TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-12-06 06:02:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: http provider signing key addition (#10641)

Browse Source 
# Which Problems Are Solved

HTTP Request to HTTP providers for Email or SMS are not signed.

# How the Problems Are Solved

Add a Signing Key to the HTTP Provider resources, which is then used to
generate a header to sign the payload.

# Additional Changes

Additional tests for query side of the SMTP provider.

# Additional Context

Closes #10067

---------

Co-authored-by: Marco A. <marco@zitadel.com>
(cherry picked from commit 8909b9a2a6)
This commit is contained in:
Stefan Benz
2025-09-08 13:00:04 +02:00
committed by Livio Spring
parent d2d94ea088
commit 1a7cd6e1af
36 changed files with 2113 additions and 132 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
internal/query/projection/sms.go
View File

@@ -37,6 +37,7 @@ const (
SMSHTTPColumnSMSID = "sms_id"
SMSHTTPColumnInstanceID = "instance_id"
SMSHTTPColumnEndpoint = "endpoint"
SMSHTTPColumnSigningKey = "signing_key"
)
type smsConfigProjection struct{}
@@ -80,6 +81,7 @@ func (*smsConfigProjection) Init() *old_handler.Check {
handler.NewColumn(SMSHTTPColumnSMSID, handler.ColumnTypeText),
handler.NewColumn(SMSHTTPColumnInstanceID, handler.ColumnTypeText),
handler.NewColumn(SMSHTTPColumnEndpoint, handler.ColumnTypeText),
handler.NewColumn(SMSHTTPColumnSigningKey, handler.ColumnTypeJSONB, handler.Nullable()),
},
handler.NewPrimaryKey(SMSHTTPColumnInstanceID, SMSHTTPColumnSMSID),
smsHTTPTableSuffix,
@@ -286,6 +288,7 @@ func (p *smsConfigProjection) reduceSMSConfigHTTPAdded(event eventstore.Event) (
handler.NewCol(SMSHTTPColumnSMSID, e.ID),
handler.NewCol(SMSHTTPColumnInstanceID, e.Aggregate().InstanceID),
handler.NewCol(SMSHTTPColumnEndpoint, e.Endpoint),
handler.NewCol(SMSHTTPColumnSigningKey, e.SigningKey),
},
handler.WithTableSuffix(smsHTTPTableSuffix),
),
@@ -306,21 +309,24 @@ func (p *smsConfigProjection) reduceSMSConfigHTTPChanged(event eventstore.Event)
if e.Description != nil {
columns = append(columns, handler.NewCol(SMSColumnDescription, *e.Description))
}
if len(columns) > 0 {
stmts = append(stmts, handler.AddUpdateStatement(
columns,
[]handler.Condition{
handler.NewCond(SMSColumnID, e.ID),
handler.NewCond(SMSColumnInstanceID, e.Aggregate().InstanceID),
},
))
}
stmts = append(stmts, handler.AddUpdateStatement(
columns,
[]handler.Condition{
handler.NewCond(SMSColumnID, e.ID),
handler.NewCond(SMSColumnInstanceID, e.Aggregate().InstanceID),
},
))
httpColumns := make([]handler.Column, 0)
if e.SigningKey != nil {
httpColumns = append(httpColumns, handler.NewCol(SMSHTTPColumnSigningKey, e.SigningKey))
}
if e.Endpoint != nil {
httpColumns = append(httpColumns, handler.NewCol(SMSHTTPColumnEndpoint, *e.Endpoint))
}
if len(httpColumns) > 0 {
stmts = append(stmts, handler.AddUpdateStatement(
[]handler.Column{
handler.NewCol(SMSHTTPColumnEndpoint, *e.Endpoint),
},
httpColumns,
[]handler.Condition{
handler.NewCond(SMSHTTPColumnSMSID, e.ID),
handler.NewCond(SMSHTTPColumnInstanceID, e.Aggregate().InstanceID),

