mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-11 21:27:42 +00:00
Merge commit from fork
* fix: require permission to create and update session * fix: require permission to fail auth requests * merge main and fix integration tests * fix merge * fix integration tests * fix integration tests * fix saml permission check
This commit is contained in:
Livio Spring
@@ -72,7 +72,7 @@ func TestServer_GetSession(t *testing.T) {
|
||||
{
|
||||
name: "get session, permission, ok",
|
||||
args: args{
|
||||
CTX,
|
||||
IAMOwnerCTX,
|
||||
&session.GetSessionRequest{},
|
||||
func(ctx context.Context, t *testing.T, request *session.GetSessionRequest) uint64 {
|
||||
resp, err := Client.CreateSession(ctx, &session.CreateSessionRequest{})
|
||||
@@ -213,7 +213,7 @@ func TestServer_GetSession(t *testing.T) {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
var sequence uint64
|
||||
if tt.args.dep != nil {
|
||||
sequence = tt.args.dep(CTX, t, tt.args.req)
|
||||
sequence = tt.args.dep(LoginCTX, t, tt.args.req)
|
||||
}
|
||||
|
||||
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(tt.args.ctx, time.Minute)
|
||||
@@ -360,7 +360,7 @@ func TestServer_ListSessions(t *testing.T) {
|
||||
{
|
||||
name: "list sessions, permission, ok",
|
||||
args: args{
|
||||
CTX,
|
||||
IAMOwnerCTX,
|
||||
&session.ListSessionsRequest{},
|
||||
func(ctx context.Context, t *testing.T, request *session.ListSessionsRequest) []*sessionAttr {
|
||||
info := createSession(ctx, t, "", "", nil, nil)
|
||||
@@ -501,7 +501,7 @@ func TestServer_ListSessions(t *testing.T) {
|
||||
{
|
||||
name: "list sessions, own creator, ok",
|
||||
args: args{
|
||||
CTX,
|
||||
LoginCTX,
|
||||
&session.ListSessionsRequest{},
|
||||
func(ctx context.Context, t *testing.T, request *session.ListSessionsRequest) []*sessionAttr {
|
||||
info := createSession(ctx, t, User.GetUserId(), "agent", durationpb.New(time.Minute*5), map[string][]byte{"key": []byte("value")})
|
||||
@@ -542,7 +542,7 @@ func TestServer_ListSessions(t *testing.T) {
|
||||
info := createSession(ctx, t, User.GetUserId(), "agent", durationpb.New(time.Minute*5), map[string][]byte{"key": []byte("value")})
|
||||
request.Queries = append(request.Queries,
|
||||
&session.SearchQuery{Query: &session.SearchQuery_IdsQuery{IdsQuery: &session.IDsQuery{Ids: []string{info.ID}}}},
|
||||
&session.SearchQuery{Query: &session.SearchQuery_CreatorQuery{CreatorQuery: &session.CreatorQuery{Id: gu.Ptr(Instance.Users.Get(integration.UserTypeOrgOwner).ID)}}})
|
||||
&session.SearchQuery{Query: &session.SearchQuery_CreatorQuery{CreatorQuery: &session.CreatorQuery{Id: gu.Ptr(Instance.Users.Get(integration.UserTypeLogin).ID)}}})
|
||||
return []*sessionAttr{info}
|
||||
},
|
||||
},
|
||||
@@ -682,7 +682,7 @@ func TestServer_ListSessions(t *testing.T) {
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
infos := tt.args.dep(CTX, t, tt.args.req)
|
||||
infos := tt.args.dep(LoginCTX, t, tt.args.req)
|
||||
|
||||
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(tt.args.ctx, time.Minute)
|
||||
require.EventuallyWithT(t, func(ttt *assert.CollectT) {
|
||||
|
||||
@@ -251,7 +251,7 @@ func TestServer_CreateSession(t *testing.T) {
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
got, err := Client.CreateSession(CTX, tt.req)
|
||||
got, err := Client.CreateSession(LoginCTX, tt.req)
|
||||
if tt.wantErr {
|
||||
require.Error(t, err)
|
||||
return
|
||||
@@ -280,7 +280,7 @@ func TestServer_CreateSession_lock_user(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
|
||||
for i := 0; i <= maxAttempts; i++ {
|
||||
_, err := Client.CreateSession(CTX, &session.CreateSessionRequest{
|
||||
_, err := Client.CreateSession(LoginCTX, &session.CreateSessionRequest{
|
||||
Checks: &session.Checks{
|
||||
User: &session.CheckUser{
|
||||
Search: &session.CheckUser_UserId{
|
||||
@@ -306,7 +306,7 @@ func TestServer_CreateSession_lock_user(t *testing.T) {
|
||||
|
||||
func TestServer_CreateSession_webauthn(t *testing.T) {
|
||||
// create new session with user and request the webauthn challenge
|
||||
createResp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{
|
||||
createResp, err := Client.CreateSession(LoginCTX, &session.CreateSessionRequest{
|
||||
Checks: &session.Checks{
|
||||
User: &session.CheckUser{
|
||||
Search: &session.CheckUser_UserId{
|
||||
@@ -328,7 +328,7 @@ func TestServer_CreateSession_webauthn(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
|
||||
// update the session with webauthn assertion data
|
||||
updateResp, err := Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
updateResp, err := Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Checks: &session.Checks{
|
||||
WebAuthN: &session.CheckWebAuthN{
|
||||
@@ -374,7 +374,7 @@ func TestServer_CreateSession_successfulIntent_instant(t *testing.T) {
|
||||
|
||||
intentID, token, _, _, err := sink.SuccessfulOAuthIntent(Instance.ID(), idpID, "id", User.GetUserId(), time.Now().Add(time.Hour))
|
||||
require.NoError(t, err)
|
||||
createResp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{
|
||||
createResp, err := Client.CreateSession(LoginCTX, &session.CreateSessionRequest{
|
||||
Checks: &session.Checks{
|
||||
User: &session.CheckUser{
|
||||
Search: &session.CheckUser_UserId{
|
||||
@@ -402,7 +402,7 @@ func TestServer_CreateSession_successfulIntentUnknownUserID(t *testing.T) {
|
||||
Instance.CreateUserIDPlink(CTX, User.GetUserId(), idpUserID, idpID, User.GetUserId())
|
||||
|
||||
// session with intent check must now succeed
|
||||
createResp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{
|
||||
createResp, err := Client.CreateSession(LoginCTX, &session.CreateSessionRequest{
|
||||
Checks: &session.Checks{
|
||||
User: &session.CheckUser{
|
||||
Search: &session.CheckUser_UserId{
|
||||
@@ -422,7 +422,7 @@ func TestServer_CreateSession_successfulIntentUnknownUserID(t *testing.T) {
