fix: check idp existence by org id (#7667)

* fix: search idp by org

* fix unit test

* remove unused method

* test(e2e): await input enabled

* test: policy with org idp
This commit is contained in:
Elio Bischof 2024-04-09 21:32:00 +02:00 committed by GitHub
parent 6dcdef0268
commit e8601de8e6
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 89 additions and 23 deletions

View File

@ -46,7 +46,7 @@ describe('projects', () => {
it('should add a role', () => { it('should add a role', () => {
cy.get('[data-e2e="sidenav-element-roles"]').click(); cy.get('[data-e2e="sidenav-element-roles"]').click();
cy.get('[data-e2e="add-new-role"]').click(); cy.get('[data-e2e="add-new-role"]').click();
cy.get('[formcontrolname="key"]').type(testRoleName); cy.get('[formcontrolname="key"]').should('be.enabled').type(testRoleName);
cy.get('[formcontrolname="displayName"]').type('e2eroleundertestdisplay'); cy.get('[formcontrolname="displayName"]').type('e2eroleundertestdisplay');
cy.get('[formcontrolname="group"]').type('e2eroleundertestgroup'); cy.get('[formcontrolname="group"]').type('e2eroleundertestgroup');
cy.get('[data-e2e="save-button"]').click(); cy.get('[data-e2e="save-button"]').click();

View File

@ -178,17 +178,6 @@ func (c *Commands) RemoveDefaultIDPConfig(ctx context.Context, idpID string, idp
return writeModelToObjectDetails(&existingIDP.IDPConfigWriteModel.WriteModel), nil return writeModelToObjectDetails(&existingIDP.IDPConfigWriteModel.WriteModel), nil
} }
func (c *Commands) getInstanceIDPConfigByID(ctx context.Context, idpID string) (*domain.IDPConfig, error) {
config, err := c.instanceIDPConfigWriteModelByID(ctx, idpID)
if err != nil {
return nil, err
}
if !config.State.Exists() {
return nil, zerrors.ThrowNotFound(nil, "INSTANCE-p0pFF", "Errors.IDPConfig.NotExisting")
}
return writeModelToIDPConfig(&config.IDPConfigWriteModel), nil
}
func (c *Commands) instanceIDPConfigWriteModelByID(ctx context.Context, idpID string) (policy *InstanceIDPConfigWriteModel, err error) { func (c *Commands) instanceIDPConfigWriteModelByID(ctx context.Context, idpID string) (policy *InstanceIDPConfigWriteModel, err error) {
ctx, span := tracing.NewSpan(ctx) ctx, span := tracing.NewSpan(ctx)
defer func() { span.EndWithError(err) }() defer func() { span.EndWithError(err) }()

View File

@ -416,7 +416,7 @@ func prepareAddLoginPolicy(a *org.Aggregate, policy *AddLoginPolicy) preparation
return nil, zerrors.ThrowAlreadyExists(nil, "Org-Dgfb2", "Errors.Org.LoginPolicy.AlreadyExists") return nil, zerrors.ThrowAlreadyExists(nil, "Org-Dgfb2", "Errors.Org.LoginPolicy.AlreadyExists")
} }
for _, idp := range policy.IDPProviders { for _, idp := range policy.IDPProviders {
exists, err := idpExists(ctx, filter, idp) exists, err := ExistsIDP(ctx, filter, idp.ConfigID, authz.GetCtxData(ctx).OrgID)
if !exists || err != nil { if !exists || err != nil {
return nil, zerrors.ThrowPreconditionFailed(err, "Org-FEd32", "Errors.IDPConfig.NotExisting") return nil, zerrors.ThrowPreconditionFailed(err, "Org-FEd32", "Errors.IDPConfig.NotExisting")
} }
@ -493,10 +493,3 @@ func prepareChangeLoginPolicy(a *org.Aggregate, policy *ChangeLoginPolicy) prepa
}, nil }, nil
} }
} }
func idpExists(ctx context.Context, filter preparation.FilterToQueryReducer, idp *AddLoginPolicyIDP) (bool, error) {
if idp.Type == domain.IdentityProviderTypeSystem {
return exists(ctx, filter, NewInstanceIDPConfigWriteModel(ctx, idp.ConfigID))
}
return exists(ctx, filter, NewOrgIDPConfigWriteModel(idp.ConfigID, authz.GetCtxData(ctx).ResourceOwner))
}

