test: SSO Linking

famedly · Nov 18, 2024 · 7b1b501 · 7b1b501
1 parent 77543e0
commit 7b1b501
Show file tree

Hide file tree

Showing 2 changed files with 47 additions and 2 deletions.
diff --git a/src/zitadel.rs b/src/zitadel.rs
@@ -164,7 +164,7 @@ impl Zitadel {
 		if self.feature_flags.is_enabled(FeatureFlag::SsoLogin) {
 			user.set_idp_links(vec![IdpLink::new()
 				.with_user_id(
-					get_string_id(imported_user.get_external_id_bytes()?)
+					get_zitadel_encoded_id(imported_user.get_external_id_bytes()?)
 						.context("Failed to set IDP user ID")?,
 				)
 				.with_idp_id(self.zitadel_config.idp_id.clone())
@@ -320,7 +320,7 @@ fn search_result_to_user(user: ZitadelUser) -> Result<User> {
 /// create collisions (although this is unlikely).
 ///
 /// Only use this for Zitadel support.
-pub fn get_string_id(external_id_bytes: Vec<u8>) -> Result<String> {
+pub fn get_zitadel_encoded_id(external_id_bytes: Vec<u8>) -> Result<String> {
 	Ok(if let Ok(encoded_id) = String::from_utf8(external_id_bytes.clone()) {
 		encoded_id
 	} else {

diff --git a/tests/e2e.rs b/tests/e2e.rs
@@ -1,3 +1,5 @@
+//! E2E integration tests
+
 #![cfg(test)]
 #![allow(clippy::expect_fun_call)]
 /// E2E integration tests
@@ -1351,6 +1353,49 @@ async fn test_e2e_ldap_with_ukt_sync() {
 	assert!(user.is_err_and(|error| matches!(error, ZitadelError::TonicResponseError(status) if status.code() == TonicErrorCode::NotFound)));
 }
 
+#[test(tokio::test)]
+#[test_log(default_log_filter = "debug")]
+async fn test_e2e_sso_linking() {
+	let mut config = ldap_config().await.clone();
+	config.feature_flags.push(FeatureFlag::SsoLogin);
+
+	let mut ldap = Ldap::new().await;
+	let test_email = "[email protected]";
+	let test_uid = "sso_link_test";
+	ldap.create_user(
+		"SSO",
+		"LinkTest",
+		"SSO Link",
+		test_email,
+		Some("+12015550199"),
+		test_uid,
+		false,
+	)
+	.await;
+
+	perform_sync(&config).await.expect("syncing failed");
+
+	let zitadel = open_zitadel_connection().await;
+	let user = zitadel
+		.get_user_by_login_name(test_email)
+		.await
+		.expect("could not query Zitadel users")
+		.expect("could not find user");
+
+	let idps = zitadel.list_user_idps(user.id.clone()).await.expect("could not get user IDPs");
+
+	assert!(!idps.is_empty(), "User should have IDP links");
+
+	let idp = idps.first().expect("No IDP link found");
+	assert_eq!(idp.idp_id, config.zitadel.idp_id, "IDP link should match configured IDP");
+	assert_eq!(idp.provided_user_id, test_uid, "IDP provided_user_id should match plain LDAP uid");
+	assert_eq!(idp.user_id, user.id, "IDP user_id should match Zitadel user id");
+	assert_eq!(
+		idp.provided_user_name, test_email,
+		"IDP provided_user_name should match test_email"
+	);
+}
+
 struct Ldap {
 	client: LdapClient,
 }