From ad3563d58b022d86d6d660d0d901876167c8683f Mon Sep 17 00:00:00 2001
From: Livio Spring <livio.a@gmail.com>
Date: Tue, 21 Nov 2023 11:05:22 +0200
Subject: [PATCH] fix: handle project deactivate and remove correctly on tokens
 (#6947)

---
 .../repository/eventsourcing/handler/token.go |  2 +-
 .../repository/eventsourcing/model/project.go |  2 +-
 .../eventsourcing/model/project_test.go       | 48 +++++++++++++++++++
 3 files changed, 50 insertions(+), 2 deletions(-)

diff --git a/internal/auth/repository/eventsourcing/handler/token.go b/internal/auth/repository/eventsourcing/handler/token.go
index 04cc19f50f..03827aa44b 100644
--- a/internal/auth/repository/eventsourcing/handler/token.go
+++ b/internal/auth/repository/eventsourcing/handler/token.go
@@ -219,7 +219,7 @@ func (t *Token) Reduce(event eventstore.Event) (_ *handler.Statement, err error)
 			}
 			applicationIDs := make([]string, 0, len(project.Applications))
 			for _, app := range project.Applications {
-				if app.OIDCConfig != nil {
+				if app.OIDCConfig != nil && app.OIDCConfig.ClientID != "" {
 					applicationIDs = append(applicationIDs, app.OIDCConfig.ClientID)
 				}
 			}
diff --git a/internal/project/repository/eventsourcing/model/project.go b/internal/project/repository/eventsourcing/model/project.go
index 0328500983..794ca6aa46 100644
--- a/internal/project/repository/eventsourcing/model/project.go
+++ b/internal/project/repository/eventsourcing/model/project.go
@@ -99,7 +99,7 @@ func (p *Project) appendRemovedEvent() error {
 
 func (p *Project) appendOIDCConfig(event eventstore.Event) error {
 	appEvent := new(oidcApp)
-	if err := event.Unmarshal(p); err != nil {
+	if err := event.Unmarshal(appEvent); err != nil {
 		return err
 	}
 	p.OIDCApplications = append(p.OIDCApplications, appEvent)
diff --git a/internal/project/repository/eventsourcing/model/project_test.go b/internal/project/repository/eventsourcing/model/project_test.go
index ad897c5131..b79d4562dd 100644
--- a/internal/project/repository/eventsourcing/model/project_test.go
+++ b/internal/project/repository/eventsourcing/model/project_test.go
@@ -4,6 +4,8 @@ import (
 	"encoding/json"
 	"testing"
 
+	"github.com/stretchr/testify/assert"
+
 	"github.com/zitadel/zitadel/internal/eventstore"
 	es_models "github.com/zitadel/zitadel/internal/eventstore/v1/models"
 	"github.com/zitadel/zitadel/internal/project/model"
@@ -40,6 +42,27 @@ func TestProjectFromEvents(t *testing.T) {
 			},
 			result: &Project{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, State: int32(model.ProjectStateActive)},
 		},
+		{
+			name: "project from events with OIDC Application, ok",
+			args: args{
+				event: []eventstore.Event{
+					&es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: project.ProjectAddedType, Data: []byte(`{"name": "ProjectName"}`)},
+					&es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: project.OIDCConfigAddedType, Data: []byte(`{"appId":"appId", "clientId": "clientID"}`)},
+				},
+				project: nil,
+			},
+			result: &Project{
+				ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"},
+				State:      int32(model.ProjectStateActive),
+				Name:       "ProjectName",
+				OIDCApplications: []*oidcApp{
+					{
+						AppID:    "appID",
+						ClientID: "clientID",
+					},
+				},
+			},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -95,6 +118,30 @@ func TestAppendEvent(t *testing.T) {
 			},
 			result: &Project{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, State: int32(model.ProjectStateActive)},
 		},
+		{
+			name: "append oidc config added event",
+			args: args{
+				event: &es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: project.OIDCConfigAddedType, Data: []byte(`{"appId":"appID", "clientId": "clientID"}`)},
+			},
+			result: &Project{
+				ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"},
+				State:      int32(model.ProjectStateActive),
+				OIDCApplications: []*oidcApp{{
+					AppID:    "appID",
+					ClientID: "clientID",
+				}}},
+		},
+		{
+			name: "append application removed event",
+			args: args{
+				project: &Project{Name: "ProjectName", OIDCApplications: []*oidcApp{{
+					AppID:    "appID",
+					ClientID: "clientID",
+				}}},
+				event: &es_models.Event{AggregateID: "AggregateID", Seq: 1, Typ: project.ApplicationRemovedType, Data: []byte(`{"appId": "appID"}`)},
+			},
+			result: &Project{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID"}, State: int32(model.ProjectStateActive)},
+		},
 	}
 	for _, tt := range tests {
 		t.Run(tt.name, func(t *testing.T) {
@@ -113,6 +160,7 @@ func TestAppendEvent(t *testing.T) {
 			if result.ObjectRoot.AggregateID != tt.result.ObjectRoot.AggregateID {
 				t.Errorf("got wrong result id: expected: %v, actual: %v ", tt.result.ObjectRoot.AggregateID, result.ObjectRoot.AggregateID)
 			}
+			assert.Equal(t, tt.result.OIDCApplications, result.OIDCApplications)
 		})
 	}
 }