add user_grants to the userinfo query

2025-12-10 06:12:22 +00:00 · 2023-11-15 14:49:20 +02:00
parent ec65673e41
commit 3584833021
13 changed files with 363 additions and 178 deletions
--- a/internal/query/userinfo_test.go
+++ b/internal/query/userinfo_test.go
@@ -22,6 +22,8 @@ var (
 	testdataUserInfoHumanNoMD string
 	//go:embed testdata/userinfo_human.json
 	testdataUserInfoHuman string
+	//go:embed testdata/userinfo_human_grants.json
+	testdataUserInfoHumanGrants string
 	//go:embed testdata/userinfo_machine.json
 	testdataUserInfoMachine string
 )
@@ -29,7 +31,8 @@ var (
 func TestQueries_GetOIDCUserInfo(t *testing.T) {
 	expQuery := regexp.QuoteMeta(oidcUserInfoQuery)
 	type args struct {
-		userID string
+		userID       string
+		roleAudience []string
 	}
 	tests := []struct {
 		name    string
@@ -43,7 +46,7 @@ func TestQueries_GetOIDCUserInfo(t *testing.T) {
 			args: args{
 				userID: "231965491734773762",
 			},
-			mock:    mockQueryErr(expQuery, sql.ErrConnDone, "231965491734773762", "instanceID"),
+			mock:    mockQueryErr(expQuery, sql.ErrConnDone, "231965491734773762", "instanceID", nil),
 			wantErr: sql.ErrConnDone,
 		},
 		{
@@ -51,7 +54,7 @@ func TestQueries_GetOIDCUserInfo(t *testing.T) {
 			args: args{
 				userID: "231965491734773762",
 			},
-			mock:    mockQuery(expQuery, []string{"json_build_object"}, []driver.Value{`~~~`}, "231965491734773762", "instanceID"),
+			mock:    mockQuery(expQuery, []string{"json_build_object"}, []driver.Value{`~~~`}, "231965491734773762", "instanceID", nil),
 			wantErr: errors.ThrowInternal(nil, "QUERY-Vohs6", "Errors.Internal"),
 		},
 		{
@@ -59,7 +62,7 @@ func TestQueries_GetOIDCUserInfo(t *testing.T) {
 			args: args{
 				userID: "231965491734773762",
 			},
-			mock:    mockQuery(expQuery, []string{"json_build_object"}, []driver.Value{testdataUserInfoNotFound}, "231965491734773762", "instanceID"),
+			mock:    mockQuery(expQuery, []string{"json_build_object"}, []driver.Value{testdataUserInfoNotFound}, "231965491734773762", "instanceID", nil),
 			wantErr: errors.ThrowNotFound(nil, "QUERY-ahs4S", "Errors.User.NotFound"),
 		},
 		{
@@ -67,7 +70,7 @@ func TestQueries_GetOIDCUserInfo(t *testing.T) {
 			args: args{
 				userID: "231965491734773762",
 			},
-			mock: mockQuery(expQuery, []string{"json_build_object"}, []driver.Value{testdataUserInfoHumanNoMD}, "231965491734773762", "instanceID"),
+			mock: mockQuery(expQuery, []string{"json_build_object"}, []driver.Value{testdataUserInfoHumanNoMD}, "231965491734773762", "instanceID", nil),
 			want: &OIDCUserInfo{
 				User: &User{
 					ID:            "231965491734773762",
@@ -102,7 +105,7 @@ func TestQueries_GetOIDCUserInfo(t *testing.T) {
 			args: args{
 				userID: "231965491734773762",
 			},
-			mock: mockQuery(expQuery, []string{"json_build_object"}, []driver.Value{testdataUserInfoHuman}, "231965491734773762", "instanceID"),
+			mock: mockQuery(expQuery, []string{"json_build_object"}, []driver.Value{testdataUserInfoHuman}, "231965491734773762", "instanceID", nil),
 			want: &OIDCUserInfo{
 				User: &User{
 					ID:            "231965491734773762",
@@ -149,12 +152,109 @@ func TestQueries_GetOIDCUserInfo(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "human with metadata and grants",
+			args: args{
+				userID:       "231965491734773762",
+				roleAudience: []string{"236645808328409090", "240762134579904514"},
+			},
+			mock: mockQuery(expQuery,
+				[]string{"json_build_object"},
+				[]driver.Value{testdataUserInfoHumanGrants},
+				"231965491734773762", "instanceID", database.TextArray[string]{"236645808328409090", "240762134579904514"},
+			),
+			want: &OIDCUserInfo{
+				User: &User{
+					ID:            "231965491734773762",
+					CreationDate:  time.Date(2023, time.September, 15, 6, 10, 7, 434142000, time.FixedZone("", 0)),
