mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-15 04:18:01 +00:00
d9d376a275
* feat: add query endpoints for user v2 api * fix: correct integration tests * fix: correct linting * fix: correct linting * fix: comment out permission check on user get and list * fix: permission check on user v2 query * fix: merge back origin/main * fix: add search query in user emails * fix: reset count for SearchUser if users are removed due to permissions * fix: reset count for SearchUser if users are removed due to permissions --------- Co-authored-by: Elio Bischof <elio@zitadel.com>
1420 lines
36 KiB
Go
1420 lines
36 KiB
Go
package query
|
|
|
|
import (
|
|
"context"
|
|
"database/sql"
|
|
"database/sql/driver"
|
|
"errors"
|
|
"fmt"
|
|
"regexp"
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
"golang.org/x/text/language"
|
|
|
|
"github.com/zitadel/zitadel/internal/crypto"
|
|
"github.com/zitadel/zitadel/internal/database"
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
"github.com/zitadel/zitadel/internal/zerrors"
|
|
)
|
|
|
|
func Test_RemoveNoPermission(t *testing.T) {
|
|
type want struct {
|
|
users []*User
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
want want
|
|
users *Users
|
|
permissions []string
|
|
}{
|
|
{
|
|
"permissions for all users",
|
|
want{
|
|
users: []*User{
|
|
{ID: "first"}, {ID: "second"}, {ID: "third"},
|
|
},
|
|
},
|
|
&Users{
|
|
Users: []*User{
|
|
{ID: "first"}, {ID: "second"}, {ID: "third"},
|
|
},
|
|
},
|
|
[]string{"first", "second", "third"},
|
|
},
|
|
{
|
|
"permissions for one user, first",
|
|
want{
|
|
users: []*User{
|
|
{ID: "first"},
|
|
},
|
|
},
|
|
&Users{
|
|
Users: []*User{
|
|
{ID: "first"}, {ID: "second"}, {ID: "third"},
|
|
},
|
|
},
|
|
[]string{"first"},
|
|
},
|
|
{
|
|
"permissions for one user, second",
|
|
want{
|
|
users: []*User{
|
|
{ID: "second"},
|
|
},
|
|
},
|
|
&Users{
|
|
Users: []*User{
|
|
{ID: "first"}, {ID: "second"}, {ID: "third"},
|
|
},
|
|
},
|
|
[]string{"second"},
|
|
},
|
|
{
|
|
"permissions for one user, third",
|
|
want{
|
|
users: []*User{
|
|
{ID: "third"},
|
|
},
|
|
},
|
|
&Users{
|
|
Users: []*User{
|
|
{ID: "first"}, {ID: "second"}, {ID: "third"},
|
|
},
|
|
},
|
|
[]string{"third"},
|
|
},
|
|
{
|
|
"permissions for two users, first",
|
|
want{
|
|
users: []*User{
|
|
{ID: "first"}, {ID: "third"},
|
|
},
|
|
},
|
|
&Users{
|
|
Users: []*User{
|
|
{ID: "first"}, {ID: "second"}, {ID: "third"},
|
|
},
|
|
},
|
|
[]string{"first", "third"},
|
|
},
|
|
{
|
|
"permissions for two users, second",
|
|
want{
|
|
users: []*User{
|
|
{ID: "second"}, {ID: "third"},
|
|
},
|
|
},
|
|
&Users{
|
|
Users: []*User{
|
|
{ID: "first"}, {ID: "second"}, {ID: "third"},
|
|
},
|
|
},
|
|
[]string{"second", "third"},
|
|
},
|
|
{
|
|
"no permissions",
|
|
want{
|
|
users: []*User{},
|
|
},
|
|
&Users{
|
|
Users: []*User{
|
|
{ID: "first"}, {ID: "second"}, {ID: "third"},
|
|
},
|
|
},
|
|
[]string{},
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
checkPermission := func(ctx context.Context, permission, orgID, resourceID string) (err error) {
|
|
for _, perm := range tt.permissions {
|
|
if resourceID == perm {
|
|
return nil
|
|
}
|
|
}
|
|
return errors.New("failed")
|
|
}
|
|
tt.users.RemoveNoPermission(context.Background(), checkPermission)
|
|
require.Equal(t, tt.want.users, tt.users.Users)
|
|
})
|
|
}
|
|
}
|
|
|
|
var (
|
|
loginNamesQuery = `SELECT login_names.user_id, ARRAY_AGG(login_names.login_name)::TEXT[] AS loginnames, ARRAY_AGG(LOWER(login_names.login_name))::TEXT[] AS loginnames_lower, login_names.instance_id` +
|
|
` FROM projections.login_names3 AS login_names` +
|
|
` GROUP BY login_names.user_id, login_names.instance_id`
|
|
preferredLoginNameQuery = `SELECT preferred_login_name.user_id, preferred_login_name.login_name, preferred_login_name.instance_id` +
|
|
` FROM projections.login_names3 AS preferred_login_name` +
|
|
` WHERE preferred_login_name.is_primary = $1`
|
|
userQuery = `SELECT projections.users10.id,` +
|
|
` projections.users10.creation_date,` +
|
|
` projections.users10.change_date,` +
|
|
` projections.users10.resource_owner,` +
|
|
` projections.users10.sequence,` +
|
|
` projections.users10.state,` +
|
|
` projections.users10.type,` +
|
|
` projections.users10.username,` +
|
|
` login_names.loginnames,` +
|
|
` preferred_login_name.login_name,` +
|
|
` projections.users10_humans.user_id,` +
|
|
` projections.users10_humans.first_name,` +
|
|
` projections.users10_humans.last_name,` +
|
|
` projections.users10_humans.nick_name,` +