|
||||
func TestServer_CreateSession_startedIntentFalseToken(t *testing.T) {
|
||||
idpID := Instance.AddGenericOAuthProvider(IAMOwnerCTX, gofakeit.AppName()).GetId()
|
||||
|
||||
createResp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{
|
||||
createResp, err := Client.CreateSession(LoginCTX, &session.CreateSessionRequest{
|
||||
Checks: &session.Checks{
|
||||
User: &session.CheckUser{
|
||||
Search: &session.CheckUser_UserId{
|
||||
@@ -435,7 +435,7 @@ func TestServer_CreateSession_startedIntentFalseToken(t *testing.T) {
|
||||
verifyCurrentSession(t, createResp.GetSessionId(), createResp.GetSessionToken(), createResp.GetDetails().GetSequence(), time.Minute, nil, nil, 0, User.GetUserId())
|
||||
|
||||
intent := Instance.CreateIntent(CTX, idpID)
|
||||
_, err = Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
_, err = Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Checks: &session.Checks{
|
||||
IdpIntent: &session.CheckIDPIntent{
|
||||
@@ -556,13 +556,13 @@ func TestServer_SetSession_flow_totp(t *testing.T) {
|
||||
userExisting := createFullUser(CTX)
|
||||
|
||||
// create new, empty session
|
||||
createResp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{})
|
||||
createResp, err := Client.CreateSession(LoginCTX, &session.CreateSessionRequest{})
|
||||
require.NoError(t, err)
|
||||
sessionToken := createResp.GetSessionToken()
|
||||
verifyCurrentSession(t, createResp.GetSessionId(), sessionToken, createResp.GetDetails().GetSequence(), time.Minute, nil, nil, 0, "")
|
||||
|
||||
t.Run("check user", func(t *testing.T) {
|
||||
resp, err := Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
resp, err := Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Checks: &session.Checks{
|
||||
User: &session.CheckUser{
|
||||
@@ -578,7 +578,7 @@ func TestServer_SetSession_flow_totp(t *testing.T) {
|
||||
})
|
||||
|
||||
t.Run("check webauthn, user verified (passkey)", func(t *testing.T) {
|
||||
resp, err := Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
resp, err := Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Challenges: &session.RequestChallenges{
|
||||
WebAuthN: &session.RequestChallenges_WebAuthN{
|
||||
@@ -594,7 +594,7 @@ func TestServer_SetSession_flow_totp(t *testing.T) {
|
||||
assertionData, err := Instance.WebAuthN.CreateAssertionResponse(resp.GetChallenges().GetWebAuthN().GetPublicKeyCredentialRequestOptions(), true)
|
||||
require.NoError(t, err)
|
||||
|
||||
resp, err = Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
resp, err = Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Checks: &session.Checks{
|
||||
WebAuthN: &session.CheckWebAuthN{
|
||||
@@ -616,7 +616,7 @@ func TestServer_SetSession_flow_totp(t *testing.T) {
|
||||
t.Run("check TOTP", func(t *testing.T) {
|
||||
code, err := totp.GenerateCode(totpSecret, time.Now())
|
||||
require.NoError(t, err)
|
||||
resp, err := Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
resp, err := Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Checks: &session.Checks{
|
||||
Totp: &session.CheckTOTP{
|
||||
@@ -630,13 +630,13 @@ func TestServer_SetSession_flow_totp(t *testing.T) {
|
||||
})
|
||||
|
||||
userImport := Instance.CreateHumanUserWithTOTP(CTX, totpSecret)
|
||||
createRespImport, err := Client.CreateSession(CTX, &session.CreateSessionRequest{})
|
||||
createRespImport, err := Client.CreateSession(LoginCTX, &session.CreateSessionRequest{})
|
||||
require.NoError(t, err)
|
||||
sessionTokenImport := createRespImport.GetSessionToken()
|
||||
verifyCurrentSession(t, createRespImport.GetSessionId(), sessionTokenImport, createRespImport.GetDetails().GetSequence(), time.Minute, nil, nil, 0, "")
|
||||
|
||||
t.Run("check user", func(t *testing.T) {
|
||||
resp, err := Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
resp, err := Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createRespImport.GetSessionId(),
|
||||
Checks: &session.Checks{
|
||||
User: &session.CheckUser{
|
||||
@@ -653,7 +653,7 @@ func TestServer_SetSession_flow_totp(t *testing.T) {
|
||||
t.Run("check TOTP", func(t *testing.T) {
|
||||
code, err := totp.GenerateCode(totpSecret, time.Now())
|
||||
require.NoError(t, err)
|
||||
resp, err := Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
resp, err := Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createRespImport.GetSessionId(),
|
||||
Checks: &session.Checks{
|
||||
Totp: &session.CheckTOTP{
|
||||
@@ -669,13 +669,13 @@ func TestServer_SetSession_flow_totp(t *testing.T) {
|
||||
|
||||
func TestServer_SetSession_flow(t *testing.T) {
|
||||
// create new, empty session
|
||||
createResp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{})
|
||||
createResp, err := Client.CreateSession(LoginCTX, &session.CreateSessionRequest{})
|
||||
require.NoError(t, err)
|
||||
sessionToken := createResp.GetSessionToken()
|
||||
verifyCurrentSession(t, createResp.GetSessionId(), sessionToken, createResp.GetDetails().GetSequence(), time.Minute, nil, nil, 0, User.GetUserId())
|
||||
|
||||
t.Run("check user", func(t *testing.T) {
|
||||
resp, err := Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
resp, err := Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Checks: &session.Checks{
|
||||
User: &session.CheckUser{
|
||||
@@ -691,7 +691,7 @@ func TestServer_SetSession_flow(t *testing.T) {
|
||||
})
|
||||
|
||||
t.Run("check webauthn, user verified (passkey)", func(t *testing.T) {
|
||||
resp, err := Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
resp, err := Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Challenges: &session.RequestChallenges{
|
||||
WebAuthN: &session.RequestChallenges_WebAuthN{
|
||||
@@ -707,7 +707,7 @@ func TestServer_SetSession_flow(t *testing.T) {
|
||||
assertionData, err := Instance.WebAuthN.CreateAssertionResponse(resp.GetChallenges().GetWebAuthN().GetPublicKeyCredentialRequestOptions(), true)
