zitadel/internal/query/auth_request_test.go

package query

import (
	"context"
	"database/sql"
	"database/sql/driver"
	_ "embed"
	"fmt"
	"regexp"
	"testing"
	"time"

	"github.com/muhlemmer/gu"
	"github.com/stretchr/testify/assert"
	"github.com/stretchr/testify/require"

	"github.com/zitadel/zitadel/internal/api/authz"
	"github.com/zitadel/zitadel/internal/database"
	"github.com/zitadel/zitadel/internal/domain"
	"github.com/zitadel/zitadel/internal/query/projection"
	"github.com/zitadel/zitadel/internal/zerrors"
)

func TestQueries_AuthRequestByID(t *testing.T) {
	expQuery := regexp.QuoteMeta(fmt.Sprintf(
		authRequestByIDQuery,
		asOfSystemTime,
	))

	cols := []string{
		projection.AuthRequestColumnID,
		projection.AuthRequestColumnCreationDate,
		projection.AuthRequestColumnLoginClient,
		projection.AuthRequestColumnClientID,
		projection.AuthRequestColumnScope,
		projection.AuthRequestColumnRedirectURI,
		projection.AuthRequestColumnPrompt,
		projection.AuthRequestColumnUILocales,
		projection.AuthRequestColumnLoginHint,
		projection.AuthRequestColumnMaxAge,
		projection.AuthRequestColumnHintUserID,
	}
	type args struct {
		shouldTriggerBulk bool
		id                string
		checkLoginClient  bool
	}
	tests := []struct {
		name            string
		args            args
		expect          sqlExpectation
		permissionCheck domain.PermissionCheck
		want            *AuthRequest
		wantErr         error
	}{
		{
			name: "success, all values",
			args: args{
				shouldTriggerBulk: false,
				id:                "123",
				checkLoginClient:  true,
			},
			expect: mockQuery(expQuery, cols, []driver.Value{
				"id",
				testNow,
				"loginClient",
				"clientID",
				database.TextArray[string]{"a", "b", "c"},
				"example.com",
				database.NumberArray[domain.Prompt]{domain.PromptLogin, domain.PromptConsent},
				database.TextArray[string]{"en", "fi"},
				"me@example.com",
				int64(time.Minute),
				"userID",
			}, "123", "instanceID"),
			want: &AuthRequest{
				ID:           "id",
				CreationDate: testNow,
				LoginClient:  "loginClient",
				ClientID:     "clientID",
				Scope:        []string{"a", "b", "c"},
				RedirectURI:  "example.com",
				Prompt:       []domain.Prompt{domain.PromptLogin, domain.PromptConsent},
				UiLocales:    []string{"en", "fi"},
				LoginHint:    gu.Ptr("me@example.com"),
				MaxAge:       gu.Ptr(time.Minute),
				HintUserID:   gu.Ptr("userID"),
			},
		},
		{
			name: "success, null values",
			args: args{
				shouldTriggerBulk: false,
				id:                "123",
				checkLoginClient:  true,
			},
			expect: mockQuery(expQuery, cols, []driver.Value{
				"id",
				testNow,
				"loginClient",
				"clientID",
				database.TextArray[string]{"a", "b", "c"},
				"example.com",
				database.NumberArray[domain.Prompt]{domain.PromptLogin, domain.PromptConsent},
				database.TextArray[string]{"en", "fi"},
				nil,
				nil,
				nil,
			}, "123", "instanceID"),
			want: &AuthRequest{
				ID:           "id",
				CreationDate: testNow,
				LoginClient:  "loginClient",
				ClientID:     "clientID",
				Scope:        []string{"a", "b", "c"},
				RedirectURI:  "example.com",
				Prompt:       []domain.Prompt{domain.PromptLogin, domain.PromptConsent},
				UiLocales:    []string{"en", "fi"},
				LoginHint:    nil,
				MaxAge:       nil,
				HintUserID:   nil,
			},
		},
		{
			name: "no rows",
			args: args{
				shouldTriggerBulk: false,
				id:                "123",
			},
			expect:  mockQueryScanErr(expQuery, cols, nil, "123", "instanceID"),
			wantErr: zerrors.ThrowNotFound(sql.ErrNoRows, "QUERY-Thee9", "Errors.AuthRequest.NotExisting"),
		},
		{
			name: "query error",
			args: args{
				shouldTriggerBulk: false,
				id:                "123",
			},
			expect:  mockQueryErr(expQuery, sql.ErrConnDone, "123", "instanceID"),
			wantErr: zerrors.ThrowInternal(sql.ErrConnDone, "QUERY-Ou8ue", "Errors.Internal"),
		},
		{
			name: "wrong login client / not permitted",
			args: args{
				shouldTriggerBulk: false,
				id:                "123",
				checkLoginClient:  true,
			},
			expect: mockQuery(expQuery, cols, []driver.Value{
				"id",
				testNow,
				"wrongLoginClient",
				"clientID",
				database.TextArray[string]{"a", "b", "c"},
				"example.com",
				database.NumberArray[domain.Prompt]{domain.PromptLogin, domain.PromptConsent},
				database.TextArray[string]{"en", "fi"},
				nil,
				nil,
				nil,
			}, "123", "instanceID"),
			permissionCheck: func(ctx context.Context, permission, orgID, resourceID string) (err error) {
				return zerrors.ThrowPermissionDenied(nil, "id", "not permitted")
			},
			wantErr: zerrors.ThrowPermissionDenied(nil, "id", "not permitted"),
		},
		{
			name: "other login client / permitted",
			args: args{
				shouldTriggerBulk: false,
				id:                "123",
				checkLoginClient:  true,
			},
			expect: mockQuery(expQuery, cols, []driver.Value{
				"id",
				testNow,
				"otherLoginClient",
				"clientID",
				database.TextArray[string]{"a", "b", "c"},
				"example.com",
				database.NumberArray[domain.Prompt]{domain.PromptLogin, domain.PromptConsent},
				database.TextArray[string]{"en", "fi"},
				nil,
				nil,
				nil,
			}, "123", "instanceID"),
			permissionCheck: func(ctx context.Context, permission, orgID, resourceID string) (err error) {
				return nil
			},
			want: &AuthRequest{
				ID:           "id",
				CreationDate: testNow,
				LoginClient:  "otherLoginClient",
				ClientID:     "clientID",
				Scope:        []string{"a", "b", "c"},
				RedirectURI:  "example.com",
				Prompt:       []domain.Prompt{domain.PromptLogin, domain.PromptConsent},
				UiLocales:    []string{"en", "fi"},
				LoginHint:    nil,
				MaxAge:       nil,
				HintUserID:   nil,
			},
		},
	}
	for _, tt := range tests {
		t.Run(tt.name, func(t *testing.T) {
			execMock(t, tt.expect, func(db *sql.DB) {
				q := &Queries{
					client: &database.DB{
						DB:       db,
						Database: &prepareDB{},
					},
					checkPermission: tt.permissionCheck,
				}
				ctx := authz.NewMockContext("instanceID", "orgID", "loginClient")

				got, err := q.AuthRequestByID(ctx, tt.args.shouldTriggerBulk, tt.args.id, tt.args.checkLoginClient)
				require.ErrorIs(t, err, tt.wantErr)
				assert.Equal(t, tt.want, got)
			})
		})
	}
}