mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-18 22:07:32 +00:00
dd33538c0a
* feat: return 404 or 409 if org reg disallowed * fix: system limit permissions * feat: add iam limits api * feat: disallow public org registrations on default instance * add integration test * test: integration * fix test * docs: describe public org registrations * avoid updating docs deps * fix system limits integration test * silence integration tests * fix linting * ignore strange linter complaints * review * improve reset properties naming * redefine the api * use restrictions aggregate * test query * simplify and test projection * test commands * fix unit tests * move integration test * support restrictions on default instance * also test GetRestrictions * self review * lint * abstract away resource owner * fix tests * configure supported languages * fix allowed languages * fix tests * default lang must not be restricted * preferred language must be allowed * change preferred languages * check languages everywhere * lint * test command side * lint * add integration test * add integration test * restrict supported ui locales * lint * lint * cleanup * lint * allow undefined preferred language * fix integration tests * update main * fix env var * ignore linter * ignore linter * improve integration test config * reduce cognitive complexity * compile * check for duplicates * remove useless restriction checks * review * revert restriction renaming * fix language restrictions * lint * generate * allow custom texts for supported langs for now * fix tests * cleanup * cleanup * cleanup * lint * unsupported preferred lang is allowed * fix integration test * finish reverting to old property name * finish reverting to old property name * load languages * refactor(i18n): centralize translators and fs * lint * amplify no validations on preferred languages * fix integration test * lint * fix resetting allowed languages * test unchanged restrictions
240 lines
6.2 KiB
Go
240 lines
6.2 KiB
Go
package command
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
|
|
"github.com/muhlemmer/gu"
|
|
"github.com/stretchr/testify/assert"
|
|
"golang.org/x/text/language"
|
|
|
|
"github.com/zitadel/zitadel/internal/api/authz"
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
zitadel_errs "github.com/zitadel/zitadel/internal/errors"
|
|
"github.com/zitadel/zitadel/internal/eventstore"
|
|
"github.com/zitadel/zitadel/internal/id"
|
|
id_mock "github.com/zitadel/zitadel/internal/id/mock"
|
|
"github.com/zitadel/zitadel/internal/repository/restrictions"
|
|
)
|
|
|
|
func TestSetRestrictions(t *testing.T) {
|
|
type fields func(*testing.T) (*eventstore.Eventstore, id.Generator)
|
|
type args struct {
|
|
setRestrictions *SetRestrictions
|
|
}
|
|
type res struct {
|
|
want *domain.ObjectDetails
|
|
err func(error) bool
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
fields fields
|
|
args args
|
|
res res
|
|
}{
|
|
{
|
|
name: "set new restrictions",
|
|
fields: func(*testing.T) (*eventstore.Eventstore, id.Generator) {
|
|
return eventstoreExpect(
|
|
t,
|
|
expectFilter(),
|
|
expectPush(
|
|
eventFromEventPusherWithInstanceID(
|
|
"INSTANCE",
|
|
restrictions.NewSetEvent(
|
|
eventstore.NewBaseEventForPush(
|
|
context.Background(),
|
|
&restrictions.NewAggregate("restrictions1", "INSTANCE", "INSTANCE").Aggregate,
|
|
restrictions.SetEventType,
|
|
),
|
|
restrictions.ChangeDisallowPublicOrgRegistration(true),
|
|
),
|
|
),
|
|
),
|
|
),
|
|
id_mock.NewIDGeneratorExpectIDs(t, "restrictions1")
|
|
},
|
|
args: args{
|
|
setRestrictions: &SetRestrictions{
|
|
DisallowPublicOrgRegistration: gu.Ptr(true),
|
|
},
|
|
},
|
|
res: res{
|
|
want: &domain.ObjectDetails{
|
|
ResourceOwner: "INSTANCE",
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "change restrictions",
|
|
fields: func(*testing.T) (*eventstore.Eventstore, id.Generator) {
|
|
return eventstoreExpect(
|
|
t,
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
restrictions.NewSetEvent(
|
|
eventstore.NewBaseEventForPush(
|
|
context.Background(),
|
|
&restrictions.NewAggregate("restrictions1", "INSTANCE", "INSTANCE").Aggregate,
|
|
restrictions.SetEventType,
|
|
),
|
|
restrictions.ChangeDisallowPublicOrgRegistration(true),
|
|
),
|
|
),
|
|
),
|
|
expectPush(
|
|
eventFromEventPusherWithInstanceID(
|
|
"INSTANCE",
|
|
restrictions.NewSetEvent(
|
|
eventstore.NewBaseEventForPush(
|
|
context.Background(),
|
|
&restrictions.NewAggregate("restrictions1", "INSTANCE", "INSTANCE").Aggregate,
|
|
restrictions.SetEventType,
|
|
),
|
|
restrictions.ChangeDisallowPublicOrgRegistration(false),
|
|
),
|
|
),
|
|
),
|
|
),
|
|
nil
|
|
},
|
|
args: args{
|
|
setRestrictions: &SetRestrictions{
|
|
DisallowPublicOrgRegistration: gu.Ptr(false),
|
|
},
|
|
},
|
|
res: res{
|
|
want: &domain.ObjectDetails{
|
|
ResourceOwner: "INSTANCE",
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "set restrictions idempotency",
|
|
fields: func(*testing.T) (*eventstore.Eventstore, id.Generator) {
|
|
return eventstoreExpect(
|
|
t,
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
restrictions.NewSetEvent(
|
|
eventstore.NewBaseEventForPush(
|
|
context.Background(),
|
|
&restrictions.NewAggregate("restrictions1", "INSTANCE", "INSTANCE").Aggregate,
|
|
restrictions.SetEventType,
|
|
),
|
|
restrictions.ChangeDisallowPublicOrgRegistration(true),
|
|
),
|
|
),
|
|
),
|
|
),
|
|
nil
|
|
},
|
|
args: args{
|
|
setRestrictions: &SetRestrictions{
|
|
DisallowPublicOrgRegistration: gu.Ptr(true),
|
|
},
|
|
},
|
|
res: res{
|
|
want: &domain.ObjectDetails{
|
|
ResourceOwner: "INSTANCE",
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "no restrictions defined",
|
|
fields: func(*testing.T) (*eventstore.Eventstore, id.Generator) {
|
|
return eventstoreExpect(t,
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
restrictions.NewSetEvent(
|
|
eventstore.NewBaseEventForPush(
|
|
context.Background(),
|
|
&restrictions.NewAggregate("restrictions1", "INSTANCE", "INSTANCE").Aggregate,
|
|
restrictions.SetEventType,
|
|
),
|
|
restrictions.ChangeDisallowPublicOrgRegistration(true),
|
|
),
|
|
),
|
|
),
|
|
), nil
|
|
},
|
|
args: args{
|
|
setRestrictions: &SetRestrictions{},
|
|
},
|
|
res: res{
|
|
err: zitadel_errs.IsErrorInvalidArgument,
|
|
},
|
|
},
|
|
{
|
|
name: "unsupported language restricted",
|
|
fields: func(*testing.T) (*eventstore.Eventstore, id.Generator) {
|
|
return eventstoreExpect(t,
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
restrictions.NewSetEvent(
|
|
eventstore.NewBaseEventForPush(
|
|
context.Background(),
|
|
&restrictions.NewAggregate("restrictions1", "INSTANCE", "INSTANCE").Aggregate,
|
|
restrictions.SetEventType,
|
|
),
|
|
restrictions.ChangeAllowedLanguages(SupportedLanguages),
|
|
),
|
|
),
|
|
),
|
|
), nil
|
|
},
|
|
args: args{
|
|
setRestrictions: &SetRestrictions{
|
|
AllowedLanguages: []language.Tag{AllowedLanguage, UnsupportedLanguage},
|
|
},
|
|
},
|
|
res: res{
|
|
err: zitadel_errs.IsErrorInvalidArgument,
|
|
},
|
|
},
|
|
{
|
|
name: "default language not allowed",
|
|
fields: func(*testing.T) (*eventstore.Eventstore, id.Generator) {
|
|
return eventstoreExpect(t,
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
restrictions.NewSetEvent(
|
|
eventstore.NewBaseEventForPush(
|
|
context.Background(),
|
|
&restrictions.NewAggregate("restrictions1", "INSTANCE", "INSTANCE").Aggregate,
|
|
restrictions.SetEventType,
|
|
),
|
|
restrictions.ChangeAllowedLanguages(OnlyAllowedLanguages),
|
|
),
|
|
),
|
|
),
|
|
), nil
|
|
},
|
|
args: args{
|
|
setRestrictions: &SetRestrictions{
|
|
AllowedLanguages: []language.Tag{DisallowedLanguage},
|
|
},
|
|
},
|
|
res: res{
|
|
err: zitadel_errs.IsPreconditionFailed,
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
r := new(Commands)
|
|
r.eventstore, r.idGenerator = tt.fields(t)
|
|
got, err := r.SetInstanceRestrictions(authz.WithInstance(context.Background(), &mockInstance{}), tt.args.setRestrictions)
|
|
if tt.res.err == nil {
|
|
assert.NoError(t, err)
|
|
}
|
|
if tt.res.err != nil && !tt.res.err(err) {
|
|
t.Errorf("got wrong err: %v ", err)
|
|
}
|
|
if tt.res.err == nil {
|
|
assert.Equal(t, tt.res.want, got)
|
|
}
|
|
})
|
|
}
|
|
}
|