feat: user v3 api update (#8582)

# Which Problems Are Solved Users are not yet able to update their information an status in user API v3. # How the Problems Are Solved Add endpoints and functionality to update users and their status in user API v3. # Additional Changes Aggregate_type and event_types are updated with "userschema" to avoid conflicts with old events. # Additional Context closes #7898
2025-08-12 03:57:32 +00:00 · 2024-09-17 10:27:48 +02:00
parent c297a62c4f
commit 5fdad7b8f4
20 changed files with 4265 additions and 412 deletions
--- a/internal/api/grpc/resources/user/v3alpha/integration_test/server_test.go
+++ b/internal/api/grpc/resources/user/v3alpha/integration_test/server_test.go
@@ -14,50 +14,41 @@ import (

 	"github.com/zitadel/zitadel/internal/integration"
 	"github.com/zitadel/zitadel/pkg/grpc/feature/v2"
-	user "github.com/zitadel/zitadel/pkg/grpc/resources/user/v3alpha"
 )

 var (
-	IAMOwnerCTX, SystemCTX context.Context
-	UserCTX                context.Context
-	Instance               *integration.Instance
-	Client                 user.ZITADELUsersClient
+	CTX context.Context
 )

 func TestMain(m *testing.M) {
 	os.Exit(func() int {
 		ctx, cancel := context.WithTimeout(context.Background(), 15*time.Minute)
 		defer cancel()
-
-		Instance = integration.NewInstance(ctx)
-
-		IAMOwnerCTX = Instance.WithAuthorization(ctx, integration.UserTypeIAMOwner)
-		SystemCTX = integration.WithSystemAuthorization(ctx)
-		UserCTX = Instance.WithAuthorization(ctx, integration.UserTypeLogin)
-		Client = Instance.Client.UserV3Alpha
+		CTX = ctx
 		return m.Run()
 	}())
 }

-func ensureFeatureEnabled(t *testing.T, iamOwnerCTX context.Context) {
-	f, err := Instance.Client.FeatureV2.GetInstanceFeatures(iamOwnerCTX, &feature.GetInstanceFeaturesRequest{
+func ensureFeatureEnabled(t *testing.T, instance *integration.Instance) {
+	ctx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
+	f, err := instance.Client.FeatureV2.GetInstanceFeatures(ctx, &feature.GetInstanceFeaturesRequest{
 		Inheritance: true,
 	})
 	require.NoError(t, err)
 	if f.UserSchema.GetEnabled() {
 		return
 	}
-	_, err = Instance.Client.FeatureV2.SetInstanceFeatures(iamOwnerCTX, &feature.SetInstanceFeaturesRequest{
+	_, err = instance.Client.FeatureV2.SetInstanceFeatures(ctx, &feature.SetInstanceFeaturesRequest{
 		UserSchema: gu.Ptr(true),
 	})
 	require.NoError(t, err)
 	retryDuration := time.Minute
-	if ctxDeadline, ok := iamOwnerCTX.Deadline(); ok {
+	if ctxDeadline, ok := ctx.Deadline(); ok {
 		retryDuration = time.Until(ctxDeadline)
 	}
 	require.EventuallyWithT(t,
 		func(ttt *assert.CollectT) {
-			f, err := Instance.Client.FeatureV2.GetInstanceFeatures(iamOwnerCTX, &feature.GetInstanceFeaturesRequest{
+			f, err := instance.Client.FeatureV2.GetInstanceFeatures(ctx, &feature.GetInstanceFeaturesRequest{
 				Inheritance: true,
 			})
 			require.NoError(ttt, err)
--- a/internal/api/grpc/resources/user/v3alpha/integration_test/user_test.go
+++ b/internal/api/grpc/resources/user/v3alpha/integration_test/user_test.go
--- a/internal/api/grpc/resources/user/v3alpha/user.go
+++ b/internal/api/grpc/resources/user/v3alpha/user.go
@@ -8,6 +8,7 @@ import (
 	"github.com/zitadel/zitadel/internal/api/authz"
 	resource_object "github.com/zitadel/zitadel/internal/api/grpc/resources/object/v3alpha"
 	"github.com/zitadel/zitadel/internal/command"
+	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/zerrors"
 	object "github.com/zitadel/zitadel/pkg/grpc/object/v3alpha"
 	"github.com/zitadel/zitadel/pkg/grpc/resources/user/v3alpha"
@@ -26,7 +27,7 @@ func (s *Server) CreateUser(ctx context.Context, req *user.CreateUserRequest) (_
 		return nil, err
 	}
 	return &user.CreateUserResponse{
-		Details:   resource_object.DomainToDetailsPb(schemauser.Details, object.OwnerType_OWNER_TYPE_ORG, schemauser.ResourceOwner),
+		Details:   resource_object.DomainToDetailsPb(schemauser.Details, object.OwnerType_OWNER_TYPE_ORG, schemauser.Details.ResourceOwner),
 		EmailCode: gu.Ptr(schemauser.ReturnCodeEmail),
 		PhoneCode: gu.Ptr(schemauser.ReturnCodePhone),
 	}, nil
@@ -37,19 +38,35 @@ func createUserRequestToCreateSchemaUser(ctx context.Context, req *user.CreateUs
 	if err != nil {
 		return nil, err
 	}
+
 	return &command.CreateSchemaUser{
-		ResourceOwner: authz.GetCtxData(ctx).OrgID,
+		ResourceOwner: organizationToCreateResourceOwner(ctx, req.Organization),
 		SchemaID:      req.GetUser().GetSchemaId(),
 		ID:            req.GetUser().GetUserId(),
 		Data:          data,
 	}, nil
 }

