zitadel/internal/api/grpc/settings/v2/settings.go

package settings

import (
	"context"

	"google.golang.org/protobuf/types/known/timestamppb"

	"github.com/zitadel/zitadel/internal/api/authz"
	"github.com/zitadel/zitadel/internal/api/grpc/object/v2"
	"github.com/zitadel/zitadel/internal/domain"
	"github.com/zitadel/zitadel/internal/i18n"
	"github.com/zitadel/zitadel/internal/query"
	object_pb "github.com/zitadel/zitadel/pkg/grpc/object/v2beta"
	settings "github.com/zitadel/zitadel/pkg/grpc/settings/v2beta"
)

func (s *Server) GetLoginSettings(ctx context.Context, req *settings.GetLoginSettingsRequest) (*settings.GetLoginSettingsResponse, error) {
	current, err := s.query.LoginPolicyByID(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
	if err != nil {
		return nil, err
	}
	return &settings.GetLoginSettingsResponse{
		Settings: loginSettingsToPb(current),
		Details: &object_pb.Details{
			Sequence:      current.Sequence,
			ChangeDate:    timestamppb.New(current.ChangeDate),
			ResourceOwner: current.OrgID,
		},
	}, nil
}

func (s *Server) GetPasswordComplexitySettings(ctx context.Context, req *settings.GetPasswordComplexitySettingsRequest) (*settings.GetPasswordComplexitySettingsResponse, error) {
	current, err := s.query.PasswordComplexityPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
	if err != nil {
		return nil, err
	}
	return &settings.GetPasswordComplexitySettingsResponse{
		Settings: passwordSettingsToPb(current),
		Details: &object_pb.Details{
			Sequence:      current.Sequence,
			ChangeDate:    timestamppb.New(current.ChangeDate),
			ResourceOwner: current.ResourceOwner,
		},
	}, nil
}

func (s *Server) GetBrandingSettings(ctx context.Context, req *settings.GetBrandingSettingsRequest) (*settings.GetBrandingSettingsResponse, error) {
	current, err := s.query.ActiveLabelPolicyByOrg(ctx, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
	if err != nil {
		return nil, err
	}
	return &settings.GetBrandingSettingsResponse{
		Settings: brandingSettingsToPb(current, s.assetsAPIDomain(ctx)),
		Details: &object_pb.Details{
			Sequence:      current.Sequence,
			ChangeDate:    timestamppb.New(current.ChangeDate),
			ResourceOwner: current.ResourceOwner,
		},
	}, nil
}

func (s *Server) GetDomainSettings(ctx context.Context, req *settings.GetDomainSettingsRequest) (*settings.GetDomainSettingsResponse, error) {
	current, err := s.query.DomainPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
	if err != nil {
		return nil, err
	}
	return &settings.GetDomainSettingsResponse{
		Settings: domainSettingsToPb(current),
		Details: &object_pb.Details{
			Sequence:      current.Sequence,
			ChangeDate:    timestamppb.New(current.ChangeDate),
			ResourceOwner: current.ResourceOwner,
		},
	}, nil
}

func (s *Server) GetLegalAndSupportSettings(ctx context.Context, req *settings.GetLegalAndSupportSettingsRequest) (*settings.GetLegalAndSupportSettingsResponse, error) {
	current, err := s.query.PrivacyPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
	if err != nil {
		return nil, err
	}
	return &settings.GetLegalAndSupportSettingsResponse{
		Settings: legalAndSupportSettingsToPb(current),
		Details: &object_pb.Details{
			Sequence:      current.Sequence,
			ChangeDate:    timestamppb.New(current.ChangeDate),
			ResourceOwner: current.ResourceOwner,
		},
	}, nil
}

func (s *Server) GetLockoutSettings(ctx context.Context, req *settings.GetLockoutSettingsRequest) (*settings.GetLockoutSettingsResponse, error) {
	current, err := s.query.LockoutPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)
	if err != nil {
		return nil, err
	}
	return &settings.GetLockoutSettingsResponse{
		Settings: lockoutSettingsToPb(current),
		Details: &object_pb.Details{
			Sequence:      current.Sequence,
			ChangeDate:    timestamppb.New(current.ChangeDate),
			ResourceOwner: current.ResourceOwner,
		},
	}, nil
}

