2020-08-26 09:56:23 +02:00
|
|
|
package model
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"github.com/caos/zitadel/internal/eventstore/models"
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type LoginPolicy struct {
|
|
|
|
|
models.ObjectRoot
|
|
|
|
|
|
|
|
|
|
State PolicyState
|
|
|
|
|
Default bool
|
|
|
|
|
AllowUsernamePassword bool
|
|
|
|
|
AllowRegister bool
|
|
|
|
|
AllowExternalIdp bool
|
|
|
|
|
IDPProviders []*IDPProvider
|
2020-11-04 11:26:10 +01:00
|
|
|
ForceMFA bool
|
|
|
|
|
SecondFactors []SecondFactorType
|
|
|
|
|
MultiFactors []MultiFactorType
|
2020-08-26 09:56:23 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type IDPProvider struct {
|
|
|
|
|
models.ObjectRoot
|
|
|
|
|
Type IDPProviderType
|
|
|
|
|
IdpConfigID string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type PolicyState int32
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
PolicyStateActive PolicyState = iota
|
|
|
|
|
PolicyStateRemoved
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type IDPProviderType int32
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
IDPProviderTypeSystem IDPProviderType = iota
|
|
|
|
|
IDPProviderTypeOrg
|
|
|
|
|
)
|
|
|
|
|
|
2020-11-04 11:26:10 +01:00
|
|
|
type SecondFactorType int32
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
SecondFactorTypeUnspecified SecondFactorType = iota
|
|
|
|
|
SecondFactorTypeOTP
|
|
|
|
|
SecondFactorTypeU2F
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
type MultiFactorType int32
|
|
|
|
|
|
|
|
|
|
const (
|
|
|
|
|
MultiFactorTypeUnspecified MultiFactorType = iota
|
|
|
|
|
MultiFactorTypeU2FWithPIN
|
|
|
|
|
)
|
|
|
|
|
|
2020-08-26 09:56:23 +02:00
|
|
|
func (p *LoginPolicy) IsValid() bool {
|
|
|
|
|
return p.ObjectRoot.AggregateID != ""
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (p *IDPProvider) IsValid() bool {
|
|
|
|
|
return p.ObjectRoot.AggregateID != "" && p.IdpConfigID != ""
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (p *LoginPolicy) GetIdpProvider(id string) (int, *IDPProvider) {
|
|
|
|
|
for i, m := range p.IDPProviders {
|
|
|
|
|
if m.IdpConfigID == id {
|
|
|
|
|
return i, m
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return -1, nil
|
|
|
|
|
}
|
2020-11-04 11:26:10 +01:00
|
|
|
|
|
|
|
|
func (p *LoginPolicy) GetSecondFactor(mfaType SecondFactorType) (int, SecondFactorType) {
|
|
|
|
|
for i, m := range p.SecondFactors {
|
|
|
|
|
if m == mfaType {
|
|
|
|
|
return i, m
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return -1, 0
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (p *LoginPolicy) GetMultiFactor(mfaType MultiFactorType) (int, MultiFactorType) {
|
|
|
|
|
for i, m := range p.MultiFactors {
|
|
|
|
|
if m == mfaType {
|
|
|
|
|
return i, m
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return -1, 0
|
|
|
|
|
}
|
