mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-13 03:24:26 +00:00
3d071fc505
# Which Problems Are Solved ZITADEL currently selects the instance context based on a HTTP header (see https://github.com/zitadel/zitadel/issues/8279#issue-2399959845 and checks it against the list of instance domains. Let's call it instance or API domain. For any context based URL (e.g. OAuth, OIDC, SAML endpoints, links in emails, ...) the requested domain (instance domain) will be used. Let's call it the public domain. In cases of proxied setups, all exposed domains (public domains) require the domain to be managed as instance domain. This can either be done using the "ExternalDomain" in the runtime config or via system API, which requires a validation through CustomerPortal on zitadel.cloud. # How the Problems Are Solved - Two new headers / header list are added: - `InstanceHostHeaders`: an ordered list (first sent wins), which will be used to match the instance. (For backward compatibility: the `HTTP1HostHeader`, `HTTP2HostHeader` and `forwarded`, `x-forwarded-for`, `x-forwarded-host` are checked afterwards as well) - `PublicHostHeaders`: an ordered list (first sent wins), which will be used as public host / domain. This will be checked against a list of trusted domains on the instance. - The middleware intercepts all requests to the API and passes a `DomainCtx` object with the hosts and protocol into the context (previously only a computed `origin` was passed) - HTTP / GRPC server do not longer try to match the headers to instances themself, but use the passed `http.DomainContext` in their interceptors. - The `RequestedHost` and `RequestedDomain` from authz.Instance are removed in favor of the `http.DomainContext` - When authenticating to or signing out from Console UI, the current `http.DomainContext(ctx).Origin` (already checked by instance interceptor for validity) is used to compute and dynamically add a `redirect_uri` and `post_logout_redirect_uri`. - Gateway passes all configured host headers (previously only did `x-zitadel-*`) - Admin API allows to manage trusted domain # Additional Changes None # Additional Context - part of #8279 - open topics: - "single-instance" mode - Console UI
1690 lines
40 KiB
Go
1690 lines
40 KiB
Go
package command
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
openid "github.com/zitadel/oidc/v3/pkg/oidc"
|
|
"go.uber.org/mock/gomock"
|
|
"golang.org/x/text/language"
|
|
|
|
"github.com/zitadel/zitadel/internal/api/authz"
|
|
http_util "github.com/zitadel/zitadel/internal/api/http"
|
|
"github.com/zitadel/zitadel/internal/crypto"
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
"github.com/zitadel/zitadel/internal/eventstore"
|
|
"github.com/zitadel/zitadel/internal/eventstore/v1/models"
|
|
"github.com/zitadel/zitadel/internal/id"
|
|
id_mock "github.com/zitadel/zitadel/internal/id/mock"
|
|
"github.com/zitadel/zitadel/internal/repository/org"
|
|
"github.com/zitadel/zitadel/internal/repository/project"
|
|
"github.com/zitadel/zitadel/internal/repository/user"
|
|
"github.com/zitadel/zitadel/internal/zerrors"
|
|
)
|
|
|
|
func TestAddOrg(t *testing.T) {
|
|
type args struct {
|
|
a *org.Aggregate
|
|
name string
|
|
}
|
|
|
|
ctx := context.Background()
|
|
agg := org.NewAggregate("test")
|
|
|
|
tests := []struct {
|
|
name string
|
|
args args
|
|
want Want
|
|
}{
|
|
{
|
|
name: "invalid domain",
|
|
args: args{
|
|
a: agg,
|
|
name: "",
|
|
},
|
|
want: Want{
|
|
ValidationErr: zerrors.ThrowInvalidArgument(nil, "ORG-mruNY", "Errors.Invalid.Argument"),
|
|
},
|
|
},
|
|
{
|
|
name: "correct",
|
|
args: args{
|
|
a: agg,
|
|
name: "caos ag",
|
|
},
|
|
want: Want{
|
|
Commands: []eventstore.Command{
|
|
org.NewOrgAddedEvent(ctx, &agg.Aggregate, "caos ag"),
|
|
org.NewDomainAddedEvent(ctx, &agg.Aggregate, "caos-ag.localhost"),
|
|
org.NewDomainVerifiedEvent(ctx, &agg.Aggregate, "caos-ag.localhost"),
|
|
org.NewDomainPrimarySetEvent(ctx, &agg.Aggregate, "caos-ag.localhost"),
|
|
},
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
AssertValidation(t, context.Background(), AddOrgCommand(http_util.WithRequestedHost(context.Background(), "localhost"), tt.args.a, tt.args.name), nil, tt.want)
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestCommandSide_AddOrg(t *testing.T) {
|
|
type fields struct {
|
|
eventstore *eventstore.Eventstore
|
|
idGenerator id.Generator
|
|
zitadelRoles []authz.RoleMapping
|
|
}
|
|
type args struct {
|
|
ctx context.Context
|
|
name string
|
|
userID string
|
|
resourceOwner string
|
|
claimedUserIDs []string
|
|
}
|
|
type res struct {
|
|
want *domain.Org
|
|
err func(error) bool
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
fields fields
|
|
args args
|
|
res res
|
|
}{
|
|
{
|
|
name: "invalid org, error",
|
|
fields: fields{
|
|
eventstore: eventstoreExpect(
|
|
t,
|
|
),
|
|
},
|
|
args: args{
|
|
ctx: context.Background(),
|
|
userID: "user1",
|
|
resourceOwner: "org1",
|
|
},
|
|
res: res{
|
|
err: zerrors.IsErrorInvalidArgument,
|
|
},
|
|
},
|
|
{
|
|
name: "invalid org (spaces), error",
|
|
fields: fields{
|
|
eventstore: eventstoreExpect(
|
|
t,
|
|
),
|
|
},
|
|
args: args{
|
|
ctx: context.Background(),
|
|
userID: "user1",
