zitadel/internal/command/policy_login_model.go

package command

import (
	"time"

	"github.com/zitadel/zitadel/internal/domain"
	"github.com/zitadel/zitadel/internal/eventstore"
	"github.com/zitadel/zitadel/internal/repository/policy"
)

type LoginPolicyWriteModel struct {
	eventstore.WriteModel

	AllowUserNamePassword      bool
	AllowRegister              bool
	AllowExternalIDP           bool
	ForceMFA                   bool
	HidePasswordReset          bool
	IgnoreUnknownUsernames     bool
	PasswordlessType           domain.PasswordlessType
	DefaultRedirectURI         string
	PasswordCheckLifetime      time.Duration
	ExternalLoginCheckLifetime time.Duration
	MFAInitSkipLifetime        time.Duration
	SecondFactorCheckLifetime  time.Duration
	MultiFactorCheckLifetime   time.Duration
	State                      domain.PolicyState
}

func (wm *LoginPolicyWriteModel) Reduce() error {
	for _, event := range wm.Events {
		switch e := event.(type) {
		case *policy.LoginPolicyAddedEvent:
			wm.AllowRegister = e.AllowRegister
			wm.AllowUserNamePassword = e.AllowUserNamePassword
			wm.AllowExternalIDP = e.AllowExternalIDP
			wm.ForceMFA = e.ForceMFA
			wm.PasswordlessType = e.PasswordlessType
			wm.HidePasswordReset = e.HidePasswordReset
			wm.IgnoreUnknownUsernames = e.IgnoreUnknownUsernames
			wm.DefaultRedirectURI = e.DefaultRedirectURI
			wm.PasswordCheckLifetime = e.PasswordCheckLifetime
			wm.ExternalLoginCheckLifetime = e.ExternalLoginCheckLifetime
			wm.MFAInitSkipLifetime = e.MFAInitSkipLifetime
			wm.SecondFactorCheckLifetime = e.SecondFactorCheckLifetime
			wm.MultiFactorCheckLifetime = e.MultiFactorCheckLifetime
			wm.State = domain.PolicyStateActive
		case *policy.LoginPolicyChangedEvent:
			if e.AllowRegister != nil {
				wm.AllowRegister = *e.AllowRegister
			}
			if e.AllowUserNamePassword != nil {
				wm.AllowUserNamePassword = *e.AllowUserNamePassword
			}
			if e.AllowExternalIDP != nil {
				wm.AllowExternalIDP = *e.AllowExternalIDP
			}
			if e.ForceMFA != nil {
				wm.ForceMFA = *e.ForceMFA
			}
			if e.HidePasswordReset != nil {
				wm.HidePasswordReset = *e.HidePasswordReset
			}
			if e.IgnoreUnknownUsernames != nil {
				wm.IgnoreUnknownUsernames = *e.IgnoreUnknownUsernames
			}
			if e.PasswordlessType != nil {
				wm.PasswordlessType = *e.PasswordlessType
			}
			if e.DefaultRedirectURI != nil {
				wm.DefaultRedirectURI = *e.DefaultRedirectURI
			}
			if e.PasswordCheckLifetime != nil {
				wm.PasswordCheckLifetime = *e.PasswordCheckLifetime
			}
			if e.ExternalLoginCheckLifetime != nil {
				wm.ExternalLoginCheckLifetime = *e.ExternalLoginCheckLifetime
			}
			if e.MFAInitSkipLifetime != nil {
				wm.MFAInitSkipLifetime = *e.MFAInitSkipLifetime
			}
			if e.SecondFactorCheckLifetime != nil {
				wm.SecondFactorCheckLifetime = *e.SecondFactorCheckLifetime
			}
			if e.MultiFactorCheckLifetime != nil {
				wm.MultiFactorCheckLifetime = *e.MultiFactorCheckLifetime
			}
		case *policy.LoginPolicyRemovedEvent:
			wm.State = domain.PolicyStateRemoved
		}
	}
	return wm.WriteModel.Reduce()
}
new pkg structure (#1150) * fix: split command query side * fix: split command query side * fix: members in correct pkg structure * fix: label policy in correct pkg structure * fix: structure * fix: structure of login policy * fix: identityprovider structure * fix: org iam policy structure * fix: password age policy structure * fix: password complexity policy structure * fix: password lockout policy structure * fix: idp structure * fix: user events structure * fix: user write model * fix: profile email changed command * fix: address changed command * fix: user states * fix: user * fix: org structure and add human * begin iam setup command side * setup * step2 * step2 * fix: add user * step2 * isvalid * fix: folder structure v2 business Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com> 2021-01-04 14:52:13 +01:00			`package command`
New eventstore policies (#1084) * feat: login policy * feat: password complexity policy * feat: org iam policy * feat: label policy * feat: add and change policies * feat: second factors * feat: second and multi factors * feat: better naming * feat: better naming 2020-12-11 15:49:19 +01:00
			`import (`
feat: Login verification lifetimes (#3190) * feat: add login check lifetimes to login policy * feat: org features test * feat: read lifetimes from loginpolicy 2022-02-21 16:05:02 +01:00			`"time"`