|
|
` projections.users10_humans.display_name,` +
|
|
` projections.users10_humans.preferred_language,` +
|
|
` projections.users10_humans.gender,` +
|
|
` projections.users10_humans.avatar_key,` +
|
|
` projections.users10_humans.email,` +
|
|
` projections.users10_humans.is_email_verified,` +
|
|
` projections.users10_humans.phone,` +
|
|
` projections.users10_humans.is_phone_verified,` +
|
|
` projections.users10_machines.user_id,` +
|
|
` projections.users10_machines.name,` +
|
|
` projections.users10_machines.description,` +
|
|
` projections.users10_machines.secret,` +
|
|
` projections.users10_machines.access_token_type,` +
|
|
` COUNT(*) OVER ()` +
|
|
` FROM projections.users10` +
|
|
` LEFT JOIN projections.users10_humans ON projections.users10.id = projections.users10_humans.user_id AND projections.users10.instance_id = projections.users10_humans.instance_id` +
|
|
` LEFT JOIN projections.users10_machines ON projections.users10.id = projections.users10_machines.user_id AND projections.users10.instance_id = projections.users10_machines.instance_id` +
|
|
` LEFT JOIN` +
|
|
` (` + loginNamesQuery + `) AS login_names` +
|
|
` ON login_names.user_id = projections.users10.id AND login_names.instance_id = projections.users10.instance_id` +
|
|
` LEFT JOIN` +
|
|
` (` + preferredLoginNameQuery + `) AS preferred_login_name` +
|
|
` ON preferred_login_name.user_id = projections.users10.id AND preferred_login_name.instance_id = projections.users10.instance_id` +
|
|
` AS OF SYSTEM TIME '-1 ms'`
|
|
userCols = []string{
|
|
"id",
|
|
"creation_date",
|
|
"change_date",
|
|
"resource_owner",
|
|
"sequence",
|
|
"state",
|
|
"type",
|
|
"username",
|
|
"loginnames",
|
|
"login_name",
|
|
// human
|
|
"user_id",
|
|
"first_name",
|
|
"last_name",
|
|
"nick_name",
|
|
"display_name",
|
|
"preferred_language",
|
|
"gender",
|
|
"avatar_key",
|
|
"email",
|
|
"is_email_verified",
|
|
"phone",
|
|
"is_phone_verified",
|
|
// machine
|
|
"user_id",
|
|
"name",
|
|
"description",
|
|
"secret",
|
|
"access_token_type",
|
|
"count",
|
|
}
|
|
profileQuery = `SELECT projections.users10.id,` +
|
|
` projections.users10.creation_date,` +
|
|
` projections.users10.change_date,` +
|
|
` projections.users10.resource_owner,` +
|
|
` projections.users10.sequence,` +
|
|
` projections.users10_humans.user_id,` +
|
|
` projections.users10_humans.first_name,` +
|
|
` projections.users10_humans.last_name,` +
|
|
` projections.users10_humans.nick_name,` +
|
|
` projections.users10_humans.display_name,` +
|
|
` projections.users10_humans.preferred_language,` +
|
|
` projections.users10_humans.gender,` +
|
|
` projections.users10_humans.avatar_key` +
|
|
` FROM projections.users10` +
|
|
` LEFT JOIN projections.users10_humans ON projections.users10.id = projections.users10_humans.user_id AND projections.users10.instance_id = projections.users10_humans.instance_id` +
|
|
` AS OF SYSTEM TIME '-1 ms'`
|
|
profileCols = []string{
|
|
"id",
|
|
"creation_date",
|
|
"change_date",
|
|
"resource_owner",
|
|
"sequence",
|
|
"user_id",
|
|
"first_name",
|
|
"last_name",
|
|
"nick_name",
|
|
"display_name",
|
|
"preferred_language",
|
|
"gender",
|
|
"avatar_key",
|
|
}
|
|
emailQuery = `SELECT projections.users10.id,` +
|
|
` projections.users10.creation_date,` +
|
|
` projections.users10.change_date,` +
|
|
` projections.users10.resource_owner,` +
|
|
` projections.users10.sequence,` +
|
|
` projections.users10_humans.user_id,` +
|
|
` projections.users10_humans.email,` +
|
|
` projections.users10_humans.is_email_verified` +
|
|
` FROM projections.users10` +
|
|
` LEFT JOIN projections.users10_humans ON projections.users10.id = projections.users10_humans.user_id AND projections.users10.instance_id = projections.users10_humans.instance_id` +
|
|
` AS OF SYSTEM TIME '-1 ms'`
|
|
emailCols = []string{
|
|
"id",
|
|
"creation_date",
|
|
"change_date",
|
|
"resource_owner",
|
|
"sequence",
|
|
"user_id",
|
|
"email",
|
|
"is_email_verified",
|
|
}
|
|
phoneQuery = `SELECT projections.users10.id,` +
|
|
` projections.users10.creation_date,` +
|
|
` projections.users10.change_date,` +
|
|
` projections.users10.resource_owner,` +
|
|
` projections.users10.sequence,` +
|
|
` projections.users10_humans.user_id,` +
|
|
` projections.users10_humans.phone,` +
|
|
` projections.users10_humans.is_phone_verified` +
|
|
` FROM projections.users10` +
|
|
` LEFT JOIN projections.users10_humans ON projections.users10.id = projections.users10_humans.user_id AND projections.users10.instance_id = projections.users10_humans.instance_id` +
