mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-13 03:24:26 +00:00
db1d8f4efe
* feat: oidc config * fix: oidc configurations * feat: oidc idp config * feat: add oidc config test * fix: tests * fix: tests * feat: translate new events * feat: idp eventstore * feat: idp eventstore * fix: tests * feat: command side idp * feat: query side idp * feat: idp config on org * fix: tests * feat: authz idp on org * feat: org idps * feat: login policy * feat: login policy * feat: login policy * feat: add idp func on login policy * feat: add validation to loginpolicy and idp provider * feat: add default login policy * feat: login policy on org * feat: login policy on org * fix: id config handlers * fix: id config handlers * fix: create idp on org * fix: create idp on org * fix: not existing idp config * fix: default login policy * fix: add login policy on org * fix: idp provider search on org * fix: test * fix: remove idp on org * fix: test * fix: test * fix: remove admin idp * fix: logo src as byte * fix: migration * fix: tests * Update internal/iam/repository/eventsourcing/iam.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/iam_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/iam_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/org/repository/eventsourcing/org_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * Update internal/iam/repository/eventsourcing/model/login_policy_test.go Co-authored-by: Silvan <silvan.reusser@gmail.com> * fix: pr comments * fix: tests * Update types.go * fix: merge request changes * fix: reduce optimization Co-authored-by: Silvan <silvan.reusser@gmail.com> Co-authored-by: Livio Amstutz <livio.a@gmail.com>
2708 lines
75 KiB
Go
2708 lines
75 KiB
Go
package eventsourcing
|
|
|
|
import (
|
|
"context"
|
|
"encoding/json"
|
|
iam_model "github.com/caos/zitadel/internal/iam/model"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/golang/mock/gomock"
|
|
"github.com/stretchr/testify/assert"
|
|
|
|
"github.com/caos/zitadel/internal/api/authz"
|
|
http_util "github.com/caos/zitadel/internal/api/http"
|
|
"github.com/caos/zitadel/internal/crypto"
|
|
"github.com/caos/zitadel/internal/errors"
|
|
caos_errs "github.com/caos/zitadel/internal/errors"
|
|
es_mock "github.com/caos/zitadel/internal/eventstore/mock"
|
|
es_models "github.com/caos/zitadel/internal/eventstore/models"
|
|
org_model "github.com/caos/zitadel/internal/org/model"
|
|
"github.com/caos/zitadel/internal/org/repository/eventsourcing/model"
|
|
)
|
|
|
|
type testOrgEventstore struct {
|
|
OrgEventstore
|
|
mockEventstore *es_mock.MockEventstore
|
|
}
|
|
|
|
func newTestEventstore(t *testing.T) *testOrgEventstore {
|
|
ctrl := gomock.NewController(t)
|
|
mock := es_mock.NewMockEventstore(ctrl)
|
|
verificationAlgorithm := crypto.NewMockEncryptionAlgorithm(ctrl)
|
|
verificationGenerator := crypto.NewMockGenerator(ctrl)
|
|
return &testOrgEventstore{
|
|
OrgEventstore: OrgEventstore{
|
|
Eventstore: mock,
|
|
verificationAlgorithm: verificationAlgorithm,
|
|
verificationGenerator: verificationGenerator,
|
|
},
|
|
mockEventstore: mock}
|
|
}
|
|
|
|
func (es *testOrgEventstore) expectFilterEvents(events []*es_models.Event, err error) *testOrgEventstore {
|
|
es.mockEventstore.EXPECT().FilterEvents(gomock.Any(), gomock.Any()).Return(events, err)
|
|
return es
|
|
}
|
|
|
|
func (es *testOrgEventstore) expectPushEvents(startSequence uint64, err error) *testOrgEventstore {
|
|
es.mockEventstore.EXPECT().PushAggregates(gomock.Any(), gomock.Any()).DoAndReturn(
|
|
func(_ context.Context, aggregates ...*es_models.Aggregate) error {
|
|
for _, aggregate := range aggregates {
|
|
for _, event := range aggregate.Events {
|
|
event.Sequence = startSequence
|
|
startSequence++
|
|
}
|
|
}
|
|
return err
|
|
})
|
|
return es
|
|
}
|
|
|
|
func (es *testOrgEventstore) expectAggregateCreator() *testOrgEventstore {
|
|
es.mockEventstore.EXPECT().AggregateCreator().Return(es_models.NewAggregateCreator("test"))
|
|
return es
|
|
}
|
|
|
|
func (es *testOrgEventstore) expectGenerateVerification(r rune) *testOrgEventstore {
|
|
generator, _ := es.verificationGenerator.(*crypto.MockGenerator)
|
|
generator.EXPECT().Length().Return(uint(2))
|
|
generator.EXPECT().Runes().Return([]rune("aa"))
|
|
generator.EXPECT().Alg().Return(es.verificationAlgorithm)
|
|
return es
|
|
}
|
|
|
|
func (es *testOrgEventstore) expectEncrypt() *testOrgEventstore {
|
|
algorithm, _ := es.verificationAlgorithm.(*crypto.MockEncryptionAlgorithm)
|
|
algorithm.EXPECT().Encrypt(gomock.Any()).DoAndReturn(
|
|
func(value []byte) (*crypto.CryptoValue, error) {
|
|
return &crypto.CryptoValue{
|
|
CryptoType: crypto.TypeEncryption,
|
|
Algorithm: "enc",
|
|
KeyID: "id",
|
|
Crypted: value,
|
|
}, nil
|
|
})
|
|
algorithm.EXPECT().Algorithm().Return("enc")
|
|
algorithm.EXPECT().EncryptionKeyID().Return("id")
|
|
return es
|
|
}
|
|
|
|
func (es *testOrgEventstore) expectDecrypt() *testOrgEventstore {
|
|
algorithm, _ := es.verificationAlgorithm.(*crypto.MockEncryptionAlgorithm)
|
|
algorithm.EXPECT().Algorithm().AnyTimes().Return("enc")
|
|
algorithm.EXPECT().DecryptionKeyIDs().Return([]string{"id"})
|
|
algorithm.EXPECT().DecryptString(gomock.Any(), gomock.Any()).DoAndReturn(
|
|
func(value []byte, id string) (string, error) {
|
|
return string(value), nil
|
|
})
|
|
return es
|
|
}
|
|
|
|
func (es *testOrgEventstore) expectVerification(success bool) *testOrgEventstore {
|
|
es.verificationValidator = func(_, _, _ string, _ http_util.CheckType) error {
|
|
if success {
|
|
return nil
|
|
}
|
|
return errors.ThrowInvalidArgument(nil, "id", "invalid token")
|
|
}
|
|
return es
|
|
}
|
|
|
|
func TestOrgEventstore_OrgByID(t *testing.T) {
|
|
type fields struct {
|
|
Eventstore *testOrgEventstore
|
|
}
|
|
type res struct {
|
|
expectedSequence uint64
|
|
isErr func(error) bool
|
|
}
|
|
type args struct {
|
|
ctx context.Context
|
|
org *org_model.Org
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
fields fields
|
|
args args
|
|
res res
|
|
}{
|
|
{
|
|
name: "no input org",
|
|
fields: fields{Eventstore: newTestEventstore(t)},
|
|
args: args{
|
|
ctx: authz.NewMockContext("user", "org"),
|
|
org: nil,
|
|
},
|
|
res: res{
|
|
expectedSequence: 0,
|
|
isErr: errors.IsErrorInvalidArgument,
|
|
},
|
|
},
|
|
{
|
|
name: "no aggregate id in input org",
|
|
fields: fields{Eventstore: newTestEventstore(t)},
|
|
args: args{
|
|
ctx: authz.NewMockContext("user", "org"),
|
|
org: &org_model.Org{ObjectRoot: es_models.ObjectRoot{Sequence: 4}},
|
|
},
|
|
res: res{
|
|
expectedSequence: 0,
|
|
isErr: errors.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "no events found success",
|
|
fields: fields{Eventstore: newTestEventstore(t).expectFilterEvents([]*es_models.Event{}, nil)},
|
|
args: args{
|
|
ctx: authz.NewMockContext("user", "org"),
|
|
org: &org_model.Org{ObjectRoot: es_models.ObjectRoot{Sequence: 4, AggregateID: "hodor"}},
|
|
},
|
|
res: res{
|
|
expectedSequence: 4,
|
|
isErr: nil,
|
|
},
|
|
},
|
|
{
|
|
name: "filter fail",
|
|
fields: fields{Eventstore: newTestEventstore(t).expectFilterEvents([]*es_models.Event{}, errors.ThrowInternal(nil, "EVENT-SAa1O", "message"))},
|
|
args: args{
|
|
ctx: authz.NewMockContext("user", "org"),
|
|
org: &org_model.Org{ObjectRoot: es_models.ObjectRoot{Sequence: 4, AggregateID: "hodor"}},
|
|
},
|
|
res: res{
|
|
expectedSequence: 0,
|
|
isErr: errors.IsInternal,
|
|
},
|
|
},
|
|
{
|
|
name: "new events found and added success",
|
|
fields: fields{Eventstore: newTestEventstore(t).expectFilterEvents([]*es_models.Event{
|
|
{Sequence: 6},
|
|
}, nil)},
|
|
args: args{
|
|
ctx: authz.NewMockContext("user", "org"),
|
|
org: &org_model.Org{ObjectRoot: es_models.ObjectRoot{Sequence: 4, AggregateID: "hodor-org", ChangeDate: time.Now(), CreationDate: time.Now()}},
|
|
},
|
|
res: res{
|
|
expectedSequence: 6,
|
|
isErr: nil,
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
got, err := tt.fields.Eventstore.OrgByID(tt.args.ctx, tt.args.org)
|
|
if tt.res.isErr == nil && err != nil {
|
|
t.Errorf("no error expected got:%T %v", err, err)
|
|
}
|
|
if tt.res.isErr != nil && !tt.res.isErr(err) {
|
|
t.Errorf("wrong error got %T: %v", err, err)
|
|
}
|
|
if got == nil && tt.res.expectedSequence != 0 {
|
|
t.Errorf("org should be nil but was %v", got)
|
|
t.FailNow()
|
|
}
|
|
if tt.res.expectedSequence != 0 && tt.res.expectedSequence != got.Sequence {
|
|
t.Errorf("org should have sequence %d but had %d", tt.res.expectedSequence, got.Sequence)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestOrgEventstore_DeactivateOrg(t *testing.T) {
|
|
type fields struct {
|
|
Eventstore *testOrgEventstore
|
|
}
|
|
type res struct {
|
|
expectedSequence uint64
|
|
isErr func(error) bool
|
|
}
|
|
type args struct {
|
|
ctx context.Context
|
|
orgID string
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
fields fields
|
|
args args
|
|
res res
|
|
}{
|
|
{
|
|
name: "no input org",
|
|
fields: fields{Eventstore: newTestEventstore(t)},
|
|
args: args{
|
|
ctx: authz.NewMockContext("user", "org"),
|
|
orgID: "",
|
|
},
|
|
res: res{
|
|
expectedSequence: 0,
|
|
isErr: errors.IsErrorInvalidArgument,
|
|
},
|
|
},
|
|
{
|
|
name: "push failed",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectFilterEvents([]*es_models.Event{orgCreatedEvent()}, nil).
|
|
expectAggregateCreator().
