fix: review changes

2025-12-07 03:52:10 +00:00 · 2024-10-01 17:21:44 +02:00
parent 3a5c51ab45
commit 693ddc4721
23 changed files with 242 additions and 144 deletions
--- a/internal/command/converter.go
+++ b/internal/command/converter.go
@@ -19,6 +19,5 @@ func pushedEventsToObjectDetails(events []eventstore.Event) *domain.ObjectDetail
 		Sequence:      events[len(events)-1].Sequence(),
 		EventDate:     events[len(events)-1].CreatedAt(),
 		ResourceOwner: events[len(events)-1].Aggregate().ResourceOwner,
-		ID:            events[len(events)-1].Aggregate().ID,
 	}
 }
--- a/internal/command/debug_events_test.go
+++ b/internal/command/debug_events_test.go
@@ -210,7 +210,6 @@ func TestCommands_CreateDebugEvents(t *testing.T) {
 			}},
 			want: &domain.ObjectDetails{
 				ResourceOwner: "instance1",
-				ID:            "dbg1",
 			},
 		},
 		{
@@ -244,7 +243,6 @@ func TestCommands_CreateDebugEvents(t *testing.T) {
 			}},
 			want: &domain.ObjectDetails{
 				ResourceOwner: "instance1",
-				ID:            "dbg1",
 			},
 		},
 		{
@@ -277,7 +275,6 @@ func TestCommands_CreateDebugEvents(t *testing.T) {
 			}},
 			want: &domain.ObjectDetails{
 				ResourceOwner: "instance1",
-				ID:            "dbg1",
 			},
 		},
 		{
@@ -327,7 +324,6 @@ func TestCommands_CreateDebugEvents(t *testing.T) {
 			}},
 			want: &domain.ObjectDetails{
 				ResourceOwner: "instance1",
-				ID:            "dbg1",
 			},
 		},
 	}
--- a/internal/command/instance_features_test.go
+++ b/internal/command/instance_features_test.go
@@ -64,7 +64,6 @@ func TestCommands_SetInstanceFeatures(t *testing.T) {
 			}},
 			want: &domain.ObjectDetails{
 				ResourceOwner: "instance1",
-				ID:            "instance1",
 			},
 		},
 		{
@@ -94,7 +93,6 @@ func TestCommands_SetInstanceFeatures(t *testing.T) {
 			}},
 			want: &domain.ObjectDetails{
 				ResourceOwner: "instance1",
-				ID:            "instance1",
 			},
 		},
 		{
@@ -113,7 +111,6 @@ func TestCommands_SetInstanceFeatures(t *testing.T) {
 			}},
 			want: &domain.ObjectDetails{
 				ResourceOwner: "instance1",
-				ID:            "instance1",
 			},
 		},
 		{
@@ -132,7 +129,6 @@ func TestCommands_SetInstanceFeatures(t *testing.T) {
 			}},
 			want: &domain.ObjectDetails{
 				ResourceOwner: "instance1",
-				ID:            "instance1",
 			},
 		},
 		{
@@ -151,7 +147,6 @@ func TestCommands_SetInstanceFeatures(t *testing.T) {
 			}},
 			want: &domain.ObjectDetails{
 				ResourceOwner: "instance1",
-				ID:            "instance1",
 			},
 		},
 		{
@@ -170,7 +165,6 @@ func TestCommands_SetInstanceFeatures(t *testing.T) {
 			}},
 			want: &domain.ObjectDetails{
 				ResourceOwner: "instance1",
-				ID:            "instance1",
 			},
 		},
 		{
@@ -230,7 +224,6 @@ func TestCommands_SetInstanceFeatures(t *testing.T) {
 			}},
 			want: &domain.ObjectDetails{
 				ResourceOwner: "instance1",
-				ID:            "instance1",
 			},
 		},
 		{
@@ -282,7 +275,6 @@ func TestCommands_SetInstanceFeatures(t *testing.T) {
 			}},
 			want: &domain.ObjectDetails{
 				ResourceOwner: "instance1",
-				ID:            "instance1",
 			},
 		},
 	}
--- a/internal/command/system_features_test.go
+++ b/internal/command/system_features_test.go