|
||||
require.NoError(t, err)
|
||||
|
||||
resp, err = Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
resp, err = Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Checks: &session.Checks{
|
||||
WebAuthN: &session.CheckWebAuthN{
|
||||
@@ -733,7 +733,7 @@ func TestServer_SetSession_flow(t *testing.T) {
|
||||
session.UserVerificationRequirement_USER_VERIFICATION_REQUIREMENT_DISCOURAGED,
|
||||
} {
|
||||
t.Run(userVerificationRequirement.String(), func(t *testing.T) {
|
||||
resp, err := Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
resp, err := Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Challenges: &session.RequestChallenges{
|
||||
WebAuthN: &session.RequestChallenges_WebAuthN{
|
||||
@@ -749,7 +749,7 @@ func TestServer_SetSession_flow(t *testing.T) {
|
||||
assertionData, err := Instance.WebAuthN.CreateAssertionResponse(resp.GetChallenges().GetWebAuthN().GetPublicKeyCredentialRequestOptions(), false)
|
||||
require.NoError(t, err)
|
||||
|
||||
resp, err = Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
resp, err = Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Checks: &session.Checks{
|
||||
WebAuthN: &session.CheckWebAuthN{
|
||||
@@ -767,7 +767,7 @@ func TestServer_SetSession_flow(t *testing.T) {
|
||||
t.Run("check TOTP", func(t *testing.T) {
|
||||
code, err := totp.GenerateCode(totpSecret, time.Now())
|
||||
require.NoError(t, err)
|
||||
resp, err := Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
resp, err := Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Checks: &session.Checks{
|
||||
Totp: &session.CheckTOTP{
|
||||
@@ -781,7 +781,7 @@ func TestServer_SetSession_flow(t *testing.T) {
|
||||
})
|
||||
|
||||
t.Run("check OTP SMS", func(t *testing.T) {
|
||||
resp, err := Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
resp, err := Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Challenges: &session.RequestChallenges{
|
||||
OtpSms: &session.RequestChallenges_OTPSMS{ReturnCode: true},
|
||||
@@ -794,7 +794,7 @@ func TestServer_SetSession_flow(t *testing.T) {
|
||||
otp := resp.GetChallenges().GetOtpSms()
|
||||
require.NotEmpty(t, otp)
|
||||
|
||||
resp, err = Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
resp, err = Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Checks: &session.Checks{
|
||||
OtpSms: &session.CheckOTP{
|
||||
@@ -808,7 +808,7 @@ func TestServer_SetSession_flow(t *testing.T) {
|
||||
})
|
||||
|
||||
t.Run("check OTP Email", func(t *testing.T) {
|
||||
resp, err := Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
resp, err := Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Challenges: &session.RequestChallenges{
|
||||
OtpEmail: &session.RequestChallenges_OTPEmail{
|
||||
@@ -823,7 +823,7 @@ func TestServer_SetSession_flow(t *testing.T) {
|
||||
otp := resp.GetChallenges().GetOtpEmail()
|
||||
require.NotEmpty(t, otp)
|
||||
|
||||
resp, err = Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
resp, err = Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Checks: &session.Checks{
|
||||
OtpEmail: &session.CheckOTP{
|
||||
@@ -838,13 +838,13 @@ func TestServer_SetSession_flow(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestServer_SetSession_expired(t *testing.T) {
|
||||
createResp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{
|
||||
createResp, err := Client.CreateSession(LoginCTX, &session.CreateSessionRequest{
|
||||
Lifetime: durationpb.New(20 * time.Second),
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
||||
// test session token works
|
||||
_, err = Instance.Client.SessionV2.SetSession(CTX, &session.SetSessionRequest{
|
||||
_, err = Instance.Client.SessionV2.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Lifetime: durationpb.New(20 * time.Second),
|
||||
})
|
||||
@@ -852,7 +852,7 @@ func TestServer_SetSession_expired(t *testing.T) {
|
||||
|
||||
// ensure session expires and does not work anymore
|
||||
time.Sleep(20 * time.Second)
|
||||
_, err = Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
_, err = Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Lifetime: durationpb.New(20 * time.Second),
|
||||
})
|
||||
@@ -860,7 +860,7 @@ func TestServer_SetSession_expired(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestServer_DeleteSession_token(t *testing.T) {
|
||||
createResp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{})
|
||||
createResp, err := Client.CreateSession(LoginCTX, &session.CreateSessionRequest{})
|
||||
require.NoError(t, err)
|
||||
|
||||
_, err = Client.DeleteSession(CTX, &session.DeleteSessionRequest{
|
||||
@@ -880,14 +880,14 @@ func TestServer_DeleteSession_own_session(t *testing.T) {
|
||||
// create two users for the test and a session each to get tokens for authorization
|
||||
user1 := Instance.CreateHumanUser(CTX)
|
||||
Instance.SetUserPassword(CTX, user1.GetUserId(), integration.UserPassword, false)
|
||||
_, token1, _, _ := Instance.CreatePasswordSession(t, CTX, user1.GetUserId(), integration.UserPassword)
|
||||
_, token1, _, _ := Instance.CreatePasswordSession(t, LoginCTX, user1.GetUserId(), integration.UserPassword)
|
||||
|
||||
user2 := Instance.CreateHumanUser(CTX)
|
||||
Instance.SetUserPassword(CTX, user2.GetUserId(), integration.UserPassword, false)
|
||||
_, token2, _, _ := Instance.CreatePasswordSession(t, CTX, user2.GetUserId(), integration.UserPassword)
|
||||
_, token2, _, _ := Instance.CreatePasswordSession(t, LoginCTX, user2.GetUserId(), integration.UserPassword)
|
||||
|
||||
// create a new session for the first user
|
||||
createResp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{
|
||||
createResp, err := Client.CreateSession(LoginCTX, &session.CreateSessionRequest{
|
||||
Checks: &session.Checks{
|
||||
User: &session.CheckUser{
|
||||
Search: &session.CheckUser_UserId{
|
||||