chore(v2): move to new org (#3499) * chore: move to new org * logging * fix: org rename caos -> zitadel Co-authored-by: adlerhurst <silvan.reusser@gmail.com> 2022-04-27 01:01:45 +02:00			`"github.com/zitadel/zitadel/internal/domain"`
			`"github.com/zitadel/zitadel/internal/eventstore"`
			`"github.com/zitadel/zitadel/internal/repository/policy"`
New eventstore policies (#1084) * feat: login policy * feat: password complexity policy * feat: org iam policy * feat: label policy * feat: add and change policies * feat: second factors * feat: second and multi factors * feat: better naming * feat: better naming 2020-12-11 15:49:19 +01:00			`)`

new pkg structure (#1150) * fix: split command query side * fix: split command query side * fix: members in correct pkg structure * fix: label policy in correct pkg structure * fix: structure * fix: structure of login policy * fix: identityprovider structure * fix: org iam policy structure * fix: password age policy structure * fix: password complexity policy structure * fix: password lockout policy structure * fix: idp structure * fix: user events structure * fix: user write model * fix: profile email changed command * fix: address changed command * fix: user states * fix: user * fix: org structure and add human * begin iam setup command side * setup * step2 * step2 * fix: add user * step2 * isvalid * fix: folder structure v2 business Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com> 2021-01-04 14:52:13 +01:00			`type LoginPolicyWriteModel struct {`
New eventstore policies (#1084) * feat: login policy * feat: password complexity policy * feat: org iam policy * feat: label policy * feat: add and change policies * feat: second factors * feat: second and multi factors * feat: better naming * feat: better naming 2020-12-11 15:49:19 +01:00			`eventstore.WriteModel`

