mirror of
https://github.com/zitadel/zitadel.git
synced 2025-01-10 22:23:41 +00:00
50d2b26a28
# Which Problems Are Solved To be able to migrate or test the new login UI, admins might want to (temporarily) switch individual apps. At a later point admin might want to make sure all applications use the new login UI. # How the Problems Are Solved - Added a feature flag `` on instance level to require all apps to use the new login and provide an optional base url. - if the flag is enabled, all (OIDC) applications will automatically use the v2 login. - if disabled, applications can decide based on their configuration - Added an option on OIDC apps to use the new login UI and an optional base url. - Removed the requirement to use `x-zitadel-login-client` to be redirected to the login V2 and retrieve created authrequest and link them to SSO sessions. - Added a new "IAM_LOGIN_CLIENT" role to allow management of users, sessions, grants and more without `x-zitadel-login-client`. # Additional Changes None # Additional Context closes https://github.com/zitadel/zitadel/issues/8702
374 lines
11 KiB
Go
374 lines
11 KiB
Go
package feature
|
|
|
|
import (
|
|
"net/url"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/muhlemmer/gu"
|
|
"github.com/stretchr/testify/assert"
|
|
"google.golang.org/protobuf/types/known/timestamppb"
|
|
|
|
"github.com/zitadel/zitadel/internal/command"
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
"github.com/zitadel/zitadel/internal/feature"
|
|
"github.com/zitadel/zitadel/internal/query"
|
|
feature_pb "github.com/zitadel/zitadel/pkg/grpc/feature/v2"
|
|
"github.com/zitadel/zitadel/pkg/grpc/object/v2"
|
|
)
|
|
|
|
func Test_systemFeaturesToCommand(t *testing.T) {
|
|
arg := &feature_pb.SetSystemFeaturesRequest{
|
|
LoginDefaultOrg: gu.Ptr(true),
|
|
OidcTriggerIntrospectionProjections: gu.Ptr(false),
|
|
OidcLegacyIntrospection: nil,
|
|
UserSchema: gu.Ptr(true),
|
|
Actions: gu.Ptr(true),
|
|
OidcTokenExchange: gu.Ptr(true),
|
|
ImprovedPerformance: nil,
|
|
OidcSingleV1SessionTermination: gu.Ptr(true),
|
|
LoginV2: &feature_pb.LoginV2{
|
|
Required: true,
|
|
BaseUri: gu.Ptr("https://login.com"),
|
|
},
|
|
}
|
|
want := &command.SystemFeatures{
|
|
LoginDefaultOrg: gu.Ptr(true),
|
|
TriggerIntrospectionProjections: gu.Ptr(false),
|
|
LegacyIntrospection: nil,
|
|
UserSchema: gu.Ptr(true),
|
|
Actions: gu.Ptr(true),
|
|
TokenExchange: gu.Ptr(true),
|
|
ImprovedPerformance: nil,
|
|
OIDCSingleV1SessionTermination: gu.Ptr(true),
|
|
LoginV2: &feature.LoginV2{
|
|
Required: true,
|
|
BaseURI: &url.URL{Scheme: "https", Host: "login.com"},
|
|
},
|
|
}
|
|
got, err := systemFeaturesToCommand(arg)
|
|
assert.Equal(t, want, got)
|
|
assert.NoError(t, err)
|
|
}
|
|
|
|
func Test_systemFeaturesToPb(t *testing.T) {
|
|
arg := &query.SystemFeatures{
|
|
Details: &domain.ObjectDetails{
|
|
Sequence: 22,
|
|
EventDate: time.Unix(123, 0),
|
|
ResourceOwner: "SYSTEM",
|
|
},
|
|
LoginDefaultOrg: query.FeatureSource[bool]{
|
|
Level: feature.LevelSystem,
