mirror of
https://github.com/zitadel/zitadel.git
synced 2025-08-12 01:37:31 +00:00
chore(tests): use a coverage server binary (#8407)
# Which Problems Are Solved Use a single server instance for API integration tests. This optimizes the time taken for the integration test pipeline, because it allows running tests on multiple packages in parallel. Also, it saves time by not start and stopping a zitadel server for every package. # How the Problems Are Solved - Build a binary with `go build -race -cover ....` - Integration tests only construct clients. The server remains running in the background. - The integration package and tested packages now fully utilize the API. No more direct database access trough `query` and `command` packages. - Use Makefile recipes to setup, start and stop the server in the background. - The binary has the race detector enabled - Init and setup jobs are configured to halt immediately on race condition - Because the server runs in the background, races are only logged. When the server is stopped and race logs exist, the Makefile recipe will throw an error and print the logs. - Makefile recipes include logic to print logs and convert coverage reports after the server is stopped. - Some tests need a downstream HTTP server to make requests, like quota and milestones. A new `integration/sink` package creates an HTTP server and uses websockets to forward HTTP request back to the test packages. The package API uses Go channels for abstraction and easy usage. # Additional Changes - Integration test files already used the `//go:build integration` directive. In order to properly split integration from unit tests, integration test files need to be in a `integration_test` subdirectory of their package. - `UseIsolatedInstance` used to overwrite the `Tester.Client` for each instance. Now a `Instance` object is returned with a gRPC client that is connected to the isolated instance's hostname. - The `Tester` type is now `Instance`. The object is created for the first instance, used by default in any test. Isolated instances are also `Instance` objects and therefore benefit from the same methods and values. The first instance and any other us capable of creating an isolated instance over the system API. - All test packages run in an Isolated instance by calling `NewInstance()` - Individual tests that use an isolated instance use `t.Parallel()` # Additional Context - Closes #6684 - https://go.dev/doc/articles/race_detector - https://go.dev/doc/build-cover --------- Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
This commit is contained in:
Tim Möhlmann
@@ -31,7 +31,7 @@ import (
|
||||
var (
|
||||
CTX context.Context
|
||||
IAMOwnerCTX context.Context
|
||||
Tester *integration.Tester
|
||||
Instance *integration.Instance
|
||||
Client session.SessionServiceClient
|
||||
User *user.AddHumanUserResponse
|
||||
DeactivatedUser *user.AddHumanUserResponse
|
||||
@@ -40,15 +40,14 @@ var (
|
||||
|
||||
func TestMain(m *testing.M) {
|
||||
os.Exit(func() int {
|
||||
ctx, errCtx, cancel := integration.Contexts(5 * time.Minute)
|
||||
ctx, cancel := context.WithTimeout(context.Background(), 15*time.Minute)
|
||||
defer cancel()
|
||||
|
||||
Tester = integration.NewTester(ctx)
|
||||
defer Tester.Done()
|
||||
Client = Tester.Client.SessionV2
|
||||
Instance = integration.NewInstance(ctx)
|
||||
Client = Instance.Client.SessionV2
|
||||
|
||||
CTX, _ = Tester.WithAuthorization(ctx, integration.OrgOwner), errCtx
|
||||
IAMOwnerCTX = Tester.WithAuthorization(ctx, integration.IAMOwner)
|
||||
CTX = Instance.WithAuthorization(ctx, integration.UserTypeOrgOwner)
|
||||
IAMOwnerCTX = Instance.WithAuthorization(ctx, integration.UserTypeIAMOwner)
|
||||
User = createFullUser(CTX)
|
||||
DeactivatedUser = createDeactivatedUser(CTX)
|
||||
LockedUser = createLockedUser(CTX)
|
||||
@@ -57,30 +56,30 @@ func TestMain(m *testing.M) {
|
||||
}
|
||||
|
||||
func createFullUser(ctx context.Context) *user.AddHumanUserResponse {
|
||||
userResp := Tester.CreateHumanUser(ctx)
|
||||
Tester.Client.UserV2.VerifyEmail(ctx, &user.VerifyEmailRequest{
|
||||
userResp := Instance.CreateHumanUser(ctx)
|
||||
Instance.Client.UserV2.VerifyEmail(ctx, &user.VerifyEmailRequest{
|
||||
UserId: userResp.GetUserId(),
|
||||
VerificationCode: userResp.GetEmailCode(),
|
||||
})
|
||||
Tester.Client.UserV2.VerifyPhone(ctx, &user.VerifyPhoneRequest{
|
||||
Instance.Client.UserV2.VerifyPhone(ctx, &user.VerifyPhoneRequest{
|
||||
UserId: userResp.GetUserId(),
|
||||
VerificationCode: userResp.GetPhoneCode(),
|
||||
})
|
||||
Tester.SetUserPassword(ctx, userResp.GetUserId(), integration.UserPassword, false)
|
||||
Tester.RegisterUserPasskey(ctx, userResp.GetUserId())
|
||||
Instance.SetUserPassword(ctx, userResp.GetUserId(), integration.UserPassword, false)
|
||||
Instance.RegisterUserPasskey(ctx, userResp.GetUserId())
|
||||
return userResp
|
||||
}
|
||||
|
||||
func createDeactivatedUser(ctx context.Context) *user.AddHumanUserResponse {
|
||||
userResp := Tester.CreateHumanUser(ctx)
|
||||
_, err := Tester.Client.UserV2.DeactivateUser(ctx, &user.DeactivateUserRequest{UserId: userResp.GetUserId()})
|
||||
userResp := Instance.CreateHumanUser(ctx)
|
||||
_, err := Instance.Client.UserV2.DeactivateUser(ctx, &user.DeactivateUserRequest{UserId: userResp.GetUserId()})
|
||||
logging.OnError(err).Fatal("deactivate human user")
|
||||
return userResp
|
||||
}
|
||||
|
||||
func createLockedUser(ctx context.Context) *user.AddHumanUserResponse {
|
||||
userResp := Tester.CreateHumanUser(ctx)
|
||||
_, err := Tester.Client.UserV2.LockUser(ctx, &user.LockUserRequest{UserId: userResp.GetUserId()})
|
||||
userResp := Instance.CreateHumanUser(ctx)
|
||||
_, err := Instance.Client.UserV2.LockUser(ctx, &user.LockUserRequest{UserId: userResp.GetUserId()})
|
||||
logging.OnError(err).Fatal("lock human user")
|
||||
return userResp
|
||||
}
|
||||
@@ -189,7 +188,7 @@ func TestServer_CreateSession(t *testing.T) {
|
||||
want: &session.CreateSessionResponse{
|
||||
Details: &object.Details{
|
||||
ChangeDate: timestamppb.Now(),
|
||||
ResourceOwner: Tester.Instance.InstanceID(),
|
||||
ResourceOwner: Instance.ID(),
|
||||
},
|
||||
},
|
||||
},
|
||||
@@ -209,7 +208,7 @@ func TestServer_CreateSession(t *testing.T) {
