mirror of
https://github.com/zitadel/zitadel.git
synced 2024-12-15 04:18:01 +00:00
fb8cd18f93
# Which Problems Are Solved Some organizations / customers have the requirement, that there users regularly need to change their password. ZITADEL already had the possibility to manage a `password age policy` ( thought the API) with the maximum amount of days a password should be valid, resp. days after with the user should be warned of the upcoming expiration. The policy could not be managed though the Console UI and was not checked in the Login UI. # How the Problems Are Solved - The policy can be managed in the Console UI's settings sections on an instance and organization level. - During an authentication in the Login UI, if a policy is set with an expiry (>0) and the user's last password change exceeds the amount of days set, the user will be prompted to change their password. - The prompt message of the Login UI can be customized in the Custom Login Texts though the Console and API on the instance and each organization. - The information when the user last changed their password is returned in the Auth, Management and User V2 API. - The policy can be retrieved in the settings service as `password expiry settings`. # Additional Changes None. # Additional Context - closes #8081 --------- Co-authored-by: Tim Möhlmann <tim+github@zitadel.com>
1015 lines
29 KiB
Go
1015 lines
29 KiB
Go
package query
|
|
|
|
import (
|
|
"database/sql"
|
|
"database/sql/driver"
|
|
"errors"
|
|
"fmt"
|
|
"regexp"
|
|
"testing"
|
|
|
|
"github.com/zitadel/zitadel/internal/database"
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
"github.com/zitadel/zitadel/internal/zerrors"
|
|
)
|
|
|
|
var (
|
|
userGrantStmt = regexp.QuoteMeta(
|
|
"SELECT projections.user_grants5.id" +
|
|
", projections.user_grants5.creation_date" +
|
|
", projections.user_grants5.change_date" +
|
|
", projections.user_grants5.sequence" +
|
|
", projections.user_grants5.grant_id" +
|
|
", projections.user_grants5.roles" +
|
|
", projections.user_grants5.state" +
|
|
", projections.user_grants5.user_id" +
|
|
", projections.users13.username" +
|
|
", projections.users13.type" +
|
|
", projections.users13.resource_owner" +
|
|
", projections.users13_humans.first_name" +
|
|
", projections.users13_humans.last_name" +
|
|
", projections.users13_humans.email" +
|
|
", projections.users13_humans.display_name" +
|
|
", projections.users13_humans.avatar_key" +
|
|
", projections.login_names3.login_name" +
|
|
", projections.user_grants5.resource_owner" +
|
|
", projections.orgs1.name" +
|
|
", projections.orgs1.primary_domain" +
|
|
", projections.user_grants5.project_id" +
|
|
", projections.projects4.name" +
|
|
", granted_orgs.id" +
|
|
", granted_orgs.name" +
|
|
", granted_orgs.primary_domain" +
|
|
" FROM projections.user_grants5" +
|
|
" LEFT JOIN projections.users13 ON projections.user_grants5.user_id = projections.users13.id AND projections.user_grants5.instance_id = projections.users13.instance_id" +
|
|
" LEFT JOIN projections.users13_humans ON projections.user_grants5.user_id = projections.users13_humans.user_id AND projections.user_grants5.instance_id = projections.users13_humans.instance_id" +
|
|
" LEFT JOIN projections.orgs1 ON projections.user_grants5.resource_owner = projections.orgs1.id AND projections.user_grants5.instance_id = projections.orgs1.instance_id" +
|
|