|
|
resourceOwner: "org1",
|
|
name: " ",
|
|
},
|
|
res: res{
|
|
err: zerrors.IsErrorInvalidArgument,
|
|
},
|
|
},
|
|
{
|
|
name: "user removed, error",
|
|
fields: fields{
|
|
eventstore: eventstoreExpect(
|
|
t,
|
|
expectFilterOrgDomainNotFound(),
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
user.NewHumanAddedEvent(context.Background(),
|
|
&user.NewAggregate("user1", "org1").Aggregate,
|
|
"username1",
|
|
"firstname1",
|
|
"lastname1",
|
|
"nickname1",
|
|
"displayname1",
|
|
language.English,
|
|
domain.GenderMale,
|
|
"email1",
|
|
true,
|
|
),
|
|
),
|
|
eventFromEventPusher(
|
|
user.NewUserRemovedEvent(
|
|
context.Background(),
|
|
&user.NewAggregate("user1", "org1").Aggregate,
|
|
"username1",
|
|
nil,
|
|
true,
|
|
),
|
|
),
|
|
),
|
|
),
|
|
idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "org2"),
|
|
},
|
|
args: args{
|
|
ctx: context.Background(),
|
|
name: "Org",
|
|
userID: "user1",
|
|
resourceOwner: "org1",
|
|
},
|
|
res: res{
|
|
err: zerrors.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "push failed unique constraint, error",
|
|
fields: fields{
|
|
eventstore: eventstoreExpect(
|
|
t,
|
|
expectFilterOrgDomainNotFound(),
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
user.NewHumanAddedEvent(context.Background(),
|
|
&user.NewAggregate("user1", "org1").Aggregate,
|
|
"username1",
|
|
"firstname1",
|
|
"lastname1",
|
|
"nickname1",
|
|
"displayname1",
|
|
language.English,
|
|
domain.GenderMale,
|
|
"email1",
|
|
true,
|
|
),
|
|
),
|
|
),
|
|
expectFilterOrgMemberNotFound(),
|
|
expectPushFailed(zerrors.ThrowAlreadyExists(nil, "id", "internal"),
|
|
org.NewOrgAddedEvent(
|
|
context.Background(),
|
|
&org.NewAggregate("org2").Aggregate,
|
|
"Org",
|
|
),
|
|
org.NewDomainAddedEvent(
|
|
context.Background(),
|
|
&org.NewAggregate("org2").Aggregate,
|
|
"org.iam-domain",
|
|
),
|
|
org.NewDomainVerifiedEvent(
|
|
context.Background(),
|
|
&org.NewAggregate("org2").Aggregate,
|
|
"org.iam-domain",
|
|
),
|
|
org.NewDomainPrimarySetEvent(
|
|
context.Background(),
|
|
&org.NewAggregate("org2").Aggregate,
|
|
"org.iam-domain",
|
|
),
|
|
org.NewMemberAddedEvent(
|
|
context.Background(),
|
|
&org.NewAggregate("org2").Aggregate,
|
|
"user1", domain.RoleOrgOwner,
|
|
),
|
|
),
|
|
),
|
|
idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "org2"),
|
|
zitadelRoles: []authz.RoleMapping{
|
|
{
|
|
Role: "ORG_OWNER",
|
|
},
|
|
},
|
|
},
|
|
args: args{
|
|
ctx: http_util.WithRequestedHost(context.Background(), "iam-domain"),
|
|
name: "Org",
|
|
userID: "user1",
|
|
resourceOwner: "org1",
|
|
},
|
|
res: res{
|
|
err: zerrors.IsErrorAlreadyExists,
|
|
},
|
|
},
|
|
{
|
|
name: "push failed, error",
|
|
fields: fields{
|
|
eventstore: eventstoreExpect(
|
|
t,
|
|
expectFilterOrgDomainNotFound(),
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
user.NewHumanAddedEvent(context.Background(),
|
|
&user.NewAggregate("user1", "org1").Aggregate,
|
|
"username1",
|
|
"firstname1",
|
|
"lastname1",
|
|
"nickname1",
|
|
"displayname1",
|
|
language.English,
|
|
domain.GenderMale,
|
|
"email1",
|
|
true,
|
|
),
|
|
),
|
|
),
|
|
expectFilterOrgMemberNotFound(),
|
|
expectPushFailed(zerrors.ThrowInternal(nil, "id", "internal"),
|
|
org.NewOrgAddedEvent(
|
|
context.Background(),
|
|
&org.NewAggregate("org2").Aggregate,
|
|
"Org",
|
|
),
|
|
org.NewDomainAddedEvent(
|
|
context.Background(),
|
|
&org.NewAggregate("org2").Aggregate,
|
|
"org.iam-domain",
|
|
),
|
|
org.NewDomainVerifiedEvent(
|
|
context.Background(),
|
|
&org.NewAggregate("org2").Aggregate,
|
|
"org.iam-domain",
|
|
),
|
|
org.NewDomainPrimarySetEvent(
|
|
context.Background(),
|
|
&org.NewAggregate("org2").Aggregate,
|
|
"org.iam-domain",
|
|
),
|
|
org.NewMemberAddedEvent(
|
|
context.Background(),
|
|
&org.NewAggregate("org2").Aggregate,
|
|
"user1", domain.RoleOrgOwner,
|
|
),
|
|
),
|
|
),
|
|
idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "org2"),
|
|
zitadelRoles: []authz.RoleMapping{
|
|
{
|
|
Role: "ORG_OWNER",
|
|
},
|
|
},
|
|
},
|
|
args: args{
|
|
ctx: http_util.WithRequestedHost(context.Background(), "iam-domain"),
|
|
name: "Org",
|
|
userID: "user1",
|
|
resourceOwner: "org1",
|
|
},
|
|
res: res{
|
|
err: zerrors.IsInternal,
|
|
},
|
|
},
|
|
{
|
|
name: "add org, no error",
|
|
fields: fields{
|
|
eventstore: eventstoreExpect(
|
|
t,
|
|
expectFilterOrgDomainNotFound(),
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
user.NewHumanAddedEvent(context.Background(),
|
|
&user.NewAggregate("user1", "org1").Aggregate,
|
|
"username1",
|
|
"firstname1",
|
|
"lastname1",
|
|
"nickname1",
|
|
"displayname1",
|
|
language.English,
|
|
domain.GenderMale,
|
|
"email1",
|
|
true,
|
|
),
|
|
),
|
|
),
|
|
expectFilterOrgMemberNotFound(),
|
|
expectPush(
|
|
org.NewOrgAddedEvent(context.Background(),
|
|
&org.NewAggregate("org2").Aggregate,
|
|
"Org",
|
|
),
|
|
org.NewDomainAddedEvent(context.Background(),
|
|
&org.NewAggregate("org2").Aggregate, "org.iam-domain",
|
|
),
|
|
org.NewDomainVerifiedEvent(context.Background(),
|
|
&org.NewAggregate("org2").Aggregate,
|
|
"org.iam-domain",
|
|
),
|
|
org.NewDomainPrimarySetEvent(context.Background(),
|
|
&org.NewAggregate("org2").Aggregate,
|
