mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-12 04:07:31 +00:00
feat(crypto): use passwap for machine and app secrets (#7657)
* feat(crypto): use passwap for machine and app secrets * fix command package tests * add hash generator command test * naming convention, fix query tests * rename PasswordHasher and cleanup start commands * add reducer tests * fix intergration tests, cleanup old config * add app secret unit tests * solve setup panics * fix push of updated events * add missing event translations * update documentation * solve linter errors * remove nolint:SA1019 as it doesn't seem to help anyway * add nolint to deprecated filter usage * update users migration version * remove unused ClientSecret from APIConfigChangedEvent --------- Co-authored-by: Livio Spring <livio.a@gmail.com>
This commit is contained in:
Tim Möhlmann
@@ -15,98 +15,98 @@ import (
|
||||
)
|
||||
|
||||
var (
|
||||
expectedAppQuery = regexp.QuoteMeta(`SELECT projections.apps6.id,` +
|
||||
` projections.apps6.name,` +
|
||||
` projections.apps6.project_id,` +
|
||||
` projections.apps6.creation_date,` +
|
||||
` projections.apps6.change_date,` +
|
||||
` projections.apps6.resource_owner,` +
|
||||
` projections.apps6.state,` +
|
||||
` projections.apps6.sequence,` +
|
||||
expectedAppQuery = regexp.QuoteMeta(`SELECT projections.apps7.id,` +
|
||||
` projections.apps7.name,` +
|
||||
` projections.apps7.project_id,` +
|
||||
` projections.apps7.creation_date,` +
|
||||
` projections.apps7.change_date,` +
|
||||
` projections.apps7.resource_owner,` +
|
||||
` projections.apps7.state,` +
|
||||
` projections.apps7.sequence,` +
|
||||
// api config
|
||||
` projections.apps6_api_configs.app_id,` +
|
||||
` projections.apps6_api_configs.client_id,` +
|
||||
` projections.apps6_api_configs.auth_method,` +
|
||||
` projections.apps7_api_configs.app_id,` +
|
||||
` projections.apps7_api_configs.client_id,` +
|
||||
` projections.apps7_api_configs.auth_method,` +
|
||||
// oidc config
|
||||
` projections.apps6_oidc_configs.app_id,` +
|
||||
` projections.apps6_oidc_configs.version,` +
|
||||
` projections.apps6_oidc_configs.client_id,` +
|
||||
` projections.apps6_oidc_configs.redirect_uris,` +
|
||||
` projections.apps6_oidc_configs.response_types,` +
|
||||
` projections.apps6_oidc_configs.grant_types,` +
|
||||
` projections.apps6_oidc_configs.application_type,` +
|
||||
` projections.apps6_oidc_configs.auth_method_type,` +
|
||||
` projections.apps6_oidc_configs.post_logout_redirect_uris,` +
|
||||
` projections.apps6_oidc_configs.is_dev_mode,` +
|
||||
` projections.apps6_oidc_configs.access_token_type,` +
|
||||
` projections.apps6_oidc_configs.access_token_role_assertion,` +
|
||||
` projections.apps6_oidc_configs.id_token_role_assertion,` +
|
||||
` projections.apps6_oidc_configs.id_token_userinfo_assertion,` +
|
||||
` projections.apps6_oidc_configs.clock_skew,` +
|
||||
` projections.apps6_oidc_configs.additional_origins,` +
|
||||
` projections.apps6_oidc_configs.skip_native_app_success_page,` +
|
||||
` projections.apps7_oidc_configs.app_id,` +
|
||||
` projections.apps7_oidc_configs.version,` +
|
||||
` projections.apps7_oidc_configs.client_id,` +
|
||||
` projections.apps7_oidc_configs.redirect_uris,` +
|
||||
` projections.apps7_oidc_configs.response_types,` +
|
||||
` projections.apps7_oidc_configs.grant_types,` +
|
||||
` projections.apps7_oidc_configs.application_type,` +
|
||||
` projections.apps7_oidc_configs.auth_method_type,` +
|
||||
` projections.apps7_oidc_configs.post_logout_redirect_uris,` +
|
||||
` projections.apps7_oidc_configs.is_dev_mode,` +
|
||||
` projections.apps7_oidc_configs.access_token_type,` +
|
||||
` projections.apps7_oidc_configs.access_token_role_assertion,` +
|
||||
` projections.apps7_oidc_configs.id_token_role_assertion,` +
|
||||
` projections.apps7_oidc_configs.id_token_userinfo_assertion,` +
|
||||
` projections.apps7_oidc_configs.clock_skew,` +
|
||||
` projections.apps7_oidc_configs.additional_origins,` +
|
||||
` projections.apps7_oidc_configs.skip_native_app_success_page,` +
|
||||
//saml config
|
||||
` projections.apps6_saml_configs.app_id,` +
|
||||
` projections.apps6_saml_configs.entity_id,` +
|
||||
` projections.apps6_saml_configs.metadata,` +
|
||||
` projections.apps6_saml_configs.metadata_url` +
|
||||
` FROM projections.apps6` +
|
||||
` LEFT JOIN projections.apps6_api_configs ON projections.apps6.id = projections.apps6_api_configs.app_id AND projections.apps6.instance_id = projections.apps6_api_configs.instance_id` +
|
||||
` LEFT JOIN projections.apps6_oidc_configs ON projections.apps6.id = projections.apps6_oidc_configs.app_id AND projections.apps6.instance_id = projections.apps6_oidc_configs.instance_id` +
|
||||
` LEFT JOIN projections.apps6_saml_configs ON projections.apps6.id = projections.apps6_saml_configs.app_id AND projections.apps6.instance_id = projections.apps6_saml_configs.instance_id` +
|
||||
` projections.apps7_saml_configs.app_id,` +
|
||||
` projections.apps7_saml_configs.entity_id,` +
|
||||
` projections.apps7_saml_configs.metadata,` +
|
||||
` projections.apps7_saml_configs.metadata_url` +
|
||||
` FROM projections.apps7` +
|
||||
` LEFT JOIN projections.apps7_api_configs ON projections.apps7.id = projections.apps7_api_configs.app_id AND projections.apps7.instance_id = projections.apps7_api_configs.instance_id` +
|
||||
` LEFT JOIN projections.apps7_oidc_configs ON projections.apps7.id = projections.apps7_oidc_configs.app_id AND projections.apps7.instance_id = projections.apps7_oidc_configs.instance_id` +
|
||||
` LEFT JOIN projections.apps7_saml_configs ON projections.apps7.id = projections.apps7_saml_configs.app_id AND projections.apps7.instance_id = projections.apps7_saml_configs.instance_id` +
|
||||
` AS OF SYSTEM TIME '-1 ms'`)
|
||||
expectedAppsQuery = regexp.QuoteMeta(`SELECT projections.apps6.id,` +
|
||||
` projections.apps6.name,` +
|
||||
` projections.apps6.project_id,` +
|
||||
` projections.apps6.creation_date,` +
|
||||
` projections.apps6.change_date,` +
|
||||
` projections.apps6.resource_owner,` +
|
||||
` projections.apps6.state,` +
|
||||
` projections.apps6.sequence,` +
|
||||
expectedAppsQuery = regexp.QuoteMeta(`SELECT projections.apps7.id,` +
|
||||
` projections.apps7.name,` +
|
||||
` projections.apps7.project_id,` +
|
||||
` projections.apps7.creation_date,` +
|
||||
` projections.apps7.change_date,` +
|
||||
` projections.apps7.resource_owner,` +
|
||||
` projections.apps7.state,` +
|
||||
` projections.apps7.sequence,` +
|
||||
// api config
|
||||
` projections.apps6_api_configs.app_id,` +
|
||||
` projections.apps6_api_configs.client_id,` +
|
||||
` projections.apps6_api_configs.auth_method,` +
|
||||
` projections.apps7_api_configs.app_id,` +
|
||||
` projections.apps7_api_configs.client_id,` +
|
||||
` projections.apps7_api_configs.auth_method,` +
|
||||
// oidc config
|
||||
` projections.apps6_oidc_configs.app_id,` +
|
||||
` projections.apps6_oidc_configs.version,` +
|
||||
` projections.apps6_oidc_configs.client_id,` +
|
||||
` projections.apps6_oidc_configs.redirect_uris,` +
|
||||
` projections.apps6_oidc_configs.response_types,` +
|
||||
` projections.apps6_oidc_configs.grant_types,` +
|
||||
` projections.apps6_oidc_configs.application_type,` +
|
||||
` projections.apps6_oidc_configs.auth_method_type,` +
|
||||
` projections.apps6_oidc_configs.post_logout_redirect_uris,` +
|
||||
` projections.apps6_oidc_configs.is_dev_mode,` +
|
||||
` projections.apps6_oidc_configs.access_token_type,` +
|
||||
` projections.apps6_oidc_configs.access_token_role_assertion,` +
|
||||
` projections.apps6_oidc_configs.id_token_role_assertion,` +
|
||||
` projections.apps6_oidc_configs.id_token_userinfo_assertion,` +
|
||||
` projections.apps6_oidc_configs.clock_skew,` +
|
||||
` projections.apps6_oidc_configs.additional_origins,` +
|
||||
` projections.apps6_oidc_configs.skip_native_app_success_page,` +
|
||||
` projections.apps7_oidc_configs.app_id,` +
|
||||
` projections.apps7_oidc_configs.version,` +
|
||||
` projections.apps7_oidc_configs.client_id,` +
|
||||
` projections.apps7_oidc_configs.redirect_uris,` +
|
||||
` projections.apps7_oidc_configs.response_types,` +
|
||||
` projections.apps7_oidc_configs.grant_types,` +
|
||||
` projections.apps7_oidc_configs.application_type,` +
|
||||
` projections.apps7_oidc_configs.auth_method_type,` +
|
||||
` projections.apps7_oidc_configs.post_logout_redirect_uris,` +
|
||||
` projections.apps7_oidc_configs.is_dev_mode,` +
|
||||
` projections.apps7_oidc_configs.access_token_type,` +
|
||||
` projections.apps7_oidc_configs.access_token_role_assertion,` +
|
||||
` projections.apps7_oidc_configs.id_token_role_assertion,` +
|
||||
` projections.apps7_oidc_configs.id_token_userinfo_assertion,` +
|
||||
` projections.apps7_oidc_configs.clock_skew,` +
|
||||
` projections.apps7_oidc_configs.additional_origins,` +
|
||||
` projections.apps7_oidc_configs.skip_native_app_success_page,` +
|
||||
//saml config
|
||||
` projections.apps6_saml_configs.app_id,` +
|
||||
` projections.apps6_saml_configs.entity_id,` +
|
||||
` projections.apps6_saml_configs.metadata,` +
|
||||
` projections.apps6_saml_configs.metadata_url,` +
|
||||
` projections.apps7_saml_configs.app_id,` +
|
||||
` projections.apps7_saml_configs.entity_id,` +
|
||||
` projections.apps7_saml_configs.metadata,` +
|
||||
` projections.apps7_saml_configs.metadata_url,` +
|
||||
` COUNT(*) OVER ()` +
|
||||
` FROM projections.apps6` +
|
||||
` LEFT JOIN projections.apps6_api_configs ON projections.apps6.id = projections.apps6_api_configs.app_id AND projections.apps6.instance_id = projections.apps6_api_configs.instance_id` +
|
||||
` LEFT JOIN projections.apps6_oidc_configs ON projections.apps6.id = projections.apps6_oidc_configs.app_id AND projections.apps6.instance_id = projections.apps6_oidc_configs.instance_id` +
|
||||
` LEFT JOIN projections.apps6_saml_configs ON projections.apps6.id = projections.apps6_saml_configs.app_id AND projections.apps6.instance_id = projections.apps6_saml_configs.instance_id` +
|
||||
` FROM projections.apps7` +
|
||||
` LEFT JOIN projections.apps7_api_configs ON projections.apps7.id = projections.apps7_api_configs.app_id AND projections.apps7.instance_id = projections.apps7_api_configs.instance_id` +
|
||||
` LEFT JOIN projections.apps7_oidc_configs ON projections.apps7.id = projections.apps7_oidc_configs.app_id AND projections.apps7.instance_id = projections.apps7_oidc_configs.instance_id` +
|
||||
` LEFT JOIN projections.apps7_saml_configs ON projections.apps7.id = projections.apps7_saml_configs.app_id AND projections.apps7.instance_id = projections.apps7_saml_configs.instance_id` +
|
||||
` AS OF SYSTEM TIME '-1 ms'`)
|
||||
expectedAppIDsQuery = regexp.QuoteMeta(`SELECT projections.apps6_api_configs.client_id,` +
|
||||
` projections.apps6_oidc_configs.client_id` +
|
||||
` FROM projections.apps6` +
|
||||
` LEFT JOIN projections.apps6_api_configs ON projections.apps6.id = projections.apps6_api_configs.app_id AND projections.apps6.instance_id = projections.apps6_api_configs.instance_id` +
|
||||
` LEFT JOIN projections.apps6_oidc_configs ON projections.apps6.id = projections.apps6_oidc_configs.app_id AND projections.apps6.instance_id = projections.apps6_oidc_configs.instance_id` +
|
||||
expectedAppIDsQuery = regexp.QuoteMeta(`SELECT projections.apps7_api_configs.client_id,` +
|
||||
` projections.apps7_oidc_configs.client_id` +
|
||||
` FROM projections.apps7` +
|
||||
` LEFT JOIN projections.apps7_api_configs ON projections.apps7.id = projections.apps7_api_configs.app_id AND projections.apps7.instance_id = projections.apps7_api_configs.instance_id` +
|
||||
` LEFT JOIN projections.apps7_oidc_configs ON projections.apps7.id = projections.apps7_oidc_configs.app_id AND projections.apps7.instance_id = projections.apps7_oidc_configs.instance_id` +
|
||||
` AS OF SYSTEM TIME '-1 ms'`)
|
||||
expectedProjectIDByAppQuery = regexp.QuoteMeta(`SELECT projections.apps6.project_id` +
|
||||
` FROM projections.apps6` +
|
||||
` LEFT JOIN projections.apps6_api_configs ON projections.apps6.id = projections.apps6_api_configs.app_id AND projections.apps6.instance_id = projections.apps6_api_configs.instance_id` +
|
||||
` LEFT JOIN projections.apps6_oidc_configs ON projections.apps6.id = projections.apps6_oidc_configs.app_id AND projections.apps6.instance_id = projections.apps6_oidc_configs.instance_id` +
|
||||
` LEFT JOIN projections.apps6_saml_configs ON projections.apps6.id = projections.apps6_saml_configs.app_id AND projections.apps6.instance_id = projections.apps6_saml_configs.instance_id` +
|
||||
expectedProjectIDByAppQuery = regexp.QuoteMeta(`SELECT projections.apps7.project_id` +
|
||||
` FROM projections.apps7` +
|
||||
` LEFT JOIN projections.apps7_api_configs ON projections.apps7.id = projections.apps7_api_configs.app_id AND projections.apps7.instance_id = projections.apps7_api_configs.instance_id` +
|
||||
` LEFT JOIN projections.apps7_oidc_configs ON projections.apps7.id = projections.apps7_oidc_configs.app_id AND projections.apps7.instance_id = projections.apps7_oidc_configs.instance_id` +
|
||||
` LEFT JOIN projections.apps7_saml_configs ON projections.apps7.id = projections.apps7_saml_configs.app_id AND projections.apps7.instance_id = projections.apps7_saml_configs.instance_id` +
|
||||
` AS OF SYSTEM TIME '-1 ms'`)
|
||||
expectedProjectByAppQuery = regexp.QuoteMeta(`SELECT projections.projects4.id,` +
|
||||
` projections.projects4.creation_date,` +
|
||||
@@ -120,10 +120,10 @@ var (
|
||||
` projections.projects4.has_project_check,` +
|
||||
` projections.projects4.private_labeling_setting` +