@@ -912,7 +912,7 @@ func TestServer_DeleteSession_own_session(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestServer_DeleteSession_with_permission(t *testing.T) {
|
||||
createResp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{
|
||||
createResp, err := Client.CreateSession(LoginCTX, &session.CreateSessionRequest{
|
||||
Checks: &session.Checks{
|
||||
User: &session.CheckUser{
|
||||
Search: &session.CheckUser_UserId{
|
||||
@@ -932,7 +932,7 @@ func TestServer_DeleteSession_with_permission(t *testing.T) {
|
||||
|
||||
func Test_ZITADEL_API_missing_authentication(t *testing.T) {
|
||||
// create new, empty session
|
||||
createResp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{})
|
||||
createResp, err := Client.CreateSession(LoginCTX, &session.CreateSessionRequest{})
|
||||
require.NoError(t, err)
|
||||
|
||||
ctx := metadata.AppendToOutgoingContext(context.Background(), "Authorization", fmt.Sprintf("Bearer %s", createResp.GetSessionToken()))
|
||||
@@ -947,7 +947,7 @@ func Test_ZITADEL_API_missing_authentication(t *testing.T) {
|
||||
}
|
||||
|
||||
func Test_ZITADEL_API_success(t *testing.T) {
|
||||
id, token, _, _ := Instance.CreateVerifiedWebAuthNSession(t, CTX, User.GetUserId())
|
||||
id, token, _, _ := Instance.CreateVerifiedWebAuthNSession(t, LoginCTX, User.GetUserId())
|
||||
ctx := integration.WithAuthorizationToken(context.Background(), token)
|
||||
|
||||
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(ctx, time.Minute)
|
||||
@@ -963,7 +963,7 @@ func Test_ZITADEL_API_success(t *testing.T) {
|
||||
}
|
||||
|
||||
func Test_ZITADEL_API_session_not_found(t *testing.T) {
|
||||
id, token, _, _ := Instance.CreateVerifiedWebAuthNSession(t, CTX, User.GetUserId())
|
||||
id, token, _, _ := Instance.CreateVerifiedWebAuthNSession(t, LoginCTX, User.GetUserId())
|
||||
|
||||
// test session token works
|
||||
ctx := integration.WithAuthorizationToken(context.Background(), token)
|
||||
@@ -994,7 +994,7 @@ func Test_ZITADEL_API_session_not_found(t *testing.T) {
|
||||
}
|
||||
|
||||
func Test_ZITADEL_API_session_expired(t *testing.T) {
|
||||
id, token, _, _ := Instance.CreateVerifiedWebAuthNSessionWithLifetime(t, CTX, User.GetUserId(), 20*time.Second)
|
||||
id, token, _, _ := Instance.CreateVerifiedWebAuthNSessionWithLifetime(t, LoginCTX, User.GetUserId(), 20*time.Second)
|
||||
|
||||
// test session token works
|
||||
ctx := integration.WithAuthorizationToken(context.Background(), token)
|
||||
|
||||
@@ -51,7 +51,7 @@ func (s *Server) SetSession(ctx context.Context, req *connect.Request[session.Se
|
||||
return nil, err
|
||||
}
|
||||
|
||||
set, err := s.command.UpdateSession(ctx, req.Msg.GetSessionId(), cmds, req.Msg.GetMetadata(), req.Msg.GetLifetime().AsDuration())
|
||||
set, err := s.command.UpdateSession(ctx, req.Msg.GetSessionId(), req.Msg.GetSessionToken(), cmds, req.Msg.GetMetadata(), req.Msg.GetLifetime().AsDuration())
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
||||
@@ -61,7 +61,7 @@ func TestServer_GetSession(t *testing.T) {
|
||||
UserCTX,
|
||||
&session.GetSessionRequest{},
|
||||
func(ctx context.Context, t *testing.T, request *session.GetSessionRequest) uint64 {
|
||||
resp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{})
|
||||
resp, err := Client.CreateSession(LoginCTX, &session.CreateSessionRequest{})
|
||||
require.NoError(t, err)
|
||||
request.SessionId = resp.SessionId
|
||||
return resp.GetDetails().GetSequence()
|
||||
@@ -72,10 +72,10 @@ func TestServer_GetSession(t *testing.T) {
|
||||
{
|
||||
name: "get session, permission, ok",
|
||||
args: args{
|
||||
CTX,
|
||||
IAMOwnerCTX,
|
||||
&session.GetSessionRequest{},
|
||||
func(ctx context.Context, t *testing.T, request *session.GetSessionRequest) uint64 {
|
||||
resp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{})
|
||||
resp, err := Client.CreateSession(LoginCTX, &session.CreateSessionRequest{})
|
||||
require.NoError(t, err)
|
||||
request.SessionId = resp.SessionId
|
||||
return resp.GetDetails().GetSequence()
|
||||
@@ -91,7 +91,7 @@ func TestServer_GetSession(t *testing.T) {
|
||||
UserCTX,
|
||||
&session.GetSessionRequest{},
|
||||
func(ctx context.Context, t *testing.T, request *session.GetSessionRequest) uint64 {
|
||||
resp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{})
|
||||
resp, err := Client.CreateSession(LoginCTX, &session.CreateSessionRequest{})
|
||||
require.NoError(t, err)
|
||||
request.SessionId = resp.SessionId
|
||||
request.SessionToken = gu.Ptr(resp.SessionToken)
|
||||
@@ -108,7 +108,7 @@ func TestServer_GetSession(t *testing.T) {
|
||||
UserCTX,
|
||||
&session.GetSessionRequest{},
|
||||
func(ctx context.Context, t *testing.T, request *session.GetSessionRequest) uint64 {
|
||||
resp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{
|
||||
resp, err := Client.CreateSession(LoginCTX, &session.CreateSessionRequest{
|
||||
UserAgent: &session.UserAgent{
|
||||
FingerprintId: gu.Ptr("fingerPrintID"),
|
||||
Ip: gu.Ptr("1.2.3.4"),
|
||||
@@ -144,7 +144,7 @@ func TestServer_GetSession(t *testing.T) {
|
||||
UserCTX,
|
||||
&session.GetSessionRequest{},
|
||||
func(ctx context.Context, t *testing.T, request *session.GetSessionRequest) uint64 {
|
||||
resp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{
|
||||
resp, err := Client.CreateSession(LoginCTX, &session.CreateSessionRequest{
|
||||
Lifetime: durationpb.New(5 * time.Minute),
|
||||
},
|
||||
)
|
||||
@@ -165,7 +165,7 @@ func TestServer_GetSession(t *testing.T) {
|
||||
UserCTX,
|
||||
&session.GetSessionRequest{},
|
||||
func(ctx context.Context, t *testing.T, request *session.GetSessionRequest) uint64 {
|
||||
resp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{
|
||||
resp, err := Client.CreateSession(LoginCTX, &session.CreateSessionRequest{
|
||||
Metadata: map[string][]byte{"foo": []byte("bar")},
|
||||
},
|
||||
)
|