" LEFT JOIN projections.projects4 ON projections.user_grants5.project_id = projections.projects4.id AND projections.user_grants5.instance_id = projections.projects4.instance_id" +
|
|
" LEFT JOIN projections.orgs1 AS granted_orgs ON projections.users13.resource_owner = granted_orgs.id AND projections.users13.instance_id = granted_orgs.instance_id" +
|
|
" LEFT JOIN projections.login_names3 ON projections.user_grants5.user_id = projections.login_names3.user_id AND projections.user_grants5.instance_id = projections.login_names3.instance_id" +
|
|
` AS OF SYSTEM TIME '-1 ms' ` +
|
|
" WHERE projections.login_names3.is_primary = $1")
|
|
userGrantCols = []string{
|
|
"id",
|
|
"creation_date",
|
|
"change_date",
|
|
"sequence",
|
|
"grant_id",
|
|
"roles",
|
|
"state",
|
|
"user_id",
|
|
"username",
|
|
"type",
|
|
"resource_owner", //user resource owner
|
|
"first_name",
|
|
"last_name",
|
|
"email",
|
|
"display_name",
|
|
"avatar_key",
|
|
"login_name",
|
|
"resource_owner", //user_grant resource owner
|
|
"name", //org name
|
|
"primary_domain",
|
|
"project_id",
|
|
"name", // project name
|
|
"id", // granted org id
|
|
"name", // granted org name
|
|
"primary_domain", // granted org domain
|
|
}
|
|
userGrantsStmt = regexp.QuoteMeta(
|
|
"SELECT projections.user_grants5.id" +
|
|
", projections.user_grants5.creation_date" +
|
|
", projections.user_grants5.change_date" +
|
|
", projections.user_grants5.sequence" +
|
|
", projections.user_grants5.grant_id" +
|
|
", projections.user_grants5.roles" +
|
|
", projections.user_grants5.state" +
|
|
", projections.user_grants5.user_id" +
|
|
", projections.users13.username" +
|
|
", projections.users13.type" +
|
|
", projections.users13.resource_owner" +
|
|
", projections.users13_humans.first_name" +
|
|
", projections.users13_humans.last_name" +
|
|
", projections.users13_humans.email" +
|
|
", projections.users13_humans.display_name" +
|
|
", projections.users13_humans.avatar_key" +
|
|
", projections.login_names3.login_name" +
|
|
", projections.user_grants5.resource_owner" +
|
|
", projections.orgs1.name" +
|
|
", projections.orgs1.primary_domain" +
|
|
", projections.user_grants5.project_id" +
|
|
", projections.projects4.name" +
|
|
", granted_orgs.id" +
|
|
", granted_orgs.name" +
|
|
", granted_orgs.primary_domain" +
|
|
", COUNT(*) OVER ()" +
|
|
" FROM projections.user_grants5" +
|
|
" LEFT JOIN projections.users13 ON projections.user_grants5.user_id = projections.users13.id AND projections.user_grants5.instance_id = projections.users13.instance_id" +
|
|
" LEFT JOIN projections.users13_humans ON projections.user_grants5.user_id = projections.users13_humans.user_id AND projections.user_grants5.instance_id = projections.users13_humans.instance_id" +
|
|
" LEFT JOIN projections.orgs1 ON projections.user_grants5.resource_owner = projections.orgs1.id AND projections.user_grants5.instance_id = projections.orgs1.instance_id" +
|
|
" LEFT JOIN projections.projects4 ON projections.user_grants5.project_id = projections.projects4.id AND projections.user_grants5.instance_id = projections.projects4.instance_id" +
|
|
" LEFT JOIN projections.orgs1 AS granted_orgs ON projections.users13.resource_owner = granted_orgs.id AND projections.users13.instance_id = granted_orgs.instance_id" +
|
|
" LEFT JOIN projections.login_names3 ON projections.user_grants5.user_id = projections.login_names3.user_id AND projections.user_grants5.instance_id = projections.login_names3.instance_id" +
|
|
` AS OF SYSTEM TIME '-1 ms' ` +