|
||||
want: &session.CreateSessionResponse{
|
||||
Details: &object.Details{
|
||||
ChangeDate: timestamppb.Now(),
|
||||
ResourceOwner: Tester.Instance.InstanceID(),
|
||||
ResourceOwner: Instance.ID(),
|
||||
},
|
||||
},
|
||||
wantUserAgent: &session.UserAgent{
|
||||
@@ -238,7 +237,7 @@ func TestServer_CreateSession(t *testing.T) {
|
||||
want: &session.CreateSessionResponse{
|
||||
Details: &object.Details{
|
||||
ChangeDate: timestamppb.Now(),
|
||||
ResourceOwner: Tester.Instance.InstanceID(),
|
||||
ResourceOwner: Instance.ID(),
|
||||
},
|
||||
},
|
||||
wantExpirationWindow: 5 * time.Minute,
|
||||
@@ -258,7 +257,7 @@ func TestServer_CreateSession(t *testing.T) {
|
||||
want: &session.CreateSessionResponse{
|
||||
Details: &object.Details{
|
||||
ChangeDate: timestamppb.Now(),
|
||||
ResourceOwner: Tester.Instance.InstanceID(),
|
||||
ResourceOwner: Instance.ID(),
|
||||
},
|
||||
},
|
||||
wantFactors: []wantFactor{wantUserFactor},
|
||||
@@ -305,7 +304,7 @@ func TestServer_CreateSession(t *testing.T) {
|
||||
req: &session.CreateSessionRequest{
|
||||
Challenges: &session.RequestChallenges{
|
||||
WebAuthN: &session.RequestChallenges_WebAuthN{
|
||||
Domain: Tester.Config.ExternalDomain,
|
||||
Domain: Instance.Domain,
|
||||
UserVerificationRequirement: session.UserVerificationRequirement_USER_VERIFICATION_REQUIREMENT_REQUIRED,
|
||||
},
|
||||
},
|
||||
@@ -348,17 +347,17 @@ func TestServer_CreateSession(t *testing.T) {
|
||||
|
||||
func TestServer_CreateSession_lock_user(t *testing.T) {
|
||||
// create a separate org so we don't interfere with any other test
|
||||
org := Tester.CreateOrganization(IAMOwnerCTX,
|
||||
org := Instance.CreateOrganization(IAMOwnerCTX,
|
||||
fmt.Sprintf("TestServer_CreateSession_lock_user_%d", time.Now().UnixNano()),
|
||||
fmt.Sprintf("%d@mouse.com", time.Now().UnixNano()),
|
||||
)
|
||||
userID := org.CreatedAdmins[0].GetUserId()
|
||||
Tester.SetUserPassword(IAMOwnerCTX, userID, integration.UserPassword, false)
|
||||
Instance.SetUserPassword(IAMOwnerCTX, userID, integration.UserPassword, false)
|
||||
|
||||
// enable password lockout
|
||||
maxAttempts := 2
|
||||
ctxOrg := metadata.AppendToOutgoingContext(IAMOwnerCTX, "x-zitadel-orgid", org.GetOrganizationId())
|
||||
_, err := Tester.Client.Mgmt.AddCustomLockoutPolicy(ctxOrg, &mgmt.AddCustomLockoutPolicyRequest{
|
||||
_, err := Instance.Client.Mgmt.AddCustomLockoutPolicy(ctxOrg, &mgmt.AddCustomLockoutPolicyRequest{
|
||||
MaxPasswordAttempts: uint32(maxAttempts),
|
||||
})
|
||||
require.NoError(t, err)
|
||||
@@ -400,7 +399,7 @@ func TestServer_CreateSession_webauthn(t *testing.T) {
|
||||
},
|
||||
Challenges: &session.RequestChallenges{
|
||||
WebAuthN: &session.RequestChallenges_WebAuthN{
|
||||
Domain: Tester.Config.ExternalDomain,
|
||||
Domain: Instance.Domain,
|
||||
UserVerificationRequirement: session.UserVerificationRequirement_USER_VERIFICATION_REQUIREMENT_REQUIRED,
|
||||
},
|
||||
},
|
||||
@@ -408,7 +407,7 @@ func TestServer_CreateSession_webauthn(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
verifyCurrentSession(t, createResp.GetSessionId(), createResp.GetSessionToken(), createResp.GetDetails().GetSequence(), time.Minute, nil, nil, 0, User.GetUserId())
|
||||
|
||||
assertionData, err := Tester.WebAuthN.CreateAssertionResponse(createResp.GetChallenges().GetWebAuthN().GetPublicKeyCredentialRequestOptions(), true)
|
||||
assertionData, err := Instance.WebAuthN.CreateAssertionResponse(createResp.GetChallenges().GetWebAuthN().GetPublicKeyCredentialRequestOptions(), true)
|
||||
require.NoError(t, err)
|
||||
|
||||
// update the session with webauthn assertion data
|
||||
@@ -424,8 +423,9 @@ func TestServer_CreateSession_webauthn(t *testing.T) {
|
||||
verifyCurrentSession(t, createResp.GetSessionId(), updateResp.GetSessionToken(), updateResp.GetDetails().GetSequence(), time.Minute, nil, nil, 0, User.GetUserId(), wantUserFactor, wantWebAuthNFactorUserVerified)
|
||||
}
|
||||
|
||||
/*
|
||||
func TestServer_CreateSession_successfulIntent(t *testing.T) {
|
||||
idpID := Tester.AddGenericOAuthProvider(t, CTX)
|
||||
idpID := Instance.AddGenericOAuthProvider(t, CTX)
|
||||
createResp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{
|
||||
Checks: &session.Checks{
|
||||
User: &session.CheckUser{
|
||||
@@ -438,7 +438,7 @@ func TestServer_CreateSession_successfulIntent(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
verifyCurrentSession(t, createResp.GetSessionId(), createResp.GetSessionToken(), createResp.GetDetails().GetSequence(), time.Minute, nil, nil, 0, User.GetUserId())
|
||||
|
||||
intentID, token, _, _ := Tester.CreateSuccessfulOAuthIntent(t, CTX, idpID, User.GetUserId(), "id")
|
||||
intentID, token, _, _ := Instance.CreateSuccessfulOAuthIntent(t, CTX, idpID, User.GetUserId(), "id")
|
||||
updateResp, err := Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Checks: &session.Checks{
|
||||
@@ -453,9 +453,9 @@ func TestServer_CreateSession_successfulIntent(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestServer_CreateSession_successfulIntent_instant(t *testing.T) {
|
||||
idpID := Tester.AddGenericOAuthProvider(t, CTX)
|
||||
idpID := Instance.AddGenericOAuthProvider(t, CTX)
|
||||
|
||||
intentID, token, _, _ := Tester.CreateSuccessfulOAuthIntent(t, CTX, idpID, User.GetUserId(), "id")
|
||||
intentID, token, _, _ := Instance.CreateSuccessfulOAuthIntent(t, CTX, idpID, User.GetUserId(), "id")
|
||||
createResp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{
|
||||
Checks: &session.Checks{
|
||||
User: &session.CheckUser{
|
||||
@@ -474,14 +474,14 @@ func TestServer_CreateSession_successfulIntent_instant(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestServer_CreateSession_successfulIntentUnknownUserID(t *testing.T) {
|
||||
idpID := Tester.AddGenericOAuthProvider(t, CTX)
|
||||
idpID := Instance.AddGenericOAuthProvider(t, CTX)
|
||||
|
||||
// successful intent without known / linked user
|
||||
idpUserID := "id"
|
||||
intentID, token, _, _ := Tester.CreateSuccessfulOAuthIntent(t, CTX, idpID, "", idpUserID)
|
||||
intentID, token, _, _ := Instance.CreateSuccessfulOAuthIntent(t, CTX, idpID, "", idpUserID)
|
||||
|
||||
// link the user (with info from intent)
|