View File

@ -266,8 +266,9 @@ func TestCommandSide_AddLoginPolicy(t *testing.T) {
fields: fields{ fields: fields{
eventstore: eventstoreExpect( eventstore: eventstoreExpect(
t, t,
expectFilter(), expectFilter(), // reduce login policy
expectFilter(), expectFilter(), // check if is org idp
expectFilter(), // check if is instance idp
), ),
}, },
args: args{ args: args{
@ -304,11 +305,12 @@ func TestCommandSide_AddLoginPolicy(t *testing.T) {
}, },
}, },
{ {
name: "add policy idp, ok", name: "add policy instance idp, ok",
fields: fields{ fields: fields{
eventstore: eventstoreExpect( eventstore: eventstoreExpect(
t, t,
expectFilter(), expectFilter(),
expectFilter(),
expectFilter( expectFilter(
eventFromEventPusher( eventFromEventPusher(
instance.NewIDPConfigAddedEvent(context.Background(), instance.NewIDPConfigAddedEvent(context.Background(),
@ -385,6 +387,88 @@ func TestCommandSide_AddLoginPolicy(t *testing.T) {
}, },
}, },
}, },
{
name: "add policy org idp, ok",
fields: fields{
eventstore: eventstoreExpect(
t,
expectFilter(),
expectFilter(
eventFromEventPusher(
org.NewIDPConfigAddedEvent(context.Background(),
&org.NewAggregate("ORG").Aggregate,
"config1",
"name1",
domain.IDPConfigTypeOIDC,
domain.IDPConfigStylingTypeGoogle,
true,
),
),
),
expectPush(
org.NewLoginPolicyAddedEvent(context.Background(),
&org.NewAggregate("org1").Aggregate,
true,
true,
true,
true,
true,
true,
true,
true,
true,
true,
domain.PasswordlessTypeAllowed,
"https://example.com/redirect",
time.Hour*1,
time.Hour*2,
time.Hour*3,
time.Hour*4,
time.Hour*5,
),
org.NewIdentityProviderAddedEvent(context.Background(),
&org.NewAggregate("org1").Aggregate,
"config1",
domain.IdentityProviderTypeOrg,
),
),
),
},
args: args{
ctx: context.Background(),
orgID: "org1",
policy: &AddLoginPolicy{
AllowRegister: true,
AllowUsernamePassword: true,
AllowExternalIDP: true,
ForceMFA: true,
ForceMFALocalOnly: true,
HidePasswordReset: true,
IgnoreUnknownUsernames: true,
AllowDomainDiscovery: true,
DisableLoginWithEmail: true,
DisableLoginWithPhone: true,
PasswordlessType: domain.PasswordlessTypeAllowed,
DefaultRedirectURI: "https://example.com/redirect",
PasswordCheckLifetime: time.Hour * 1,
ExternalLoginCheckLifetime: time.Hour * 2,
MFAInitSkipLifetime: time.Hour * 3,
SecondFactorCheckLifetime: time.Hour * 4,
MultiFactorCheckLifetime: time.Hour * 5,
IDPProviders: []*AddLoginPolicyIDP{
{
Type: domain.IdentityProviderTypeOrg,
ConfigID: "config1",
},
},
},
},
res: res{
want: &domain.ObjectDetails{
ResourceOwner: "org1",
},
},
},
} }
for _, tt := range tests { for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) { t.Run(tt.name, func(t *testing.T) {