From 5901991dd318b1562fc5f89d57d4f8eb602fb1d5 Mon Sep 17 00:00:00 2001 From: Livio Amstutz Date: Wed, 18 May 2022 14:10:49 +0200 Subject: [PATCH] fix: asset service (CORS and path in console) and user init (#3655) * fix: asset service (CORS and path in console) and user init * fix tests * improve comment --- .../apps/app-detail/app-detail.component.ts | 6 +- console/src/app/services/asset.service.ts | 4 +- internal/api/assets/asset.go | 2 +- internal/command/user_human.go | 32 ++-- internal/command/user_human_test.go | 170 +++++------------- 5 files changed, 66 insertions(+), 148 deletions(-) diff --git a/console/src/app/pages/projects/apps/app-detail/app-detail.component.ts b/console/src/app/pages/projects/apps/app-detail/app-detail.component.ts index f0c548e012..07d2c21b83 100644 --- a/console/src/app/pages/projects/apps/app-detail/app-detail.component.ts +++ b/console/src/app/pages/projects/apps/app-detail/app-detail.component.ts @@ -164,9 +164,9 @@ export class AppDetailComponent implements OnInit, OnDestroy { this.http.get('./assets/environment.json').subscribe((env: any) => { this.environmentMap = { issuer: env.issuer, - adminServiceUrl: env.adminServiceUrl, - mgmtServiceUrl: env.mgmtServiceUrl, - authServiceUrl: env.adminServiceUrl, + adminServiceUrl: env.api, + mgmtServiceUrl: env.api, + authServiceUrl: env.api, }; }); } diff --git a/console/src/app/services/asset.service.ts b/console/src/app/services/asset.service.ts index e371d7fb42..2fd59ed4d8 100644 --- a/console/src/app/services/asset.service.ts +++ b/console/src/app/services/asset.service.ts @@ -84,8 +84,8 @@ export class AssetService { .get('./assets/environment.json') .toPromise() .then((data: any) => { - if (data && data.assetServiceUrl) { - return data.assetServiceUrl; + if (data && data.api) { + return data.api; } }) .catch((error) => { diff --git a/internal/api/assets/asset.go b/internal/api/assets/asset.go index e559eed585..95392e5195 100644 --- a/internal/api/assets/asset.go +++ b/internal/api/assets/asset.go @@ -83,7 +83,7 @@ func NewHandler(commands *command.Commands, verifier *authz.TokenVerifier, authC verifier.RegisterServer("Assets-API", "assets", AssetsService_AuthMethods) router := mux.NewRouter() - router.Use(sentryhttp.New(sentryhttp.Options{}).Handle, instanceInterceptor) + router.Use(sentryhttp.New(sentryhttp.Options{}).Handle, http_mw.CORSInterceptor, instanceInterceptor) RegisterRoutes(router, h) router.PathPrefix("/{owner}").Methods("GET").HandlerFunc(DownloadHandleFunc(h, h.GetFile())) return router diff --git a/internal/command/user_human.go b/internal/command/user_human.go index 20a2d11aa9..dfed12d4e6 100644 --- a/internal/command/user_human.go +++ b/internal/command/user_human.go @@ -179,16 +179,16 @@ func AddHumanCommand(a *user.Aggregate, human *AddHuman, passwordAlg crypto.Hash return nil, err } cmds = append(cmds, user.NewHumanInitialCodeAddedEvent(ctx, &a.Aggregate, value, expiry)) - } - - if human.Email.Verified { - cmds = append(cmds, user.NewHumanEmailVerifiedEvent(ctx, &a.Aggregate)) } else { - value, expiry, err := newEmailCode(ctx, filter, codeAlg) - if err != nil { - return nil, err + if human.Email.Verified { + cmds = append(cmds, user.NewHumanEmailVerifiedEvent(ctx, &a.Aggregate)) + } else { + value, expiry, err := newEmailCode(ctx, filter, codeAlg) + if err != nil { + return nil, err + } + cmds = append(cmds, user.NewHumanEmailCodeAddedEvent(ctx, &a.Aggregate, value, expiry)) } - cmds = append(cmds, user.NewHumanEmailCodeAddedEvent(ctx, &a.Aggregate, value, expiry)) } if