||||
@@ -187,7 +187,7 @@ func TestServer_GetSession(t *testing.T) {
|
||||
UserCTX,
|
||||
&session.GetSessionRequest{},
|
||||
func(ctx context.Context, t *testing.T, request *session.GetSessionRequest) uint64 {
|
||||
resp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{
|
||||
resp, err := Client.CreateSession(LoginCTX, &session.CreateSessionRequest{
|
||||
Checks: &session.Checks{
|
||||
User: &session.CheckUser{
|
||||
Search: &session.CheckUser_UserId{
|
||||
@@ -337,7 +337,7 @@ func TestServer_ListSessions(t *testing.T) {
|
||||
},
|
||||
},
|
||||
{
|
||||
name: "list sessions, wrong creator",
|
||||
name: "list sessions, no permission",
|
||||
args: args{
|
||||
UserCTX,
|
||||
&session.ListSessionsRequest{},
|
||||
@@ -349,7 +349,7 @@ func TestServer_ListSessions(t *testing.T) {
|
||||
},
|
||||
want: &session.ListSessionsResponse{
|
||||
Details: &object.ListDetails{
|
||||
TotalResult: 0,
|
||||
TotalResult: 1,
|
||||
Timestamp: timestamppb.Now(),
|
||||
},
|
||||
Sessions: []*session.Session{},
|
||||
@@ -358,7 +358,7 @@ func TestServer_ListSessions(t *testing.T) {
|
||||
{
|
||||
name: "list sessions, full, ok",
|
||||
args: args{
|
||||
CTX,
|
||||
IAMOwnerCTX,
|
||||
&session.ListSessionsRequest{},
|
||||
func(ctx context.Context, t *testing.T, request *session.ListSessionsRequest) []*sessionAttr {
|
||||
info := createSession(ctx, t, User.GetUserId(), "agent", durationpb.New(time.Minute*5), map[string][]byte{"key": []byte("value")})
|
||||
@@ -391,7 +391,7 @@ func TestServer_ListSessions(t *testing.T) {
|
||||
{
|
||||
name: "list sessions, multiple, ok",
|
||||
args: args{
|
||||
CTX,
|
||||
IAMOwnerCTX,
|
||||
&session.ListSessionsRequest{},
|
||||
func(ctx context.Context, t *testing.T, request *session.ListSessionsRequest) []*sessionAttr {
|
||||
infos := createSessions(ctx, t, 3, User.GetUserId(), "agent", durationpb.New(time.Minute*5), map[string][]byte{"key": []byte("value")})
|
||||
@@ -446,7 +446,7 @@ func TestServer_ListSessions(t *testing.T) {
|
||||
{
|
||||
name: "list sessions, userid, ok",
|
||||
args: args{
|
||||
CTX,
|
||||
IAMOwnerCTX,
|
||||
&session.ListSessionsRequest{},
|
||||
func(ctx context.Context, t *testing.T, request *session.ListSessionsRequest) []*sessionAttr {
|
||||
createdUser := createFullUser(ctx)
|
||||
@@ -480,7 +480,7 @@ func TestServer_ListSessions(t *testing.T) {
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
infos := tt.args.dep(CTX, t, tt.args.req)
|
||||
infos := tt.args.dep(LoginCTX, t, tt.args.req)
|
||||
|
||||
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(tt.args.ctx, time.Minute)
|
||||
require.EventuallyWithT(t, func(ttt *assert.CollectT) {
|
||||
@@ -499,7 +499,7 @@ func TestServer_ListSessions(t *testing.T) {
|
||||
}
|
||||
|
||||
// expected count of sessions is not equal to received sessions
|
||||
if !assert.Equal(ttt, got.Details.TotalResult, tt.want.Details.TotalResult) || !assert.Len(ttt, got.Sessions, len(tt.want.Sessions)) {
|
||||
if !assert.Equal(ttt, tt.want.Details.TotalResult, got.Details.TotalResult) || !assert.Len(ttt, got.Sessions, len(tt.want.Sessions)) {
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
@@ -18,6 +18,7 @@ import (
|
||||
var (
|
||||
CTX context.Context
|
||||
IAMOwnerCTX context.Context
|
||||
LoginCTX context.Context
|
||||
UserCTX context.Context
|
||||
Instance *integration.Instance
|
||||
Client session.SessionServiceClient
|
||||
@@ -36,6 +37,7 @@ func TestMain(m *testing.M) {
|
||||
|
||||
CTX = Instance.WithAuthorization(ctx, integration.UserTypeOrgOwner)
|
||||
IAMOwnerCTX = Instance.WithAuthorization(ctx, integration.UserTypeIAMOwner)
|
||||
LoginCTX = Instance.WithAuthorization(ctx, integration.UserTypeLogin)
|
||||
UserCTX = Instance.WithAuthorization(ctx, integration.UserTypeNoPermission)
|
||||
User = createFullUser(CTX)
|
||||
DeactivatedUser = createDeactivatedUser(CTX)
|
||||
|
||||
@@ -251,7 +251,7 @@ func TestServer_CreateSession(t *testing.T) {
|
||||
}
|
||||
for _, tt := range tests {
|
||||
t.Run(tt.name, func(t *testing.T) {
|
||||
got, err := Client.CreateSession(CTX, tt.req)
|
||||
got, err := Client.CreateSession(LoginCTX, tt.req)
|
||||
if tt.wantErr {
|
||||
require.Error(t, err)
|
||||
return
|
||||
@@ -280,7 +280,7 @@ func TestServer_CreateSession_lock_user(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
|
||||
for i := 0; i <= maxAttempts; i++ {
|
||||
_, err := Client.CreateSession(CTX, &session.CreateSessionRequest{
|
||||
_, err := Client.CreateSession(LoginCTX, &session.CreateSessionRequest{
|
||||
Checks: &session.Checks{
|
||||
User: &session.CheckUser{
|
||||
Search: &session.CheckUser_UserId{
|
||||
@@ -306,7 +306,7 @@ func TestServer_CreateSession_lock_user(t *testing.T) {
|
||||
|
||||
func TestServer_CreateSession_webauthn(t *testing.T) {
|
||||
// create new session with user and request the webauthn challenge
|
||||
createResp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{
|
||||
createResp, err := Client.CreateSession(LoginCTX, &session.CreateSessionRequest{
|
||||
Checks: &session.Checks{
|
||||
User: &session.CheckUser{
|
||||
Search: &session.CheckUser_UserId{
|
||||
@@ -328,7 +328,7 @@ func TestServer_CreateSession_webauthn(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
|
||||
// update the session with webauthn assertion data
|
||||
updateResp, err := Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
updateResp, err := Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Checks: &session.Checks{
|
||||
WebAuthN: &session.CheckWebAuthN{
|
||||
@@ -342,7 +342,7 @@ func TestServer_CreateSession_webauthn(t *testing.T) {
|
||||
|
||||
func TestServer_CreateSession_successfulIntent(t *testing.T) {
|
||||
idpID := Instance.AddGenericOAuthProvider(IAMOwnerCTX, gofakeit.AppName()).GetId()
|
||||
createResp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{
|
||||