|
|
Value: true,
|
|
},
|
|
TriggerIntrospectionProjections: query.FeatureSource[bool]{
|
|
Level: feature.LevelUnspecified,
|
|
Value: false,
|
|
},
|
|
LegacyIntrospection: query.FeatureSource[bool]{
|
|
Level: feature.LevelSystem,
|
|
Value: true,
|
|
},
|
|
UserSchema: query.FeatureSource[bool]{
|
|
Level: feature.LevelSystem,
|
|
Value: true,
|
|
},
|
|
Actions: query.FeatureSource[bool]{
|
|
Level: feature.LevelSystem,
|
|
Value: true,
|
|
},
|
|
TokenExchange: query.FeatureSource[bool]{
|
|
Level: feature.LevelSystem,
|
|
Value: false,
|
|
},
|
|
ImprovedPerformance: query.FeatureSource[[]feature.ImprovedPerformanceType]{
|
|
Level: feature.LevelSystem,
|
|
Value: []feature.ImprovedPerformanceType{feature.ImprovedPerformanceTypeOrgByID},
|
|
},
|
|
OIDCSingleV1SessionTermination: query.FeatureSource[bool]{
|
|
Level: feature.LevelSystem,
|
|
Value: true,
|
|
},
|
|
EnableBackChannelLogout: query.FeatureSource[bool]{
|
|
Level: feature.LevelSystem,
|
|
Value: true,
|
|
},
|
|
LoginV2: query.FeatureSource[*feature.LoginV2]{
|
|
Level: feature.LevelSystem,
|
|
Value: &feature.LoginV2{
|
|
Required: true,
|
|
BaseURI: &url.URL{Scheme: "https", Host: "login.com"},
|
|
},
|
|
},
|
|
}
|
|
want := &feature_pb.GetSystemFeaturesResponse{
|
|
Details: &object.Details{
|
|
Sequence: 22,
|
|
ChangeDate: ×tamppb.Timestamp{Seconds: 123},
|
|
ResourceOwner: "SYSTEM",
|
|
},
|
|
LoginDefaultOrg: &feature_pb.FeatureFlag{
|
|
Enabled: true,
|
|
Source: feature_pb.Source_SOURCE_SYSTEM,
|
|
},
|
|
OidcTriggerIntrospectionProjections: &feature_pb.FeatureFlag{
|
|
Enabled: false,
|
|
Source: feature_pb.Source_SOURCE_UNSPECIFIED,
|
|
},
|
|
OidcLegacyIntrospection: &feature_pb.FeatureFlag{
|
|
Enabled: true,
|
|
Source: feature_pb.Source_SOURCE_SYSTEM,
|
|
},
|
|
UserSchema: &feature_pb.FeatureFlag{
|
|
Enabled: true,
|
|
Source: feature_pb.Source_SOURCE_SYSTEM,
|
|
},
|
|
OidcTokenExchange: &feature_pb.FeatureFlag{
|
|
Enabled: false,
|
|
Source: feature_pb.Source_SOURCE_SYSTEM,
|
|
},
|
|
Actions: &feature_pb.FeatureFlag{
|
|
Enabled: true,
|
|
Source: feature_pb.Source_SOURCE_SYSTEM,
|
|
},
|
|
ImprovedPerformance: &feature_pb.ImprovedPerformanceFeatureFlag{
|
|
ExecutionPaths: []feature_pb.ImprovedPerformance{feature_pb.ImprovedPerformance_IMPROVED_PERFORMANCE_ORG_BY_ID},
|
|
Source: feature_pb.Source_SOURCE_SYSTEM,
|
|
},
|
|
OidcSingleV1SessionTermination: &feature_pb.FeatureFlag{
|
|
Enabled: true,
|
|
Source: feature_pb.Source_SOURCE_SYSTEM,
|
|
},
|
|
DisableUserTokenEvent: &feature_pb.FeatureFlag{
|
|
Enabled: false,
|
|
Source: feature_pb.Source_SOURCE_UNSPECIFIED,
|
|
},
|
|
EnableBackChannelLogout: &feature_pb.FeatureFlag{
|
|
Enabled: true,
|
|
Source: feature_pb.Source_SOURCE_SYSTEM,
|
|
},
|
|
LoginV2: &feature_pb.LoginV2FeatureFlag{
|
|
Required: true,
|
|
BaseUri: gu.Ptr("https://login.com"),
|
|
Source: feature_pb.Source_SOURCE_SYSTEM,
|
|
},
|
|
}
|
|
got := systemFeaturesToPb(arg)
|
|
assert.Equal(t, want, got)
|
|
}
|
|
|
|
