TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-12 04:17:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(queries): authn keys (#2820)

Browse Source 
* begin authn keys

* single table for state change

* add key type

* begin authn keys query

* query

* tests

* fix merge

* remove wrong migration version

* improve filter

* Update projection.go

* cleanup
This commit is contained in:
Livio Amstutz
2021-12-14 10:57:20 +01:00
committed by GitHub
parent 79f7c1198b
commit ae840f364c
20 changed files with 684 additions and 589 deletions
Download Patch File Download Diff File Expand all files Collapse all files

259
internal/query/authn_key.go Normal file
View File

@@ -0,0 +1,259 @@
package query
import (
"context"
"database/sql"
errs "errors"
"time"
sq "github.com/Masterminds/squirrel"
"github.com/caos/zitadel/internal/domain"
"github.com/caos/zitadel/internal/errors"
"github.com/caos/zitadel/internal/query/projection"
)
var (
authNKeyTable = table{
name: projection.AuthNKeyTable,
}
AuthNKeyColumnID = Column{
name: projection.AuthNKeyIDCol,
table: authNKeyTable,
}
AuthNKeyColumnCreationDate = Column{
name: projection.AuthNKeyCreationDateCol,
table: authNKeyTable,
}
AuthNKeyColumnResourceOwner = Column{
name: projection.AuthNKeyResourceOwnerCol,
table: authNKeyTable,
}
AuthNKeyColumnAggregateID = Column{
name: projection.AuthNKeyAggregateIDCol,
table: authNKeyTable,
}
AuthNKeyColumnSequence = Column{
name: projection.AuthNKeySequenceCol,
table: authNKeyTable,
}
AuthNKeyColumnObjectID = Column{
name: projection.AuthNKeyObjectIDCol,
table: authNKeyTable,
}
AuthNKeyColumnExpiration = Column{
name: projection.AuthNKeyExpirationCol,
table: authNKeyTable,
}
AuthNKeyColumnIdentifier = Column{
name: projection.AuthNKeyIdentifierCol,
table: authNKeyTable,
}
AuthNKeyColumnPublicKey = Column{
name: projection.AuthNKeyPublicKeyCol,
table: authNKeyTable,
}
AuthNKeyColumnType = Column{
name: projection.AuthNKeyTypeCol,
table: authNKeyTable,
}
AuthNKeyColumnEnabled = Column{
name: projection.AuthNKeyEnabledCol,
table: authNKeyTable,
}
)
type AuthNKeys struct {
SearchResponse
AuthNKeys []*AuthNKey
}
type AuthNKey struct {
ID string
CreationDate time.Time
ResourceOwner string
Sequence uint64
Expiration time.Time
Type domain.AuthNKeyType
}
type AuthNKeySearchQueries struct {
SearchRequest
Queries []SearchQuery
}
func (q *AuthNKeySearchQueries) toQuery(query sq.SelectBuilder) sq.SelectBuilder {
query = q.SearchRequest.toQuery(query)
for _, q := range q.Queries {
query = q.toQuery(query)
}
return query
}
func (q *Queries) SearchAuthNKeys(ctx context.Context, queries *AuthNKeySearchQueries) (authNKeys *AuthNKeys, err error) {
query, scan := prepareAuthNKeysQuery()
query = queries.toQuery(query)
stmt, args, err := query.Where(
sq.Eq{
AuthNKeyColumnEnabled.identifier(): true,
},
).ToSql()
if err != nil {
return nil, errors.ThrowInvalidArgument(err, "QUERY-SAf3f", "Errors.Query.InvalidRequest")
}
rows, err := q.client.QueryContext(ctx, stmt, args...)
if err != nil {
return nil, errors.ThrowInternal(err, "QUERY-Dbg53", "Errors.Internal")
}
authNKeys, err = scan(rows)
if err != nil {
return nil, err
}
authNKeys.LatestSequence, err = q.latestSequence(ctx, authNKeyTable)
return authNKeys, err
}
func (q *Queries) GetAuthNKeyByID(ctx context.Context, id string, queries ...SearchQuery) (*AuthNKey, error) {
query, scan := prepareAuthNKeyQuery()
for _, q := range queries {
query = q.toQuery(query)
}
stmt, args, err := query.Where(
sq.Eq{
AuthNKeyColumnID.identifier(): id,
AuthNKeyColumnEnabled.identifier(): true,
