From 65b17a83fbeb9159b2a566364cda6aec3b5595b2 Mon Sep 17 00:00:00 2001
From: Livio Amstutz <livio.a@gmail.com>
Date: Tue, 7 Jul 2020 08:14:44 +0200
Subject: [PATCH] feat(login): default to user selection, take login_hint into
 account (#350)

* feat(login): default to user selection instead of login, take login_hint into account

* fix: proper error message when user (and other objects) not found (#337)

* fix: proper error message when user not found by loginname

* add more not found and fix some typos

* feat: usergrant (#348)

* fix: add needed permissions

* feat: search project/projectgrant user grants

* fix: no zitadel permissions

* fix: queries length

* feat: add get my password policy (#346)

* feat: add get my password policy

* fix: failed merges

* chore(deps): bump contrib.go.opencensus.io/exporter/stackdriver (#343)

Bumps [contrib.go.opencensus.io/exporter/stackdriver](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver) from 0.13.1 to 0.13.2.
- [Release notes](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver/releases)
- [Commits](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver/compare/v0.13.1...v0.13.2)

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* feat: remove phone (#349)

* feat: remove phone number

* feat: remove phone number tests

* feat: remove phone number tests

* fix: regenerate protos

* fix(console): distinct user grant searches and creates, project grant member edit, import cleanup (#342)

* project grant member edit

* project grant member dialog, import cleanup

* readd project roles

* user login-methods cleanup

* fix sw config, user grant context

* delete user grants, context for creation, search

* contributor box shadow

* password to detail view

* user detail notification

* lint

Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Max Peintner <max@caos.ch>
---
 .../eventsourcing/eventstore/auth_request.go  | 22 ++++++++--
 .../eventstore/auth_request_test.go           | 42 +++++++++++++++++--
 2 files changed, 56 insertions(+), 8 deletions(-)

diff --git a/internal/auth/repository/eventsourcing/eventstore/auth_request.go b/internal/auth/repository/eventsourcing/eventstore/auth_request.go
index d520ca8580..f1ee22d562 100644
--- a/internal/auth/repository/eventsourcing/eventstore/auth_request.go
+++ b/internal/auth/repository/eventsourcing/eventstore/auth_request.go
@@ -72,6 +72,10 @@ func (repo *AuthRequestRepo) CreateAuthRequest(ctx context.Context, request *mod
 		return nil, err
 	}
 	request.Audience = ids
+	if request.LoginHint != "" {
+		err = repo.checkLoginName(request, request.LoginHint)
+		logging.LogWithFields("EVENT-aG311", "login name", request.LoginHint, "id", request.ID, "applicationID", request.ApplicationID).Debug("login hint invalid")
+	}
 	err = repo.AuthRequests.SaveAuthRequest(ctx, request)
 	if err != nil {
 		return nil, err
@@ -118,11 +122,10 @@ func (repo *AuthRequestRepo) CheckLoginName(ctx context.Context, id, loginName s
 	if err != nil {
 		return err
 	}
-	user, err := repo.View.UserByLoginName(loginName)
+	err = repo.checkLoginName(request, loginName)
 	if err != nil {
 		return err
 	}
-	request.SetUserInfo(user.ID, loginName, user.ResourceOwner)
 	return repo.AuthRequests.UpdateAuthRequest(ctx, request)
 }
 
@@ -174,6 +177,15 @@ func (repo *AuthRequestRepo) getAuthRequest(ctx context.Context, id string, chec
 	return request, nil
 }
 