|
||||
` FROM projections.projects4` +
|
||||
` JOIN projections.apps6 ON projections.projects4.id = projections.apps6.project_id AND projections.projects4.instance_id = projections.apps6.instance_id` +
|
||||
` LEFT JOIN projections.apps6_api_configs ON projections.apps6.id = projections.apps6_api_configs.app_id AND projections.apps6.instance_id = projections.apps6_api_configs.instance_id` +
|
||||
` LEFT JOIN projections.apps6_oidc_configs ON projections.apps6.id = projections.apps6_oidc_configs.app_id AND projections.apps6.instance_id = projections.apps6_oidc_configs.instance_id` +
|
||||
` LEFT JOIN projections.apps6_saml_configs ON projections.apps6.id = projections.apps6_saml_configs.app_id AND projections.apps6.instance_id = projections.apps6_saml_configs.instance_id` +
|
||||
` JOIN projections.apps7 ON projections.projects4.id = projections.apps7.project_id AND projections.projects4.instance_id = projections.apps7.instance_id` +
|
||||
` LEFT JOIN projections.apps7_api_configs ON projections.apps7.id = projections.apps7_api_configs.app_id AND projections.apps7.instance_id = projections.apps7_api_configs.instance_id` +
|
||||
` LEFT JOIN projections.apps7_oidc_configs ON projections.apps7.id = projections.apps7_oidc_configs.app_id AND projections.apps7.instance_id = projections.apps7_oidc_configs.instance_id` +
|
||||
` LEFT JOIN projections.apps7_saml_configs ON projections.apps7.id = projections.apps7_saml_configs.app_id AND projections.apps7.instance_id = projections.apps7_saml_configs.instance_id` +
|
||||
` AS OF SYSTEM TIME '-1 ms'`)
|
||||
|
||||
appCols = database.TextArray[string]{
|
||||
|
||||
@@ -1,11 +1,11 @@
|
||||
with config as (
|
||||
select app_id, client_id, client_secret
|
||||
from projections.apps6_api_configs
|
||||
select app_id, client_id, client_secret, 'api' as app_type
|
||||
from projections.apps7_api_configs
|
||||
where instance_id = $1
|
||||
and client_id = $2
|
||||
union
|
||||
select app_id, client_id, client_secret
|
||||
from projections.apps6_oidc_configs
|
||||
select app_id, client_id, client_secret, 'oidc' as app_type
|
||||
from projections.apps7_oidc_configs
|
||||
where instance_id = $1
|
||||
and client_id = $2
|
||||
),
|
||||
@@ -18,6 +18,7 @@ keys as (
|
||||
and expiration > current_timestamp
|
||||
group by identifier
|
||||
)
|
||||
select config.client_id, config.client_secret, apps.project_id, keys.public_keys from config
|
||||
join projections.apps6 apps on apps.id = config.app_id
|
||||
select config.app_id, config.client_id, config.client_secret, config.app_type, apps.project_id, apps.resource_owner, keys.public_keys
|
||||
from config
|
||||
join projections.apps7 apps on apps.id = config.app_id
|
||||
left join keys on keys.client_id = config.client_id;
|
||||
|
||||
@@ -7,8 +7,8 @@ with client as (
|
||||
c.application_type, c.auth_method_type, c.post_logout_redirect_uris, c.is_dev_mode,
|
||||
c.access_token_type, c.access_token_role_assertion, c.id_token_role_assertion,
|
||||
c.id_token_userinfo_assertion, c.clock_skew, c.additional_origins, a.project_id, a.state
|
||||
from projections.apps6_oidc_configs c
|
||||
join projections.apps6 a on a.id = c.app_id and a.instance_id = c.instance_id
|
||||
from projections.apps7_oidc_configs c
|
||||
join projections.apps7 a on a.id = c.app_id and a.instance_id = c.instance_id
|
||||
where c.instance_id = $1
|
||||
and c.client_id = $2
|
||||
),
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
with usr as (
|
||||
select u.id, u.creation_date, u.change_date, u.sequence, u.state, u.resource_owner, u.username, n.login_name as preferred_login_name
|
||||
from projections.users11 u
|
||||
from projections.users12 u
|
||||
left join projections.login_names3 n on u.id = n.user_id and u.instance_id = n.instance_id
|
||||
where u.id = $1
|
||||
and u.instance_id = $2
|
||||
@@ -9,7 +9,7 @@ with usr as (
|
||||
human as (
|
||||
select $1 as user_id, row_to_json(r) as human from (
|
||||
select first_name, last_name, nick_name, display_name, avatar_key, preferred_language, gender, email, is_email_verified, phone, is_phone_verified
|
||||
from projections.users11_humans
|
||||
from projections.users12_humans
|
||||
where user_id = $1
|
||||
and instance_id = $2
|
||||
) r
|
||||
@@ -17,7 +17,7 @@ human as (
|
||||
machine as (
|
||||
select $1 as user_id, row_to_json(r) as machine from (
|
||||
select name, description
|
||||
from projections.users11_machines
|
||||
from projections.users12_machines
|
||||
where user_id = $1
|
||||
and instance_id = $2
|
||||
) r
|
||||
|
||||
@@ -21,21 +21,21 @@ var (
|
||||
", members.user_id" +
|
||||
", members.roles" +
|
||||
", projections.login_names3.login_name" +
|
||||
", projections.users11_humans.email" +
|
||||
", projections.users11_humans.first_name" +
|
||||
", projections.users11_humans.last_name" +
|
||||
", projections.users11_humans.display_name" +
|
||||
", projections.users11_machines.name" +
|
||||
", projections.users11_humans.avatar_key" +
|
||||
", projections.users11.type" +
|
||||
", projections.users12_humans.email" +
|
||||
", projections.users12_humans.first_name" +
|
||||
", projections.users12_humans.last_name" +
|
||||
", projections.users12_humans.display_name" +
|
||||
", projections.users12_machines.name" +
|
||||
", projections.users12_humans.avatar_key" +
|
||||
", projections.users12.type" +
|
||||
", COUNT(*) OVER () " +
|
||||
"FROM projections.instance_members4 AS members " +
|
||||
"LEFT JOIN projections.users11_humans " +
|
||||
"ON members.user_id = projections.users11_humans.user_id AND members.instance_id = projections.users11_humans.instance_id " +
|
||||
"LEFT JOIN projections.users11_machines " +
|
||||
"ON members.user_id = projections.users11_machines.user_id AND members.instance_id = projections.users11_machines.instance_id " +
|
||||
"LEFT JOIN projections.users11 " +
|
||||
"ON members.user_id = projections.users11.id AND members.instance_id = projections.users11.instance_id " +
|
||||
"LEFT JOIN projections.users12_humans " +
|
||||
"ON members.user_id = projections.users12_humans.user_id AND members.instance_id = projections.users12_humans.instance_id " +
|
||||
"LEFT JOIN projections.users12_machines " +
|
||||
"ON members.user_id = projections.users12_machines.user_id AND members.instance_id = projections.users12_machines.instance_id " +
|
||||
"LEFT JOIN projections.users12 " +
|
||||
"ON members.user_id = projections.users12.id AND members.instance_id = projections.users12.instance_id " +
|
||||
"LEFT JOIN projections.login_names3 " +
|
||||
"ON members.user_id = projections.login_names3.user_id AND members.instance_id = projections.login_names3.instance_id " +
|
||||
"AS OF SYSTEM TIME '-1 ms' " +
|
||||
|
||||
@@ -7,7 +7,6 @@ import (
|
||||
"sync"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/api/authz"
|
||||
"github.com/zitadel/zitadel/internal/crypto"
|
||||
"github.com/zitadel/zitadel/internal/database"
|
||||
"github.com/zitadel/zitadel/internal/eventstore/handler/v2"
|
||||
"github.com/zitadel/zitadel/internal/query/projection"
|
||||
@@ -30,11 +29,21 @@ func TriggerIntrospectionProjections(ctx context.Context) {
|
||||
triggerBatch(ctx, introspectionTriggerHandlers()...)
|
||||
}
|
||||
|
||||
type AppType string
|
||||
|
||||
const (
|
||||
AppTypeAPI = "api"
|
||||
AppTypeOIDC = "oidc"
|
||||
)
|
||||
|
||||
type IntrospectionClient struct {
|
||||
ClientID string
|
||||
ClientSecret *crypto.CryptoValue
|
||||
ProjectID string
|
||||
PublicKeys database.Map[[]byte]
|
||||
AppID string
|
||||
ClientID string
|
||||
HashedSecret string
|
||||
AppType AppType
|
||||
ProjectID string
|
||||
ResourceOwner string
|
||||
PublicKeys database.Map[[]byte]
|
||||
}
|
||||
|
||||
//go:embed embed/introspection_client_by_id.sql
|
||||
@@ -50,7 +59,15 @@ func (q *Queries) GetIntrospectionClientByID(ctx context.Context, clientID strin
|
||||
)
|
||||
|
||||
err = q.client.QueryRowContext(ctx, func(row *sql.Row) error {
|
||||
return row.Scan(&client.ClientID, &client.ClientSecret, &client.ProjectID, &client.PublicKeys)
|
||||
return row.Scan(
|
||||
&client.AppID,
|
||||
&client.ClientID,
|
||||
&client.HashedSecret,
|
||||
&client.AppType,
|
||||
&client.ProjectID,
|
||||
&client.ResourceOwner,
|
||||
&client.PublicKeys,
|
||||
)
|
||||
},
|
||||
introspectionClientByIDQuery,
|
||||
instanceID, clientID, getKeys,
|
||||
|
||||
@@ -4,7 +4,6 @@ import (
|
||||
"database/sql"
|
||||
"database/sql/driver"
|
||||
_ "embed"
|
||||
"encoding/json"
|
||||
"regexp"
|
||||
"testing"
|
||||
|
||||
@@ -12,20 +11,10 @@ import (
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/api/authz"
|
||||
"github.com/zitadel/zitadel/internal/crypto"
|
||||
"github.com/zitadel/zitadel/internal/database"
|
||||
)
|
||||
|
||||
func TestQueries_GetIntrospectionClientByID(t *testing.T) {
|
||||
secret := &crypto.CryptoValue{
|
||||
CryptoType: crypto.TypeHash,
|
||||
Algorithm: "alg",
|
||||
KeyID: "keyID",
|
||||
Crypted: []byte("secret"),
|
||||
}
|
||||
encSecret, err := json.Marshal(secret)
|
||||
require.NoError(t, err)
|
||||
|
||||
pubkeys := database.Map[[]byte]{
|
||||
"key1": {1, 2, 3},
|
||||
"key2": {4, 5, 6},
|
||||
@@ -61,14 +50,17 @@ func TestQueries_GetIntrospectionClientByID(t *testing.T) {
|
||||
getKeys: false,
|
||||
},
|
||||
mock: mockQuery(expQuery,
|
||||
[]string{"client_id", "client_secret", "project_id", "public_keys"},
|
||||
[]driver.Value{"clientID", encSecret, "projectID", nil},
|
||||
[]string{"app_id", "client_id", "client_secret", "app_type", "project_id", "resource_owner", "public_keys"},
|
||||
[]driver.Value{"appID", "clientID", "secret", "oidc", "projectID", "orgID", nil},
|
||||
"instanceID", "clientID", false),
|
||||
want: &IntrospectionClient{
|
||||
ClientID: "clientID",
|
||||
ClientSecret: secret,
|
||||
ProjectID: "projectID",
|
||||
PublicKeys: nil,
|
||||
AppID: "appID",
|
||||
ClientID: "clientID",
|
||||
HashedSecret: "secret",
|
||||
AppType: AppTypeOIDC,
|
||||
ProjectID: "projectID",
|
||||
ResourceOwner: "orgID",
|
||||
PublicKeys: nil,
|
||||
},
|
||||
},
|
||||
{
|
||||
@@ -78,14 +70,17 @@ func TestQueries_GetIntrospectionClientByID(t *testing.T) {
|
||||
getKeys: true,
|
||||
},
|
||||
mock: mockQuery(expQuery,
|
||||
[]string{"client_id", "client_secret", "project_id", "public_keys"},
|
||||
[]driver.Value{"clientID", nil, "projectID", encPubkeys},
|
||||
[]string{"app_id", "client_id", "client_secret", "app_type", "project_id", "resource_owner", "public_keys"},
|
||||
[]driver.Value{"appID", "clientID", "", "oidc", "projectID", "orgID", encPubkeys},
|
||||
"instanceID", "clientID", true),
|
||||
want: &IntrospectionClient{
|
||||
ClientID: "clientID",
|
||||
ClientSecret: nil,
|
||||
ProjectID: "projectID",
|
||||
PublicKeys: pubkeys,
|
||||
AppID: "appID",
|
||||
ClientID: "clientID",
|
||||
HashedSecret: "",
|
||||
AppType: AppTypeOIDC,
|
||||
ProjectID: "projectID",
|
||||
ResourceOwner: "orgID",
|
||||
PublicKeys: pubkeys,
|
||||
},
|
||||
},
|
||||
}
|
||||
|
||||
@@ -8,7 +8,6 @@ import (
|
||||
"time"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/api/authz"
|
||||
"github.com/zitadel/zitadel/internal/crypto"
|
||||
"github.com/zitadel/zitadel/internal/database"
|
||||
"github.com/zitadel/zitadel/internal/domain"
|
||||
"github.com/zitadel/zitadel/internal/telemetry/tracing"
|
||||
@@ -20,7 +19,7 @@ type OIDCClient struct {
|
||||
AppID string `json:"app_id,omitempty"`
|
||||
State domain.AppState `json:"state,omitempty"`
|
||||
ClientID string `json:"client_id,omitempty"`
|
||||
ClientSecret *crypto.CryptoValue `json:"client_secret,omitempty"`
|
||||
HashedSecret string `json:"client_secret,omitempty"`
|
||||
RedirectURIs []string `json:"redirect_uris,omitempty"`
|
||||
ResponseTypes []domain.OIDCResponseType `json:"response_types,omitempty"`
|
||||
GrantTypes []domain.OIDCGrantType `json:"grant_types,omitempty"`
|
||||
|
||||
@@ -11,7 +11,6 @@ import (
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/api/authz"
|
||||
"github.com/zitadel/zitadel/internal/crypto"
|
||||
"github.com/zitadel/zitadel/internal/database"
|
||||
"github.com/zitadel/zitadel/internal/domain"
|
||||
"github.com/zitadel/zitadel/internal/zerrors"
|
||||
@@ -66,7 +65,7 @@ low2kyJov38V4Uk2I8kuXpLcnrpw5Tio2ooiUE27b0vHZqBKOei9Uo88qCrn3EKx
|
||||
AppID: "236647088211886082",
|
||||
State: domain.AppStateActive,
|
||||
ClientID: "236647088211951618@tests",
|
||||
ClientSecret: nil,
|
||||
HashedSecret: "",
|
||||
RedirectURIs: []string{"http://localhost:9999/auth/callback"},
|
||||
ResponseTypes: []domain.OIDCResponseType{domain.OIDCResponseTypeCode},
|
||||
GrantTypes: []domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode, domain.OIDCGrantTypeRefreshToken},
|
||||
@@ -97,7 +96,7 @@ low2kyJov38V4Uk2I8kuXpLcnrpw5Tio2ooiUE27b0vHZqBKOei9Uo88qCrn3EKx
|
||||
AppID: "236646457053020162",
|
||||
State: domain.AppStateActive,
|
||||
ClientID: "236646457053085698@tests",
|
||||
ClientSecret: nil,
|
||||
HashedSecret: "",
|
||||
RedirectURIs: []string{"http://localhost:9999/auth/callback"},
|
||||
ResponseTypes: []domain.OIDCResponseType{domain.OIDCResponseTypeCode},
|
||||
GrantTypes: []domain.OIDCGrantType{domain.OIDCGrantTypeAuthorizationCode},
|
||||
@@ -124,15 +123,11 @@ low2kyJov38V4Uk2I8kuXpLcnrpw5Tio2ooiUE27b0vHZqBKOei9Uo88qCrn3EKx
|
||||
name: "secret client",
|
||||
mock: mockQuery(expQuery, cols, []driver.Value{testdataOidcClientSecret}, "instanceID", "clientID", true),
|
||||
want: &OIDCClient{
|
||||
InstanceID: "230690539048009730",
|
||||
AppID: "236646858984783874",
|
||||
State: domain.AppStateActive,
|
||||
ClientID: "236646858984849410@tests",