||||
Tester.CreateUserIDPlink(CTX, User.GetUserId(), idpUserID, idpID, User.GetUserId())
|
||||
Instance.CreateUserIDPlink(CTX, User.GetUserId(), idpUserID, idpID, User.GetUserId())
|
||||
|
||||
// session with intent check must now succeed
|
||||
createResp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{
|
||||
@@ -502,7 +502,7 @@ func TestServer_CreateSession_successfulIntentUnknownUserID(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestServer_CreateSession_startedIntentFalseToken(t *testing.T) {
|
||||
idpID := Tester.AddGenericOAuthProvider(t, CTX)
|
||||
idpID := Instance.AddGenericOAuthProvider(t, CTX)
|
||||
|
||||
createResp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{
|
||||
Checks: &session.Checks{
|
||||
@@ -516,7 +516,7 @@ func TestServer_CreateSession_startedIntentFalseToken(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
verifyCurrentSession(t, createResp.GetSessionId(), createResp.GetSessionToken(), createResp.GetDetails().GetSequence(), time.Minute, nil, nil, 0, User.GetUserId())
|
||||
|
||||
intentID := Tester.CreateIntent(t, CTX, idpID)
|
||||
intentID := Instance.CreateIntent(t, CTX, idpID)
|
||||
_, err = Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Checks: &session.Checks{
|
||||
@@ -528,9 +528,10 @@ func TestServer_CreateSession_startedIntentFalseToken(t *testing.T) {
|
||||
})
|
||||
require.Error(t, err)
|
||||
}
|
||||
*/
|
||||
|
||||
func registerTOTP(ctx context.Context, t *testing.T, userID string) (secret string) {
|
||||
resp, err := Tester.Client.UserV2.RegisterTOTP(ctx, &user.RegisterTOTPRequest{
|
||||
resp, err := Instance.Client.UserV2.RegisterTOTP(ctx, &user.RegisterTOTPRequest{
|
||||
UserId: userID,
|
||||
})
|
||||
require.NoError(t, err)
|
||||
@@ -538,7 +539,7 @@ func registerTOTP(ctx context.Context, t *testing.T, userID string) (secret stri
|
||||
code, err := totp.GenerateCode(secret, time.Now())
|
||||
require.NoError(t, err)
|
||||
|
||||
_, err = Tester.Client.UserV2.VerifyTOTPRegistration(ctx, &user.VerifyTOTPRegistrationRequest{
|
||||
_, err = Instance.Client.UserV2.VerifyTOTPRegistration(ctx, &user.VerifyTOTPRegistrationRequest{
|
||||
UserId: userID,
|
||||
Code: code,
|
||||
})
|
||||
@@ -547,14 +548,14 @@ func registerTOTP(ctx context.Context, t *testing.T, userID string) (secret stri
|
||||
}
|
||||
|
||||
func registerOTPSMS(ctx context.Context, t *testing.T, userID string) {
|
||||
_, err := Tester.Client.UserV2.AddOTPSMS(ctx, &user.AddOTPSMSRequest{
|
||||
_, err := Instance.Client.UserV2.AddOTPSMS(ctx, &user.AddOTPSMSRequest{
|
||||
UserId: userID,
|
||||
})
|
||||
require.NoError(t, err)
|
||||
}
|
||||
|
||||
func registerOTPEmail(ctx context.Context, t *testing.T, userID string) {
|
||||
_, err := Tester.Client.UserV2.AddOTPEmail(ctx, &user.AddOTPEmailRequest{
|
||||
_, err := Instance.Client.UserV2.AddOTPEmail(ctx, &user.AddOTPEmailRequest{
|
||||
UserId: userID,
|
||||
})
|
||||
require.NoError(t, err)
|
||||
@@ -590,7 +591,7 @@ func TestServer_SetSession_flow_totp(t *testing.T) {
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Challenges: &session.RequestChallenges{
|
||||
WebAuthN: &session.RequestChallenges_WebAuthN{
|
||||
Domain: Tester.Config.ExternalDomain,
|
||||
Domain: Instance.Domain,
|
||||
UserVerificationRequirement: session.UserVerificationRequirement_USER_VERIFICATION_REQUIREMENT_REQUIRED,
|
||||
},
|
||||
},
|
||||
@@ -599,7 +600,7 @@ func TestServer_SetSession_flow_totp(t *testing.T) {
|
||||
verifyCurrentSession(t, createResp.GetSessionId(), resp.GetSessionToken(), resp.GetDetails().GetSequence(), time.Minute, nil, nil, 0, userExisting.GetUserId())
|
||||
sessionToken = resp.GetSessionToken()
|
||||
|
||||
assertionData, err := Tester.WebAuthN.CreateAssertionResponse(resp.GetChallenges().GetWebAuthN().GetPublicKeyCredentialRequestOptions(), true)
|
||||
assertionData, err := Instance.WebAuthN.CreateAssertionResponse(resp.GetChallenges().GetWebAuthN().GetPublicKeyCredentialRequestOptions(), true)
|
||||
require.NoError(t, err)
|
||||
|
||||
resp, err = Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
@@ -615,8 +616,8 @@ func TestServer_SetSession_flow_totp(t *testing.T) {
|
||||
verifyCurrentSession(t, createResp.GetSessionId(), sessionToken, resp.GetDetails().GetSequence(), time.Minute, nil, nil, 0, userExisting.GetUserId(), wantUserFactor, wantWebAuthNFactorUserVerified)
|
||||
})
|
||||
|
||||
userAuthCtx := Tester.WithAuthorizationToken(CTX, sessionToken)
|
||||
Tester.RegisterUserU2F(userAuthCtx, userExisting.GetUserId())
|
||||
userAuthCtx := integration.WithAuthorizationToken(CTX, sessionToken)
|
||||
Instance.RegisterUserU2F(userAuthCtx, userExisting.GetUserId())
|
||||
totpSecret := registerTOTP(userAuthCtx, t, userExisting.GetUserId())
|
||||
registerOTPSMS(userAuthCtx, t, userExisting.GetUserId())
|
||||
registerOTPEmail(userAuthCtx, t, userExisting.GetUserId())
|
||||
@@ -637,7 +638,7 @@ func TestServer_SetSession_flow_totp(t *testing.T) {
|
||||
verifyCurrentSession(t, createResp.GetSessionId(), sessionToken, resp.GetDetails().GetSequence(), time.Minute, nil, nil, 0, userExisting.GetUserId(), wantUserFactor, wantTOTPFactor)
|
||||
})
|
||||
|
||||
userImport := Tester.CreateHumanUserWithTOTP(CTX, totpSecret)
|
||||
userImport := Instance.CreateHumanUserWithTOTP(CTX, totpSecret)
|
||||
createRespImport, err := Client.CreateSession(CTX, &session.CreateSessionRequest{})
|
||||
require.NoError(t, err)
|
||||
sessionTokenImport := createRespImport.GetSessionToken()
|
||||
@@ -703,7 +704,7 @@ func TestServer_SetSession_flow(t *testing.T) {
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Challenges: &session.RequestChallenges{
|
||||
WebAuthN: &session.RequestChallenges_WebAuthN{
|
||||
Domain: Tester.Config.ExternalDomain,
|
||||
Domain: Instance.Domain,
|
||||
UserVerificationRequirement: session.UserVerificationRequirement_USER_VERIFICATION_REQUIREMENT_REQUIRED,
|
||||
},
|
||||
},
|
||||
@@ -712,7 +713,7 @@ func TestServer_SetSession_flow(t *testing.T) {
|
||||
verifyCurrentSession(t, createResp.GetSessionId(), resp.GetSessionToken(), resp.GetDetails().GetSequence(), time.Minute, nil, nil, 0, User.GetUserId())
|
||||
sessionToken = resp.GetSessionToken()
|
||||
|
||||