|
|
" WHERE projections.login_names3.is_primary = $1")
|
|
userGrantsCols = append(
|
|
userGrantCols,
|
|
"count",
|
|
)
|
|
)
|
|
|
|
func Test_UserGrantPrepares(t *testing.T) {
|
|
type want struct {
|
|
sqlExpectations sqlExpectation
|
|
err checkErr
|
|
}
|
|
tests := []struct {
|
|
name string
|
|
prepare interface{}
|
|
want want
|
|
object interface{}
|
|
}{
|
|
{
|
|
name: "prepareUserGrantQuery no result",
|
|
prepare: prepareUserGrantQuery,
|
|
want: want{
|
|
sqlExpectations: mockQueriesScanErr(
|
|
userGrantStmt,
|
|
nil,
|
|
nil,
|
|
),
|
|
err: func(err error) (error, bool) {
|
|
if !zerrors.IsNotFound(err) {
|
|
return fmt.Errorf("err should be zitadel.NotFoundError got: %w", err), false
|
|
}
|
|
return nil, true
|
|
},
|
|
},
|
|
object: (*UserGrant)(nil),
|
|
},
|
|
{
|
|
name: "prepareUserGrantQuery found",
|
|
prepare: prepareUserGrantQuery,
|
|
want: want{
|
|
sqlExpectations: mockQuery(
|
|
userGrantStmt,
|
|
userGrantCols,
|
|
[]driver.Value{
|
|
"id",
|
|
testNow,
|
|
testNow,
|
|
20211111,
|
|
"grant-id",
|
|
database.TextArray[string]{"role-key"},
|
|
domain.UserGrantStateActive,
|
|
"user-id",
|
|
"username",
|
|
domain.UserTypeHuman,
|
|
"resource-owner",
|
|
"first-name",
|
|
"last-name",
|
|
"email",
|
|
"display-name",
|
|
"avatar-key",
|
|
"login-name",
|
|
"ro",
|
|
"org-name",
|
|
"primary-domain",
|
|
"project-id",
|
|
"project-name",
|
|
"granted-org-id",
|
|
"granted-org-name",
|
|
"granted-org-domain",
|
|
},
|
|
),
|
|
},
|
|
object: &UserGrant{
|
|
ID: "id",
|
|
CreationDate: testNow,
|
|
ChangeDate: testNow,
|
|
Sequence: 20211111,
|
|
Roles: database.TextArray[string]{"role-key"},
|
|
GrantID: "grant-id",
|
|
State: domain.UserGrantStateActive,
|
|
UserID: "user-id",
|
|
Username: "username",
|
|
UserType: domain.UserTypeHuman,
|
|
UserResourceOwner: "resource-owner",
|
|
FirstName: "first-name",
|
|
LastName: "last-name",
|
|
Email: "email",
|
|
DisplayName: "display-name",
|
|
AvatarURL: "avatar-key",
|
|
PreferredLoginName: "login-name",
|
|
ResourceOwner: "ro",
|
|
OrgName: "org-name",
|
|
OrgPrimaryDomain: "primary-domain",
|
|
ProjectID: "project-id",
|
|
ProjectName: "project-name",
|
|
GrantedOrgID: "granted-org-id",
|
|
GrantedOrgName: "granted-org-name",
|
|
GrantedOrgDomain: "granted-org-domain",
|
|
},
|
|
},
|
|
{
|
|
name: "prepareUserGrantQuery machine user found",
|
|
prepare: prepareUserGrantQuery,
|
|
want: want{
|
|
sqlExpectations: mockQuery(
|
|
userGrantStmt,
|
|
userGrantCols,
|
|
[]driver.Value{
|
|
"id",
|
|
testNow,
|
|
testNow,
|
|
20211111,
|
|
"grant-id",
|
|
database.TextArray[string]{"role-key"},
|
|
domain.UserGrantStateActive,
|
|
"user-id",
|
|
"username",
|
|
domain.UserTypeMachine,
|
|
"resource-owner",
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
"login-name",
|
|
"ro",
|
|
"org-name",
|
|
"primary-domain",
|
|
"project-id",
|
|
"project-name",
|
|
"granted-org-id",
|
|
"granted-org-name",
|
|
"granted-org-domain",
|
|
},
|
|
),
|
|
},
|
|
object: &UserGrant{
|
|
ID: "id",
|
|
CreationDate: testNow,
|
|
ChangeDate: testNow,
|
|
Sequence: 20211111,
|
|
Roles: database.TextArray[string]{"role-key"},
|
|
GrantID: "grant-id",
|
|
State: domain.UserGrantStateActive,
|
|
UserID: "user-id",
|
|
Username: "username",
|
|
UserType: domain.UserTypeMachine,
|
|
UserResourceOwner: "resource-owner",
|
|
FirstName: "",
|
|
LastName: "",
|
|
Email: "",
|
|
DisplayName: "",
|
|
AvatarURL: "",
|
|