+func organizationToCreateResourceOwner(ctx context.Context, org *object.Organization) string {
+	resourceOwner := authz.GetCtxData(ctx).OrgID
+	if resourceOwnerReq := resource_object.ResourceOwnerFromOrganization(org); resourceOwnerReq != "" {
+		return resourceOwnerReq
+	}
+	return resourceOwner
+}
+
+func organizationToUpdateResourceOwner(org *object.Organization) string {
+	if resourceOwnerReq := resource_object.ResourceOwnerFromOrganization(org); resourceOwnerReq != "" {
+		return resourceOwnerReq
+	}
+	return ""
+}
+
 func (s *Server) DeleteUser(ctx context.Context, req *user.DeleteUserRequest) (_ *user.DeleteUserResponse, err error) {
 	if err := checkUserSchemaEnabled(ctx); err != nil {
 		return nil, err
 	}
-	details, err := s.command.DeleteSchemaUser(ctx, req.GetUserId())
+	details, err := s.command.DeleteSchemaUser(ctx, organizationToUpdateResourceOwner(req.Organization), req.GetId())
 	if err != nil {
 		return nil, err
 	}
@@ -64,3 +81,126 @@ func checkUserSchemaEnabled(ctx context.Context) error {
 	}
 	return zerrors.ThrowPreconditionFailed(nil, "TODO", "Errors.UserSchema.NotEnabled")
 }
+
+func (s *Server) PatchUser(ctx context.Context, req *user.PatchUserRequest) (_ *user.PatchUserResponse, err error) {
+	if err := checkUserSchemaEnabled(ctx); err != nil {
+		return nil, err
+	}
+	schemauser, err := patchUserRequestToChangeSchemaUser(req)
+	if err != nil {
+		return nil, err
+	}
+
+	if err := s.command.ChangeSchemaUser(ctx, schemauser, s.userCodeAlg); err != nil {
+		return nil, err
+	}
+	return &user.PatchUserResponse{
+		Details:   resource_object.DomainToDetailsPb(schemauser.Details, object.OwnerType_OWNER_TYPE_ORG, schemauser.Details.ResourceOwner),
+		EmailCode: gu.Ptr(schemauser.ReturnCodeEmail),
+		PhoneCode: gu.Ptr(schemauser.ReturnCodePhone),
+	}, nil
+}
+
+func patchUserRequestToChangeSchemaUser(req *user.PatchUserRequest) (_ *command.ChangeSchemaUser, err error) {
+	var data []byte
+	if req.GetUser().Data != nil {
+		data, err = req.GetUser().GetData().MarshalJSON()
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	var email *command.Email
+	var phone *command.Phone
+	if req.GetUser().GetContact() != nil {
+		if req.GetUser().GetContact().GetEmail() != nil {
+			email = &command.Email{
+				Address: domain.EmailAddress(req.GetUser().GetContact().Email.Address),
+			}
+			if req.GetUser().GetContact().Email.GetIsVerified() {
+				email.Verified = true
+			}
+			if req.GetUser().GetContact().Email.GetReturnCode() != nil {
+				email.ReturnCode = true
+			}
+			if req.GetUser().GetContact().Email.GetSendCode() != nil {
+				email.URLTemplate = req.GetUser().GetContact().Email.GetSendCode().GetUrlTemplate()
+			}
+		}