assertionData, err := Tester.WebAuthN.CreateAssertionResponse(resp.GetChallenges().GetWebAuthN().GetPublicKeyCredentialRequestOptions(), true)
|
||||
assertionData, err := Instance.WebAuthN.CreateAssertionResponse(resp.GetChallenges().GetWebAuthN().GetPublicKeyCredentialRequestOptions(), true)
|
||||
require.NoError(t, err)
|
||||
|
||||
resp, err = Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
@@ -728,8 +729,8 @@ func TestServer_SetSession_flow(t *testing.T) {
|
||||
verifyCurrentSession(t, createResp.GetSessionId(), sessionToken, resp.GetDetails().GetSequence(), time.Minute, nil, nil, 0, User.GetUserId(), wantUserFactor, wantWebAuthNFactorUserVerified)
|
||||
})
|
||||
|
||||
userAuthCtx := Tester.WithAuthorizationToken(CTX, sessionToken)
|
||||
Tester.RegisterUserU2F(userAuthCtx, User.GetUserId())
|
||||
userAuthCtx := integration.WithAuthorizationToken(CTX, sessionToken)
|
||||
Instance.RegisterUserU2F(userAuthCtx, User.GetUserId())
|
||||
totpSecret := registerTOTP(userAuthCtx, t, User.GetUserId())
|
||||
registerOTPSMS(userAuthCtx, t, User.GetUserId())
|
||||
registerOTPEmail(userAuthCtx, t, User.GetUserId())
|
||||
@@ -745,7 +746,7 @@ func TestServer_SetSession_flow(t *testing.T) {
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Challenges: &session.RequestChallenges{
|
||||
WebAuthN: &session.RequestChallenges_WebAuthN{
|
||||
Domain: Tester.Config.ExternalDomain,
|
||||
Domain: Instance.Domain,
|
||||
UserVerificationRequirement: userVerificationRequirement,
|
||||
},
|
||||
},
|
||||
@@ -754,7 +755,7 @@ func TestServer_SetSession_flow(t *testing.T) {
|
||||
verifyCurrentSession(t, createResp.GetSessionId(), resp.GetSessionToken(), resp.GetDetails().GetSequence(), time.Minute, nil, nil, 0, User.GetUserId())
|
||||
sessionToken = resp.GetSessionToken()
|
||||
|
||||
assertionData, err := Tester.WebAuthN.CreateAssertionResponse(resp.GetChallenges().GetWebAuthN().GetPublicKeyCredentialRequestOptions(), false)
|
||||
assertionData, err := Instance.WebAuthN.CreateAssertionResponse(resp.GetChallenges().GetWebAuthN().GetPublicKeyCredentialRequestOptions(), false)
|
||||
require.NoError(t, err)
|
||||
|
||||
resp, err = Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
@@ -852,7 +853,7 @@ func TestServer_SetSession_expired(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
|
||||
// test session token works
|
||||
_, err = Tester.Client.SessionV2.SetSession(CTX, &session.SetSessionRequest{
|
||||
_, err = Instance.Client.SessionV2.SetSession(CTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Lifetime: durationpb.New(20 * time.Second),
|
||||
})
|
||||
@@ -886,13 +887,13 @@ func TestServer_DeleteSession_token(t *testing.T) {
|
||||
|
||||
func TestServer_DeleteSession_own_session(t *testing.T) {
|
||||
// create two users for the test and a session each to get tokens for authorization
|
||||
user1 := Tester.CreateHumanUser(CTX)
|
||||
Tester.SetUserPassword(CTX, user1.GetUserId(), integration.UserPassword, false)
|
||||
_, token1, _, _ := Tester.CreatePasswordSession(t, CTX, user1.GetUserId(), integration.UserPassword)
|
||||
user1 := Instance.CreateHumanUser(CTX)
|
||||
Instance.SetUserPassword(CTX, user1.GetUserId(), integration.UserPassword, false)
|
||||
_, token1, _, _ := Instance.CreatePasswordSession(t, CTX, user1.GetUserId(), integration.UserPassword)
|
||||
|
||||
user2 := Tester.CreateHumanUser(CTX)
|
||||
Tester.SetUserPassword(CTX, user2.GetUserId(), integration.UserPassword, false)
|
||||
_, token2, _, _ := Tester.CreatePasswordSession(t, CTX, user2.GetUserId(), integration.UserPassword)
|
||||
user2 := Instance.CreateHumanUser(CTX)
|
||||
Instance.SetUserPassword(CTX, user2.GetUserId(), integration.UserPassword, false)
|
||||
_, token2, _, _ := Instance.CreatePasswordSession(t, CTX, user2.GetUserId(), integration.UserPassword)
|
||||
|
||||
// create a new session for the first user
|
||||
createResp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{
|
||||
@@ -907,13 +908,13 @@ func TestServer_DeleteSession_own_session(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
|
||||
// delete the new (user1) session must not be possible with user (has no permission)
|
||||
_, err = Client.DeleteSession(Tester.WithAuthorizationToken(context.Background(), token2), &session.DeleteSessionRequest{
|
||||
_, err = Client.DeleteSession(integration.WithAuthorizationToken(context.Background(), token2), &session.DeleteSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
})
|
||||
require.Error(t, err)
|
||||
|
||||
// delete the new (user1) session by themselves
|
||||
_, err = Client.DeleteSession(Tester.WithAuthorizationToken(context.Background(), token1), &session.DeleteSessionRequest{
|
||||
_, err = Client.DeleteSession(integration.WithAuthorizationToken(context.Background(), token1), &session.DeleteSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
})
|
||||
require.NoError(t, err)
|
||||
@@ -932,7 +933,7 @@ func TestServer_DeleteSession_with_permission(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
|
||||
// delete the new session by ORG_OWNER
|
||||
_, err = Client.DeleteSession(Tester.WithAuthorization(context.Background(), integration.OrgOwner), &session.DeleteSessionRequest{
|
||||
_, err = Client.DeleteSession(Instance.WithAuthorization(context.Background(), integration.UserTypeOrgOwner), &session.DeleteSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
})
|
||||
require.NoError(t, err)
|
||||
@@ -950,9 +951,9 @@ func Test_ZITADEL_API_missing_authentication(t *testing.T) {
|
||||
}
|
||||
|
||||
func Test_ZITADEL_API_success(t *testing.T) {
|
||||
id, token, _, _ := Tester.CreateVerifiedWebAuthNSession(t, CTX, User.GetUserId())
|
||||
id, token, _, _ := Instance.CreateVerifiedWebAuthNSession(t, CTX, User.GetUserId())
|
||||
|
||||
ctx := Tester.WithAuthorizationToken(context.Background(), token)
|
||||
ctx := integration.WithAuthorizationToken(context.Background(), token)
|
||||
sessionResp, err := Client.GetSession(ctx, &session.GetSessionRequest{SessionId: id})
|
||||
require.NoError(t, err)
|
||||
|
||||
@@ -962,10 +963,10 @@ func Test_ZITADEL_API_success(t *testing.T) {
|
||||
}
|
||||
|
||||
func Test_ZITADEL_API_session_not_found(t *testing.T) {
|
||||
id, token, _, _ := Tester.CreateVerifiedWebAuthNSession(t, CTX, User.GetUserId())
