TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-12-02 14:12:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

chore: fix some eventual consistent integration testing (#10752)

Browse Source 
# Which Problems Are Solved

Flakiness in integration tests because of eventual consistentcy.

# How the Problems Are Solved

Split tests related to feature flags and other eventual consistent
resources.

# Additional Changes

None

# Additional Context

None

Co-authored-by: Marco A. <marco@zitadel.com>
(cherry picked from commit a8bbac37d9)
This commit is contained in:
Stefan Benz
2025-10-14 18:24:09 +02:00
committed by Livio Spring
parent f506fedcfe
commit 99d3d955b9
21 changed files with 2100 additions and 731 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
internal/api/grpc/app/v2beta/integration_test/query_test.go
View File

@@ -668,13 +668,12 @@ func TestListApplicationKeys(t *testing.T) {
tomorrow := time.Now().AddDate(0, 0, 1)
in2Days := tomorrow.AddDate(0, 0, 1)
in3Days := in2Days.AddDate(0, 0, 1)
in4Days := in3Days.AddDate(0, 0, 1)
appKey1 := createAppKey(t, IAMOwnerCtx, instance, p.GetId(), createdApiApp1.GetAppId(), in2Days)
appKey2 := createAppKey(t, IAMOwnerCtx, instance, p.GetId(), createdApiApp1.GetAppId(), in3Days)
appKey1 := createAppKey(t, IAMOwnerCtx, instance, p.GetId(), createdApiApp1.GetAppId(), in3Days)
appKey2 := createAppKey(t, IAMOwnerCtx, instance, p.GetId(), createdApiApp1.GetAppId(), in4Days)
appKey3 := createAppKey(t, IAMOwnerCtx, instance, p.GetId(), createdApiApp1.GetAppId(), tomorrow)
appKey4 := createAppKey(t, IAMOwnerCtx, instance, p.GetId(), createdApiApp2.GetAppId(), tomorrow)
t.Parallel()
appKey4 := createAppKey(t, IAMOwnerCtx, instance, p.GetId(), createdApiApp2.GetAppId(), in2Days)
tt := []struct {
testName string
@@ -728,7 +727,6 @@ func TestListApplicationKeys(t *testing.T) {
require.Equal(ttt, tc.expectedErrorType, status.Code(err))
if tc.expectedErrorType == codes.OK {
require.Len(ttt, res.GetKeys(), len(tc.expectedAppKeysIDs))
for i, k := range res.GetKeys() {
assert.Equal(ttt, tc.expectedAppKeysIDs[i], k.GetId())
}

2
internal/api/grpc/app/v2beta/integration_test/server_test.go
View File

@@ -212,8 +212,6 @@ func createAppKey(t *testing.T, ctx context.Context, inst *integration.Instance,
ExpirationDate: timestamppb.New(expirationDate.UTC()),
},
)
require.Nil(t, err)
return res
}

24
internal/api/grpc/oidc/v2/integration_test/oidc_test.go
View File

@@ -17,9 +17,11 @@ import (
"github.com/zitadel/zitadel/internal/integration"
"github.com/zitadel/zitadel/pkg/grpc/app"
filter "github.com/zitadel/zitadel/pkg/grpc/filter/v2beta"
mgmt "github.com/zitadel/zitadel/pkg/grpc/management"
"github.com/zitadel/zitadel/pkg/grpc/object/v2"
oidc_pb "github.com/zitadel/zitadel/pkg/grpc/oidc/v2"
project_v2beta "github.com/zitadel/zitadel/pkg/grpc/project/v2beta"
"github.com/zitadel/zitadel/pkg/grpc/session/v2"
)
@@ -624,7 +626,7 @@ func TestServer_CreateCallback_Permission(t *testing.T) {
projectID, clientID := createOIDCApplication(ctx, t, false, true)
orgResp := Instance.CreateOrganization(ctx, integration.OrganizationName(), integration.Email())
Instance.CreateProjectGrant(ctx, t, projectID, orgResp.GetOrganizationId())
createProjectGrant(ctx, t, projectID, orgResp.GetOrganizationId())
user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), integration.Email(), integration.Phone())
return createSessionAndAuthRequestForCallback(ctx, t, clientID, Instance.Users.Get(integration.UserTypeLogin).ID, user.GetUserId())
@@ -939,6 +941,26 @@ func createOIDCApplication(ctx context.Context, t *testing.T, projectRoleCheck,
return project.GetId(), clientV2.GetClientId()
}
func createProjectGrant(ctx context.Context, t *testing.T, projectID, grantedOrgID string) {
Instance.CreateProjectGrant(ctx, t, projectID, grantedOrgID)
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(ctx, time.Minute)
require.EventuallyWithT(t, func(collect *assert.CollectT) {
resp, err := Instance.Client.Projectv2Beta.ListProjectGrants(ctx, &project_v2beta.ListProjectGrantsRequest{
Filters: []*project_v2beta.ProjectGrantSearchFilter{
{Filter: &project_v2beta.ProjectGrantSearchFilter_InProjectIdsFilter{InProjectIdsFilter: &filter.InIDsFilter{
Ids: []string{projectID},
}}},
{Filter: &project_v2beta.ProjectGrantSearchFilter_ProjectGrantResourceOwnerFilter{ProjectGrantResourceOwnerFilter: &filter.IDFilter{
Id: grantedOrgID,
}}},
},
})
assert.NoError(collect, err)
assert.Len(collect, resp.GetProjectGrants(), 1)
}, retryDuration, tick)
}
func createProjectUserGrant(ctx context.Context, t *testing.T, orgID, projectID, userID string) {
resp := Instance.CreateAuthorizationProject(t, ctx, projectID, userID)

24
internal/api/grpc/saml/v2/integration_test/saml_test.go
View File

@@ -17,8 +17,10 @@ import (
"google.golang.org/protobuf/types/known/timestamppb"
"github.com/zitadel/zitadel/internal/integration"
filter "github.com/zitadel/zitadel/pkg/grpc/filter/v2beta"
mgmt "github.com/zitadel/zitadel/pkg/grpc/management"
"github.com/zitadel/zitadel/pkg/grpc/object/v2"
project_v2beta "github.com/zitadel/zitadel/pkg/grpc/project/v2beta"
saml_pb "github.com/zitadel/zitadel/pkg/grpc/saml/v2"
"github.com/zitadel/zitadel/pkg/grpc/session/v2"
)
@@ -609,7 +611,7 @@ func TestServer_CreateResponse_Permission(t *testing.T) {
dep: func(ctx context.Context, t *testing.T) *saml_pb.CreateResponseRequest {
projectID, _, sp := createSAMLApplication(ctx, t, idpMetadata, saml.HTTPRedirectBinding, false, true)
orgResp := Instance.CreateOrganization(ctx, integration.OrganizationName(), integration.Email())
Instance.CreateProjectGrant(ctx, t, projectID, orgResp.GetOrganizationId())
createProjectGrant(ctx, t, projectID, orgResp.GetOrganizationId())
user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), integration.Email(), integration.Phone())
return createSessionAndSmlRequestForCallback(ctx, t, sp, Instance.Users[integration.UserTypeLogin].ID, acsRedirect, user.GetUserId(), saml.HTTPRedirectBinding)
@@ -693,6 +695,26 @@ func createSAMLApplication(ctx context.Context, t *testing.T, idpMetadata *saml.
return project.GetId(), rootURL, sp
}
func createProjectGrant(ctx context.Context, t *testing.T, projectID, grantedOrgID string) {
Instance.CreateProjectGrant(ctx, t, projectID, grantedOrgID)
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(ctx, time.Minute)
require.EventuallyWithT(t, func(collect *assert.CollectT) {
resp, err := Instance.Client.Projectv2Beta.ListProjectGrants(ctx, &project_v2beta.ListProjectGrantsRequest{
Filters: []*project_v2beta.ProjectGrantSearchFilter{
{Filter: &project_v2beta.ProjectGrantSearchFilter_InProjectIdsFilter{InProjectIdsFilter: &filter.InIDsFilter{
Ids: []string{projectID},
}}},
{Filter: &project_v2beta.ProjectGrantSearchFilter_ProjectGrantResourceOwnerFilter{ProjectGrantResourceOwnerFilter: &filter.IDFilter{
Id: grantedOrgID,
}}},
},
})
assert.NoError(collect, err)
assert.Len(collect, resp.GetProjectGrants(), 1)
}, retryDuration, tick)
}
func createProjectUserGrant(ctx context.Context, t *testing.T, orgID, projectID, userID string) {
resp := Instance.CreateAuthorizationProject(t, ctx, projectID, userID)

44
internal/api/grpc/session/v2/integration_test/server_test.go
View File

@@ -8,6 +8,8 @@ import (
"testing"
"time"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/zitadel/logging"
"github.com/zitadel/zitadel/internal/integration"
@@ -16,15 +18,13 @@ import (
)
var (
CTX context.Context
IAMOwnerCTX context.Context
UserCTX context.Context
LoginCTX context.Context
Instance *integration.Instance
Client session.SessionServiceClient
User *user.AddHumanUserResponse
DeactivatedUser *user.AddHumanUserResponse
LockedUser *user.AddHumanUserResponse
CTX context.Context
IAMOwnerCTX context.Context
UserCTX context.Context
LoginCTX context.Context
Instance *integration.Instance
Client session.SessionServiceClient
User *user.AddHumanUserResponse
)
func TestMain(m *testing.M) {
@@ -40,8 +40,6 @@ func TestMain(m *testing.M) {
UserCTX = Instance.WithAuthorization(ctx, integration.UserTypeNoPermission)
LoginCTX = Instance.WithAuthorization(ctx, integration.UserTypeLogin)
User = createFullUser(CTX)
DeactivatedUser = createDeactivatedUser(CTX)
LockedUser = createLockedUser(CTX)
return m.Run()
}())
}
@@ -61,16 +59,36 @@ func createFullUser(ctx context.Context) *user.AddHumanUserResponse {
return userResp
}
func createDeactivatedUser(ctx context.Context) *user.AddHumanUserResponse {
func createDeactivatedUser(ctx context.Context, t *testing.T) *user.AddHumanUserResponse {
userResp := Instance.CreateHumanUser(ctx)
_, err := Instance.Client.UserV2.DeactivateUser(ctx, &user.DeactivateUserRequest{UserId: userResp.GetUserId()})
logging.OnError(err).Fatal("deactivate human user")
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(ctx, time.Minute)
require.EventuallyWithT(t, func(collect *assert.CollectT) {
result, err := Instance.Client.UserV2.GetUserByID(ctx, &user.GetUserByIDRequest{
UserId: userResp.GetUserId(),
})
assert.NoError(collect, err)
assert.Equal(t, user.UserState_USER_STATE_INACTIVE, result.GetUser().GetState())
}, retryDuration, tick, "user not locked in time")
return userResp
}
func createLockedUser(ctx context.Context) *user.AddHumanUserResponse {
func createLockedUser(ctx context.Context, t *testing.T) *user.AddHumanUserResponse {
userResp := Instance.CreateHumanUser(ctx)
_, err := Instance.Client.UserV2.LockUser(ctx, &user.LockUserRequest{UserId: userResp.GetUserId()})
logging.OnError(err).Fatal("lock human user")
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(ctx, time.Minute)
require.EventuallyWithT(t, func(collect *assert.CollectT) {
result, err := Instance.Client.UserV2.GetUserByID(ctx, &user.GetUserByIDRequest{
UserId: userResp.GetUserId(),
})
assert.NoError(collect, err)
assert.Equal(t, user.UserState_USER_STATE_LOCKED, result.GetUser().GetState())
}, retryDuration, tick, "user not locked in time")
return userResp
}

7
internal/api/grpc/session/v2/integration_test/session_test.go
View File

@@ -127,6 +127,9 @@ func verifyFactors(t assert.TestingT, factors *session.Factors, creationDate, ch
}
func TestServer_CreateSession(t *testing.T) {
lockedUser := createLockedUser(CTX, t)
deactivatedUser := createDeactivatedUser(CTX, t)
tests := []struct {
name string
req *session.CreateSessionRequest
@@ -190,7 +193,7 @@ func TestServer_CreateSession(t *testing.T) {
Checks: &session.Checks{
User: &session.CheckUser{
Search: &session.CheckUser_UserId{
UserId: DeactivatedUser.GetUserId(),
UserId: deactivatedUser.GetUserId(),
},
},
},
@@ -203,7 +206,7 @@ func TestServer_CreateSession(t *testing.T) {
Checks: &session.Checks{
User: &session.CheckUser{
Search: &session.CheckUser_UserId{
UserId: LockedUser.GetUserId(),
UserId: lockedUser.GetUserId(),
},
},
},