52
internal/query/projection/sms_test.go
View File

@@ -302,7 +302,8 @@ func TestSMSProjection_reduces(t *testing.T) {
[]byte(`{
"id": "id",
"description": "description",
"endpoint": "endpoint"
"endpoint": "endpoint",
"signingKey": { "cryptoType": 0, "algorithm": "RSA-265", "keyId": "key-id" }
}`),
), eventstore.GenericEventMapper[instance.SMSConfigHTTPAddedEvent]),
},
@@ -327,11 +328,12 @@ func TestSMSProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "INSERT INTO projections.sms_configs3_http (sms_id, instance_id, endpoint) VALUES ($1, $2, $3)",
expectedStmt: "INSERT INTO projections.sms_configs3_http (sms_id, instance_id, endpoint, signing_key) VALUES ($1, $2, $3, $4)",
expectedArgs: []interface{}{
"id",
"instance-id",
"endpoint",
anyArg{},
},
},
},
@@ -348,7 +350,8 @@ func TestSMSProjection_reduces(t *testing.T) {
[]byte(`{
"id": "id",
"endpoint": "endpoint",
"description": "description"
"description": "description",
"signingKey": { "cryptoType": 0, "algorithm": "RSA-265", "keyId": "key-id" }
}`),
), eventstore.GenericEventMapper[instance.SMSConfigHTTPChangedEvent]),
},
@@ -369,8 +372,9 @@ func TestSMSProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "UPDATE projections.sms_configs3_http SET endpoint = $1 WHERE (sms_id = $2) AND (instance_id = $3)",
expectedStmt: "UPDATE projections.sms_configs3_http SET (signing_key, endpoint) = ($1, $2) WHERE (sms_id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
"endpoint",
"id",
"instance-id",
@@ -452,6 +456,46 @@ func TestSMSProjection_reduces(t *testing.T) {
},
},
},
{
name: "instance reduceSMSConfigHTTPChanged, only signing key",
args: args{
event: getEvent(
testEvent(
instance.SMSConfigHTTPChangedEventType,
instance.AggregateType,
[]byte(`{
"id": "id",
"signingKey": { "cryptoType": 0, "algorithm": "RSA-265", "keyId": "key-id" }
}`),
), eventstore.GenericEventMapper[instance.SMSConfigHTTPChangedEvent]),
},
reduce: (&smsConfigProjection{}).reduceSMSConfigHTTPChanged,
want: wantReduce{
aggregateType: eventstore.AggregateType("instance"),
sequence: 15,
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.sms_configs3 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
"id",
"instance-id",
},
},
{
expectedStmt: "UPDATE projections.sms_configs3_http SET signing_key = $1 WHERE (sms_id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
anyArg{},
"id",
"instance-id",
},
},
},
},
},
},
{
name: "instance reduceSMSConfigTwilioActivated",
args: args{

22
internal/query/projection/smtp.go
View File

@@ -40,6 +40,7 @@ const (
SMTPConfigHTTPColumnInstanceID = "instance_id"
SMTPConfigHTTPColumnID = "id"
SMTPConfigHTTPColumnEndpoint = "endpoint"
SMTPConfigHTTPColumnSigningKey = "signing_key"
)
type smtpConfigProjection struct{}
@@ -86,6 +87,7 @@ func (*smtpConfigProjection) Init() *old_handler.Check {
handler.NewColumn(SMTPConfigHTTPColumnID, handler.ColumnTypeText),
handler.NewColumn(SMTPConfigHTTPColumnInstanceID, handler.ColumnTypeText),
handler.NewColumn(SMTPConfigHTTPColumnEndpoint, handler.ColumnTypeText),
handler.NewColumn(SMTPConfigHTTPColumnSigningKey, handler.ColumnTypeJSONB, handler.Nullable()),
},
handler.NewPrimaryKey(SMTPConfigHTTPColumnInstanceID, SMTPConfigHTTPColumnID),
smtpConfigHTTPTableSuffix,
@@ -211,6 +213,7 @@ func (p *smtpConfigProjection) reduceSMTPConfigHTTPAdded(event eventstore.Event)
handler.NewCol(SMTPConfigHTTPColumnInstanceID, e.Aggregate().InstanceID),
handler.NewCol(SMTPConfigHTTPColumnID, getSMTPConfigID(e.ID, e.Aggregate())),
handler.NewCol(SMTPConfigHTTPColumnEndpoint, e.Endpoint),
handler.NewCol(SMTPConfigHTTPColumnSigningKey, e.SigningKey),
},
handler.WithTableSuffix(smtpConfigHTTPTableSuffix),
),
@@ -231,20 +234,21 @@ func (p *smtpConfigProjection) reduceSMTPConfigHTTPChanged(event eventstore.Even
if e.Description != nil {
columns = append(columns, handler.NewCol(SMTPConfigColumnDescription, *e.Description))
}
if len(columns) > 0 {
stmts = append(stmts, handler.AddUpdateStatement(
columns,
[]handler.Condition{
handler.NewCond(SMTPConfigColumnID, getSMTPConfigID(e.ID, e.Aggregate())),
handler.NewCond(SMTPConfigColumnInstanceID, e.Aggregate().InstanceID),
},
))
}
stmts = append(stmts, handler.AddUpdateStatement(
columns,
[]handler.Condition{
handler.NewCond(SMTPConfigColumnID, getSMTPConfigID(e.ID, e.Aggregate())),
handler.NewCond(SMTPConfigColumnInstanceID, e.Aggregate().InstanceID),
},
))
smtpColumns := make([]handler.Column, 0, 1)
if e.Endpoint != nil {
smtpColumns = append(smtpColumns, handler.NewCol(SMTPConfigHTTPColumnEndpoint, *e.Endpoint))
}
if e.SigningKey != nil {
smtpColumns = append(smtpColumns, handler.NewCol(SMTPConfigHTTPColumnSigningKey, e.SigningKey))
}
if len(smtpColumns) > 0 {
stmts = append(stmts, handler.AddUpdateStatement(
smtpColumns,