|
||||
ClientSecret: &crypto.CryptoValue{
|
||||
CryptoType: crypto.TypeHash,
|
||||
Algorithm: "bcrypt",
|
||||
Crypted: []byte(`$2a$14$OzZ0XEZZEtD13py/EPba2evsS6WcKZ5orVMj9pWHEGEHmLu2h3PFq`),
|
||||
},
|
||||
InstanceID: "230690539048009730",
|
||||
AppID: "236646858984783874",
|
||||
State: domain.AppStateActive,
|
||||
ClientID: "236646858984849410@tests",
|
||||
HashedSecret: "$2a$14$OzZ0XEZZEtD13py/EPba2evsS6WcKZ5orVMj9pWHEGEHmLu2h3PFq",
|
||||
RedirectURIs: []string{"http://localhost:9999/auth/callback"},
|
||||
ResponseTypes: []domain.OIDCResponseType{0},
|
||||
GrantTypes: []domain.OIDCGrantType{0},
|
||||
@@ -163,7 +158,7 @@ low2kyJov38V4Uk2I8kuXpLcnrpw5Tio2ooiUE27b0vHZqBKOei9Uo88qCrn3EKx
|
||||
AppID: "239520764276441090",
|
||||
State: domain.AppStateActive,
|
||||
ClientID: "239520764779364354@zitadel",
|
||||
ClientSecret: nil,
|
||||
HashedSecret: "",
|
||||
RedirectURIs: []string{
|
||||
"http://test2-qucuh5.localhost:9000/ui/console/auth/callback",
|
||||
"http://test.localhost.com:9000/ui/console/auth/callback"},
|
||||
|
||||
@@ -21,24 +21,24 @@ var (
|
||||
", members.user_id" +
|
||||
", members.roles" +
|
||||
", projections.login_names3.login_name" +
|
||||
", projections.users11_humans.email" +
|
||||
", projections.users11_humans.first_name" +
|
||||
", projections.users11_humans.last_name" +
|
||||
", projections.users11_humans.display_name" +
|
||||
", projections.users11_machines.name" +
|
||||
", projections.users11_humans.avatar_key" +
|
||||
", projections.users11.type" +
|
||||
", projections.users12_humans.email" +
|
||||
", projections.users12_humans.first_name" +
|
||||
", projections.users12_humans.last_name" +
|
||||
", projections.users12_humans.display_name" +
|
||||
", projections.users12_machines.name" +
|
||||
", projections.users12_humans.avatar_key" +
|
||||
", projections.users12.type" +
|
||||
", COUNT(*) OVER () " +
|
||||
"FROM projections.org_members4 AS members " +
|
||||
"LEFT JOIN projections.users11_humans " +
|
||||
"ON members.user_id = projections.users11_humans.user_id " +
|
||||
"AND members.instance_id = projections.users11_humans.instance_id " +
|
||||
"LEFT JOIN projections.users11_machines " +
|
||||
"ON members.user_id = projections.users11_machines.user_id " +
|
||||
"AND members.instance_id = projections.users11_machines.instance_id " +
|
||||
"LEFT JOIN projections.users11 " +
|
||||
"ON members.user_id = projections.users11.id " +
|
||||
"AND members.instance_id = projections.users11.instance_id " +
|
||||
"LEFT JOIN projections.users12_humans " +
|
||||
"ON members.user_id = projections.users12_humans.user_id " +
|
||||
"AND members.instance_id = projections.users12_humans.instance_id " +
|
||||
"LEFT JOIN projections.users12_machines " +
|
||||
"ON members.user_id = projections.users12_machines.user_id " +
|
||||
"AND members.instance_id = projections.users12_machines.instance_id " +
|
||||
"LEFT JOIN projections.users12 " +
|
||||
"ON members.user_id = projections.users12.id " +
|
||||
"AND members.instance_id = projections.users12.instance_id " +
|
||||
"LEFT JOIN projections.login_names3 " +
|
||||
"ON members.user_id = projections.login_names3.user_id " +
|
||||
"AND members.instance_id = projections.login_names3.instance_id " +
|
||||
|
||||
@@ -21,24 +21,24 @@ var (
|
||||
", members.user_id" +
|
||||
", members.roles" +
|
||||
", projections.login_names3.login_name" +
|
||||
", projections.users11_humans.email" +
|
||||
", projections.users11_humans.first_name" +
|
||||
", projections.users11_humans.last_name" +
|
||||
", projections.users11_humans.display_name" +
|
||||
", projections.users11_machines.name" +
|
||||
", projections.users11_humans.avatar_key" +
|
||||
", projections.users11.type" +
|
||||
", projections.users12_humans.email" +
|
||||
", projections.users12_humans.first_name" +
|
||||
", projections.users12_humans.last_name" +
|
||||
", projections.users12_humans.display_name" +
|
||||
", projections.users12_machines.name" +
|
||||
", projections.users12_humans.avatar_key" +
|
||||
", projections.users12.type" +
|
||||
", COUNT(*) OVER () " +
|
||||
"FROM projections.project_grant_members4 AS members " +
|
||||
"LEFT JOIN projections.users11_humans " +
|
||||
"ON members.user_id = projections.users11_humans.user_id " +
|
||||
"AND members.instance_id = projections.users11_humans.instance_id " +
|
||||
"LEFT JOIN projections.users11_machines " +
|
||||
"ON members.user_id = projections.users11_machines.user_id " +
|
||||
"AND members.instance_id = projections.users11_machines.instance_id " +
|
||||
"LEFT JOIN projections.users11 " +
|
||||
"ON members.user_id = projections.users11.id " +
|
||||
"AND members.instance_id = projections.users11.instance_id " +
|
||||
"LEFT JOIN projections.users12_humans " +
|
||||
"ON members.user_id = projections.users12_humans.user_id " +
|
||||
"AND members.instance_id = projections.users12_humans.instance_id " +
|
||||
"LEFT JOIN projections.users12_machines " +
|
||||
"ON members.user_id = projections.users12_machines.user_id " +
|
||||
"AND members.instance_id = projections.users12_machines.instance_id " +
|
||||
"LEFT JOIN projections.users12 " +
|
||||
"ON members.user_id = projections.users12.id " +
|
||||
"AND members.instance_id = projections.users12.instance_id " +
|
||||
"LEFT JOIN projections.login_names3 " +
|
||||
"ON members.user_id = projections.login_names3.user_id " +
|
||||
"AND members.instance_id = projections.login_names3.instance_id " +
|
||||
|
||||
@@ -21,24 +21,24 @@ var (
|
||||
", members.user_id" +
|
||||
", members.roles" +
|
||||
", projections.login_names3.login_name" +
|
||||
", projections.users11_humans.email" +
|
||||
", projections.users11_humans.first_name" +
|
||||
", projections.users11_humans.last_name" +
|
||||
", projections.users11_humans.display_name" +
|
||||
", projections.users11_machines.name" +
|
||||
", projections.users11_humans.avatar_key" +
|
||||
", projections.users11.type" +
|
||||
", projections.users12_humans.email" +
|
||||
", projections.users12_humans.first_name" +
|
||||
", projections.users12_humans.last_name" +
|
||||
", projections.users12_humans.display_name" +
|
||||
", projections.users12_machines.name" +
|
||||
", projections.users12_humans.avatar_key" +
|
||||
", projections.users12.type" +
|
||||
", COUNT(*) OVER () " +
|
||||
"FROM projections.project_members4 AS members " +
|
||||
"LEFT JOIN projections.users11_humans " +
|
||||
"ON members.user_id = projections.users11_humans.user_id " +
|
||||
"AND members.instance_id = projections.users11_humans.instance_id " +
|
||||
"LEFT JOIN projections.users11_machines " +
|
||||
"ON members.user_id = projections.users11_machines.user_id " +
|
||||
"AND members.instance_id = projections.users11_machines.instance_id " +
|
||||
"LEFT JOIN projections.users11 " +
|
||||
"ON members.user_id = projections.users11.id " +
|
||||
"AND members.instance_id = projections.users11.instance_id " +
|
||||
"LEFT JOIN projections.users12_humans " +
|
||||
"ON members.user_id = projections.users12_humans.user_id " +
|
||||
"AND members.instance_id = projections.users12_humans.instance_id " +
|
||||
"LEFT JOIN projections.users12_machines " +
|
||||
"ON members.user_id = projections.users12_machines.user_id " +
|
||||
"AND members.instance_id = projections.users12_machines.instance_id " +
|
||||
"LEFT JOIN projections.users12 " +
|
||||
"ON members.user_id = projections.users12.id " +
|
||||
"AND members.instance_id = projections.users12.instance_id " +
|
||||
"LEFT JOIN projections.login_names3 " +
|
||||
"ON members.user_id = projections.login_names3.user_id " +
|
||||
"AND members.instance_id = projections.login_names3.instance_id " +
|
||||
|
||||
@@ -3,6 +3,7 @@ package projection
|
||||
import (
|
||||
"context"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/crypto"
|
||||
"github.com/zitadel/zitadel/internal/database"
|
||||
"github.com/zitadel/zitadel/internal/domain"
|
||||
"github.com/zitadel/zitadel/internal/eventstore"
|
||||
@@ -15,7 +16,7 @@ import (
|
||||
)
|
||||
|
||||
const (
|
||||
AppProjectionTable = "projections.apps6"
|
||||
AppProjectionTable = "projections.apps7"
|
||||
AppAPITable = AppProjectionTable + "_" + appAPITableSuffix
|
||||
AppOIDCTable = AppProjectionTable + "_" + appOIDCTableSuffix
|
||||
AppSAMLTable = AppProjectionTable + "_" + appSAMLTableSuffix
|
||||
@@ -96,7 +97,7 @@ func (*appProjection) Init() *old_handler.Check {
|
||||
handler.NewColumn(AppAPIConfigColumnAppID, handler.ColumnTypeText),
|
||||
handler.NewColumn(AppAPIConfigColumnInstanceID, handler.ColumnTypeText),
|
||||
handler.NewColumn(AppAPIConfigColumnClientID, handler.ColumnTypeText),
|
||||
handler.NewColumn(AppAPIConfigColumnClientSecret, handler.ColumnTypeJSONB, handler.Nullable()),
|
||||
handler.NewColumn(AppAPIConfigColumnClientSecret, handler.ColumnTypeText, handler.Nullable()),
|
||||
handler.NewColumn(AppAPIConfigColumnAuthMethod, handler.ColumnTypeEnum),
|
||||
},
|
||||
handler.NewPrimaryKey(AppAPIConfigColumnInstanceID, AppAPIConfigColumnAppID),
|
||||
@@ -109,7 +110,7 @@ func (*appProjection) Init() *old_handler.Check {
|
||||
handler.NewColumn(AppOIDCConfigColumnInstanceID, handler.ColumnTypeText),
|
||||
handler.NewColumn(AppOIDCConfigColumnVersion, handler.ColumnTypeEnum),
|
||||
handler.NewColumn(AppOIDCConfigColumnClientID, handler.ColumnTypeText),
|
||||
handler.NewColumn(AppOIDCConfigColumnClientSecret, handler.ColumnTypeJSONB, handler.Nullable()),
|
||||
handler.NewColumn(AppOIDCConfigColumnClientSecret, handler.ColumnTypeText, handler.Nullable()),
|
||||
handler.NewColumn(AppOIDCConfigColumnRedirectUris, handler.ColumnTypeTextArray, handler.Nullable()),
|
||||
handler.NewColumn(AppOIDCConfigColumnResponseTypes, handler.ColumnTypeEnumArray, handler.Nullable()),
|
||||
handler.NewColumn(AppOIDCConfigColumnGrantTypes, handler.ColumnTypeEnumArray, handler.Nullable()),
|
||||
@@ -186,6 +187,10 @@ func (p *appProjection) Reducers() []handler.AggregateReducer {
|
||||
Event: project.APIConfigSecretChangedType,
|
||||
Reduce: p.reduceAPIConfigSecretChanged,
|
||||
},
|
||||
{
|
||||
Event: project.APIConfigSecretHashUpdatedType,
|
||||
Reduce: p.reduceAPIConfigSecretHashUpdated,
|
||||
},
|
||||
{
|
||||
Event: project.OIDCConfigAddedType,
|
||||
Reduce: p.reduceOIDCConfigAdded,
|
||||
@@ -198,6 +203,10 @@ func (p *appProjection) Reducers() []handler.AggregateReducer {
|
||||
Event: project.OIDCConfigSecretChangedType,
|
||||
Reduce: p.reduceOIDCConfigSecretChanged,
|
||||
},
|
||||
{
|
||||
Event: project.OIDCConfigSecretHashUpdatedType,
|
||||
Reduce: p.reduceOIDCConfigSecretHashUpdated,
|
||||
},
|
||||
{
|
||||
Event: project.SAMLConfigAddedType,
|
||||
Reduce: p.reduceSAMLConfigAdded,
|
||||
@@ -350,7 +359,7 @@ func (p *appProjection) reduceAPIConfigAdded(event eventstore.Event) (*handler.S
|
||||
handler.NewCol(AppAPIConfigColumnAppID, e.AppID),
|
||||
handler.NewCol(AppAPIConfigColumnInstanceID, e.Aggregate().InstanceID),
|
||||
handler.NewCol(AppAPIConfigColumnClientID, e.ClientID),
|
||||
handler.NewCol(AppAPIConfigColumnClientSecret, e.ClientSecret),
|
||||
handler.NewCol(AppAPIConfigColumnClientSecret, crypto.SecretOrEncodedHash(e.ClientSecret, e.HashedSecret)),
|
||||
handler.NewCol(AppAPIConfigColumnAuthMethod, e.AuthMethodType),
|
||||
},
|
||||
handler.WithTableSuffix(appAPITableSuffix),
|
||||
@@ -374,9 +383,6 @@ func (p *appProjection) reduceAPIConfigChanged(event eventstore.Event) (*handler
|
||||
return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-vnZKi", "reduce.wrong.event.type %s", project.APIConfigChangedType)
|
||||
}
|
||||
cols := make([]handler.Column, 0, 2)
|
||||
if e.ClientSecret != nil {
|
||||
cols = append(cols, handler.NewCol(AppAPIConfigColumnClientSecret, e.ClientSecret))
|
||||
}
|
||||
if e.AuthMethodType != nil {
|
||||
cols = append(cols, handler.NewCol(AppAPIConfigColumnAuthMethod, *e.AuthMethodType))
|
||||
}
|
||||
@@ -415,7 +421,37 @@ func (p *appProjection) reduceAPIConfigSecretChanged(event eventstore.Event) (*h
|
||||
e,
|
||||
handler.AddUpdateStatement(
|
||||
[]handler.Column{
|
||||
handler.NewCol(AppAPIConfigColumnClientSecret, e.ClientSecret),
|
||||
handler.NewCol(AppAPIConfigColumnClientSecret, crypto.SecretOrEncodedHash(e.ClientSecret, e.HashedSecret)),
|
||||
},
|
||||
[]handler.Condition{
|
||||
handler.NewCond(AppAPIConfigColumnAppID, e.AppID),
|
||||
handler.NewCond(AppAPIConfigColumnInstanceID, e.Aggregate().InstanceID),
|
||||
},
|
||||
handler.WithTableSuffix(appAPITableSuffix),
|
||||
),
|
||||
handler.AddUpdateStatement(
|
||||
[]handler.Column{
|
||||
handler.NewCol(AppColumnChangeDate, e.CreationDate()),
|
||||
handler.NewCol(AppColumnSequence, e.Sequence()),
|
||||
},
|
||||
[]handler.Condition{
|
||||
handler.NewCond(AppColumnID, e.AppID),
|
||||
handler.NewCond(AppColumnInstanceID, e.Aggregate().InstanceID),
|
||||
},
|
||||
),
|
||||
), nil
|
||||
}
|
||||
|
||||
func (p *appProjection) reduceAPIConfigSecretHashUpdated(event eventstore.Event) (*handler.Statement, error) {
|
||||
e, ok := event.(*project.APIConfigSecretHashUpdatedEvent)
|
||||
if !ok {
|
||||
return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-ttb0I", "reduce.wrong.event.type %s", project.APIConfigSecretHashUpdatedType)
|
||||
}
|
||||
return handler.NewMultiStatement(
|
||||
e,
|
||||
handler.AddUpdateStatement(
|
||||
[]handler.Column{
|
||||
handler.NewCol(AppAPIConfigColumnClientSecret, e.HashedSecret),
|
||||
},
|
||||
[]handler.Condition{
|
||||
handler.NewCond(AppAPIConfigColumnAppID, e.AppID),
|
||||
@@ -449,7 +485,7 @@ func (p *appProjection) reduceOIDCConfigAdded(event eventstore.Event) (*handler.
