TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-12 01:37:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: remove org (#4148)

Browse Source 
* feat(command): remove org

* refactor: imports, unused code, error handling

* reduce org removed in action

* add org deletion to projections

* add org removal to projections

* add org removal to projections

* org removed projection

* lint import

* projections

* fix: table names in tests

* fix: table names in tests

* logging

* add org state

* fix(domain): add Owner removed to object details

* feat(ListQuery): add with owner removed

* fix(org-delete): add bool to functions to select with owner removed

* fix(org-delete): add bools to user grants with events to determine if dependencies lost owner

* fix(org-delete): add unit tests for owner removed and org removed events

* fix(org-delete): add handling of org remove for grants and members

* fix(org-delete): correction of unit tests for owner removed

* fix(org-delete): update projections, unit tests and get functions

* fix(org-delete): add change date to authnkeys and owner removed to org metadata

* fix(org-delete): include owner removed for login names

* fix(org-delete): some column fixes in projections and build for queries with owner removed

* indexes

* fix(org-delete): include review changes

* fix(org-delete): change user projection name after merge

* fix(org-delete): include review changes for project grant where no project owner is necessary

* fix(org-delete): include auth and adminapi tables with owner removed information

* fix(org-delete): cleanup username and orgdomain uniqueconstraints when org is removed

* fix(org-delete): add permissions for org.remove

* remove unnecessary unique constraints

* fix column order in primary keys

* fix(org-delete): include review changes

* fix(org-delete): add owner removed indexes and chang setup step to create tables

* fix(org-delete): move PK order of instance_id and change added user_grant from review

* fix(org-delete): no params for prepareUserQuery

* change to step 6

* merge main

* fix(org-delete): OldUserName rename to private

* fix linting

* cleanup

* fix: remove org test

* create prerelease

* chore: delete org-delete as prerelease

Co-authored-by: Stefan Benz <stefan@caos.ch>
Co-authored-by: Livio Spring <livio.a@gmail.com>
Co-authored-by: Fabi <38692350+hifabienne@users.noreply.github.com>
Co-authored-by: Stefan Benz <46600784+stebenz@users.noreply.github.com>
This commit is contained in:
Silvan
2022-11-30 17:01:17 +01:00
committed by GitHub
parent 21a4e73bb6
commit f3e6f3b23b
304 changed files with 7293 additions and 3286 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
internal/command/custom_login_text_model.go
View File

@@ -21,9 +21,7 @@ func (wm *CustomLoginTextsReadModel) Reduce() error {
case *policy.CustomTextSetEvent:
wm.CustomLoginTexts[e.Template+e.Language.String()] = &CustomText{Language: e.Language, Template: e.Template}
case *policy.CustomTextTemplateRemovedEvent:
if _, ok := wm.CustomLoginTexts[e.Template+e.Language.String()]; ok {
delete(wm.CustomLoginTexts, e.Template+e.Language.String())
}
delete(wm.CustomLoginTexts, e.Template+e.Language.String())
}
}
return wm.WriteModel.Reduce()

4
internal/command/custom_message_text_model.go
View File

@@ -168,9 +168,7 @@ func (wm *CustomMessageTemplatesReadModel) Reduce() error {
wm.CustomMessageTemplate[e.Template+e.Language.String()].FooterText = ""
}
case *policy.CustomTextTemplateRemovedEvent:
if _, ok := wm.CustomMessageTemplate[e.Template+e.Language.String()]; ok {
delete(wm.CustomMessageTemplate, e.Template+e.Language.String())
}
delete(wm.CustomMessageTemplate, e.Template+e.Language.String())
}
}
return wm.WriteModel.Reduce()

18
internal/command/instance.go
View File

@@ -397,11 +397,7 @@ func (c *Commands) UpdateInstance(ctx context.Context, name string) (*domain.Obj
if err != nil {
return nil, err
}
return &domain.ObjectDetails{
Sequence: events[len(events)-1].Sequence(),
EventDate: events[len(events)-1].CreationDate(),
ResourceOwner: events[len(events)-1].Aggregate().ResourceOwner,
}, nil
return pushedEventsToObjectDetails(events), nil
}
func (c *Commands) SetDefaultLanguage(ctx context.Context, defaultLanguage language.Tag) (*domain.ObjectDetails, error) {
@@ -415,11 +411,7 @@ func (c *Commands) SetDefaultLanguage(ctx context.Context, defaultLanguage langu
if err != nil {
return nil, err
}
return &domain.ObjectDetails{
Sequence: events[len(events)-1].Sequence(),
EventDate: events[len(events)-1].CreationDate(),
ResourceOwner: events[len(events)-1].Aggregate().ResourceOwner,
}, nil
return pushedEventsToObjectDetails(events), nil
}
func (c *Commands) SetDefaultOrg(ctx context.Context, orgID string) (*domain.ObjectDetails, error) {
@@ -433,11 +425,7 @@ func (c *Commands) SetDefaultOrg(ctx context.Context, orgID string) (*domain.Obj
if err != nil {
return nil, err
}
return &domain.ObjectDetails{
Sequence: events[len(events)-1].Sequence(),
EventDate: events[len(events)-1].CreationDate(),
ResourceOwner: events[len(events)-1].Aggregate().ResourceOwner,
}, nil
return pushedEventsToObjectDetails(events), nil
}
func (c *Commands) ChangeSystemConfig(ctx context.Context, externalDomain string, externalPort uint16, externalSecure bool) error {

3
internal/command/instance_custom_login_text.go
View File

@@ -42,6 +42,9 @@ func (c *Commands) RemoveCustomInstanceLoginTexts(ctx context.Context, lang lang
}
iamAgg := InstanceAggregateFromWriteModel(&customText.WriteModel)
pushedEvents, err := c.eventstore.Push(ctx, instance.NewCustomTextTemplateRemovedEvent(ctx, iamAgg, domain.LoginCustomText, lang))
if err != nil {
return nil, err
}
err = AppendAndReduce(customText, pushedEvents...)
if err != nil {
return nil, err

13
internal/command/instance_member.go
View File

@@ -8,7 +8,6 @@ import (
"github.com/zitadel/zitadel/internal/command/preparation"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/errors"
caos_errs "github.com/zitadel/zitadel/internal/errors"
"github.com/zitadel/zitadel/internal/eventstore"
"github.com/zitadel/zitadel/internal/repository/instance"
"github.com/zitadel/zitadel/internal/telemetry/tracing"
@@ -20,7 +19,7 @@ func (c *Commands) AddInstanceMemberCommand(a *instance.Aggregate, userID string
return nil, errors.ThrowInvalidArgument(nil, "INSTA-SDSfs", "Errors.Invalid.Argument")
}
if len(domain.CheckForInvalidRoles(roles, domain.IAMRolePrefix, c.zitadelRoles)) > 0 {
return nil, caos_errs.ThrowInvalidArgument(nil, "INSTANCE-4m0fS", "Errors.IAM.MemberInvalid")
return nil, errors.ThrowInvalidArgument(nil, "INSTANCE-4m0fS", "Errors.IAM.MemberInvalid")
}
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
if exists, err := ExistsUser(ctx, filter, userID, ""); err != nil || !exists {
@@ -88,13 +87,13 @@ func (c *Commands) AddInstanceMember(ctx context.Context, userID string, roles .
return memberWriteModelToMember(&addedMember.MemberWriteModel), nil
}
//ChangeInstanceMember updates an existing member
// ChangeInstanceMember updates an existing member
func (c *Commands) ChangeInstanceMember(ctx context.Context, member *domain.Member) (*domain.Member, error) {
if !member.IsIAMValid() {
return nil, caos_errs.ThrowInvalidArgument(nil, "INSTANCE-LiaZi", "Errors.IAM.MemberInvalid")
return nil, errors.ThrowInvalidArgument(nil, "INSTANCE-LiaZi", "Errors.IAM.MemberInvalid")
}
if len(domain.CheckForInvalidRoles(member.Roles, domain.IAMRolePrefix, c.zitadelRoles)) > 0 {
return nil, caos_errs.ThrowInvalidArgument(nil, "INSTANCE-3m9fs", "Errors.IAM.MemberInvalid")
return nil, errors.ThrowInvalidArgument(nil, "INSTANCE-3m9fs", "Errors.IAM.MemberInvalid")
}
existingMember, err := c.instanceMemberWriteModelByID(ctx, member.UserID)
@@ -103,7 +102,7 @@ func (c *Commands) ChangeInstanceMember(ctx context.Context, member *domain.Memb
}
if reflect.DeepEqual(existingMember.Roles, member.Roles) {
return nil, caos_errs.ThrowPreconditionFailed(nil, "INSTANCE-LiaZi", "Errors.IAM.Member.RolesNotChanged")
return nil, errors.ThrowPreconditionFailed(nil, "INSTANCE-LiaZi", "Errors.IAM.Member.RolesNotChanged")
}
instanceAgg := InstanceAggregateFromWriteModel(&existingMember.MemberWriteModel.WriteModel)
pushedEvents, err := c.eventstore.Push(ctx, instance.NewMemberChangedEvent(ctx, instanceAgg, member.UserID, member.Roles...))
@@ -120,7 +119,7 @@ func (c *Commands) ChangeInstanceMember(ctx context.Context, member *domain.Memb
func (c *Commands) RemoveInstanceMember(ctx context.Context, userID string) (*domain.ObjectDetails, error) {
if userID == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "INSTANCE-LiaZi", "Errors.IDMissing")
return nil, errors.ThrowInvalidArgument(nil, "INSTANCE-LiaZi", "Errors.IDMissing")
}
memberWriteModel, err := c.instanceMemberWriteModelByID(ctx, userID)
if err != nil && !errors.IsNotFound(err) {