@@ -61,7 +61,6 @@ func TestCommands_SetSystemFeatures(t *testing.T) {
 			}},
 			want: &domain.ObjectDetails{
 				ResourceOwner: "SYSTEM",
-				ID:            "SYSTEM",
 			},
 		},
 		{
@@ -80,7 +79,6 @@ func TestCommands_SetSystemFeatures(t *testing.T) {
 			}},
 			want: &domain.ObjectDetails{
 				ResourceOwner: "SYSTEM",
-				ID:            "SYSTEM",
 			},
 		},
 		{
@@ -99,7 +97,6 @@ func TestCommands_SetSystemFeatures(t *testing.T) {
 			}},
 			want: &domain.ObjectDetails{
 				ResourceOwner: "SYSTEM",
-				ID:            "SYSTEM",
 			},
 		},
 		{
@@ -118,7 +115,6 @@ func TestCommands_SetSystemFeatures(t *testing.T) {
 			}},
 			want: &domain.ObjectDetails{
 				ResourceOwner: "SYSTEM",
-				ID:            "SYSTEM",
 			},
 		},
 		{
@@ -137,7 +133,6 @@ func TestCommands_SetSystemFeatures(t *testing.T) {
 			}},
 			want: &domain.ObjectDetails{
 				ResourceOwner: "SYSTEM",
-				ID:            "SYSTEM",
 			},
 		},
 		{
@@ -197,7 +192,6 @@ func TestCommands_SetSystemFeatures(t *testing.T) {
 			}},
 			want: &domain.ObjectDetails{
 				ResourceOwner: "SYSTEM",
-				ID:            "SYSTEM",
 			},
 		},
 		{
@@ -259,7 +253,6 @@ func TestCommands_SetSystemFeatures(t *testing.T) {
 			}},
 			want: &domain.ObjectDetails{
 				ResourceOwner: "SYSTEM",
-				ID:            "SYSTEM",
 			},
 		},
 	}
--- a/internal/command/user_v3_model.go
+++ b/internal/command/user_v3_model.go
@@ -707,7 +707,7 @@ func (wm *UserV3WriteModel) NewUnlock(ctx context.Context) (_ []eventstore.Comma
 	}
 	// can only be unlocked when locked
 	if !wm.Locked {
-		return nil, zerrors.ThrowNotFound(nil, "COMMAND-gpBv46Lh9m", "Errors.User.NotFound")
+		return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-gpBv46Lh9m", "Errors.User.NotLocked")
 	}
 	if err := wm.checkPermissionStateChange(ctx); err != nil {
 		return nil, err
@@ -735,7 +735,7 @@ func (wm *UserV3WriteModel) NewActivate(ctx context.Context) (_ []eventstore.Com
 	}
 	// can only be activated when inactive
 	if wm.State != domain.UserStateInactive {
-		return nil, zerrors.ThrowNotFound(nil, "COMMAND-rQjbBr4J3j", "Errors.User.NotFound")
+		return nil, zerrors.ThrowPreconditionFailed(nil, "COMMAND-rQjbBr4J3j", "Errors.User.NotInactive")
 	}
 	if err := wm.checkPermissionStateChange(ctx); err != nil {
 		return nil, err
--- a/internal/command/user_v3_pat.go
+++ b/internal/command/user_v3_pat.go
@@ -28,10 +28,22 @@ type PAT struct {
 	Token          string
 }

+func (wm *PAT) GetExpirationDate() time.Time {
+	return wm.ExpirationDate
+}
+
+func (wm *PAT) SetExpirationDate(date time.Time) {
+	wm.ExpirationDate = date
+}
+
 func (c *Commands) AddPAT(ctx context.Context, add *AddPAT) (*domain.ObjectDetails, error) {
 	if add.UserID == "" {
 		return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-14sGR7lTaj", "Errors.IDMissing")
 	}
+	if err := domain.EnsureValidExpirationDate(add.PAT); err != nil {
+		return nil, err
+	}
+
 	schemauser, err := existingSchemaUser(ctx, c, add.ResourceOwner, add.UserID)
 	if err != nil {
 		return nil, err
--- a/internal/command/user_v3_pat_model.go
+++ b/internal/command/user_v3_pat_model.go
@@ -113,7 +113,7 @@ func (wm *PATV3WriteModel) NewDelete(ctx context.Context) ([]eventstore.Command,