PreferredLoginName: "login-name",
|
|
ResourceOwner: "ro",
|
|
OrgName: "org-name",
|
|
OrgPrimaryDomain: "primary-domain",
|
|
ProjectID: "project-id",
|
|
ProjectName: "project-name",
|
|
GrantedOrgID: "granted-org-id",
|
|
GrantedOrgName: "granted-org-name",
|
|
GrantedOrgDomain: "granted-org-domain",
|
|
},
|
|
},
|
|
{
|
|
name: "prepareUserGrantQuery (no org) found",
|
|
prepare: prepareUserGrantQuery,
|
|
want: want{
|
|
sqlExpectations: mockQuery(
|
|
userGrantStmt,
|
|
userGrantCols,
|
|
[]driver.Value{
|
|
"id",
|
|
testNow,
|
|
testNow,
|
|
20211111,
|
|
"grant-id",
|
|
database.TextArray[string]{"role-key"},
|
|
domain.UserGrantStateActive,
|
|
"user-id",
|
|
"username",
|
|
domain.UserTypeHuman,
|
|
"resource-owner",
|
|
"first-name",
|
|
"last-name",
|
|
"email",
|
|
"display-name",
|
|
"avatar-key",
|
|
"login-name",
|
|
"ro",
|
|
nil,
|
|
nil,
|
|
"project-id",
|
|
"project-name",
|
|
"granted-org-id",
|
|
"granted-org-name",
|
|
"granted-org-domain",
|
|
},
|
|
),
|
|
},
|
|
object: &UserGrant{
|
|
ID: "id",
|
|
CreationDate: testNow,
|
|
ChangeDate: testNow,
|
|
Sequence: 20211111,
|
|
Roles: database.TextArray[string]{"role-key"},
|
|
GrantID: "grant-id",
|
|
State: domain.UserGrantStateActive,
|
|
UserID: "user-id",
|
|
Username: "username",
|
|
UserType: domain.UserTypeHuman,
|
|
UserResourceOwner: "resource-owner",
|
|
FirstName: "first-name",
|
|
LastName: "last-name",
|
|
Email: "email",
|
|
DisplayName: "display-name",
|
|
AvatarURL: "avatar-key",
|
|
PreferredLoginName: "login-name",
|
|
ResourceOwner: "ro",
|
|
OrgName: "",
|
|
OrgPrimaryDomain: "",
|
|
ProjectID: "project-id",
|
|
ProjectName: "project-name",
|
|
GrantedOrgID: "granted-org-id",
|
|
GrantedOrgName: "granted-org-name",
|
|
GrantedOrgDomain: "granted-org-domain",
|
|
},
|
|
},
|
|
{
|
|
name: "prepareUserGrantQuery (no project) found",
|
|
prepare: prepareUserGrantQuery,
|
|
want: want{
|
|
sqlExpectations: mockQuery(
|
|
userGrantStmt,
|
|
userGrantCols,
|
|
[]driver.Value{
|
|
"id",
|
|
testNow,
|
|
testNow,
|
|
20211111,
|
|
"grant-id",
|
|
database.TextArray[string]{"role-key"},
|
|
domain.UserGrantStateActive,
|
|
"user-id",
|
|
"username",
|
|
domain.UserTypeHuman,
|
|
"resource-owner",
|
|
"first-name",
|
|
"last-name",
|
|
"email",
|
|
"display-name",
|
|
"avatar-key",
|
|
"login-name",
|
|
"ro",
|
|
"org-name",
|
|
"primary-domain",
|
|
"project-id",
|
|
nil,
|
|
"granted-org-id",
|
|
"granted-org-name",
|
|
"granted-org-domain",
|
|
},
|
|
),
|
|
},
|
|
object: &UserGrant{
|
|
ID: "id",
|
|
CreationDate: testNow,
|
|
ChangeDate: testNow,
|
|
Sequence: 20211111,
|
|
Roles: database.TextArray[string]{"role-key"},
|
|
GrantID: "grant-id",
|
|
State: domain.UserGrantStateActive,
|
|
UserID: "user-id",
|
|
Username: "username",
|
|
UserType: domain.UserTypeHuman,
|
|
UserResourceOwner: "resource-owner",
|
|
FirstName: "first-name",
|
|
LastName: "last-name",
|
|
Email: "email",
|
|
DisplayName: "display-name",
|
|
AvatarURL: "avatar-key",
|
|
PreferredLoginName: "login-name",
|
|
ResourceOwner: "ro",
|
|
OrgName: "org-name",
|
|
OrgPrimaryDomain: "primary-domain",
|
|
ProjectID: "project-id",
|
|
ProjectName: "",
|
|
GrantedOrgID: "granted-org-id",
|
|
GrantedOrgName: "granted-org-name",
|
|
GrantedOrgDomain: "granted-org-domain",
|
|
},
|
|
},
|
|
{
|
|
name: "prepareUserGrantQuery (no loginname) found",
|
|
prepare: prepareUserGrantQuery,
|
|
want: want{
|
|
sqlExpectations: mockQuery(
|