55
internal/query/projection/smtp_test.go
View File

@@ -225,7 +225,8 @@ func TestSMTPConfigProjection_reduces(t *testing.T) {
"aggregate_id": "agg-id",
"id": "config-id",
"description": "test",
"endpoint": "endpoint"
"endpoint": "endpoint",
"signingKey": { "cryptoType": 0, "algorithm": "RSA-265", "keyId": "key-id" }
}`,
),
), eventstore.GenericEventMapper[instance.SMTPConfigHTTPChangedEvent]),
@@ -247,9 +248,10 @@ func TestSMTPConfigProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "UPDATE projections.smtp_configs5_http SET endpoint = $1 WHERE (id = $2) AND (instance_id = $3)",
expectedStmt: "UPDATE projections.smtp_configs5_http SET (endpoint, signing_key) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
"endpoint",
anyArg{},
"config-id",
"instance-id",
},
@@ -338,6 +340,49 @@ func TestSMTPConfigProjection_reduces(t *testing.T) {
},
},
},
}, {
name: "reduceSMTPConfigHTTPChanged, signing key",
args: args{
event: getEvent(
testEvent(
instance.SMTPConfigHTTPChangedEventType,
instance.AggregateType,
[]byte(`{
"instance_id": "instance-id",
"resource_owner": "ro-id",
"aggregate_id": "agg-id",
"id": "config-id",
"signingKey": { "cryptoType": 0, "algorithm": "RSA-265", "keyId": "key-id" }
}`,
),
), eventstore.GenericEventMapper[instance.SMTPConfigHTTPChangedEvent]),
},
reduce: (&smtpConfigProjection{}).reduceSMTPConfigHTTPChanged,
want: wantReduce{
aggregateType: eventstore.AggregateType("instance"),
sequence: 15,
executer: &testExecuter{
executions: []execution{
{
expectedStmt: "UPDATE projections.smtp_configs5 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
expectedArgs: []interface{}{
anyArg{},
uint64(15),
"config-id",
"instance-id",
},
},
{
expectedStmt: "UPDATE projections.smtp_configs5_http SET signing_key = $1 WHERE (id = $2) AND (instance_id = $3)",
expectedArgs: []interface{}{
anyArg{},
"config-id",
"instance-id",
},
},
},
},
},
},
{
name: "reduceSMTPConfigAdded (no id)",
@@ -481,7 +526,8 @@ func TestSMTPConfigProjection_reduces(t *testing.T) {
"id": "config-id",
"description": "test",
"senderAddress": "sender",
"endpoint": "endpoint"
"endpoint": "endpoint",
"signingKey": { "cryptoType": 0, "algorithm": "RSA-265", "keyId": "key-id" }
}`),
), eventstore.GenericEventMapper[instance.SMTPConfigHTTPAddedEvent]),
},
@@ -506,11 +552,12 @@ func TestSMTPConfigProjection_reduces(t *testing.T) {
},
},
{
expectedStmt: "INSERT INTO projections.smtp_configs5_http (instance_id, id, endpoint) VALUES ($1, $2, $3)",
expectedStmt: "INSERT INTO projections.smtp_configs5_http (instance_id, id, endpoint, signing_key) VALUES ($1, $2, $3, $4)",
expectedArgs: []interface{}{
"instance-id",
"config-id",
"endpoint",
anyArg{},
},
},
},

6
internal/query/query.go
View File

@@ -32,6 +32,8 @@ type Queries struct {
keyEncryptionAlgorithm crypto.EncryptionAlgorithm
idpConfigEncryption crypto.EncryptionAlgorithm
targetEncryptionAlgorithm crypto.EncryptionAlgorithm
smtpEncryptionAlgorithm crypto.EncryptionAlgorithm
smsEncryptionAlgorithm crypto.EncryptionAlgorithm
sessionTokenVerifier func(ctx context.Context, sessionToken string, sessionID string, tokenID string) (err error)
checkPermission domain.PermissionCheck
@@ -53,7 +55,7 @@ func StartQueries(
cacheConnectors connector.Connectors,
projections projection.Config,
defaults sd.SystemDefaults,
idpConfigEncryption, otpEncryption, keyEncryptionAlgorithm, certEncryptionAlgorithm, targetEncryptionAlgorithm crypto.EncryptionAlgorithm,
idpConfigEncryption, otpEncryption, keyEncryptionAlgorithm, certEncryptionAlgorithm, targetEncryptionAlgorithm, smsEncryptionAlgorithm, smtpEncryptionAlgorithm crypto.EncryptionAlgorithm,
zitadelRoles []authz.RoleMapping,
sessionTokenVerifier func(ctx context.Context, sessionToken string, sessionID string, tokenID string) (err error),
permissionCheck func(q *Queries) domain.PermissionCheck,
@@ -72,6 +74,8 @@ func StartQueries(
keyEncryptionAlgorithm: keyEncryptionAlgorithm,
idpConfigEncryption: idpConfigEncryption,
targetEncryptionAlgorithm: targetEncryptionAlgorithm,
smsEncryptionAlgorithm: smsEncryptionAlgorithm,
smtpEncryptionAlgorithm: smtpEncryptionAlgorithm,
sessionTokenVerifier: sessionTokenVerifier,
multifactors: domain.MultifactorConfigs{
OTP: domain.OTPConfig{

