TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-12-06 19:36:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: AddUsername and RemoveUsername endpoints

Browse Source
This commit is contained in:
Stefan Benz
2024-09-23 17:32:24 +02:00
parent ad972d888d
commit aa13e451e3
8 changed files with 1096 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

559
internal/api/grpc/resources/user/v3alpha/integration_test/username_test.go Normal file
View File

@@ -0,0 +1,559 @@
//go:build integration
package user_test
import (
"context"
"testing"
"github.com/brianvoe/gofakeit/v6"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"google.golang.org/protobuf/types/known/timestamppb"
"github.com/zitadel/zitadel/internal/integration"
object "github.com/zitadel/zitadel/pkg/grpc/object/v3alpha"
resource_object "github.com/zitadel/zitadel/pkg/grpc/resources/object/v3alpha"
user "github.com/zitadel/zitadel/pkg/grpc/resources/user/v3alpha"
)
func TestServer_AddUsername(t *testing.T) {
t.Parallel()
instance := integration.NewInstance(CTX)
ensureFeatureEnabled(t, instance)
isolatedIAMOwnerCTX := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
schema := []byte(`{
"$schema": "urn:zitadel:schema:v1",
"type": "object",
"properties": {
"name": {
"type": "string"
}
}
}`)
schemaResp := instance.CreateUserSchema(isolatedIAMOwnerCTX, schema)
orgResp := instance.CreateOrganization(isolatedIAMOwnerCTX, gofakeit.Name(), gofakeit.Email())
type res struct {
want *resource_object.Details
}
tests := []struct {
name string
ctx context.Context
dep func(req *user.AddUsernameRequest) error
req *user.AddUsernameRequest
res res
wantErr bool
}{
{
name: "username add, no context",
ctx: context.Background(),
dep: func(req *user.AddUsernameRequest) error {
userResp := instance.CreateSchemaUser(isolatedIAMOwnerCTX, orgResp.GetOrganizationId(), schemaResp.GetDetails().GetId(), []byte("{\"name\": \"user\"}"))
req.Id = userResp.GetDetails().GetId()
return nil
},
req: &user.AddUsernameRequest{
Organization: &object.Organization{
Property: &object.Organization_OrgId{
OrgId: orgResp.GetOrganizationId(),
},
},
Username: &user.SetUsername{
Username: gofakeit.Username(),
IsOrganizationSpecific: false,
},
},
wantErr: true,
},
{
name: "username add, no permission",
ctx: instance.WithAuthorization(CTX, integration.UserTypeLogin),
dep: func(req *user.AddUsernameRequest) error {
userResp := instance.CreateSchemaUser(isolatedIAMOwnerCTX, orgResp.GetOrganizationId(), schemaResp.GetDetails().GetId(), []byte("{\"name\": \"user\"}"))
req.Id = userResp.GetDetails().GetId()
return nil
},
req: &user.AddUsernameRequest{
Organization: &object.Organization{
Property: &object.Organization_OrgId{
OrgId: orgResp.GetOrganizationId(),
},
},
Username: &user.SetUsername{
Username: gofakeit.Username(),
IsOrganizationSpecific: false,
},
},
wantErr: true,
},
{
name: "username add, username empty",
ctx: instance.WithAuthorization(CTX, integration.UserTypeLogin),
dep: func(req *user.AddUsernameRequest) error {
userResp := instance.CreateSchemaUser(isolatedIAMOwnerCTX, orgResp.GetOrganizationId(), schemaResp.GetDetails().GetId(), []byte("{\"name\": \"user\"}"))
req.Id = userResp.GetDetails().GetId()
return nil
},
req: &user.AddUsernameRequest{
Organization: &object.Organization{
Property: &object.Organization_OrgId{
OrgId: orgResp.GetOrganizationId(),
},
},
Username: &user.SetUsername{
Username: "",
IsOrganizationSpecific: false,
},
},
wantErr: true,
},
{
name: "username add, user not existing in org",
ctx: isolatedIAMOwnerCTX,
dep: func(req *user.AddUsernameRequest) error {