|
|
` AS OF SYSTEM TIME '-1 ms'`
|
|
phoneCols = []string{
|
|
"id",
|
|
"creation_date",
|
|
"change_date",
|
|
"resource_owner",
|
|
"sequence",
|
|
"user_id",
|
|
"phone",
|
|
"is_phone_verified",
|
|
}
|
|
userUniqueQuery = `SELECT projections.users10.id,` +
|
|
` projections.users10.state,` +
|
|
` projections.users10.username,` +
|
|
` projections.users10_humans.user_id,` +
|
|
` projections.users10_humans.email,` +
|
|
` projections.users10_humans.is_email_verified` +
|
|
` FROM projections.users10` +
|
|
` LEFT JOIN projections.users10_humans ON projections.users10.id = projections.users10_humans.user_id AND projections.users10.instance_id = projections.users10_humans.instance_id` +
|
|
` AS OF SYSTEM TIME '-1 ms'`
|
|
userUniqueCols = []string{
|
|
"id",
|
|
"state",
|
|
"username",
|
|
"user_id",
|
|
"email",
|
|
"is_email_verified",
|
|
}
|
|
notifyUserQuery = `SELECT projections.users10.id,` +
|
|
` projections.users10.creation_date,` +
|
|
` projections.users10.change_date,` +
|
|
` projections.users10.resource_owner,` +
|
|
` projections.users10.sequence,` +
|
|
` projections.users10.state,` +
|
|
` projections.users10.type,` +
|
|
` projections.users10.username,` +
|
|
` login_names.loginnames,` +
|
|
` preferred_login_name.login_name,` +
|
|
` projections.users10_humans.user_id,` +
|
|
` projections.users10_humans.first_name,` +
|
|
` projections.users10_humans.last_name,` +
|
|
` projections.users10_humans.nick_name,` +
|
|
` projections.users10_humans.display_name,` +
|
|
` projections.users10_humans.preferred_language,` +
|
|
` projections.users10_humans.gender,` +
|
|
` projections.users10_humans.avatar_key,` +
|
|
` projections.users10_notifications.user_id,` +
|
|
` projections.users10_notifications.last_email,` +
|
|
` projections.users10_notifications.verified_email,` +
|
|
` projections.users10_notifications.last_phone,` +
|
|
` projections.users10_notifications.verified_phone,` +
|
|
` projections.users10_notifications.password_set,` +
|
|
` COUNT(*) OVER ()` +
|
|
` FROM projections.users10` +
|
|
` LEFT JOIN projections.users10_humans ON projections.users10.id = projections.users10_humans.user_id AND projections.users10.instance_id = projections.users10_humans.instance_id` +
|
|
` LEFT JOIN projections.users10_notifications ON projections.users10.id = projections.users10_notifications.user_id AND projections.users10.instance_id = projections.users10_notifications.instance_id` +
|
|
` LEFT JOIN` +
|
|
` (` + loginNamesQuery + `) AS login_names` +
|
|
` ON login_names.user_id = projections.users10.id AND login_names.instance_id = projections.users10.instance_id` +
|
|
` LEFT JOIN` +
|
|
` (` + preferredLoginNameQuery + `) AS preferred_login_name` +
|
|
` ON preferred_login_name.user_id = projections.users10.id AND preferred_login_name.instance_id = projections.users10.instance_id` +
|
|
` AS OF SYSTEM TIME '-1 ms'`
|
|
notifyUserCols = []string{
|
|
"id",
|
|
"creation_date",
|
|
"change_date",
|
|
"resource_owner",
|
|
"sequence",
|
|
"state",
|
|
"type",
|
|
"username",
|
|
"loginnames",
|
|
"login_name",
|
|
// human
|
|
"user_id",
|
|
"first_name",
|
|
"last_name",
|
|
"nick_name",
|
|
"display_name",
|
|
"preferred_language",
|
|
"gender",
|
|
"avatar_key",
|
|
// machine
|
|
"user_id",
|
|
"last_email",
|
|
"verified_email",
|
|
"last_phone",
|
|
"verified_phone",
|
|
"password_set",
|
|
"count",
|
|
}
|
|
usersQuery = `SELECT projections.users10.id,` +
|
|
` projections.users10.creation_date,` +
|
|
` projections.users10.change_date,` +
|
|
` projections.users10.resource_owner,` +
|
|
` projections.users10.sequence,` +
|
|
` projections.users10.state,` +
|
|
` projections.users10.type,` +
|
|
` projections.users10.username,` +
|
|
` login_names.loginnames,` +
|
|
` preferred_login_name.login_name,` +
|
|
` projections.users10_humans.user_id,` +
|
|
` projections.users10_humans.first_name,` +
|
|
` projections.users10_humans.last_name,` +
|
|
` projections.users10_humans.nick_name,` +
|
|
` projections.users10_humans.display_name,` +
|
|
` projections.users10_humans.preferred_language,` +
|
|
` projections.users10_humans.gender,` +
|
|
` projections.users10_humans.avatar_key,` +
|
|
` projections.users10_humans.email,` +
|
|
` projections.users10_humans.is_email_verified,` +
|
|
` projections.users10_humans.phone,` +
|
|
` projections.users10_humans.is_phone_verified,` +
|
|
` projections.users10_machines.user_id,` +
|
|
` projections.users10_machines.name,` +
|
|
` projections.users10_machines.description,` +
