TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-07-28 12:43:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: backend fixes (#1452)

Browse Source 
* fix: email change not possible if init state

* fix: email change not possible if init state

* passwordless

Co-authored-by: Livio Amstutz <livio.a@gmail.com>
This commit is contained in:
Fabi 2021-03-22 15:36:59 +01:00 committed by GitHub
parent bd1a3bb6d7
commit c970003c82
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 60 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
internal/api/grpc/auth/passwordless.go
View File

@ -7,6 +7,7 @@ import (
"github.com/caos/zitadel/internal/api/grpc/object" "github.com/caos/zitadel/internal/api/grpc/object"
user_grpc "github.com/caos/zitadel/internal/api/grpc/user" user_grpc "github.com/caos/zitadel/internal/api/grpc/user"
auth_pb "github.com/caos/zitadel/pkg/grpc/auth" auth_pb "github.com/caos/zitadel/pkg/grpc/auth"
user_pb "github.com/caos/zitadel/pkg/grpc/user"
) )
func (s *Server) ListMyPasswordless(ctx context.Context, _ *auth_pb.ListMyPasswordlessRequest) (*auth_pb.ListMyPasswordlessResponse, error) { func (s *Server) ListMyPasswordless(ctx context.Context, _ *auth_pb.ListMyPasswordlessRequest) (*auth_pb.ListMyPasswordlessResponse, error) {
@ -21,16 +22,18 @@ func (s *Server) ListMyPasswordless(ctx context.Context, _ *auth_pb.ListMyPasswo
func (s *Server) AddMyPasswordless(ctx context.Context, _ *auth_pb.AddMyPasswordlessRequest) (*auth_pb.AddMyPasswordlessResponse, error) { func (s *Server) AddMyPasswordless(ctx context.Context, _ *auth_pb.AddMyPasswordlessRequest) (*auth_pb.AddMyPasswordlessResponse, error) {
ctxData := authz.GetCtxData(ctx) ctxData := authz.GetCtxData(ctx)
u2f, err := s.command.HumanAddPasswordlessSetup(ctx, ctxData.UserID, ctxData.ResourceOwner, false) token, err := s.command.HumanAddPasswordlessSetup(ctx, ctxData.UserID, ctxData.ResourceOwner, false)
if err != nil { if err != nil {
return nil, err return nil, err
} }
return &auth_pb.AddMyPasswordlessResponse{ return &auth_pb.AddMyPasswordlessResponse{
Key: user_grpc.WebAuthNTokenToWebAuthNKeyPb(u2f), Key: &user_pb.WebAuthNKey{
PublicKey: token.CredentialCreationData,
},
Details: object.AddToDetailsPb( Details: object.AddToDetailsPb(
u2f.Sequence, token.Sequence,
u2f.ChangeDate, token.ChangeDate,
u2f.ResourceOwner, token.ResourceOwner,
), ),
}, nil }, nil
} }

3
internal/command/user_human_email.go
View File

@ -23,6 +23,9 @@ func (c *Commands) ChangeHumanEmail(ctx context.Context, email *domain.Email) (*
if existingEmail.UserState == domain.UserStateUnspecified || existingEmail.UserState == domain.UserStateDeleted { if existingEmail.UserState == domain.UserStateUnspecified || existingEmail.UserState == domain.UserStateDeleted {
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-0Pe4r", "Errors.User.Email.NotFound") return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-0Pe4r", "Errors.User.Email.NotFound")
} }
if existingEmail.UserState == domain.UserStateInitial {
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-J8dsk", "Errors.User.NotInitialised")
}
userAgg := UserAggregateFromWriteModel(&existingEmail.WriteModel) userAgg := UserAggregateFromWriteModel(&existingEmail.WriteModel)
changedEvent, hasChanged := existingEmail.NewChangedEvent(ctx, userAgg, email.EmailAddress) changedEvent, hasChanged := existingEmail.NewChangedEvent(ctx, userAgg, email.EmailAddress)
if !hasChanged { if !hasChanged {

