fix(saml): Push AuthenticationSucceededOnApplication milestone for SAML sessions (#10263)

# Which Problems Are Solved The SAML session (v2 login) currently does not push a `AuthenticationSucceededOnApplication` milestone upon successful SAML login for the first time. The changes in this PR address this issue. # How the Problems Are Solved Add a new function to set the appropriate milestone, and call this function after a successful SAML request. # Additional Changes N/A # Additional Context - Closes #9592 --------- Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
2025-08-12 00:47:33 +00:00 · 2025-07-15 18:03:47 +02:00
parent e1f112d59b
commit 6d11145c77
4 changed files with 114 additions and 0 deletions
--- a/internal/command/milestone_test.go
+++ b/internal/command/milestone_test.go
@@ -627,3 +627,84 @@ func TestCommands_applicationCreatedMilestone(t *testing.T) {
 func (c *Commands) setMilestonesCompletedForTest(instanceID string) {
 	c.milestonesCompleted.Store(instanceID, struct{}{})
 }
+
+func TestSAMLSessionEvents_SetMilestones(t *testing.T) {
+	ctx := authz.WithInstanceID(context.Background(), "instanceID")
+	aggregate := milestone.NewAggregate(ctx)
+
+	type fields struct {
+		eventstore func(*testing.T) *eventstore.Eventstore
+	}
+	tests := []struct {
+		name       string
+		fields     fields
+		wantEvents []eventstore.Command
+		wantErr    error
+	}{
+		{
+			name: "get error",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilterError(io.ErrClosedPipe),
+				),
+			},
+			wantErr: io.ErrClosedPipe,
+		},
+		{
+			name: "auth on instance, auth on application",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(),
+				),
+			},
+			wantEvents: []eventstore.Command{
+				milestone.NewReachedEvent(ctx, aggregate, milestone.AuthenticationSucceededOnInstance),
+				milestone.NewReachedEvent(ctx, aggregate, milestone.AuthenticationSucceededOnApplication),
+			},
+			wantErr: nil,
+		},
+		{
+			name: "auth on app with a previous auth on instance",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(milestone.NewReachedEvent(ctx, aggregate, milestone.AuthenticationSucceededOnInstance)),
+					),
+				),
+			},
+			wantEvents: []eventstore.Command{
+				milestone.NewReachedEvent(ctx, aggregate, milestone.AuthenticationSucceededOnApplication),
+			},
+			wantErr: nil,
+		},
+		{
+			name: "milestones already reached",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(milestone.NewReachedEvent(ctx, aggregate, milestone.AuthenticationSucceededOnInstance)),
+						eventFromEventPusher(milestone.NewReachedEvent(ctx, aggregate, milestone.AuthenticationSucceededOnApplication)),
+					),
+				),
+			},
+			wantErr: nil,
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			c := &Commands{
+				eventstore: tt.fields.eventstore(t),
+				caches: &Caches{
+					milestones: noop.NewCache[milestoneIndex, string, *MilestonesReached](),
+				},
+			}
+			s := &SAMLSessionEvents{
+				commands: c,
+			}
+			postCommit, err := s.SetMilestones(ctx)
+			postCommit(ctx)
+			require.ErrorIs(t, err, tt.wantErr)
+			assert.Equal(t, tt.wantEvents, s.events)
+		})
+	}
+}