|
userGrantStmt,
|
|
userGrantCols,
|
|
[]driver.Value{
|
|
"id",
|
|
testNow,
|
|
testNow,
|
|
20211111,
|
|
"grant-id",
|
|
database.TextArray[string]{"role-key"},
|
|
domain.UserGrantStateActive,
|
|
"user-id",
|
|
"username",
|
|
domain.UserTypeHuman,
|
|
"resource-owner",
|
|
"first-name",
|
|
"last-name",
|
|
"email",
|
|
"display-name",
|
|
"avatar-key",
|
|
nil,
|
|
"ro",
|
|
"org-name",
|
|
"primary-domain",
|
|
"project-id",
|
|
"project-name",
|
|
"granted-org-id",
|
|
"granted-org-name",
|
|
"granted-org-domain",
|
|
},
|
|
),
|
|
},
|
|
object: &UserGrant{
|
|
ID: "id",
|
|
CreationDate: testNow,
|
|
ChangeDate: testNow,
|
|
Sequence: 20211111,
|
|
Roles: database.TextArray[string]{"role-key"},
|
|
GrantID: "grant-id",
|
|
State: domain.UserGrantStateActive,
|
|
UserID: "user-id",
|
|
Username: "username",
|
|
UserType: domain.UserTypeHuman,
|
|
UserResourceOwner: "resource-owner",
|
|
FirstName: "first-name",
|
|
LastName: "last-name",
|
|
Email: "email",
|
|
DisplayName: "display-name",
|
|
AvatarURL: "avatar-key",
|
|
PreferredLoginName: "",
|
|
ResourceOwner: "ro",
|
|
OrgName: "org-name",
|
|
OrgPrimaryDomain: "primary-domain",
|
|
ProjectID: "project-id",
|
|
ProjectName: "project-name",
|
|
GrantedOrgID: "granted-org-id",
|
|
GrantedOrgName: "granted-org-name",
|
|
GrantedOrgDomain: "granted-org-domain",
|
|
},
|
|
},
|
|
{
|
|
name: "prepareUserGrantQuery sql err",
|
|
prepare: prepareUserGrantQuery,
|
|
want: want{
|
|
sqlExpectations: mockQueryErr(
|
|
userGrantStmt,
|
|
sql.ErrConnDone,
|
|
),
|
|
err: func(err error) (error, bool) {
|
|
if !errors.Is(err, sql.ErrConnDone) {
|
|
return fmt.Errorf("err should be sql.ErrConnDone got: %w", err), false
|
|
}
|
|
return nil, true
|
|
},
|
|
},
|
|
object: (*UserGrant)(nil),
|
|
},
|
|
{
|
|
name: "prepareUserGrantsQuery no result",
|
|
prepare: prepareUserGrantsQuery,
|
|
want: want{
|
|
sqlExpectations: mockQueries(
|
|
userGrantsStmt,
|
|
nil,
|
|
nil,
|
|
),
|
|
},
|
|
object: &UserGrants{UserGrants: []*UserGrant{}},
|
|
},
|
|
{
|
|
name: "prepareUserGrantsQuery one grant",
|
|
prepare: prepareUserGrantsQuery,
|
|
want: want{
|
|
sqlExpectations: mockQueries(
|
|
userGrantsStmt,
|
|
userGrantsCols,
|
|
[][]driver.Value{
|
|
{
|
|
"id",
|
|
testNow,
|
|
testNow,
|
|
20211111,
|
|
"grant-id",
|
|
database.TextArray[string]{"role-key"},
|
|
domain.UserGrantStateActive,
|
|
"user-id",
|
|
"username",
|
|
domain.UserTypeHuman,
|
|
"resource-owner",
|
|
"first-name",
|
|
"last-name",
|
|
"email",
|
|
"display-name",
|
|
"avatar-key",
|
|
"login-name",
|
|
"ro",
|
|
"org-name",
|
|
"primary-domain",
|
|
"project-id",
|
|
"project-name",
|
|
"granted-org-id",
|
|
"granted-org-name",
|
|
"granted-org-domain",
|
|
},
|
|
},
|
|
),
|
|
},
|
|
object: &UserGrants{
|
|
SearchResponse: SearchResponse{
|
|
Count: 1,
|
|
},
|
|
UserGrants: []*UserGrant{
|
|
{
|
|
ID: "id",
|
|
CreationDate: testNow,
|
|
ChangeDate: testNow,
|
|
Sequence: 20211111,
|
|
Roles: database.TextArray[string]{"role-key"},
|
|
GrantID: "grant-id",
|
|
State: domain.UserGrantStateActive,
|
|
UserID: "user-id",
|
|
Username: "username",
|
|
UserType: domain.UserTypeHuman,
|
|
UserResourceOwner: "resource-owner",
|
|
FirstName: "first-name",
|
|
LastName: "last-name",
|
|
Email: "email",
|
|
DisplayName: "display-name",
|
|
AvatarURL: "avatar-key",
|
|
PreferredLoginName: "login-name",
|
|
ResourceOwner: "ro",
|
|
OrgName: "org-name",
|
|
