//go:build integration package handlers_test import ( "bytes" "encoding/json" "net/url" "testing" "time" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "github.com/zitadel/oidc/v3/pkg/client/rp" "github.com/zitadel/oidc/v3/pkg/oidc" "github.com/zitadel/zitadel/internal/integration" "github.com/zitadel/zitadel/internal/integration/sink" "github.com/zitadel/zitadel/pkg/grpc/app" "github.com/zitadel/zitadel/pkg/grpc/management" "github.com/zitadel/zitadel/pkg/grpc/object" oidc_v2 "github.com/zitadel/zitadel/pkg/grpc/oidc/v2" "github.com/zitadel/zitadel/pkg/grpc/project" "github.com/zitadel/zitadel/pkg/grpc/system" ) func TestServer_TelemetryPushMilestones(t *testing.T) { sub := sink.Subscribe(CTX, sink.ChannelMilestone) defer sub.Close() instance := integration.NewInstance(CTX) iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner) t.Log("testing against instance with primary domain", instance.Domain) awaitMilestone(t, sub, instance.Domain, "InstanceCreated") projectAdded, err := instance.Client.Mgmt.AddProject(iamOwnerCtx, &management.AddProjectRequest{Name: "integration"}) require.NoError(t, err) awaitMilestone(t, sub, instance.Domain, "ProjectCreated") redirectURI := "http://localhost:8888" application, err := instance.Client.Mgmt.AddOIDCApp(iamOwnerCtx, &management.AddOIDCAppRequest{ ProjectId: projectAdded.GetId(), Name: "integration", RedirectUris: []string{redirectURI}, ResponseTypes: []app.OIDCResponseType{app.OIDCResponseType_OIDC_RESPONSE_TYPE_CODE}, GrantTypes: []app.OIDCGrantType{app.OIDCGrantType_OIDC_GRANT_TYPE_AUTHORIZATION_CODE}, AppType: app.OIDCAppType_OIDC_APP_TYPE_WEB, AuthMethodType: app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_NONE, DevMode: true, AccessTokenType: app.OIDCTokenType_OIDC_TOKEN_TYPE_JWT, }) require.NoError(t, err) awaitMilestone(t, sub, instance.Domain, "ApplicationCreated") // create the session to be used for the authN of the clients sessionID, sessionToken, _, _ := instance.CreatePasswordSession(t, iamOwnerCtx, instance.AdminUserID, "Password1!") console := consoleOIDCConfig(t, instance) loginToClient(t, instance, console.GetClientId(), console.GetRedirectUris()[0], sessionID, sessionToken) awaitMilestone(t, sub, instance.Domain, "AuthenticationSucceededOnInstance") // make sure the client has been projected require.EventuallyWithT(t, func(collectT *assert.CollectT) { _, err := instance.Client.Mgmt.GetAppByID(iamOwnerCtx, &management.GetAppByIDRequest{ ProjectId: projectAdded.GetId(), AppId: application.GetAppId(), }) assert.NoError(collectT, err) }, time.Minute, time.Second, "app not found") loginToClient(t, instance, application.GetClientId(), redirectURI, sessionID, sessionToken) awaitMilestone(t, sub, instance.Domain, "AuthenticationSucceededOnApplication") _, err = integration.SystemClient().RemoveInstance(CTX, &system.RemoveInstanceRequest{InstanceId: instance.ID()}) require.NoError(t, err) awaitMilestone(t, sub, instance.Domain, "InstanceDeleted") } func loginToClient(t *testing.T, instance *integration.Instance, clientID, redirectURI, sessionID, sessionToken string) { iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner) authRequestID, err := instance.CreateOIDCAuthRequestWithDomain(iamOwnerCtx, instance.Domain, clientID, instance.Users.Get(integration.UserTypeIAMOwner).ID, redirectURI, "openid") require.NoError(t, err) callback, err := instance.Client.OIDCv2.CreateCallback(iamOwnerCtx, &oidc_v2.CreateCallbackRequest{ AuthRequestId: authRequestID, CallbackKind: &oidc_v2.CreateCallbackRequest_Session{Session: &oidc_v2.Session{ SessionId: sessionID, SessionToken: sessionToken, }}, }) require.NoError(t, err) provider, err := instance.CreateRelyingPartyForDomain(iamOwnerCtx, instance.Domain, clientID, redirectURI) require.NoError(t, err) callbackURL, err := url.Parse(callback.GetCallbackUrl()) require.NoError(t, err) code := callbackURL.Query().Get("code") _, err = rp.CodeExchange[*oidc.IDTokenClaims](iamOwnerCtx, code, provider, rp.WithCodeVerifier(integration.CodeVerifier)) require.NoError(t, err) } func consoleOIDCConfig(t *testing.T, instance *integration.Instance) *app.OIDCConfig { iamOwnerCtx := instance.WithAuthorization(CTX, integration.UserTypeIAMOwner) projects, err := instance.Client.Mgmt.ListProjects(iamOwnerCtx, &management.ListProjectsRequest{ Queries: []*project.ProjectQuery{ { Query: &project.ProjectQuery_NameQuery{ NameQuery: &project.ProjectNameQuery{ Name: "ZITADEL", Method: object.TextQueryMethod_TEXT_QUERY_METHOD_EQUALS, }, }, }, }, }) require.NoError(t, err) require.Len(t, projects.GetResult(), 1) apps, err := instance.Client.Mgmt.ListApps(iamOwnerCtx, &management.ListAppsRequest{ ProjectId: projects.GetResult()[0].GetId(), Queries: []*app.AppQuery{ { Query: &app.AppQuery_NameQuery{ NameQuery: &app.AppNameQuery{ Name: "Console", Method: object.TextQueryMethod_TEXT_QUERY_METHOD_EQUALS, }, }, }, }, }) require.NoError(t, err) require.Len(t, apps.GetResult(), 1) return apps.GetResult()[0].GetOidcConfig() } func awaitMilestone(t *testing.T, sub *sink.Subscription, primaryDomain, expectMilestoneType string) { for { select { case req := <-sub.Recv(): plain := new(bytes.Buffer) if err := json.Indent(plain, req.Body, "", " "); err != nil { t.Fatal(err) } t.Log("received milestone", plain.String()) milestone := struct { Type string `json:"type"` PrimaryDomain string `json:"primaryDomain"` }{} if err := json.Unmarshal(req.Body, &milestone); err != nil { t.Error(err) } if milestone.Type == expectMilestoneType && milestone.PrimaryDomain == primaryDomain { return } case <-time.After(2 * time.Minute): // why does it take so long to get a milestone !? t.Fatalf("timed out waiting for milestone %s in domain %s", expectMilestoneType, primaryDomain) } } }