|
|
expectPushEvents(0, errors.ThrowInternal(nil, "EVENT-S8WzW", "test"))},
|
|
args: args{
|
|
ctx: authz.NewMockContext("user", "org"),
|
|
orgID: "hodor",
|
|
},
|
|
res: res{
|
|
expectedSequence: 0,
|
|
isErr: errors.IsInternal,
|
|
},
|
|
},
|
|
{
|
|
name: "push correct",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectFilterEvents([]*es_models.Event{orgCreatedEvent()}, nil).
|
|
expectAggregateCreator().
|
|
expectPushEvents(6, nil)},
|
|
args: args{
|
|
ctx: authz.NewMockContext("user", "org"),
|
|
orgID: "hodor",
|
|
},
|
|
res: res{
|
|
expectedSequence: 6,
|
|
isErr: nil,
|
|
},
|
|
},
|
|
{
|
|
name: "org already inactive error",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectFilterEvents([]*es_models.Event{orgCreatedEvent(), orgInactiveEvent()}, nil).
|
|
expectAggregateCreator().
|
|
expectPushEvents(6, nil)},
|
|
args: args{
|
|
ctx: authz.NewMockContext("user", "org"),
|
|
orgID: "hodor",
|
|
},
|
|
res: res{
|
|
expectedSequence: 0,
|
|
isErr: errors.IsErrorInvalidArgument,
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
got, err := tt.fields.Eventstore.DeactivateOrg(tt.args.ctx, tt.args.orgID)
|
|
if tt.res.isErr == nil && err != nil {
|
|
t.Errorf("no error expected got:%T %v", err, err)
|
|
}
|
|
if tt.res.isErr != nil && !tt.res.isErr(err) {
|
|
t.Errorf("wrong error got %T: %v", err, err)
|
|
}
|
|
if got == nil && tt.res.expectedSequence != 0 {
|
|
t.Errorf("org should be nil but was %v", got)
|
|
t.FailNow()
|
|
}
|
|
if tt.res.expectedSequence != 0 && tt.res.expectedSequence != got.Sequence {
|
|
t.Errorf("org should have sequence %d but had %d", tt.res.expectedSequence, got.Sequence)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestOrgEventstore_ReactivateOrg(t *testing.T) {
|
|
type fields struct {
|
|
Eventstore *testOrgEventstore
|
|
}
|
|
type res struct {
|
|
expectedSequence uint64
|
|
isErr func(error) bool
|
|
}
|
|
type args struct {
|
|
ctx context.Context
|
|
orgID string
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
fields fields
|
|
args args
|
|
res res
|
|
}{
|
|
{
|
|
name: "no input org",
|
|
fields: fields{Eventstore: newTestEventstore(t)},
|
|
args: args{
|
|
ctx: authz.NewMockContext("user", "org"),
|
|
orgID: "",
|
|
},
|
|
res: res{
|
|
expectedSequence: 0,
|
|
isErr: errors.IsErrorInvalidArgument,
|
|
},
|
|
},
|
|
{
|
|
name: "push failed",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectFilterEvents([]*es_models.Event{orgCreatedEvent(), orgInactiveEvent()}, nil).
|
|
expectAggregateCreator().
|
|
expectPushEvents(0, errors.ThrowInternal(nil, "EVENT-S8WzW", "test"))},
|
|
args: args{
|
|
ctx: authz.NewMockContext("user", "org"),
|
|
orgID: "hodor",
|
|
},
|
|
res: res{
|
|
expectedSequence: 0,
|
|
isErr: errors.IsInternal,
|
|
},
|
|
},
|
|
{
|
|
name: "push correct",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectFilterEvents([]*es_models.Event{orgCreatedEvent(), orgInactiveEvent()}, nil).
|
|
expectAggregateCreator().
|
|
expectPushEvents(6, nil)},
|
|
args: args{
|
|
ctx: authz.NewMockContext("user", "org"),
|
|
orgID: "hodor",
|
|
},
|
|
res: res{
|
|
expectedSequence: 6,
|
|
isErr: nil,
|
|
},
|
|
},
|
|
{
|
|
name: "org already active error",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectFilterEvents([]*es_models.Event{orgCreatedEvent()}, nil).
|
|
expectAggregateCreator().
|
|
expectPushEvents(6, nil)},
|
|
args: args{
|
|
ctx: authz.NewMockContext("user", "org"),
|
|
orgID: "hodor",
|
|
},
|
|
res: res{
|
|
expectedSequence: 0,
|
|
isErr: errors.IsErrorInvalidArgument,
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
got, err := tt.fields.Eventstore.ReactivateOrg(tt.args.ctx, tt.args.orgID)
|
|
if tt.res.isErr == nil && err != nil {
|
|
t.Errorf("no error expected got:%T %v", err, err)
|
|
}
|
|
if tt.res.isErr != nil && !tt.res.isErr(err) {
|
|
t.Errorf("wrong error got %T: %v", err, err)
|
|
}
|
|
if got == nil && tt.res.expectedSequence != 0 {
|
|
t.Errorf("org should be nil but was %v", got)
|
|
t.FailNow()
|
|
}
|
|
if tt.res.expectedSequence != 0 && tt.res.expectedSequence != got.Sequence {
|
|
t.Errorf("org should have sequence %d but had %d", tt.res.expectedSequence, got.Sequence)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestOrgEventstore_GenerateOrgDomainValidation(t *testing.T) {
|
|
type fields struct {
|
|
Eventstore *testOrgEventstore
|
|
}
|
|
type res struct {
|
|
token string
|
|
url string
|
|
isErr func(error) bool
|
|
}
|
|
type args struct {
|
|
ctx context.Context
|
|
domain *org_model.OrgDomain
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
fields fields
|
|
args args
|
|
res res
|
|
}{
|
|
{
|
|
name: "no domain",
|
|
fields: fields{Eventstore: newTestEventstore(t)},
|
|
args: args{
|
|
ctx: authz.NewMockContext("org", "user"),
|
|
domain: nil,
|
|
},
|
|
res: res{
|
|
token: "",
|
|
url: "",
|
|
isErr: errors.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "validation type invalid error",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectFilterEvents([]*es_models.Event{orgCreatedEvent()}, nil).
|
|
expectGenerateVerification(65).
|
|
expectEncrypt(),
|
|
},
|
|
args: args{
|
|
ctx: authz.NewMockContext("org", "user"),
|
|
domain: &org_model.OrgDomain{ObjectRoot: es_models.ObjectRoot{AggregateID: "hodor-org"}, Domain: "hodor.org"},
|
|
},
|
|
res: res{
|
|
token: "",
|
|
url: "",
|
|
isErr: errors.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "org doesn't exist error",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectFilterEvents([]*es_models.Event{}, nil),
|
|
},
|
|
args: args{
|
|
ctx: authz.NewMockContext("org", "user"),
|
|
domain: &org_model.OrgDomain{ObjectRoot: es_models.ObjectRoot{AggregateID: "org"}, Domain: "hodor.org", ValidationType: org_model.OrgDomainValidationTypeHTTP},
|
|
},
|
|
res: res{
|
|
token: "",
|
|
url: "",
|
|
isErr: errors.IsNotFound,
|
|
},
|
|
},
|
|
{
|
|
name: "domain doesn't exist error",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectFilterEvents([]*es_models.Event{orgCreatedEvent()}, nil),
|
|
},
|
|
args: args{
|
|
ctx: authz.NewMockContext("org", "user"),
|
|
domain: &org_model.OrgDomain{ObjectRoot: es_models.ObjectRoot{AggregateID: "hodor-org"}, Domain: "hodor.org", ValidationType: org_model.OrgDomainValidationTypeHTTP},
|
|
},
|
|
res: res{
|
|
token: "",
|
|
url: "",
|
|
isErr: errors.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "domain already verified error",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectFilterEvents([]*es_models.Event{orgCreatedEvent(), orgDomainAddedEvent(), orgDomainVerifiedEvent()}, nil),
|
|
},
|
|
args: args{
|
|
ctx: authz.NewMockContext("org", "user"),
|
|
domain: &org_model.OrgDomain{ObjectRoot: es_models.ObjectRoot{AggregateID: "hodor-org"}, Domain: "hodor.org", ValidationType: org_model.OrgDomainValidationTypeHTTP},
|
|
},
|
|
res: res{
|
|
token: "",
|
|
url: "",
|
|
isErr: errors.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "push failed",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectFilterEvents([]*es_models.Event{orgCreatedEvent(), orgDomainAddedEvent()}, nil).
|
|
expectGenerateVerification(65).
|
|
expectEncrypt().
|
|
expectAggregateCreator().
|
|
expectPushEvents(0, errors.ThrowInternal(nil, "EVENT-S8WzW", "test")),
|
|
},
|
|
args: args{
|
|
ctx: authz.NewMockContext("org", "user"),
|
|
domain: &org_model.OrgDomain{ObjectRoot: es_models.ObjectRoot{AggregateID: "hodor-org"}, Domain: "hodor.org", ValidationType: org_model.OrgDomainValidationTypeHTTP},
|
|
},
|
|
res: res{
|
|
token: "",
|
|
url: "",
|
|
isErr: errors.IsInternal,
|
|
},
|
|
},
|
|
{
|
|
name: "push correct http",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectFilterEvents([]*es_models.Event{orgCreatedEvent(), orgDomainAddedEvent()}, nil).
|
|
expectGenerateVerification(65).
|
|
expectEncrypt().
|
|
expectAggregateCreator().
|
|
expectPushEvents(6, nil),
|
|
},
|
|
args: args{
|
|
ctx: authz.NewMockContext("org", "user"),
|
|
domain: &org_model.OrgDomain{ObjectRoot: es_models.ObjectRoot{AggregateID: "hodor-org"}, Domain: "hodor.org", ValidationType: org_model.OrgDomainValidationTypeHTTP},
|
|
},
|
|
res: res{
|
|
token: "aa",
|
|
url: "https://hodor.org/.well-known/zitadel-challenge/aa",
|
|
isErr: nil,
|
|
},
|
|
},
|
|
{
|
|
name: "push correct dns",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectFilterEvents([]*es_models.Event{orgCreatedEvent(), orgDomainAddedEvent()}, nil).
|
|
expectGenerateVerification(65).
|
|
expectEncrypt().
|
|
expectAggregateCreator().
|
|
expectPushEvents(6, nil),
|
|
},
|
|
args: args{
|
|
ctx: authz.NewMockContext("org", "user"),
|
|
domain: &org_model.OrgDomain{ObjectRoot: es_models.ObjectRoot{AggregateID: "hodor-org"}, Domain: "hodor.org", ValidationType: org_model.OrgDomainValidationTypeDNS},
|
|
},
|
|
res: res{
|
|
token: "aa",
|
|
url: "_zitadel-challenge.hodor.org",
|
|
isErr: nil,
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
token, url, err := tt.fields.Eventstore.GenerateOrgDomainValidation(tt.args.ctx, tt.args.domain)
|
|
if tt.res.isErr == nil && err != nil {
|
|
t.Errorf("no error expected got:%T %v", err, err)
|
|
}
|
|
if tt.res.isErr != nil && !tt.res.isErr(err) {
|
|
t.Errorf("wrong error got %T: %v", err, err)
|
|
}
|
|
assert.Equal(t, tt.res.token, token)
|
|
assert.Equal(t, tt.res.url, url)
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestOrgEventstore_ValidateOrgDomain(t *testing.T) {
|
|
type fields struct {
|
|
Eventstore *testOrgEventstore
|
|
}
|
|
type res struct {
|
|
isErr func(error) bool
|
|
}
|
|
type args struct {
|
|
ctx context.Context
|
|
domain *org_model.OrgDomain
|
|
users func(ctx context.Context, domain string) ([]*es_models.Aggregate, error)
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
fields fields
|
|
args args
|
|
res res
|
|
}{
|
|
{
|
|
name: "no domain",
|
|
fields: fields{Eventstore: newTestEventstore(t)},
|
|
args: args{
|
|
ctx: authz.NewMockContext("org", "user"),
|
|
domain: nil,
|
|
},
|
|
res: res{
|
|
isErr: errors.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "org doesn't exist error",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectFilterEvents([]*es_models.Event{}, nil),
|
|
},
|
|
args: args{
|
|
ctx: authz.NewMockContext("org", "user"),
|
|
domain: &org_model.OrgDomain{ObjectRoot: es_models.ObjectRoot{AggregateID: "org"}, Domain: "hodor.org", ValidationType: org_model.OrgDomainValidationTypeHTTP},
|
|
},
|
|
res: res{
|
|
isErr: errors.IsNotFound,
|
|
},
|
|
},
|
|
{
|
|
name: "domain doesn't exist error",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectFilterEvents([]*es_models.Event{orgCreatedEvent()}, nil),
|
|
},
|
|
args: args{
|
|
ctx: authz.NewMockContext("org", "user"),
|
|
domain: &org_model.OrgDomain{ObjectRoot: es_models.ObjectRoot{AggregateID: "hodor-org"}, Domain: "hodor.org", ValidationType: org_model.OrgDomainValidationTypeHTTP},
|
|
},
|
|
res: res{
|
|
isErr: errors.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "domain already verified error",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectFilterEvents([]*es_models.Event{orgCreatedEvent(), orgDomainAddedEvent(), orgDomainVerifiedEvent()}, nil),
|
|
},
|
|
args: args{
|
|
ctx: authz.NewMockContext("org", "user"),
|
|
domain: &org_model.OrgDomain{ObjectRoot: es_models.ObjectRoot{AggregateID: "hodor-org"}, Domain: "hodor.org", ValidationType: org_model.OrgDomainValidationTypeHTTP},
|
|
},
|
|
res: res{
|
|
isErr: errors.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "domain validation not created error",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectFilterEvents([]*es_models.Event{orgCreatedEvent(), orgDomainAddedEvent()}, nil),
|
|
},
|
|
args: args{
|
|
ctx: authz.NewMockContext("org", "user"),
|
|
domain: &org_model.OrgDomain{ObjectRoot: es_models.ObjectRoot{AggregateID: "hodor-org"}, Domain: "hodor.org", ValidationType: org_model.OrgDomainValidationTypeHTTP},
|
|
},
|
|
res: res{
|
|
isErr: errors.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "verification fails",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectFilterEvents([]*es_models.Event{orgCreatedEvent(), orgDomainAddedEvent(), orgDomainVerificationAddedEvent("token")}, nil).
|
|
expectDecrypt().
|
|
expectVerification(false).
|
|
expectAggregateCreator().
|
|
expectPushEvents(0, nil),
|
|
},
|
|
args: args{
|
|
ctx: authz.NewMockContext("org", "user"),
|
|
domain: &org_model.OrgDomain{ObjectRoot: es_models.ObjectRoot{AggregateID: "hodor-org"}, Domain: "hodor.org", ValidationType: org_model.OrgDomainValidationTypeHTTP},
|
|
},
|
|
res: res{
|
|
isErr: errors.IsErrorInvalidArgument,
|
|
},
|
|
},
|
|
{
|
|
name: "verification and push fails",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectFilterEvents([]*es_models.Event{orgCreatedEvent(), orgDomainAddedEvent(), orgDomainVerificationAddedEvent("token")}, nil).
|
|
expectDecrypt().
|
|
expectVerification(false).
|
|
expectAggregateCreator().
|
|
expectPushEvents(0, errors.ThrowInternal(nil, "EVENT-S8WzW", "test")),
|
|
},
|
|
args: args{
|
|
ctx: authz.NewMockContext("org", "user"),
|
|
domain: &org_model.OrgDomain{ObjectRoot: es_models.ObjectRoot{AggregateID: "hodor-org"}, Domain: "hodor.org", ValidationType: org_model.OrgDomainValidationTypeHTTP},
|
|
},
|
|
res: res{
|
|
isErr: errors.IsInternal,
|
|
},
|
|
},
|
|
{
|
|
name: "(user) aggregate fails",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectFilterEvents([]*es_models.Event{orgCreatedEvent(), orgDomainAddedEvent(), orgDomainVerificationAddedEvent("token")}, nil).
|
|
expectDecrypt().
|
|
expectVerification(true).
|
|
expectAggregateCreator().
|
|
expectPushEvents(0, errors.ThrowInternal(nil, "EVENT-S8WzW", "test")),
|
|
},
|
|
args: args{
|
|
ctx: authz.NewMockContext("org", "user"),
|
|
domain: &org_model.OrgDomain{ObjectRoot: es_models.ObjectRoot{AggregateID: "hodor-org"}, Domain: "hodor.org", ValidationType: org_model.OrgDomainValidationTypeHTTP},
|
|
users: func(ctx context.Context, domain string) ([]*es_models.Aggregate, error) {
|
|
return nil, errors.ThrowInternal(nil, "id", "internal error")
|
|
},
|
|
},
|
|
res: res{
|
|
isErr: errors.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "push failed",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectFilterEvents([]*es_models.Event{orgCreatedEvent(), orgDomainAddedEvent(), orgDomainVerificationAddedEvent("token")}, nil).
|
|
expectDecrypt().
|
|
expectVerification(true).
|
|
expectAggregateCreator().
|
|
expectPushEvents(0, errors.ThrowInternal(nil, "EVENT-S8WzW", "test")),
|
|
},
|
|
args: args{
|
|
ctx: authz.NewMockContext("org", "user"),
|
|
domain: &org_model.OrgDomain{ObjectRoot: es_models.ObjectRoot{AggregateID: "hodor-org"}, Domain: "hodor.org", ValidationType: org_model.OrgDomainValidationTypeHTTP},
|
|
},
|
|
res: res{
|
|
isErr: errors.IsInternal,
|
|
},
|
|
},
|
|
{
|
|
name: "push correct",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectFilterEvents([]*es_models.Event{orgCreatedEvent(), orgDomainAddedEvent(), orgDomainVerificationAddedEvent("token")}, nil).
|
|
expectDecrypt().
|
|
expectVerification(true).
|
|
expectAggregateCreator().
|
|
expectPushEvents(6, nil),
|
|
},
|
|
args: args{
|
|
ctx: authz.NewMockContext("org", "user"),
|
|
domain: &org_model.OrgDomain{ObjectRoot: es_models.ObjectRoot{AggregateID: "hodor-org"}, Domain: "hodor.org", ValidationType: org_model.OrgDomainValidationTypeHTTP},
|
|
},
|
|
res: res{
|
|
isErr: nil,
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
err := tt.fields.Eventstore.ValidateOrgDomain(tt.args.ctx, tt.args.domain, tt.args.users)
|
|
if tt.res.isErr == nil && err != nil {
|
|
t.Errorf("no error expected got:%T %v", err, err)
|
|
}
|
|
if tt.res.isErr != nil && !tt.res.isErr(err) {
|
|
t.Errorf("wrong error got %T: %v", err, err)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestOrgEventstore_SetPrimaryOrgDomain(t *testing.T) {
|
|
type fields struct {
|
|
Eventstore *testOrgEventstore
|
|
}
|
|
type res struct {
|
|
isErr func(error) bool
|
|
}
|
|
type args struct {
|
|
ctx context.Context
|
|
domain *org_model.OrgDomain
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
fields fields
|
|
args args
|
|
res res
|
|
}{
|
|
{
|
|
name: "no domain",
|
|
fields: fields{Eventstore: newTestEventstore(t)},
|
|
args: args{
|
|
ctx: authz.NewMockContext("org", "user"),
|
|
domain: nil,
|
|
},
|
|
res: res{
|
|
isErr: errors.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "org doesn't exist error",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectFilterEvents([]*es_models.Event{}, nil),
|
|
},
|
|
args: args{
|
|
ctx: authz.NewMockContext("org", "user"),
|
|
domain: &org_model.OrgDomain{ObjectRoot: es_models.ObjectRoot{AggregateID: "org"}, Domain: "hodor.org", ValidationType: org_model.OrgDomainValidationTypeHTTP},
|
|
},
|
|
res: res{
|
|
isErr: errors.IsNotFound,
|
|
},
|
|
},
|
|
{
|
|
name: "domain doesn't exist error",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectFilterEvents([]*es_models.Event{orgCreatedEvent()}, nil),
|
|
},
|
|
args: args{
|
|
ctx: authz.NewMockContext("org", "user"),
|
|
domain: &org_model.OrgDomain{ObjectRoot: es_models.ObjectRoot{AggregateID: "hodor-org"}, Domain: "hodor.org", ValidationType: org_model.OrgDomainValidationTypeHTTP},
|
|
},
|
|
res: res{
|
|
isErr: errors.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "domain not verified error",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectFilterEvents([]*es_models.Event{orgCreatedEvent(), orgDomainAddedEvent()}, nil),
|
|
},
|
|
args: args{
|
|
ctx: authz.NewMockContext("org", "user"),
|
|
domain: &org_model.OrgDomain{ObjectRoot: es_models.ObjectRoot{AggregateID: "hodor-org"}, Domain: "hodor.org", ValidationType: org_model.OrgDomainValidationTypeHTTP},
|
|
},
|
|
res: res{
|
|
isErr: errors.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "push failed",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectFilterEvents([]*es_models.Event{orgCreatedEvent(), orgDomainAddedEvent(), orgDomainVerifiedEvent()}, nil).
|
|
expectAggregateCreator().
|
|
expectPushEvents(0, errors.ThrowInternal(nil, "EVENT-S8WzW", "test")),
|
|
},
|
|
args: args{
|
|
ctx: authz.NewMockContext("org", "user"),
|
|
domain: &org_model.OrgDomain{ObjectRoot: es_models.ObjectRoot{AggregateID: "hodor-org"}, Domain: "hodor.org", ValidationType: org_model.OrgDomainValidationTypeHTTP},
|
|
},
|
|
res: res{
|
|
isErr: errors.IsInternal,
|
|
},
|
|
},
|
|
{
|
|
name: "push correct",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectFilterEvents([]*es_models.Event{orgCreatedEvent(), orgDomainAddedEvent(), orgDomainVerifiedEvent()}, nil).
|
|
expectAggregateCreator().
