2021-11-02 09:08:47 +00:00
|
|
|
package command
|
|
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"context"
|
|
|
|
|
|
2023-05-24 18:29:58 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/api/authz"
|
2022-04-26 23:01:45 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/domain"
|
|
|
|
|
caos_errs "github.com/zitadel/zitadel/internal/errors"
|
2023-05-24 18:29:58 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/eventstore"
|
2022-04-26 23:01:45 +00:00
|
|
|
"github.com/zitadel/zitadel/internal/repository/user"
|
|
|
|
|
"github.com/zitadel/zitadel/internal/telemetry/tracing"
|
2021-11-02 09:08:47 +00:00
|
|
|
)
|
|
|
|
|
|
2023-05-24 18:29:58 +00:00
|
|
|
func (c *Commands) AddUserIDPLink(ctx context.Context, userID, resourceOwner string, link *domain.UserIDPLink) (_ *domain.ObjectDetails, err error) {
|
2022-07-28 13:42:35 +00:00
|
|
|
if userID == "" {
|
2023-05-24 18:29:58 +00:00
|
|
|
return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-03j8f", "Errors.IDMissing")
|
2022-07-28 13:42:35 +00:00
|
|
|
}
|
2022-09-14 12:21:23 +00:00
|
|
|
if err := c.checkUserExists(ctx, userID, resourceOwner); err != nil {
|
2023-05-24 18:29:58 +00:00
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
if userID != authz.GetCtxData(ctx).UserID {
|
|
|
|
|
if err := c.checkPermission(ctx, domain.PermissionUserWrite, resourceOwner, userID); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2022-09-14 12:21:23 +00:00
|
|
|
}
|
2022-07-28 13:42:35 +00:00
|
|
|
|
|
|
|
|
linkWriteModel := NewUserIDPLinkWriteModel(userID, link.IDPConfigID, link.ExternalUserID, resourceOwner)
|
|
|
|
|
userAgg := UserAggregateFromWriteModel(&linkWriteModel.WriteModel)
|
|
|
|
|
|
|
|
|
|
event, err := c.addUserIDPLink(ctx, userAgg, link)
|
|
|
|
|
if err != nil {
|
2023-05-24 18:29:58 +00:00
|
|
|
return nil, err
|
2022-07-28 13:42:35 +00:00
|
|
|
}
|
|
|
|
|
|
2023-05-24 18:29:58 +00:00
|
|
|
events, err := c.eventstore.Push(ctx, event)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return &domain.ObjectDetails{
|
|
|
|
|
Sequence: events[len(events)-1].Sequence(),
|
|
|
|
|
EventDate: events[len(events)-1].CreationDate(),
|
|
|
|
|
ResourceOwner: events[len(events)-1].Aggregate().ResourceOwner,
|
|
|
|
|
}, nil
|
2022-07-28 13:42:35 +00:00
|
|
|
}
|
|
|
|
|
|
2021-11-02 09:08:47 +00:00
|
|
|
func (c *Commands) BulkAddedUserIDPLinks(ctx context.Context, userID, resourceOwner string, links []*domain.UserIDPLink) (err error) {
|
|
|
|
|
if userID == "" {
|
|
|
|
|
return caos_errs.ThrowInvalidArgument(nil, "COMMAND-03j8f", "Errors.IDMissing")
|
|
|
|
|
}
|
|
|
|
|
if len(links) == 0 {
|
|
|
|
|
return caos_errs.ThrowInvalidArgument(nil, "COMMAND-Ek9s", "Errors.User.ExternalIDP.MinimumExternalIDPNeeded")
|
|
|
|
|
}
|
|
|
|
|
|
2022-09-14 12:21:23 +00:00
|
|
|
if err := c.checkUserExists(ctx, userID, resourceOwner); err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-03 08:19:07 +00:00
|
|
|
events := make([]eventstore.Command, len(links))
|
2021-11-02 09:08:47 +00:00
|
|
|
for i, link := range links {
|
|
|
|
|
linkWriteModel := NewUserIDPLinkWriteModel(userID, link.IDPConfigID, link.ExternalUserID, resourceOwner)
|
|
|
|
|
userAgg := UserAggregateFromWriteModel(&linkWriteModel.WriteModel)
|
|
|
|
|
|
|
|
|
|
events[i], err = c.addUserIDPLink(ctx, userAgg, link)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-03 08:19:07 +00:00
|
|
|
_, err = c.eventstore.Push(ctx, events...)