|
"org.iam-domain",
|
|
),
|
|
org.NewMemberAddedEvent(context.Background(),
|
|
&org.NewAggregate("org2").Aggregate,
|
|
"user1",
|
|
domain.RoleOrgOwner,
|
|
),
|
|
),
|
|
),
|
|
idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "org2"),
|
|
zitadelRoles: []authz.RoleMapping{
|
|
{
|
|
Role: "ORG_OWNER",
|
|
},
|
|
},
|
|
},
|
|
args: args{
|
|
ctx: http_util.WithRequestedHost(context.Background(), "iam-domain"),
|
|
name: "Org",
|
|
userID: "user1",
|
|
resourceOwner: "org1",
|
|
},
|
|
res: res{
|
|
want: &domain.Org{
|
|
ObjectRoot: models.ObjectRoot{
|
|
AggregateID: "org2",
|
|
ResourceOwner: "org2",
|
|
},
|
|
Name: "Org",
|
|
State: domain.OrgStateActive,
|
|
PrimaryDomain: "org.iam-domain",
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "add org (remove spaces), no error",
|
|
fields: fields{
|
|
eventstore: eventstoreExpect(
|
|
t,
|
|
expectFilterOrgDomainNotFound(),
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
user.NewHumanAddedEvent(context.Background(),
|
|
&user.NewAggregate("user1", "org1").Aggregate,
|
|
"username1",
|
|
"firstname1",
|
|
"lastname1",
|
|
"nickname1",
|
|
"displayname1",
|
|
language.English,
|
|
domain.GenderMale,
|
|
"email1",
|
|
true,
|
|
),
|
|
),
|
|
),
|
|
expectFilterOrgMemberNotFound(),
|
|
expectPush(
|
|
org.NewOrgAddedEvent(context.Background(),
|
|
&org.NewAggregate("org2").Aggregate,
|
|
"Org",
|
|
),
|
|
org.NewDomainAddedEvent(context.Background(),
|
|
&org.NewAggregate("org2").Aggregate, "org.iam-domain",
|
|
),
|
|
org.NewDomainVerifiedEvent(context.Background(),
|
|
&org.NewAggregate("org2").Aggregate,
|
|
"org.iam-domain",
|
|
),
|
|
org.NewDomainPrimarySetEvent(context.Background(),
|
|
&org.NewAggregate("org2").Aggregate,
|
|
"org.iam-domain",
|
|
),
|
|
org.NewMemberAddedEvent(context.Background(),
|
|
&org.NewAggregate("org2").Aggregate,
|
|
"user1",
|
|
domain.RoleOrgOwner,
|
|
),
|
|
),
|
|
),
|
|
idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "org2"),
|
|
zitadelRoles: []authz.RoleMapping{
|
|
{
|
|
Role: "ORG_OWNER",
|
|
},
|
|
},
|
|
},
|
|
args: args{
|
|
ctx: http_util.WithRequestedHost(context.Background(), "iam-domain"),
|
|
name: " Org ",
|
|
userID: "user1",
|
|
resourceOwner: "org1",
|
|
},
|
|
res: res{
|
|
want: &domain.Org{
|
|
ObjectRoot: models.ObjectRoot{
|
|
AggregateID: "org2",
|
|
ResourceOwner: "org2",
|
|
},
|
|
Name: "Org",
|
|
State: domain.OrgStateActive,
|
|
PrimaryDomain: "org.iam-domain",
|
|
},
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
r := &Commands{
|
|
eventstore: tt.fields.eventstore,
|
|
idGenerator: tt.fields.idGenerator,
|
|
zitadelRoles: tt.fields.zitadelRoles,
|
|
}
|
|
got, err := r.AddOrg(tt.args.ctx, tt.args.name, tt.args.userID, tt.args.resourceOwner, tt.args.claimedUserIDs)
|
|
if tt.res.err == nil {
|
|
assert.NoError(t, err)
|
|
}
|
|
if tt.res.err != nil && !tt.res.err(err) {
|
|
t.Errorf("got wrong err: %v ", err)
|
|
}
|
|
if tt.res.err == nil {
|
|
assert.Equal(t, tt.res.want, got)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestCommandSide_ChangeOrg(t *testing.T) {
|
|
type fields struct {
|
|
eventstore *eventstore.Eventstore
|
|
}
|
|
type args struct {
|
|
ctx context.Context
|
|
orgID string
|
|
name string
|
|
}
|
|
type res struct {
|
|
err func(error) bool
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
fields fields
|
|
args args
|
|
res res
|
|
}{
|
|
{
|
|
name: "empty name, invalid argument error",
|
|
fields: fields{
|
|
eventstore: eventstoreExpect(
|
|
t,
|
|
),
|
|
},
|
|
args: args{
|
|
ctx: context.Background(),
|
|
orgID: "org1",
|
|
},
|
|
res: res{
|
|
err: zerrors.IsErrorInvalidArgument,
|
|
},
|
|
},
|
|
{
|
|
name: "empty name (spaces), invalid argument error",
|
|
fields: fields{
|
|
eventstore: eventstoreExpect(
|
|
t,
|
|
),
|
|
},
|
|
args: args{
|
|
ctx: context.Background(),
|
|
orgID: "org1",
|
|
name: " ",
|
|
},
|
|
res: res{
|
|
err: zerrors.IsErrorInvalidArgument,
|
|
},
|
|
},
|
|
{
|
|
name: "org not found, error",
|
|
fields: fields{
|
|
eventstore: eventstoreExpect(
|
|
t,
|
|
expectFilter(),
|
|
),
|
|
},
|
|
args: args{
|
|
ctx: context.Background(),
|
|
orgID: "org1",
|
|
name: "org",
|
|
},
|
|
res: res{
|
|
err: zerrors.IsNotFound,
|
|
},
|
|
},
|
|
{
|
|
name: "no change (spaces), error",
|
|
fields: fields{
|
|
eventstore: eventstoreExpect(
|
|
t,
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
org.NewOrgAddedEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate,
|
|
"org"),
|
|
),
|
|
),
|
|
),
|
|
},
|
|
args: args{
|
|
ctx: http_util.WithRequestedHost(context.Background(), "zitadel.ch"),
|
|
orgID: "org1",
|
|
name: " org ",
|
|
},
|
|
res: res{
|
|
err: zerrors.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "push failed, error",
|
|
fields: fields{
|
|
eventstore: eventstoreExpect(
|
|
t,
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
org.NewOrgAddedEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate,
|
|
"org"),
|
|
),
|
|
),
|
|
expectFilter(),
|
|
expectPushFailed(
|
|
zerrors.ThrowInternal(nil, "id", "message"),
|
|
org.NewOrgChangedEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate, "org", "neworg",
|
|
),
|
|
),
|
|
),
|
|
},
|
|
args: args{
|
|