|
||||
handler.NewCol(AppOIDCConfigColumnInstanceID, e.Aggregate().InstanceID),
|
||||
handler.NewCol(AppOIDCConfigColumnVersion, e.Version),
|
||||
handler.NewCol(AppOIDCConfigColumnClientID, e.ClientID),
|
||||
handler.NewCol(AppOIDCConfigColumnClientSecret, e.ClientSecret),
|
||||
handler.NewCol(AppOIDCConfigColumnClientSecret, crypto.SecretOrEncodedHash(e.ClientSecret, e.HashedSecret)),
|
||||
handler.NewCol(AppOIDCConfigColumnRedirectUris, database.TextArray[string](e.RedirectUris)),
|
||||
handler.NewCol(AppOIDCConfigColumnResponseTypes, database.NumberArray[domain.OIDCResponseType](e.ResponseTypes)),
|
||||
handler.NewCol(AppOIDCConfigColumnGrantTypes, database.NumberArray[domain.OIDCGrantType](e.GrantTypes)),
|
||||
@@ -569,7 +605,37 @@ func (p *appProjection) reduceOIDCConfigSecretChanged(event eventstore.Event) (*
|
||||
e,
|
||||
handler.AddUpdateStatement(
|
||||
[]handler.Column{
|
||||
handler.NewCol(AppOIDCConfigColumnClientSecret, e.ClientSecret),
|
||||
handler.NewCol(AppOIDCConfigColumnClientSecret, crypto.SecretOrEncodedHash(e.ClientSecret, e.HashedSecret)),
|
||||
},
|
||||
[]handler.Condition{
|
||||
handler.NewCond(AppOIDCConfigColumnAppID, e.AppID),
|
||||
handler.NewCond(AppOIDCConfigColumnInstanceID, e.Aggregate().InstanceID),
|
||||
},
|
||||
handler.WithTableSuffix(appOIDCTableSuffix),
|
||||
),
|
||||
handler.AddUpdateStatement(
|
||||
[]handler.Column{
|
||||
handler.NewCol(AppColumnChangeDate, e.CreationDate()),
|
||||
handler.NewCol(AppColumnSequence, e.Sequence()),
|
||||
},
|
||||
[]handler.Condition{
|
||||
handler.NewCond(AppColumnID, e.AppID),
|
||||
handler.NewCond(AppColumnInstanceID, e.Aggregate().InstanceID),
|
||||
},
|
||||
),
|
||||
), nil
|
||||
}
|
||||
|
||||
func (p *appProjection) reduceOIDCConfigSecretHashUpdated(event eventstore.Event) (*handler.Statement, error) {
|
||||
e, ok := event.(*project.OIDCConfigSecretHashUpdatedEvent)
|
||||
if !ok {
|
||||
return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-toSh1", "reduce.wrong.event.type %s", project.OIDCConfigSecretHashUpdatedType)
|
||||
}
|
||||
return handler.NewMultiStatement(
|
||||
e,
|
||||
handler.AddUpdateStatement(
|
||||
[]handler.Column{
|
||||
handler.NewCol(AppOIDCConfigColumnClientSecret, e.HashedSecret),
|
||||
},
|
||||
[]handler.Condition{
|
||||
handler.NewCond(AppOIDCConfigColumnAppID, e.AppID),
|
||||
|
||||
@@ -46,7 +46,7 @@ func TestAppProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.apps6 (id, name, project_id, creation_date, change_date, resource_owner, instance_id, state, sequence) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
|
||||
expectedStmt: "INSERT INTO projections.apps7 (id, name, project_id, creation_date, change_date, resource_owner, instance_id, state, sequence) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
|
||||
expectedArgs: []interface{}{
|
||||
"app-id",
|
||||
"my-app",
|
||||
@@ -83,7 +83,7 @@ func TestAppProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.apps6 SET (name, change_date, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
|
||||
expectedStmt: "UPDATE projections.apps7 SET (name, change_date, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
|
||||
expectedArgs: []interface{}{
|
||||
"my-app",
|
||||
anyArg{},
|
||||
@@ -136,7 +136,7 @@ func TestAppProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.apps6 SET (state, change_date, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
|
||||
expectedStmt: "UPDATE projections.apps7 SET (state, change_date, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
|
||||
expectedArgs: []interface{}{
|
||||
domain.AppStateInactive,
|
||||
anyArg{},
|
||||
@@ -168,7 +168,7 @@ func TestAppProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.apps6 SET (state, change_date, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
|
||||
expectedStmt: "UPDATE projections.apps7 SET (state, change_date, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
|
||||
expectedArgs: []interface{}{
|
||||
domain.AppStateActive,
|
||||
anyArg{},
|
||||
@@ -200,7 +200,7 @@ func TestAppProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "DELETE FROM projections.apps6 WHERE (id = $1) AND (instance_id = $2)",
|
||||
expectedStmt: "DELETE FROM projections.apps7 WHERE (id = $1) AND (instance_id = $2)",
|
||||
expectedArgs: []interface{}{
|
||||
"app-id",
|
||||
"instance-id",
|
||||
@@ -227,7 +227,7 @@ func TestAppProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "DELETE FROM projections.apps6 WHERE (project_id = $1) AND (instance_id = $2)",
|
||||
expectedStmt: "DELETE FROM projections.apps7 WHERE (project_id = $1) AND (instance_id = $2)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@@ -254,7 +254,7 @@ func TestAppProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "DELETE FROM projections.apps6 WHERE (instance_id = $1)",
|
||||
expectedStmt: "DELETE FROM projections.apps7 WHERE (instance_id = $1)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
},
|
||||
@@ -264,7 +264,7 @@ func TestAppProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "project reduceAPIConfigAdded",
|
||||
name: "project reduceAPIConfigAdded, v1 secret",
|
||||
args: args{
|
||||
event: getEvent(
|
||||
testEvent(
|
||||
@@ -273,7 +273,7 @@ func TestAppProjection_reduces(t *testing.T) {
|
||||
[]byte(`{
|
||||
"appId": "app-id",
|
||||
"clientId": "client-id",
|
||||
"clientSecret": {},
|
||||
"clientSecret": {"CryptoType":1,"Algorithm":"bcrypt","Crypted":"c2VjcmV0"},
|
||||
"authMethodType": 1
|
||||
}`),
|
||||
), project.APIConfigAddedEventMapper),
|
||||
@@ -285,17 +285,61 @@ func TestAppProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.apps6_api_configs (app_id, instance_id, client_id, client_secret, auth_method) VALUES ($1, $2, $3, $4, $5)",
|
||||
expectedStmt: "INSERT INTO projections.apps7_api_configs (app_id, instance_id, client_id, client_secret, auth_method) VALUES ($1, $2, $3, $4, $5)",
|
||||
expectedArgs: []interface{}{
|
||||
"app-id",
|
||||
"instance-id",
|
||||
"client-id",
|
||||
anyArg{},
|
||||
"secret",
|
||||
domain.APIAuthMethodTypePrivateKeyJWT,
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.apps6 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.apps7 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
"app-id",
|
||||
"instance-id",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "project reduceAPIConfigAdded, v2 secret",
|
||||
args: args{
|
||||
event: getEvent(
|
||||
testEvent(
|
||||
project.APIConfigAddedType,
|
||||
project.AggregateType,
|
||||
[]byte(`{
|
||||
"appId": "app-id",
|
||||
"clientId": "client-id",
|
||||
"hashedSecret": "secret",
|
||||
"authMethodType": 1
|
||||
}`),
|
||||
), project.APIConfigAddedEventMapper),
|
||||
},
|
||||
reduce: (&appProjection{}).reduceAPIConfigAdded,
|
||||
want: wantReduce{
|
||||
aggregateType: eventstore.AggregateType("project"),
|
||||
sequence: 15,
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.apps7_api_configs (app_id, instance_id, client_id, client_secret, auth_method) VALUES ($1, $2, $3, $4, $5)",
|
||||
expectedArgs: []interface{}{
|
||||
"app-id",
|
||||
"instance-id",
|
||||
"client-id",
|
||||
"secret",
|
||||
domain.APIAuthMethodTypePrivateKeyJWT,
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.apps7 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@@ -317,7 +361,6 @@ func TestAppProjection_reduces(t *testing.T) {
|
||||
[]byte(`{
|
||||
"appId": "app-id",
|
||||
"clientId": "client-id",
|
||||
"clientSecret": {},
|
||||
"authMethodType": 1
|
||||
}`),
|
||||
), project.APIConfigChangedEventMapper),
|
||||
@@ -329,16 +372,15 @@ func TestAppProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.apps6_api_configs SET (client_secret, auth_method) = ($1, $2) WHERE (app_id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.apps7_api_configs SET auth_method = $1 WHERE (app_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
domain.APIAuthMethodTypePrivateKeyJWT,
|
||||
"app-id",
|
||||
"instance-id",
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.apps6 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.apps7 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@@ -372,16 +414,16 @@ func TestAppProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "project reduceAPIConfigSecretChanged",
|
||||
name: "project reduceAPIConfigSecretChanged, v1 secret",
|
||||
args: args{
|
||||
event: getEvent(
|
||||
testEvent(
|
||||
project.APIConfigSecretChangedType,
|
||||
project.AggregateType,
|
||||
[]byte(`{
|
||||
"appId": "app-id",
|
||||
"client_secret": {}
|
||||
}`),
|
||||
"appId": "app-id",
|
||||
"clientSecret": {"CryptoType":1,"Algorithm":"bcrypt","Crypted":"c2VjcmV0"}
|
||||
}`),
|
||||
), project.APIConfigSecretChangedEventMapper),
|
||||
},
|
||||
reduce: (&appProjection{}).reduceAPIConfigSecretChanged,
|
||||
@@ -391,15 +433,15 @@ func TestAppProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.apps6_api_configs SET client_secret = $1 WHERE (app_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.apps7_api_configs SET client_secret = $1 WHERE (app_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
"secret",
|
||||
"app-id",
|
||||
"instance-id",
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.apps6 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.apps7 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@@ -412,7 +454,87 @@ func TestAppProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "project reduceOIDCConfigAdded",
|
||||
name: "project reduceAPIConfigSecretChanged, v2 secret",
|
||||
args: args{
|
||||
event: getEvent(
|
||||
testEvent(
|
||||
project.APIConfigSecretChangedType,
|
||||
project.AggregateType,
|
||||
[]byte(`{
|
||||
"appId": "app-id",
|
||||
"hashedSecret": "secret"
|
||||
}`),
|
||||
), project.APIConfigSecretChangedEventMapper),
|
||||
},
|
||||
reduce: (&appProjection{}).reduceAPIConfigSecretChanged,
|
||||
want: wantReduce{
|
||||
aggregateType: eventstore.AggregateType("project"),
|
||||
sequence: 15,
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.apps7_api_configs SET client_secret = $1 WHERE (app_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
"secret",
|
||||
"app-id",
|
||||
"instance-id",
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.apps7 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
"app-id",
|
||||
"instance-id",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "project reduceAPIConfigSecretHashUpdated",
|
||||
args: args{
|
||||
event: getEvent(
|
||||
testEvent(
|
||||
project.APIConfigSecretHashUpdatedType,
|
||||
project.AggregateType,
|
||||
[]byte(`{
|
||||
"appId": "app-id",
|
||||
"hashedSecret": "secret"
|
||||
}`),
|
||||
), eventstore.GenericEventMapper[project.APIConfigSecretHashUpdatedEvent]),
|
||||
},
|
||||
reduce: (&appProjection{}).reduceAPIConfigSecretHashUpdated,
|
||||
want: wantReduce{
|
||||
aggregateType: eventstore.AggregateType("project"),
|
||||
sequence: 15,
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.apps7_api_configs SET client_secret = $1 WHERE (app_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
"secret",
|
||||
"app-id",
|
||||
"instance-id",
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.apps7 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
"app-id",
|
||||
"instance-id",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "project reduceOIDCConfigAdded, v1 secret",
|
||||
args: args{
|
||||
event: getEvent(
|
||||
testEvent(
|
||||
@@ -422,7 +544,7 @@ func TestAppProjection_reduces(t *testing.T) {
|
||||
"oidcVersion": 0,
|
||||
"appId": "app-id",
|
||||
"clientId": "client-id",
|
||||
"clientSecret": {},
|
||||
"clientSecret": {"CryptoType":1,"Algorithm":"bcrypt","Crypted":"c2VjcmV0"},
|
||||
"redirectUris": ["redirect.one.ch", "redirect.two.ch"],
|
||||
"responseTypes": [1,2],
|
||||
"grantTypes": [1,2],
|
||||
@@ -447,13 +569,13 @@ func TestAppProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.apps6_oidc_configs (app_id, instance_id, version, client_id, client_secret, redirect_uris, response_types, grant_types, application_type, auth_method_type, post_logout_redirect_uris, is_dev_mode, access_token_type, access_token_role_assertion, id_token_role_assertion, id_token_userinfo_assertion, clock_skew, additional_origins, skip_native_app_success_page) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19)",
|
||||
expectedStmt: "INSERT INTO projections.apps7_oidc_configs (app_id, instance_id, version, client_id, client_secret, redirect_uris, response_types, grant_types, application_type, auth_method_type, post_logout_redirect_uris, is_dev_mode, access_token_type, access_token_role_assertion, id_token_role_assertion, id_token_userinfo_assertion, clock_skew, additional_origins, skip_native_app_success_page) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19)",
|
||||
expectedArgs: []interface{}{
|
||||
"app-id",
|
||||
"instance-id",
|
||||
domain.OIDCVersionV1,
|
||||
"client-id",
|
||||
anyArg{},
|
||||
"secret",
|
||||
database.TextArray[string]{"redirect.one.ch", "redirect.two.ch"},
|
||||
database.NumberArray[domain.OIDCResponseType]{1, 2},
|
||||
database.NumberArray[domain.OIDCGrantType]{1, 2},
|
||||
@@ -471,7 +593,79 @@ func TestAppProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.apps6 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.apps7 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
"app-id",
|
||||
"instance-id",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "project reduceOIDCConfigAdded, v2 secret",
|
||||
args: args{
|
||||
event: getEvent(
|
||||
testEvent(
|
||||
project.OIDCConfigAddedType,
|
||||
project.AggregateType,
|
||||
[]byte(`{
|
||||
"oidcVersion": 0,
|
||||
"appId": "app-id",
|
||||
"clientId": "client-id",
|
||||
"hashedSecret": "secret",
|
||||
"redirectUris": ["redirect.one.ch", "redirect.two.ch"],
|
||||
"responseTypes": [1,2],
|
||||
"grantTypes": [1,2],
|
||||
"applicationType": 2,
|
||||
"authMethodType": 2,
|
||||
"postLogoutRedirectUris": ["logout.one.ch", "logout.two.ch"],
|
||||
"devMode": true,
|
||||
"accessTokenType": 1,
|
||||
"accessTokenRoleAssertion": true,
|
||||
"idTokenRoleAssertion": true,
|
||||
"idTokenUserinfoAssertion": true,
|
||||
"clockSkew": 1000,
|
||||
"additionalOrigins": ["origin.one.ch", "origin.two.ch"],
|
||||
"skipNativeAppSuccessPage": true
|
||||
}`),
|
||||
), project.OIDCConfigAddedEventMapper),
|
||||
},
|
||||
reduce: (&appProjection{}).reduceOIDCConfigAdded,
|
||||
want: wantReduce{
|
||||
aggregateType: eventstore.AggregateType("project"),
|
||||
sequence: 15,
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.apps7_oidc_configs (app_id, instance_id, version, client_id, client_secret, redirect_uris, response_types, grant_types, application_type, auth_method_type, post_logout_redirect_uris, is_dev_mode, access_token_type, access_token_role_assertion, id_token_role_assertion, id_token_userinfo_assertion, clock_skew, additional_origins, skip_native_app_success_page) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19)",
|
||||
expectedArgs: []interface{}{
|
||||
"app-id",
|
||||
"instance-id",
|
||||
domain.OIDCVersionV1,
|
||||
"client-id",
|
||||
"secret",
|
||||
database.TextArray[string]{"redirect.one.ch", "redirect.two.ch"},
|
||||
database.NumberArray[domain.OIDCResponseType]{1, 2},
|
||||
database.NumberArray[domain.OIDCGrantType]{1, 2},
|
||||
domain.OIDCApplicationTypeNative,
|
||||
domain.OIDCAuthMethodTypeNone,
|
||||
database.TextArray[string]{"logout.one.ch", "logout.two.ch"},
|
||||
true,
|
||||
domain.OIDCTokenTypeJWT,
|
||||
true,
|
||||
true,
|
||||
true,
|
||||
1 * time.Microsecond,
|
||||
database.TextArray[string]{"origin.one.ch", "origin.two.ch"},
|
||||
true,
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.apps7 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@@ -518,7 +712,7 @@ func TestAppProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.apps6_oidc_configs SET (version, redirect_uris, response_types, grant_types, application_type, auth_method_type, post_logout_redirect_uris, is_dev_mode, access_token_type, access_token_role_assertion, id_token_role_assertion, id_token_userinfo_assertion, clock_skew, additional_origins, skip_native_app_success_page) = ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15) WHERE (app_id = $16) AND (instance_id = $17)",
|
||||
expectedStmt: "UPDATE projections.apps7_oidc_configs SET (version, redirect_uris, response_types, grant_types, application_type, auth_method_type, post_logout_redirect_uris, is_dev_mode, access_token_type, access_token_role_assertion, id_token_role_assertion, id_token_userinfo_assertion, clock_skew, additional_origins, skip_native_app_success_page) = ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15) WHERE (app_id = $16) AND (instance_id = $17)",
|
||||
expectedArgs: []interface{}{
|
||||
domain.OIDCVersionV1,
|
||||
database.TextArray[string]{"redirect.one.ch", "redirect.two.ch"},
|
||||
@@ -540,7 +734,7 @@ func TestAppProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.apps6 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.apps7 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@@ -574,7 +768,7 @@ func TestAppProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "project reduceOIDCConfigSecretChanged",
|
||||
name: "project reduceOIDCConfigSecretChanged, v1 secret",
|
||||
args: args{
|
||||
event: getEvent(
|
||||
testEvent(
|
||||
@@ -582,7 +776,7 @@ func TestAppProjection_reduces(t *testing.T) {
|
||||
project.AggregateType,
|
||||
[]byte(`{
|
||||
"appId": "app-id",
|
||||
"client_secret": {}
|
||||
"clientSecret": {"CryptoType":1,"Algorithm":"bcrypt","Crypted":"c2VjcmV0"}
|
||||
}`),
|
||||
), project.OIDCConfigSecretChangedEventMapper),
|
||||
},
|
||||
@@ -593,15 +787,95 @@ func TestAppProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.apps6_oidc_configs SET client_secret = $1 WHERE (app_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.apps7_oidc_configs SET client_secret = $1 WHERE (app_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
"secret",
|
||||
"app-id",
|
||||
"instance-id",
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.apps6 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.apps7 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
"app-id",
|
||||
"instance-id",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "project reduceOIDCConfigSecretChanged, v2 secret",
|
||||
args: args{
|
||||
event: getEvent(
|
||||