|
2021-11-02 09:08:47 +00:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-03 08:19:07 +00:00
|
|
|
func (c *Commands) addUserIDPLink(ctx context.Context, human *eventstore.Aggregate, link *domain.UserIDPLink) (eventstore.Command, error) {
|
2021-11-02 09:08:47 +00:00
|
|
|
if link.AggregateID != "" && human.ID != link.AggregateID {
|
|
|
|
|
return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-33M0g", "Errors.IDMissing")
|
|
|
|
|
}
|
|
|
|
|
if !link.IsValid() {
|
|
|
|
|
return nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-6m9Kd", "Errors.User.ExternalIDP.Invalid")
|
|
|
|
|
}
|
2022-08-29 15:09:07 +00:00
|
|
|
|
2023-02-28 20:20:58 +00:00
|
|
|
exists, err := ExistsIDP(ctx, c.eventstore.Filter, link.IDPConfigID, human.ResourceOwner)
|
|
|
|
|
if !exists || err != nil {
|
2021-11-02 09:08:47 +00:00
|
|
|
return nil, caos_errs.ThrowPreconditionFailed(err, "COMMAND-39nfs", "Errors.IDPConfig.NotExisting")
|
|
|
|
|
}
|
|
|
|
|
return user.NewUserIDPLinkAddedEvent(ctx, human, link.IDPConfigID, link.DisplayName, link.ExternalUserID), nil
|
2023-02-28 20:20:58 +00:00
|
|
|
|
2021-11-02 09:08:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *Commands) RemoveUserIDPLink(ctx context.Context, link *domain.UserIDPLink) (*domain.ObjectDetails, error) {
|
|
|
|
|
event, linkWriteModel, err := c.removeUserIDPLink(ctx, link, false)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2022-01-03 08:19:07 +00:00
|
|
|
pushedEvents, err := c.eventstore.Push(ctx, event)
|
2021-11-02 09:08:47 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
err = AppendAndReduce(linkWriteModel, pushedEvents...)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return writeModelToObjectDetails(&linkWriteModel.WriteModel), nil
|
|
|
|
|
}
|
|
|
|
|
|
2022-01-03 08:19:07 +00:00
|
|
|
func (c *Commands) removeUserIDPLink(ctx context.Context, link *domain.UserIDPLink, cascade bool) (eventstore.Command, *UserIDPLinkWriteModel, error) {
|
2021-11-02 09:08:47 +00:00
|
|
|
if !link.IsValid() || link.AggregateID == "" {
|
|
|
|
|
return nil, nil, caos_errs.ThrowInvalidArgument(nil, "COMMAND-3M9ds", "Errors.IDMissing")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
existingLink, err := c.userIDPLinkWriteModelByID(ctx, link.AggregateID, link.IDPConfigID, link.ExternalUserID, link.ResourceOwner)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, nil, err
|
|
|
|
|
}
|
|
|
|
|
if existingLink.State == domain.UserIDPLinkStateUnspecified || existingLink.State == domain.UserIDPLinkStateRemoved {
|
|
|
|
|
return nil, nil, caos_errs.ThrowNotFound(nil, "COMMAND-1M9xR", "Errors.User.ExternalIDP.NotFound")
|
|
|
|
|
}
|
|
|
|
|
userAgg := UserAggregateFromWriteModel(&existingLink.WriteModel)
|
|
|
|
|
if cascade {
|
|
|
|
|
return user.NewUserIDPLinkCascadeRemovedEvent(ctx, userAgg, link.IDPConfigID, link.ExternalUserID), existingLink, nil
|
|
|
|
|
}
|
|
|
|
|
return user.NewUserIDPLinkRemovedEvent(ctx, userAgg, link.IDPConfigID, link.ExternalUserID), existingLink, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func (c *Commands) UserIDPLoginChecked(ctx context.Context, orgID, userID string, authRequest *domain.AuthRequest) (err error) {
|
|
|
|
|
if userID == "" {
|
|
|
|
|
return caos_errs.ThrowInvalidArgument(nil, "COMMAND-5n8sM", "Errors.IDMissing")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
existingHuman, err := c.getHumanWriteModelByID(ctx, userID, orgID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
if existingHuman.UserState == domain.UserStateUnspecified || existingHuman.UserState == domain.UserStateDeleted {
|
|
|
|
|
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-dn88J", "Errors.User.NotFound")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
userAgg := UserAggregateFromWriteModel(&existingHuman.WriteModel)
|
2022-01-03 08:19:07 +00:00
|
|
|
_, err = c.eventstore.Push(ctx, user.NewUserIDPCheckSucceededEvent(ctx, userAgg, authRequestDomainToAuthRequestInfo(authRequest)))
|
2021-11-02 09:08:47 +00:00
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-04 09:35:36 +00:00
|
|
|
func (c *Commands) MigrateUserIDP(ctx context.Context, userID, orgID, idpConfigID, previousID, newID string) (err error) {
|
|
|
|
|
if userID == "" {
|
|
|
|
|
return caos_errs.ThrowInvalidArgument(nil, "COMMAND-Sn3l1", "Errors.IDMissing")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
writeModel, err := c.userIDPLinkWriteModelByID(ctx, userID, idpConfigID, previousID, orgID)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
if writeModel.State != domain.UserIDPLinkStateActive {
|
|
|
|
|
return caos_errs.ThrowPreconditionFailed(nil, "COMMAND-KJH2o", "Errors.User.ExternalIDP.NotFound")
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
userAgg := UserAggregateFromWriteModel(&writeModel.WriteModel)
|
|
|
|
|
_, err = c.eventstore.Push(ctx, user.NewUserIDPExternalIDMigratedEvent(ctx, userAgg, idpConfigID, previousID, newID))
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2021-11-02 09:08:47 +00:00
|
|
|
func (c *Commands) userIDPLinkWriteModelByID(ctx context.Context, userID, idpConfigID, externalUserID, resourceOwner string) (writeModel *UserIDPLinkWriteModel, err error) {
|
|
|
|
|
ctx, span := tracing.NewSpan(ctx)
|
|
|
|
|
defer func() { span.EndWithError(err) }()
|
|
|
|
|
|
|
|
|
|
writeModel = NewUserIDPLinkWriteModel(userID, idpConfigID, externalUserID, resourceOwner)
|
|
|
|
|
err = c.eventstore.FilterToQueryReducer(ctx, writeModel)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return writeModel, nil
|
|
|
|
|
}
|
