package command import ( "context" "github.com/caos/zitadel/internal/domain" caos_errs "github.com/caos/zitadel/internal/errors" "github.com/caos/zitadel/internal/eventstore" "github.com/caos/zitadel/internal/eventstore/repository" "github.com/caos/zitadel/internal/eventstore/v1/models" "github.com/caos/zitadel/internal/repository/iam" "github.com/caos/zitadel/internal/repository/policy" "github.com/stretchr/testify/assert" "testing" ) func TestCommandSide_AddDefaultLoginPolicy(t *testing.T) { type fields struct { eventstore *eventstore.Eventstore } type args struct { ctx context.Context policy *domain.LoginPolicy } type res struct { want *domain.LoginPolicy err func(error) bool } tests := []struct { name string fields fields args args res res }{ { name: "loginpolicy already existing, already exists error", fields: fields{ eventstore: eventstoreExpect( t, expectFilter( eventFromEventPusher( iam.NewLoginPolicyAddedEvent(context.Background(), &iam.NewAggregate().Aggregate, true, true, false, false, domain.PasswordlessTypeAllowed, ), ), ), ), }, args: args{ ctx: context.Background(), policy: &domain.LoginPolicy{ AllowRegister: true, AllowUsernamePassword: true, PasswordlessType: domain.PasswordlessTypeAllowed, }, }, res: res{ err: caos_errs.IsErrorAlreadyExists, }, }, { name: "add policy,ok", fields: fields{ eventstore: eventstoreExpect( t, expectFilter(), expectPush( []*repository.Event{ eventFromEventPusher( iam.NewLoginPolicyAddedEvent(context.Background(), &iam.NewAggregate().Aggregate, true, true, true, true, domain.PasswordlessTypeAllowed, ), ), }, ), ), }, args: args{ ctx: context.Background(), policy: &domain.LoginPolicy{ AllowRegister: true, AllowUsernamePassword: true, AllowExternalIDP: true, ForceMFA: true, PasswordlessType: domain.PasswordlessTypeAllowed, }, }, res: res{ want: &domain.LoginPolicy{ ObjectRoot: models.ObjectRoot{ AggregateID: "IAM", ResourceOwner: "IAM", }, AllowRegister: true, AllowUsernamePassword: true, AllowExternalIDP: true, ForceMFA: true, PasswordlessType: domain.PasswordlessTypeAllowed, }, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { r := &Commands{ eventstore: tt.fields.eventstore, } got, err := r.AddDefaultLoginPolicy(tt.args.ctx, tt.args.policy) if tt.res.err == nil { assert.NoError(t, err) } if tt.res.err != nil && !tt.res.err(err) { t.Errorf("got wrong err: %v ", err) } if tt.res.err == nil { assert.Equal(t, tt.res.want, got) } }) } } func TestCommandSide_ChangeDefaultLoginPolicy(t *testing.T) { type fields struct { eventstore *eventstore.Eventstore } type args struct { ctx context.Context policy *domain.LoginPolicy } type res struct { want *domain.LoginPolicy err func(error) bool } tests := []struct { name string fields fields args args res res }{ { name: "loginpolicy not existing, not found error", fields: fields{ eventstore: eventstoreExpect( t, expectFilter(), ), }, args: args{ ctx: context.Background(), policy: &domain.LoginPolicy{ AllowRegister: true, AllowExternalIDP: true, }, }, res: res{ err: caos_errs.IsNotFound, }, }, { name: "no changes, precondition error", fields: fields{ eventstore: eventstoreExpect( t, expectFilter( eventFromEventPusher( iam.NewLoginPolicyAddedEvent(context.Background(), &iam.NewAggregate().Aggregate, true, true, true, true, domain.PasswordlessTypeAllowed, ), ), ), ), }, args: args{ ctx: context.Background(), policy: &domain.LoginPolicy{ AllowRegister: true, AllowUsernamePassword: true, AllowExternalIDP: true, ForceMFA: true, PasswordlessType: domain.PasswordlessTypeAllowed, }, }, res: res{ err: caos_errs.IsPreconditionFailed, }, }, { name: "change, ok", fields: fields{ eventstore: eventstoreExpect( t, expectFilter( eventFromEventPusher( iam.NewLoginPolicyAddedEvent(context.Background(), &iam.NewAggregate().Aggregate, true, true, true, true, domain.PasswordlessTypeAllowed, ), ), ), expectPush( []*repository.Event{ eventFromEventPusher( newDefaultLoginPolicyChangedEvent(context.Background(), false, false, false, false, domain.PasswordlessTypeNotAllowed), ), }, ), ), }, args: args{ ctx: context.Background(), policy: &domain.LoginPolicy{ AllowRegister: false, AllowUsernamePassword: false, AllowExternalIDP: false, ForceMFA: false, PasswordlessType: domain.PasswordlessTypeNotAllowed, }, }, res: res{ want: &domain.LoginPolicy{ ObjectRoot: models.ObjectRoot{ AggregateID: "IAM", ResourceOwner: "IAM", }, AllowRegister: false, AllowUsernamePassword: false, AllowExternalIDP: false, ForceMFA: false, PasswordlessType: domain.PasswordlessTypeNotAllowed, }, }, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { r := &Commands{ eventstore: tt.fields.eventstore, } got, err := r.ChangeDefaultLoginPolicy(tt.args.ctx, tt.args.policy) if tt.res.err == nil { assert.NoError(t, err) } if tt.res.err != nil && !tt.res.err(err) { t.Errorf("got wrong err: %v ", err) } if tt.res.err == nil { assert.Equal(t, tt.res.want, got) } }) } } func newDefaultLoginPolicyChangedEvent(ctx context.Context, allowRegister, allowUsernamePassword, allowExternalIDP, forceMFA bool, passwordlessType domain.PasswordlessType) *iam.LoginPolicyChangedEvent { event, _ := iam.NewLoginPolicyChangedEvent(ctx, &iam.NewAggregate().Aggregate, []policy.LoginPolicyChanges{ policy.ChangeAllowRegister(allowRegister), policy.ChangeAllowExternalIDP(allowExternalIDP), policy.ChangeForceMFA(forceMFA), policy.ChangeAllowUserNamePassword(allowUsernamePassword), policy.ChangePasswordlessType(passwordlessType), }, ) return event }