userResp := instance.CreateSchemaUser(isolatedIAMOwnerCTX, orgResp.GetOrganizationId(), schemaResp.GetDetails().GetId(), []byte("{\"name\": \"user\"}"))
req.Id = userResp.GetDetails().GetId()
return nil
},
req: &user.AddUsernameRequest{
Organization: &object.Organization{
Property: &object.Organization_OrgId{
OrgId: "notexisting",
},
},
Username: &user.SetUsername{
Username: gofakeit.Username(),
IsOrganizationSpecific: false,
},
},
wantErr: true,
},
{
name: "username add, user not existing",
ctx: isolatedIAMOwnerCTX,
req: &user.AddUsernameRequest{
Organization: &object.Organization{
Property: &object.Organization_OrgId{
OrgId: orgResp.GetOrganizationId(),
},
},
Id: "notexisting",
Username: &user.SetUsername{
Username: gofakeit.Username(),
IsOrganizationSpecific: false,
},
},
wantErr: true,
},
{
name: "username add, ok",
ctx: isolatedIAMOwnerCTX,
dep: func(req *user.AddUsernameRequest) error {
userResp := instance.CreateSchemaUser(isolatedIAMOwnerCTX, orgResp.GetOrganizationId(), schemaResp.GetDetails().GetId(), []byte("{\"name\": \"user\"}"))
req.Id = userResp.GetDetails().GetId()
return nil
},
req: &user.AddUsernameRequest{
Organization: &object.Organization{
Property: &object.Organization_OrgId{
OrgId: orgResp.GetOrganizationId(),
},
},
Username: &user.SetUsername{
Username: gofakeit.Username(),
IsOrganizationSpecific: false,
},
},
res: res{
want: &resource_object.Details{
Changed: timestamppb.Now(),
Owner: &object.Owner{
Type: object.OwnerType_OWNER_TYPE_ORG,
Id: orgResp.GetOrganizationId(),
},
},
},
},
{
name: "username add, no org, ok",
ctx: isolatedIAMOwnerCTX,
dep: func(req *user.AddUsernameRequest) error {
userResp := instance.CreateSchemaUser(isolatedIAMOwnerCTX, orgResp.GetOrganizationId(), schemaResp.GetDetails().GetId(), []byte("{\"name\": \"user\"}"))
req.Id = userResp.GetDetails().GetId()
return nil
},
req: &user.AddUsernameRequest{
Username: &user.SetUsername{
Username: gofakeit.Username(),
IsOrganizationSpecific: false,
},
},
res: res{
want: &resource_object.Details{
Changed: timestamppb.Now(),
Owner: &object.Owner{
Type: object.OwnerType_OWNER_TYPE_ORG,
Id: orgResp.GetOrganizationId(),
},
},
},
},
{
name: "username add, already existing",
ctx: isolatedIAMOwnerCTX,
dep: func(req *user.AddUsernameRequest) error {
userResp := instance.CreateSchemaUser(isolatedIAMOwnerCTX, orgResp.GetOrganizationId(), schemaResp.GetDetails().GetId(), []byte("{\"name\": \"user\"}"))
req.Id = userResp.GetDetails().GetId()
username := gofakeit.Username()
instance.AddAuthenticatorUsername(isolatedIAMOwnerCTX, orgResp.GetOrganizationId(), req.Id, username, false)
req.Username.Username = username
return nil
},
req: &user.AddUsernameRequest{
Organization: &object.Organization{
Property: &object.Organization_OrgId{
OrgId: orgResp.GetOrganizationId(),
},
},
Username: &user.SetUsername{
IsOrganizationSpecific: false,
},
},
wantErr: true,
},
{
name: "username add, isOrgSpecific, ok",
ctx: isolatedIAMOwnerCTX,
dep: func(req *user.AddUsernameRequest) error {
userResp := instance.CreateSchemaUser(isolatedIAMOwnerCTX, orgResp.GetOrganizationId(), schemaResp.GetDetails().GetId(), []byte("{\"name\": \"user\"}"))
req.Id = userResp.GetDetails().GetId()
return nil
},
req: &user.AddUsernameRequest{
Organization: &object.Organization{
Property: &object.Organization_OrgId{
OrgId: orgResp.GetOrganizationId(),
},
},
Username: &user.SetUsername{
Username: gofakeit.Username(),
IsOrganizationSpecific: true,
},
},
res: res{
want: &resource_object.Details{
Changed: timestamppb.Now(),
