TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-04 23:45:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: check that session token can already be used to avoid permission denied

Browse Source
This commit is contained in:
Stefan Benz 2024-12-03 14:29:45 +01:00
parent 2816f9a4f5
commit 7ed57b0e1c
No known key found for this signature in database
GPG Key ID: 071AA751ED4F9D31
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
internal/integration/client.go
View File

@ -8,6 +8,7 @@ import (
"github.com/brianvoe/gofakeit/v6" "github.com/brianvoe/gofakeit/v6"
"github.com/muhlemmer/gu" "github.com/muhlemmer/gu"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require" "github.com/stretchr/testify/require"
"github.com/zitadel/logging" "github.com/zitadel/logging"
"google.golang.org/grpc" "google.golang.org/grpc"
@ -634,6 +635,19 @@ func (i *Instance) CreateVerifiedWebAuthNSessionWithLifetime(t *testing.T, ctx c
}, },
}) })
require.NoError(t, err) require.NoError(t, err)
retryDuration, tick := WaitForAndTickWithMaxDuration(ctx, time.Minute)
require.EventuallyWithT(t,
func(tt *assert.CollectT) {
resp, err := i.Client.SessionV2.GetSession(ctx, &session.GetSessionRequest{
SessionId: createResp.GetSessionId(),
SessionToken: gu.Ptr(updateResp.GetSessionToken()),
})
assert.NoError(tt, err)
assert.Equal(tt, createResp.GetSessionId(), resp.GetSession().GetId())
}, retryDuration, tick, "awaiting successful usage of token failed",
)
return createResp.GetSessionId(), updateResp.GetSessionToken(), return createResp.GetSessionId(), updateResp.GetSessionToken(),
createResp.GetDetails().GetChangeDate().AsTime(), updateResp.GetDetails().GetChangeDate().AsTime() createResp.GetDetails().GetChangeDate().AsTime(), updateResp.GetDetails().GetChangeDate().AsTime()
} }