fix: asset service (CORS and path in console) and user init (#3655)

* fix: asset service (CORS and path in console) and user init * fix tests * improve comment
2025-08-11 19:17:32 +00:00 · 2022-05-18 14:10:49 +02:00
parent 616b31c959
commit 5901991dd3
5 changed files with 66 additions and 148 deletions
--- a/console/src/app/pages/projects/apps/app-detail/app-detail.component.ts
+++ b/console/src/app/pages/projects/apps/app-detail/app-detail.component.ts
@@ -164,9 +164,9 @@ export class AppDetailComponent implements OnInit, OnDestroy {
    this.http.get('./assets/environment.json').subscribe((env: any) => {
      this.environmentMap = {
        issuer: env.issuer,
-        adminServiceUrl: env.adminServiceUrl,
-        mgmtServiceUrl: env.mgmtServiceUrl,
-        authServiceUrl: env.adminServiceUrl,
+        adminServiceUrl: env.api,
+        mgmtServiceUrl: env.api,
+        authServiceUrl: env.api,
      };
    });
  }
--- a/console/src/app/services/asset.service.ts
+++ b/console/src/app/services/asset.service.ts
@@ -84,8 +84,8 @@ export class AssetService {
      .get('./assets/environment.json')
      .toPromise()
      .then((data: any) => {
-        if (data && data.assetServiceUrl) {
-          return data.assetServiceUrl;
+        if (data && data.api) {
+          return data.api;
        }
      })
      .catch((error) => {
--- a/internal/api/assets/asset.go
+++ b/internal/api/assets/asset.go
@@ -83,7 +83,7 @@ func NewHandler(commands *command.Commands, verifier *authz.TokenVerifier, authC

 	verifier.RegisterServer("Assets-API", "assets", AssetsService_AuthMethods)
 	router := mux.NewRouter()
-	router.Use(sentryhttp.New(sentryhttp.Options{}).Handle, instanceInterceptor)
+	router.Use(sentryhttp.New(sentryhttp.Options{}).Handle, http_mw.CORSInterceptor, instanceInterceptor)
 	RegisterRoutes(router, h)
 	router.PathPrefix("/{owner}").Methods("GET").HandlerFunc(DownloadHandleFunc(h, h.GetFile()))
 	return router
--- a/internal/command/user_human.go
+++ b/internal/command/user_human.go
@@ -179,16 +179,16 @@ func AddHumanCommand(a *user.Aggregate, human *AddHuman, passwordAlg crypto.Hash
 					return nil, err
 				}
 				cmds = append(cmds, user.NewHumanInitialCodeAddedEvent(ctx, &a.Aggregate, value, expiry))
-			}
-
-			if human.Email.Verified {
-				cmds = append(cmds, user.NewHumanEmailVerifiedEvent(ctx, &a.Aggregate))
 			} else {
-				value, expiry, err := newEmailCode(ctx, filter, codeAlg)
-				if err != nil {
-					return nil, err
+				if human.Email.Verified {
+					cmds = append(cmds, user.NewHumanEmailVerifiedEvent(ctx, &a.Aggregate))
+				} else {
+					value, expiry, err := newEmailCode(ctx, filter, codeAlg)
+					if err != nil {
+						return nil, err
+					}
+					cmds = append(cmds, user.NewHumanEmailCodeAddedEvent(ctx, &a.Aggregate, value, expiry))
 				}
-				cmds = append(cmds, user.NewHumanEmailCodeAddedEvent(ctx, &a.Aggregate, value, expiry))
 			}

 			if human.Phone.Verified {
@@ -249,13 +249,17 @@ func (h *AddHuman) ensureDisplayName() {
 	h.DisplayName = h.FirstName + " " + h.LastName
 }

+//shouldAddInitCode returns true for all added Humans which:
+// - were not added from an external IDP
+// - and either:
+//    - have no verified email
+// 			and / or
+//    -  have no authentication method (password / passwordless)
 func (h *AddHuman) shouldAddInitCode() bool {
-	//user without idp
-	return !h.Email.Verified ||
-		//user with idp
-		!h.ExternalIDP &&
-			!h.Passwordless &&
-			h.Password != ""
+	return !h.ExternalIDP &&
+		!h.Email.Verified ||
+		!h.Passwordless &&
+			h.Password == ""
 }