OrgPrimaryDomain: "primary-domain",
|
|
ProjectID: "project-id",
|
|
ProjectName: "project-name",
|
|
GrantedOrgID: "granted-org-id",
|
|
GrantedOrgName: "granted-org-name",
|
|
GrantedOrgDomain: "granted-org-domain",
|
|
},
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "prepareUserGrantsQuery one grant (machine user)",
|
|
prepare: prepareUserGrantsQuery,
|
|
want: want{
|
|
sqlExpectations: mockQueries(
|
|
userGrantsStmt,
|
|
userGrantsCols,
|
|
[][]driver.Value{
|
|
{
|
|
"id",
|
|
testNow,
|
|
testNow,
|
|
20211111,
|
|
"grant-id",
|
|
database.TextArray[string]{"role-key"},
|
|
domain.UserGrantStateActive,
|
|
"user-id",
|
|
"username",
|
|
domain.UserTypeMachine,
|
|
"resource-owner",
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
nil,
|
|
"login-name",
|
|
"ro",
|
|
"org-name",
|
|
"primary-domain",
|
|
"project-id",
|
|
"project-name",
|
|
"granted-org-id",
|
|
"granted-org-name",
|
|
"granted-org-domain",
|
|
},
|
|
},
|
|
),
|
|
},
|
|
object: &UserGrants{
|
|
SearchResponse: SearchResponse{
|
|
Count: 1,
|
|
},
|
|
UserGrants: []*UserGrant{
|
|
{
|
|
ID: "id",
|
|
CreationDate: testNow,
|
|
ChangeDate: testNow,
|
|
Sequence: 20211111,
|
|
Roles: database.TextArray[string]{"role-key"},
|
|
GrantID: "grant-id",
|
|
State: domain.UserGrantStateActive,
|
|
UserID: "user-id",
|
|
Username: "username",
|
|
UserType: domain.UserTypeMachine,
|
|
UserResourceOwner: "resource-owner",
|
|
FirstName: "",
|
|
LastName: "",
|
|
Email: "",
|
|
DisplayName: "",
|
|
AvatarURL: "",
|
|
PreferredLoginName: "login-name",
|
|
ResourceOwner: "ro",
|
|
OrgName: "org-name",
|
|
OrgPrimaryDomain: "primary-domain",
|
|
ProjectID: "project-id",
|
|
ProjectName: "project-name",
|
|
GrantedOrgID: "granted-org-id",
|
|
GrantedOrgName: "granted-org-name",
|
|
GrantedOrgDomain: "granted-org-domain",
|
|
},
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "prepareUserGrantsQuery one grant (no org)",
|
|
prepare: prepareUserGrantsQuery,
|
|
want: want{
|
|
sqlExpectations: mockQueries(
|
|
userGrantsStmt,
|
|
userGrantsCols,
|
|
[][]driver.Value{
|
|
{
|
|
"id",
|
|
testNow,
|
|
testNow,
|
|
20211111,
|
|
"grant-id",
|
|
database.TextArray[string]{"role-key"},
|
|
domain.UserGrantStateActive,
|
|
"user-id",
|
|
"username",
|
|
domain.UserTypeMachine,
|
|
"resource-owner",
|
|
"first-name",
|
|
"last-name",
|
|
"email",
|
|
"display-name",
|
|
"avatar-key",
|
|
"login-name",
|
|
"ro",
|
|
nil,
|
|
nil,
|
|
"project-id",
|
|
"project-name",
|
|
"granted-org-id",
|
|
"granted-org-name",
|
|
"granted-org-domain",
|
|
},
|
|
},
|
|
),
|
|
},
|
|
object: &UserGrants{
|
|
SearchResponse: SearchResponse{
|
|
Count: 1,
|
|
},
|
|
UserGrants: []*UserGrant{
|
|
{
|
|
ID: "id",
|
|
CreationDate: testNow,
|
|
ChangeDate: testNow,
|
|
Sequence: 20211111,
|
|
Roles: database.TextArray[string]{"role-key"},
|
|
GrantID: "grant-id",
|
|
State: domain.UserGrantStateActive,
|
|
UserID: "user-id",
|
|
Username: "username",
|
|
UserType: domain.UserTypeMachine,
|
|
UserResourceOwner: "resource-owner",
|
|
FirstName: "first-name",
|
|
LastName: "last-name",
|
|
Email: "email",
|
|
DisplayName: "display-name",
|
|
AvatarURL: "avatar-key",
|
|
PreferredLoginName: "login-name",
|
|
ResourceOwner: "ro",
|
|
OrgName: "",
|
|
OrgPrimaryDomain: "",
|
|
ProjectID: "project-id",
|
|
ProjectName: "project-name",
|
|
GrantedOrgID: "granted-org-id",
|
|
GrantedOrgName: "granted-org-name",
|
|
GrantedOrgDomain: "granted-org-domain",
|
|