createResp, err := Client.CreateSession(LoginCTX, &session.CreateSessionRequest{
|
||||
Checks: &session.Checks{
|
||||
User: &session.CheckUser{
|
||||
Search: &session.CheckUser_UserId{
|
||||
@@ -356,7 +356,7 @@ func TestServer_CreateSession_successfulIntent(t *testing.T) {
|
||||
|
||||
intentID, token, _, _, err := sink.SuccessfulOAuthIntent(Instance.ID(), idpID, "id", User.GetUserId(), time.Now().Add(time.Hour))
|
||||
require.NoError(t, err)
|
||||
updateResp, err := Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
updateResp, err := Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Checks: &session.Checks{
|
||||
IdpIntent: &session.CheckIDPIntent{
|
||||
@@ -374,7 +374,7 @@ func TestServer_CreateSession_successfulIntent_instant(t *testing.T) {
|
||||
|
||||
intentID, token, _, _, err := sink.SuccessfulOAuthIntent(Instance.ID(), idpID, "id", User.GetUserId(), time.Now().Add(time.Hour))
|
||||
require.NoError(t, err)
|
||||
createResp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{
|
||||
createResp, err := Client.CreateSession(LoginCTX, &session.CreateSessionRequest{
|
||||
Checks: &session.Checks{
|
||||
User: &session.CheckUser{
|
||||
Search: &session.CheckUser_UserId{
|
||||
@@ -403,7 +403,7 @@ func TestServer_CreateSession_successfulIntentUnknownUserID(t *testing.T) {
|
||||
Instance.CreateUserIDPlink(CTX, User.GetUserId(), idpUserID, idpID, User.GetUserId())
|
||||
|
||||
// session with intent check must now succeed
|
||||
createResp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{
|
||||
createResp, err := Client.CreateSession(LoginCTX, &session.CreateSessionRequest{
|
||||
Checks: &session.Checks{
|
||||
User: &session.CheckUser{
|
||||
Search: &session.CheckUser_UserId{
|
||||
@@ -423,7 +423,7 @@ func TestServer_CreateSession_successfulIntentUnknownUserID(t *testing.T) {
|
||||
func TestServer_CreateSession_startedIntentFalseToken(t *testing.T) {
|
||||
idpID := Instance.AddGenericOAuthProvider(IAMOwnerCTX, gofakeit.AppName()).GetId()
|
||||
|
||||
createResp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{
|
||||
createResp, err := Client.CreateSession(LoginCTX, &session.CreateSessionRequest{
|
||||
Checks: &session.Checks{
|
||||
User: &session.CheckUser{
|
||||
Search: &session.CheckUser_UserId{
|
||||
@@ -436,7 +436,7 @@ func TestServer_CreateSession_startedIntentFalseToken(t *testing.T) {
|
||||
verifyCurrentSession(t, createResp.GetSessionId(), createResp.GetSessionToken(), createResp.GetDetails().GetSequence(), time.Minute, nil, nil, 0, User.GetUserId())
|
||||
|
||||
intent := Instance.CreateIntent(CTX, idpID)
|
||||
_, err = Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
_, err = Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Checks: &session.Checks{
|
||||
IdpIntent: &session.CheckIDPIntent{
|
||||
@@ -557,13 +557,13 @@ func TestServer_SetSession_flow_totp(t *testing.T) {
|
||||
userExisting := createFullUser(CTX)
|
||||
|
||||
// create new, empty session
|
||||
createResp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{})
|
||||
createResp, err := Client.CreateSession(LoginCTX, &session.CreateSessionRequest{})
|
||||
require.NoError(t, err)
|
||||
sessionToken := createResp.GetSessionToken()
|
||||
verifyCurrentSession(t, createResp.GetSessionId(), sessionToken, createResp.GetDetails().GetSequence(), time.Minute, nil, nil, 0, "")
|
||||
|
||||
t.Run("check user", func(t *testing.T) {
|
||||
resp, err := Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
resp, err := Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Checks: &session.Checks{
|
||||
User: &session.CheckUser{
|
||||
@@ -579,7 +579,7 @@ func TestServer_SetSession_flow_totp(t *testing.T) {
|
||||
})
|
||||
|
||||
t.Run("check webauthn, user verified (passkey)", func(t *testing.T) {
|
||||
resp, err := Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
resp, err := Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Challenges: &session.RequestChallenges{
|
||||
WebAuthN: &session.RequestChallenges_WebAuthN{
|
||||
@@ -595,7 +595,7 @@ func TestServer_SetSession_flow_totp(t *testing.T) {
|
||||
assertionData, err := Instance.WebAuthN.CreateAssertionResponse(resp.GetChallenges().GetWebAuthN().GetPublicKeyCredentialRequestOptions(), true)
|
||||
require.NoError(t, err)
|
||||
|
||||
resp, err = Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
resp, err = Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Checks: &session.Checks{
|
||||
WebAuthN: &session.CheckWebAuthN{
|
||||
@@ -617,7 +617,7 @@ func TestServer_SetSession_flow_totp(t *testing.T) {
|
||||
t.Run("check TOTP", func(t *testing.T) {
|
||||
code, err := totp.GenerateCode(totpSecret, time.Now())
|
||||
require.NoError(t, err)
|
||||
resp, err := Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
resp, err := Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Checks: &session.Checks{
|
||||
Totp: &session.CheckTOTP{
|
||||
@@ -631,13 +631,13 @@ func TestServer_SetSession_flow_totp(t *testing.T) {
|
||||
})
|
||||
|
||||
userImport := Instance.CreateHumanUserWithTOTP(CTX, totpSecret)
|
||||
createRespImport, err := Client.CreateSession(CTX, &session.CreateSessionRequest{})
|
||||
createRespImport, err := Client.CreateSession(LoginCTX, &session.CreateSessionRequest{})
|
||||
require.NoError(t, err)
|
||||
sessionTokenImport := createRespImport.GetSessionToken()
|
||||
verifyCurrentSession(t, createRespImport.GetSessionId(), sessionTokenImport, createRespImport.GetDetails().GetSequence(), time.Minute, nil, nil, 0, "")
|
||||
|
||||
t.Run("check user", func(t *testing.T) {
|
||||
resp, err := Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
resp, err := Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createRespImport.GetSessionId(),
|
||||
Checks: &session.Checks{
|
||||
User: &session.CheckUser{
|
||||
@@ -654,7 +654,7 @@ func TestServer_SetSession_flow_totp(t *testing.T) {
