fix: delete limit of login policy query for idp links list (#4654)

* fix: delete limit of login policy query for idp links list

* set isDefault to false

* fix: change orderby to desc if custom login policy is queried

* fix: split select for idp links from select for login policy

Co-authored-by: Max Peintner <max@caos.ch>
Co-authored-by: Livio Spring <livio.a@gmail.com>

console/src/app/modules/idp-table/idp-table.component.ts

@@ -284,6 +284,7 @@ export class IdpTableComponent implements OnInit {
         if (this.isDefault) {
           return this.addLoginPolicy()
             .then(() => {
+              this.loginPolicy.isDefault = false;
               return (this.service as ManagementService).addIDPToLoginPolicy(idp.id, idp.owner).then(() => {
                 this.toast.showInfo('IDP.TOAST.ADDED', true);
 
@@ -339,6 +340,7 @@ export class IdpTableComponent implements OnInit {
         if (this.isDefault) {
           return this.addLoginPolicy()
             .then(() => {
+              this.loginPolicy.isDefault = false;
               return (this.service as ManagementService)
                 .removeIDPFromLoginPolicy(idp.id)
                 .then(() => {

internal/query/login_policy.go

@@ -174,9 +174,7 @@ func (q *Queries) LoginPolicyByID(ctx context.Context, shouldTriggerBulk bool, o
 					LoginPolicyColumnOrgID.identifier(): authz.GetInstance(ctx).InstanceID(),
 				},
 			},
-		}).
+		}).Limit(1).OrderBy(LoginPolicyColumnIsDefault.identifier()).ToSql()
-		OrderBy(LoginPolicyColumnIsDefault.identifier()).
-		Limit(1).ToSql()
 	if err != nil {
 		return nil, errors.ThrowInternal(err, "QUERY-scVHo", "Errors.Query.SQLStatement")
 	}
@@ -185,7 +183,23 @@ func (q *Queries) LoginPolicyByID(ctx context.Context, shouldTriggerBulk bool, o
 	if err != nil {
 		return nil, errors.ThrowInternal(err, "QUERY-SWgr3", "Errors.Internal")
 	}
-	return scan(rows)
+	return q.scanAndAddLinksToLoginPolicy(ctx, rows, scan)
+}
+
+func (q *Queries) scanAndAddLinksToLoginPolicy(ctx context.Context, rows *sql.Rows, scan func(*sql.Rows) (*LoginPolicy, error)) (*LoginPolicy, error) {
+	policy, err := scan(rows)
+	if err != nil {
+		return nil, err
+	}
+
+	links, err := q.IDPLoginPolicyLinks(ctx, policy.OrgID, &IDPLoginPolicyLinksSearchQuery{})
+	if err != nil {
+		return nil, err
+	}
+	for _, link := range links.Links {
+		policy.IDPLinks = append(policy.IDPLinks, link)
+	}
+	return policy, nil
 }
 
 func (q *Queries) DefaultLoginPolicy(ctx context.Context) (*LoginPolicy, error) {
@@ -202,7 +216,7 @@ func (q *Queries) DefaultLoginPolicy(ctx context.Context) (*LoginPolicy, error)
 	if err != nil {
 		return nil, errors.ThrowInternal(err, "QUERY-SArt2", "Errors.Internal")
 	}
-	return scan(rows)
+	return q.scanAndAddLinksToLoginPolicy(ctx, rows, scan)
 }
 