11
internal/command/instance_settings.go
View File

@@ -8,7 +8,6 @@ import (
"github.com/zitadel/zitadel/internal/crypto"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/errors"
caos_errs "github.com/zitadel/zitadel/internal/errors"
"github.com/zitadel/zitadel/internal/eventstore"
"github.com/zitadel/zitadel/internal/repository/instance"
)
@@ -73,7 +72,7 @@ func prepareAddSecretGeneratorConfig(a *instance.Aggregate, typ domain.SecretGen
func (c *Commands) ChangeSecretGeneratorConfig(ctx context.Context, generatorType domain.SecretGeneratorType, config *crypto.GeneratorConfig) (*domain.ObjectDetails, error) {
if generatorType == domain.SecretGeneratorTypeUnspecified {
return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-33k9f", "Errors.SecretGenerator.TypeMissing")
return nil, errors.ThrowInvalidArgument(nil, "COMMAND-33k9f", "Errors.SecretGenerator.TypeMissing")
}
generatorWriteModel, err := c.getSecretConfig(ctx, generatorType)
@@ -81,7 +80,7 @@ func (c *Commands) ChangeSecretGeneratorConfig(ctx context.Context, generatorTyp
return nil, err
}
if generatorWriteModel.State == domain.SecretGeneratorStateUnspecified || generatorWriteModel.State == domain.SecretGeneratorStateRemoved {
return nil, caos_errs.ThrowNotFound(nil, "COMMAND-3n9ls", "Errors.SecretGenerator.NotFound")
return nil, errors.ThrowNotFound(nil, "COMMAND-3n9ls", "Errors.SecretGenerator.NotFound")
}
instanceAgg := InstanceAggregateFromWriteModel(&generatorWriteModel.WriteModel)
@@ -99,7 +98,7 @@ func (c *Commands) ChangeSecretGeneratorConfig(ctx context.Context, generatorTyp
return nil, err
}
if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-m0o3f", "Errors.NoChangesFound")
return nil, errors.ThrowPreconditionFailed(nil, "COMMAND-m0o3f", "Errors.NoChangesFound")
}
pushedEvents, err := c.eventstore.Push(ctx, changedEvent)
if err != nil {
@@ -114,7 +113,7 @@ func (c *Commands) ChangeSecretGeneratorConfig(ctx context.Context, generatorTyp
func (c *Commands) RemoveSecretGeneratorConfig(ctx context.Context, generatorType domain.SecretGeneratorType) (*domain.ObjectDetails, error) {
if generatorType == domain.SecretGeneratorTypeUnspecified {
return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-2j9lw", "Errors.SecretGenerator.TypeMissing")
return nil, errors.ThrowInvalidArgument(nil, "COMMAND-2j9lw", "Errors.SecretGenerator.TypeMissing")
}
generatorWriteModel, err := c.getSecretConfig(ctx, generatorType)
@@ -122,7 +121,7 @@ func (c *Commands) RemoveSecretGeneratorConfig(ctx context.Context, generatorTyp
return nil, err
}
if generatorWriteModel.State == domain.SecretGeneratorStateUnspecified || generatorWriteModel.State == domain.SecretGeneratorStateRemoved {
return nil, caos_errs.ThrowNotFound(nil, "COMMAND-b8les", "Errors.SecretGenerator.NotFound")
return nil, errors.ThrowNotFound(nil, "COMMAND-b8les", "Errors.SecretGenerator.NotFound")
}
instanceAgg := InstanceAggregateFromWriteModel(&generatorWriteModel.WriteModel)
pushedEvents, err := c.eventstore.Push(ctx, instance.NewSecretGeneratorRemovedEvent(ctx, instanceAgg, generatorType))

294
internal/command/org.go
View File

@@ -8,9 +8,9 @@ import (
"github.com/zitadel/zitadel/internal/command/preparation"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/errors"
caos_errs "github.com/zitadel/zitadel/internal/errors"
"github.com/zitadel/zitadel/internal/eventstore"
"github.com/zitadel/zitadel/internal/repository/org"
"github.com/zitadel/zitadel/internal/repository/project"
user_repo "github.com/zitadel/zitadel/internal/repository/user"
)
@@ -105,8 +105,8 @@ func (c *Commands) getOrg(ctx context.Context, orgID string) (*domain.Org, error
if err != nil {
return nil, err
}
if writeModel.State == domain.OrgStateUnspecified || writeModel.State == domain.OrgStateRemoved {
return nil, caos_errs.ThrowInternal(err, "COMMAND-4M9sf", "Errors.Org.NotFound")
if !isOrgStateExists(writeModel.State) {
return nil, errors.ThrowInternal(err, "COMMAND-4M9sf", "Errors.Org.NotFound")
}
return orgWriteModelToOrg(writeModel), nil
}
@@ -116,8 +116,8 @@ func (c *Commands) checkOrgExists(ctx context.Context, orgID string) error {
if err != nil {
return err
}
if orgWriteModel.State == domain.OrgStateUnspecified || orgWriteModel.State == domain.OrgStateRemoved {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-QXPGs", "Errors.Org.NotFound")
if !isOrgStateExists(orgWriteModel.State) {
return errors.ThrowPreconditionFailed(nil, "COMMAND-QXPGs", "Errors.Org.NotFound")
}
return nil
}
@@ -128,7 +128,7 @@ func (c *Commands) AddOrgWithID(ctx context.Context, name, userID, resourceOwner
return nil, err
}
if existingOrg.State != domain.OrgStateUnspecified {
return nil, caos_errs.ThrowNotFound(nil, "ORG-lapo2m", "Errors.Org.AlreadyExisting")
return nil, errors.ThrowNotFound(nil, "ORG-lapo2m", "Errors.Org.AlreadyExisting")
}
return c.addOrgWithIDAndMember(ctx, name, userID, resourceOwner, orgID, claimedUserIDs)
@@ -136,12 +136,12 @@ func (c *Commands) AddOrgWithID(ctx context.Context, name, userID, resourceOwner
func (c *Commands) AddOrg(ctx context.Context, name, userID, resourceOwner string, claimedUserIDs []string) (*domain.Org, error) {
if name = strings.TrimSpace(name); name == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "EVENT-Mf9sd", "Errors.Org.Invalid")
return nil, errors.ThrowInvalidArgument(nil, "EVENT-Mf9sd", "Errors.Org.Invalid")
}
orgID, err := c.idGenerator.Next()
if err != nil {
return nil, caos_errs.ThrowInternal(err, "COMMA-OwciI", "Errors.Internal")
return nil, errors.ThrowInternal(err, "COMMA-OwciI", "Errors.Internal")
}
return c.addOrgWithIDAndMember(ctx, name, userID, resourceOwner, orgID, claimedUserIDs)
@@ -176,18 +176,18 @@ func (c *Commands) addOrgWithIDAndMember(ctx context.Context, name, userID, reso
func (c *Commands) ChangeOrg(ctx context.Context, orgID, name string) (*domain.ObjectDetails, error) {
name = strings.TrimSpace(name)
if orgID == "" || name == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "EVENT-Mf9sd", "Errors.Org.Invalid")
return nil, errors.ThrowInvalidArgument(nil, "EVENT-Mf9sd", "Errors.Org.Invalid")
}
orgWriteModel, err := c.getOrgWriteModelByID(ctx, orgID)
if err != nil {
return nil, err
}
if orgWriteModel.State == domain.OrgStateUnspecified || orgWriteModel.State == domain.OrgStateRemoved {
return nil, caos_errs.ThrowNotFound(nil, "ORG-1MRds", "Errors.Org.NotFound")
if !isOrgStateExists(orgWriteModel.State) {
return nil, errors.ThrowNotFound(nil, "ORG-1MRds", "Errors.Org.NotFound")
}
if orgWriteModel.Name == name {
return nil, caos_errs.ThrowPreconditionFailed(nil, "ORG-4VSdf", "Errors.Org.NotChanged")
return nil, errors.ThrowPreconditionFailed(nil, "ORG-4VSdf", "Errors.Org.NotChanged")
}
orgAgg := OrgAggregateFromWriteModel(&orgWriteModel.WriteModel)
events := make([]eventstore.Command, 0)
@@ -215,11 +215,11 @@ func (c *Commands) DeactivateOrg(ctx context.Context, orgID string) (*domain.Obj
if err != nil {
return nil, err
}
if orgWriteModel.State == domain.OrgStateUnspecified || orgWriteModel.State == domain.OrgStateRemoved {
return nil, caos_errs.ThrowNotFound(nil, "ORG-oL9nT", "Errors.Org.NotFound")
if !isOrgStateExists(orgWriteModel.State) {
return nil, errors.ThrowNotFound(nil, "ORG-oL9nT", "Errors.Org.NotFound")
}
if orgWriteModel.State == domain.OrgStateInactive {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-Dbs2g", "Errors.Org.AlreadyDeactivated")
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-Dbs2g", "Errors.Org.AlreadyDeactivated")
}
orgAgg := OrgAggregateFromWriteModel(&orgWriteModel.WriteModel)
pushedEvents, err := c.eventstore.Push(ctx, org.NewOrgDeactivatedEvent(ctx, orgAgg))
@@ -238,11 +238,11 @@ func (c *Commands) ReactivateOrg(ctx context.Context, orgID string) (*domain.Obj
if err != nil {
return nil, err
}
if orgWriteModel.State == domain.OrgStateUnspecified || orgWriteModel.State == domain.OrgStateRemoved {
return nil, caos_errs.ThrowNotFound(nil, "ORG-Dgf3g", "Errors.Org.NotFound")
if !isOrgStateExists(orgWriteModel.State) {
return nil, errors.ThrowNotFound(nil, "ORG-Dgf3g", "Errors.Org.NotFound")
}
if orgWriteModel.State == domain.OrgStateActive {
return nil, caos_errs.ThrowPreconditionFailed(nil, "EVENT-bfnrh", "Errors.Org.AlreadyActive")
return nil, errors.ThrowPreconditionFailed(nil, "EVENT-bfnrh", "Errors.Org.AlreadyActive")
}
orgAgg := OrgAggregateFromWriteModel(&orgWriteModel.WriteModel)
pushedEvents, err := c.eventstore.Push(ctx, org.NewOrgReactivatedEvent(ctx, orgAgg))
@@ -256,8 +256,251 @@ func (c *Commands) ReactivateOrg(ctx context.Context, orgID string) (*domain.Obj
return writeModelToObjectDetails(&orgWriteModel.WriteModel), nil
}
func (c *Commands) RemoveOrg(ctx context.Context, id string) (*domain.ObjectDetails, error) {
orgAgg := org.NewAggregate(id)
cmds, err := preparation.PrepareCommands(ctx, c.eventstore.Filter, c.prepareRemoveOrg(orgAgg))
if err != nil {
return nil, err
}
events, err := c.eventstore.Push(ctx, cmds...)
if err != nil {
return nil, err
}
return &domain.ObjectDetails{
Sequence: events[len(events)-1].Sequence(),
EventDate: events[len(events)-1].CreationDate(),
ResourceOwner: events[len(events)-1].Aggregate().InstanceID,
}, nil
}
func (c *Commands) prepareRemoveOrg(a *org.Aggregate) preparation.Validation {
return func() (preparation.CreateCommands, error) {
return func(ctx context.Context, filter preparation.FilterToQueryReducer) ([]eventstore.Command, error) {
writeModel, err := c.getOrgWriteModelByID(ctx, a.ID)
if err != nil {
return nil, errors.ThrowPreconditionFailed(err, "COMMA-wG9p1", "Errors.Org.NotFound")
}
if !isOrgStateExists(writeModel.State) {
return nil, errors.ThrowNotFound(nil, "COMMA-aps2n", "Errors.Org.NotFound")
}
domainPolicy, err := c.getOrgDomainPolicy(ctx, a.ID)
if err != nil {
return nil, err
}
usernames, err := OrgUsers(ctx, filter, a.ID)
if err != nil {
return nil, err
}
domains, err := OrgDomains(ctx, filter, a.ID)
if err != nil {
return nil, err
}
links, err := OrgUserIDPLinks(ctx, filter, a.ID)
if err != nil {
return nil, err
}
entityIds, err := OrgSamlEntityIDs(ctx, filter, a.ID)
if err != nil {
return nil, err
}
return []eventstore.Command{org.NewOrgRemovedEvent(ctx, &a.Aggregate, writeModel.Name, usernames, domainPolicy.UserLoginMustBeDomain, domains, links, entityIds)}, nil
}, nil
}
}
func OrgUserIDPLinks(ctx context.Context, filter preparation.FilterToQueryReducer, orgID string) ([]*domain.UserIDPLink, error) {
events, err := filter(ctx, eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
ResourceOwner(orgID).
OrderAsc().
AddQuery().
AggregateTypes(user_repo.AggregateType).
EventTypes(
user_repo.UserIDPLinkAddedType, user_repo.UserIDPLinkRemovedType, user_repo.UserIDPLinkCascadeRemovedType,
).Builder())
if err != nil {
return nil, err
}
links := make([]*domain.UserIDPLink, 0)
for _, event := range events {
switch eventTyped := event.(type) {
case *user_repo.UserIDPLinkAddedEvent:
links = append(links, &domain.UserIDPLink{
IDPConfigID: eventTyped.IDPConfigID,
ExternalUserID: eventTyped.ExternalUserID,
DisplayName: eventTyped.DisplayName,
})
case *user_repo.UserIDPLinkRemovedEvent:
for i := range links {
if links[i].ExternalUserID == eventTyped.ExternalUserID &&
links[i].IDPConfigID == eventTyped.IDPConfigID {
links[i] = links[len(links)-1]
links[len(links)-1] = nil
links = links[:len(links)-1]
break
}
}
case *user_repo.UserIDPLinkCascadeRemovedEvent:
for i := range links {
if links[i].ExternalUserID == eventTyped.ExternalUserID &&
links[i].IDPConfigID == eventTyped.IDPConfigID {
links[i] = links[len(links)-1]
links[len(links)-1] = nil
links = links[:len(links)-1]
break
}
}
}
}
return links, nil
}
type samlEntityID struct {
appID string
entityID string
}
func OrgSamlEntityIDs(ctx context.Context, filter preparation.FilterToQueryReducer, orgID string) ([]string, error) {
events, err := filter(ctx, eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
ResourceOwner(orgID).
OrderAsc().
AddQuery().
AggregateTypes(project.AggregateType).
EventTypes(
project.SAMLConfigAddedType, project.SAMLConfigChangedType, project.ApplicationRemovedType,
).Builder())
if err != nil {
return nil, err
}
entityIDs := make([]samlEntityID, 0)
for _, event := range events {
switch eventTyped := event.(type) {
case *project.SAMLConfigAddedEvent:
entityIDs = append(entityIDs, samlEntityID{appID: eventTyped.AppID, entityID: eventTyped.EntityID})
case *project.SAMLConfigChangedEvent:
for i := range entityIDs {
if entityIDs[i].appID == eventTyped.AppID {
entityIDs[i].entityID = eventTyped.EntityID
break
}
}
case *project.ApplicationRemovedEvent:
for i := range entityIDs {
if entityIDs[i].appID == eventTyped.AppID {
entityIDs[i] = entityIDs[len(entityIDs)-1]
entityIDs = entityIDs[:len(entityIDs)-1]
break
}
}
}
}
ids := make([]string, len(entityIDs))
for i := range entityIDs {
ids[i] = entityIDs[i].entityID
}
return ids, nil
}
func OrgDomains(ctx context.Context, filter preparation.FilterToQueryReducer, orgID string) ([]string, error) {
events, err := filter(ctx, eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
ResourceOwner(orgID).
OrderAsc().
AddQuery().
AggregateTypes(org.AggregateType).
EventTypes(
org.OrgDomainVerifiedEventType,
org.OrgDomainRemovedEventType,
).Builder())
if err != nil {
return nil, err
}
names := make([]string, 0)
for _, event := range events {
switch eventTyped := event.(type) {
case *org.DomainVerifiedEvent:
names = append(names, eventTyped.Domain)
case *org.DomainRemovedEvent:
for i := range names {
if names[i] == eventTyped.Domain {
names[i] = names[len(names)-1]
names = names[:len(names)-1]
break
}
}
}
}
return names, nil
}
type userIDName struct {
name string
id string
}
func OrgUsers(ctx context.Context, filter preparation.FilterToQueryReducer, orgID string) ([]string, error) {
events, err := filter(ctx, eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
InstanceID(authz.GetInstance(ctx).InstanceID()).
ResourceOwner(orgID).
OrderAsc().
AddQuery().
AggregateTypes(user_repo.AggregateType).
EventTypes(
user_repo.HumanAddedType,
user_repo.MachineAddedEventType,
user_repo.HumanRegisteredType,
user_repo.UserDomainClaimedType,
user_repo.UserUserNameChangedType,
user_repo.UserRemovedType,
).Builder())
if err != nil {
return nil, err
}
users := make([]userIDName, 0)
for _, event := range events {
switch eventTyped := event.(type) {
case *user_repo.HumanAddedEvent:
users = append(users, userIDName{eventTyped.UserName, eventTyped.Aggregate().ID})
case *user_repo.MachineAddedEvent:
users = append(users, userIDName{eventTyped.UserName, eventTyped.Aggregate().ID})
case *user_repo.HumanRegisteredEvent:
users = append(users, userIDName{eventTyped.UserName, eventTyped.Aggregate().ID})
case *user_repo.DomainClaimedEvent:
for i := range users {
if users[i].id == eventTyped.Aggregate().ID {
users[i].name = eventTyped.UserName
}
}
case *user_repo.UsernameChangedEvent:
for i := range users {
if users[i].id == eventTyped.Aggregate().ID {
users[i].name = eventTyped.UserName
}
}
case *user_repo.UserRemovedEvent:
for i := range users {
if users[i].id == eventTyped.Aggregate().ID {
users[i] = users[len(users)-1]
users = users[:len(users)-1]
break
}
}
}
}
names := make([]string, len(users))
for i := range users {
names[i] = users[i].name
}
return names, nil
}
func ExistsOrg(ctx context.Context, filter preparation.FilterToQueryReducer, id string) (exists bool, err error) {
events, err := filter(ctx, eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent).
InstanceID(authz.GetInstance(ctx).InstanceID()).
ResourceOwner(id).
OrderAsc().
AddQuery().
@@ -287,7 +530,7 @@ func ExistsOrg(ctx context.Context, filter preparation.FilterToQueryReducer, id
func (c *Commands) addOrgWithID(ctx context.Context, organisation *domain.Org, orgID string, claimedUserIDs []string) (_ *eventstore.Aggregate, _ *OrgWriteModel, _ []eventstore.Command, err error) {
if !organisation.IsValid() {
return nil, nil, nil, caos_errs.ThrowInvalidArgument(nil, "COMM-deLSk", "Errors.Org.Invalid")
return nil, nil, nil, errors.ThrowInvalidArgument(nil, "COMM-deLSk", "Errors.Org.Invalid")
}
organisation.AggregateID = orgID
@@ -316,3 +559,16 @@ func (c *Commands) getOrgWriteModelByID(ctx context.Context, orgID string) (*Org
}
return orgWriteModel, nil
}
func isOrgStateExists(state domain.OrgState) bool {
return !hasOrgState(state, domain.OrgStateRemoved, domain.OrgStateUnspecified)
}
func hasOrgState(check domain.OrgState, states ...domain.OrgState) bool {
for _, state := range states {
if check == state {
return true
}
}
return false
}

