TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-11 21:07:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: restrict languages (#6931)

Browse Source 
* feat: return 404 or 409 if org reg disallowed

* fix: system limit permissions

* feat: add iam limits api

* feat: disallow public org registrations on default instance

* add integration test

* test: integration

* fix test

* docs: describe public org registrations

* avoid updating docs deps

* fix system limits integration test

* silence integration tests

* fix linting

* ignore strange linter complaints

* review

* improve reset properties naming

* redefine the api

* use restrictions aggregate

* test query

* simplify and test projection

* test commands

* fix unit tests

* move integration test

* support restrictions on default instance

* also test GetRestrictions

* self review

* lint

* abstract away resource owner

* fix tests

* configure supported languages

* fix allowed languages

* fix tests

* default lang must not be restricted

* preferred language must be allowed

* change preferred languages

* check languages everywhere

* lint

* test command side

* lint

* add integration test

* add integration test

* restrict supported ui locales

* lint

* lint

* cleanup

* lint

* allow undefined preferred language

* fix integration tests

* update main

* fix env var

* ignore linter

* ignore linter

* improve integration test config

* reduce cognitive complexity

* compile

* check for duplicates

* remove useless restriction checks

* review

* revert restriction renaming

* fix language restrictions

* lint

* generate

* allow custom texts for supported langs for now

* fix tests

* cleanup

* cleanup

* cleanup

* lint

* unsupported preferred lang is allowed

* fix integration test

* finish reverting to old property name

* finish reverting to old property name

* load languages

* refactor(i18n): centralize translators and fs

* lint

* amplify no validations on preferred languages

* fix integration test

* lint

* fix resetting allowed languages

* test unchanged restrictions
This commit is contained in:
Elio Bischof
2023-12-05 12:12:01 +01:00
committed by GitHub
parent 236930f109
commit dd33538c0a
123 changed files with 4133 additions and 2058 deletions
Download Patch File Download Diff File Expand all files Collapse all files