},
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "prepareUserGrantsQuery one grant (no project)",
|
|
prepare: prepareUserGrantsQuery,
|
|
want: want{
|
|
sqlExpectations: mockQueries(
|
|
userGrantsStmt,
|
|
userGrantsCols,
|
|
[][]driver.Value{
|
|
{
|
|
"id",
|
|
testNow,
|
|
testNow,
|
|
20211111,
|
|
"grant-id",
|
|
database.TextArray[string]{"role-key"},
|
|
domain.UserGrantStateActive,
|
|
"user-id",
|
|
"username",
|
|
domain.UserTypeHuman,
|
|
"resource-owner",
|
|
"first-name",
|
|
"last-name",
|
|
"email",
|
|
"display-name",
|
|
"avatar-key",
|
|
"login-name",
|
|
"ro",
|
|
"org-name",
|
|
"primary-domain",
|
|
"project-id",
|
|
nil,
|
|
"granted-org-id",
|
|
"granted-org-name",
|
|
"granted-org-domain",
|
|
},
|
|
},
|
|
),
|
|
},
|
|
object: &UserGrants{
|
|
SearchResponse: SearchResponse{
|
|
Count: 1,
|
|
},
|
|
UserGrants: []*UserGrant{
|
|
{
|
|
ID: "id",
|
|
CreationDate: testNow,
|
|
ChangeDate: testNow,
|
|
Sequence: 20211111,
|
|
Roles: database.TextArray[string]{"role-key"},
|
|
GrantID: "grant-id",
|
|
State: domain.UserGrantStateActive,
|
|
UserID: "user-id",
|
|
Username: "username",
|
|
UserType: domain.UserTypeHuman,
|
|
UserResourceOwner: "resource-owner",
|
|
FirstName: "first-name",
|
|
LastName: "last-name",
|
|
Email: "email",
|
|
DisplayName: "display-name",
|
|
AvatarURL: "avatar-key",
|
|
PreferredLoginName: "login-name",
|
|
ResourceOwner: "ro",
|
|
OrgName: "org-name",
|
|
OrgPrimaryDomain: "primary-domain",
|
|
ProjectID: "project-id",
|
|
ProjectName: "",
|
|
GrantedOrgID: "granted-org-id",
|
|
GrantedOrgName: "granted-org-name",
|
|
GrantedOrgDomain: "granted-org-domain",
|
|
},
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "prepareUserGrantsQuery one grant (no loginname)",
|
|
prepare: prepareUserGrantsQuery,
|
|
want: want{
|
|
sqlExpectations: mockQueries(
|
|
userGrantsStmt,
|
|
userGrantsCols,
|
|
[][]driver.Value{
|
|
{
|
|
"id",
|
|
testNow,
|
|
testNow,
|
|
20211111,
|
|
"grant-id",
|
|
database.TextArray[string]{"role-key"},
|
|
domain.UserGrantStateActive,
|
|
"user-id",
|
|
"username",
|
|
domain.UserTypeHuman,
|
|
"resource-owner",
|
|
"first-name",
|
|
"last-name",
|
|
"email",
|
|
"display-name",
|
|
"avatar-key",
|
|
nil,
|
|
"ro",
|
|
"org-name",
|
|
"primary-domain",
|
|
"project-id",
|
|
"project-name",
|
|
"granted-org-id",
|
|
"granted-org-name",
|
|
"granted-org-domain",
|
|
},
|
|
},
|
|
),
|
|
},
|
|
object: &UserGrants{
|
|
SearchResponse: SearchResponse{
|
|
Count: 1,
|
|
},
|
|
UserGrants: []*UserGrant{
|
|
{
|
|
ID: "id",
|
|
CreationDate: testNow,
|
|
ChangeDate: testNow,
|
|
Sequence: 20211111,
|
|
Roles: database.TextArray[string]{"role-key"},
|
|
GrantID: "grant-id",
|
|
State: domain.UserGrantStateActive,
|
|
UserID: "user-id",
|
|
Username: "username",
|
|
UserType: domain.UserTypeHuman,
|
|
UserResourceOwner: "resource-owner",
|
|
FirstName: "first-name",
|
|
LastName: "last-name",
|
|
Email: "email",
|
|
DisplayName: "display-name",
|
|
AvatarURL: "avatar-key",
|
|
PreferredLoginName: "",
|
|
ResourceOwner: "ro",
|
|
OrgName: "org-name",
|
|
OrgPrimaryDomain: "primary-domain",
|
|
ProjectID: "project-id",
|
|
ProjectName: "project-name",
|
|
GrantedOrgID: "granted-org-id",
|
|
GrantedOrgName: "granted-org-name",
|
|
GrantedOrgDomain: "granted-org-domain",
|
|
},
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "prepareUserGrantsQuery multiple grants",
|
|
prepare: prepareUserGrantsQuery,
|
|