 func (wm *PATV3WriteModel) Exists() error {
 	if len(wm.Scopes) == 0 {
-		return zerrors.ThrowNotFound(nil, "TODO", "TODO")
+		return zerrors.ThrowNotFound(nil, "COMMAND-ur4kxtxIhW", "Errors.User.NotFound")
 	}
 	return nil
 }
@@ -122,5 +122,5 @@ func (wm *PATV3WriteModel) NotExists() error {
 	if err := wm.Exists(); err != nil {
 		return nil
 	}
-	return zerrors.ThrowAlreadyExists(nil, "TODO", "TODO")
+	return zerrors.ThrowAlreadyExists(nil, "COMMAND-iBM2bOhvYH", "Errors.User.AlreadyExists")
 }
--- a/internal/command/user_v3_pat_test.go
+++ b/internal/command/user_v3_pat_test.go
@@ -26,7 +26,7 @@ func filterPATExisting() expect {
 				context.Background(),
 				&authenticator.NewAggregate("pk1", "org1").Aggregate,
 				"user1",
-				time.Time{},
+				time.Date(9999, time.December, 31, 23, 59, 59, 0, time.UTC),
 				[]string{"first", "second", "third"},
 			),
 		),
@@ -140,6 +140,27 @@ func TestCommands_AddPAT(t *testing.T) {
 				},
 			},
 		},
+		{
+			"pat added, expirationDate before now",
+			fields{
+				eventstore: expectEventstore(),
+			},
+			args{
+				ctx: authz.NewMockContext("instanceID", "", ""),
+				user: &AddPAT{
+					UserID: "user1",
+					PAT: &PAT{
+						Scopes:         []string{"first", "second", "third"},
+						ExpirationDate: time.Date(2020, time.December, 31, 23, 59, 59, 0, time.UTC),
+					},
+				},
+			},
+			res{
+				err: func(err error) bool {
+					return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "DOMAIN-dv3t5", "Errors.AuthNKey.ExpireBeforeNow"))
+				},
+			},
+		},
 		{
 			"pat added, ok",
 			fields{
@@ -152,7 +173,7 @@ func TestCommands_AddPAT(t *testing.T) {
 							context.Background(),
 							&authenticator.NewAggregate("pk1", "org1").Aggregate,
 							"user1",
-							time.Time{},
+							time.Date(9999, time.December, 31, 23, 59, 59, 0, time.UTC),
 							[]string{"first", "second", "third"},
 						),
 					),
@@ -189,7 +210,7 @@ func TestCommands_AddPAT(t *testing.T) {
 							context.Background(),
 							&authenticator.NewAggregate("pk1", "org1").Aggregate,
 							"user1",
-							time.Date(2024, time.January, 1, 1, 1, 1, 1, time.UTC),
+							time.Date(9999, time.December, 31, 23, 59, 59, 0, time.UTC),
 							[]string{"first", "second", "third"},
 						),
 					),
@@ -203,7 +224,7 @@ func TestCommands_AddPAT(t *testing.T) {
 				user: &AddPAT{
 					UserID: "user1",
 					PAT: &PAT{
-						ExpirationDate: time.Date(2024, time.January, 1, 1, 1, 1, 1, time.UTC),
+						ExpirationDate: time.Date(9999, time.December, 31, 23, 59, 59, 0, time.UTC),
 						Scopes:         []string{"first", "second", "third"},
 					},
 				},
@@ -308,7 +329,7 @@ func TestCommands_DeletePAT(t *testing.T) {
 			},
 			res{
 				err: func(err error) bool {
-					return errors.Is(err, zerrors.ThrowNotFound(nil, "TODO", "TODO"))
+					return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-ur4kxtxIhW", "Errors.User.NotFound"))
 				},
 			},
 		},
@@ -322,7 +343,7 @@ func TestCommands_DeletePAT(t *testing.T) {
 								context.Background(),
 								&authenticator.NewAggregate("pk1", "org1").Aggregate,
 								"user1",
-								time.Time{},