|
|
` projections.users10_machines.secret,` +
|
|
` projections.users10_machines.access_token_type,` +
|
|
` COUNT(*) OVER ()` +
|
|
` FROM projections.users10` +
|
|
` LEFT JOIN projections.users10_humans ON projections.users10.id = projections.users10_humans.user_id AND projections.users10.instance_id = projections.users10_humans.instance_id` +
|
|
` LEFT JOIN projections.users10_machines ON projections.users10.id = projections.users10_machines.user_id AND projections.users10.instance_id = projections.users10_machines.instance_id` +
|
|
` LEFT JOIN` +
|
|
` (` + loginNamesQuery + `) AS login_names` +
|
|
` ON login_names.user_id = projections.users10.id AND login_names.instance_id = projections.users10.instance_id` +
|
|
` LEFT JOIN` +
|
|
` (` + preferredLoginNameQuery + `) AS preferred_login_name` +
|
|
` ON preferred_login_name.user_id = projections.users10.id AND preferred_login_name.instance_id = projections.users10.instance_id` +
|
|
` AS OF SYSTEM TIME '-1 ms'`
|
|
usersCols = []string{
|
|
"id",
|
|
"creation_date",
|
|
"change_date",
|
|
"resource_owner",
|
|
"sequence",
|
|
"state",
|
|
"type",
|
|
"username",
|
|
"loginnames",
|
|
"login_name",
|
|
// human
|
|
"user_id",
|
|
"first_name",
|
|
"last_name",
|
|
"nick_name",
|
|
"display_name",
|
|
"preferred_language",
|
|
"gender",
|
|
"avatar_key",
|
|
"email",
|
|
"is_email_verified",
|
|
"phone",
|
|
"is_phone_verified",
|
|
// machine
|
|
"user_id",
|
|
"name",
|
|
"description",
|
|
"secret",
|
|
"access_token_type",
|
|
"count",
|
|
}
|
|
)
|
|
|
|
func Test_UserPrepares(t *testing.T) {
|
|
type want struct {
|
|
sqlExpectations sqlExpectation
|
|
err checkErr
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
prepare interface{}
|
|
want want
|
|
object interface{}
|
|
}{
|
|
{
|
|
name: "prepareUserQuery no result",
|
|
prepare: prepareUserQuery,
|
|
want: want{
|
|
sqlExpectations: mockQueryScanErr(
|
|
regexp.QuoteMeta(userQuery),
|
|
nil,
|
|
nil,
|
|
),
|
|
err: func(err error) (error, bool) {
|
|
if !zerrors.IsNotFound(err) {
|
|
return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false
|
|
}
|
|
return nil, true
|
|
},
|
|
},
|
|
object: (*User)(nil),
|
|
},
|
|
{
|
|
name: "prepareUserQuery human found",
|
|
prepare: prepareUserQuery,
|
|
want: want{
|
|
sqlExpectations: mockQuery(
|
|
regexp.QuoteMeta(userQuery),
|
|
userCols,
|
|
[]driver.Value{
|
|
"id",
|
|
testNow,
|
|
testNow,
|
|
"resource_owner",
|
|
uint64(20211108),
|
|
domain.UserStateActive,
|
|
domain.UserTypeHuman,
|
|
"username",
|
|
database.TextArray[string]{"login_name1", "login_name2"},
|
|
"login_name1",
|
|
// human
|
|
"id",
|
|
"first_name",
|
|
"last_name",
|
|
"nick_name",
|
|
"display_name",
|
|
"de",
|
|
domain.GenderUnspecified,
|
|
"avatar_key",
|
|
"email",
|
|
true,
|
|
"phone",
|
|
true,
|
|
// machine
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
1,
|
|
},
|
|
),
|
|
},
|
|
object: &User{
|
|
ID: "id",
|
|
CreationDate: testNow,
|
|
ChangeDate: testNow,
|
|
ResourceOwner: "resource_owner",
|
|
Sequence: 20211108,
|
|
State: domain.UserStateActive,
|
|
Type: domain.UserTypeHuman,
|
|
Username: "username",
|
|
LoginNames: database.TextArray[string]{"login_name1", "login_name2"},
|
|
PreferredLoginName: "login_name1",
|
|
Human: &Human{
|
|
FirstName: "first_name",
|
|
LastName: "last_name",
|
|
NickName: "nick_name",
|
|
DisplayName: "display_name",
|
|
AvatarKey: "avatar_key",
|
|
PreferredLanguage: language.German,
|
|
Gender: domain.GenderUnspecified,
|
|
Email: "email",
|
|
IsEmailVerified: true,
|
|
Phone: "phone",
|
|
IsPhoneVerified: true,
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "prepareUserQuery machine found",
|
|
prepare: prepareUserQuery,
|
|
want: want{
|
|
sqlExpectations: mockQuery(
|
|
regexp.QuoteMeta(userQuery),
|
|
userCols,
|
|
[]driver.Value{
|
|
"id",
|
|
testNow,
|
|
testNow,
|
|
"resource_owner",
|
|
uint64(20211108),
|
|
domain.UserStateActive,
|
|
domain.UserTypeMachine,
|
|
"username",
|
|
database.TextArray[string]{"login_name1", "login_name2"},
|
|
"login_name1",
|
|
// human
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
// machine
|
|
"id",
|
|
"name",
|
|
"description",
|
|
nil,
|
|
domain.OIDCTokenTypeBearer,
|
|
1,
|
|
},
|
|
),
|
|
},
|
|
object: &User{
|
|
ID: "id",
|
|
CreationDate: testNow,
|
|
ChangeDate: testNow,
|
|
ResourceOwner: "resource_owner",
|
|
Sequence: 20211108,
|
|
State: domain.UserStateActive,
|
|
Type: domain.UserTypeMachine,
|
|
Username: "username",
|
|