62
internal/query/sms.go
View File

@@ -35,6 +35,13 @@ type SMSConfig struct {
HTTPConfig *HTTP
}
func (h *SMSConfig) decryptSigningKey(alg crypto.EncryptionAlgorithm) error {
if h.HTTPConfig == nil {
return nil
}
return h.HTTPConfig.decryptSigningKey(alg)
}
type Twilio struct {
SID string
Token *crypto.CryptoValue
@@ -43,7 +50,21 @@ type Twilio struct {
}
type HTTP struct {
Endpoint string
Endpoint string
signingKey *crypto.CryptoValue
SigningKey string
}
func (h *HTTP) decryptSigningKey(alg crypto.EncryptionAlgorithm) error {
if h.signingKey == nil {
return nil
}
keyValue, err := crypto.DecryptString(h.signingKey, alg)
if err != nil {
return zerrors.ThrowInternal(err, "QUERY-bxovy3YXwy", "Errors.Internal")
}
h.SigningKey = keyValue
return nil
}
type SMSConfigsSearchQueries struct {
@@ -142,6 +163,10 @@ var (
name: projection.SMSHTTPColumnEndpoint,
table: smsHTTPTable,
}
SMSHTTPColumnSigningKey = Column{
name: projection.SMSHTTPColumnSigningKey,
table: smsHTTPTable,
}
)
func (q *Queries) SMSProviderConfigByID(ctx context.Context, id string) (config *SMSConfig, err error) {
@@ -163,7 +188,13 @@ func (q *Queries) SMSProviderConfigByID(ctx context.Context, id string) (config
config, err = scan(row)
return err
}, stmt, args...)
return config, err
if err != nil {
return nil, err
}
if err := config.decryptSigningKey(q.smsEncryptionAlgorithm); err != nil {
return nil, err
}
return config, nil
}
func (q *Queries) SMSProviderConfigActive(ctx context.Context, instanceID string) (config *SMSConfig, err error) {
@@ -185,7 +216,13 @@ func (q *Queries) SMSProviderConfigActive(ctx context.Context, instanceID string
config, err = scan(row)
return err
}, stmt, args...)
return config, err
if err != nil {
return nil, err
}
if err := config.decryptSigningKey(q.smsEncryptionAlgorithm); err != nil {
return nil, err
}
return config, nil
}
func (q *Queries) SearchSMSConfigs(ctx context.Context, queries *SMSConfigsSearchQueries) (configs *SMSConfigs, err error) {
@@ -208,8 +245,13 @@ func (q *Queries) SearchSMSConfigs(ctx context.Context, queries *SMSConfigsSearc
if err != nil {
return nil, zerrors.ThrowInternal(err, "QUERY-l4bxm", "Errors.Internal")
}
for i := range configs.Configs {
if err := configs.Configs[i].decryptSigningKey(q.smsEncryptionAlgorithm); err != nil {
return nil, err
}
}
configs.State, err = q.latestState(ctx, smsConfigsTable)
return configs, err
return configs, nil
}
func NewSMSProviderStateQuery(state domain.SMSConfigState) (SearchQuery, error) {
@@ -235,6 +277,7 @@ func prepareSMSConfigQuery() (sq.SelectBuilder, func(*sql.Row) (*SMSConfig, erro
SMSHTTPColumnSMSID.identifier(),
SMSHTTPColumnEndpoint.identifier(),
SMSHTTPColumnSigningKey.identifier(),
).From(smsConfigsTable.identifier()).
LeftJoin(join(SMSTwilioColumnSMSID, SMSColumnID)).
LeftJoin(join(SMSHTTPColumnSMSID, SMSColumnID)).
@@ -264,6 +307,7 @@ func prepareSMSConfigQuery() (sq.SelectBuilder, func(*sql.Row) (*SMSConfig, erro
&httpConfig.id,
&httpConfig.endpoint,
&httpConfig.signingKey,
)
if err != nil {
@@ -299,6 +343,7 @@ func prepareSMSConfigsQuery() (sq.SelectBuilder, func(*sql.Rows) (*SMSConfigs, e
SMSHTTPColumnSMSID.identifier(),
SMSHTTPColumnEndpoint.identifier(),
SMSHTTPColumnSigningKey.identifier(),
countColumn.identifier(),
).From(smsConfigsTable.identifier()).
@@ -332,6 +377,7 @@ func prepareSMSConfigsQuery() (sq.SelectBuilder, func(*sql.Rows) (*SMSConfigs, e
&httpConfig.id,
&httpConfig.endpoint,
&httpConfig.signingKey,
&configs.Count,
)
@@ -371,8 +417,9 @@ func (c sqlTwilioConfig) set(smsConfig *SMSConfig) {
}
type sqlHTTPConfig struct {
id sql.NullString
endpoint sql.NullString
id sql.NullString
endpoint sql.NullString
signingKey *crypto.CryptoValue
}
func (c sqlHTTPConfig) setSMS(smsConfig *SMSConfig) {
@@ -380,6 +427,7 @@ func (c sqlHTTPConfig) setSMS(smsConfig *SMSConfig) {
return
}
smsConfig.HTTPConfig = &HTTP{
Endpoint: c.endpoint.String,
Endpoint: c.endpoint.String,
signingKey: c.signingKey,
}
}