|
|
expectPushEvents(6, nil),
|
|
},
|
|
args: args{
|
|
ctx: authz.NewMockContext("org", "user"),
|
|
domain: &org_model.OrgDomain{ObjectRoot: es_models.ObjectRoot{AggregateID: "hodor-org"}, Domain: "hodor.org", ValidationType: org_model.OrgDomainValidationTypeHTTP},
|
|
},
|
|
res: res{
|
|
isErr: nil,
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
err := tt.fields.Eventstore.SetPrimaryOrgDomain(tt.args.ctx, tt.args.domain)
|
|
if tt.res.isErr == nil && err != nil {
|
|
t.Errorf("no error expected got:%T %v", err, err)
|
|
}
|
|
if tt.res.isErr != nil && !tt.res.isErr(err) {
|
|
t.Errorf("wrong error got %T: %v", err, err)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestOrgEventstore_OrgMemberByIDs(t *testing.T) {
|
|
type fields struct {
|
|
Eventstore *testOrgEventstore
|
|
}
|
|
type res struct {
|
|
expectedSequence uint64
|
|
isErr func(error) bool
|
|
}
|
|
type args struct {
|
|
ctx context.Context
|
|
member *org_model.OrgMember
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
fields fields
|
|
args args
|
|
res res
|
|
}{
|
|
{
|
|
name: "no input member",
|
|
fields: fields{Eventstore: newTestEventstore(t)},
|
|
args: args{
|
|
ctx: authz.NewMockContext("user", "org"),
|
|
member: nil,
|
|
},
|
|
res: res{
|
|
expectedSequence: 0,
|
|
isErr: errors.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "no aggregate id in input member",
|
|
fields: fields{Eventstore: newTestEventstore(t)},
|
|
args: args{
|
|
ctx: authz.NewMockContext("user", "org"),
|
|
member: &org_model.OrgMember{ObjectRoot: es_models.ObjectRoot{Sequence: 4}, UserID: "asdf"},
|
|
},
|
|
res: res{
|
|
expectedSequence: 0,
|
|
isErr: errors.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "no aggregate id in input member",
|
|
fields: fields{Eventstore: newTestEventstore(t)},
|
|
args: args{
|
|
ctx: authz.NewMockContext("user", "org"),
|
|
member: &org_model.OrgMember{ObjectRoot: es_models.ObjectRoot{Sequence: 4, AggregateID: "asdf"}},
|
|
},
|
|
res: res{
|
|
expectedSequence: 0,
|
|
isErr: errors.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "no events found success",
|
|
fields: fields{Eventstore: newTestEventstore(t).expectFilterEvents([]*es_models.Event{}, nil)},
|
|
args: args{
|
|
ctx: authz.NewMockContext("user", "org"),
|
|
member: &org_model.OrgMember{ObjectRoot: es_models.ObjectRoot{Sequence: 4, AggregateID: "plants"}, UserID: "banana"},
|
|
},
|
|
res: res{
|
|
expectedSequence: 4,
|
|
isErr: nil,
|
|
},
|
|
},
|
|
{
|
|
name: "filter fail",
|
|
fields: fields{Eventstore: newTestEventstore(t).expectFilterEvents([]*es_models.Event{}, errors.ThrowInternal(nil, "EVENT-SAa1O", "message"))},
|
|
args: args{
|
|
ctx: authz.NewMockContext("user", "org"),
|
|
member: &org_model.OrgMember{ObjectRoot: es_models.ObjectRoot{Sequence: 4, AggregateID: "plants"}, UserID: "banana"},
|
|
},
|
|
res: res{
|
|
expectedSequence: 0,
|
|
isErr: errors.IsInternal,
|
|
},
|
|
},
|
|
{
|
|
name: "new events found and added success",
|
|
fields: fields{Eventstore: newTestEventstore(t).expectFilterEvents([]*es_models.Event{
|
|
{Sequence: 6, Data: []byte("{\"userId\": \"banana\", \"roles\": [\"bananaa\"]}"), Type: model.OrgMemberChanged},
|
|
}, nil)},
|
|
args: args{
|
|
ctx: authz.NewMockContext("user", "org"),
|
|
member: &org_model.OrgMember{ObjectRoot: es_models.ObjectRoot{Sequence: 4, AggregateID: "plants", ChangeDate: time.Now(), CreationDate: time.Now()}, UserID: "banana"},
|
|
},
|
|
res: res{
|
|
expectedSequence: 6,
|
|
isErr: nil,
|
|
},
|
|
},
|
|
{
|
|
name: "not member of org error",
|
|
fields: fields{Eventstore: newTestEventstore(t).expectFilterEvents([]*es_models.Event{
|
|
{Sequence: 6, Data: []byte("{\"userId\": \"banana\", \"roles\": [\"bananaa\"]}"), Type: model.OrgMemberAdded},
|
|
{Sequence: 7, Data: []byte("{\"userId\": \"apple\"}"), Type: model.OrgMemberRemoved},
|
|
}, nil)},
|
|
args: args{
|
|
ctx: authz.NewMockContext("user", "org"),
|
|
member: &org_model.OrgMember{ObjectRoot: es_models.ObjectRoot{Sequence: 4, AggregateID: "plants", ChangeDate: time.Now(), CreationDate: time.Now()}, UserID: "apple"},
|
|
},
|
|
res: res{
|
|
expectedSequence: 0,
|
|
isErr: errors.IsNotFound,
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
got, err := tt.fields.Eventstore.OrgMemberByIDs(tt.args.ctx, tt.args.member)
|
|
if tt.res.isErr == nil && err != nil {
|
|
t.Errorf("no error expected got:%T %v", err, err)
|
|
}
|
|
if tt.res.isErr != nil && !tt.res.isErr(err) {
|
|
t.Errorf("wrong error got %T: %v", err, err)
|
|
}
|
|
if got == nil && tt.res.expectedSequence != 0 {
|
|
t.Errorf("org should be nil but was %v", got)
|
|
t.FailNow()
|
|
}
|
|
if tt.res.expectedSequence != 0 && tt.res.expectedSequence != got.Sequence {
|
|
t.Errorf("org should have sequence %d but had %d", tt.res.expectedSequence, got.Sequence)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestOrgEventstore_AddOrgMember(t *testing.T) {
|
|
type fields struct {
|
|
Eventstore *testOrgEventstore
|
|
}
|
|
type res struct {
|
|
expectedSequence uint64
|
|
isErr func(error) bool
|
|
}
|
|
type args struct {
|
|
ctx context.Context
|
|
member *org_model.OrgMember
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
fields fields
|
|
args args
|
|
res res
|
|
}{
|
|
{
|
|
name: "no input member",
|
|
fields: fields{Eventstore: newTestEventstore(t)},
|
|
args: args{
|
|
ctx: authz.NewMockContext("user", "org"),
|
|
member: nil,
|
|
},
|
|
res: res{
|
|
expectedSequence: 0,
|
|
isErr: errors.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "push failed",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectFilterEvents([]*es_models.Event{
|
|
{
|
|
AggregateID: "hodor-org",
|
|
Type: model.OrgAdded,
|
|
Sequence: 4,
|
|
Data: []byte("{}"),
|
|
},
|
|
}, nil).
|
|
expectAggregateCreator().
|
|
expectPushEvents(0, errors.ThrowInternal(nil, "EVENT-S8WzW", "test"))},
|
|
args: args{
|
|
ctx: authz.NewMockContext("user", "org"),
|
|
member: &org_model.OrgMember{
|
|
ObjectRoot: es_models.ObjectRoot{
|
|
Sequence: 4,
|
|
AggregateID: "hodor-org",
|
|
},
|
|
UserID: "hodor",
|
|
Roles: []string{"nix"},
|
|
},
|
|
},
|
|
res: res{
|
|
expectedSequence: 0,
|
|
isErr: errors.IsInternal,
|
|
},
|
|
},
|
|
{
|
|
name: "push correct",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectAggregateCreator().
|
|
expectFilterEvents([]*es_models.Event{
|
|
{
|
|
AggregateID: "hodor-org",
|
|
Type: model.OrgAdded,
|
|
Sequence: 4,
|
|
Data: []byte("{}"),
|
|
},
|
|
}, nil).
|
|
expectPushEvents(6, nil),
|
|
},
|
|
args: args{
|
|
ctx: authz.NewMockContext("user", "org"),
|
|
member: &org_model.OrgMember{
|
|
ObjectRoot: es_models.ObjectRoot{
|
|
Sequence: 4,
|
|
AggregateID: "hodor-org",
|
|
},
|
|
UserID: "hodor",
|
|
Roles: []string{"nix"},
|
|
},
|
|
},
|
|
res: res{
|
|
expectedSequence: 6,
|
|
isErr: nil,
|
|
},
|
|
},
|
|
{
|
|
name: "member already exists error",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectAggregateCreator().
|
|
expectFilterEvents([]*es_models.Event{
|
|
{
|
|
Type: model.OrgMemberAdded,
|
|
Data: []byte(`{"userId": "hodor", "roles": ["master"]}`),
|
|
Sequence: 6,
|
|
},
|
|
}, nil).
|
|
expectPushEvents(0, errors.ThrowAlreadyExists(nil, "EVENT-yLTI6", "weiss nöd wie teste")),
|
|
},
|
|
args: args{
|
|
ctx: authz.NewMockContext("user", "org"),
|
|
member: &org_model.OrgMember{
|
|
ObjectRoot: es_models.ObjectRoot{
|
|
Sequence: 4,
|
|
AggregateID: "hodor-org",
|
|
},
|
|
UserID: "hodor",
|
|
Roles: []string{"nix"},
|
|
},
|
|
},
|
|
res: res{
|
|
expectedSequence: 0,
|
|
isErr: errors.IsErrorAlreadyExists,
|
|
},
|
|
},
|
|
{
|
|
name: "member deleted success",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectAggregateCreator().
|
|
expectPushEvents(10, nil).
|
|
expectFilterEvents([]*es_models.Event{
|
|
{
|
|
Type: model.OrgMemberAdded,
|
|
Data: []byte(`{"userId": "hodor", "roles": ["master"]}`),
|
|
Sequence: 6,
|
|
},
|
|
{
|
|
Type: model.OrgMemberRemoved,
|
|
Data: []byte(`{"userId": "hodor"}`),
|
|
Sequence: 10,
|
|
},
|
|
}, nil),
|
|
},
|
|
args: args{
|
|
ctx: authz.NewMockContext("user", "org"),
|
|
member: &org_model.OrgMember{
|
|
ObjectRoot: es_models.ObjectRoot{
|
|
Sequence: 4,
|
|
AggregateID: "hodor-org",
|
|
},
|
|
UserID: "hodor",
|
|
Roles: []string{"nix"},
|
|
},
|
|
},
|
|
res: res{
|
|
expectedSequence: 10,
|
|
isErr: nil,
|
|
},
|
|
},
|
|
{
|
|
name: "org not exists error",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectAggregateCreator().
|
|
expectFilterEvents(nil, nil).
|
|
expectPushEvents(0, errors.ThrowAlreadyExists(nil, "EVENT-yLTI6", "weiss nöd wie teste")),
|
|
},
|
|
args: args{
|
|
ctx: authz.NewMockContext("user", "org"),
|
|
member: &org_model.OrgMember{
|
|
ObjectRoot: es_models.ObjectRoot{
|
|
Sequence: 4,
|
|
AggregateID: "hodor-org",
|
|
},
|
|
UserID: "hodor",
|
|
Roles: []string{"nix"},
|
|
},
|
|
},
|
|
res: res{
|
|
expectedSequence: 0,
|
|
isErr: errors.IsErrorAlreadyExists,
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
got, err := tt.fields.Eventstore.AddOrgMember(tt.args.ctx, tt.args.member)
|
|
if tt.res.isErr == nil && err != nil {
|
|
t.Errorf("no error expected got:%T %v", err, err)
|
|
}
|
|
if tt.res.isErr != nil && !tt.res.isErr(err) {
|
|
t.Errorf("wrong error got %T: %v", err, err)
|
|
}
|
|
if got == nil && tt.res.expectedSequence != 0 {
|
|
t.Errorf("org should not be nil but was %v", got)
|
|
t.FailNow()
|
|
}
|
|
if tt.res.expectedSequence != 0 && tt.res.expectedSequence != got.Sequence {
|
|
t.Errorf("org should have sequence %d but had %d", tt.res.expectedSequence, got.Sequence)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestOrgEventstore_ChangeOrgMember(t *testing.T) {
|
|
type fields struct {
|
|
Eventstore *testOrgEventstore
|
|
}
|
|
type res struct {
|
|
isErr func(error) bool
|
|
expectedSequence uint64
|
|
}
|
|
type args struct {
|
|
ctx context.Context
|
|
member *org_model.OrgMember
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
fields fields
|
|
args args
|
|
res res
|
|
}{
|
|
{
|
|
name: "no input member",
|
|
fields: fields{Eventstore: newTestEventstore(t)},
|
|
args: args{
|
|
ctx: authz.NewMockContext("user", "org"),
|
|
member: nil,
|
|
},
|
|
res: res{
|
|
expectedSequence: 0,
|
|
isErr: errors.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "member not found error",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectAggregateCreator().
|
|
expectFilterEvents([]*es_models.Event{
|
|
{
|
|
AggregateID: "hodor-org",
|
|
Type: model.OrgAdded,
|
|
Sequence: 4,
|
|
Data: []byte("{}"),
|
|
},
|
|
{
|
|
AggregateID: "hodor-org",
|
|
Type: model.OrgMemberAdded,
|
|
Data: []byte(`{"userId": "brudi", "roles": ["master of desaster"]}`),
|
|
Sequence: 6,
|
|
},
|
|
}, nil),
|
|
},
|
|
args: args{
|
|
ctx: authz.NewMockContext("user", "org"),
|
|
member: &org_model.OrgMember{
|
|
ObjectRoot: es_models.ObjectRoot{AggregateID: "hodor-org", Sequence: 5},
|
|
UserID: "hodor",
|
|
Roles: []string{"master"},
|
|
},
|
|
},
|
|
res: res{
|
|
expectedSequence: 0,
|
|
isErr: errors.IsNotFound,
|
|
},
|
|
},
|
|
{
|
|
name: "member found no changes error",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectAggregateCreator().
|
|
expectFilterEvents([]*es_models.Event{
|
|
{
|
|
AggregateID: "hodor-org",
|
|
Type: model.OrgAdded,
|
|
Sequence: 4,
|
|
Data: []byte("{}"),
|
|
},
|
|
{
|
|
AggregateID: "hodor-org",
|
|
Type: model.OrgMemberAdded,
|
|
Data: []byte(`{"userId": "hodor", "roles": ["master"]}`),
|
|
Sequence: 6,
|
|
},
|
|
}, nil),
|
|
},
|
|
args: args{
|
|
ctx: authz.NewMockContext("user", "org"),
|
|
member: &org_model.OrgMember{
|
|
ObjectRoot: es_models.ObjectRoot{AggregateID: "hodor-org", Sequence: 5},
|
|
UserID: "hodor",
|
|
Roles: []string{"master"},
|
|
},
|
|
},
|
|
res: res{
|
|
expectedSequence: 0,
|
|
isErr: errors.IsErrorInvalidArgument,
|
|
},
|
|
},
|
|
{
|
|
name: "push error",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectAggregateCreator().
|
|
expectFilterEvents([]*es_models.Event{
|
|
{
|
|
AggregateID: "hodor-org",
|
|
Type: model.OrgAdded,
|
|
Sequence: 4,
|
|
Data: []byte("{}"),
|
|
},
|
|
{
|
|
AggregateID: "hodor-org",
|
|
Type: model.OrgMemberAdded,
|
|
Data: []byte(`{"userId": "hodor", "roles": ["master"]}`),
|
|
Sequence: 6,
|
|
},
|
|
}, nil).
|
|
expectPushEvents(0, errors.ThrowInternal(nil, "PEVENT-3wqa2", "test")),
|
|
},
|
|
args: args{
|
|
ctx: authz.NewMockContext("user", "org"),
|
|
member: &org_model.OrgMember{
|
|
ObjectRoot: es_models.ObjectRoot{AggregateID: "hodor-org", Sequence: 5},
|
|
UserID: "hodor",
|
|
Roles: []string{"master of desaster"},
|
|
},
|
|
},
|
|
res: res{
|
|
expectedSequence: 0,
|
|
isErr: errors.IsInternal,
|
|
},
|
|
},
|
|
{
|
|
name: "change success",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectAggregateCreator().
|
|
expectFilterEvents([]*es_models.Event{
|
|
{
|
|
AggregateID: "hodor-org",
|
|
Type: model.OrgAdded,
|
|
Sequence: 4,
|
|
Data: []byte("{}"),
|
|
},
|
|
{
|
|
AggregateID: "hodor-org",
|
|
Type: model.OrgMemberAdded,
|
|
Data: []byte(`{"userId": "hodor", "roles": ["master"]}`),
|
|
Sequence: 6,
|
|
},
|
|
}, nil).
|
|
expectPushEvents(7, nil),
|
|
},
|
|
args: args{
|
|
ctx: authz.NewMockContext("user", "org"),
|
|
member: &org_model.OrgMember{
|
|
ObjectRoot: es_models.ObjectRoot{AggregateID: "hodor-org", Sequence: 5},
|
|
UserID: "hodor",
|
|
Roles: []string{"master of desaster"},
|
|
},
|
|
},
|
|
res: res{
|
|
expectedSequence: 7,
|
|
isErr: nil,
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
es := &OrgEventstore{
|
|
Eventstore: tt.fields.Eventstore,
|
|
}
|
|
got, err := es.ChangeOrgMember(tt.args.ctx, tt.args.member)
|
|
if tt.res.isErr == nil && err != nil {
|
|
t.Errorf("no error expected got:%T %v", err, err)
|
|
}
|
|
if tt.res.isErr != nil && !tt.res.isErr(err) {
|
|
t.Errorf("wrong error got %T: %v", err, err)
|
|
}
|
|
if got == nil && tt.res.expectedSequence != 0 {
|
|
t.Errorf("org should not be nil but was %v", got)
|
|
t.FailNow()
|
|
}
|
|
if tt.res.expectedSequence != 0 && tt.res.expectedSequence != got.Sequence {
|
|
t.Errorf("org should have sequence %d but had %d", tt.res.expectedSequence, got.Sequence)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestOrgEventstore_RemoveOrgMember(t *testing.T) {
|
|
type fields struct {
|
|
Eventstore *testOrgEventstore
|
|
}
|
|
type res struct {
|
|
isErr func(error) bool
|
|
}
|
|
type args struct {
|
|
ctx context.Context
|
|
member *org_model.OrgMember
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
fields fields
|
|
args args
|
|
res res
|
|
}{
|
|
{
|
|
name: "no input member",
|
|
fields: fields{Eventstore: newTestEventstore(t)},
|
|
args: args{
|
|
ctx: authz.NewMockContext("user", "org"),
|
|
member: nil,
|
|
},
|
|
res: res{
|
|
isErr: errors.IsErrorInvalidArgument,
|
|
},
|
|
},
|
|
{
|
|
name: "member not found error",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectAggregateCreator().
|
|
expectFilterEvents([]*es_models.Event{
|
|
{
|
|
AggregateID: "hodor-org",
|
|
Type: model.OrgAdded,
|
|
Sequence: 4,
|
|
Data: []byte("{}"),
|
|
},
|
|
{
|
|
AggregateID: "hodor-org",
|
|
Type: model.OrgMemberAdded,
|
|
Data: []byte(`{"userId": "brudi", "roles": ["master of desaster"]}`),
|
|
Sequence: 6,
|
|
},
|
|
}, nil),
|
|
},
|
|
args: args{
|
|
ctx: authz.NewMockContext("user", "org"),
|
|
member: &org_model.OrgMember{
|
|
ObjectRoot: es_models.ObjectRoot{AggregateID: "hodor-org", Sequence: 5},
|
|
UserID: "hodor",
|
|
Roles: []string{"master"},
|
|
},
|
|
},
|
|
res: res{
|
|
isErr: nil,
|
|
},
|
|
},
|
|
{
|
|
name: "push error",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectAggregateCreator().
|
|
expectFilterEvents([]*es_models.Event{
|
|
{
|
|
AggregateID: "hodor-org",
|
|
Type: model.OrgAdded,
|
|
Sequence: 4,
|
|
Data: []byte("{}"),
|
|
},
|
|
{
|
|
AggregateID: "hodor-org",
|
|
Type: model.OrgMemberAdded,
|
|
Data: []byte(`{"userId": "hodor", "roles": ["master"]}`),
|
|
Sequence: 6,
|
|
},
|
|
}, nil).
|
|
expectPushEvents(0, errors.ThrowInternal(nil, "PEVENT-3wqa2", "test")),
|
|
},
|
|
args: args{
|
|
ctx: authz.NewMockContext("user", "org"),
|
|
member: &org_model.OrgMember{
|
|
ObjectRoot: es_models.ObjectRoot{AggregateID: "hodor-org", Sequence: 5},
|
|
UserID: "hodor",
|
|
},
|
|
},
|
|
res: res{
|
|
isErr: errors.IsInternal,
|
|
},
|
|
},
|
|
{
|
|
name: "remove success",
|
|
fields: fields{Eventstore: newTestEventstore(t).
|
|
expectAggregateCreator().
|
|
expectFilterEvents([]*es_models.Event{
|
|
{
|
|
AggregateID: "hodor-org",
|
|
Type: model.OrgAdded,
|
|
Sequence: 4,
|
|
Data: []byte("{}"),
|
|
},
|
|
{
|
|
AggregateID: "hodor-org",
|
|
Type: model.OrgMemberAdded,
|
|
Data: []byte(`{"userId": "hodor", "roles": ["master"]}`),
|
|
Sequence: 6,
|
|
},
|
|
}, nil).
