fix: check oidc / api config (#1940)

2025-08-12 03:27:32 +00:00 · 2021-06-27 11:20:59 +02:00
parent 724df5d6c4
commit c6ad784a6c
6 changed files with 34 additions and 0 deletions
--- a/internal/command/project_application_api.go
+++ b/internal/command/project_application_api.go
@@ -80,6 +80,9 @@ func (c *Commands) ChangeAPIApplication(ctx context.Context, apiApp *domain.APIA
 	if existingAPI.State == domain.AppStateUnspecified || existingAPI.State == domain.AppStateRemoved {
 		return nil, caos_errs.ThrowNotFound(nil, "COMMAND-2n8uU", "Errors.Project.App.NotExisting")
 	}
+	if !existingAPI.IsAPI() {
+		return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-Gnwt3", "Errors.Project.App.IsNotAPI")
+	}
 	projectAgg := ProjectAggregateFromWriteModel(&existingAPI.WriteModel)
 	changedEvent, hasChanged, err := existingAPI.NewChangedEvent(
 		ctx,
@@ -117,6 +120,9 @@ func (c *Commands) ChangeAPIApplicationSecret(ctx context.Context, projectID, ap
 	if existingAPI.State == domain.AppStateUnspecified || existingAPI.State == domain.AppStateRemoved {
 		return nil, caos_errs.ThrowNotFound(nil, "COMMAND-2g66f", "Errors.Project.App.NotExisting")
 	}
+	if !existingAPI.IsAPI() {
+		return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-aeH4", "Errors.Project.App.IsNotAPI")
+	}
 	cryptoSecret, stringPW, err := domain.NewClientSecret(c.applicationSecretGenerator)
 	if err != nil {
 		return nil, err
--- a/internal/command/project_application_api_model.go
+++ b/internal/command/project_application_api_model.go
@@ -19,6 +19,7 @@ type APIApplicationWriteModel struct {
 	ClientSecretString string
 	AuthMethodType     domain.APIAuthMethodType
 	State              domain.AppState
+	api                bool
 }

 func NewAPIApplicationWriteModelWithAppID(projectID, appID, resourceOwner string) *APIApplicationWriteModel {
@@ -122,6 +123,7 @@ func (wm *APIApplicationWriteModel) Reduce() error {
 }

 func (wm *APIApplicationWriteModel) appendAddAPIEvent(e *project.APIConfigAddedEvent) {
+	wm.api = true
 	wm.ClientID = e.ClientID
 	wm.ClientSecret = e.ClientSecret
 	wm.AuthMethodType = e.AuthMethodType
@@ -171,3 +173,7 @@ func (wm *APIApplicationWriteModel) NewChangedEvent(
 	}
 	return changeEvent, true, nil
 }
+
+func (wm *APIApplicationWriteModel) IsAPI() bool {
+	return wm.api
+}
--- a/internal/command/project_application_oidc.go
+++ b/internal/command/project_application_oidc.go
@@ -99,6 +99,9 @@ func (c *Commands) ChangeOIDCApplication(ctx context.Context, oidc *domain.OIDCA
 	if existingOIDC.State == domain.AppStateUnspecified || existingOIDC.State == domain.AppStateRemoved {
 		return nil, caos_errs.ThrowNotFound(nil, "COMMAND-2n8uU", "Errors.Project.App.NotExisting")
 	}
+	if !existingOIDC.IsOIDC() {
+		return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-GBr34", "Errors.Project.App.IsNotOIDC")
+	}
 	projectAgg := ProjectAggregateFromWriteModel(&existingOIDC.WriteModel)
 	changedEvent, hasChanged, err := existingOIDC.NewChangedEvent(
 		ctx,
@@ -151,6 +154,9 @@ func (c *Commands) ChangeOIDCApplicationSecret(ctx context.Context, projectID, a
 	if existingOIDC.State == domain.AppStateUnspecified || existingOIDC.State == domain.AppStateRemoved {
 		return nil, caos_errs.ThrowNotFound(nil, "COMMAND-2g66f", "Errors.Project.App.NotExisting")
 	}
+	if !existingOIDC.IsOIDC() {
+		return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-Ghrh3", "Errors.Project.App.IsNotOIDC")
+	}
 	cryptoSecret, stringPW, err := domain.NewClientSecret(c.applicationSecretGenerator)
 	if err != nil {
 		return nil, err
@@ -183,6 +189,9 @@ func (c *Commands) VerifyOIDCClientSecret(ctx context.Context, projectID, appID,
 	if !app.State.Exists() {
 		return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-D6hba", "Errors.Project.App.NoExisting")
 	}
+	if !app.IsOIDC() {
+		return caos_errs.ThrowInvalidArgument(nil, "COMMAND-BHgn2", "Errors.Project.App.IsNotOIDC")
+	}
 	if app.ClientSecret == nil {
 		return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-D6hba", "Errors.Project.App.OIDCConfigInvalid")
 	}
--- a/internal/command/project_application_oidc_model.go
+++ b/internal/command/project_application_oidc_model.go
@@ -34,6 +34,7 @@ type OIDCApplicationWriteModel struct {
 	ClockSkew                time.Duration
 	State                    domain.AppState
 	AdditionalOrigins        []string
+	oidc                     bool
 }

 func NewOIDCApplicationWriteModelWithAppID(projectID, appID, resourceOwner string) *OIDCApplicationWriteModel {
@@ -137,6 +138,7 @@ func (wm *OIDCApplicationWriteModel) Reduce() error {
 }

 func (wm *OIDCApplicationWriteModel) appendAddOIDCEvent(e *project.OIDCConfigAddedEvent) {
+	wm.oidc = true
 	wm.ClientID = e.ClientID
 	wm.ClientSecret = e.ClientSecret
 	wm.RedirectUris = e.RedirectUris
@@ -290,3 +292,7 @@ func (wm *OIDCApplicationWriteModel) NewChangedEvent(
 	}
 	return changeEvent, true, nil
 }
+
+func (wm *OIDCApplicationWriteModel) IsOIDC() bool {
+	return wm.oidc
+}