diff --git a/internal/api/authz/context.go b/internal/api/authz/context.go index 3877c6c214..ff401f8862 100644 --- a/internal/api/authz/context.go +++ b/internal/api/authz/context.go @@ -124,7 +124,7 @@ func VerifyTokenAndCreateCtxData(ctx context.Context, token, orgID, orgDomain st orgID = resourceOwner } // System API calls don't have a resource owner - if orgID != "" { + if orgID != "" || orgDomain != "" { orgID, err = t.ExistsOrg(ctx, orgID, orgDomain) if err != nil { return CtxData{}, zerrors.ThrowPermissionDenied(nil, "AUTH-Bs7Ds", "Organisation doesn't exist") diff --git a/internal/api/grpc/user/v2/integration_test/user_test.go b/internal/api/grpc/user/v2/integration_test/user_test.go index 2fc2d05b00..bbd6de8322 100644 --- a/internal/api/grpc/user/v2/integration_test/user_test.go +++ b/internal/api/grpc/user/v2/integration_test/user_test.go @@ -102,6 +102,47 @@ func TestServer_AddHumanUser(t *testing.T) { }, }, }, + { + name: "default verification (org domain ctx)", + args: args{ + CTX, + &user.AddHumanUserRequest{ + Organization: &object.Organization{ + Org: &object.Organization_OrgDomain{ + OrgDomain: Instance.DefaultOrg.PrimaryDomain, + }, + }, + Profile: &user.SetHumanProfile{ + GivenName: "Donald", + FamilyName: "Duck", + NickName: gu.Ptr("Dukkie"), + DisplayName: gu.Ptr("Donald Duck"), + PreferredLanguage: gu.Ptr("en"), + Gender: user.Gender_GENDER_DIVERSE.Enum(), + }, + Email: &user.SetHumanEmail{}, + Phone: &user.SetHumanPhone{}, + Metadata: []*user.SetMetadataEntry{ + { + Key: "somekey", + Value: []byte("somevalue"), + }, + }, + PasswordType: &user.AddHumanUserRequest_Password{ + Password: &user.Password{ + Password: "DifficultPW666!", + ChangeRequired: true, + }, + }, + }, + }, + want: &user.AddHumanUserResponse{ + Details: &object.Details{ + ChangeDate: timestamppb.Now(), + ResourceOwner: Instance.DefaultOrg.Id, + }, + }, + }, { name: "return email verification code", args: args{