+								time.Date(9999, time.December, 31, 23, 59, 59, 0, time.UTC),
 								[]string{"first", "second", "third"},
 							),
 						),
@@ -343,7 +364,7 @@ func TestCommands_DeletePAT(t *testing.T) {
 			},
 			res{
 				err: func(err error) bool {
-					return errors.Is(err, zerrors.ThrowNotFound(nil, "TODO", "TODO"))
+					return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-ur4kxtxIhW", "Errors.User.NotFound"))
 				},
 			},
 		},
--- a/internal/command/user_v3_publickey.go
+++ b/internal/command/user_v3_publickey.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"time"

+	"github.com/zitadel/zitadel/internal/crypto"
 	"github.com/zitadel/zitadel/internal/domain"
 	"github.com/zitadel/zitadel/internal/eventstore"
 	"github.com/zitadel/zitadel/internal/zerrors"
@@ -16,6 +17,13 @@ type AddPublicKey struct {
 	PublicKey *PublicKey
 }

+func (wm *AddPublicKey) GetPublicKey() []byte {
+	if wm.PublicKey == nil {
+		return nil
+	}
+	return wm.PublicKey.PublicKey
+}
+
 func (wm *AddPublicKey) GetPrivateKey() []byte {
 	if wm.PublicKey == nil {
 		return nil
@@ -23,6 +31,20 @@ func (wm *AddPublicKey) GetPrivateKey() []byte {
 	return wm.PublicKey.PrivateKey
 }

+func (wm *AddPublicKey) GetExpirationDate() time.Time {
+	if wm.PublicKey == nil {
+		return time.Time{}
+	}
+	return wm.PublicKey.GetExpirationDate()
+}
+
+func (wm *AddPublicKey) SetExpirationDate(date time.Time) {
+	if wm.PublicKey == nil {
+		wm.PublicKey = &PublicKey{}
+	}
+	wm.PublicKey.SetExpirationDate(date)
+}
+
 type PublicKey struct {
 	ExpirationDate time.Time
 	PublicKey      []byte
@@ -49,6 +71,15 @@ func (c *Commands) AddPublicKey(ctx context.Context, add *AddPublicKey) (*domain
 	if add.UserID == "" {
 		return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-14sGR7lTaj", "Errors.IDMissing")
 	}
+	if publicKey := add.GetPublicKey(); publicKey != nil {
+		if _, err := crypto.BytesToPublicKey(publicKey); err != nil {
+			return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-WdWlhUSVqK", "Errors.User.Machine.Key.Invalid")
+		}
+	}
+	if err := domain.EnsureValidExpirationDate(add.PublicKey); err != nil {
+		return nil, err
+	}
+
 	schemauser, err := existingSchemaUser(ctx, c, add.ResourceOwner, add.UserID)
 	if err != nil {
 		return nil, err
--- a/internal/command/user_v3_publickey_model.go
+++ b/internal/command/user_v3_publickey_model.go
@@ -15,7 +15,6 @@ type PublicKeyV3WriteModel struct {
 	eventstore.WriteModel
 	UserID         string
 	ExpirationDate time.Time
-	PrivateKey     []byte
 	PublicKey      []byte

 	checkPermission domain.PermissionCheck
@@ -114,7 +113,7 @@ func (wm *PublicKeyV3WriteModel) NewDelete(ctx context.Context) ([]eventstore.Co

 func (wm *PublicKeyV3WriteModel) Exists() error {
 	if len(wm.PublicKey) == 0 {
-		return zerrors.ThrowNotFound(nil, "TODO", "TODO")
+		return zerrors.ThrowNotFound(nil, "COMMAND-CqNteIqtCt", "Errors.User.NotFound")
 	}
 	return nil
 }
@@ -123,5 +122,5 @@ func (wm *PublicKeyV3WriteModel) NotExists() error {
 	if err := wm.Exists(); err != nil {
 		return nil
 	}
-	return zerrors.ThrowAlreadyExists(nil, "TODO", "TODO")
+	return zerrors.ThrowAlreadyExists(nil, "COMMAND-QkVpJv0DqA", "Errors.User.AlreadyExists")
 }
--- a/internal/command/user_v3_publickey_test.go