|
|
expectPushEvents(7, nil),
|
|
},
|
|
args: args{
|
|
ctx: authz.NewMockContext("user", "org"),
|
|
member: &org_model.OrgMember{
|
|
ObjectRoot: es_models.ObjectRoot{AggregateID: "hodor-org", Sequence: 5},
|
|
UserID: "hodor",
|
|
},
|
|
},
|
|
res: res{
|
|
isErr: nil,
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
es := &OrgEventstore{
|
|
Eventstore: tt.fields.Eventstore,
|
|
}
|
|
err := es.RemoveOrgMember(tt.args.ctx, tt.args.member)
|
|
if tt.res.isErr == nil && err != nil {
|
|
t.Errorf("no error expected got:%T %v", err, err)
|
|
}
|
|
if tt.res.isErr != nil && !tt.res.isErr(err) {
|
|
t.Errorf("wrong error got %T: %v", err, err)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func orgCreatedEvent() *es_models.Event {
|
|
return &es_models.Event{
|
|
AggregateID: "hodor-org",
|
|
AggregateType: model.OrgAggregate,
|
|
AggregateVersion: "v1",
|
|
CreationDate: time.Now().Add(-1 * time.Minute),
|
|
Data: []byte(`{"name": "hodor-org"}`),
|
|
EditorService: "testsvc",
|
|
EditorUser: "testuser",
|
|
ID: "sdlfö4t23kj",
|
|
ResourceOwner: "hodor-org",
|
|
Sequence: 32,
|
|
Type: model.OrgAdded,
|
|
}
|
|
}
|
|
|
|
func orgDomainAddedEvent() *es_models.Event {
|
|
return &es_models.Event{
|
|
AggregateID: "hodor-org",
|
|
AggregateType: model.OrgAggregate,
|
|
AggregateVersion: "v1",
|
|
CreationDate: time.Now().Add(-1 * time.Minute),
|
|
Data: []byte(`{"domain":"hodor.org"}`),
|
|
EditorService: "testsvc",
|
|
EditorUser: "testuser",
|
|
ID: "sdlfö4t23kj",
|
|
ResourceOwner: "hodor-org",
|
|
Sequence: 33,
|
|
Type: model.OrgDomainAdded,
|
|
}
|
|
}
|
|
|
|
func orgDomainVerificationAddedEvent(token string) *es_models.Event {
|
|
data, _ := json.Marshal(&org_model.OrgDomain{
|
|
Domain: "hodor.org",
|
|
ValidationType: org_model.OrgDomainValidationTypeDNS,
|
|
ValidationCode: &crypto.CryptoValue{
|
|
CryptoType: crypto.TypeEncryption,
|
|
Algorithm: "enc",
|
|
KeyID: "id",
|
|
Crypted: []byte(token),
|
|
},
|
|
})
|
|
return &es_models.Event{
|
|
AggregateID: "hodor-org",
|
|
AggregateType: model.OrgAggregate,
|
|
AggregateVersion: "v1",
|
|
CreationDate: time.Now().Add(-1 * time.Minute),
|
|
Data: data,
|
|
EditorService: "testsvc",
|
|
EditorUser: "testuser",
|
|
ID: "sdlfö4t23kj",
|
|
ResourceOwner: "hodor-org",
|
|
Sequence: 34,
|
|
Type: model.OrgDomainVerificationAdded,
|
|
}
|
|
}
|
|
|
|
func orgDomainVerifiedEvent() *es_models.Event {
|
|
return &es_models.Event{
|
|
AggregateID: "hodor-org",
|
|
AggregateType: model.OrgAggregate,
|
|
AggregateVersion: "v1",
|
|
CreationDate: time.Now().Add(-1 * time.Minute),
|
|
Data: []byte(`{"domain":"hodor.org"}`),
|
|
EditorService: "testsvc",
|
|
EditorUser: "testuser",
|
|
ID: "sdlfö4t23kj",
|
|
ResourceOwner: "hodor-org",
|
|
Sequence: 35,
|
|
Type: model.OrgDomainVerified,
|
|
}
|
|
}
|
|
|
|
func orgInactiveEvent() *es_models.Event {
|
|
return &es_models.Event{
|
|
AggregateID: "hodor-org",
|
|
AggregateType: model.OrgAggregate,
|
|
AggregateVersion: "v1",
|
|
CreationDate: time.Now().Add(-1 * time.Minute),
|
|
Data: nil,
|
|
EditorService: "testsvc",
|
|
EditorUser: "testuser",
|
|
ID: "sdlfö4t23kj",
|
|
ResourceOwner: "hodor-org",
|
|
Sequence: 52,
|
|
Type: model.OrgDeactivated,
|
|
}
|
|
}
|
|
|
|
func TestChangesOrg(t *testing.T) {
|
|
ctrl := gomock.NewController(t)
|
|
type args struct {
|
|
es *OrgEventstore
|
|
id string
|
|
lastSequence uint64
|
|
limit uint64
|
|
}
|
|
type res struct {
|
|
changes *org_model.OrgChanges
|
|
org *model.Org
|
|
wantErr bool
|
|
errFunc func(err error) bool
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
args args
|
|
res res
|
|
}{
|
|
{
|
|
name: "changes from events, ok",
|
|
args: args{
|
|
es: GetMockChangesOrgOK(ctrl),
|
|
id: "1",
|
|
lastSequence: 0,
|
|
limit: 0,
|
|
},
|
|
res: res{
|
|
changes: &org_model.OrgChanges{Changes: []*org_model.OrgChange{{EventType: "", Sequence: 1, ModifierId: ""}}, LastSequence: 1},
|
|
org: &model.Org{Name: "MusterOrg"},
|
|
},
|
|
},
|
|
{
|
|
name: "changes from events, no events",
|
|
args: args{
|
|
es: GetMockChangesOrgNoEvents(ctrl),
|
|
id: "2",
|
|
lastSequence: 0,
|
|
limit: 0,
|
|
},
|
|
res: res{
|
|
wantErr: true,
|
|
errFunc: caos_errs.IsNotFound,
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
result, err := tt.args.es.OrgChanges(nil, tt.args.id, tt.args.lastSequence, tt.args.limit, false)
|
|
|
|
org := &model.Org{}
|
|
if result != nil && len(result.Changes) > 0 {
|
|
b, err := json.Marshal(result.Changes[0].Data)
|
|
json.Unmarshal(b, org)
|
|
if err != nil {
|
|
}
|
|
}
|
|
if !tt.res.wantErr && result.LastSequence != tt.res.changes.LastSequence && org.Name != tt.res.org.Name {
|
|
t.Errorf("got wrong result name: expected: %v, actual: %v ", tt.res.changes.LastSequence, result.LastSequence)
|
|
}
|
|
if tt.res.wantErr && !tt.res.errFunc(err) {
|
|
t.Errorf("got wrong err: %v ", err)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestAddIdpConfiguration(t *testing.T) {
|
|
ctrl := gomock.NewController(t)
|
|
type args struct {
|
|
es *OrgEventstore
|
|
ctx context.Context
|
|
idp *iam_model.IDPConfig
|
|
}
|
|
type res struct {
|
|
result *iam_model.IDPConfig
|
|
wantErr bool
|
|
errFunc func(err error) bool
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
args args
|
|
res res
|
|
}{
|
|
{
|
|
name: "add idp, ok",
|
|
args: args{
|
|
es: GetMockChangesOrgWithCrypto(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
|
|
IDPConfigID: "IDPConfigID",
|
|
Name: "Name",
|
|
Type: iam_model.IDPConfigTypeOIDC,
|
|
OIDCConfig: &iam_model.OIDCIDPConfig{
|
|
ClientID: "ClientID",
|
|
ClientSecretString: "ClientSecret",
|
|
Issuer: "Issuer",
|
|
Scopes: []string{"scope"},
|
|
},
|
|
},
|
|
},
|
|
res: res{
|
|
result: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
|
|
Name: "Name",
|
|
Type: iam_model.IDPConfigTypeOIDC,
|
|
OIDCConfig: &iam_model.OIDCIDPConfig{
|
|
ClientID: "ClientID",
|
|
Issuer: "Issuer",
|
|
Scopes: []string{"scope"},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "invalid idp config",
|
|
args: args{
|
|
es: GetMockChangesOrgOK(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}},
|
|
},
|
|
res: res{
|
|
wantErr: true,
|
|
errFunc: caos_errs.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "existing org not found",
|
|
args: args{
|
|
es: GetMockChangesOrgNoEvents(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
|
|
IDPConfigID: "IDPConfigID",
|
|
Name: "Name",
|
|
OIDCConfig: &iam_model.OIDCIDPConfig{
|
|
ClientID: "ClientID",
|
|
ClientSecretString: "ClientSecret",
|
|
Issuer: "Issuer",
|
|
Scopes: []string{"scope"},
|
|
},
|
|
},
|
|
},
|
|
res: res{
|
|
wantErr: true,
|
|
errFunc: caos_errs.IsNotFound,
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
result, err := tt.args.es.AddIDPConfig(tt.args.ctx, tt.args.idp)
|
|
|
|
if !tt.res.wantErr && result.IDPConfigID == "" {
|
|
t.Errorf("result has no id")
|
|
}
|
|
if !tt.res.wantErr && result.OIDCConfig.IDPConfigID == "" {
|
|
t.Errorf("result has no id")
|
|
}
|
|
if !tt.res.wantErr && result.OIDCConfig == nil && result.OIDCConfig.ClientSecret == nil {
|
|
t.Errorf("result has no client secret")
|
|
}
|
|
if !tt.res.wantErr && result.Name != tt.res.result.Name {
|
|
t.Errorf("got wrong result key: expected: %v, actual: %v ", tt.res.result.Name, result.Name)
|
|
}
|
|
if !tt.res.wantErr && result.OIDCConfig.ClientID != tt.res.result.OIDCConfig.ClientID {
|
|
t.Errorf("got wrong result key: expected: %v, actual: %v ", tt.res.result.OIDCConfig.ClientID, result.OIDCConfig.ClientID)
|
|
}
|
|
if tt.res.wantErr && !tt.res.errFunc(err) {
|
|
t.Errorf("got wrong err: %v ", err)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestChangeIdpConfiguration(t *testing.T) {
|
|
ctrl := gomock.NewController(t)
|
|
type args struct {
|
|
es *OrgEventstore
|
|
ctx context.Context
|
|
idp *iam_model.IDPConfig
|
|
}
|
|
type res struct {
|
|
result *iam_model.IDPConfig
|
|
wantErr bool
|
|
errFunc func(err error) bool
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
args args
|
|
res res
|
|
}{
|
|
{
|
|
name: "change idp, ok",
|
|
args: args{
|
|
es: GetMockChangesOrgWithOIDCIdp(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
|
|
IDPConfigID: "IDPConfigID",
|
|
Name: "NameChanged",
|
|
},
|
|
},
|
|
res: res{
|
|
result: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
|
|
IDPConfigID: "IDPConfigID",
|
|
Name: "NameChanged",
|
|
OIDCConfig: &iam_model.OIDCIDPConfig{
|
|
ClientID: "ClientID",
|
|
},
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "invalid idp",
|
|
args: args{
|
|
es: GetMockChangesOrgOK(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
|
|
IDPConfigID: "IDPConfigID",
|
|
},
|
|
},
|
|
res: res{
|
|
wantErr: true,
|
|
errFunc: caos_errs.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "idp not existing",
|
|
args: args{
|
|
es: GetMockChangesOrgOK(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
|
|
IDPConfigID: "IDPConfigID",
|
|
Name: "Name",
|
|
OIDCConfig: &iam_model.OIDCIDPConfig{
|
|
ClientID: "ClientID",
|
|
},
|
|
},
|
|
},
|
|
res: res{
|
|
wantErr: true,
|
|
errFunc: caos_errs.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "existing org not found",
|
|
args: args{
|
|
es: GetMockChangesOrgNoEvents(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
|
|
IDPConfigID: "IDPConfigID",
|
|
Name: "Name",
|
|
OIDCConfig: &iam_model.OIDCIDPConfig{
|
|
ClientID: "ClientID",
|
|
},
|
|
},
|
|
},
|
|
res: res{
|
|
wantErr: true,
|
|
errFunc: caos_errs.IsNotFound,
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
result, err := tt.args.es.ChangeIDPConfig(tt.args.ctx, tt.args.idp)
|
|
|
|
if !tt.res.wantErr && result.AggregateID == "" {
|
|
t.Errorf("result has no id")
|
|
}
|
|
if !tt.res.wantErr && result.IDPConfigID != tt.res.result.IDPConfigID {
|
|
t.Errorf("got wrong result IdpConfigID: expected: %v, actual: %v ", tt.res.result.IDPConfigID, result.IDPConfigID)
|
|
}
|
|
if !tt.res.wantErr && result.Name != tt.res.result.Name {
|
|
t.Errorf("got wrong result name: expected: %v, actual: %v ", tt.res.result.Name, result.Name)
|
|
}
|
|
if tt.res.wantErr && !tt.res.errFunc(err) {
|
|
t.Errorf("got wrong err: %v ", err)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestRemoveIdpConfiguration(t *testing.T) {
|
|
ctrl := gomock.NewController(t)
|
|
type args struct {
|
|
es *OrgEventstore
|
|
ctx context.Context
|
|
idp *iam_model.IDPConfig