Owner: &object.Owner{
Type: object.OwnerType_OWNER_TYPE_ORG,
Id: orgResp.GetOrganizationId(),
},
},
},
},
{
name: "username add, already existing",
ctx: isolatedIAMOwnerCTX,
dep: func(req *user.AddUsernameRequest) error {
userResp := instance.CreateSchemaUser(isolatedIAMOwnerCTX, orgResp.GetOrganizationId(), schemaResp.GetDetails().GetId(), []byte("{\"name\": \"user\"}"))
req.Id = userResp.GetDetails().GetId()
username := gofakeit.Username()
instance.AddAuthenticatorUsername(isolatedIAMOwnerCTX, orgResp.GetOrganizationId(), req.Id, username, false)
req.Username.Username = username
return nil
},
req: &user.AddUsernameRequest{
Organization: &object.Organization{
Property: &object.Organization_OrgId{
OrgId: orgResp.GetOrganizationId(),
},
},
Username: &user.SetUsername{
IsOrganizationSpecific: false,
},
},
wantErr: true,
},
{
name: "username add, isOrgSpecific, already existing",
ctx: isolatedIAMOwnerCTX,
dep: func(req *user.AddUsernameRequest) error {
userResp := instance.CreateSchemaUser(isolatedIAMOwnerCTX, orgResp.GetOrganizationId(), schemaResp.GetDetails().GetId(), []byte("{\"name\": \"user\"}"))
req.Id = userResp.GetDetails().GetId()
username := gofakeit.Username()
instance.AddAuthenticatorUsername(isolatedIAMOwnerCTX, orgResp.GetOrganizationId(), req.Id, username, true)
req.Username.Username = username
return nil
},
req: &user.AddUsernameRequest{
Organization: &object.Organization{
Property: &object.Organization_OrgId{
OrgId: orgResp.GetOrganizationId(),
},
},
Username: &user.SetUsername{
IsOrganizationSpecific: true,
},
},
wantErr: true,
},
{
name: "username add, isOrgSpecific existing, ok",
ctx: isolatedIAMOwnerCTX,
dep: func(req *user.AddUsernameRequest) error {
userResp := instance.CreateSchemaUser(isolatedIAMOwnerCTX, orgResp.GetOrganizationId(), schemaResp.GetDetails().GetId(), []byte("{\"name\": \"user\"}"))
req.Id = userResp.GetDetails().GetId()
username := gofakeit.Username()
instance.AddAuthenticatorUsername(isolatedIAMOwnerCTX, orgResp.GetOrganizationId(), req.Id, username, true)
req.Username.Username = username
return nil
},
req: &user.AddUsernameRequest{
Organization: &object.Organization{
Property: &object.Organization_OrgId{
OrgId: orgResp.GetOrganizationId(),
},
},
Username: &user.SetUsername{
IsOrganizationSpecific: false,
},
},
res: res{
want: &resource_object.Details{
Changed: timestamppb.Now(),
Owner: &object.Owner{
Type: object.OwnerType_OWNER_TYPE_ORG,
Id: orgResp.GetOrganizationId(),
},
},
},
},
{
name: "username add, existing, isOrgSpecific ok",
ctx: isolatedIAMOwnerCTX,
dep: func(req *user.AddUsernameRequest) error {
userResp := instance.CreateSchemaUser(isolatedIAMOwnerCTX, orgResp.GetOrganizationId(), schemaResp.GetDetails().GetId(), []byte("{\"name\": \"user\"}"))
req.Id = userResp.GetDetails().GetId()
username := gofakeit.Username()
instance.AddAuthenticatorUsername(isolatedIAMOwnerCTX, orgResp.GetOrganizationId(), req.Id, username, false)
req.Username.Username = username
return nil
},
req: &user.AddUsernameRequest{
Organization: &object.Organization{
Property: &object.Organization_OrgId{
OrgId: orgResp.GetOrganizationId(),
},
},
Username: &user.SetUsername{
IsOrganizationSpecific: true,
},
},
res: res{
want: &resource_object.Details{
Changed: timestamppb.Now(),
Owner: &object.Owner{
Type: object.OwnerType_OWNER_TYPE_ORG,
Id: orgResp.GetOrganizationId(),
},
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.dep != nil {
err := tt.dep(tt.req)
assert.NoError(t, err)
}
got, err := instance.Client.UserV3Alpha.AddUsername(tt.ctx, tt.req)
if tt.wantErr {