func (s *Server) GetActiveIdentityProviders(ctx context.Context, req *settings.GetActiveIdentityProvidersRequest) (*settings.GetActiveIdentityProvidersResponse, error) {
	links, err := s.query.IDPLoginPolicyLinks(ctx, object.ResourceOwnerFromReq(ctx, req.GetCtx()), &query.IDPLoginPolicyLinksSearchQuery{}, false)
	if err != nil {
		return nil, err
	}

	return &settings.GetActiveIdentityProvidersResponse{
		Details:           object.ToListDetails(links.SearchResponse),
		IdentityProviders: identityProvidersToPb(links.Links),
	}, nil
}

func (s *Server) GetGeneralSettings(ctx context.Context, _ *settings.GetGeneralSettingsRequest) (*settings.GetGeneralSettingsResponse, error) {
	instance := authz.GetInstance(ctx)
	return &settings.GetGeneralSettingsResponse{
		SupportedLanguages: domain.LanguagesToStrings(i18n.SupportedLanguages()),
		DefaultOrgId:       instance.DefaultOrganisationID(),
		DefaultLanguage:    instance.DefaultLanguage().String(),
	}, nil
}

func (s *Server) GetSecuritySettings(ctx context.Context, req *settings.GetSecuritySettingsRequest) (*settings.GetSecuritySettingsResponse, error) {
	policy, err := s.query.SecurityPolicy(ctx)
	if err != nil {
		return nil, err
	}
	return &settings.GetSecuritySettingsResponse{
		Settings: securityPolicyToSettingsPb(policy),
	}, nil
}

func (s *Server) SetSecuritySettings(ctx context.Context, req *settings.SetSecuritySettingsRequest) (*settings.SetSecuritySettingsResponse, error) {
	details, err := s.command.SetSecurityPolicy(ctx, securitySettingsToCommand(req))
	if err != nil {
		return nil, err
	}
	return &settings.SetSecuritySettingsResponse{
		Details: object.DomainToDetailsPb(details),
	}, nil
}
feat(api): new settings service (#5775) * feat: add v2alpha policies service * feat: add v2alpha policies service * fix: rename of attributes and messages in v2alpha api * fix: rename of attributes and messages in v2alpha api * fix: linter corrections * fix: review corrections * fix: review corrections * fix: review corrections * fix: review corrections * fix grpc * refactor: rename to settings and more * Apply suggestions from code review Co-authored-by: Fabi <fabienne.gerschwiler@gmail.com> * add service to docs and rename legal settings * unit tests for converters * go mod tidy * ensure idp name and return list details * fix: use correct resource owner for active idps * change query to join --------- Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Fabi <fabienne.gerschwiler@gmail.com> Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> 2023-05-11 09:23:40 +00:00			`package settings`