human.Phone.Verified { @@ -249,13 +249,17 @@ func (h *AddHuman) ensureDisplayName() { h.DisplayName = h.FirstName + " " + h.LastName } +//shouldAddInitCode returns true for all added Humans which: +// - were not added from an external IDP +// - and either: +// - have no verified email +// and / or +// - have no authentication method (password / passwordless) func (h *AddHuman) shouldAddInitCode() bool { - //user without idp - return !h.Email.Verified || - //user with idp - !h.ExternalIDP && - !h.Passwordless && - h.Password != "" + return !h.ExternalIDP && + !h.Email.Verified || + !h.Passwordless && + h.Password == "" } func (c *Commands) ImportHuman(ctx context.Context, orgID string, human *domain.Human, passwordless bool, initCodeGenerator crypto.Generator, phoneCodeGenerator crypto.Generator, passwordlessCodeGenerator crypto.Generator) (_ *domain.Human, passwordlessCode *domain.PasswordlessInitCode, err error) { diff --git a/internal/command/user_human_test.go b/internal/command/user_human_test.go index e3fe001947..f4132cb51f 100644 --- a/internal/command/user_human_test.go +++ b/internal/command/user_human_test.go @@ -189,21 +189,6 @@ func TestCommandSide_AddHuman(t *testing.T) { ), ), ), - expectFilter( - eventFromEventPusher( - instance.NewSecretGeneratorAddedEvent( - context.Background(), - &instanceAgg.Aggregate, - domain.SecretGeneratorTypeVerifyEmailCode, - 0, - 1*time.Hour, - true, - true, - true, - true, - ), - ), - ), expectPush( []*repository.Event{ eventFromEventPusher( @@ -232,18 +217,6 @@ func TestCommandSide_AddHuman(t *testing.T) { time.Hour*1, ), ), - eventFromEventPusher( - user.NewHumanEmailCodeAddedEvent(context.Background(), - &userAgg.Aggregate, - &crypto.CryptoValue{ - CryptoType: crypto.TypeEncryption, - Algorithm: "enc", - KeyID: "id", - Crypted: []byte(""), - }, - time.Hour*1, - ), - ), }, uniqueConstraintsFromEventConstraint(user.NewAddUsernameUniqueConstraint("username", "org1", true)), ), @@ -303,20 +276,6 @@ func TestCommandSide_AddHuman(t *testing.T) { ), ), ), - expectFilter( - eventFromEventPusher( - user.NewHumanInitialCodeAddedEvent(context.Background(), - &userAgg.Aggregate, - &crypto.CryptoValue{ - CryptoType: crypto.TypeEncryption, - Algorithm: "enc", - KeyID: "id", - Crypted: []byte(""), - }, - time.Hour*1, - ), - ), - ), expectFilter( eventFromEventPusher( instance.NewSecretGeneratorAddedEvent( @@ -346,20 +305,7 @@ func TestCommandSide_AddHuman(t *testing.T) { KeyID: "id", Crypted: []byte(""), }, - 0, - ), - ), - eventFromEventPusher( - user.NewHumanEmailCodeAddedEvent( - context.Background(), - &userAgg.Aggregate, - &crypto.CryptoValue{ - CryptoType: crypto.TypeEncryption, - Algorithm: "enc", - KeyID: "id", - Crypted: []byte(""), - }, - 0, + 1*time.Hour, ), ), }, @@ -421,39 +367,11 @@ func TestCommandSide_AddHuman(t *testing.T) { ), ), ), - expectFilter( - eventFromEventPusher( - instance.NewSecretGeneratorAddedEvent( - context.Background(), - &instanceAgg.Aggregate, - domain.SecretGeneratorTypeInitCode, - 0, - 1*time.Hour, - true, - true, - true, - true, - ), - ), - ), expectPush( []*repository.Event{ eventFromEventPusher( newAddHumanEvent("password", true, ""), ), - eventFromEventPusher( - user.NewHumanInitialCodeAddedEvent( - context.Background(), - &userAgg.Aggregate, - &crypto.CryptoValue{ - CryptoType: crypto.TypeEncryption, - Algorithm: "enc", - KeyID: "id", - Crypted: []byte(""), - }, - 1*time.Hour, - ), - ), eventFromEventPusher( user.NewHumanEmailVerifiedEvent(context.Background(), &userAgg.Aggregate), @@ -507,6 +425,18 @@ func TestCommandSide_AddHuman(t *testing.T) { ), ), ), + expectFilter( + eventFromEventPusher( + org.NewPasswordComplexityPolicyAddedEvent(context.Background(), + &userAgg.Aggregate, + 1, + false, + false, + false, + false, + ), + ), + ), expectFilter( eventFromEventPusher( instance.NewSecretGeneratorAddedEvent( @@ -525,7 +455,7 @@ func TestCommandSide_AddHuman(t *testing.T) { expectPush( []*repository.Event{ eventFromEventPusher( - newAddHumanEvent("", false, "+41711234567"), + newAddHumanEvent("password", false, "+41711234567"), ), eventFromEventPusher( user.NewHumanEmailVerifiedEvent( @@ -547,8 +477,9 @@ func TestCommandSide_AddHuman(t *testing.T) { uniqueConstraintsFromEventConstraint(user.NewAddUsernameUniqueConstraint("username", "org1", true)), ), ), - idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), - codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), + idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "user1"), + userPasswordAlg: crypto.CreateMockHashAlg(gomock.NewController(t)), + codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), }, args: args{ ctx: context.Background(), @@ -557,6 +488,7 @@ func TestCommandSide_AddHuman(t *testing.T) { Username: "username", FirstName: "firstname", LastName: "lastname", + Password: "password", Email: Email{ Address: "email@test.ch", Verified: true, @@ -607,21 +539,6 @@ func TestCommandSide_AddHuman(t *testing.T) { ), ), ), - expectFilter( - eventFromEventPusher( - instance.NewSecretGeneratorAddedEvent( - context.Background(), - &instanceAgg.Aggregate, - domain.SecretGeneratorTypeVerifyEmailCode, - 0, - 1*time.Hour, - true, - true, - true, - true, - ), - ), - ), expectPush( []*repository.Event{ eventFromEventPusher( @@ -640,19 +557,6 @@ func TestCommandSide_AddHuman(t *testing.T) { 1*time.Hour, ), ), - eventFromEventPusher( - user.NewHumanEmailCodeAddedEvent( - context.Background(), - &userAgg.Aggregate, - &crypto.CryptoValue{ - CryptoType: crypto.TypeEncryption, - Algorithm: "enc", - KeyID: "id", - Crypted: []byte(""), - }, - 1*time.Hour, - ), - ), eventFromEventPusher( user.NewHumanPhoneVerifiedEvent( context.Background(), @@ -2980,10 +2884,11 @@ func TestAddHumanCommand(t *testing.T) { PreferredLanguage: language.English, FirstName: "gigi", LastName: "giraffe", - Password: "", + Password: "password", Username: "username", }, passwordAlg: crypto.CreateMockHashAlg(gomock.NewController(t)), + codeAlg: crypto.CreateMockEncryptionAlg(gomock.NewController(t)), filter: NewMultiFilter().Append( func(ctx context.Context, queryFactory *eventstore.SearchQueryBuilder) ([]eventstore.Event, error) { return []eventstore.Event{ @@ -3014,19 +2919,28 @@ func TestAddHumanCommand(t *testing.T) { }, want: Want{ Commands: []eventstore.Command{ - user.NewHumanAddedEvent( - context.Background(), - &agg.Aggregate, - "username", - "gigi", - "giraffe", - "", - "gigi giraffe", - language.English, - 0, - "support@zitadel.ch", - true, - ), + func() *user.HumanAddedEvent { + event := user.NewHumanAddedEvent( + context.Background(), + &agg.Aggregate, + "username", + "gigi", + "giraffe", + "", + "gigi giraffe", + language.English, + 0, + "support@zitadel.ch", + true, + ) + event.AddPasswordData(&crypto.CryptoValue{ + CryptoType: crypto.TypeHash, + Algorithm: "hash", + KeyID: "", + Crypted: []byte("password"), + }, false) + return event + }(), user.NewHumanEmailVerifiedEvent(context.Background(), &agg.Aggregate), }, },