diff --git a/pkg/controller/signup_test.go b/pkg/controller/signup_test.go index 53ce2303..40775508 100644 --- a/pkg/controller/signup_test.go +++ b/pkg/controller/signup_test.go @@ -97,18 +97,16 @@ func (s *TestSignupSuite) TestSignupPostHandler() { expectedUserID := ob.String() ctx.Set(context.SubKey, expectedUserID) ctx.Set(context.EmailKey, expectedUserID+"@test.com") - email := ctx.GetString(context.EmailKey) signup := &crtapi.UserSignup{ TypeMeta: v1.TypeMeta{}, ObjectMeta: v1.ObjectMeta{ Name: userID.String(), Namespace: "namespace-foo", - Annotations: map[string]string{ - crtapi.UserSignupUserEmailAnnotationKey: email, - }, }, Spec: crtapi.UserSignupSpec{ - Username: "bill", + IdentityClaims: crtapi.IdentityClaimsEmbedded{ + PreferredUsername: "bill", + }, }, Status: crtapi.UserSignupStatus{ Conditions: []crtapi.Condition{ @@ -279,7 +277,6 @@ func (s *TestSignupSuite) TestInitVerificationHandler() { Name: userID, Namespace: configuration.Namespace(), Annotations: map[string]string{ - crtapi.UserSignupUserEmailAnnotationKey: "jsmith@redhat.com", crtapi.UserSignupVerificationCounterAnnotationKey: "0", crtapi.UserSignupVerificationCodeAnnotationKey: "", }, @@ -392,9 +389,6 @@ func (s *TestSignupSuite) TestInitVerificationHandler() { ObjectMeta: v1.ObjectMeta{ Name: userID, Namespace: configuration.Namespace(), - Annotations: map[string]string{ - crtapi.UserSignupUserEmailAnnotationKey: "jsmith@redhat.com", - }, }, Spec: crtapi.UserSignupSpec{}, Status: crtapi.UserSignupStatus{}, @@ -436,10 +430,7 @@ func (s *TestSignupSuite) TestInitVerificationHandler() { us := crtapi.UserSignup{ TypeMeta: v1.TypeMeta{}, ObjectMeta: v1.ObjectMeta{ - Name: userID, - Annotations: map[string]string{ - crtapi.UserSignupUserEmailAnnotationKey: "jsmith@redhat.com", - }, + Name: userID, Labels: map[string]string{}, }, Spec: crtapi.UserSignupSpec{}, @@ -483,7 +474,6 @@ func (s *TestSignupSuite) TestVerifyPhoneCodeHandler() { Name: userID, Namespace: configuration.Namespace(), Annotations: map[string]string{ - crtapi.UserSignupUserEmailAnnotationKey: "jsmith@redhat.com", crtapi.UserVerificationAttemptsAnnotationKey: "0", crtapi.UserSignupVerificationCodeAnnotationKey: "999888", crtapi.UserVerificationExpiryAnnotationKey: time.Now().Add(10 * time.Second).Format(service.TimestampLayout), @@ -671,15 +661,18 @@ func (s *TestSignupSuite) TestVerifyPhoneCodeHandler() { Name: "jsmith", Namespace: configuration.Namespace(), Annotations: map[string]string{ - crtapi.UserSignupUserEmailAnnotationKey: "jsmith@acme.com", crtapi.UserVerificationAttemptsAnnotationKey: "0", crtapi.UserSignupVerificationCodeAnnotationKey: "999127", crtapi.UserVerificationExpiryAnnotationKey: time.Now().Add(10 * time.Second).Format(service.TimestampLayout), }, }, Spec: crtapi.UserSignupSpec{ - Userid: otherUserID, - Username: "jsmith", + IdentityClaims: crtapi.IdentityClaimsEmbedded{ + PreferredUsername: "jsmith", + PropagatedClaims: crtapi.PropagatedClaims{ + Sub: otherUserID, + }, + }, }, Status: crtapi.UserSignupStatus{}, } @@ -695,7 +688,7 @@ func (s *TestSignupSuite) TestVerifyPhoneCodeHandler() { Key: "code", Value: "999127", } - rr := initPhoneVerification(s.T(), handler, param, nil, "", otherUserSignup.Spec.Username, http.MethodGet, "/api/v1/signup/verification") + rr := initPhoneVerification(s.T(), handler, param, nil, "", otherUserSignup.Spec.IdentityClaims.PreferredUsername, http.MethodGet, "/api/v1/signup/verification") // Check the status code is what we expect. require.Equal(s.T(), http.StatusOK, rr.Code) diff --git a/pkg/informers/service/informer_service_test.go b/pkg/informers/service/informer_service_test.go index 37ba44c0..74da9237 100644 --- a/pkg/informers/service/informer_service_test.go +++ b/pkg/informers/service/informer_service_test.go @@ -42,7 +42,9 @@ func (s *TestInformerServiceSuite) TestInformerService() { Object: map[string]interface{}{ "spec": map[string]interface{}{ "tierName": "deactivate30", - "userID": "john-id", + "propagatedClaims": map[string]interface{}{ + "sub": "john-id", + }, "userAccounts": []map[string]interface{}{ { "targetCluster": "member1", @@ -55,7 +57,9 @@ func (s *TestInformerServiceSuite) TestInformerService() { Object: map[string]interface{}{ "spec": map[string]interface{}{ "tierName": "deactivate30", - "userID": "noise-id", + "propagatedClaims": map[string]interface{}{ + "sub": "noise-id", + }, "userAccounts": []map[string]interface{}{ { "targetCluster": "member2", @@ -89,12 +93,14 @@ func (s *TestInformerServiceSuite) TestInformerService() { expected := &toolchainv1alpha1.MasterUserRecord{ Spec: toolchainv1alpha1.MasterUserRecordSpec{ TierName: "deactivate30", - UserID: "john-id", UserAccounts: []toolchainv1alpha1.UserAccountEmbedded{ { TargetCluster: "member1", }, }, + PropagatedClaims: toolchainv1alpha1.PropagatedClaims{ + Sub: "john-id", + }, }, } @@ -104,7 +110,7 @@ func (s *TestInformerServiceSuite) TestInformerService() { // then require.NotNil(s.T(), val) require.NoError(s.T(), err) - assert.Equal(s.T(), val, expected) + assert.Equal(s.T(), expected, val) }) }) @@ -164,7 +170,7 @@ func (s *TestInformerServiceSuite) TestInformerService() { // then require.NotNil(s.T(), val) require.NoError(s.T(), err) - assert.Equal(s.T(), val, expected) + assert.Equal(s.T(), expected, val) }) }) @@ -305,12 +311,14 @@ func (s *TestInformerServiceSuite) TestInformerService() { Object: map[string]interface{}{ "spec": map[string]interface{}{ "targetCluster": "member2", - "username": "foo@redhat.com", - "userid": "foo", - "givenName": "Foo", - "familyName": "Bar", - "company": "Red Hat", - "originalSub": "sub-key", + "identityClaims": map[string]interface{}{ + "sub": "foo", + "originalSub": "sub-key", + "preferredUsername": "foo@redhat.com", + "givenName": "Foo", + "familyName": "Bar", + "company": "Red Hat", + }, }, }, }, @@ -318,12 +326,14 @@ func (s *TestInformerServiceSuite) TestInformerService() { Object: map[string]interface{}{ "spec": map[string]interface{}{ "targetCluster": "member1", - "username": "noise@redhat.com", - "userid": "noise", - "givenName": "Noise", - "familyName": "Make", - "company": "Noisy", - "originalSub": "noise-key", + "identityClaims": map[string]interface{}{ + "sub": "noise", + "originalSub": "noise-key", + "preferredUsername": "noise@redhat.com", + "givenName": "Noise", + "familyName": "Make", + "company": "Noisy", + }, }, }, }, @@ -353,12 +363,16 @@ func (s *TestInformerServiceSuite) TestInformerService() { expected := &toolchainv1alpha1.UserSignup{ Spec: toolchainv1alpha1.UserSignupSpec{ TargetCluster: "member2", - Username: "foo@redhat.com", - Userid: "foo", - GivenName: "Foo", - FamilyName: "Bar", - Company: "Red Hat", - OriginalSub: "sub-key", + IdentityClaims: toolchainv1alpha1.IdentityClaimsEmbedded{ + PreferredUsername: "foo@redhat.com", + GivenName: "Foo", + FamilyName: "Bar", + Company: "Red Hat", + PropagatedClaims: toolchainv1alpha1.PropagatedClaims{ + Sub: "foo", + OriginalSub: "sub-key", + }, + }, }, } @@ -368,7 +382,7 @@ func (s *TestInformerServiceSuite) TestInformerService() { // then require.NotNil(s.T(), val) require.NoError(s.T(), err) - assert.Equal(s.T(), val, expected) + assert.Equal(s.T(), expected, val) }) }) diff --git a/pkg/signup/service/signup_service.go b/pkg/signup/service/signup_service.go index 933d676a..f8ffb9c2 100644 --- a/pkg/signup/service/signup_service.go +++ b/pkg/signup/service/signup_service.go @@ -111,10 +111,7 @@ func (s *ServiceImpl) newUserSignup(ctx *gin.Context) (*toolchainv1alpha1.UserSi Name: EncodeUserIdentifier(ctx.GetString(context.UsernameKey)), Namespace: configuration.Namespace(), Annotations: map[string]string{ - toolchainv1alpha1.UserSignupUserEmailAnnotationKey: userEmail, toolchainv1alpha1.UserSignupVerificationCounterAnnotationKey: "0", - toolchainv1alpha1.SSOUserIDAnnotationKey: userID, - toolchainv1alpha1.SSOAccountIDAnnotationKey: accountID, }, Labels: map[string]string{ toolchainv1alpha1.UserSignupUserEmailHashLabelKey: emailHash, @@ -122,12 +119,6 @@ func (s *ServiceImpl) newUserSignup(ctx *gin.Context) (*toolchainv1alpha1.UserSi }, Spec: toolchainv1alpha1.UserSignupSpec{ TargetCluster: "", - Userid: ctx.GetString(context.SubKey), - Username: ctx.GetString(context.UsernameKey), - GivenName: ctx.GetString(context.GivenNameKey), - FamilyName: ctx.GetString(context.FamilyNameKey), - Company: ctx.GetString(context.CompanyKey), - OriginalSub: ctx.GetString(context.OriginalSubKey), IdentityClaims: toolchainv1alpha1.IdentityClaimsEmbedded{ PropagatedClaims: toolchainv1alpha1.PropagatedClaims{ @@ -135,7 +126,7 @@ func (s *ServiceImpl) newUserSignup(ctx *gin.Context) (*toolchainv1alpha1.UserSi UserID: ctx.GetString(context.UserIDKey), AccountID: ctx.GetString(context.AccountIDKey), OriginalSub: ctx.GetString(context.OriginalSubKey), - Email: ctx.GetString(context.EmailKey), + Email: userEmail, }, PreferredUsername: ctx.GetString(context.UsernameKey), GivenName: ctx.GetString(context.GivenNameKey), @@ -536,29 +527,6 @@ func (s *ServiceImpl) auditUserSignupAgainstClaims(ctx *gin.Context, userSignup updated = true } - // Check the user_id and account_id annotations in the retrieved UserSignup. If either of them are empty, but the - // values exist within the claims of the current user's Access Token then set the values in the UserSignup and update - // the resource. - // FIXME the following code may be removed after all UserSignup records have their IdentityClaims property fully populated - userIDValue, userIDFound := userSignup.Annotations[toolchainv1alpha1.SSOUserIDAnnotationKey] - accountIDValue, accountIDFound := userSignup.Annotations[toolchainv1alpha1.SSOAccountIDAnnotationKey] - - if !userIDFound || userIDValue == "" { - userID := ctx.GetString(context.UserIDKey) - if userID != "" { - userSignup.Annotations[toolchainv1alpha1.SSOUserIDAnnotationKey] = userID - updated = true - } - } - - if !accountIDFound || accountIDValue == "" { - accountID := ctx.GetString(context.AccountIDKey) - if accountID != "" { - userSignup.Annotations[toolchainv1alpha1.SSOAccountIDAnnotationKey] = accountID - updated = true - } - } - return updated } @@ -617,7 +585,7 @@ func (s *ServiceImpl) PhoneNumberAlreadyInUse(userID, username, phoneNumberOrHas return errors.NewInternalError(err, "failed listing userSignups") } for _, signup := range userSignups { - if signup.Spec.Userid != userID && signup.Spec.Username != username && !states.Deactivated(signup) { // nolint:gosec + if signup.Spec.IdentityClaims.Sub != userID && signup.Spec.IdentityClaims.PreferredUsername != username && !states.Deactivated(signup) { // nolint:gosec return errors.NewForbiddenError("cannot re-register with phone number", "phone number already in use") } diff --git a/pkg/signup/service/signup_service_test.go b/pkg/signup/service/signup_service_test.go index ef36631f..804c4e4e 100644 --- a/pkg/signup/service/signup_service_test.go +++ b/pkg/signup/service/signup_service_test.go @@ -81,16 +81,8 @@ func (s *TestSignupServiceSuite) TestSignup() { val := userSignups.Items[0] require.Equal(s.T(), configuration.Namespace(), val.Namespace) - require.Equal(s.T(), userID.String(), val.Spec.Userid) require.Equal(s.T(), username, val.Name) - require.Equal(s.T(), username, val.Spec.IdentityClaims.PreferredUsername) - require.Equal(s.T(), "jane", val.Spec.GivenName) - require.Equal(s.T(), "doe", val.Spec.FamilyName) - require.Equal(s.T(), "red hat", val.Spec.Company) require.True(s.T(), states.VerificationRequired(&val)) - require.Equal(s.T(), "jsmith@gmail.com", val.Annotations[toolchainv1alpha1.UserSignupUserEmailAnnotationKey]) - require.Equal(s.T(), "13349822", val.Annotations[toolchainv1alpha1.SSOUserIDAnnotationKey]) - require.Equal(s.T(), "45983711", val.Annotations[toolchainv1alpha1.SSOAccountIDAnnotationKey]) require.Equal(s.T(), "a7b1b413c1cbddbcd19a51222ef8e20a", val.Labels[toolchainv1alpha1.UserSignupUserEmailHashLabelKey]) require.Empty(s.T(), val.Annotations[toolchainv1alpha1.SkipAutoCreateSpaceAnnotationKey]) // skip auto create space annotation is not set by default @@ -127,7 +119,7 @@ func (s *TestSignupServiceSuite) TestSignup() { require.NoError(s.T(), err) assert.Empty(s.T(), userSignup.Annotations[toolchainv1alpha1.UserSignupActivationCounterAnnotationKey]) // at this point, the activation counter annotation is not set assert.Empty(s.T(), userSignup.Annotations[toolchainv1alpha1.UserSignupLastTargetClusterAnnotationKey]) // at this point, the last target cluster annotation is not set - require.Equal(s.T(), "original-sub-value", userSignup.Spec.OriginalSub) + require.Equal(s.T(), "original-sub-value", userSignup.Spec.IdentityClaims.OriginalSub) gvr, existing := assertUserSignupExists(userSignup, "jsmith") @@ -531,13 +523,8 @@ func (s *TestSignupServiceSuite) TestFailsIfUserSignupNameAlreadyExists() { ObjectMeta: v1.ObjectMeta{ Name: userID.String(), Namespace: configuration.Namespace(), - Annotations: map[string]string{ - toolchainv1alpha1.UserSignupUserEmailAnnotationKey: "john@gmail.com", - }, - }, - Spec: toolchainv1alpha1.UserSignupSpec{ - Username: "john@gmail.com", }, + Spec: toolchainv1alpha1.UserSignupSpec{}, }) require.NoError(s.T(), err) @@ -706,13 +693,7 @@ func (s *TestSignupServiceSuite) TestOKIfOtherUserBanned() { val := userSignups.Items[0] require.Equal(s.T(), configuration.Namespace(), val.Namespace) require.Equal(s.T(), "jsmith", val.Name) - require.Equal(s.T(), "jsmith", val.Spec.IdentityClaims.PreferredUsername) - require.Equal(s.T(), userID.String(), val.Spec.Userid) - require.Equal(s.T(), "", val.Spec.GivenName) - require.Equal(s.T(), "", val.Spec.FamilyName) - require.Equal(s.T(), "", val.Spec.Company) require.False(s.T(), states.ApprovedManually(&val)) - require.Equal(s.T(), "jsmith@gmail.com", val.Annotations[toolchainv1alpha1.UserSignupUserEmailAnnotationKey]) require.Equal(s.T(), "a7b1b413c1cbddbcd19a51222ef8e20a", val.Labels[toolchainv1alpha1.UserSignupUserEmailHashLabelKey]) } @@ -1029,7 +1010,7 @@ func (s *TestSignupServiceSuite) TestGetSignupNoStatusNotCompleteCondition() { require.NoError(s.T(), err) // when - response, err := s.Application.SignupService().GetSignup(c, userID.String(), "") + response, err := s.Application.SignupService().GetSignup(c, userID.String(), "bill") // then require.NoError(s.T(), err) @@ -1846,12 +1827,12 @@ func (s *TestSignupServiceSuite) TestUpdateUserSignup() { val, err := s.Application.SignupService().GetUserSignupFromIdentifier(us.Name, "") require.NoError(s.T(), err) - val.Spec.FamilyName = "Johnson" + val.Spec.IdentityClaims.FamilyName = "Johnson" updated, err := s.Application.SignupService().UpdateUserSignup(val) require.NoError(s.T(), err) - require.Equal(s.T(), val.Spec.FamilyName, updated.Spec.FamilyName) + require.Equal(s.T(), val.Spec.IdentityClaims.FamilyName, updated.Spec.IdentityClaims.FamilyName) }) s.Run("updateusersignup returns error", func() { @@ -1977,139 +1958,6 @@ func (s *TestSignupServiceSuite) TestIsPhoneVerificationRequired() { } -func (s *TestSignupServiceSuite) TestGetSignupUpdatesUserSignupAnnotations() { - - s.ServiceConfiguration(configuration.Namespace(), false, "", 5) - - // Create a new UserSignup, set its UserID and AccountID annotations - userSignup := s.newUserSignupComplete() - - err := s.FakeUserSignupClient.Tracker.Add(userSignup) - require.NoError(s.T(), err) - - mur := &toolchainv1alpha1.MasterUserRecord{ - TypeMeta: v1.TypeMeta{}, - ObjectMeta: v1.ObjectMeta{ - Name: userSignup.Status.CompliantUsername, - Namespace: configuration.Namespace(), - }, - Spec: toolchainv1alpha1.MasterUserRecordSpec{ - UserAccounts: []toolchainv1alpha1.UserAccountEmbedded{{TargetCluster: "member-123"}}, - }, - Status: toolchainv1alpha1.MasterUserRecordStatus{ - Conditions: []toolchainv1alpha1.Condition{ - { - Type: toolchainv1alpha1.MasterUserRecordReady, - Status: "true", - }, - }, - }, - } - err = s.FakeMasterUserRecordClient.Tracker.Add(mur) - require.NoError(s.T(), err) - - s.Run("confirm nothing changed when context empty", func() { - c, _ := gin.CreateTestContext(httptest.NewRecorder()) - _, err := s.Application.SignupService().GetSignup(c, userSignup.Name, userSignup.Spec.IdentityClaims.PreferredUsername) - require.NoError(s.T(), err) - - modified, err := s.FakeUserSignupClient.Get(userSignup.Name) - require.NoError(s.T(), err) - - require.NotContains(s.T(), modified.Annotations, toolchainv1alpha1.SSOUserIDAnnotationKey) - require.NotContains(s.T(), modified.Annotations, toolchainv1alpha1.SSOAccountIDAnnotationKey) - }) - - s.Run("userID annotation updated when set in context", func() { - c, _ := gin.CreateTestContext(httptest.NewRecorder()) - c.Set(context.UserIDKey, "888888") - - _, err := s.Application.SignupService().GetSignup(c, userSignup.Name, userSignup.Spec.IdentityClaims.PreferredUsername) - require.NoError(s.T(), err) - - modified, err := s.FakeUserSignupClient.Get(userSignup.Name) - require.NoError(s.T(), err) - - require.Equal(s.T(), "888888", modified.Annotations[toolchainv1alpha1.SSOUserIDAnnotationKey]) - require.NotContains(s.T(), modified.Annotations, toolchainv1alpha1.SSOAccountIDAnnotationKey) - }) - - s.Run("confirm nothing changed when context nil", func() { - _, err := s.Application.SignupService().GetSignup(nil, userSignup.Name, userSignup.Spec.IdentityClaims.PreferredUsername) - require.NoError(s.T(), err) - - modified, err := s.FakeUserSignupClient.Get(userSignup.Name) - require.NoError(s.T(), err) - - require.Equal(s.T(), "888888", modified.Annotations[toolchainv1alpha1.SSOUserIDAnnotationKey]) - require.NotContains(s.T(), modified.Annotations, toolchainv1alpha1.SSOAccountIDAnnotationKey) - }) - - s.Run("accountID annotation updated when set in context and some update attempts fail", func() { - counter := 0 - s.FakeUserSignupClient.MockUpdate = func(value *toolchainv1alpha1.UserSignup) (userSignup *toolchainv1alpha1.UserSignup, e error) { - counter++ - if counter < 3 { - s.FakeUserSignupClient.MockUpdate = nil - return s.FakeUserSignupClient.Update(value) - } - return value, nil - } - defer func() { - s.FakeUserSignupClient.MockUpdate = nil - }() - - c, _ := gin.CreateTestContext(httptest.NewRecorder()) - // Set the userID context value to empty string - c.Set(context.UserIDKey, "") - c.Set(context.AccountIDKey, "1234567890") - - _, err := s.Application.SignupService().GetSignup(c, userSignup.Name, userSignup.Spec.IdentityClaims.PreferredUsername) - require.NoError(s.T(), err) - - modified, err := s.FakeUserSignupClient.Get(userSignup.Name) - require.NoError(s.T(), err) - - // Confirm that the userID annotation wasn't updated - require.Equal(s.T(), "888888", modified.Annotations[toolchainv1alpha1.SSOUserIDAnnotationKey]) - require.Equal(s.T(), "1234567890", modified.Annotations[toolchainv1alpha1.SSOAccountIDAnnotationKey]) - - s.Run("userID and accountID annotations not overridden when already set and context values different", func() { - c, _ := gin.CreateTestContext(httptest.NewRecorder()) - // Set the userID and accountID context values to different values - c.Set(context.UserIDKey, "7777777") - c.Set(context.AccountIDKey, "0987654321") - - _, err := s.Application.SignupService().GetSignup(c, userSignup.Name, userSignup.Spec.IdentityClaims.PreferredUsername) - require.NoError(s.T(), err) - - modified, err := s.FakeUserSignupClient.Get(userSignup.Name) - require.NoError(s.T(), err) - - // Confirm that both annotations are NOT updated - require.Equal(s.T(), "888888", modified.Annotations[toolchainv1alpha1.SSOUserIDAnnotationKey]) - require.Equal(s.T(), "1234567890", modified.Annotations[toolchainv1alpha1.SSOAccountIDAnnotationKey]) - - s.Run("userID and accountID annotations not overridden when already set and context values are the same", func() { - c, _ := gin.CreateTestContext(httptest.NewRecorder()) - // Set the userID and accountID context values to same values - c.Set(context.UserIDKey, "888888") - c.Set(context.AccountIDKey, "1234567890") - - _, err := s.Application.SignupService().GetSignup(c, userSignup.Name, userSignup.Spec.IdentityClaims.PreferredUsername) - require.NoError(s.T(), err) - - modified, err := s.FakeUserSignupClient.Get(userSignup.Name) - require.NoError(s.T(), err) - - // Confirm that both annotations are still not updated - require.Equal(s.T(), "888888", modified.Annotations[toolchainv1alpha1.SSOUserIDAnnotationKey]) - require.Equal(s.T(), "1234567890", modified.Annotations[toolchainv1alpha1.SSOAccountIDAnnotationKey]) - }) - }) - }) -} - func (s *TestSignupServiceSuite) TestGetSignupUpdatesUserSignupIdentityClaims() { s.ServiceConfiguration(configuration.Namespace(), false, "", 5) @@ -2255,8 +2103,7 @@ func (s *TestSignupServiceSuite) newUserSignupCompleteWithReason(reason string) Name: userID.String(), Namespace: configuration.Namespace(), Annotations: map[string]string{ - toolchainv1alpha1.UserSignupUserEmailAnnotationKey: "jsmith@redhat.com", - toolchainv1alpha1.UserSignupUserEmailHashLabelKey: "90cb861692508c36933b85dfe43f5369", + toolchainv1alpha1.UserSignupUserEmailHashLabelKey: "90cb861692508c36933b85dfe43f5369", }, }, Spec: toolchainv1alpha1.UserSignupSpec{ diff --git a/pkg/verification/service/verification_service.go b/pkg/verification/service/verification_service.go index a2f4690e..3a1f3461 100644 --- a/pkg/verification/service/verification_service.go +++ b/pkg/verification/service/verification_service.go @@ -172,6 +172,10 @@ func (s *ServiceImpl) InitVerification(ctx *gin.Context, userID, username, e164P signup.Labels = map[string]string{} } + if signup.Annotations == nil { + signup.Annotations = map[string]string{} + } + for k, v := range labelValues { signup.Labels[k] = v } @@ -320,6 +324,10 @@ func (s *ServiceImpl) VerifyPhoneCode(ctx *gin.Context, userID, username, code s return err } + if signup.Annotations == nil { + signup.Annotations = map[string]string{} + } + if unsetVerificationRequired { states.SetVerificationRequired(signup, false) } diff --git a/pkg/verification/service/verification_service_test.go b/pkg/verification/service/verification_service_test.go index ad507e01..d7e888c5 100644 --- a/pkg/verification/service/verification_service_test.go +++ b/pkg/verification/service/verification_service_test.go @@ -141,15 +141,14 @@ func (s *TestVerificationServiceSuite) TestInitVerification() { ObjectMeta: metav1.ObjectMeta{ Name: "123", Namespace: configuration.Namespace(), - Annotations: map[string]string{ - toolchainv1alpha1.UserSignupUserEmailAnnotationKey: "sbryzak@redhat.com", - }, Labels: map[string]string{ toolchainv1alpha1.UserSignupUserPhoneHashLabelKey: "+1NUMBER", }, }, Spec: toolchainv1alpha1.UserSignupSpec{ - Username: "sbryzak@redhat.com", + IdentityClaims: toolchainv1alpha1.IdentityClaimsEmbedded{ + PreferredUsername: "sbryzak@redhat.com", + }, }, } @@ -160,15 +159,14 @@ func (s *TestVerificationServiceSuite) TestInitVerification() { ObjectMeta: metav1.ObjectMeta{ Name: "jsmith", Namespace: configuration.Namespace(), - Annotations: map[string]string{ - toolchainv1alpha1.UserSignupUserEmailAnnotationKey: "jsmith@redhat.com", - }, Labels: map[string]string{ toolchainv1alpha1.UserSignupUserPhoneHashLabelKey: "+61NUMBER", }, }, Spec: toolchainv1alpha1.UserSignupSpec{ - Username: "jsmith", + IdentityClaims: toolchainv1alpha1.IdentityClaimsEmbedded{ + PreferredUsername: "jsmith", + }, }, } @@ -185,7 +183,7 @@ func (s *TestVerificationServiceSuite) TestInitVerification() { // Test the init verification for the first UserSignup ctx, _ := gin.CreateTestContext(httptest.NewRecorder()) - err = s.Application.VerificationService().InitVerification(ctx, userSignup.Name, userSignup.Spec.Username, "+1NUMBER", "1") + err = s.Application.VerificationService().InitVerification(ctx, userSignup.Name, userSignup.Spec.IdentityClaims.PreferredUsername, "+1NUMBER", "1") require.NoError(s.T(), err) userSignup, err = s.FakeUserSignupClient.Get(userSignup.Name) @@ -220,7 +218,7 @@ func (s *TestVerificationServiceSuite) TestInitVerification() { ctx, _ = gin.CreateTestContext(httptest.NewRecorder()) // This time we won't pass in the UserID, just the username yet still expect the UserSignup to be found - err = s.Application.VerificationService().InitVerification(ctx, "", userSignup2.Spec.Username, "+61NUMBER", "1") + err = s.Application.VerificationService().InitVerification(ctx, "", userSignup2.Spec.IdentityClaims.PreferredUsername, "+61NUMBER", "1") require.NoError(s.T(), err) userSignup2, err = s.FakeUserSignupClient.Get(userSignup2.Name) @@ -283,15 +281,14 @@ func (s *TestVerificationServiceSuite) TestInitVerificationClientFailure() { ObjectMeta: metav1.ObjectMeta{ Name: "123", Namespace: configuration.Namespace(), - Annotations: map[string]string{ - toolchainv1alpha1.UserSignupUserEmailAnnotationKey: "sbryzak@redhat.com", - }, Labels: map[string]string{ toolchainv1alpha1.UserSignupUserPhoneHashLabelKey: "+1NUMBER", }, }, Spec: toolchainv1alpha1.UserSignupSpec{ - Username: "sbryzak@redhat.com", + IdentityClaims: toolchainv1alpha1.IdentityClaimsEmbedded{ + PreferredUsername: "shane@redhat.com", + }, }, } @@ -309,7 +306,7 @@ func (s *TestVerificationServiceSuite) TestInitVerificationClientFailure() { defer func() { s.FakeUserSignupClient.MockGet = nil }() ctx, _ := gin.CreateTestContext(httptest.NewRecorder()) - err = s.Application.VerificationService().InitVerification(ctx, userSignup.Name, userSignup.Spec.Username, "+1NUMBER", "1") + err = s.Application.VerificationService().InitVerification(ctx, userSignup.Name, userSignup.Spec.IdentityClaims.PreferredUsername, "+1NUMBER", "1") require.EqualError(s.T(), err, "get failed: error retrieving usersignup: 123", err.Error()) }) @@ -322,7 +319,7 @@ func (s *TestVerificationServiceSuite) TestInitVerificationClientFailure() { defer func() { s.FakeUserSignupClient.MockUpdate = nil }() ctx, _ := gin.CreateTestContext(httptest.NewRecorder()) - err = s.Application.VerificationService().InitVerification(ctx, userSignup.Name, userSignup.Spec.Username, "+1NUMBER", "1") + err = s.Application.VerificationService().InitVerification(ctx, userSignup.Name, userSignup.Spec.IdentityClaims.PreferredUsername, "+1NUMBER", "1") require.EqualError(s.T(), err, "there was an error while updating your account - please wait a moment before "+ "trying again. If this error persists, please contact the Developer Sandbox team at devsandbox@redhat.com "+ "for assistance: error while verifying phone code") @@ -344,7 +341,7 @@ func (s *TestVerificationServiceSuite) TestInitVerificationClientFailure() { defer func() { s.FakeUserSignupClient.MockUpdate = nil }() ctx, _ := gin.CreateTestContext(httptest.NewRecorder()) - err = s.Application.VerificationService().InitVerification(ctx, userSignup.Name, userSignup.Spec.Username, "+1NUMBER", "1") + err = s.Application.VerificationService().InitVerification(ctx, userSignup.Name, userSignup.Spec.IdentityClaims.PreferredUsername, "+1NUMBER", "1") require.NoError(s.T(), err) userSignup, err = s.FakeUserSignupClient.Get(userSignup.Name) @@ -391,7 +388,6 @@ func (s *TestVerificationServiceSuite) TestInitVerificationPassesWhenMaxCountRea Name: "123", Namespace: configuration.Namespace(), Annotations: map[string]string{ - toolchainv1alpha1.UserSignupUserEmailAnnotationKey: "testuser@redhat.com", toolchainv1alpha1.UserSignupVerificationInitTimestampAnnotationKey: now.Add(-25 * time.Hour).Format(verificationservice.TimestampLayout), toolchainv1alpha1.UserVerificationAttemptsAnnotationKey: "3", toolchainv1alpha1.UserSignupVerificationCodeAnnotationKey: "123456", @@ -401,7 +397,9 @@ func (s *TestVerificationServiceSuite) TestInitVerificationPassesWhenMaxCountRea }, }, Spec: toolchainv1alpha1.UserSignupSpec{ - Username: "sbryzak@redhat.com", + IdentityClaims: toolchainv1alpha1.IdentityClaimsEmbedded{ + PreferredUsername: "shane@redhat.com", + }, }, } states.SetVerificationRequired(userSignup, true) @@ -410,7 +408,7 @@ func (s *TestVerificationServiceSuite) TestInitVerificationPassesWhenMaxCountRea require.NoError(s.T(), err) ctx, _ := gin.CreateTestContext(httptest.NewRecorder()) - err = s.Application.VerificationService().InitVerification(ctx, userSignup.Name, userSignup.Spec.Username, "+1NUMBER", "1") + err = s.Application.VerificationService().InitVerification(ctx, userSignup.Name, userSignup.Spec.IdentityClaims.PreferredUsername, "+1NUMBER", "1") require.NoError(s.T(), err) userSignup, err = s.FakeUserSignupClient.Get(userSignup.Name) @@ -449,7 +447,6 @@ func (s *TestVerificationServiceSuite) TestInitVerificationFailsWhenCountContain Name: "123", Namespace: configuration.Namespace(), Annotations: map[string]string{ - toolchainv1alpha1.UserSignupUserEmailAnnotationKey: "testuser@redhat.com", toolchainv1alpha1.UserSignupVerificationCounterAnnotationKey: "abc", toolchainv1alpha1.UserSignupVerificationInitTimestampAnnotationKey: now.Format(verificationservice.TimestampLayout), }, @@ -458,7 +455,9 @@ func (s *TestVerificationServiceSuite) TestInitVerificationFailsWhenCountContain }, }, Spec: toolchainv1alpha1.UserSignupSpec{ - Username: "sbryzak@redhat.com", + IdentityClaims: toolchainv1alpha1.IdentityClaimsEmbedded{ + PreferredUsername: "shane@redhat.com", + }, }, } states.SetVerificationRequired(userSignup, true) @@ -467,7 +466,7 @@ func (s *TestVerificationServiceSuite) TestInitVerificationFailsWhenCountContain require.NoError(s.T(), err) ctx, _ := gin.CreateTestContext(httptest.NewRecorder()) - err = s.Application.VerificationService().InitVerification(ctx, userSignup.Name, userSignup.Spec.Username, "+1NUMBER", "1") + err = s.Application.VerificationService().InitVerification(ctx, userSignup.Name, userSignup.Spec.IdentityClaims.PreferredUsername, "+1NUMBER", "1") require.EqualError(s.T(), err, "daily limit exceeded: cannot generate new verification code") } @@ -491,7 +490,6 @@ func (s *TestVerificationServiceSuite) TestInitVerificationFailsDailyCounterExce Name: "123", Namespace: configuration.Namespace(), Annotations: map[string]string{ - toolchainv1alpha1.UserSignupUserEmailAnnotationKey: "testuser@redhat.com", toolchainv1alpha1.UserSignupVerificationCounterAnnotationKey: strconv.Itoa(cfg.Verification().DailyLimit()), toolchainv1alpha1.UserSignupVerificationInitTimestampAnnotationKey: now.Format(verificationservice.TimestampLayout), }, @@ -500,7 +498,9 @@ func (s *TestVerificationServiceSuite) TestInitVerificationFailsDailyCounterExce }, }, Spec: toolchainv1alpha1.UserSignupSpec{ - Username: "sbryzak@redhat.com", + IdentityClaims: toolchainv1alpha1.IdentityClaimsEmbedded{ + PreferredUsername: "shane@redhat.com", + }, }, } states.SetVerificationRequired(userSignup, true) @@ -509,7 +509,7 @@ func (s *TestVerificationServiceSuite) TestInitVerificationFailsDailyCounterExce require.NoError(s.T(), err) ctx, _ := gin.CreateTestContext(httptest.NewRecorder()) - err = s.Application.VerificationService().InitVerification(ctx, userSignup.Name, userSignup.Spec.Username, "+1NUMBER", "1") + err = s.Application.VerificationService().InitVerification(ctx, userSignup.Name, userSignup.Spec.IdentityClaims.PreferredUsername, "+1NUMBER", "1") require.EqualError(s.T(), err, "daily limit exceeded: cannot generate new verification code", err.Error()) require.Empty(s.T(), userSignup.Annotations[toolchainv1alpha1.UserSignupVerificationCodeAnnotationKey]) } @@ -535,15 +535,14 @@ func (s *TestVerificationServiceSuite) TestInitVerificationFailsWhenPhoneNumberI ObjectMeta: metav1.ObjectMeta{ Name: "alpha", Namespace: configuration.Namespace(), - Annotations: map[string]string{ - toolchainv1alpha1.UserSignupUserEmailAnnotationKey: "alpha@foxtrot.com", - }, Labels: map[string]string{ toolchainv1alpha1.UserSignupUserPhoneHashLabelKey: phoneHash, }, }, Spec: toolchainv1alpha1.UserSignupSpec{ - Username: "alpha@foxtrot.com", + IdentityClaims: toolchainv1alpha1.IdentityClaimsEmbedded{ + PreferredUsername: "alpha@foxtrot.com", + }, }, } states.SetApprovedManually(alphaUserSignup, true) @@ -556,13 +555,12 @@ func (s *TestVerificationServiceSuite) TestInitVerificationFailsWhenPhoneNumberI ObjectMeta: metav1.ObjectMeta{ Name: "bravo", Namespace: configuration.Namespace(), - Annotations: map[string]string{ - toolchainv1alpha1.UserSignupUserEmailAnnotationKey: "bravo@foxtrot.com", - }, - Labels: map[string]string{}, + Labels: map[string]string{}, }, Spec: toolchainv1alpha1.UserSignupSpec{ - Username: "bravo@foxtrot.com", + IdentityClaims: toolchainv1alpha1.IdentityClaimsEmbedded{ + PreferredUsername: "bravo@foxtrot.com", + }, }, } states.SetVerificationRequired(bravoUserSignup, true) @@ -571,7 +569,7 @@ func (s *TestVerificationServiceSuite) TestInitVerificationFailsWhenPhoneNumberI require.NoError(s.T(), err) ctx, _ := gin.CreateTestContext(httptest.NewRecorder()) - err = s.Application.VerificationService().InitVerification(ctx, bravoUserSignup.Name, bravoUserSignup.Spec.Username, e164PhoneNumber, "1") + err = s.Application.VerificationService().InitVerification(ctx, bravoUserSignup.Name, bravoUserSignup.Spec.IdentityClaims.PreferredUsername, e164PhoneNumber, "1") require.Error(s.T(), err) require.Equal(s.T(), "phone number already in use: cannot register using phone number: +19875551122", err.Error()) @@ -603,16 +601,15 @@ func (s *TestVerificationServiceSuite) TestInitVerificationOKWhenPhoneNumberInUs ObjectMeta: metav1.ObjectMeta{ Name: "alpha", Namespace: configuration.Namespace(), - Annotations: map[string]string{ - toolchainv1alpha1.UserSignupUserEmailAnnotationKey: "alpha@foxtrot.com", - }, Labels: map[string]string{ toolchainv1alpha1.UserSignupUserPhoneHashLabelKey: phoneHash, toolchainv1alpha1.UserSignupStateLabelKey: toolchainv1alpha1.UserSignupStateLabelValueDeactivated, }, }, Spec: toolchainv1alpha1.UserSignupSpec{ - Username: "alpha@foxtrot.com", + IdentityClaims: toolchainv1alpha1.IdentityClaimsEmbedded{ + PreferredUsername: "alpha@foxtrot.com", + }, }, } states.SetApprovedManually(alphaUserSignup, true) @@ -626,13 +623,12 @@ func (s *TestVerificationServiceSuite) TestInitVerificationOKWhenPhoneNumberInUs ObjectMeta: metav1.ObjectMeta{ Name: "bravo", Namespace: configuration.Namespace(), - Annotations: map[string]string{ - toolchainv1alpha1.UserSignupUserEmailAnnotationKey: "bravo@foxtrot.com", - }, - Labels: map[string]string{}, + Labels: map[string]string{}, }, Spec: toolchainv1alpha1.UserSignupSpec{ - Username: "bravo@foxtrot.com", + IdentityClaims: toolchainv1alpha1.IdentityClaimsEmbedded{ + PreferredUsername: "bravo@foxtrot.com", + }, }, } states.SetVerificationRequired(bravoUserSignup, true) @@ -641,7 +637,7 @@ func (s *TestVerificationServiceSuite) TestInitVerificationOKWhenPhoneNumberInUs require.NoError(s.T(), err) ctx, _ := gin.CreateTestContext(httptest.NewRecorder()) - err = s.Application.VerificationService().InitVerification(ctx, bravoUserSignup.Name, bravoUserSignup.Spec.Username, e164PhoneNumber, "1") + err = s.Application.VerificationService().InitVerification(ctx, bravoUserSignup.Name, bravoUserSignup.Spec.IdentityClaims.PreferredUsername, e164PhoneNumber, "1") require.NoError(s.T(), err) // Reload bravoUserSignup @@ -663,7 +659,6 @@ func (s *TestVerificationServiceSuite) TestVerifyPhoneCode() { Name: "123", Namespace: configuration.Namespace(), Annotations: map[string]string{ - toolchainv1alpha1.UserSignupUserEmailAnnotationKey: "sbryzak@redhat.com", toolchainv1alpha1.UserVerificationAttemptsAnnotationKey: "0", toolchainv1alpha1.UserSignupCaptchaScoreAnnotationKey: "0.8", toolchainv1alpha1.UserSignupVerificationCodeAnnotationKey: "123456", @@ -674,7 +669,9 @@ func (s *TestVerificationServiceSuite) TestVerifyPhoneCode() { }, }, Spec: toolchainv1alpha1.UserSignupSpec{ - Username: "sbryzak@redhat.com", + IdentityClaims: toolchainv1alpha1.IdentityClaimsEmbedded{ + PreferredUsername: "shane@redhat.com", + }, }, } states.SetVerificationRequired(userSignup, true) @@ -683,7 +680,7 @@ func (s *TestVerificationServiceSuite) TestVerifyPhoneCode() { require.NoError(s.T(), err) ctx, _ := gin.CreateTestContext(httptest.NewRecorder()) - err = s.Application.VerificationService().VerifyPhoneCode(ctx, userSignup.Name, userSignup.Spec.Username, "123456") + err = s.Application.VerificationService().VerifyPhoneCode(ctx, userSignup.Name, userSignup.Spec.IdentityClaims.PreferredUsername, "123456") require.NoError(s.T(), err) userSignup, err = s.FakeUserSignupClient.Get(userSignup.Name) @@ -699,7 +696,6 @@ func (s *TestVerificationServiceSuite) TestVerifyPhoneCode() { Name: "employee085", Namespace: configuration.Namespace(), Annotations: map[string]string{ - toolchainv1alpha1.UserSignupUserEmailAnnotationKey: "employee085@redhat.com", toolchainv1alpha1.UserVerificationAttemptsAnnotationKey: "0", toolchainv1alpha1.UserSignupCaptchaScoreAnnotationKey: "0.7", toolchainv1alpha1.UserSignupVerificationCodeAnnotationKey: "654321", @@ -710,7 +706,9 @@ func (s *TestVerificationServiceSuite) TestVerifyPhoneCode() { }, }, Spec: toolchainv1alpha1.UserSignupSpec{ - Username: "employee085@redhat.com", + IdentityClaims: toolchainv1alpha1.IdentityClaimsEmbedded{ + PreferredUsername: "employee085@redhat.com", + }, }, } states.SetVerificationRequired(userSignup, true) @@ -735,7 +733,6 @@ func (s *TestVerificationServiceSuite) TestVerifyPhoneCode() { Name: "123", Namespace: configuration.Namespace(), Annotations: map[string]string{ - toolchainv1alpha1.UserSignupUserEmailAnnotationKey: "sbryzak@redhat.com", toolchainv1alpha1.UserVerificationAttemptsAnnotationKey: "0", toolchainv1alpha1.UserSignupVerificationCodeAnnotationKey: "000000", toolchainv1alpha1.UserVerificationExpiryAnnotationKey: now.Add(10 * time.Second).Format(verificationservice.TimestampLayout), @@ -745,7 +742,9 @@ func (s *TestVerificationServiceSuite) TestVerifyPhoneCode() { }, }, Spec: toolchainv1alpha1.UserSignupSpec{ - Username: "sbryzak@redhat.com", + IdentityClaims: toolchainv1alpha1.IdentityClaimsEmbedded{ + PreferredUsername: "shane@redhat.com", + }, }, } @@ -756,7 +755,7 @@ func (s *TestVerificationServiceSuite) TestVerifyPhoneCode() { require.NoError(s.T(), err) ctx, _ := gin.CreateTestContext(httptest.NewRecorder()) - err = s.Application.VerificationService().VerifyPhoneCode(ctx, userSignup.Name, userSignup.Spec.Username, "123456") + err = s.Application.VerificationService().VerifyPhoneCode(ctx, userSignup.Name, userSignup.Spec.IdentityClaims.PreferredUsername, "123456") require.Error(s.T(), err) e := &crterrors.Error{} require.True(s.T(), errors.As(err, &e)) @@ -771,7 +770,6 @@ func (s *TestVerificationServiceSuite) TestVerifyPhoneCode() { Name: "123", Namespace: configuration.Namespace(), Annotations: map[string]string{ - toolchainv1alpha1.UserSignupUserEmailAnnotationKey: "sbryzak@redhat.com", toolchainv1alpha1.UserVerificationAttemptsAnnotationKey: "0", toolchainv1alpha1.UserSignupVerificationCodeAnnotationKey: "123456", toolchainv1alpha1.UserVerificationExpiryAnnotationKey: now.Add(-10 * time.Second).Format(verificationservice.TimestampLayout), @@ -781,7 +779,9 @@ func (s *TestVerificationServiceSuite) TestVerifyPhoneCode() { }, }, Spec: toolchainv1alpha1.UserSignupSpec{ - Username: "sbryzak@redhat.com", + IdentityClaims: toolchainv1alpha1.IdentityClaimsEmbedded{ + PreferredUsername: "shane@redhat.com", + }, }, } @@ -791,7 +791,7 @@ func (s *TestVerificationServiceSuite) TestVerifyPhoneCode() { require.NoError(s.T(), err) ctx, _ := gin.CreateTestContext(httptest.NewRecorder()) - err = s.Application.VerificationService().VerifyPhoneCode(ctx, userSignup.Name, userSignup.Spec.Username, "123456") + err = s.Application.VerificationService().VerifyPhoneCode(ctx, userSignup.Name, userSignup.Spec.IdentityClaims.PreferredUsername, "123456") e := &crterrors.Error{} require.True(s.T(), errors.As(err, &e)) require.Equal(s.T(), "expired: verification code expired", e.Error()) @@ -805,7 +805,6 @@ func (s *TestVerificationServiceSuite) TestVerifyPhoneCode() { Name: "123", Namespace: configuration.Namespace(), Annotations: map[string]string{ - toolchainv1alpha1.UserSignupUserEmailAnnotationKey: "sbryzak@redhat.com", toolchainv1alpha1.UserVerificationAttemptsAnnotationKey: "3", toolchainv1alpha1.UserSignupVerificationCodeAnnotationKey: "123456", toolchainv1alpha1.UserVerificationExpiryAnnotationKey: now.Add(10 * time.Second).Format(verificationservice.TimestampLayout), @@ -815,7 +814,9 @@ func (s *TestVerificationServiceSuite) TestVerifyPhoneCode() { }, }, Spec: toolchainv1alpha1.UserSignupSpec{ - Username: "sbryzak@redhat.com", + IdentityClaims: toolchainv1alpha1.IdentityClaimsEmbedded{ + PreferredUsername: "shane@redhat.com", + }, }, } @@ -825,7 +826,7 @@ func (s *TestVerificationServiceSuite) TestVerifyPhoneCode() { require.NoError(s.T(), err) ctx, _ := gin.CreateTestContext(httptest.NewRecorder()) - err = s.Application.VerificationService().VerifyPhoneCode(ctx, userSignup.Name, userSignup.Spec.Username, "123456") + err = s.Application.VerificationService().VerifyPhoneCode(ctx, userSignup.Name, userSignup.Spec.IdentityClaims.PreferredUsername, "123456") require.EqualError(s.T(), err, "too many verification attempts", err.Error()) }) @@ -836,7 +837,6 @@ func (s *TestVerificationServiceSuite) TestVerifyPhoneCode() { Name: "123", Namespace: configuration.Namespace(), Annotations: map[string]string{ - toolchainv1alpha1.UserSignupUserEmailAnnotationKey: "sbryzak@redhat.com", toolchainv1alpha1.UserVerificationAttemptsAnnotationKey: "ABC", toolchainv1alpha1.UserSignupVerificationCodeAnnotationKey: "123456", toolchainv1alpha1.UserVerificationExpiryAnnotationKey: now.Add(10 * time.Second).Format(verificationservice.TimestampLayout), @@ -846,7 +846,9 @@ func (s *TestVerificationServiceSuite) TestVerifyPhoneCode() { }, }, Spec: toolchainv1alpha1.UserSignupSpec{ - Username: "sbryzak@redhat.com", + IdentityClaims: toolchainv1alpha1.IdentityClaimsEmbedded{ + PreferredUsername: "shane@redhat.com", + }, }, } @@ -856,7 +858,7 @@ func (s *TestVerificationServiceSuite) TestVerifyPhoneCode() { require.NoError(s.T(), err) ctx, _ := gin.CreateTestContext(httptest.NewRecorder()) - err = s.Application.VerificationService().VerifyPhoneCode(ctx, userSignup.Name, userSignup.Spec.Username, "123456") + err = s.Application.VerificationService().VerifyPhoneCode(ctx, userSignup.Name, userSignup.Spec.IdentityClaims.PreferredUsername, "123456") require.EqualError(s.T(), err, "too many verification attempts", err.Error()) userSignup, err = s.FakeUserSignupClient.Get(userSignup.Name) @@ -872,7 +874,6 @@ func (s *TestVerificationServiceSuite) TestVerifyPhoneCode() { Name: "123", Namespace: configuration.Namespace(), Annotations: map[string]string{ - toolchainv1alpha1.UserSignupUserEmailAnnotationKey: "sbryzak@redhat.com", toolchainv1alpha1.UserVerificationAttemptsAnnotationKey: "0", toolchainv1alpha1.UserSignupVerificationCodeAnnotationKey: "123456", toolchainv1alpha1.UserVerificationExpiryAnnotationKey: "ABC", @@ -882,7 +883,9 @@ func (s *TestVerificationServiceSuite) TestVerifyPhoneCode() { }, }, Spec: toolchainv1alpha1.UserSignupSpec{ - Username: "sbryzak@redhat.com", + IdentityClaims: toolchainv1alpha1.IdentityClaimsEmbedded{ + PreferredUsername: "shane@redhat.com", + }, }, } @@ -892,7 +895,7 @@ func (s *TestVerificationServiceSuite) TestVerifyPhoneCode() { require.NoError(s.T(), err) ctx, _ := gin.CreateTestContext(httptest.NewRecorder()) - err = s.Application.VerificationService().VerifyPhoneCode(ctx, userSignup.Name, userSignup.Spec.Username, "123456") + err = s.Application.VerificationService().VerifyPhoneCode(ctx, userSignup.Name, userSignup.Spec.IdentityClaims.PreferredUsername, "123456") require.EqualError(s.T(), err, "parsing time \"ABC\" as \"2006-01-02T15:04:05.000Z07:00\": cannot parse \"ABC\" as \"2006\": error parsing expiry timestamp", err.Error()) }) @@ -978,7 +981,6 @@ func (s *TestVerificationServiceSuite) TestVerifyPhoneCode() { Name: "123", Namespace: configuration.Namespace(), Annotations: map[string]string{ - toolchainv1alpha1.UserSignupUserEmailAnnotationKey: "sbryzak@redhat.com", toolchainv1alpha1.UserVerificationAttemptsAnnotationKey: "0", toolchainv1alpha1.UserSignupVerificationCodeAnnotationKey: "123456", toolchainv1alpha1.UserVerificationExpiryAnnotationKey: now.Add(10 * time.Minute).Format(verificationservice.TimestampLayout), @@ -988,7 +990,9 @@ func (s *TestVerificationServiceSuite) TestVerifyPhoneCode() { }, }, Spec: toolchainv1alpha1.UserSignupSpec{ - Username: "sbryzak@redhat.com", + IdentityClaims: toolchainv1alpha1.IdentityClaimsEmbedded{ + PreferredUsername: "shane@redhat.com", + }, }, } if tc.activationCounterAnnotationValue != "" { @@ -1010,7 +1014,7 @@ func (s *TestVerificationServiceSuite) TestVerifyPhoneCode() { require.NoError(s.T(), err) ctx, _ := gin.CreateTestContext(httptest.NewRecorder()) - err = s.Application.VerificationService().VerifyPhoneCode(ctx, userSignup.Name, userSignup.Spec.Username, "123456") + err = s.Application.VerificationService().VerifyPhoneCode(ctx, userSignup.Name, userSignup.Spec.IdentityClaims.PreferredUsername, "123456") // then if tc.expectedErr != "" { @@ -1043,7 +1047,7 @@ func (s *TestVerificationServiceSuite) TestVerifyActivationCode() { require.NoError(t, err) // when - err = s.Application.VerificationService().VerifyActivationCode(ctx, userSignup.Name, userSignup.Spec.Username, event.Name) + err = s.Application.VerificationService().VerifyActivationCode(ctx, userSignup.Name, userSignup.Spec.IdentityClaims.PreferredUsername, event.Name) // then require.NoError(t, err) @@ -1060,7 +1064,7 @@ func (s *TestVerificationServiceSuite) TestVerifyActivationCode() { require.NoError(t, err) // when - err = s.Application.VerificationService().VerifyActivationCode(ctx, userSignup.Name, userSignup.Spec.Username, event.Name) + err = s.Application.VerificationService().VerifyActivationCode(ctx, userSignup.Name, userSignup.Spec.IdentityClaims.PreferredUsername, event.Name) // then require.NoError(t, err) @@ -1079,7 +1083,7 @@ func (s *TestVerificationServiceSuite) TestVerifyActivationCode() { require.NoError(t, err) // when - err = s.Application.VerificationService().VerifyActivationCode(ctx, userSignup.Name, userSignup.Spec.Username, event.Name) + err = s.Application.VerificationService().VerifyActivationCode(ctx, userSignup.Name, userSignup.Spec.IdentityClaims.PreferredUsername, event.Name) // then require.EqualError(t, err, "too many verification attempts: 3") @@ -1097,7 +1101,7 @@ func (s *TestVerificationServiceSuite) TestVerifyActivationCode() { require.NoError(t, err) // when - err = s.Application.VerificationService().VerifyActivationCode(ctx, userSignup.Name, userSignup.Spec.Username, "invalid") + err = s.Application.VerificationService().VerifyActivationCode(ctx, userSignup.Name, userSignup.Spec.IdentityClaims.PreferredUsername, "invalid") // then require.EqualError(t, err, "invalid code: the provided code is invalid") @@ -1116,7 +1120,7 @@ func (s *TestVerificationServiceSuite) TestVerifyActivationCode() { require.NoError(t, err) // when - err = s.Application.VerificationService().VerifyActivationCode(ctx, userSignup.Name, userSignup.Spec.Username, "invalid") + err = s.Application.VerificationService().VerifyActivationCode(ctx, userSignup.Name, userSignup.Spec.IdentityClaims.PreferredUsername, "invalid") // then require.EqualError(t, err, "invalid code: the provided code is invalid") @@ -1135,7 +1139,7 @@ func (s *TestVerificationServiceSuite) TestVerifyActivationCode() { require.NoError(t, err) // when - err = s.Application.VerificationService().VerifyActivationCode(ctx, userSignup.Name, userSignup.Spec.Username, event.Name) + err = s.Application.VerificationService().VerifyActivationCode(ctx, userSignup.Name, userSignup.Spec.IdentityClaims.PreferredUsername, event.Name) // then require.EqualError(t, err, "invalid code: the event is full") @@ -1153,7 +1157,7 @@ func (s *TestVerificationServiceSuite) TestVerifyActivationCode() { require.NoError(t, err) // when - err = s.Application.VerificationService().VerifyActivationCode(ctx, userSignup.Name, userSignup.Spec.Username, event.Name) + err = s.Application.VerificationService().VerifyActivationCode(ctx, userSignup.Name, userSignup.Spec.IdentityClaims.PreferredUsername, event.Name) // then require.EqualError(t, err, "invalid code: the provided code is invalid") @@ -1171,7 +1175,7 @@ func (s *TestVerificationServiceSuite) TestVerifyActivationCode() { require.NoError(t, err) // when - err = s.Application.VerificationService().VerifyActivationCode(ctx, userSignup.Name, userSignup.Spec.Username, event.Name) + err = s.Application.VerificationService().VerifyActivationCode(ctx, userSignup.Name, userSignup.Spec.IdentityClaims.PreferredUsername, event.Name) // then require.EqualError(t, err, "invalid code: the provided code is invalid")