require.Error(t, err)
return
}
require.NoError(t, err)
integration.AssertResourceDetails(t, tt.res.want, got.Details)
})
}
}
func TestServer_DeleteUsername(t *testing.T) {
t.Parallel()
instance := integration.NewInstance(CTX)
ensureFeatureEnabled(t, instance)
isolatedIAMOwnerCTX := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner)
schema := []byte(`{
"$schema": "urn:zitadel:schema:v1",
"type": "object",
"properties": {
"name": {
"type": "string"
}
}
}`)
schemaResp := instance.CreateUserSchema(isolatedIAMOwnerCTX, schema)
orgResp := instance.CreateOrganization(isolatedIAMOwnerCTX, gofakeit.Name(), gofakeit.Email())
type res struct {
want *resource_object.Details
}
tests := []struct {
name string
ctx context.Context
dep func(req *user.RemoveUsernameRequest) error
req *user.RemoveUsernameRequest
res res
wantErr bool
}{
{
name: "username delete, no context",
ctx: context.Background(),
dep: func(req *user.RemoveUsernameRequest) error {
userResp := instance.CreateSchemaUser(isolatedIAMOwnerCTX, orgResp.GetOrganizationId(), schemaResp.GetDetails().GetId(), []byte("{\"name\": \"user\"}"))
usernameResp := instance.AddAuthenticatorUsername(isolatedIAMOwnerCTX, orgResp.GetOrganizationId(), userResp.GetDetails().GetId(), gofakeit.Username(), false)
req.Id = usernameResp.GetUsernameId()
return nil
},
req: &user.RemoveUsernameRequest{
Organization: &object.Organization{
Property: &object.Organization_OrgId{
OrgId: orgResp.GetOrganizationId(),
},
},
},
wantErr: true,
},
{
name: "username delete, no permission",
ctx: instance.WithAuthorization(CTX, integration.UserTypeLogin),
dep: func(req *user.RemoveUsernameRequest) error {
userResp := instance.CreateSchemaUser(isolatedIAMOwnerCTX, orgResp.GetOrganizationId(), schemaResp.GetDetails().GetId(), []byte("{\"name\": \"user\"}"))
usernameResp := instance.AddAuthenticatorUsername(isolatedIAMOwnerCTX, orgResp.GetOrganizationId(), userResp.GetDetails().GetId(), gofakeit.Username(), false)
req.Id = usernameResp.GetUsernameId()
return nil
},
req: &user.RemoveUsernameRequest{
Organization: &object.Organization{
Property: &object.Organization_OrgId{
OrgId: orgResp.GetOrganizationId(),
},
},
},
wantErr: true,
},
{
name: "username remove, id empty",
ctx: instance.WithAuthorization(CTX, integration.UserTypeLogin),
req: &user.RemoveUsernameRequest{
Organization: &object.Organization{
Property: &object.Organization_OrgId{
OrgId: orgResp.GetOrganizationId(),
},
},
},
wantErr: true,
},
{
name: "username remove, not existing",
ctx: isolatedIAMOwnerCTX,
req: &user.RemoveUsernameRequest{
Organization: &object.Organization{
Property: &object.Organization_OrgId{
OrgId: orgResp.GetOrganizationId(),
},
},
Id: "notexisting",
},
wantErr: true,
},
{
name: "username remove, ok",
ctx: isolatedIAMOwnerCTX,
dep: func(req *user.RemoveUsernameRequest) error {
userResp := instance.CreateSchemaUser(isolatedIAMOwnerCTX, orgResp.GetOrganizationId(), schemaResp.GetDetails().GetId(), []byte("{\"name\": \"user\"}"))
usernameResp := instance.AddAuthenticatorUsername(isolatedIAMOwnerCTX, orgResp.GetOrganizationId(), userResp.GetDetails().GetId(), gofakeit.Username(), false)
req.Id = usernameResp.GetUsernameId()
return nil
},
req: &user.RemoveUsernameRequest{
Organization: &object.Organization{
Property: &object.Organization_OrgId{
OrgId: orgResp.GetOrganizationId(),
},
},
},
res: res{
want: &resource_object.Details{
Changed: timestamppb.Now(),
Owner: &object.Owner{
Type: object.OwnerType_OWNER_TYPE_ORG,
Id: orgResp.GetOrganizationId(),
},
},
},
},
{
name: "username remove, already removed",
