-
Notifications
You must be signed in to change notification settings - Fork 450
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(api): add password reset and change to user service (#6036)
* feat(api): add password reset and change to user service * integration tests * invalidate password check after password change * handle notification type * fix proto
- Loading branch information
Showing
20 changed files
with
1,373 additions
and
54 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,71 @@ | ||
package user | ||
|
||
import ( | ||
"context" | ||
|
||
"github.com/zitadel/zitadel/internal/api/authz" | ||
"github.com/zitadel/zitadel/internal/api/grpc/object/v2" | ||
"github.com/zitadel/zitadel/internal/domain" | ||
caos_errs "github.com/zitadel/zitadel/internal/errors" | ||
user "github.com/zitadel/zitadel/pkg/grpc/user/v2alpha" | ||
) | ||
|
||
func (s *Server) PasswordReset(ctx context.Context, req *user.PasswordResetRequest) (_ *user.PasswordResetResponse, err error) { | ||
var details *domain.ObjectDetails | ||
var code *string | ||
|
||
switch m := req.GetMedium().(type) { | ||
case *user.PasswordResetRequest_SendLink: | ||
details, code, err = s.command.RequestPasswordResetURLTemplate(ctx, req.GetUserId(), m.SendLink.GetUrlTemplate(), notificationTypeToDomain(m.SendLink.GetNotificationType())) | ||
case *user.PasswordResetRequest_ReturnCode: | ||
details, code, err = s.command.RequestPasswordResetReturnCode(ctx, req.GetUserId()) | ||
case nil: | ||
details, code, err = s.command.RequestPasswordReset(ctx, req.GetUserId()) | ||
default: | ||
err = caos_errs.ThrowUnimplementedf(nil, "USERv2-SDeeg", "verification oneOf %T in method RequestPasswordReset not implemented", m) | ||
} | ||
if err != nil { | ||
return nil, err | ||
} | ||
|
||
return &user.PasswordResetResponse{ | ||
Details: object.DomainToDetailsPb(details), | ||
VerificationCode: code, | ||
}, nil | ||
} | ||
|
||
func notificationTypeToDomain(notificationType user.NotificationType) domain.NotificationType { | ||
switch notificationType { | ||
case user.NotificationType_NOTIFICATION_TYPE_Email: | ||
return domain.NotificationTypeEmail | ||
case user.NotificationType_NOTIFICATION_TYPE_SMS: | ||
return domain.NotificationTypeSms | ||
case user.NotificationType_NOTIFICATION_TYPE_Unspecified: | ||
return domain.NotificationTypeEmail | ||
default: | ||
return domain.NotificationTypeEmail | ||
} | ||
} | ||
|
||
func (s *Server) SetPassword(ctx context.Context, req *user.SetPasswordRequest) (_ *user.SetPasswordResponse, err error) { | ||
var resourceOwner = authz.GetCtxData(ctx).ResourceOwner | ||
var details *domain.ObjectDetails | ||
|
||
switch v := req.GetVerification().(type) { | ||
case *user.SetPasswordRequest_CurrentPassword: | ||
details, err = s.command.ChangePassword(ctx, resourceOwner, req.GetUserId(), v.CurrentPassword, req.GetNewPassword().GetPassword(), "") | ||
case *user.SetPasswordRequest_VerificationCode: | ||
details, err = s.command.SetPasswordWithVerifyCode(ctx, resourceOwner, req.GetUserId(), v.VerificationCode, req.GetNewPassword().GetPassword(), "") | ||
case nil: | ||
details, err = s.command.SetPassword(ctx, resourceOwner, req.GetUserId(), req.GetNewPassword().GetPassword(), req.GetNewPassword().GetChangeRequired()) | ||
default: | ||
err = caos_errs.ThrowUnimplementedf(nil, "USERv2-SFdf2", "verification oneOf %T in method SetPasswordRequest not implemented", v) | ||
} | ||
if err != nil { | ||
return nil, err | ||
} | ||
|
||
return &user.SetPasswordResponse{ | ||
Details: object.DomainToDetailsPb(details), | ||
}, nil | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,232 @@ | ||