|
||||
t.Run("check TOTP", func(t *testing.T) {
|
||||
code, err := totp.GenerateCode(totpSecret, time.Now())
|
||||
require.NoError(t, err)
|
||||
resp, err := Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
resp, err := Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createRespImport.GetSessionId(),
|
||||
Checks: &session.Checks{
|
||||
Totp: &session.CheckTOTP{
|
||||
@@ -670,13 +670,13 @@ func TestServer_SetSession_flow_totp(t *testing.T) {
|
||||
|
||||
func TestServer_SetSession_flow(t *testing.T) {
|
||||
// create new, empty session
|
||||
createResp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{})
|
||||
createResp, err := Client.CreateSession(LoginCTX, &session.CreateSessionRequest{})
|
||||
require.NoError(t, err)
|
||||
sessionToken := createResp.GetSessionToken()
|
||||
verifyCurrentSession(t, createResp.GetSessionId(), sessionToken, createResp.GetDetails().GetSequence(), time.Minute, nil, nil, 0, User.GetUserId())
|
||||
|
||||
t.Run("check user", func(t *testing.T) {
|
||||
resp, err := Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
resp, err := Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Checks: &session.Checks{
|
||||
User: &session.CheckUser{
|
||||
@@ -692,7 +692,7 @@ func TestServer_SetSession_flow(t *testing.T) {
|
||||
})
|
||||
|
||||
t.Run("check webauthn, user verified (passkey)", func(t *testing.T) {
|
||||
resp, err := Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
resp, err := Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Challenges: &session.RequestChallenges{
|
||||
WebAuthN: &session.RequestChallenges_WebAuthN{
|
||||
@@ -708,7 +708,7 @@ func TestServer_SetSession_flow(t *testing.T) {
|
||||
assertionData, err := Instance.WebAuthN.CreateAssertionResponse(resp.GetChallenges().GetWebAuthN().GetPublicKeyCredentialRequestOptions(), true)
|
||||
require.NoError(t, err)
|
||||
|
||||
resp, err = Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
resp, err = Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Checks: &session.Checks{
|
||||
WebAuthN: &session.CheckWebAuthN{
|
||||
@@ -734,7 +734,7 @@ func TestServer_SetSession_flow(t *testing.T) {
|
||||
session.UserVerificationRequirement_USER_VERIFICATION_REQUIREMENT_DISCOURAGED,
|
||||
} {
|
||||
t.Run(userVerificationRequirement.String(), func(t *testing.T) {
|
||||
resp, err := Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
resp, err := Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Challenges: &session.RequestChallenges{
|
||||
WebAuthN: &session.RequestChallenges_WebAuthN{
|
||||
@@ -750,7 +750,7 @@ func TestServer_SetSession_flow(t *testing.T) {
|
||||
assertionData, err := Instance.WebAuthN.CreateAssertionResponse(resp.GetChallenges().GetWebAuthN().GetPublicKeyCredentialRequestOptions(), false)
|
||||
require.NoError(t, err)
|
||||
|
||||
resp, err = Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
resp, err = Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Checks: &session.Checks{
|
||||
WebAuthN: &session.CheckWebAuthN{
|
||||
@@ -768,7 +768,7 @@ func TestServer_SetSession_flow(t *testing.T) {
|
||||
t.Run("check TOTP", func(t *testing.T) {
|
||||
code, err := totp.GenerateCode(totpSecret, time.Now())
|
||||
require.NoError(t, err)
|
||||
resp, err := Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
resp, err := Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Checks: &session.Checks{
|
||||
Totp: &session.CheckTOTP{
|
||||
@@ -782,7 +782,7 @@ func TestServer_SetSession_flow(t *testing.T) {
|
||||
})
|
||||
|
||||
t.Run("check OTP SMS", func(t *testing.T) {
|
||||
resp, err := Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
resp, err := Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Challenges: &session.RequestChallenges{
|
||||
OtpSms: &session.RequestChallenges_OTPSMS{ReturnCode: true},
|
||||
@@ -795,7 +795,7 @@ func TestServer_SetSession_flow(t *testing.T) {
|
||||
otp := resp.GetChallenges().GetOtpSms()
|
||||
require.NotEmpty(t, otp)
|
||||
|
||||
resp, err = Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
resp, err = Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Checks: &session.Checks{
|
||||
OtpSms: &session.CheckOTP{
|
||||
@@ -809,7 +809,7 @@ func TestServer_SetSession_flow(t *testing.T) {
|
||||
})
|
||||
|
||||
t.Run("check OTP Email", func(t *testing.T) {
|
||||
resp, err := Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
resp, err := Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Challenges: &session.RequestChallenges{
|
||||
OtpEmail: &session.RequestChallenges_OTPEmail{
|
||||
@@ -824,7 +824,7 @@ func TestServer_SetSession_flow(t *testing.T) {
|
||||
otp := resp.GetChallenges().GetOtpEmail()
|
||||
require.NotEmpty(t, otp)
|
||||
|
||||
resp, err = Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
resp, err = Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Checks: &session.Checks{
|
||||
OtpEmail: &session.CheckOTP{
|
||||
@@ -839,13 +839,13 @@ func TestServer_SetSession_flow(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestServer_SetSession_expired(t *testing.T) {
|
||||
createResp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{
|
||||
createResp, err := Client.CreateSession(LoginCTX, &session.CreateSessionRequest{
|
||||
Lifetime: durationpb.New(20 * time.Second),
|
||||
})
|
||||
require.NoError(t, err)
|
||||
|
||||
// test session token works
|
||||
_, err = Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
_, err = Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Lifetime: durationpb.New(20 * time.Second),
|
||||
})
|
||||
@@ -853,7 +853,7 @@ func TestServer_SetSession_expired(t *testing.T) {
|
||||
|
||||
// ensure session expires and does not work anymore
|
||||
time.Sleep(20 * time.Second)
|
||||
_, err = Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