3
internal/command/org_custom_login_text.go
View File

@@ -60,6 +60,9 @@ func (c *Commands) RemoveOrgLoginTexts(ctx context.Context, resourceOwner string
}
orgAgg := OrgAggregateFromWriteModel(&customText.WriteModel)
pushedEvents, err := c.eventstore.Push(ctx, org.NewCustomTextTemplateRemovedEvent(ctx, orgAgg, domain.LoginCustomText, lang))
if err != nil {
return nil, err
}
err = AppendAndReduce(customText, pushedEvents...)
if err != nil {
return nil, err

5
internal/command/org_member.go
View File

@@ -109,7 +109,7 @@ func (c *Commands) addOrgMember(ctx context.Context, orgAgg *eventstore.Aggregat
return org.NewMemberAddedEvent(ctx, orgAgg, member.UserID, member.Roles...), nil
}
//ChangeOrgMember updates an existing member
// ChangeOrgMember updates an existing member
func (c *Commands) ChangeOrgMember(ctx context.Context, member *domain.Member) (*domain.Member, error) {
if !member.IsValid() {
return nil, errors.ThrowInvalidArgument(nil, "Org-LiaZi", "Errors.Org.MemberInvalid")
@@ -128,6 +128,9 @@ func (c *Commands) ChangeOrgMember(ctx context.Context, member *domain.Member) (
}
orgAgg := OrgAggregateFromWriteModel(&existingMember.MemberWriteModel.WriteModel)
pushedEvents, err := c.eventstore.Push(ctx, org.NewMemberChangedEvent(ctx, orgAgg, member.UserID, member.Roles...))
if err != nil {
return nil, err
}
err = AppendAndReduce(existingMember, pushedEvents...)
if err != nil {
return nil, err

2
internal/command/org_model.go
View File

@@ -41,7 +41,7 @@ func (wm *OrgWriteModel) Reduce() error {
wm.PrimaryDomain = e.Domain
}
}
return nil
return wm.WriteModel.Reduce()
}
func (wm *OrgWriteModel) Query() *eventstore.SearchQueryBuilder {

4
internal/command/org_policy_login_factors_model.go
View File

@@ -161,10 +161,10 @@ func (wm *OrgAuthFactorsAllowedWriteModel) Reduce() error {
wm.ensureMultiFactor(e.MFAType)
wm.MultiFactors[e.MFAType].Org = domain.FactorStateRemoved
case *org.LoginPolicyRemovedEvent:
for factorType, _ := range wm.SecondFactors {
for factorType := range wm.SecondFactors {
wm.SecondFactors[factorType].Org = domain.FactorStateRemoved
}
for factorType, _ := range wm.MultiFactors {
for factorType := range wm.MultiFactors {
wm.MultiFactors[factorType].Org = domain.FactorStateRemoved
}
}