			`import (`
			`"context"`

			`"google.golang.org/protobuf/types/known/timestamppb"`

			`"github.com/zitadel/zitadel/internal/api/authz"`
			`"github.com/zitadel/zitadel/internal/api/grpc/object/v2"`
feat: restrict languages (#6931) * feat: return 404 or 409 if org reg disallowed * fix: system limit permissions * feat: add iam limits api * feat: disallow public org registrations on default instance * add integration test * test: integration * fix test * docs: describe public org registrations * avoid updating docs deps * fix system limits integration test * silence integration tests * fix linting * ignore strange linter complaints * review * improve reset properties naming * redefine the api * use restrictions aggregate * test query * simplify and test projection * test commands * fix unit tests * move integration test * support restrictions on default instance * also test GetRestrictions * self review * lint * abstract away resource owner * fix tests * configure supported languages * fix allowed languages * fix tests * default lang must not be restricted * preferred language must be allowed * change preferred languages * check languages everywhere * lint * test command side * lint * add integration test * add integration test * restrict supported ui locales * lint * lint * cleanup * lint * allow undefined preferred language * fix integration tests * update main * fix env var * ignore linter * ignore linter * improve integration test config * reduce cognitive complexity * compile * check for duplicates * remove useless restriction checks * review * revert restriction renaming * fix language restrictions * lint * generate * allow custom texts for supported langs for now * fix tests * cleanup * cleanup * cleanup * lint * unsupported preferred lang is allowed * fix integration test * finish reverting to old property name * finish reverting to old property name * load languages * refactor(i18n): centralize translators and fs * lint * amplify no validations on preferred languages * fix integration test * lint * fix resetting allowed languages * test unchanged restrictions 2023-12-05 11:12:01 +00:00			`"github.com/zitadel/zitadel/internal/domain"`
			`"github.com/zitadel/zitadel/internal/i18n"`
feat(api): new settings service (#5775) * feat: add v2alpha policies service * feat: add v2alpha policies service * fix: rename of attributes and messages in v2alpha api * fix: rename of attributes and messages in v2alpha api * fix: linter corrections * fix: review corrections * fix: review corrections * fix: review corrections * fix: review corrections * fix grpc * refactor: rename to settings and more * Apply suggestions from code review Co-authored-by: Fabi <fabienne.gerschwiler@gmail.com> * add service to docs and rename legal settings * unit tests for converters * go mod tidy * ensure idp name and return list details * fix: use correct resource owner for active idps * change query to join --------- Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Fabi <fabienne.gerschwiler@gmail.com> Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> 2023-05-11 09:23:40 +00:00			`"github.com/zitadel/zitadel/internal/query"`
feat(api): move resource apis to beta (#6530) Moves UserService, SessionService, SettingsService and OIDCService to beta state. This includes gRPC and HTTP path changes. 2023-09-13 12:43:01 +00:00			`object_pb "github.com/zitadel/zitadel/pkg/grpc/object/v2beta"`
feat: impersonation roles (#7442) * partial work done * test IAM membership roles * org membership tests * console :(, translations and docs * fix integration test * fix tests * add EnableImpersonation to security policy API * fix integration test timestamp checking * add security policy tests and fix projections * add impersonation setting in console * add security settings to the settings v2 API * fix typo * move impersonation to instance --------- Co-authored-by: Livio Spring <livio.a@gmail.com> 2024-02-28 10:21:11 +00:00			`settings "github.com/zitadel/zitadel/pkg/grpc/settings/v2beta"`
feat(api): new settings service (#5775) * feat: add v2alpha policies service * feat: add v2alpha policies service * fix: rename of attributes and messages in v2alpha api * fix: rename of attributes and messages in v2alpha api * fix: linter corrections * fix: review corrections * fix: review corrections * fix: review corrections * fix: review corrections * fix grpc * refactor: rename to settings and more * Apply suggestions from code review Co-authored-by: Fabi <fabienne.gerschwiler@gmail.com> * add service to docs and rename legal settings * unit tests for converters * go mod tidy * ensure idp name and return list details * fix: use correct resource owner for active idps * change query to join --------- Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Fabi <fabienne.gerschwiler@gmail.com> Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> 2023-05-11 09:23:40 +00:00			`)`

			`func (s Server) GetLoginSettings(ctx context.Context, req settings.GetLoginSettingsRequest) (*settings.GetLoginSettingsResponse, error) {`
			`current, err := s.query.LoginPolicyByID(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return &settings.GetLoginSettingsResponse{`
			`Settings: loginSettingsToPb(current),`
			`Details: &object_pb.Details{`
			`Sequence: current.Sequence,`
			`ChangeDate: timestamppb.New(current.ChangeDate),`
			`ResourceOwner: current.OrgID,`
			`},`
			`}, nil`
			`}`