ctx: http_util.WithRequestedHost(context.Background(), "zitadel.ch"),
|
|
orgID: "org1",
|
|
name: "neworg",
|
|
},
|
|
res: res{
|
|
err: zerrors.IsInternal,
|
|
},
|
|
},
|
|
{
|
|
name: "change org name verified, not primary",
|
|
fields: fields{
|
|
eventstore: eventstoreExpect(
|
|
t,
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
org.NewOrgAddedEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate,
|
|
"org"),
|
|
),
|
|
),
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
org.NewOrgAddedEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate,
|
|
"org"),
|
|
),
|
|
eventFromEventPusher(
|
|
org.NewDomainAddedEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate,
|
|
"org.zitadel.ch"),
|
|
),
|
|
eventFromEventPusher(
|
|
org.NewDomainVerifiedEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate,
|
|
"org.zitadel.ch"),
|
|
),
|
|
),
|
|
expectPush(
|
|
org.NewOrgChangedEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate, "org", "neworg",
|
|
),
|
|
org.NewDomainAddedEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate, "neworg.zitadel.ch",
|
|
),
|
|
org.NewDomainVerifiedEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate, "neworg.zitadel.ch",
|
|
),
|
|
org.NewDomainRemovedEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate, "org.zitadel.ch", true,
|
|
),
|
|
),
|
|
),
|
|
},
|
|
args: args{
|
|
ctx: http_util.WithRequestedHost(context.Background(), "zitadel.ch"),
|
|
orgID: "org1",
|
|
name: "neworg",
|
|
},
|
|
res: res{},
|
|
},
|
|
{
|
|
name: "change org name verified, with primary",
|
|
fields: fields{
|
|
eventstore: eventstoreExpect(
|
|
t,
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
org.NewOrgAddedEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate,
|
|
"org"),
|
|
),
|
|
),
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
org.NewOrgAddedEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate,
|
|
"org"),
|
|
),
|
|
eventFromEventPusher(
|
|
org.NewDomainAddedEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate,
|
|
"org.zitadel.ch"),
|
|
),
|
|
eventFromEventPusher(
|
|
org.NewDomainVerifiedEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate,
|
|
"org.zitadel.ch"),
|
|
),
|
|
eventFromEventPusher(
|
|
org.NewDomainPrimarySetEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate,
|
|
"org.zitadel.ch"),
|
|
),
|
|
),
|
|
expectPush(
|
|
org.NewOrgChangedEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate, "org", "neworg",
|
|
),
|
|
org.NewDomainAddedEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate, "neworg.zitadel.ch",
|
|
),
|
|
org.NewDomainVerifiedEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate, "neworg.zitadel.ch",
|
|
),
|
|
org.NewDomainPrimarySetEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate, "neworg.zitadel.ch",
|
|
),
|
|
org.NewDomainRemovedEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate, "org.zitadel.ch", true,
|
|
),
|
|
),
|
|
),
|
|
},
|
|
args: args{
|
|
ctx: http_util.WithRequestedHost(context.Background(), "zitadel.ch"),
|
|
orgID: "org1",
|
|
name: "neworg",
|
|
},
|
|
res: res{},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
r := &Commands{
|
|
eventstore: tt.fields.eventstore,
|
|
}
|
|
_, err := r.ChangeOrg(tt.args.ctx, tt.args.orgID, tt.args.name)
|
|
if tt.res.err == nil {
|
|
assert.NoError(t, err)
|
|
}
|
|
if tt.res.err != nil && !tt.res.err(err) {
|
|
t.Errorf("got wrong err: %v ", err)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestCommandSide_DeactivateOrg(t *testing.T) {
|
|
type fields struct {
|
|
eventstore *eventstore.Eventstore
|
|
idGenerator id.Generator
|
|
iamDomain string
|
|
}
|
|
type args struct {
|
|
ctx context.Context
|
|
orgID string
|
|
}
|
|
type res struct {
|
|
want *domain.Org
|
|
err func(error) bool
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
fields fields
|
|
args args
|
|
res res
|
|
}{
|
|
{
|
|
name: "org not found, error",
|
|
fields: fields{
|
|
eventstore: eventstoreExpect(
|
|
t,
|
|
expectFilter(),
|
|
),
|
|
},
|
|
args: args{
|
|
ctx: context.Background(),
|
|
orgID: "org1",
|
|
},
|
|
res: res{
|
|
err: zerrors.IsNotFound,
|
|
},
|
|
},
|
|
{
|
|
name: "org already inactive, error",
|
|
fields: fields{
|
|
eventstore: eventstoreExpect(
|
|
t,
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
org.NewOrgAddedEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate,
|
|
"org"),
|
|
),
|
|
eventFromEventPusher(
|
|
org.NewOrgDeactivatedEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate),
|
|
),
|
|
),
|
|
),
|
|
},
|
|
args: args{
|
|
ctx: context.Background(),
|
|
orgID: "org1",
|
|
},
|
|
res: res{
|
|
err: zerrors.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "push failed, error",
|
|
fields: fields{
|
|
eventstore: eventstoreExpect(
|
|
t,
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
org.NewOrgAddedEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate,
|
|
"org"),
|
|
),
|
|
),
|
|
expectPushFailed(
|
|
zerrors.ThrowInternal(nil, "id", "message"),
|
|
org.NewOrgDeactivatedEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate,
|
|
),
|
|
),
|
|
),
|
|
},
|
|
args: args{
|
|
ctx: context.Background(),
|
|
orgID: "org1",
|
|
},
|
|
res: res{
|
|
err: zerrors.IsInternal,
|
|
},
|
|
},
|
|
{
|
|
name: "deactivate org",
|
|
fields: fields{
|
|
eventstore: eventstoreExpect(
|
|
t,
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
org.NewOrgAddedEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate,
|
|
"org"),
|
|
),
|
|
),
|
|
expectPush(
|
|
org.NewOrgDeactivatedEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate,
|
|
),
|
|
),
|
|
),
|
|
},
|
|
args: args{
|
|
ctx: context.Background(),
|
|
orgID: "org1",
|
|
},
|
|
res: res{},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
r := &Commands{
|
|
eventstore: tt.fields.eventstore,
|
|
idGenerator: tt.fields.idGenerator,
|
|
}
|
|
_, err := r.DeactivateOrg(tt.args.ctx, tt.args.orgID)
|
|
if tt.res.err == nil {
|
|
assert.NoError(t, err)
|
|
}
|
|
if tt.res.err != nil && !tt.res.err(err) {
|
|
t.Errorf("got wrong err: %v ", err)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestCommandSide_ReactivateOrg(t *testing.T) {
|
|
type fields struct {
|
|
eventstore *eventstore.Eventstore
|
|
idGenerator id.Generator
|
|
iamDomain string
|
|
}
|
|
type args struct {
|
|
ctx context.Context
|
|
orgID string
|
|
}
|
|
type res struct {
|
|
want *domain.Org
|
|
err func(error) bool
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
fields fields
|
|
args args
|
|
res res
|
|
}{
|
|
{
|
|
name: "org not found, error",
|
|
fields: fields{
|
|
eventstore: eventstoreExpect(
|
|
t,
|
|
expectFilter(),
|
|
),
|
|
},
|
|
args: args{
|
|
ctx: context.Background(),
|
|
orgID: "org1",
|
|
},
|
|
res: res{
|
|
err: zerrors.IsNotFound,
|
|
},
|
|
},
|
|
{
|
|
name: "org already active, error",
|
|
fields: fields{
|
|
eventstore: eventstoreExpect(
|
|
t,
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
org.NewOrgAddedEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate,
|
|
"org"),
|
|
),
|
|
),
|
|
),
|
|
},
|
|
args: args{
|
|
ctx: context.Background(),
|
|
orgID: "org1",
|
|
},
|
|
res: res{
|
|
err: zerrors.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "push failed, error",
|
|
fields: fields{
|
|
eventstore: eventstoreExpect(
|
|
t,
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
org.NewOrgAddedEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate,
|
|
"org"),
|
|
),
|
|
eventFromEventPusher(
|
|
org.NewOrgDeactivatedEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate,
|
|
),
|
|
),
|
|
),
|
|
expectPushFailed(
|
|
zerrors.ThrowInternal(nil, "id", "message"),
|
|
org.NewOrgReactivatedEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate,
|
|
),
|
|
),
|
|
),
|
|
},
|
|
args: args{
|
|
ctx: context.Background(),
|
|
orgID: "org1",
|
|
},
|
|
res: res{
|
|
err: zerrors.IsInternal,
|
|
},
|
|
},
|
|
{
|
|
name: "reactivate org",
|
|
fields: fields{
|
|
eventstore: eventstoreExpect(
|
|
t,
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
org.NewOrgAddedEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate,
|
|
"org"),
|
|
),
|
|
eventFromEventPusher(
|
|
org.NewOrgDeactivatedEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate),
|
|
),
|
|
),
|
|
expectPush(
|
|
org.NewOrgReactivatedEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate,
|
|
),
|
|
),
|
|
),
|
|
},
|
|
args: args{
|
|
ctx: context.Background(),
|
|
orgID: "org1",
|
|
},
|
|
res: res{},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
r := &Commands{
|
|
eventstore: tt.fields.eventstore,
|
|
idGenerator: tt.fields.idGenerator,
|
|
}
|
|
_, err := r.ReactivateOrg(tt.args.ctx, tt.args.orgID)
|
|
if tt.res.err == nil {
|
|
assert.NoError(t, err)
|
|
}
|
|
if tt.res.err != nil && !tt.res.err(err) {
|
|
t.Errorf("got wrong err: %v ", err)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestCommandSide_RemoveOrg(t *testing.T) {
|
|
type fields struct {
|
|
eventstore *eventstore.Eventstore
|
|
idGenerator id.Generator
|
|
}
|
|
type args struct {
|
|
ctx context.Context
|
|
orgID string
|
|
}
|
|
type res struct {
|
|
err func(error) bool
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
fields fields
|
|
args args
|
|
res res
|
|
}{
|
|
{
|
|
name: "default org, error",
|
|
fields: fields{
|
|
eventstore: eventstoreExpect(
|
|
t,
|
|
),
|
|
},
|
|
args: args{
|
|
ctx: authz.WithInstance(context.Background(), &mockInstance{}),
|
|
orgID: "defaultOrgID",
|
|
},
|
|
res: res{
|
|
err: zerrors.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "zitadel org, error",
|
|
fields: fields{
|
|
eventstore: eventstoreExpect(
|
|
t,
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
project.NewProjectAddedEvent(context.Background(),
|
|
&project.NewAggregate("projectID", "org1").Aggregate,
|
|
"ZITADEL",
|
|
false,
|
|
false,
|
|
false,
|
|
domain.PrivateLabelingSettingUnspecified,
|
|
),
|
|
)),
|
|
),
|
|
},
|
|
args: args{
|
|
ctx: context.Background(),
|
|
orgID: "org1",
|
|
},
|
|
res: res{
|
|
err: zerrors.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "org not found, error",
|
|
fields: fields{
|
|
eventstore: eventstoreExpect(
|
|
t,
|
|
expectFilter(), // zitadel project check
|
|
expectFilter(),
|
|
),
|
|
},
|
|
args: args{
|
|
ctx: context.Background(),
|
|
orgID: "org1",
|
|
},
|
|
res: res{
|
|
err: zerrors.IsNotFound,
|
|
},
|
|
},
|
|
{
|
|
name: "push failed, error",
|
|
fields: fields{
|
|
eventstore: eventstoreExpect(
|
|
t,
|
|
expectFilter(), // zitadel project check
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
org.NewOrgAddedEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate,
|
|
"org"),
|
|
),
|
|
),
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
org.NewDomainPolicyAddedEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate,
|
|
true,
|
|
true,
|
|
true,
|
|
),
|
|
),
|
|
),
|
|
expectFilter(),
|
|
expectFilter(),
|
|
expectFilter(),
|
|
expectFilter(),
|
|
expectPushFailed(
|
|
zerrors.ThrowInternal(nil, "id", "message"),
|
|
org.NewOrgRemovedEvent(
|
|
context.Background(), &org.NewAggregate("org1").Aggregate, "org", []string{}, false, []string{}, []*domain.UserIDPLink{}, []string{},
|
|
),
|
|
),
|
|
),
|
|
},
|
|
args: args{
|
|
ctx: context.Background(),
|
|
orgID: "org1",
|
|
},
|
|
res: res{
|
|
err: zerrors.IsInternal,
|
|
},
|
|
},
|
|
{
|
|
name: "remove org",
|
|
fields: fields{
|
|
eventstore: eventstoreExpect(
|
|
t,
|
|
expectFilter(), // zitadel project check
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
org.NewOrgAddedEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate,
|
|
"org"),
|
|
),
|
|
),
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
org.NewDomainPolicyAddedEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate,
|
|
true,
|
|
true,
|
|
true,
|
|
),
|
|
),
|
|
),
|
|
expectFilter(),
|
|
expectFilter(),
|
|
expectFilter(),
|
|
expectFilter(),
|
|
expectPush(
|
|
org.NewOrgRemovedEvent(
|
|
context.Background(), &org.NewAggregate("org1").Aggregate, "org", []string{}, false, []string{}, []*domain.UserIDPLink{}, []string{},
|
|
),
|
|
),
|
|
),
|
|
},
|
|
args: args{
|
|
ctx: context.Background(),
|
|
orgID: "org1",
|
|
},
|
|
res: res{},
|
|
},
|
|
{
|
|
name: "remove org with usernames and domains",
|
|
fields: fields{
|
|
eventstore: eventstoreExpect(
|
|
t,
|
|
expectFilter(), // zitadel project check
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
org.NewOrgAddedEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate,
|
|
"org"),
|
|
),
|
|
),
|
|
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
org.NewDomainPolicyAddedEvent(context.Background(),
|
|
&org.NewAggregate("org1").Aggregate,
|
|
false,
|
|
true,
|
|
true,
|
|
),
|
|
),
|
|
),
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
user.NewHumanAddedEvent(context.Background(),
|
|
&user.NewAggregate("user1", "org1").Aggregate,
|
|
"user1",
|
|
"firstname1",
|
|
"lastname1",
|
|
"nickname1",
|
|
"displayname1",
|
|
language.English,
|
|
domain.GenderMale,
|
|
"email1",
|
|
false,
|
|
),
|
|
), eventFromEventPusher(
|
|
user.NewMachineAddedEvent(context.Background(),
|
|
&user.NewAggregate("user2", "org1").Aggregate,
|
|
"user2",
|
|
"name",
|
|
"description",
|
|
false,
|
|
domain.OIDCTokenTypeBearer,
|
|
),
|
|
),
|
|
),
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
org.NewDomainVerifiedEvent(context.Background(), &org.NewAggregate("org1").Aggregate, "domain1"),
|
|
),
|
|
eventFromEventPusher(
|
|
org.NewDomainVerifiedEvent(context.Background(), &org.NewAggregate("org1").Aggregate, "domain2"),
|
|
),
|
|
),
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
user.NewUserIDPLinkAddedEvent(context.Background(), &user.NewAggregate("user1", "org1").Aggregate, "config1", "display1", "id1"),
|
|
),
|
|
eventFromEventPusher(
|
|
user.NewUserIDPLinkAddedEvent(context.Background(), &user.NewAggregate("user2", "org1").Aggregate, "config2", "display2", "id2"),
|
|
),
|
|
),
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
project.NewSAMLConfigAddedEvent(context.Background(), &project.NewAggregate("project1", "org1").Aggregate, "app1", "entity1", []byte{}, ""),
|
|
),
|
|
eventFromEventPusher(
|
|
project.NewSAMLConfigAddedEvent(context.Background(), &project.NewAggregate("project2", "org1").Aggregate, "app2", "entity2", []byte{}, ""),
|
|
),
|
|
),
|
|
expectPush(
|
|
org.NewOrgRemovedEvent(context.Background(), &org.NewAggregate("org1").Aggregate, "org",
|
|
[]string{"user1", "user2"},
|
|
false,
|
|
[]string{"domain1", "domain2"},
|
|
[]*domain.UserIDPLink{{IDPConfigID: "config1", ExternalUserID: "id1", DisplayName: "display1"}, {IDPConfigID: "config2", ExternalUserID: "id2", DisplayName: "display2"}},
|
|
[]string{"entity1", "entity2"},
|
|
),
|
|
),
|
|
),
|
|
},
|
|
args: args{
|
|
ctx: context.Background(),
|
|
orgID: "org1",
|
|
},
|
|
res: res{},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
r := &Commands{
|
|
eventstore: tt.fields.eventstore,
|
|
idGenerator: tt.fields.idGenerator,
|
|
}
|
|
_, err := r.RemoveOrg(tt.args.ctx, tt.args.orgID)
|
|
if tt.res.err == nil {
|
|
assert.NoError(t, err)
|
|
}
|
|
if tt.res.err != nil && !tt.res.err(err) {
|
|
t.Errorf("got wrong err: %v ", err)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestCommandSide_SetUpOrg(t *testing.T) {
|
|
type fields struct {
|
|
eventstore func(t *testing.T) *eventstore.Eventstore
|
|
idGenerator id.Generator
|
|
newCode encrypedCodeFunc
|
|
keyAlgorithm crypto.EncryptionAlgorithm
|
|
}
|
|
type args struct {
|
|
ctx context.Context
|
|
setupOrg *OrgSetup
|
|
allowInitialMail bool
|
|
userIDs []string
|
|
}
|
|
type res struct {
|
|
createdOrg *CreatedOrg
|
|
err error
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
fields fields
|
|
args args
|
|
res res
|
|
}{
|
|
{
|
|
name: "org name empty, error",
|
|
fields: fields{
|
|
eventstore: expectEventstore(),
|
|
idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "orgID"),
|
|
},
|
|
args: args{
|
|
ctx: http_util.WithRequestedHost(context.Background(), "iam-domain"),
|
|
setupOrg: &OrgSetup{
|
|
Name: "",
|
|
},
|
|
},
|
|
res: res{
|
|
err: zerrors.ThrowInvalidArgument(nil, "ORG-mruNY", "Errors.Invalid.Argument"),
|
|
},
|
|
},
|
|
{
|
|
name: "userID not existing, error",
|
|
fields: fields{
|
|
eventstore: expectEventstore(
|
|
expectFilter(),
|
|
),
|
|
idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "orgID"),
|
|
},
|
|
args: args{
|
|
ctx: http_util.WithRequestedHost(context.Background(), "iam-domain"),
|
|
setupOrg: &OrgSetup{
|
|
Name: "Org",
|
|
Admins: []*OrgSetupAdmin{
|
|
{
|
|
ID: "userID",
|
|
},
|
|
},
|
|
},
|
|
},
|
|
res: res{
|
|
err: zerrors.ThrowPreconditionFailed(nil, "ORG-GoXOn", "Errors.User.NotFound"),
|
|
},
|
|
},
|
|
{
|
|
name: "human invalid, error",
|
|
fields: fields{
|
|
eventstore: expectEventstore(),
|
|
idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "orgID", "userID"),
|
|
},
|
|
args: args{
|
|
ctx: http_util.WithRequestedHost(context.Background(), "iam-domain"),
|
|
setupOrg: &OrgSetup{
|
|
Name: "Org",
|
|
Admins: []*OrgSetupAdmin{
|
|
{
|
|
Human: &AddHuman{
|
|
Username: "",
|
|
FirstName: "firstname",
|
|
LastName: "lastname",
|
|
Email: Email{
|
|
Address: "email@test.ch",
|
|
Verified: true,
|
|
},
|
|
PreferredLanguage: language.English,
|
|
},
|
|
},
|
|
},
|
|
},
|
|
allowInitialMail: true,
|
|
},
|
|
res: res{
|
|
err: zerrors.ThrowInvalidArgument(nil, "V2-zzad3", "Errors.Invalid.Argument"),
|
|
},
|
|
},
|
|
{
|
|
name: "human added with initial mail",
|
|
fields: fields{
|
|
eventstore: expectEventstore(
|
|
expectFilter(), // add human exists check
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
org.NewDomainPolicyAddedEvent(context.Background(),
|
|
&user.NewAggregate("userID", "orgID").Aggregate,
|
|
true,
|
|
true,
|
|
true,
|
|
),
|
|
),
|
|
),
|
|
expectFilter(), // org member check
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
user.NewHumanAddedEvent(context.Background(),
|
|
&user.NewAggregate("user1", "orgID").Aggregate,
|
|
"username",
|
|
"firstname",
|
|
"lastname",
|
|
"",
|
|
"firstname lastname",
|
|
language.English,
|
|
domain.GenderUnspecified,
|
|
"email@test.ch",
|
|
true,
|
|
),
|
|
),
|
|
),
|
|
expectPush(
|
|
eventFromEventPusher(org.NewOrgAddedEvent(context.Background(),
|
|
&org.NewAggregate("orgID").Aggregate,
|
|
"Org",
|
|
)),
|
|
eventFromEventPusher(org.NewDomainAddedEvent(context.Background(),
|
|
&org.NewAggregate("orgID").Aggregate, "org.iam-domain",
|
|
)),
|
|
eventFromEventPusher(org.NewDomainVerifiedEvent(context.Background(),
|
|
&org.NewAggregate("orgID").Aggregate,
|
|
"org.iam-domain",
|
|
)),
|
|
eventFromEventPusher(org.NewDomainPrimarySetEvent(context.Background(),
|
|
&org.NewAggregate("orgID").Aggregate,
|
|
"org.iam-domain",
|
|
)),
|
|
eventFromEventPusher(
|
|
user.NewHumanAddedEvent(context.Background(),
|
|
&user.NewAggregate("userID", "orgID").Aggregate,
|
|
"username",
|
|
"firstname",
|
|
"lastname",
|
|
"",
|
|
"firstname lastname",
|
|
language.English,
|
|
domain.GenderUnspecified,
|
|
"email@test.ch",
|
|
true,
|
|
),
|
|
),
|
|
eventFromEventPusher(
|
|
user.NewHumanEmailVerifiedEvent(context.Background(),
|
|
&user.NewAggregate("userID", "orgID").Aggregate,
|
|
),
|
|
),
|
|
eventFromEventPusher(
|
|
user.NewHumanInitialCodeAddedEvent(
|
|
http_util.WithRequestedHost(context.Background(), "iam-domain"),
|
|
&user.NewAggregate("userID", "orgID").Aggregate,
|
|
&crypto.CryptoValue{
|
|
CryptoType: crypto.TypeEncryption,
|
|
Algorithm: "enc",
|
|
KeyID: "id",
|
|
Crypted: []byte("userinit"),
|
|
},
|
|
1*time.Hour,
|
|
"",
|
|
),
|
|
),
|
|
eventFromEventPusher(org.NewMemberAddedEvent(context.Background(),
|
|
&org.NewAggregate("orgID").Aggregate,
|
|
"userID",
|
|
domain.RoleOrgOwner,
|
|
)),
|
|
),
|
|
),
|
|
idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "orgID", "userID"),
|
|
newCode: mockEncryptedCode("userinit", time.Hour),
|
|
},
|
|
args: args{
|
|
ctx: http_util.WithRequestedHost(context.Background(), "iam-domain"),
|
|
setupOrg: &OrgSetup{
|
|
Name: "Org",
|
|
Admins: []*OrgSetupAdmin{
|
|
{
|
|
Human: &AddHuman{
|
|
Username: "username",
|
|
FirstName: "firstname",
|
|
LastName: "lastname",
|
|
Email: Email{
|
|
Address: "email@test.ch",
|
|
Verified: true,
|
|
},
|
|
PreferredLanguage: language.English,
|
|
},
|
|
},
|
|
},
|
|
},
|
|
allowInitialMail: true,
|
|
},
|
|
res: res{
|
|
createdOrg: &CreatedOrg{
|
|
ObjectDetails: &domain.ObjectDetails{
|
|
ResourceOwner: "orgID",
|
|
},
|
|
CreatedAdmins: []*CreatedOrgAdmin{
|
|
{
|
|
ID: "userID",
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "existing human added",
|
|
fields: fields{
|
|
eventstore: expectEventstore(
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
user.NewHumanAddedEvent(context.Background(),
|
|
&user.NewAggregate("user1", "orgID").Aggregate,
|
|
"username",
|
|
"firstname",
|
|
