feat(login): default to user selection, take login_hint into account (#…

…350) * feat(login): default to user selection instead of login, take login_hint into account * fix: proper error message when user (and other objects) not found (#337) * fix: proper error message when user not found by loginname * add more not found and fix some typos * feat: usergrant (#348) * fix: add needed permissions * feat: search project/projectgrant user grants * fix: no zitadel permissions * fix: queries length * feat: add get my password policy (#346) * feat: add get my password policy * fix: failed merges * chore(deps): bump contrib.go.opencensus.io/exporter/stackdriver (#343) Bumps [contrib.go.opencensus.io/exporter/stackdriver](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver) from 0.13.1 to 0.13.2. - [Release notes](https://github.com/census-ecosystem/opencensus-go-exporter-stackdriver/releases) - [Commits](census-ecosystem/opencensus-go-exporter-stackdriver@v0.13.1...v0.13.2) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: remove phone (#349) * feat: remove phone number * feat: remove phone number tests * feat: remove phone number tests * fix: regenerate protos * fix(console): distinct user grant searches and creates, project grant member edit, import cleanup (#342) * project grant member edit * project grant member dialog, import cleanup * readd project roles * user login-methods cleanup * fix sw config, user grant context * delete user grants, context for creation, search * contributor box shadow * password to detail view * user detail notification * lint Co-authored-by: Fabi <38692350+fgerschwiler@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Max Peintner <max@caos.ch>
zitadel · Jul 7, 2020 · 65b17a8 · 65b17a8
1 parent 9935784
commit 65b17a8
Show file tree

Hide file tree

Showing 2 changed files with 56 additions and 8 deletions.
diff --git a/internal/auth/repository/eventsourcing/eventstore/auth_request.go b/internal/auth/repository/eventsourcing/eventstore/auth_request.go
@@ -72,6 +72,10 @@ func (repo *AuthRequestRepo) CreateAuthRequest(ctx context.Context, request *mod
 		return nil, err
 	}
 	request.Audience = ids
+	if request.LoginHint != "" {
+		err = repo.checkLoginName(request, request.LoginHint)
+		logging.LogWithFields("EVENT-aG311", "login name", request.LoginHint, "id", request.ID, "applicationID", request.ApplicationID).Debug("login hint invalid")
+	}
 	err = repo.AuthRequests.SaveAuthRequest(ctx, request)
 	if err != nil {
 		return nil, err
@@ -118,11 +122,10 @@ func (repo *AuthRequestRepo) CheckLoginName(ctx context.Context, id, loginName s
 	if err != nil {
 		return err
 	}
-	user, err := repo.View.UserByLoginName(loginName)
+	err = repo.checkLoginName(request, loginName)
 	if err != nil {
 		return err
 	}
-	request.SetUserInfo(user.ID, loginName, user.ResourceOwner)
 	return repo.AuthRequests.UpdateAuthRequest(ctx, request)
 }
 
@@ -174,6 +177,15 @@ func (repo *AuthRequestRepo) getAuthRequest(ctx context.Context, id string, chec
 	return request, nil
 }
 
+func (repo *AuthRequestRepo) checkLoginName(request *model.AuthRequest, loginName string) error {
+	user, err := repo.View.UserByLoginName(loginName)
+	if err != nil {
+		return err
+	}
+	request.SetUserInfo(user.ID, loginName, user.ResourceOwner)
+	return nil
+}
+
 func (repo *AuthRequestRepo) nextSteps(ctx context.Context, request *model.AuthRequest, checkLoggedIn bool) ([]model.NextStep, error) {
 	if request == nil {
 		return nil, errors.ThrowInvalidArgument(nil, "EVENT-ds27a", "Errors.Internal")
@@ -184,12 +196,14 @@ func (repo *AuthRequestRepo) nextSteps(ctx context.Context, request *model.AuthR
 	}
 	if request.UserID == "" {
 		steps = append(steps, &model.LoginStep{})
-		if request.Prompt == model.PromptSelectAccount {
+		if request.Prompt == model.PromptSelectAccount || request.Prompt == model.PromptUnspecified {
 			users, err := repo.usersForUserSelection(request)
 			if err != nil {
 				return nil, err
 			}
-			steps = append(steps, &model.SelectUserStep{Users: users})
+			if len(users) > 0 || request.Prompt == model.PromptSelectAccount {
+				steps = append(steps, &model.SelectUserStep{Users: users})
+			}
 		}
 		return steps, nil
 	}

diff --git a/internal/auth/repository/eventsourcing/eventstore/auth_request_test.go b/internal/auth/repository/eventsourcing/eventstore/auth_request_test.go
@@ -28,7 +28,7 @@ func (m *mockViewNoUserSession) UserSessionByIDs(string, string) (*user_view_mod
 }
 
 func (m *mockViewNoUserSession) UserSessionsByAgentID(string) ([]*user_view_model.UserSessionView, error) {
-	return nil, errors.ThrowInternal(nil, "id", "internal error")
+	return nil, nil
 }
 
 type mockViewErrUserSession struct{}
@@ -173,16 +173,18 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 			nil,
 		},
 		{
-			"user not set, login step",
-			fields{},
+			"user not set no active session, login step",
+			fields{
+				userSessionViewProvider: &mockViewNoUserSession{},
+			},
 			args{&model.AuthRequest{}, false},
 			[]model.NextStep{&model.LoginStep{}},
 			nil,
 		},
 		{
 			"user not set, prompt select account and internal error, internal error",
 			fields{
-				userSessionViewProvider: &mockViewNoUserSession{},
+				userSessionViewProvider: &mockViewErrUserSession{},
 			},
 			args{&model.AuthRequest{Prompt: model.PromptSelectAccount}, false},
 			nil,
@@ -222,6 +224,22 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 				}},
 			nil,
 		},
+		{
+			"user not set, prompt select account, no active session, login and select account steps",
+			fields{
+				userSessionViewProvider: &mockViewUserSession{
+					Users: nil,
+				},
+				userEventProvider: &mockEventUser{},
+			},
+			args{&model.AuthRequest{Prompt: model.PromptSelectAccount}, false},
+			[]model.NextStep{
+				&model.LoginStep{},
+				&model.SelectUserStep{
+					Users: []model.UserSelection{},
+				}},
+			nil,
+		},
 		{
 			"user not found, not found error",
 			fields{
@@ -248,6 +266,22 @@ func TestAuthRequestRepo_nextSteps(t *testing.T) {
 			nil,
 			errors.IsPreconditionFailed,
 		},
+		{
+			"user locked, precondition failed error",
+			fields{
+				userViewProvider: &mockViewUser{},
+				userEventProvider: &mockEventUser{
+					&es_models.Event{
+						AggregateType: user_es_model.UserAggregate,
+						Type:          user_es_model.UserLocked,
+					},
+				},
+				orgViewProvider: &mockViewOrg{State: org_model.OrgStateActive},
+			},
+			args{&model.AuthRequest{UserID: "UserID"}, false},
+			nil,
+			errors.IsPreconditionFailed,
+		},
 		{
 			"org error, internal error",
 			fields{