diff --git a/e2e/cypress/e2e/projects/projects.cy.ts b/e2e/cypress/e2e/projects/projects.cy.ts index 1016082894..36af2cd22e 100644 --- a/e2e/cypress/e2e/projects/projects.cy.ts +++ b/e2e/cypress/e2e/projects/projects.cy.ts @@ -46,7 +46,7 @@ describe('projects', () => { it('should add a role', () => { cy.get('[data-e2e="sidenav-element-roles"]').click(); cy.get('[data-e2e="add-new-role"]').click(); - cy.get('[formcontrolname="key"]').type(testRoleName); + cy.get('[formcontrolname="key"]').should('be.enabled').type(testRoleName); cy.get('[formcontrolname="displayName"]').type('e2eroleundertestdisplay'); cy.get('[formcontrolname="group"]').type('e2eroleundertestgroup'); cy.get('[data-e2e="save-button"]').click(); diff --git a/internal/command/instance_idp_config.go b/internal/command/instance_idp_config.go index 31a302ff66..26f231a30b 100644 --- a/internal/command/instance_idp_config.go +++ b/internal/command/instance_idp_config.go @@ -178,17 +178,6 @@ func (c *Commands) RemoveDefaultIDPConfig(ctx context.Context, idpID string, idp return writeModelToObjectDetails(&existingIDP.IDPConfigWriteModel.WriteModel), nil } -func (c *Commands) getInstanceIDPConfigByID(ctx context.Context, idpID string) (*domain.IDPConfig, error) { - config, err := c.instanceIDPConfigWriteModelByID(ctx, idpID) - if err != nil { - return nil, err - } - if !config.State.Exists() { - return nil, zerrors.ThrowNotFound(nil, "INSTANCE-p0pFF", "Errors.IDPConfig.NotExisting") - } - return writeModelToIDPConfig(&config.IDPConfigWriteModel), nil -} - func (c *Commands) instanceIDPConfigWriteModelByID(ctx context.Context, idpID string) (policy *InstanceIDPConfigWriteModel, err error) { ctx, span := tracing.NewSpan(ctx) defer func() { span.EndWithError(err) }() diff --git a/internal/command/org_policy_login.go b/internal/command/org_policy_login.go index 96251ad565..cf5bb7d1e5 100644 --- a/internal/command/org_policy_login.go +++ b/internal/command/org_policy_login.go @@ -416,7 +416,7 @@ func prepareAddLoginPolicy(a *org.Aggregate, policy *AddLoginPolicy) preparation return nil, zerrors.ThrowAlreadyExists(nil, "Org-Dgfb2", "Errors.Org.LoginPolicy.AlreadyExists") } for _, idp := range policy.IDPProviders { - exists, err := idpExists(ctx, filter, idp) + exists, err := ExistsIDP(ctx, filter, idp.ConfigID, authz.GetCtxData(ctx).OrgID) if !exists || err != nil { return nil, zerrors.ThrowPreconditionFailed(err, "Org-FEd32", "Errors.IDPConfig.NotExisting") } @@ -493,10 +493,3 @@ func prepareChangeLoginPolicy(a *org.Aggregate, policy *ChangeLoginPolicy) prepa }, nil } } - -func idpExists(ctx context.Context, filter preparation.FilterToQueryReducer, idp *AddLoginPolicyIDP) (bool, error) { - if idp.Type == domain.IdentityProviderTypeSystem { - return exists(ctx, filter, NewInstanceIDPConfigWriteModel(ctx, idp.ConfigID)) - } - return exists(ctx, filter, NewOrgIDPConfigWriteModel(idp.ConfigID, authz.GetCtxData(ctx).ResourceOwner)) -} diff --git a/internal/command/org_policy_login_test.go b/internal/command/org_policy_login_test.go index 38026f72dc..62b418d029 100644 --- a/internal/command/org_policy_login_test.go +++ b/internal/command/org_policy_login_test.go @@ -266,8 +266,9 @@ func TestCommandSide_AddLoginPolicy(t *testing.T) { fields: fields{ eventstore: eventstoreExpect( t, - expectFilter(), - expectFilter(), + expectFilter(), // reduce login policy + expectFilter(), // check if is org idp + expectFilter(), // check if is instance idp ), }, args: args{ @@ -304,11 +305,12 @@ func TestCommandSide_AddLoginPolicy(t *testing.T) { }, }, { - name: "add policy idp, ok", + name: "add policy instance idp, ok", fields: fields{ eventstore: eventstoreExpect( t, expectFilter(), + expectFilter(), expectFilter( eventFromEventPusher( instance.NewIDPConfigAddedEvent(context.Background(), @@ -385,6 +387,88 @@ func TestCommandSide_AddLoginPolicy(t *testing.T) { }, }, }, + { + name: "add policy org idp, ok", + fields: fields{ + eventstore: eventstoreExpect( + t, + expectFilter(), + expectFilter( + eventFromEventPusher( + org.NewIDPConfigAddedEvent(context.Background(), + &org.NewAggregate("ORG").Aggregate, + "config1", + "name1", + domain.IDPConfigTypeOIDC, + domain.IDPConfigStylingTypeGoogle, + true, + ), + ), + ), + expectPush( + org.NewLoginPolicyAddedEvent(context.Background(), + &org.NewAggregate("org1").Aggregate, + true, + true, + true, + true, + true, + true, + true, + true, + true, + true, + domain.PasswordlessTypeAllowed, + "https://example.com/redirect", + time.Hour*1, + time.Hour*2, + time.Hour*3, + time.Hour*4, + time.Hour*5, + ), + org.NewIdentityProviderAddedEvent(context.Background(), + &org.NewAggregate("org1").Aggregate, + "config1", + domain.IdentityProviderTypeOrg, + ), + ), + ), + }, + args: args{ + ctx: context.Background(), + orgID: "org1", + policy: &AddLoginPolicy{ + AllowRegister: true, + AllowUsernamePassword: true, + AllowExternalIDP: true, + ForceMFA: true, + ForceMFALocalOnly: true, + HidePasswordReset: true, + IgnoreUnknownUsernames: true, + AllowDomainDiscovery: true, + DisableLoginWithEmail: true, + DisableLoginWithPhone: true, + PasswordlessType: domain.PasswordlessTypeAllowed, + DefaultRedirectURI: "https://example.com/redirect", + PasswordCheckLifetime: time.Hour * 1, + ExternalLoginCheckLifetime: time.Hour * 2, + MFAInitSkipLifetime: time.Hour * 3, + SecondFactorCheckLifetime: time.Hour * 4, + MultiFactorCheckLifetime: time.Hour * 5, + IDPProviders: []*AddLoginPolicyIDP{ + { + Type: domain.IdentityProviderTypeOrg, + ConfigID: "config1", + }, + }, + }, + }, + res: res{ + want: &domain.ObjectDetails{ + ResourceOwner: "org1", + }, + }, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) {