fix: correct oidcsettings management (#4413)

* fix(oidcsettings): corrected projection, unittests and added the add endpoint

* fix(oidcsettings): corrected default handling and instance setup

* fix: set oidc settings correctly in console

* cleanup

* e2e test

* improve e2e test

* lint e2e

Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>

console/angular.json

@@ -32,6 +32,7 @@
               "grpc-web",
               "@angular/common/locales/de",
               "codemirror/mode/javascript/javascript",
+              "codemirror/mode/xml/xml",
               "src/app/proto/generated/zitadel/admin_pb",
               "src/app/proto/generated/zitadel/org_pb",
               "src/app/proto/generated/zitadel/management_pb",

console/src/app/modules/policies/oidc-configuration/oidc-configuration.component.html

@@ -46,6 +46,7 @@
     color="primary"
     type="submit"
     mat-raised-button
+    data-e2e="save-button"
   >
     {{ 'ACTIONS.SAVE' | translate }}
   </button>

console/src/app/modules/policies/oidc-configuration/oidc-configuration.component.ts

@@ -2,7 +2,12 @@ import { Component, OnInit } from '@angular/core';
 import { AbstractControl, UntypedFormBuilder, UntypedFormGroup, Validators } from '@angular/forms';
 import { Duration } from 'google-protobuf/google/protobuf/duration_pb';
 import { take } from 'rxjs';
-import { SetDefaultLanguageResponse, UpdateOIDCSettingsRequest } from 'src/app/proto/generated/zitadel/admin_pb';
+import {
+  AddOIDCSettingsRequest,
+  AddOIDCSettingsResponse,
+  UpdateOIDCSettingsRequest,
+  UpdateOIDCSettingsResponse,
+} from 'src/app/proto/generated/zitadel/admin_pb';
 import { OIDCSettings } from 'src/app/proto/generated/zitadel/settings_pb';
 import { AdminService } from 'src/app/services/admin.service';
 import { GrpcAuthService } from 'src/app/services/grpc-auth.service';
@@ -15,6 +20,7 @@ import { ToastService } from 'src/app/services/toast.service';
 })
 export class OIDCConfigurationComponent implements OnInit {
   public oidcSettings!: OIDCSettings.AsObject;
+  private settingsSet: boolean = false;
 
   public loading: boolean = false;
   public form!: UntypedFormGroup;
@@ -25,10 +31,10 @@ export class OIDCConfigurationComponent implements OnInit {
     private authService: GrpcAuthService,
   ) {
     this.form = this.fb.group({
-      accessTokenLifetime: [{ disabled: true, value: 12 }, [Validators.required]],
-      idTokenLifetime: [{ disabled: true, value: 12 }, [Validators.required]],
-      refreshTokenExpiration: [{ disabled: true, value: 30 }, [Validators.required]],
-      refreshTokenIdleExpiration: [{ disabled: true, value: 90 }, [Validators.required]],
+      accessTokenLifetime: [{ disabled: true }, [Validators.required]],
+      idTokenLifetime: [{ disabled: true }, [Validators.required]],
+      refreshTokenExpiration: [{ disabled: true }, [Validators.required]],
+      refreshTokenIdleExpiration: [{ disabled: true }, [Validators.required]],
     });
   }
 
@@ -50,26 +56,27 @@ export class OIDCConfigurationComponent implements OnInit {
       .then((oidcConfiguration) => {
         if (oidcConfiguration.settings) {
           this.oidcSettings = oidcConfiguration.settings;
+          this.settingsSet = true;
 
           this.accessTokenLifetime?.setValue(
             oidcConfiguration.settings.accessTokenLifetime?.seconds
               ? oidcConfiguration.settings.accessTokenLifetime?.seconds / 60 / 60
-              : 12,
+              : 0,
           );
           this.idTokenLifetime?.setValue(
             oidcConfiguration.settings.idTokenLifetime?.seconds
               ? oidcConfiguration.settings.idTokenLifetime?.seconds / 60 / 60
-              : 12,
+              : 0,
           );
           this.refreshTokenExpiration?.setValue(
             oidcConfiguration.settings.refreshTokenExpiration?.seconds
               ? oidcConfiguration.settings.refreshTokenExpiration?.seconds / 60 / 60 / 24
-              : 30,
+              : 0,
           );
           this.refreshTokenIdleExpiration?.setValue(
             oidcConfiguration.settings.refreshTokenIdleExpiration?.seconds
               ? oidcConfiguration.settings.refreshTokenIdleExpiration?.seconds / 60 / 60 / 24
-              : 90,
+              : 0,
           );
         }
       })
@@ -78,31 +85,58 @@ export class OIDCConfigurationComponent implements OnInit {
       });
   }
 