//go:build integration | ||
|
||
package user_test | ||
|
||
import ( | ||
"context" | ||
"testing" | ||
|
||
"github.com/muhlemmer/gu" | ||
"github.com/stretchr/testify/assert" | ||
"github.com/stretchr/testify/require" | ||
"google.golang.org/protobuf/types/known/timestamppb" | ||
|
||
"github.com/zitadel/zitadel/internal/integration" | ||
object "github.com/zitadel/zitadel/pkg/grpc/object/v2alpha" | ||
user "github.com/zitadel/zitadel/pkg/grpc/user/v2alpha" | ||
) | ||
|
||
func TestServer_RequestPasswordReset(t *testing.T) { | ||
userID := Tester.CreateHumanUser(CTX).GetUserId() | ||
|
||
tests := []struct { | ||
name string | ||
req *user.PasswordResetRequest | ||
want *user.PasswordResetResponse | ||
wantErr bool | ||
}{ | ||
{ | ||
name: "default medium", | ||
req: &user.PasswordResetRequest{ | ||
UserId: userID, | ||
}, | ||
want: &user.PasswordResetResponse{ | ||
Details: &object.Details{ | ||
Sequence: 1, | ||
ChangeDate: timestamppb.Now(), | ||
ResourceOwner: Tester.Organisation.ID, | ||
}, | ||
}, | ||
}, | ||
{ | ||
name: "custom url template", | ||
req: &user.PasswordResetRequest{ | ||
UserId: userID, | ||
Medium: &user.PasswordResetRequest_SendLink{ | ||
SendLink: &user.SendPasswordResetLink{ | ||
NotificationType: user.NotificationType_NOTIFICATION_TYPE_Email, | ||
UrlTemplate: gu.Ptr("https://example.com/password/change?userID={{.UserID}}&code={{.Code}}&orgID={{.OrgID}}"), | ||
}, | ||
}, | ||
}, | ||
want: &user.PasswordResetResponse{ | ||
Details: &object.Details{ | ||
Sequence: 1, | ||
ChangeDate: timestamppb.Now(), | ||
ResourceOwner: Tester.Organisation.ID, | ||
}, | ||
}, | ||
}, | ||
{ | ||
name: "template error", | ||
req: &user.PasswordResetRequest{ | ||
UserId: userID, | ||
Medium: &user.PasswordResetRequest_SendLink{ | ||
SendLink: &user.SendPasswordResetLink{ | ||
UrlTemplate: gu.Ptr("{{"), | ||
}, | ||
}, | ||
}, | ||
wantErr: true, | ||
}, | ||
{ | ||
name: "return code", | ||
req: &user.PasswordResetRequest{ | ||
UserId: userID, | ||
Medium: &user.PasswordResetRequest_ReturnCode{ | ||
ReturnCode: &user.ReturnPasswordResetCode{}, | ||
}, | ||
}, | ||
want: &user.PasswordResetResponse{ | ||
Details: &object.Details{ | ||
Sequence: 1, | ||
ChangeDate: timestamppb.Now(), | ||
ResourceOwner: Tester.Organisation.ID, | ||
}, | ||
VerificationCode: gu.Ptr("xxx"), | ||
}, | ||
}, | ||
} | ||
for _, tt := range tests { | ||
t.Run(tt.name, func(t *testing.T) { | ||
got, err := Client.PasswordReset(CTX, tt.req) | ||
if tt.wantErr { | ||
require.Error(t, err) | ||
} else { | ||
require.NoError(t, err) | ||
} | ||
integration.AssertDetails(t, tt.want, got) | ||
if tt.want.GetVerificationCode() != "" { | ||
assert.NotEmpty(t, got.GetVerificationCode()) | ||
} | ||
}) | ||
} | ||
} | ||
|
||
func TestServer_SetPassword(t *testing.T) { | ||
type args struct { | ||
ctx context.Context | ||
req *user.SetPasswordRequest | ||
} | ||
tests := []struct { | ||
name string | ||
prepare func(request *user.SetPasswordRequest) error | ||
args args | ||
want *user.SetPasswordResponse | ||
wantErr bool | ||
}{ | ||
{ | ||
name: "missing user id", | ||
prepare: func(request *user.SetPasswordRequest) error { | ||
return nil | ||
}, | ||
args: args{ | ||
ctx: CTX, | ||
req: &user.SetPasswordRequest{}, | ||
}, | ||
wantErr: true, | ||
}, | ||
{ | ||
name: "set successful", | ||
prepare: func(request *user.SetPasswordRequest) error { | ||
userID := Tester.CreateHumanUser(CTX).GetUserId() | ||
request.UserId = userID | ||
return nil | ||
}, | ||
args: args{ | ||
ctx: CTX, | ||
req: &user.SetPasswordRequest{ | ||