|
||||
id, token, _, _ := Instance.CreateVerifiedWebAuthNSession(t, CTX, User.GetUserId())
|
||||
|
||||
// test session token works
|
||||
ctx := Tester.WithAuthorizationToken(context.Background(), token)
|
||||
ctx := integration.WithAuthorizationToken(context.Background(), token)
|
||||
_, err := Client.GetSession(ctx, &session.GetSessionRequest{SessionId: id})
|
||||
require.NoError(t, err)
|
||||
|
||||
@@ -975,16 +976,16 @@ func Test_ZITADEL_API_session_not_found(t *testing.T) {
|
||||
SessionToken: gu.Ptr(token),
|
||||
})
|
||||
require.NoError(t, err)
|
||||
ctx = Tester.WithAuthorizationToken(context.Background(), token)
|
||||
ctx = integration.WithAuthorizationToken(context.Background(), token)
|
||||
_, err = Client.GetSession(ctx, &session.GetSessionRequest{SessionId: id})
|
||||
require.Error(t, err)
|
||||
}
|
||||
|
||||
func Test_ZITADEL_API_session_expired(t *testing.T) {
|
||||
id, token, _, _ := Tester.CreateVerifiedWebAuthNSessionWithLifetime(t, CTX, User.GetUserId(), 20*time.Second)
|
||||
id, token, _, _ := Instance.CreateVerifiedWebAuthNSessionWithLifetime(t, CTX, User.GetUserId(), 20*time.Second)
|
||||
|
||||
// test session token works
|
||||
ctx := Tester.WithAuthorizationToken(context.Background(), token)
|
||||
ctx := integration.WithAuthorizationToken(context.Background(), token)
|
||||
_, err := Client.GetSession(ctx, &session.GetSessionRequest{SessionId: id})
|
||||
require.NoError(t, err)
|
||||
|
||||
@@ -31,7 +31,7 @@ import (
|
||||
var (
|
||||
CTX context.Context
|
||||
IAMOwnerCTX context.Context
|
||||
Tester *integration.Tester
|
||||
Instance *integration.Instance
|
||||
Client session.SessionServiceClient
|
||||
User *user.AddHumanUserResponse
|
||||
DeactivatedUser *user.AddHumanUserResponse
|
||||
@@ -40,15 +40,14 @@ var (
|
||||
|
||||
func TestMain(m *testing.M) {
|
||||
os.Exit(func() int {
|
||||
ctx, errCtx, cancel := integration.Contexts(5 * time.Minute)
|
||||
ctx, cancel := context.WithTimeout(context.Background(), 15*time.Minute)
|
||||
defer cancel()
|
||||
|
||||
Tester = integration.NewTester(ctx)
|
||||
defer Tester.Done()
|
||||
Client = Tester.Client.SessionV2beta
|
||||
Instance = integration.NewInstance(ctx)
|
||||
Client = Instance.Client.SessionV2beta
|
||||
|
||||
CTX, _ = Tester.WithAuthorization(ctx, integration.OrgOwner), errCtx
|
||||
IAMOwnerCTX = Tester.WithAuthorization(ctx, integration.IAMOwner)
|
||||
CTX = Instance.WithAuthorization(ctx, integration.UserTypeOrgOwner)
|
||||
IAMOwnerCTX = Instance.WithAuthorization(ctx, integration.UserTypeIAMOwner)
|
||||
User = createFullUser(CTX)
|
||||
DeactivatedUser = createDeactivatedUser(CTX)
|
||||
LockedUser = createLockedUser(CTX)
|
||||
@@ -57,30 +56,30 @@ func TestMain(m *testing.M) {
|
||||
}
|
||||
|
||||
func createFullUser(ctx context.Context) *user.AddHumanUserResponse {
|
||||
userResp := Tester.CreateHumanUser(ctx)
|
||||
Tester.Client.UserV2.VerifyEmail(ctx, &user.VerifyEmailRequest{
|
||||
userResp := Instance.CreateHumanUser(ctx)
|
||||
Instance.Client.UserV2.VerifyEmail(ctx, &user.VerifyEmailRequest{
|
||||
UserId: userResp.GetUserId(),
|
||||
VerificationCode: userResp.GetEmailCode(),
|
||||
})
|
||||
Tester.Client.UserV2.VerifyPhone(ctx, &user.VerifyPhoneRequest{
|
||||
Instance.Client.UserV2.VerifyPhone(ctx, &user.VerifyPhoneRequest{
|
||||
UserId: userResp.GetUserId(),
|
||||
VerificationCode: userResp.GetPhoneCode(),
|
||||
})
|
||||
Tester.SetUserPassword(ctx, userResp.GetUserId(), integration.UserPassword, false)
|
||||
Tester.RegisterUserPasskey(ctx, userResp.GetUserId())
|
||||
Instance.SetUserPassword(ctx, userResp.GetUserId(), integration.UserPassword, false)
|
||||
Instance.RegisterUserPasskey(ctx, userResp.GetUserId())
|
||||
return userResp
|
||||
}
|
||||
|
||||
func createDeactivatedUser(ctx context.Context) *user.AddHumanUserResponse {
|
||||
userResp := Tester.CreateHumanUser(ctx)
|
||||
_, err := Tester.Client.UserV2.DeactivateUser(ctx, &user.DeactivateUserRequest{UserId: userResp.GetUserId()})
|
||||
userResp := Instance.CreateHumanUser(ctx)
|
||||
_, err := Instance.Client.UserV2.DeactivateUser(ctx, &user.DeactivateUserRequest{UserId: userResp.GetUserId()})
|
||||
logging.OnError(err).Fatal("deactivate human user")
|
||||
return userResp
|
||||
}
|
||||
|
||||
func createLockedUser(ctx context.Context) *user.AddHumanUserResponse {
|
||||
userResp := Tester.CreateHumanUser(ctx)
|
||||
_, err := Tester.Client.UserV2.LockUser(ctx, &user.LockUserRequest{UserId: userResp.GetUserId()})
|
||||
userResp := Instance.CreateHumanUser(ctx)
|
||||
_, err := Instance.Client.UserV2.LockUser(ctx, &user.LockUserRequest{UserId: userResp.GetUserId()})
|
||||
logging.OnError(err).Fatal("lock human user")
|
||||
return userResp
|
||||
}
|
||||
@@ -189,7 +188,7 @@ func TestServer_CreateSession(t *testing.T) {
|
||||
want: &session.CreateSessionResponse{
|
||||
Details: &object.Details{
|
||||
ChangeDate: timestamppb.Now(),
|
||||
ResourceOwner: Tester.Instance.InstanceID(),
|
||||
ResourceOwner: Instance.ID(),
|
||||
},
|
||||
},
|
||||
},
|
||||
@@ -209,7 +208,7 @@ func TestServer_CreateSession(t *testing.T) {
|
||||
want: &session.CreateSessionResponse{
|
||||
Details: &object.Details{
|
||||
ChangeDate: timestamppb.Now(),
|
||||
ResourceOwner: Tester.Instance.InstanceID(),
|
||||
ResourceOwner: Instance.ID(),
|
||||
},
|
||||
},
|
||||
wantUserAgent: &session.UserAgent{
|
||||
@@ -238,7 +237,7 @@ func TestServer_CreateSession(t *testing.T) {
|
||||
want: &session.CreateSessionResponse{
|
||||
Details: &object.Details{
|
||||
ChangeDate: timestamppb.Now(),
|
||||
ResourceOwner: Tester.Instance.InstanceID(),
|
||||
ResourceOwner: Instance.ID(),
|
||||
},
|
||||
},
|
||||
wantExpirationWindow: 5 * time.Minute,
|
||||
@@ -258,7 +257,7 @@ func TestServer_CreateSession(t *testing.T) {
|
||||
want: &session.CreateSessionResponse{
|
||||
Details: &object.Details{
|
||||
ChangeDate: timestamppb.Now(),
|
||||
ResourceOwner: Tester.Instance.InstanceID(),
|
||||
ResourceOwner: Instance.ID(),
|
||||
},
|
||||
},
|
||||
wantFactors: []wantFactor{wantUserFactor},
|
||||
@@ -305,7 +304,7 @@ func TestServer_CreateSession(t *testing.T) {
|
||||
req: &session.CreateSessionRequest{
|
||||
Challenges: &session.RequestChallenges{
