fix: backend fixes (#1452)

* fix: email change not possible if init state * fix: email change not possible if init state * passwordless Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2025-01-12 11:33:40 +00:00 · 2021-03-22 15:36:59 +01:00 · 2021-03-22 15:36:59 +01:00 · c970003c82
commit c970003c82
parent bd1a3bb6d7
4 changed files with 60 additions and 11 deletions
--- a/internal/api/grpc/auth/passwordless.go
+++ b/internal/api/grpc/auth/passwordless.go
@ -7,6 +7,7 @@ import (
 	"github.com/caos/zitadel/internal/api/grpc/object"
 	user_grpc "github.com/caos/zitadel/internal/api/grpc/user"
 	auth_pb "github.com/caos/zitadel/pkg/grpc/auth"
+	user_pb "github.com/caos/zitadel/pkg/grpc/user"
 )

 func (s *Server) ListMyPasswordless(ctx context.Context, _ *auth_pb.ListMyPasswordlessRequest) (*auth_pb.ListMyPasswordlessResponse, error) {
@ -21,16 +22,18 @@ func (s *Server) ListMyPasswordless(ctx context.Context, _ *auth_pb.ListMyPasswo

 func (s *Server) AddMyPasswordless(ctx context.Context, _ *auth_pb.AddMyPasswordlessRequest) (*auth_pb.AddMyPasswordlessResponse, error) {
 	ctxData := authz.GetCtxData(ctx)
-	u2f, err := s.command.HumanAddPasswordlessSetup(ctx, ctxData.UserID, ctxData.ResourceOwner, false)
+	token, err := s.command.HumanAddPasswordlessSetup(ctx, ctxData.UserID, ctxData.ResourceOwner, false)
 	if err != nil {
 		return nil, err
 	}
 	return &auth_pb.AddMyPasswordlessResponse{
-		Key: user_grpc.WebAuthNTokenToWebAuthNKeyPb(u2f),
+		Key: &user_pb.WebAuthNKey{
+			PublicKey: token.CredentialCreationData,
+		},
 		Details: object.AddToDetailsPb(
-			u2f.Sequence,
-			u2f.ChangeDate,
-			u2f.ResourceOwner,
+			token.Sequence,
+			token.ChangeDate,
+			token.ResourceOwner,
 		),
 	}, nil
 }
--- a/internal/command/user_human_email.go
+++ b/internal/command/user_human_email.go
@ -23,6 +23,9 @@ func (c *Commands) ChangeHumanEmail(ctx context.Context, email *domain.Email) (*
 	if existingEmail.UserState == domain.UserStateUnspecified || existingEmail.UserState == domain.UserStateDeleted {
 		return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-0Pe4r", "Errors.User.Email.NotFound")
 	}
+	if existingEmail.UserState == domain.UserStateInitial {
+		return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-J8dsk", "Errors.User.NotInitialised")
+	}
 	userAgg := UserAggregateFromWriteModel(&existingEmail.WriteModel)
 	changedEvent, hasChanged := existingEmail.NewChangedEvent(ctx, userAgg, email.EmailAddress)
 	if !hasChanged {
--- a/internal/command/user_human_email_test.go
+++ b/internal/command/user_human_email_test.go
@ -79,6 +79,49 @@ func TestCommandSide_ChangeHumanEmail(t *testing.T) {
 				err: caos_errs.IsPreconditionFailed,
 			},
 		},
+		{
+			name: "user not initialized, precondition error",
+			fields: fields{
+				eventstore: eventstoreExpect(
+					t,
+					expectFilter(
+						eventFromEventPusher(
+							user.NewHumanAddedEvent(context.Background(),
+								&user.NewAggregate("user1", "org1").Aggregate,
+								"username",
+								"firstname",
+								"lastname",
+								"nickname",
+								"displayname",
+								language.German,
+								domain.GenderUnspecified,
+								"email@test.ch",
+								true,
+							),
+						),
+						eventFromEventPusher(
+							user.NewHumanInitialCodeAddedEvent(context.Background(),
+								&user.NewAggregate("user1", "org1").Aggregate,
+								nil, time.Hour*1,
+							),
+						),
+					),
+				),
+			},
+			args: args{
+				ctx: context.Background(),
+				email: &domain.Email{
+					ObjectRoot: models.ObjectRoot{
+						AggregateID: "user1",
+					},
+					EmailAddress: "email@test.ch",
+				},
+				resourceOwner: "org1",
+			},
+			res: res{
+				err: caos_errs.IsPreconditionFailed,
+			},
+		},
 		{
 			name: "email not changed, precondition error",
 			fields: fields{
--- a/internal/command/user_human_webauthn_model.go
+++ b/internal/command/user_human_webauthn_model.go
@ -53,11 +53,11 @@ func (wm *HumanWebAuthNWriteModel) AppendEvents(events ...eventstore.EventReader
 			}
 		case *user.HumanPasswordlessVerifiedEvent:
 			if wm.WebauthNTokenID == e.WebAuthNTokenID {
-				wm.WriteModel.AppendEvents(e)
+				wm.WriteModel.AppendEvents(&e.HumanWebAuthNVerifiedEvent)
 			}
 		case *user.HumanU2FVerifiedEvent:
 			if wm.WebauthNTokenID == e.WebAuthNTokenID {
-				wm.WriteModel.AppendEvents(e)
+				wm.WriteModel.AppendEvents(&e.HumanWebAuthNVerifiedEvent)
 			}
 		case *user.HumanWebAuthNSignCountChangedEvent:
 			if wm.WebauthNTokenID == e.WebAuthNTokenID {
@ -65,11 +65,11 @@ func (wm *HumanWebAuthNWriteModel) AppendEvents(events ...eventstore.EventReader
 			}
 		case *user.HumanPasswordlessSignCountChangedEvent:
 			if wm.WebauthNTokenID == e.WebAuthNTokenID {
-				wm.WriteModel.AppendEvents(e)
+				wm.WriteModel.AppendEvents(&e.HumanWebAuthNSignCountChangedEvent)
 			}
 		case *user.HumanU2FSignCountChangedEvent:
 			if wm.WebauthNTokenID == e.WebAuthNTokenID {
-				wm.WriteModel.AppendEvents(e)
+				wm.WriteModel.AppendEvents(&e.HumanWebAuthNSignCountChangedEvent)
 			}
 		case *user.HumanWebAuthNRemovedEvent:
 			if wm.WebauthNTokenID == e.WebAuthNTokenID {
@ -77,11 +77,11 @@ func (wm *HumanWebAuthNWriteModel) AppendEvents(events ...eventstore.EventReader
 			}
 		case *user.HumanPasswordlessRemovedEvent:
 			if wm.WebauthNTokenID == e.WebAuthNTokenID {
-				wm.WriteModel.AppendEvents(e)
+				wm.WriteModel.AppendEvents(&e.HumanWebAuthNRemovedEvent)
 			}
 		case *user.HumanU2FRemovedEvent:
 			if wm.WebauthNTokenID == e.WebAuthNTokenID {
-				wm.WriteModel.AppendEvents(e)
+				wm.WriteModel.AppendEvents(&e.HumanWebAuthNRemovedEvent)
 			}
 		case *user.UserRemovedEvent:
 			wm.WriteModel.AppendEvents(e)