}).ToSql()
if err != nil {
return nil, errors.ThrowInternal(err, "QUERY-AGhg4", "Errors.Query.SQLStatement")
}
row := q.client.QueryRowContext(ctx, stmt, args...)
return scan(row)
}
func (q *Queries) GetAuthNKeyPublicKeyByIDAndIdentifier(ctx context.Context, id string, identifier string) ([]byte, error) {
stmt, scan := prepareAuthNKeyPublicKeyQuery()
query, args, err := stmt.Where(
sq.And{
sq.Eq{
AuthNKeyColumnID.identifier(): id,
AuthNKeyColumnIdentifier.identifier(): identifier,
AuthNKeyColumnEnabled.identifier(): true,
},
sq.Gt{
AuthNKeyColumnExpiration.identifier(): time.Now(),
},
},
).ToSql()
if err != nil {
return nil, errors.ThrowInternal(err, "QUERY-DAb32", "Errors.Query.SQLStatement")
}
row := q.client.QueryRowContext(ctx, query, args...)
return scan(row)
}
func NewAuthNKeyResourceOwnerQuery(id string) (SearchQuery, error) {
return NewTextQuery(AuthNKeyColumnResourceOwner, id, TextEquals)
}
func NewAuthNKeyAggregateIDQuery(id string) (SearchQuery, error) {
return NewTextQuery(AuthNKeyColumnAggregateID, id, TextEquals)
}
func NewAuthNKeyObjectIDQuery(id string) (SearchQuery, error) {
return NewTextQuery(AuthNKeyColumnObjectID, id, TextEquals)
}
func prepareAuthNKeysQuery() (sq.SelectBuilder, func(rows *sql.Rows) (*AuthNKeys, error)) {
return sq.Select(
AuthNKeyColumnID.identifier(),
AuthNKeyColumnCreationDate.identifier(),
AuthNKeyColumnResourceOwner.identifier(),
AuthNKeyColumnSequence.identifier(),
AuthNKeyColumnExpiration.identifier(),
AuthNKeyColumnType.identifier(),
countColumn.identifier(),
).From(authNKeyTable.identifier()).PlaceholderFormat(sq.Dollar),
func(rows *sql.Rows) (*AuthNKeys, error) {
authNKeys := make([]*AuthNKey, 0)
var count uint64
for rows.Next() {
authNKey := new(AuthNKey)
err := rows.Scan(
&authNKey.ID,
&authNKey.CreationDate,
&authNKey.ResourceOwner,
&authNKey.Sequence,
&authNKey.Expiration,
&authNKey.Type,
&count,
)
if err != nil {
return nil, err
}
authNKeys = append(authNKeys, authNKey)
}
if err := rows.Close(); err != nil {
return nil, errors.ThrowInternal(err, "QUERY-Dgfn3", "Errors.Query.CloseRows")
}
return &AuthNKeys{
AuthNKeys: authNKeys,
SearchResponse: SearchResponse{
Count: count,
},
}, nil
}
}
func prepareAuthNKeyQuery() (sq.SelectBuilder, func(row *sql.Row) (*AuthNKey, error)) {
return sq.Select(
AuthNKeyColumnID.identifier(),
AuthNKeyColumnCreationDate.identifier(),
AuthNKeyColumnResourceOwner.identifier(),
AuthNKeyColumnSequence.identifier(),
AuthNKeyColumnExpiration.identifier(),
AuthNKeyColumnType.identifier(),
).From(authNKeyTable.identifier()).PlaceholderFormat(sq.Dollar),
func(row *sql.Row) (*AuthNKey, error) {
authNKey := new(AuthNKey)
err := row.Scan(
&authNKey.ID,
&authNKey.CreationDate,
&authNKey.ResourceOwner,
&authNKey.Sequence,
&authNKey.Expiration,
&authNKey.Type,
)
if err != nil {
if errs.Is(err, sql.ErrNoRows) {
return nil, errors.ThrowNotFound(err, "QUERY-Dgr3g", "Errors.AuthNKey.NotFound")
}
return nil, errors.ThrowInternal(err, "QUERY-BGnbr", "Errors.Internal")
}
return authNKey, nil
}
}
func prepareAuthNKeyPublicKeyQuery() (sq.SelectBuilder, func(row *sql.Row) ([]byte, error)) {
return sq.Select(
AuthNKeyColumnPublicKey.identifier(),
).From(authNKeyTable.identifier()).PlaceholderFormat(sq.Dollar),
func(row *sql.Row) ([]byte, error) {
var publicKey []byte
err := row.Scan(
&publicKey,
)
if err != nil {
if errs.Is(err, sql.ErrNoRows) {
return nil, errors.ThrowNotFound(err, "QUERY-SDf32", "Errors.AuthNKey.NotFound")
}
return nil, errors.ThrowInternal(err, "QUERY-Bfs2a", "Errors.Internal")
}
return publicKey, nil
}
}

