fix: dont (re)generate client secret with auth type none (#564)

2025-11-15 09:05:26 +00:00 · 2020-08-07 13:49:57 +02:00
parent 7015b226ef
commit 64f0b191b5
7 changed files with 116 additions and 65 deletions
--- a/internal/project/repository/eventsourcing/eventstore_test.go
+++ b/internal/project/repository/eventsourcing/eventstore_test.go
@@ -5,11 +5,12 @@ import (
 	"encoding/json"
 	"testing"

+	"github.com/golang/mock/gomock"
+
 	"github.com/caos/zitadel/internal/api/authz"
 	caos_errs "github.com/caos/zitadel/internal/errors"
 	es_models "github.com/caos/zitadel/internal/eventstore/models"
 	"github.com/caos/zitadel/internal/project/model"
-	"github.com/golang/mock/gomock"
 )

 func TestProjectByID(t *testing.T) {
@@ -1111,7 +1112,6 @@ func TestAddApplication(t *testing.T) {
 	}
 	type res struct {
 		result  *model.Application
-		wantErr bool
 		errFunc func(err error) bool
 	}
 	tests := []struct {
@@ -1143,6 +1143,32 @@ func TestAddApplication(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "add app (none), ok",
+			args: args{
+				es:  GetMockManipulateProjectWithPw(ctrl),
+				ctx: authz.NewMockContext("orgID", "userID"),
+				app: &model.Application{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
+					AppID: "AppID",
+					Name:  "Name",
+					OIDCConfig: &model.OIDCConfig{
+						ResponseTypes:  []model.OIDCResponseType{model.OIDCResponseTypeCode},
+						GrantTypes:     []model.OIDCGrantType{model.OIDCGrantTypeAuthorizationCode},
+						AuthMethodType: model.OIDCAuthMethodTypeNone,
+					},
+				},
+			},
+			res: res{
+				result: &model.Application{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
+					Name: "Name",
+					OIDCConfig: &model.OIDCConfig{
+						ResponseTypes:  []model.OIDCResponseType{model.OIDCResponseTypeCode},
+						GrantTypes:     []model.OIDCGrantType{model.OIDCGrantTypeAuthorizationCode},
+						AuthMethodType: model.OIDCAuthMethodTypeNone,
+					},
+				},
+			},
+		},
 		{
 			name: "invalid app",
 			args: args{
@@ -1151,7 +1177,6 @@ func TestAddApplication(t *testing.T) {
 				app: &model.Application{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}},
 			},
 			res: res{
-				wantErr: true,
 				errFunc: caos_errs.IsPreconditionFailed,
 			},
 		},
@@ -1170,7 +1195,6 @@ func TestAddApplication(t *testing.T) {
 				},
 			},
 			res: res{
-				wantErr: true,
 				errFunc: caos_errs.IsNotFound,
 			},
 		},
@@ -1178,22 +1202,24 @@ func TestAddApplication(t *testing.T) {
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
 			result, err := tt.args.es.AddApplication(tt.args.ctx, tt.args.app)
-
-			if !tt.res.wantErr && result.AppID == "" {
+			if tt.res.errFunc == nil && err != nil {
+				t.Errorf("no error expected got:%T %v", err, err)
+			}
+			if tt.res.errFunc != nil && !tt.res.errFunc(err) {
+				t.Errorf("wrong error got %T: %v", err, err)
+			}
+			if tt.res.result != nil && result.AppID == "" {
 				t.Errorf("result has no id")
 			}
-			if !tt.res.wantErr && result.OIDCConfig == nil && result.OIDCConfig.ClientSecretString == "" {
+			if tt.res.result != nil && (tt.res.result.OIDCConfig.AuthMethodType != model.OIDCAuthMethodTypeNone && result.OIDCConfig.ClientSecretString == "") {
 				t.Errorf("result has no client secret")
 			}
-			if !tt.res.wantErr && result.OIDCConfig == nil && result.OIDCConfig.ClientID == "" {
+			if tt.res.result != nil && result.OIDCConfig.ClientID == "" {
 				t.Errorf("result has no clientid")
 			}
-			if !tt.res.wantErr && result.Name != tt.res.result.Name {
+			if tt.res.result != nil && tt.res.result.Name != result.Name {
 				t.Errorf("got wrong result key: expected: %v, actual: %v ", tt.res.result.Name, result.Name)
 			}
-			if tt.res.wantErr && !tt.res.errFunc(err) {
-				t.Errorf("got wrong err: %v ", err)
-			}
 		})
 	}
 }
@@ -1218,7 +1244,7 @@ func TestChangeApp(t *testing.T) {
 		{
 			name: "change app, ok",
 			args: args{
-				es:  GetMockManipulateProjectWithOIDCApp(ctrl),
