mirror of
https://github.com/zitadel/zitadel.git
synced 2025-07-28 12:43:42 +00:00
fix: backend fixes (#1452)
* fix: email change not possible if init state * fix: email change not possible if init state * passwordless Co-authored-by: Livio Amstutz <livio.a@gmail.com>
This commit is contained in:
Fabi
GitHub
parent
bd1a3bb6d7
commit
c970003c82
@ -7,6 +7,7 @@ import (
|
|||||||
"github.com/caos/zitadel/internal/api/grpc/object"
|
"github.com/caos/zitadel/internal/api/grpc/object"
|
||||||
user_grpc "github.com/caos/zitadel/internal/api/grpc/user"
|
user_grpc "github.com/caos/zitadel/internal/api/grpc/user"
|
||||||
auth_pb "github.com/caos/zitadel/pkg/grpc/auth"
|
auth_pb "github.com/caos/zitadel/pkg/grpc/auth"
|
||||||
|
user_pb "github.com/caos/zitadel/pkg/grpc/user"
|
||||||
)
|
)
|
||||||
|
|
||||||
func (s *Server) ListMyPasswordless(ctx context.Context, _ *auth_pb.ListMyPasswordlessRequest) (*auth_pb.ListMyPasswordlessResponse, error) {
|
func (s *Server) ListMyPasswordless(ctx context.Context, _ *auth_pb.ListMyPasswordlessRequest) (*auth_pb.ListMyPasswordlessResponse, error) {
|
||||||
@ -21,16 +22,18 @@ func (s *Server) ListMyPasswordless(ctx context.Context, _ *auth_pb.ListMyPasswo
|
|||||||
|
|
||||||
func (s *Server) AddMyPasswordless(ctx context.Context, _ *auth_pb.AddMyPasswordlessRequest) (*auth_pb.AddMyPasswordlessResponse, error) {
|
func (s *Server) AddMyPasswordless(ctx context.Context, _ *auth_pb.AddMyPasswordlessRequest) (*auth_pb.AddMyPasswordlessResponse, error) {
|
||||||
ctxData := authz.GetCtxData(ctx)
|
ctxData := authz.GetCtxData(ctx)
|
||||||
u2f, err := s.command.HumanAddPasswordlessSetup(ctx, ctxData.UserID, ctxData.ResourceOwner, false)
|
token, err := s.command.HumanAddPasswordlessSetup(ctx, ctxData.UserID, ctxData.ResourceOwner, false)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
return &auth_pb.AddMyPasswordlessResponse{
|
return &auth_pb.AddMyPasswordlessResponse{
|
||||||
Key: user_grpc.WebAuthNTokenToWebAuthNKeyPb(u2f),
|
Key: &user_pb.WebAuthNKey{
|
||||||
|
PublicKey: token.CredentialCreationData,
|
||||||
|
},
|
||||||
Details: object.AddToDetailsPb(
|
Details: object.AddToDetailsPb(
|
||||||
u2f.Sequence,
|
token.Sequence,
|
||||||
u2f.ChangeDate,
|
token.ChangeDate,
|
||||||
u2f.ResourceOwner,
|
token.ResourceOwner,
|
||||||
),
|
),
|
||||||
}, nil
|
}, nil
|
||||||
}
|
}
|
||||||
|
|||||||
@ -23,6 +23,9 @@ func (c *Commands) ChangeHumanEmail(ctx context.Context, email *domain.Email) (*
|
|||||||
if existingEmail.UserState == domain.UserStateUnspecified || existingEmail.UserState == domain.UserStateDeleted {
|
if existingEmail.UserState == domain.UserStateUnspecified || existingEmail.UserState == domain.UserStateDeleted {
|
||||||
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-0Pe4r", "Errors.User.Email.NotFound")
|
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-0Pe4r", "Errors.User.Email.NotFound")
|
||||||
}
|
}
|
||||||
|
if existingEmail.UserState == domain.UserStateInitial {
|
||||||
|
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-J8dsk", "Errors.User.NotInitialised")
|
||||||
|
}
|
||||||
userAgg := UserAggregateFromWriteModel(&existingEmail.WriteModel)
|
userAgg := UserAggregateFromWriteModel(&existingEmail.WriteModel)
|
||||||
changedEvent, hasChanged := existingEmail.NewChangedEvent(ctx, userAgg, email.EmailAddress)
|
changedEvent, hasChanged := existingEmail.NewChangedEvent(ctx, userAgg, email.EmailAddress)
|
||||||
if !hasChanged {
|
if !hasChanged {
|
||||||
|
|||||||
@ -79,6 +79,49 @@ func TestCommandSide_ChangeHumanEmail(t *testing.T) {
|
|||||||
err: caos_errs.IsPreconditionFailed,
|
err: caos_errs.IsPreconditionFailed,
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
|
{
|
||||||
|
name: "user not initialized, precondition error",
|
||||||
|
fields: fields{
|
||||||
|
eventstore: eventstoreExpect(
|
||||||
|
t,
|
||||||
|
expectFilter(
|
||||||
|
eventFromEventPusher(
|
||||||
|
user.NewHumanAddedEvent(context.Background(),