45
internal/query/sms_test.go
View File

@@ -32,7 +32,8 @@ var (
// http config
` projections.sms_configs3_http.sms_id,` +
` projections.sms_configs3_http.endpoint` +
` projections.sms_configs3_http.endpoint,` +
` projections.sms_configs3_http.signing_key` +
` FROM projections.sms_configs3` +
` LEFT JOIN projections.sms_configs3_twilio ON projections.sms_configs3.id = projections.sms_configs3_twilio.sms_id AND projections.sms_configs3.instance_id = projections.sms_configs3_twilio.instance_id` +
` LEFT JOIN projections.sms_configs3_http ON projections.sms_configs3.id = projections.sms_configs3_http.sms_id AND projections.sms_configs3.instance_id = projections.sms_configs3_http.instance_id`)
@@ -55,6 +56,7 @@ var (
// http config
` projections.sms_configs3_http.sms_id,` +
` projections.sms_configs3_http.endpoint,` +
` projections.sms_configs3_http.signing_key,` +
` COUNT(*) OVER ()` +
` FROM projections.sms_configs3` +
` LEFT JOIN projections.sms_configs3_twilio ON projections.sms_configs3.id = projections.sms_configs3_twilio.sms_id AND projections.sms_configs3.instance_id = projections.sms_configs3_twilio.instance_id` +
@@ -78,6 +80,7 @@ var (
// http config
"sms_id",
"endpoint",
"signing_key",
}
smsConfigsCols = append(smsConfigCols, "count")
)
@@ -131,6 +134,7 @@ func Test_SMSConfigsPrepare(t *testing.T) {
// http config
nil,
nil,
nil,
},
},
),
@@ -185,6 +189,12 @@ func Test_SMSConfigsPrepare(t *testing.T) {
// http config
"sms-id",
"endpoint",
&crypto.CryptoValue{
CryptoType: crypto.TypeEncryption,
Algorithm: "alg",
KeyID: "encKey",
Crypted: []byte("crypted"),
},
},
},
),
@@ -205,6 +215,12 @@ func Test_SMSConfigsPrepare(t *testing.T) {
Description: "description",
HTTPConfig: &HTTP{
Endpoint: "endpoint",
signingKey: &crypto.CryptoValue{
CryptoType: crypto.TypeEncryption,
Algorithm: "alg",
KeyID: "encKey",
Crypted: []byte("crypted"),
},
},
},
},
@@ -236,6 +252,7 @@ func Test_SMSConfigsPrepare(t *testing.T) {
// http config
nil,
nil,
nil,
},
{
"sms-id2",
@@ -255,6 +272,7 @@ func Test_SMSConfigsPrepare(t *testing.T) {
// http config
nil,
nil,
nil,
},
{
"sms-id3",
@@ -274,6 +292,12 @@ func Test_SMSConfigsPrepare(t *testing.T) {
// http config
"sms-id3",
"endpoint3",
&crypto.CryptoValue{
CryptoType: crypto.TypeEncryption,
Algorithm: "alg",
KeyID: "encKey",
Crypted: []byte("crypted"),
},
},
},
),
@@ -326,6 +350,12 @@ func Test_SMSConfigsPrepare(t *testing.T) {
Description: "description",
HTTPConfig: &HTTP{
Endpoint: "endpoint3",
signingKey: &crypto.CryptoValue{
CryptoType: crypto.TypeEncryption,
Algorithm: "alg",
KeyID: "encKey",
Crypted: []byte("crypted"),
},
},
},
},
@@ -410,6 +440,7 @@ func Test_SMSConfigPrepare(t *testing.T) {
// http config
nil,
nil,
nil,
},
),
},
@@ -455,6 +486,12 @@ func Test_SMSConfigPrepare(t *testing.T) {
// http config
"sms-id",
"endpoint",
&crypto.CryptoValue{
CryptoType: crypto.TypeEncryption,
Algorithm: "alg",
KeyID: "encKey",
Crypted: []byte("crypted"),
},
},
),
},
@@ -469,6 +506,12 @@ func Test_SMSConfigPrepare(t *testing.T) {
Description: "description",
HTTPConfig: &HTTP{
Endpoint: "endpoint",
signingKey: &crypto.CryptoValue{
CryptoType: crypto.TypeEncryption,
Algorithm: "alg",
KeyID: "encKey",
Crypted: []byte("crypted"),
},
},
},
},

57
internal/query/smtp.go
View File

@@ -121,6 +121,10 @@ var (
name: projection.SMTPConfigHTTPColumnEndpoint,
table: smtpConfigsHTTPTable,
}
SMTPConfigHTTPColumnSigningKey = Column{
name: projection.SMTPConfigHTTPColumnSigningKey,
table: smtpConfigsHTTPTable,
}
)
type SMTPConfig struct {
@@ -138,6 +142,13 @@ type SMTPConfig struct {
State domain.SMTPConfigState
}
func (h *SMTPConfig) decryptSigningKey(alg crypto.EncryptionAlgorithm) error {
if h.HTTPConfig == nil {
return nil
}
return h.HTTPConfig.decryptSigningKey(alg)
}
type SMTP struct {
TLS bool
SenderAddress string
@@ -166,7 +177,13 @@ func (q *Queries) SMTPConfigActive(ctx context.Context, resourceOwner string) (c
config, err = scan(row)
return err
}, query, args...)
return config, err
if err != nil {
return nil, err
}
if err := config.decryptSigningKey(q.smtpEncryptionAlgorithm); err != nil {
return nil, err
}
return config, nil
}
func (q *Queries) SMTPConfigByID(ctx context.Context, instanceID, id string) (config *SMTPConfig, err error) {
@@ -186,12 +203,16 @@ func (q *Queries) SMTPConfigByID(ctx context.Context, instanceID, id string) (co
config, err = scan(row)
return err
}, query, args...)
if err != nil {
return nil, err
}
if err := config.decryptSigningKey(q.smtpEncryptionAlgorithm); err != nil {
return nil, err
}
return config, err
}
func prepareSMTPConfigQuery() (sq.SelectBuilder, func(*sql.Row) (*SMTPConfig, error)) {
password := new(crypto.CryptoValue)
return sq.Select(
SMTPConfigColumnCreationDate.identifier(),
SMTPConfigColumnChangeDate.identifier(),
@@ -211,7 +232,9 @@ func prepareSMTPConfigQuery() (sq.SelectBuilder, func(*sql.Row) (*SMTPConfig, er
SMTPConfigSMTPColumnPassword.identifier(),
SMTPConfigHTTPColumnID.identifier(),
SMTPConfigHTTPColumnEndpoint.identifier()).
SMTPConfigHTTPColumnEndpoint.identifier(),
SMTPConfigHTTPColumnSigningKey.identifier(),
).
From(smtpConfigsTable.identifier()).
LeftJoin(join(SMTPConfigSMTPColumnID, SMTPConfigColumnID)).
LeftJoin(join(SMTPConfigHTTPColumnID, SMTPConfigColumnID)).
@@ -237,9 +260,10 @@ func prepareSMTPConfigQuery() (sq.SelectBuilder, func(*sql.Row) (*SMTPConfig, er
&smtpConfig.replyToAddress,
&smtpConfig.host,
&smtpConfig.user,
&password,
&smtpConfig.password,
&httpConfig.id,
&httpConfig.endpoint,
&httpConfig.signingKey,
)
if err != nil {
if errors.Is(err, sql.ErrNoRows) {
@@ -247,9 +271,10 @@ func prepareSMTPConfigQuery() (sq.SelectBuilder, func(*sql.Row) (*SMTPConfig, er
}
return nil, zerrors.ThrowInternal(err, "QUERY-9k87F", "Errors.Internal")
}
smtpConfig.password = password
smtpConfig.set(config)
httpConfig.setSMTP(config)
return config, nil
}
}
@@ -275,6 +300,8 @@ func prepareSMTPConfigsQuery() (sq.SelectBuilder, func(*sql.Rows) (*SMTPConfigs,
SMTPConfigHTTPColumnID.identifier(),
SMTPConfigHTTPColumnEndpoint.identifier(),
SMTPConfigHTTPColumnSigningKey.identifier(),
countColumn.identifier(),
).From(smtpConfigsTable.identifier()).
LeftJoin(join(SMTPConfigSMTPColumnID, SMTPConfigColumnID)).
@@ -284,7 +311,6 @@ func prepareSMTPConfigsQuery() (sq.SelectBuilder, func(*sql.Rows) (*SMTPConfigs,
configs := &SMTPConfigs{Configs: []*SMTPConfig{}}
for rows.Next() {
config := new(SMTPConfig)
password := new(crypto.CryptoValue)
var (
smtpConfig = sqlSmtpConfig{}
httpConfig = sqlHTTPConfig{}
@@ -304,20 +330,19 @@ func prepareSMTPConfigsQuery() (sq.SelectBuilder, func(*sql.Rows) (*SMTPConfigs,
&smtpConfig.replyToAddress,
&smtpConfig.host,
&smtpConfig.user,
&password,
&smtpConfig.password,
&httpConfig.id,
&httpConfig.endpoint,
&httpConfig.signingKey,
&configs.Count,
)
if err != nil {
if errors.Is(err, sql.ErrNoRows) {
return nil, zerrors.ThrowNotFound(err, "QUERY-fwofw", "Errors.SMTPConfig.NotFound")
}
return nil, zerrors.ThrowInternal(err, "QUERY-9k87F", "Errors.Internal")
}
smtpConfig.password = password
smtpConfig.set(config)
httpConfig.setSMTP(config)
configs.Configs = append(configs.Configs, config)
}
return configs, nil
@@ -344,6 +369,11 @@ func (q *Queries) SearchSMTPConfigs(ctx context.Context, queries *SMTPConfigsSea
if err != nil {
return nil, zerrors.ThrowInternal(err, "QUERY-tOpKN", "Errors.Internal")
}
for i := range configs.Configs {
if err := configs.Configs[i].decryptSigningKey(q.smtpEncryptionAlgorithm); err != nil {
return nil, err
}
}
configs.State, err = q.latestState(ctx, smsConfigsTable)
return configs, err
}
@@ -379,6 +409,7 @@ func (c sqlHTTPConfig) setSMTP(smtpConfig *SMTPConfig) {
return
}
smtpConfig.HTTPConfig = &HTTP{
Endpoint: c.endpoint.String,
Endpoint: c.endpoint.String,
signingKey: c.signingKey,
}
}

