feat(api): add password reset and change to user service (#6036)

* feat(api): add password reset and change to user service * integration tests * invalidate password check after password change * handle notification type * fix proto
2025-08-12 04:57:33 +00:00 · 2023-06-20 17:34:06 +02:00
parent 1017568cf1
commit 82e7333169
20 changed files with 1373 additions and 54 deletions
--- a/internal/query/projection/session.go
+++ b/internal/query/projection/session.go
@@ -10,6 +10,7 @@ import (
 	"github.com/zitadel/zitadel/internal/eventstore/handler/crdb"
 	"github.com/zitadel/zitadel/internal/repository/instance"
 	"github.com/zitadel/zitadel/internal/repository/session"
+	"github.com/zitadel/zitadel/internal/repository/user"
 )

 const (
@@ -107,6 +108,15 @@ func (p *sessionProjection) reducers() []handler.AggregateReducer {
 				},
 			},
 		},
+		{
+			Aggregate: user.AggregateType,
+			EventRedusers: []handler.EventReducer{
+				{
+					Event:  user.HumanPasswordChangedType,
+					Reduce: p.reducePasswordChanged,
+				},
+			},
+		},
 	}
 }

@@ -245,3 +255,21 @@ func (p *sessionProjection) reduceSessionTerminated(event eventstore.Event) (*ha
 		},
 	), nil
 }
+
+func (p *sessionProjection) reducePasswordChanged(event eventstore.Event) (*handler.Statement, error) {
+	e, ok := event.(*user.HumanPasswordChangedEvent)
+	if !ok {
+		return nil, errors.ThrowInvalidArgumentf(nil, "HANDL-Deg3d", "reduce.wrong.event.type %s", user.HumanPasswordChangedType)
+	}
+
+	return crdb.NewUpdateStatement(
+		e,
+		[]handler.Column{
+			handler.NewCol(SessionColumnPasswordCheckedAt, nil),
+		},
+		[]handler.Condition{
+			handler.NewCond(SessionColumnUserID, e.Aggregate().ID),
+			crdb.NewLessThanCond(SessionColumnPasswordCheckedAt, e.CreationDate()),
+		},
+	), nil
+}
--- a/internal/query/projection/session_test.go
+++ b/internal/query/projection/session_test.go
@@ -11,6 +11,7 @@ import (
 	"github.com/zitadel/zitadel/internal/eventstore/repository"
 	"github.com/zitadel/zitadel/internal/repository/instance"
 	"github.com/zitadel/zitadel/internal/repository/session"
+	"github.com/zitadel/zitadel/internal/repository/user"
 )

 func TestSessionProjection_reduces(t *testing.T) {
@@ -243,6 +244,39 @@ func TestSessionProjection_reduces(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "reducePasswordChanged",
+			args: args{
+				event: getEvent(testEvent(
+					repository.EventType(user.HumanPasswordChangedType),
+					user.AggregateType,
+					[]byte(`{"secret": {
+								"cryptoType": 0,
+								"algorithm": "enc",
+								"keyID": "id",
+								"crypted": "cGFzc3dvcmQ="
+							}}`),
+				), user.HumanPasswordChangedEventMapper),
+			},
+			reduce: (&sessionProjection{}).reducePasswordChanged,
+			want: wantReduce{
+				aggregateType:    eventstore.AggregateType("user"),
+				sequence:         15,
+				previousSequence: 10,
+				executer: &testExecuter{
+					executions: []execution{
+						{
+							expectedStmt: "UPDATE projections.sessions1 SET password_checked_at = $1 WHERE (user_id = $2) AND (password_checked_at < $3)",
+							expectedArgs: []interface{}{
+								nil,
+								"agg-id",
+								anyArg{},
+							},
+						},
+					},
+				},
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {