zitadel/internal/notification/handlers/telemetry_pusher_integration_test.go

//go:build integration

package handlers_test

import (
	"bytes"
	"context"
	"encoding/json"
	"net/url"
	"testing"
	"time"

	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"
	"github.com/zitadel/oidc/v3/pkg/client/rp"
	"github.com/zitadel/oidc/v3/pkg/oidc"

	"github.com/zitadel/zitadel/internal/integration"
	"github.com/zitadel/zitadel/pkg/grpc/app"
	"github.com/zitadel/zitadel/pkg/grpc/management"
	"github.com/zitadel/zitadel/pkg/grpc/object"
	oidc_v2 "github.com/zitadel/zitadel/pkg/grpc/oidc/v2beta"
	"github.com/zitadel/zitadel/pkg/grpc/project"
	"github.com/zitadel/zitadel/pkg/grpc/system"
)

func TestServer_TelemetryPushMilestones(t *testing.T) {
	primaryDomain, instanceID, adminID, iamOwnerCtx := Tester.UseIsolatedInstance(t, CTX, SystemCTX)
	t.Log("testing against instance with primary domain", primaryDomain)
	awaitMilestone(t, Tester.MilestoneChan, primaryDomain, "InstanceCreated")

	projectAdded, err := Tester.Client.Mgmt.AddProject(iamOwnerCtx, &management.AddProjectRequest{Name: "integration"})
	require.NoError(t, err)
	awaitMilestone(t, Tester.MilestoneChan, primaryDomain, "ProjectCreated")

	redirectURI := "http://localhost:8888"
	application, err := Tester.Client.Mgmt.AddOIDCApp(iamOwnerCtx, &management.AddOIDCAppRequest{
		ProjectId:       projectAdded.GetId(),
		Name:            "integration",
		RedirectUris:    []string{redirectURI},
		ResponseTypes:   []app.OIDCResponseType{app.OIDCResponseType_OIDC_RESPONSE_TYPE_CODE},
		GrantTypes:      []app.OIDCGrantType{app.OIDCGrantType_OIDC_GRANT_TYPE_AUTHORIZATION_CODE},
		AppType:         app.OIDCAppType_OIDC_APP_TYPE_WEB,
		AuthMethodType:  app.OIDCAuthMethodType_OIDC_AUTH_METHOD_TYPE_NONE,
		DevMode:         true,
		AccessTokenType: app.OIDCTokenType_OIDC_TOKEN_TYPE_JWT,
	})
	require.NoError(t, err)
	awaitMilestone(t, Tester.MilestoneChan, primaryDomain, "ApplicationCreated")

	// create the session to be used for the authN of the clients
	sessionID, sessionToken, _, _ := Tester.CreatePasswordSession(t, iamOwnerCtx, adminID, "Password1!")

	console := consoleOIDCConfig(iamOwnerCtx, t)
	loginToClient(iamOwnerCtx, t, primaryDomain, console.GetClientId(), instanceID, console.GetRedirectUris()[0], sessionID, sessionToken)
	awaitMilestone(t, Tester.MilestoneChan, primaryDomain, "AuthenticationSucceededOnInstance")

	// make sure the client has been projected
	require.EventuallyWithT(t, func(collectT *assert.CollectT) {
		_, err := Tester.Client.Mgmt.GetAppByID(iamOwnerCtx, &management.GetAppByIDRequest{
			ProjectId: projectAdded.GetId(),
			AppId:     application.GetAppId(),
		})
		assert.NoError(collectT, err)
	}, 1*time.Minute, 100*time.Millisecond, "app not found")
	loginToClient(iamOwnerCtx, t, primaryDomain, application.GetClientId(), instanceID, redirectURI, sessionID, sessionToken)
	awaitMilestone(t, Tester.MilestoneChan, primaryDomain, "AuthenticationSucceededOnApplication")

	_, err = Tester.Client.System.RemoveInstance(SystemCTX, &system.RemoveInstanceRequest{InstanceId: instanceID})
	require.NoError(t, err)
	awaitMilestone(t, Tester.MilestoneChan, primaryDomain, "InstanceDeleted")
}

func loginToClient(iamOwnerCtx context.Context, t *testing.T, primaryDomain, clientID, instanceID, redirectURI, sessionID, sessionToken string) {
	authRequestID, err := Tester.CreateOIDCAuthRequestWithDomain(iamOwnerCtx, primaryDomain, clientID, Tester.Users.Get(instanceID, integration.IAMOwner).ID, redirectURI, "openid")
	require.NoError(t, err)
	callback, err := Tester.Client.OIDCv2.CreateCallback(iamOwnerCtx, &oidc_v2.CreateCallbackRequest{
		AuthRequestId: authRequestID,
		CallbackKind: &oidc_v2.CreateCallbackRequest_Session{Session: &oidc_v2.Session{
			SessionId:    sessionID,
			SessionToken: sessionToken,
		}},
	})
	require.NoError(t, err)
	provider, err := Tester.CreateRelyingPartyForDomain(iamOwnerCtx, primaryDomain, clientID, redirectURI)
	require.NoError(t, err)
	callbackURL, err := url.Parse(callback.GetCallbackUrl())
	require.NoError(t, err)
	code := callbackURL.Query().Get("code")
	_, err = rp.CodeExchange[*oidc.IDTokenClaims](iamOwnerCtx, code, provider, rp.WithCodeVerifier(integration.CodeVerifier))
	require.NoError(t, err)
}

func consoleOIDCConfig(iamOwnerCtx context.Context, t *testing.T) *app.OIDCConfig {
	projects, err := Tester.Client.Mgmt.ListProjects(iamOwnerCtx, &management.ListProjectsRequest{
		Queries: []*project.ProjectQuery{
			{
				Query: &project.ProjectQuery_NameQuery{
					NameQuery: &project.ProjectNameQuery{
						Name:   "ZITADEL",
						Method: object.TextQueryMethod_TEXT_QUERY_METHOD_EQUALS,
					},
				},
			},
		},
	})
	require.NoError(t, err)
	require.Len(t, projects.GetResult(), 1)
	apps, err := Tester.Client.Mgmt.ListApps(iamOwnerCtx, &management.ListAppsRequest{
		ProjectId: projects.GetResult()[0].GetId(),
		Queries: []*app.AppQuery{
			{
				Query: &app.AppQuery_NameQuery{
					NameQuery: &app.AppNameQuery{
						Name:   "Console",
						Method: object.TextQueryMethod_TEXT_QUERY_METHOD_EQUALS,
					},
				},
			},
		},
	})
	require.NoError(t, err)
	require.Len(t, apps.GetResult(), 1)
	return apps.GetResult()[0].GetOidcConfig()
}

func awaitMilestone(t *testing.T, bodies chan []byte, primaryDomain, expectMilestoneType string) {
	for {
		select {
		case body := <-bodies:
			plain := new(bytes.Buffer)
			if err := json.Indent(plain, body, "", "  "); err != nil {
				t.Fatal(err)
			}
			t.Log("received milestone", plain.String())
			milestone := struct {
				Type          string `json:"type"`
				PrimaryDomain string `json:"primaryDomain"`
			}{}
			if err := json.Unmarshal(body, &milestone); err != nil {
				t.Error(err)
			}
			if milestone.Type == expectMilestoneType && milestone.PrimaryDomain == primaryDomain {
				return
			}
		case <-time.After(60 * time.Second):
			t.Fatalf("timed out waiting for milestone %s in domain %s", expectMilestoneType, primaryDomain)
		}
	}
}