+++ b/internal/command/user_v3_publickey_test.go
@@ -24,13 +24,15 @@ func filterPublicKeyExisting() expect {
 				context.Background(),
 				&authenticator.NewAggregate("pk1", "org1").Aggregate,
 				"user1",
-				time.Time{},
+				time.Date(9999, time.December, 31, 23, 59, 59, 0, time.UTC),
 				[]byte("something"),
 			),
 		),
 	)
 }

+var publicKeyExample = []byte("-----BEGIN PUBLIC KEY-----\nMIICITANBgkqhkiG9w0BAQEFAAOCAg4AMIICCQKCAgB5tWxwCGRloCqvpgI2ZXPl\nxQ+WZbQPuHTqAxwbXbsKOJoAAq16iHmzriLKpqVDxRUXqTH3cY0P0A1IZbCBB2gG\nyq3Lk08sR5ute+MEQ+QibX2qpk+mccRr+eP6B1otcyBWxRhZ/YtWphDpZ4GCb4oN\nAzTIebU0ztlu1OOnDDSEEhwScu2LhG40bx4hVU8XNgIqEjxiR61J89vfZpCmn0Rl\nsqYvmX9sqtqPokdsKl3LPItRyDAJMG0uhwwGKsHffDNeLDZN1OCZE/ZS7USarJQH\nbtGeqFQKsCL33xsKbNL+QjnAhqHW09bMdwofJvlwYLfL0rGJQr5aVCaERAfKAOE6\npy0nVkEJsRLxvdx/ZbTtZdCBk/LiznkE1xp9J02obQ+kWHtdUYxM1OSJqPRGQpbS\nZTxurdBQ43gRjO07iWNV9CB0i6QN2GtDBmHVb48i6aPdA++uJqnPYzy46FWA3KMA\nSlxiZ1RDcGH+fN9uklC2cwAurctAxed3Me2RYGdxl813udeV4Ef3qaiV2dix/pKA\nvN1KIfPTpTdULCDBLjtaAYflJ2WYXHeWMJMMC4oJc3bcKpA4mWjZibZ3pSGX/STQ\nXwHUtKsGlrVBSeqjjILVpH+2G0rusrqkGOlPKN+qOIsnwJf9x47v+xEw1slqdDWm\n+x3gc+8m9oowCcq20OeNTQIDAQAB\n-----END PUBLIC KEY-----")
+
 func TestCommands_AddPublicKey(t *testing.T) {
 	type fields struct {
 		eventstore      func(t *testing.T) *eventstore.Eventstore
@@ -79,6 +81,9 @@ func TestCommands_AddPublicKey(t *testing.T) {
 				ctx: authz.NewMockContext("instanceID", "", ""),
 				user: &AddPublicKey{
 					UserID: "notexisting",
+					PublicKey: &PublicKey{
+						PublicKey: publicKeyExample,
+					},
 				},
 			},
 			res{
@@ -87,6 +92,30 @@ func TestCommands_AddPublicKey(t *testing.T) {
 				},
 			},
 		},
+		{
+			"userschema not existing, error",
+			fields{
+				eventstore: expectEventstore(
+					filterSchemaUserExisting(),
+					expectFilter(),
+				),
+				checkPermission: newMockPermissionCheckAllowed(),
+			},
+			args{
+				ctx: authz.NewMockContext("instanceID", "", ""),
+				user: &AddPublicKey{
+					UserID: "user1",
+					PublicKey: &PublicKey{
+						PublicKey: publicKeyExample,
+					},
+				},
+			},
+			res{
+				err: func(err error) bool {
+					return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-VLDTtxT3If", "Errors.UserSchema.NotExists"))
+				},
+			},
+		},
 		{
 			"no permission, error",
 			fields{
@@ -103,7 +132,7 @@ func TestCommands_AddPublicKey(t *testing.T) {
 				user: &AddPublicKey{
 					UserID: "user1",
 					PublicKey: &PublicKey{
-						PublicKey: []byte("something"),
+						PublicKey: publicKeyExample,
 					},
 				},
 			},
@@ -114,23 +143,43 @@ func TestCommands_AddPublicKey(t *testing.T) {
 			},
 		},
 		{
-			"userschema not existing, error",
+			"publickey added, no public key format",
 			fields{
-				eventstore: expectEventstore(
-					filterSchemaUserExisting(),
-					expectFilter(),
-				),
-				checkPermission: newMockPermissionCheckAllowed(),
+				eventstore: expectEventstore(),
 			},
 			args{
 				ctx: authz.NewMockContext("instanceID", "", ""),
 				user: &AddPublicKey{
 					UserID: "user1",
+					PublicKey: &PublicKey{
+						PublicKey: []byte("something"),
+					},
 				},
 			},
 			res{
 				err: func(err error) bool {
