TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-12-07 04:42:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: AddUsername and RemoveUsername endpoints

Browse Source
This commit is contained in:
Stefan Benz
2024-09-23 17:32:24 +02:00
parent ad972d888d
commit aa13e451e3
8 changed files with 1096 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
internal/command/converter.go
View File

@@ -19,5 +19,6 @@ func pushedEventsToObjectDetails(events []eventstore.Event) *domain.ObjectDetail
Sequence: events[len(events)-1].Sequence(),
EventDate: events[len(events)-1].CreatedAt(),
ResourceOwner: events[len(events)-1].Aggregate().ResourceOwner,
ID: events[len(events)-1].Aggregate().ID,
}
}

47
internal/command/user_v3_username.go
View File

@@ -9,8 +9,6 @@ import (
)
type AddUsername struct {
Details *domain.ObjectDetails
ResourceOwner string
UserID string
@@ -18,14 +16,14 @@ type AddUsername struct {
IsOrgSpecific bool
}
func (c *Commands) AddUsername(ctx context.Context, username *AddUsername) (err error) {
func (c *Commands) AddUsername(ctx context.Context, username *AddUsername) (*domain.ObjectDetails, error) {
existing, err := existingSchemaUserWithPermission(ctx, c, username.ResourceOwner, username.UserID)
if err != nil {
return err
return nil, err
}
id, err := c.idGenerator.Next()
if err != nil {
return err
return nil, err
}
events, err := c.eventstore.Push(ctx,
authenticator.NewUsernameCreatedEvent(ctx,
@@ -36,20 +34,16 @@ func (c *Commands) AddUsername(ctx context.Context, username *AddUsername) (err
),
)
if err != nil {
return err
return nil, err
}
username.Details = pushedEventsToObjectDetails(events)
return nil
return pushedEventsToObjectDetails(events), nil
}
func (c *Commands) DeleteUsername(ctx context.Context, resourceOwner, id string) (_ *domain.ObjectDetails, err error) {
existing, err := c.getSchemaUsernameExists(ctx, resourceOwner, id)
existing, err := c.getSchemaUsernameExistsWithPermission(ctx, resourceOwner, id)
if err != nil {
return nil, err
}
if existing.Username == "" {
return nil, zerrors.ThrowNotFound(nil, "TODO", "TODO")
}
events, err := c.eventstore.Push(ctx,
authenticator.NewUsernameDeletedEvent(ctx,
&authenticator.NewAggregate(id, existing.ResourceOwner).Aggregate,
@@ -63,11 +57,21 @@ func (c *Commands) DeleteUsername(ctx context.Context, resourceOwner, id string)
return pushedEventsToObjectDetails(events), nil
}
func (c *Commands) getSchemaUsernameExists(ctx context.Context, resourceOwner, id string) (*UsernameV3WriteModel, error) {
func (c *Commands) getSchemaUsernameExistsWithPermission(ctx context.Context, resourceOwner, id string) (*UsernameV3WriteModel, error) {
if id == "" {
return nil, zerrors.ThrowInvalidArgument(nil, "COMMAND-PoSU5BOZCi", "Errors.IDMissing")
}
writeModel := NewUsernameV3WriteModel(resourceOwner, id)
if err := c.eventstore.FilterToQueryReducer(ctx, writeModel); err != nil {
return nil, err
}
if writeModel.Username == "" {
return nil, zerrors.ThrowNotFound(nil, "TODO", "TODO")
}
if err := c.checkPermissionUpdateUser(ctx, writeModel.ResourceOwner, writeModel.UserID); err != nil {
return nil, err
}
return writeModel, nil
}
@@ -83,15 +87,18 @@ func existingSchemaUserWithPermission(ctx context.Context, c *Commands, resource
return nil, zerrors.ThrowNotFound(nil, "COMMAND-6T2xrOHxTx", "Errors.User.NotFound")
}
_, err = c.getSchemaWriteModelByID(ctx, "", existingUser.SchemaID)
if err != nil {
return nil, err
}
if !existingUser.Exists() {
return nil, zerrors.ThrowNotFound(nil, "COMMAND-6T2xrOHxTx", "Errors.User.NotFound")
}
if err := c.checkPermissionUpdateUser(ctx, existingUser.ResourceOwner, existingUser.AggregateID); err != nil {
return nil, err
}
existingSchema, err := c.getSchemaWriteModelByID(ctx, "", existingUser.SchemaID)
if err != nil {
return nil, err
}
if !existingSchema.Exists() {
return nil, zerrors.ThrowNotFound(nil, "COMMAND-6T2xrOHxTx", "TODO")
}
//TODO possible authenticators check
return existingUser, nil
}

3
internal/command/user_v3_username_model.go
View File

@@ -8,6 +8,7 @@ import (
type UsernameV3WriteModel struct {
eventstore.WriteModel
UserID string
Username string
IsOrgSpecific bool
}
@@ -25,9 +26,11 @@ func (wm *UsernameV3WriteModel) Reduce() error {
for _, event := range wm.Events {
switch e := event.(type) {
case *authenticator.UsernameCreatedEvent:
wm.UserID = e.UserID
wm.Username = e.Username
wm.IsOrgSpecific = e.IsOrgSpecific
case *authenticator.UsernameDeletedEvent:
wm.UserID = ""
wm.Username = ""
wm.IsOrgSpecific = false
}

