fix(org): adding unique constrants to not allow an org to be added twice with same id (#10243)

# Which Problems Are Solved When adding 2 orgs with the same ID, you get a positive response from the API, later when the org is projected, it errors due to the id already in use # How the Problems Are Solved Check org with orgID specified does not already exist before adding events # Additional Changes Added additional test case for adding same org with same name twice # Additional Context - Closes https://github.com/zitadel/zitadel/issues/10127 --------- Co-authored-by: Silvan <27845747+adlerhurst@users.noreply.github.com>
2025-08-11 20:57:31 +00:00 · 2025-07-16 12:07:12 +02:00
parent 312b7b6010
commit 870fefe3dc
23 changed files with 172 additions and 31 deletions
--- a/internal/command/org_test.go
+++ b/internal/command/org_test.go
@@ -1293,7 +1293,9 @@ func TestCommandSide_SetUpOrg(t *testing.T) {
 		{
 			name: "org name empty, error",
 			fields: fields{
-				eventstore:  expectEventstore(),
+				eventstore: expectEventstore(
+					expectFilter(), // org already exists check
+				),
 				idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "orgID"),
 			},
 			args: args{
@@ -1326,6 +1328,7 @@ func TestCommandSide_SetUpOrg(t *testing.T) {
 			name: "userID not existing, error",
 			fields: fields{
 				eventstore: expectEventstore(
+					expectFilter(), // org already exists check
 					expectFilter(),
 				),
 				idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "orgID"),
@@ -1348,7 +1351,9 @@ func TestCommandSide_SetUpOrg(t *testing.T) {
 		{
 			name: "human invalid, error",
 			fields: fields{
-				eventstore:  expectEventstore(),
+				eventstore: expectEventstore(
+					expectFilter(), // org already exists check
+				),
 				idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "orgID", "userID"),
 			},
 			args: args{
@@ -1381,6 +1386,7 @@ func TestCommandSide_SetUpOrg(t *testing.T) {
 			fields: fields{
 				eventstore: expectEventstore(
 					expectFilter(), // add human exists check
+					expectFilter(),
 					expectFilter(
 						eventFromEventPusher(
 							org.NewDomainPolicyAddedEvent(context.Background(),
@@ -1501,10 +1507,82 @@ func TestCommandSide_SetUpOrg(t *testing.T) {
 				},
 			},
 		},
+		{
+			name: "org already exists",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(
+							org.NewOrgAddedEvent(context.Background(),
+								&org.NewAggregate("custom-org-ID").Aggregate, "Org"),
+						),
+					),
+				),
+			},
+			args: args{
+				ctx: http_util.WithRequestedHost(context.Background(), "iam-domain"),
+				setupOrg: &OrgSetup{
+					Name:  "Org",
+					OrgID: "custom-org-ID",
+				},
+			},
+			res: res{
+				err: zerrors.ThrowAlreadyExists(nil, "ORG-laho2n", "Errors.Org.AlreadyExisting"),
+			},
+		},
+		{
+			name: "org with same id deleted",
+			fields: fields{
+				eventstore: expectEventstore(
+					expectFilter(
+						eventFromEventPusher(
+							org.NewOrgAddedEvent(context.Background(),
+								&org.NewAggregate("custom-org-ID").Aggregate, "Org"),
+						),
+						org.NewOrgRemovedEvent(
+							context.Background(), &org.NewAggregate("custom-org-ID").Aggregate,
+							"Org", []string{}, false, []string{}, []*domain.UserIDPLink{}, []string{}),
+					),
+					expectPush(
+						eventFromEventPusher(org.NewOrgAddedEvent(context.Background(),
+							&org.NewAggregate("custom-org-ID").Aggregate,
+							"Org",
+						)),
+						eventFromEventPusher(org.NewDomainAddedEvent(context.Background(),
+							&org.NewAggregate("custom-org-ID").Aggregate, "org.iam-domain",
+						)),
+						eventFromEventPusher(org.NewDomainVerifiedEvent(context.Background(),
+							&org.NewAggregate("custom-org-ID").Aggregate,
+							"org.iam-domain",
+						)),
+						eventFromEventPusher(org.NewDomainPrimarySetEvent(context.Background(),
+							&org.NewAggregate("custom-org-ID").Aggregate,
+							"org.iam-domain",
+						)),
+					),
+				),
+			},
+			args: args{
+				ctx: http_util.WithRequestedHost(context.Background(), "iam-domain"),
+				setupOrg: &OrgSetup{
+					Name:  "Org",
+					OrgID: "custom-org-ID",
+				},
+			},
+			res: res{
+				createdOrg: &CreatedOrg{
+					ObjectDetails: &domain.ObjectDetails{
+						ResourceOwner: "custom-org-ID",
+					},
+					OrgAdmins: []OrgAdmin{},
+				},
+			},
+		},
 		{
 			name: "no human added, custom org ID",
 			fields: fields{
 				eventstore: expectEventstore(
+					expectFilter(), // org already exists check
 					expectPush(
 						eventFromEventPusher(org.NewOrgAddedEvent(context.Background(),
 							&org.NewAggregate("custom-org-ID").Aggregate,
@@ -1544,6 +1622,7 @@ func TestCommandSide_SetUpOrg(t *testing.T) {
 			name: "existing human added",
 			fields: fields{
 				eventstore: expectEventstore(
+					expectFilter(), // org already exists check
 					expectFilter(
 						eventFromEventPusher(
 							user.NewHumanAddedEvent(context.Background(),
@@ -1616,6 +1695,7 @@ func TestCommandSide_SetUpOrg(t *testing.T) {
 			fields: fields{
 				eventstore: expectEventstore(
 					expectFilter(), // add machine exists check
+					expectFilter(),
 					expectFilter(
 						eventFromEventPusher(
 							org.NewDomainPolicyAddedEvent(context.Background(),