+				es:  GetMockManipulateProjectWithOIDCApp(ctrl, model.OIDCAuthMethodTypeBasic),
 				ctx: authz.NewMockContext("orgID", "userID"),
 				app: &model.Application{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
 					AppID: "AppID",
@@ -1328,7 +1354,7 @@ func TestRemoveApp(t *testing.T) {
 		{
 			name: "remove app, ok",
 			args: args{
-				es:  GetMockManipulateProjectWithOIDCApp(ctrl),
+				es:  GetMockManipulateProjectWithOIDCApp(ctrl, model.OIDCAuthMethodTypeBasic),
 				ctx: authz.NewMockContext("orgID", "userID"),
 				app: &model.Application{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
 					AppID: "AppID",
@@ -1410,7 +1436,7 @@ func TestDeactivateApp(t *testing.T) {
 		{
 			name: "deactivate, ok",
 			args: args{
-				es:  GetMockManipulateProjectWithOIDCApp(ctrl),
+				es:  GetMockManipulateProjectWithOIDCApp(ctrl, model.OIDCAuthMethodTypeBasic),
 				ctx: authz.NewMockContext("orgID", "userID"),
 				app: &model.Application{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
 					AppID: "AppID",
@@ -1520,7 +1546,7 @@ func TestReactivateApp(t *testing.T) {
 		{
 			name: "reactivate, ok",
 			args: args{
-				es:  GetMockManipulateProjectWithOIDCApp(ctrl),
+				es:  GetMockManipulateProjectWithOIDCApp(ctrl, model.OIDCAuthMethodTypeBasic),
 				ctx: authz.NewMockContext("orgID", "userID"),
 				app: &model.Application{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
 					AppID: "AppID",
@@ -1630,7 +1656,7 @@ func TestChangeOIDCConfig(t *testing.T) {
 		{
 			name: "change oidc config, ok",
 			args: args{
-				es:  GetMockManipulateProjectWithOIDCApp(ctrl),
+				es:  GetMockManipulateProjectWithOIDCApp(ctrl, model.OIDCAuthMethodTypeBasic),
 				ctx: authz.NewMockContext("orgID", "userID"),
 				config: &model.OIDCConfig{
 					ObjectRoot:    es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
@@ -1756,7 +1782,7 @@ func TestChangeOIDCConfigSecret(t *testing.T) {
 		{
 			name: "change oidc config secret, ok",
 			args: args{
-				es:  GetMockManipulateProjectWithOIDCApp(ctrl),
+				es:  GetMockManipulateProjectWithOIDCApp(ctrl, model.OIDCAuthMethodTypeBasic),
 				ctx: authz.NewMockContext("orgID", "userID"),
 				config: &model.OIDCConfig{
 					ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
@@ -1765,13 +1791,29 @@ func TestChangeOIDCConfigSecret(t *testing.T) {
 			},
 			res: res{
 				result: &model.OIDCConfig{
-					ObjectRoot:    es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
-					AppID:         "AppID",
-					ResponseTypes: []model.OIDCResponseType{model.OIDCResponseTypeIDToken},
-					GrantTypes:    []model.OIDCGrantType{model.OIDCGrantTypeImplicit},
+					ObjectRoot:     es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
+					AppID:          "AppID",
+					ResponseTypes:  []model.OIDCResponseType{model.OIDCResponseTypeCode},
+					GrantTypes:     []model.OIDCGrantType{model.OIDCGrantTypeAuthorizationCode},
+					AuthMethodType: model.OIDCAuthMethodTypeBasic,
 				},
 			},
 		},
+		{
+			name: "auth method none, error",
+			args: args{
+				es:  GetMockManipulateProjectWithOIDCApp(ctrl, model.OIDCAuthMethodTypeNone),
+				ctx: authz.NewMockContext("orgID", "userID"),
+				config: &model.OIDCConfig{
+					ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
+					AppID:      "AppID",
+				},
+			},
+			res: res{
+				wantErr: true,
+				errFunc: caos_errs.IsPreconditionFailed,
+			},
+		},
 		{
 			name: "no appID",
 			args: args{
@@ -1844,7 +1886,7 @@ func TestChangeOIDCConfigSecret(t *testing.T) {
 				t.Errorf("got wrong result AppID: expected: %v, actual: %v ", tt.res.result.AppID, result.AppID)
 			}
 			if !tt.res.wantErr && result.ClientSecretString == "" {
-				t.Errorf("got wrong result should habe client secret")
+				t.Errorf("got wrong result must have client secret")
 			}
 			if tt.res.wantErr && !tt.res.errFunc(err) {
 				t.Errorf("got wrong err: %v ", err)