|
||||||
|
&user.NewAggregate("user1", "org1").Aggregate,
|
||||||
|
"username",
|
||||||
|
"firstname",
|
||||||
|
"lastname",
|
||||||
|
"nickname",
|
||||||
|
"displayname",
|
||||||
|
language.German,
|
||||||
|
domain.GenderUnspecified,
|
||||||
|
"email@test.ch",
|
||||||
|
true,
|
||||||
|
),
|
||||||
|
),
|
||||||
|
eventFromEventPusher(
|
||||||
|
user.NewHumanInitialCodeAddedEvent(context.Background(),
|
||||||
|
&user.NewAggregate("user1", "org1").Aggregate,
|
||||||
|
nil, time.Hour*1,
|
||||||
|
),
|
||||||
|
),
|
||||||
|
),
|
||||||
|
),
|
||||||
|
},
|
||||||
|
args: args{
|
||||||
|
ctx: context.Background(),
|
||||||
|
email: &domain.Email{
|
||||||
|
ObjectRoot: models.ObjectRoot{
|
||||||
|
AggregateID: "user1",
|
||||||
|
},
|
||||||
|
EmailAddress: "email@test.ch",
|
||||||
|
},
|
||||||
|
resourceOwner: "org1",
|
||||||
|
},
|
||||||
|
res: res{
|
||||||
|
err: caos_errs.IsPreconditionFailed,
|
||||||
|
},
|
||||||
|
},
|
||||||
{
|
{
|
||||||
name: "email not changed, precondition error",
|
name: "email not changed, precondition error",
|
||||||
fields: fields{
|
fields: fields{
|
||||||
|
|||||||
@ -53,11 +53,11 @@ func (wm *HumanWebAuthNWriteModel) AppendEvents(events ...eventstore.EventReader
|
|||||||
}
|
}
|
||||||
case *user.HumanPasswordlessVerifiedEvent:
|
case *user.HumanPasswordlessVerifiedEvent:
|
||||||
if wm.WebauthNTokenID == e.WebAuthNTokenID {
|
if wm.WebauthNTokenID == e.WebAuthNTokenID {
|
||||||
wm.WriteModel.AppendEvents(e)
|
wm.WriteModel.AppendEvents(&e.HumanWebAuthNVerifiedEvent)
|
||||||
}
|
}
|
||||||
case *user.HumanU2FVerifiedEvent:
|
case *user.HumanU2FVerifiedEvent:
|
||||||
if wm.WebauthNTokenID == e.WebAuthNTokenID {
|
if wm.WebauthNTokenID == e.WebAuthNTokenID {
|
||||||
wm.WriteModel.AppendEvents(e)
|
wm.WriteModel.AppendEvents(&e.HumanWebAuthNVerifiedEvent)
|
||||||
}
|
}
|
||||||
case *user.HumanWebAuthNSignCountChangedEvent:
|
case *user.HumanWebAuthNSignCountChangedEvent:
|
||||||
if wm.WebauthNTokenID == e.WebAuthNTokenID {
|
if wm.WebauthNTokenID == e.WebAuthNTokenID {
|
||||||
@ -65,11 +65,11 @@ func (wm *HumanWebAuthNWriteModel) AppendEvents(events ...eventstore.EventReader
|
|||||||
}
|
}
|
||||||
case *user.HumanPasswordlessSignCountChangedEvent:
|
case *user.HumanPasswordlessSignCountChangedEvent:
|
||||||
if wm.WebauthNTokenID == e.WebAuthNTokenID {
|
if wm.WebauthNTokenID == e.WebAuthNTokenID {
|
||||||
wm.WriteModel.AppendEvents(e)
|
wm.WriteModel.AppendEvents(&e.HumanWebAuthNSignCountChangedEvent)
|
||||||
}
|
}
|
||||||
case *user.HumanU2FSignCountChangedEvent:
|
case *user.HumanU2FSignCountChangedEvent:
|
||||||
if wm.WebauthNTokenID == e.WebAuthNTokenID {
|
if wm.WebauthNTokenID == e.WebAuthNTokenID {
|
||||||
wm.WriteModel.AppendEvents(e)
|
wm.WriteModel.AppendEvents(&e.HumanWebAuthNSignCountChangedEvent)
|
||||||
}
|
}
|
||||||
case *user.HumanWebAuthNRemovedEvent:
|
case *user.HumanWebAuthNRemovedEvent:
|
||||||
if wm.WebauthNTokenID == e.WebAuthNTokenID {
|
if wm.WebauthNTokenID == e.WebAuthNTokenID {
|
||||||
@ -77,11 +77,11 @@ func (wm *HumanWebAuthNWriteModel) AppendEvents(events ...eventstore.EventReader
|
|||||||
}
|
}
|
||||||
case *user.HumanPasswordlessRemovedEvent:
|
case *user.HumanPasswordlessRemovedEvent:
|
||||||
if wm.WebauthNTokenID == e.WebAuthNTokenID {
|
if wm.WebauthNTokenID == e.WebAuthNTokenID {
|
||||||
wm.WriteModel.AppendEvents(e)
|
wm.WriteModel.AppendEvents(&e.HumanWebAuthNRemovedEvent)
|
||||||
}
|
}
|
||||||
case *user.HumanU2FRemovedEvent:
|
case *user.HumanU2FRemovedEvent:
|
||||||
if wm.WebauthNTokenID == e.WebAuthNTokenID {
|
if wm.WebauthNTokenID == e.WebAuthNTokenID {
|
||||||
wm.WriteModel.AppendEvents(e)
|
wm.WriteModel.AppendEvents(&e.HumanWebAuthNRemovedEvent)
|
||||||
}
|
}
|
||||||
case *user.UserRemovedEvent:
|
case *user.UserRemovedEvent:
|
||||||
wm.WriteModel.AppendEvents(e)
|
wm.WriteModel.AppendEvents(e)
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user