+func (repo *AuthRequestRepo) checkLoginName(request *model.AuthRequest, loginName string) error {
+	user, err := repo.View.UserByLoginName(loginName)
+	if err != nil {
+		return err
+	}
+	request.SetUserInfo(user.ID, loginName, user.ResourceOwner)
+	return nil
+}
+
 func (repo *AuthRequestRepo) nextSteps(ctx context.Context, request *model.AuthRequest, checkLoggedIn bool) ([]model.NextStep, error) {
 	if request == nil {
 		return nil, errors.ThrowInvalidArgument(nil, "EVENT-ds27a", "Errors.Internal")
@@ -184,12 +196,14 @@ func (repo *AuthRequestRepo) nextSteps(ctx context.Context, request *model.AuthR
 	}
 	if request.UserID == "" {
 		steps = append(steps, &model.LoginStep{})
-		if request.Prompt == model.PromptSelectAccount {
+		if request.Prompt == model.PromptSelectAccount || request.Prompt == model.PromptUnspecified {
 			users, err := repo.usersForUserSelection(request)
 			if err != nil {
 				return nil, err
 			}
-			steps = append(steps, &model.SelectUserStep{Users: users})
+			if len(users) > 0 || request.Prompt == model.PromptSelectAccount {
+				steps = append(steps, &model.SelectUserStep{Users: users})
+			}
 		}
 		return steps, nil
 	}
diff --git a/internal/auth/repository/eventsourcing/eventstore/auth_request_test.go b/internal/auth/repository/eventsourcing/eventstore/auth_request_test.go
index 45ee40a5c7..308f4f8bd5 100644
--- a/internal/auth/repository/eventsourcing/eventstore/auth_request_test.go
+++ b/internal/auth/repository/eventsourcing/eventstore/auth_request_test.go
@@ -28,7 +28,7 @@ func (m *mockViewNoUserSession) UserSessionByIDs(string, string) (*user_view_mod
 }
 
 func (m *mockViewNoUserSession) UserSessionsByAgentID(string) ([]*user_view_model.UserSessionView, error) {
-	return nil, errors.ThrowInternal(nil, "id", "internal error")
+	return nil, nil
 }
 
 type mockViewErrUserSession struct{}
@@ -173,8 +173,10 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 			nil,
 		},
 		{
-			"user not set, login step",
-			fields{},
+			"user not set no active session, login step",
+			fields{
+				userSessionViewProvider: &mockViewNoUserSession{},
+			},
 			args{&model.AuthRequest{}, false},
 			[]model.NextStep{&model.LoginStep{}},
 			nil,
@@ -182,7 +184,7 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 		{
 			"user not set, prompt select account and internal error, internal error",
 			fields{
-				userSessionViewProvider: &mockViewNoUserSession{},
+				userSessionViewProvider: &mockViewErrUserSession{},
 			},
 			args{&model.AuthRequest{Prompt: model.PromptSelectAccount}, false},
 			nil,
@@ -222,6 +224,22 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				}},
 			nil,
 		},
+		{
+			"user not set, prompt select account, no active session, login and select account steps",
+			fields{
+				userSessionViewProvider: &mockViewUserSession{
+					Users: nil,
+				},
+				userEventProvider: &mockEventUser{},
+			},
+			args{&model.AuthRequest{Prompt: model.PromptSelectAccount}, false},
+			[]model.NextStep{
+				&model.LoginStep{},
+				&model.SelectUserStep{
+					Users: []model.UserSelection{},
+				}},
+			nil,
+		},
 		{
 			"user not found, not found error",
 			fields{
@@ -248,6 +266,22 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 			nil,
 			errors.IsPreconditionFailed,
 		},
+		{
+			"user locked, precondition failed error",
+			fields{
+				userViewProvider: &mockViewUser{},
+				userEventProvider: &mockEventUser{
+					&es_models.Event{
+						AggregateType: user_es_model.UserAggregate,
+						Type:          user_es_model.UserLocked,
+					},
+				},
+				orgViewProvider: &mockViewOrg{State: org_model.OrgStateActive},
+			},
+			args{&model.AuthRequest{UserID: "UserID"}, false},
+			nil,
+			errors.IsPreconditionFailed,
+		},
 		{
 			"org error, internal error",
 			fields{