			`func (s Server) GetPasswordComplexitySettings(ctx context.Context, req settings.GetPasswordComplexitySettingsRequest) (*settings.GetPasswordComplexitySettingsResponse, error) {`
			`current, err := s.query.PasswordComplexityPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return &settings.GetPasswordComplexitySettingsResponse{`
			`Settings: passwordSettingsToPb(current),`
			`Details: &object_pb.Details{`
			`Sequence: current.Sequence,`
			`ChangeDate: timestamppb.New(current.ChangeDate),`
			`ResourceOwner: current.ResourceOwner,`
			`},`
			`}, nil`
			`}`

			`func (s Server) GetBrandingSettings(ctx context.Context, req settings.GetBrandingSettingsRequest) (*settings.GetBrandingSettingsResponse, error) {`
			`current, err := s.query.ActiveLabelPolicyByOrg(ctx, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return &settings.GetBrandingSettingsResponse{`
			`Settings: brandingSettingsToPb(current, s.assetsAPIDomain(ctx)),`
			`Details: &object_pb.Details{`
			`Sequence: current.Sequence,`
			`ChangeDate: timestamppb.New(current.ChangeDate),`
			`ResourceOwner: current.ResourceOwner,`
			`},`
			`}, nil`
			`}`

			`func (s Server) GetDomainSettings(ctx context.Context, req settings.GetDomainSettingsRequest) (*settings.GetDomainSettingsResponse, error) {`
			`current, err := s.query.DomainPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return &settings.GetDomainSettingsResponse{`
			`Settings: domainSettingsToPb(current),`
			`Details: &object_pb.Details{`
			`Sequence: current.Sequence,`
			`ChangeDate: timestamppb.New(current.ChangeDate),`
			`ResourceOwner: current.ResourceOwner,`
			`},`
			`}, nil`
			`}`

			`func (s Server) GetLegalAndSupportSettings(ctx context.Context, req settings.GetLegalAndSupportSettingsRequest) (*settings.GetLegalAndSupportSettingsResponse, error) {`
			`current, err := s.query.PrivacyPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return &settings.GetLegalAndSupportSettingsResponse{`
			`Settings: legalAndSupportSettingsToPb(current),`
			`Details: &object_pb.Details{`
			`Sequence: current.Sequence,`
			`ChangeDate: timestamppb.New(current.ChangeDate),`
			`ResourceOwner: current.ResourceOwner,`
			`},`
			`}, nil`
			`}`

			`func (s Server) GetLockoutSettings(ctx context.Context, req settings.GetLockoutSettingsRequest) (*settings.GetLockoutSettingsResponse, error) {`
			`current, err := s.query.LockoutPolicyByOrg(ctx, true, object.ResourceOwnerFromReq(ctx, req.GetCtx()), false)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return &settings.GetLockoutSettingsResponse{`
			`Settings: lockoutSettingsToPb(current),`
			`Details: &object_pb.Details{`
			`Sequence: current.Sequence,`
			`ChangeDate: timestamppb.New(current.ChangeDate),`
			`ResourceOwner: current.ResourceOwner,`
			`},`
			`}, nil`
			`}`

			`func (s Server) GetActiveIdentityProviders(ctx context.Context, req settings.GetActiveIdentityProvidersRequest) (*settings.GetActiveIdentityProvidersResponse, error) {`
			`links, err := s.query.IDPLoginPolicyLinks(ctx, object.ResourceOwnerFromReq(ctx, req.GetCtx()), &query.IDPLoginPolicyLinksSearchQuery{}, false)`
			`if err != nil {`
			`return nil, err`
			`}`

			`return &settings.GetActiveIdentityProvidersResponse{`
			`Details: object.ToListDetails(links.SearchResponse),`
			`IdentityProviders: identityProvidersToPb(links.Links),`
			`}, nil`
			`}`