NewPassword: &user.Password{ | ||
Password: "Secr3tP4ssw0rd!", | ||
}, | ||
}, | ||
}, | ||
want: &user.SetPasswordResponse{ | ||
Details: &object.Details{ | ||
ResourceOwner: Tester.Organisation.ID, | ||
}, | ||
}, | ||
}, | ||
{ | ||
name: "change successful", | ||
prepare: func(request *user.SetPasswordRequest) error { | ||
userID := Tester.CreateHumanUser(CTX).GetUserId() | ||
request.UserId = userID | ||
_, err := Client.SetPassword(CTX, &user.SetPasswordRequest{ | ||
UserId: userID, | ||
NewPassword: &user.Password{ | ||
Password: "InitialPassw0rd!", | ||
}, | ||
}) | ||
if err != nil { | ||
return err | ||
} | ||
return nil | ||
}, | ||
args: args{ | ||
ctx: CTX, | ||
req: &user.SetPasswordRequest{ | ||
NewPassword: &user.Password{ | ||
Password: "Secr3tP4ssw0rd!", | ||
}, | ||
Verification: &user.SetPasswordRequest_CurrentPassword{ | ||
CurrentPassword: "InitialPassw0rd!", | ||
}, | ||
}, | ||
}, | ||
want: &user.SetPasswordResponse{ | ||
Details: &object.Details{ | ||
ResourceOwner: Tester.Organisation.ID, | ||
}, | ||
}, | ||
}, | ||
{ | ||
name: "set with code successful", | ||
prepare: func(request *user.SetPasswordRequest) error { | ||
userID := Tester.CreateHumanUser(CTX).GetUserId() | ||
request.UserId = userID | ||
resp, err := Client.PasswordReset(CTX, &user.PasswordResetRequest{ | ||
UserId: userID, | ||
Medium: &user.PasswordResetRequest_ReturnCode{ | ||
ReturnCode: &user.ReturnPasswordResetCode{}, | ||
}, | ||
}) | ||
if err != nil { | ||
return err | ||
} | ||
request.Verification = &user.SetPasswordRequest_VerificationCode{ | ||
VerificationCode: resp.GetVerificationCode(), | ||
} | ||
return nil | ||
}, | ||
args: args{ | ||
ctx: CTX, | ||
req: &user.SetPasswordRequest{ | ||
NewPassword: &user.Password{ | ||
Password: "Secr3tP4ssw0rd!", | ||
}, | ||
}, | ||
}, | ||
want: &user.SetPasswordResponse{ | ||
Details: &object.Details{ | ||
ResourceOwner: Tester.Organisation.ID, | ||
}, | ||
}, | ||
}, | ||
} | ||
for _, tt := range tests { | ||
t.Run(tt.name, func(t *testing.T) { | ||
err := tt.prepare(tt.args.req) | ||
require.NoError(t, err) | ||
|
||
got, err := Client.SetPassword(tt.args.ctx, tt.args.req) | ||
if tt.wantErr { | ||
require.Error(t, err) | ||
return | ||
} | ||
require.NoError(t, err) | ||
require.NotNil(t, got) | ||
integration.AssertDetails(t, tt.want, got) | ||
}) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
package user | ||
|
||
import ( | ||
"testing" | ||
|
||
"github.com/stretchr/testify/assert" | ||
|
||
"github.com/zitadel/zitadel/internal/domain" | ||
user "github.com/zitadel/zitadel/pkg/grpc/user/v2alpha" | ||
) | ||
|
||
func Test_notificationTypeToDomain(t *testing.T) { | ||
tests := []struct { | ||
name string | ||
notificationType user.NotificationType | ||
want domain.NotificationType | ||
}{ | ||
{ | ||
"unspecified", | ||
user.NotificationType_NOTIFICATION_TYPE_Unspecified, | ||
domain.NotificationTypeEmail, | ||
}, | ||
{ | ||
"email", | ||
user.NotificationType_NOTIFICATION_TYPE_Email, | ||
domain.NotificationTypeEmail, | ||
}, | ||
{ | ||
"sms", | ||
user.NotificationType_NOTIFICATION_TYPE_SMS, | ||
domain.NotificationTypeSms, | ||
}, | ||
} | ||
for _, tt := range tests { | ||
t.Run(tt.name, func(t *testing.T) { | ||
assert.Equalf(t, tt.want, notificationTypeToDomain(tt.notificationType), "notificationTypeToDomain(%v)", tt.notificationType) | ||
}) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
82e7333
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Successfully deployed to the following URLs:
docs – ./
docs-zitadel.vercel.app
zitadel-docs.vercel.app
docs-git-main-zitadel.vercel.app