TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-12 02:54:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: ensure domain policy is read for the correct org (#4872)

Browse Source
This commit is contained in:
Livio Spring 2022-12-13 07:37:50 +01:00 committed by GitHub
parent e4531291f5
commit 33e973f015
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 27 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
internal/command/org_domain.go
View File

@ -30,7 +30,7 @@ func (c *Commands) prepareAddOrgDomain(a *org.Aggregate, addDomain string, userI
if existing != nil && existing.State == domain.OrgDomainStateActive {
return nil, errors.ThrowAlreadyExists(nil, "V2-e1wse", "Errors.Already.Exists")
}
domainPolicy, err := domainPolicyWriteModel(ctx, filter)
domainPolicy, err := domainPolicyWriteModel(ctx, filter, a.ID)
if err != nil {
return nil, err
}

6
internal/command/org_policy_domain.go
View File

@ -90,7 +90,7 @@ func prepareAddOrgDomainPolicy(
) preparation.Validation {
return func() (preparation.CreateCommands, error) {
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
writeModel, err := orgDomainPolicy(ctx, filter)
writeModel, err := orgDomainPolicy(ctx, filter, a.ID)
if err != nil {
return nil, err
}
@ -133,7 +133,7 @@ func prepareChangeOrgDomainPolicy(
) preparation.Validation {
return func() (preparation.CreateCommands, error) {
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
writeModel, err := orgDomainPolicy(ctx, filter)
writeModel, err := orgDomainPolicy(ctx, filter, a.ID)
if err != nil {
return nil, err
}
@ -169,7 +169,7 @@ func prepareRemoveOrgDomainPolicy(
) preparation.Validation {
return func() (preparation.CreateCommands, error) {
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
writeModel, err := orgDomainPolicy(ctx, filter)
writeModel, err := orgDomainPolicy(ctx, filter, a.ID)
if err != nil {
return nil, err
}

2
internal/command/user.go
View File

@ -349,7 +349,7 @@ func (c *Commands) prepareUserDomainClaimed(ctx context.Context, filter preparat
if !userWriteModel.UserState.Exists() {
return nil, errors.ThrowNotFound(nil, "COMMAND-ii9K0", "Errors.User.NotFound")
}
domainPolicy, err := domainPolicyWriteModel(ctx, filter)
domainPolicy, err := domainPolicyWriteModel(ctx, filter, userWriteModel.ResourceOwner)
if err != nil {
return nil, err
}

9
internal/command/user_domain_policy.go
View File

@ -3,13 +3,12 @@ package command
import (
"context"
"github.com/zitadel/zitadel/internal/api/authz"
"github.com/zitadel/zitadel/internal/command/preparation"
"github.com/zitadel/zitadel/internal/errors"
)
func domainPolicyWriteModel(ctx context.Context, filter preparation.FilterToQueryReducer) (*PolicyDomainWriteModel, error) {
wm, err := orgDomainPolicy(ctx, filter)
func domainPolicyWriteModel(ctx context.Context, filter preparation.FilterToQueryReducer, orgID string) (*PolicyDomainWriteModel, error) {
wm, err := orgDomainPolicy(ctx, filter, orgID)
if err != nil {
return nil, err
}
@ -26,8 +25,8 @@ func domainPolicyWriteModel(ctx context.Context, filter preparation.FilterToQuer
return nil, errors.ThrowInternal(nil, "USER-Ggk9n", "Errors.Internal")
}
func orgDomainPolicy(ctx context.Context, filter preparation.FilterToQueryReducer) (*OrgDomainPolicyWriteModel, error) {
policy := NewOrgDomainPolicyWriteModel(authz.GetCtxData(ctx).OrgID)
func orgDomainPolicy(ctx context.Context, filter preparation.FilterToQueryReducer, orgID string) (*OrgDomainPolicyWriteModel, error) {
policy := NewOrgDomainPolicyWriteModel(orgID)
events, err := filter(ctx, policy.Query())
if err != nil {
return nil, err