testEvent(
|
||||
project.OIDCConfigSecretChangedType,
|
||||
project.AggregateType,
|
||||
[]byte(`{
|
||||
"appId": "app-id",
|
||||
"hashedSecret": "secret"
|
||||
}`),
|
||||
), project.OIDCConfigSecretChangedEventMapper),
|
||||
},
|
||||
reduce: (&appProjection{}).reduceOIDCConfigSecretChanged,
|
||||
want: wantReduce{
|
||||
aggregateType: eventstore.AggregateType("project"),
|
||||
sequence: 15,
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.apps7_oidc_configs SET client_secret = $1 WHERE (app_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
"secret",
|
||||
"app-id",
|
||||
"instance-id",
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.apps7 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
"app-id",
|
||||
"instance-id",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "project reduceOIDCConfigSecretHashUpdated",
|
||||
args: args{
|
||||
event: getEvent(
|
||||
testEvent(
|
||||
project.OIDCConfigSecretHashUpdatedType,
|
||||
project.AggregateType,
|
||||
[]byte(`{
|
||||
"appId": "app-id",
|
||||
"hashedSecret": "secret"
|
||||
}`),
|
||||
), eventstore.GenericEventMapper[project.OIDCConfigSecretHashUpdatedEvent]),
|
||||
},
|
||||
reduce: (&appProjection{}).reduceOIDCConfigSecretHashUpdated,
|
||||
want: wantReduce{
|
||||
aggregateType: eventstore.AggregateType("project"),
|
||||
sequence: 15,
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.apps7_oidc_configs SET client_secret = $1 WHERE (app_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
"secret",
|
||||
"app-id",
|
||||
"instance-id",
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.apps7 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@@ -630,7 +904,7 @@ func TestAppProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "DELETE FROM projections.apps6 WHERE (instance_id = $1) AND (resource_owner = $2)",
|
||||
expectedStmt: "DELETE FROM projections.apps7 WHERE (instance_id = $1) AND (resource_owner = $2)",
|
||||
expectedArgs: []interface{}{
|
||||
"instance-id",
|
||||
"agg-id",
|
||||
|
||||
@@ -4,6 +4,7 @@ import (
|
||||
"context"
|
||||
"database/sql"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/crypto"
|
||||
"github.com/zitadel/zitadel/internal/domain"
|
||||
"github.com/zitadel/zitadel/internal/eventstore"
|
||||
old_handler "github.com/zitadel/zitadel/internal/eventstore/handler"
|
||||
@@ -15,7 +16,7 @@ import (
|
||||
)
|
||||
|
||||
const (
|
||||
UserTable = "projections.users11"
|
||||
UserTable = "projections.users12"
|
||||
UserHumanTable = UserTable + "_" + UserHumanSuffix
|
||||
UserMachineTable = UserTable + "_" + UserMachineSuffix
|
||||
UserNotifyTable = UserTable + "_" + UserNotifySuffix
|
||||
@@ -125,7 +126,7 @@ func (*userProjection) Init() *old_handler.Check {
|
||||
handler.NewColumn(MachineUserInstanceIDCol, handler.ColumnTypeText),
|
||||
handler.NewColumn(MachineNameCol, handler.ColumnTypeText),
|
||||
handler.NewColumn(MachineDescriptionCol, handler.ColumnTypeText, handler.Nullable()),
|
||||
handler.NewColumn(MachineSecretCol, handler.ColumnTypeJSONB, handler.Nullable()),
|
||||
handler.NewColumn(MachineSecretCol, handler.ColumnTypeText, handler.Nullable()),
|
||||
handler.NewColumn(MachineAccessTokenTypeCol, handler.ColumnTypeEnum, handler.Default(0)),
|
||||
},
|
||||
handler.NewPrimaryKey(MachineUserInstanceIDCol, MachineUserIDCol),
|
||||
@@ -285,6 +286,10 @@ func (p *userProjection) Reducers() []handler.AggregateReducer {
|
||||
Event: user.MachineSecretSetType,
|
||||
Reduce: p.reduceMachineSecretSet,
|
||||
},
|
||||
{
|
||||
Event: user.MachineSecretHashUpdatedType,
|
||||
Reduce: p.reduceMachineSecretHashUpdated,
|
||||
},
|
||||
{
|
||||
Event: user.MachineSecretRemovedType,
|
||||
Reduce: p.reduceMachineSecretRemoved,
|
||||
@@ -354,7 +359,7 @@ func (p *userProjection) reduceHumanAdded(event eventstore.Event) (*handler.Stat
|
||||
handler.NewCol(NotifyInstanceIDCol, e.Aggregate().InstanceID),
|
||||
handler.NewCol(NotifyLastEmailCol, e.EmailAddress),
|
||||
handler.NewCol(NotifyLastPhoneCol, &sql.NullString{String: string(e.PhoneNumber), Valid: e.PhoneNumber != ""}),
|
||||
handler.NewCol(NotifyPasswordSetCol, user.SecretOrEncodedHash(e.Secret, e.EncodedHash) != ""),
|
||||
handler.NewCol(NotifyPasswordSetCol, crypto.SecretOrEncodedHash(e.Secret, e.EncodedHash) != ""),
|
||||
},
|
||||
handler.WithTableSuffix(UserNotifySuffix),
|
||||
),
|
||||
@@ -403,7 +408,7 @@ func (p *userProjection) reduceHumanRegistered(event eventstore.Event) (*handler
|
||||
handler.NewCol(NotifyInstanceIDCol, e.Aggregate().InstanceID),
|
||||
handler.NewCol(NotifyLastEmailCol, e.EmailAddress),
|
||||
handler.NewCol(NotifyLastPhoneCol, &sql.NullString{String: string(e.PhoneNumber), Valid: e.PhoneNumber != ""}),
|
||||
handler.NewCol(NotifyPasswordSetCol, user.SecretOrEncodedHash(e.Secret, e.EncodedHash) != ""),
|
||||
handler.NewCol(NotifyPasswordSetCol, crypto.SecretOrEncodedHash(e.Secret, e.EncodedHash) != ""),
|
||||
},
|
||||
handler.WithTableSuffix(UserNotifySuffix),
|
||||
),
|
||||
@@ -952,7 +957,37 @@ func (p *userProjection) reduceMachineSecretSet(event eventstore.Event) (*handle
|
||||
),
|
||||
handler.AddUpdateStatement(
|
||||
[]handler.Column{
|
||||
handler.NewCol(MachineSecretCol, e.ClientSecret),
|
||||
handler.NewCol(MachineSecretCol, crypto.SecretOrEncodedHash(e.ClientSecret, e.HashedSecret)),
|
||||
},
|
||||
[]handler.Condition{
|
||||
handler.NewCond(MachineUserIDCol, e.Aggregate().ID),
|
||||
handler.NewCond(MachineUserInstanceIDCol, e.Aggregate().InstanceID),
|
||||
},
|
||||
handler.WithTableSuffix(UserMachineSuffix),
|
||||
),
|
||||
), nil
|
||||
}
|
||||
|
||||
func (p *userProjection) reduceMachineSecretHashUpdated(event eventstore.Event) (*handler.Statement, error) {
|
||||
e, ok := event.(*user.MachineSecretHashUpdatedEvent)
|
||||
if !ok {
|
||||
return nil, zerrors.ThrowInvalidArgumentf(nil, "HANDL-Wieng4u", "reduce.wrong.event.type %s", user.MachineSecretHashUpdatedType)
|
||||
}
|
||||
return handler.NewMultiStatement(
|
||||
e,
|
||||
handler.AddUpdateStatement(
|
||||
[]handler.Column{
|
||||
handler.NewCol(UserChangeDateCol, e.CreationDate()),
|
||||
handler.NewCol(UserSequenceCol, e.Sequence()),
|
||||
},
|
||||
[]handler.Condition{
|
||||
handler.NewCond(UserIDCol, e.Aggregate().ID),
|
||||
handler.NewCond(UserInstanceIDCol, e.Aggregate().InstanceID),
|
||||
},
|
||||
),
|
||||
handler.AddUpdateStatement(
|
||||
[]handler.Column{
|
||||
handler.NewCol(MachineSecretCol, e.HashedSecret),
|
||||
},
|
||||
[]handler.Condition{
|
||||
handler.NewCond(MachineUserIDCol, e.Aggregate().ID),
|
||||
|
||||
@@ -4,7 +4,6 @@ import (
|
||||
"database/sql"
|
||||
"testing"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/crypto"
|
||||
"github.com/zitadel/zitadel/internal/domain"
|
||||
"github.com/zitadel/zitadel/internal/eventstore"
|
||||
"github.com/zitadel/zitadel/internal/eventstore/handler/v2"
|
||||
@@ -52,7 +51,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users11 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
|
||||
expectedStmt: "INSERT INTO projections.users12 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
anyArg{},
|
||||
@@ -66,7 +65,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users11_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone, password_change_required) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)",
|
||||
expectedStmt: "INSERT INTO projections.users12_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone, password_change_required) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@@ -82,7 +81,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users11_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
|
||||
expectedStmt: "INSERT INTO projections.users12_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@@ -122,7 +121,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users11 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
|
||||
expectedStmt: "INSERT INTO projections.users12 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
anyArg{},
|
||||
@@ -136,7 +135,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users11_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone, password_change_required) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)",
|
||||
expectedStmt: "INSERT INTO projections.users12_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone, password_change_required) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@@ -152,7 +151,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users11_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
|
||||
expectedStmt: "INSERT INTO projections.users12_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@@ -187,7 +186,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users11 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
|
||||
expectedStmt: "INSERT INTO projections.users12 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
anyArg{},
|
||||
@@ -201,7 +200,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users11_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone, password_change_required) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)",
|
||||
expectedStmt: "INSERT INTO projections.users12_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone, password_change_required) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@@ -217,7 +216,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users11_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
|
||||
expectedStmt: "INSERT INTO projections.users12_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@@ -258,7 +257,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users11 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
|
||||
expectedStmt: "INSERT INTO projections.users12 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
anyArg{},
|
||||
@@ -272,7 +271,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users11_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone, password_change_required) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)",
|
||||
expectedStmt: "INSERT INTO projections.users12_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone, password_change_required) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@@ -288,7 +287,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users11_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
|
||||
expectedStmt: "INSERT INTO projections.users12_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@@ -328,7 +327,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users11 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
|
||||
expectedStmt: "INSERT INTO projections.users12 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
anyArg{},
|
||||
@@ -342,7 +341,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users11_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone, password_change_required) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)",
|
||||
expectedStmt: "INSERT INTO projections.users12_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone, password_change_required) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@@ -358,7 +357,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users11_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
|
||||
expectedStmt: "INSERT INTO projections.users12_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@@ -393,7 +392,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users11 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
|
||||
expectedStmt: "INSERT INTO projections.users12 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
anyArg{},
|
||||
@@ -407,7 +406,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users11_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone, password_change_required) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)",
|
||||
expectedStmt: "INSERT INTO projections.users12_humans (user_id, instance_id, first_name, last_name, nick_name, display_name, preferred_language, gender, email, phone, password_change_required) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@@ -423,7 +422,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users11_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
|
||||
expectedStmt: "INSERT INTO projections.users12_notifications (user_id, instance_id, last_email, last_phone, password_set) VALUES ($1, $2, $3, $4, $5)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@@ -453,7 +452,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11 SET state = $1 WHERE (id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users12 SET state = $1 WHERE (id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
domain.UserStateInitial,
|
||||
"agg-id",
|
||||
@@ -481,7 +480,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11 SET state = $1 WHERE (id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users12 SET state = $1 WHERE (id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
domain.UserStateInitial,
|
||||
"agg-id",
|
||||
@@ -509,7 +508,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11 SET state = $1 WHERE (id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users12 SET state = $1 WHERE (id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
domain.UserStateActive,
|
||||
"agg-id",
|
||||
@@ -537,7 +536,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11 SET state = $1 WHERE (id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users12 SET state = $1 WHERE (id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
domain.UserStateActive,
|
||||
"agg-id",
|
||||
@@ -565,7 +564,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
domain.UserStateLocked,
|
||||
@@ -595,7 +594,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
domain.UserStateActive,
|
||||
@@ -625,7 +624,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
domain.UserStateInactive,
|
||||
@@ -655,7 +654,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, state, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
domain.UserStateActive,
|
||||
@@ -685,7 +684,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "DELETE FROM projections.users11 WHERE (id = $1) AND (instance_id = $2)",
|
||||
expectedStmt: "DELETE FROM projections.users12 WHERE (id = $1) AND (instance_id = $2)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@@ -714,7 +713,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11 SET (change_date, username, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, username, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
"username",
|
||||
@@ -746,7 +745,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11 SET (change_date, username, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, username, sequence) = ($1, $2, $3) WHERE (id = $4) AND (instance_id = $5)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
"id@temporary.domain",
|
||||
@@ -783,7 +782,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@@ -792,7 +791,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11_humans SET (first_name, last_name, nick_name, display_name, preferred_language, gender) = ($1, $2, $3, $4, $5, $6) WHERE (user_id = $7) AND (instance_id = $8)",
|
||||
expectedStmt: "UPDATE projections.users12_humans SET (first_name, last_name, nick_name, display_name, preferred_language, gender) = ($1, $2, $3, $4, $5, $6) WHERE (user_id = $7) AND (instance_id = $8)",
|
||||
expectedArgs: []interface{}{
|
||||
"first-name",
|
||||
"last-name",
|
||||
@@ -832,7 +831,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@@ -841,7 +840,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11_humans SET (first_name, last_name, nick_name, display_name, preferred_language, gender) = ($1, $2, $3, $4, $5, $6) WHERE (user_id = $7) AND (instance_id = $8)",
|
||||
expectedStmt: "UPDATE projections.users12_humans SET (first_name, last_name, nick_name, display_name, preferred_language, gender) = ($1, $2, $3, $4, $5, $6) WHERE (user_id = $7) AND (instance_id = $8)",
|
||||
expectedArgs: []interface{}{
|
||||
"first-name",
|
||||
"last-name",
|
||||
@@ -876,7 +875,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@@ -885,7 +884,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users12_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
domain.PhoneNumber("+41 00 000 00 00"),
|
||||
false,
|
||||
@@ -894,7 +893,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11_notifications SET last_phone = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users12_notifications SET last_phone = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
&sql.NullString{String: "+41 00 000 00 00", Valid: true},
|
||||
"agg-id",
|
||||
@@ -924,7 +923,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@@ -933,7 +932,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users12_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
domain.PhoneNumber("+41 00 000 00 00"),
|
||||
false,
|
||||
@@ -942,7 +941,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11_notifications SET last_phone = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users12_notifications SET last_phone = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
&sql.NullString{String: "+41 00 000 00 00", Valid: true},
|
||||
"agg-id",
|
||||
@@ -970,7 +969,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@@ -979,7 +978,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users12_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
nil,
|
||||
nil,
|
||||
@@ -988,7 +987,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11_notifications SET (last_phone, verified_phone) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users12_notifications SET (last_phone, verified_phone) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
nil,
|
||||
nil,
|
||||
@@ -1017,7 +1016,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@@ -1026,7 +1025,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users12_humans SET (phone, is_phone_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
nil,
|
||||
nil,
|
||||
@@ -1035,7 +1034,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11_notifications SET (last_phone, verified_phone) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users12_notifications SET (last_phone, verified_phone) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
nil,
|
||||
nil,
|
||||