_, err = Client.SetSession(LoginCTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Lifetime: durationpb.New(20 * time.Second),
|
||||
})
|
||||
@@ -861,7 +861,7 @@ func TestServer_SetSession_expired(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestServer_DeleteSession_token(t *testing.T) {
|
||||
createResp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{})
|
||||
createResp, err := Client.CreateSession(LoginCTX, &session.CreateSessionRequest{})
|
||||
require.NoError(t, err)
|
||||
|
||||
_, err = Client.DeleteSession(CTX, &session.DeleteSessionRequest{
|
||||
@@ -881,14 +881,14 @@ func TestServer_DeleteSession_own_session(t *testing.T) {
|
||||
// create two users for the test and a session each to get tokens for authorization
|
||||
user1 := Instance.CreateHumanUser(CTX)
|
||||
Instance.SetUserPassword(CTX, user1.GetUserId(), integration.UserPassword, false)
|
||||
_, token1, _, _ := Instance.CreatePasswordSession(t, CTX, user1.GetUserId(), integration.UserPassword)
|
||||
_, token1, _, _ := Instance.CreatePasswordSession(t, LoginCTX, user1.GetUserId(), integration.UserPassword)
|
||||
|
||||
user2 := Instance.CreateHumanUser(CTX)
|
||||
Instance.SetUserPassword(CTX, user2.GetUserId(), integration.UserPassword, false)
|
||||
_, token2, _, _ := Instance.CreatePasswordSession(t, CTX, user2.GetUserId(), integration.UserPassword)
|
||||
_, token2, _, _ := Instance.CreatePasswordSession(t, LoginCTX, user2.GetUserId(), integration.UserPassword)
|
||||
|
||||
// create a new session for the first user
|
||||
createResp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{
|
||||
createResp, err := Client.CreateSession(LoginCTX, &session.CreateSessionRequest{
|
||||
Checks: &session.Checks{
|
||||
User: &session.CheckUser{
|
||||
Search: &session.CheckUser_UserId{
|
||||
@@ -913,7 +913,7 @@ func TestServer_DeleteSession_own_session(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestServer_DeleteSession_with_permission(t *testing.T) {
|
||||
createResp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{
|
||||
createResp, err := Client.CreateSession(LoginCTX, &session.CreateSessionRequest{
|
||||
Checks: &session.Checks{
|
||||
User: &session.CheckUser{
|
||||
Search: &session.CheckUser_UserId{
|
||||
@@ -933,7 +933,7 @@ func TestServer_DeleteSession_with_permission(t *testing.T) {
|
||||
|
||||
func Test_ZITADEL_API_missing_authentication(t *testing.T) {
|
||||
// create new, empty session
|
||||
createResp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{})
|
||||
createResp, err := Client.CreateSession(LoginCTX, &session.CreateSessionRequest{})
|
||||
require.NoError(t, err)
|
||||
|
||||
ctx := metadata.AppendToOutgoingContext(context.Background(), "Authorization", fmt.Sprintf("Bearer %s", createResp.GetSessionToken()))
|
||||
@@ -948,7 +948,7 @@ func Test_ZITADEL_API_missing_authentication(t *testing.T) {
|
||||
}
|
||||
|
||||
func Test_ZITADEL_API_success(t *testing.T) {
|
||||
id, token, _, _ := Instance.CreateVerifiedWebAuthNSession(t, CTX, User.GetUserId())
|
||||
id, token, _, _ := Instance.CreateVerifiedWebAuthNSession(t, LoginCTX, User.GetUserId())
|
||||
ctx := integration.WithAuthorizationToken(context.Background(), token)
|
||||
|
||||
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(ctx, time.Minute)
|
||||
@@ -964,7 +964,7 @@ func Test_ZITADEL_API_success(t *testing.T) {
|
||||
}
|
||||
|
||||
func Test_ZITADEL_API_session_not_found(t *testing.T) {
|
||||
id, token, _, _ := Instance.CreateVerifiedWebAuthNSession(t, CTX, User.GetUserId())
|
||||
id, token, _, _ := Instance.CreateVerifiedWebAuthNSession(t, LoginCTX, User.GetUserId())
|
||||
|
||||
// test session token works
|
||||
ctx := integration.WithAuthorizationToken(context.Background(), token)
|
||||
@@ -995,7 +995,7 @@ func Test_ZITADEL_API_session_not_found(t *testing.T) {
|
||||
}
|
||||
|
||||
func Test_ZITADEL_API_session_expired(t *testing.T) {
|
||||
id, token, _, _ := Instance.CreateVerifiedWebAuthNSessionWithLifetime(t, CTX, User.GetUserId(), 20*time.Second)
|
||||
id, token, _, _ := Instance.CreateVerifiedWebAuthNSessionWithLifetime(t, LoginCTX, User.GetUserId(), 20*time.Second)
|
||||
|
||||
// test session token works
|
||||
ctx := integration.WithAuthorizationToken(context.Background(), token)
|
||||
|
||||
@@ -12,7 +12,6 @@ import (
|
||||
"google.golang.org/protobuf/types/known/structpb"
|
||||
"google.golang.org/protobuf/types/known/timestamppb"
|
||||
|
||||
"github.com/zitadel/zitadel/internal/api/authz"
|
||||
object "github.com/zitadel/zitadel/internal/api/grpc/object/v2beta"
|
||||
"github.com/zitadel/zitadel/internal/command"
|
||||
"github.com/zitadel/zitadel/internal/domain"
|
||||
@@ -90,7 +89,7 @@ func (s *Server) SetSession(ctx context.Context, req *connect.Request[session.Se
|
||||
return nil, err
|
||||
}
|
||||
|
||||
set, err := s.command.UpdateSession(ctx, req.Msg.GetSessionId(), cmds, req.Msg.GetMetadata(), req.Msg.GetLifetime().AsDuration())
|
||||
set, err := s.command.UpdateSession(ctx, req.Msg.GetSessionId(), req.Msg.GetSessionToken(), cmds, req.Msg.GetMetadata(), req.Msg.GetLifetime().AsDuration())
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
@@ -256,18 +255,13 @@ func listSessionsRequestToQuery(ctx context.Context, req *session.ListSessionsRe
|
||||
}
|
||||
|
||||
func sessionQueriesToQuery(ctx context.Context, queries []*session.SearchQuery) (_ []query.SearchQuery, err error) {
|
||||
q := make([]query.SearchQuery, len(queries)+1)
|
||||
q := make([]query.SearchQuery, len(queries))
|
||||
for i, v := range queries {
|
||||
q[i], err = sessionQueryToQuery(v)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
creatorQuery, err := query.NewSessionCreatorSearchQuery(authz.GetCtxData(ctx).UserID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
q[len(queries)] = creatorQuery
|
||||
return q, nil
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user