|
|
}
|
|
type res struct {
|
|
wantErr bool
|
|
errFunc func(err error) bool
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
args args
|
|
res res
|
|
}{
|
|
{
|
|
name: "remove idp, ok",
|
|
args: args{
|
|
es: GetMockChangesOrgWithOIDCIdp(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
|
|
IDPConfigID: "IDPConfigID",
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "no IDPConfigID",
|
|
args: args{
|
|
es: GetMockChangesOrgOK(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}},
|
|
},
|
|
res: res{
|
|
wantErr: true,
|
|
errFunc: caos_errs.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "idp not existing",
|
|
args: args{
|
|
es: GetMockChangesOrgOK(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
|
|
IDPConfigID: "IDPConfigID",
|
|
},
|
|
},
|
|
res: res{
|
|
wantErr: true,
|
|
errFunc: caos_errs.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "existing idp not found",
|
|
args: args{
|
|
es: GetMockChangesOrgNoEvents(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
|
|
IDPConfigID: "IDPConfigID",
|
|
},
|
|
},
|
|
res: res{
|
|
wantErr: true,
|
|
errFunc: caos_errs.IsNotFound,
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
err := tt.args.es.RemoveIDPConfig(tt.args.ctx, tt.args.idp)
|
|
|
|
if !tt.res.wantErr && err != nil {
|
|
t.Errorf("should not get err")
|
|
}
|
|
if tt.res.wantErr && !tt.res.errFunc(err) {
|
|
t.Errorf("got wrong err: %v ", err)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
func TestDeactivateIdpConfiguration(t *testing.T) {
|
|
ctrl := gomock.NewController(t)
|
|
type args struct {
|
|
es *OrgEventstore
|
|
ctx context.Context
|
|
idp *iam_model.IDPConfig
|
|
}
|
|
type res struct {
|
|
result *iam_model.IDPConfig
|
|
wantErr bool
|
|
errFunc func(err error) bool
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
args args
|
|
res res
|
|
}{
|
|
{
|
|
name: "deactivate, ok",
|
|
args: args{
|
|
es: GetMockChangesOrgWithOIDCIdp(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
|
|
IDPConfigID: "IDPConfigID",
|
|
Name: "Name",
|
|
},
|
|
},
|
|
res: res{
|
|
result: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
|
|
IDPConfigID: "IDPConfigID",
|
|
Name: "Name",
|
|
State: iam_model.IDPConfigStateInactive,
|
|
OIDCConfig: &iam_model.OIDCIDPConfig{
|
|
ClientID: "ClientID",
|
|
},
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "no idp id",
|
|
args: args{
|
|
es: GetMockChangesOrgOK(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}},
|
|
},
|
|
res: res{
|
|
wantErr: true,
|
|
errFunc: caos_errs.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "idp not existing",
|
|
args: args{
|
|
es: GetMockChangesOrgOK(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
|
|
IDPConfigID: "IDPConfigID",
|
|
Name: "Name",
|
|
OIDCConfig: &iam_model.OIDCIDPConfig{
|
|
ClientID: "ClientID",
|
|
},
|
|
},
|
|
},
|
|
res: res{
|
|
wantErr: true,
|
|
errFunc: caos_errs.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "existing org not found",
|
|
args: args{
|
|
es: GetMockChangesOrgNoEvents(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
|
|
IDPConfigID: "IDPConfigID",
|
|
Name: "Name",
|
|
OIDCConfig: &iam_model.OIDCIDPConfig{
|
|
ClientID: "ClientID",
|
|
},
|
|
},
|
|
},
|
|
res: res{
|
|
wantErr: true,
|
|
errFunc: caos_errs.IsNotFound,
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
result, err := tt.args.es.DeactivateIDPConfig(tt.args.ctx, tt.args.idp.AggregateID, tt.args.idp.IDPConfigID)
|
|
|
|
if !tt.res.wantErr && result.AggregateID == "" {
|
|
t.Errorf("result has no id")
|
|
}
|
|
if !tt.res.wantErr && result.IDPConfigID != tt.res.result.IDPConfigID {
|
|
t.Errorf("got wrong result IDPConfigID: expected: %v, actual: %v ", tt.res.result.IDPConfigID, result.IDPConfigID)
|
|
}
|
|
if !tt.res.wantErr && result.State != tt.res.result.State {
|
|
t.Errorf("got wrong result state: expected: %v, actual: %v ", tt.res.result.State, result.State)
|
|
}
|
|
if tt.res.wantErr && !tt.res.errFunc(err) {
|
|
t.Errorf("got wrong err: %v ", err)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestReactivateIdpConfiguration(t *testing.T) {
|
|
ctrl := gomock.NewController(t)
|
|
type args struct {
|
|
es *OrgEventstore
|
|
ctx context.Context
|
|
idp *iam_model.IDPConfig
|
|
}
|
|
type res struct {
|
|
result *iam_model.IDPConfig
|
|
wantErr bool
|
|
errFunc func(err error) bool
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
args args
|
|
res res
|
|
}{
|
|
{
|
|
name: "reactivate, ok",
|
|
args: args{
|
|
es: GetMockChangesOrgWithOIDCIdp(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
|
|
IDPConfigID: "IDPConfigID",
|
|
Name: "Name",
|
|
},
|
|
},
|
|
res: res{
|
|
result: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
|
|
IDPConfigID: "IDPConfigID",
|
|
Name: "Name",
|
|
State: iam_model.IDPConfigStateActive,
|
|
OIDCConfig: &iam_model.OIDCIDPConfig{
|
|
ClientID: "ClientID",
|
|
},
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "no idp id",
|
|
args: args{
|
|
es: GetMockChangesOrgOK(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1}},
|
|
},
|
|
res: res{
|
|
wantErr: true,
|
|
errFunc: caos_errs.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "idp not existing",
|
|
args: args{
|
|
es: GetMockChangesOrgOK(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
|
|
IDPConfigID: "IDPConfigID",
|
|
Name: "Name",
|
|
OIDCConfig: &iam_model.OIDCIDPConfig{
|
|
ClientID: "ClientID",
|
|
},
|
|
},
|
|
},
|
|
res: res{
|
|
wantErr: true,
|
|
errFunc: caos_errs.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "existing org not found",
|
|
args: args{
|
|
es: GetMockChangesOrgNoEvents(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
idp: &iam_model.IDPConfig{ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 1},
|
|
IDPConfigID: "IDPConfigID",
|
|
Name: "Name",
|
|
OIDCConfig: &iam_model.OIDCIDPConfig{
|
|
ClientID: "ClientID",
|
|
},
|
|
},
|
|
},
|
|
res: res{
|
|
wantErr: true,
|
|
errFunc: caos_errs.IsNotFound,
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
result, err := tt.args.es.ReactivateIDPConfig(tt.args.ctx, tt.args.idp.AggregateID, tt.args.idp.IDPConfigID)
|
|
|
|
if !tt.res.wantErr && result.AggregateID == "" {
|
|
t.Errorf("result has no id")
|
|
}
|
|
if !tt.res.wantErr && result.IDPConfigID != tt.res.result.IDPConfigID {
|
|
t.Errorf("got wrong result IDPConfigID: expected: %v, actual: %v ", tt.res.result.IDPConfigID, result.IDPConfigID)
|
|
}
|
|
if !tt.res.wantErr && result.State != tt.res.result.State {
|
|
t.Errorf("got wrong result state: expected: %v, actual: %v ", tt.res.result.State, result.State)
|
|
}
|
|
if tt.res.wantErr && !tt.res.errFunc(err) {
|
|
t.Errorf("got wrong err: %v ", err)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestChangeOIDCIDPConfig(t *testing.T) {
|
|
ctrl := gomock.NewController(t)
|
|
type args struct {
|
|
es *OrgEventstore
|
|
ctx context.Context
|
|
config *iam_model.OIDCIDPConfig
|
|
}
|
|
type res struct {
|
|
result *iam_model.OIDCIDPConfig
|
|
wantErr bool
|
|
errFunc func(err error) bool
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
args args
|
|
res res
|
|
}{
|
|
{
|
|
name: "change oidc config, ok",
|
|
args: args{
|
|
es: GetMockChangesOrgWithOIDCIdp(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
config: &iam_model.OIDCIDPConfig{
|
|
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
|
|
IDPConfigID: "IDPConfigID",
|
|
ClientID: "ClientIDChange",
|
|
Issuer: "Issuer",
|
|
Scopes: []string{"scope"},
|
|
},
|
|
},
|
|
res: res{
|
|
result: &iam_model.OIDCIDPConfig{
|
|
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
|
|
IDPConfigID: "IDPConfigID",
|
|
ClientID: "ClientIDChange",
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "invalid config",
|
|
args: args{
|
|
es: GetMockChangesOrgOK(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
config: &iam_model.OIDCIDPConfig{
|
|
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
|
|
IDPConfigID: "IDPConfigID",
|
|
},
|
|
},
|
|
res: res{
|
|
wantErr: true,
|
|
errFunc: caos_errs.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "idp not existing",
|
|
args: args{
|
|
es: GetMockChangesOrgOK(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
config: &iam_model.OIDCIDPConfig{
|
|
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
|
|
IDPConfigID: "IDPConfigID",
|
|
ClientID: "ClientID",
|
|
Issuer: "Issuer",
|
|
Scopes: []string{"scope"},
|
|
},
|
|
},
|
|
res: res{
|
|
wantErr: true,
|
|
errFunc: caos_errs.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "existing org not found",
|
|
args: args{
|
|
es: GetMockChangesOrgNoEvents(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
config: &iam_model.OIDCIDPConfig{
|
|
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
|
|
IDPConfigID: "IDPConfigID",
|
|
ClientID: "ClientID",
|
|
Issuer: "Issuer",
|
|
Scopes: []string{"scope"},
|
|
},
|
|
},
|
|
res: res{
|
|
wantErr: true,
|
|
errFunc: caos_errs.IsNotFound,
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
result, err := tt.args.es.ChangeIDPOIDCConfig(tt.args.ctx, tt.args.config)
|
|
|
|
if !tt.res.wantErr && result.AggregateID == "" {
|
|
t.Errorf("result has no id")
|
|
}
|
|
if !tt.res.wantErr && result.IDPConfigID != tt.res.result.IDPConfigID {
|
|
t.Errorf("got wrong result AppID: expected: %v, actual: %v ", tt.res.result.IDPConfigID, result.IDPConfigID)
|
|
}
|
|
if !tt.res.wantErr && result.ClientID != tt.res.result.ClientID {
|
|
t.Errorf("got wrong result responsetype: expected: %v, actual: %v ", tt.res.result.ClientID, result.ClientID)
|
|
}
|
|
if tt.res.wantErr && !tt.res.errFunc(err) {
|
|
t.Errorf("got wrong err: %v ", err)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestAddLoginPolicy(t *testing.T) {
|
|
ctrl := gomock.NewController(t)
|
|
type args struct {
|
|
es *OrgEventstore
|
|
ctx context.Context
|
|
policy *iam_model.LoginPolicy
|
|
}
|
|
type res struct {
|
|
result *iam_model.LoginPolicy
|
|
wantErr bool
|
|
errFunc func(err error) bool
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
args args
|
|
res res
|
|
}{
|
|
{
|
|
name: "add login policy, ok",
|
|
args: args{
|
|
es: GetMockChangesOrgOK(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
policy: &iam_model.LoginPolicy{
|
|
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
|
|
AllowRegister: true,
|
|
},
|
|
},
|
|
res: res{
|
|
result: &iam_model.LoginPolicy{