+		if req.GetUser().GetContact().Phone != nil {
+			phone = &command.Phone{
+				Number: domain.PhoneNumber(req.GetUser().GetContact().Phone.Number),
+			}
+			if req.GetUser().GetContact().Phone.GetIsVerified() {
+				phone.Verified = true
+			}
+			if req.GetUser().GetContact().Phone.GetReturnCode() != nil {
+				phone.ReturnCode = true
+			}
+		}
+	}
+	return &command.ChangeSchemaUser{
+		ResourceOwner: organizationToUpdateResourceOwner(req.Organization),
+		ID:            req.GetId(),
+		SchemaID:      req.GetUser().SchemaId,
+		Data:          data,
+		Email:         email,
+		Phone:         phone,
+	}, nil
+}
+
+func (s *Server) DeactivateUser(ctx context.Context, req *user.DeactivateUserRequest) (_ *user.DeactivateUserResponse, err error) {
+	if err := checkUserSchemaEnabled(ctx); err != nil {
+		return nil, err
+	}
+
+	details, err := s.command.DeactivateSchemaUser(ctx, organizationToUpdateResourceOwner(req.Organization), req.GetId())
+	if err != nil {
+		return nil, err
+	}
+	return &user.DeactivateUserResponse{
+		Details: resource_object.DomainToDetailsPb(details, object.OwnerType_OWNER_TYPE_ORG, details.ResourceOwner),
+	}, nil
+}
+
+func (s *Server) ActivateUser(ctx context.Context, req *user.ActivateUserRequest) (_ *user.ActivateUserResponse, err error) {
+	if err := checkUserSchemaEnabled(ctx); err != nil {
+		return nil, err
+	}
+
+	details, err := s.command.ActivateSchemaUser(ctx, organizationToUpdateResourceOwner(req.Organization), req.GetId())
+	if err != nil {
+		return nil, err
+	}
+	return &user.ActivateUserResponse{
+		Details: resource_object.DomainToDetailsPb(details, object.OwnerType_OWNER_TYPE_ORG, details.ResourceOwner),
+	}, nil
+}
+
+func (s *Server) LockUser(ctx context.Context, req *user.LockUserRequest) (_ *user.LockUserResponse, err error) {
+	if err := checkUserSchemaEnabled(ctx); err != nil {
+		return nil, err
+	}
+
+	details, err := s.command.LockSchemaUser(ctx, organizationToUpdateResourceOwner(req.Organization), req.GetId())
+	if err != nil {
+		return nil, err
+	}
+	return &user.LockUserResponse{
+		Details: resource_object.DomainToDetailsPb(details, object.OwnerType_OWNER_TYPE_ORG, details.ResourceOwner),
+	}, nil
+}
+
+func (s *Server) UnlockUser(ctx context.Context, req *user.UnlockUserRequest) (_ *user.UnlockUserResponse, err error) {
+	if err := checkUserSchemaEnabled(ctx); err != nil {
+		return nil, err
+	}
+
+	details, err := s.command.UnlockSchemaUser(ctx, organizationToUpdateResourceOwner(req.Organization), req.GetId())
+	if err != nil {
+		return nil, err
+	}
+	return &user.UnlockUserResponse{
+		Details: resource_object.DomainToDetailsPb(details, object.OwnerType_OWNER_TYPE_ORG, details.ResourceOwner),
+	}, nil
+}