18
internal/command/user_domain_policy_test.go
View File

@ -17,6 +17,7 @@ import (
func Test_customDomainPolicy(t *testing.T) {
type args struct {
filter preparation.FilterToQueryReducer
orgID string
}
tests := []struct {
name string
@ -30,6 +31,7 @@ func Test_customDomainPolicy(t *testing.T) {
filter: func(_ context.Context, _ *eventstore.SearchQueryBuilder) ([]eventstore.Event, error) {
return nil, errors.ThrowInternal(nil, "USER-IgYlN", "Errors.Internal")
},
orgID: "id",
},
want: nil,
wantErr: true,
@ -40,10 +42,14 @@ func Test_customDomainPolicy(t *testing.T) {
filter: func(_ context.Context, _ *eventstore.SearchQueryBuilder) ([]eventstore.Event, error) {
return []eventstore.Event{}, nil
},
orgID: "id",
},
want: &OrgDomainPolicyWriteModel{
PolicyDomainWriteModel: PolicyDomainWriteModel{
WriteModel: eventstore.WriteModel{},
WriteModel: eventstore.WriteModel{
AggregateID: "id",
ResourceOwner: "id",
},
State: domain.PolicyStateUnspecified,
},
},
@ -63,6 +69,7 @@ func Test_customDomainPolicy(t *testing.T) {
),
}, nil
},
orgID: "id",
},
want: &OrgDomainPolicyWriteModel{
PolicyDomainWriteModel: PolicyDomainWriteModel{
@ -82,7 +89,7 @@ func Test_customDomainPolicy(t *testing.T) {
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, err := orgDomainPolicy(context.Background(), tt.args.filter)
got, err := orgDomainPolicy(context.Background(), tt.args.filter, tt.args.orgID)
if (err != nil) != tt.wantErr {
t.Errorf("customDomainPolicy() error = %v, wantErr %v", err, tt.wantErr)
return
@ -181,6 +188,7 @@ func Test_defaultDomainPolicy(t *testing.T) {
func Test_DomainPolicy(t *testing.T) {
type args struct {
filter preparation.FilterToQueryReducer
orgID string
}
tests := []struct {
name string
@ -194,6 +202,7 @@ func Test_DomainPolicy(t *testing.T) {
filter: func(_ context.Context, _ *eventstore.SearchQueryBuilder) ([]eventstore.Event, error) {
return nil, errors.ThrowInternal(nil, "USER-IgYlN", "Errors.Internal")
},
orgID: "id",
},
want: nil,
wantErr: true,
@ -212,6 +221,7 @@ func Test_DomainPolicy(t *testing.T) {
),
}, nil
},
orgID: "id",
},
want: &PolicyDomainWriteModel{
WriteModel: eventstore.WriteModel{
@ -237,6 +247,7 @@ func Test_DomainPolicy(t *testing.T) {
return nil, errors.ThrowInternal(nil, "USER-6HnsD", "Errors.Internal")
}).
Filter(),
orgID: "id",
},
want: nil,
wantErr: true,
@ -260,6 +271,7 @@ func Test_DomainPolicy(t *testing.T) {
}, nil
}).
Filter(),
orgID: "id",
},
want: &PolicyDomainWriteModel{
WriteModel: eventstore.WriteModel{
@ -288,7 +300,7 @@ func Test_DomainPolicy(t *testing.T) {
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, err := domainPolicyWriteModel(authz.WithInstanceID(context.Background(), "INSTANCE"), tt.args.filter)
got, err := domainPolicyWriteModel(authz.WithInstanceID(context.Background(), "INSTANCE"), tt.args.filter, tt.args.orgID)
if (err != nil) != tt.wantErr {
t.Errorf("defaultDomainPolicy() error = %v, wantErr %v", err, tt.wantErr)
return

2
internal/command/user_human.go
View File

@ -130,7 +130,7 @@ func AddHumanCommand(a *user.Aggregate, human *AddHuman, passwordAlg crypto.Hash
}
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
domainPolicy, err := domainPolicyWriteModel(ctx, filter)
domainPolicy, err := domainPolicyWriteModel(ctx, filter, a.ResourceOwner)
if err != nil {
return nil, err
}

2
internal/command/user_machine.go
View File

@ -51,7 +51,7 @@ func AddMachineCommand(a *user.Aggregate, machine *Machine) preparation.Validati
if isUserStateExists(writeModel.UserState) {
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-k2una", "Errors.User.AlreadyExisting")
}
domainPolicy, err := domainPolicyWriteModel(ctx, filter)
domainPolicy, err := domainPolicyWriteModel(ctx, filter, a.ResourceOwner)
if err != nil {
return nil, caos_errs.ThrowPreconditionFailed(err, "COMMAND-3M9fs", "Errors.Org.DomainPolicy.NotFound")
}