20
internal/api/grpc/user/v2/integration_test/email_test.go
View File

@@ -16,7 +16,7 @@ import (
)
func TestServer_Deprecated_SetEmail(t *testing.T) {
userID := Instance.CreateHumanUser(CTX).GetUserId()
userID := Instance.CreateHumanUser(OrgCTX).GetUserId()
tests := []struct {
name string
@@ -127,7 +127,7 @@ func TestServer_Deprecated_SetEmail(t *testing.T) {
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, err := Client.SetEmail(CTX, tt.req)
got, err := Client.SetEmail(OrgCTX, tt.req)
if tt.wantErr {
require.Error(t, err)
return
@@ -145,8 +145,8 @@ func TestServer_Deprecated_SetEmail(t *testing.T) {
}
func TestServer_ResendEmailCode(t *testing.T) {
userID := Instance.CreateHumanUser(CTX).GetUserId()
verifiedUserID := Instance.CreateHumanUserVerified(CTX, Instance.DefaultOrg.Id, integration.Email(), integration.Phone()).GetUserId()
userID := Instance.CreateHumanUser(OrgCTX).GetUserId()
verifiedUserID := Instance.CreateHumanUserVerified(OrgCTX, Instance.DefaultOrg.Id, integration.Email(), integration.Phone()).GetUserId()
tests := []struct {
name string
@@ -231,7 +231,7 @@ func TestServer_ResendEmailCode(t *testing.T) {
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, err := Client.ResendEmailCode(CTX, tt.req)
got, err := Client.ResendEmailCode(OrgCTX, tt.req)
if tt.wantErr {
require.Error(t, err)
return
@@ -249,8 +249,8 @@ func TestServer_ResendEmailCode(t *testing.T) {
}
func TestServer_SendEmailCode(t *testing.T) {
userID := Instance.CreateHumanUser(CTX).GetUserId()
verifiedUserID := Instance.CreateHumanUserVerified(CTX, Instance.DefaultOrg.Id, integration.Email(), integration.Phone()).GetUserId()
userID := Instance.CreateHumanUser(OrgCTX).GetUserId()
verifiedUserID := Instance.CreateHumanUserVerified(OrgCTX, Instance.DefaultOrg.Id, integration.Email(), integration.Phone()).GetUserId()
tests := []struct {
name string
@@ -341,7 +341,7 @@ func TestServer_SendEmailCode(t *testing.T) {
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, err := Client.SendEmailCode(CTX, tt.req)
got, err := Client.SendEmailCode(OrgCTX, tt.req)
if tt.wantErr {
require.Error(t, err)
return
@@ -359,7 +359,7 @@ func TestServer_SendEmailCode(t *testing.T) {
}
func TestServer_VerifyEmail(t *testing.T) {
userResp := Instance.CreateHumanUser(CTX)
userResp := Instance.CreateHumanUser(OrgCTX)
tests := []struct {
name string
req *user.VerifyEmailRequest
@@ -399,7 +399,7 @@ func TestServer_VerifyEmail(t *testing.T) {
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, err := Client.VerifyEmail(CTX, tt.req)
got, err := Client.VerifyEmail(OrgCTX, tt.req)
if tt.wantErr {
require.Error(t, err)
return

12
internal/api/grpc/user/v2/integration_test/idp_link_test.go
View File

@@ -32,7 +32,7 @@ func TestServer_AddIDPLink(t *testing.T) {
{
name: "user does not exist",
args: args{
CTX,
OrgCTX,
&user.AddIDPLinkRequest{
UserId: "userID",
IdpLink: &user.IDPLink{
@@ -48,7 +48,7 @@ func TestServer_AddIDPLink(t *testing.T) {
{
name: "idp does not exist",
args: args{
CTX,
OrgCTX,
&user.AddIDPLinkRequest{
UserId: Instance.Users.Get(integration.UserTypeOrgOwner).ID,
IdpLink: &user.IDPLink{
@@ -64,7 +64,7 @@ func TestServer_AddIDPLink(t *testing.T) {
{
name: "add link",
args: args{
CTX,
OrgCTX,
&user.AddIDPLinkRequest{
UserId: Instance.Users.Get(integration.UserTypeOrgOwner).ID,
IdpLink: &user.IDPLink{
@@ -149,7 +149,7 @@ func TestServer_ListIDPLinks(t *testing.T) {
{
name: "list links, no permission, org",
args: args{
CTX,
OrgCTX,
&user.ListIDPLinksRequest{
UserId: userOrgResp.GetUserId(),
},
@@ -230,7 +230,7 @@ func TestServer_ListIDPLinks(t *testing.T) {
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(CTX, time.Minute)
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(OrgCTX, time.Minute)
require.EventuallyWithT(t, func(ttt *assert.CollectT) {
got, err := Client.ListIDPLinks(tt.args.ctx, tt.args.req)
if tt.wantErr {
@@ -291,7 +291,7 @@ func TestServer_RemoveIDPLink(t *testing.T) {
{
name: "remove link, no permission, org",
args: args{
CTX,
OrgCTX,
&user.RemoveIDPLinkRequest{
UserId: userOrgResp.GetUserId(),
IdpId: orgIdpResp.Id,

