TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-11-15 04:23:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: Policy check (#149)

Browse Source 
* check password complexity policy

* check password complexity policy

* fix tests

* Update internal/admin/repository/eventsourcing/setup/setup.go

Co-authored-by: Livio Amstutz <livio.a@gmail.com>

* changes for mr

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
This commit is contained in:
Fabi
2020-05-29 08:44:01 +02:00
committed by GitHub
parent 5a7d44327e
commit a4c7b39552
15 changed files with 477 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

98
internal/user/repository/eventsourcing/eventstore_test.go
View File

@@ -2,6 +2,7 @@ package eventsourcing
import (
"context"
policy_model "github.com/caos/zitadel/internal/policy/model"
"net"
"testing"
"time"
@@ -83,9 +84,10 @@ func TestUserByID(t *testing.T) {
func TestCreateUser(t *testing.T) {
ctrl := gomock.NewController(t)
type args struct {
es *UserEventstore
ctx context.Context
user *model.User
es *UserEventstore
ctx context.Context
user *model.User
policy *policy_model.PasswordComplexityPolicy
}
type res struct {
user *model.User
@@ -113,6 +115,7 @@ func TestCreateUser(t *testing.T) {
IsEmailVerified: true,
},
},
policy: &policy_model.PasswordComplexityPolicy{},
},
res: res{
user: &model.User{ObjectRoot: es_models.ObjectRoot{Sequence: 1},
@@ -143,6 +146,7 @@ func TestCreateUser(t *testing.T) {
IsEmailVerified: true,
},
},
policy: &policy_model.PasswordComplexityPolicy{},
},
res: res{
user: &model.User{ObjectRoot: es_models.ObjectRoot{Sequence: 1},
@@ -178,6 +182,7 @@ func TestCreateUser(t *testing.T) {
IsPhoneVerified: true,
},
},
policy: &policy_model.PasswordComplexityPolicy{},
},
res: res{
user: &model.User{ObjectRoot: es_models.ObjectRoot{Sequence: 1},
@@ -214,6 +219,7 @@ func TestCreateUser(t *testing.T) {
IsEmailVerified: true,
},
},
policy: &policy_model.PasswordComplexityPolicy{},
},
res: res{
user: &model.User{ObjectRoot: es_models.ObjectRoot{Sequence: 1},
@@ -231,6 +237,18 @@ func TestCreateUser(t *testing.T) {
},
{
name: "create user invalid",
args: args{
es: GetMockManipulateUser(ctrl),
ctx: auth.NewMockContext("orgID", "userID"),
user: &model.User{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}},
policy: &policy_model.PasswordComplexityPolicy{},
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "create user policy nil",
args: args{
es: GetMockManipulateUser(ctrl),
ctx: auth.NewMockContext("orgID", "userID"),
@@ -243,7 +261,7 @@ func TestCreateUser(t *testing.T) {
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.CreateUser(tt.args.ctx, tt.args.user)
result, err := tt.args.es.CreateUser(tt.args.ctx, tt.args.user, tt.args.policy)
if tt.res.errFunc == nil && result.AggregateID == "" {
t.Errorf("result has no id")
@@ -275,6 +293,7 @@ func TestRegisterUser(t *testing.T) {
ctx context.Context
user *model.User
resourceOwner string
policy *policy_model.PasswordComplexityPolicy
}
type res struct {
user *model.User
@@ -304,6 +323,7 @@ func TestRegisterUser(t *testing.T) {
SecretString: "Password",
},
},
policy: &policy_model.PasswordComplexityPolicy{},
resourceOwner: "ResourceOwner",
},
res: res{
@@ -336,6 +356,7 @@ func TestRegisterUser(t *testing.T) {
SecretString: "Password",
},
},
policy: &policy_model.PasswordComplexityPolicy{},
resourceOwner: "ResourceOwner",
},
res: res{
@@ -357,6 +378,7 @@ func TestRegisterUser(t *testing.T) {
es: GetMockManipulateUser(ctrl),
ctx: auth.NewMockContext("orgID", "userID"),
user: &model.User{ObjectRoot: es_models.ObjectRoot{Sequence: 1}},
policy: &policy_model.PasswordComplexityPolicy{},
resourceOwner: "ResourceOwner",
},
res: res{
@@ -378,6 +400,7 @@ func TestRegisterUser(t *testing.T) {
EmailAddress: "EmailAddress",
},
},
policy: &policy_model.PasswordComplexityPolicy{},
resourceOwner: "ResourceOwner",
},
res: res{
@@ -386,6 +409,27 @@ func TestRegisterUser(t *testing.T) {
},
{
name: "no resourceowner",
args: args{
es: GetMockManipulateUser(ctrl),
ctx: auth.NewMockContext("orgID", "userID"),
user: &model.User{ObjectRoot: es_models.ObjectRoot{Sequence: 1},
Profile: &model.Profile{
UserName: "EmailAddress",
FirstName: "FirstName",
LastName: "LastName",
},
Email: &model.Email{
EmailAddress: "EmailAddress",
},
},
policy: &policy_model.PasswordComplexityPolicy{},
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
{
name: "no policy",
args: args{
es: GetMockManipulateUser(ctrl),
ctx: auth.NewMockContext("orgID", "userID"),
@@ -407,7 +451,7 @@ func TestRegisterUser(t *testing.T) {
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.RegisterUser(tt.args.ctx, tt.args.user, tt.args.resourceOwner)
result, err := tt.args.es.RegisterUser(tt.args.ctx, tt.args.user, tt.args.policy, tt.args.resourceOwner)
if tt.res.errFunc == nil && result.AggregateID == "" {
t.Errorf("result has no id")
@@ -1029,6 +1073,7 @@ func TestSetOneTimePassword(t *testing.T) {
type args struct {
es *UserEventstore
ctx context.Context
policy *policy_model.PasswordComplexityPolicy
password *model.Password
}
type res struct {
@@ -1045,6 +1090,7 @@ func TestSetOneTimePassword(t *testing.T) {
args: args{
es: GetMockManipulateUserWithPasswordCodeGen(ctrl, repo_model.User{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}}),
ctx: auth.NewMockContext("orgID", "userID"),
policy: &policy_model.PasswordComplexityPolicy{},
password: &model.Password{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SecretString: "Password"},
},
res: res{
@@ -1056,6 +1102,7 @@ func TestSetOneTimePassword(t *testing.T) {
args: args{
es: GetMockManipulateUser(ctrl),
ctx: auth.NewMockContext("orgID", "userID"),
policy: &policy_model.PasswordComplexityPolicy{},
password: &model.Password{ObjectRoot: es_models.ObjectRoot{AggregateID: ""}, SecretString: "Password"},
},
res: res{
@@ -1067,6 +1114,7 @@ func TestSetOneTimePassword(t *testing.T) {
args: args{
es: GetMockManipulateUserNoEvents(ctrl),
ctx: auth.NewMockContext("orgID", "userID"),
policy: &policy_model.PasswordComplexityPolicy{},
password: &model.Password{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, SecretString: "Password"},
},
res: res{
@@ -1076,7 +1124,7 @@ func TestSetOneTimePassword(t *testing.T) {
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.SetOneTimePassword(tt.args.ctx, tt.args.password)
result, err := tt.args.es.SetOneTimePassword(tt.args.ctx, tt.args.policy, tt.args.password)
if tt.res.errFunc == nil && result.AggregateID == "" {
t.Errorf("result has no id")
@@ -1226,6 +1274,7 @@ func TestSetPassword(t *testing.T) {
type args struct {
es *UserEventstore
ctx context.Context
policy *policy_model.PasswordComplexityPolicy
userID string
code string
password string
@@ -1253,6 +1302,7 @@ func TestSetPassword(t *testing.T) {
},
),
ctx: auth.NewMockContext("orgID", "userID"),
policy: &policy_model.PasswordComplexityPolicy{},
userID: "userID",
code: "code",
password: "password",
@@ -1264,6 +1314,7 @@ func TestSetPassword(t *testing.T) {
args: args{
es: GetMockManipulateUser(ctrl),
ctx: auth.NewMockContext("orgID", "userID"),
policy: &policy_model.PasswordComplexityPolicy{},
userID: "",
code: "code",
password: "password",
@@ -1277,6 +1328,7 @@ func TestSetPassword(t *testing.T) {
args: args{
es: GetMockManipulateUserNoEvents(ctrl),
ctx: auth.NewMockContext("orgID", "userID"),
policy: &policy_model.PasswordComplexityPolicy{},
userID: "userID",
code: "code",
password: "password",
@@ -1294,6 +1346,7 @@ func TestSetPassword(t *testing.T) {
},
),
ctx: auth.NewMockContext("orgID", "userID"),
policy: &policy_model.PasswordComplexityPolicy{},
userID: "userID",
code: "code",
password: "password",
@@ -1317,6 +1370,7 @@ func TestSetPassword(t *testing.T) {
},
),
ctx: auth.NewMockContext("orgID", "userID"),
policy: &policy_model.PasswordComplexityPolicy{},
userID: "userID",
code: "code",
password: "password",
@@ -1328,7 +1382,7 @@ func TestSetPassword(t *testing.T) {
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
err := tt.args.es.SetPassword(tt.args.ctx, tt.args.userID, tt.args.code, tt.args.password)
err := tt.args.es.SetPassword(tt.args.ctx, tt.args.policy, tt.args.userID, tt.args.code, tt.args.password)
if tt.res.errFunc == nil && err != nil {
t.Errorf("result has error: %v", err)
@@ -1345,6 +1399,7 @@ func TestChangePassword(t *testing.T) {
type args struct {
es *UserEventstore
ctx context.Context
policy *policy_model.PasswordComplexityPolicy
userID string
old string
new string
@@ -1372,6 +1427,7 @@ func TestChangePassword(t *testing.T) {
},
),
ctx: auth.NewMockContext("orgID", "userID"),
policy: &policy_model.PasswordComplexityPolicy{},
userID: "userID",
old: "old",
new: "new",
@@ -1385,6 +1441,7 @@ func TestChangePassword(t *testing.T) {
args: args{
es: GetMockManipulateUser(ctrl),
ctx: auth.NewMockContext("orgID", "userID"),
policy: &policy_model.PasswordComplexityPolicy{},
userID: "",
old: "old",
new: "new",
@@ -1398,6 +1455,7 @@ func TestChangePassword(t *testing.T) {
args: args{
es: GetMockManipulateUserNoEvents(ctrl),
ctx: auth.NewMockContext("orgID", "userID"),
policy: &policy_model.PasswordComplexityPolicy{},
userID: "userID",
old: "old",
new: "new",
@@ -1415,6 +1473,7 @@ func TestChangePassword(t *testing.T) {
},
),
ctx: auth.NewMockContext("orgID", "userID"),
policy: &policy_model.PasswordComplexityPolicy{},
userID: "userID",
old: "old",
new: "new",
@@ -1437,6 +1496,7 @@ func TestChangePassword(t *testing.T) {
},
),
ctx: auth.NewMockContext("orgID", "userID"),
policy: &policy_model.PasswordComplexityPolicy{},
userID: "userID",
old: "old",
new: "new",
@@ -1445,10 +1505,32 @@ func TestChangePassword(t *testing.T) {
errFunc: caos_errs.IsErrorInvalidArgument,
},
},
{
name: "no policy",
args: args{
es: GetMockManipulateUserWithPasswordAndEmailCodeGen(ctrl,
repo_model.User{
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"},
Password: &repo_model.Password{Secret: &crypto.CryptoValue{
CryptoType: crypto.TypeHash,
Algorithm: "hash",
Crypted: []byte("old"),
}},
},
),
ctx: auth.NewMockContext("orgID", "userID"),
userID: "userID",
old: "old",
new: "new",
},
res: res{
errFunc: caos_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
result, err := tt.args.es.ChangePassword(tt.args.ctx, tt.args.userID, tt.args.old, tt.args.new)
result, err := tt.args.es.ChangePassword(tt.args.ctx, tt.args.policy, tt.args.userID, tt.args.old, tt.args.new)
if tt.res.errFunc == nil && result.AggregateID == "" {
t.Errorf("result has no id")