+					ChangeDate:    time.Date(2023, time.November, 14, 13, 27, 2, 72318000, time.FixedZone("", 0)),
+					Sequence:      1148,
+					State:         1,
+					ResourceOwner: "231848297847848962",
+					Username:      "tim+tesmail@zitadel.com",
+					Human: &Human{
+						FirstName:       "Tim",
+						LastName:        "Mohlmann",
+						NickName:        "muhlemmer",
+						DisplayName:     "Tim Mohlmann",
+						AvatarKey:       "",
+						Email:           "tim+tesmail@zitadel.com",
+						IsEmailVerified: true,
+						Phone:           "+40123456789",
+						IsPhoneVerified: false,
+					},
+					Machine: nil,
+				},
+				Org: &userInfoOrg{
+					Name:          "demo",
+					PrimaryDomain: "demo.localhost",
+				},
+				Metadata: []UserMetadata{
+					{
+						CreationDate:  time.Date(2023, time.November, 14, 13, 26, 3, 553702000, time.FixedZone("", 0)),
+						ChangeDate:    time.Date(2023, time.November, 14, 13, 26, 3, 553702000, time.FixedZone("", 0)),
+						Sequence:      1147,
+						ResourceOwner: "231848297847848962",
+						Key:           "bar",
+						Value:         []byte("foo"),
+					},
+					{
+						CreationDate:  time.Date(2023, time.November, 14, 13, 25, 57, 171368000, time.FixedZone("", 0)),
+						ChangeDate:    time.Date(2023, time.November, 14, 13, 25, 57, 171368000, time.FixedZone("", 0)),
+						Sequence:      1146,
+						ResourceOwner: "231848297847848962",
+						Key:           "foo",
+						Value:         []byte("bar"),
+					},
+				},
+				UserGrants: []UserGrant{
+					{
+						ID:           "240749256523120642",
+						GrantID:      "",
+						State:        1,
+						CreationDate: time.Date(2023, time.November, 14, 20, 28, 59, 168208000, time.FixedZone("", 0)),
+						ChangeDate:   time.Date(2023, time.November, 14, 20, 50, 58, 822391000, time.FixedZone("", 0)),
+						Sequence:     2,
+						UserID:       "231965491734773762",
+						Roles: []string{
+							"role1",
+							"role2",
+						},
+						ResourceOwner:     "231848297847848962",
+						ProjectID:         "236645808328409090",
+						OrgName:           "demo",
+						OrgPrimaryDomain:  "demo.localhost",
+						ProjectName:       "tests",
+						UserResourceOwner: "231848297847848962",
+					},
+					{
+						ID:           "240762315572510722",
+						GrantID:      "",
+						State:        1,
+						CreationDate: time.Date(2023, time.November, 14, 22, 38, 42, 967317000, time.FixedZone("", 0)),
+						ChangeDate:   time.Date(2023, time.November, 14, 22, 38, 42, 967317000, time.FixedZone("", 0)),
+						Sequence:     1,
+						UserID:       "231965491734773762",
+						Roles: []string{
+							"role3",
+							"role4",
+						},
+						ResourceOwner:     "231848297847848962",
+						ProjectID:         "240762134579904514",
+						OrgName:           "demo",
+						OrgPrimaryDomain:  "demo.localhost",
+						ProjectName:       "tests2",
+						UserResourceOwner: "231848297847848962",
+					},
+				},
+			},
+		},
 		{
 			name: "machine with metadata",
 			args: args{
 				userID: "240707570677841922",
 			},
-			mock: mockQuery(expQuery, []string{"json_build_object"}, []driver.Value{testdataUserInfoMachine}, "240707570677841922", "instanceID"),
+			mock: mockQuery(expQuery, []string{"json_build_object"}, []driver.Value{testdataUserInfoMachine}, "240707570677841922", "instanceID", nil),
 			want: &OIDCUserInfo{
 				User: &User{
 					ID:            "240707570677841922",
@@ -206,7 +306,7 @@ func TestQueries_GetOIDCUserInfo(t *testing.T) {
 				}
 				ctx := authz.NewMockContext("instanceID", "orgID", "loginClient")

-				got, err := q.GetOIDCUserInfo(ctx, tt.args.userID)
+				got, err := q.GetOIDCUserInfo(ctx, tt.args.userID, tt.args.roleAudience)
 				require.ErrorIs(t, err, tt.wantErr)
 				assert.Equal(t, tt.want, got)
 			})