@@ -1064,7 +1063,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@@ -1073,7 +1072,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11_humans SET is_phone_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users12_humans SET is_phone_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
true,
|
||||
"agg-id",
|
||||
@@ -1081,7 +1080,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11_notifications SET verified_phone = last_phone WHERE (user_id = $1) AND (instance_id = $2)",
|
||||
expectedStmt: "UPDATE projections.users12_notifications SET verified_phone = last_phone WHERE (user_id = $1) AND (instance_id = $2)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@@ -1108,7 +1107,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@@ -1117,7 +1116,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11_humans SET is_phone_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users12_humans SET is_phone_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
true,
|
||||
"agg-id",
|
||||
@@ -1125,7 +1124,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11_notifications SET verified_phone = last_phone WHERE (user_id = $1) AND (instance_id = $2)",
|
||||
expectedStmt: "UPDATE projections.users12_notifications SET verified_phone = last_phone WHERE (user_id = $1) AND (instance_id = $2)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@@ -1154,7 +1153,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@@ -1163,7 +1162,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11_humans SET (email, is_email_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users12_humans SET (email, is_email_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
domain.EmailAddress("email@zitadel.com"),
|
||||
false,
|
||||
@@ -1172,7 +1171,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11_notifications SET last_email = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users12_notifications SET last_email = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
&sql.NullString{String: "email@zitadel.com", Valid: true},
|
||||
"agg-id",
|
||||
@@ -1202,7 +1201,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@@ -1211,7 +1210,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11_humans SET (email, is_email_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users12_humans SET (email, is_email_verified) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
domain.EmailAddress("email@zitadel.com"),
|
||||
false,
|
||||
@@ -1220,7 +1219,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11_notifications SET last_email = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users12_notifications SET last_email = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
&sql.NullString{String: "email@zitadel.com", Valid: true},
|
||||
"agg-id",
|
||||
@@ -1248,7 +1247,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@@ -1257,7 +1256,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11_humans SET is_email_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users12_humans SET is_email_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
true,
|
||||
"agg-id",
|
||||
@@ -1265,7 +1264,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11_notifications SET verified_email = last_email WHERE (user_id = $1) AND (instance_id = $2)",
|
||||
expectedStmt: "UPDATE projections.users12_notifications SET verified_email = last_email WHERE (user_id = $1) AND (instance_id = $2)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@@ -1292,7 +1291,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@@ -1301,7 +1300,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11_humans SET is_email_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users12_humans SET is_email_verified = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
true,
|
||||
"agg-id",
|
||||
@@ -1309,7 +1308,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11_notifications SET verified_email = last_email WHERE (user_id = $1) AND (instance_id = $2)",
|
||||
expectedStmt: "UPDATE projections.users12_notifications SET verified_email = last_email WHERE (user_id = $1) AND (instance_id = $2)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@@ -1338,7 +1337,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@@ -1347,7 +1346,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11_humans SET avatar_key = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users12_humans SET avatar_key = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
"users/agg-id/avatar",
|
||||
"agg-id",
|
||||
@@ -1375,7 +1374,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@@ -1384,7 +1383,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11_humans SET avatar_key = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users12_humans SET avatar_key = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
nil,
|
||||
"agg-id",
|
||||
@@ -1414,7 +1413,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11_humans SET password_change_required = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users12_humans SET password_change_required = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
true,
|
||||
"agg-id",
|
||||
@@ -1422,7 +1421,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11_notifications SET password_set = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users12_notifications SET password_set = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
true,
|
||||
"agg-id",
|
||||
@@ -1452,7 +1451,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11_humans SET password_change_required = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users12_humans SET password_change_required = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
false,
|
||||
"agg-id",
|
||||
@@ -1460,7 +1459,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11_notifications SET password_set = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users12_notifications SET password_set = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
true,
|
||||
"agg-id",
|
||||
@@ -1491,7 +1490,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users11 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
|
||||
expectedStmt: "INSERT INTO projections.users12 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
anyArg{},
|
||||
@@ -1505,7 +1504,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users11_machines (user_id, instance_id, name, description, access_token_type) VALUES ($1, $2, $3, $4, $5)",
|
||||
expectedStmt: "INSERT INTO projections.users12_machines (user_id, instance_id, name, description, access_token_type) VALUES ($1, $2, $3, $4, $5)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@@ -1539,7 +1538,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users11 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
|
||||
expectedStmt: "INSERT INTO projections.users12 (id, creation_date, change_date, resource_owner, instance_id, state, sequence, username, type) VALUES ($1, $2, $3, $4, $5, $6, $7, $8, $9)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
anyArg{},
|
||||
@@ -1553,7 +1552,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "INSERT INTO projections.users11_machines (user_id, instance_id, name, description, access_token_type) VALUES ($1, $2, $3, $4, $5)",
|
||||
expectedStmt: "INSERT INTO projections.users12_machines (user_id, instance_id, name, description, access_token_type) VALUES ($1, $2, $3, $4, $5)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
@@ -1586,7 +1585,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@@ -1595,7 +1594,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11_machines SET (name, description) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users12_machines SET (name, description) = ($1, $2) WHERE (user_id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
"machine-name",
|
||||
"description",
|
||||
@@ -1626,7 +1625,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@@ -1635,7 +1634,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11_machines SET name = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users12_machines SET name = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
"machine-name",
|
||||
"agg-id",
|
||||
@@ -1665,7 +1664,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@@ -1674,7 +1673,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11_machines SET description = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users12_machines SET description = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
"description",
|
||||
"agg-id",
|
||||
@@ -1705,14 +1704,14 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "reduceMachineSecretSet",
|
||||
name: "reduceMachineSecretSet v1 value",
|
||||
args: args{
|
||||
event: getEvent(
|
||||
testEvent(
|
||||
user.MachineSecretSetType,
|
||||
user.AggregateType,
|
||||
[]byte(`{
|
||||
"clientSecret": {"CryptoType":1,"Algorithm":"bcrypt","Crypted":"deadbeef"}
|
||||
"clientSecret": {"CryptoType":1,"Algorithm":"bcrypt","Crypted":"c2VjcmV0"}
|
||||
}`),
|
||||
), user.MachineSecretSetEventMapper),
|
||||
},
|
||||
@@ -1723,7 +1722,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@@ -1732,13 +1731,87 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11_machines SET secret = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users12_machines SET secret = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
&crypto.CryptoValue{
|
||||
CryptoType: crypto.TypeHash,
|
||||
Algorithm: "bcrypt",
|
||||
Crypted: []byte{117, 230, 157, 109, 231, 159},
|
||||
},
|
||||
"secret",
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "reduceMachineSecretSet v2 value",
|
||||
args: args{
|
||||
event: getEvent(
|
||||
testEvent(
|
||||
user.MachineSecretSetType,
|
||||
user.AggregateType,
|
||||
[]byte(`{
|
||||
"hashedSecret": "secret"
|
||||
}`),
|
||||
), user.MachineSecretSetEventMapper),
|
||||
},
|
||||
reduce: (&userProjection{}).reduceMachineSecretSet,
|
||||
want: wantReduce{
|
||||
aggregateType: user.AggregateType,
|
||||
sequence: 15,
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12_machines SET secret = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
"secret",
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "reduceMachineSecretHashUpdated",
|
||||
args: args{
|
||||
event: getEvent(
|
||||
testEvent(
|
||||
user.MachineSecretHashUpdatedType,
|
||||
user.AggregateType,
|
||||
[]byte(`{
|
||||
"hashedSecret": "secret"
|
||||
}`),
|
||||
), eventstore.GenericEventMapper[user.MachineSecretHashUpdatedEvent]),
|
||||
},
|
||||
reduce: (&userProjection{}).reduceMachineSecretHashUpdated,
|
||||
want: wantReduce{
|
||||
aggregateType: user.AggregateType,
|
||||
sequence: 15,
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users12_machines SET secret = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
"secret",
|
||||
"agg-id",
|
||||
"instance-id",
|
||||
},
|
||||
@@ -1764,7 +1837,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedStmt: "UPDATE projections.users12 SET (change_date, sequence) = ($1, $2) WHERE (id = $3) AND (instance_id = $4)",
|
||||
expectedArgs: []interface{}{
|
||||
anyArg{},
|
||||
uint64(15),
|
||||
@@ -1773,7 +1846,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
expectedStmt: "UPDATE projections.users11_machines SET secret = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedStmt: "UPDATE projections.users12_machines SET secret = $1 WHERE (user_id = $2) AND (instance_id = $3)",
|
||||
expectedArgs: []interface{}{
|
||||
nil,
|
||||
"agg-id",
|
||||
@@ -1801,7 +1874,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "DELETE FROM projections.users11 WHERE (instance_id = $1) AND (resource_owner = $2)",
|
||||
expectedStmt: "DELETE FROM projections.users12 WHERE (instance_id = $1) AND (resource_owner = $2)",
|
||||
expectedArgs: []interface{}{
|
||||
"instance-id",
|
||||
"agg-id",
|
||||
@@ -1828,7 +1901,7 @@ func TestUserProjection_reduces(t *testing.T) {
|
||||
executer: &testExecuter{
|
||||
executions: []execution{
|
||||
{
|
||||
expectedStmt: "DELETE FROM projections.users11 WHERE (instance_id = $1)",
|
||||
expectedStmt: "DELETE FROM projections.users12 WHERE (instance_id = $1)",
|
||||
expectedArgs: []interface{}{
|
||||
"agg-id",
|
||||
},
|
||||
|
||||
@@ -118,22 +118,6 @@ func (q *Queries) InitEncryptionGenerator(ctx context.Context, generatorType dom
|
||||
return crypto.NewEncryptionGenerator(cryptoConfig, algorithm), nil
|
||||
}
|
||||
|
||||
func (q *Queries) InitHashGenerator(ctx context.Context, generatorType domain.SecretGeneratorType, algorithm crypto.HashAlgorithm) (crypto.Generator, error) {
|
||||
generatorConfig, err := q.SecretGeneratorByType(ctx, generatorType)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
cryptoConfig := crypto.GeneratorConfig{
|
||||
Length: generatorConfig.Length,
|
||||
Expiry: generatorConfig.Expiry,
|
||||
IncludeLowerLetters: generatorConfig.IncludeLowerLetters,
|
||||
IncludeUpperLetters: generatorConfig.IncludeUpperLetters,
|
||||
IncludeDigits: generatorConfig.IncludeDigits,
|
||||
IncludeSymbols: generatorConfig.IncludeSymbols,
|
||||
}
|
||||
return crypto.NewHashGenerator(cryptoConfig, algorithm), nil
|
||||
}
|
||||
|
||||
func (q *Queries) SecretGeneratorByType(ctx context.Context, generatorType domain.SecretGeneratorType) (generator *SecretGenerator, err error) {
|
||||
ctx, span := tracing.NewSpan(ctx)
|
||||
defer func() { span.EndWithError(err) }()
|
||||
|
||||
@@ -31,7 +31,7 @@ var (
|
||||
` projections.sessions8.user_resource_owner,` +
|
||||
` projections.sessions8.user_checked_at,` +
|
||||
` projections.login_names3.login_name,` +
|
||||
` projections.users11_humans.display_name,` +
|
||||
` projections.users12_humans.display_name,` +
|
||||
` projections.sessions8.password_checked_at,` +
|
||||
` projections.sessions8.intent_checked_at,` +
|
||||
` projections.sessions8.webauthn_checked_at,` +
|
||||
@@ -48,8 +48,8 @@ var (
|
||||
` projections.sessions8.expiration` +
|
||||
` FROM projections.sessions8` +
|
||||
` LEFT JOIN projections.login_names3 ON projections.sessions8.user_id = projections.login_names3.user_id AND projections.sessions8.instance_id = projections.login_names3.instance_id` +
|
||||
` LEFT JOIN projections.users11_humans ON projections.sessions8.user_id = projections.users11_humans.user_id AND projections.sessions8.instance_id = projections.users11_humans.instance_id` +
|
||||
` LEFT JOIN projections.users11 ON projections.sessions8.user_id = projections.users11.id AND projections.sessions8.instance_id = projections.users11.instance_id` +
|
||||
` LEFT JOIN projections.users12_humans ON projections.sessions8.user_id = projections.users12_humans.user_id AND projections.sessions8.instance_id = projections.users12_humans.instance_id` +
|
||||
` LEFT JOIN projections.users12 ON projections.sessions8.user_id = projections.users12.id AND projections.sessions8.instance_id = projections.users12.instance_id` +
|
||||
` AS OF SYSTEM TIME '-1 ms'`)
|
||||
expectedSessionsQuery = regexp.QuoteMeta(`SELECT projections.sessions8.id,` +
|
||||
` projections.sessions8.creation_date,` +
|
||||
@@ -62,7 +62,7 @@ var (
|
||||
` projections.sessions8.user_resource_owner,` +
|
||||
` projections.sessions8.user_checked_at,` +
|
||||
` projections.login_names3.login_name,` +
|
||||
` projections.users11_humans.display_name,` +
|
||||
` projections.users12_humans.display_name,` +
|
||||
` projections.sessions8.password_checked_at,` +
|
||||
` projections.sessions8.intent_checked_at,` +
|
||||
` projections.sessions8.webauthn_checked_at,` +
|
||||
@@ -75,8 +75,8 @@ var (
|
||||
` COUNT(*) OVER ()` +
|
||||
` FROM projections.sessions8` +
|
||||
` LEFT JOIN projections.login_names3 ON projections.sessions8.user_id = projections.login_names3.user_id AND projections.sessions8.instance_id = projections.login_names3.instance_id` +
|
||||
` LEFT JOIN projections.users11_humans ON projections.sessions8.user_id = projections.users11_humans.user_id AND projections.sessions8.instance_id = projections.users11_humans.instance_id` +
|
||||
` LEFT JOIN projections.users11 ON projections.sessions8.user_id = projections.users11.id AND projections.sessions8.instance_id = projections.users11.instance_id` +
|
||||
` LEFT JOIN projections.users12_humans ON projections.sessions8.user_id = projections.users12_humans.user_id AND projections.sessions8.instance_id = projections.users12_humans.instance_id` +
|
||||
` LEFT JOIN projections.users12 ON projections.sessions8.user_id = projections.users12.id AND projections.sessions8.instance_id = projections.users12.instance_id` +
|
||||
` AS OF SYSTEM TIME '-1 ms'`)
|
||||
|
||||
sessionCols = []string{
|
||||
|
||||
@@ -2,12 +2,7 @@
|
||||
"instance_id": "230690539048009730",
|
||||
"app_id": "236646858984783874",
|
||||
"client_id": "236646858984849410@tests",
|
||||
"client_secret": {
|
||||
"KeyID": "",
|
||||
"Crypted": "JDJhJDE0JE96WjBYRVpaRXREMTNweS9FUGJhMmV2c1M2V2NLWjVvclZNajlwV0hFR0VIbUx1MmgzUEZx",
|
||||
"Algorithm": "bcrypt",
|
||||
"CryptoType": 1
|
||||
},
|
||||
"client_secret": "$2a$14$OzZ0XEZZEtD13py/EPba2evsS6WcKZ5orVMj9pWHEGEHmLu2h3PFq",
|
||||
"redirect_uris": ["http://localhost:9999/auth/callback"],
|
||||
"response_types": [0],
|
||||
"grant_types": [0],
|
||||
|
||||
@@ -13,7 +13,6 @@ import (
|
||||
|
||||
"github.com/zitadel/zitadel/internal/api/authz"
|
||||
"github.com/zitadel/zitadel/internal/api/call"
|
||||
"github.com/zitadel/zitadel/internal/crypto"
|
||||
"github.com/zitadel/zitadel/internal/database"
|
||||
"github.com/zitadel/zitadel/internal/domain"
|
||||
"github.com/zitadel/zitadel/internal/query/projection"
|
||||
@@ -94,7 +93,7 @@ type Phone struct {
|
||||
type Machine struct {
|
||||
Name string `json:"name,omitempty"`
|
||||
Description string `json:"description,omitempty"`
|
||||
Secret *crypto.CryptoValue `json:"secret,omitempty"`
|
||||
EncodedSecret string `json:"encoded_hash,omitempty"`
|
||||
AccessTokenType domain.OIDCTokenType `json:"access_token_type,omitempty"`
|
||||
}
|
||||
|
||||
@@ -827,7 +826,7 @@ func scanUser(row *sql.Row) (*User, error) {
|
||||
machineID := sql.NullString{}
|
||||
name := sql.NullString{}
|
||||
description := sql.NullString{}
|
||||
var secret *crypto.CryptoValue
|
||||
encodedHash := sql.NullString{}
|
||||
accessTokenType := sql.NullInt32{}
|
||||
|
||||
err := row.Scan(
|
||||
@@ -857,7 +856,7 @@ func scanUser(row *sql.Row) (*User, error) {
|
||||
&machineID,
|
||||
&name,
|
||||
&description,
|
||||
&secret,
|
||||
&encodedHash,
|
||||
&accessTokenType,
|
||||
&count,
|
||||
)
|
||||
@@ -890,7 +889,7 @@ func scanUser(row *sql.Row) (*User, error) {