272
internal/command/org_test.go
View File

@@ -17,6 +17,7 @@ import (
id_mock "github.com/zitadel/zitadel/internal/id/mock"
"github.com/zitadel/zitadel/internal/repository/member"
"github.com/zitadel/zitadel/internal/repository/org"
"github.com/zitadel/zitadel/internal/repository/project"
"github.com/zitadel/zitadel/internal/repository/user"
)
@@ -1006,3 +1007,274 @@ func TestCommandSide_ReactivateOrg(t *testing.T) {
})
}
}
func TestCommandSide_RemoveOrg(t *testing.T) {
type fields struct {
eventstore *eventstore.Eventstore
idGenerator id.Generator
}
type args struct {
ctx context.Context
orgID string
}
type res struct {
err func(error) bool
}
tests := []struct {
name string
fields fields
args args
res res
}{
{
name: "org not found, error",
fields: fields{
eventstore: eventstoreExpect(
t,
expectFilter(),
),
},
args: args{
ctx: context.Background(),
orgID: "org1",
},
res: res{
err: errors.IsNotFound,
},
},
{
name: "org already removed, error",
fields: fields{
eventstore: eventstoreExpect(
t,
expectFilter(
eventFromEventPusher(
org.NewOrgAddedEvent(context.Background(),
&org.NewAggregate("org1").Aggregate,
"org"),
),
eventFromEventPusher(
org.NewOrgRemovedEvent(context.Background(),
&org.NewAggregate("org1").Aggregate,
"org", []string{}, false, []string{}, []*domain.UserIDPLink{}, []string{}),
),
),
),
},
args: args{
ctx: context.Background(),
orgID: "org1",
},
res: res{
err: errors.IsNotFound,
},
},
{
name: "push failed, error",
fields: fields{
eventstore: eventstoreExpect(
t,
expectFilter(
eventFromEventPusher(
org.NewOrgAddedEvent(context.Background(),
&org.NewAggregate("org1").Aggregate,
"org"),
),
),
expectFilter(
eventFromEventPusher(
org.NewDomainPolicyAddedEvent(context.Background(),
&org.NewAggregate("org1").Aggregate,
true,
true,
true,
),
),
),
expectFilter(),
expectFilter(),
expectFilter(),
expectFilter(),
expectPushFailed(
errors.ThrowInternal(nil, "id", "message"),
[]*repository.Event{
eventFromEventPusher(
org.NewOrgRemovedEvent(
context.Background(), &org.NewAggregate("org1").Aggregate, "org", []string{}, false, []string{}, []*domain.UserIDPLink{}, []string{},
),
),
},
uniqueConstraintsFromEventConstraint(org.NewRemoveOrgNameUniqueConstraint("org")),
),
),
},
args: args{
ctx: context.Background(),
orgID: "org1",
},
res: res{
err: errors.IsInternal,
},
},
{
name: "remove org",
fields: fields{
eventstore: eventstoreExpect(
t,
expectFilter(
eventFromEventPusher(
org.NewOrgAddedEvent(context.Background(),
&org.NewAggregate("org1").Aggregate,
"org"),
),
),
expectFilter(
eventFromEventPusher(
org.NewDomainPolicyAddedEvent(context.Background(),
&org.NewAggregate("org1").Aggregate,
true,
true,
true,
),
),
),
expectFilter(),
expectFilter(),
expectFilter(),
expectFilter(),
expectPush(
[]*repository.Event{
eventFromEventPusher(
org.NewOrgRemovedEvent(
context.Background(), &org.NewAggregate("org1").Aggregate, "org", []string{}, false, []string{}, []*domain.UserIDPLink{}, []string{},
),
),
},
uniqueConstraintsFromEventConstraint(org.NewRemoveOrgNameUniqueConstraint("org")),
),
),
},
args: args{
ctx: context.Background(),
orgID: "org1",
},
res: res{},
},
{
name: "remove org with usernames and domains",
fields: fields{
eventstore: eventstoreExpect(
t,
expectFilter(
eventFromEventPusher(
org.NewOrgAddedEvent(context.Background(),
&org.NewAggregate("org1").Aggregate,
"org"),
),
),
expectFilter(
eventFromEventPusher(
org.NewDomainPolicyAddedEvent(context.Background(),
&org.NewAggregate("org1").Aggregate,
true,
true,
true,
),
),
),
expectFilter(
eventFromEventPusher(
user.NewHumanAddedEvent(context.Background(),
&user.NewAggregate("user1", "org1").Aggregate,
"user1",
"firstname1",
"lastname1",
"nickname1",
"displayname1",
language.German,
domain.GenderMale,
"email1",
true,
),
), eventFromEventPusher(
user.NewMachineAddedEvent(context.Background(),
&user.NewAggregate("user2", "org1").Aggregate,
"user2",
"name",
"description",
true,
),
),
),
expectFilter(
eventFromEventPusher(
org.NewDomainVerifiedEvent(context.Background(), &org.NewAggregate("org1").Aggregate, "domain1"),
),
eventFromEventPusher(
org.NewDomainVerifiedEvent(context.Background(), &org.NewAggregate("org1").Aggregate, "domain2"),
),
),
expectFilter(
eventFromEventPusher(
user.NewUserIDPLinkAddedEvent(context.Background(), &user.NewAggregate("user1", "org1").Aggregate, "config1", "display1", "id1"),
),
eventFromEventPusher(
user.NewUserIDPLinkAddedEvent(context.Background(), &user.NewAggregate("user2", "org1").Aggregate, "config2", "display2", "id2"),
),
),
expectFilter(
eventFromEventPusher(
project.NewSAMLConfigAddedEvent(context.Background(), &project.NewAggregate("project1", "org1").Aggregate, "app1", "entity1", []byte{}, ""),
),
eventFromEventPusher(
project.NewSAMLConfigAddedEvent(context.Background(), &project.NewAggregate("project2", "org1").Aggregate, "app2", "entity2", []byte{}, ""),
),
),
expectPush(
[]*repository.Event{
eventFromEventPusher(
org.NewOrgRemovedEvent(context.Background(), &org.NewAggregate("org1").Aggregate, "org",
[]string{"user1", "user2"},
false,
[]string{"domain1", "domain2"},
[]*domain.UserIDPLink{{IDPConfigID: "config1", ExternalUserID: "id1", DisplayName: "display1"}, {IDPConfigID: "config2", ExternalUserID: "id2", DisplayName: "display2"}},
[]string{"entity1", "entity2"},
),
),
},
uniqueConstraintsFromEventConstraint(org.NewRemoveOrgNameUniqueConstraint("org")),
uniqueConstraintsFromEventConstraint(user.NewRemoveUsernameUniqueConstraint("user1", "org1", true)),
uniqueConstraintsFromEventConstraint(user.NewRemoveUsernameUniqueConstraint("user2", "org1", true)),
uniqueConstraintsFromEventConstraint(org.NewRemoveOrgDomainUniqueConstraint("domain1")),
uniqueConstraintsFromEventConstraint(org.NewRemoveOrgDomainUniqueConstraint("domain2")),
uniqueConstraintsFromEventConstraint(user.NewRemoveUserIDPLinkUniqueConstraint("config1", "id1")),
uniqueConstraintsFromEventConstraint(user.NewRemoveUserIDPLinkUniqueConstraint("config2", "id2")),
uniqueConstraintsFromEventConstraint(project.NewRemoveSAMLConfigEntityIDUniqueConstraint("entity1")),
uniqueConstraintsFromEventConstraint(project.NewRemoveSAMLConfigEntityIDUniqueConstraint("entity2")),
),
),
},
args: args{
ctx: context.Background(),
orgID: "org1",
},
res: res{},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
r := &Commands{
eventstore: tt.fields.eventstore,
idGenerator: tt.fields.idGenerator,
}
_, err := r.RemoveOrg(tt.args.ctx, tt.args.orgID)
if tt.res.err == nil {
assert.NoError(t, err)
}
if tt.res.err != nil && !tt.res.err(err) {
t.Errorf("got wrong err: %v ", err)
}
})
}
}