LoginNames: database.TextArray[string]{"login_name1", "login_name2"},
|
|
PreferredLoginName: "login_name1",
|
|
Machine: &Machine{
|
|
Name: "name",
|
|
Description: "description",
|
|
Secret: nil,
|
|
AccessTokenType: domain.OIDCTokenTypeBearer,
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "prepareUserQuery machine with secret found",
|
|
prepare: prepareUserQuery,
|
|
want: want{
|
|
sqlExpectations: mockQuery(
|
|
regexp.QuoteMeta(userQuery),
|
|
userCols,
|
|
[]driver.Value{
|
|
"id",
|
|
testNow,
|
|
testNow,
|
|
"resource_owner",
|
|
uint64(20211108),
|
|
domain.UserStateActive,
|
|
domain.UserTypeMachine,
|
|
"username",
|
|
database.TextArray[string]{"login_name1", "login_name2"},
|
|
"login_name1",
|
|
// human
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
// machine
|
|
"id",
|
|
"name",
|
|
"description",
|
|
`{"CryptoType":1,"Algorithm":"bcrypt","Crypted":"deadbeef"}`,
|
|
domain.OIDCTokenTypeBearer,
|
|
1,
|
|
},
|
|
),
|
|
},
|
|
object: &User{
|
|
ID: "id",
|
|
CreationDate: testNow,
|
|
ChangeDate: testNow,
|
|
ResourceOwner: "resource_owner",
|
|
Sequence: 20211108,
|
|
State: domain.UserStateActive,
|
|
Type: domain.UserTypeMachine,
|
|
Username: "username",
|
|
LoginNames: database.TextArray[string]{"login_name1", "login_name2"},
|
|
PreferredLoginName: "login_name1",
|
|
Machine: &Machine{
|
|
Name: "name",
|
|
Description: "description",
|
|
Secret: &crypto.CryptoValue{
|
|
CryptoType: crypto.TypeHash,
|
|
Algorithm: "bcrypt",
|
|
Crypted: []byte{117, 230, 157, 109, 231, 159},
|
|
},
|
|
AccessTokenType: domain.OIDCTokenTypeBearer,
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "prepareUserQuery sql err",
|
|
prepare: prepareUserQuery,
|
|
want: want{
|
|
sqlExpectations: mockQueryErr(
|
|
regexp.QuoteMeta(userQuery),
|
|
sql.ErrConnDone,
|
|
),
|
|
err: func(err error) (error, bool) {
|
|
if !errors.Is(err, sql.ErrConnDone) {
|
|
return fmt.Errorf("err should be sql.ErrConnDone got: %w", err), false
|
|
}
|
|
return nil, true
|
|
},
|
|
},
|
|
object: (*User)(nil),
|
|
},
|
|
{
|
|
name: "prepareProfileQuery no result",
|
|
prepare: prepareProfileQuery,
|
|
want: want{
|
|
sqlExpectations: mockQueryScanErr(
|
|
regexp.QuoteMeta(profileQuery),
|
|
nil,
|
|
nil,
|
|
),
|
|
err: func(err error) (error, bool) {
|
|
if !zerrors.IsNotFound(err) {
|
|
return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false
|
|
}
|
|
return nil, true
|
|
},
|
|
},
|
|
object: (*Profile)(nil),
|
|
},
|
|
{
|
|
name: "prepareProfileQuery human found",
|
|
prepare: prepareProfileQuery,
|
|
want: want{
|
|
sqlExpectations: mockQuery(
|
|
regexp.QuoteMeta(profileQuery),
|
|
profileCols,
|
|
[]driver.Value{
|
|
"id",
|
|
testNow,
|
|
testNow,
|
|
"resource_owner",
|
|
uint64(20211108),
|
|
"id",
|
|
"first_name",
|
|
"last_name",
|
|
"nick_name",
|
|
"display_name",
|
|
"de",
|
|
domain.GenderUnspecified,
|
|
"avatar_key",
|
|
},
|
|
),
|
|
},
|
|
object: &Profile{
|
|
ID: "id",
|
|
CreationDate: testNow,
|
|
ChangeDate: testNow,
|
|
ResourceOwner: "resource_owner",
|
|
Sequence: 20211108,
|
|
FirstName: "first_name",
|
|
LastName: "last_name",
|
|
NickName: "nick_name",
|
|
DisplayName: "display_name",
|
|
AvatarKey: "avatar_key",
|
|
PreferredLanguage: language.German,
|
|
Gender: domain.GenderUnspecified,
|
|
},
|
|
},
|
|
{
|
|
name: "prepareProfileQuery not human found (error)",
|
|
prepare: prepareProfileQuery,
|
|
want: want{
|
|
sqlExpectations: mockQueryScanErr(
|
|
regexp.QuoteMeta(profileQuery),
|
|
profileCols,
|
|
[]driver.Value{
|
|
"id",
|
|
testNow,
|
|
testNow,
|
|
"resource_owner",
|
|
uint64(20211108),
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
},
|
|
),
|
|
err: func(err error) (error, bool) {
|
|
if !zerrors.IsPreconditionFailed(err) {
|
|
return fmt.Errorf("err should be zitadel.PredconditionError got: %w", err), false
|
|
}
|
|
return nil, true
|
|
},
|
|
},
|
|
object: (*Profile)(nil),
|
|
},
|
|
{
|
|
name: "prepareProfileQuery sql err",
|
|
prepare: prepareProfileQuery,
|
|
want: want{
|
|
sqlExpectations: mockQueryErr(
|
|
regexp.QuoteMeta(profileQuery),
|
|
sql.ErrConnDone,
|
|
),
|
|
err: func(err error) (error, bool) {
|
|
if !errors.Is(err, sql.ErrConnDone) {
|
|
return fmt.Errorf("err should be sql.ErrConnDone got: %w", err), false
|
|
}
|
|
return nil, true
|
|
},
|
|
},
|
|
object: (*Profile)(nil),
|
|
},
|
|
{
|
|
name: "prepareEmailQuery no result",
|
|
prepare: prepareEmailQuery,
|
|
want: want{
|
|
sqlExpectations: mockQueryScanErr(
|
|
regexp.QuoteMeta(emailQuery),
|
|
nil,
|
|
nil,
|
|
),
|
|
err: func(err error) (error, bool) {