438
internal/command/user_v3_username_test.go Normal file
View File

@@ -0,0 +1,438 @@
package command
import (
"context"
"encoding/json"
"errors"
"testing"
"github.com/stretchr/testify/assert"
"github.com/zitadel/zitadel/internal/api/authz"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/eventstore"
"github.com/zitadel/zitadel/internal/id"
"github.com/zitadel/zitadel/internal/id/mock"
"github.com/zitadel/zitadel/internal/repository/user/authenticator"
"github.com/zitadel/zitadel/internal/repository/user/schema"
"github.com/zitadel/zitadel/internal/repository/user/schemauser"
"github.com/zitadel/zitadel/internal/zerrors"
)
func filterSchemaUserExisting() expect {
return expectFilter(
eventFromEventPusher(
schemauser.NewCreatedEvent(
context.Background(),
&schemauser.NewAggregate("user1", "org1").Aggregate,
"id1",
1,
json.RawMessage(`{
"name": "user1"
}`),
),
),
)
}
func filterSchemaExisting() expect {
return expectFilter(
eventFromEventPusher(
schema.NewCreatedEvent(
context.Background(),
&schema.NewAggregate("id1", "instanceID").Aggregate,
"type",
json.RawMessage(`{
"$schema": "urn:zitadel:schema:v1",
"type": "object",
"properties": {
"name": {
"type": "string"
}
}
}`),
[]domain.AuthenticatorType{domain.AuthenticatorTypeUsername},
),
),
)
}
func filterUsernameExisting(isOrgSpecifc bool) expect {
return expectFilter(
eventFromEventPusher(
authenticator.NewUsernameCreatedEvent(
context.Background(),
&authenticator.NewAggregate("username1", "org1").Aggregate,
"id1",
isOrgSpecifc,
"username",
),
),
)
}
func TestCommands_AddUsername(t *testing.T) {
type fields struct {
eventstore func(t *testing.T) *eventstore.Eventstore
idGenerator id.Generator
checkPermission domain.PermissionCheck
}
type args struct {
ctx context.Context
user *AddUsername
}
type res struct {
details *domain.ObjectDetails
err func(error) bool
}
tests := []struct {
name string
fields fields
args args
res res
}{
{
"no userID, error",
fields{
eventstore: expectEventstore(),
checkPermission: newMockPermissionCheckAllowed(),
},
args{
ctx: authz.NewMockContext("instanceID", "", ""),
user: &AddUsername{},
},
res{
err: func(err error) bool {
return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "COMMAND-aS3Vz5t6BS", "Errors.IDMissing"))
},
},
},
{
"user not existing, error",
fields{
eventstore: expectEventstore(
expectFilter(),
),
checkPermission: newMockPermissionCheckAllowed(),
},
args{
ctx: authz.NewMockContext("instanceID", "", ""),
user: &AddUsername{
UserID: "notexisting",
},
},
res{
err: func(err error) bool {
return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-6T2xrOHxTx", "Errors.User.NotFound"))
},
},
},
{
"no permission, error",
fields{
eventstore: expectEventstore(
filterSchemaUserExisting(),
),
checkPermission: newMockPermissionCheckNotAllowed(),
},
args{
ctx: authz.NewMockContext("instanceID", "", ""),
user: &AddUsername{
UserID: "user1",
},
},
res{
err: func(err error) bool {
return errors.Is(err, zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"))
},
},
},
{
"userschema not existing, error",
fields{
eventstore: expectEventstore(
filterSchemaUserExisting(),
expectFilter(),
),
checkPermission: newMockPermissionCheckAllowed(),
},
args{
ctx: authz.NewMockContext("instanceID", "", ""),
user: &AddUsername{
UserID: "user1",
},
},
res{
err: func(err error) bool {
return errors.Is(err, zerrors.ThrowNotFound(nil, "COMMAND-6T2xrOHxTx", "TODO"))
},
},
},
{
"username added, ok",
fields{
eventstore: expectEventstore(
filterSchemaUserExisting(),
filterSchemaExisting(),
expectPush(
authenticator.NewUsernameCreatedEvent(
context.Background(),
&authenticator.NewAggregate("username1", "org1").Aggregate,
"user1",
false,
"username",
),
),
),
checkPermission: newMockPermissionCheckAllowed(),
idGenerator: mock.ExpectID(t, "username1"),
},
args{
ctx: authz.NewMockContext("instanceID", "", ""),
user: &AddUsername{
UserID: "user1",
Username: "username",
IsOrgSpecific: false,
},
},
res{
details: &domain.ObjectDetails{
ResourceOwner: "org1",
},
},
},
{
"username added, isOrgSpecific, ok",
fields{
eventstore: expectEventstore(
filterSchemaUserExisting(),
filterSchemaExisting(),
expectPush(
authenticator.NewUsernameCreatedEvent(
context.Background(),
&authenticator.NewAggregate("username1", "org1").Aggregate,