322
internal/api/grpc/user/v2/integration_test/key_test.go
View File

@@ -135,7 +135,7 @@ abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
now := time.Now()
err := tt.args.prepare(tt.args.req)
require.NoError(t, err)
got, err := Client.AddKey(CTX, tt.args.req)
got, err := Client.AddKey(OrgCTX, tt.args.req)
if tt.wantErr {
require.Error(t, err)
return
@@ -155,7 +155,7 @@ abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789
}
func TestServer_AddKey_Permission(t *testing.T) {
OrgCTX := CTX
OrgCTX := OrgCTX
otherOrg := Instance.CreateOrganization(IamCTX, integration.OrganizationName(), integration.Email())
otherOrgUser, err := Client.CreateUser(IamCTX, &user.CreateUserRequest{
OrganizationId: otherOrg.OrganizationId,
@@ -281,7 +281,7 @@ func TestServer_RemoveKey(t *testing.T) {
now := time.Now()
err := tt.args.prepare(tt.args.req)
require.NoError(t, err)
got, err := Client.RemoveKey(CTX, tt.args.req)
got, err := Client.RemoveKey(OrgCTX, tt.args.req)
if tt.wantErr {
require.Error(t, err)
return
@@ -295,7 +295,7 @@ func TestServer_RemoveKey(t *testing.T) {
}
func TestServer_RemoveKey_Permission(t *testing.T) {
OrgCTX := CTX
OrgCTX := OrgCTX
otherOrg := Instance.CreateOrganization(IamCTX, integration.OrganizationName(), integration.Email())
otherOrgUser, err := Client.CreateUser(IamCTX, &user.CreateUserRequest{
OrganizationId: otherOrg.OrganizationId,
@@ -374,9 +374,9 @@ func TestServer_ListKeys(t *testing.T) {
args args
want *user.ListKeysResponse
}
OrgCTX := CTX
otherOrg := Instance.CreateOrganization(SystemCTX, integration.OrganizationName(), integration.Email())
otherOrgUser, err := Client.CreateUser(SystemCTX, &user.CreateUserRequest{
OrgCTX := OrgCTX
otherOrg := Instance.CreateOrganization(IamCTX, integration.OrganizationName(), integration.Email())
otherOrgUser, err := Client.CreateUser(IamCTX, &user.CreateUserRequest{
OrganizationId: otherOrg.OrganizationId,
UserType: &user.CreateUserRequest_Machine_{
Machine: &user.CreateUserRequest_Machine{
@@ -386,7 +386,7 @@ func TestServer_ListKeys(t *testing.T) {
})
require.NoError(t, err)
otherOrgUserId := otherOrgUser.GetId()
otherUserId := Instance.CreateUserTypeMachine(SystemCTX, Instance.DefaultOrg.Id).GetId()
otherUserId := Instance.CreateUserTypeMachine(IamCTX, Instance.DefaultOrg.Id).GetId()
onlySinceTestStartFilter := &user.KeysSearchFilter{Filter: &user.KeysSearchFilter_CreatedDateFilter{CreatedDateFilter: &filter.TimestampFilter{
Timestamp: timestamppb.Now(),
Method: filter.TimestampFilterMethod_TIMESTAMP_FILTER_METHOD_AFTER_OR_EQUALS,
@@ -394,12 +394,12 @@ func TestServer_ListKeys(t *testing.T) {
myOrgId := Instance.DefaultOrg.GetId()
myUserId := Instance.Users.Get(integration.UserTypeNoPermission).ID
expiresInADay := time.Now().Truncate(time.Hour).Add(time.Hour * 24)
myDataPoint := setupKeyDataPoint(t, myUserId, myOrgId, expiresInADay)
otherUserDataPoint := setupKeyDataPoint(t, otherUserId, myOrgId, expiresInADay)
otherOrgDataPointExpiringSoon := setupKeyDataPoint(t, otherOrgUserId, otherOrg.OrganizationId, time.Now().Truncate(time.Hour).Add(time.Hour))
otherOrgDataPointExpiringLate := setupKeyDataPoint(t, otherOrgUserId, otherOrg.OrganizationId, expiresInADay.Add(time.Hour*24*30))
myDataPoint := setupKeyDataPoint(IamCTX, t, Instance, myUserId, myOrgId, expiresInADay)
otherUserDataPoint := setupKeyDataPoint(IamCTX, t, Instance, otherUserId, myOrgId, expiresInADay)
otherOrgDataPointExpiringSoon := setupKeyDataPoint(IamCTX, t, Instance, otherOrgUserId, otherOrg.OrganizationId, time.Now().Truncate(time.Hour).Add(time.Hour))
otherOrgDataPointExpiringLate := setupKeyDataPoint(IamCTX, t, Instance, otherOrgUserId, otherOrg.OrganizationId, expiresInADay.Add(time.Hour*24*30))
sortingColumnExpirationDate := user.KeyFieldName_KEY_FIELD_NAME_KEY_EXPIRATION_DATE
awaitKeys(t, onlySinceTestStartFilter,
awaitKeys(IamCTX, t, Instance, onlySinceTestStartFilter,
otherOrgDataPointExpiringSoon.GetId(),
otherOrgDataPointExpiringLate.GetId(),
otherUserDataPoint.GetId(),
@@ -437,7 +437,7 @@ func TestServer_ListKeys(t *testing.T) {
myDataPoint,
},
Pagination: &filter.PaginationResponse{
TotalResult: 2,
TotalResult: 4,
AppliedLimit: 100,
},
},
@@ -453,7 +453,7 @@ func TestServer_ListKeys(t *testing.T) {
myDataPoint,
},
Pagination: &filter.PaginationResponse{
TotalResult: 1,
TotalResult: 4,
AppliedLimit: 100,
},
},
@@ -575,6 +575,245 @@ func TestServer_ListKeys(t *testing.T) {
},
},
},
want: &user.ListKeysResponse{
Result: []*user.Key{},
Pagination: &filter.PaginationResponse{
TotalResult: 1,
AppliedLimit: 100,
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(tt.args.ctx, 20*time.Second)
require.EventuallyWithT(t, func(ttt *assert.CollectT) {
got, err := Client.ListKeys(tt.args.ctx, tt.args.req)
require.NoError(ttt, err)
if !assert.Len(ttt, got.Result, len(tt.want.Result)) {
return
}
if diff := cmp.Diff(tt.want, got, protocmp.Transform()); diff != "" {
ttt.Errorf("ListKeys() mismatch (-want +got):\n%s", diff)
}
}, retryDuration, tick, "timeout waiting for expected user result")
})
}
}
func TestServer_ListKeys_PermissionV2(t *testing.T) {
ensureFeaturePermissionV2Enabled(t, InstancePermissionV2)
iamOwnerCtx := InstancePermissionV2.WithAuthorizationToken(OrgCTX, integration.UserTypeIAMOwner)
type args struct {
ctx context.Context
req *user.ListKeysRequest
}
type testCase struct {
name string
args args
want *user.ListKeysResponse
}
otherOrg := InstancePermissionV2.CreateOrganization(iamOwnerCtx, integration.OrganizationName(), integration.Email())
otherOrgUser, err := InstancePermissionV2.Client.UserV2.CreateUser(iamOwnerCtx, &user.CreateUserRequest{
OrganizationId: otherOrg.OrganizationId,
UserType: &user.CreateUserRequest_Machine_{
Machine: &user.CreateUserRequest_Machine{
Name: integration.Username(),
},
},
})
require.NoError(t, err)
otherOrgUserId := otherOrgUser.GetId()
otherUserId := InstancePermissionV2.CreateUserTypeMachine(iamOwnerCtx, InstancePermissionV2.DefaultOrg.Id).GetId()
onlySinceTestStartFilter := &user.KeysSearchFilter{Filter: &user.KeysSearchFilter_CreatedDateFilter{CreatedDateFilter: &filter.TimestampFilter{
Timestamp: timestamppb.Now(),
Method: filter.TimestampFilterMethod_TIMESTAMP_FILTER_METHOD_AFTER_OR_EQUALS,
}}}
myOrgId := InstancePermissionV2.DefaultOrg.GetId()
myUserId := InstancePermissionV2.Users.Get(integration.UserTypeNoPermission).ID
expiresInADay := time.Now().Truncate(time.Hour).Add(time.Hour * 24)
myDataPoint := setupKeyDataPoint(iamOwnerCtx, t, InstancePermissionV2, myUserId, myOrgId, expiresInADay)
otherUserDataPoint := setupKeyDataPoint(iamOwnerCtx, t, InstancePermissionV2, otherUserId, myOrgId, expiresInADay)
otherOrgDataPointExpiringSoon := setupKeyDataPoint(iamOwnerCtx, t, InstancePermissionV2, otherOrgUserId, otherOrg.OrganizationId, time.Now().Truncate(time.Hour).Add(time.Hour))
otherOrgDataPointExpiringLate := setupKeyDataPoint(iamOwnerCtx, t, InstancePermissionV2, otherOrgUserId, otherOrg.OrganizationId, expiresInADay.Add(time.Hour*24*30))
sortingColumnExpirationDate := user.KeyFieldName_KEY_FIELD_NAME_KEY_EXPIRATION_DATE
awaitKeys(iamOwnerCtx, t, InstancePermissionV2, onlySinceTestStartFilter,
otherOrgDataPointExpiringSoon.GetId(),
otherOrgDataPointExpiringLate.GetId(),
otherUserDataPoint.GetId(),
myDataPoint.GetId(),
)
tests := []testCase{
{
name: "list all, InstancePermissionV2",
args: args{
iamOwnerCtx,
&user.ListKeysRequest{Filters: []*user.KeysSearchFilter{onlySinceTestStartFilter}},
},
want: &user.ListKeysResponse{
Result: []*user.Key{
otherOrgDataPointExpiringLate,
otherOrgDataPointExpiringSoon,
otherUserDataPoint,
myDataPoint,
},
Pagination: &filter.PaginationResponse{
TotalResult: 4,
AppliedLimit: 100,
},
},
},
{
name: "list all, org",
args: args{
InstancePermissionV2.WithAuthorizationToken(iamOwnerCtx, integration.UserTypeOrgOwner),
&user.ListKeysRequest{Filters: []*user.KeysSearchFilter{onlySinceTestStartFilter}},
},
want: &user.ListKeysResponse{
Result: []*user.Key{
otherUserDataPoint,
myDataPoint,
},
Pagination: &filter.PaginationResponse{
TotalResult: 2,
AppliedLimit: 100,
},
},
},
{
name: "list all, user",
args: args{
InstancePermissionV2.WithAuthorizationToken(iamOwnerCtx, integration.UserTypeNoPermission),
&user.ListKeysRequest{Filters: []*user.KeysSearchFilter{onlySinceTestStartFilter}},
},
want: &user.ListKeysResponse{
Result: []*user.Key{
myDataPoint,
},
Pagination: &filter.PaginationResponse{
TotalResult: 1,
AppliedLimit: 100,
},
},
},
{
name: "list by id",
args: args{
iamOwnerCtx,
&user.ListKeysRequest{
Filters: []*user.KeysSearchFilter{
onlySinceTestStartFilter,
{
Filter: &user.KeysSearchFilter_KeyIdFilter{
KeyIdFilter: &filter.IDFilter{Id: otherOrgDataPointExpiringSoon.Id},
},
},
},
},
},
want: &user.ListKeysResponse{
Result: []*user.Key{
otherOrgDataPointExpiringSoon,
},
Pagination: &filter.PaginationResponse{
TotalResult: 1,
AppliedLimit: 100,
},
},
},
{
name: "list all from other org",
args: args{
iamOwnerCtx,
&user.ListKeysRequest{
Filters: []*user.KeysSearchFilter{
onlySinceTestStartFilter,
{
Filter: &user.KeysSearchFilter_OrganizationIdFilter{
OrganizationIdFilter: &filter.IDFilter{Id: otherOrg.OrganizationId},
},
},
},
},
},
want: &user.ListKeysResponse{
Result: []*user.Key{
otherOrgDataPointExpiringLate,
otherOrgDataPointExpiringSoon,
},
Pagination: &filter.PaginationResponse{
TotalResult: 2,
AppliedLimit: 100,
},
},
},
{
name: "sort by next expiration dates",
args: args{
iamOwnerCtx,
&user.ListKeysRequest{
Pagination: &filter.PaginationRequest{
Asc: true,
},
SortingColumn: &sortingColumnExpirationDate,
Filters: []*user.KeysSearchFilter{
onlySinceTestStartFilter,
{Filter: &user.KeysSearchFilter_OrganizationIdFilter{OrganizationIdFilter: &filter.IDFilter{Id: otherOrg.OrganizationId}}},
},
},
},
want: &user.ListKeysResponse{
Result: []*user.Key{
otherOrgDataPointExpiringSoon,
otherOrgDataPointExpiringLate,
},
Pagination: &filter.PaginationResponse{
TotalResult: 2,
AppliedLimit: 100,
},
},
},
{
name: "get page",
args: args{
iamOwnerCtx,
&user.ListKeysRequest{
Pagination: &filter.PaginationRequest{
Offset: 2,
Limit: 2,
Asc: true,
},
Filters: []*user.KeysSearchFilter{
onlySinceTestStartFilter,
},
},
},
want: &user.ListKeysResponse{
Result: []*user.Key{
otherOrgDataPointExpiringSoon,
otherOrgDataPointExpiringLate,
},
Pagination: &filter.PaginationResponse{
TotalResult: 4,
AppliedLimit: 2,
},
},
},
{
name: "empty list",
args: args{
InstancePermissionV2.WithAuthorizationToken(iamOwnerCtx, integration.UserTypeNoPermission),
&user.ListKeysRequest{
Filters: []*user.KeysSearchFilter{
{
Filter: &user.KeysSearchFilter_KeyIdFilter{
KeyIdFilter: &filter.IDFilter{Id: otherUserDataPoint.Id},
},
},
},
},
},
want: &user.ListKeysResponse{
Result: []*user.Key{},
Pagination: &filter.PaginationResponse{
@@ -584,41 +823,24 @@ func TestServer_ListKeys(t *testing.T) {
},
},
}
t.Run("with permission flag v2", func(t *testing.T) {
setPermissionCheckV2Flag(t, true)
defer setPermissionCheckV2Flag(t, false)
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, err := Client.ListKeys(tt.args.ctx, tt.args.req)
require.NoError(t, err)
assert.Len(t, got.Result, len(tt.want.Result))
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(tt.args.ctx, 20*time.Second)
require.EventuallyWithT(t, func(ttt *assert.CollectT) {
got, err := InstancePermissionV2.Client.UserV2.ListKeys(tt.args.ctx, tt.args.req)
require.NoError(ttt, err)
assert.Len(ttt, got.Result, len(tt.want.Result))
if diff := cmp.Diff(tt.want, got, protocmp.Transform()); diff != "" {
t.Errorf("ListKeys() mismatch (-want +got):\n%s", diff)
ttt.Errorf("ListKeys() mismatch (-want +got):\n%s", diff)
}
})
}
})
t.Run("without permission flag v2", func(t *testing.T) {
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, err := Client.ListKeys(tt.args.ctx, tt.args.req)
require.NoError(t, err)
assert.Len(t, got.Result, len(tt.want.Result))
// ignore the total result, as this is a known bug with the in-memory permission checks.
// The command can't know how many keys exist in the system if the SQL statement has a limit.
// This is fixed, once the in-memory permission checks are removed with https://github.com/zitadel/zitadel/issues/9188
tt.want.Pagination.TotalResult = got.Pagination.TotalResult
if diff := cmp.Diff(tt.want, got, protocmp.Transform()); diff != "" {
t.Errorf("ListKeys() mismatch (-want +got):\n%s", diff)
}
})
}
})
}, retryDuration, tick, "timeout waiting for expected user result")
})
}
}
func setupKeyDataPoint(t *testing.T, userId, orgId string, expirationDate time.Time) *user.Key {
func setupKeyDataPoint(ctx context.Context, t *testing.T, instance *integration.Instance, userId, orgId string, expirationDate time.Time) *user.Key {
expirationDatePb := timestamppb.New(expirationDate)
newKey, err := Client.AddKey(SystemCTX, &user.AddKeyRequest{
newKey, err := instance.Client.UserV2.AddKey(ctx, &user.AddKeyRequest{
UserId: userId,
ExpirationDate: expirationDatePb,
PublicKey: nil,
@@ -634,18 +856,20 @@ func setupKeyDataPoint(t *testing.T, userId, orgId string, expirationDate time.T
}
}
func awaitKeys(t *testing.T, sinceTestStartFilter *user.KeysSearchFilter, keyIds ...string) {
func awaitKeys(ctx context.Context, t *testing.T, instance *integration.Instance, sinceTestStartFilter *user.KeysSearchFilter, keyIds ...string) {
sortingColumn := user.KeyFieldName_KEY_FIELD_NAME_ID
slices.Sort(keyIds)
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(ctx, time.Minute)
require.EventuallyWithT(t, func(collect *assert.CollectT) {
result, err := Client.ListKeys(SystemCTX, &user.ListKeysRequest{
result, err := instance.Client.UserV2.ListKeys(ctx, &user.ListKeysRequest{
Filters: []*user.KeysSearchFilter{sinceTestStartFilter},
SortingColumn: &sortingColumn,
Pagination: &filter.PaginationRequest{
Asc: true,
},
})
require.NoError(t, err)
require.NoError(collect, err)
if !assert.Len(collect, result.Result, len(keyIds)) {
return
}
@@ -653,5 +877,5 @@ func awaitKeys(t *testing.T, sinceTestStartFilter *user.KeysSearchFilter, keyIds
keyId := keyIds[i]
require.Equal(collect, keyId, result.Result[i].GetId())
}
}, 5*time.Second, time.Second, "key not created in time")
}, retryDuration, tick, "key not created in time")
}

16
internal/api/grpc/user/v2/integration_test/metadata_test.go
View File

@@ -18,7 +18,7 @@ import (
)
func TestServer_SetUserMetadata(t *testing.T) {
iamOwnerCTX := Instance.WithAuthorizationToken(CTX, integration.UserTypeIAMOwner)
iamOwnerCTX := Instance.WithAuthorizationToken(OrgCTX, integration.UserTypeIAMOwner)
tests := []struct {
name string
@@ -32,7 +32,7 @@ func TestServer_SetUserMetadata(t *testing.T) {
name: "missing permission",
ctx: Instance.WithAuthorizationToken(context.Background(), integration.UserTypeNoPermission),
dep: func(req *user.SetUserMetadataRequest) {
req.UserId = Instance.CreateUserTypeHuman(CTX, integration.Email()).GetId()
req.UserId = Instance.CreateUserTypeHuman(OrgCTX, integration.Email()).GetId()
},
req: &user.SetUserMetadataRequest{
Metadata: []*user.Metadata{{Key: "key1", Value: []byte(base64.StdEncoding.EncodeToString([]byte("value1")))}},
@@ -43,7 +43,7 @@ func TestServer_SetUserMetadata(t *testing.T) {
name: "set user metadata",
ctx: iamOwnerCTX,
dep: func(req *user.SetUserMetadataRequest) {
req.UserId = Instance.CreateUserTypeHuman(CTX, integration.Email()).GetId()
req.UserId = Instance.CreateUserTypeHuman(OrgCTX, integration.Email()).GetId()
},
req: &user.SetUserMetadataRequest{
Metadata: []*user.Metadata{{Key: "key1", Value: []byte(base64.StdEncoding.EncodeToString([]byte("value1")))}},
@@ -54,7 +54,7 @@ func TestServer_SetUserMetadata(t *testing.T) {
name: "set user metadata, multiple",
ctx: iamOwnerCTX,
dep: func(req *user.SetUserMetadataRequest) {
req.UserId = Instance.CreateUserTypeHuman(CTX, integration.Email()).GetId()
req.UserId = Instance.CreateUserTypeHuman(OrgCTX, integration.Email()).GetId()
},
req: &user.SetUserMetadataRequest{
Metadata: []*user.Metadata{
@@ -76,7 +76,7 @@ func TestServer_SetUserMetadata(t *testing.T) {
},
{
name: "update user metadata",
ctx: Instance.WithAuthorizationToken(CTX, integration.UserTypeIAMOwner),
ctx: Instance.WithAuthorizationToken(OrgCTX, integration.UserTypeIAMOwner),
dep: func(req *user.SetUserMetadataRequest) {
req.UserId = Instance.CreateUserTypeHuman(iamOwnerCTX, integration.Email()).GetId()
Instance.SetUserMetadata(iamOwnerCTX, req.UserId, "key1", "value1")
@@ -88,7 +88,7 @@ func TestServer_SetUserMetadata(t *testing.T) {
},
{
name: "update user metadata with same value",
ctx: Instance.WithAuthorizationToken(CTX, integration.UserTypeIAMOwner),
ctx: Instance.WithAuthorizationToken(OrgCTX, integration.UserTypeIAMOwner),
dep: func(req *user.SetUserMetadataRequest) {
req.UserId = Instance.CreateUserTypeHuman(iamOwnerCTX, integration.Email()).GetId()
Instance.SetUserMetadata(iamOwnerCTX, req.UserId, "key1", "value1")
@@ -131,7 +131,7 @@ func assertSetUserMetadataResponse(t *testing.T, creationDate, changeDate time.T
}
func TestServer_ListUserMetadata(t *testing.T) {
iamOwnerCTX := Instance.WithAuthorizationToken(CTX, integration.UserTypeIAMOwner)
iamOwnerCTX := Instance.WithAuthorizationToken(OrgCTX, integration.UserTypeIAMOwner)
type args struct {
ctx context.Context
@@ -280,7 +280,7 @@ func assertPaginationResponse(t *assert.CollectT, expected *filter.PaginationRes
}
func TestServer_DeleteUserMetadata(t *testing.T) {
iamOwnerCTX := Instance.WithAuthorizationToken(CTX, integration.UserTypeIAMOwner)
iamOwnerCTX := Instance.WithAuthorizationToken(OrgCTX, integration.UserTypeIAMOwner)
tests := []struct {
name string

88
internal/api/grpc/user/v2/integration_test/otp_test.go
View File

@@ -15,25 +15,25 @@ import (
)
func TestServer_AddOTPSMS(t *testing.T) {
userID := Instance.CreateHumanUser(CTX).GetUserId()
Instance.RegisterUserPasskey(CTX, userID)
userID := Instance.CreateHumanUser(OrgCTX).GetUserId()
Instance.RegisterUserPasskey(OrgCTX, userID)
_, sessionToken, _, _ := Instance.CreateVerifiedWebAuthNSession(t, LoginCTX, userID)
otherUser := Instance.CreateHumanUser(CTX).GetUserId()
Instance.RegisterUserPasskey(CTX, otherUser)
otherUser := Instance.CreateHumanUser(OrgCTX).GetUserId()
Instance.RegisterUserPasskey(OrgCTX, otherUser)
_, sessionTokenOtherUser, _, _ := Instance.CreateVerifiedWebAuthNSession(t, LoginCTX, otherUser)
userVerified := Instance.CreateHumanUser(CTX)
_, err := Instance.Client.UserV2.VerifyPhone(CTX, &user.VerifyPhoneRequest{
userVerified := Instance.CreateHumanUser(OrgCTX)
_, err := Instance.Client.UserV2.VerifyPhone(OrgCTX, &user.VerifyPhoneRequest{
UserId: userVerified.GetUserId(),
VerificationCode: userVerified.GetPhoneCode(),
})
require.NoError(t, err)
Instance.RegisterUserPasskey(CTX, userVerified.GetUserId())
Instance.RegisterUserPasskey(OrgCTX, userVerified.GetUserId())
_, sessionTokenVerified, _, _ := Instance.CreateVerifiedWebAuthNSession(t, LoginCTX, userVerified.GetUserId())
userVerified2 := Instance.CreateHumanUser(CTX)
_, err = Instance.Client.UserV2.VerifyPhone(CTX, &user.VerifyPhoneRequest{
userVerified2 := Instance.CreateHumanUser(OrgCTX)
_, err = Instance.Client.UserV2.VerifyPhone(OrgCTX, &user.VerifyPhoneRequest{
UserId: userVerified2.GetUserId(),
VerificationCode: userVerified2.GetPhoneCode(),
})
@@ -52,7 +52,7 @@ func TestServer_AddOTPSMS(t *testing.T) {
{
name: "missing user id",
args: args{
ctx: CTX,
ctx: OrgCTX,
req: &user.AddOTPSMSRequest{},
},
wantErr: true,
@@ -94,7 +94,7 @@ func TestServer_AddOTPSMS(t *testing.T) {
{
name: "add success, admin",
args: args{
ctx: CTX,
ctx: OrgCTX,
req: &user.AddOTPSMSRequest{
UserId: userVerified2.GetUserId(),
},
@@ -121,30 +121,30 @@ func TestServer_AddOTPSMS(t *testing.T) {
}
func TestServer_RemoveOTPSMS(t *testing.T) {
userID := Instance.CreateHumanUser(CTX).GetUserId()
Instance.RegisterUserPasskey(CTX, userID)
userID := Instance.CreateHumanUser(OrgCTX).GetUserId()
Instance.RegisterUserPasskey(OrgCTX, userID)
_, sessionToken, _, _ := Instance.CreateVerifiedWebAuthNSession(t, LoginCTX, userID)
userVerified := Instance.CreateHumanUser(CTX)
Instance.RegisterUserPasskey(CTX, userVerified.GetUserId())
_, err := Instance.Client.UserV2.VerifyPhone(CTX, &user.VerifyPhoneRequest{
userVerified := Instance.CreateHumanUser(OrgCTX)
Instance.RegisterUserPasskey(OrgCTX, userVerified.GetUserId())
_, err := Instance.Client.UserV2.VerifyPhone(OrgCTX, &user.VerifyPhoneRequest{
UserId: userVerified.GetUserId(),
VerificationCode: userVerified.GetPhoneCode(),
})
require.NoError(t, err)
_, err = Instance.Client.UserV2.AddOTPSMS(CTX, &user.AddOTPSMSRequest{UserId: userVerified.GetUserId()})
_, err = Instance.Client.UserV2.AddOTPSMS(OrgCTX, &user.AddOTPSMSRequest{UserId: userVerified.GetUserId()})
require.NoError(t, err)
userSelf := Instance.CreateHumanUser(CTX)
Instance.RegisterUserPasskey(CTX, userSelf.GetUserId())
userSelf := Instance.CreateHumanUser(OrgCTX)
Instance.RegisterUserPasskey(OrgCTX, userSelf.GetUserId())
_, sessionTokenSelf, _, _ := Instance.CreateVerifiedWebAuthNSession(t, LoginCTX, userSelf.GetUserId())
userSelfCtx := integration.WithAuthorizationToken(context.Background(), sessionTokenSelf)
_, err = Instance.Client.UserV2.VerifyPhone(CTX, &user.VerifyPhoneRequest{
_, err = Instance.Client.UserV2.VerifyPhone(OrgCTX, &user.VerifyPhoneRequest{
UserId: userSelf.GetUserId(),
VerificationCode: userSelf.GetPhoneCode(),
})
require.NoError(t, err)
_, err = Instance.Client.UserV2.AddOTPSMS(CTX, &user.AddOTPSMSRequest{UserId: userSelf.GetUserId()})
_, err = Instance.Client.UserV2.AddOTPSMS(OrgCTX, &user.AddOTPSMSRequest{UserId: userSelf.GetUserId()})
require.NoError(t, err)
type args struct {
@@ -184,7 +184,7 @@ func TestServer_RemoveOTPSMS(t *testing.T) {
{
name: "success",
args: args{
ctx: CTX,
ctx: OrgCTX,
req: &user.RemoveOTPSMSRequest{
UserId: userVerified.GetUserId(),
},
@@ -211,25 +211,25 @@ func TestServer_RemoveOTPSMS(t *testing.T) {
}
func TestServer_AddOTPEmail(t *testing.T) {
userID := Instance.CreateHumanUser(CTX).GetUserId()
Instance.RegisterUserPasskey(CTX, userID)
userID := Instance.CreateHumanUser(OrgCTX).GetUserId()
Instance.RegisterUserPasskey(OrgCTX, userID)
_, sessionToken, _, _ := Instance.CreateVerifiedWebAuthNSession(t, LoginCTX, userID)
otherUser := Instance.CreateHumanUser(CTX).GetUserId()
Instance.RegisterUserPasskey(CTX, otherUser)
otherUser := Instance.CreateHumanUser(OrgCTX).GetUserId()
Instance.RegisterUserPasskey(OrgCTX, otherUser)
_, sessionTokenOtherUser, _, _ := Instance.CreateVerifiedWebAuthNSession(t, LoginCTX, otherUser)
userVerified := Instance.CreateHumanUser(CTX)
_, err := Instance.Client.UserV2.VerifyEmail(CTX, &user.VerifyEmailRequest{
userVerified := Instance.CreateHumanUser(OrgCTX)
_, err := Instance.Client.UserV2.VerifyEmail(OrgCTX, &user.VerifyEmailRequest{
UserId: userVerified.GetUserId(),
VerificationCode: userVerified.GetEmailCode(),
})
require.NoError(t, err)
Instance.RegisterUserPasskey(CTX, userVerified.GetUserId())
Instance.RegisterUserPasskey(OrgCTX, userVerified.GetUserId())
_, sessionTokenVerified, _, _ := Instance.CreateVerifiedWebAuthNSession(t, LoginCTX, userVerified.GetUserId())
userVerified2 := Instance.CreateHumanUser(CTX)
_, err = Instance.Client.UserV2.VerifyEmail(CTX, &user.VerifyEmailRequest{
userVerified2 := Instance.CreateHumanUser(OrgCTX)
_, err = Instance.Client.UserV2.VerifyEmail(OrgCTX, &user.VerifyEmailRequest{
UserId: userVerified2.GetUserId(),
VerificationCode: userVerified2.GetEmailCode(),
})
@@ -248,7 +248,7 @@ func TestServer_AddOTPEmail(t *testing.T) {
{
name: "missing user id",
args: args{
ctx: CTX,
ctx: OrgCTX,
req: &user.AddOTPEmailRequest{},
},
wantErr: true,
@@ -291,7 +291,7 @@ func TestServer_AddOTPEmail(t *testing.T) {
{
name: "add success, admin",
args: args{
ctx: CTX,
ctx: OrgCTX,
req: &user.AddOTPEmailRequest{
UserId: userVerified2.GetUserId(),
},
@@ -319,30 +319,30 @@ func TestServer_AddOTPEmail(t *testing.T) {
}
func TestServer_RemoveOTPEmail(t *testing.T) {
userID := Instance.CreateHumanUser(CTX).GetUserId()
Instance.RegisterUserPasskey(CTX, userID)
userID := Instance.CreateHumanUser(OrgCTX).GetUserId()
Instance.RegisterUserPasskey(OrgCTX, userID)
_, sessionToken, _, _ := Instance.CreateVerifiedWebAuthNSession(t, LoginCTX, userID)
userVerified := Instance.CreateHumanUser(CTX)
Instance.RegisterUserPasskey(CTX, userVerified.GetUserId())
_, err := Instance.Client.UserV2.VerifyEmail(CTX, &user.VerifyEmailRequest{
userVerified := Instance.CreateHumanUser(OrgCTX)
Instance.RegisterUserPasskey(OrgCTX, userVerified.GetUserId())
_, err := Instance.Client.UserV2.VerifyEmail(OrgCTX, &user.VerifyEmailRequest{
UserId: userVerified.GetUserId(),
VerificationCode: userVerified.GetEmailCode(),
})
require.NoError(t, err)
_, err = Instance.Client.UserV2.AddOTPEmail(CTX, &user.AddOTPEmailRequest{UserId: userVerified.GetUserId()})
_, err = Instance.Client.UserV2.AddOTPEmail(OrgCTX, &user.AddOTPEmailRequest{UserId: userVerified.GetUserId()})
require.NoError(t, err)
userSelf := Instance.CreateHumanUser(CTX)
Instance.RegisterUserPasskey(CTX, userSelf.GetUserId())
userSelf := Instance.CreateHumanUser(OrgCTX)
Instance.RegisterUserPasskey(OrgCTX, userSelf.GetUserId())
_, sessionTokenSelf, _, _ := Instance.CreateVerifiedWebAuthNSession(t, LoginCTX, userSelf.GetUserId())
userSelfCtx := integration.WithAuthorizationToken(context.Background(), sessionTokenSelf)
_, err = Instance.Client.UserV2.VerifyEmail(CTX, &user.VerifyEmailRequest{
_, err = Instance.Client.UserV2.VerifyEmail(OrgCTX, &user.VerifyEmailRequest{
UserId: userSelf.GetUserId(),
VerificationCode: userSelf.GetEmailCode(),
})
require.NoError(t, err)
_, err = Instance.Client.UserV2.AddOTPEmail(CTX, &user.AddOTPEmailRequest{UserId: userSelf.GetUserId()})
_, err = Instance.Client.UserV2.AddOTPEmail(OrgCTX, &user.AddOTPEmailRequest{UserId: userSelf.GetUserId()})
require.NoError(t, err)
type args struct {
@@ -383,7 +383,7 @@ func TestServer_RemoveOTPEmail(t *testing.T) {
{
name: "success",
args: args{
ctx: CTX,
ctx: OrgCTX,
req: &user.RemoveOTPEmailRequest{
UserId: userVerified.GetUserId(),
},

44
internal/api/grpc/user/v2/integration_test/passkey_test.go
View File

@@ -19,15 +19,15 @@ import (
)
func TestServer_RegisterPasskey(t *testing.T) {
userID := Instance.CreateHumanUser(CTX).GetUserId()
reg, err := Client.CreatePasskeyRegistrationLink(CTX, &user.CreatePasskeyRegistrationLinkRequest{
userID := Instance.CreateHumanUser(OrgCTX).GetUserId()
reg, err := Client.CreatePasskeyRegistrationLink(OrgCTX, &user.CreatePasskeyRegistrationLinkRequest{
UserId: userID,
Medium: &user.CreatePasskeyRegistrationLinkRequest_ReturnCode{},
})
require.NoError(t, err)
// We also need a user session
Instance.RegisterUserPasskey(CTX, userID)
Instance.RegisterUserPasskey(OrgCTX, userID)
_, sessionToken, _, _ := Instance.CreateVerifiedWebAuthNSession(t, LoginCTX, userID)
type args struct {
@@ -43,7 +43,7 @@ func TestServer_RegisterPasskey(t *testing.T) {
{
name: "missing user id",
args: args{
ctx: CTX,
ctx: OrgCTX,
req: &user.RegisterPasskeyRequest{},
},
wantErr: true,
@@ -51,7 +51,7 @@ func TestServer_RegisterPasskey(t *testing.T) {
{
name: "register code",
args: args{
ctx: CTX,
ctx: OrgCTX,
req: &user.RegisterPasskeyRequest{
UserId: userID,
Code: reg.GetCode(),
@@ -68,7 +68,7 @@ func TestServer_RegisterPasskey(t *testing.T) {
{
name: "reuse code (not allowed)",
args: args{
ctx: CTX,
ctx: OrgCTX,
req: &user.RegisterPasskeyRequest{
UserId: userID,
Code: reg.GetCode(),
@@ -80,7 +80,7 @@ func TestServer_RegisterPasskey(t *testing.T) {
{
name: "wrong code",
args: args{
ctx: CTX,
ctx: OrgCTX,
req: &user.RegisterPasskeyRequest{
UserId: userID,
Code: &user.PasskeyRegistrationCode{
@@ -120,7 +120,7 @@ func TestServer_RegisterPasskey(t *testing.T) {
{
name: "user setting its own passkey",
args: args{
ctx: integration.WithAuthorizationToken(CTX, sessionToken),
ctx: integration.WithAuthorizationToken(OrgCTX, sessionToken),
req: &user.RegisterPasskeyRequest{
UserId: userID,
},
@@ -172,7 +172,7 @@ func TestServer_VerifyPasskeyRegistration(t *testing.T) {
{
name: "missing user id",
args: args{
ctx: CTX,
ctx: OrgCTX,
req: &user.VerifyPasskeyRegistrationRequest{
PasskeyId: pkr.GetPasskeyId(),
PublicKeyCredential: attestationResponse,
@@ -184,7 +184,7 @@ func TestServer_VerifyPasskeyRegistration(t *testing.T) {
{
name: "success",
args: args{
ctx: CTX,
ctx: OrgCTX,
req: &user.VerifyPasskeyRegistrationRequest{
UserId: userID,
PasskeyId: pkr.GetPasskeyId(),
@@ -202,7 +202,7 @@ func TestServer_VerifyPasskeyRegistration(t *testing.T) {
{
name: "wrong credential",
args: args{
ctx: CTX,
ctx: OrgCTX,
req: &user.VerifyPasskeyRegistrationRequest{
UserId: userID,
PasskeyId: pkr.GetPasskeyId(),
@@ -230,7 +230,7 @@ func TestServer_VerifyPasskeyRegistration(t *testing.T) {
}
func TestServer_CreatePasskeyRegistrationLink(t *testing.T) {
userID := Instance.CreateHumanUser(CTX).GetUserId()
userID := Instance.CreateHumanUser(OrgCTX).GetUserId()
type args struct {
ctx context.Context
@@ -246,7 +246,7 @@ func TestServer_CreatePasskeyRegistrationLink(t *testing.T) {
{
name: "missing user id",
args: args{
ctx: CTX,
ctx: OrgCTX,
req: &user.CreatePasskeyRegistrationLinkRequest{},
},
wantErr: true,
@@ -254,7 +254,7 @@ func TestServer_CreatePasskeyRegistrationLink(t *testing.T) {
{
name: "send default mail",
args: args{
ctx: CTX,
ctx: OrgCTX,
req: &user.CreatePasskeyRegistrationLinkRequest{
UserId: userID,
},
@@ -269,7 +269,7 @@ func TestServer_CreatePasskeyRegistrationLink(t *testing.T) {
{
name: "send custom url",
args: args{
ctx: CTX,
ctx: OrgCTX,
req: &user.CreatePasskeyRegistrationLinkRequest{
UserId: userID,
Medium: &user.CreatePasskeyRegistrationLinkRequest_SendLink{
@@ -289,7 +289,7 @@ func TestServer_CreatePasskeyRegistrationLink(t *testing.T) {
{
name: "return code",
args: args{
ctx: CTX,
ctx: OrgCTX,
req: &user.CreatePasskeyRegistrationLinkRequest{
UserId: userID,
Medium: &user.CreatePasskeyRegistrationLinkRequest_ReturnCode{},
@@ -323,7 +323,7 @@ func TestServer_CreatePasskeyRegistrationLink(t *testing.T) {
}
func userWithPasskeyRegistered(t *testing.T) (string, *user.RegisterPasskeyResponse) {
userID := Instance.CreateHumanUser(CTX).GetUserId()
userID := Instance.CreateHumanUser(OrgCTX).GetUserId()
return userID, passkeyRegister(t, userID)
}
@@ -333,12 +333,12 @@ func userWithPasskeyVerified(t *testing.T) (string, string) {
}
func passkeyRegister(t *testing.T, userID string) *user.RegisterPasskeyResponse {
reg, err := Client.CreatePasskeyRegistrationLink(CTX, &user.CreatePasskeyRegistrationLinkRequest{
reg, err := Client.CreatePasskeyRegistrationLink(OrgCTX, &user.CreatePasskeyRegistrationLinkRequest{
UserId: userID,
Medium: &user.CreatePasskeyRegistrationLinkRequest_ReturnCode{},
})
require.NoError(t, err)
pkr, err := Client.RegisterPasskey(CTX, &user.RegisterPasskeyRequest{
pkr, err := Client.RegisterPasskey(OrgCTX, &user.RegisterPasskeyRequest{
UserId: userID,
Code: reg.GetCode(),
})
@@ -352,7 +352,7 @@ func passkeyVerify(t *testing.T, userID string, pkr *user.RegisterPasskeyRespons
attestationResponse, err := Instance.WebAuthN.CreateAttestationResponse(pkr.GetPublicKeyCredentialCreationOptions())
require.NoError(t, err)
_, err = Client.VerifyPasskeyRegistration(CTX, &user.VerifyPasskeyRegistrationRequest{
_, err = Client.VerifyPasskeyRegistration(OrgCTX, &user.VerifyPasskeyRegistrationRequest{
UserId: userID,
PasskeyId: pkr.GetPasskeyId(),
PublicKeyCredential: attestationResponse,
@@ -363,7 +363,7 @@ func passkeyVerify(t *testing.T, userID string, pkr *user.RegisterPasskeyRespons
}
func TestServer_RemovePasskey(t *testing.T) {
userIDWithout := Instance.CreateHumanUser(CTX).GetUserId()
userIDWithout := Instance.CreateHumanUser(OrgCTX).GetUserId()
userIDRegistered, pkrRegistered := userWithPasskeyRegistered(t)
userIDVerified, passkeyIDVerified := userWithPasskeyVerified(t)
userIDVerifiedPermission, passkeyIDVerifiedPermission := userWithPasskeyVerified(t)
@@ -468,7 +468,7 @@ func TestServer_RemovePasskey(t *testing.T) {
}
func TestServer_ListPasskeys(t *testing.T) {
userIDWithout := Instance.CreateHumanUser(CTX).GetUserId()
userIDWithout := Instance.CreateHumanUser(OrgCTX).GetUserId()
userIDRegistered, _ := userWithPasskeyRegistered(t)
userIDVerified, passkeyIDVerified := userWithPasskeyVerified(t)

22
internal/api/grpc/user/v2/integration_test/password_test.go
View File

@@ -17,7 +17,7 @@ import (
)
func TestServer_RequestPasswordReset(t *testing.T) {
userID := Instance.CreateHumanUser(CTX).GetUserId()
userID := Instance.CreateHumanUser(OrgCTX).GetUserId()
tests := []struct {
name string
@@ -89,7 +89,7 @@ func TestServer_RequestPasswordReset(t *testing.T) {
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, err := Client.PasswordReset(CTX, tt.req)
got, err := Client.PasswordReset(OrgCTX, tt.req)
if tt.wantErr {
require.Error(t, err)
return
@@ -122,7 +122,7 @@ func TestServer_Deprecated_SetPassword(t *testing.T) {
return nil
},
args: args{
ctx: CTX,
ctx: OrgCTX,
req: &user.SetPasswordRequest{},
},
wantErr: true,
@@ -130,12 +130,12 @@ func TestServer_Deprecated_SetPassword(t *testing.T) {
{
name: "set successful",
prepare: func(request *user.SetPasswordRequest) error {
userID := Instance.CreateHumanUser(CTX).GetUserId()
userID := Instance.CreateHumanUser(OrgCTX).GetUserId()
request.UserId = userID
return nil
},
args: args{
ctx: CTX,
ctx: OrgCTX,
req: &user.SetPasswordRequest{
NewPassword: &user.Password{
Password: "Secr3tP4ssw0rd!",
@@ -152,9 +152,9 @@ func TestServer_Deprecated_SetPassword(t *testing.T) {
{
name: "change successful",
prepare: func(request *user.SetPasswordRequest) error {
userID := Instance.CreateHumanUser(CTX).GetUserId()
userID := Instance.CreateHumanUser(OrgCTX).GetUserId()
request.UserId = userID
_, err := Client.SetPassword(CTX, &user.SetPasswordRequest{
_, err := Client.SetPassword(OrgCTX, &user.SetPasswordRequest{
UserId: userID,
NewPassword: &user.Password{
Password: "InitialPassw0rd!",
@@ -163,7 +163,7 @@ func TestServer_Deprecated_SetPassword(t *testing.T) {
return err
},
args: args{
ctx: CTX,
ctx: OrgCTX,
req: &user.SetPasswordRequest{
NewPassword: &user.Password{
Password: "Secr3tP4ssw0rd!",
@@ -183,9 +183,9 @@ func TestServer_Deprecated_SetPassword(t *testing.T) {
{
name: "set with code successful",
prepare: func(request *user.SetPasswordRequest) error {
userID := Instance.CreateHumanUser(CTX).GetUserId()
userID := Instance.CreateHumanUser(OrgCTX).GetUserId()
request.UserId = userID
resp, err := Client.PasswordReset(CTX, &user.PasswordResetRequest{
resp, err := Client.PasswordReset(OrgCTX, &user.PasswordResetRequest{
UserId: userID,
Medium: &user.PasswordResetRequest_ReturnCode{
ReturnCode: &user.ReturnPasswordResetCode{},
@@ -200,7 +200,7 @@ func TestServer_Deprecated_SetPassword(t *testing.T) {
return nil
},
args: args{
ctx: CTX,
ctx: OrgCTX,
req: &user.SetPasswordRequest{
NewPassword: &user.Password{
Password: "Secr3tP4ssw0rd!",

