2021-01-04 14:52:13 +01:00
|
|
|
package command
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
2021-01-12 12:59:51 +01:00
|
|
|
|
2021-01-04 14:52:13 +01:00
|
|
|
"github.com/caos/zitadel/internal/eventstore/v2"
|
|
|
|
|
"github.com/caos/zitadel/internal/v2/domain"
|
|
|
|
|
"github.com/caos/zitadel/internal/v2/repository/iam"
|
2021-01-18 11:24:15 +01:00
|
|
|
"github.com/caos/zitadel/internal/v2/repository/policy"
|
2021-01-04 14:52:13 +01:00
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type IAMLoginPolicyWriteModel struct {
|
|
|
|
|
LoginPolicyWriteModel
|
|
|
|
|
}
|
|
|
|
|
|
2021-01-12 12:59:51 +01:00
|
|
|
func NewIAMLoginPolicyWriteModel() *IAMLoginPolicyWriteModel {
|
2021-01-04 14:52:13 +01:00
|
|
|
return &IAMLoginPolicyWriteModel{
|
|
|
|
|
LoginPolicyWriteModel{
|
|
|
|
|
WriteModel: eventstore.WriteModel{
|
2021-01-12 12:59:51 +01:00
|
|
|
AggregateID: domain.IAMID,
|
|
|
|
|
ResourceOwner: domain.IAMID,
|
2021-01-04 14:52:13 +01:00
|
|
|
},
|
|
|
|
|
},
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (wm *IAMLoginPolicyWriteModel) AppendEvents(events ...eventstore.EventReader) {
|
|
|
|
|
for _, event := range events {
|
|
|
|
|
switch e := event.(type) {
|
|
|
|
|
case *iam.LoginPolicyAddedEvent:
|
|
|
|
|
wm.LoginPolicyWriteModel.AppendEvents(&e.LoginPolicyAddedEvent)
|
|
|
|
|
case *iam.LoginPolicyChangedEvent:
|
|
|
|
|
wm.LoginPolicyWriteModel.AppendEvents(&e.LoginPolicyChangedEvent)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (wm *IAMLoginPolicyWriteModel) IsValid() bool {
|
|
|
|
|
return wm.AggregateID != ""
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (wm *IAMLoginPolicyWriteModel) Reduce() error {
|
|
|
|
|
return wm.LoginPolicyWriteModel.Reduce()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (wm *IAMLoginPolicyWriteModel) Query() *eventstore.SearchQueryBuilder {
|
|
|
|
|
return eventstore.NewSearchQueryBuilder(eventstore.ColumnsEvent, iam.AggregateType).
|
2021-01-12 12:59:51 +01:00
|
|
|
AggregateIDs(wm.LoginPolicyWriteModel.AggregateID).
|
2021-02-18 14:48:27 +01:00
|
|
|
ResourceOwner(wm.ResourceOwner).
|
|
|
|
|
EventTypes(
|
|
|
|
|
iam.LoginPolicyAddedEventType,
|
|
|
|
|
iam.LoginPolicyChangedEventType)
|
2021-01-04 14:52:13 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (wm *IAMLoginPolicyWriteModel) NewChangedEvent(
|
|
|
|
|
ctx context.Context,
|
2021-02-18 14:48:27 +01:00
|
|
|
aggregate *eventstore.Aggregate,
|
2021-01-04 14:52:13 +01:00
|
|
|
allowUsernamePassword,
|
|
|
|
|
allowRegister,
|
|
|
|
|
allowExternalIDP,
|
|
|
|
|
forceMFA bool,
|
|
|
|
|
passwordlessType domain.PasswordlessType,
|
|
|
|
|
) (*iam.LoginPolicyChangedEvent, bool) {
|
|
|
|
|
|
2021-01-18 11:24:15 +01:00
|
|
|
changes := make([]policy.LoginPolicyChanges, 0)
|
|
|
|
|
if wm.AllowUserNamePassword != allowUsernamePassword {
|
|
|
|
|
changes = append(changes, policy.ChangeAllowUserNamePassword(allowUsernamePassword))
|
2021-01-04 14:52:13 +01:00
|
|
|
}
|
2021-01-18 11:24:15 +01:00
|
|
|
if wm.AllowRegister != allowRegister {
|
|
|
|
|
changes = append(changes, policy.ChangeAllowRegister(allowRegister))
|
2021-01-04 14:52:13 +01:00
|
|
|
}
|
2021-01-18 11:24:15 +01:00
|
|
|
if wm.AllowExternalIDP != allowExternalIDP {
|
|
|
|
|
changes = append(changes, policy.ChangeAllowExternalIDP(allowExternalIDP))
|
2021-01-04 14:52:13 +01:00
|
|
|
}
|
|
|
|
|
if wm.ForceMFA != forceMFA {
|
2021-01-18 11:24:15 +01:00
|
|
|
changes = append(changes, policy.ChangeForceMFA(forceMFA))
|
2021-01-04 14:52:13 +01:00
|
|
|
}
|
|
|
|
|
if passwordlessType.Valid() && wm.PasswordlessType != passwordlessType {
|
2021-01-18 11:24:15 +01:00
|
|
|
changes = append(changes, policy.ChangePasswordlessType(passwordlessType))
|
2021-01-04 14:52:13 +01:00
|
|
|
}
|
2021-01-18 11:24:15 +01:00
|
|
|
if len(changes) == 0 {
|
|
|
|
|
return nil, false
|
|
|
|
|
}
|
2021-02-18 14:48:27 +01:00
|
|
|
changedEvent, err := iam.NewLoginPolicyChangedEvent(ctx, aggregate, changes)
|
2021-01-18 11:24:15 +01:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, false
|
|
|
|
|
}
|
|
|
|
|
return changedEvent, true
|
2021-01-04 14:52:13 +01:00
|
|
|
}
|
