chore: synchronize workspaces

ory · Jul 11, 2023 · 8fedaf1 · 8fedaf1
1 parent da2623a
commit 8fedaf1
Show file tree

Hide file tree

Showing 5 changed files with 11 additions and 10 deletions.
diff --git a/internal/testhelpers/session.go b/internal/testhelpers/session.go
@@ -45,6 +45,7 @@ func NewSessionClient(t *testing.T, u string) *http.Client {
 func maybePersistSession(t *testing.T, reg *driver.RegistryDefault, sess *session.Session) {
 	id, err := reg.PrivilegedIdentityPool().GetIdentityConfidential(context.Background(), sess.Identity.ID)
 	if err != nil {
+		require.NoError(t, sess.Identity.SetAvailableAAL(context.Background(), reg.IdentityManager()))
 		require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), sess.Identity))
 		id, err = reg.PrivilegedIdentityPool().GetIdentityConfidential(context.Background(), sess.Identity.ID)
 		require.NoError(t, err)
@@ -156,7 +157,7 @@ func NewHTTPClientWithArbitrarySessionToken(t *testing.T, reg *driver.RegistryDe
 func NewHTTPClientWithArbitrarySessionCookie(t *testing.T, reg *driver.RegistryDefault) *http.Client {
 	req := x.NewTestHTTPRequest(t, "GET", "/sessions/whoami", nil)
 	s, err := session.NewActiveSession(req,
-		&identity.Identity{ID: x.NewUUID(), State: identity.StateActive},
+		&identity.Identity{ID: x.NewUUID(), State: identity.StateActive, Traits: []byte("{}")},
 		NewSessionLifespanProvider(time.Hour),
 		time.Now(),
 		identity.CredentialsTypePassword,

diff --git a/selfservice/flow/login/handler_test.go b/selfservice/flow/login/handler_test.go
@@ -433,21 +433,21 @@ func TestFlowLifecycle(t *testing.T) {
 					"password": {
 						Type:        "password",
 						Identifiers: []string{email},
-						Config:      sqlxx.JSONRawMessage(`{"hashed_password":"foo"}`),
+						Config:      sqlxx.JSONRawMessage(`{"hashed_password": "$argon2id$v=19$m=32,t=2,p=4$cm94YnRVOW5jZzFzcVE4bQ$MNzk5BtR2vUhrp6qQEjRNw"}`),
 					},
 				},
 				Traits:   identity.Traits(fmt.Sprintf(`{"email":"%s"}`, email)),
 				SchemaID: config.DefaultIdentityTraitsSchemaID,
 			}
 
-			require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentities(context.Background(), id))
+			require.NoError(t, reg.IdentityManager().CreateIdentities(context.Background(), []*identity.Identity{id}, identity.ManagerAllowWriteProtectedTraits))
 
 			id.SetCredentials(identity.CredentialsTypeTOTP, identity.Credentials{
 				Type:        identity.CredentialsTypeTOTP,
 				Identifiers: []string{id.ID.String()},
 				Config:      sqlxx.JSONRawMessage(`{"totp_url":"` + string(key.URL()) + `"}`),
 			})
-			require.NoError(t, reg.PrivilegedIdentityPool().UpdateIdentity(context.Background(), id))
+			require.NoError(t, reg.IdentityManager().Update(context.Background(), id, identity.ManagerAllowWriteProtectedTraits))
 
 			h := func(w http.ResponseWriter, r *http.Request, _ httprouter.Params) {
 				sess, err := session.NewActiveSession(r, id, reg.Config(), time.Now().UTC(), identity.CredentialsTypePassword, identity.AuthenticatorAssuranceLevel1)
@@ -456,7 +456,6 @@ func TestFlowLifecycle(t *testing.T) {
 				require.NoError(t, reg.SessionPersister().UpsertSession(context.Background(), sess))
 				require.NoError(t, reg.SessionManager().IssueCookie(context.Background(), w, r, sess))
 				require.Equal(t, identity.AuthenticatorAssuranceLevel1, sess.AuthenticatorAssuranceLevel)
-
 			}
 
 			router.GET("/mock-session", h)

diff --git a/selfservice/strategy/totp/login_test.go b/selfservice/strategy/totp/login_test.go
@@ -78,6 +78,7 @@ func createIdentity(t *testing.T, reg driver.Registry) (*identity.Identity, stri
 			Config:      sqlxx.JSONRawMessage(`{"totp_url":"` + string(key.URL()) + `"}`),
 		},
 	}
+	require.NoError(t, i.SetAvailableAAL(context.Background(), reg.IdentityManager()))
 	require.NoError(t, reg.PrivilegedIdentityPool().UpdateIdentity(context.Background(), i))
 	return i, password, key
 }

diff --git a/session/manager_http.go b/session/manager_http.go
@@ -302,8 +302,8 @@ func (s *ManagerHTTP) DoesSessionSatisfy(r *http.Request, sess *Session, request
 		}
 
 		i := sess.Identity
-		available := identity.AuthenticatorAssuranceLevel(i.AvailableAAL.String)
-		if !i.AvailableAAL.Valid {
+		available, valid := i.AvailableAAL.ToAAL()
+		if !valid {
 			// Available is 0 if the identity was created before the AAL feature was introduced, or if the identity
 			// was directly created in the persister and not the identity manager.
 			//
@@ -321,6 +321,8 @@ func (s *ManagerHTTP) DoesSessionSatisfy(r *http.Request, sess *Session, request
 				return err
 			}
 
+			available, _ = i.AvailableAAL.ToAAL()
+
 			// This is the migration strategy for identities that already exist.
 			if managerOpts.upsertAAL {
 				if _, err := s.r.SessionPersister().GetConnection(ctx).Where("id = ? AND nid = ?", i.ID, i.NID).UpdateQuery(i, "available_aal"); err != nil {

diff --git a/session/manager_http_test.go b/session/manager_http_test.go
@@ -589,7 +589,7 @@ func TestDoesSessionSatisfy(t *testing.T) {
 			for _, c := range tc.creds {
 				id.SetCredentials(c.Type, c)
 			}
-			require.NoError(t, reg.PrivilegedIdentityPool().CreateIdentity(context.Background(), id))
+			require.NoError(t, reg.IdentityManager().Create(context.Background(), id, identity.ManagerAllowWriteProtectedTraits))
 			t.Cleanup(func() {
 				require.NoError(t, reg.PrivilegedIdentityPool().DeleteIdentity(context.Background(), id.ID))
 			})
@@ -606,9 +606,7 @@ func TestDoesSessionSatisfy(t *testing.T) {
 				if tc.expectedFunc != nil {
 					tc.expectedFunc(t, err, tc.err)
 				}
-
 				require.ErrorAs(t, err, &tc.err)
-
 			} else {
 				require.NoError(t, err)
 			}