TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 18:07:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(org): adding unique constrants to not allow an org to be added twice with same id (#10243)

Browse Source 
# Which Problems Are Solved

When adding 2 orgs with the same ID, you get a positive response from
the API, later when the org is projected, it errors due to the id
already in use

# How the Problems Are Solved

Check org with orgID specified does not already exist before adding
events

# Additional Changes

Added additional test case for adding same org with same name twice


# Additional Context

- Closes https://github.com/zitadel/zitadel/issues/10127

---------

Co-authored-by: Silvan <27845747+adlerhurst@users.noreply.github.com>
This commit is contained in:
Iraq
2025-07-16 12:07:12 +02:00
committed by GitHub
parent 312b7b6010
commit 870fefe3dc
23 changed files with 172 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
internal/command/org.go
View File

@@ -276,6 +276,15 @@ func (c *Commands) SetUpOrg(ctx context.Context, o *OrgSetup, allowInitialMail b
}
}
// because users can choose their own ID, we must check that an org with the same ID does not already exist
existingOrg, err := c.getOrgWriteModelByID(ctx, o.OrgID)
if err != nil {
return nil, err
}
if existingOrg.State.Exists() {
return nil, zerrors.ThrowAlreadyExists(nil, "ORG-laho2n", "Errors.Org.AlreadyExisting")
}
return c.setUpOrgWithIDs(ctx, o, o.OrgID, allowInitialMail, userIDs...)
}
@@ -327,12 +336,13 @@ func (c *Commands) AddOrgWithID(ctx context.Context, name, userID, resourceOwner
ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }()
// because users can choose their own ID, we must check that an org with the same ID does not already exist
existingOrg, err := c.getOrgWriteModelByID(ctx, orgID)
if err != nil {
return nil, err
}
if existingOrg.State != domain.OrgStateUnspecified {
return nil, zerrors.ThrowNotFound(nil, "ORG-lapo2m", "Errors.Org.AlreadyExisting")
if existingOrg.State.Exists() {
return nil, zerrors.ThrowAlreadyExists(nil, "ORG-lapo2n", "Errors.Org.AlreadyExisting")
}
return c.addOrgWithIDAndMember(ctx, name, userID, resourceOwner, orgID, setOrgInactive, claimedUserIDs)

84
internal/command/org_test.go
View File

@@ -1293,7 +1293,9 @@ func TestCommandSide_SetUpOrg(t *testing.T) {
{
name: "org name empty, error",
fields: fields{
eventstore: expectEventstore(),
eventstore: expectEventstore(
expectFilter(), // org already exists check
),
idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "orgID"),
},
args: args{
@@ -1326,6 +1328,7 @@ func TestCommandSide_SetUpOrg(t *testing.T) {
name: "userID not existing, error",
fields: fields{
eventstore: expectEventstore(
expectFilter(), // org already exists check
expectFilter(),
),
idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "orgID"),
@@ -1348,7 +1351,9 @@ func TestCommandSide_SetUpOrg(t *testing.T) {
{
name: "human invalid, error",
fields: fields{
eventstore: expectEventstore(),
eventstore: expectEventstore(
expectFilter(), // org already exists check
),
idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "orgID", "userID"),
},
args: args{
@@ -1381,6 +1386,7 @@ func TestCommandSide_SetUpOrg(t *testing.T) {
fields: fields{
eventstore: expectEventstore(
expectFilter(), // add human exists check
expectFilter(),
expectFilter(
eventFromEventPusher(
org.NewDomainPolicyAddedEvent(context.Background(),
@@ -1501,10 +1507,82 @@ func TestCommandSide_SetUpOrg(t *testing.T) {
},
},
},
{
name: "org already exists",
fields: fields{
eventstore: expectEventstore(
expectFilter(
eventFromEventPusher(
org.NewOrgAddedEvent(context.Background(),
&org.NewAggregate("custom-org-ID").Aggregate, "Org"),
),
),
),
},
args: args{
ctx: http_util.WithRequestedHost(context.Background(), "iam-domain"),
setupOrg: &OrgSetup{
Name: "Org",
OrgID: "custom-org-ID",
},
},
res: res{
err: zerrors.ThrowAlreadyExists(nil, "ORG-laho2n", "Errors.Org.AlreadyExisting"),
},
},
{
name: "org with same id deleted",
fields: fields{
eventstore: expectEventstore(
expectFilter(
eventFromEventPusher(
org.NewOrgAddedEvent(context.Background(),
&org.NewAggregate("custom-org-ID").Aggregate, "Org"),
),
org.NewOrgRemovedEvent(
context.Background(), &org.NewAggregate("custom-org-ID").Aggregate,
"Org", []string{}, false, []string{}, []*domain.UserIDPLink{}, []string{}),
),
expectPush(
eventFromEventPusher(org.NewOrgAddedEvent(context.Background(),
&org.NewAggregate("custom-org-ID").Aggregate,
"Org",
)),
eventFromEventPusher(org.NewDomainAddedEvent(context.Background(),
&org.NewAggregate("custom-org-ID").Aggregate, "org.iam-domain",
)),
eventFromEventPusher(org.NewDomainVerifiedEvent(context.Background(),
&org.NewAggregate("custom-org-ID").Aggregate,
"org.iam-domain",
)),
eventFromEventPusher(org.NewDomainPrimarySetEvent(context.Background(),
&org.NewAggregate("custom-org-ID").Aggregate,
"org.iam-domain",
)),
),
),
},
args: args{
ctx: http_util.WithRequestedHost(context.Background(), "iam-domain"),
setupOrg: &OrgSetup{
Name: "Org",
OrgID: "custom-org-ID",
},
},
res: res{
createdOrg: &CreatedOrg{
ObjectDetails: &domain.ObjectDetails{
ResourceOwner: "custom-org-ID",
},
OrgAdmins: []OrgAdmin{},
},
},
},
{
name: "no human added, custom org ID",
fields: fields{
eventstore: expectEventstore(
expectFilter(), // org already exists check
expectPush(
eventFromEventPusher(org.NewOrgAddedEvent(context.Background(),
&org.NewAggregate("custom-org-ID").Aggregate,
@@ -1544,6 +1622,7 @@ func TestCommandSide_SetUpOrg(t *testing.T) {
name: "existing human added",
fields: fields{
eventstore: expectEventstore(
expectFilter(), // org already exists check
expectFilter(
eventFromEventPusher(
user.NewHumanAddedEvent(context.Background(),
@@ -1616,6 +1695,7 @@ func TestCommandSide_SetUpOrg(t *testing.T) {
fields: fields{
eventstore: expectEventstore(
expectFilter(), // add machine exists check
expectFilter(),
expectFilter(
eventFromEventPusher(
org.NewDomainPolicyAddedEvent(context.Background(),