-					return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-VLDTtxT3If", "Errors.UserSchema.NotExists"))
+					return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "COMMAND-WdWlhUSVqK", "Errors.User.Machine.Key.Invalid"))
+				},
+			},
+		},
+		{
+			"publickey added, expirationDate before now",
+			fields{
+				eventstore: expectEventstore(),
+			},
+			args{
+				ctx: authz.NewMockContext("instanceID", "", ""),
+				user: &AddPublicKey{
+					UserID: "user1",
+					PublicKey: &PublicKey{
+						PublicKey:      publicKeyExample,
+						ExpirationDate: time.Date(2020, time.December, 31, 23, 59, 59, 0, time.UTC),
+					},
+				},
+			},
+			res{
+				err: func(err error) bool {
+					return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "DOMAIN-dv3t5", "Errors.AuthNKey.ExpireBeforeNow"))
 				},
 			},
 		},
@@ -146,8 +195,8 @@ func TestCommands_AddPublicKey(t *testing.T) {
 							context.Background(),
 							&authenticator.NewAggregate("pk1", "org1").Aggregate,
 							"user1",
-							time.Time{},
-							[]byte("something"),
+							time.Date(9999, time.December, 31, 23, 59, 59, 0, time.UTC),
+							publicKeyExample,
 						),
 					),
 				),
@@ -159,7 +208,7 @@ func TestCommands_AddPublicKey(t *testing.T) {
 				user: &AddPublicKey{
 					UserID: "user1",
 					PublicKey: &PublicKey{
-						PublicKey: []byte("something"),
+						PublicKey: publicKeyExample,
 					},
 				},
 			},
@@ -181,8 +230,8 @@ func TestCommands_AddPublicKey(t *testing.T) {
 							context.Background(),
 							&authenticator.NewAggregate("pk1", "org1").Aggregate,
 							"user1",
-							time.Date(2024, time.January, 1, 1, 1, 1, 1, time.UTC),
-							[]byte("something"),
+							time.Date(9999, time.December, 31, 23, 59, 59, 0, time.UTC),
+							publicKeyExample,
 						),
 					),
 				),
@@ -194,8 +243,8 @@ func TestCommands_AddPublicKey(t *testing.T) {
 				user: &AddPublicKey{
 					UserID: "user1",
 					PublicKey: &PublicKey{
-						PublicKey:      []byte("something"),
-						ExpirationDate: time.Date(2024, time.January, 1, 1, 1, 1, 1, time.UTC),
+						PublicKey:      publicKeyExample,
+						ExpirationDate: time.Date(9999, time.December, 31, 23, 59, 59, 0, time.UTC),
 					},
 				},
 			},
@@ -296,7 +345,7 @@ func TestCommands_DeletePublicKey(t *testing.T) {
 			},
 			res{
 				err: func(err error) bool {
-					return errors.Is(err, zerrors.ThrowNotFound(nil, "TODO", "TODO"))
+					return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-CqNteIqtCt", "Errors.User.NotFound"))
 				},
 			},
 		},
@@ -310,7 +359,7 @@ func TestCommands_DeletePublicKey(t *testing.T) {
 								context.Background(),
 								&authenticator.NewAggregate("pk1", "org1").Aggregate,
 								"user1",
-								time.Time{},
+								time.Date(9999, time.December, 31, 23, 59, 59, 0, time.UTC),
 								[]byte("something"),
 							),
 						),
@@ -331,7 +380,7 @@ func TestCommands_DeletePublicKey(t *testing.T) {
 			},
 			res{
 				err: func(err error) bool {
-					return errors.Is(err, zerrors.ThrowNotFound(nil, "TODO", "TODO"))
+					return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-CqNteIqtCt", "Errors.User.NotFound"))
 				},
 			},
 		},