"user1",
true,
"username",
),
),
),
checkPermission: newMockPermissionCheckAllowed(),
idGenerator: mock.ExpectID(t, "username1"),
},
args{
ctx: authz.NewMockContext("instanceID", "", ""),
user: &AddUsername{
UserID: "user1",
Username: "username",
IsOrgSpecific: true,
},
},
res{
details: &domain.ObjectDetails{
ResourceOwner: "org1",
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
c := &Commands{
eventstore: tt.fields.eventstore(t),
idGenerator: tt.fields.idGenerator,
checkPermission: tt.fields.checkPermission,
}
details, err := c.AddUsername(tt.args.ctx, tt.args.user)
if tt.res.err == nil {
assert.NoError(t, err)
}
if tt.res.err != nil && !tt.res.err(err) {
t.Errorf("got wrong err: %v ", err)
}
if tt.res.err == nil {
assertObjectDetails(t, tt.res.details, details)
}
})
}
}
func TestCommands_DeleteUsername(t *testing.T) {
type fields struct {
eventstore func(t *testing.T) *eventstore.Eventstore
checkPermission domain.PermissionCheck
}
type args struct {
ctx context.Context
resourceOwner string
id string
}
type res struct {
details *domain.ObjectDetails
err func(error) bool
}
tests := []struct {
name string
fields fields
args args
res res
}{
{
"no ID, error",
fields{
eventstore: expectEventstore(),
checkPermission: newMockPermissionCheckAllowed(),
},
args{
ctx: authz.NewMockContext("instanceID", "", ""),
id: "",
},
res{
err: func(err error) bool {
return errors.Is(err, zerrors.ThrowInvalidArgument(nil, "COMMAND-PoSU5BOZCi", "Errors.IDMissing"))
},
},
},
{
"username not existing, error",
fields{
eventstore: expectEventstore(
expectFilter(),
),
checkPermission: newMockPermissionCheckAllowed(),
},
args{
ctx: authz.NewMockContext("instanceID", "", ""),
id: "notexisting",
},
res{
err: func(err error) bool {
return errors.Is(err, zerrors.ThrowNotFound(nil, "TODO", "TODO"))
},
},
},
{
"username already removed, error",
fields{
eventstore: expectEventstore(
expectFilter(
eventFromEventPusher(
authenticator.NewUsernameCreatedEvent(
context.Background(),
&authenticator.NewAggregate("username1", "org1").Aggregate,
"id1",
true,
"username",
),
),
eventFromEventPusher(
authenticator.NewUsernameDeletedEvent(
context.Background(),
&authenticator.NewAggregate("username1", "org1").Aggregate,
true,
"username",
),
),
),
),
checkPermission: newMockPermissionCheckAllowed(),
},
args{
ctx: authz.NewMockContext("instanceID", "", ""),
id: "notexisting",
},
res{
err: func(err error) bool {
return errors.Is(err, zerrors.ThrowNotFound(nil, "TODO", "TODO"))
},
},
},
{
"no permission, error",
fields{
eventstore: expectEventstore(
filterUsernameExisting(false),
),
checkPermission: newMockPermissionCheckNotAllowed(),
},
args{
ctx: authz.NewMockContext("instanceID", "", ""),
id: "username1",
},
res{
err: func(err error) bool {
return errors.Is(err, zerrors.ThrowPermissionDenied(nil, "AUTHZ-HKJD33", "Errors.PermissionDenied"))
},
},
},
{
"username removed, ok",
fields{
eventstore: expectEventstore(
filterUsernameExisting(false),
expectPush(
authenticator.NewUsernameDeletedEvent(
context.Background(),
&authenticator.NewAggregate("username1", "org1").Aggregate,
false,
"username",
),
),
),
checkPermission: newMockPermissionCheckAllowed(),
},
args{
ctx: authz.NewMockContext("instanceID", "", ""),
id: "username1",
},
res{
details: &domain.ObjectDetails{
ResourceOwner: "org1",
},
},
},
{
"username added, isOrgSpecific, ok",
fields{
eventstore: expectEventstore(
filterUsernameExisting(true),
expectPush(
authenticator.NewUsernameDeletedEvent(
context.Background(),
&authenticator.NewAggregate("username1", "org1").Aggregate,
true,
"username",
),
),
),
checkPermission: newMockPermissionCheckAllowed(),
},
args{
ctx: authz.NewMockContext("instanceID", "", ""),
id: "username1",
},
res{
details: &domain.ObjectDetails{
ResourceOwner: "org1",
},
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
c := &Commands{
eventstore: tt.fields.eventstore(t),
checkPermission: tt.fields.checkPermission,
}
details, err := c.DeleteUsername(tt.args.ctx, tt.args.resourceOwner, tt.args.id)
if tt.res.err == nil {
assert.NoError(t, err)
}
if tt.res.err != nil && !tt.res.err(err) {
t.Errorf("got wrong err: %v ", err)
}
if tt.res.err == nil {
assertObjectDetails(t, tt.res.details, details)
}
})
}
}