feat: v2alpha user service idp endpoints (#5879)

* feat: v2alpha user service idp endpoints * feat: v2alpha user service intent endpoints * begin idp intents (callback) * some cleanup * runnable idp authentication * cleanup * proto cleanup * retrieve idp info * improve success and failure handling * some unit tests * grpc unit tests * add permission check AddUserIDPLink * feat: v2alpha intent writemodel refactoring * feat: v2alpha intent writemodel refactoring * feat: v2alpha intent writemodel refactoring * provider from write model * fix idp type model and add integration tests * proto cleanup * fix integration test * add missing import * add more integration tests * auth url test * feat: v2alpha intent writemodel refactoring * remove unused functions * check token on RetrieveIdentityProviderInformation * feat: v2alpha intent writemodel refactoring * fix TestServer_RetrieveIdentityProviderInformation * fix test * i18n and linting * feat: v2alpha intent review changes --------- Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
2025-08-12 00:47:33 +00:00 · 2023-05-24 20:29:58 +02:00
parent 767b3d7e65
commit fa8f191812
35 changed files with 3560 additions and 19 deletions
--- a/internal/api/grpc/user/v2/user_test.go
+++ b/internal/api/grpc/user/v2/user_test.go
@@ -3,11 +3,21 @@ package user
 import (
 	"errors"
 	"testing"
+	"time"

+	"github.com/golang/mock/gomock"
+	"github.com/muhlemmer/gu"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
+	"google.golang.org/protobuf/types/known/timestamppb"

+	"github.com/zitadel/zitadel/internal/api/grpc"
+	"github.com/zitadel/zitadel/internal/command"
+	"github.com/zitadel/zitadel/internal/crypto"
+	"github.com/zitadel/zitadel/internal/domain"
 	caos_errs "github.com/zitadel/zitadel/internal/errors"
+	"github.com/zitadel/zitadel/internal/eventstore"
+	object_pb "github.com/zitadel/zitadel/pkg/grpc/object/v2alpha"
 	user "github.com/zitadel/zitadel/pkg/grpc/user/v2alpha"
 )

@@ -78,3 +88,118 @@ func Test_hashedPasswordToCommand(t *testing.T) {
 		})
 	}
 }
+
+func Test_intentToIDPInformationPb(t *testing.T) {
+	decryption := func(err error) crypto.EncryptionAlgorithm {
+		mCrypto := crypto.NewMockEncryptionAlgorithm(gomock.NewController(t))
+		mCrypto.EXPECT().Algorithm().Return("enc")
+		mCrypto.EXPECT().DecryptionKeyIDs().Return([]string{"id"})
+		mCrypto.EXPECT().DecryptString(gomock.Any(), gomock.Any()).DoAndReturn(
+			func(code []byte, keyID string) (string, error) {
+				if err != nil {
+					return "", err
+				}
+				return string(code), nil
+			})
+		return mCrypto
+	}
+
+	type args struct {
+		intent *command.IDPIntentWriteModel
+		alg    crypto.EncryptionAlgorithm
+	}
+	type res struct {
+		resp *user.RetrieveIdentityProviderInformationResponse
+		err  error
+	}
+	tests := []struct {
+		name string
+		args args
+		res  res
+	}{
+		{
+			"decryption invalid key id error",
+			args{
+				intent: &command.IDPIntentWriteModel{
+					WriteModel: eventstore.WriteModel{
+						AggregateID:       "intentID",
+						ProcessedSequence: 123,
+						ResourceOwner:     "ro",
+						InstanceID:        "instanceID",
+						ChangeDate:        time.Date(2019, 4, 1, 1, 1, 1, 1, time.Local),
+					},
+					IDPID:   "idpID",
+					IDPUser: []byte(`{"id": "id"}`),
+					IDPAccessToken: &crypto.CryptoValue{
+						CryptoType: crypto.TypeEncryption,
+						Algorithm:  "enc",
+						KeyID:      "id",
+						Crypted:    []byte("accessToken"),
+					},
+					IDPIDToken: "idToken",
+					UserID:     "userID",
+					State:      domain.IDPIntentStateSucceeded,
+				},
+				alg: decryption(caos_errs.ThrowInternal(nil, "id", "invalid key id")),
+			},
+			res{
+				resp: nil,
+				err:  caos_errs.ThrowInternal(nil, "id", "invalid key id"),
+			},
+		},
+		{
+			"successful",
+			args{
+				intent: &command.IDPIntentWriteModel{
+					WriteModel: eventstore.WriteModel{
+						AggregateID:       "intentID",
+						ProcessedSequence: 123,
+						ResourceOwner:     "ro",
+						InstanceID:        "instanceID",
+						ChangeDate:        time.Date(2019, 4, 1, 1, 1, 1, 1, time.Local),
+					},
+					IDPID:   "idpID",
+					IDPUser: []byte(`{"id": "id"}`),
+					IDPAccessToken: &crypto.CryptoValue{
+						CryptoType: crypto.TypeEncryption,
+						Algorithm:  "enc",
+						KeyID:      "id",
+						Crypted:    []byte("accessToken"),
+					},
+					IDPIDToken: "idToken",
+					UserID:     "userID",
+					State:      domain.IDPIntentStateSucceeded,
+				},
+				alg: decryption(nil),
+			},
+			res{
+				resp: &user.RetrieveIdentityProviderInformationResponse{
+					Details: &object_pb.Details{
+						Sequence:      123,
+						ChangeDate:    timestamppb.New(time.Date(2019, 4, 1, 1, 1, 1, 1, time.Local)),
+						ResourceOwner: "ro",
+					},
+					IdpInformation: &user.IDPInformation{
+						Access: &user.IDPInformation_Oauth{
+							Oauth: &user.IDPOAuthAccessInformation{
+								AccessToken: "accessToken",
+								IdToken:     gu.Ptr("idToken"),
+							}},
+						IdpInformation: []byte(`{"id": "id"}`),
+					},
+				},
+				err: nil,
+			},
+		},
+	}
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			got, err := intentToIDPInformationPb(tt.args.intent, tt.args.alg)
+			require.ErrorIs(t, err, tt.res.err)
+			assert.Equal(t, tt.res.resp, got)
+			if tt.res.resp != nil {
+				grpc.AllFieldsSet(t, got.ProtoReflect())
+			}
+		})
+	}
+}