|
||||
WebAuthN: &session.RequestChallenges_WebAuthN{
|
||||
Domain: Tester.Config.ExternalDomain,
|
||||
Domain: Instance.Domain,
|
||||
UserVerificationRequirement: session.UserVerificationRequirement_USER_VERIFICATION_REQUIREMENT_REQUIRED,
|
||||
},
|
||||
},
|
||||
@@ -348,17 +347,17 @@ func TestServer_CreateSession(t *testing.T) {
|
||||
|
||||
func TestServer_CreateSession_lock_user(t *testing.T) {
|
||||
// create a separate org so we don't interfere with any other test
|
||||
org := Tester.CreateOrganization(IAMOwnerCTX,
|
||||
org := Instance.CreateOrganization(IAMOwnerCTX,
|
||||
fmt.Sprintf("TestServer_CreateSession_lock_user_%d", time.Now().UnixNano()),
|
||||
fmt.Sprintf("%d@mouse.com", time.Now().UnixNano()),
|
||||
)
|
||||
userID := org.CreatedAdmins[0].GetUserId()
|
||||
Tester.SetUserPassword(IAMOwnerCTX, userID, integration.UserPassword, false)
|
||||
Instance.SetUserPassword(IAMOwnerCTX, userID, integration.UserPassword, false)
|
||||
|
||||
// enable password lockout
|
||||
maxAttempts := 2
|
||||
ctxOrg := metadata.AppendToOutgoingContext(IAMOwnerCTX, "x-zitadel-orgid", org.GetOrganizationId())
|
||||
_, err := Tester.Client.Mgmt.AddCustomLockoutPolicy(ctxOrg, &mgmt.AddCustomLockoutPolicyRequest{
|
||||
_, err := Instance.Client.Mgmt.AddCustomLockoutPolicy(ctxOrg, &mgmt.AddCustomLockoutPolicyRequest{
|
||||
MaxPasswordAttempts: uint32(maxAttempts),
|
||||
})
|
||||
require.NoError(t, err)
|
||||
@@ -400,7 +399,7 @@ func TestServer_CreateSession_webauthn(t *testing.T) {
|
||||
},
|
||||
Challenges: &session.RequestChallenges{
|
||||
WebAuthN: &session.RequestChallenges_WebAuthN{
|
||||
Domain: Tester.Config.ExternalDomain,
|
||||
Domain: Instance.Domain,
|
||||
UserVerificationRequirement: session.UserVerificationRequirement_USER_VERIFICATION_REQUIREMENT_REQUIRED,
|
||||
},
|
||||
},
|
||||
@@ -408,7 +407,7 @@ func TestServer_CreateSession_webauthn(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
verifyCurrentSession(t, createResp.GetSessionId(), createResp.GetSessionToken(), createResp.GetDetails().GetSequence(), time.Minute, nil, nil, 0, User.GetUserId())
|
||||
|
||||
assertionData, err := Tester.WebAuthN.CreateAssertionResponse(createResp.GetChallenges().GetWebAuthN().GetPublicKeyCredentialRequestOptions(), true)
|
||||
assertionData, err := Instance.WebAuthN.CreateAssertionResponse(createResp.GetChallenges().GetWebAuthN().GetPublicKeyCredentialRequestOptions(), true)
|
||||
require.NoError(t, err)
|
||||
|
||||
// update the session with webauthn assertion data
|
||||
@@ -424,8 +423,9 @@ func TestServer_CreateSession_webauthn(t *testing.T) {
|
||||
verifyCurrentSession(t, createResp.GetSessionId(), updateResp.GetSessionToken(), updateResp.GetDetails().GetSequence(), time.Minute, nil, nil, 0, User.GetUserId(), wantUserFactor, wantWebAuthNFactorUserVerified)
|
||||
}
|
||||
|
||||
/*
|
||||
func TestServer_CreateSession_successfulIntent(t *testing.T) {
|
||||
idpID := Tester.AddGenericOAuthProvider(t, CTX)
|
||||
idpID := Instance.AddGenericOAuthProvider(t, CTX)
|
||||
createResp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{
|
||||
Checks: &session.Checks{
|
||||
User: &session.CheckUser{
|
||||
@@ -438,7 +438,7 @@ func TestServer_CreateSession_successfulIntent(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
verifyCurrentSession(t, createResp.GetSessionId(), createResp.GetSessionToken(), createResp.GetDetails().GetSequence(), time.Minute, nil, nil, 0, User.GetUserId())
|
||||
|
||||
intentID, token, _, _ := Tester.CreateSuccessfulOAuthIntent(t, CTX, idpID, User.GetUserId(), "id")
|
||||
intentID, token, _, _ := Instance.CreateSuccessfulOAuthIntent(t, CTX, idpID, User.GetUserId(), "id")
|
||||
updateResp, err := Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Checks: &session.Checks{
|
||||
@@ -453,9 +453,9 @@ func TestServer_CreateSession_successfulIntent(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestServer_CreateSession_successfulIntent_instant(t *testing.T) {
|
||||
idpID := Tester.AddGenericOAuthProvider(t, CTX)
|
||||
idpID := Instance.AddGenericOAuthProvider(t, CTX)
|
||||
|
||||
intentID, token, _, _ := Tester.CreateSuccessfulOAuthIntent(t, CTX, idpID, User.GetUserId(), "id")
|
||||
intentID, token, _, _ := Instance.CreateSuccessfulOAuthIntent(t, CTX, idpID, User.GetUserId(), "id")
|
||||
createResp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{
|
||||
Checks: &session.Checks{
|
||||
User: &session.CheckUser{
|
||||
@@ -474,14 +474,14 @@ func TestServer_CreateSession_successfulIntent_instant(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestServer_CreateSession_successfulIntentUnknownUserID(t *testing.T) {
|
||||
idpID := Tester.AddGenericOAuthProvider(t, CTX)
|
||||
idpID := Instance.AddGenericOAuthProvider(t, CTX)
|
||||
|
||||
// successful intent without known / linked user
|
||||
idpUserID := "id"
|
||||
intentID, token, _, _ := Tester.CreateSuccessfulOAuthIntent(t, CTX, idpID, "", idpUserID)
|
||||
intentID, token, _, _ := Instance.CreateSuccessfulOAuthIntent(t, CTX, idpID, "", idpUserID)
|
||||
|
||||
// link the user (with info from intent)
|
||||
Tester.CreateUserIDPlink(CTX, User.GetUserId(), idpUserID, idpID, User.GetUserId())
|
||||
Instance.CreateUserIDPlink(CTX, User.GetUserId(), idpUserID, idpID, User.GetUserId())
|
||||
|
||||
// session with intent check must now succeed
|
||||
createResp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{
|
||||
@@ -502,7 +502,7 @@ func TestServer_CreateSession_successfulIntentUnknownUserID(t *testing.T) {
|
||||
}
|
||||
|
||||
func TestServer_CreateSession_startedIntentFalseToken(t *testing.T) {
|
||||
idpID := Tester.AddGenericOAuthProvider(t, CTX)
|
||||
idpID := Instance.AddGenericOAuthProvider(t, CTX)
|
||||
|
||||
createResp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{
|
||||
Checks: &session.Checks{
|
||||
@@ -516,7 +516,7 @@ func TestServer_CreateSession_startedIntentFalseToken(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
verifyCurrentSession(t, createResp.GetSessionId(), createResp.GetSessionToken(), createResp.GetDetails().GetSequence(), time.Minute, nil, nil, 0, User.GetUserId())
|
||||
|
||||
intentID := Tester.CreateIntent(t, CTX, idpID)
|
||||
intentID := Instance.CreateIntent(t, CTX, idpID)