|
||||
u.Machine = &Machine{
|
||||
Name: name.String,
|
||||
Description: description.String,
|
||||
Secret: secret,
|
||||
EncodedSecret: encodedHash.String,
|
||||
AccessTokenType: domain.OIDCTokenType(accessTokenType.Int32),
|
||||
}
|
||||
}
|
||||
@@ -1360,7 +1359,7 @@ func prepareUsersQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuilde
|
||||
machineID := sql.NullString{}
|
||||
name := sql.NullString{}
|
||||
description := sql.NullString{}
|
||||
secret := new(crypto.CryptoValue)
|
||||
encodedHash := sql.NullString{}
|
||||
accessTokenType := sql.NullInt32{}
|
||||
|
||||
err := rows.Scan(
|
||||
@@ -1390,7 +1389,7 @@ func prepareUsersQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuilde
|
||||
&machineID,
|
||||
&name,
|
||||
&description,
|
||||
secret,
|
||||
&encodedHash,
|
||||
&accessTokenType,
|
||||
&count,
|
||||
)
|
||||
@@ -1422,7 +1421,7 @@ func prepareUsersQuery(ctx context.Context, db prepareDatabase) (sq.SelectBuilde
|
||||
u.Machine = &Machine{
|
||||
Name: name.String,
|
||||
Description: description.String,
|
||||
Secret: secret,
|
||||
EncodedSecret: encodedHash.String,
|
||||
AccessTokenType: domain.OIDCTokenType(accessTokenType.Int32),
|
||||
}
|
||||
}
|
||||
|
||||
@@ -39,38 +39,38 @@ var (
|
||||
"method_type",
|
||||
"count",
|
||||
}
|
||||
prepareActiveAuthMethodTypesStmt = `SELECT projections.users11_notifications.password_set,` +
|
||||
prepareActiveAuthMethodTypesStmt = `SELECT projections.users12_notifications.password_set,` +
|
||||
` auth_method_types.method_type,` +
|
||||
` user_idps_count.count` +
|
||||
` FROM projections.users11` +
|
||||
` LEFT JOIN projections.users11_notifications ON projections.users11.id = projections.users11_notifications.user_id AND projections.users11.instance_id = projections.users11_notifications.instance_id` +
|
||||
` FROM projections.users12` +
|
||||
` LEFT JOIN projections.users12_notifications ON projections.users12.id = projections.users12_notifications.user_id AND projections.users12.instance_id = projections.users12_notifications.instance_id` +
|
||||
` LEFT JOIN (SELECT DISTINCT(auth_method_types.method_type), auth_method_types.user_id, auth_method_types.instance_id FROM projections.user_auth_methods4 AS auth_method_types` +
|
||||
` WHERE auth_method_types.state = $1) AS auth_method_types` +
|
||||
` ON auth_method_types.user_id = projections.users11.id AND auth_method_types.instance_id = projections.users11.instance_id` +
|
||||
` ON auth_method_types.user_id = projections.users12.id AND auth_method_types.instance_id = projections.users12.instance_id` +
|
||||
` LEFT JOIN (SELECT user_idps_count.user_id, user_idps_count.instance_id, COUNT(user_idps_count.user_id) AS count FROM projections.idp_user_links3 AS user_idps_count` +
|
||||
` GROUP BY user_idps_count.user_id, user_idps_count.instance_id) AS user_idps_count` +
|
||||
` ON user_idps_count.user_id = projections.users11.id AND user_idps_count.instance_id = projections.users11.instance_id` +
|
||||
` ON user_idps_count.user_id = projections.users12.id AND user_idps_count.instance_id = projections.users12.instance_id` +
|
||||
` AS OF SYSTEM TIME '-1 ms`
|
||||
prepareActiveAuthMethodTypesCols = []string{
|
||||
"password_set",
|
||||
"method_type",
|
||||
"idps_count",
|
||||
}
|
||||
prepareAuthMethodTypesRequiredStmt = `SELECT projections.users11_notifications.password_set,` +
|
||||
prepareAuthMethodTypesRequiredStmt = `SELECT projections.users12_notifications.password_set,` +
|
||||
` auth_method_types.method_type,` +
|
||||
` user_idps_count.count,` +
|
||||
` auth_methods_force_mfa.force_mfa,` +
|
||||
` auth_methods_force_mfa.force_mfa_local_only` +
|
||||
` FROM projections.users11` +
|
||||
` LEFT JOIN projections.users11_notifications ON projections.users11.id = projections.users11_notifications.user_id AND projections.users11.instance_id = projections.users11_notifications.instance_id` +
|
||||
` FROM projections.users12` +
|
||||
` LEFT JOIN projections.users12_notifications ON projections.users12.id = projections.users12_notifications.user_id AND projections.users12.instance_id = projections.users12_notifications.instance_id` +
|
||||
` LEFT JOIN (SELECT DISTINCT(auth_method_types.method_type), auth_method_types.user_id, auth_method_types.instance_id FROM projections.user_auth_methods4 AS auth_method_types` +
|
||||
` WHERE auth_method_types.state = $1) AS auth_method_types` +
|
||||
` ON auth_method_types.user_id = projections.users11.id AND auth_method_types.instance_id = projections.users11.instance_id` +
|
||||
` ON auth_method_types.user_id = projections.users12.id AND auth_method_types.instance_id = projections.users12.instance_id` +
|
||||
` LEFT JOIN (SELECT user_idps_count.user_id, user_idps_count.instance_id, COUNT(user_idps_count.user_id) AS count FROM projections.idp_user_links3 AS user_idps_count` +
|
||||
` GROUP BY user_idps_count.user_id, user_idps_count.instance_id) AS user_idps_count` +
|
||||
` ON user_idps_count.user_id = projections.users11.id AND user_idps_count.instance_id = projections.users11.instance_id` +
|
||||
` ON user_idps_count.user_id = projections.users12.id AND user_idps_count.instance_id = projections.users12.instance_id` +
|
||||
` LEFT JOIN (SELECT auth_methods_force_mfa.force_mfa, auth_methods_force_mfa.force_mfa_local_only, auth_methods_force_mfa.instance_id, auth_methods_force_mfa.aggregate_id FROM projections.login_policies5 AS auth_methods_force_mfa ORDER BY auth_methods_force_mfa.is_default) AS auth_methods_force_mfa` +
|
||||
` ON (auth_methods_force_mfa.aggregate_id = projections.users11.instance_id OR auth_methods_force_mfa.aggregate_id = projections.users11.resource_owner) AND auth_methods_force_mfa.instance_id = projections.users11.instance_id` +
|
||||
` ON (auth_methods_force_mfa.aggregate_id = projections.users12.instance_id OR auth_methods_force_mfa.aggregate_id = projections.users12.resource_owner) AND auth_methods_force_mfa.instance_id = projections.users12.instance_id` +
|
||||
` AS OF SYSTEM TIME '-1 ms
|
||||
`
|
||||
prepareAuthMethodTypesRequiredCols = []string{
|
||||
|
||||
@@ -65,14 +65,14 @@ SELECT
|
||||
, m.secret
|
||||
, m.access_token_type
|
||||
, count(*) OVER ()
|
||||
FROM projections.users11 u
|
||||
FROM projections.users12 u
|
||||
LEFT JOIN
|
||||
projections.users11_humans h
|
||||
projections.users12_humans h
|
||||
ON
|
||||
u.id = h.user_id
|
||||
AND u.instance_id = h.instance_id
|
||||
LEFT JOIN
|
||||
projections.users11_machines m
|
||||
projections.users12_machines m
|
||||
ON
|
||||
u.id = m.user_id
|
||||
AND u.instance_id = m.instance_id
|
||||
|
||||
@@ -103,17 +103,17 @@ SELECT
|
||||
, count(*) OVER ()
|
||||
FROM found_users fu
|
||||
JOIN
|
||||
projections.users11 u
|
||||
projections.users12 u
|
||||
ON
|
||||
fu.id = u.id
|
||||
AND fu.instance_id = u.instance_id
|
||||
LEFT JOIN
|
||||
projections.users11_humans h
|
||||
projections.users12_humans h
|
||||
ON
|
||||
fu.id = h.user_id
|
||||
AND fu.instance_id = h.instance_id
|
||||
LEFT JOIN
|
||||
projections.users11_machines m
|
||||
projections.users12_machines m
|
||||
ON
|
||||
fu.id = m.user_id
|
||||
AND fu.instance_id = m.instance_id
|
||||
|
||||
@@ -23,14 +23,14 @@ var (
|
||||
", projections.user_grants5.roles" +
|
||||
", projections.user_grants5.state" +
|
||||
", projections.user_grants5.user_id" +
|
||||
", projections.users11.username" +
|
||||
", projections.users11.type" +
|
||||
", projections.users11.resource_owner" +
|
||||
", projections.users11_humans.first_name" +
|
||||
", projections.users11_humans.last_name" +
|
||||
", projections.users11_humans.email" +
|
||||
", projections.users11_humans.display_name" +
|
||||
", projections.users11_humans.avatar_key" +
|
||||
", projections.users12.username" +
|
||||
", projections.users12.type" +
|
||||
", projections.users12.resource_owner" +
|
||||
", projections.users12_humans.first_name" +
|
||||
", projections.users12_humans.last_name" +
|
||||
", projections.users12_humans.email" +
|
||||
", projections.users12_humans.display_name" +
|
||||
", projections.users12_humans.avatar_key" +
|
||||
", projections.login_names3.login_name" +
|
||||
", projections.user_grants5.resource_owner" +
|
||||
", projections.orgs1.name" +
|
||||
@@ -41,11 +41,11 @@ var (
|
||||
", granted_orgs.name" +
|
||||
", granted_orgs.primary_domain" +
|
||||
" FROM projections.user_grants5" +
|
||||
" LEFT JOIN projections.users11 ON projections.user_grants5.user_id = projections.users11.id AND projections.user_grants5.instance_id = projections.users11.instance_id" +
|
||||
" LEFT JOIN projections.users11_humans ON projections.user_grants5.user_id = projections.users11_humans.user_id AND projections.user_grants5.instance_id = projections.users11_humans.instance_id" +
|
||||
" LEFT JOIN projections.users12 ON projections.user_grants5.user_id = projections.users12.id AND projections.user_grants5.instance_id = projections.users12.instance_id" +
|
||||
" LEFT JOIN projections.users12_humans ON projections.user_grants5.user_id = projections.users12_humans.user_id AND projections.user_grants5.instance_id = projections.users12_humans.instance_id" +
|
||||
" LEFT JOIN projections.orgs1 ON projections.user_grants5.resource_owner = projections.orgs1.id AND projections.user_grants5.instance_id = projections.orgs1.instance_id" +
|
||||
" LEFT JOIN projections.projects4 ON projections.user_grants5.project_id = projections.projects4.id AND projections.user_grants5.instance_id = projections.projects4.instance_id" +
|
||||
" LEFT JOIN projections.orgs1 AS granted_orgs ON projections.users11.resource_owner = granted_orgs.id AND projections.users11.instance_id = granted_orgs.instance_id" +
|
||||
" LEFT JOIN projections.orgs1 AS granted_orgs ON projections.users12.resource_owner = granted_orgs.id AND projections.users12.instance_id = granted_orgs.instance_id" +
|
||||
" LEFT JOIN projections.login_names3 ON projections.user_grants5.user_id = projections.login_names3.user_id AND projections.user_grants5.instance_id = projections.login_names3.instance_id" +
|
||||
` AS OF SYSTEM TIME '-1 ms' ` +
|
||||
" WHERE projections.login_names3.is_primary = $1")
|
||||
@@ -85,14 +85,14 @@ var (
|
||||
", projections.user_grants5.roles" +
|
||||
", projections.user_grants5.state" +
|
||||
", projections.user_grants5.user_id" +
|
||||
", projections.users11.username" +
|
||||
", projections.users11.type" +
|
||||
", projections.users11.resource_owner" +
|
||||
", projections.users11_humans.first_name" +
|
||||
", projections.users11_humans.last_name" +
|
||||
", projections.users11_humans.email" +
|
||||
", projections.users11_humans.display_name" +
|
||||
", projections.users11_humans.avatar_key" +
|
||||
", projections.users12.username" +
|
||||
", projections.users12.type" +
|
||||
", projections.users12.resource_owner" +
|
||||
", projections.users12_humans.first_name" +
|
||||
", projections.users12_humans.last_name" +
|
||||
", projections.users12_humans.email" +
|
||||
", projections.users12_humans.display_name" +
|
||||
", projections.users12_humans.avatar_key" +
|
||||
", projections.login_names3.login_name" +
|
||||
", projections.user_grants5.resource_owner" +
|
||||
", projections.orgs1.name" +
|
||||
@@ -104,11 +104,11 @@ var (
|
||||
", granted_orgs.primary_domain" +
|
||||
", COUNT(*) OVER ()" +
|
||||
" FROM projections.user_grants5" +
|
||||
" LEFT JOIN projections.users11 ON projections.user_grants5.user_id = projections.users11.id AND projections.user_grants5.instance_id = projections.users11.instance_id" +
|
||||
" LEFT JOIN projections.users11_humans ON projections.user_grants5.user_id = projections.users11_humans.user_id AND projections.user_grants5.instance_id = projections.users11_humans.instance_id" +
|
||||
" LEFT JOIN projections.users12 ON projections.user_grants5.user_id = projections.users12.id AND projections.user_grants5.instance_id = projections.users12.instance_id" +
|
||||
" LEFT JOIN projections.users12_humans ON projections.user_grants5.user_id = projections.users12_humans.user_id AND projections.user_grants5.instance_id = projections.users12_humans.instance_id" +
|
||||
" LEFT JOIN projections.orgs1 ON projections.user_grants5.resource_owner = projections.orgs1.id AND projections.user_grants5.instance_id = projections.orgs1.instance_id" +
|
||||
" LEFT JOIN projections.projects4 ON projections.user_grants5.project_id = projections.projects4.id AND projections.user_grants5.instance_id = projections.projects4.instance_id" +
|
||||
" LEFT JOIN projections.orgs1 AS granted_orgs ON projections.users11.resource_owner = granted_orgs.id AND projections.users11.instance_id = granted_orgs.instance_id" +
|
||||
" LEFT JOIN projections.orgs1 AS granted_orgs ON projections.users12.resource_owner = granted_orgs.id AND projections.users12.instance_id = granted_orgs.instance_id" +
|
||||
" LEFT JOIN projections.login_names3 ON projections.user_grants5.user_id = projections.login_names3.user_id AND projections.user_grants5.instance_id = projections.login_names3.instance_id" +
|
||||
` AS OF SYSTEM TIME '-1 ms' ` +
|
||||
" WHERE projections.login_names3.is_primary = $1")
|
||||
|
||||
@@ -62,14 +62,14 @@ SELECT
|
||||
, n.verified_phone
|
||||
, n.password_set
|
||||
, count(*) OVER ()
|
||||
FROM projections.users11 u
|
||||
FROM projections.users12 u
|
||||
LEFT JOIN
|
||||
projections.users11_humans h
|
||||
projections.users12_humans h
|
||||
ON
|
||||
u.id = h.user_id
|
||||
AND u.instance_id = h.instance_id
|
||||
LEFT JOIN
|
||||
projections.users11_notifications n
|
||||
projections.users12_notifications n
|
||||
ON
|
||||
u.id = n.user_id
|
||||
AND u.instance_id = n.instance_id
|
||||
|
||||
@@ -99,17 +99,17 @@ SELECT
|
||||
, count(*) OVER ()
|
||||
FROM found_users fu
|
||||
JOIN
|
||||
projections.users11 u
|
||||
projections.users12 u
|
||||
ON
|
||||
fu.id = u.id
|
||||
AND fu.instance_id = u.instance_id
|
||||
LEFT JOIN
|
||||
projections.users11_humans h
|
||||
projections.users12_humans h
|
||||
ON
|
||||
fu.id = h.user_id
|
||||
AND fu.instance_id = h.instance_id
|
||||
LEFT JOIN
|
||||
projections.users11_notifications n
|
||||
projections.users12_notifications n
|
||||
ON
|
||||
fu.id = n.user_id
|
||||
AND fu.instance_id = n.instance_id
|
||||
|
||||
@@ -72,11 +72,11 @@ func (wm *HumanPasswordReadModel) Reduce() error {
|
||||
for _, event := range wm.Events {
|
||||
switch e := event.(type) {
|
||||
case *user.HumanAddedEvent:
|
||||
wm.EncodedHash = user.SecretOrEncodedHash(e.Secret, e.EncodedHash)
|
||||
wm.EncodedHash = crypto.SecretOrEncodedHash(e.Secret, e.EncodedHash)
|
||||
wm.SecretChangeRequired = e.ChangeRequired
|
||||
wm.UserState = domain.UserStateActive
|
||||
case *user.HumanRegisteredEvent:
|
||||
wm.EncodedHash = user.SecretOrEncodedHash(e.Secret, e.EncodedHash)
|
||||
wm.EncodedHash = crypto.SecretOrEncodedHash(e.Secret, e.EncodedHash)
|
||||
wm.SecretChangeRequired = e.ChangeRequired
|
||||
wm.UserState = domain.UserStateActive
|
||||
case *user.HumanInitialCodeAddedEvent:
|
||||
@@ -84,7 +84,7 @@ func (wm *HumanPasswordReadModel) Reduce() error {
|
||||
case *user.HumanInitializedCheckSucceededEvent:
|
||||
wm.UserState = domain.UserStateActive
|
||||
case *user.HumanPasswordChangedEvent:
|
||||
wm.EncodedHash = user.SecretOrEncodedHash(e.Secret, e.EncodedHash)
|
||||
wm.EncodedHash = crypto.SecretOrEncodedHash(e.Secret, e.EncodedHash)
|
||||
wm.SecretChangeRequired = e.ChangeRequired
|
||||
wm.Code = nil
|
||||
wm.PasswordCheckFailedCount = 0
|
||||
|
||||
@@ -12,7 +12,6 @@ import (
|
||||
"github.com/stretchr/testify/require"
|
||||
"golang.org/x/text/language"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/crypto"
|
||||
"github.com/zitadel/zitadel/internal/database"
|
||||
"github.com/zitadel/zitadel/internal/domain"
|
||||
"github.com/zitadel/zitadel/internal/zerrors"
|
||||
@@ -148,44 +147,44 @@ var (
|
||||
preferredLoginNameQuery = `SELECT preferred_login_name.user_id, preferred_login_name.login_name, preferred_login_name.instance_id` +
|
||||
` FROM projections.login_names3 AS preferred_login_name` +
|
||||
` WHERE preferred_login_name.is_primary = $1`
|
||||
userQuery = `SELECT projections.users11.id,` +
|
||||
` projections.users11.creation_date,` +
|
||||
` projections.users11.change_date,` +
|
||||
` projections.users11.resource_owner,` +
|
||||
` projections.users11.sequence,` +
|
||||
` projections.users11.state,` +
|
||||
` projections.users11.type,` +
|
||||
` projections.users11.username,` +
|
||||
userQuery = `SELECT projections.users12.id,` +
|
||||
` projections.users12.creation_date,` +
|
||||
` projections.users12.change_date,` +
|
||||
` projections.users12.resource_owner,` +
|
||||
` projections.users12.sequence,` +
|
||||
` projections.users12.state,` +
|
||||
` projections.users12.type,` +
|
||||
` projections.users12.username,` +
|
||||
` login_names.loginnames,` +
|
||||
` preferred_login_name.login_name,` +
|
||||
` projections.users11_humans.user_id,` +
|
||||
` projections.users11_humans.first_name,` +
|
||||
` projections.users11_humans.last_name,` +
|
||||
` projections.users11_humans.nick_name,` +
|
||||
` projections.users11_humans.display_name,` +
|
||||
` projections.users11_humans.preferred_language,` +
|
||||
` projections.users11_humans.gender,` +
|
||||
` projections.users11_humans.avatar_key,` +
|
||||
` projections.users11_humans.email,` +
|
||||
` projections.users11_humans.is_email_verified,` +
|
||||
` projections.users11_humans.phone,` +
|
||||
` projections.users11_humans.is_phone_verified,` +
|
||||
` projections.users11_humans.password_change_required,` +
|
||||
` projections.users11_machines.user_id,` +
|
||||
` projections.users11_machines.name,` +
|
||||
` projections.users11_machines.description,` +
|
||||
` projections.users11_machines.secret,` +
|
||||
` projections.users11_machines.access_token_type,` +
|
||||
` projections.users12_humans.user_id,` +
|
||||
` projections.users12_humans.first_name,` +
|
||||
` projections.users12_humans.last_name,` +
|
||||
` projections.users12_humans.nick_name,` +
|
||||
` projections.users12_humans.display_name,` +
|
||||
` projections.users12_humans.preferred_language,` +
|
||||
` projections.users12_humans.gender,` +
|
||||
` projections.users12_humans.avatar_key,` +
|
||||
` projections.users12_humans.email,` +
|
||||
` projections.users12_humans.is_email_verified,` +
|
||||
` projections.users12_humans.phone,` +