|
|
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
|
|
AllowRegister: true,
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "invalid policy",
|
|
args: args{
|
|
es: GetMockChangesOrgOK(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
policy: &iam_model.LoginPolicy{
|
|
ObjectRoot: es_models.ObjectRoot{Sequence: 0},
|
|
},
|
|
},
|
|
res: res{
|
|
wantErr: true,
|
|
errFunc: caos_errs.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "existing org not found",
|
|
args: args{
|
|
es: GetMockChangesOrgNoEvents(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
policy: &iam_model.LoginPolicy{
|
|
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
|
|
},
|
|
},
|
|
res: res{
|
|
wantErr: true,
|
|
errFunc: caos_errs.IsNotFound,
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
result, err := tt.args.es.AddLoginPolicy(tt.args.ctx, tt.args.policy)
|
|
|
|
if !tt.res.wantErr && result.AllowRegister != tt.res.result.AllowRegister {
|
|
t.Errorf("got wrong result AllowRegister: expected: %v, actual: %v ", tt.res.result.AllowRegister, result.AllowRegister)
|
|
}
|
|
if tt.res.wantErr && !tt.res.errFunc(err) {
|
|
t.Errorf("got wrong err: %v ", err)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestChangeLoginPolicy(t *testing.T) {
|
|
ctrl := gomock.NewController(t)
|
|
type args struct {
|
|
es *OrgEventstore
|
|
ctx context.Context
|
|
policy *iam_model.LoginPolicy
|
|
}
|
|
type res struct {
|
|
result *iam_model.LoginPolicy
|
|
wantErr bool
|
|
errFunc func(err error) bool
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
args args
|
|
res res
|
|
}{
|
|
{
|
|
name: "add login policy, ok",
|
|
args: args{
|
|
es: GetMockChangesOrgWithLoginPolicy(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
policy: &iam_model.LoginPolicy{
|
|
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
|
|
AllowRegister: true,
|
|
AllowExternalIdp: false,
|
|
AllowUsernamePassword: false,
|
|
},
|
|
},
|
|
res: res{
|
|
result: &iam_model.LoginPolicy{
|
|
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
|
|
AllowRegister: true,
|
|
AllowExternalIdp: false,
|
|
AllowUsernamePassword: false,
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "invalid policy",
|
|
args: args{
|
|
es: GetMockChangesOrgOK(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
policy: &iam_model.LoginPolicy{
|
|
ObjectRoot: es_models.ObjectRoot{Sequence: 0},
|
|
},
|
|
},
|
|
res: res{
|
|
wantErr: true,
|
|
errFunc: caos_errs.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "existing iam not found",
|
|
args: args{
|
|
es: GetMockChangesOrgNoEvents(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
policy: &iam_model.LoginPolicy{
|
|
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
|
|
},
|
|
},
|
|
res: res{
|
|
wantErr: true,
|
|
errFunc: caos_errs.IsNotFound,
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
result, err := tt.args.es.ChangeLoginPolicy(tt.args.ctx, tt.args.policy)
|
|
|
|
if !tt.res.wantErr && result.AllowRegister != tt.res.result.AllowRegister {
|
|
t.Errorf("got wrong result AllowRegister: expected: %v, actual: %v ", tt.res.result.AllowRegister, result.AllowRegister)
|
|
}
|
|
if !tt.res.wantErr && result.AllowUsernamePassword != tt.res.result.AllowUsernamePassword {
|
|
t.Errorf("got wrong result AllowUsernamePassword: expected: %v, actual: %v ", tt.res.result.AllowUsernamePassword, result.AllowUsernamePassword)
|
|
}
|
|
if !tt.res.wantErr && result.AllowExternalIdp != tt.res.result.AllowExternalIdp {
|
|
t.Errorf("got wrong result AllowExternalIDP: expected: %v, actual: %v ", tt.res.result.AllowExternalIdp, result.AllowExternalIdp)
|
|
}
|
|
if tt.res.wantErr && !tt.res.errFunc(err) {
|
|
t.Errorf("got wrong err: %v ", err)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestRemoveLoginPolicy(t *testing.T) {
|
|
ctrl := gomock.NewController(t)
|
|
type args struct {
|
|
es *OrgEventstore
|
|
ctx context.Context
|
|
policy *iam_model.LoginPolicy
|
|
}
|
|
type res struct {
|
|
result *iam_model.LoginPolicy
|
|
wantErr bool
|
|
errFunc func(err error) bool
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
args args
|
|
res res
|
|
}{
|
|
{
|
|
name: "remove login policy, ok",
|
|
args: args{
|
|
es: GetMockChangesOrgWithLoginPolicy(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
policy: &iam_model.LoginPolicy{
|
|
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
|
|
AllowRegister: true,
|
|
AllowExternalIdp: false,
|
|
AllowUsernamePassword: false,
|
|
},
|
|
},
|
|
res: res{},
|
|
},
|
|
{
|
|
name: "invalid policy",
|
|
args: args{
|
|
es: GetMockChangesOrgOK(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
policy: &iam_model.LoginPolicy{
|
|
ObjectRoot: es_models.ObjectRoot{Sequence: 0},
|
|
},
|
|
},
|
|
res: res{
|
|
wantErr: true,
|
|
errFunc: caos_errs.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "existing iam not found",
|
|
args: args{
|
|
es: GetMockChangesOrgNoEvents(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
policy: &iam_model.LoginPolicy{
|
|
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
|
|
},
|
|
},
|
|
res: res{
|
|
wantErr: true,
|
|
errFunc: caos_errs.IsNotFound,
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
err := tt.args.es.RemoveLoginPolicy(tt.args.ctx, tt.args.policy)
|
|
|
|
if !tt.res.wantErr && err != nil {
|
|
t.Errorf("got wrong result should not get err: %v", err)
|
|
}
|
|
if tt.res.wantErr && !tt.res.errFunc(err) {
|
|
t.Errorf("got wrong err: %v ", err)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestAddIdpProviderToLoginPolicy(t *testing.T) {
|
|
ctrl := gomock.NewController(t)
|
|
type args struct {
|
|
es *OrgEventstore
|
|
ctx context.Context
|
|
provider *iam_model.IDPProvider
|
|
}
|
|
type res struct {
|
|
result *iam_model.IDPProvider
|
|
wantErr bool
|
|
errFunc func(err error) bool
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
args args
|
|
res res
|
|
}{
|
|
{
|
|
name: "add idp to login policy, ok",
|
|
args: args{
|
|
es: GetMockChangesOrgWithLoginPolicy(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
provider: &iam_model.IDPProvider{
|
|
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
|
|
IdpConfigID: "IdpConfigID2",
|
|
Type: iam_model.IDPProviderTypeSystem,
|
|
},
|
|
},
|
|
res: res{
|
|
result: &iam_model.IDPProvider{IdpConfigID: "IdpConfigID2"},
|
|
},
|
|
},
|
|
{
|
|
name: "add idp to login policy, already existing",
|
|
args: args{
|
|
es: GetMockChangesOrgWithLoginPolicy(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
provider: &iam_model.IDPProvider{
|
|
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
|
|
IdpConfigID: "IDPConfigID",
|
|
Type: iam_model.IDPProviderTypeSystem,
|
|
},
|
|
},
|
|
res: res{
|
|
wantErr: true,
|
|
errFunc: caos_errs.IsErrorAlreadyExists,
|
|
},
|
|
},
|
|
{
|
|
name: "invalid provider",
|
|
args: args{
|
|
es: GetMockChangesOrgOK(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
provider: &iam_model.IDPProvider{
|
|
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
|
|
},
|
|
},
|
|
res: res{
|
|
wantErr: true,
|
|
errFunc: caos_errs.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "existing iam not found",
|
|
args: args{
|
|
es: GetMockChangesOrgNoEvents(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
provider: &iam_model.IDPProvider{
|
|
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
|
|
IdpConfigID: "IdpConfigID2",
|
|
},
|
|
},
|
|
res: res{
|
|
wantErr: true,
|
|
errFunc: caos_errs.IsNotFound,
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
result, err := tt.args.es.AddIDPProviderToLoginPolicy(tt.args.ctx, tt.args.provider)
|
|
|
|
if !tt.res.wantErr && result.IdpConfigID != tt.res.result.IdpConfigID {
|
|
t.Errorf("got wrong result IDPConfigID: expected: %v, actual: %v ", tt.res.result.IdpConfigID, result.IdpConfigID)
|
|
}
|
|
if !tt.res.wantErr && result.Type != tt.res.result.Type {
|
|
t.Errorf("got wrong result Type: expected: %v, actual: %v ", tt.res.result.Type, result.Type)
|
|
}
|
|
if tt.res.wantErr && !tt.res.errFunc(err) {
|
|
t.Errorf("got wrong err: %v ", err)
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestRemoveIdpProviderFromLoginPolicy(t *testing.T) {
|
|
ctrl := gomock.NewController(t)
|
|
type args struct {
|
|
es *OrgEventstore
|
|
ctx context.Context
|
|
provider *iam_model.IDPProvider
|
|
}
|
|
type res struct {
|
|
wantErr bool
|
|
errFunc func(err error) bool
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
args args
|
|
res res
|
|
}{
|
|
{
|
|
name: "remove idp to login policy, ok",
|
|
args: args{
|
|
es: GetMockChangesOrgWithLoginPolicy(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
provider: &iam_model.IDPProvider{
|
|
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
|
|
IdpConfigID: "IDPConfigID",
|
|
Type: iam_model.IDPProviderTypeSystem,
|
|
},
|
|
},
|
|
res: res{},
|
|
},
|
|
{
|
|
name: "remove idp to login policy, not existing",
|
|
args: args{
|
|
es: GetMockChangesOrgWithLoginPolicy(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
provider: &iam_model.IDPProvider{
|
|
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
|
|
IdpConfigID: "IdpConfigID2",
|
|
Type: iam_model.IDPProviderTypeSystem,
|
|
},
|
|
},
|
|
res: res{
|
|
wantErr: true,
|
|
errFunc: caos_errs.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "invalid provider",
|
|
args: args{
|
|
es: GetMockChangesOrgOK(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
provider: &iam_model.IDPProvider{
|
|
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
|
|
},
|
|
},
|
|
res: res{
|
|
wantErr: true,
|
|
errFunc: caos_errs.IsPreconditionFailed,
|
|
},
|
|
},
|
|
{
|
|
name: "existing iam not found",
|
|
args: args{
|
|
es: GetMockChangesOrgNoEvents(ctrl),
|
|
ctx: authz.NewMockContext("orgID", "userID"),
|
|
provider: &iam_model.IDPProvider{
|
|
ObjectRoot: es_models.ObjectRoot{AggregateID: "AggregateID", Sequence: 0},
|
|
IdpConfigID: "IdpConfigID2",
|
|
},
|
|
},
|
|
res: res{
|
|
wantErr: true,
|
|
errFunc: caos_errs.IsNotFound,
|
|
},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
err := tt.args.es.RemoveIDPProviderFromLoginPolicy(tt.args.ctx, tt.args.provider)
|
|
|
|
if !tt.res.wantErr && err != nil {
|
|
t.Errorf("should not get err: %v ", err)
|
|
}
|
|
if tt.res.wantErr && !tt.res.errFunc(err) {
|
|
t.Errorf("got wrong err: %v ", err)
|
|
}
|
|
})
|
|
}
|
|
}
|