|
||||
_, err = Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Checks: &session.Checks{
|
||||
@@ -528,9 +528,10 @@ func TestServer_CreateSession_startedIntentFalseToken(t *testing.T) {
|
||||
})
|
||||
require.Error(t, err)
|
||||
}
|
||||
*/
|
||||
|
||||
func registerTOTP(ctx context.Context, t *testing.T, userID string) (secret string) {
|
||||
resp, err := Tester.Client.UserV2.RegisterTOTP(ctx, &user.RegisterTOTPRequest{
|
||||
resp, err := Instance.Client.UserV2.RegisterTOTP(ctx, &user.RegisterTOTPRequest{
|
||||
UserId: userID,
|
||||
})
|
||||
require.NoError(t, err)
|
||||
@@ -538,7 +539,7 @@ func registerTOTP(ctx context.Context, t *testing.T, userID string) (secret stri
|
||||
code, err := totp.GenerateCode(secret, time.Now())
|
||||
require.NoError(t, err)
|
||||
|
||||
_, err = Tester.Client.UserV2.VerifyTOTPRegistration(ctx, &user.VerifyTOTPRegistrationRequest{
|
||||
_, err = Instance.Client.UserV2.VerifyTOTPRegistration(ctx, &user.VerifyTOTPRegistrationRequest{
|
||||
UserId: userID,
|
||||
Code: code,
|
||||
})
|
||||
@@ -547,14 +548,14 @@ func registerTOTP(ctx context.Context, t *testing.T, userID string) (secret stri
|
||||
}
|
||||
|
||||
func registerOTPSMS(ctx context.Context, t *testing.T, userID string) {
|
||||
_, err := Tester.Client.UserV2.AddOTPSMS(ctx, &user.AddOTPSMSRequest{
|
||||
_, err := Instance.Client.UserV2.AddOTPSMS(ctx, &user.AddOTPSMSRequest{
|
||||
UserId: userID,
|
||||
})
|
||||
require.NoError(t, err)
|
||||
}
|
||||
|
||||
func registerOTPEmail(ctx context.Context, t *testing.T, userID string) {
|
||||
_, err := Tester.Client.UserV2.AddOTPEmail(ctx, &user.AddOTPEmailRequest{
|
||||
_, err := Instance.Client.UserV2.AddOTPEmail(ctx, &user.AddOTPEmailRequest{
|
||||
UserId: userID,
|
||||
})
|
||||
require.NoError(t, err)
|
||||
@@ -590,7 +591,7 @@ func TestServer_SetSession_flow_totp(t *testing.T) {
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Challenges: &session.RequestChallenges{
|
||||
WebAuthN: &session.RequestChallenges_WebAuthN{
|
||||
Domain: Tester.Config.ExternalDomain,
|
||||
Domain: Instance.Domain,
|
||||
UserVerificationRequirement: session.UserVerificationRequirement_USER_VERIFICATION_REQUIREMENT_REQUIRED,
|
||||
},
|
||||
},
|
||||
@@ -599,7 +600,7 @@ func TestServer_SetSession_flow_totp(t *testing.T) {
|
||||
verifyCurrentSession(t, createResp.GetSessionId(), resp.GetSessionToken(), resp.GetDetails().GetSequence(), time.Minute, nil, nil, 0, userExisting.GetUserId())
|
||||
sessionToken = resp.GetSessionToken()
|
||||
|
||||
assertionData, err := Tester.WebAuthN.CreateAssertionResponse(resp.GetChallenges().GetWebAuthN().GetPublicKeyCredentialRequestOptions(), true)
|
||||
assertionData, err := Instance.WebAuthN.CreateAssertionResponse(resp.GetChallenges().GetWebAuthN().GetPublicKeyCredentialRequestOptions(), true)
|
||||
require.NoError(t, err)
|
||||
|
||||
resp, err = Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
@@ -615,8 +616,8 @@ func TestServer_SetSession_flow_totp(t *testing.T) {
|
||||
verifyCurrentSession(t, createResp.GetSessionId(), sessionToken, resp.GetDetails().GetSequence(), time.Minute, nil, nil, 0, userExisting.GetUserId(), wantUserFactor, wantWebAuthNFactorUserVerified)
|
||||
})
|
||||
|
||||
userAuthCtx := Tester.WithAuthorizationToken(CTX, sessionToken)
|
||||
Tester.RegisterUserU2F(userAuthCtx, userExisting.GetUserId())
|
||||
userAuthCtx := integration.WithAuthorizationToken(CTX, sessionToken)
|
||||
Instance.RegisterUserU2F(userAuthCtx, userExisting.GetUserId())
|
||||
totpSecret := registerTOTP(userAuthCtx, t, userExisting.GetUserId())
|
||||
registerOTPSMS(userAuthCtx, t, userExisting.GetUserId())
|
||||
registerOTPEmail(userAuthCtx, t, userExisting.GetUserId())
|
||||
@@ -637,7 +638,7 @@ func TestServer_SetSession_flow_totp(t *testing.T) {
|
||||
verifyCurrentSession(t, createResp.GetSessionId(), sessionToken, resp.GetDetails().GetSequence(), time.Minute, nil, nil, 0, userExisting.GetUserId(), wantUserFactor, wantTOTPFactor)
|
||||
})
|
||||
|
||||
userImport := Tester.CreateHumanUserWithTOTP(CTX, totpSecret)
|
||||
userImport := Instance.CreateHumanUserWithTOTP(CTX, totpSecret)
|
||||
createRespImport, err := Client.CreateSession(CTX, &session.CreateSessionRequest{})
|
||||
require.NoError(t, err)
|
||||
sessionTokenImport := createRespImport.GetSessionToken()
|
||||
@@ -703,7 +704,7 @@ func TestServer_SetSession_flow(t *testing.T) {
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Challenges: &session.RequestChallenges{
|
||||
WebAuthN: &session.RequestChallenges_WebAuthN{
|
||||
Domain: Tester.Config.ExternalDomain,
|
||||
Domain: Instance.Domain,
|
||||
UserVerificationRequirement: session.UserVerificationRequirement_USER_VERIFICATION_REQUIREMENT_REQUIRED,
|
||||
},
|
||||
},
|
||||
@@ -712,7 +713,7 @@ func TestServer_SetSession_flow(t *testing.T) {
|
||||
verifyCurrentSession(t, createResp.GetSessionId(), resp.GetSessionToken(), resp.GetDetails().GetSequence(), time.Minute, nil, nil, 0, User.GetUserId())
|
||||
sessionToken = resp.GetSessionToken()
|
||||
|
||||
assertionData, err := Tester.WebAuthN.CreateAssertionResponse(resp.GetChallenges().GetWebAuthN().GetPublicKeyCredentialRequestOptions(), true)
|
||||
assertionData, err := Instance.WebAuthN.CreateAssertionResponse(resp.GetChallenges().GetWebAuthN().GetPublicKeyCredentialRequestOptions(), true)
|
||||
require.NoError(t, err)
|
||||
|
||||
resp, err = Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
@@ -728,8 +729,8 @@ func TestServer_SetSession_flow(t *testing.T) {
|
||||
verifyCurrentSession(t, createResp.GetSessionId(), sessionToken, resp.GetDetails().GetSequence(), time.Minute, nil, nil, 0, User.GetUserId(), wantUserFactor, wantWebAuthNFactorUserVerified)
|
||||
})
|
||||
|
||||
userAuthCtx := Tester.WithAuthorizationToken(CTX, sessionToken)
|
||||
Tester.RegisterUserU2F(userAuthCtx, User.GetUserId())
|
||||
userAuthCtx := integration.WithAuthorizationToken(CTX, sessionToken)
|
||||
Instance.RegisterUserU2F(userAuthCtx, User.GetUserId())
|
||||
totpSecret := registerTOTP(userAuthCtx, t, User.GetUserId())
|
||||
registerOTPSMS(userAuthCtx, t, User.GetUserId())
|
||||
registerOTPEmail(userAuthCtx, t, User.GetUserId())
|
||||
