From 72bc3ffe142ca556ea3fa15e1d4f3c293e4801ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tim=20M=C3=B6hlmann?= Date: Thu, 23 Nov 2023 16:17:50 +0200 Subject: [PATCH] fix(oidc): add missing fields to introspection (#6967) during QA I found some user info and org ID was missing. This change adds those missing fields. --- internal/api/oidc/client_integration_test.go | 11 +++- internal/integration/client.go | 7 +- internal/query/embed/userinfo_by_id.sql | 9 +-- internal/query/testdata/userinfo_human.json | 3 + .../query/testdata/userinfo_human_grants.json | 3 + .../query/testdata/userinfo_human_no_md.json | 3 + internal/query/testdata/userinfo_machine.json | 1 + internal/query/userinfo_test.go | 66 +++++++++++-------- 8 files changed, 66 insertions(+), 37 deletions(-) diff --git a/internal/api/oidc/client_integration_test.go b/internal/api/oidc/client_integration_test.go index f1f5ed8466..2c3d8e3735 100644 --- a/internal/api/oidc/client_integration_test.go +++ b/internal/api/oidc/client_integration_test.go @@ -12,7 +12,9 @@ import ( "github.com/zitadel/oidc/v3/pkg/client/rp" "github.com/zitadel/oidc/v3/pkg/client/rs" "github.com/zitadel/oidc/v3/pkg/oidc" + "golang.org/x/text/language" + oidc_api "github.com/zitadel/zitadel/internal/api/oidc" "github.com/zitadel/zitadel/pkg/grpc/authn" "github.com/zitadel/zitadel/pkg/grpc/management" oidc_pb "github.com/zitadel/zitadel/pkg/grpc/oidc/v2beta" @@ -65,7 +67,7 @@ func TestServer_Introspect(t *testing.T) { resourceServer, err := Tester.CreateResourceServer(CTX, keyResp.GetKeyDetails()) require.NoError(t, err) - scope := []string{oidc.ScopeOpenID, oidc.ScopeProfile, oidc.ScopeEmail, oidc.ScopeOfflineAccess} + scope := []string{oidc.ScopeOpenID, oidc.ScopeProfile, oidc.ScopeEmail, oidc.ScopeOfflineAccess, oidc_api.ScopeResourceOwner} authRequestID := createAuthRequest(t, app.GetClientId(), redirectURI, scope...) sessionID, sessionToken, startTime, changeTime := Tester.CreateVerifiedWebAuthNSession(t, CTXLOGIN, User.GetUserId()) linkResp, err := Tester.Client.OIDCv2.CreateCallback(CTXLOGIN, &oidc_pb.CreateCallbackRequest{ @@ -129,7 +131,14 @@ func assertIntrospection( assert.Equal(t, "Mickey", introspection.GivenName) assert.Equal(t, "Mouse", introspection.FamilyName) assert.Equal(t, "Mickey Mouse", introspection.Name) + assert.Equal(t, oidc.Gender("male"), introspection.Gender) + assert.Equal(t, oidc.NewLocale(language.Dutch), introspection.Locale) assert.Equal(t, introspection.Username, introspection.Email) assert.False(t, bool(introspection.EmailVerified)) assertOIDCTime(t, introspection.UpdatedAt, User.GetDetails().GetChangeDate().AsTime()) + + require.NotNil(t, introspection.Claims) + assert.Equal(t, User.Details.ResourceOwner, introspection.Claims[oidc_api.ClaimResourceOwner+"id"]) + assert.NotEmpty(t, introspection.Claims[oidc_api.ClaimResourceOwner+"name"]) + assert.NotEmpty(t, introspection.Claims[oidc_api.ClaimResourceOwner+"primary_domain"]) } diff --git a/internal/integration/client.go b/internal/integration/client.go index 7e64b11706..cc4ccc75bd 100644 --- a/internal/integration/client.go +++ b/internal/integration/client.go @@ -7,6 +7,7 @@ import ( "time" crewjam_saml "github.com/crewjam/saml" + "github.com/muhlemmer/gu" "github.com/stretchr/testify/require" "github.com/zitadel/logging" "github.com/zitadel/oidc/v3/pkg/oidc" @@ -90,8 +91,10 @@ func (s *Tester) CreateHumanUser(ctx context.Context) *user.AddHumanUserResponse }, }, Profile: &user.SetHumanProfile{ - GivenName: "Mickey", - FamilyName: "Mouse", + GivenName: "Mickey", + FamilyName: "Mouse", + PreferredLanguage: gu.Ptr("nl"), + Gender: gu.Ptr(user.Gender_GENDER_MALE), }, Email: &user.SetHumanEmail{ Email: fmt.Sprintf("%d@mouse.com", time.Now().UnixNano()), diff --git a/internal/query/embed/userinfo_by_id.sql b/internal/query/embed/userinfo_by_id.sql index 128a9591be..1f289f60c9 100644 --- a/internal/query/embed/userinfo_by_id.sql +++ b/internal/query/embed/userinfo_by_id.sql @@ -1,6 +1,3 @@ --- deallocate q; --- prepare q (text, text, text[]) as - with usr as ( select u.id, u.creation_date, u.change_date, u.sequence, u.state, u.resource_owner, u.username, n.login_name as preferred_login_name from projections.users9 u @@ -11,7 +8,7 @@ with usr as ( ), human as ( select $1 as user_id, row_to_json(r) as human from ( - select first_name, last_name, nick_name, display_name, avatar_key, email, is_email_verified, phone, is_phone_verified + select first_name, last_name, nick_name, display_name, avatar_key, preferred_language, gender, email, is_email_verified, phone, is_phone_verified from projections.users9_humans where user_id = $1 and instance_id = $2 @@ -56,7 +53,7 @@ orgs as ( -- find the user's org user_org as ( select row_to_json(r) as organization from ( - select name, primary_domain + select o.id, o.name, o.primary_domain from orgs o join usr u on o.id = u.resource_owner ) r @@ -88,5 +85,3 @@ select json_build_object( 'metadata', (select metadata from metadata), 'user_grants', (select grants from grants) ); - --- execute q('231965491734773762','230690539048009730', '{"236645808328409090","240762134579904514"}') \ No newline at end of file diff --git a/internal/query/testdata/userinfo_human.json b/internal/query/testdata/userinfo_human.json index 4744b9299d..c5dfa65d62 100644 --- a/internal/query/testdata/userinfo_human.json +++ b/internal/query/testdata/userinfo_human.json @@ -14,6 +14,8 @@ "nick_name": "muhlemmer", "display_name": "Tim Mohlmann", "avatar_key": null, + "preferred_language": "en", + "gender": 2, "email": "tim+tesmail@zitadel.com", "is_email_verified": true, "phone": "+40123456789", @@ -22,6 +24,7 @@ "machine": null }, "org": { + "id": "231848297847848962", "name": "demo", "primary_domain": "demo.localhost" }, diff --git a/internal/query/testdata/userinfo_human_grants.json b/internal/query/testdata/userinfo_human_grants.json index fec383acf2..b7e6e57589 100644 --- a/internal/query/testdata/userinfo_human_grants.json +++ b/internal/query/testdata/userinfo_human_grants.json @@ -14,6 +14,8 @@ "nick_name": "muhlemmer", "display_name": "Tim Mohlmann", "avatar_key": null, + "preferred_language": "en", + "gender": 2, "email": "tim+tesmail@zitadel.com", "is_email_verified": true, "phone": "+40123456789", @@ -22,6 +24,7 @@ "machine": null }, "org": { + "id": "231848297847848962", "name": "demo", "primary_domain": "demo.localhost" }, diff --git a/internal/query/testdata/userinfo_human_no_md.json b/internal/query/testdata/userinfo_human_no_md.json index dffbf0851a..d2148d63ca 100644 --- a/internal/query/testdata/userinfo_human_no_md.json +++ b/internal/query/testdata/userinfo_human_no_md.json @@ -14,6 +14,8 @@ "nick_name": "muhlemmer", "display_name": "Tim Mohlmann", "avatar_key": null, + "preferred_language": "en", + "gender": 2, "email": "tim+tesmail@zitadel.com", "is_email_verified": true, "phone": "+40123456789", @@ -22,6 +24,7 @@ "machine": null }, "org": { + "id": "231848297847848962", "name": "demo", "primary_domain": "demo.localhost" }, diff --git a/internal/query/testdata/userinfo_machine.json b/internal/query/testdata/userinfo_machine.json index b2b13d18e4..daa8653163 100644 --- a/internal/query/testdata/userinfo_machine.json +++ b/internal/query/testdata/userinfo_machine.json @@ -15,6 +15,7 @@ } }, "org": { + "id": "231848297847848962", "name": "demo", "primary_domain": "demo.localhost" }, diff --git a/internal/query/userinfo_test.go b/internal/query/userinfo_test.go index 4edf74fb57..34c713d506 100644 --- a/internal/query/userinfo_test.go +++ b/internal/query/userinfo_test.go @@ -11,9 +11,11 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "golang.org/x/text/language" "github.com/zitadel/zitadel/internal/api/authz" "github.com/zitadel/zitadel/internal/database" + "github.com/zitadel/zitadel/internal/domain" "github.com/zitadel/zitadel/internal/errors" ) @@ -99,19 +101,22 @@ func TestQueries_GetOIDCUserInfo(t *testing.T) { Username: "tim+tesmail@zitadel.com", PreferredLoginName: "tim+tesmail@zitadel.com@demo.localhost", Human: &Human{ - FirstName: "Tim", - LastName: "Mohlmann", - NickName: "muhlemmer", - DisplayName: "Tim Mohlmann", - AvatarKey: "", - Email: "tim+tesmail@zitadel.com", - IsEmailVerified: true, - Phone: "+40123456789", - IsPhoneVerified: false, + FirstName: "Tim", + LastName: "Mohlmann", + NickName: "muhlemmer", + DisplayName: "Tim Mohlmann", + AvatarKey: "", + PreferredLanguage: language.English, + Gender: domain.GenderMale, + Email: "tim+tesmail@zitadel.com", + IsEmailVerified: true, + Phone: "+40123456789", + IsPhoneVerified: false, }, Machine: nil, }, Org: &UserInfoOrg{ + ID: "231848297847848962", Name: "demo", PrimaryDomain: "demo.localhost", }, @@ -135,19 +140,22 @@ func TestQueries_GetOIDCUserInfo(t *testing.T) { Username: "tim+tesmail@zitadel.com", PreferredLoginName: "tim+tesmail@zitadel.com@demo.localhost", Human: &Human{ - FirstName: "Tim", - LastName: "Mohlmann", - NickName: "muhlemmer", - DisplayName: "Tim Mohlmann", - AvatarKey: "", - Email: "tim+tesmail@zitadel.com", - IsEmailVerified: true, - Phone: "+40123456789", - IsPhoneVerified: false, + FirstName: "Tim", + LastName: "Mohlmann", + NickName: "muhlemmer", + DisplayName: "Tim Mohlmann", + AvatarKey: "", + PreferredLanguage: language.English, + Gender: domain.GenderMale, + Email: "tim+tesmail@zitadel.com", + IsEmailVerified: true, + Phone: "+40123456789", + IsPhoneVerified: false, }, Machine: nil, }, Org: &UserInfoOrg{ + ID: "231848297847848962", Name: "demo", PrimaryDomain: "demo.localhost", }, @@ -193,19 +201,22 @@ func TestQueries_GetOIDCUserInfo(t *testing.T) { Username: "tim+tesmail@zitadel.com", PreferredLoginName: "tim+tesmail@zitadel.com@demo.localhost", Human: &Human{ - FirstName: "Tim", - LastName: "Mohlmann", - NickName: "muhlemmer", - DisplayName: "Tim Mohlmann", - AvatarKey: "", - Email: "tim+tesmail@zitadel.com", - IsEmailVerified: true, - Phone: "+40123456789", - IsPhoneVerified: false, + FirstName: "Tim", + LastName: "Mohlmann", + NickName: "muhlemmer", + DisplayName: "Tim Mohlmann", + AvatarKey: "", + PreferredLanguage: language.English, + Gender: domain.GenderMale, + Email: "tim+tesmail@zitadel.com", + IsEmailVerified: true, + Phone: "+40123456789", + IsPhoneVerified: false, }, Machine: nil, }, Org: &UserInfoOrg{ + ID: "231848297847848962", Name: "demo", PrimaryDomain: "demo.localhost", }, @@ -292,6 +303,7 @@ func TestQueries_GetOIDCUserInfo(t *testing.T) { }, }, Org: &UserInfoOrg{ + ID: "231848297847848962", Name: "demo", PrimaryDomain: "demo.localhost", },