fix: check domain of username not claimed by other organisation and cleanup (#2265)

* fix: register human * fix: check domain of username not claimed by other organisation * fix: create setup step to create domain claimed events for invalid users * Update setup_step19.go
2025-08-11 19:07:30 +00:00 · 2021-08-25 11:12:24 +02:00
parent d414404885
commit 34002ec834
6 changed files with 515 additions and 32 deletions
--- a/internal/command/user_human_test.go
+++ b/internal/command/user_human_test.go
@@ -1463,30 +1463,6 @@ func TestCommandSide_RegisterHuman(t *testing.T) {
 				err: caos_errs.IsErrorInvalidArgument,
 			},
 		},
-		{
-			name: "user invalid, invalid argument error",
-			fields: fields{
-				eventstore: eventstoreExpect(
-					t,
-				),
-			},
-			args: args{
-				ctx:   context.Background(),
-				orgID: "org1",
-				human: &domain.Human{
-					Username: "username",
-					Profile: &domain.Profile{
-						FirstName: "firstname",
-					},
-					Password: &domain.Password{
-						SecretString: "password",
-					},
-				},
-			},
-			res: res{
-				err: caos_errs.IsErrorInvalidArgument,
-			},
-		},
 		{
 			name: "org policy not found, precondition error",
 			fields: fields{
@@ -1555,6 +1531,230 @@ func TestCommandSide_RegisterHuman(t *testing.T) {
 				err: caos_errs.IsPreconditionFailed,
 			},
 		},
+		{
+			name: "user invalid, invalid argument error",
+			fields: fields{
+				eventstore: eventstoreExpect(
+					t,
+					expectFilter(
+						eventFromEventPusher(
+							org.NewOrgIAMPolicyAddedEvent(context.Background(),
+								&org.NewAggregate("org1", "org1").Aggregate,
+								true,
+							),
+						),
+					),
+					expectFilter(
+						eventFromEventPusher(
+							org.NewPasswordComplexityPolicyAddedEvent(context.Background(),
+								&org.NewAggregate("org1", "org1").Aggregate,
+								1,
+								false,
+								false,
+								false,
+								false,
+							),
+						),
+					),
+				),
+			},
+			args: args{
+				ctx:   context.Background(),
+				orgID: "org1",
+				human: &domain.Human{
+					Username: "username",
+					Profile: &domain.Profile{
+						FirstName: "firstname",
+					},
+					Password: &domain.Password{
+						SecretString: "password",
+					},
+				},
+			},
+			res: res{
+				err: caos_errs.IsErrorInvalidArgument,
+			},
+		},
+		{
+			name: "email domain reserved, invalid argument error",
+			fields: fields{
+				eventstore: eventstoreExpect(
+					t,
+					expectFilter(
+						eventFromEventPusher(
+							org.NewOrgIAMPolicyAddedEvent(context.Background(),
+								&org.NewAggregate("org1", "org1").Aggregate,
+								false,
+							),
+						),
+					),
+					expectFilter(
+						eventFromEventPusher(
+							org.NewPasswordComplexityPolicyAddedEvent(context.Background(),
+								&org.NewAggregate("org1", "org1").Aggregate,
+								1,
+								false,
+								false,
+								false,
+								false,
+							),
+						),
+					),
+					expectFilter(
+						eventFromEventPusher(
+							org.NewDomainAddedEvent(context.Background(),
+								&org.NewAggregate("org2", "org2").Aggregate,
+								"test.ch",
+							),
+						),
+						eventFromEventPusher(
+							org.NewDomainVerifiedEvent(context.Background(),
+								&org.NewAggregate("org2", "org2").Aggregate,
+								"test.ch",
+							),
+						),
+					),
+				),
+			},
+			args: args{
+				ctx:   context.Background(),
+				orgID: "org1",
+				human: &domain.Human{
+					Password: &domain.Password{
+						SecretString: "password",
+					},
+					Profile: &domain.Profile{
+						FirstName: "firstname",
+						LastName:  "lastname",
+					},
+					Email: &domain.Email{
+						EmailAddress: "email@test.ch",
+					},
+				},
+			},
+			res: res{
+				err: caos_errs.IsErrorInvalidArgument,
+			},
+		},
+		{
+			name: "email domain reserved, same org, ok",
+			fields: fields{
+				eventstore: eventstoreExpect(
+					t,
+					expectFilter(
+						eventFromEventPusher(
+							org.NewOrgIAMPolicyAddedEvent(context.Background(),
+								&org.NewAggregate("org1", "org1").Aggregate,
+								false,
+							),
+						),
+					),
+					expectFilter(
+						eventFromEventPusher(
+							org.NewPasswordComplexityPolicyAddedEvent(context.Background(),
+								&org.NewAggregate("org1", "org1").Aggregate,
+								1,
+								false,
+								false,
+								false,
+								false,
+							),
+						),
+					),
+					expectFilter(
+						eventFromEventPusher(
+							org.NewDomainAddedEvent(context.Background(),
+								&org.NewAggregate("org2", "org2").Aggregate,
+								"test.ch",
+							),
+						),
+						eventFromEventPusher(