want: want{
|
|
sqlExpectations: mockQueries(
|
|
userGrantsStmt,
|
|
userGrantsCols,
|
|
[][]driver.Value{
|
|
{
|
|
"id",
|
|
testNow,
|
|
testNow,
|
|
20211111,
|
|
"grant-id",
|
|
database.TextArray[string]{"role-key"},
|
|
domain.UserGrantStateActive,
|
|
"user-id",
|
|
"username",
|
|
domain.UserTypeHuman,
|
|
"resource-owner",
|
|
"first-name",
|
|
"last-name",
|
|
"email",
|
|
"display-name",
|
|
"avatar-key",
|
|
"login-name",
|
|
"ro",
|
|
"org-name",
|
|
"primary-domain",
|
|
"project-id",
|
|
"project-name",
|
|
"granted-org-id",
|
|
"granted-org-name",
|
|
"granted-org-domain",
|
|
},
|
|
{
|
|
"id",
|
|
testNow,
|
|
testNow,
|
|
20211111,
|
|
"grant-id",
|
|
database.TextArray[string]{"role-key"},
|
|
domain.UserGrantStateActive,
|
|
"user-id",
|
|
"username",
|
|
domain.UserTypeHuman,
|
|
"resource-owner",
|
|
"first-name",
|
|
"last-name",
|
|
"email",
|
|
"display-name",
|
|
"avatar-key",
|
|
"login-name",
|
|
"ro",
|
|
"org-name",
|
|
"primary-domain",
|
|
"project-id",
|
|
"project-name",
|
|
"granted-org-id",
|
|
"granted-org-name",
|
|
"granted-org-domain",
|
|
},
|
|
},
|
|
),
|
|
},
|
|
object: &UserGrants{
|
|
SearchResponse: SearchResponse{
|
|
Count: 2,
|
|
},
|
|
UserGrants: []*UserGrant{
|
|
{
|
|
ID: "id",
|
|
CreationDate: testNow,
|
|
ChangeDate: testNow,
|
|
Sequence: 20211111,
|
|
Roles: database.TextArray[string]{"role-key"},
|
|
GrantID: "grant-id",
|
|
State: domain.UserGrantStateActive,
|
|
UserID: "user-id",
|
|
Username: "username",
|
|
UserType: domain.UserTypeHuman,
|
|
UserResourceOwner: "resource-owner",
|
|
FirstName: "first-name",
|
|
LastName: "last-name",
|
|
Email: "email",
|
|
DisplayName: "display-name",
|
|
AvatarURL: "avatar-key",
|
|
PreferredLoginName: "login-name",
|
|
ResourceOwner: "ro",
|
|
OrgName: "org-name",
|
|
OrgPrimaryDomain: "primary-domain",
|
|
ProjectID: "project-id",
|
|
ProjectName: "project-name",
|
|
GrantedOrgID: "granted-org-id",
|
|
GrantedOrgName: "granted-org-name",
|
|
GrantedOrgDomain: "granted-org-domain",
|
|
},
|
|
{
|
|
ID: "id",
|
|
CreationDate: testNow,
|
|
ChangeDate: testNow,
|
|
Sequence: 20211111,
|
|
Roles: database.TextArray[string]{"role-key"},
|
|
GrantID: "grant-id",
|
|
State: domain.UserGrantStateActive,
|
|
UserID: "user-id",
|
|
Username: "username",
|
|
UserType: domain.UserTypeHuman,
|
|
UserResourceOwner: "resource-owner",
|
|
FirstName: "first-name",
|
|
LastName: "last-name",
|
|
Email: "email",
|
|
DisplayName: "display-name",
|
|
AvatarURL: "avatar-key",
|
|
PreferredLoginName: "login-name",
|
|
ResourceOwner: "ro",
|
|
OrgName: "org-name",
|
|
OrgPrimaryDomain: "primary-domain",
|
|
ProjectID: "project-id",
|
|
ProjectName: "project-name",
|
|
GrantedOrgID: "granted-org-id",
|
|
GrantedOrgName: "granted-org-name",
|
|
GrantedOrgDomain: "granted-org-domain",
|
|
},
|
|
},
|
|
},
|
|
},
|
|
{
|
|
name: "prepareUserGrantsQuery sql err",
|
|
prepare: prepareUserGrantsQuery,
|
|
want: want{
|
|
sqlExpectations: mockQueryErr(
|
|
userGrantsStmt,
|
|
sql.ErrConnDone,
|
|
),
|
|
err: func(err error) (error, bool) {
|
|
if !errors.Is(err, sql.ErrConnDone) {
|
|
return fmt.Errorf("err should be sql.ErrConnDone got: %w", err), false
|
|
}
|
|
return nil, true
|
|
},
|
|
},
|
|
object: (*UserGrants)(nil),
|
|
},
|
|
}
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
assertPrepare(t, tt.prepare, tt.object, tt.want.sqlExpectations, tt.want.err, defaultPrepareArgs...)
|
|
})
|
|
}
|
|
}
|