43
internal/command/user_human_email_test.go
View File

@ -79,6 +79,49 @@ func TestCommandSide_ChangeHumanEmail(t *testing.T) {
err: caos_errs.IsPreconditionFailed, err: caos_errs.IsPreconditionFailed,
}, },
}, },
{
name: "user not initialized, precondition error",
fields: fields{
eventstore: eventstoreExpect(
t,
expectFilter(
eventFromEventPusher(
user.NewHumanAddedEvent(context.Background(),
&user.NewAggregate("user1", "org1").Aggregate,
"username",
"firstname",
"lastname",
"nickname",
"displayname",
language.German,
domain.GenderUnspecified,
"email@test.ch",
true,
),
),
eventFromEventPusher(
user.NewHumanInitialCodeAddedEvent(context.Background(),
&user.NewAggregate("user1", "org1").Aggregate,
nil, time.Hour*1,
),
),
),
),
},
args: args{
ctx: context.Background(),
email: &domain.Email{
ObjectRoot: models.ObjectRoot{
AggregateID: "user1",
},
EmailAddress: "email@test.ch",
},
resourceOwner: "org1",
},
res: res{
err: caos_errs.IsPreconditionFailed,
},
},
{ {
name: "email not changed, precondition error", name: "email not changed, precondition error",
fields: fields{ fields: fields{

12
internal/command/user_human_webauthn_model.go
View File

@ -53,11 +53,11 @@ func (wm *HumanWebAuthNWriteModel) AppendEvents(events ...eventstore.EventReader
} }
case *user.HumanPasswordlessVerifiedEvent: case *user.HumanPasswordlessVerifiedEvent:
if wm.WebauthNTokenID == e.WebAuthNTokenID { if wm.WebauthNTokenID == e.WebAuthNTokenID {
wm.WriteModel.AppendEvents(e) wm.WriteModel.AppendEvents(&e.HumanWebAuthNVerifiedEvent)
} }
case *user.HumanU2FVerifiedEvent: case *user.HumanU2FVerifiedEvent:
if wm.WebauthNTokenID == e.WebAuthNTokenID { if wm.WebauthNTokenID == e.WebAuthNTokenID {
wm.WriteModel.AppendEvents(e) wm.WriteModel.AppendEvents(&e.HumanWebAuthNVerifiedEvent)
} }
case *user.HumanWebAuthNSignCountChangedEvent: case *user.HumanWebAuthNSignCountChangedEvent:
if wm.WebauthNTokenID == e.WebAuthNTokenID { if wm.WebauthNTokenID == e.WebAuthNTokenID {
@ -65,11 +65,11 @@ func (wm *HumanWebAuthNWriteModel) AppendEvents(events ...eventstore.EventReader
} }
case *user.HumanPasswordlessSignCountChangedEvent: case *user.HumanPasswordlessSignCountChangedEvent:
if wm.WebauthNTokenID == e.WebAuthNTokenID { if wm.WebauthNTokenID == e.WebAuthNTokenID {
wm.WriteModel.AppendEvents(e) wm.WriteModel.AppendEvents(&e.HumanWebAuthNSignCountChangedEvent)
} }
case *user.HumanU2FSignCountChangedEvent: case *user.HumanU2FSignCountChangedEvent:
if wm.WebauthNTokenID == e.WebAuthNTokenID { if wm.WebauthNTokenID == e.WebAuthNTokenID {
wm.WriteModel.AppendEvents(e) wm.WriteModel.AppendEvents(&e.HumanWebAuthNSignCountChangedEvent)
} }
case *user.HumanWebAuthNRemovedEvent: case *user.HumanWebAuthNRemovedEvent:
if wm.WebauthNTokenID == e.WebAuthNTokenID { if wm.WebauthNTokenID == e.WebAuthNTokenID {
@ -77,11 +77,11 @@ func (wm *HumanWebAuthNWriteModel) AppendEvents(events ...eventstore.EventReader
} }
case *user.HumanPasswordlessRemovedEvent: case *user.HumanPasswordlessRemovedEvent:
if wm.WebauthNTokenID == e.WebAuthNTokenID { if wm.WebauthNTokenID == e.WebAuthNTokenID {
wm.WriteModel.AppendEvents(e) wm.WriteModel.AppendEvents(&e.HumanWebAuthNRemovedEvent)
} }
case *user.HumanU2FRemovedEvent: case *user.HumanU2FRemovedEvent:
if wm.WebauthNTokenID == e.WebAuthNTokenID { if wm.WebauthNTokenID == e.WebAuthNTokenID {
wm.WriteModel.AppendEvents(e) wm.WriteModel.AppendEvents(&e.HumanWebAuthNRemovedEvent)
} }
case *user.UserRemovedEvent: case *user.UserRemovedEvent:
wm.WriteModel.AppendEvents(e) wm.WriteModel.AppendEvents(e)