From 4c92f873328d81244ebd86fc4e03947bcb62feaa Mon Sep 17 00:00:00 2001
From: Johan Brandhorst-Satzkorn <johan.brandhorst@gmail.com>
Date: Wed, 14 Feb 2024 18:10:33 -0800
Subject: [PATCH] handlers/users: test for pagination parameters

Note that this already always returned the pagination parameters,
but now we have a test that it does so.
---
 .../controller/handlers/users/user_service.go |  4 ----
 .../handlers/users/user_service_test.go       | 24 ++++++++++++++++++-
 2 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/internal/daemon/controller/handlers/users/user_service.go b/internal/daemon/controller/handlers/users/user_service.go
index fc1ec3b211..477c232540 100644
--- a/internal/daemon/controller/handlers/users/user_service.go
+++ b/internal/daemon/controller/handlers/users/user_service.go
@@ -113,10 +113,6 @@ func (s Service) ListUsers(ctx context.Context, req *pbs.ListUsersRequest) (*pbs
 	if err != nil {
 		return nil, err
 	}
-	// If no scopes match, return an empty response
-	if len(scopeIds) == 0 {
-		return &pbs.ListUsersResponse{}, nil
-	}
 
 	pageSize := int(s.maxPageSize)
 	// Use the requested page size only if it is smaller than
diff --git a/internal/daemon/controller/handlers/users/user_service_test.go b/internal/daemon/controller/handlers/users/user_service_test.go
index c12941f5b0..eaa61f2cfb 100644
--- a/internal/daemon/controller/handlers/users/user_service_test.go
+++ b/internal/daemon/controller/handlers/users/user_service_test.go
@@ -419,7 +419,7 @@ func TestListPagination(t *testing.T) {
 	require.NoError(t, err)
 
 	oNoUsers, _ := iam.TestScopes(t, iamRepo)
-	oWithUsers, _ := iam.TestScopes(t, iamRepo)
+	oWithUsers, p := iam.TestScopes(t, iamRepo)
 
 	var allUsers []*pb.User
 	// Get the 3 system users (u_recovery, u_anon, u_auth)
@@ -727,6 +727,28 @@ func TestListPagination(t *testing.T) {
 			protocmp.IgnoreFields(&pbs.ListUsersResponse{}, "list_token"),
 		),
 	)
+
+	// Create unauthenticated user
+	unauthAt := authtoken.TestAuthToken(t, conn, kms, oWithUsers.GetPublicId())
+	unauthR := iam.TestRole(t, conn, p.GetPublicId())
+	_ = iam.TestUserRole(t, conn, unauthR.GetPublicId(), unauthAt.GetIamUserId())
+
+	// Make a request with the unauthenticated user,
+	// ensure the response contains the pagination parameters.
+	requestInfo = authpb.RequestInfo{
+		TokenFormat: uint32(auth.AuthTokenTypeBearer),
+		PublicId:    unauthAt.GetPublicId(),
+		Token:       unauthAt.GetToken(),
+	}
+	requestContext = context.WithValue(context.Background(), requests.ContextRequestInformationKey, &requests.RequestContext{})
+	ctx = auth.NewVerifierContext(requestContext, iamRepoFn, tokenRepoFn, serversRepoFn, kms, &requestInfo)
+
+	_, err = a.ListUsers(ctx, &pbs.ListUsersRequest{
+		ScopeId:   "global",
+		Recursive: true,
+	})
+	require.Error(t, err)
+	assert.ErrorIs(t, handlers.ForbiddenError(), err)
 }
 
 func TestDelete(t *testing.T) {