|
|
if !zerrors.IsNotFound(err) {
|
|
return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false
|
|
}
|
|
return nil, true
|
|
},
|
|
},
|
|
object: (*Email)(nil),
|
|
},
|
|
{
|
|
name: "prepareEmailQuery human found",
|
|
prepare: prepareEmailQuery,
|
|
want: want{
|
|
sqlExpectations: mockQuery(
|
|
regexp.QuoteMeta(emailQuery),
|
|
emailCols,
|
|
[]driver.Value{
|
|
"id",
|
|
testNow,
|
|
testNow,
|
|
"resource_owner",
|
|
uint64(20211108),
|
|
//domain.UserStateActive,
|
|
"id",
|
|
"email",
|
|
true,
|
|
},
|
|
),
|
|
},
|
|
object: &Email{
|
|
ID: "id",
|
|
CreationDate: testNow,
|
|
ChangeDate: testNow,
|
|
ResourceOwner: "resource_owner",
|
|
Sequence: 20211108,
|
|
//State: domain.UserStateActive,
|
|
Email: "email",
|
|
IsVerified: true,
|
|
},
|
|
},
|
|
{
|
|
name: "prepareEmailQuery not human found (error)",
|
|
prepare: prepareEmailQuery,
|
|
want: want{
|
|
sqlExpectations: mockQueryScanErr(
|
|
regexp.QuoteMeta(emailQuery),
|
|
emailCols,
|
|
[]driver.Value{
|
|
"id",
|
|
testNow,
|
|
testNow,
|
|
"resource_owner",
|
|
uint64(20211108),
|
|
//domain.UserStateActive,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
},
|
|
),
|
|
err: func(err error) (error, bool) {
|
|
if !zerrors.IsPreconditionFailed(err) {
|
|
return fmt.Errorf("err should be zitadel.PredconditionError got: %w", err), false
|
|
}
|
|
return nil, true
|
|
},
|
|
},
|
|
object: (*Email)(nil),
|
|
},
|
|
{
|
|
name: "prepareEmailQuery sql err",
|
|
prepare: prepareEmailQuery,
|
|
want: want{
|
|
sqlExpectations: mockQueryErr(
|
|
regexp.QuoteMeta(emailQuery),
|
|
sql.ErrConnDone,
|
|
),
|
|
err: func(err error) (error, bool) {
|
|
if !errors.Is(err, sql.ErrConnDone) {
|
|
return fmt.Errorf("err should be sql.ErrConnDone got: %w", err), false
|
|
}
|
|
return nil, true
|
|
},
|
|
},
|
|
object: (*Email)(nil),
|
|
},
|
|
{
|
|
name: "preparePhoneQuery no result",
|
|
prepare: preparePhoneQuery,
|
|
want: want{
|
|
sqlExpectations: mockQueryScanErr(
|
|
regexp.QuoteMeta(phoneQuery),
|
|
nil,
|
|
nil,
|
|
),
|
|
err: func(err error) (error, bool) {
|
|
if !zerrors.IsNotFound(err) {
|
|
return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false
|
|
}
|
|
return nil, true
|
|
},
|
|
},
|
|
object: (*Phone)(nil),
|
|
},
|
|
{
|
|
name: "preparePhoneQuery human found",
|
|
prepare: preparePhoneQuery,
|
|
want: want{
|
|
sqlExpectations: mockQuery(
|
|
regexp.QuoteMeta(phoneQuery),
|
|
phoneCols,
|
|
[]driver.Value{
|
|
"id",
|
|
testNow,
|
|
testNow,
|
|
"resource_owner",
|
|
uint64(20211108),
|
|
//domain.UserStateActive,
|
|
"id",
|
|
"phone",
|
|
true,
|
|
},
|
|
),
|
|
},
|
|
object: &Phone{
|
|
ID: "id",
|
|
CreationDate: testNow,
|
|
ChangeDate: testNow,
|
|
ResourceOwner: "resource_owner",
|
|
Sequence: 20211108,
|
|
//State: domain.UserStateActive,
|
|
Phone: "phone",
|
|
IsVerified: true,
|
|
},
|
|
},
|
|
{
|
|
name: "preparePhoneQuery not human found (error)",
|
|
prepare: preparePhoneQuery,
|
|
want: want{
|
|
sqlExpectations: mockQueryScanErr(
|
|
regexp.QuoteMeta(phoneQuery),
|
|
phoneCols,
|
|
[]driver.Value{
|
|
"id",
|
|
testNow,
|
|
testNow,
|
|
"resource_owner",
|
|
uint64(20211108),
|
|
//domain.UserStateActive,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
},
|
|
),
|
|
err: func(err error) (error, bool) {
|
|
if !zerrors.IsPreconditionFailed(err) {
|
|
return fmt.Errorf("err should be zitadel.PredconditionError got: %w", err), false
|
|
}
|
|
return nil, true
|
|
},
|
|
},
|
|
object: (*Phone)(nil),
|
|
},
|
|
{
|
|
name: "preparePhoneQuery sql err",
|
|
prepare: preparePhoneQuery,
|
|
want: want{
|
|
sqlExpectations: mockQueryErr(
|
|
regexp.QuoteMeta(phoneQuery),
|
|
sql.ErrConnDone,
|
|
),
|
|
err: func(err error) (error, bool) {
|
|
if !errors.Is(err, sql.ErrConnDone) {
|
|
return fmt.Errorf("err should be sql.ErrConnDone got: %w", err), false
|
|
}
|
|
return nil, true
|
|
},
|
|
},
|
|
object: (*Phone)(nil),
|
|
},
|
|
{
|
|
name: "prepareUserUniqueQuery no result",
|
|
prepare: prepareUserUniqueQuery,
|
|
want: want{
|
|
sqlExpectations: mockQuery(
|
|
regexp.QuoteMeta(userUniqueQuery),
|
|
nil,
|
|
nil,
|
|
),
|
|
err: func(err error) (error, bool) {
|
|
if !zerrors.IsNotFound(err) {
|
|
return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false
|
|
}
|
|
return nil, true
|
|
},
|
|
},
|
|
object: true,
|
|
},
|
|
{
|
|
name: "prepareUserUniqueQuery found",
|
|
prepare: prepareUserUniqueQuery,
|
|
want: want{
|
|
sqlExpectations: mockQuery(
|
|
regexp.QuoteMeta(userUniqueQuery),
|
|
userUniqueCols,
|
|
[]driver.Value{
|
|
"id",
|
|
domain.UserStateActive,
|
|
"username",
|
|
"id",
|
|
"email",
|
|
true,
|
|
},
|
|
),
|
|
},
|
|
object: false,
|
|
},
|
|
{
|
|
name: "prepareUserUniqueQuery sql err",
|
|
prepare: prepareUserUniqueQuery,
|
|
want: want{
|
|
sqlExpectations: mockQueryErr(
|
|
regexp.QuoteMeta(userUniqueQuery),
|
|
sql.ErrConnDone,
|
|
),
|
|
err: func(err error) (error, bool) {
|
|
if !errors.Is(err, sql.ErrConnDone) {
|
|
return fmt.Errorf("err should be sql.ErrConnDone got: %w", err), false
|
|
}
|
|
return nil, true
|
|
},
|
|
},
|
|
object: false,
|
|
},
|
|
{
|
|
name: "prepareNotifyUserQuery no result",
|
|
prepare: prepareNotifyUserQuery,
|
|
want: want{
|
|
sqlExpectations: mockQueryScanErr(
|
|
regexp.QuoteMeta(notifyUserQuery),
|
|
nil,
|
|
nil,
|
|
),
|
|
err: func(err error) (error, bool) {
|
|
if !zerrors.IsNotFound(err) {
|
|
return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false
|
|
}
|
|
return nil, true
|
|
},
|
|
},
|
|
object: (*NotifyUser)(nil),
|
|
},
|
|
{
|
|
name: "prepareNotifyUserQuery notify found",
|
|
prepare: prepareNotifyUserQuery,
|
|
want: want{
|
|
sqlExpectations: mockQuery(
|
|
regexp.QuoteMeta(notifyUserQuery),
|
|
notifyUserCols,
|
|
[]driver.Value{
|
|
"id",
|
|
testNow,
|
|
testNow,
|
|
"resource_owner",
|
|
uint64(20211108),
|
|
domain.UserStateActive,
|
|
domain.UserTypeHuman,
|
|
"username",
|
|
database.TextArray[string]{"login_name1", "login_name2"},
|
|
"login_name1",
|
|
// human
|
|
"id",
|
|
"first_name",
|
|
"last_name",
|
|
"nick_name",
|
|
"display_name",
|
|
"de",
|
|
domain.GenderUnspecified,
|
|
"avatar_key",
|
|
//notify
|
|
"id",
|
|
"lastEmail",
|
|
"verifiedEmail",
|
|
"lastPhone",
|
|
"verifiedPhone",
|
|
true,
|
|
1,
|
|
},
|
|
),
|
|
},
|
|
object: &NotifyUser{
|
|
ID: "id",
|
|
CreationDate: testNow,
|
|
ChangeDate: testNow,
|
|
ResourceOwner: "resource_owner",
|
|
Sequence: 20211108,
|
|
State: domain.UserStateActive,
|
|
Type: domain.UserTypeHuman,
|
|
Username: "username",
|
|
LoginNames: database.TextArray[string]{"login_name1", "login_name2"},
|
|
PreferredLoginName: "login_name1",
|
|
FirstName: "first_name",
|
|
LastName: "last_name",
|
|
NickName: "nick_name",
|
|
DisplayName: "display_name",
|
|
AvatarKey: "avatar_key",
|
|
PreferredLanguage: language.German,
|
|
Gender: domain.GenderUnspecified,
|
|
LastEmail: "lastEmail",
|
|
VerifiedEmail: "verifiedEmail",
|
|
LastPhone: "lastPhone",
|
|
VerifiedPhone: "verifiedPhone",
|
|
PasswordSet: true,
|
|
},
|
|
},
|
|
{
|
|
name: "prepareNotifyUserQuery not notify found (error)",
|
|
prepare: prepareNotifyUserQuery,
|
|
want: want{
|
|
sqlExpectations: mockQueryScanErr(
|
|
regexp.QuoteMeta(notifyUserQuery),
|
|
notifyUserCols,
|
|
[]driver.Value{
|
|
"id",
|
|
testNow,
|
|
testNow,
|
|
"resource_owner",
|
|
uint64(20211108),
|
|
domain.UserStateActive,
|
|
domain.UserTypeHuman,
|
|
"username",
|
|
database.TextArray[string]{"login_name1", "login_name2"},
|
|
"login_name1",
|
|
// human
|
|
"id",
|
|
"first_name",
|
|
"last_name",
|
|
"nick_name",
|
|
"display_name",
|
|
"de",
|
|
domain.GenderUnspecified,
|
|
"avatar_key",
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
1,
|
|
},
|
|
),
|
|
err: func(err error) (error, bool) {
|
|
if !zerrors.IsPreconditionFailed(err) {
|
|
return fmt.Errorf("err should be zitadel.PredconditionError got: %w", err), false
|
|
}
|
|
return nil, true
|
|
},
|
|
},
|
|
object: (*NotifyUser)(nil),
|
|
},
|
|
{
|
|
name: "prepareNotifyUserQuery sql err",
|
|
prepare: prepareNotifyUserQuery,
|
|
want: want{
|
|
sqlExpectations: mockQueryErr(
|
|
regexp.QuoteMeta(notifyUserQuery),
|
|
sql.ErrConnDone,
|
|
),
|
|
err: func(err error) (error, bool) {
|
|
if !errors.Is(err, sql.ErrConnDone) {
|
|
return fmt.Errorf("err should be sql.ErrConnDone got: %w", err), false
|
|
}
|
|
return nil, true
|
|
},
|
|
},
|
|
object: (*NotifyUser)(nil),
|
|
},
|
|
{
|
|
name: "prepareUsersQuery no result",
|
|
prepare: prepareUsersQuery,
|
|
want: want{
|
|
sqlExpectations: mockQuery(
|
|
regexp.QuoteMeta(usersQuery),
|
|
nil,
|
|
nil,
|
|
),
|
|
err: func(err error) (error, bool) {
|
|
if !zerrors.IsNotFound(err) {
|
|
return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false
|
|
}
|
|
return nil, true
|
|
},
|
|
},
|
|
object: &Users{Users: []*User{}},
|
|
},
|
|
{
|
|
name: "prepareUsersQuery one result",
|
|
prepare: prepareUsersQuery,
|
|
want: want{
|
|
sqlExpectations: mockQueries(
|
|
regexp.QuoteMeta(usersQuery),
|
|
usersCols,
|
|
[][]driver.Value{
|
|
{
|
|
"id",
|
|
testNow,
|
|
testNow,