 func (c *Commands) ImportHuman(ctx context.Context, orgID string, human *domain.Human, passwordless bool, initCodeGenerator crypto.Generator, phoneCodeGenerator crypto.Generator, passwordlessCodeGenerator crypto.Generator) (_ *domain.Human, passwordlessCode *domain.PasswordlessInitCode, err error) {
--- a/internal/command/user_human_test.go
+++ b/internal/command/user_human_test.go
@@ -189,21 +189,6 @@ func TestCommandSide_AddHuman(t *testing.T) {
 							),
 						),
 					),
-					expectFilter(
-						eventFromEventPusher(
-							instance.NewSecretGeneratorAddedEvent(
-								context.Background(),
-								&instanceAgg.Aggregate,
-								domain.SecretGeneratorTypeVerifyEmailCode,
-								0,
-								1*time.Hour,
-								true,
-								true,
-								true,
-								true,
-							),
-						),
-					),
 					expectPush(
 						[]*repository.Event{
 							eventFromEventPusher(
@@ -232,18 +217,6 @@ func TestCommandSide_AddHuman(t *testing.T) {
 									time.Hour*1,
 								),
 							),
-							eventFromEventPusher(
-								user.NewHumanEmailCodeAddedEvent(context.Background(),
-									&userAgg.Aggregate,
-									&crypto.CryptoValue{
-										CryptoType: crypto.TypeEncryption,
-										Algorithm:  "enc",
-										KeyID:      "id",
-										Crypted:    []byte(""),
-									},
-									time.Hour*1,
-								),
-							),
 						},
 						uniqueConstraintsFromEventConstraint(user.NewAddUsernameUniqueConstraint("username", "org1", true)),
 					),
@@ -303,20 +276,6 @@ func TestCommandSide_AddHuman(t *testing.T) {
 							),
 						),
 					),
-					expectFilter(
-						eventFromEventPusher(
-							user.NewHumanInitialCodeAddedEvent(context.Background(),
-								&userAgg.Aggregate,
-								&crypto.CryptoValue{
-									CryptoType: crypto.TypeEncryption,
-									Algorithm:  "enc",
-									KeyID:      "id",
-									Crypted:    []byte(""),
-								},
-								time.Hour*1,
-							),
-						),
-					),
 					expectFilter(
 						eventFromEventPusher(
 							instance.NewSecretGeneratorAddedEvent(
@@ -346,20 +305,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
 										KeyID:      "id",
 										Crypted:    []byte(""),
 									},
-									0,
-								),
-							),
-							eventFromEventPusher(
-								user.NewHumanEmailCodeAddedEvent(
-									context.Background(),
-									&userAgg.Aggregate,
-									&crypto.CryptoValue{
-										CryptoType: crypto.TypeEncryption,
-										Algorithm:  "enc",
-										KeyID:      "id",
-										Crypted:    []byte(""),
-									},
-									0,
+									1*time.Hour,
 								),
 							),
 						},
@@ -421,39 +367,11 @@ func TestCommandSide_AddHuman(t *testing.T) {
 							),
 						),
 					),
-					expectFilter(
-						eventFromEventPusher(
-							instance.NewSecretGeneratorAddedEvent(
-								context.Background(),
-								&instanceAgg.Aggregate,
-								domain.SecretGeneratorTypeInitCode,
-								0,
-								1*time.Hour,
-								true,
-								true,
-								true,
-								true,
-							),
-						),
-					),
 					expectPush(
 						[]*repository.Event{
 							eventFromEventPusher(
 								newAddHumanEvent("password", true, ""),
 							),
-							eventFromEventPusher(
-								user.NewHumanInitialCodeAddedEvent(
-									context.Background(),
-									&userAgg.Aggregate,
-									&crypto.CryptoValue{
-										CryptoType: crypto.TypeEncryption,
-										Algorithm:  "enc",
-										KeyID:      "id",
-										Crypted:    []byte(""),
-									},
-									1*time.Hour,
-								),
-							),
 							eventFromEventPusher(
 								user.NewHumanEmailVerifiedEvent(context.Background(),
 									&userAgg.Aggregate),
@@ -507,6 +425,18 @@ func TestCommandSide_AddHuman(t *testing.T) {
 							),
 						),
 					),
+					expectFilter(
+						eventFromEventPusher(
+							org.NewPasswordComplexityPolicyAddedEvent(context.Background(),
+								&userAgg.Aggregate,
+								1,
+								false,
+								false,
+								false,
+								false,
+							),
+						),