 func (q *Queries) SecondFactorsByOrg(ctx context.Context, orgID string) (*SecondFactors, error) {
@@ -330,23 +344,12 @@ func prepareLoginPolicyQuery() (sq.SelectBuilder, func(*sql.Rows) (*LoginPolicy,
 			LoginPolicyColumnMFAInitSkipLifetime.identifier(),
 			LoginPolicyColumnSecondFactorCheckLifetime.identifier(),
 			LoginPolicyColumnMultiFacotrCheckLifetime.identifier(),
-			IDPLoginPolicyLinkIDPIDCol.identifier(),
-			IDPNameCol.identifier(),
-			IDPTypeCol.identifier(),
 		).From(loginPolicyTable.identifier()).
-			LeftJoin(join(IDPLoginPolicyLinkAggregateIDCol, LoginPolicyColumnOrgID)).
-			LeftJoin(join(IDPIDCol, IDPLoginPolicyLinkIDPIDCol)).
 			PlaceholderFormat(sq.Dollar),
 		func(rows *sql.Rows) (*LoginPolicy, error) {
 			p := new(LoginPolicy)
 			defaultRedirectURI := sql.NullString{}
-			links := make([]*IDPLoginPolicyLink, 0)
 			for rows.Next() {
-				var (
-					idpID   = sql.NullString{}
-					idpName = sql.NullString{}
-					idpType = sql.NullInt16{}
-				)
 				err := rows.Scan(
 					&p.OrgID,
 					&p.CreationDate,
@@ -371,32 +374,15 @@ func prepareLoginPolicyQuery() (sq.SelectBuilder, func(*sql.Rows) (*LoginPolicy,
 					&p.MFAInitSkipLifetime,
 					&p.SecondFactorCheckLifetime,
 					&p.MultiFactorCheckLifetime,
-					&idpID,
-					&idpName,
-					&idpType,
 				)
 				if err != nil {
 					return nil, errors.ThrowInternal(err, "QUERY-YcC53", "Errors.Internal")
 				}
-				var link IDPLoginPolicyLink
-				if idpID.Valid {
-					link = IDPLoginPolicyLink{IDPID: idpID.String}
-
-					link.IDPName = idpName.String
-					//IDPType 0 is oidc so we have to set unspecified manually
-					if idpType.Valid {
-						link.IDPType = domain.IDPConfigType(idpType.Int16)
-					} else {
-						link.IDPType = domain.IDPConfigTypeUnspecified
-					}
-					links = append(links, &link)
-				}
 			}
 			if p.OrgID == "" {
 				return nil, errors.ThrowNotFound(nil, "QUERY-QsUBJ", "Errors.LoginPolicy.NotFound")
 			}
 			p.DefaultRedirectURI = defaultRedirectURI.String
-			p.IDPLinks = links
 			return p, nil
 		}
 }

internal/query/login_policy_test.go

@@ -37,17 +37,8 @@ var (
 		` projections.login_policies3.external_login_check_lifetime,` +
 		` projections.login_policies3.mfa_init_skip_lifetime,` +
 		` projections.login_policies3.second_factor_check_lifetime,` +
-		` projections.login_policies3.multi_factor_check_lifetime,` +
+		` projections.login_policies3.multi_factor_check_lifetime` +
-		` projections.idp_login_policy_links3.idp_id,` +
+		` FROM projections.login_policies3`
-		` projections.idps2.name,` +
-		` projections.idps2.type` +
-		` FROM projections.login_policies3` +
-		` LEFT JOIN projections.idp_login_policy_links3 ON ` +
-		` projections.login_policies3.aggregate_id = projections.idp_login_policy_links3.aggregate_id` +
-		` AND projections.login_policies3.instance_id = projections.idp_login_policy_links3.instance_id` +
-		` LEFT JOIN projections.idps2 ON` +
-		` projections.idp_login_policy_links3.idp_id = projections.idps2.id` +
-		` AND projections.idp_login_policy_links3.instance_id = projections.idps2.instance_id`
 	loginPolicyCols = []string{
 		"aggregate_id",
 		"creation_date",
@@ -72,9 +63,6 @@ var (
 		"mfa_init_skip_lifetime",
 		"second_factor_check_lifetime",
 		"multi_factor_check_lifetime",
-		"idp_id",
-		"name",
-		"type",
 	}
 )
 
@@ -138,9 +126,6 @@ func Test_LoginPolicyPrepares(t *testing.T) {
 						time.Hour * 2,
 						time.Hour * 2,
 						time.Hour * 2,
-						"config1",
-						"IDP",
-						domain.IDPConfigTypeJWT,
 					},
 				),
 			},
@@ -168,13 +153,6 @@ func Test_LoginPolicyPrepares(t *testing.T) {
 				MFAInitSkipLifetime:        time.Hour * 2,
 				SecondFactorCheckLifetime:  time.Hour * 2,
 				MultiFactorCheckLifetime:   time.Hour * 2,
-				IDPLinks: []*IDPLoginPolicyLink{
-					{
-						IDPID:   "config1",
-						IDPName: "IDP",
-						IDPType: domain.IDPConfigTypeJWT,
-					},
-				},
 			},
 		},
 		{