|
||||
` projections.users12_humans.is_phone_verified,` +
|
||||
` projections.users12_humans.password_change_required,` +
|
||||
` projections.users12_machines.user_id,` +
|
||||
` projections.users12_machines.name,` +
|
||||
` projections.users12_machines.description,` +
|
||||
` projections.users12_machines.secret,` +
|
||||
` projections.users12_machines.access_token_type,` +
|
||||
` COUNT(*) OVER ()` +
|
||||
` FROM projections.users11` +
|
||||
` LEFT JOIN projections.users11_humans ON projections.users11.id = projections.users11_humans.user_id AND projections.users11.instance_id = projections.users11_humans.instance_id` +
|
||||
` LEFT JOIN projections.users11_machines ON projections.users11.id = projections.users11_machines.user_id AND projections.users11.instance_id = projections.users11_machines.instance_id` +
|
||||
` FROM projections.users12` +
|
||||
` LEFT JOIN projections.users12_humans ON projections.users12.id = projections.users12_humans.user_id AND projections.users12.instance_id = projections.users12_humans.instance_id` +
|
||||
` LEFT JOIN projections.users12_machines ON projections.users12.id = projections.users12_machines.user_id AND projections.users12.instance_id = projections.users12_machines.instance_id` +
|
||||
` LEFT JOIN` +
|
||||
` (` + loginNamesQuery + `) AS login_names` +
|
||||
` ON login_names.user_id = projections.users11.id AND login_names.instance_id = projections.users11.instance_id` +
|
||||
` ON login_names.user_id = projections.users12.id AND login_names.instance_id = projections.users12.instance_id` +
|
||||
` LEFT JOIN` +
|
||||
` (` + preferredLoginNameQuery + `) AS preferred_login_name` +
|
||||
` ON preferred_login_name.user_id = projections.users11.id AND preferred_login_name.instance_id = projections.users11.instance_id` +
|
||||
` ON preferred_login_name.user_id = projections.users12.id AND preferred_login_name.instance_id = projections.users12.instance_id` +
|
||||
` AS OF SYSTEM TIME '-1 ms'`
|
||||
userCols = []string{
|
||||
"id",
|
||||
@@ -220,21 +219,21 @@ var (
|
||||
"access_token_type",
|
||||
"count",
|
||||
}
|
||||
profileQuery = `SELECT projections.users11.id,` +
|
||||
` projections.users11.creation_date,` +
|
||||
` projections.users11.change_date,` +
|
||||
` projections.users11.resource_owner,` +
|
||||
` projections.users11.sequence,` +
|
||||
` projections.users11_humans.user_id,` +
|
||||
` projections.users11_humans.first_name,` +
|
||||
` projections.users11_humans.last_name,` +
|
||||
` projections.users11_humans.nick_name,` +
|
||||
` projections.users11_humans.display_name,` +
|
||||
` projections.users11_humans.preferred_language,` +
|
||||
` projections.users11_humans.gender,` +
|
||||
` projections.users11_humans.avatar_key` +
|
||||
` FROM projections.users11` +
|
||||
` LEFT JOIN projections.users11_humans ON projections.users11.id = projections.users11_humans.user_id AND projections.users11.instance_id = projections.users11_humans.instance_id` +
|
||||
profileQuery = `SELECT projections.users12.id,` +
|
||||
` projections.users12.creation_date,` +
|
||||
` projections.users12.change_date,` +
|
||||
` projections.users12.resource_owner,` +
|
||||
` projections.users12.sequence,` +
|
||||
` projections.users12_humans.user_id,` +
|
||||
` projections.users12_humans.first_name,` +
|
||||
` projections.users12_humans.last_name,` +
|
||||
` projections.users12_humans.nick_name,` +
|
||||
` projections.users12_humans.display_name,` +
|
||||
` projections.users12_humans.preferred_language,` +
|
||||
` projections.users12_humans.gender,` +
|
||||
` projections.users12_humans.avatar_key` +
|
||||
` FROM projections.users12` +
|
||||
` LEFT JOIN projections.users12_humans ON projections.users12.id = projections.users12_humans.user_id AND projections.users12.instance_id = projections.users12_humans.instance_id` +
|
||||
` AS OF SYSTEM TIME '-1 ms'`
|
||||
profileCols = []string{
|
||||
"id",
|
||||
@@ -251,16 +250,16 @@ var (
|
||||
"gender",
|
||||
"avatar_key",
|
||||
}
|
||||
emailQuery = `SELECT projections.users11.id,` +
|
||||
` projections.users11.creation_date,` +
|
||||
` projections.users11.change_date,` +
|
||||
` projections.users11.resource_owner,` +
|
||||
` projections.users11.sequence,` +
|
||||
` projections.users11_humans.user_id,` +
|
||||
` projections.users11_humans.email,` +
|
||||
` projections.users11_humans.is_email_verified` +
|
||||
` FROM projections.users11` +
|
||||
` LEFT JOIN projections.users11_humans ON projections.users11.id = projections.users11_humans.user_id AND projections.users11.instance_id = projections.users11_humans.instance_id` +
|
||||
emailQuery = `SELECT projections.users12.id,` +
|
||||
` projections.users12.creation_date,` +
|
||||
` projections.users12.change_date,` +
|
||||
` projections.users12.resource_owner,` +
|
||||
` projections.users12.sequence,` +
|
||||
` projections.users12_humans.user_id,` +
|
||||
` projections.users12_humans.email,` +
|
||||
` projections.users12_humans.is_email_verified` +
|
||||
` FROM projections.users12` +
|
||||
` LEFT JOIN projections.users12_humans ON projections.users12.id = projections.users12_humans.user_id AND projections.users12.instance_id = projections.users12_humans.instance_id` +
|
||||
` AS OF SYSTEM TIME '-1 ms'`
|
||||
emailCols = []string{
|
||||
"id",
|
||||
@@ -272,16 +271,16 @@ var (
|
||||
"email",
|
||||
"is_email_verified",
|
||||
}
|
||||
phoneQuery = `SELECT projections.users11.id,` +
|
||||
` projections.users11.creation_date,` +
|
||||
` projections.users11.change_date,` +
|
||||
` projections.users11.resource_owner,` +
|
||||
` projections.users11.sequence,` +
|
||||
` projections.users11_humans.user_id,` +
|
||||
` projections.users11_humans.phone,` +
|
||||
` projections.users11_humans.is_phone_verified` +
|
||||
` FROM projections.users11` +
|
||||
` LEFT JOIN projections.users11_humans ON projections.users11.id = projections.users11_humans.user_id AND projections.users11.instance_id = projections.users11_humans.instance_id` +
|
||||
phoneQuery = `SELECT projections.users12.id,` +
|
||||
` projections.users12.creation_date,` +
|
||||
` projections.users12.change_date,` +
|
||||
` projections.users12.resource_owner,` +
|
||||
` projections.users12.sequence,` +
|
||||
` projections.users12_humans.user_id,` +
|
||||
` projections.users12_humans.phone,` +
|
||||
` projections.users12_humans.is_phone_verified` +
|
||||
` FROM projections.users12` +
|
||||
` LEFT JOIN projections.users12_humans ON projections.users12.id = projections.users12_humans.user_id AND projections.users12.instance_id = projections.users12_humans.instance_id` +
|
||||
` AS OF SYSTEM TIME '-1 ms'`
|
||||
phoneCols = []string{
|
||||
"id",
|
||||
@@ -293,14 +292,14 @@ var (
|
||||
"phone",
|
||||
"is_phone_verified",
|
||||
}
|
||||
userUniqueQuery = `SELECT projections.users11.id,` +
|
||||
` projections.users11.state,` +
|
||||
` projections.users11.username,` +
|
||||
` projections.users11_humans.user_id,` +
|
||||
` projections.users11_humans.email,` +
|
||||
` projections.users11_humans.is_email_verified` +
|
||||
` FROM projections.users11` +
|
||||
` LEFT JOIN projections.users11_humans ON projections.users11.id = projections.users11_humans.user_id AND projections.users11.instance_id = projections.users11_humans.instance_id` +
|
||||
userUniqueQuery = `SELECT projections.users12.id,` +
|
||||
` projections.users12.state,` +
|
||||
` projections.users12.username,` +
|
||||
` projections.users12_humans.user_id,` +
|
||||
` projections.users12_humans.email,` +
|
||||
` projections.users12_humans.is_email_verified` +
|
||||
` FROM projections.users12` +
|
||||
` LEFT JOIN projections.users12_humans ON projections.users12.id = projections.users12_humans.user_id AND projections.users12.instance_id = projections.users12_humans.instance_id` +
|
||||
` AS OF SYSTEM TIME '-1 ms'`
|
||||
userUniqueCols = []string{
|
||||
"id",
|
||||
@@ -310,40 +309,40 @@ var (
|
||||
"email",
|
||||
"is_email_verified",
|
||||
}
|
||||
notifyUserQuery = `SELECT projections.users11.id,` +
|
||||
` projections.users11.creation_date,` +
|
||||
` projections.users11.change_date,` +
|
||||
` projections.users11.resource_owner,` +
|
||||
` projections.users11.sequence,` +
|
||||
` projections.users11.state,` +
|
||||
` projections.users11.type,` +
|
||||
` projections.users11.username,` +
|
||||
notifyUserQuery = `SELECT projections.users12.id,` +
|
||||
` projections.users12.creation_date,` +
|
||||
` projections.users12.change_date,` +
|
||||
` projections.users12.resource_owner,` +
|
||||
` projections.users12.sequence,` +
|
||||
` projections.users12.state,` +
|
||||
` projections.users12.type,` +
|
||||
` projections.users12.username,` +
|
||||
` login_names.loginnames,` +
|
||||
` preferred_login_name.login_name,` +
|
||||
` projections.users11_humans.user_id,` +
|
||||
` projections.users11_humans.first_name,` +
|
||||
` projections.users11_humans.last_name,` +
|
||||
` projections.users11_humans.nick_name,` +
|
||||
` projections.users11_humans.display_name,` +
|
||||
` projections.users11_humans.preferred_language,` +
|
||||
` projections.users11_humans.gender,` +
|
||||
` projections.users11_humans.avatar_key,` +
|
||||
` projections.users11_notifications.user_id,` +
|
||||
` projections.users11_notifications.last_email,` +
|
||||
` projections.users11_notifications.verified_email,` +
|
||||
` projections.users11_notifications.last_phone,` +
|
||||
` projections.users11_notifications.verified_phone,` +
|
||||
` projections.users11_notifications.password_set,` +
|
||||
` projections.users12_humans.user_id,` +
|
||||
` projections.users12_humans.first_name,` +
|
||||
` projections.users12_humans.last_name,` +
|
||||
` projections.users12_humans.nick_name,` +
|
||||
` projections.users12_humans.display_name,` +
|
||||
` projections.users12_humans.preferred_language,` +
|
||||
` projections.users12_humans.gender,` +
|
||||
` projections.users12_humans.avatar_key,` +
|
||||
` projections.users12_notifications.user_id,` +
|
||||
` projections.users12_notifications.last_email,` +
|
||||
` projections.users12_notifications.verified_email,` +
|
||||
` projections.users12_notifications.last_phone,` +
|
||||
` projections.users12_notifications.verified_phone,` +
|
||||
` projections.users12_notifications.password_set,` +
|
||||
` COUNT(*) OVER ()` +
|
||||
` FROM projections.users11` +
|
||||
` LEFT JOIN projections.users11_humans ON projections.users11.id = projections.users11_humans.user_id AND projections.users11.instance_id = projections.users11_humans.instance_id` +
|
||||
` LEFT JOIN projections.users11_notifications ON projections.users11.id = projections.users11_notifications.user_id AND projections.users11.instance_id = projections.users11_notifications.instance_id` +
|
||||
` FROM projections.users12` +
|
||||
` LEFT JOIN projections.users12_humans ON projections.users12.id = projections.users12_humans.user_id AND projections.users12.instance_id = projections.users12_humans.instance_id` +
|
||||
` LEFT JOIN projections.users12_notifications ON projections.users12.id = projections.users12_notifications.user_id AND projections.users12.instance_id = projections.users12_notifications.instance_id` +
|
||||
` LEFT JOIN` +
|
||||
` (` + loginNamesQuery + `) AS login_names` +
|
||||
` ON login_names.user_id = projections.users11.id AND login_names.instance_id = projections.users11.instance_id` +
|
||||
` ON login_names.user_id = projections.users12.id AND login_names.instance_id = projections.users12.instance_id` +
|
||||
` LEFT JOIN` +
|
||||
` (` + preferredLoginNameQuery + `) AS preferred_login_name` +
|
||||
` ON preferred_login_name.user_id = projections.users11.id AND preferred_login_name.instance_id = projections.users11.instance_id` +
|
||||
` ON preferred_login_name.user_id = projections.users12.id AND preferred_login_name.instance_id = projections.users12.instance_id` +
|
||||
` AS OF SYSTEM TIME '-1 ms'`
|
||||
notifyUserCols = []string{
|
||||
"id",
|
||||
@@ -374,44 +373,44 @@ var (
|
||||
"password_set",
|
||||
"count",
|
||||
}
|
||||
usersQuery = `SELECT projections.users11.id,` +
|
||||
` projections.users11.creation_date,` +
|
||||
` projections.users11.change_date,` +
|
||||
` projections.users11.resource_owner,` +
|
||||
` projections.users11.sequence,` +
|
||||
` projections.users11.state,` +
|
||||
` projections.users11.type,` +
|
||||
` projections.users11.username,` +
|
||||
usersQuery = `SELECT projections.users12.id,` +
|
||||
` projections.users12.creation_date,` +
|
||||
` projections.users12.change_date,` +
|
||||
` projections.users12.resource_owner,` +
|
||||
` projections.users12.sequence,` +
|
||||
` projections.users12.state,` +
|
||||
` projections.users12.type,` +
|
||||
` projections.users12.username,` +
|
||||
` login_names.loginnames,` +
|
||||
` preferred_login_name.login_name,` +
|
||||
` projections.users11_humans.user_id,` +
|
||||
` projections.users11_humans.first_name,` +
|
||||
` projections.users11_humans.last_name,` +
|
||||
` projections.users11_humans.nick_name,` +
|
||||
` projections.users11_humans.display_name,` +
|
||||
` projections.users11_humans.preferred_language,` +
|
||||
` projections.users11_humans.gender,` +
|
||||
` projections.users11_humans.avatar_key,` +
|
||||
` projections.users11_humans.email,` +
|
||||
` projections.users11_humans.is_email_verified,` +
|
||||
` projections.users11_humans.phone,` +
|
||||
` projections.users11_humans.is_phone_verified,` +
|
||||
` projections.users11_humans.password_change_required,` +
|
||||
` projections.users11_machines.user_id,` +
|
||||
` projections.users11_machines.name,` +
|
||||
` projections.users11_machines.description,` +
|
||||
` projections.users11_machines.secret,` +
|
||||
` projections.users11_machines.access_token_type,` +
|
||||
` projections.users12_humans.user_id,` +
|
||||
` projections.users12_humans.first_name,` +
|
||||
` projections.users12_humans.last_name,` +
|
||||
` projections.users12_humans.nick_name,` +
|
||||
` projections.users12_humans.display_name,` +
|
||||
` projections.users12_humans.preferred_language,` +
|
||||
` projections.users12_humans.gender,` +
|
||||
` projections.users12_humans.avatar_key,` +
|
||||
` projections.users12_humans.email,` +
|
||||
` projections.users12_humans.is_email_verified,` +
|
||||
` projections.users12_humans.phone,` +
|
||||
` projections.users12_humans.is_phone_verified,` +
|
||||
` projections.users12_humans.password_change_required,` +
|
||||
` projections.users12_machines.user_id,` +
|
||||
` projections.users12_machines.name,` +
|
||||
` projections.users12_machines.description,` +
|
||||
` projections.users12_machines.secret,` +
|
||||
` projections.users12_machines.access_token_type,` +
|
||||
` COUNT(*) OVER ()` +
|
||||
` FROM projections.users11` +
|
||||
` LEFT JOIN projections.users11_humans ON projections.users11.id = projections.users11_humans.user_id AND projections.users11.instance_id = projections.users11_humans.instance_id` +
|
||||
` LEFT JOIN projections.users11_machines ON projections.users11.id = projections.users11_machines.user_id AND projections.users11.instance_id = projections.users11_machines.instance_id` +
|
||||
` FROM projections.users12` +
|
||||
` LEFT JOIN projections.users12_humans ON projections.users12.id = projections.users12_humans.user_id AND projections.users12.instance_id = projections.users12_humans.instance_id` +
|
||||
` LEFT JOIN projections.users12_machines ON projections.users12.id = projections.users12_machines.user_id AND projections.users12.instance_id = projections.users12_machines.instance_id` +
|
||||
` LEFT JOIN` +
|
||||
` (` + loginNamesQuery + `) AS login_names` +
|
||||
` ON login_names.user_id = projections.users11.id AND login_names.instance_id = projections.users11.instance_id` +
|
||||
` ON login_names.user_id = projections.users12.id AND login_names.instance_id = projections.users12.instance_id` +
|
||||
` LEFT JOIN` +
|
||||
` (` + preferredLoginNameQuery + `) AS preferred_login_name` +
|
||||
` ON preferred_login_name.user_id = projections.users11.id AND preferred_login_name.instance_id = projections.users11.instance_id` +
|
||||
` ON preferred_login_name.user_id = projections.users12.id AND preferred_login_name.instance_id = projections.users12.instance_id` +
|
||||
` AS OF SYSTEM TIME '-1 ms'`
|
||||
usersCols = []string{
|
||||
"id",
|
||||
@@ -602,7 +601,7 @@ func Test_UserPrepares(t *testing.T) {
|
||||
Machine: &Machine{
|
||||
Name: "name",
|
||||
Description: "description",
|
||||
Secret: nil,
|
||||
EncodedSecret: "",
|
||||
AccessTokenType: domain.OIDCTokenTypeBearer,
|
||||
},
|
||||
},
|
||||
@@ -643,7 +642,7 @@ func Test_UserPrepares(t *testing.T) {
|
||||
"id",
|
||||
"name",
|
||||
"description",
|
||||
`{"CryptoType":1,"Algorithm":"bcrypt","Crypted":"deadbeef"}`,
|
||||
"secret",
|
||||
domain.OIDCTokenTypeBearer,
|
||||
1,
|
||||
},
|
||||
@@ -661,13 +660,9 @@ func Test_UserPrepares(t *testing.T) {
|
||||
LoginNames: database.TextArray[string]{"login_name1", "login_name2"},
|
||||
PreferredLoginName: "login_name1",
|
||||
Machine: &Machine{
|
||||
Name: "name",
|
||||
Description: "description",
|
||||
Secret: &crypto.CryptoValue{
|
||||
CryptoType: crypto.TypeHash,
|
||||
Algorithm: "bcrypt",
|
||||
Crypted: []byte{117, 230, 157, 109, 231, 159},
|
||||
},
|
||||
Name: "name",
|
||||
Description: "description",
|
||||
EncodedSecret: "secret",
|
||||
AccessTokenType: domain.OIDCTokenTypeBearer,
|
||||
},
|
||||
},
|
||||
@@ -1344,7 +1339,7 @@ func Test_UserPrepares(t *testing.T) {
|
||||
"id",
|
||||
"name",
|
||||
"description",
|
||||
`{"CryptoType":1,"Algorithm":"bcrypt","Crypted":"deadbeef"}`,
|
||||
"secret",
|
||||
domain.OIDCTokenTypeBearer,
|
||||
},
|
||||
},
|
||||
@@ -1393,13 +1388,9 @@ func Test_UserPrepares(t *testing.T) {
|
||||
LoginNames: database.TextArray[string]{"login_name1", "login_name2"},
|
||||
PreferredLoginName: "login_name1",
|
||||
Machine: &Machine{
|
||||
Name: "name",
|
||||
Description: "description",
|
||||
Secret: &crypto.CryptoValue{
|
||||
CryptoType: crypto.TypeHash,
|
||||
Algorithm: "bcrypt",
|
||||
Crypted: []byte{117, 230, 157, 109, 231, 159},
|
||||
},
|
||||
Name: "name",
|
||||
Description: "description",
|
||||
EncodedSecret: "secret",
|
||||
AccessTokenType: domain.OIDCTokenTypeBearer,
|
||||
},
|
||||
},
|
||||
|
||||
Reference in New Issue
Block a user