func Test_instanceFeaturesToCommand(t *testing.T) {
|
|
arg := &feature_pb.SetInstanceFeaturesRequest{
|
|
LoginDefaultOrg: gu.Ptr(true),
|
|
OidcTriggerIntrospectionProjections: gu.Ptr(false),
|
|
OidcLegacyIntrospection: nil,
|
|
UserSchema: gu.Ptr(true),
|
|
OidcTokenExchange: gu.Ptr(true),
|
|
Actions: gu.Ptr(true),
|
|
ImprovedPerformance: nil,
|
|
WebKey: gu.Ptr(true),
|
|
DebugOidcParentError: gu.Ptr(true),
|
|
OidcSingleV1SessionTermination: gu.Ptr(true),
|
|
EnableBackChannelLogout: gu.Ptr(true),
|
|
LoginV2: &feature_pb.LoginV2{
|
|
Required: true,
|
|
BaseUri: gu.Ptr("https://login.com"),
|
|
},
|
|
}
|
|
want := &command.InstanceFeatures{
|
|
LoginDefaultOrg: gu.Ptr(true),
|
|
TriggerIntrospectionProjections: gu.Ptr(false),
|
|
LegacyIntrospection: nil,
|
|
UserSchema: gu.Ptr(true),
|
|
TokenExchange: gu.Ptr(true),
|
|
Actions: gu.Ptr(true),
|
|
ImprovedPerformance: nil,
|
|
WebKey: gu.Ptr(true),
|
|
DebugOIDCParentError: gu.Ptr(true),
|
|
OIDCSingleV1SessionTermination: gu.Ptr(true),
|
|
EnableBackChannelLogout: gu.Ptr(true),
|
|
LoginV2: &feature.LoginV2{
|
|
Required: true,
|
|
BaseURI: &url.URL{Scheme: "https", Host: "login.com"},
|
|
},
|
|
}
|
|
got, err := instanceFeaturesToCommand(arg)
|
|
assert.Equal(t, want, got)
|
|
assert.NoError(t, err)
|
|
}
|
|
|
|
func Test_instanceFeaturesToPb(t *testing.T) {
|
|
arg := &query.InstanceFeatures{
|
|
Details: &domain.ObjectDetails{
|
|
Sequence: 22,
|
|
EventDate: time.Unix(123, 0),
|
|
ResourceOwner: "instance1",
|
|
},
|
|
LoginDefaultOrg: query.FeatureSource[bool]{
|
|
Level: feature.LevelSystem,
|
|
Value: true,
|
|
},
|
|
TriggerIntrospectionProjections: query.FeatureSource[bool]{
|
|
Level: feature.LevelUnspecified,
|
|
Value: false,
|
|
},
|
|
LegacyIntrospection: query.FeatureSource[bool]{
|
|
Level: feature.LevelInstance,
|
|
Value: true,
|
|
},
|
|
UserSchema: query.FeatureSource[bool]{
|
|
Level: feature.LevelInstance,
|
|
Value: true,
|
|
},
|
|
Actions: query.FeatureSource[bool]{
|
|
Level: feature.LevelInstance,
|
|
Value: true,
|
|
},
|
|
TokenExchange: query.FeatureSource[bool]{
|
|
Level: feature.LevelSystem,
|
|
Value: false,
|
|
},
|
|
ImprovedPerformance: query.FeatureSource[[]feature.ImprovedPerformanceType]{
|
|
Level: feature.LevelSystem,
|
|
Value: []feature.ImprovedPerformanceType{feature.ImprovedPerformanceTypeOrgByID},
|
|
},
|
|
WebKey: query.FeatureSource[bool]{
|
|
Level: feature.LevelInstance,
|
|
Value: true,
|
|
},
|
|
OIDCSingleV1SessionTermination: query.FeatureSource[bool]{
|
|
Level: feature.LevelInstance,
|
|
Value: true,
|
|
},
|
|
EnableBackChannelLogout: query.FeatureSource[bool]{
|
|
Level: feature.LevelInstance,
|
|
Value: true,
|
|
},
|
|
LoginV2: query.FeatureSource[*feature.LoginV2]{
|
|
Level: feature.LevelInstance,
|
|
Value: &feature.LoginV2{
|
|
Required: true,
|
|
BaseURI: &url.URL{Scheme: "https", Host: "login.com"},
|
|
},
|
|
},
|
|
}
|
|
want := &feature_pb.GetInstanceFeaturesResponse{
|
|
Details: &object.Details{
|
|
Sequence: 22,
|
|
ChangeDate: ×tamppb.Timestamp{Seconds: 123},
|
|
ResourceOwner: "instance1",
|
|
},
|
|
LoginDefaultOrg: &feature_pb.FeatureFlag{
|
|
Enabled: true,
|
|
Source: feature_pb.Source_SOURCE_SYSTEM,
|
|
},
|
|
OidcTriggerIntrospectionProjections: &feature_pb.FeatureFlag{
|
|
Enabled: false,
|
|
Source: feature_pb.Source_SOURCE_UNSPECIFIED,
|
|
},
|
|
OidcLegacyIntrospection: &feature_pb.FeatureFlag{
|
|
Enabled: true,
|
|
Source: feature_pb.Source_SOURCE_INSTANCE,
|
|
},
|
|
UserSchema: &feature_pb.FeatureFlag{
|
|
Enabled: true,
|
|
Source: feature_pb.Source_SOURCE_INSTANCE,
|
|
},
|
|
Actions: &feature_pb.FeatureFlag{
|
|
Enabled: true,
|
|
Source: feature_pb.Source_SOURCE_INSTANCE,
|
|
},
|
|
OidcTokenExchange: &feature_pb.FeatureFlag{
|
|
Enabled: false,
|
|
Source: feature_pb.Source_SOURCE_SYSTEM,
|
|
},
|
|
ImprovedPerformance: &feature_pb.ImprovedPerformanceFeatureFlag{
|
|
ExecutionPaths: []feature_pb.ImprovedPerformance{feature_pb.ImprovedPerformance_IMPROVED_PERFORMANCE_ORG_BY_ID},
|
|
Source: feature_pb.Source_SOURCE_SYSTEM,
|
|
},
|
|
WebKey: &feature_pb.FeatureFlag{
|
|
Enabled: true,
|
|
Source: feature_pb.Source_SOURCE_INSTANCE,
|
|
},
|
|
DebugOidcParentError: &feature_pb.FeatureFlag{
|
|
Enabled: false,
|
|
Source: feature_pb.Source_SOURCE_UNSPECIFIED,
|
|
},
|
|
OidcSingleV1SessionTermination: &feature_pb.FeatureFlag{
|
|
Enabled: true,
|
|
Source: feature_pb.Source_SOURCE_INSTANCE,
|
|
},
|
|
DisableUserTokenEvent: &feature_pb.FeatureFlag{
|
|
Enabled: false,
|
|
Source: feature_pb.Source_SOURCE_UNSPECIFIED,
|
|
},
|
|
EnableBackChannelLogout: &feature_pb.FeatureFlag{
|
|
Enabled: true,
|
|
Source: feature_pb.Source_SOURCE_INSTANCE,
|
|
},
|
|
LoginV2: &feature_pb.LoginV2FeatureFlag{
|
|
Required: true,
|
|
BaseUri: gu.Ptr("https://login.com"),
|
|
Source: feature_pb.Source_SOURCE_INSTANCE,
|
|
},
|
|
}
|
|
got := instanceFeaturesToPb(arg)
|
|
assert.Equal(t, want, got)
|
|
}
|
|
|
|
func Test_featureLevelToSourcePb(t *testing.T) {
|
|
tests := []struct {
|
|
name string
|
|
level feature.Level
|
|
want feature_pb.Source
|
|
}{
|
|
{
|
|
name: "unspecified",
|
|
level: feature.LevelUnspecified,
|
|
want: feature_pb.Source_SOURCE_UNSPECIFIED,
|
|
},
|
|
{
|
|
name: "system",
|
|
level: feature.LevelSystem,
|
|
want: feature_pb.Source_SOURCE_SYSTEM,
|
|
},
|
|
{
|
|
name: "instance",
|
|
level: feature.LevelInstance,
|
|
want: feature_pb.Source_SOURCE_INSTANCE,
|
|
},
|
|
{
|
|
name: "org",
|
|
level: feature.LevelOrg,
|
|
want: feature_pb.Source_SOURCE_ORGANIZATION,
|
|
},
|
|
{
|
|
name: "project",
|
|
level: feature.LevelProject,
|
|
want: feature_pb.Source_SOURCE_PROJECT,
|
|
},
|
|
{
|
|
name: "app",
|
|
level: feature.LevelApp,
|
|
want: feature_pb.Source_SOURCE_APP,
|
|
},
|
|
{
|
|
name: "user",
|
|
level: feature.LevelUser,
|
|
want: feature_pb.Source_SOURCE_USER,
|
|
},
|
|
{
|
|
name: "unknown",
|
|
level: 99,
|
|
want: 99,
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
got := featureLevelToSourcePb(tt.level)
|
|
assert.Equal(t, tt.want, got)
|
|
})
|
|
}
|
|
}
|