diff --git a/management/server/account.go b/management/server/account.go index 59e277d87..804ea9edf 100644 --- a/management/server/account.go +++ b/management/server/account.go @@ -248,11 +248,16 @@ func (am *DefaultAccountManager) updateAccountDomainAttributes(account *Account, func (am *DefaultAccountManager) handleExistingUserAccount(existingAcc *Account, domainAcc *Account, claims jwtclaims.AuthorizationClaims) error { var err error - if domainAcc == nil || existingAcc.Id != domainAcc.Id { + if domainAcc != nil && existingAcc.Id != domainAcc.Id { err = am.updateAccountDomainAttributes(existingAcc, claims, false) if err != nil { return err } + } else { + err = am.updateAccountDomainAttributes(existingAcc, claims, true) + if err != nil { + return err + } } // we should register the account ID to this user's metadata in our IDP manager @@ -268,24 +273,21 @@ func (am *DefaultAccountManager) handleExistingUserAccount(existingAcc *Account, // otherwise it will create a new account and make it primary account for the domain. func (am *DefaultAccountManager) handleNewUserAccount(domainAcc *Account, claims jwtclaims.AuthorizationClaims) (*Account, error) { var ( - account *Account - primaryAccount bool + account *Account + err error ) lowerDomain := strings.ToLower(claims.Domain) // if domain already has a primary account, add regular user if domainAcc != nil { account = domainAcc account.Users[claims.UserId] = NewRegularUser(claims.UserId) - primaryAccount = false } else { account = NewAccount(claims.UserId, lowerDomain) account.Users[claims.UserId] = NewAdminUser(claims.UserId) - primaryAccount = true - } - - err := am.updateAccountDomainAttributes(account, claims, primaryAccount) - if err != nil { - return nil, err + err = am.updateAccountDomainAttributes(account, claims, true) + if err != nil { + return nil, err + } } err = am.updateIDPMetadata(claims.UserId, account.Id) diff --git a/management/server/account_test.go b/management/server/account_test.go index 22268576a..1eb0c4f04 100644 --- a/management/server/account_test.go +++ b/management/server/account_test.go @@ -39,15 +39,16 @@ func TestDefaultAccountManager_GetAccountWithAuthorizationClaims(t *testing.T) { type initUserParams jwtclaims.AuthorizationClaims type test struct { - name string - inputClaims jwtclaims.AuthorizationClaims - inputInitUserParams initUserParams - inputUpdateAttrs bool - inputUpdateClaimAccount bool - testingFunc require.ComparisonAssertionFunc - expectedMSG string - expectedUserRole UserRole - expectedDomainCategory string + name string + inputClaims jwtclaims.AuthorizationClaims + inputInitUserParams initUserParams + inputUpdateAttrs bool + inputUpdateClaimAccount bool + testingFunc require.ComparisonAssertionFunc + expectedMSG string + expectedUserRole UserRole + expectedDomainCategory string + expectedPrimaryDomainStatus bool } var ( @@ -68,11 +69,12 @@ func TestDefaultAccountManager_GetAccountWithAuthorizationClaims(t *testing.T) { UserId: "pub-domain-user", DomainCategory: PublicCategory, }, - inputInitUserParams: defaultInitAccount, - testingFunc: require.NotEqual, - expectedMSG: "account IDs shouldn't match", - expectedUserRole: UserRoleAdmin, - expectedDomainCategory: "", + inputInitUserParams: defaultInitAccount, + testingFunc: require.NotEqual, + expectedMSG: "account IDs shouldn't match", + expectedUserRole: UserRoleAdmin, + expectedDomainCategory: "", + expectedPrimaryDomainStatus: false, } initUnknown := defaultInitAccount @@ -86,11 +88,12 @@ func TestDefaultAccountManager_GetAccountWithAuthorizationClaims(t *testing.T) { UserId: "unknown-domain-user", DomainCategory: UnknownCategory, }, - inputInitUserParams: initUnknown, - testingFunc: require.NotEqual, - expectedMSG: "account IDs shouldn't match", - expectedUserRole: UserRoleAdmin, - expectedDomainCategory: "", + inputInitUserParams: initUnknown, + testingFunc: require.NotEqual, + expectedMSG: "account IDs shouldn't match", + expectedUserRole: UserRoleAdmin, + expectedDomainCategory: "", + expectedPrimaryDomainStatus: false, } testCase3 := test{ @@ -100,11 +103,12 @@ func TestDefaultAccountManager_GetAccountWithAuthorizationClaims(t *testing.T) { UserId: "pvt-domain-user", DomainCategory: PrivateCategory, }, - inputInitUserParams: defaultInitAccount, - testingFunc: require.NotEqual, - expectedMSG: "account IDs shouldn't match", - expectedUserRole: UserRoleAdmin, - expectedDomainCategory: PrivateCategory, + inputInitUserParams: defaultInitAccount, + testingFunc: require.NotEqual, + expectedMSG: "account IDs shouldn't match", + expectedUserRole: UserRoleAdmin, + expectedDomainCategory: PrivateCategory, + expectedPrimaryDomainStatus: true, } privateInitAccount := defaultInitAccount @@ -118,12 +122,13 @@ func TestDefaultAccountManager_GetAccountWithAuthorizationClaims(t *testing.T) { UserId: "pvt-domain-user", DomainCategory: PrivateCategory, }, - inputUpdateAttrs: true, - inputInitUserParams: privateInitAccount, - testingFunc: require.Equal, - expectedMSG: "account IDs should match", - expectedUserRole: UserRoleUser, - expectedDomainCategory: PrivateCategory, + inputUpdateAttrs: true, + inputInitUserParams: privateInitAccount, + testingFunc: require.Equal, + expectedMSG: "account IDs should match", + expectedUserRole: UserRoleUser, + expectedDomainCategory: PrivateCategory, + expectedPrimaryDomainStatus: true, } testCase5 := test{ @@ -133,11 +138,12 @@ func TestDefaultAccountManager_GetAccountWithAuthorizationClaims(t *testing.T) { UserId: defaultInitAccount.UserId, DomainCategory: PrivateCategory, }, - inputInitUserParams: defaultInitAccount, - testingFunc: require.Equal, - expectedMSG: "account IDs should match", - expectedUserRole: UserRoleAdmin, - expectedDomainCategory: PrivateCategory, + inputInitUserParams: defaultInitAccount, + testingFunc: require.Equal, + expectedMSG: "account IDs should match", + expectedUserRole: UserRoleAdmin, + expectedDomainCategory: PrivateCategory, + expectedPrimaryDomainStatus: true, } testCase6 := test{ @@ -147,12 +153,13 @@ func TestDefaultAccountManager_GetAccountWithAuthorizationClaims(t *testing.T) { UserId: defaultInitAccount.UserId, DomainCategory: PrivateCategory, }, - inputUpdateClaimAccount: true, - inputInitUserParams: defaultInitAccount, - testingFunc: require.Equal, - expectedMSG: "account IDs should match", - expectedUserRole: UserRoleAdmin, - expectedDomainCategory: PrivateCategory, + inputUpdateClaimAccount: true, + inputInitUserParams: defaultInitAccount, + testingFunc: require.Equal, + expectedMSG: "account IDs should match", + expectedUserRole: UserRoleAdmin, + expectedDomainCategory: PrivateCategory, + expectedPrimaryDomainStatus: true, } for _, testCase := range []test{testCase1, testCase2, testCase3, testCase4, testCase5, testCase6} { t.Run(testCase.name, func(t *testing.T) { @@ -177,8 +184,9 @@ func TestDefaultAccountManager_GetAccountWithAuthorizationClaims(t *testing.T) { testCase.testingFunc(t, initAccount.Id, account.Id, testCase.expectedMSG) - require.EqualValues(t, testCase.expectedUserRole, account.Users[testCase.inputClaims.UserId].Role, "user role should match") - require.EqualValues(t, testCase.expectedDomainCategory, account.DomainCategory, "account domain category should match") + require.EqualValues(t, testCase.expectedUserRole, account.Users[testCase.inputClaims.UserId].Role, "expected user role should match") + require.EqualValues(t, testCase.expectedDomainCategory, account.DomainCategory, "expected account domain category should match") + require.EqualValues(t, testCase.expectedPrimaryDomainStatus, account.IsDomainPrimaryAccount, "expected account primary status should match") }) } }