TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-12-24 04:46:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: generated project grant id (#10747)

Browse Source 
# Which Problems Are Solved

Project Grant ID would have needed to be unique to be handled properly
on the projections, but was defined as the organization ID the project
was granted to, so could be non-unique.

# How the Problems Are Solved

Generate the Project Grant ID even in the v2 APIs, which also includes
fixes in the integration tests.
Additionally to that, the logic for some functionality had to be
extended as the Project Grant ID is not provided anymore in the API, so
had to be queried before creating events for Project Grants.

# Additional Changes

Included fix for authorizations, when an authorization was intended to
be created for a project, without providing any organization
information, which also showed some faulty integration tests.

# Additional Context

Partially closes #10745

---------

Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Silvan <27845747+adlerhurst@users.noreply.github.com>
(cherry picked from commit b6ff4ff16c)
This commit is contained in:
Stefan Benz
2025-09-21 16:04:25 +02:00
committed by Livio Spring
parent fa83c39510
commit b5c7d21ea6
19 changed files with 465 additions and 194 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
internal/api/grpc/saml/v2/integration_test/saml_test.go
View File

@@ -416,7 +416,7 @@ func TestServer_CreateResponse_Permission(t *testing.T) {
orgResp := Instance.CreateOrganization(ctx, integration.OrganizationName(), integration.Email())
Instance.CreateProjectGrant(ctx, t, projectID, orgResp.GetOrganizationId())
user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), integration.Email(), integration.Phone())
createProjectGrantUserGrant(ctx, t, orgResp.GetOrganizationId(), projectID, orgResp.GetOrganizationId(), user.GetUserId())
createProjectGrantUserGrant(ctx, t, projectID, orgResp.GetOrganizationId(), user.GetUserId())
return createSessionAndSmlRequestForCallback(ctx, t, sp, Instance.Users[integration.UserTypeLogin].ID, acsRedirect, user.GetUserId(), saml.HTTPRedirectBinding)
},
@@ -550,7 +550,7 @@ func TestServer_CreateResponse_Permission(t *testing.T) {
orgResp := Instance.CreateOrganization(ctx, integration.OrganizationName(), integration.Email())
Instance.CreateProjectGrant(ctx, t, projectID, orgResp.GetOrganizationId())
user := Instance.CreateHumanUserVerified(ctx, orgResp.GetOrganizationId(), integration.Email(), integration.Phone())
createProjectGrantUserGrant(ctx, t, orgResp.GetOrganizationId(), projectID, orgResp.GetOrganizationId(), user.GetUserId())
createProjectGrantUserGrant(ctx, t, projectID, orgResp.GetOrganizationId(), user.GetUserId())
return createSessionAndSmlRequestForCallback(ctx, t, sp, Instance.Users[integration.UserTypeLogin].ID, acsRedirect, user.GetUserId(), saml.HTTPRedirectBinding)
},
@@ -694,26 +694,26 @@ func createSAMLApplication(ctx context.Context, t *testing.T, idpMetadata *saml.
}
func createProjectUserGrant(ctx context.Context, t *testing.T, orgID, projectID, userID string) {
resp := Instance.CreateProjectUserGrant(t, ctx, orgID, projectID, userID)
resp := Instance.CreateAuthorizationProject(t, ctx, projectID, userID)
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(ctx, time.Minute)
require.EventuallyWithT(t, func(collect *assert.CollectT) {
_, err := Instance.Client.Mgmt.GetUserGrantByID(integration.SetOrgID(ctx, orgID), &mgmt.GetUserGrantByIDRequest{
UserId: userID,
GrantId: resp.GetUserGrantId(),
GrantId: resp.GetId(),
})
assert.NoError(collect, err)
}, retryDuration, tick)
}
func createProjectGrantUserGrant(ctx context.Context, t *testing.T, orgID, projectID, projectGrantID, userID string) {
resp := Instance.CreateProjectGrantUserGrant(ctx, orgID, projectID, projectGrantID, userID)
func createProjectGrantUserGrant(ctx context.Context, t *testing.T, projectID, grantedOrgID, userID string) {
resp := Instance.CreateAuthorizationProjectGrant(t, ctx, projectID, grantedOrgID, userID)
retryDuration, tick := integration.WaitForAndTickWithMaxDuration(ctx, time.Minute)
require.EventuallyWithT(t, func(collect *assert.CollectT) {
_, err := Instance.Client.Mgmt.GetUserGrantByID(integration.SetOrgID(ctx, orgID), &mgmt.GetUserGrantByIDRequest{
_, err := Instance.Client.Mgmt.GetUserGrantByID(integration.SetOrgID(ctx, grantedOrgID), &mgmt.GetUserGrantByIDRequest{
UserId: userID,
GrantId: resp.GetUserGrantId(),
GrantId: resp.GetId(),
})
assert.NoError(collect, err)
}, retryDuration, tick)