+					),
 					expectFilter(
 						eventFromEventPusher(
 							instance.NewSecretGeneratorAddedEvent(
@@ -525,7 +455,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
 					expectPush(
 						[]*repository.Event{
 							eventFromEventPusher(
-								newAddHumanEvent("", false, "+41711234567"),
+								newAddHumanEvent("password", false, "+41711234567"),
 							),
 							eventFromEventPusher(
 								user.NewHumanEmailVerifiedEvent(
@@ -547,8 +477,9 @@ func TestCommandSide_AddHuman(t *testing.T) {
 						uniqueConstraintsFromEventConstraint(user.NewAddUsernameUniqueConstraint("username", "org1", true)),
 					),
 				),
-				idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"),
-				codeAlg:     crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
+				idGenerator:     id_mock.NewIDGeneratorExpectIDs(t, "user1"),
+				userPasswordAlg: crypto.CreateMockHashAlg(gomock.NewController(t)),
+				codeAlg:         crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
 			},
 			args: args{
 				ctx:   context.Background(),
@@ -557,6 +488,7 @@ func TestCommandSide_AddHuman(t *testing.T) {
 					Username:  "username",
 					FirstName: "firstname",
 					LastName:  "lastname",
+					Password:  "password",
 					Email: Email{
 						Address:  "email@test.ch",
 						Verified: true,
@@ -607,21 +539,6 @@ func TestCommandSide_AddHuman(t *testing.T) {
 							),
 						),
 					),
-					expectFilter(
-						eventFromEventPusher(
-							instance.NewSecretGeneratorAddedEvent(
-								context.Background(),
-								&instanceAgg.Aggregate,
-								domain.SecretGeneratorTypeVerifyEmailCode,
-								0,
-								1*time.Hour,
-								true,
-								true,
-								true,
-								true,
-							),
-						),
-					),
 					expectPush(
 						[]*repository.Event{
 							eventFromEventPusher(
@@ -640,19 +557,6 @@ func TestCommandSide_AddHuman(t *testing.T) {
 									1*time.Hour,
 								),
 							),
-							eventFromEventPusher(
-								user.NewHumanEmailCodeAddedEvent(
-									context.Background(),
-									&userAgg.Aggregate,
-									&crypto.CryptoValue{
-										CryptoType: crypto.TypeEncryption,
-										Algorithm:  "enc",
-										KeyID:      "id",
-										Crypted:    []byte(""),
-									},
-									1*time.Hour,
-								),
-							),
 							eventFromEventPusher(
 								user.NewHumanPhoneVerifiedEvent(
 									context.Background(),
@@ -2980,10 +2884,11 @@ func TestAddHumanCommand(t *testing.T) {
 					PreferredLanguage: language.English,
 					FirstName:         "gigi",
 					LastName:          "giraffe",
-					Password:          "",
+					Password:          "password",
 					Username:          "username",
 				},
 				passwordAlg: crypto.CreateMockHashAlg(gomock.NewController(t)),
+				codeAlg:     crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
 				filter: NewMultiFilter().Append(
 					func(ctx context.Context, queryFactory *eventstore.SearchQueryBuilder) ([]eventstore.Event, error) {
 						return []eventstore.Event{
@@ -3014,19 +2919,28 @@ func TestAddHumanCommand(t *testing.T) {
 			},
 			want: Want{
 				Commands: []eventstore.Command{
-					user.NewHumanAddedEvent(
-						context.Background(),
-						&agg.Aggregate,
-						"username",
-						"gigi",
-						"giraffe",
-						"",
-						"gigi giraffe",
-						language.English,
-						0,
-						"support@zitadel.ch",
-						true,
-					),
+					func() *user.HumanAddedEvent {
+						event := user.NewHumanAddedEvent(
+							context.Background(),
+							&agg.Aggregate,
+							"username",
+							"gigi",
+							"giraffe",
+							"",
+							"gigi giraffe",
+							language.English,
+							0,
+							"support@zitadel.ch",
+							true,
+						)
+						event.AddPasswordData(&crypto.CryptoValue{
+							CryptoType: crypto.TypeHash,
+							Algorithm:  "hash",
+							KeyID:      "",
+							Crypted:    []byte("password"),
+						}, false)
+						return event
+					}(),
 					user.NewHumanEmailVerifiedEvent(context.Background(), &agg.Aggregate),
 				},
 			},