331
internal/query/authn_key_test.go Normal file
View File

@@ -0,0 +1,331 @@
package query
import (
"database/sql"
"database/sql/driver"
"errors"
"fmt"
"regexp"
"testing"
"github.com/caos/zitadel/internal/domain"
errs "github.com/caos/zitadel/internal/errors"
)
func Test_AuthNKeyPrepares(t *testing.T) {
type want struct {
sqlExpectations sqlExpectation
err checkErr
}
tests := []struct {
name string
prepare interface{}
want want
object interface{}
}{
{
name: "prepareAuthNKeysQuery no result",
prepare: prepareAuthNKeysQuery,
want: want{
sqlExpectations: mockQueries(
regexp.QuoteMeta(`SELECT zitadel.projections.authn_keys.id,`+
` zitadel.projections.authn_keys.creation_date,`+
` zitadel.projections.authn_keys.resource_owner,`+
` zitadel.projections.authn_keys.sequence,`+
` zitadel.projections.authn_keys.expiration,`+
` zitadel.projections.authn_keys.type,`+
` COUNT(*) OVER ()`+
` FROM zitadel.projections.authn_keys`),
nil,
nil,
),
},
object: &AuthNKeys{AuthNKeys: []*AuthNKey{}},
},
{
name: "prepareAuthNKeysQuery one result",
prepare: prepareAuthNKeysQuery,
want: want{
sqlExpectations: mockQueries(
regexp.QuoteMeta(`SELECT zitadel.projections.authn_keys.id,`+
` zitadel.projections.authn_keys.creation_date,`+
` zitadel.projections.authn_keys.resource_owner,`+
` zitadel.projections.authn_keys.sequence,`+
` zitadel.projections.authn_keys.expiration,`+
` zitadel.projections.authn_keys.type,`+
` COUNT(*) OVER ()`+
` FROM zitadel.projections.authn_keys`),
[]string{
"id",
"creation_date",
"resource_owner",
"sequence",
"expiration",
"type",
"count",
},
[][]driver.Value{
{
"id",
testNow,
"ro",
uint64(20211109),
testNow,
1,
},
},
),
},
object: &AuthNKeys{
SearchResponse: SearchResponse{
Count: 1,
},
AuthNKeys: []*AuthNKey{
{
ID: "id",
CreationDate: testNow,
ResourceOwner: "ro",
Sequence: 20211109,
Expiration: testNow,
Type: domain.AuthNKeyTypeJSON,
},
},
},
},
{
name: "prepareAuthNKeysQuery multiple result",
prepare: prepareAuthNKeysQuery,
want: want{
sqlExpectations: mockQueries(
regexp.QuoteMeta(`SELECT zitadel.projections.authn_keys.id,`+
` zitadel.projections.authn_keys.creation_date,`+
` zitadel.projections.authn_keys.resource_owner,`+
` zitadel.projections.authn_keys.sequence,`+
` zitadel.projections.authn_keys.expiration,`+
` zitadel.projections.authn_keys.type,`+
` COUNT(*) OVER ()`+
` FROM zitadel.projections.authn_keys`),
[]string{
"id",
"creation_date",
"resource_owner",
"sequence",
"expiration",
"type",
"count",
},
[][]driver.Value{
{
"id-1",
testNow,
"ro",
uint64(20211109),
testNow,
1,
},
{
"id-2",
testNow,
"ro",
uint64(20211109),
testNow,
1,
},
},
),
},
object: &AuthNKeys{
SearchResponse: SearchResponse{
Count: 2,
},
AuthNKeys: []*AuthNKey{
{
ID: "id-1",
CreationDate: testNow,
ResourceOwner: "ro",
Sequence: 20211109,
Expiration: testNow,
Type: domain.AuthNKeyTypeJSON,
},
{
ID: "id-2",
CreationDate: testNow,
ResourceOwner: "ro",
Sequence: 20211109,
Expiration: testNow,
Type: domain.AuthNKeyTypeJSON,
},
},
},
},
{
name: "prepareAuthNKeysQuery sql err",
prepare: prepareAuthNKeysQuery,
want: want{
sqlExpectations: mockQueryErr(
regexp.QuoteMeta(`SELECT zitadel.projections.authn_keys.id,`+
` zitadel.projections.authn_keys.creation_date,`+
` zitadel.projections.authn_keys.resource_owner,`+
` zitadel.projections.authn_keys.sequence,`+
` zitadel.projections.authn_keys.expiration,`+
` zitadel.projections.authn_keys.type,`+
` COUNT(*) OVER ()`+
` FROM zitadel.projections.authn_keys`),
sql.ErrConnDone,
),
err: func(err error) (error, bool) {
if !errors.Is(err, sql.ErrConnDone) {