92
internal/command/restrictions_test.go
View File

@@ -6,6 +6,7 @@ import (
"github.com/muhlemmer/gu"
"github.com/stretchr/testify/assert"
"golang.org/x/text/language"
"github.com/zitadel/zitadel/internal/api/authz"
"github.com/zitadel/zitadel/internal/domain"
@@ -19,7 +20,6 @@ import (
func TestSetRestrictions(t *testing.T) {
type fields func(*testing.T) (*eventstore.Eventstore, id.Generator)
type args struct {
ctx context.Context
setRestrictions *SetRestrictions
}
type res struct {
@@ -40,14 +40,14 @@ func TestSetRestrictions(t *testing.T) {
expectFilter(),
expectPush(
eventFromEventPusherWithInstanceID(
"instance1",
"INSTANCE",
restrictions.NewSetEvent(
eventstore.NewBaseEventForPush(
context.Background(),
&restrictions.NewAggregate("restrictions1", "instance1", "instance1").Aggregate,
&restrictions.NewAggregate("restrictions1", "INSTANCE", "INSTANCE").Aggregate,
restrictions.SetEventType,
),
restrictions.ChangePublicOrgRegistrations(true),
restrictions.ChangeDisallowPublicOrgRegistration(true),
),
),
),
@@ -55,14 +55,13 @@ func TestSetRestrictions(t *testing.T) {
id_mock.NewIDGeneratorExpectIDs(t, "restrictions1")
},
args: args{
ctx: authz.WithInstanceID(context.Background(), "instance1"),
setRestrictions: &SetRestrictions{
DisallowPublicOrgRegistration: gu.Ptr(true),
},
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "instance1",
ResourceOwner: "INSTANCE",
},
},
},
@@ -76,23 +75,23 @@ func TestSetRestrictions(t *testing.T) {
restrictions.NewSetEvent(
eventstore.NewBaseEventForPush(
context.Background(),
&restrictions.NewAggregate("restrictions1", "instance1", "instance1").Aggregate,
&restrictions.NewAggregate("restrictions1", "INSTANCE", "INSTANCE").Aggregate,
restrictions.SetEventType,
),
restrictions.ChangePublicOrgRegistrations(true),
restrictions.ChangeDisallowPublicOrgRegistration(true),
),
),
),
expectPush(
eventFromEventPusherWithInstanceID(
"instance1",
"INSTANCE",
restrictions.NewSetEvent(
eventstore.NewBaseEventForPush(
context.Background(),
&restrictions.NewAggregate("restrictions1", "instance1", "instance1").Aggregate,
&restrictions.NewAggregate("restrictions1", "INSTANCE", "INSTANCE").Aggregate,
restrictions.SetEventType,
),
restrictions.ChangePublicOrgRegistrations(false),
restrictions.ChangeDisallowPublicOrgRegistration(false),
),
),
),
@@ -100,14 +99,13 @@ func TestSetRestrictions(t *testing.T) {
nil
},
args: args{
ctx: authz.WithInstanceID(context.Background(), "instance1"),
setRestrictions: &SetRestrictions{
DisallowPublicOrgRegistration: gu.Ptr(false),
},
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "instance1",
ResourceOwner: "INSTANCE",
},
},
},
@@ -121,10 +119,10 @@ func TestSetRestrictions(t *testing.T) {
restrictions.NewSetEvent(
eventstore.NewBaseEventForPush(
context.Background(),
&restrictions.NewAggregate("restrictions1", "instance1", "instance1").Aggregate,
&restrictions.NewAggregate("restrictions1", "INSTANCE", "INSTANCE").Aggregate,
restrictions.SetEventType,
),
restrictions.ChangePublicOrgRegistrations(true),
restrictions.ChangeDisallowPublicOrgRegistration(true),
),
),
),
@@ -132,14 +130,13 @@ func TestSetRestrictions(t *testing.T) {
nil
},
args: args{
ctx: authz.WithInstanceID(context.Background(), "instance1"),
setRestrictions: &SetRestrictions{
DisallowPublicOrgRegistration: gu.Ptr(true),
},
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "instance1",
ResourceOwner: "INSTANCE",
},
},
},
@@ -152,29 +149,82 @@ func TestSetRestrictions(t *testing.T) {
restrictions.NewSetEvent(
eventstore.NewBaseEventForPush(
context.Background(),
&restrictions.NewAggregate("restrictions1", "instance1", "instance1").Aggregate,
&restrictions.NewAggregate("restrictions1", "INSTANCE", "INSTANCE").Aggregate,
restrictions.SetEventType,
),
restrictions.ChangePublicOrgRegistrations(true),
restrictions.ChangeDisallowPublicOrgRegistration(true),
),
),
),
), nil
},
args: args{
ctx: authz.WithInstanceID(context.Background(), "instance1"),
setRestrictions: &SetRestrictions{},
},
res: res{
err: zitadel_errs.IsErrorInvalidArgument,
},
},
{
name: "unsupported language restricted",
fields: func(*testing.T) (*eventstore.Eventstore, id.Generator) {
return eventstoreExpect(t,
expectFilter(
eventFromEventPusher(
restrictions.NewSetEvent(
eventstore.NewBaseEventForPush(
context.Background(),
&restrictions.NewAggregate("restrictions1", "INSTANCE", "INSTANCE").Aggregate,
restrictions.SetEventType,
),
restrictions.ChangeAllowedLanguages(SupportedLanguages),
),
),
),
), nil
},
args: args{
setRestrictions: &SetRestrictions{
AllowedLanguages: []language.Tag{AllowedLanguage, UnsupportedLanguage},
},
},
res: res{
err: zitadel_errs.IsErrorInvalidArgument,
},
},
{
name: "default language not allowed",
fields: func(*testing.T) (*eventstore.Eventstore, id.Generator) {
return eventstoreExpect(t,
expectFilter(
eventFromEventPusher(
restrictions.NewSetEvent(
eventstore.NewBaseEventForPush(
context.Background(),
&restrictions.NewAggregate("restrictions1", "INSTANCE", "INSTANCE").Aggregate,
restrictions.SetEventType,
),
restrictions.ChangeAllowedLanguages(OnlyAllowedLanguages),
),
),
),
), nil
},
args: args{
setRestrictions: &SetRestrictions{
AllowedLanguages: []language.Tag{DisallowedLanguage},
},
},
res: res{
err: zitadel_errs.IsPreconditionFailed,
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
r := new(Commands)
r.eventstore, r.idGenerator = tt.fields(t)
got, err := r.SetInstanceRestrictions(tt.args.ctx, tt.args.setRestrictions)
got, err := r.SetInstanceRestrictions(authz.WithInstance(context.Background(), &mockInstance{}), tt.args.setRestrictions)
if tt.res.err == nil {
assert.NoError(t, err)
}