--- a/internal/command/user_v3_state_test.go
+++ b/internal/command/user_v3_state_test.go
@@ -337,7 +337,7 @@ func TestCommandSide_UnlockSchemaUser(t *testing.T) {
 			},
 			res: res{
 				err: func(err error) bool {
-					return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-gpBv46Lh9m", "Errors.User.NotFound"))
+					return errors.Is(err, zerrors.ThrowPreconditionFailed(nil, "COMMAND-gpBv46Lh9m", "Errors.User.NotLocked"))
 				},
 			},
 		},
@@ -758,7 +758,7 @@ func TestCommandSide_ReactivateSchemaUser(t *testing.T) {
 			},
 			res: res{
 				err: func(err error) bool {
-					return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-rQjbBr4J3j", "Errors.User.NotFound"))
+					return errors.Is(err, zerrors.ThrowPreconditionFailed(nil, "COMMAND-rQjbBr4J3j", "Errors.User.NotInactive"))
 				},
 			},
 		},
--- a/internal/command/user_v3_test.go
+++ b/internal/command/user_v3_test.go
@@ -770,10 +770,16 @@ func TestCommands_CreateSchemaUser(t *testing.T) {
 					},
 					Password: &SchemaUserPassword{Password: "password"},
 					PublicKeys: []*PublicKey{
-						{PublicKey: []byte("something"), ExpirationDate: time.Date(2024, time.January, 1, 1, 1, 1, 1, time.UTC)},
+						{
+							PublicKey:      []byte("something"),
+							ExpirationDate: time.Date(2024, time.January, 1, 1, 1, 1, 1, time.UTC),
+						},
 					},
 					PATs: []*PAT{
-						{Scopes: []string{"first", "second", "third"}, ExpirationDate: time.Date(2024, time.January, 1, 1, 1, 1, 1, time.UTC)},
+						{
+							Scopes:         []string{"first", "second", "third"},
+							ExpirationDate: time.Date(2024, time.January, 1, 1, 1, 1, 1, time.UTC),
+						},
 					},
 				},
 			},
--- a/internal/command/user_v3_username_model.go
+++ b/internal/command/user_v3_username_model.go
@@ -114,7 +114,7 @@ func (wm *UsernameV3WriteModel) NewDelete(ctx context.Context) ([]eventstore.Com

 func (wm *UsernameV3WriteModel) Exists() error {
 	if wm.Username == "" {
-		return zerrors.ThrowNotFound(nil, "TODO", "TODO")
+		return zerrors.ThrowNotFound(nil, "COMMAND-uEii8L6Awp", "Errors.User.NotFound")
 	}
 	return nil
 }
@@ -123,7 +123,7 @@ func (wm *UsernameV3WriteModel) NotExists() error {
 	if err := wm.Exists(); err != nil {
 		return nil
 	}
-	return zerrors.ThrowAlreadyExists(nil, "TODO", "TODO")
+	return zerrors.ThrowAlreadyExists(nil, "COMMAND-rK7ZTzEEGU", "Errors.User.AlreadyExists")
 }

 func AuthenticatorAggregateFromWriteModel(wm *eventstore.WriteModel) *eventstore.Aggregate {
--- a/internal/command/user_v3_username_test.go
+++ b/internal/command/user_v3_username_test.go
@@ -340,7 +340,7 @@ func TestCommands_DeleteUsername(t *testing.T) {
 			},
 			res{
 				err: func(err error) bool {
-					return errors.Is(err, zerrors.ThrowNotFound(nil, "TODO", "TODO"))
+					return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-uEii8L6Awp", "Errors.User.NotFound"))
 				},
 			},
 		},
@@ -377,7 +377,7 @@ func TestCommands_DeleteUsername(t *testing.T) {
 			},
 			res{
 				err: func(err error) bool {
-					return errors.Is(err, zerrors.ThrowNotFound(nil, "TODO", "TODO"))
+					return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-uEii8L6Awp", "Errors.User.NotFound"))
 				},
 			},
 		},