordlessInitCode))), expectFilter(eventFromEventPusher(testSecretGeneratorAddedEvent(domain.SecretGeneratorTypePasswordlessInitCode))),
) )
code, err := newCryptoCodeWithExpiry(ctx, es.Filter, domain.SecretGeneratorTypePasswordlessInitCode, alg) code, err := newCryptoCode(ctx, es.Filter, domain.SecretGeneratorTypePasswordlessInitCode, alg)
require.NoError(t, err) require.NoError(t, err)
userAgg := &user.NewAggregate("user1", "org1").Aggregate userAgg := &user.NewAggregate("user1", "org1").Aggregate
type fields struct { type fields struct {
@ -237,7 +237,7 @@ func TestCommands_verifyUserPasskeyCode(t *testing.T) {
es := eventstoreExpect(t, es := eventstoreExpect(t,
expectFilter(eventFromEventPusher(testSecretGeneratorAddedEvent(domain.SecretGeneratorTypePasswordlessInitCode))), expectFilter(eventFromEventPusher(testSecretGeneratorAddedEvent(domain.SecretGeneratorTypePasswordlessInitCode))),
) )
code, err := newCryptoCodeWithExpiry(ctx, es.Filter, domain.SecretGeneratorTypePasswordlessInitCode, alg) code, err := newCryptoCode(ctx, es.Filter, domain.SecretGeneratorTypePasswordlessInitCode, alg)
require.NoError(t, err) require.NoError(t, err)
userAgg := &user.NewAggregate("user1", "org1").Aggregate userAgg := &user.NewAggregate("user1", "org1").Aggregate
@ -463,7 +463,7 @@ func TestCommands_AddUserPasskeyCode(t *testing.T) {
userAgg := &user.NewAggregate("user1", "org1").Aggregate userAgg := &user.NewAggregate("user1", "org1").Aggregate
type fields struct { type fields struct {
newCode cryptoCodeFunc newCode cryptoCodeFunc
eventstore *eventstore.Eventstore eventstore func(t *testing.T) *eventstore.Eventstore
idGenerator id.Generator idGenerator id.Generator
} }
type args struct { type args struct {
@ -480,8 +480,8 @@ func TestCommands_AddUserPasskeyCode(t *testing.T) {
{ {
name: "id generator error", name: "id generator error",
fields: fields{ fields: fields{
newCode: newCryptoCodeWithExpiry, newCode: mockCode("passkey1", time.Hour),
eventstore: eventstoreExpect(t), eventstore: expectEventstore(),
idGenerator: id_mock.NewIDGeneratorExpectError(t, io.ErrClosedPipe), idGenerator: id_mock.NewIDGeneratorExpectError(t, io.ErrClosedPipe),
}, },
args: args{ args: args{
@ -494,7 +494,7 @@ func TestCommands_AddUserPasskeyCode(t *testing.T) {
name: "success", name: "success",
fields: fields{ fields: fields{
newCode: mockCode("passkey1", time.Minute), newCode: mockCode("passkey1", time.Minute),
eventstore: eventstoreExpect(t, eventstore: expectEventstore(
expectFilter(eventFromEventPusher( expectFilter(eventFromEventPusher(
user.NewHumanAddedEvent(context.Background(), user.NewHumanAddedEvent(context.Background(),
userAgg, userAgg,
@ -538,7 +538,7 @@ func TestCommands_AddUserPasskeyCode(t *testing.T) {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {
c := &Commands{ c := &Commands{
newCode: tt.fields.newCode, newCode: tt.fields.newCode,
eventstore: tt.fields.eventstore, eventstore: tt.fields.eventstore(t),
idGenerator: tt.fields.idGenerator, idGenerator: tt.fields.idGenerator,
} }
got, err := c.AddUserPasskeyCode(context.Background(), tt.args.userID, tt.args.resourceOwner, alg) got, err := c.AddUserPasskeyCode(context.Background(), tt.args.userID, tt.args.resourceOwner, alg)
@ -572,7 +572,7 @@ func TestCommands_AddUserPasskeyCodeURLTemplate(t *testing.T) {
{ {
name: "template error", name: "template error",
fields: fields{ fields: fields{
newCode: newCryptoCodeWithExpiry, newCode: newCryptoCode,
eventstore: eventstoreExpect(t), eventstore: eventstoreExpect(t),
}, },
args: args{ args: args{
@ -585,7 +585,7 @@ func TestCommands_AddUserPasskeyCodeURLTemplate(t *testing.T) {
{ {
name: "id generator error", name: "id generator error",
fields: fields{ fields: fields{
newCode: newCryptoCodeWithExpiry, newCode: newCryptoCode,
eventstore: eventstoreExpect(t), eventstore: eventstoreExpect(t),
idGenerator: id_mock.NewIDGeneratorExpectError(t, io.ErrClosedPipe), idGenerator: id_mock.NewIDGeneratorExpectError(t, io.ErrClosedPipe),
}, },
@ -680,7 +680,7 @@ func TestCommands_AddUserPasskeyCodeReturn(t *testing.T) {
{ {
name: "id generator error", name: "id generator error",
fields: fields{ fields: fields{
newCode: newCryptoCodeWithExpiry, newCode: newCryptoCode,
eventstore: eventstoreExpect(t), eventstore: eventstoreExpect(t),
idGenerator: id_mock.NewIDGeneratorExpectError(t, io.ErrClosedPipe), idGenerator: id_mock.NewIDGeneratorExpectError(t, io.ErrClosedPipe),
}, },
@ -774,7 +774,7 @@ func TestCommands_addUserPasskeyCode(t *testing.T) {
{ {
name: "id generator error", name: "id generator error",
fields: fields{ fields: fields{
newCode: newCryptoCodeWithExpiry, newCode: newCryptoCode,
eventstore: eventstoreExpect(t), eventstore: eventstoreExpect(t),
idGenerator: id_mock.NewIDGeneratorExpectError(t, io.ErrClosedPipe), idGenerator: id_mock.NewIDGeneratorExpectError(t, io.ErrClosedPipe),
}, },
@ -787,7 +787,7 @@ func TestCommands_addUserPasskeyCode(t *testing.T) {
{ {
name: "crypto error", name: "crypto error",
fields: fields{ fields: fields{
newCode: newCryptoCodeWithExpiry, newCode: newCryptoCode,
eventstore: eventstoreExpect(t, expectFilterError(io.ErrClosedPipe)), eventstore: eventstoreExpect(t, expectFilterError(io.ErrClosedPipe)),
idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "123"), idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "123"),
}, },
@ -800,7 +800,7 @@ func TestCommands_addUserPasskeyCode(t *testing.T) {
{ {
name: "filter query error", name: "filter query error",
fields: fields{ fields: fields{
newCode: newCryptoCodeWithExpiry, newCode: newCryptoCode,
eventstore: eventstoreExpect(t, eventstore: eventstoreExpect(t,
expectFilter(eventFromEventPusher(testSecretGeneratorAddedEvent(domain.SecretGeneratorTypePasswordlessInitCode))), expectFilter(eventFromEventPusher(testSecretGeneratorAddedEvent(domain.SecretGeneratorTypePasswordlessInitCode))),
expectFilterError(io.ErrClosedPipe), expectFilterError(io.ErrClosedPipe),