33
internal/command/project.go
View File

@@ -9,7 +9,6 @@ import (
"github.com/zitadel/zitadel/internal/command/preparation"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/errors"
caos_errs "github.com/zitadel/zitadel/internal/errors"
"github.com/zitadel/zitadel/internal/eventstore"
"github.com/zitadel/zitadel/internal/repository/project"
)
@@ -20,14 +19,14 @@ func (c *Commands) AddProjectWithID(ctx context.Context, project *domain.Project
return nil, err
}
if existingProject.State != domain.ProjectStateUnspecified {
return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-opamwu", "Errors.Project.AlreadyExisting")
return nil, errors.ThrowInvalidArgument(nil, "COMMAND-opamwu", "Errors.Project.AlreadyExisting")
}
return c.addProjectWithID(ctx, project, resourceOwner, projectID)
}
func (c *Commands) AddProject(ctx context.Context, project *domain.Project, resourceOwner, ownerUserID string) (_ *domain.Project, err error) {
if !project.IsValid() {
return nil, caos_errs.ThrowInvalidArgument(nil, "PROJECT-IOVCC", "Errors.Project.Invalid")
return nil, errors.ThrowInvalidArgument(nil, "PROJECT-IOVCC", "Errors.Project.Invalid")
}
projectID, err := c.idGenerator.Next()
@@ -67,7 +66,7 @@ func (c *Commands) addProjectWithID(ctx context.Context, projectAdd *domain.Proj
func (c *Commands) addProjectWithIDWithOwner(ctx context.Context, projectAdd *domain.Project, resourceOwner, ownerUserID, projectID string) (_ *domain.Project, err error) {
if !projectAdd.IsValid() {
return nil, caos_errs.ThrowInvalidArgument(nil, "PROJECT-IOVCC", "Errors.Project.Invalid")
return nil, errors.ThrowInvalidArgument(nil, "PROJECT-IOVCC", "Errors.Project.Invalid")
}
projectAdd.AggregateID = projectID
addedProject := NewProjectWriteModel(projectAdd.AggregateID, resourceOwner)
@@ -154,7 +153,7 @@ func (c *Commands) getProjectByID(ctx context.Context, projectID, resourceOwner
return nil, err
}
if projectWriteModel.State == domain.ProjectStateUnspecified || projectWriteModel.State == domain.ProjectStateRemoved {
return nil, caos_errs.ThrowNotFound(nil, "PROJECT-Gd2hh", "Errors.Project.NotFound")
return nil, errors.ThrowNotFound(nil, "PROJECT-Gd2hh", "Errors.Project.NotFound")
}
return projectWriteModelToProject(projectWriteModel), nil
}
@@ -165,14 +164,14 @@ func (c *Commands) checkProjectExists(ctx context.Context, projectID, resourceOw
return err
}
if projectWriteModel.State == domain.ProjectStateUnspecified || projectWriteModel.State == domain.ProjectStateRemoved {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-EbFMN", "Errors.Project.NotFound")
return errors.ThrowPreconditionFailed(nil, "COMMAND-EbFMN", "Errors.Project.NotFound")
}
return nil
}
func (c *Commands) ChangeProject(ctx context.Context, projectChange *domain.Project, resourceOwner string) (*domain.Project, error) {
if !projectChange.IsValid() || projectChange.AggregateID == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-4m9vS", "Errors.Project.Invalid")
return nil, errors.ThrowInvalidArgument(nil, "COMMAND-4m9vS", "Errors.Project.Invalid")
}
existingProject, err := c.getProjectWriteModelByID(ctx, projectChange.AggregateID, resourceOwner)
@@ -180,7 +179,7 @@ func (c *Commands) ChangeProject(ctx context.Context, projectChange *domain.Proj
return nil, err
}
if existingProject.State == domain.ProjectStateUnspecified || existingProject.State == domain.ProjectStateRemoved {
return nil, caos_errs.ThrowNotFound(nil, "COMMAND-3M9sd", "Errors.Project.NotFound")
return nil, errors.ThrowNotFound(nil, "COMMAND-3M9sd", "Errors.Project.NotFound")
}
projectAgg := ProjectAggregateFromWriteModel(&existingProject.WriteModel)
@@ -196,7 +195,7 @@ func (c *Commands) ChangeProject(ctx context.Context, projectChange *domain.Proj
return nil, err
}
if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-2M0fs", "Errors.NoChangesFound")
return nil, errors.ThrowPreconditionFailed(nil, "COMMAND-2M0fs", "Errors.NoChangesFound")
}
pushedEvents, err := c.eventstore.Push(ctx, changedEvent)
if err != nil {
@@ -211,7 +210,7 @@ func (c *Commands) ChangeProject(ctx context.Context, projectChange *domain.Proj
func (c *Commands) DeactivateProject(ctx context.Context, projectID string, resourceOwner string) (*domain.ObjectDetails, error) {
if projectID == "" || resourceOwner == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-88iF0", "Errors.Project.ProjectIDMissing")
return nil, errors.ThrowInvalidArgument(nil, "COMMAND-88iF0", "Errors.Project.ProjectIDMissing")
}
existingProject, err := c.getProjectWriteModelByID(ctx, projectID, resourceOwner)
@@ -219,10 +218,10 @@ func (c *Commands) DeactivateProject(ctx context.Context, projectID string, reso
return nil, err
}
if existingProject.State == domain.ProjectStateUnspecified || existingProject.State == domain.ProjectStateRemoved {
return nil, caos_errs.ThrowNotFound(nil, "COMMAND-112M9", "Errors.Project.NotFound")
return nil, errors.ThrowNotFound(nil, "COMMAND-112M9", "Errors.Project.NotFound")
}
if existingProject.State != domain.ProjectStateActive {
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-mki55", "Errors.Project.NotActive")
return nil, errors.ThrowPreconditionFailed(nil, "COMMAND-mki55", "Errors.Project.NotActive")
}
projectAgg := ProjectAggregateFromWriteModel(&existingProject.WriteModel)
@@ -239,7 +238,7 @@ func (c *Commands) DeactivateProject(ctx context.Context, projectID string, reso
func (c *Commands) ReactivateProject(ctx context.Context, projectID string, resourceOwner string) (*domain.ObjectDetails, error) {
if projectID == "" || resourceOwner == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-3ihsF", "Errors.Project.ProjectIDMissing")
return nil, errors.ThrowInvalidArgument(nil, "COMMAND-3ihsF", "Errors.Project.ProjectIDMissing")
}
existingProject, err := c.getProjectWriteModelByID(ctx, projectID, resourceOwner)
@@ -247,10 +246,10 @@ func (c *Commands) ReactivateProject(ctx context.Context, projectID string, reso
return nil, err
}
if existingProject.State == domain.ProjectStateUnspecified || existingProject.State == domain.ProjectStateRemoved {
return nil, caos_errs.ThrowNotFound(nil, "COMMAND-3M9sd", "Errors.Project.NotFound")
return nil, errors.ThrowNotFound(nil, "COMMAND-3M9sd", "Errors.Project.NotFound")
}
if existingProject.State != domain.ProjectStateInactive {
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-5M9bs", "Errors.Project.NotInactive")
return nil, errors.ThrowPreconditionFailed(nil, "COMMAND-5M9bs", "Errors.Project.NotInactive")
}
projectAgg := ProjectAggregateFromWriteModel(&existingProject.WriteModel)
@@ -267,7 +266,7 @@ func (c *Commands) ReactivateProject(ctx context.Context, projectID string, reso
func (c *Commands) RemoveProject(ctx context.Context, projectID, resourceOwner string, cascadingUserGrantIDs ...string) (*domain.ObjectDetails, error) {
if projectID == "" || resourceOwner == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-66hM9", "Errors.Project.ProjectIDMissing")
return nil, errors.ThrowInvalidArgument(nil, "COMMAND-66hM9", "Errors.Project.ProjectIDMissing")
}
existingProject, err := c.getProjectWriteModelByID(ctx, projectID, resourceOwner)
@@ -275,7 +274,7 @@ func (c *Commands) RemoveProject(ctx context.Context, projectID, resourceOwner s
return nil, err
}
if existingProject.State == domain.ProjectStateUnspecified || existingProject.State == domain.ProjectStateRemoved {
return nil, caos_errs.ThrowNotFound(nil, "COMMAND-3M9sd", "Errors.Project.NotFound")
return nil, errors.ThrowNotFound(nil, "COMMAND-3M9sd", "Errors.Project.NotFound")
}
samlEntityIDsAgg, err := c.getSAMLEntityIdsWriteModelByProjectID(ctx, projectID, resourceOwner)

35
internal/command/project_application_oidc.go
View File

@@ -12,7 +12,6 @@ import (
"github.com/zitadel/zitadel/internal/crypto"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/errors"
caos_errs "github.com/zitadel/zitadel/internal/errors"
"github.com/zitadel/zitadel/internal/eventstore"
project_repo "github.com/zitadel/zitadel/internal/repository/project"
"github.com/zitadel/zitadel/internal/telemetry/tracing"
@@ -122,12 +121,12 @@ func (c *Commands) AddOIDCApplicationWithID(ctx context.Context, oidcApp *domain
return nil, err
}
if existingApp.State != domain.AppStateUnspecified {
return nil, caos_errs.ThrowPreconditionFailed(nil, "PROJECT-lxowmp", "Errors.Project.App.AlreadyExisting")
return nil, errors.ThrowPreconditionFailed(nil, "PROJECT-lxowmp", "Errors.Project.App.AlreadyExisting")
}
project, err := c.getProjectByID(ctx, oidcApp.AggregateID, resourceOwner)
if err != nil {
return nil, caos_errs.ThrowPreconditionFailed(err, "PROJECT-3m9s2", "Errors.Project.NotFound")
return nil, errors.ThrowPreconditionFailed(err, "PROJECT-3m9s2", "Errors.Project.NotFound")
}
return c.addOIDCApplicationWithID(ctx, oidcApp, resourceOwner, project, appID, appSecretGenerator)
@@ -135,15 +134,15 @@ func (c *Commands) AddOIDCApplicationWithID(ctx context.Context, oidcApp *domain
func (c *Commands) AddOIDCApplication(ctx context.Context, oidcApp *domain.OIDCApp, resourceOwner string, appSecretGenerator crypto.Generator) (_ *domain.OIDCApp, err error) {
if oidcApp == nil || oidcApp.AggregateID == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "PROJECT-34Fm0", "Errors.Project.App.Invalid")
return nil, errors.ThrowInvalidArgument(nil, "PROJECT-34Fm0", "Errors.Project.App.Invalid")
}
project, err := c.getProjectByID(ctx, oidcApp.AggregateID, resourceOwner)
if err != nil {
return nil, caos_errs.ThrowPreconditionFailed(err, "PROJECT-3m9ss", "Errors.Project.NotFound")
return nil, errors.ThrowPreconditionFailed(err, "PROJECT-3m9ss", "Errors.Project.NotFound")
}
if oidcApp.AppName == "" || !oidcApp.IsValid() {
return nil, caos_errs.ThrowInvalidArgument(nil, "PROJECT-1n8df", "Errors.Project.App.Invalid")
return nil, errors.ThrowInvalidArgument(nil, "PROJECT-1n8df", "Errors.Project.App.Invalid")
}
appID, err := c.idGenerator.Next()
@@ -211,7 +210,7 @@ func (c *Commands) addOIDCApplicationWithID(ctx context.Context, oidcApp *domain
func (c *Commands) ChangeOIDCApplication(ctx context.Context, oidc *domain.OIDCApp, resourceOwner string) (*domain.OIDCApp, error) {
if !oidc.IsValid() || oidc.AppID == "" || oidc.AggregateID == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-5m9fs", "Errors.Project.App.OIDCConfigInvalid")
return nil, errors.ThrowInvalidArgument(nil, "COMMAND-5m9fs", "Errors.Project.App.OIDCConfigInvalid")
}
existingOIDC, err := c.getOIDCAppWriteModel(ctx, oidc.AggregateID, oidc.AppID, resourceOwner)
@@ -219,10 +218,10 @@ func (c *Commands) ChangeOIDCApplication(ctx context.Context, oidc *domain.OIDCA
return nil, err
}
if existingOIDC.State == domain.AppStateUnspecified || existingOIDC.State == domain.AppStateRemoved {
return nil, caos_errs.ThrowNotFound(nil, "COMMAND-2n8uU", "Errors.Project.App.NotExisting")
return nil, errors.ThrowNotFound(nil, "COMMAND-2n8uU", "Errors.Project.App.NotExisting")
}
if !existingOIDC.IsOIDC() {
return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-GBr34", "Errors.Project.App.IsNotOIDC")
return nil, errors.ThrowInvalidArgument(nil, "COMMAND-GBr34", "Errors.Project.App.IsNotOIDC")
}
projectAgg := ProjectAggregateFromWriteModel(&existingOIDC.WriteModel)
changedEvent, hasChanged, err := existingOIDC.NewChangedEvent(
@@ -247,7 +246,7 @@ func (c *Commands) ChangeOIDCApplication(ctx context.Context, oidc *domain.OIDCA
return nil, err
}
if !hasChanged {
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-1m88i", "Errors.NoChangesFound")
return nil, errors.ThrowPreconditionFailed(nil, "COMMAND-1m88i", "Errors.NoChangesFound")
}
pushedEvents, err := c.eventstore.Push(ctx, changedEvent)
@@ -266,7 +265,7 @@ func (c *Commands) ChangeOIDCApplication(ctx context.Context, oidc *domain.OIDCA
func (c *Commands) ChangeOIDCApplicationSecret(ctx context.Context, projectID, appID, resourceOwner string, appSecretGenerator crypto.Generator) (*domain.OIDCApp, error) {
if projectID == "" || appID == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-99i83", "Errors.IDMissing")
return nil, errors.ThrowInvalidArgument(nil, "COMMAND-99i83", "Errors.IDMissing")
}
existingOIDC, err := c.getOIDCAppWriteModel(ctx, projectID, appID, resourceOwner)
@@ -274,10 +273,10 @@ func (c *Commands) ChangeOIDCApplicationSecret(ctx context.Context, projectID, a
return nil, err
}
if existingOIDC.State == domain.AppStateUnspecified || existingOIDC.State == domain.AppStateRemoved {
return nil, caos_errs.ThrowNotFound(nil, "COMMAND-2g66f", "Errors.Project.App.NotExisting")
return nil, errors.ThrowNotFound(nil, "COMMAND-2g66f", "Errors.Project.App.NotExisting")
}
if !existingOIDC.IsOIDC() {
return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-Ghrh3", "Errors.Project.App.IsNotOIDC")
return nil, errors.ThrowInvalidArgument(nil, "COMMAND-Ghrh3", "Errors.Project.App.IsNotOIDC")
}
cryptoSecret, stringPW, err := domain.NewClientSecret(appSecretGenerator)
if err != nil {
@@ -309,13 +308,13 @@ func (c *Commands) VerifyOIDCClientSecret(ctx context.Context, projectID, appID,
return err
}
if !app.State.Exists() {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-D6hba", "Errors.Project.App.NotExisting")
return errors.ThrowPreconditionFailed(nil, "COMMAND-D6hba", "Errors.Project.App.NotExisting")
}
if !app.IsOIDC() {
return caos_errs.ThrowInvalidArgument(nil, "COMMAND-BHgn2", "Errors.Project.App.IsNotOIDC")
return errors.ThrowInvalidArgument(nil, "COMMAND-BHgn2", "Errors.Project.App.IsNotOIDC")
}
if app.ClientSecret == nil {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-D6hba", "Errors.Project.App.OIDCConfigInvalid")
return errors.ThrowPreconditionFailed(nil, "COMMAND-D6hba", "Errors.Project.App.OIDCConfigInvalid")
}
projectAgg := ProjectAggregateFromWriteModel(&app.WriteModel)
@@ -327,8 +326,8 @@ func (c *Commands) VerifyOIDCClientSecret(ctx context.Context, projectID, appID,
return err
}
_, err = c.eventstore.Push(ctx, project_repo.NewOIDCConfigSecretCheckFailedEvent(ctx, projectAgg, app.AppID))
logging.New().OnError(err).Error("could not push event OIDCClientSecretCheckFailed")
return caos_errs.ThrowInvalidArgument(nil, "COMMAND-Bz542", "Errors.Project.App.ClientSecretInvalid")
logging.OnError(err).Error("could not push event OIDCClientSecretCheckFailed")
return errors.ThrowInvalidArgument(nil, "COMMAND-Bz542", "Errors.Project.App.ClientSecretInvalid")
}
func (c *Commands) getOIDCAppWriteModel(ctx context.Context, projectID, appID, resourceOwner string) (*OIDCApplicationWriteModel, error) {