323
internal/api/grpc/user/v2/integration_test/pat_test.go
View File

@@ -91,7 +91,7 @@ func TestServer_AddPersonalAccessToken(t *testing.T) {
now := time.Now()
err := tt.args.prepare(tt.args.req)
require.NoError(t, err)
got, err := Client.AddPersonalAccessToken(CTX, tt.args.req)
got, err := Client.AddPersonalAccessToken(OrgCTX, tt.args.req)
if tt.wantErr {
require.Error(t, err)
return
@@ -107,7 +107,7 @@ func TestServer_AddPersonalAccessToken(t *testing.T) {
}
func TestServer_AddPersonalAccessToken_Permission(t *testing.T) {
OrgCTX := CTX
OrgCTX := OrgCTX
otherOrg := Instance.CreateOrganization(IamCTX, integration.OrganizationName(), integration.Email())
otherOrgUser, err := Client.CreateUser(IamCTX, &user.CreateUserRequest{
OrganizationId: otherOrg.OrganizationId,
@@ -189,7 +189,7 @@ func TestServer_RemovePersonalAccessToken(t *testing.T) {
UserId: "notexisting",
},
func(request *user.RemovePersonalAccessTokenRequest) error {
pat, err := Client.AddPersonalAccessToken(CTX, &user.AddPersonalAccessTokenRequest{
pat, err := Client.AddPersonalAccessToken(OrgCTX, &user.AddPersonalAccessTokenRequest{
ExpirationDate: expirationDate,
UserId: userId,
})
@@ -217,7 +217,7 @@ func TestServer_RemovePersonalAccessToken(t *testing.T) {
args: args{
&user.RemovePersonalAccessTokenRequest{},
func(request *user.RemovePersonalAccessTokenRequest) error {
pat, err := Client.AddPersonalAccessToken(CTX, &user.AddPersonalAccessTokenRequest{
pat, err := Client.AddPersonalAccessToken(OrgCTX, &user.AddPersonalAccessTokenRequest{
ExpirationDate: expirationDate,
UserId: userId,
})
@@ -233,7 +233,7 @@ func TestServer_RemovePersonalAccessToken(t *testing.T) {
now := time.Now()
err := tt.args.prepare(tt.args.req)
require.NoError(t, err)
got, err := Client.RemovePersonalAccessToken(CTX, tt.args.req)
got, err := Client.RemovePersonalAccessToken(OrgCTX, tt.args.req)
if tt.wantErr {
require.Error(t, err)
return
@@ -288,7 +288,7 @@ func TestServer_RemovePersonalAccessToken_Permission(t *testing.T) {
},
{
name: "org, error",
args: args{CTX, request, prepare},
args: args{OrgCTX, request, prepare},
wantErr: true,
},
{
@@ -325,7 +325,7 @@ func TestServer_ListPersonalAccessTokens(t *testing.T) {
args args
want *user.ListPersonalAccessTokensResponse
}
OrgCTX := CTX
OrgCTX := OrgCTX
otherOrg := Instance.CreateOrganization(SystemCTX, integration.OrganizationName(), integration.Email())
otherOrgUser, err := Client.CreateUser(SystemCTX, &user.CreateUserRequest{
OrganizationId: otherOrg.OrganizationId,
@@ -345,12 +345,12 @@ func TestServer_ListPersonalAccessTokens(t *testing.T) {
myOrgId := Instance.DefaultOrg.GetId()
myUserId := Instance.Users.Get(integration.UserTypeNoPermission).ID
expiresInADay := time.Now().Truncate(time.Hour).Add(time.Hour * 24)
myDataPoint := setupPATDataPoint(t, myUserId, myOrgId, expiresInADay)
otherUserDataPoint := setupPATDataPoint(t, otherUserId, myOrgId, expiresInADay)
otherOrgDataPointExpiringSoon := setupPATDataPoint(t, otherOrgUserId, otherOrg.OrganizationId, time.Now().Truncate(time.Hour).Add(time.Hour))
otherOrgDataPointExpiringLate := setupPATDataPoint(t, otherOrgUserId, otherOrg.OrganizationId, expiresInADay.Add(time.Hour*24*30))
myDataPoint := setupPATDataPoint(SystemCTX, t, Instance, myUserId, myOrgId, expiresInADay)
otherUserDataPoint := setupPATDataPoint(SystemCTX, t, Instance, otherUserId, myOrgId, expiresInADay)
otherOrgDataPointExpiringSoon := setupPATDataPoint(SystemCTX, t, Instance, otherOrgUserId, otherOrg.OrganizationId, time.Now().Truncate(time.Hour).Add(time.Hour))
otherOrgDataPointExpiringLate := setupPATDataPoint(SystemCTX, t, Instance, otherOrgUserId, otherOrg.OrganizationId, expiresInADay.Add(time.Hour*24*30))
sortingColumnExpirationDate := user.PersonalAccessTokenFieldName_PERSONAL_ACCESS_TOKEN_FIELD_NAME_EXPIRATION_DATE
awaitPersonalAccessTokens(t,
awaitPersonalAccessTokens(SystemCTX, t, Instance,
onlySinceTestStartFilter,
otherOrgDataPointExpiringSoon.GetId(),
otherOrgDataPointExpiringLate.GetId(),
@@ -393,7 +393,7 @@ func TestServer_ListPersonalAccessTokens(t *testing.T) {
myDataPoint,
},
Pagination: &filter.PaginationResponse{
TotalResult: 2,
TotalResult: 4,
AppliedLimit: 100,
},
},
@@ -411,7 +411,7 @@ func TestServer_ListPersonalAccessTokens(t *testing.T) {
myDataPoint,
},
Pagination: &filter.PaginationResponse{
TotalResult: 1,
TotalResult: 4,
AppliedLimit: 100,
},
},
@@ -532,6 +532,249 @@ func TestServer_ListPersonalAccessTokens(t *testing.T) {
},
},
},
want: &user.ListPersonalAccessTokensResponse{
Result: []*user.PersonalAccessToken{},
Pagination: &filter.PaginationResponse{
TotalResult: 1,
AppliedLimit: 100,
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(tt.args.ctx, 20*time.Second)
require.EventuallyWithT(t, func(ttt *assert.CollectT) {
got, err := Client.ListPersonalAccessTokens(tt.args.ctx, tt.args.req)
require.NoError(ttt, err)
assert.Len(ttt, got.Result, len(tt.want.Result))
if diff := cmp.Diff(tt.want, got, protocmp.Transform()); diff != "" {
ttt.Errorf("ListPersonalAccessTokens() mismatch (-want +got):\n%s", diff)
}
}, retryDuration, tick, "timeout waiting for expected user result")
})
}
}
func TestServer_ListPersonalAccessTokens_PermissionV2(t *testing.T) {
ensureFeaturePermissionV2Enabled(t, InstancePermissionV2)
iamOwnerCtx := InstancePermissionV2.WithAuthorizationToken(CTX, integration.UserTypeIAMOwner)
type args struct {
ctx context.Context
req *user.ListPersonalAccessTokensRequest
}
type testCase struct {
name string
args args
want *user.ListPersonalAccessTokensResponse
}
otherOrg := InstancePermissionV2.CreateOrganization(iamOwnerCtx, integration.OrganizationName(), integration.Email())
otherOrgUser, err := InstancePermissionV2.Client.UserV2.CreateUser(iamOwnerCtx, &user.CreateUserRequest{
OrganizationId: otherOrg.OrganizationId,
UserType: &user.CreateUserRequest_Machine_{
Machine: &user.CreateUserRequest_Machine{
Name: integration.Username(),
},
},
})
require.NoError(t, err)
otherOrgUserId := otherOrgUser.GetId()
otherUserId := InstancePermissionV2.CreateUserTypeMachine(SystemCTX, InstancePermissionV2.DefaultOrg.Id).GetId()
onlySinceTestStartFilter := &user.PersonalAccessTokensSearchFilter{Filter: &user.PersonalAccessTokensSearchFilter_CreatedDateFilter{CreatedDateFilter: &filter.TimestampFilter{
Timestamp: timestamppb.Now(),
Method: filter.TimestampFilterMethod_TIMESTAMP_FILTER_METHOD_AFTER_OR_EQUALS,
}}}
myOrgId := InstancePermissionV2.DefaultOrg.GetId()
myUserId := InstancePermissionV2.Users.Get(integration.UserTypeNoPermission).ID
expiresInADay := time.Now().Truncate(time.Hour).Add(time.Hour * 24)
myDataPoint := setupPATDataPoint(iamOwnerCtx, t, InstancePermissionV2, myUserId, myOrgId, expiresInADay)
otherUserDataPoint := setupPATDataPoint(iamOwnerCtx, t, InstancePermissionV2, otherUserId, myOrgId, expiresInADay)
otherOrgDataPointExpiringSoon := setupPATDataPoint(iamOwnerCtx, t, InstancePermissionV2, otherOrgUserId, otherOrg.OrganizationId, time.Now().Truncate(time.Hour).Add(time.Hour))
otherOrgDataPointExpiringLate := setupPATDataPoint(iamOwnerCtx, t, InstancePermissionV2, otherOrgUserId, otherOrg.OrganizationId, expiresInADay.Add(time.Hour*24*30))
sortingColumnExpirationDate := user.PersonalAccessTokenFieldName_PERSONAL_ACCESS_TOKEN_FIELD_NAME_EXPIRATION_DATE
awaitPersonalAccessTokens(iamOwnerCtx, t, InstancePermissionV2,
onlySinceTestStartFilter,
otherOrgDataPointExpiringSoon.GetId(),
otherOrgDataPointExpiringLate.GetId(),
otherUserDataPoint.GetId(),
myDataPoint.GetId(),
)
tests := []testCase{
{
name: "list all, instance",
args: args{
iamOwnerCtx,
&user.ListPersonalAccessTokensRequest{
Filters: []*user.PersonalAccessTokensSearchFilter{onlySinceTestStartFilter},
},
},
want: &user.ListPersonalAccessTokensResponse{
Result: []*user.PersonalAccessToken{
otherOrgDataPointExpiringLate,
otherOrgDataPointExpiringSoon,
otherUserDataPoint,
myDataPoint,
},
Pagination: &filter.PaginationResponse{
TotalResult: 4,
AppliedLimit: 100,
},
},
},
{
name: "list all, org",
args: args{
InstancePermissionV2.WithAuthorizationToken(iamOwnerCtx, integration.UserTypeOrgOwner),
&user.ListPersonalAccessTokensRequest{
Filters: []*user.PersonalAccessTokensSearchFilter{onlySinceTestStartFilter},
},
},
want: &user.ListPersonalAccessTokensResponse{
Result: []*user.PersonalAccessToken{
otherUserDataPoint,
myDataPoint,
},
Pagination: &filter.PaginationResponse{
TotalResult: 2,
AppliedLimit: 100,
},
},
},
{
name: "list all, user",
args: args{
InstancePermissionV2.WithAuthorizationToken(iamOwnerCtx, integration.UserTypeNoPermission),
&user.ListPersonalAccessTokensRequest{
Filters: []*user.PersonalAccessTokensSearchFilter{onlySinceTestStartFilter},
},
},
want: &user.ListPersonalAccessTokensResponse{
Result: []*user.PersonalAccessToken{
myDataPoint,
},
Pagination: &filter.PaginationResponse{
TotalResult: 1,
AppliedLimit: 100,
},
},
},
{
name: "list by id",
args: args{
iamOwnerCtx,
&user.ListPersonalAccessTokensRequest{
Filters: []*user.PersonalAccessTokensSearchFilter{
onlySinceTestStartFilter,
{
Filter: &user.PersonalAccessTokensSearchFilter_TokenIdFilter{
TokenIdFilter: &filter.IDFilter{Id: otherOrgDataPointExpiringSoon.Id},
},
},
},
},
},
want: &user.ListPersonalAccessTokensResponse{
Result: []*user.PersonalAccessToken{
otherOrgDataPointExpiringSoon,
},
Pagination: &filter.PaginationResponse{
TotalResult: 1,
AppliedLimit: 100,
},
},
},
{
name: "list all from other org",
args: args{
iamOwnerCtx,
&user.ListPersonalAccessTokensRequest{
Filters: []*user.PersonalAccessTokensSearchFilter{
onlySinceTestStartFilter,
{
Filter: &user.PersonalAccessTokensSearchFilter_OrganizationIdFilter{
OrganizationIdFilter: &filter.IDFilter{Id: otherOrg.OrganizationId},
},
}},
},
},
want: &user.ListPersonalAccessTokensResponse{
Result: []*user.PersonalAccessToken{
otherOrgDataPointExpiringLate,
otherOrgDataPointExpiringSoon,
},
Pagination: &filter.PaginationResponse{
TotalResult: 2,
AppliedLimit: 100,
},
},
},
{
name: "sort by next expiration dates",
args: args{
iamOwnerCtx,
&user.ListPersonalAccessTokensRequest{
Pagination: &filter.PaginationRequest{
Asc: true,
},
SortingColumn: &sortingColumnExpirationDate,
Filters: []*user.PersonalAccessTokensSearchFilter{
onlySinceTestStartFilter,
{Filter: &user.PersonalAccessTokensSearchFilter_OrganizationIdFilter{OrganizationIdFilter: &filter.IDFilter{Id: otherOrg.OrganizationId}}},
},
},
},
want: &user.ListPersonalAccessTokensResponse{
Result: []*user.PersonalAccessToken{
otherOrgDataPointExpiringSoon,
otherOrgDataPointExpiringLate,
},
Pagination: &filter.PaginationResponse{
TotalResult: 2,
AppliedLimit: 100,
},
},
},
{
name: "get page",
args: args{
iamOwnerCtx,
&user.ListPersonalAccessTokensRequest{
Pagination: &filter.PaginationRequest{
Offset: 2,
Limit: 2,
Asc: true,
},
Filters: []*user.PersonalAccessTokensSearchFilter{
onlySinceTestStartFilter,
},
},
},
want: &user.ListPersonalAccessTokensResponse{
Result: []*user.PersonalAccessToken{
otherOrgDataPointExpiringSoon,
otherOrgDataPointExpiringLate,
},
Pagination: &filter.PaginationResponse{
TotalResult: 4,
AppliedLimit: 2,
},
},
},
{
name: "empty list",
args: args{
InstancePermissionV2.WithAuthorizationToken(iamOwnerCtx, integration.UserTypeNoPermission),
&user.ListPersonalAccessTokensRequest{
Filters: []*user.PersonalAccessTokensSearchFilter{
{
Filter: &user.PersonalAccessTokensSearchFilter_TokenIdFilter{
TokenIdFilter: &filter.IDFilter{Id: otherUserDataPoint.Id},
},
},
},
},
},
want: &user.ListPersonalAccessTokensResponse{
Result: []*user.PersonalAccessToken{},
Pagination: &filter.PaginationResponse{
@@ -541,41 +784,24 @@ func TestServer_ListPersonalAccessTokens(t *testing.T) {
},
},
}
t.Run("with permission flag v2", func(t *testing.T) {
setPermissionCheckV2Flag(t, true)
defer setPermissionCheckV2Flag(t, false)
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, err := Client.ListPersonalAccessTokens(tt.args.ctx, tt.args.req)
require.NoError(t, err)
assert.Len(t, got.Result, len(tt.want.Result))
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(tt.args.ctx, 20*time.Second)
require.EventuallyWithT(t, func(ttt *assert.CollectT) {
got, err := InstancePermissionV2.Client.UserV2.ListPersonalAccessTokens(tt.args.ctx, tt.args.req)
require.NoError(ttt, err)
assert.Len(ttt, got.Result, len(tt.want.Result))
if diff := cmp.Diff(tt.want, got, protocmp.Transform()); diff != "" {
t.Errorf("ListPersonalAccessTokens() mismatch (-want +got):\n%s", diff)
ttt.Errorf("ListPersonalAccessTokens() mismatch (-want +got):\n%s", diff)
}
})
}
})
t.Run("without permission flag v2", func(t *testing.T) {
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, err := Client.ListPersonalAccessTokens(tt.args.ctx, tt.args.req)
require.NoError(t, err)
assert.Len(t, got.Result, len(tt.want.Result))
// ignore the total result, as this is a known bug with the in-memory permission checks.
// The command can't know how many keys exist in the system if the SQL statement has a limit.
// This is fixed, once the in-memory permission checks are removed with https://github.com/zitadel/zitadel/issues/9188
tt.want.Pagination.TotalResult = got.Pagination.TotalResult
if diff := cmp.Diff(tt.want, got, protocmp.Transform()); diff != "" {
t.Errorf("ListPersonalAccessTokens() mismatch (-want +got):\n%s", diff)
}
})
}
})
}, retryDuration, tick, "timeout waiting for expected user result")
})
}
}
func setupPATDataPoint(t *testing.T, userId, orgId string, expirationDate time.Time) *user.PersonalAccessToken {
func setupPATDataPoint(ctx context.Context, t *testing.T, instance *integration.Instance, userId, orgId string, expirationDate time.Time) *user.PersonalAccessToken {
expirationDatePb := timestamppb.New(expirationDate)
newPersonalAccessToken, err := Client.AddPersonalAccessToken(SystemCTX, &user.AddPersonalAccessTokenRequest{
newPersonalAccessToken, err := instance.Client.UserV2.AddPersonalAccessToken(ctx, &user.AddPersonalAccessTokenRequest{
UserId: userId,
ExpirationDate: expirationDatePb,
})
@@ -590,18 +816,19 @@ func setupPATDataPoint(t *testing.T, userId, orgId string, expirationDate time.T
}
}
func awaitPersonalAccessTokens(t *testing.T, sinceTestStartFilter *user.PersonalAccessTokensSearchFilter, patIds ...string) {
func awaitPersonalAccessTokens(ctx context.Context, t *testing.T, instance *integration.Instance, sinceTestStartFilter *user.PersonalAccessTokensSearchFilter, patIds ...string) {
sortingColumn := user.PersonalAccessTokenFieldName_PERSONAL_ACCESS_TOKEN_FIELD_NAME_ID
slices.Sort(patIds)
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(ctx, time.Minute)
require.EventuallyWithT(t, func(collect *assert.CollectT) {
result, err := Client.ListPersonalAccessTokens(SystemCTX, &user.ListPersonalAccessTokensRequest{
result, err := instance.Client.UserV2.ListPersonalAccessTokens(ctx, &user.ListPersonalAccessTokensRequest{
Filters: []*user.PersonalAccessTokensSearchFilter{sinceTestStartFilter},
SortingColumn: &sortingColumn,
Pagination: &filter.PaginationRequest{
Asc: true,
},
})
require.NoError(t, err)
require.NoError(collect, err)
if !assert.Len(collect, result.Result, len(patIds)) {
return
}
@@ -609,5 +836,5 @@ func awaitPersonalAccessTokens(t *testing.T, sinceTestStartFilter *user.Personal
patId := patIds[i]
require.Equal(collect, patId, result.Result[i].GetId())
}
}, 5*time.Second, time.Second, "pat not created in time")
}, retryDuration, tick, "pat not created in time")
}