289
internal/query/smtp_test.go
View File

@@ -30,10 +30,34 @@ var (
` projections.smtp_configs5_smtp.username,` +
` projections.smtp_configs5_smtp.password,` +
` projections.smtp_configs5_http.id,` +
` projections.smtp_configs5_http.endpoint` +
` projections.smtp_configs5_http.endpoint,` +
` projections.smtp_configs5_http.signing_key` +
` FROM projections.smtp_configs5` +
` LEFT JOIN projections.smtp_configs5_smtp ON projections.smtp_configs5.id = projections.smtp_configs5_smtp.id AND projections.smtp_configs5.instance_id = projections.smtp_configs5_smtp.instance_id` +
` LEFT JOIN projections.smtp_configs5_http ON projections.smtp_configs5.id = projections.smtp_configs5_http.id AND projections.smtp_configs5.instance_id = projections.smtp_configs5_http.instance_id`
prepareSMTPConfigsStmt = `SELECT projections.smtp_configs5.creation_date,` +
` projections.smtp_configs5.change_date,` +
` projections.smtp_configs5.resource_owner,` +
` projections.smtp_configs5.sequence,` +
` projections.smtp_configs5.id,` +
` projections.smtp_configs5.state,` +
` projections.smtp_configs5.description,` +
` projections.smtp_configs5_smtp.id,` +
` projections.smtp_configs5_smtp.tls,` +
` projections.smtp_configs5_smtp.sender_address,` +
` projections.smtp_configs5_smtp.sender_name,` +
` projections.smtp_configs5_smtp.reply_to_address,` +
` projections.smtp_configs5_smtp.host,` +
` projections.smtp_configs5_smtp.username,` +
` projections.smtp_configs5_smtp.password,` +
` projections.smtp_configs5_http.id,` +
` projections.smtp_configs5_http.endpoint,` +
` projections.smtp_configs5_http.signing_key,` +
` COUNT(*) OVER ()` +
` FROM projections.smtp_configs5` +
` LEFT JOIN projections.smtp_configs5_smtp ON projections.smtp_configs5.id = projections.smtp_configs5_smtp.id AND projections.smtp_configs5.instance_id = projections.smtp_configs5_smtp.instance_id` +
` LEFT JOIN projections.smtp_configs5_http ON projections.smtp_configs5.id = projections.smtp_configs5_http.id AND projections.smtp_configs5.instance_id = projections.smtp_configs5_http.instance_id`
prepareSMTPConfigCols = []string{
"creation_date",
"change_date",
@@ -52,10 +76,12 @@ var (
"smtp_password",
"id",
"endpoint",
"signing_key",
}
prepareSMTPConfigsCols = append(prepareSMTPConfigCols, "count")
)
func Test_SMTPConfigsPrepares(t *testing.T) {
func Test_SMTPConfigPrepares(t *testing.T) {
type want struct {
sqlExpectations sqlExpectation
err checkErr
@@ -109,6 +135,7 @@ func Test_SMTPConfigsPrepares(t *testing.T) {
&crypto.CryptoValue{},
nil,
nil,
nil,
},
),
},
@@ -156,6 +183,12 @@ func Test_SMTPConfigsPrepares(t *testing.T) {
nil,
"2232323",
"endpoint",
&crypto.CryptoValue{
CryptoType: crypto.TypeEncryption,
Algorithm: "alg",
KeyID: "encKey",
Crypted: []byte("crypted"),
},
},
),
},
@@ -166,6 +199,12 @@ func Test_SMTPConfigsPrepares(t *testing.T) {
Sequence: 20211108,
HTTPConfig: &HTTP{
Endpoint: "endpoint",
signingKey: &crypto.CryptoValue{
CryptoType: crypto.TypeEncryption,
Algorithm: "alg",
KeyID: "encKey",
Crypted: []byte("crypted"),
},
},
ID: "2232323",
State: domain.SMTPConfigStateActive,
@@ -197,6 +236,7 @@ func Test_SMTPConfigsPrepares(t *testing.T) {
&crypto.CryptoValue{},
nil,
nil,
nil,
},
),
},
@@ -244,6 +284,7 @@ func Test_SMTPConfigsPrepares(t *testing.T) {
&crypto.CryptoValue{},
nil,
nil,
nil,
},
),
},
@@ -290,3 +331,247 @@ func Test_SMTPConfigsPrepares(t *testing.T) {
})
}
}
func Test_SMTPConfigsPrepares(t *testing.T) {
type want struct {
sqlExpectations sqlExpectation
err checkErr
}
tests := []struct {
name string
prepare interface{}
want want
object interface{}
}{
{