return fmt.Errorf("err should be sql.ErrConnDone got: %w", err), false
}
return nil, true
},
},
object: nil,
},
{
name: "prepareAuthNKeyQuery no result",
prepare: prepareAuthNKeyQuery,
want: want{
sqlExpectations: mockQueries(
regexp.QuoteMeta(`SELECT zitadel.projections.authn_keys.id,`+
` zitadel.projections.authn_keys.creation_date,`+
` zitadel.projections.authn_keys.resource_owner,`+
` zitadel.projections.authn_keys.sequence,`+
` zitadel.projections.authn_keys.expiration,`+
` zitadel.projections.authn_keys.type`+
` FROM zitadel.projections.authn_keys`),
nil,
nil,
),
err: func(err error) (error, bool) {
if !errs.IsNotFound(err) {
return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false
}
return nil, true
},
},
object: (*AuthNKey)(nil),
},
{
name: "prepareAuthNKeyQuery found",
prepare: prepareAuthNKeyQuery,
want: want{
sqlExpectations: mockQuery(
regexp.QuoteMeta(`SELECT zitadel.projections.authn_keys.id,`+
` zitadel.projections.authn_keys.creation_date,`+
` zitadel.projections.authn_keys.resource_owner,`+
` zitadel.projections.authn_keys.sequence,`+
` zitadel.projections.authn_keys.expiration,`+
` zitadel.projections.authn_keys.type`+
` FROM zitadel.projections.authn_keys`),
[]string{
"id",
"creation_date",
"resource_owner",
"sequence",
"expiration",
"type",
},
[]driver.Value{
"id",
testNow,
"ro",
uint64(20211109),
testNow,
1,
},
),
},
object: &AuthNKey{
ID: "id",
CreationDate: testNow,
ResourceOwner: "ro",
Sequence: 20211109,
Expiration: testNow,
Type: domain.AuthNKeyTypeJSON,
},
},
{
name: "prepareAuthNKeyQuery sql err",
prepare: prepareAuthNKeyQuery,
want: want{
sqlExpectations: mockQueryErr(
regexp.QuoteMeta(`SELECT zitadel.projections.authn_keys.id,`+
` zitadel.projections.authn_keys.creation_date,`+
` zitadel.projections.authn_keys.resource_owner,`+
` zitadel.projections.authn_keys.sequence,`+
` zitadel.projections.authn_keys.expiration,`+
` zitadel.projections.authn_keys.type`+
` FROM zitadel.projections.authn_keys`),
sql.ErrConnDone,
),
err: func(err error) (error, bool) {
if !errors.Is(err, sql.ErrConnDone) {
return fmt.Errorf("err should be sql.ErrConnDone got: %w", err), false
}
return nil, true
},
},
object: nil,
},
{
name: "prepareAuthNKeyPublicKeyQuery no result",
prepare: prepareAuthNKeyPublicKeyQuery,
want: want{
sqlExpectations: mockQueries(
regexp.QuoteMeta(`SELECT zitadel.projections.authn_keys.public_key`+
` FROM zitadel.projections.authn_keys`),
nil,
nil,
),
err: func(err error) (error, bool) {
if !errs.IsNotFound(err) {
return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false
}
return nil, true
},
},
object: ([]byte)(nil),
},
{
name: "prepareAuthNKeyPublicKeyQuery found",
prepare: prepareAuthNKeyPublicKeyQuery,
want: want{
sqlExpectations: mockQuery(
regexp.QuoteMeta(`SELECT zitadel.projections.authn_keys.public_key`+
` FROM zitadel.projections.authn_keys`),
[]string{
"public_key",
},
[]driver.Value{
[]byte("publicKey"),
},
),
},
object: []byte("publicKey"),
},
{
name: "prepareAuthNKeyPublicKeyQuery sql err",
prepare: prepareAuthNKeyPublicKeyQuery,
want: want{
sqlExpectations: mockQueryErr(
regexp.QuoteMeta(`SELECT zitadel.projections.authn_keys.public_key`+
` FROM zitadel.projections.authn_keys`),
sql.ErrConnDone,
),
err: func(err error) (error, bool) {
if !errors.Is(err, sql.ErrConnDone) {
return fmt.Errorf("err should be sql.ErrConnDone got: %w", err), false
}
return nil, true
},
},
object: nil,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
assertPrepare(t, tt.prepare, tt.object, tt.want.sqlExpectations, tt.want.err)
})
}
}