34
internal/api/grpc/user/v2/integration_test/phone_test.go
View File

@@ -17,7 +17,7 @@ import (
)
func TestServer_Deprecated_SetPhone(t *testing.T) {
userID := Instance.CreateHumanUser(CTX).GetUserId()
userID := Instance.CreateHumanUser(OrgCTX).GetUserId()
tests := []struct {
name string
@@ -105,7 +105,7 @@ func TestServer_Deprecated_SetPhone(t *testing.T) {
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, err := Client.SetPhone(CTX, tt.req)
got, err := Client.SetPhone(OrgCTX, tt.req)
if tt.wantErr {
require.Error(t, err)
return
@@ -121,8 +121,8 @@ func TestServer_Deprecated_SetPhone(t *testing.T) {
}
func TestServer_ResendPhoneCode(t *testing.T) {
userID := Instance.CreateHumanUser(CTX).GetUserId()
verifiedUserID := Instance.CreateHumanUserVerified(CTX, Instance.DefaultOrg.Id, integration.Email(), integration.Phone()).GetUserId()
userID := Instance.CreateHumanUser(OrgCTX).GetUserId()
verifiedUserID := Instance.CreateHumanUserVerified(OrgCTX, Instance.DefaultOrg.Id, integration.Email(), integration.Phone()).GetUserId()
tests := []struct {
name string
@@ -180,7 +180,7 @@ func TestServer_ResendPhoneCode(t *testing.T) {
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, err := Client.ResendPhoneCode(CTX, tt.req)
got, err := Client.ResendPhoneCode(OrgCTX, tt.req)
if tt.wantErr {
require.Error(t, err)
return
@@ -196,7 +196,7 @@ func TestServer_ResendPhoneCode(t *testing.T) {
}
func TestServer_VerifyPhone(t *testing.T) {
userResp := Instance.CreateHumanUser(CTX)
userResp := Instance.CreateHumanUser(OrgCTX)
tests := []struct {
name string
req *user.VerifyPhoneRequest
@@ -236,7 +236,7 @@ func TestServer_VerifyPhone(t *testing.T) {
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
got, err := Client.VerifyPhone(CTX, tt.req)
got, err := Client.VerifyPhone(OrgCTX, tt.req)
if tt.wantErr {
require.Error(t, err)
return
@@ -249,12 +249,12 @@ func TestServer_VerifyPhone(t *testing.T) {
}
func TestServer_Deprecated_RemovePhone(t *testing.T) {
userResp := Instance.CreateHumanUser(CTX)
failResp := Instance.CreateHumanUserNoPhone(CTX)
otherUser := Instance.CreateHumanUser(CTX).GetUserId()
doubleRemoveUser := Instance.CreateHumanUser(CTX)
userResp := Instance.CreateHumanUser(OrgCTX)
failResp := Instance.CreateHumanUserNoPhone(OrgCTX)
otherUser := Instance.CreateHumanUser(OrgCTX).GetUserId()
doubleRemoveUser := Instance.CreateHumanUser(OrgCTX)
Instance.RegisterUserPasskey(CTX, otherUser)
Instance.RegisterUserPasskey(OrgCTX, otherUser)
_, sessionTokenOtherUser, _, _ := Instance.CreateVerifiedWebAuthNSession(t, LoginCTX, otherUser)
tests := []struct {
@@ -267,7 +267,7 @@ func TestServer_Deprecated_RemovePhone(t *testing.T) {
}{
{
name: "remove phone",
ctx: CTX,
ctx: OrgCTX,
req: &user.RemovePhoneRequest{
UserId: userResp.GetUserId(),
},
@@ -284,7 +284,7 @@ func TestServer_Deprecated_RemovePhone(t *testing.T) {
},
{
name: "user without phone",
ctx: CTX,
ctx: OrgCTX,
req: &user.RemovePhoneRequest{
UserId: failResp.GetUserId(),
},
@@ -295,7 +295,7 @@ func TestServer_Deprecated_RemovePhone(t *testing.T) {
},
{
name: "remove previously deleted phone",
ctx: CTX,
ctx: OrgCTX,
req: &user.RemovePhoneRequest{
UserId: doubleRemoveUser.GetUserId(),
},
@@ -308,7 +308,7 @@ func TestServer_Deprecated_RemovePhone(t *testing.T) {
},
{
name: "no user id",
ctx: CTX,
ctx: OrgCTX,
req: &user.RemovePhoneRequest{},
wantErr: true,
dep: func(ctx context.Context, userID string) (*user.RemovePhoneResponse, error) {
@@ -317,7 +317,7 @@ func TestServer_Deprecated_RemovePhone(t *testing.T) {
},
{
name: "other user, no permission",
ctx: integration.WithAuthorizationToken(CTX, sessionTokenOtherUser),
ctx: integration.WithAuthorizationToken(OrgCTX, sessionTokenOtherUser),
req: &user.RemovePhoneRequest{
UserId: userResp.GetUserId(),
},

1119
internal/api/grpc/user/v2/integration_test/query_test.go
View File

File diff suppressed because it is too large Load Diff

32
internal/api/grpc/user/v2/integration_test/secret_test.go
View File

@@ -28,7 +28,7 @@ func TestServer_AddSecret(t *testing.T) {
{
name: "add secret, user not existing",
args: args{
CTX,
OrgCTX,
&user.AddSecretRequest{
UserId: "notexisting",
},
@@ -39,10 +39,10 @@ func TestServer_AddSecret(t *testing.T) {
{
name: "add secret, ok",
args: args{
CTX,
OrgCTX,
&user.AddSecretRequest{},
func(request *user.AddSecretRequest) error {
resp := Instance.CreateUserTypeMachine(CTX, Instance.DefaultOrg.Id)
resp := Instance.CreateUserTypeMachine(OrgCTX, Instance.DefaultOrg.Id)
request.UserId = resp.GetId()
return nil
},
@@ -51,10 +51,10 @@ func TestServer_AddSecret(t *testing.T) {
{
name: "add secret human, not ok",
args: args{
CTX,
OrgCTX,
&user.AddSecretRequest{},
func(request *user.AddSecretRequest) error {
resp := Instance.CreateUserTypeMachine(CTX, Instance.DefaultOrg.Id)
resp := Instance.CreateUserTypeMachine(OrgCTX, Instance.DefaultOrg.Id)
request.UserId = resp.GetId()
return nil
},
@@ -63,12 +63,12 @@ func TestServer_AddSecret(t *testing.T) {
{
name: "overwrite secret, ok",
args: args{
CTX,
OrgCTX,
&user.AddSecretRequest{},
func(request *user.AddSecretRequest) error {
resp := Instance.CreateUserTypeMachine(CTX, Instance.DefaultOrg.Id)
resp := Instance.CreateUserTypeMachine(OrgCTX, Instance.DefaultOrg.Id)
request.UserId = resp.GetId()
_, err := Client.AddSecret(CTX, &user.AddSecretRequest{
_, err := Client.AddSecret(OrgCTX, &user.AddSecretRequest{
UserId: resp.GetId(),
})
return err
@@ -137,7 +137,7 @@ func TestServer_AddSecret_Permission(t *testing.T) {
{
name: "org, error",
args: args{
CTX,
OrgCTX,
&user.AddSecretRequest{
UserId: otherOrgUser.GetId(),
},
@@ -187,7 +187,7 @@ func TestServer_RemoveSecret(t *testing.T) {
{
name: "remove secret, user not existing",
args: args{
CTX,
OrgCTX,
&user.RemoveSecretRequest{
UserId: "notexisting",
},
@@ -198,10 +198,10 @@ func TestServer_RemoveSecret(t *testing.T) {
{
name: "remove secret, not existing",
args: args{
CTX,
OrgCTX,
&user.RemoveSecretRequest{},
func(request *user.RemoveSecretRequest) error {
resp := Instance.CreateUserTypeMachine(CTX, Instance.DefaultOrg.Id)
resp := Instance.CreateUserTypeMachine(OrgCTX, Instance.DefaultOrg.Id)
request.UserId = resp.GetId()
return nil
},
@@ -211,12 +211,12 @@ func TestServer_RemoveSecret(t *testing.T) {
{
name: "remove secret, ok",
args: args{
CTX,
OrgCTX,
&user.RemoveSecretRequest{},
func(request *user.RemoveSecretRequest) error {
resp := Instance.CreateUserTypeMachine(CTX, Instance.DefaultOrg.Id)
resp := Instance.CreateUserTypeMachine(OrgCTX, Instance.DefaultOrg.Id)
request.UserId = resp.GetId()
_, err := Instance.Client.UserV2.AddSecret(CTX, &user.AddSecretRequest{
_, err := Instance.Client.UserV2.AddSecret(OrgCTX, &user.AddSecretRequest{
UserId: resp.GetId(),
})
return err
@@ -297,7 +297,7 @@ func TestServer_RemoveSecret_Permission(t *testing.T) {
{
name: "org, error",
args: args{
CTX,
OrgCTX,
&user.RemoveSecretRequest{
UserId: otherOrgUser.GetId(),
},