+							org.NewDomainVerifiedEvent(context.Background(),
+								&org.NewAggregate("org2", "org2").Aggregate,
+								"test.ch",
+							),
+						),
+						eventFromEventPusher(
+							org.NewDomainRemovedEvent(context.Background(),
+								&org.NewAggregate("org2", "org2").Aggregate,
+								"test.ch",
+								true,
+							),
+						),
+						eventFromEventPusher(
+							org.NewDomainAddedEvent(context.Background(),
+								&org.NewAggregate("org1", "org1").Aggregate,
+								"test.ch",
+							),
+						),
+						eventFromEventPusher(
+							org.NewDomainVerifiedEvent(context.Background(),
+								&org.NewAggregate("org1", "org1").Aggregate,
+								"test.ch",
+							),
+						),
+					),
+					expectPush(
+						[]*repository.Event{
+							eventFromEventPusher(
+								newRegisterHumanEvent("email@test.ch", "password", false, ""),
+							),
+							eventFromEventPusher(
+								user.NewHumanInitialCodeAddedEvent(context.Background(),
+									&user.NewAggregate("user1", "org1").Aggregate,
+									&crypto.CryptoValue{
+										CryptoType: crypto.TypeEncryption,
+										Algorithm:  "enc",
+										KeyID:      "id",
+										Crypted:    []byte("a"),
+									},
+									time.Hour*1,
+								),
+							),
+						},
+						uniqueConstraintsFromEventConstraint(user.NewAddUsernameUniqueConstraint("email@test.ch", "org1", false)),
+					),
+				),
+				idGenerator:     id_mock.NewIDGeneratorExpectIDs(t, "user1"),
+				secretGenerator: GetMockSecretGenerator(t),
+				userPasswordAlg: crypto.CreateMockHashAlg(gomock.NewController(t)),
+			},
+			args: args{
+				ctx:   context.Background(),
+				orgID: "org1",
+				human: &domain.Human{
+					Password: &domain.Password{
+						SecretString: "password",
+					},
+					Profile: &domain.Profile{
+						FirstName: "firstname",
+						LastName:  "lastname",
+					},
+					Email: &domain.Email{
+						EmailAddress: "email@test.ch",
+					},
+				},
+			},
+			res: res{
+				want: &domain.Human{
+					ObjectRoot: models.ObjectRoot{
+						AggregateID:   "user1",
+						ResourceOwner: "org1",
+					},
+					Username: "email@test.ch",
+					Profile: &domain.Profile{
+						FirstName:         "firstname",
+						LastName:          "lastname",
+						DisplayName:       "firstname lastname",
+						PreferredLanguage: language.Und,
+					},
+					Email: &domain.Email{
+						EmailAddress: "email@test.ch",
+					},
+					State: domain.UserStateInitial,
+				},
+			},
+		},
 		{
 			name: "add human (with password and initial code), ok",
 			fields: fields{
@@ -1583,7 +1783,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) {
 					expectPush(
 						[]*repository.Event{
 							eventFromEventPusher(
-								newRegisterHumanEvent("password", false, ""),
+								newRegisterHumanEvent("username", "password", false, ""),
 							),
 							eventFromEventPusher(
 								user.NewHumanInitialCodeAddedEvent(context.Background(),
@@ -1670,7 +1870,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) {
 					expectPush(
 						[]*repository.Event{
 							eventFromEventPusher(
-								newRegisterHumanEvent("password", false, ""),
+								newRegisterHumanEvent("username", "password", false, ""),
 							),
 							eventFromEventPusher(
 								user.NewHumanEmailVerifiedEvent(context.Background(),
@@ -1751,7 +1951,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) {
 					expectPush(
 						[]*repository.Event{
 							eventFromEventPusher(
-								newRegisterHumanEvent("password", false, "+41711234567"),
+								newRegisterHumanEvent("username", "password", false, "+41711234567"),
 							),
 							eventFromEventPusher(
 								user.NewHumanInitialCodeAddedEvent(context.Background(),
@@ -1854,7 +2054,7 @@ func TestCommandSide_RegisterHuman(t *testing.T) {
 					expectPush(
 						[]*repository.Event{
 							eventFromEventPusher(
-								newRegisterHumanEvent("password", false, "+41711234567"),
+								newRegisterHumanEvent("username", "password", false, "+41711234567"),
 							),
 							eventFromEventPusher(
 								user.NewHumanInitialCodeAddedEvent(context.Background(),
@@ -2285,10 +2485,10 @@ func newAddHumanEvent(password string, changeRequired bool, phone string) *user.
 	return event
 }

-func newRegisterHumanEvent(password string, changeRequired bool, phone string) *user.HumanRegisteredEvent {
+func newRegisterHumanEvent(username, password string, changeRequired bool, phone string) *user.HumanRegisteredEvent {
 	event := user.NewHumanRegisteredEvent(context.Background(),
 		&user.NewAggregate("user1", "org1").Aggregate,
-		"username",
+		username,
 		"firstname",
 		"lastname",
 		"",