authenticate: always update user record on login (#2719)

* authenticate: always update user record on login * identity: fix user refresh * add test for manager update * fix time
2025-06-04 03:42:49 +02:00 · 2021-11-01 14:18:18 -06:00 · 2021-11-01 14:18:18 -06:00 · b0f8c055ec
commit b0f8c055ec
parent 90f2b00bb6
4 changed files with 91 additions and 24 deletions
--- a/internal/identity/manager/manager_test.go
+++ b/internal/identity/manager/manager_test.go
@ -7,8 +7,13 @@ import (
 	"time"

 	"github.com/stretchr/testify/assert"
+	"google.golang.org/protobuf/proto"

 	"github.com/pomerium/pomerium/internal/directory"
+	"github.com/pomerium/pomerium/pkg/grpc/databroker"
+	"github.com/pomerium/pomerium/pkg/grpc/session"
+	"github.com/pomerium/pomerium/pkg/grpc/user"
+	"github.com/pomerium/pomerium/pkg/protoutil"
 )

 type mockProvider struct {
@ -24,6 +29,43 @@ func (mock mockProvider) UserGroups(ctx context.Context) ([]*directory.Group, []
 	return mock.userGroups(ctx)
 }

+func TestManager_onUpdateRecords(t *testing.T) {
+	ctx, clearTimeout := context.WithTimeout(context.Background(), time.Second*10)
+	defer clearTimeout()
+
+	now := time.Now()
+
+	mgr := New(
+		WithDirectoryProvider(mockProvider{}),
+		WithGroupRefreshInterval(time.Hour),
+		WithNow(func() time.Time {
+			return now
+		}),
+	)
+	mgr.directoryBackoff.RandomizationFactor = 0 // disable randomization for deterministic testing
+
+	mgr.onUpdateRecords(ctx, updateRecordsMessage{
+		records: []*databroker.Record{
+			mkRecord(&directory.Group{Id: "group1", Name: "group 1", Email: "group1@example.com"}),
+			mkRecord(&directory.User{Id: "user1", DisplayName: "user 1", Email: "user1@example.com", GroupIds: []string{"group1s"}}),
+			mkRecord(&session.Session{Id: "session1", UserId: "user1"}),
+			mkRecord(&user.User{Id: "user1", Name: "user 1", Email: "user1@example.com"}),
+		},
+	})
+
+	assert.NotNil(t, mgr.directoryGroups["group1"])
+	assert.NotNil(t, mgr.directoryUsers["user1"])
+	if _, ok := mgr.sessions.Get("user1", "session1"); assert.True(t, ok) {
+
+	}
+	if _, ok := mgr.users.Get("user1"); assert.True(t, ok) {
+		tm, id := mgr.userScheduler.Next()
+		assert.Equal(t, now.Add(time.Hour), tm)
+		assert.Equal(t, "user1", id)
+	}
+
+}
+
 func TestManager_refreshDirectoryUserGroups(t *testing.T) {
 	ctx, clearTimeout := context.WithTimeout(context.Background(), time.Second*10)
 	defer clearTimeout()
@ -56,3 +98,17 @@ func TestManager_refreshDirectoryUserGroups(t *testing.T) {
 		assert.Equal(t, time.Hour, dur3)
 	})
 }
+
+func mkRecord(msg recordable) *databroker.Record {
+	any := protoutil.NewAny(msg)
+	return &databroker.Record{
+		Type: any.GetTypeUrl(),
+		Id:   msg.GetId(),
+		Data: any,
+	}
+}
+
+type recordable interface {
+	proto.Message
+	GetId() string
+}