1
internal/command/project_grant.go
View File

@@ -5,6 +5,7 @@ import (
"reflect"
"github.com/zitadel/logging"
"github.com/zitadel/zitadel/internal/domain"
caos_errs "github.com/zitadel/zitadel/internal/errors"
"github.com/zitadel/zitadel/internal/eventstore"

50
internal/command/project_test.go
View File

@@ -6,16 +6,14 @@ import (
"github.com/stretchr/testify/assert"
id_mock "github.com/zitadel/zitadel/internal/id/mock"
"github.com/zitadel/zitadel/internal/repository/member"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/errors"
caos_errs "github.com/zitadel/zitadel/internal/errors"
"github.com/zitadel/zitadel/internal/eventstore"
"github.com/zitadel/zitadel/internal/eventstore/repository"
"github.com/zitadel/zitadel/internal/eventstore/v1/models"
"github.com/zitadel/zitadel/internal/id"
id_mock "github.com/zitadel/zitadel/internal/id/mock"
"github.com/zitadel/zitadel/internal/repository/member"
"github.com/zitadel/zitadel/internal/repository/project"
)
@@ -53,7 +51,7 @@ func TestCommandSide_AddProject(t *testing.T) {
resourceOwner: "org1",
},
res: res{
err: caos_errs.IsErrorInvalidArgument,
err: errors.IsErrorInvalidArgument,
},
},
{
@@ -61,7 +59,7 @@ func TestCommandSide_AddProject(t *testing.T) {
fields: fields{
eventstore: eventstoreExpect(
t,
expectPushFailed(caos_errs.ThrowAlreadyExists(nil, "ERROR", "internl"),
expectPushFailed(errors.ThrowAlreadyExists(nil, "ERROR", "internl"),
[]*repository.Event{
eventFromEventPusher(project.NewProjectAddedEvent(
context.Background(),
@@ -97,7 +95,7 @@ func TestCommandSide_AddProject(t *testing.T) {
ownerID: "user1",
},
res: res{
err: caos_errs.IsErrorAlreadyExists,
err: errors.IsErrorAlreadyExists,
},
},
{
@@ -211,7 +209,7 @@ func TestCommandSide_ChangeProject(t *testing.T) {
resourceOwner: "org1",
},
res: res{
err: caos_errs.IsErrorInvalidArgument,
err: errors.IsErrorInvalidArgument,
},
},
{
@@ -229,7 +227,7 @@ func TestCommandSide_ChangeProject(t *testing.T) {
resourceOwner: "org1",
},
res: res{
err: caos_errs.IsErrorInvalidArgument,
err: errors.IsErrorInvalidArgument,
},
},
{
@@ -251,7 +249,7 @@ func TestCommandSide_ChangeProject(t *testing.T) {
resourceOwner: "org1",
},
res: res{
err: caos_errs.IsNotFound,
err: errors.IsNotFound,
},
},
{
@@ -286,7 +284,7 @@ func TestCommandSide_ChangeProject(t *testing.T) {
resourceOwner: "org1",
},
res: res{
err: caos_errs.IsNotFound,
err: errors.IsNotFound,
},
},
{
@@ -319,7 +317,7 @@ func TestCommandSide_ChangeProject(t *testing.T) {
resourceOwner: "org1",
},
res: res{
err: caos_errs.IsPreconditionFailed,
err: errors.IsPreconditionFailed,
},
},
{
@@ -492,7 +490,7 @@ func TestCommandSide_DeactivateProject(t *testing.T) {
resourceOwner: "org1",
},
res: res{
err: caos_errs.IsErrorInvalidArgument,
err: errors.IsErrorInvalidArgument,
},
},
{
@@ -508,7 +506,7 @@ func TestCommandSide_DeactivateProject(t *testing.T) {
resourceOwner: "",
},
res: res{
err: caos_errs.IsErrorInvalidArgument,
err: errors.IsErrorInvalidArgument,
},
},
{
@@ -525,7 +523,7 @@ func TestCommandSide_DeactivateProject(t *testing.T) {
resourceOwner: "org1",
},
res: res{
err: caos_errs.IsNotFound,
err: errors.IsNotFound,
},
},
{
@@ -555,7 +553,7 @@ func TestCommandSide_DeactivateProject(t *testing.T) {
resourceOwner: "org1",
},
res: res{
err: caos_errs.IsNotFound,
err: errors.IsNotFound,
},
},
{
@@ -583,7 +581,7 @@ func TestCommandSide_DeactivateProject(t *testing.T) {
resourceOwner: "org1",
},
res: res{
err: caos_errs.IsPreconditionFailed,
err: errors.IsPreconditionFailed,
},
},
{
@@ -672,7 +670,7 @@ func TestCommandSide_ReactivateProject(t *testing.T) {
resourceOwner: "org1",
},
res: res{
err: caos_errs.IsErrorInvalidArgument,
err: errors.IsErrorInvalidArgument,
},
},
{
@@ -688,7 +686,7 @@ func TestCommandSide_ReactivateProject(t *testing.T) {
resourceOwner: "",
},
res: res{
err: caos_errs.IsErrorInvalidArgument,
err: errors.IsErrorInvalidArgument,
},
},
{
@@ -705,7 +703,7 @@ func TestCommandSide_ReactivateProject(t *testing.T) {
resourceOwner: "org1",
},
res: res{
err: caos_errs.IsNotFound,
err: errors.IsNotFound,
},
},
{
@@ -735,7 +733,7 @@ func TestCommandSide_ReactivateProject(t *testing.T) {
resourceOwner: "org1",
},
res: res{
err: caos_errs.IsNotFound,
err: errors.IsNotFound,
},
},
{
@@ -759,7 +757,7 @@ func TestCommandSide_ReactivateProject(t *testing.T) {
resourceOwner: "org1",
},
res: res{
err: caos_errs.IsPreconditionFailed,
err: errors.IsPreconditionFailed,
},
},
{
@@ -852,7 +850,7 @@ func TestCommandSide_RemoveProject(t *testing.T) {
resourceOwner: "org1",
},
res: res{
err: caos_errs.IsErrorInvalidArgument,
err: errors.IsErrorInvalidArgument,
},
},
{
@@ -868,7 +866,7 @@ func TestCommandSide_RemoveProject(t *testing.T) {
resourceOwner: "",
},
res: res{
err: caos_errs.IsErrorInvalidArgument,
err: errors.IsErrorInvalidArgument,
},
},
{
@@ -885,7 +883,7 @@ func TestCommandSide_RemoveProject(t *testing.T) {
resourceOwner: "org1",
},
res: res{
err: caos_errs.IsNotFound,
err: errors.IsNotFound,
},
},
{
@@ -915,7 +913,7 @@ func TestCommandSide_RemoveProject(t *testing.T) {
resourceOwner: "org1",
},
res: res{
err: caos_errs.IsNotFound,
err: errors.IsNotFound,
},
},
{