|
|
"resource_owner",
|
|
uint64(20211108),
|
|
domain.UserStateActive,
|
|
domain.UserTypeHuman,
|
|
"username",
|
|
database.TextArray[string]{"login_name1", "login_name2"},
|
|
"login_name1",
|
|
// human
|
|
"id",
|
|
"first_name",
|
|
"last_name",
|
|
"nick_name",
|
|
"display_name",
|
|
"de",
|
|
domain.GenderUnspecified,
|
|
"avatar_key",
|
|
"email",
|
|
true,
|
|
"phone",
|
|
true,
|
|
// machine
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
},
|
|
},
|
|
),
|
|
},
|
|
object: &Users{
|
|
SearchResponse: SearchResponse{
|
|
Count: 1,
|
|
},
|
|
Users: []*User{
|
|
{
|
|
ID: "id",
|
|
CreationDate: testNow,
|
|
ChangeDate: testNow,
|
|
ResourceOwner: "resource_owner",
|
|
Sequence: 20211108,
|
|
State: domain.UserStateActive,
|
|
Type: domain.UserTypeHuman,
|
|
Username: "username",
|
|
LoginNames: database.TextArray[string]{"login_name1", "login_name2"},
|
|
PreferredLoginName: "login_name1",
|
|
Human: &Human{
|
|
FirstName: "first_name",
|
|
LastName: "last_name",
|
|
NickName: "nick_name",
|
|
DisplayName: "display_name",
|
|
AvatarKey: "avatar_key",
|
|
PreferredLanguage: language.German,
|
|
Gender: domain.GenderUnspecified,
|
|
Email: "email",
|
|
IsEmailVerified: true,
|
|
Phone: "phone",
|
|
IsPhoneVerified: true,
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "prepareUsersQuery multiple results",
|
|
prepare: prepareUsersQuery,
|
|
want: want{
|
|
sqlExpectations: mockQueries(
|
|
regexp.QuoteMeta(usersQuery),
|
|
usersCols,
|
|
[][]driver.Value{
|
|
{
|
|
"id",
|
|
testNow,
|
|
testNow,
|
|
"resource_owner",
|
|
uint64(20211108),
|
|
domain.UserStateActive,
|
|
domain.UserTypeHuman,
|
|
"username",
|
|
database.TextArray[string]{"login_name1", "login_name2"},
|
|
"login_name1",
|
|
// human
|
|
"id",
|
|
"first_name",
|
|
"last_name",
|
|
"nick_name",
|
|
"display_name",
|
|
"de",
|
|
domain.GenderUnspecified,
|
|
"avatar_key",
|
|
"email",
|
|
true,
|
|
"phone",
|
|
true,
|
|
// machine
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
},
|
|
{
|
|
"id",
|
|
testNow,
|
|
testNow,
|
|
"resource_owner",
|
|
uint64(20211108),
|
|
domain.UserStateActive,
|
|
domain.UserTypeMachine,
|
|
"username",
|
|
database.TextArray[string]{"login_name1", "login_name2"},
|
|
"login_name1",
|
|
// human
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
// machine
|
|
"id",
|
|
"name",
|
|
"description",
|
|
`{"CryptoType":1,"Algorithm":"bcrypt","Crypted":"deadbeef"}`,
|
|
domain.OIDCTokenTypeBearer,
|
|
},
|
|
},
|
|
),
|
|
},
|
|
object: &Users{
|
|
SearchResponse: SearchResponse{
|
|
Count: 2,
|
|
},
|
|
Users: []*User{
|
|
{
|
|
ID: "id",
|
|
CreationDate: testNow,
|
|
ChangeDate: testNow,
|
|
ResourceOwner: "resource_owner",
|
|
Sequence: 20211108,
|
|
State: domain.UserStateActive,
|
|
Type: domain.UserTypeHuman,
|
|
Username: "username",
|
|
LoginNames: database.TextArray[string]{"login_name1", "login_name2"},
|
|
PreferredLoginName: "login_name1",
|
|
Human: &Human{
|
|
FirstName: "first_name",
|
|
LastName: "last_name",
|
|
NickName: "nick_name",
|
|
DisplayName: "display_name",
|
|
AvatarKey: "avatar_key",
|
|
PreferredLanguage: language.German,
|
|
Gender: domain.GenderUnspecified,
|
|
Email: "email",
|
|
IsEmailVerified: true,
|
|
Phone: "phone",
|
|
IsPhoneVerified: true,
|
|
},
|
|
},
|
|
{
|
|
ID: "id",
|
|
CreationDate: testNow,
|
|
ChangeDate: testNow,
|
|
ResourceOwner: "resource_owner",
|
|
Sequence: 20211108,
|
|
State: domain.UserStateActive,
|
|
Type: domain.UserTypeMachine,
|
|
Username: "username",
|
|
LoginNames: database.TextArray[string]{"login_name1", "login_name2"},
|
|
PreferredLoginName: "login_name1",
|
|
Machine: &Machine{
|
|
Name: "name",
|
|
Description: "description",
|
|
Secret: &crypto.CryptoValue{
|
|
CryptoType: crypto.TypeHash,
|
|
Algorithm: "bcrypt",
|
|
Crypted: []byte{117, 230, 157, 109, 231, 159},
|
|
},
|
|
AccessTokenType: domain.OIDCTokenTypeBearer,
|
|
},
|
|
},
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "prepareUsersQuery sql err",
|
|
prepare: prepareUsersQuery,
|
|
want: want{
|
|
sqlExpectations: mockQueryErr(
|
|
regexp.QuoteMeta(usersQuery),
|
|
sql.ErrConnDone,
|
|
),
|
|
err: func(err error) (error, bool) {
|
|
if !errors.Is(err, sql.ErrConnDone) {
|
|
return fmt.Errorf("err should be sql.ErrConnDone got: %w", err), false
|
|
}
|
|
return nil, true
|
|
},
|
|
},
|
|
object: (*Users)(nil),
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
assertPrepare(t, tt.prepare, tt.object, tt.want.sqlExpectations, tt.want.err, defaultPrepareArgs...)
|
|
})
|
|
}
|
|
}
|