"lastname",
|
|
"",
|
|
"firstname lastname",
|
|
language.English,
|
|
domain.GenderUnspecified,
|
|
"email@test.ch",
|
|
true,
|
|
),
|
|
),
|
|
),
|
|
expectFilter(), // org member check
|
|
expectPush(
|
|
eventFromEventPusher(org.NewOrgAddedEvent(context.Background(),
|
|
&org.NewAggregate("orgID").Aggregate,
|
|
"Org",
|
|
)),
|
|
eventFromEventPusher(org.NewDomainAddedEvent(context.Background(),
|
|
&org.NewAggregate("orgID").Aggregate, "org.iam-domain",
|
|
)),
|
|
eventFromEventPusher(org.NewDomainVerifiedEvent(context.Background(),
|
|
&org.NewAggregate("orgID").Aggregate,
|
|
"org.iam-domain",
|
|
)),
|
|
eventFromEventPusher(org.NewDomainPrimarySetEvent(context.Background(),
|
|
&org.NewAggregate("orgID").Aggregate,
|
|
"org.iam-domain",
|
|
)),
|
|
eventFromEventPusher(org.NewMemberAddedEvent(context.Background(),
|
|
&org.NewAggregate("orgID").Aggregate,
|
|
"userID",
|
|
domain.RoleOrgOwner,
|
|
)),
|
|
),
|
|
),
|
|
idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "orgID"),
|
|
},
|
|
args: args{
|
|
ctx: http_util.WithRequestedHost(context.Background(), "iam-domain"),
|
|
setupOrg: &OrgSetup{
|
|
Name: "Org",
|
|
Admins: []*OrgSetupAdmin{
|
|
{
|
|
ID: "userID",
|
|
},
|
|
},
|
|
},
|
|
allowInitialMail: true,
|
|
},
|
|
res: res{
|
|
createdOrg: &CreatedOrg{
|
|
ObjectDetails: &domain.ObjectDetails{
|
|
ResourceOwner: "orgID",
|
|
},
|
|
CreatedAdmins: []*CreatedOrgAdmin{},
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "machine added with pat",
|
|
fields: fields{
|
|
eventstore: expectEventstore(
|
|
expectFilter(), // add machine exists check
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
org.NewDomainPolicyAddedEvent(context.Background(),
|
|
&user.NewAggregate("userID", "orgID").Aggregate,
|
|
true,
|
|
true,
|
|
true,
|
|
),
|
|
),
|
|
),
|
|
expectFilter(),
|
|
expectFilter(),
|
|
expectFilter(), // org member check
|
|
expectFilter(
|
|
eventFromEventPusher(
|
|
user.NewHumanAddedEvent(context.Background(),
|
|
&user.NewAggregate("user1", "orgID").Aggregate,
|
|
"username",
|
|
"firstname",
|
|
"lastname",
|
|
"",
|
|
"firstname lastname",
|
|
language.English,
|
|
domain.GenderUnspecified,
|
|
"email@test.ch",
|
|
true,
|
|
),
|
|
),
|
|
),
|
|
expectPush(
|
|
eventFromEventPusher(org.NewOrgAddedEvent(context.Background(),
|
|
&org.NewAggregate("orgID").Aggregate,
|
|
"Org",
|
|
)),
|
|
eventFromEventPusher(org.NewDomainAddedEvent(context.Background(),
|
|
&org.NewAggregate("orgID").Aggregate, "org.iam-domain",
|
|
)),
|
|
eventFromEventPusher(org.NewDomainVerifiedEvent(context.Background(),
|
|
&org.NewAggregate("orgID").Aggregate,
|
|
"org.iam-domain",
|
|
)),
|
|
eventFromEventPusher(org.NewDomainPrimarySetEvent(context.Background(),
|
|
&org.NewAggregate("orgID").Aggregate,
|
|
"org.iam-domain",
|
|
)),
|
|
eventFromEventPusher(
|
|
user.NewMachineAddedEvent(context.Background(),
|
|
&user.NewAggregate("userID", "orgID").Aggregate,
|
|
"username",
|
|
"name",
|
|
"description",
|
|
true,
|
|
domain.OIDCTokenTypeBearer,
|
|
),
|
|
),
|
|
eventFromEventPusher(
|
|
user.NewPersonalAccessTokenAddedEvent(context.Background(),
|
|
&user.NewAggregate("userID", "orgID").Aggregate,
|
|
"tokenID",
|
|
testNow.Add(time.Hour),
|
|
[]string{openid.ScopeOpenID},
|
|
),
|
|
),
|
|
eventFromEventPusher(org.NewMemberAddedEvent(context.Background(),
|
|
&org.NewAggregate("orgID").Aggregate,
|
|
"userID",
|
|
domain.RoleOrgOwner,
|
|
)),
|
|
),
|
|
),
|
|
idGenerator: id_mock.NewIDGeneratorExpectIDs(t, "orgID", "userID", "tokenID"),
|
|
newCode: mockEncryptedCode("userinit", time.Hour),
|
|
keyAlgorithm: crypto.CreateMockEncryptionAlg(gomock.NewController(t)),
|
|
},
|
|
args: args{
|
|
ctx: http_util.WithRequestedHost(context.Background(), "iam-domain"),
|
|
setupOrg: &OrgSetup{
|
|
Name: "Org",
|
|
Admins: []*OrgSetupAdmin{
|
|
{
|
|
Machine: &AddMachine{
|
|
Machine: &Machine{
|
|
Username: "username",
|
|
Name: "name",
|
|
Description: "description",
|
|
AccessTokenType: domain.OIDCTokenTypeBearer,
|
|
},
|
|
Pat: &AddPat{
|
|
ExpirationDate: testNow.Add(time.Hour),
|
|
Scopes: []string{openid.ScopeOpenID},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
res: res{
|
|
createdOrg: &CreatedOrg{
|
|
ObjectDetails: &domain.ObjectDetails{
|
|
ResourceOwner: "orgID",
|
|
},
|
|
CreatedAdmins: []*CreatedOrgAdmin{
|
|
{
|
|
ID: "userID",
|
|
PAT: &PersonalAccessToken{
|
|
ObjectRoot: models.ObjectRoot{
|
|
AggregateID: "userID",
|
|
ResourceOwner: "orgID",
|
|
},
|
|
ExpirationDate: testNow.Add(time.Hour),
|
|
Scopes: []string{openid.ScopeOpenID},
|
|
AllowedUserType: domain.UserTypeMachine,
|
|
TokenID: "tokenID",
|
|
Token: "dG9rZW5JRDp1c2VySUQ", // token
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
r := &Commands{
|
|
eventstore: tt.fields.eventstore(t),
|
|
idGenerator: tt.fields.idGenerator,
|
|
newEncryptedCode: tt.fields.newCode,
|
|
keyAlgorithm: tt.fields.keyAlgorithm,
|
|
zitadelRoles: []authz.RoleMapping{
|
|
{
|
|
Role: domain.RoleOrgOwner,
|
|
},
|
|
},
|
|
}
|
|
got, err := r.SetUpOrg(tt.args.ctx, tt.args.setupOrg, tt.args.allowInitialMail, tt.args.userIDs...)
|
|
assert.ErrorIs(t, err, tt.res.err)
|
|
assert.Equal(t, tt.res.createdOrg, got)
|
|
})
|
|
}
|
|
}
|