60
internal/command/user.go
View File

@@ -12,7 +12,7 @@ import (
"github.com/zitadel/zitadel/internal/command/preparation"
"github.com/zitadel/zitadel/internal/crypto"
"github.com/zitadel/zitadel/internal/domain"
caos_errs "github.com/zitadel/zitadel/internal/errors"
"github.com/zitadel/zitadel/internal/errors"
"github.com/zitadel/zitadel/internal/eventstore"
"github.com/zitadel/zitadel/internal/eventstore/v1/models"
"github.com/zitadel/zitadel/internal/repository/user"
@@ -22,7 +22,7 @@ import (
func (c *Commands) ChangeUsername(ctx context.Context, orgID, userID, userName string) (*domain.ObjectDetails, error) {
userName = strings.TrimSpace(userName)
if orgID == "" || userID == "" || userName == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-2N9fs", "Errors.IDMissing")
return nil, errors.ThrowInvalidArgument(nil, "COMMAND-2N9fs", "Errors.IDMissing")
}
existingUser, err := c.userWriteModelByID(ctx, userID, orgID)
@@ -31,16 +31,16 @@ func (c *Commands) ChangeUsername(ctx context.Context, orgID, userID, userName s
}
if !isUserStateExists(existingUser.UserState) {
return nil, caos_errs.ThrowNotFound(nil, "COMMAND-5N9ds", "Errors.User.NotFound")
return nil, errors.ThrowNotFound(nil, "COMMAND-5N9ds", "Errors.User.NotFound")
}
if existingUser.UserName == userName {
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-6m9gs", "Errors.User.UsernameNotChanged")
return nil, errors.ThrowPreconditionFailed(nil, "COMMAND-6m9gs", "Errors.User.UsernameNotChanged")
}
domainPolicy, err := c.getOrgDomainPolicy(ctx, orgID)
if err != nil {
return nil, caos_errs.ThrowPreconditionFailed(err, "COMMAND-38fnu", "Errors.Org.DomainPolicy.NotExisting")
return nil, errors.ThrowPreconditionFailed(err, "COMMAND-38fnu", "Errors.Org.DomainPolicy.NotExisting")
}
if err := CheckDomainPolicyForUserName(userName, domainPolicy); err != nil {
@@ -62,7 +62,7 @@ func (c *Commands) ChangeUsername(ctx context.Context, orgID, userID, userName s
func (c *Commands) DeactivateUser(ctx context.Context, userID, resourceOwner string) (*domain.ObjectDetails, error) {
if userID == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-m0gDf", "Errors.User.UserIDMissing")
return nil, errors.ThrowInvalidArgument(nil, "COMMAND-m0gDf", "Errors.User.UserIDMissing")
}
existingUser, err := c.userWriteModelByID(ctx, userID, resourceOwner)
@@ -70,13 +70,13 @@ func (c *Commands) DeactivateUser(ctx context.Context, userID, resourceOwner str
return nil, err
}
if !isUserStateExists(existingUser.UserState) {
return nil, caos_errs.ThrowNotFound(nil, "COMMAND-3M9ds", "Errors.User.NotFound")
return nil, errors.ThrowNotFound(nil, "COMMAND-3M9ds", "Errors.User.NotFound")
}
if isUserStateInitial(existingUser.UserState) {
return nil, caos_errs.ThrowNotFound(nil, "COMMAND-ke0fw", "Errors.User.CantDeactivateInitial")
return nil, errors.ThrowNotFound(nil, "COMMAND-ke0fw", "Errors.User.CantDeactivateInitial")
}
if isUserStateInactive(existingUser.UserState) {
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-5M0sf", "Errors.User.AlreadyInactive")
return nil, errors.ThrowPreconditionFailed(nil, "COMMAND-5M0sf", "Errors.User.AlreadyInactive")
}
pushedEvents, err := c.eventstore.Push(ctx,
@@ -93,7 +93,7 @@ func (c *Commands) DeactivateUser(ctx context.Context, userID, resourceOwner str
func (c *Commands) ReactivateUser(ctx context.Context, userID, resourceOwner string) (*domain.ObjectDetails, error) {
if userID == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-4M9ds", "Errors.User.UserIDMissing")
return nil, errors.ThrowInvalidArgument(nil, "COMMAND-4M9ds", "Errors.User.UserIDMissing")
}
existingUser, err := c.userWriteModelByID(ctx, userID, resourceOwner)
@@ -101,10 +101,10 @@ func (c *Commands) ReactivateUser(ctx context.Context, userID, resourceOwner str
return nil, err
}
if !isUserStateExists(existingUser.UserState) {
return nil, caos_errs.ThrowNotFound(nil, "COMMAND-4M0sd", "Errors.User.NotFound")
return nil, errors.ThrowNotFound(nil, "COMMAND-4M0sd", "Errors.User.NotFound")
}
if !isUserStateInactive(existingUser.UserState) {
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-6M0sf", "Errors.User.NotInactive")
return nil, errors.ThrowPreconditionFailed(nil, "COMMAND-6M0sf", "Errors.User.NotInactive")
}
pushedEvents, err := c.eventstore.Push(ctx,
@@ -121,7 +121,7 @@ func (c *Commands) ReactivateUser(ctx context.Context, userID, resourceOwner str
func (c *Commands) LockUser(ctx context.Context, userID, resourceOwner string) (*domain.ObjectDetails, error) {
if userID == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-2M0sd", "Errors.User.UserIDMissing")
return nil, errors.ThrowInvalidArgument(nil, "COMMAND-2M0sd", "Errors.User.UserIDMissing")
}
existingUser, err := c.userWriteModelByID(ctx, userID, resourceOwner)
@@ -129,10 +129,10 @@ func (c *Commands) LockUser(ctx context.Context, userID, resourceOwner string) (
return nil, err
}
if !isUserStateExists(existingUser.UserState) {
return nil, caos_errs.ThrowNotFound(nil, "COMMAND-5M9fs", "Errors.User.NotFound")
return nil, errors.ThrowNotFound(nil, "COMMAND-5M9fs", "Errors.User.NotFound")
}
if !hasUserState(existingUser.UserState, domain.UserStateActive, domain.UserStateInitial) {
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-3NN8v", "Errors.User.ShouldBeActiveOrInitial")
return nil, errors.ThrowPreconditionFailed(nil, "COMMAND-3NN8v", "Errors.User.ShouldBeActiveOrInitial")
}
pushedEvents, err := c.eventstore.Push(ctx,
@@ -149,7 +149,7 @@ func (c *Commands) LockUser(ctx context.Context, userID, resourceOwner string) (
func (c *Commands) UnlockUser(ctx context.Context, userID, resourceOwner string) (*domain.ObjectDetails, error) {
if userID == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-M0dse", "Errors.User.UserIDMissing")
return nil, errors.ThrowInvalidArgument(nil, "COMMAND-M0dse", "Errors.User.UserIDMissing")
}
existingUser, err := c.userWriteModelByID(ctx, userID, resourceOwner)
@@ -157,10 +157,10 @@ func (c *Commands) UnlockUser(ctx context.Context, userID, resourceOwner string)
return nil, err
}
if !isUserStateExists(existingUser.UserState) {
return nil, caos_errs.ThrowNotFound(nil, "COMMAND-M0dos", "Errors.User.NotFound")
return nil, errors.ThrowNotFound(nil, "COMMAND-M0dos", "Errors.User.NotFound")
}
if !hasUserState(existingUser.UserState, domain.UserStateLocked) {
return nil, caos_errs.ThrowPreconditionFailed(nil, "COMMAND-4M0ds", "Errors.User.NotLocked")
return nil, errors.ThrowPreconditionFailed(nil, "COMMAND-4M0ds", "Errors.User.NotLocked")
}
pushedEvents, err := c.eventstore.Push(ctx,
@@ -177,7 +177,7 @@ func (c *Commands) UnlockUser(ctx context.Context, userID, resourceOwner string)
func (c *Commands) RemoveUser(ctx context.Context, userID, resourceOwner string, cascadingUserMemberships []*CascadingMembership, cascadingGrantIDs ...string) (*domain.ObjectDetails, error) {
if userID == "" {
return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-2M0ds", "Errors.User.UserIDMissing")
return nil, errors.ThrowInvalidArgument(nil, "COMMAND-2M0ds", "Errors.User.UserIDMissing")
}
existingUser, err := c.userWriteModelByID(ctx, userID, resourceOwner)
@@ -185,12 +185,12 @@ func (c *Commands) RemoveUser(ctx context.Context, userID, resourceOwner string,
return nil, err
}
if !isUserStateExists(existingUser.UserState) {
return nil, caos_errs.ThrowNotFound(nil, "COMMAND-m9od", "Errors.User.NotFound")
return nil, errors.ThrowNotFound(nil, "COMMAND-m9od", "Errors.User.NotFound")
}
domainPolicy, err := c.getOrgDomainPolicy(ctx, existingUser.ResourceOwner)
if err != nil {
return nil, caos_errs.ThrowPreconditionFailed(err, "COMMAND-3M9fs", "Errors.Org.DomainPolicy.NotExisting")
return nil, errors.ThrowPreconditionFailed(err, "COMMAND-3M9fs", "Errors.Org.DomainPolicy.NotExisting")
}
var events []eventstore.Command
userAgg := UserAggregateFromWriteModel(&existingUser.WriteModel)
@@ -226,7 +226,7 @@ func (c *Commands) RemoveUser(ctx context.Context, userID, resourceOwner string,
func (c *Commands) AddUserToken(ctx context.Context, orgID, agentID, clientID, userID string, audience, scopes []string, lifetime time.Duration) (*domain.Token, error) {
if userID == "" { //do not check for empty orgID (JWT Profile requests won't provide it, so service user requests fail)
return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-Dbge4", "Errors.IDMissing")
return nil, errors.ThrowInvalidArgument(nil, "COMMAND-Dbge4", "Errors.IDMissing")
}
userWriteModel := NewUserWriteModel(userID, orgID)
event, accessToken, err := c.addUserToken(ctx, userWriteModel, agentID, clientID, "", audience, scopes, lifetime)
@@ -262,7 +262,7 @@ func (c *Commands) addUserToken(ctx context.Context, userWriteModel *UserWriteMo
return nil, nil, err
}
if !isUserStateExists(userWriteModel.UserState) {
return nil, nil, caos_errs.ThrowNotFound(nil, "COMMAND-1d6Gg", "Errors.User.NotFound")
return nil, nil, errors.ThrowNotFound(nil, "COMMAND-1d6Gg", "Errors.User.NotFound")
}
audience = domain.AddAudScopeToAudience(ctx, audience, scopes)
@@ -297,7 +297,7 @@ func (c *Commands) addUserToken(ctx context.Context, userWriteModel *UserWriteMo
func (c *Commands) removeAccessToken(ctx context.Context, userID, orgID, tokenID string) (*user.UserTokenRemovedEvent, *UserAccessTokenWriteModel, error) {
if userID == "" || orgID == "" || tokenID == "" {
return nil, nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-Dng42", "Errors.IDMissing")
return nil, nil, errors.ThrowInvalidArgument(nil, "COMMAND-Dng42", "Errors.IDMissing")
}
refreshTokenWriteModel := NewUserAccessTokenWriteModel(userID, orgID, tokenID)
err := c.eventstore.FilterToQueryReducer(ctx, refreshTokenWriteModel)
@@ -305,7 +305,7 @@ func (c *Commands) removeAccessToken(ctx context.Context, userID, orgID, tokenID
return nil, nil, err
}
if refreshTokenWriteModel.UserState != domain.UserStateActive {
return nil, nil, caos_errs.ThrowNotFound(nil, "COMMAND-BF4hd", "Errors.User.AccessToken.NotFound")
return nil, nil, errors.ThrowNotFound(nil, "COMMAND-BF4hd", "Errors.User.AccessToken.NotFound")
}
userAgg := UserAggregateFromWriteModel(&refreshTokenWriteModel.WriteModel)
return user.NewUserTokenRemovedEvent(ctx, userAgg, tokenID), refreshTokenWriteModel, nil
@@ -317,7 +317,7 @@ func (c *Commands) userDomainClaimed(ctx context.Context, userID string) (events
return nil, nil, err
}
if existingUser.UserState == domain.UserStateUnspecified || existingUser.UserState == domain.UserStateDeleted {
return nil, nil, caos_errs.ThrowNotFound(nil, "COMMAND-ii9K0", "Errors.User.NotFound")
return nil, nil, errors.ThrowNotFound(nil, "COMMAND-ii9K0", "Errors.User.NotFound")
}
changedUserGrant := NewUserWriteModel(userID, existingUser.ResourceOwner)
userAgg := UserAggregateFromWriteModel(&changedUserGrant.WriteModel)
@@ -347,7 +347,7 @@ func (c *Commands) prepareUserDomainClaimed(ctx context.Context, filter preparat
return nil, err
}
if !userWriteModel.UserState.Exists() {
return nil, caos_errs.ThrowNotFound(nil, "COMMAND-ii9K0", "Errors.User.NotFound")
return nil, errors.ThrowNotFound(nil, "COMMAND-ii9K0", "Errors.User.NotFound")
}
domainPolicy, err := domainPolicyWriteModel(ctx, filter)
if err != nil {
@@ -370,14 +370,14 @@ func (c *Commands) prepareUserDomainClaimed(ctx context.Context, filter preparat
func (c *Commands) UserDomainClaimedSent(ctx context.Context, orgID, userID string) (err error) {
if userID == "" {
return caos_errs.ThrowInvalidArgument(nil, "COMMAND-5m0fs", "Errors.IDMissing")
return errors.ThrowInvalidArgument(nil, "COMMAND-5m0fs", "Errors.IDMissing")
}
existingUser, err := c.userWriteModelByID(ctx, userID, orgID)
if err != nil {
return err
}
if !isUserStateExists(existingUser.UserState) {
return caos_errs.ThrowNotFound(nil, "COMMAND-5m9gK", "Errors.User.NotFound")
return errors.ThrowNotFound(nil, "COMMAND-5m9gK", "Errors.User.NotFound")
}
_, err = c.eventstore.Push(ctx,
@@ -391,7 +391,7 @@ func (c *Commands) checkUserExists(ctx context.Context, userID, resourceOwner st
return err
}
if !isUserStateExists(existingUser.UserState) {
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-uXHNj", "Errors.User.NotFound")
return errors.ThrowPreconditionFailed(nil, "COMMAND-uXHNj", "Errors.User.NotFound")
}
return nil
}