-  private updateData(): Promise<SetDefaultLanguageResponse.AsObject> {
+  private updateData(): Promise<UpdateOIDCSettingsResponse.AsObject> {
     const req = new UpdateOIDCSettingsRequest();
 
-    const accessToken = new Duration().setSeconds((this.accessTokenLifetime?.value ?? 12) * 60 * 60);
+    const accessToken = new Duration().setSeconds((this.accessTokenLifetime?.value ?? 0) * 60 * 60);
     req.setAccessTokenLifetime(accessToken);
 
-    const idToken = new Duration().setSeconds((this.idTokenLifetime?.value ?? 12) * 60 * 60);
+    const idToken = new Duration().setSeconds((this.idTokenLifetime?.value ?? 0) * 60 * 60);
     req.setIdTokenLifetime(idToken);
 
-    const refreshToken = new Duration().setSeconds((this.refreshTokenExpiration?.value ?? 30) * 60 * 60 * 24);
+    const refreshToken = new Duration().setSeconds((this.refreshTokenExpiration?.value ?? 0) * 60 * 60 * 24);
     req.setRefreshTokenExpiration(refreshToken);
 
-    const refreshIdleToken = new Duration().setSeconds((this.refreshTokenIdleExpiration?.value ?? 90) * 60 * 60 * 24);
+    const refreshIdleToken = new Duration().setSeconds((this.refreshTokenIdleExpiration?.value ?? 0) * 60 * 60 * 24);
     req.setRefreshTokenIdleExpiration(refreshIdleToken);
 
     return (this.service as AdminService).updateOIDCSettings(req);
   }
 
+  private addData(): Promise<AddOIDCSettingsResponse.AsObject> {
+    const req = new AddOIDCSettingsRequest();
+
+    const accessToken = new Duration().setSeconds((this.accessTokenLifetime?.value ?? 0) * 60 * 60);
+    req.setAccessTokenLifetime(accessToken);
+
+    const idToken = new Duration().setSeconds((this.idTokenLifetime?.value ?? 0) * 60 * 60);
+    req.setIdTokenLifetime(idToken);
+
+    const refreshToken = new Duration().setSeconds((this.refreshTokenExpiration?.value ?? 0) * 60 * 60 * 24);
+    req.setRefreshTokenExpiration(refreshToken);
+
+    const refreshIdleToken = new Duration().setSeconds((this.refreshTokenIdleExpiration?.value ?? 0) * 60 * 60 * 24);
+    req.setRefreshTokenIdleExpiration(refreshIdleToken);
+
+    return (this.service as AdminService).addOIDCSettings(req);
+  }
+
   public savePolicy(): void {
-    const prom = this.updateData();
-    if (prom) {
-      prom
+    if (this.settingsSet) {
+      this.updateData()
+        .then(() => {
+          this.toast.showInfo('SETTING.SMTP.SAVED', true);
+          setTimeout(() => {
+            this.fetchData();
+          }, 2000);
+        })
+        .catch((error) => {
+          this.toast.showError(error);
+        });
+    } else {
+      this.addData()
         .then(() => {
           this.toast.showInfo('SETTING.SMTP.SAVED', true);
-          this.loading = true;
           setTimeout(() => {
             this.fetchData();
           }, 2000);

console/src/app/services/admin.service.ts

@@ -180,6 +180,8 @@ import {
   UpdateLockoutPolicyResponse,
   UpdateLoginPolicyRequest,
   UpdateLoginPolicyResponse,
+  AddOIDCSettingsRequest,
+  AddOIDCSettingsResponse,
   UpdateOIDCSettingsRequest,
   UpdateOIDCSettingsResponse,
   UpdatePasswordAgePolicyRequest,
@@ -623,6 +625,10 @@ export class AdminService {
     return this.grpcService.admin.updateOIDCSettings(req, null).then((resp) => resp.toObject());
   }
 
+  public addOIDCSettings(req: AddOIDCSettingsRequest): Promise<AddOIDCSettingsResponse.AsObject> {
+    return this.grpcService.admin.addOIDCSettings(req, null).then((resp) => resp.toObject());
+  }
+
   /* LOG and FILE Notifications */
 
   public getLogNotificationProvider(): Promise<GetLogNotificationProviderResponse.AsObject> {