80
internal/api/grpc/user/v2/integration_test/server_test.go Normal file
View File

@@ -0,0 +1,80 @@
//go:build integration
package user_test
import (
"context"
"os"
"testing"
"time"
"github.com/muhlemmer/gu"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/zitadel/zitadel/internal/integration"
"github.com/zitadel/zitadel/pkg/grpc/feature/v2"
"github.com/zitadel/zitadel/pkg/grpc/user/v2"
)
var (
CTX context.Context
OrgCTX context.Context
IamCTX context.Context
LoginCTX context.Context
UserCTX context.Context
SystemCTX context.Context
SystemUserWithNoPermissionsCTX context.Context
Instance *integration.Instance
InstancePermissionV2 *integration.Instance
Client user.UserServiceClient
)
func TestMain(m *testing.M) {
os.Exit(func() int {
ctx, cancel := context.WithTimeout(context.Background(), 15*time.Minute)
defer cancel()
CTX = ctx
Instance = integration.NewInstance(ctx)
InstancePermissionV2 = integration.NewInstance(ctx)
SystemUserWithNoPermissionsCTX = integration.WithSystemUserWithNoPermissionsAuthorization(ctx)
UserCTX = Instance.WithAuthorizationToken(ctx, integration.UserTypeNoPermission)
IamCTX = Instance.WithAuthorizationToken(ctx, integration.UserTypeIAMOwner)
LoginCTX = Instance.WithAuthorizationToken(ctx, integration.UserTypeLogin)
SystemCTX = integration.WithSystemAuthorization(ctx)
OrgCTX = Instance.WithAuthorizationToken(ctx, integration.UserTypeOrgOwner)
Client = Instance.Client.UserV2
return m.Run()
}())
}
func ensureFeaturePermissionV2Enabled(t *testing.T, instance *integration.Instance) {
ctx := instance.WithAuthorizationToken(CTX, integration.UserTypeIAMOwner)
f, err := instance.Client.FeatureV2.GetInstanceFeatures(ctx, &feature.GetInstanceFeaturesRequest{
Inheritance: true,
})
require.NoError(t, err)
if f.PermissionCheckV2.GetEnabled() {
return
}
_, err = instance.Client.FeatureV2.SetInstanceFeatures(ctx, &feature.SetInstanceFeaturesRequest{
PermissionCheckV2: gu.Ptr(true),
})
require.NoError(t, err)
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(ctx, 5*time.Minute)
require.EventuallyWithT(t,
func(ttt *assert.CollectT) {
f, err := instance.Client.FeatureV2.GetInstanceFeatures(ctx, &feature.GetInstanceFeaturesRequest{
Inheritance: true,
})
assert.NoError(ttt, err)
if f.PermissionCheckV2.GetEnabled() {
return
}
},
retryDuration,
tick,
"timed out waiting for ensuring instance feature")
}

40
internal/api/grpc/user/v2/integration_test/totp_test.go
View File

@@ -18,15 +18,15 @@ import (
)
func TestServer_RegisterTOTP(t *testing.T) {
userID := Instance.CreateHumanUser(CTX).GetUserId()
Instance.RegisterUserPasskey(CTX, userID)
userID := Instance.CreateHumanUser(OrgCTX).GetUserId()
Instance.RegisterUserPasskey(OrgCTX, userID)
_, sessionToken, _, _ := Instance.CreateVerifiedWebAuthNSession(t, LoginCTX, userID)
ctx := integration.WithAuthorizationToken(CTX, sessionToken)
ctx := integration.WithAuthorizationToken(OrgCTX, sessionToken)
otherUser := Instance.CreateHumanUser(CTX).GetUserId()
Instance.RegisterUserPasskey(CTX, otherUser)
otherUser := Instance.CreateHumanUser(OrgCTX).GetUserId()
Instance.RegisterUserPasskey(OrgCTX, otherUser)
_, sessionTokenOtherUser, _, _ := Instance.CreateVerifiedWebAuthNSession(t, LoginCTX, otherUser)
ctxOtherUser := integration.WithAuthorizationToken(CTX, sessionTokenOtherUser)
ctxOtherUser := integration.WithAuthorizationToken(OrgCTX, sessionTokenOtherUser)
type args struct {
ctx context.Context
@@ -59,7 +59,7 @@ func TestServer_RegisterTOTP(t *testing.T) {
{
name: "admin",
args: args{
ctx: CTX,
ctx: OrgCTX,
req: &user.RegisterTOTPRequest{
UserId: userID,
},
@@ -104,10 +104,10 @@ func TestServer_RegisterTOTP(t *testing.T) {
}
func TestServer_VerifyTOTPRegistration(t *testing.T) {
userID := Instance.CreateHumanUser(CTX).GetUserId()
Instance.RegisterUserPasskey(CTX, userID)
userID := Instance.CreateHumanUser(OrgCTX).GetUserId()
Instance.RegisterUserPasskey(OrgCTX, userID)
_, sessionToken, _, _ := Instance.CreateVerifiedWebAuthNSession(t, LoginCTX, userID)
ctx := integration.WithAuthorizationToken(CTX, sessionToken)
ctx := integration.WithAuthorizationToken(OrgCTX, sessionToken)
reg, err := Client.RegisterTOTP(ctx, &user.RegisterTOTPRequest{
UserId: userID,
@@ -116,12 +116,12 @@ func TestServer_VerifyTOTPRegistration(t *testing.T) {
code, err := totp.GenerateCode(reg.Secret, time.Now())
require.NoError(t, err)
otherUser := Instance.CreateHumanUser(CTX).GetUserId()
Instance.RegisterUserPasskey(CTX, otherUser)
otherUser := Instance.CreateHumanUser(OrgCTX).GetUserId()
Instance.RegisterUserPasskey(OrgCTX, otherUser)
_, sessionTokenOtherUser, _, _ := Instance.CreateVerifiedWebAuthNSession(t, LoginCTX, otherUser)
ctxOtherUser := integration.WithAuthorizationToken(CTX, sessionTokenOtherUser)
ctxOtherUser := integration.WithAuthorizationToken(OrgCTX, sessionTokenOtherUser)
regOtherUser, err := Client.RegisterTOTP(CTX, &user.RegisterTOTPRequest{
regOtherUser, err := Client.RegisterTOTP(OrgCTX, &user.RegisterTOTPRequest{
UserId: otherUser,
})
require.NoError(t, err)
@@ -178,7 +178,7 @@ func TestServer_VerifyTOTPRegistration(t *testing.T) {
{
name: "success, admin",
args: args{
ctx: CTX,
ctx: OrgCTX,
req: &user.VerifyTOTPRegistrationRequest{
UserId: otherUser,
Code: codeOtherUser,
@@ -207,12 +207,12 @@ func TestServer_VerifyTOTPRegistration(t *testing.T) {
}
func TestServer_RemoveTOTP(t *testing.T) {
userID := Instance.CreateHumanUser(CTX).GetUserId()
Instance.RegisterUserPasskey(CTX, userID)
userID := Instance.CreateHumanUser(OrgCTX).GetUserId()
Instance.RegisterUserPasskey(OrgCTX, userID)
_, sessionToken, _, _ := Instance.CreateVerifiedWebAuthNSession(t, LoginCTX, userID)
userVerified := Instance.CreateHumanUser(CTX)
Instance.RegisterUserPasskey(CTX, userVerified.GetUserId())
userVerified := Instance.CreateHumanUser(OrgCTX)
Instance.RegisterUserPasskey(OrgCTX, userVerified.GetUserId())
_, sessionTokenVerified, _, _ := Instance.CreateVerifiedWebAuthNSession(t, LoginCTX, userVerified.GetUserId())
userVerifiedCtx := integration.WithAuthorizationToken(context.Background(), sessionTokenVerified)
_, err := Instance.Client.UserV2.VerifyPhone(userVerifiedCtx, &user.VerifyPhoneRequest{
@@ -221,7 +221,7 @@ func TestServer_RemoveTOTP(t *testing.T) {
})
require.NoError(t, err)
regOtherUser, err := Client.RegisterTOTP(CTX, &user.RegisterTOTPRequest{
regOtherUser, err := Client.RegisterTOTP(OrgCTX, &user.RegisterTOTPRequest{
UserId: userVerified.GetUserId(),
})
require.NoError(t, err)

24
internal/api/grpc/user/v2/integration_test/u2f_test.go
View File

@@ -17,13 +17,13 @@ import (
)
func TestServer_RegisterU2F(t *testing.T) {
userID := Instance.CreateHumanUser(CTX).GetUserId()
otherUser := Instance.CreateHumanUser(CTX).GetUserId()
userID := Instance.CreateHumanUser(OrgCTX).GetUserId()
otherUser := Instance.CreateHumanUser(OrgCTX).GetUserId()
// We also need a user session
Instance.RegisterUserPasskey(CTX, userID)
Instance.RegisterUserPasskey(OrgCTX, userID)
_, sessionToken, _, _ := Instance.CreateVerifiedWebAuthNSession(t, LoginCTX, userID)
Instance.RegisterUserPasskey(CTX, otherUser)
Instance.RegisterUserPasskey(OrgCTX, otherUser)
_, sessionTokenOtherUser, _, _ := Instance.CreateVerifiedWebAuthNSession(t, LoginCTX, otherUser)
type args struct {
@@ -39,7 +39,7 @@ func TestServer_RegisterU2F(t *testing.T) {
{
name: "missing user id",
args: args{
ctx: CTX,
ctx: OrgCTX,
req: &user.RegisterU2FRequest{},
},
wantErr: true,
@@ -47,7 +47,7 @@ func TestServer_RegisterU2F(t *testing.T) {
{
name: "admin user",
args: args{
ctx: CTX,
ctx: OrgCTX,
req: &user.RegisterU2FRequest{
UserId: userID,
},
@@ -62,7 +62,7 @@ func TestServer_RegisterU2F(t *testing.T) {
{
name: "other user, no permission",
args: args{
ctx: integration.WithAuthorizationToken(CTX, sessionTokenOtherUser),
ctx: integration.WithAuthorizationToken(OrgCTX, sessionTokenOtherUser),
req: &user.RegisterU2FRequest{
UserId: userID,
},
@@ -72,7 +72,7 @@ func TestServer_RegisterU2F(t *testing.T) {
{
name: "user setting its own passkey",
args: args{
ctx: integration.WithAuthorizationToken(CTX, sessionToken),
ctx: integration.WithAuthorizationToken(OrgCTX, sessionToken),
req: &user.RegisterU2FRequest{
UserId: userID,
},
@@ -181,10 +181,10 @@ func TestServer_VerifyU2FRegistration(t *testing.T) {
}
func ctxFromNewUserWithRegisteredU2F(t *testing.T) (context.Context, string, *user.RegisterU2FResponse) {
userID := Instance.CreateHumanUser(CTX).GetUserId()
Instance.RegisterUserPasskey(CTX, userID)
userID := Instance.CreateHumanUser(OrgCTX).GetUserId()
Instance.RegisterUserPasskey(OrgCTX, userID)
_, sessionToken, _, _ := Instance.CreateVerifiedWebAuthNSession(t, LoginCTX, userID)
ctx := integration.WithAuthorizationToken(CTX, sessionToken)
ctx := integration.WithAuthorizationToken(OrgCTX, sessionToken)
pkr, err := Client.RegisterU2F(ctx, &user.RegisterU2FRequest{
UserId: userID,
@@ -211,7 +211,7 @@ func ctxFromNewUserWithVerifiedU2F(t *testing.T) (context.Context, string, strin
}
func TestServer_RemoveU2F(t *testing.T) {
userIDWithout := Instance.CreateHumanUser(CTX).GetUserId()
userIDWithout := Instance.CreateHumanUser(OrgCTX).GetUserId()
ctxRegistered, userIDRegistered, pkrRegistered := ctxFromNewUserWithRegisteredU2F(t)
_, userIDVerified, u2fVerified := ctxFromNewUserWithVerifiedU2F(t)
_, userIDVerifiedPermission, u2fVerifiedPermission := ctxFromNewUserWithVerifiedU2F(t)

544
internal/api/grpc/user/v2/integration_test/user_test.go
View File

File diff suppressed because it is too large Load Diff