			`func (s Server) GetGeneralSettings(ctx context.Context, _ settings.GetGeneralSettingsRequest) (*settings.GetGeneralSettingsResponse, error) {`
			`instance := authz.GetInstance(ctx)`
			`return &settings.GetGeneralSettingsResponse{`
feat: restrict languages (#6931) * feat: return 404 or 409 if org reg disallowed * fix: system limit permissions * feat: add iam limits api * feat: disallow public org registrations on default instance * add integration test * test: integration * fix test * docs: describe public org registrations * avoid updating docs deps * fix system limits integration test * silence integration tests * fix linting * ignore strange linter complaints * review * improve reset properties naming * redefine the api * use restrictions aggregate * test query * simplify and test projection * test commands * fix unit tests * move integration test * support restrictions on default instance * also test GetRestrictions * self review * lint * abstract away resource owner * fix tests * configure supported languages * fix allowed languages * fix tests * default lang must not be restricted * preferred language must be allowed * change preferred languages * check languages everywhere * lint * test command side * lint * add integration test * add integration test * restrict supported ui locales * lint * lint * cleanup * lint * allow undefined preferred language * fix integration tests * update main * fix env var * ignore linter * ignore linter * improve integration test config * reduce cognitive complexity * compile * check for duplicates * remove useless restriction checks * review * revert restriction renaming * fix language restrictions * lint * generate * allow custom texts for supported langs for now * fix tests * cleanup * cleanup * cleanup * lint * unsupported preferred lang is allowed * fix integration test * finish reverting to old property name * finish reverting to old property name * load languages * refactor(i18n): centralize translators and fs * lint * amplify no validations on preferred languages * fix integration test * lint * fix resetting allowed languages * test unchanged restrictions 2023-12-05 11:12:01 +00:00			`SupportedLanguages: domain.LanguagesToStrings(i18n.SupportedLanguages()),`
feat(api): new settings service (#5775) * feat: add v2alpha policies service * feat: add v2alpha policies service * fix: rename of attributes and messages in v2alpha api * fix: rename of attributes and messages in v2alpha api * fix: linter corrections * fix: review corrections * fix: review corrections * fix: review corrections * fix: review corrections * fix grpc * refactor: rename to settings and more * Apply suggestions from code review Co-authored-by: Fabi <fabienne.gerschwiler@gmail.com> * add service to docs and rename legal settings * unit tests for converters * go mod tidy * ensure idp name and return list details * fix: use correct resource owner for active idps * change query to join --------- Co-authored-by: Livio Spring <livio.a@gmail.com> Co-authored-by: Fabi <fabienne.gerschwiler@gmail.com> Co-authored-by: Tim Möhlmann <tim+github@zitadel.com> 2023-05-11 09:23:40 +00:00			`DefaultOrgId: instance.DefaultOrganisationID(),`
			`DefaultLanguage: instance.DefaultLanguage().String(),`
			`}, nil`
			`}`
feat: impersonation roles (#7442) * partial work done * test IAM membership roles * org membership tests * console :(, translations and docs * fix integration test * fix tests * add EnableImpersonation to security policy API * fix integration test timestamp checking * add security policy tests and fix projections * add impersonation setting in console * add security settings to the settings v2 API * fix typo * move impersonation to instance --------- Co-authored-by: Livio Spring <livio.a@gmail.com> 2024-02-28 10:21:11 +00:00
			`func (s Server) GetSecuritySettings(ctx context.Context, req settings.GetSecuritySettingsRequest) (*settings.GetSecuritySettingsResponse, error) {`
			`policy, err := s.query.SecurityPolicy(ctx)`
			`if err != nil {`
			`return nil, err`
			`}`
			`return &settings.GetSecuritySettingsResponse{`
			`Settings: securityPolicyToSettingsPb(policy),`
			`}, nil`
			`}`

			`func (s Server) SetSecuritySettings(ctx context.Context, req settings.SetSecuritySettingsRequest) (*settings.SetSecuritySettingsResponse, error) {`
			`details, err := s.command.SetSecurityPolicy(ctx, securitySettingsToCommand(req))`
			`if err != nil {`
			`return nil, err`
			`}`
			`return &settings.SetSecuritySettingsResponse{`
			`Details: object.DomainToDetailsPb(details),`
			`}, nil`
			`}`