4
internal/command/user_metadata_model.go
View File

@@ -137,9 +137,7 @@ func (wm *UserMetadataByOrgListWriteModel) Reduce() error {
delete(val, e.Key)
}
case *metadata.RemovedAllEvent:
if _, ok := wm.UserMetadata[e.Aggregate().ID]; ok {
delete(wm.UserMetadata, e.Aggregate().ID)
}
delete(wm.UserMetadata, e.Aggregate().ID)
}
}
return wm.WriteModel.Reduce()

68
internal/command/user_test.go
View File

@@ -8,18 +8,16 @@ import (
"github.com/stretchr/testify/assert"
"golang.org/x/text/language"
"github.com/zitadel/zitadel/internal/repository/member"
"github.com/zitadel/zitadel/internal/repository/org"
"github.com/zitadel/zitadel/internal/repository/project"
"github.com/zitadel/zitadel/internal/command/preparation"
"github.com/zitadel/zitadel/internal/domain"
"github.com/zitadel/zitadel/internal/errors"
caos_errs "github.com/zitadel/zitadel/internal/errors"
"github.com/zitadel/zitadel/internal/eventstore"
"github.com/zitadel/zitadel/internal/eventstore/repository"
"github.com/zitadel/zitadel/internal/id"
"github.com/zitadel/zitadel/internal/repository/instance"
"github.com/zitadel/zitadel/internal/repository/member"
"github.com/zitadel/zitadel/internal/repository/org"
"github.com/zitadel/zitadel/internal/repository/project"
"github.com/zitadel/zitadel/internal/repository/user"
)
@@ -59,7 +57,7 @@ func TestCommandSide_UsernameChange(t *testing.T) {
username: "username",
},
res: res{
err: caos_errs.IsErrorInvalidArgument,
err: errors.IsErrorInvalidArgument,
},
},
{
@@ -76,7 +74,7 @@ func TestCommandSide_UsernameChange(t *testing.T) {
username: "username",
},
res: res{
err: caos_errs.IsErrorInvalidArgument,
err: errors.IsErrorInvalidArgument,
},
},
{
@@ -93,7 +91,7 @@ func TestCommandSide_UsernameChange(t *testing.T) {
username: "",
},
res: res{
err: caos_errs.IsErrorInvalidArgument,
err: errors.IsErrorInvalidArgument,
},
},
{
@@ -110,7 +108,7 @@ func TestCommandSide_UsernameChange(t *testing.T) {
username: " ",
},
res: res{
err: caos_errs.IsErrorInvalidArgument,
err: errors.IsErrorInvalidArgument,
},
},
{
@@ -128,7 +126,7 @@ func TestCommandSide_UsernameChange(t *testing.T) {
username: "username",
},
res: res{
err: caos_errs.IsNotFound,
err: errors.IsNotFound,
},
},
{
@@ -161,7 +159,7 @@ func TestCommandSide_UsernameChange(t *testing.T) {
username: "username",
},
res: res{
err: caos_errs.IsPreconditionFailed,
err: errors.IsPreconditionFailed,
},
},
{
@@ -194,7 +192,7 @@ func TestCommandSide_UsernameChange(t *testing.T) {
username: "username ",
},
res: res{
err: caos_errs.IsPreconditionFailed,
err: errors.IsPreconditionFailed,
},
},
{
@@ -227,7 +225,7 @@ func TestCommandSide_UsernameChange(t *testing.T) {
username: "username",
},
res: res{
err: caos_errs.IsPreconditionFailed,
err: errors.IsPreconditionFailed,
},
},
{
@@ -271,7 +269,7 @@ func TestCommandSide_UsernameChange(t *testing.T) {
username: "test@test.ch",
},
res: res{
err: caos_errs.IsPreconditionFailed,
err: errors.IsPreconditionFailed,
},
},
{
@@ -448,7 +446,7 @@ func TestCommandSide_DeactivateUser(t *testing.T) {
userID: "",
},
res: res{
err: caos_errs.IsErrorInvalidArgument,
err: errors.IsErrorInvalidArgument,
},
},
{
@@ -465,7 +463,7 @@ func TestCommandSide_DeactivateUser(t *testing.T) {
userID: "user1",
},
res: res{
err: caos_errs.IsNotFound,
err: errors.IsNotFound,
},
},
{
@@ -502,7 +500,7 @@ func TestCommandSide_DeactivateUser(t *testing.T) {
userID: "user1",
},
res: res{
err: caos_errs.IsPreconditionFailed,
err: errors.IsPreconditionFailed,
},
},
{
@@ -602,7 +600,7 @@ func TestCommandSide_ReactivateUser(t *testing.T) {
userID: "",
},
res: res{
err: caos_errs.IsErrorInvalidArgument,
err: errors.IsErrorInvalidArgument,
},
},
{
@@ -619,7 +617,7 @@ func TestCommandSide_ReactivateUser(t *testing.T) {
userID: "user1",
},
res: res{
err: caos_errs.IsNotFound,
err: errors.IsNotFound,
},
},
{
@@ -651,7 +649,7 @@ func TestCommandSide_ReactivateUser(t *testing.T) {
userID: "user1",
},
res: res{
err: caos_errs.IsPreconditionFailed,
err: errors.IsPreconditionFailed,
},
},
{
@@ -755,7 +753,7 @@ func TestCommandSide_LockUser(t *testing.T) {
userID: "",
},
res: res{
err: caos_errs.IsErrorInvalidArgument,
err: errors.IsErrorInvalidArgument,
},
},
{
@@ -772,7 +770,7 @@ func TestCommandSide_LockUser(t *testing.T) {
userID: "user1",
},
res: res{
err: caos_errs.IsNotFound,
err: errors.IsNotFound,
},
},
{
@@ -809,7 +807,7 @@ func TestCommandSide_LockUser(t *testing.T) {
userID: "user1",
},
res: res{
err: caos_errs.IsPreconditionFailed,
err: errors.IsPreconditionFailed,
},
},
{
@@ -909,7 +907,7 @@ func TestCommandSide_UnlockUser(t *testing.T) {
userID: "",
},
res: res{
err: caos_errs.IsErrorInvalidArgument,
err: errors.IsErrorInvalidArgument,
},
},
{
@@ -926,7 +924,7 @@ func TestCommandSide_UnlockUser(t *testing.T) {
userID: "user1",
},
res: res{
err: caos_errs.IsNotFound,
err: errors.IsNotFound,
},
},
{
@@ -958,7 +956,7 @@ func TestCommandSide_UnlockUser(t *testing.T) {
userID: "user1",
},
res: res{
err: caos_errs.IsPreconditionFailed,
err: errors.IsPreconditionFailed,
},
},
{
@@ -1065,7 +1063,7 @@ func TestCommandSide_RemoveUser(t *testing.T) {
userID: "",
},
res: res{
err: caos_errs.IsErrorInvalidArgument,
err: errors.IsErrorInvalidArgument,
},
},
{
@@ -1082,7 +1080,7 @@ func TestCommandSide_RemoveUser(t *testing.T) {
userID: "user1",
},
res: res{
err: caos_errs.IsNotFound,
err: errors.IsNotFound,
},
},
{
@@ -1116,7 +1114,7 @@ func TestCommandSide_RemoveUser(t *testing.T) {
userID: "user1",
},
res: res{
err: caos_errs.IsPreconditionFailed,
err: errors.IsPreconditionFailed,
},
},
{
@@ -1423,7 +1421,7 @@ func TestCommandSide_AddUserToken(t *testing.T) {
userID: "",
},
res: res{
err: caos_errs.IsErrorInvalidArgument,
err: errors.IsErrorInvalidArgument,
},
},
{
@@ -1440,7 +1438,7 @@ func TestCommandSide_AddUserToken(t *testing.T) {
userID: "user1",
},
res: res{
err: caos_errs.IsNotFound,
err: errors.IsNotFound,
},
},
}
@@ -1497,7 +1495,7 @@ func TestCommands_RevokeAccessToken(t *testing.T) {
},
res{
nil,
caos_errs.IsErrorInvalidArgument,
errors.IsErrorInvalidArgument,
},
},
{
@@ -1529,7 +1527,7 @@ func TestCommands_RevokeAccessToken(t *testing.T) {
},
res{
nil,
caos_errs.IsNotFound,
errors.IsNotFound,
},
},
{
@@ -1624,7 +1622,7 @@ func TestCommandSide_UserDomainClaimedSent(t *testing.T) {
resourceOwner: "org1",
},
res: res{
err: caos_errs.IsErrorInvalidArgument,
err: errors.IsErrorInvalidArgument,
},
},
{
@@ -1641,7 +1639,7 @@ func TestCommandSide_UserDomainClaimedSent(t *testing.T) {
resourceOwner: "org1",
},
res: res{
err: caos_errs.IsNotFound,
err: errors.IsNotFound,
},
},
{