name: "prepareSMTPConfigsQuery no result",
prepare: prepareSMTPConfigsQuery,
want: want{
sqlExpectations: mockQueries(
regexp.QuoteMeta(prepareSMTPConfigsStmt),
nil,
nil,
),
},
object: &SMTPConfigs{Configs: []*SMTPConfig{}},
},
{
name: "prepareSMTPConfigsQuery found",
prepare: prepareSMTPConfigsQuery,
want: want{
sqlExpectations: mockQueries(
regexp.QuoteMeta(prepareSMTPConfigsStmt),
prepareSMTPConfigsCols,
[][]driver.Value{
{
testNow,
testNow,
"ro",
uint64(20211108),
"2232323",
domain.SMTPConfigStateActive,
"test",
"2232323",
true,
"sender",
"name",
"reply-to",
"host",
"user",
&crypto.CryptoValue{},
nil,
nil,
nil,
},
},
),
},
object: &SMTPConfigs{
SearchResponse: SearchResponse{
Count: 1,
},
Configs: []*SMTPConfig{
{
CreationDate: testNow,
ChangeDate: testNow,
ResourceOwner: "ro",
Sequence: 20211108,
SMTPConfig: &SMTP{
TLS: true,
SenderAddress: "sender",
SenderName: "name",
ReplyToAddress: "reply-to",
Host: "host",
User: "user",
Password: &crypto.CryptoValue{},
},
ID: "2232323",
State: domain.SMTPConfigStateActive,
Description: "test",
},
},
},
},
{
name: "prepareSMTPConfigsQuery found, multi",
prepare: prepareSMTPConfigsQuery,
want: want{
sqlExpectations: mockQueries(
regexp.QuoteMeta(prepareSMTPConfigsStmt),
prepareSMTPConfigsCols,
[][]driver.Value{
{
testNow,
testNow,
"ro",
uint64(20211108),
"2232323",
domain.SMTPConfigStateActive,
"test",
nil,
nil,
nil,
nil,
nil,
nil,
nil,
nil,
"2232323",
"endpoint",
&crypto.CryptoValue{
CryptoType: crypto.TypeEncryption,
Algorithm: "alg",
KeyID: "encKey",
Crypted: []byte("crypted"),
},
},
{
testNow,
testNow,
"ro",
uint64(20211109),
"44442323",
domain.SMTPConfigStateInactive,
"test2",
"44442323",
true,
"sender2",
"name2",
"reply-to2",
"host2",
"user2",
&crypto.CryptoValue{},
nil,
nil,
nil,
},
{
testNow,
testNow,
"ro",
uint64(20211109),
"23234444",
domain.SMTPConfigStateInactive,
"test3",
"23234444",
true,
"sender3",
"name3",
"reply-to3",
"host3",
"user3",
&crypto.CryptoValue{},
nil,
nil,
nil,
},
},
),
},
object: &SMTPConfigs{
SearchResponse: SearchResponse{
Count: 3,
},
Configs: []*SMTPConfig{
{
CreationDate: testNow,
ChangeDate: testNow,
ResourceOwner: "ro",
Sequence: 20211108,
HTTPConfig: &HTTP{
Endpoint: "endpoint",
signingKey: &crypto.CryptoValue{
CryptoType: crypto.TypeEncryption,
Algorithm: "alg",
KeyID: "encKey",
Crypted: []byte("crypted"),
},
},
ID: "2232323",
State: domain.SMTPConfigStateActive,
Description: "test",
},
{
CreationDate: testNow,
ChangeDate: testNow,
ResourceOwner: "ro",
Sequence: 20211109,
SMTPConfig: &SMTP{
TLS: true,
SenderAddress: "sender2",
SenderName: "name2",
ReplyToAddress: "reply-to2",
Host: "host2",
User: "user2",
Password: &crypto.CryptoValue{},
},
ID: "44442323",
State: domain.SMTPConfigStateInactive,
Description: "test2",
},
{
CreationDate: testNow,
ChangeDate: testNow,
ResourceOwner: "ro",
Sequence: 20211109,
SMTPConfig: &SMTP{
TLS: true,
SenderAddress: "sender3",
SenderName: "name3",
ReplyToAddress: "reply-to3",
Host: "host3",
User: "user3",
Password: &crypto.CryptoValue{},
},
ID: "23234444",
State: domain.SMTPConfigStateInactive,
Description: "test3",
},
},
},
},
{
name: "prepareSMTPConfigsQuery sql err",
prepare: prepareSMTPConfigsQuery,
want: want{
sqlExpectations: mockQueryErr(
regexp.QuoteMeta(prepareSMTPConfigsStmt),
sql.ErrConnDone,
),
err: func(err error) (error, bool) {
if !errors.Is(err, sql.ErrConnDone) {
return fmt.Errorf("err should be sql.ErrConnDone got: %w", err), false
}
return nil, true
},
},
object: (*SMTPConfigs)(nil),
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
assertPrepare(t, tt.prepare, tt.object, tt.want.sqlExpectations, tt.want.err)
})
}
}