@@ -745,7 +746,7 @@ func TestServer_SetSession_flow(t *testing.T) {
|
||||
SessionId: createResp.GetSessionId(),
|
||||
Challenges: &session.RequestChallenges{
|
||||
WebAuthN: &session.RequestChallenges_WebAuthN{
|
||||
Domain: Tester.Config.ExternalDomain,
|
||||
Domain: Instance.Domain,
|
||||
UserVerificationRequirement: userVerificationRequirement,
|
||||
},
|
||||
},
|
||||
@@ -754,7 +755,7 @@ func TestServer_SetSession_flow(t *testing.T) {
|
||||
verifyCurrentSession(t, createResp.GetSessionId(), resp.GetSessionToken(), resp.GetDetails().GetSequence(), time.Minute, nil, nil, 0, User.GetUserId())
|
||||
sessionToken = resp.GetSessionToken()
|
||||
|
||||
assertionData, err := Tester.WebAuthN.CreateAssertionResponse(resp.GetChallenges().GetWebAuthN().GetPublicKeyCredentialRequestOptions(), false)
|
||||
assertionData, err := Instance.WebAuthN.CreateAssertionResponse(resp.GetChallenges().GetWebAuthN().GetPublicKeyCredentialRequestOptions(), false)
|
||||
require.NoError(t, err)
|
||||
|
||||
resp, err = Client.SetSession(CTX, &session.SetSessionRequest{
|
||||
@@ -886,13 +887,13 @@ func TestServer_DeleteSession_token(t *testing.T) {
|
||||
|
||||
func TestServer_DeleteSession_own_session(t *testing.T) {
|
||||
// create two users for the test and a session each to get tokens for authorization
|
||||
user1 := Tester.CreateHumanUser(CTX)
|
||||
Tester.SetUserPassword(CTX, user1.GetUserId(), integration.UserPassword, false)
|
||||
_, token1, _, _ := Tester.CreatePasswordSession(t, CTX, user1.GetUserId(), integration.UserPassword)
|
||||
user1 := Instance.CreateHumanUser(CTX)
|
||||
Instance.SetUserPassword(CTX, user1.GetUserId(), integration.UserPassword, false)
|
||||
_, token1, _, _ := Instance.CreatePasswordSession(t, CTX, user1.GetUserId(), integration.UserPassword)
|
||||
|
||||
user2 := Tester.CreateHumanUser(CTX)
|
||||
Tester.SetUserPassword(CTX, user2.GetUserId(), integration.UserPassword, false)
|
||||
_, token2, _, _ := Tester.CreatePasswordSession(t, CTX, user2.GetUserId(), integration.UserPassword)
|
||||
user2 := Instance.CreateHumanUser(CTX)
|
||||
Instance.SetUserPassword(CTX, user2.GetUserId(), integration.UserPassword, false)
|
||||
_, token2, _, _ := Instance.CreatePasswordSession(t, CTX, user2.GetUserId(), integration.UserPassword)
|
||||
|
||||
// create a new session for the first user
|
||||
createResp, err := Client.CreateSession(CTX, &session.CreateSessionRequest{
|
||||
@@ -907,13 +908,13 @@ func TestServer_DeleteSession_own_session(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
|
||||
// delete the new (user1) session must not be possible with user (has no permission)
|
||||
_, err = Client.DeleteSession(Tester.WithAuthorizationToken(context.Background(), token2), &session.DeleteSessionRequest{
|
||||
_, err = Client.DeleteSession(integration.WithAuthorizationToken(context.Background(), token2), &session.DeleteSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
})
|
||||
require.Error(t, err)
|
||||
|
||||
// delete the new (user1) session by themselves
|
||||
_, err = Client.DeleteSession(Tester.WithAuthorizationToken(context.Background(), token1), &session.DeleteSessionRequest{
|
||||
_, err = Client.DeleteSession(integration.WithAuthorizationToken(context.Background(), token1), &session.DeleteSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
})
|
||||
require.NoError(t, err)
|
||||
@@ -932,7 +933,7 @@ func TestServer_DeleteSession_with_permission(t *testing.T) {
|
||||
require.NoError(t, err)
|
||||
|
||||
// delete the new session by ORG_OWNER
|
||||
_, err = Client.DeleteSession(Tester.WithAuthorization(context.Background(), integration.OrgOwner), &session.DeleteSessionRequest{
|
||||
_, err = Client.DeleteSession(Instance.WithAuthorization(context.Background(), integration.UserTypeOrgOwner), &session.DeleteSessionRequest{
|
||||
SessionId: createResp.GetSessionId(),
|
||||
})
|
||||
require.NoError(t, err)
|
||||
@@ -950,9 +951,9 @@ func Test_ZITADEL_API_missing_authentication(t *testing.T) {
|
||||
}
|
||||
|
||||
func Test_ZITADEL_API_success(t *testing.T) {
|
||||
id, token, _, _ := Tester.CreateVerifiedWebAuthNSession(t, CTX, User.GetUserId())
|
||||
id, token, _, _ := Instance.CreateVerifiedWebAuthNSession(t, CTX, User.GetUserId())
|
||||
|
||||
ctx := Tester.WithAuthorizationToken(context.Background(), token)
|
||||
ctx := integration.WithAuthorizationToken(context.Background(), token)
|
||||
sessionResp, err := Client.GetSession(ctx, &session.GetSessionRequest{SessionId: id})
|
||||
require.NoError(t, err)
|
||||
|
||||
@@ -962,10 +963,10 @@ func Test_ZITADEL_API_success(t *testing.T) {
|
||||
}
|
||||
|
||||
func Test_ZITADEL_API_session_not_found(t *testing.T) {
|
||||
id, token, _, _ := Tester.CreateVerifiedWebAuthNSession(t, CTX, User.GetUserId())
|
||||
id, token, _, _ := Instance.CreateVerifiedWebAuthNSession(t, CTX, User.GetUserId())
|
||||
|
||||
// test session token works
|
||||
ctx := Tester.WithAuthorizationToken(context.Background(), token)
|
||||
ctx := integration.WithAuthorizationToken(context.Background(), token)
|
||||
_, err := Client.GetSession(ctx, &session.GetSessionRequest{SessionId: id})
|
||||
require.NoError(t, err)
|
||||
|
||||
@@ -975,16 +976,16 @@ func Test_ZITADEL_API_session_not_found(t *testing.T) {
|
||||
SessionToken: gu.Ptr(token),
|
||||
})
|
||||
require.NoError(t, err)
|
||||
ctx = Tester.WithAuthorizationToken(context.Background(), token)
|
||||
ctx = integration.WithAuthorizationToken(context.Background(), token)
|
||||
_, err = Client.GetSession(ctx, &session.GetSessionRequest{SessionId: id})
|
||||
require.Error(t, err)
|
||||
}
|
||||
|
||||
func Test_ZITADEL_API_session_expired(t *testing.T) {
|
||||
id, token, _, _ := Tester.CreateVerifiedWebAuthNSessionWithLifetime(t, CTX, User.GetUserId(), 20*time.Second)
|
||||
id, token, _, _ := Instance.CreateVerifiedWebAuthNSessionWithLifetime(t, CTX, User.GetUserId(), 20*time.Second)
|
||||
|
||||
// test session token works
|
||||
ctx := Tester.WithAuthorizationToken(context.Background(), token)
|
||||
ctx := integration.WithAuthorizationToken(context.Background(), token)
|
||||
_, err := Client.GetSession(ctx, &session.GetSessionRequest{SessionId: id})
|
||||
require.NoError(t, err)
|
||||
|
||||
Reference in New Issue
Block a user