//go:build integration package settings_test import ( "context" "crypto/md5" "encoding/hex" "fmt" "testing" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" "google.golang.org/protobuf/types/known/structpb" "google.golang.org/protobuf/types/known/timestamppb" "github.com/zitadel/zitadel/internal/integration" object_pb "github.com/zitadel/zitadel/pkg/grpc/object/v2" "github.com/zitadel/zitadel/pkg/grpc/settings/v2" ) func TestServer_SetSecuritySettings(t *testing.T) { type args struct { ctx context.Context req *settings.SetSecuritySettingsRequest } tests := []struct { name string args args want *settings.SetSecuritySettingsResponse wantErr bool }{ { name: "permission error", args: args{ ctx: Instance.WithAuthorizationToken(CTX, integration.UserTypeOrgOwner), req: &settings.SetSecuritySettingsRequest{ EmbeddedIframe: &settings.EmbeddedIframeSettings{ Enabled: true, AllowedOrigins: []string{"foo.com", "bar.com"}, }, EnableImpersonation: true, }, }, wantErr: true, }, { name: "success allowed origins", args: args{ ctx: AdminCTX, req: &settings.SetSecuritySettingsRequest{ EmbeddedIframe: &settings.EmbeddedIframeSettings{ AllowedOrigins: []string{"foo.com", "bar.com"}, }, }, }, want: &settings.SetSecuritySettingsResponse{ Details: &object_pb.Details{ ChangeDate: timestamppb.Now(), ResourceOwner: Instance.ID(), }, }, }, { name: "success enable iframe embedding", args: args{ ctx: AdminCTX, req: &settings.SetSecuritySettingsRequest{ EmbeddedIframe: &settings.EmbeddedIframeSettings{ Enabled: true, }, }, }, want: &settings.SetSecuritySettingsResponse{ Details: &object_pb.Details{ ChangeDate: timestamppb.Now(), ResourceOwner: Instance.ID(), }, }, }, { name: "success impersonation", args: args{ ctx: AdminCTX, req: &settings.SetSecuritySettingsRequest{ EnableImpersonation: true, }, }, want: &settings.SetSecuritySettingsResponse{ Details: &object_pb.Details{ ChangeDate: timestamppb.Now(), ResourceOwner: Instance.ID(), }, }, }, { name: "success all", args: args{ ctx: AdminCTX, req: &settings.SetSecuritySettingsRequest{ EmbeddedIframe: &settings.EmbeddedIframeSettings{ Enabled: true, AllowedOrigins: []string{"foo.com", "bar.com"}, }, EnableImpersonation: true, }, }, want: &settings.SetSecuritySettingsResponse{ Details: &object_pb.Details{ ChangeDate: timestamppb.Now(), ResourceOwner: Instance.ID(), }, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { got, err := Client.SetSecuritySettings(tt.args.ctx, tt.args.req) if tt.wantErr { require.Error(t, err) return } require.NoError(t, err) integration.AssertDetails(t, tt.want, got) }) } } func TestSetHostedLoginTranslation(t *testing.T) { translations := map[string]any{"loginTitle": "Welcome to our service"} protoTranslations, err := structpb.NewStruct(translations) require.Nil(t, err) hash := md5.Sum(fmt.Append(nil, translations)) tt := []struct { testName string inputCtx context.Context inputRequest *settings.SetHostedLoginTranslationRequest expectedErrorCode codes.Code expectedErrorMsg string expectedResponse *settings.SetHostedLoginTranslationResponse }{ { testName: "when unauthN context should return unauthN error", inputCtx: CTX, expectedErrorCode: codes.Unauthenticated, expectedErrorMsg: "auth header missing", }, { testName: "when unauthZ context should return unauthZ error", inputCtx: UserTypeLoginCtx, expectedErrorCode: codes.PermissionDenied, expectedErrorMsg: "No matching permissions found (AUTH-5mWD2)", }, { testName: "when authZ request should save to db and return etag", inputCtx: AdminCTX, inputRequest: &settings.SetHostedLoginTranslationRequest{ Level: &settings.SetHostedLoginTranslationRequest_OrganizationId{ OrganizationId: Instance.DefaultOrg.GetId(), }, Translations: protoTranslations, Locale: "en-US", }, expectedResponse: &settings.SetHostedLoginTranslationResponse{ Etag: hex.EncodeToString(hash[:]), }, }, } for _, tc := range tt { t.Run(tc.testName, func(t *testing.T) { // When res, err := Client.SetHostedLoginTranslation(tc.inputCtx, tc.inputRequest) // Then assert.Equal(t, tc.expectedErrorCode, status.Code(err)) assert.Equal(t, tc.expectedErrorMsg, status.Convert(err).Message()) if tc.expectedErrorMsg == "" { require.NoError(t, err) assert.Equal(t, tc.expectedResponse.GetEtag(), res.GetEtag()) } }) } }