feat: Login verification lifetimes (#3190) * feat: add login check lifetimes to login policy * feat: org features test * feat: read lifetimes from loginpolicy 2022-02-21 16:05:02 +01:00			`AllowUserNamePassword bool`
			`AllowRegister bool`
			`AllowExternalIDP bool`
			`ForceMFA bool`
			`HidePasswordReset bool`
feat: add default redirect uri and handling of unknown usernames (#3616) * feat: add possibility to ignore username errors on first login screen * console changes * fix: handling of unknown usernames (#3445) * fix: handling of unknown usernames * fix: handle HideLoginNameSuffix on unknown users * feat: add default redirect uri on login policy (#3607) * feat: add default redirect uri on login policy * fix tests * feat: Console login policy default redirect (#3613) * console default redirect * placeholder * validate default redirect uri * allow empty default redirect uri Co-authored-by: Max Peintner <max@caos.ch> * remove wonrgly cherry picked migration Co-authored-by: Max Peintner <max@caos.ch> 2022-05-16 15:39:09 +02:00			`IgnoreUnknownUsernames bool`
feat: Login verification lifetimes (#3190) * feat: add login check lifetimes to login policy * feat: org features test * feat: read lifetimes from loginpolicy 2022-02-21 16:05:02 +01:00			`PasswordlessType domain.PasswordlessType`
feat: add default redirect uri and handling of unknown usernames (#3616) * feat: add possibility to ignore username errors on first login screen * console changes * fix: handling of unknown usernames (#3445) * fix: handling of unknown usernames * fix: handle HideLoginNameSuffix on unknown users * feat: add default redirect uri on login policy (#3607) * feat: add default redirect uri on login policy * fix tests * feat: Console login policy default redirect (#3613) * console default redirect * placeholder * validate default redirect uri * allow empty default redirect uri Co-authored-by: Max Peintner <max@caos.ch> * remove wonrgly cherry picked migration Co-authored-by: Max Peintner <max@caos.ch> 2022-05-16 15:39:09 +02:00			`DefaultRedirectURI string`
feat: Login verification lifetimes (#3190) * feat: add login check lifetimes to login policy * feat: org features test * feat: read lifetimes from loginpolicy 2022-02-21 16:05:02 +01:00			`PasswordCheckLifetime time.Duration`
			`ExternalLoginCheckLifetime time.Duration`
			`MFAInitSkipLifetime time.Duration`
			`SecondFactorCheckLifetime time.Duration`
			`MultiFactorCheckLifetime time.Duration`
			`State domain.PolicyState`
New eventstore policies (#1084) * feat: login policy * feat: password complexity policy * feat: org iam policy * feat: label policy * feat: add and change policies * feat: second factors * feat: second and multi factors * feat: better naming * feat: better naming 2020-12-11 15:49:19 +01:00			`}`