ctx: isolatedIAMOwnerCTX,
dep: func(req *user.RemoveUsernameRequest) error {
userResp := instance.CreateSchemaUser(isolatedIAMOwnerCTX, orgResp.GetOrganizationId(), schemaResp.GetDetails().GetId(), []byte("{\"name\": \"user\"}"))
req.Id = userResp.GetDetails().GetId()
resp := instance.AddAuthenticatorUsername(isolatedIAMOwnerCTX, orgResp.GetOrganizationId(), req.Id, gofakeit.Username(), false)
req.Id = resp.GetUsernameId()
instance.RemoveAuthenticatorUsername(isolatedIAMOwnerCTX, orgResp.GetOrganizationId(), resp.GetUsernameId())
return nil
},
req: &user.RemoveUsernameRequest{
Organization: &object.Organization{
Property: &object.Organization_OrgId{
OrgId: orgResp.GetOrganizationId(),
},
},
},
wantErr: true,
},
{
name: "username remove, isOrgSpecific, ok",
ctx: isolatedIAMOwnerCTX,
dep: func(req *user.RemoveUsernameRequest) error {
userResp := instance.CreateSchemaUser(isolatedIAMOwnerCTX, orgResp.GetOrganizationId(), schemaResp.GetDetails().GetId(), []byte("{\"name\": \"user\"}"))
usernameResp := instance.AddAuthenticatorUsername(isolatedIAMOwnerCTX, orgResp.GetOrganizationId(), userResp.GetDetails().GetId(), gofakeit.Username(), true)
req.Id = usernameResp.GetUsernameId()
return nil
},
req: &user.RemoveUsernameRequest{
Organization: &object.Organization{
Property: &object.Organization_OrgId{
OrgId: orgResp.GetOrganizationId(),
},
},
},
res: res{
want: &resource_object.Details{
Changed: timestamppb.Now(),
Owner: &object.Owner{
Type: object.OwnerType_OWNER_TYPE_ORG,
Id: orgResp.GetOrganizationId(),
},
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
if tt.dep != nil {
err := tt.dep(tt.req)
assert.NoError(t, err)
}
got, err := instance.Client.UserV3Alpha.RemoveUsername(tt.ctx, tt.req)
if tt.wantErr {
require.Error(t, err)
return
}
require.NoError(t, err)
integration.AssertResourceDetails(t, tt.res.want, got.Details)
})
}
}

46
internal/api/grpc/resources/user/v3alpha/username.go Normal file
View File

@@ -0,0 +1,46 @@
package user
import (
"context"
resource_object "github.com/zitadel/zitadel/internal/api/grpc/resources/object/v3alpha"
"github.com/zitadel/zitadel/internal/command"
object "github.com/zitadel/zitadel/pkg/grpc/object/v3alpha"
user "github.com/zitadel/zitadel/pkg/grpc/resources/user/v3alpha"
)
func (s *Server) AddUsername(ctx context.Context, req *user.AddUsernameRequest) (_ *user.AddUsernameResponse, err error) {
if err := checkUserSchemaEnabled(ctx); err != nil {
return nil, err
}
details, err := s.command.AddUsername(ctx, addUsernameRequestToAddUsername(req))
if err != nil {
return nil, err
}
return &user.AddUsernameResponse{
Details: resource_object.DomainToDetailsPb(details, object.OwnerType_OWNER_TYPE_ORG, details.ResourceOwner),
UsernameId: details.ID,
}, nil
}
func addUsernameRequestToAddUsername(req *user.AddUsernameRequest) *command.AddUsername {
return &command.AddUsername{
ResourceOwner: organizationToUpdateResourceOwner(req.Organization),
UserID: req.GetId(),
Username: req.GetUsername().GetUsername(),
IsOrgSpecific: req.GetUsername().GetIsOrganizationSpecific(),
}
}
func (s *Server) DeleteUsername(ctx context.Context, req *user.RemoveUsernameRequest) (_ *user.RemoveUsernameResponse, err error) {
if err := checkUserSchemaEnabled(ctx); err != nil {
return nil, err
}
details, err := s.command.DeleteUsername(ctx, organizationToUpdateResourceOwner(req.Organization), req.GetId())
if err != nil {
return nil, err
}
return &user.RemoveUsernameResponse{
Details: resource_object.DomainToDetailsPb(details, object.OwnerType_OWNER_TYPE_ORG, details.ResourceOwner),
}, nil
}