chore(oidc): remove legacy storage methods (#10061)

# Which Problems Are Solved Stabilize the optimized introspection code and cleanup unused code. # How the Problems Are Solved - `oidc_legacy_introspection` feature flag is removed and reserved. - `OPStorage` which are no longer needed have their bodies removed. - The method definitions need to remain in place so the interface remains implemented. - A panic is thrown in case any such method is still called # Additional Changes - A number of `OPStorage` methods related to token creation were already unused. These are also cleaned up. # Additional Context - Closes #10027 - #7822 --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
2025-08-11 18:57:32 +00:00 · 2025-06-26 11:08:37 +03:00
parent 27f88a6390
commit 1ebbe275b9
71 changed files with 143 additions and 1884 deletions
--- a/internal/command/project_application_api_test.go
+++ b/internal/command/project_application_api_test.go
@@ -2,16 +2,11 @@ package command

 import (
 	"context"
-	"io"
 	"testing"

 	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-	"github.com/zitadel/passwap"
-	"github.com/zitadel/passwap/bcrypt"

 	"github.com/zitadel/zitadel/internal/command/preparation"
-	"github.com/zitadel/zitadel/internal/crypto"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/eventstore"
 	"github.com/zitadel/zitadel/internal/eventstore/v1/models"
@@ -771,99 +766,3 @@ func newAPIAppChangedEvent(ctx context.Context, appID, projectID, resourceOwner
 	)
 	return event
 }
-
-func TestCommands_VerifyAPIClientSecret(t *testing.T) {
-	hasher := &crypto.Hasher{
-		Swapper: passwap.NewSwapper(bcrypt.New(bcrypt.MinCost)),
-	}
-	hashedSecret, err := hasher.Hash("secret")
-	require.NoError(t, err)
-	agg := project.NewAggregate("projectID", "orgID")
-
-	tests := []struct {
-		name       string
-		secret     string
-		eventstore func(*testing.T) *eventstore.Eventstore
-		wantErr    error
-	}{
-		{
-			name: "filter error",
-			eventstore: expectEventstore(
-				expectFilterError(io.ErrClosedPipe),
-			),
-			wantErr: io.ErrClosedPipe,
-		},
-		{
-			name: "app not exists",
-			eventstore: expectEventstore(
-				expectFilter(),
-			),
-			wantErr: zerrors.ThrowPreconditionFailed(nil, "COMMAND-DFnbf", "Errors.Project.App.NotExisting"),
-		},
-		{
-			name: "wrong app type",
-			eventstore: expectEventstore(
-				expectFilter(
-					eventFromEventPusher(
-						project.NewApplicationAddedEvent(context.Background(), &agg.Aggregate, "appID", "appName"),
-					),
-				),
-			),
-			wantErr: zerrors.ThrowInvalidArgument(nil, "COMMAND-Bf3fw", "Errors.Project.App.IsNotAPI"),
-		},
-		{
-			name: "no secret set",
-			eventstore: expectEventstore(
-				expectFilter(
-					eventFromEventPusher(
-						project.NewApplicationAddedEvent(context.Background(), &agg.Aggregate, "appID", "appName"),
-					),
-					eventFromEventPusher(
-						project.NewAPIConfigAddedEvent(context.Background(), &agg.Aggregate, "appID", "clientID", "", domain.APIAuthMethodTypePrivateKeyJWT),
-					),
-				),
-			),
-			wantErr: zerrors.ThrowPreconditionFailed(nil, "COMMAND-D3t5g", "Errors.Project.App.APIConfigInvalid"),
-		},
-		{
-			name:   "check succeeded",
-			secret: "secret",
-			eventstore: expectEventstore(
-				expectFilter(
-					eventFromEventPusher(
-						project.NewApplicationAddedEvent(context.Background(), &agg.Aggregate, "appID", "appName"),
-					),
-					eventFromEventPusher(
-						project.NewAPIConfigAddedEvent(context.Background(), &agg.Aggregate, "appID", "clientID", hashedSecret, domain.APIAuthMethodTypePrivateKeyJWT),
-					),
-				),
-			),
-		},
-		{
-			name:   "check failed",
-			secret: "wrong!",
-			eventstore: expectEventstore(
-				expectFilter(
-					eventFromEventPusher(
-						project.NewApplicationAddedEvent(context.Background(), &agg.Aggregate, "appID", "appName"),
-					),
-					eventFromEventPusher(
-						project.NewAPIConfigAddedEvent(context.Background(), &agg.Aggregate, "appID", "clientID", hashedSecret, domain.APIAuthMethodTypePrivateKeyJWT),
-					),
-				),
-			),
-			wantErr: zerrors.ThrowInvalidArgument(err, "COMMAND-SADfg", "Errors.Project.App.ClientSecretInvalid"),
-		},
-	}
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			c := &Commands{
-				eventstore:   tt.eventstore(t),
-				secretHasher: hasher,
-			}
-			err := c.VerifyAPIClientSecret(context.Background(), "projectID", "appID", tt.secret)
-			c.jobs.Wait()
-			require.ErrorIs(t, err, tt.wantErr)
-		})
-	}
-}