new pkg structure (#1150) * fix: split command query side * fix: split command query side * fix: members in correct pkg structure * fix: label policy in correct pkg structure * fix: structure * fix: structure of login policy * fix: identityprovider structure * fix: org iam policy structure * fix: password age policy structure * fix: password complexity policy structure * fix: password lockout policy structure * fix: idp structure * fix: user events structure * fix: user write model * fix: profile email changed command * fix: address changed command * fix: user states * fix: user * fix: org structure and add human * begin iam setup command side * setup * step2 * step2 * fix: add user * step2 * isvalid * fix: folder structure v2 business Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com> 2021-01-04 14:52:13 +01:00			`func (wm *LoginPolicyWriteModel) Reduce() error {`
New eventstore policies (#1084) * feat: login policy * feat: password complexity policy * feat: org iam policy * feat: label policy * feat: add and change policies * feat: second factors * feat: second and multi factors * feat: better naming * feat: better naming 2020-12-11 15:49:19 +01:00			`for _, event := range wm.Events {`
			`switch e := event.(type) {`
new pkg structure (#1150) * fix: split command query side * fix: split command query side * fix: members in correct pkg structure * fix: label policy in correct pkg structure * fix: structure * fix: structure of login policy * fix: identityprovider structure * fix: org iam policy structure * fix: password age policy structure * fix: password complexity policy structure * fix: password lockout policy structure * fix: idp structure * fix: user events structure * fix: user write model * fix: profile email changed command * fix: address changed command * fix: user states * fix: user * fix: org structure and add human * begin iam setup command side * setup * step2 * step2 * fix: add user * step2 * isvalid * fix: folder structure v2 business Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com> 2021-01-04 14:52:13 +01:00			`case *policy.LoginPolicyAddedEvent:`
New eventstore policies (#1084) * feat: login policy * feat: password complexity policy * feat: org iam policy * feat: label policy * feat: add and change policies * feat: second factors * feat: second and multi factors * feat: better naming * feat: better naming 2020-12-11 15:49:19 +01:00			`wm.AllowRegister = e.AllowRegister`
			`wm.AllowUserNamePassword = e.AllowUserNamePassword`
			`wm.AllowExternalIDP = e.AllowExternalIDP`
			`wm.ForceMFA = e.ForceMFA`
			`wm.PasswordlessType = e.PasswordlessType`
feat: add hide password reset to login policy (#1806) * feat: add hide password reset to login policy * feat: tests * feat: hide password reset in login * feat: hide password reset to frontend * feat: hide password reset to frontend * feat: hide password reset to frontend * feat: check feature * feat: feature in frontend 2021-06-03 11:53:30 +02:00			`wm.HidePasswordReset = e.HidePasswordReset`
feat: add default redirect uri and handling of unknown usernames (#3616) * feat: add possibility to ignore username errors on first login screen * console changes * fix: handling of unknown usernames (#3445) * fix: handling of unknown usernames * fix: handle HideLoginNameSuffix on unknown users * feat: add default redirect uri on login policy (#3607) * feat: add default redirect uri on login policy * fix tests * feat: Console login policy default redirect (#3613) * console default redirect * placeholder * validate default redirect uri * allow empty default redirect uri Co-authored-by: Max Peintner <max@caos.ch> * remove wonrgly cherry picked migration Co-authored-by: Max Peintner <max@caos.ch> 2022-05-16 15:39:09 +02:00			`wm.IgnoreUnknownUsernames = e.IgnoreUnknownUsernames`
			`wm.DefaultRedirectURI = e.DefaultRedirectURI`
feat: Login verification lifetimes (#3190) * feat: add login check lifetimes to login policy * feat: org features test * feat: read lifetimes from loginpolicy 2022-02-21 16:05:02 +01:00			`wm.PasswordCheckLifetime = e.PasswordCheckLifetime`
			`wm.ExternalLoginCheckLifetime = e.ExternalLoginCheckLifetime`
			`wm.MFAInitSkipLifetime = e.MFAInitSkipLifetime`
			`wm.SecondFactorCheckLifetime = e.SecondFactorCheckLifetime`
			`wm.MultiFactorCheckLifetime = e.MultiFactorCheckLifetime`
feat: New event user (#1156) * feat: change user command side * feat: change user command side * feat: use states on write model * feat: command and query side in auth api * feat: auth commands * feat: check external idp id * feat: user state check * fix: error messages * fix: is active state 2021-01-07 16:06:45 +01:00			`wm.State = domain.PolicyStateActive`
new pkg structure (#1150) * fix: split command query side * fix: split command query side * fix: members in correct pkg structure * fix: label policy in correct pkg structure * fix: structure * fix: structure of login policy * fix: identityprovider structure * fix: org iam policy structure * fix: password age policy structure * fix: password complexity policy structure * fix: password lockout policy structure * fix: idp structure * fix: user events structure * fix: user write model * fix: profile email changed command * fix: address changed command * fix: user states * fix: user * fix: org structure and add human * begin iam setup command side * setup * step2 * step2 * fix: add user * step2 * isvalid * fix: folder structure v2 business Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com> 2021-01-04 14:52:13 +01:00			`case *policy.LoginPolicyChangedEvent:`
feat: New user (#1153) * fix: use pointer in events * fix: change user requests to command side * fix: org policy * fix: profile 2021-01-06 11:12:56 +01:00			`if e.AllowRegister != nil {`
			`wm.AllowRegister = *e.AllowRegister`
			`}`
			`if e.AllowUserNamePassword != nil {`
			`wm.AllowUserNamePassword = *e.AllowUserNamePassword`
			`}`
			`if e.AllowExternalIDP != nil {`
			`wm.AllowExternalIDP = *e.AllowExternalIDP`
			`}`
			`if e.ForceMFA != nil {`
			`wm.ForceMFA = *e.ForceMFA`
			`}`
feat: add hide password reset to login policy (#1806) * feat: add hide password reset to login policy * feat: tests * feat: hide password reset in login * feat: hide password reset to frontend * feat: hide password reset to frontend * feat: hide password reset to frontend * feat: check feature * feat: feature in frontend 2021-06-03 11:53:30 +02:00			`if e.HidePasswordReset != nil {`
			`wm.HidePasswordReset = *e.HidePasswordReset`
			`}`
feat: add default redirect uri and handling of unknown usernames (#3616) * feat: add possibility to ignore username errors on first login screen * console changes * fix: handling of unknown usernames (#3445) * fix: handling of unknown usernames * fix: handle HideLoginNameSuffix on unknown users * feat: add default redirect uri on login policy (#3607) * feat: add default redirect uri on login policy * fix tests * feat: Console login policy default redirect (#3613) * console default redirect * placeholder * validate default redirect uri * allow empty default redirect uri Co-authored-by: Max Peintner <max@caos.ch> * remove wonrgly cherry picked migration Co-authored-by: Max Peintner <max@caos.ch> 2022-05-16 15:39:09 +02:00			`if e.IgnoreUnknownUsernames != nil {`
			`wm.IgnoreUnknownUsernames = *e.IgnoreUnknownUsernames`
			`}`
feat: New user (#1153) * fix: use pointer in events * fix: change user requests to command side * fix: org policy * fix: profile 2021-01-06 11:12:56 +01:00			`if e.PasswordlessType != nil {`
			`wm.PasswordlessType = *e.PasswordlessType`
			`}`
feat: add default redirect uri and handling of unknown usernames (#3616) * feat: add possibility to ignore username errors on first login screen * console changes * fix: handling of unknown usernames (#3445) * fix: handling of unknown usernames * fix: handle HideLoginNameSuffix on unknown users * feat: add default redirect uri on login policy (#3607) * feat: add default redirect uri on login policy * fix tests * feat: Console login policy default redirect (#3613) * console default redirect * placeholder * validate default redirect uri * allow empty default redirect uri Co-authored-by: Max Peintner <max@caos.ch> * remove wonrgly cherry picked migration Co-authored-by: Max Peintner <max@caos.ch> 2022-05-16 15:39:09 +02:00			`if e.DefaultRedirectURI != nil {`
			`wm.DefaultRedirectURI = *e.DefaultRedirectURI`
			`}`
feat: Login verification lifetimes (#3190) * feat: add login check lifetimes to login policy * feat: org features test * feat: read lifetimes from loginpolicy 2022-02-21 16:05:02 +01:00			`if e.PasswordCheckLifetime != nil {`
			`wm.PasswordCheckLifetime = *e.PasswordCheckLifetime`
			`}`
			`if e.ExternalLoginCheckLifetime != nil {`
			`wm.ExternalLoginCheckLifetime = *e.ExternalLoginCheckLifetime`
			`}`
			`if e.MFAInitSkipLifetime != nil {`
			`wm.MFAInitSkipLifetime = *e.MFAInitSkipLifetime`
			`}`
			`if e.SecondFactorCheckLifetime != nil {`
			`wm.SecondFactorCheckLifetime = *e.SecondFactorCheckLifetime`
			`}`
			`if e.MultiFactorCheckLifetime != nil {`
			`wm.MultiFactorCheckLifetime = *e.MultiFactorCheckLifetime`
			`}`
new pkg structure (#1150) * fix: split command query side * fix: split command query side * fix: members in correct pkg structure * fix: label policy in correct pkg structure * fix: structure * fix: structure of login policy * fix: identityprovider structure * fix: org iam policy structure * fix: password age policy structure * fix: password complexity policy structure * fix: password lockout policy structure * fix: idp structure * fix: user events structure * fix: user write model * fix: profile email changed command * fix: address changed command * fix: user states * fix: user * fix: org structure and add human * begin iam setup command side * setup * step2 * step2 * fix: add user * step2 * isvalid * fix: folder structure v2 business Co-authored-by: Fabiennne <fabienne.gerschwiler@gmail.com> 2021-01-04 14:52:13 +01:00			`case *policy.LoginPolicyRemovedEvent:`
feat: New event user (#1156) * feat: change user command side * feat: change user command side * feat: use states on write model * feat: command and query side in auth api * feat: auth commands * feat: check external idp id * feat: user state check * fix: error messages * fix: is active state 2021-01-07 16:06:45 +01:00			`wm.State = domain.PolicyStateRemoved`
New eventstore policies (#1084) * feat: login policy * feat: password complexity policy * feat: org iam policy * feat: label policy * feat: add and change policies * feat: second factors * feat: second and multi factors * feat: better naming * feat: better naming 2020-12-11 15:49:19 +01:00			`}`
			`}`
			`return wm.WriteModel.Reduce()`
			`}`